Hello,
i am in the process of replacing my Oracle Linux 7.x IPA Servers with Oracle Linux 8.1 using IPA from Oracle Linux 8.1 Appstream (module: idm:DL1). I made several attempts to install IPA with integrated DNS and the installation with "ipa-server-install --setup-dns" always fails with starting the named-pkcs11.service. I tested this with several new minimal installations of Oracle Linux 8.1 and with SE Linux enabled and disabled/permissive. I did the same process on a fresh RHEL 8.1 Minimal with same IP/Name/Hosts configuration and it always succeed. It looks like there is something wrong with the Oracle Linux 8.1 Appstream Repo for IPA.
In the Service log from named-pcs11.service show only this error:
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: starting BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el8 (Extended Support Version) <id:7107deb>
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: running on Linux x86_64 4.18.0-80.el8.x86_64 #1 SMP Thu May 30 02:01:36 GMT 2019
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr>
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: running as: named-pkcs11 -u named -c /etc/named.conf
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: compiled by GCC 8.2.1 20180905 (Red Hat 8.2.1-3.0.1)
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: compiled with libxml2 version: 2.9.7
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: linked to libxml2 version: 20907
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: compiled with zlib version: 1.2.11
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: linked to zlib version: 1.2.11
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: threads support is enabled
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: ----------------------------------------------------
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: BIND 9 is maintained by Internet Systems Consortium,
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: corporation. Support and training for BIND 9 are
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: available at https://www.isc.org/support
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: ----------------------------------------------------
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: adjusted limit on open files from 4096 to 1048576
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: found 2 CPUs, using 2 worker threads
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: using 1 UDP listener per interface
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: using up to 21000 sockets
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: initializing DST: no PKCS#11 provider
Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: exiting (due to fatal error)
Apr 09 13:08:26 ipa1.example.com systemd[1]: named-pkcs11.service: Control process exited, code=exited status=1
Apr 09 13:08:26 ipa1.example.com systemd[1]: named-pkcs11.service: Failed with result 'exit-code'.
Apr 09 13:08:26 ipa1.example.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
-- Subject: Unit named-pkcs11.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit named-pkcs11.service has failed.
--
-- The result is RESULT.
Anyone else succeed Installing IPA with DNS on Oracle Linux 8.1? any known workaround?
Thanks in advance.