[Freeipa-devel] New replica installation and topology - we need stable base
Martin Kosek
mkosek at redhat.com
Thu May 28 08:22:46 UTC 2015
On 05/27/2015 05:05 PM, Oleg Fayans wrote:
>
>
> On 05/27/2015 04:59 PM, Martin Kosek wrote:
>> Hello all,
>>
>> As FreeIPA 4.2 deadlines are approaching us slowly, there is a concern that not
>> all of the new replica install way (replication-package-less) based on Custodia
>> would be done and finished in time.
>>
>> There will be certainly a lot of integration hurdles, in making sure that the
>> installed replica can ask for all needed secrets and that the server can
>> provide them and ensure proper encryption.
>>
>> My question is - if we postpone new replica promotion way&Custodia, what is
>> needed to make FreeIPA 4.2 replica installation and topology management
>> GA-ready and finished?
>>
>> This is the status of related functions, as I see it:
>>
>> Domain Levels
>> - Done, committed
>> - Defaults to Level 1, i.e. Topology plugin powered infra enabled
>>
>> Topology plugin
>> - We have the base plugin and it's installation pushed
>> - There is a critical bug that needs to be solved - #5035
> Which actually blocks the testing of the feature. Once it is resolved,
> we need several days to properly test the plugin. I anticipate at least
> a week, if there will be no other blockers. This does not include WebUI
> part of the plugin.
Right. I would suggest this bug to be now the top priority for Ludwig.
>> - API&UI is in works (Petr Vobornik). We already committed the new server-*
>> commands used there. Overall, AFAIU the API should be mostly functionally complete
>> - Plugin is enabled during installation, but we still use the simple auth with
>> DM password during replica creation process. I think we planned to use GSSAPI,
>> no? Is anything else needed in the replica creation process, except fixing #5035?
>>
>> Given this summary, if we forget about the Custodia parts for a moment, it
>> seems to me that the new Topology is almost functionally complete and we only
>> miss the management API. Is that correct or we miss some bigger piece?
>>
>> I am for example not sure if the "IPA masters" hostgroup is needed for Topology
>> work without Custodia, I think Ludwig used some other group for authorization
>> purposes in Topology.
>>
>> Thanks.
>>
>
More information about the Freeipa-devel
mailing list