[Freeipa-devel] [PATCH] 461 Update Dogtag 9 database during replica installation
Alexander Bokovoy
abokovoy at redhat.com
Fri Mar 14 09:29:40 UTC 2014
On Thu, 13 Mar 2014, Martin Kosek wrote:
>On 03/13/2014 03:15 PM, Martin Kosek wrote:
>> On 03/13/2014 09:09 AM, Martin Kosek wrote:
>>> When Dogtag 10 based FreeIPA replica is being installed for a Dogtag 9
>>> based master, the PKI database is not updated and miss several ACLs
>>> which prevent some of the PKI functions, e.g. an ability to create
>>> other clones.
>>>
>>> Add an update file to do the database update. Content is based on
>>> recommendation from PKI team:
>>> * https://bugzilla.redhat.com/show_bug.cgi?id=1075118#c9
>>>
>>> This update file can be removed when Dogtag database upgrades are done
>>> in PKI component. Upstream tickets:
>>> * https://fedorahosted.org/pki/ticket/710 (database upgrade framework)
>>> * https://fedorahosted.org/pki/ticket/906 (checking database version)
>>>
>>> https://fedorahosted.org/freeipa/ticket/4243
>>
>> I found few issues with the patch:
>> - New update file was not added to Makefile.am
>> - PKI was not restarted after LDAP updates so it did not pick up the ACLs and
>> replica installation will crash anyway. Now the PKI is always restarted at the
>> end of server/replica installation.
>>
>> Martin
>
>FYI - I was just confirmed that this patch finally fixed the issue even in
>automatized environment (beaker).
ACK.
With this patch in place, can we release 3.3.6 and update FreeIPA in
Fedora 19 and Fedora 20? There are already reports on IRC from people
trying to migrate via replica from CentOS to Fedora.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list