On 05/27/2015 04:59 PM, Martin Kosek wrote: > Hello all, > > As FreeIPA 4.2 deadlines are approaching us slowly, there is a concern that > not > all of the new replica install way (replication-package-less) based on > Custodia > would be done and finished in time. > > There will be certainly a lot of integration hurdles, in making sure that the > installed replica can ask for all needed secrets and that the server can > provide them and ensure proper encryption. > > My question is - if we postpone new replica promotion way&Custodia, what is > needed to make FreeIPA 4.2 replica installation and topology management > GA-ready and finished? > > This is the status of related functions, as I see it: > > Domain Levels > - Done, committed > - Defaults to Level 1, i.e. Topology plugin powered infra enabled > > Topology plugin > - We have the base plugin and it's installation pushed > - There is a critical bug that needs to be solved - #5035 Which actually blocks the testing of the feature. Once it is resolved, we need several days to properly test the plugin. I anticipate at least a week, if there will be no other blockers. This does not include WebUI part of the plugin. > - API&UI is in works (Petr Vobornik). We already committed the new server-* > commands used there. Overall, AFAIU the API should be mostly functionally > complete > - Plugin is enabled during installation, but we still use the simple auth with > DM password during replica creation process. I think we planned to use GSSAPI, > no? Is anything else needed in the replica creation process, except fixing > #5035? > > Given this summary, if we forget about the Custodia parts for a moment, it > seems to me that the new Topology is almost functionally complete and we only > miss the management API. Is that correct or we miss some bigger piece? > > I am for example not sure if the "IPA masters" hostgroup is needed for > Topology > work without Custodia, I think Ludwig used some other group for authorization > purposes in Topology. > > Thanks. >
-- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code