Update Of IPA Server Broken – Bind-dyndb-ldap Needs To Be Rebuilt?
Hello,
We are testing an IPA/IDM infrastructure which is a mix of RHEL 8 and CentOS Stream 8 environments. The configuration has been completed since last summer, and it is working fine between updates.
Currently, the CentOS Stream 8 IPA servers cannot upgrade. I put the whole error message below, but after analyzing a bit, it seems to be that the problem is between:
bind-dyndb-ldap (for which there is no new update)
and bind-libs-lite (for which a new update is available)
$ sudo dnf upgrade bind-libs-lite*
Error:
Problem: problem with installed package bind-dyndb-ldap-11.6-2.module_el8.5.0+750+c59b186b.x86_64
– package bind-dyndb-ldap-11.6-2.module_el8.5.0+750+c59b186b.x86_64
requires libdns.so.1112()(64bit), but none of the providers can be installed
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-6.el8.x86_64
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-3.el8.x86_64
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-4.el8_4.x86_64
– cannot install the best update candidate for package bind-libs-lite-32:9.11.26-6.el8.x86_64
The update bind-libs-lite (32:9.11.36-2) seems to offer:
/usr/lib64/libdns.so.1115
while bind-dyndb-ldap (11.6-2.module_el8.5.0+750+c59b186b) seems to still require precisely:
/usr/lib64/libdns.so.1112
$ sudo dnf provides */libdns.so*
… bind-libs-lite-32:9.11.26-6.el8.x86_64 : Libraries for working with the DNS
protocol Repo : @System Matched from:
Filename : /usr/lib64/libdns.so.1112
Filename : /usr/lib64/libdns.so.1112.0.2
… bind-libs-lite-32:9.11.36-2.el8.x86_64 : Libraries for working with the DNS
protocol Repo : appstream Matched from:
Filename : /usr/lib64/libdns.so.1115
Filename : /usr/lib64/libdns.so.1115.0.3
…
$ sudo dnf list bind-libs-lite bind-dyndb-ldap Installed Packages bind-dyndb-ldap.x86_64 11.6-2.module_el8.5.0+750+c59b186b
@appstream bind-libs-lite.x86_64 32:9.11.26-6.el8
@appstream Available Packages bind-libs-lite.i686 32:9.11.36-2.el8
appstream bind-libs-lite.x86_64 32:9.11.36-2.el8
appstream
Please note that, of course, the module stream idm:DL1 is enabled:
$ sudo dnf module list idm*
CentOS Stream 8 – AppStream Name Stream Profiles
Summary
idm DL1 [e] adtrust, client, common [d], dns
[i], server The Red Hat Enterprise Linux Identity Management system module idm client [d] common [d]
RHEL IdM long term support client module
Also, as can be expected, these updates are not yet available on the *RHEL
8* IPA servers:
$ sudo dnf list bind-libs-lite bind-dyndb-ldap Updating Subscription Management repositories. Installed Packages bind-dyndb-ldap.x86_64 11.6-2.module+el8.4.0+9328+4ec4e316
@rhel-8-for-x86_64-appstream-rpms bind-libs-lite.x86_64 32:9.11.26-6.el8
@rhel-8-for-x86_64-appstream-rpms Available Packages bind-libs-lite.i686 32:9.11.26-6.el8
rhel-8-for-x86_64-appstream-rpms
So, is there any workaround, or should we simply wait for the IPA/IDM
server DL1 module stream to be updated?
(there are updates of the ipa packages which are pending there, juts not bind-dyndb-ldap)
Also, should I rather send such reports of our CentOS Stream testing to another mailing-list? (devel?)
Or book them into Red Hat’s bugzilla?
Thanks in advance for your comments!
