[Freeipa-devel] [PATCH] 333 Run index task for new indexes

Petr Viktorin pviktori at redhat.com
Wed Nov 14 08:49:04 UTC 2012 

On 11/13/2012 06:20 PM, Martin Kosek wrote:
> On 11/13/2012 06:05 PM, Simo Sorce wrote:
>> On Tue, 2012-11-13 at 17:46 +0100, Martin Kosek wrote:
>>> Index task need to be run for both index updates and new indexes,
>>> otherwise some current values may not be indexed and could cause
>>> issues when searching LDAP (like fqdn did).
>>>
>>> https://fedorahosted.org/freeipa/ticket/3253
>>>
>>> ---
>>>
>>> This patch should be the only patch in the upcoming FreeIPA 2.2.2 bug fix
>>> release (unless we want to backport more patches to 2.2 line). It should fix a
>>> severe issue when SSSD was no longer able to authenticate users against the
>>> update 2.2.1 FreeIPA server.
>>>
>>> I specifically updated all index updates (even when the index definition is
>>> already in LDAP) to make sure we fix any index that where the upgrade failed
>>> previously due to this bug. FreeIPA 3.0+ packages already contains a patch
>>> (2ecfe571faf9291eab7ffacea2a1e94d5be0d689) to run index task for really
>>> new/updated indexes only, but I would not backport that patch due to messed
>>> fqdn index in 2.2.1.
>>>
>>> After the patch, 2.2.0 (2.2.1) -> 2.2.2 upgrade procedure should create all
>>> required indexes, including fqdn index:
>>>
>>> # rpm -Uvh --force ~/freeipa-2-2-0/dist/rpms/freeipa-*
>>> Preparing...                ########################################### [100%]
>>>     1:freeipa-python         ########################################### [ 17%]
>>>     2:freeipa-client         ########################################### [ 33%]
>>>     3:freeipa-admintools     ########################################### [ 50%]
>>>     4:freeipa-server         ########################################### [ 67%]
>>> ipa: INFO: /usr/share/ipa/html/krb.js exists, skipping install of Firefox extension
>>>     5:freeipa-server-selinux ########################################### [ 83%]
>>>     6:freeipa-debuginfo      ########################################### [100%]
>>>
>>> # grep "Creating task to index" /var/log/ipaupgrade.log
>>> 2012-11-13T16:06:35Z INFO Creating task to index attribute: memberuid
>>> 2012-11-13T16:06:41Z INFO Creating task to index attribute: memberOf
>>> 2012-11-13T16:06:47Z INFO Creating task to index attribute: memberHost
>>> 2012-11-13T16:06:53Z INFO Creating task to index attribute: memberUser
>>> 2012-11-13T16:06:59Z INFO Creating task to index attribute: fqdn    <<<<<<
>>> 2012-11-13T16:07:05Z INFO Creating task to index attribute: ntUniqueId
>>> 2012-11-13T16:07:11Z INFO Creating task to index attribute: ntUserDomainId
>>>
>>
>> Martin, does this means we run these task for every rpm upgrade
>> regardless ? Or do we mark indexes as regenerated and do not repeat on
>> the following rpm upgrade ?
>>
>> Simo.
>>
>
> In FreeIPA 2.* we run these task for every RPM upgrade - regardless to the
> update status. I fixed that behavior in FreeIPA 3.0 where we now only run the
> index task when the index is really updated or added (there is more reasoning
> above, but I am open to suggestions).
>
> Martin

Does this mean that if someone upgrades from 2.2.1 straight to 3.x, the 
indexes will be broken?


-- 
Petr³

More information about the Freeipa-devel mailing list