Launchpad Entry: server-karmic-likewise-open-migration
Created: Jun 5, 2009
Packages affected: likewise-open, likewise-open5, openldap
Likewise-Open is present in Jaunty with two versions (4.1 and 5.0) because it was impossible to upgrade from 4.1 to 5.0 without forcing the user to rejoin the domain. Using 5.2 (and taking some other actions to make 5.2 suitable for main) should allow a single version to be available in Karmic.
9.10 ships with Likewise-Open 5.2 and provides upgrade paths from the 4.1 and 5.0 versions that were present in 9.04.
A single version of Likewise Open should be provided in Ubuntu (main). However, it was not acceptable in Jaunty to force the user to leave and rejoin the domain on upgrades, especially as it requires to have a Windows domain administrator account (which normal users don't have). Likewise-Open 5.2 will ship with upgrade scripts that we will be able to integrate in Debian packaging.
- Alice used likewise-open since hardy and upgraded up to Jaunty, so she is using 4.1 now. When upgrading to Karmic her domain data is seamlessly migrated and she can enjoy 5.2 stability and features.
- Bob enjoyed using likewise-open5 in jaunty, especially the smaller footprint and better stability. When upgrading to Karmic he gets the new likewise-open package, now at version 5.2.
Likewise upstream developers must pre-release 5.2 in time for us to integrate it before FeatureFreeze, which means sometime in July.
likewise-open5 -> likewise-open upgrade
Both likewise-open-4.1 and likewise-open5-5.0 will need to upgrade to the same likewise-open-5.2 package. One way of doing theat would be to create dummy binary likewise-open5-* packages (that depend on likewise-open-* equivalents) in the likewise-open package, with proper Conflicts/Replaces entries, as described in http://wiki.debian.org/Renaming_a_Package.
DB upgrade scripts integration
Likewise-Open 5.2 will come with database upgrade scripts that can be used to migrate existing (4.1 or 5.0) databases to the 5.2 format without losing information. These scripts will need to be integrated into postinst to ensure seamless upgrade in all cases.
Likewise Open 5 in Jaunty used a private openldap library and needed some kerberos library patches. Those issues should be fixed in order to make 5.2 perfectly suitable for main.
Likewise-Open needs UDP support for LDAP, an extension of LDAP protocol used by Microsoft Active Directory and required for some Windows domain interaction. Our OpenLDAP 2.4 isn't compiled with the -DCONNECTIONLESS_LDAP flag. Howard Chu (OpenLDAP upstream) confirmed that enabling this option shouldn't adversely affect other OpenLDAP users. Jerry Carter (Likewise) also mentionned some OpenLDAP 2.4 regressions regarding this UDP support. This needs to be confirmed, and if real, fixed in Karmic.
The GSSAPI patches that we had to apply in Jaunty for Likewise-Open 5 are deprecated by Kerberos 1.7 own GSSAPI support. Likewise-Open 5.2 should support the regular Kerberos 1.7 library, released recently.
Step 1: Fix libraries
- Include final Kerberos 1.7 in Karmic. Beta is available already, likewise-open5 packages are broken as a result, since they leveraged the specific 1.6 GSSAPI kerberos patch. See LP: #385475
- Compile OpenLDAP 2.4 with -DCONNECTIONLESS_LDAP
Step 2: Likewise pre-release with Kerberos 1.7 / OpenLDAP 2.4 support
Likewise needs to deliver several features for this implementation to succeed. They want to do it as part of a 5.2 release. As a first step we need the following features delivered:
- OpenLDAP 2.4/UDP compatibility. Jerry remembered having problems with that version. If any, they need to be fixed as well.
- Kerberos 1.7 GSSAPI support. GSS in Likewise-Open needs to be modified to use the new 1.7 API.
Step 3: Pre-release packaging
This pre-release of Likewise will be packaged ASAP. It will just make sure the following is covered:
- Use of standard OpenLDAP library
- Use of standard Kerberos library
- Support for any additional feature already delivered (5.2 ?)
Step 4: Likewise release with upgrade script
Likewise needs to deliver a near-final release that includes:
DB upgrade scripts. An upgrade script detecting current DB and migrating it if necessary to new format must be provided as part of the Likewise-Open distribution. 4.1 -> 5.x (and if necessary 5.0 -> 5.x) must be supported.
Step 5: Package update
The likewise-open package needs to be updated to support:
likewise-open5 -> likewise-open upgrade
- Call DB upgrade scripts in postinst
- Support for any additional feature also delivered
Step 6: Documentation update
Server Guide currently talks about the two parallel releases, this will need to be fixed as well.
Test plan must include three upgrade scenarios:
Jaunty / likewise-open 4.1 -> Karmic / likewise-open 5.2
Jaunty / likewise-open5 5.0 -> Karmic / likewise-open 5.2
Hardy / likewise-open 4.0 -> Intrepid -> Jaunty -> Karmic / likewise-open 5.2
The test runs as follows:
- Install original version, join domain, test domain authentication
- Test domain authentication
For 10.04 LTS we need to provide and test a direct upgrade path from 8.04 LTS likewise-open-4.0 to 10.04 LTS likewise-open-5.x.
BoF agenda and discussion
UDS discussion notes
Introduction: The compromise in 9.04
- Cannot upgrade from Likewise-open 4 to 5 without leaving the domain and re-joining.
- Both releases are in Jaunty.
Upgrade 4.1 users to 5.x
- likewise-open-5.2 will contain a script to migrate DB from likewise-open-4
- Also need to script upgrade from 5.0 to likewise-open-5.2.
Remove copies of libraries
- Issue of the private OpenLDAP library
- Compiled with -DCONNECTIONLESS_LDAP which might not make sense in default
- Howard says UDP support is harmless in default, so we should switch it on
- Potential regression in OpenLDAP 2.4 wrt that UDP support, Jerry needs to investigate
- Kerberos 1.7 compatibility
- Likewise Open 5.2 should support regular Kerberos 1.7.
- Final 1.7 release should be June 1st.
- 5.0.3991 is in 9.04
- Following previous discussion, 5.2.x should be the target for Karmic