summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2013-07-11 17:35:26 +0300
committerAlexander Bokovoy <abokovoy@redhat.com>2013-07-11 18:05:03 +0300
commit57fd275d7a75e1a257e5f49976aa374457aa9059 (patch)
tree8cb55d9817c4d8e3301e7c7fc6f77d7b7e66378b
parentaf7807aacc6cf1beb25e53483b54bd599bd6421d (diff)
downloadfreeipa-57fd275d7a75e1a257e5f49976aa374457aa9059.zip
freeipa-57fd275d7a75e1a257e5f49976aa374457aa9059.tar.gz
freeipa-57fd275d7a75e1a257e5f49976aa374457aa9059.tar.xz
Run server upgrade and restart in posttrans
Running server upgrade or restart in %post or %postun may cause issues when there are still parts of old FreeIPA software (like entitlements plugin). https://fedorahosted.org/freeipa/ticket/3739
-rw-r--r--freeipa.spec.in25
1 files changed, 16 insertions, 9 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in
index f2847e1..05b43bc 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -468,13 +468,22 @@ rm -rf %{buildroot}
# END
if [ $1 -gt 1 ] ; then
/bin/systemctl condrestart certmonger.service 2>&1 || :
- /usr/sbin/ipa-upgradeconfig --quiet >/dev/null || :
fi
%posttrans server
# This must be run in posttrans so that updates from previous
# execution that may no longer be shipped are not applied.
/usr/sbin/ipa-ldap-updater --upgrade --quiet >/dev/null || :
+/usr/sbin/ipa-upgradeconfig --quiet >/dev/null || :
+
+# Restart IPA processes. This must be also run in postrans so that plugins
+# and software is in consistent state
+python -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1
+# NOTE: systemd specific section
+if [ $? -eq 0 ]; then
+ /bin/systemctl try-restart ipa.service >/dev/null 2>&1 || :
+fi
+# END
%preun server
if [ $1 = 0 ]; then
@@ -484,14 +493,6 @@ if [ $1 = 0 ]; then
# END
fi
-%postun server
-if [ "$1" -ge "1" ]; then
-# NOTE: systemd specific section
- /bin/systemctl --quiet is-active ipa.service >/dev/null && \
- /bin/systemctl try-restart ipa.service >/dev/null 2>&1 || :
-# END
-fi
-
%pre server
# Stop ipa_kpasswd if it exists before upgrading so we don't have a
# zombie process when we're done.
@@ -511,6 +512,8 @@ fi
%post server-trust-ad
%{_sbindir}/update-alternatives --install %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so \
winbind_krb5_locator.so /dev/null 90
+
+%posttrans server-trust-ad
python -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1
if [ $? -eq 0 ]; then
# NOTE: systemd specific section
@@ -816,6 +819,10 @@ fi
%endif # ! %{ONLY_CLIENT}
%changelog
+* Thu Jul 11 2013 Martin Kosek <mkosek@redhat.com> - 3.2.99-5
+- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
+ issues when there are still old parts of software (like entitlements plugin)
+
* Wed Jul 10 2013 Ana Krivokapic <akrivoka@redhat.com> - 3.2.99-4
- Bump minimum version of 389-ds-base to 1.3.1.3 for user password change fix.