On 05/27/2015 04:59 PM, Martin Kosek wrote:
> Hello all,
> As FreeIPA 4.2 deadlines are approaching us slowly, there is a concern that 
> not
> all of the new replica install way (replication-package-less) based on 
> Custodia
> would be done and finished in time.
> There will be certainly a lot of integration hurdles, in making sure that the
> installed replica can ask for all needed secrets and that the server can
> provide them and ensure proper encryption.
> My question is - if we postpone new replica promotion way&Custodia, what is
> needed to make FreeIPA 4.2 replica installation and topology management
> GA-ready and finished?
> This is the status of related functions, as I see it:
> Domain Levels
> - Done, committed
> - Defaults to Level 1, i.e. Topology plugin powered infra enabled
> Topology plugin
> - We have the base plugin and it's installation pushed
> - There is a critical bug that needs to be solved - #5035
Which actually blocks the testing of the feature. Once it is resolved,
we need several days to properly test the plugin. I anticipate at least
a week, if there will be no other blockers. This does not include WebUI
part of the plugin.
> - API&UI is in works (Petr Vobornik). We already committed the new server-*
> commands used there. Overall, AFAIU the API should be mostly functionally 
> complete
> - Plugin is enabled during installation, but we still use the simple auth with
> DM password during replica creation process. I think we planned to use GSSAPI,
> no? Is anything else needed in the replica creation process, except fixing 
> #5035?
> Given this summary, if we forget about the Custodia parts for a moment, it
> seems to me that the new Topology is almost functionally complete and we only
> miss the management API. Is that correct or we miss some bigger piece?
> I am for example not sure if the "IPA masters" hostgroup is needed for 
> Topology
> work without Custodia, I think Ludwig used some other group for authorization
> purposes in Topology.
> Thanks.

Oleg Fayans
Quality Engineer
FreeIPA team

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to