[Freeipa-users] Aiisues to wathc out fro / anticipate when upgrading RHEL6.3 and IPA 2 to 6.4 and IPA 3
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Tue Jan 8 21:17:55 UTC 2013
On 01/08/13 11:55, Jakub Hrozek wrote:
> On Tue, Jan 08, 2013 at 11:49:11AM -0900, Erinn Looney-Triggs wrote:
>> On 01/08/13 11:44, Rob Crittenden wrote:
>>> Simo Sorce wrote:
>>>> On Tue, 2013-01-08 at 19:31 +0000, Steven Jones wrote:
>>>>> HI,
>>>>>
>>>>> I assume RHEL 6.4 is GA shortly just how straigh forward is the
>>>>> upgrade from one IPA version to another please?
>>>>> regards
>>>>
>>>> Should just require an rpm upgrade and a restart and nothing else.
>>>>
>>>> Simo.
>>>>
>>>
>>> If you have multiple servers you'll want to upgrade them one at a time
>>> in a short period (days, not weeks).
>>>
>>> rob
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> Is this the release where SELinux mapping in IPA actually starts working?
>>
>
> Yes (famous last words..)
>
>> If so that is definitely something to watch out for (I realize this is
>> more of an SSSD thing, but still). If you aren't careful and you have
>> your users mapped to something like guest_u, well the upgrade can be
>> very inconvenient for them.
>>
>> -Erinn
>
> I realize that the SELinux mapping was very bad for users and I'm very
> sorry I let it through. The SELinux support was pretty much completely
> rewritten in 6.4, there are still things I'd like to improve but
> functionality-wise, I closed the last known SELinux bug today.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
Eh, stuff breaks, it is the nature of the beast.
I was one of the folks that submitted a bug, I know there was talk about
putting out notes for the default SELinux user mapping etc. The only
thing I would say is make some noise about this. It might be a good idea
to send a note to freeipa-announce (which I think exists) and any place
else pertinent too, because it was a rather painful learning experience
when I was running as guest_u in Fedora 18, it was also pretty hard to
diagnose because the utilities at that time didn't reflect what was
happening.
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130108/d338c0d9/attachment.sig>
More information about the Freeipa-users
mailing list