freeipa

Clone
Source Code
GIT

#4904 [RFE] Introduce single upgrade tool - ipa-server-upgrade
Closed: Fixed None Opened 9 years ago by mkosek.

Closed: Fixed
Reopen Issue

Current FreeIPA upgrade method has several major drawbacks:

  • Upgrade process is split in 2 separate tools (ipa-upgradeconfig, ipa-ldap-update), where the order matters. Instead of the user, the tool itself should guarantee the right order of the steps
  • Updater is run as RPM transaction. This does not work in chrooted environment (FedUP) and can also stuck RPM transaction if e.g. DS deadlocks
  • Update is not always deterministic, thanks to the LDAP update files ordering

The new joint upgrade tool should solve this and other biggest pain points of the updater. It should also start storing the current version of the data/configuration it updated to, so that by default it is not run several times when the version is the same. It should also not allow running newer data/configuration on older version of the bits.

Sub-parts: #4834, #3560, #3351, #3849

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1199520

master:

  • d3f5d5d Server Upgrade: Remove unused PRE_SCHEMA_UPDATE

master:

  • bb1d7a7 Server Upgrade: do not sort updates by DN
  • 10bc6bd Server Upgrade: Upgrade one file per time
  • 144bc6c Server Upgrade: Set modified to false, before each update
  • 0c7274e Server Upgrade: Update entries in order specified in file
  • a42fcfc Server Upgrade: order update files by default

master:

  • b5e941d Server Upgrade: Fix comments

master:

  • b92136c Fix ldap2 shared connection

A Dogtag ticket https://fedorahosted.org/pki/ticket/1348 was now filed to make one-stop upgrades of Dogtag possible and easy.

Should ipa-server-upgrade call pki-server-upgrade?

Replying to [comment:8 adelton]:

A Dogtag ticket https://fedorahosted.org/pki/ticket/1348 was now filed to make one-stop upgrades of Dogtag possible and easy.

Should ipa-server-upgrade call pki-server-upgrade?

Tracked in #4996

IPA probably should call pki-server-migrate to switch to a different platform (see the Dogtag ticket).

master:

  • 3942696 Server Upgrade: ipa-server-upgrade command
  • 9f049ca Server Upgrade: Verify version and platform
  • 3debc7b Server Upgrade: use ipa-server-upgrade in RPM upgrade

master:

  • 81df7b5 Server Upgrade: fix a comment in ldapupdater

master:

  • 7660f40 Server Upgrade: Do not start DS if it was stopped before upgrade
  • 6c438ff Server Upgrade: raise RuntimeError instead exit()
  • f6e3088 Server Upgrade: do not allow to run upgradeinstace alone
  • 78baeeb Server Upgrade: handle errors better
  • 99c0b91 Server Upgrade: ipa-ldap-updater will not do overall upgrade

master:

  • c43c5d1 Server Upgrade: Fix: execute schema update

master:

  • 0275152 Server Upgrade: Move code from ipa-upgradeconfig to separate module

master:

  • f903c2d Fix: use DS socket check only for upgrade

master:

  • 9eedffd Server Upgrade: fix remove statement

Metadata Update from @mkosek:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.2
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
critical
None
None
None
None
enhancement
None
http://www.freeipa.org/page/V4/Server_Upgrade_Refactoring/Test_Plan
Upgrade
None
0
None
wanted
dkupka
None
https://bugzilla.redhat.com/show_bug.cgi?id=1199520
Alich
None
http://www.freeipa.org/page/V4/Server_Upgrade_Refactoring
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.