Anthony Joseph Messina wrote: > On Friday 28 August 2009 10:25:20 Rich Megginson wrote: > >>> 2) I noticed that while using SSL, the setup-ds-admin.pl requires me to >>> delete the CA cert that was previously installed and re-import it >>> (crazy). >>> >> Yes, this is a bug. https://bugzilla.redhat.com/show_bug.cgi?id=501846 >> >> >>> I'd like to make sure don't have these servers crap out again. >>> >>> >> Due to the rename issue, your servers will be stopped and restarted, but >> you should not lose your run level configuration. In what other way(s) >> did they "crap out"? >> > > well, since i had SSL in the server, the admin server and the console > communication between both, and when the servers were stopped, the setup-ds- > admin.pl couldn't connect to anything to do the upgrade and once i manually > re-added (chkconfig --add dirsrv...) and restarted, the SSL issue with setup- > ds-admin.pl became a problem as i had to then uninstall certs just to > reinstall them... yuk! > > but i'm not worried about the change between fedora-ds* and 389-ds* now as i > removed all of fedora-ds* and installed fresh 389-ds* rpms and just simply > started over. -- i had just moved from OpenLDAP so that wasn't a big deal. > > i also noticed last time that the setup-ds-admin.pl created duplicate > instances of my servers in the console -- and i wasn't sure how to get rid of > those which is also part of why i just "started over." > They can be removed using the console directory browser, to remove their entries from under o=NetscapeRoot > since i'm already using the renamed packages (the first round of them), i want > to be sure i'm ok with a yum upgrade and that the proper procedure is to > always run a setup-ds-admin.pl -u > Yes. In the future (unless we obsolete some packages again) you can just use yum update. And you must always run setup-ds-admin.pl -u after doing an upgrade - this will make sure the console shows the correct information, and in the future will do things like schema upgrade, adding new configuration, removing old/obsolete configuration/files, etc. > due to https://bugzilla.redhat.com/show_bug.cgi?id=501846, i now have standard > ldap:// (instead of ldaps://) between the admin server and the ds so i should > be able to avoid that issue. > > i'm still learning this 389-ds, coming from OpenLDAP where i simply did an yum > update and didn't need to do anything else :) > Unfortunately, there is no way to change the information that the console uses without asking for some sort of password or credential - you can't do that with yum upgrade or rpm -U. I'm not sure how a yum upgrade of openldap would deal with schema changes, config changes, etc. - perhaps it doesn't do any of that, and just expects you to do that. > i guess, basically... what does one do if the server stops and they are not > able to run setup-ds-admin.pl? is it safe to restart the server services and > then try it again? > Yes. > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090828/f7f75396/attachment.bin
