On 03/03/2014 09:54 PM, Anthony Messina wrote:
> On Saturday, March 01, 2014 04:18:11 AM Anthony Messina wrote:
>> I've been waiting patiently for F20 to "settle" before upgrading my two
>> VM installations of FreeIPA:
>> ipa1 (original master) ipa2 (clone)
>> I'm considering doing a "yum upgrade" this weekend and was wondering if
>> any users had found any "gotchas"?  One that I can think of is the
>> addition of the following in F20's default /etc/krb5.conf:
>> [libdefaults] ... default_ccache_name = KEYRING:persistent:%{uid} ...
>> I've seen on some of my freshly installed F20 FreeIPA clients that this 
>> option  is no longer present after ipa-client-install.  On those
>> clients, I've manually added it post client install and things seem to
>> work OK with the exception of SELinux errors reported here:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1001703
>> Should I place this option in /etc/krb5.conf on the masters
>> before/after the  yum upgrade (or at all)?
>> Should I run "ipactl stop" prior to running the yum upgrade?
>> Of note, I'm considering the "yum upgrade" option rather than creating
>> F20 replicas of F19 masters due to:
>> https://fedorahosted.org/pki/ticket/816 
>> https://fedorahosted.org/389/ticket/47721
>> Any guidance is appreciated.  Thanks, and have a good weekend.
>> -A
> I can report to the list that I've upgraded my ipa1 and ipa2 machines from
> F19 to F20 via "yum upgrade" in SELinux permissive mode and things went 
> swimmingly.

I always like to hear user reports like this one :) Thanks!

> As far as my concerns above, I added the following to /etc/krb5.conf after
> the upgrade, but before the reboot:
> default_ccache_name = KEYRING:persistent:%{uid}
> And I did not issue "ipactl stop" prior to the upgrade.
> The only post-upgrade issue I am seeing is invalid characters passed to
> dirsrv queries when using FreeIPA web interface:
> https://fedorahosted.org/freeipa/ticket/4214

Thanks for the report. I think I found the root cause, patch sent.


Freeipa-users mailing list

Reply via email to