Summary

Likewise-Open is present in Jaunty with two versions (4.1 and 5.0) because it was impossible to upgrade from 4.1 to 5.0 without forcing the user to rejoin the domain. Using 5.2 (and taking some other actions to make 5.2 suitable for main) should allow a single version to be available in Karmic.

Release Note

9.10 ships with Likewise-Open 5.2 and provides upgrade paths from the 4.1 and 5.0 versions that were present in 9.04.

Rationale

A single version of Likewise Open should be provided in Ubuntu (main). However, it was not acceptable in Jaunty to force the user to leave and rejoin the domain on upgrades, especially as it requires to have a Windows domain administrator account (which normal users don't have). Likewise-Open 5.2 will ship with upgrade scripts that we will be able to integrate in Debian packaging.

User stories

Assumptions

Likewise upstream developers must pre-release 5.2 in time for us to integrate it before FeatureFreeze, which means sometime in July.

Design

likewise-open5 -> likewise-open upgrade

Both likewise-open-4.1 and likewise-open5-5.0 will need to upgrade to the same likewise-open-5.2 package. One way of doing theat would be to create dummy binary likewise-open5-* packages (that depend on likewise-open-* equivalents) in the likewise-open package, with proper Conflicts/Replaces entries, as described in http://wiki.debian.org/Renaming_a_Package.

DB upgrade scripts integration

Likewise-Open 5.2 will come with database upgrade scripts that can be used to migrate existing (4.1 or 5.0) databases to the 5.2 format without losing information. These scripts will need to be integrated into postinst to ensure seamless upgrade in all cases.

Libraries

Likewise Open 5 in Jaunty used a private openldap library and needed some kerberos library patches. Those issues should be fixed in order to make 5.2 perfectly suitable for main.

OpenLDAP

Likewise-Open needs UDP support for LDAP, an extension of LDAP protocol used by Microsoft Active Directory and required for some Windows domain interaction. Our OpenLDAP 2.4 isn't compiled with the -DCONNECTIONLESS_LDAP flag. Howard Chu (OpenLDAP upstream) confirmed that enabling this option shouldn't adversely affect other OpenLDAP users. Jerry Carter (Likewise) also mentionned some OpenLDAP 2.4 regressions regarding this UDP support. This needs to be confirmed, and if real, fixed in Karmic.

Kerberos

The GSSAPI patches that we had to apply in Jaunty for Likewise-Open 5 are deprecated by Kerberos 1.7 own GSSAPI support. Likewise-Open 5.2 should support the regular Kerberos 1.7 library, released recently.

Implementation

Step 1: Fix libraries

Step 2: Likewise pre-release with Kerberos 1.7 / OpenLDAP 2.4 support

Likewise needs to deliver several features for this implementation to succeed. They want to do it as part of a 5.2 release. As a first step we need the following features delivered:

Step 3: Pre-release packaging

This pre-release of Likewise will be packaged ASAP. It will just make sure the following is covered:

Step 4: Likewise release with upgrade script

Likewise needs to deliver a near-final release that includes:

Step 5: Package update

The likewise-open package needs to be updated to support:

Step 6: Documentation update

Server Guide currently talks about the two parallel releases, this will need to be fixed as well.

Test/Demo Plan

Test plan must include three upgrade scenarios:

The test runs as follows:

Unresolved issues

For 10.04 LTS we need to provide and test a direct upgrade path from 8.04 LTS likewise-open-4.0 to 10.04 LTS likewise-open-5.x.

BoF agenda and discussion

UDS discussion notes

Introduction: The compromise in 9.04

Upgrade 4.1 users to 5.x

Remove copies of libraries

Version targets


CategorySpec

LikewiseOpen5MigrationSpec (last edited 2009-06-11 10:13:57 by ttx)