Mathieu
## Full error log when trying to update a CentOS Stream 8 IPA/IDM server
$ sudo ipactl status Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
$ sudo dnf upgrade –refresh CentOS Stream 8 – AppStream
13 kB/s |
4.4 kB 00:00
CentOS Stream 8 – BaseOS
26 kB/s
| 3.9 kB 00:00
CentOS Stream 8 – Extras
15 kB/s
| 3.0 kB 00:00
Error:
Problem 1: package bind-dyndb-ldap-11.6-2.module_el8.5.0+750+c59b186b.x86_64 requires libdns.so.1112()(64bit), but none of the providers can be installed
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-6.el8.x86_64
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-3.el8.x86_64
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-4.el8_4.x86_64
– cannot install the best update candidate for package bind-libs-lite-32:9.11.26-6.el8.x86_64
– cannot install the best update candidate for package bind-dyndb-ldap-11.6-2.module_el8.5.0+750+c59b186b.x86_64
Problem 2: problem with installed package bind-dyndb-ldap-11.6-2.module_el8.5.0+750+c59b186b.x86_64
– package bind-dyndb-ldap-11.6-2.module_el8.5.0+750+c59b186b.x86_64
requires libdns.so.1112()(64bit), but none of the providers can be installed
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-6.el8.x86_64
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-3.el8.x86_64
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-4.el8_4.x86_64
– package bind-32:9.11.36-2.el8.x86_64 requires libdns.so.1115()(64bit), but none of the providers can be installed
– package bind-32:9.11.36-2.el8.x86_64 requires bind-libs-lite(x86-64) 32:9.11.36-2.el8, but none of the providers can be installed
– cannot install the best update candidate for package bind-32:9.11.26-6.el8.x86_64
Problem 3: package ipa-server-dns-4.9.8-2.module_el8.6.0+1053+0ac05726.noarch requires bind-dyndb-ldap >= 11.2-2, but none of the providers can be installed
– package bind-dyndb-ldap-11.6-2.module_el8.5.0+750+c59b186b.x86_64
requires libdns.so.1112()(64bit), but none of the providers can be installed
– package bind-dyndb-ldap-11.6-2.module_el8.4.0+639+a88aab78.x86_64
requires libdns.so.1112()(64bit), but none of the providers can be installed
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-6.el8.x86_64
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-3.el8.x86_64
– cannot install both bind-libs-lite-32:9.11.36-2.el8.x86_64 and bind-libs-lite-32:9.11.26-4.el8_4.x86_64
– package bind-libs-32:9.11.36-2.el8.x86_64 requires libdns.so.1115()(64bit), but none of the providers can be installed
– package bind-libs-32:9.11.36-2.el8.x86_64 requires bind-libs-lite(x86-64) = 32:9.11.36-2.el8, but none of the providers can be installed
– cannot install the best update candidate for package ipa-server-dns-4.9.8-2.module_el8.6.0+1053+0ac05726.noarch
– cannot install the best update candidate for package bind-libs-32:9.11.26-6.el8.x86_64
Problem 4: problem with installed package ipa-server-dns-4.9.8-2.module_el8.6.0+1053+0ac05726.noarch
– package ipa-server-dns-4.9.8-2.module_el8.6.0+1053+0ac05726.noarch requires bind-dyndb-ldap >= 11.2-2, but none of the providers can be installed
– package bind-dyndb-ldap-11.6-2.module_el8.5.0+750+c59b186b.x86_64
requires libdns.so.1112()(64bit), but none of the providers can be installed
– package bind-dyndb-ldap-11.6-2.module_el8.4.0+639+a88aab78.x86_64
requires libdns.so.1112()(64bit), but none of the providers can be installed
– package bind-libs-lite-32:9.11.26-6.el8.x86_64 requires bind-license 32:9.11.26-6.el8, but none of the providers can be installed
– package bind-libs-lite-32:9.11.26-3.el8.x86_64 requires bind-license 32:9.11.26-3.el8, but none of the providers can be installed
– package bind-libs-lite-32:9.11.26-4.el8_4.x86_64 requires bind-license
= 32:9.11.26-4.el8_4, but none of the providers can be installed
– cannot install both bind-license-32:9.11.36-2.el8.noarch and bind-license-32:9.11.26-6.el8.noarch
– cannot install both bind-license-32:9.11.36-2.el8.noarch and bind-license-32:9.11.26-3.el8.noarch
– cannot install both bind-license-32:9.11.36-2.el8.noarch and bind-license-32:9.11.26-4.el8_4.noarch
– cannot install the best update candidate for package bind-license-32:9.11.26-6.el8.noarch
(try to add ‘–allowerasing’ to command line to replace conflicting packages or ‘–skip-broken’ to skip uninstallable packages or ‘–nobest’ to use not only best candidate packages)
4 thoughts on - Update Of IPA Server Broken – Bind-dyndb-ldap Needs To Be Rebuilt?
Fixed:
https://bugzilla.redhat.com/show_bug.cgi?id 51108
Caused by a rebase of bind, but the new idm:DL1 module lagged behind a little bit. Was fixed with the push about 9 hours ago.
Johnny,
I see idm:DL1 (and idm:client) in Stream 9, but not Stream 8. I just refreshed the dnf cache in the latter, so I think I’m fully up to date.
Am I missing something?
Yes .. it should be available. Make sure the mirror is updated.
https://koji.mbox.CentOS.org/koji/buildinfo?buildID=21079
^^ it is tagged to | “dist-c8-stream-module-compose”
And was released more than 14 hours ago now
Many thanks for your quick answer!
I confirm that all CentOS Stream 8 IPA servers were then updated without any issue.
Cheers,
Mathieu