Infrastructure Software

Hello,

i am in the process of replacing my Oracle Linux 7.x IPA Servers with Oracle Linux 8.1 using IPA from Oracle Linux 8.1 Appstream (module: idm:DL1). I made several attempts to install IPA with integrated DNS and the installation with "ipa-server-install --setup-dns" always fails with starting the named-pkcs11.service. I tested this with several new minimal installations of Oracle Linux 8.1 and with SE Linux enabled and disabled/permissive. I did the same process on a fresh RHEL 8.1 Minimal with same IP/Name/Hosts configuration and it always succeed. It looks like there is something wrong with the Oracle Linux 8.1 Appstream Repo for IPA.

In the Service log from named-pcs11.service show only this error:

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: starting BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el8 (Extended Support Version) <id:7107deb>

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: running on Linux x86_64 4.18.0-80.el8.x86_64 #1 SMP Thu May 30 02:01:36 GMT 2019

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr>

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: running as: named-pkcs11 -u named -c /etc/named.conf

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: compiled by GCC 8.2.1 20180905 (Red Hat 8.2.1-3.0.1)

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: compiled with libxml2 version: 2.9.7

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: linked to libxml2 version: 20907

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: compiled with zlib version: 1.2.11

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: linked to zlib version: 1.2.11

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: threads support is enabled

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: ----------------------------------------------------

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: BIND 9 is maintained by Internet Systems Consortium,

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: Inc. (ISC), a non-profit 501(c)(3) public-benefit

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: corporation.  Support and training for BIND 9 are

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: available at https://www.isc.org/support

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: ----------------------------------------------------

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: adjusted limit on open files from 4096 to 1048576

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: found 2 CPUs, using 2 worker threads

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: using 1 UDP listener per interface

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: using up to 21000 sockets

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: initializing DST: no PKCS#11 provider

Apr 09 13:08:26 ipa1.example.com named-pkcs11[23997]: exiting (due to fatal error)

Apr 09 13:08:26 ipa1.example.com systemd[1]: named-pkcs11.service: Control process exited, code=exited status=1

Apr 09 13:08:26 ipa1.example.com systemd[1]: named-pkcs11.service: Failed with result 'exit-code'.

Apr 09 13:08:26 ipa1.example.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.

-- Subject: Unit named-pkcs11.service has failed

-- Defined-By: systemd

-- Support: https://access.redhat.com/support

--

-- Unit named-pkcs11.service has failed.

--

-- The result is RESULT.

Anyone else succeed Installing IPA with DNS on Oracle Linux 8.1? any known workaround?

Thanks in advance.