On 10/18/23 10:33, Christian Heimes wrote:
On 18/10/2023 16.57, Harry G Coin wrote:
On Tue, Oct 17, 2023 at 7:50 PM Christian Heimes via FreeIPA-users
<[email protected]> wrote:
On 17/10/2023 19.32, Harry G Coin via FreeIPA-users wrote:
'security' and 'other' seemingly 'unrelated' 'upgrades' to
packages n levels deep but whose previously un-noticed freeipa
killing race-condition or other bug manifests after the
upgrade. I find myself obligated to prevent any security or
other change from happening until the lowest possible usage
times. For example today's 'random freeipa bother' is:
Problem: cannot install both protobuf-3.5.0-15.el8.x86_64 and
protobuf-3.19.0-2.el8s.x86_64
- package liborc1-1.7.9-1.el8.x86_64 requires
libprotobuf.so.15()(64bit), but none of the providers can be
installed
- cannot install the best update candidate for package
protobuf-3.19.0-2.el8s.x86_64
- cannot install the best update candidate for package
liborc1-1.7.5-1.el8s.x86_64
(try to add '--allowerasing' to command line to replace
conflicting packages or '--skip-broken' to skip uninstallable
packages or '--nobest' to use not only best candidate packages)
How did you end up with Hadoop-related libraries on your IPA
server? Did you install additional services and EPEL on your IPA
server?
To gain access to the file system published by the multi-rack high
availability file system at https://ceph.io, named 'cephfs' (a native
fs akin to nfs in some ways) one must install ceph-common. That
package comes one per version of major ceph releases. That appears to
play badly with freeipa packaging. I was hoping by waiting patiently
the packagers would figure that out for us. Dependency hell strikes
again.
You are living a dangerous life, you are running an untested and
unsupported configuration of FreeIPA. All our docs *strongly* advise
against additional services on an IPA server, e.g.
https://www.freeipa.org/page/Deployment_Recommendations#freeipa-server-exclusivity
. Third party repositories with conflicting packages are even more
problematic.
Thanks Christian. Might you publish a list of all the packages in the
repos that can't be installed on a freeipa box? Can a freeipa system be
an NFS client? Which file systems used by multiple tens of thousands
around the world should avoid freeipa?
--
Christian Heimes
Principal Software Engineer, Identity Management and Platform Security
Red Hat GmbH,https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
