I am currently running the following: 389-admin-1.1.8-3.fc11.x86_64 389-admin-console-1.1.4-1.fc11.noarch 389-admin-console-doc-1.1.4-1.fc11.noarch 389-adminutil-1.1.8-3.fc11.x86_64 389-console-1.1.3-3.fc11.noarch 389-ds-1.1.3-4.fc11.noarch 389-ds-base-1.2.1-1.fc11.x86_64 389-ds-base-debuginfo-1.2.1-1.fc11.x86_64 389-ds-console-1.2.0-4.fc11.noarch 389-ds-console-doc-1.2.0-4.fc11.noarch 389-dsgw-1.1.4-1.fc11.x86_64
Those are the packages that were the initial group that supported the renaming of Fedora DS to 389 DS. I plan to upgrade with "yum upgrade" today as some bugs have been fixed.
What is the proper upgrading procedure for 389 DS?
Can I simply do a "yum update" and expect everything to work or do I always need to merge rpmnew files and run setup-ds-admin.pl after each "yum update"?
I ask for two reasons:
1) I was hit by https://bugzilla.redhat.com/show_bug.cgi?id=518418 and have since recreated my servers with the above packages
2) I noticed that while using SSL, the setup-ds-admin.pl requires me to delete the CA cert that was previously installed and re-import it (crazy).
I'd like to make sure don't have these servers crap out again.
Thanks a lot.
-A
Anthony Joseph Messina wrote:
I am currently running the following: 389-admin-1.1.8-3.fc11.x86_64
the new version is 389-admin-1.1.8-4
389-admin-console-1.1.4-1.fc11.noarch 389-admin-console-doc-1.1.4-1.fc11.noarch 389-adminutil-1.1.8-3.fc11.x86_64 389-console-1.1.3-3.fc11.noarch 389-ds-1.1.3-4.fc11.noarch 389-ds-base-1.2.1-1.fc11.x86_64
the new version is 389-ds-base-1.2.2-1
389-ds-base-debuginfo-1.2.1-1.fc11.x86_64 389-ds-console-1.2.0-4.fc11.noarch 389-ds-console-doc-1.2.0-4.fc11.noarch 389-dsgw-1.1.4-1.fc11.x86_64
Those are the packages that were the initial group that supported the renaming of Fedora DS to 389 DS. I plan to upgrade with "yum upgrade" today as some bugs have been fixed.
Ok. Do not upgrade until the new versions specified above are available from your repo.
What is the proper upgrading procedure for 389 DS?
Can I simply do a "yum update" and expect everything to work or do I always need to merge rpmnew files and run setup-ds-admin.pl after each "yum update"?
You should do a yum upgrade instead of update so that obsoletes will be processed correctly.
Then do setup-ds-admin.pl -u
I don't think there is any merging that needs to be done, but it wouldn't hurt just to check the diff between file and file.rpmnew to see if anything has changed (that you didn't set in your configuration).
I ask for two reasons:
- I was hit by https://bugzilla.redhat.com/show_bug.cgi?id=518418 and have
since recreated my servers with the above packages
- I noticed that while using SSL, the setup-ds-admin.pl requires me to delete
the CA cert that was previously installed and re-import it (crazy).
Yes, this is a bug. https://bugzilla.redhat.com/show_bug.cgi?id=501846
I'd like to make sure don't have these servers crap out again.
Due to the rename issue, your servers will be stopped and restarted, but you should not lose your run level configuration. In what other way(s) did they "crap out"?
Thanks a lot.
-A
-- 389 users mailing list 389-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
On Friday 28 August 2009 10:25:20 Rich Megginson wrote:
- I noticed that while using SSL, the setup-ds-admin.pl requires me to
delete the CA cert that was previously installed and re-import it (crazy).
Yes, this is a bug. https://bugzilla.redhat.com/show_bug.cgi?id=501846
I'd like to make sure don't have these servers crap out again.
Due to the rename issue, your servers will be stopped and restarted, but you should not lose your run level configuration. In what other way(s) did they "crap out"?
well, since i had SSL in the server, the admin server and the console communication between both, and when the servers were stopped, the setup-ds- admin.pl couldn't connect to anything to do the upgrade and once i manually re-added (chkconfig --add dirsrv...) and restarted, the SSL issue with setup- ds-admin.pl became a problem as i had to then uninstall certs just to reinstall them... yuk!
but i'm not worried about the change between fedora-ds* and 389-ds* now as i removed all of fedora-ds* and installed fresh 389-ds* rpms and just simply started over. -- i had just moved from OpenLDAP so that wasn't a big deal.
