Dear FreeIPA users,
TL:DR *any* way of moving from 4.7.2->4.7.1?
I've managed to get into a situation.. On realising the support for Debian/Ubuntu was a bit ropey, I successfully made Fedora replicas and promoted them a year or so ago. These run OK, but wanting to be off the treadmill of Fedora upgrades, the promise of CentOS8 beckoned. With seeing the release notes for 4.7.2 pointing to Redhat 8 relates patches I was quite confident that 4.7.2 would be included, allowing another hop over to a longer term supported OS. So the short version is, that I'm on 4.7.2 very much wanting to get to CentOS8 where 4.7.1 is currently.
I understand the replica installer will let you create against the same or older than itself, but are there any actual LDAP schema differences between these versions? Might it be possible to tweak what 4.7.2 reports in order to force it to allow a 4.7.1 replica? Is there a backup and restore process that might allow the moving back by 0.0.1 versions!? Given that FreeIPA call out Redhat and Fedora support but not CentOS, would I actually be better off on the Fedora frequent update path?
Many thanks in advance,
David
David Harvey via FreeIPA-users wrote:
Dear FreeIPA users,
TL:DR *any* way of moving from 4.7.2->4.7.1?
I've managed to get into a situation.. On realising the support for Debian/Ubuntu was a bit ropey, I successfully made Fedora replicas and promoted them a year or so ago. These run OK, but wanting to be off the treadmill of Fedora upgrades, the promise of CentOS8 beckoned. With seeing the release notes for 4.7.2 pointing to Redhat 8 relates patches I was quite confident that 4.7.2 would be included, allowing another hop over to a longer term supported OS. So the short version is, that I'm on 4.7.2 very much wanting to get to CentOS8 where 4.7.1 is currently.
I understand the replica installer will let you create against the same or older than itself, but are there any actual LDAP schema differences between these versions? Might it be possible to tweak what 4.7.2 reports in order to force it to allow a 4.7.1 replica? Is there a backup and restore process that might allow the moving back by 0.0.1 versions!? Given that FreeIPA call out Redhat and Fedora support but not CentOS, would I actually be better off on the Fedora frequent update path?
Is there any way? Sure, you can disable the version checking code in ipaserver/install/server/replicainstall.py::check_remote_version()
Would I do it? I dunno. 0.0.1 difference is about 95 patches. Some of those were almost certainly backported to RHEL 8. Chances are it's fine but without going through each patch there is no guarantee.
Lots of users run in production in CentOS.
rob
Thanks for your response Rob,
If I were to attempt such a thing and it apparently succeeds, is there any kind of integrity/sanity check that you would run to probe for oddities?
Best wishes,
David
On Mon, 28 Oct 2019, 21:38 Rob Crittenden, rcritten@redhat.com wrote:
David Harvey via FreeIPA-users wrote:
Dear FreeIPA users,
TL:DR *any* way of moving from 4.7.2->4.7.1?
I've managed to get into a situation.. On realising the support for Debian/Ubuntu was a bit ropey, I successfully made Fedora replicas and promoted them a year or so ago. These run OK, but wanting to be off the treadmill of Fedora upgrades, the promise of CentOS8 beckoned. With seeing the release notes for 4.7.2 pointing to Redhat 8 relates patches I was quite confident that 4.7.2 would be included, allowing another hop over to a longer term supported OS. So the short version is, that I'm on 4.7.2 very much wanting to get to CentOS8 where 4.7.1 is currently.
I understand the replica installer will let you create against the same or older than itself, but are there any actual LDAP schema differences between these versions? Might it be possible to tweak what 4.7.2 reports in order to force it to allow a 4.7.1 replica? Is there a backup and restore process that might allow the moving back by 0.0.1 versions!? Given that FreeIPA call out Redhat and Fedora support but not CentOS, would I actually be better off on the Fedora frequent update path?
Is there any way? Sure, you can disable the version checking code in ipaserver/install/server/replicainstall.py::check_remote_version()
Would I do it? I dunno. 0.0.1 difference is about 95 patches. Some of those were almost certainly backported to RHEL 8. Chances are it's fine but without going through each patch there is no guarantee.
Lots of users run in production in CentOS.
rob
David Harvey wrote:
Thanks for your response Rob,
If I were to attempt such a thing and it apparently succeeds, is there any kind of integrity/sanity check that you would run to probe for oddities?
Doubtful.
Chances are everything would be peachy but I just can't guarantee anything.
To be on the safe side I'd stick around for another Fedora release or so (and put off upgrading until you have to). RHEL (and therefore CentOS) is bound to update beyond 4.7.2 eventually.
rob
Best wishes,
David
On Mon, 28 Oct 2019, 21:38 Rob Crittenden, <rcritten@redhat.com mailto:rcritten@redhat.com> wrote:
David Harvey via FreeIPA-users wrote: > Dear FreeIPA users, > > TL:DR *any* way of moving from 4.7.2->4.7.1? > > I've managed to get into a situation.. > On realising the support for Debian/Ubuntu was a bit ropey, I > successfully made Fedora replicas and promoted them a year or so ago. > These run OK, but wanting to be off the treadmill of Fedora upgrades, > the promise of CentOS8 beckoned. With seeing the release notes for > 4.7.2 pointing to Redhat 8 relates patches I was quite confident that > 4.7.2 would be included, allowing another hop over to a longer term > supported OS. So the short version is, that I'm on 4.7.2 very much > wanting to get to CentOS8 where 4.7.1 is currently. > > I understand the replica installer will let you create against the same > or older than itself, but are there any actual LDAP schema differences > between these versions? Might it be possible to tweak what 4.7.2 reports > in order to force it to allow a 4.7.1 replica? Is there a backup and > restore process that might allow the moving back by 0.0.1 versions!? > Given that FreeIPA call out Redhat and Fedora support but not CentOS, > would I actually be better off on the Fedora frequent update path? Is there any way? Sure, you can disable the version checking code in ipaserver/install/server/replicainstall.py::check_remote_version() Would I do it? I dunno. 0.0.1 difference is about 95 patches. Some of those were almost certainly backported to RHEL 8. Chances are it's fine but without going through each patch there is no guarantee. Lots of users run in production in CentOS. rob
freeipa-users@lists.fedorahosted.org