[Freeipa-users] The -e skip_version_check=1 with 4.2 client against 6.4-based server
Hello, we have IPA client on [root@centos72-20160110 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) with the following packages: [root@centos72-20160110 ~]# rpm -qf /usr/lib/python2.7/site-packages/ipapython/version.py ipa-python-4.2.0-15.el7.centos.3.x86_64 [root@centos72-20160110 ~]# rpm -qf /usr/bin/ipa ipa-admintools-4.2.0-15.el7.centos.3.x86_64 We try to call the ipa commands against old FreeIPA server version, taking advantage of the -e skip_version_check=1 option added by https://fedorahosted.org/freeipa/ticket/4768 [root@centos72-20160110 ~]# /usr/bin/ipa user-find ipa: ERROR: 2.156 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' [root@centos72-20160110 ~]# /usr/bin/ipa -e skip_version_check=1 user-find ipa: ERROR: 2.51 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' Alas, it seems that skip_version_check=1 sets the version to 2.51 which is still too new to the 2.49 version of the 6.4 based-server with ipa-server-3.0.0-42.el6.x86_64. Is this behaviour expected? Why does it force a particular value (2.51) rather than ignoring the difference altogether? I have verified that the option works on Fedora client against older Fedora server (but I did not try ipa-server-3.0.0 there). -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] The -e skip_version_check=1 with 4.2 client against 6.4-based server
On Mon, Jan 11, 2016 at 07:05:16PM +0100, Martin Basti wrote: > On 11.01.2016 16:57, Jan Pazdziora wrote: > > > >We try to call the ipa commands against old FreeIPA server version, > >taking advantage of the > > > > -e skip_version_check=1 > > > >option added by > > > > https://fedorahosted.org/freeipa/ticket/4768 > > > >[root@centos72-20160110 ~]# /usr/bin/ipa user-find > >ipa: ERROR: 2.156 client incompatible with 2.49 server at > >u'https://aab-ipaserver.example.com/ipa/xml' > > > >[root@centos72-20160110 ~]# /usr/bin/ipa -e skip_version_check=1 user-find > >ipa: ERROR: 2.51 client incompatible with 2.49 server at > >u'https://aab-ipaserver.example.com/ipa/xml' > > > >Alas, it seems that skip_version_check=1 sets the version to 2.51 > >which is still too new to the 2.49 version of the 6.4 based-server > >with ipa-server-3.0.0-42.el6.x86_64. > > > >Is this behaviour expected? Why does it force a particular value (2.51) > >rather than ignoring the difference altogether? > > > >I have verified that the option works on Fedora client against older > >Fedora server (but I did not try ipa-server-3.0.0 there). > > With API version 2.52 IPA started to use capabilities, which allows us to > handle changes in API in compatible way. So for API version 2.52+, why is that option needed there at all? > So only with version 2.51 (last > version without capabilities) we can guarantee that it will work. Server may > not work with older API version than 2.51, because changes in API may be > incompatible. The fact that the calls might not work was an expected part of that ticket -- that "proceed at own risk". So it looks like something else was implemented that what we thought would be the result. That makes it rather unfortunate because we cannot use this option / approach when talking from newer clients to RHEL 6 / CentOS 6 servers. Do we plan to have some option for these setups? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] The -e skip_version_check=1 with 4.2 client against 6.4-based server
On 11.01.2016 16:57, Jan Pazdziora wrote: Hello, we have IPA client on [root@centos72-20160110 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) with the following packages: [root@centos72-20160110 ~]# rpm -qf /usr/lib/python2.7/site-packages/ipapython/version.py ipa-python-4.2.0-15.el7.centos.3.x86_64 [root@centos72-20160110 ~]# rpm -qf /usr/bin/ipa ipa-admintools-4.2.0-15.el7.centos.3.x86_64 We try to call the ipa commands against old FreeIPA server version, taking advantage of the -e skip_version_check=1 option added by https://fedorahosted.org/freeipa/ticket/4768 [root@centos72-20160110 ~]# /usr/bin/ipa user-find ipa: ERROR: 2.156 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' [root@centos72-20160110 ~]# /usr/bin/ipa -e skip_version_check=1 user-find ipa: ERROR: 2.51 client incompatible with 2.49 server at u'https://aab-ipaserver.example.com/ipa/xml' Alas, it seems that skip_version_check=1 sets the version to 2.51 which is still too new to the 2.49 version of the 6.4 based-server with ipa-server-3.0.0-42.el6.x86_64. Is this behaviour expected? Why does it force a particular value (2.51) rather than ignoring the difference altogether? I have verified that the option works on Fedora client against older Fedora server (but I did not try ipa-server-3.0.0 there). With API version 2.52 IPA started to use capabilities, which allows us to handle changes in API in compatible way. So only with version 2.51 (last version without capabilities) we can guarantee that it will work. Server may not work with older API version than 2.51, because changes in API may be incompatible. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
