[Freeipa-users] FreeIPA state - performace, commercial usage

Loris Santamaria loris at lgs.com.ve
Fri Aug 21 11:44:45 UTC 2015 

Hi, FWIW one of our customers (a bank) uses freeIPA 3.0 + samba with 4
servers and 5000+ clients, with no major issues. We were able to solve
every issue they had tuning the dirsrv or with help from this list.

Best regards


El vie, 21-08-2015 a las 04:44 +0200, Vaclav Adamec escribió:
> Hi,
> 
> Don't want to start flame, but my question is quite simple, is there
> anybody who use it in real production/commercial setup without any
> major issues ? don't you lack commercial support ? no issues with
> auditors ?
> 
>  after a year/two of usage/testing/troubleshooting of freeipa/redhat
> ipa it seems, for me as a simple admin, to be still not very mature
> project, even basic configuration isn't very stable/solid to use it
> in
> real production. I started with latest freeipa on fedora with one
> server (VM vmware), then add other master replicas but after many
> issues I carefully keep one server on redhat 7 with up2date version
> of
> ipa from rhel repos, default installation setup, no replication. But
> still with stability issue (processes died occasionally, mostly due
> multiple clients removing, sometimes it dies completely with cryptic
> errors in journal (but sometimes no errors at all just wait for
> something during restart) and only fast option is restore from
> snaphot
> backups with loosing some clients). Performance is also issue, we
> cannot register more then 4-5 servers at once, or it will timeout
> (but
> no visible network or cpu/mem load issue).
> 
> As there are no other complex solutions like IPA it's quite hard
> decide what to use as a replacement, but right now it's seems that we
> have no other option and we probably switch to simple openldap and
> missing functionality cover by puppet and some 2factor solution.
> 
> We don't need anything special, no dns handling, no certificates, no
> AD connection, just simple servers/clients, users with groups and
> rules for access/sudo. Multimaster (with DNS SRV) solution for higher
> performance and reliability would be nice, but not necessary if we
> can
> keep it stable and handle more clients registration. We have tens of
> users/groups, hundreds servers/clients with random registration
> "burst" as we use it also for temp. build environments and OpenStack
> instances.
> 
> Oficial support from RedHat is not very helpful, also they don't
> provide any real training for IPA, so only option is mail conference
> (very helpful, thanks for that) and tones of documentation/examples
> for variety of versions, but for such complex thing probably not
> enough for commercial use.
> 
> Can I ask you for your opinion ?
> 
> Vasek
> 
-- 
Loris Santamaria   linux user #70506   xmpp:loris at lgs.com.ve
Links Global Services, C.A.            http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:103 at lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5693 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150821/8fb21231/attachment.bin>

More information about the Freeipa-users mailing list