hi Peter,

Not a full answer to your questions but from my experience:

Xenial: Worked, except OTP functionality
Zesty: Worked except for DNS
Artful: Seems fully functional and stable on the fresh installed replica,
my upgraded from Zesty rig (with the workarounds noted earlier in thread)
Still has pki-tomcat bombing fairly frequently.
Bionic: I have high hopes for given LTS.. Currently showing same package
versions
<https://packages.ubuntu.com/search?keywords=freeipa&searchon=names&suite=bionic&section=all>
4.4.4 as Artful

Most of them required some cajoling during install or upgrade due to broken
installer components (like directories not being created in one case,
/etc/pki/pki.version confusing postinstall in another), but most of these
behaviours were captured as bugs too.  It feels very close to being
something that can be reliably deployed, so I don't think it needs a huge
amount more TLC to make it more of a pleasure to install ;)

Cheers,

David

On 28 November 2017 at 20:58, Peter Fern via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> On 23/11/17 05:34, David Harvey via FreeIPA-users wrote:
> > Not sure why tomcat is more resilient when launched as root, but the
> > pki seems to work ok at issuing certs after the above and a reboot for
> > good measure.
>
> This sounds like there are broken permissions in the current Ubuntu
> packages.  You should be aware that last time I checked, FreeIPA on
> Ubuntu was subtly yet severely broken, mostly due to the NSS libs
> missing PEM support, which will stop your CA from renewing, amongst
> other things.
>
> Does anyone know what the state of packaging for deb distros is
> currently?  Now that the OpenSSL migration is complete(?), the barriers
> to functional packages should be removed, but it looks like that only
> happened in 4.5, and it appears only 4.4 is packaged, which is likely
> still broken?
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to