Hi! I’m Andrei, Ænix founder and main developer of the Cozystack platform. Recently, I had the task of updating an outdated FreeIPA in a large ente

FreeIPA tips and tricks: migrating FreeIPA from CentOS 7 LXC container to Rocky Linux, debugging and expired certificates

submited by
Style Pass
2024-08-01 07:00:03

Hi! I’m Andrei, Ænix founder and main developer of the Cozystack platform. Recently, I had the task of updating an outdated FreeIPA in a large enterprise. This FreeIPA instance was installed in an LXC container on CentOS 7 and had been non-functional for several months. I was handed a backup of the LXC container for Proxmox, and so the work began.

Since the image was in the form of an archived LXC container, upon restoration, it became evident that my Proxmox version was too fresh and didn’t support the container’s version of systemd. The problem was that the new Proxmox works with Cgroups v2, while the outdated container systemd only supports Cgroups v1.

Thus, the first issue I encountered was starting the LXC container. Luckily, only systemd (the init system that launches everything else) wasn’t running in the container, but it was still accessible by launching a standard bash shell.

Well, we now had access to the container, meaning we could attempt to upgrade its operating system. This can be approached similarly to how we often handle chroot environments.

Leave a Comment