On ma, 06 syys 2021, Antoine Gatineau via FreeIPA-users wrote:
On Mon, 2021-09-06 at 07:52 +0200, Nico Maas via FreeIPA-users wrote:
Dear Ian,
thanks for the infos :)
I did need to migrate to CentOS 8 Stream as it was assured in this group this
would be the best way in the future a few months ago.
Is there an easy way to go from CentOS 8 Stream to Rocky Linux and would this
be the prefered way now?
(I need to have freeIPA running obviously and don't want anything to break :))
From what I have seen, packages are built in centos stream only once at the
begining of a release cycle (ie: 8.4 8.5 etc...). Then there is
no activity until the next release cycle.
I don't think this reflects a reality we have. Remember that Stream
tracks next version to be released. This means it is always updated when
next version development is in progress. There is a slight inversion
between 9 Stream and 8 Stream for historical reasons: 9 Stream git
repos updated first, then packages built in both CentOS 9 Stream and
RHEL 9 development branch, then QA process runs on both and once RHEL QA
process allows to gate the builds through, both RHEL and CentOS Stream
composes get updated -- all this automatically. In CentOS 8 Stream
situation is reverted: RHEL 8 git is updated first, then builds for RHEL
run through QA process and once they succeed through the gating and
appear in the composes, CentOS 8 Stream git gets updated and packages
get built -- all this manually. That's a historical thing since with
Stream the real process change is happening in 9.
What we see in https://git.centos.org/rpms/ipa/commits/c8s-stream-DL1,
sadly, is that somehow it misses quite a number of updates in RHEL 8
development that happened through the summer. I'll ask CentOS people to
sync-up the 8 Stream, if possible.
Anyway, I do not see how changing to Rocky Linux or anything else based
off CentOS [Stream] would help to bring a new version of IPA into them
since all of those are using the same git.centos.org for 8.x. These
downstreams are aiming for package-level and binary compatibility with
RHEL, after all.
Second question:
We were talking about the Debian Bullseye Client, not freeIPA server.
e.g. how to integrate a Debian Bullseye machine into freeIPA...
With Buster, we had the freeipa-client which was easy to install via apt, now,
it looks like thats not an option anymore... or are we just
too early to the party? :
Hi,
At the moment, freeipa-client is blocked because of building issues on
the server part. freeipa server and client are part of the same source
package. IIRC it was the same when buster came out and freeipa-client
was included later on.
However, freeipa-client is available in sid. It is possible to install
just those packages from sid. (haven't tried that yet).
Anyone who wants to have FreeIPA in Debian/Ubuntu needs to focus on
helping Timo Aaltonen with the packaging and integration work. A
distribution integration is not just 'get the package and compile'. I
did a talk about it at FOSDEM 2019:
https://archive.fosdem.org/2019/schedule/event/freeipa_cross_distrbution_packaging_experience/
Regards,
Antoine
Cheers
Nico
Am Mo., 6. Sept. 2021 um 02:23 Uhr schrieb Ian Willis <[email protected]>:
> Hi All,
>
> If you're looking for a relatively simple solution the migration to Rocky
linux can be achieved relatively painlessly. We've been
> kicking the tyres over the past few months and it fits our use case and
Centos8 going forward doesn't. This isn't a shot at either
> Centos, Redhat or IBM its a simple statement of fact given the future
direction of Centos.
>
> They have a script for migration and the maintainer is one of the original
creators of Centos which provides a degree of assurance in
> terms of project scope and continuity.
>
> While I like Debian, the body of knowledge associated with Redhat based
platforms and relative complexity/fragility of freeIPA would
> make me think twice before going down this path.
> That being said, I would like to see a vibrant Debian freeIPA community
however depending upon your use case there may be some issues.
>
> Regards
>
> Ian
>
> -----Original Message-----
> From: Ilya Kogan via FreeIPA-users <[email protected]>
> Reply-To: FreeIPA users list <[email protected]>
> To: FreeIPA users list <[email protected]>
> Cc: Nico Maas <[email protected]>, Timo Aaltonen <[email protected]>, Ilya Kogan
<[email protected]>
> Subject: [Freeipa-users] Re: freeIPA Status Debian/Ubuntu
> Date: Sun, 5 Sep 2021 16:19:38 -0400
>
> It looks like Bullseye doesn't even have the client, if I'm not mistaken?
After an upgrade, it's telling me that `freeipa-common` is no
> longer needed and there's no longer a `freeipa-client` package.
> Is there any way to get an idea of what the situation is with this?
>
> Ilya Kogan w: github.com/ikogan e: [email protected]
>
>
> On Thu, Dec 10, 2020 at 2:20 PM Nico Maas via FreeIPA-users
<[email protected]> wrote:
> > Thank you for your update and hard work Timo :)!
> >
> > Am Do., 10. Dez. 2020 um 19:38 Uhr schrieb Timo Aaltonen
<[email protected]>:
> > > On 9.12.2020 13.30, Nico Maas via FreeIPA-users wrote:
> > > > Hello there,
> > > >
> > > > with the decline of CentOS I need to migrate away from CentOS 8 to
something different.
> > > > I just wanted to ask how currently the status of the Debian or Ubuntu
versions of freeIPA is - and if there is any possibility to
> > > > migrate freeIPA installation / "backup and restore"?
> > > >
> > > > Best regards,
> > > >
> > > > Nico
> > >
> > > Hi,
> > >
> > > Short answer:
> > >
> > > ipaserver-install fails (Debian bug #970880), but client works. Debian
> > > 'bullseye' will be frozen for release next month, so it's likely that it
> > > comes only with the client, just like Ubuntu since 20.04. But miracles
> > > could happen during the holidays..
> > >
> > > Long answer:
> > >
> > > The server worked fine back in April (with bind 9.11 forced in) when I
> > > set up an Azure pipeline and worked through some kinks there to get
> > > through the tests. Best coverage I got to was around 95% of all tests.
> > > But since then things fell apart and I don't have a working baseline
> > > anymore, and shoving updates on top of others haven't helped.. The
> > > blocker bug is somewhere between Certmonger, Dogtag CA, Tomcat, and TLS.
> > > We'll see how long it still takes until the bug is found and fixed..
> > >
> > >
> > > _______________________________________________
> > > FreeIPA-users mailing list --
> > > [email protected]
> > >
> > > To unsubscribe send an email to
> > > [email protected]
> > >
> > > Fedora Code of Conduct:
> > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > >
> > > List Guidelines:
> > > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > >
> > > List Archives:
> > >
https://lists.fedorahosted.org/archives/list/[email protected]
> > >
> > > Do not reply to spam on the list, report it:
> > > https://pagure.io/fedora-infrastructure
> > >
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
