We are using FreeIPA Debian clients, been using snapshots or sid packages for that since it is very nicely constrained wrt dependencies. Using our IoC/configuration management/orchestration tooling we simply push a number of packages to the clients and install them and their in-repo dependencies.
From an older log (few years old?) we seem to mostly push: freeipa-client_4.4.4-3_amd64.deb freeipa-common_4.4.4-3_all.deb libipa-hbac0_1.15.2-1_amd64.deb libsss-idmap0_1.15.2-1_amd64.deb python-ipaclient_4.4.4-3_all.deb python-ipalib_4.4.4-3_all.deb python-libipa-hbac_1.15.2-1_amd64.deb python-sss_1.15.2-1_amd64.deb sssd-ad-common_1.15.2-1_amd64.deb sssd-ad_1.15.2-1_amd64.deb sssd-common_1.15.2-1_amd64.deb sssd-ipa_1.15.2-1_amd64.deb sssd-krb5-common_1.15.2-1_amd64.deb sssd-krb5_1.15.2-1_amd64.deb sssd-ldap_1.15.2-1_amd64.deb sssd-proxy_1.15.2-1_amd64.deb sssd_1.15.2-1_amd64.deb and then auto upgrade from then on. We have the luxury of running most systems immutable (changes in RAM) or re-spin the VMs (and thus deregister/re-enroll) them constantly via CI/CD, so that mitigates a small amount of security issues with this method as there is no persistence on the machines. We enroll automatically and remove hosts via the API that are no longer in our VM inventory. A newer/more secure setup should be feasible using recent packages etc. but I haven’t had this as my main track in Ops projects for a few months. As far as I know, we have had zero incidents and it’s been running stable for years, including upgrades and replacing masters with newer versions. John > On 30 Nov 2018, at 17:28, Johan Vermeulen via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > Hello All, > > first of all, we have great success running Freeipa and Freeipa-clients on > Centos. > Thanks for making this possible! I think this is a really important peace of > software for Linux. > > Now it would come in handy if I could field some Debian clients for some > purposes. > But on the current stable release there is no freeipa client. > I have installed some freeipa-clients from unstable, but it's not ideal. > > I'm wondering, is anyone doing this at the moment. > Is there some repo for this? > Can this be compiled from source? > > Thanks for any help. > > Greetings, J. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
