[Freeipa-users] FreeIPA state - performace, commercial usage
Dewangga Bachrul Alam
dewanggaba at xtremenitro.org
Fri Aug 21 03:05:08 UTC 2015
On 08/21/2015 09:44 AM, Vaclav Adamec wrote:
> Hi,
>
> Don't want to start flame, but my question is quite simple, is there
> anybody who use it in real production/commercial setup without any
> major issues ? don't you lack commercial support ? no issues with
> auditors ?
FreeIPA is upstream for Red Hat IdM, if you wanna get
commercial/enterprise support, go for Red Hat Subscription.
>
> after a year/two of usage/testing/troubleshooting of freeipa/redhat
> ipa it seems, for me as a simple admin, to be still not very mature
> project, even basic configuration isn't very stable/solid to use it in
> real production. I started with latest freeipa on fedora with one
> server (VM vmware), then add other master replicas but after many
> issues I carefully keep one server on redhat 7 with up2date version of
> ipa from rhel repos, default installation setup, no replication. But
> still with stability issue (processes died occasionally, mostly due
> multiple clients removing, sometimes it dies completely with cryptic
> errors in journal (but sometimes no errors at all just wait for
> something during restart) and only fast option is restore from snaphot
> backups with loosing some clients). Performance is also issue, we
> cannot register more then 4-5 servers at once, or it will timeout (but
> no visible network or cpu/mem load issue).
>
> As there are no other complex solutions like IPA it's quite hard
> decide what to use as a replacement, but right now it's seems that we
> have no other option and we probably switch to simple openldap and
> missing functionality cover by puppet and some 2factor solution.
>
> We don't need anything special, no dns handling, no certificates, no
> AD connection, just simple servers/clients, users with groups and
> rules for access/sudo. Multimaster (with DNS SRV) solution for higher
> performance and reliability would be nice, but not necessary if we can
> keep it stable and handle more clients registration. We have tens of
> users/groups, hundreds servers/clients with random registration
> "burst" as we use it also for temp. build environments and OpenStack
> instances.
>
> Oficial support from RedHat is not very helpful, also they don't
> provide any real training for IPA, so only option is mail conference
> (very helpful, thanks for that) and tones of documentation/examples
> for variety of versions, but for such complex thing probably not
> enough for commercial use.
IMHO, there's no official support from Red Hat on FreeIPA, I was though
it was community support. If you wanna official support or real training
for IdM (Identity Management) from Red Hat, go to
https://access.redhat.com/products/Identity_Management
>
> Can I ask you for your opinion ?
>
> Vasek
>
More information about the Freeipa-users
mailing list