Re: [Freeipa-users] F19 - F20 yum upgrade success report (WAS: Re: WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet))
On 03/03/2014 09:54 PM, Anthony Messina wrote: On Saturday, March 01, 2014 04:18:11 AM Anthony Messina wrote: I've been waiting patiently for F20 to settle before upgrading my two VM installations of FreeIPA: ipa1 (original master) ipa2 (clone) I'm considering doing a yum upgrade this weekend and was wondering if any users had found any gotchas? One that I can think of is the addition of the following in F20's default /etc/krb5.conf: [libdefaults] ... default_ccache_name = KEYRING:persistent:%{uid} ... I've seen on some of my freshly installed F20 FreeIPA clients that this option is no longer present after ipa-client-install. On those clients, I've manually added it post client install and things seem to work OK with the exception of SELinux errors reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1001703 Should I place this option in /etc/krb5.conf on the masters before/after the yum upgrade (or at all)? Should I run ipactl stop prior to running the yum upgrade? Of note, I'm considering the yum upgrade option rather than creating F20 replicas of F19 masters due to: https://fedorahosted.org/pki/ticket/816 https://fedorahosted.org/389/ticket/47721 Any guidance is appreciated. Thanks, and have a good weekend. -A I can report to the list that I've upgraded my ipa1 and ipa2 machines from F19 to F20 via yum upgrade in SELinux permissive mode and things went swimmingly. I always like to hear user reports like this one :) Thanks! As far as my concerns above, I added the following to /etc/krb5.conf after the upgrade, but before the reboot: default_ccache_name = KEYRING:persistent:%{uid} And I did not issue ipactl stop prior to the upgrade. The only post-upgrade issue I am seeing is invalid characters passed to dirsrv queries when using FreeIPA web interface: https://fedorahosted.org/freeipa/ticket/4214 Thanks for the report. I think I found the root cause, patch sent. Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] F19 - F20 yum upgrade success report (WAS: Re: WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet))
On Saturday, March 01, 2014 04:18:11 AM Anthony Messina wrote: I've been waiting patiently for F20 to settle before upgrading my two VM installations of FreeIPA: ipa1 (original master) ipa2 (clone) I'm considering doing a yum upgrade this weekend and was wondering if any users had found any gotchas? One that I can think of is the addition of the following in F20's default /etc/krb5.conf: [libdefaults] ... default_ccache_name = KEYRING:persistent:%{uid} ... I've seen on some of my freshly installed F20 FreeIPA clients that this option is no longer present after ipa-client-install. On those clients, I've manually added it post client install and things seem to work OK with the exception of SELinux errors reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1001703 Should I place this option in /etc/krb5.conf on the masters before/after the yum upgrade (or at all)? Should I run ipactl stop prior to running the yum upgrade? Of note, I'm considering the yum upgrade option rather than creating F20 replicas of F19 masters due to: https://fedorahosted.org/pki/ticket/816 https://fedorahosted.org/389/ticket/47721 Any guidance is appreciated. Thanks, and have a good weekend. -A I can report to the list that I've upgraded my ipa1 and ipa2 machines from F19 to F20 via yum upgrade in SELinux permissive mode and things went swimmingly. As far as my concerns above, I added the following to /etc/krb5.conf after the upgrade, but before the reboot: default_ccache_name = KEYRING:persistent:%{uid} And I did not issue ipactl stop prior to the upgrade. The only post-upgrade issue I am seeing is invalid characters passed to dirsrv queries when using FreeIPA web interface: https://fedorahosted.org/freeipa/ticket/4214 Thanks again to the FreeIPA team! -A -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E signature.asc Description: This is a digitally signed message part. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users