Hello all, As FreeIPA 4.2 deadlines are approaching us slowly, there is a concern that not all of the new replica install way (replication-package-less) based on Custodia would be done and finished in time.
There will be certainly a lot of integration hurdles, in making sure that the installed replica can ask for all needed secrets and that the server can provide them and ensure proper encryption. My question is - if we postpone new replica promotion way&Custodia, what is needed to make FreeIPA 4.2 replica installation and topology management GA-ready and finished? This is the status of related functions, as I see it: Domain Levels - Done, committed - Defaults to Level 1, i.e. Topology plugin powered infra enabled Topology plugin - We have the base plugin and it's installation pushed - There is a critical bug that needs to be solved - #5035 - API&UI is in works (Petr Vobornik). We already committed the new server-* commands used there. Overall, AFAIU the API should be mostly functionally complete - Plugin is enabled during installation, but we still use the simple auth with DM password during replica creation process. I think we planned to use GSSAPI, no? Is anything else needed in the replica creation process, except fixing #5035? Given this summary, if we forget about the Custodia parts for a moment, it seems to me that the new Topology is almost functionally complete and we only miss the management API. Is that correct or we miss some bigger piece? I am for example not sure if the "IPA masters" hostgroup is needed for Topology work without Custodia, I think Ludwig used some other group for authorization purposes in Topology. Thanks. -- Martin Kosek <[email protected]> Supervisor, Software Engineering - Identity Management Team Red Hat Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
