freeipa

Clone
Source Code
GIT

#7049 Prepare for NSS switch default database to sqlite in F-27
Closed: fixed 5 years ago Opened 6 years ago by rcritten.

Closed: fixed
Reopen Issue

As announced at https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/WKEB6M7J2WTFJBZYD7AZ4JB6J2O6VEWK/ the NSS team intends to switch the default database in tools from dbm to sql. This will affect many components of IPA.

A direct link the proposal is https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql

mod_nss can already handle sql databases if the database path is prefixed with sql:. I don't believe 389-ds has done any testing in this area or if dogtag supports it.

I suspect that most executions of certutil are centralized in the CertDB object so creating reasonable defaults should be fairly straightforward.

Managing upgrades is another matter. certutil has an option, --upgrade-merge, which should migrate existing databases. I'm assuming the existing sysupgrade state file can be used to track this.

This could have an impact on documentation if IPA is left in a split situation where some databases are sqlite and others remain dbm.

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.6
6 years ago

Do we know who's going to deliver this? Will this break IPA if it's not in F27? If so, shouldn't we add an adequate priority?

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.6.1 (was: FreeIPA 4.6)
6 years ago

The tracking bug https://bugzilla.redhat.com/show_bug.cgi?id=1474771 seems to indicate that this won't make F27 due to issues upstream.

Sent inquiry to Kai to confirm.

Kai confirmed, new target is F-28.

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6.1)
6 years ago

Metadata Update from @cheimes:
- Issue assigned to cheimes
6 years ago

https://github.com/freeipa/freeipa/pull/1254 adds preliminary support for sqlite format.

  • if cert9.db exists, sqlite format is enforced (sqlite:/path/to/nssdb)
  • if cert8.db exists, dbm format is enforced (dbm:/path/to/nssdb)
  • in case both files are present, sqlite format is used.
  • if no file is found, default format is enforced (currently dbm)

master:

master:

  • 1505922 NSSDB: use preferred convert command

Metadata Update from @tdudlak:
- Issue set to the milestone: FreeIPA 4.6.3 (was: FreeIPA 4.6.2)
6 years ago

Metadata Update from @pvoborni:
- Issue priority set to: critical
6 years ago

ipa-4-6:

  • fcc0a58 NSSDB: use preferred convert command
  • 485b3f3 Support sqlite NSSDB

#7209 was closed as a duplicate of this bug.
Edited 6 years ago by pvoborni

master:

  • cd83afc replica_prepare: Remove the correct NSS DB files

ipa-4-6:

  • e7dcba0 replica_prepare: Remove the correct NSS DB files

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

Metadata Update from @cheimes:
- Issue status updated to: Open (was: Closed)
6 years ago

Issue linked to Bugzilla: Bug 1491419

Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1491419

6 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.6.4 (was: FreeIPA 4.6.3)
6 years ago

FreeIPA 4.6.3 has been released, moving to FreeIPA 4.6.4 milestone

@cheimes would you agree that this is basically done and handled by other tickets?

Yes, I agree.

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.6.4)
5 years ago

Login to comment on this ticket.

Metadata
None
None
None
critical
None
None
None
None
None
None
None
None
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1491419
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.