[Freeipa-users] update procedure failed fedora-ds-base-1.1.3 -> 389-ds-base-1.2.6.1
Kambiz Aghaiepour
kambiz at mcnc.org
Fri Oct 22 20:12:34 UTC 2010
Dmitri Pal wrote:
> Kambiz Aghaiepour wrote:
>> Currently running ipa-server-1.2.1-4 with fedora-ds-base-1.1.3-6. I
>> attempted to upgrade to 389-ds-base-1.2.6.1-2 (and supporting packages)
>> and the procedure took an extremely long time (at least 2 hours). There
>> appears to be an upgrade script that runs as part of %posttrans which runs:
>>
>> /usr/sbin/setup-ds.pl -l /dev/null -u -s General.UpdateMode=offline >
>> /dev/null 2>&1
>>
>> I don't have the error logs unfortunately, as when I reverted the ESX
>> VM, I forgot to save off the log files, but what I recall was that there
>> were messages indicating that there were multiple passes (each took
>> about 4-5 minutes) and each time the rate of update dropped below a
>> certain amount, the update would move on to the next "pass". There were
>> about 25 passes through before the upgrade completed. Mind you, this
>> installation is rather small IMO, as there are only 130-ish entries
>> under cn=users,cn=accounts. The other thing that I noticed after the
>> upgrade procedure was that not all the users were defined in the
>> directory (most appeared to be there, but some critical users were
>> missing). Suffices to say that many of our processes were broken after
>> the upgrade and 4 hours into the planned upgrade, I ended up backing
>> out. (This same upgrade had been tested on a smaller directory and the
>> upgrade seemed to go without incident).
>>
>> I'm wondering if there might be an easier way for me to go about
>> upgrading the installation. For example, could I, instead of going
>> through the "upgrade", instead, re-install a replacement 389-ds based
>> ipa-server host, create a new winsync agreement with my AD environment,
>> and then export the password data for the users in DS from the current
>> fedora-ds-base-1.1.3 and import it into the directory running
>> 389-ds-base ? If this is do-able, what all do I need to copy from the
>> fedora-ds-base host to the 389-ds-base host?
>>
>
> What is your final goal and why are you trying to do the upgrade of the
> DS under IPA?
Ah. Ok, the goal is to be able to instantiate additional replicas.
However, when I try, I get:
[13/Oct/2010:10:04:24 -0400] - import userRoot: Import failed.
[13/Oct/2010:10:04:24 -0400] - process_bulk_import_op: NULL backend
I am told this could be fixed with 389-ds-base, though I cannot be certain.
If I can resolve the issue of creating additional replicas, there would
not necessarily be a compelling reason for me to update to 389-ds-base,
and I would happily stay running fedora-ds-base-1.1.3
Kambiz
>
>
>> Thanks
>> Kambiz
>>
>>
>>
>
>
--
"All tyranny needs to gain a foothold is for people of
good conscience to remain silent." --Thomas Jefferson
More information about the Freeipa-users
mailing list