i also noticed last time that the setup-ds-admin.pl created duplicate instances of my servers in the console -- and i wasn't sure how to get rid of those which is also part of why i just "started over."
since i'm already using the renamed packages (the first round of them), i want to be sure i'm ok with a yum upgrade and that the proper procedure is to always run a setup-ds-admin.pl -u
due to https://bugzilla.redhat.com/show_bug.cgi?id=501846, i now have standard ldap:// (instead of ldaps://) between the admin server and the ds so i should be able to avoid that issue.
i'm still learning this 389-ds, coming from OpenLDAP where i simply did an yum update and didn't need to do anything else :)
i guess, basically... what does one do if the server stops and they are not able to run setup-ds-admin.pl? is it safe to restart the server services and then try it again?
Anthony Joseph Messina wrote:
On Friday 28 August 2009 10:25:20 Rich Megginson wrote:
- I noticed that while using SSL, the setup-ds-admin.pl requires me to
delete the CA cert that was previously installed and re-import it (crazy).
Yes, this is a bug. https://bugzilla.redhat.com/show_bug.cgi?id=501846
I'd like to make sure don't have these servers crap out again.
Due to the rename issue, your servers will be stopped and restarted, but you should not lose your run level configuration. In what other way(s) did they "crap out"?
well, since i had SSL in the server, the admin server and the console communication between both, and when the servers were stopped, the setup-ds- admin.pl couldn't connect to anything to do the upgrade and once i manually re-added (chkconfig --add dirsrv...) and restarted, the SSL issue with setup- ds-admin.pl became a problem as i had to then uninstall certs just to reinstall them... yuk!
but i'm not worried about the change between fedora-ds* and 389-ds* now as i removed all of fedora-ds* and installed fresh 389-ds* rpms and just simply started over. -- i had just moved from OpenLDAP so that wasn't a big deal.
i also noticed last time that the setup-ds-admin.pl created duplicate instances of my servers in the console -- and i wasn't sure how to get rid of those which is also part of why i just "started over."
They can be removed using the console directory browser, to remove their entries from under o=NetscapeRoot
since i'm already using the renamed packages (the first round of them), i want to be sure i'm ok with a yum upgrade and that the proper procedure is to always run a setup-ds-admin.pl -u
Yes. In the future (unless we obsolete some packages again) you can just use yum update. And you must always run setup-ds-admin.pl -u after doing an upgrade - this will make sure the console shows the correct information, and in the future will do things like schema upgrade, adding new configuration, removing old/obsolete configuration/files, etc.
due to https://bugzilla.redhat.com/show_bug.cgi?id=501846, i now have standard ldap:// (instead of ldaps://) between the admin server and the ds so i should be able to avoid that issue.
i'm still learning this 389-ds, coming from OpenLDAP where i simply did an yum update and didn't need to do anything else :)
Unfortunately, there is no way to change the information that the console uses without asking for some sort of password or credential - you can't do that with yum upgrade or rpm -U.
I'm not sure how a yum upgrade of openldap would deal with schema changes, config changes, etc. - perhaps it doesn't do any of that, and just expects you to do that.
i guess, basically... what does one do if the server stops and they are not able to run setup-ds-admin.pl? is it safe to restart the server services and then try it again?
Yes.
-- 389 users mailing list 389-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
On Friday 28 August 2009 10:25:20 Rich Megginson wrote:
Anthony Joseph Messina wrote:
I am currently running the following: 389-admin-1.1.8-3.fc11.x86_64
the new version is 389-admin-1.1.8-4
i got that.
389-admin-console-1.1.4-1.fc11.noarch 389-admin-console-doc-1.1.4-1.fc11.noarch 389-adminutil-1.1.8-3.fc11.x86_64 389-console-1.1.3-3.fc11.noarch 389-ds-1.1.3-4.fc11.noarch 389-ds-base-1.2.1-1.fc11.x86_64
the new version is 389-ds-base-1.2.2-1
i got that.
389-ds-base-debuginfo-1.2.1-1.fc11.x86_64 389-ds-console-1.2.0-4.fc11.noarch 389-ds-console-doc-1.2.0-4.fc11.noarch 389-dsgw-1.1.4-1.fc11.x86_64
Those are the packages that were the initial group that supported the renaming of Fedora DS to 389 DS. I plan to upgrade with "yum upgrade" today as some bugs have been fixed.
