Karma request: freeipa and pki-core updates to fix FreeIPA upgrades

Stephen Gallagher sgallagh at redhat.com
Mon Nov 2 22:27:29 UTC 2015



> On Nov 2, 2015, at 4:48 PM, Stephen Gallagher <sgallagh at redhat.com> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
>> On 11/02/2015 03:47 PM, Adam Williamson wrote:
>> Hi folks! We have a big problem with F23 at the moment, where
>> upgrades from previous releases break FreeIPA. A couple of updates
>> have just been sent out to try and fix this, and it'd be great if
>> people could help test and karma them:
>> 
>> https://bodhi.fedoraproject.org/updates/freeipa-4.2.3-1.fc23 
>> https://bodhi.fedoraproject.org/updates/FEDORA-2015-f12c332a2f
>> 
>> we'd recommend *not* testing on a production server for now :) The
>> test should more or less be to deploy a FreeIPA server on F21 or
>> F22, check it works, upgrade to F23, install both those updates,
>> then try running the FreeIPA upgrade script - `ipa-server-upgrade`
>> - and check whether you get a successful upgrade and a working
>> server. If you do, you should be able to +1 karma both updates.
>> Thanks a lot!
>> 
>> I'd also be interested if anyone's seeing execmem denials from
>> SELinux with FreeIPA on F23: 
>> https://bugzilla.redhat.com/show_bug.cgi?id=1277224
>> 
> 
> The update does not resolve all issues with the upgrade process, I'm
> revoking the updates-testing request for now and we will try again
> tomorrow.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iEYEARECAAYFAlY32gkACgkQeiVVYja6o6Ng6wCfXcYqx/fnZ65eB8it3OIgYBLr
> P04AnRPMJcH17v61wNFj+PP9L31kdcsa
> =WLK0
> -----END PGP SIGNATURE-----
> _______________________________________________
> server mailing list
> server at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/server


Disregard the above. It turns out that the issue I was experiencing wasn't directly FreeIPA's fault. Instead it was because the interface name change during upgrade changed the DHCP-assigned address of the machine and FreeIPA pretty much relies on the IP not changing. The failure I experienced can be fixed by manually changing the IP address back to what it should have been and rerunning the ipa-server-upgrade script. This should not be an issue on machines with a static IP or ones whose DHCP assignment is based on MAC address.


More information about the server mailing list