Hi,
I would like to know the best practice for patching FreeIPA-Server
packages. We generally have daily patching enabled in our servers. Will it
be a good idea to do automatic patching of FreeIPA-Server packages?
If we want to restrict the FreeIPA-Server packages from automatomatic
upgrade and rather keep it for manual upgrade, what are the packages we
should hold back with a version restriction? And how frequently should we
do the manual upgrade? If the FreeIPA-client packages are upgraded
regularly by daily patching(yum-cron or unattended upgrade) will there be
any problem with authentication, if the FreeIPA-Servers are behind version
upgrade?
We have two FreeIPA environments, one with CentOS7 and another with
CentOS8. And we have FreeIPA clients mostly with Ubuntu(18 and 20) and
CentOS (7 and 8).
Any help and guidance is appreciated.
Thanks
Suchi