[Freeipa-users] Re: CentOS 7 - named-pkcs11 crashes / won't start after patches/security upgrades

Thu, 04 Jul 2024 10:32:09 -0700 

On 04/07/2024 00:17, Braden McGrath via FreeIPA-users wrote:

Rob Crittenden wrote:

It appears that the centos 7 builds were done incorrectly. Given it is
EOL it is not likely to be addressed. We have little influence in centos.
rob


Ugh, that's what I was a little afraid of. Guess it's just that much more of a 
reason I need to migrate to new servers.
I saw your post/reply elsewhere on this list to someone asking how to 
migrate/upgrade, linking to official RHEL8 docs.

Unfortunately my non-profit doesn't have the money for RHEL, so I was looking 
at either Rocky or Alma, because trying to run FreeIPA Server on top of 
Ubuntu/Debian just feels wrong and fraught with peril. FreeIPA-client seems to 
work OK-enough on .deb systems but I'd be afraid of trying to run the Server 
side there... or is this a completely unfounded and stupid fear? (The org is 
almost 100% Ubuntu, with the exception of our FreeIPA VMs and two business apps 
that require CentOS7.)



FreeIPA has a lot of complex parts and RHEL is the platform where they 
are most comprehensively tested together. Additionally, on RHEL you also 
have SELinux locking down what those components are able to do if 
misconfigured or exploited.



As a result, I'd definitely run FreeIPA on Alma or another RHEL 
derivative if I wasn't able to run it on RHEL.



As a non-profit, there may be options open to you that are cheaper than 
list price if you enquire. Red Hat's support has definitely paid for 
itself, and then some compared to if we'd gone without.



(For context, my employer is a Red Hat customer. I am not personally or 
professionally affiliated with Red Hat).



I'm guessing that the process to move from CentOS7 over to Alma or Rocky would be pretty similar to the "non RHEL7 to RHEL8" 

Should be - I had no problem going the other way (CentOS -> RHEL) for my 
personal domain.


--
Sam Morris <https://robots.org.uk/>
PGP: rsa4096/CAAA AA1A CA69 A83A 892B  1855 D20B 4202 5CDA 27B9

--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue






















					Reply via email to