Bug 1211589

Summary: [RFE] Add option to skip the verify_client_version
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: dpal, jcholast, rcritten, tbabej
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.2.0-1.el7 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 12:00:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1181710    

Description Martin Kosek 2015-04-14 11:58:48 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4768

The error message

{{{
ipa: ERROR: 2.108 client incompatible with 2.65 server
}}}

prevents remote {{{ipa}}} operations even if the specific API calls could very well run against the older server version because they parameters and result and behaviour is exactly the same.

Proposing here new option {{{--ignore-version-mismatch}}} to just skip this check.

The "... client incompatible with ... server" error message could also hint at this new option, with a warning that things might not work.

My main reason for this "workaround" are the container deployments where it might not even be possible to ssh to the container to run the {{{ipa}}} command on the IPA server, and the matrix of client/server combinations might become much richer because it will be much easier to just run image which happens to have different server version than the host/workstation.

When this is implemented, the option should be noted at http://www.freeipa.org/page/Client#Compatibility
Comment 1 Tomas Babej 2015-07-07 22:37:04 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/ea7f392bb98c1f1c4558ec5d6e84ee7a7c613474
Comment 2 Jan Cholasta 2015-07-08 12:36:53 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/232458a222435c80c28d6179f164673de67e2544
Comment 4 Namita Soman 2015-09-20 22:32:49 UTC 
Verified by installing 7.1 server using ipa-server-4.1.0-18.el7.x86_64 and 7.2 client using ipa-client-4.2.0-11.el7.x86_64


# ipa user-find
ipa: ERROR: 2.156 client incompatible with 2.112 server at 'https://cloud-qe-20.testrelm.test/ipa/xml'

# ipa -e skip_version_check=1 user-find
--------------
1 user matched
--------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 1455400000
  GID: 1455400000
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
Comment 5 errata-xmlrpc 2015-11-19 12:00:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html