On Sunday, December 22, 2013 05:42:27 AM Alexander Bokovoy wrote: > Hi, > > an update on the issue of upgrading Fedora 19 to Fedora 20 for FreeIPA > deployments. > > An updated 389-ds-base package, 1.3.2.9-1.fc20 is in updates-testing > repository. Updated slapi-nis package, 0.52-1.fc20, is in updates-testing > as well. > > I've tested that using fedora-upgrade tool to upgrade from Fedora 19 to > Fedora 20 does work if you have updates-testing repository enabled and that > FreeIPA is continuing to work afterwards. > > I've initiated move of 389-ds-base to updates stable repository. Once it > reach out there, I'll lift a warning on freeipa.org and publish a final > update. > > Happy holidays! > > ----- Original Message ----- > > > From: "Alexander Bokovoy" <[email protected]> > > To: [email protected] > > Sent: Tuesday, December 17, 2013 11:14:34 AM > > Subject: [Freeipa-users] WARNING: Do not upgrade FreeIPA deployments > > to Fedora 20 final (yet)> > > > > > > Greetings! > > > > > > > > As many of you are aware, Fedora Project releases Fedora 20 today, > > Tuesday, December 17th. This post serves as a warning against upgrading > > your FreeIPA deployments to Fedora 20 using release images. Please check > > Fedora 20 Common Bugs page https://fedoraproject.org/wiki/Common_F20_bugs > > for the complete list of issues. > > > > > > > > FreeIPA relies heavily on 389-ds Directory Server. Fedora 20 introduces > > new version series of 389-ds, 1.3.2.x. Along with multiple enhancements, > > unfortunately, few bugs went into the version currently available in > > Fedora 20 stable tree. These bugs are causing crashes under certain > > conditions and we don't recommend updating your existing configurations > > due to these consequences. > > > > > > > > As an update to the Fedora 20 Common Bugs page, over last night fellow > > developers from 389-ds and slapi-nis projects have fixed > > https://bugzilla.redhat.com/show_bug.cgi?id=1043546 and > > https://bugzilla.redhat.com/show_bug.cgi?id=1041732 but there will be > > some delay before the builds featuring the fixes will appear in Fedora > > 20 updates repository. Remaining bugs are under investigation. > > > > > > > > I'll post an update note once we'll get remaining issues fixed and > > packages > > pushed to Fedora 20 updates repository. > > > > > > > > -- > > / Alexander Bokovoy
I've been waiting patiently for F20 to "settle" before upgrading my two VM
installations of FreeIPA:
ipa1 (original master)
ipa2 (clone)
I'm considering doing a "yum upgrade" this weekend and was wondering if any
users had found any "gotchas"? One that I can think of is the addition of the
following in F20's default /etc/krb5.conf:
[libdefaults]
...
default_ccache_name = KEYRING:persistent:%{uid}
...
I've seen on some of my freshly installed F20 FreeIPA clients that this option
is no longer present after ipa-client-install. On those clients, I've
manually added it post client install and things seem to work OK with the
exception of SELinux errors reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1001703
Should I place this option in /etc/krb5.conf on the masters before/after the
yum upgrade (or at all)?
Should I run "ipactl stop" prior to running the yum upgrade?
Of note, I'm considering the "yum upgrade" option rather than creating F20
replicas of F19 masters due to:
https://fedorahosted.org/pki/ticket/816
https://fedorahosted.org/389/ticket/47721
Any guidance is appreciated. Thanks, and have a good weekend.
-A
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
