freeipa

Clone
Source Code
GIT

#5373 Execute upgrade after ipactl start if needed
Closed: fixed 5 years ago by rcritten. Opened 8 years ago by mbasti.

Closed: fixed
Reopen Issue

This ticket is related to upgrade in fedup, when IPA cannot be upgraded during fedup.

Copied from: https://fedorahosted.org/freeipa/ticket/3849#comment:18

  1. Add the following to the freeipa.service systemd unit:

    ExecStartPre=/usr/bin/ipa-server-upgrade

  2. Modify ipa-server-upgrade to check the current and target versions of FreeIPA on the system and short-circuit to quick success to avoid slowing down the start-up of a fully-upgraded system.

This should still work with the upgrade environments because the freeipa.service unit should not be started at all, unless something in the system-upgrade.target Requires= or Wants= freeipa.service, which it never should. So what will happen is that the packages would be updated in the system-upgrade environment and then on the first "real" boot of the upgraded system, freeipa.service would be started and then run ipa-server-upgrade first.

Current behavior:

  • IPA is not upgraded automatically after fedup, ipactl start prevents to run IPA if upgrade is needed and prompts user to execute ipa-server-upgrade manually

Reason why we decided not to execute ipa-server-upgrade automatically in past:

  • ipa-server-upgrade takes several minutes, a user may wait for example 10 minutes until IPA starts, and during that time the one may try to restart services, kill process, etc, and break upgrade process
  • IPA is not simple service, and in place upgrade to next major version should be done carefully, user should run it manually and resolve any issues printed by ipa-server-upgrade, if upgrade errors are hidden only in ipaupgrade.log and journal, the user may miss important information (recommended is to create new replica for new major version instead of in place upgrade)

Is not regarded as a priority a stretch goal for 4.4 release.

mkosek: what we could do as a workaround is to enhance ipa-server-upgrade to short-circuit itself when it is running on the same version, when no specific flag is passed. Then Stephen can simply call ipa-server-upgrade before every IPA start.

If the duration of the upgrade is a concern, putting the upgrade to separate service might be viable option, with other IPA services depending on it. Then that service might only get enabled during rpm upgrade when the version actually changes, plus it would be more obvious what is actually happening. We already do something like that in systemd-based FreeIPA container:

https://github.com/adelton/docker-freeipa/blob/master-systemd/ipa-server-upgrade.service

Having said that, this probably depends on https://fedorahosted.org/freeipa/ticket/4552.

Metadata Update from @mbasti:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog
7 years ago

Fixed in https://pagure.io/freeipa/issue/6968 such that upgrade will run if one is needed.

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
5 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
0
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.