Upgradeprovision notes

Matthias Dieter Wallnöfer mdw at samba.org
Tue Jan 26 07:52:45 MST 2010 

Hi Matthieu,

those are great plans! I think you got all of the important upgrade 
obstacles. I hope you are able to remove at least some of them.

Matthias

Matthieu Patou wrote:
> Dear all,
>
> I'm somehow feeling concerned with upgradeprovision and here are my 
> plans to improve it:
>
>
> 1) Update DNS record using rebuild_zone.sh or something similar, as 
> older provision might have broken zone somehow.
> 2) Update NTACLs and dirs in sysvol, as new GPO has been introduced in 
> august by MDW but users with older provision do not have associated 
> dirs and no acl on this dir as well and up to a few days provision 
> didn't put ACL on sysvol files.
> 3) do a mostly clean SD update: for the moment upgrade provision is 
> always replacing the SD in the upgraded provision by the one 
> recalculated. The very first step is to limit this behavior to older 
> than alpha11 provision as now people (I'm not totally happy with this 
> cutof as alpha11 shipped with a bug that caused SD to be bogus on some 
> configuration objects). T
> hen I would like to check every object where the SD is different from 
> the reference one and for each object that is found, check if its SD 
> was obtained directly from the defaultSD + the SD of its parent or if 
> the SD was modified afterhand.
> 4) Make upgradeprovision use one big transaction for the upgrade process
> 5) Honnor fSMORoleOwner so that upgradeprovision on a given host do 
> not modify parts where the DC is the role owner
> 6) Make upgradeprovision not replace sam.ldb when provision > alpha10 
> and do instead a search and replace in sam.ldb with basedn=""
> 7) Update provision so it can store an @PROVISION entry in sam.ldb to 
> keep the trace of the last USN modified by (upgrade)provision
> 8) Use the the usn information, the replpropertymetadata, + the 
> invocation id of the udpdated DC to see if should update attribute or 
> not. The rule will be: originating_invocation_id== invocation_id_dc && 
> originating_usn <= lastUSN modified by provision.
>
> Let me know if you see something else to add or reorder.
>
> Matthieu.
>
>
>

More information about the samba-technical mailing list