[Freeipa-devel] RFE - Number of thoughts on FreeIPA

William B william at firstyear.id.au
Tue Nov 25 09:42:45 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Thank you both for your responses. I have done some rearranging to
allow my responses to make sense. 

> > 
> > Hi William, good news is, Dogtag, DNS and NTP are all optional
> > components, you can install a FreeIPa server withouth the CA and
> > without DNS. NTP is installed by default, but it is very easy to
> > diasable it if you want.
> > 
> > We have some plans to split the rpm packaging so that DNS and CA
> > components can be split into separate subpackages, however we are
> > not there yet, as some restructuring of the installer and framework
> > will need to happen to be able to completely omit some of the
> > pieces.
> > 

> Splinting FreeIPA to separate packages is already tracked in
> https://fedorahosted.org/freeipa/ticket/4058
> 
> 

Well this is good to know. It would be great to see this as a smaller
core in my opinion means more focused testing on that area, and less
can potentially go wrong.

> > 
> > Kerberos is a core feature and cannot be disabled, but I thing you
> > figured that out already.

Yes, I did. That is why I suggested that perhaps a kerberos free mode
could be something to help in the middle ground for groups who don't
want to go "all out" just yet.


> > We are well aware of the shortcomings of the documentation,
> > unfortunately our upstream documentation effort died due to not
> > enough participation, so in the future the most up to date docs
> > will be RHEL docs. We'll add pointers to them in freeipa.org pages
> > once we are happy enough with them.

> Also, you can help us with documentation yourself - feel free to edit
> pages http://www.freeipa.org/page/HowTos
> and
> http://www.freeipa.org/page/Documentation
> 
> You will need an Fedora account - you can get one for free:
> https://admin.fedoraproject.org/accounts/user/new


Thanks. I'll have a look at both, and try to contribute. I was
referring to the handbook also, but it sounds like those will be
in-housed to Redhat soon, so I'll submit issues to that group in the
future also. 

> > 
> > On the testing side we are adding a lot of tests upstream that
> > should help improving test coverage and feature regressions, any
> > help there is welcome.
> 
> William, please open tickets for deficiencies you have found,
> preferably one ticket for one specific deficiency:
> https://fedorahosted.org/freeipa/newticket
> 

I always try to open defects when they arise, but I was trying to say
that sometimes as an administrator I feel that when a version of
FreeIPA is released, it doesn't always seem to be as polished as it
should be for something that is a key component to a network.

When you say you are testing more, are you saying unit testing, or
functional testing? 

> > 
> > We always welcome feedback and help with the project, whether it is
> > code, or additional HOWTOs documentation or even just specific bugs
> > and RFEs that point out specific issues or areas where we can do
> > better. Of course our resources are limited so we'll prioritize
> > what is most requested, sometimes at the expenses of features we'd
> > really like to see but have no way to fund development for in the
> > short term.

I think the risk of adding more features is always that you add more
complexitiy etc. 

Maybe as a suggestion, FreeIPA's codebase is not very modular. Maybe it
should be split up to a "plugin system" similar to the 389ds plugin
system. You have a core wrapper but most functionality comes from
plugins. This would lower the barrier to entry for coding, it would
allow split packaging to be easier, and make testing easier. 

- -- 
Sincerely,

William Brown

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUdE8VAAoJEO/EFteBqAmabo4QAJGug9sjk1sGtsKfbbIu2z8G
BC9blQkFNKINEfTvZc3QcUjU+j5oLrIhVQt6vL1RCmAXf1tUANl8qn+rHcWT7O2v
1VGlteZAT+YvB8BynNlk2b8cbGOkMpcJ2CvW1Km6eIc7MIzVj/UTCH5GvJdp+fq1
fqqJZWb2QT2v88pZcbyYE9f3LkCK6I2Me3DQ+AMhu3qLBpL8niB3lW/GcTMM1+7i
ccyXkIB/tn1h3ki/utpkXvzP2YtzkDILCw2ZgUZvLQDYc5LJHM+4P2Wrvzm3dzK2
6ycY1FM+JHB5xOLRO6wmg1auPNRQ6zUFCkl2u9HpouHpYvc8AZYsl39LuyP4CZzr
9StaZM/tuItJ790fCtVShXFV230/dUgmU7NyCN9I06HDuPdsEvuyNmz7G5YDbTnq
mncVUJkoCgA0ADXt4M7tqxNajyuE+zpMpzLmm/j/Gf1gTNSrpDyZQoaUHau2EDlm
H01YFSNclAqH1oqrJl3i0QX8BbOOz15jfR7ed+uDlkj7MYfL4XRkBaiZ3lmhiAxg
V1cXA8aOmq3bW1z9JG0IuZerh6YjKWBziNr5JbRHwO//Bc1GrXFqT/XpxljS1Mh4
gPFOqQu0wi2h0jPDw7J8/FTIueYSrVCQKxgY//bFOwA1l8wriSrv5v3mISFMqAMj
C9m4X+sdivz0mIGSx0kR
=IVCe
-----END PGP SIGNATURE-----

More information about the Freeipa-devel mailing list