[CentOS-devel] new krb5 packages brake freeIPA
Alexander Bokovoy
abokovoy at redhat.comThu Jul 2 14:13:24 UTC 2020
- Previous message: [CentOS-devel] new krb5 packages brake freeIPA
- Next message: [CentOS-devel] new krb5 packages brake freeIPA
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On to, 02 heinä 2020, Troy Dawson wrote: >On Thu, Jul 2, 2020 at 12:38 AM Alexander Bokovoy <abokovoy at redhat.com> wrote: >> >> On ke, 01 heinä 2020, Brian Stinson wrote: >> >On Wed, Jul 1, 2020, at 14:33, Alexander Bokovoy wrote: >> >> On ke, 01 heinä 2020, lejeczek via CentOS-devel wrote: >> >> >hi guys >> >> > >> >> >latest in the repo krb5 packages - 1.18.2-2.el8 - brake >> >> >freeIPA if already installed and conflict if want to install. >> >> > >> >> ># dnf install -y ipa-server-dns >> >> >Last metadata expiration check: 1:21:31 ago on Wed 01 Jul >> >> >2020 11:00:25 BST. >> >> >Error: >> >> > Problem: package >> >> >ipa-server-dns-4.8.4-7.module_el8.2.0+374+0d2d74a1.noarch >> >> >requires ipa-server = 4.8.4-7.module_el8.2.0+374+0d2d74a1, >> >> >but none of the providers can be installed >> >> > - conflicting requests >> >> > - nothing provides krb5-kdb-version = 7.0 needed by >> >> >ipa-server-4.8.4-7.module_el8.2.0+374+0d2d74a1.x86_64 >> >> >> >> Going back to the actual issue, the only solution right now is not to >> >> use CentOS 8 Stream, at least until all the required rebuilds are in >> >> place. >> >> >> >> Right now CentOS 8 Stream contains exactly same IPA version as CentOS >> >> 8.2.2004. So you are not gaining anything by using the stream right now. >> > >> >In CentOS Stream we're working on staying caught up to RHEL 8.3 >> >development to jumpstart the automation that will handle this going >> >forward. During this process we're finding that modules are a little >> >bit unwieldy. >> >> There are several rebases in RHEL 8.3 that require rebuild of idm module >> streams: krb5, samba, libldb are the requirements that need to be >> rebuilt before idm modules streams can be built. And changes in those >> packages also require rebuilding SSSD. >> >> I don't think there is a support for a combined non-modular + modular >> sidetag rebuild in CentOS (it does not exist anywhere else too), so I >> would suggest taking care of the rebuilds together before pushing them >> into a publicly accessible tree. Otherwise there will be breakages like >> this -- which apparently is there for more than 3 weeks already. >> > >Yep. >There are breakages in idm, and other packages. They aren't breakages, they are rebases. :) >But, there are two things that this entire conversation is completely missing. > >1 - CentOS Stream is NOT equal to RHEL 8.<next> general release, it IS >equal to RHEL 8.<next> Alpha. >Yes, Alpha. Not even Beta. >This whole conversation is acting like CentOS Stream should be production ready. >It should not. >It is to allow the general public to see what is going into the next >release, problems and all. >If people are running their production machines on CentOS Stream ... >well, in my opinion, that's their problem. > >2 - CentOS Stream was announced that it would be ready in December 2020. >That's still 5 months from now. >Give the team a break. >They are still setting up infrastructure, workflows, and who knows what else. > >For years people have gotten on CentOS's case because they are not >transparent enough, and don't give people access to stuff before it's >100% ready. >And now when they do, you are acting like they should take the whole >thing back and wait until it's completely ready. >Well, completely ready is not CentOS Stream. That's CentOS. +1. I only would add that transparency is still not there but in this case the transparency how CentOS Stream updates happen and how to get involved with that -- how to help define logic, advise of how rebuilds should be done for specific package sets, etc. There is still something similar to a black hole with all this process: you can see its gravitational effects but cause no effect yourself to help smoothing the rebuilds. Note that if the rebuild process for such rebases could be automated, I'd love to be able to reuse it for RHEL too. We spent six weeks rebasing krb5/samba/idm:DL1 for RHEL 8.0 last year due to various problems. If CentOS Stream is capable to automate the process to get it down to even one week, that would be awesome to reuse elsewhere. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
- Previous message: [CentOS-devel] new krb5 packages brake freeIPA
- Next message: [CentOS-devel] new krb5 packages brake freeIPA
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list