search

oracle / centos2ol

Script and documentation to switch CentOS/Rocky Linux to Oracle Linux
https://linux.oracle.com/switch/centos/
Universal Permissive License v1.0
345 stars 83 forks source link

IPA #21

Closed maverick85 closed 3 years ago

maverick85 commented 3 years ago

We have most of our servers on CentOS Linux. Some have Red Hat derived applications like FreeIPA (IDM) or OKD (OpenShift).

We made an clean install of Oracle Linux and looked for ipa-server packages. They are non-existing.

The availability of applications that are freely distributed by competitors (fedora epel, Debian, Ubuntu etc) is mandatory for Oracle Linux to be an option.

Please advise.

Djelibeybi commented 3 years ago

I'm not sure why you didn't find it, becauseFreeIPA is available in the default ol7_latest repo:

# yum info ipa-server
Loaded plugins: ovl, ulninfo
Available Packages
Name        : ipa-server
Arch        : x86_64
Version     : 4.6.8
Release     : 5.0.1.el7
Size        : 530 k
Repo        : ol7_latest/x86_64
Summary     : The IPA authentication server
URL         : http://www.freeipa.org/
License     : GPLv3+
Description : IPA is an integrated solution to provide centrally managed Identity (users,
            : hosts, services), Authentication (SSO, 2FA), and Authorization
            : (host access control, SELinux user roles, services). The solution provides
            : features for further integration with Linux based clients (SUDO, automount)
            : and integration with Active Directory based infrastructures (Trusts).
            : If you are installing an IPA server, you need to install this package.

However, we do not rebuild or ship OKD. Instead, we provide the Oracle Linux Cloud Native Environment.

Djelibeybi commented 3 years ago

On Oracle Linux 8, idm is a module in the ol8_AppStream repo and the server is part of theDL1 stream:

Name             : idm
Stream           : DL1
Version          : 8030020200923172343
Context          : 5986f621
Architecture     : x86_64
Profiles         : adtrust, client, common [d], dns, server
Default profiles : common
Repo             : ol8_appstream
Summary          : The Oracle Linux Identity Management system module
Description      : OL IdM is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts).
Requires         : 389-ds:[1.4]
                 : httpd:[2.4]
                 : pki-core:[10.6]
                 : platform:[el8]
Artifacts        : bind-dyndb-ldap-0:11.3-1.module+el8.3.0+7868+2151076c.x86_64
                 : custodia-0:0.6.0-3.module+el8.3.0+7868+2151076c.noarch
                 : ipa-client-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64
                 : ipa-client-common-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch
                 : ipa-client-epn-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64
                 : ipa-client-samba-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64
                 : ipa-common-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch
                 : ipa-healthcheck-0:0.4-6.module+el8.3.0+7868+2151076c.noarch
                 : ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7868+2151076c.noarch
                 : ipa-python-compat-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch
                 : ipa-selinux-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch
                 : ipa-server-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64
                 : ipa-server-common-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch
                 : ipa-server-dns-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch
                 : ipa-server-trust-ad-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64
                 : opendnssec-0:2.1.6-2.module+el8.3.0+7868+2151076c.x86_64
                 : python3-custodia-0:0.6.0-3.module+el8.3.0+7868+2151076c.noarch
                 : python3-ipaclient-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch
                 : python3-ipalib-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch
                 : python3-ipaserver-0:4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch
                 : python3-jwcrypto-0:0.5.0-1.module+el8.3.0+7868+2151076c.noarch
                 : python3-kdcproxy-0:0.4-5.module+el8.3.0+7868+2151076c.noarch
                 : python3-pyusb-0:1.0.0-9.module+el8.3.0+7868+2151076c.noarch
                 : python3-qrcode-0:5.1-12.module+el8.3.0+7868+2151076c.noarch
                 : python3-qrcode-core-0:5.1-12.module+el8.3.0+7868+2151076c.noarch
                 : python3-yubico-0:1.3.2-9.module+el8.3.0+7868+2151076c.noarch
                 : slapi-nis-0:0.56.5-4.module+el8.3.0+7868+2151076c.x86_64
                 : softhsm-0:2.6.0-3.module+el8.3.0+7868+2151076c.x86_64
                 : softhsm-devel-0:2.6.0-3.module+el8.3.0+7868+2151076c.x86_64
maverick85 commented 3 years ago

Hi, thank you for your reply.

I confirm adding ol8_appstream enabled access to IPA:

[root@web1-fx ~]# yum-config-manager --add-repo http://yum.oracle.com/repo/OracleLinux/OL8/appstream/x86_64
Adding repo from: http://yum.oracle.com/repo/OracleLinux/OL8/appstream/x86_64
[root@web1-fx ~]# dnf module list idm
Last metadata expiration check: 0:17:38 ago on Thu 17 Dec 2020 06:32:02 PM WET.
Oracle Linux 8 Application Stream (x86_64)
Name         Stream             Profiles                                         Summary                                                  
idm          DL1                adtrust, client, common [d], dns, server         The Oracle Linux Identity Management system module       
idm          client [d]         common [d]                                       OL IdM long term support client module                   

created by dnf config-manager from http://yum.oracle.com/repo/OracleLinux/OL8/appstream/x86_64
Name         Stream             Profiles                                         Summary                                                  
idm          DL1                adtrust, client, common [d], dns, server         The Oracle Linux Identity Management system module       
idm          client [d]         common [d]                                       OL IdM long term support client module                   

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

We will have to test OKD, but this repo helps a lot! Kind regards

Djelibeybi commented 3 years ago

The repo should have been enabled by default during the Oracle Linux 8 installation. It's also already available in the default repo configuration files. You shouldn't have needed to enable it manually or by its URL.

mark-au commented 3 years ago

You comment that you made a "clean install of Oracle Linux", as Avi says we would have expected ol8_appstream to have been enabled by default and I'm curious. Did you use an ISO, a template or a OCI image?

maverick85 commented 3 years ago

hey guys never mind. I forget EL7 and EL8 package management has some differences, I was looking for it wrong. I really appreciate your hints, cheers!