As announced at https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/WKEB6M7J2WTFJBZYD7AZ4JB6J2O6VEWK/ the NSS team intends to switch the default database in tools from dbm to sql. This will affect many components of IPA.
A direct link the proposal is https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql
mod_nss can already handle sql databases if the database path is prefixed with sql:. I don't believe 389-ds has done any testing in this area or if dogtag supports it.
I suspect that most executions of certutil are centralized in the CertDB object so creating reasonable defaults should be fairly straightforward.
Managing upgrades is another matter. certutil has an option, --upgrade-merge, which should migrate existing databases. I'm assuming the existing sysupgrade state file can be used to track this.
This could have an impact on documentation if IPA is left in a split situation where some databases are sqlite and others remain dbm.
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.6
Do we know who's going to deliver this? Will this break IPA if it's not in F27? If so, shouldn't we add an adequate priority?
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.6.1 (was: FreeIPA 4.6)
The tracking bug https://bugzilla.redhat.com/show_bug.cgi?id=1474771 seems to indicate that this won't make F27 due to issues upstream.
Sent inquiry to Kai to confirm.
Kai confirmed, new target is F-28.
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6.1)
new NSS tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1496560
Metadata Update from @cheimes: - Issue assigned to cheimes
https://github.com/freeipa/freeipa/pull/1254 adds preliminary support for sqlite format.
cert9.db
sqlite:/path/to/nssdb
cert8.db
dbm:/path/to/nssdb
master:
Metadata Update from @tdudlak: - Issue set to the milestone: FreeIPA 4.6.3 (was: FreeIPA 4.6.2)
Metadata Update from @pvoborni: - Issue priority set to: critical
ipa-4-6:
#7209 was closed as a duplicate of this bug.
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @cheimes: - Issue status updated to: Open (was: Closed)
Issue linked to Bugzilla: Bug 1491419
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1491419
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.6.4 (was: FreeIPA 4.6.3)
FreeIPA 4.6.3 has been released, moving to FreeIPA 4.6.4 milestone
@cheimes would you agree that this is basically done and handled by other tickets?
Yes, I agree.
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.6.4)
Login to comment on this ticket.