On 01/07/2020 17:55, Alexander Bokovoy wrote:
On ke, 01 heinä 2020, lejeczek via CentOS-devel wrote:
hi guys
latest in the repo krb5 packages - 1.18.2-2.el8 - brake freeIPA if already installed and conflict if want to install.
# dnf install -y ipa-server-dns Last metadata expiration check: 1:21:31 ago on Wed 01 Jul 2020 11:00:25 BST. Error:  Problem: package ipa-server-dns-4.8.4-7.module_el8.2.0+374+0d2d74a1.noarch requires ipa-server = 4.8.4-7.module_el8.2.0+374+0d2d74a1, but none of the providers can be installed  - conflicting requests  - nothing provides krb5-kdb-version = 7.0 needed by ipa-server-4.8.4-7.module_el8.2.0+374+0d2d74a1.x86_64
There should be no 1.18 in RHEL 8.2 at all, therefore CentOS 8.2 should not have krb5 1.18.
If you are using CentOS Stream, please make it clear in describing your configuration.
I can see krb5-1.18.2 in c8s branch here: https://git.centos.org/rpms/krb5/c/10fa7093df15784c58e82f89ba3e2a5ee0245991?...
There is no corresponding update for idm module, though.
There is no c8s-version of c8-stream-DL1 branch and therefore there is no idm:DL1 module rebuild.
Until that part is fixed, CentOS Stream is unusable for IdM deployments.
Please note that none of RHEL developers responsible for IdM have any say or control how things get merged into CentOS. If there are problems like this one nobody but CentOS maintainers could help. In case of CentOS 8 stream, it seems the whole process is done by a robot and I have no idea how this robot handles modular builds (and when).
And that seems to be a great shame, quite frankly I felt this way for a long months, probably since C8 release.
Maybe you guys @redhat could(should ?) take over "idm" module in Centos, or Centos' owners could ask for help and delegate "idm" over to you.
FreeIPA is way!!! to import to afford such cock-ups and it's been quite a wobbly ride on C8 since the beginning. Centos is a poor man choice but still seriously taken & deployed to critical environments and if my opinion is not an isolated one, then everybody will agree freeIPA must be taken care of properly.
many thanks, L.