On 03/03/2014 09:54 PM, Anthony Messina wrote: > On Saturday, March 01, 2014 04:18:11 AM Anthony Messina wrote: >> I've been waiting patiently for F20 to "settle" before upgrading my two >> VM installations of FreeIPA: >> >> ipa1 (original master) ipa2 (clone) >> >> I'm considering doing a "yum upgrade" this weekend and was wondering if >> any users had found any "gotchas"? One that I can think of is the >> addition of the following in F20's default /etc/krb5.conf: >> >> [libdefaults] ... default_ccache_name = KEYRING:persistent:%{uid} ... >> >> I've seen on some of my freshly installed F20 FreeIPA clients that this >> option is no longer present after ipa-client-install. On those >> clients, I've manually added it post client install and things seem to >> work OK with the exception of SELinux errors reported here: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1001703 >> >> Should I place this option in /etc/krb5.conf on the masters >> before/after the yum upgrade (or at all)? >> >> Should I run "ipactl stop" prior to running the yum upgrade? >> >> Of note, I'm considering the "yum upgrade" option rather than creating >> F20 replicas of F19 masters due to: >> >> https://fedorahosted.org/pki/ticket/816 >> https://fedorahosted.org/389/ticket/47721 >> >> Any guidance is appreciated. Thanks, and have a good weekend. >> >> -A > > I can report to the list that I've upgraded my ipa1 and ipa2 machines from > F19 to F20 via "yum upgrade" in SELinux permissive mode and things went > swimmingly.
I always like to hear user reports like this one :) Thanks! > > As far as my concerns above, I added the following to /etc/krb5.conf after > the upgrade, but before the reboot: > > default_ccache_name = KEYRING:persistent:%{uid} > > And I did not issue "ipactl stop" prior to the upgrade. > > The only post-upgrade issue I am seeing is invalid characters passed to > dirsrv queries when using FreeIPA web interface: > > https://fedorahosted.org/freeipa/ticket/4214 Thanks for the report. I think I found the root cause, patch sent. Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users