[389-users] Proper upgrading procedure and the use of setup-ds-admin.pl -u
Rich Megginson
rmeggins at redhat.com
Fri Aug 28 17:01:37 UTC 2009
Anthony Joseph Messina wrote:
> On Friday 28 August 2009 10:25:20 Rich Megginson wrote:
>
>>> 2) I noticed that while using SSL, the setup-ds-admin.pl requires me to
>>> delete the CA cert that was previously installed and re-import it
>>> (crazy).
>>>
>> Yes, this is a bug. https://bugzilla.redhat.com/show_bug.cgi?id=501846
>>
>>
>>> I'd like to make sure don't have these servers crap out again.
>>>
>>>
>> Due to the rename issue, your servers will be stopped and restarted, but
>> you should not lose your run level configuration. In what other way(s)
>> did they "crap out"?
>>
>
> well, since i had SSL in the server, the admin server and the console
> communication between both, and when the servers were stopped, the setup-ds-
> admin.pl couldn't connect to anything to do the upgrade and once i manually
> re-added (chkconfig --add dirsrv...) and restarted, the SSL issue with setup-
> ds-admin.pl became a problem as i had to then uninstall certs just to
> reinstall them... yuk!
>
> but i'm not worried about the change between fedora-ds* and 389-ds* now as i
> removed all of fedora-ds* and installed fresh 389-ds* rpms and just simply
> started over. -- i had just moved from OpenLDAP so that wasn't a big deal.
>
> i also noticed last time that the setup-ds-admin.pl created duplicate
> instances of my servers in the console -- and i wasn't sure how to get rid of
> those which is also part of why i just "started over."
>
They can be removed using the console directory browser, to remove their
entries from under o=NetscapeRoot
> since i'm already using the renamed packages (the first round of them), i want
> to be sure i'm ok with a yum upgrade and that the proper procedure is to
> always run a setup-ds-admin.pl -u
>
Yes. In the future (unless we obsolete some packages again) you can
just use yum update. And you must always run setup-ds-admin.pl -u after
doing an upgrade - this will make sure the console shows the correct
information, and in the future will do things like schema upgrade,
adding new configuration, removing old/obsolete configuration/files, etc.
> due to https://bugzilla.redhat.com/show_bug.cgi?id=501846, i now have standard
> ldap:// (instead of ldaps://) between the admin server and the ds so i should
> be able to avoid that issue.
>
> i'm still learning this 389-ds, coming from OpenLDAP where i simply did an yum
> update and didn't need to do anything else :)
>
Unfortunately, there is no way to change the information that the
console uses without asking for some sort of password or credential -
you can't do that with yum upgrade or rpm -U.
I'm not sure how a yum upgrade of openldap would deal with schema
changes, config changes, etc. - perhaps it doesn't do any of that, and
just expects you to do that.
> i guess, basically... what does one do if the server stops and they are not
> able to run setup-ds-admin.pl? is it safe to restart the server services and
> then try it again?
>
Yes.
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090828/f7f75396/attachment.bin>
More information about the Fedora-directory-users
mailing list