On ma, 06 syys 2021, Antoine Gatineau via FreeIPA-users wrote:
On Mon, 2021-09-06 at 07:52 +0200, Nico Maas via FreeIPA-users wrote:
> Dear Ian,
> thanks for the infos :)
> I did need to migrate to CentOS 8 Stream as it was assured in this group this would
be the best way in the future a few months ago.
> Is there an easy way to go from CentOS 8 Stream to Rocky Linux and would this be the
prefered way now?
> (I need to have freeIPA running obviously and don't want anything to break :))
From what I have seen, packages are built in centos stream only once at the begining of a
release cycle (ie: 8.4 8.5 etc...). Then there is
no activity until the next release cycle.
I don't think this reflects a reality we have. Remember that Stream
tracks next version to be released. This means it is always updated when
next version development is in progress. There is a slight inversion
between 9 Stream and 8 Stream for historical reasons: 9 Stream git
repos updated first, then packages built in both CentOS 9 Stream and
RHEL 9 development branch, then QA process runs on both and once RHEL QA
process allows to gate the builds through, both RHEL and CentOS Stream
composes get updated -- all this automatically. In CentOS 8 Stream
situation is reverted: RHEL 8 git is updated first, then builds for RHEL
run through QA process and once they succeed through the gating and
appear in the composes, CentOS 8 Stream git gets updated and packages
get built -- all this manually. That's a historical thing since with
Stream the real process change is happening in 9.
What we see in
https://git.centos.org/rpms/ipa/commits/c8s-stream-DL1,
sadly, is that somehow it misses quite a number of updates in RHEL 8
development that happened through the summer. I'll ask CentOS people to
sync-up the 8 Stream, if possible.
Anyway, I do not see how changing to Rocky Linux or anything else based
off CentOS [Stream] would help to bring a new version of IPA into them
since all of those are using the same
git.centos.org for 8.x. These
downstreams are aiming for package-level and binary compatibility with
RHEL, after all.
> Second question:
> We were talking about the Debian Bullseye Client, not freeIPA server.
> e.g. how to integrate a Debian Bullseye machine into freeIPA...
> With Buster, we had the freeipa-client which was easy to install via apt, now, it
looks like thats not an option anymore... or are we just
> too early to the party? :
>
Hi,
At the moment, freeipa-client is blocked because of building issues on
the server part. freeipa server and client are part of the same source
package. IIRC it was the same when buster came out and freeipa-client
was included later on.
However, freeipa-client is available in sid. It is possible to install
just those packages from sid. (haven't tried that yet).
Anyone who wants to have FreeIPA in Debian/Ubuntu needs to focus on
helping Timo Aaltonen with the packaging and integration work. A
distribution integration is not just 'get the package and compile'. I
did a talk about it at FOSDEM 2019:
https://archive.fosdem.org/2019/schedule/event/freeipa_cross_distrbution_...
Regards,
Antoine
> Cheers
>
> Nico
>
> Am Mo., 6. Sept. 2021 um 02:23 Uhr schrieb Ian Willis
<fedora(a)checksum.net.au>:
> > Hi All,
> >
> > If you're looking for a relatively simple solution the migration to Rocky
linux can be achieved relatively painlessly. We've been
> > kicking the tyres over the past few months and it fits our use case and Centos8
going forward doesn't. This isn't a shot at either
> > Centos, Redhat or IBM its a simple statement of fact given the future direction
of Centos.
> >
> > They have a script for migration and the maintainer is one of the original
creators of Centos which provides a degree of assurance in
> > terms of project scope and continuity.
> >
> > While I like Debian, the body of knowledge associated with Redhat based
platforms and relative complexity/fragility of freeIPA would
> > make me think twice before going down this path.
> > That being said, I would like to see a vibrant Debian freeIPA community however
depending upon your use case there may be some issues.
> >
> > Regards
> >
> > Ian
> >
> > -----Original Message-----
> > From: Ilya Kogan via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
> > Reply-To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
> > To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
> > Cc: Nico Maas <mail(a)nico-maas.de>, Timo Aaltonen
<tjaalton(a)ubuntu.com>, Ilya Kogan <ikogan(a)mythicnet.org>
> > Subject: [Freeipa-users] Re: freeIPA Status Debian/Ubuntu
> > Date: Sun, 5 Sep 2021 16:19:38 -0400
> >
> > It looks like Bullseye doesn't even have the client, if I'm not
mistaken? After an upgrade, it's telling me that `freeipa-common` is no
> > longer needed and there's no longer a `freeipa-client` package.
> > Is there any way to get an idea of what the situation is with this?
> >
> > Ilya Kogan w:
github.com/ikogan e: ikogan@mythicnet.org
> >
> >
> > On Thu, Dec 10, 2020 at 2:20 PM Nico Maas via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
> > > Thank you for your update and hard work Timo :)!
> > >
> > > Am Do., 10. Dez. 2020 um 19:38 Uhr schrieb Timo Aaltonen
<tjaalton(a)ubuntu.com>:
> > > > On 9.12.2020 13.30, Nico Maas via FreeIPA-users wrote:
> > > > > Hello there,
> > > > >
> > > > > with the decline of CentOS I need to migrate away from CentOS 8
to something different.
> > > > > I just wanted to ask how currently the status of the Debian or
Ubuntu versions of freeIPA is - and if there is any possibility to
> > > > > migrate freeIPA installation / "backup and restore"?
> > > > >
> > > > > Best regards,
> > > > >
> > > > > Nico
> > > >
> > > > Hi,
> > > >
> > > > Short answer:
> > > >
> > > > ipaserver-install fails (Debian bug #970880), but client works.
Debian
> > > > 'bullseye' will be frozen for release next month, so it's
likely that it
> > > > comes only with the client, just like Ubuntu since 20.04. But
miracles
> > > > could happen during the holidays..
> > > >
> > > > Long answer:
> > > >
> > > > The server worked fine back in April (with bind 9.11 forced in) when
I
> > > > set up an Azure pipeline and worked through some kinks there to get
> > > > through the tests. Best coverage I got to was around 95% of all
tests.
> > > > But since then things fell apart and I don't have a working
baseline
> > > > anymore, and shoving updates on top of others haven't helped..
The
> > > > blocker bug is somewhere between Certmonger, Dogtag CA, Tomcat, and
TLS.
> > > > We'll see how long it still takes until the bug is found and
fixed..
> > > >
> > > >
> > > > _______________________________________________
> > > > FreeIPA-users mailing list --
> > > > freeipa-users(a)lists.fedorahosted.org
> > > >
> > > > To unsubscribe send an email to
> > > > freeipa-users-leave(a)lists.fedorahosted.org
> > > >
> > > > Fedora Code of Conduct:
> > > >
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > >
> > > > List Guidelines:
> > > >
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > >
> > > > List Archives:
> > > >
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> > > >
> > > > Do not reply to spam on the list, report it:
> > > >
https://pagure.io/fedora-infrastructure
> > > >
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland