> > Practically though, I think an idempotent installer opens a lot of cans of > worms. Do we limit some answers to their original? Take for instance the > REALM. Can someone change it on-the-fly? It would have some deep > repercussions. Similarly, changing the hostname. There are all kinds of > corner cases. >
This is very true! Nothing is quite so complex as realm controllers for krb5+ldap+nss+sssd+bind+ca+blah+blim+blam! You guys sure have your work cut out for you! About the only other Red Hat projects I've seen that are nearly as complex as FreeIPA are oVirt & OpenShift (ok, maybe Cluster Suite, too), in terms of fully taking over the host being configured and the insane amount of inter-dependencies therein and the fragility of installers (installers from nightlies, alpha, or beta; I like to live on the bleeding edge). In ~2002 I setup my own hand-rolled krb5+ldap+nss realm cluster for virtual domain web & email hosting, and I swear that took me weeks. It is a joy to have something like FreeIPA these days. Once again I'll take the opportunity to pimp otopi, even if it may not be the right solution for you guys, they are trying to solve similar problems in a similarly complex environment: http://www.ovirt.org/Features/Otopi_Infra_Migration otopi -- oVirt Task Oriented Pluggable Installer/Implementation =============================================================== Standalone plugin based installation framework to be used to setup system components. The plugin nature provides simplicity to add new installation functionality without the complexity of the state and transaction management. At the core of the implementation there is environment dictionary and a flow of stages within plugins. The environment can be modified using command-line parameters, configuration file, or dialog customization. Features: * otopi is a library for component installation. * Modular, task oriented implementation. * Supports pluggable manager dialog protocol, provides human and machine dialogs. * Localization support, gettext enabled. * Local and remote execution modes are supported. * Distribution independent implementation (core). * Compatible with python-2.6, python-2.7, python-3.2
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
