[Freeipa-users] guidance and strategies for supporting production use including dev/test IPA systems?
Chris Dagdigian
dag at sonsorol.org
Wed Nov 9 13:39:52 UTC 2016
Thanks to support from folks on this list I have a 3-node multi-site
replicating FreeIPA system supporting a number of 1-way trusts to
various AD Forests. Testing has gone well and it's clear that this "POC"
will soon transition to production.
Because of the importance of this system to our environment I'm trying
to flesh out a proper strategy for testing upgrades and updates in a way
that lets us keep our system highly available and online.
And seeing how rapidly this software is being developed w/ new features
and how dependent we are on the most recent version (or how badly I want
to try the version in RHEL-BETA-3) I think this is a system we will
possibly be upgrading somewhat often ...
I understand that replicas can run newer versions of IPA/IDM than the
master so that is one path by which we can carefully test updates and
patches but I don't think that covers all the scenarios ...
Can anyone share strategies or war stories for how testing is done in
support of production IPA/IDM environments? Especially when Trusts need
to be set up with many external AD systems?
Do people run discrete standalone dev/test IPA domains/realms to create
isolated environments or is there some other good strategy that allows
testing to be done within the same domain/realm?
Thanks!
-Chris
More information about the Freeipa-users
mailing list