Thank you very much, I'll give this a try. cordially yours,
Sina Owolabi On Fri, Sep 6, 2024 at 6:29 PM Rafael Jeffman <[email protected]> wrote: > > > On Fri, Sep 6, 2024 at 11:04 AM Sina Owolabi <[email protected]> > wrote: > > > > Ah I see, I guess its Alma or similar then, right? > > > > For any CentOS derivative, you should perform this procedure: > > > https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/migrating_to_identity_management_on_rhel_8/index#install-replica_migrate-7-to-8 > > I'd suggest going to CentOS Stream 8, and them going to CentOS Stream 9: > > > https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/migrating_to_identity_management_on_rhel_9/index > > The hardest part will be to gen a CentOS Stream 8 node. You may use a cloud > image. I think it's available somewhere, but I don't have the links now. > > IIRC, skipping major versions is not supported, so going from CentOS 7 to > CentOS Stream 9 may be a leap of faith, with unexpected issues. > > If going the CentOS way, remember that the repos for version 8 are now on > "vault". > > Rafael > > > cordially yours, > > > > Sina Owolabi > > > > > > On Fri, Sep 6, 2024 at 12:24 PM Rafael Jeffman <[email protected]> > wrote: > >> > >> > >> > >> On Fri, Sep 6, 2024 at 7:36 AM Sina Owolabi via FreeIPA-users < > [email protected]> wrote: > >> > > >> > Hi > >> > > >> > Thanks for responding. > >> > Im not sure how to downgrade since CentOS 7 is now cast down from the > heavens, hence my ask about migrating to Debian 12 (Is this a good idea?) > >> > > >> > >> IIRC, Debian 12 only provides client packages, not the server. > >> > >> Rafael > >> > >> > The installed versions are: > >> > # rpm -qa | grep ipa-server > >> > ipa-server-common-4.6.8-5.el7.centos.17.noarch > >> > ipa-server-4.6.8-5.el7.centos.17.x86_64 > >> > ipa-server-dns-4.6.8-5.el7.centos.17.noarch > >> > # rpm -qa | grep bind-dyndb-ldap > >> > bind-dyndb-ldap-11.1-7.el7_9.1.x86_64 > >> > # rpm -qa | grep bind > >> > bind-libs-9.11.4-26.P2.el7_9.16.x86_64 > >> > rpcbind-0.2.0-49.el7.x86_64 > >> > bind-libs-lite-9.11.4-26.P2.el7_9.16.x86_64 > >> > bind-pkcs11-9.11.4-26.P2.el7_9.16.x86_64 > >> > bind-license-9.11.4-26.P2.el7_9.16.noarch > >> > bind-9.11.4-26.P2.el7_9.16.x86_64 > >> > bind-dyndb-ldap-11.1-7.el7_9.1.x86_64 > >> > bind-utils-9.11.4-26.P2.el7_9.16.x86_64 > >> > bind-pkcs11-libs-9.11.4-26.P2.el7_9.16.x86_64 > >> > bind-export-libs-9.11.4-26.P2.el7_9.16.x86_64 > >> > bind-pkcs11-utils-9.11.4-26.P2.el7_9.16.x86_64 > >> > > >> > cordially yours, > >> > > >> > Sina Owolabi > >> > > >> > > >> > On Thu, Sep 5, 2024 at 5:44 PM Florence Blanc-Renaud <[email protected]> > wrote: > >> >> > >> >> Hi, > >> >> > >> >> what are the versions of ipa-server, bind-dyndb-ldap and bind? You > may be hitting the same issue as discussed in > https://lists.fedorahosted.org/archives/list/[email protected]/thread/NC257TSJJXRQEKZNAXNYLPZOXNZFJCTL/ > which was solved by dongrading the packages. > >> >> > >> >> flo > >> >> > >> >> On Thu, Sep 5, 2024 at 2:53 PM Sina Owolabi via FreeIPA-users < > [email protected]> wrote: > >> >>> > >> >>> Hi all > >> >>> > >> >>> Really seeking for some help. > >> >>> My IPA servers (CentOS 7.9, VERSION: 4.6.8, API_VERSION: 2.237) > both have their named-pkcs11 service stop working, and they create core > files when restart is attempted. > >> >>> Ive been able to partially mitigate the issue by manually standing > up a bind9 service on a Debian 12 vm for now. > >> >>> > >> >>> Please, how can I fix this, or if not possible, I would like to > know if there are steps to follow to setup IPA on another Debian 12 Vm and > hopefully migrate services and settings there. > >> >>> > >> >>> Typical logs from a named-pkcs11 restart attempt: > >> >>> > >> >>> journalctl -xeu named-pkcs11 > >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #6 > 0x7f7422325b89 in ?? > >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #7 > 0x7f742232f528 in ?? > >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #8 > 0x7f742b286713 in ?? > >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #9 > 0x7f742b28728b in ?? > >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #10 > 0x7f742935cea5 in ?? > >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: #11 > 0x7f74283cfb0d in ?? > >> >>> Sep 04 21:24:55 ipa0.qriospay.local named-pkcs11[30894]: exiting > (due to assertion failure) > >> >>> Sep 04 21:24:55 ipa0.qriospay.local systemd[1]: > named-pkcs11.service: control process exited, code=exited status=1 > >> >>> Sep 04 21:24:55 ipa0.qriospay.local systemd[1]: Failed to start > Berkeley Internet Name Domain (DNS) with native PKCS#11. > >> >>> -- Subject: Unit named-pkcs11.service has failed > >> >>> -- Defined-By: systemd > >> >>> -- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > >> >>> -- > >> >>> -- Unit named-pkcs11.service has failed. > >> >>> -- > >> >>> -- The result is failed. > >> >>> Sep 04 21:24:55 ipa0.qriospay.local systemd[1]: Unit > named-pkcs11.service entered failed state. > >> >>> Sep 04 21:24:55 ipa0.qriospay.local systemd[1]: > named-pkcs11.service failed. > >> >>> > >> >>> Core files: > >> >>> ls /var/named/ > >> >>> core.1569 core.22344 core.22692 core.30894 core.31834 > core.3585 core.4117 core.6927 data dynamic named.ca > named.localhost slaves > >> >>> core.21923 core.22461 core.2584 core.31739 core.32646 > core.3947 core.4723 core.6984 _default.tsigkeys dyndb-ldap > named.empty named.loopback tmp-8bAnLCWdq7 > >> >>> > >> >>> cordially yours, > >> >>> > >> >>> Sina Owolabi > >> >>> -- > >> >>> _______________________________________________ > >> >>> FreeIPA-users mailing list -- [email protected] > >> >>> To unsubscribe send an email to > [email protected] > >> >>> Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >> >>> List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > >> >>> List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > >> >>> Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > >> > > >> > -- > >> > _______________________________________________ > >> > FreeIPA-users mailing list -- [email protected] > >> > To unsubscribe send an email to > [email protected] > >> > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >> > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > >> > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > >> > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > >> > >> > >> > >> -- > >> Rafael Guterres Jeffman > >> Senior Software Engineer > >> FreeIPA - Red Hat > > > > -- > Rafael Guterres Jeffman > Senior Software Engineer > FreeIPA - Red Hat >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
