On ma, 16 loka 2017, Charles Hedrick via FreeIPA-users wrote:
I just installed a new replica on Centos 7.3. Our existing servers
are
also on Centos 7.3, and use IPA 4.4, which comes with Centos 7.3. I was
somewhat surprised to find that my new replica was IPA 4.5 with a newer
version of sssd as well. It appears that the replica install process
did the Centos 7.4 upgrades for ipa and sssd, though the rest of the
system is still Cento 7.3. The resulting system works, with only minor
differences in behavior in sssd. But it was unexpected.
We’ll do a full Centos 7.4 upgrade at the next major break, but had
been holding off doing that during a semester.
It’s moderately important to me not to get unexpected versions of
software. I didn’t even notice the difference until the replica was in
production. In a sense that’s good, because it means 4.5 works fine.
But we could also have discovered it that hard way …
This is not related to FreeIPA
but is how CentOS (and RHEL, to some
degree) maintain their repositories.
https://wiki.centos.org/FAQ/General#head-dcca41e9a3d5ac4c6d900a991990fd11...
says:
CentOS Linux releases minor (point in time) versions of our major
branches. Two very important things about CentOS Linux branches are:
The CentOS Project provides updates or other changes ONLY for the
latest version of each major branch. Thus, if the latest minor
version of CentOS-6 is version 6.6 then the CentOS Project only
provides updated software for this minor version in the 6 branch. If
you are using an older minor version than the latest in a given
branch, then you are missing security and bugfix updates.
<!> Note: Any minor version is just a snapshot with previous
updates, plus the latest batch of new upstream updates, rolled
into a new [base] repo with an initially empty [updates] repo.
{i} Tip: There is a CentOS Vault containing older CentOS trees.
This vault is a picture of the older tree when it was removed
from the main tree, and does not receive updates. It should only
be used for reference.
When setting up yum repositories on CentOS Linux you should ONLY use
the single digit for the active branch, which corresponds to the
CentOS Linux major branch. For example,
http://mirror.centos.org/centos/5/ ,
http://mirror.centos.org/centos/6/ , or
http://mirror.centos.org/centos/7/ . This is because we move all
older minor branches to
http://vault.centos.org/ . Remember from the
prior bullet point, no updates are ever added to minor versions of
CentOS Linux once in the vault.
--
/ Alexander Bokovoy