On Fri, Sep 6, 2024 at 11:04 AM Sina Owolabi <[email protected]> wrote: > > Ah I see, I guess its Alma or similar then, right? >
For any CentOS derivative, you should perform this procedure: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/migrating_to_identity_management_on_rhel_8/index#install-replica_migrate-7-to-8 I'd suggest going to CentOS Stream 8, and them going to CentOS Stream 9: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/migrating_to_identity_management_on_rhel_9/index The hardest part will be to gen a CentOS Stream 8 node. You may use a cloud image. I think it's available somewhere, but I don't have the links now. IIRC, skipping major versions is not supported, so going from CentOS 7 to CentOS Stream 9 may be a leap of faith, with unexpected issues. If going the CentOS way, remember that the repos for version 8 are now on "vault". Rafael > cordially yours, > > Sina Owolabi > > > On Fri, Sep 6, 2024 at 12:24 PM Rafael Jeffman <[email protected]> wrote: >> >> >> >> On Fri, Sep 6, 2024 at 7:36 AM Sina Owolabi via FreeIPA-users < [email protected]> wrote: >> > >> > Hi >> > >> > Thanks for responding. >> > Im not sure how to downgrade since CentOS 7 is now cast down from the heavens, hence my ask about migrating to Debian 12 (Is this a good idea?) >> > >> >> IIRC, Debian 12 only provides client packages, not the server. >> >> Rafael >> >> > The installed versions are: >> > # rpm -qa | grep ipa-server >> > ipa-server-common-4.6.8-5.el7.centos.17.noarch >> > ipa-server-4.6.8-5.el7.centos.17.x86_64 >> > ipa-server-dns-4.6.8-5.el7.centos.17.noarch >> > # rpm -qa | grep bind-dyndb-ldap >> > bind-dyndb-ldap-11.1-7.el7_9.1.x86_64 >> > # rpm -qa | grep bind >> > bind-libs-9.11.4-26.P2.el7_9.16.x86_64 >> > rpcbind-0.2.0-49.el7.x86_64 >> > bind-libs-lite-9.11.4-26.P2.el7_9.16.x86_64 >> > bind-pkcs11-9.11.4-26.P2.el7_9.16.x86_64 >> > bind-license-9.11.4-26.P2.el7_9.16.noarch >> > bind-9.11.4-26.P2.el7_9.16.x86_64 >> > bind-dyndb-ldap-11.1-7.el7_9.1.x86_64 >> > bind-utils-9.11.4-26.P2.el7_9.16.x86_64 >> > bind-pkcs11-libs-9.11.4-26.P2.el7_9.16.x86_64 >> > bind-export-libs-9.11.4-26.P2.el7_9.16.x86_64 >> > bind-pkcs11-utils-9.11.4-26.P2.el7_9.16.x86_64 >> > >> > cordially yours, >> > >> > Sina Owolabi >> > >> > >> > On Thu, Sep 5, 2024 at 5:44 PM Florence Blanc-Renaud <[email protected]> wrote: >> >> >> >> Hi, >> >> >> >> what are the versions of ipa-server, bind-dyndb-ldap and bind? You may be hitting the same issue as discussed in https://lists.fedorahosted.org/archives/list/[email protected]/thread/NC257TSJJXRQEKZNAXNYLPZOXNZFJCTL/ which was solved by dongrading the packages. >> >> >> >> flo >> >> >> >> On Thu, Sep 5, 2024 at 2:53 PM Sina Owolabi via FreeIPA-users < [email protected]> wrote: >> >>> >> >>> Hi all >> >>> >> >>> Really seeking for some help. >> >>> My IPA servers (CentOS 7.9, VERSION: 4.6.8, API_VERSION: 2.237) both have their named-pkcs11 service stop working, and they create core files when restart is attempted. >> >>> Ive been able to partially mitigate the issue by manually standing up a bind9 service on a Debian 12 vm for now. >> >>> >> >>> Please, how can I fix this, or if not possible, I would like to know if there are steps to follow to setup IPA on another Debian 12 Vm and hopefully migrate services and settings there. >> >>> >> >>> Typical logs from a named-pkcs11 restart attempt: >> >>> >> >>> journalctl -xeu named-pkcs11 >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #6 0x7f7422325b89 in ?? >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #7 0x7f742232f528 in ?? >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #8 0x7f742b286713 in ?? >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #9 0x7f742b28728b in ?? >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #10 0x7f742935cea5 in ?? >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #11 0x7f74283cfb0d in ?? >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: exiting (due to assertion failure) >> >>> Sep 04 21:24:55 ipa0.qriospay.local systemd[1]: named-pkcs11.service: control process exited, code=exited status=1 >> >>> Sep 04 21:24:55 ipa0.qriospay.local systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11. >> >>> -- Subject: Unit named-pkcs11.service has failed >> >>> -- Defined-By: systemd >> >>> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel >> >>> -- >> >>> -- Unit named-pkcs11.service has failed. >> >>> -- >> >>> -- The result is failed. >> >>> Sep 04 21:24:55 ipa0.qriospay.local systemd[1]: Unit named-pkcs11.service entered failed state. >> >>> Sep 04 21:24:55 ipa0.qriospay.local systemd[1]: named-pkcs11.service failed. >> >>> >> >>> Core files: >> >>> ls /var/named/ >> >>> core.1569 core.22344 core.22692 core.30894 core.31834 core.3585 core.4117 core.6927 data dynamic named.ca named.localhost slaves >> >>> core.21923 core.22461 core.2584 core.31739 core.32646 core.3947 core.4723 core.6984 _default.tsigkeys dyndb-ldap named.empty named.loopback tmp-8bAnLCWdq7 >> >>> >> >>> cordially yours, >> >>> >> >>> Sina Owolabi >> >>> -- >> >>> _______________________________________________ >> >>> FreeIPA-users mailing list -- [email protected] >> >>> To unsubscribe send an email to [email protected] >> >>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> >>> List Archives: https://lists.fedorahosted.org/archives/list/[email protected] >> >>> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue >> > >> > -- >> > _______________________________________________ >> > FreeIPA-users mailing list -- [email protected] >> > To unsubscribe send an email to [email protected] >> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: https://lists.fedorahosted.org/archives/list/[email protected] >> > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue >> >> >> >> -- >> Rafael Guterres Jeffman >> Senior Software Engineer >> FreeIPA - Red Hat -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