Ok. Do not upgrade until the new versions specified above are available from your repo.
ok, i can confirm that the following works now: 1) running "yum upgrade" from the original package set that i specified earlier which retrieves the new 389-admin and 389-ds-base packages. (no rpmnew files created)
2) running setup-ds-admin.pl -u (without ldaps://... as the connection string between the admin server and the ds)
3) now i have:
[27/Aug/2009:20:39:13 -0500] - 389-Directory/1.2.1 B2009.224.1954 starting up [27/Aug/2009:20:39:14 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [27/Aug/2009:20:39:14 -0500] - Listening on All Interfaces port 636 for LDAPS requests [28/Aug/2009:11:01:47 -0500] - slapd shutting down - signaling operation threads [28/Aug/2009:11:01:47 -0500] - slapd shutting down - waiting for 29 threads to terminate [28/Aug/2009:11:01:47 -0500] - slapd shutting down - closing down internal subsystems and plugins [28/Aug/2009:11:01:49 -0500] - Waiting for 4 database threads to stop [28/Aug/2009:11:01:49 -0500] - All database threads now stopped [28/Aug/2009:11:01:49 -0500] - slapd stopped. 389-Directory/1.2.2 B2009.237.206 ds.messinet.com:636 (/etc/dirsrv/slapd-ds)
[28/Aug/2009:11:01:50 -0500] - 389-Directory/1.2.2 B2009.237.206 starting up [28/Aug/2009:11:01:50 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [28/Aug/2009:11:01:50 -0500] - Listening on All Interfaces port 636 for LDAPS requests
so it worked. thank you. i just want to keep in my brain the proper way to upgrade these servers.
if for example, there were *.rpmnew files created, at what point during this process should they be merged? 1) before running setup-ds-admin.pl -u? 2) after, but before restarting dirsrv?
thanks again. -a
Anthony Joseph Messina wrote:
On Friday 28 August 2009 10:25:20 Rich Megginson wrote:
Anthony Joseph Messina wrote:
I am currently running the following: 389-admin-1.1.8-3.fc11.x86_64
the new version is 389-admin-1.1.8-4
i got that.
389-admin-console-1.1.4-1.fc11.noarch 389-admin-console-doc-1.1.4-1.fc11.noarch 389-adminutil-1.1.8-3.fc11.x86_64 389-console-1.1.3-3.fc11.noarch 389-ds-1.1.3-4.fc11.noarch 389-ds-base-1.2.1-1.fc11.x86_64
the new version is 389-ds-base-1.2.2-1
i got that.
389-ds-base-debuginfo-1.2.1-1.fc11.x86_64 389-ds-console-1.2.0-4.fc11.noarch 389-ds-console-doc-1.2.0-4.fc11.noarch 389-dsgw-1.1.4-1.fc11.x86_64
Those are the packages that were the initial group that supported the renaming of Fedora DS to 389 DS. I plan to upgrade with "yum upgrade" today as some bugs have been fixed.
Ok. Do not upgrade until the new versions specified above are available from your repo.
ok, i can confirm that the following works now:
- running "yum upgrade" from the original package set that i specified earlier
which retrieves the new 389-admin and 389-ds-base packages. (no rpmnew files created)
- running setup-ds-admin.pl -u (without ldaps://... as the connection string
between the admin server and the ds)
- now i have:
[27/Aug/2009:20:39:13 -0500] - 389-Directory/1.2.1 B2009.224.1954 starting up [27/Aug/2009:20:39:14 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [27/Aug/2009:20:39:14 -0500] - Listening on All Interfaces port 636 for LDAPS requests [28/Aug/2009:11:01:47 -0500] - slapd shutting down - signaling operation threads [28/Aug/2009:11:01:47 -0500] - slapd shutting down - waiting for 29 threads to terminate [28/Aug/2009:11:01:47 -0500] - slapd shutting down - closing down internal subsystems and plugins [28/Aug/2009:11:01:49 -0500] - Waiting for 4 database threads to stop [28/Aug/2009:11:01:49 -0500] - All database threads now stopped [28/Aug/2009:11:01:49 -0500] - slapd stopped. 389-Directory/1.2.2 B2009.237.206 ds.messinet.com:636 (/etc/dirsrv/slapd-ds)
[28/Aug/2009:11:01:50 -0500] - 389-Directory/1.2.2 B2009.237.206 starting up [28/Aug/2009:11:01:50 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [28/Aug/2009:11:01:50 -0500] - Listening on All Interfaces port 636 for LDAPS requests
so it worked. thank you. i just want to keep in my brain the proper way to upgrade these servers.
if for example, there were *.rpmnew files created, at what point during this process should they be merged?
- before running setup-ds-admin.pl -u?
Yes. setup-ds-admin.pl uses the files in /etc/dirsrv/admin-serv/
- after, but before restarting dirsrv?
thanks again. -a
-- 389 users mailing list 389-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org
-
Anthony Joseph Messina -
Rich Megginson