On 05/03/2010 05:58 PM, Dmitri Pal wrote:
Sean Brady wrote:
On 05/03/2010 04:32 PM, Stephen Gallagher wrote:
On 05/03/2010 06:11 PM, Sean Brady wrote:
I just checked out the requirements document for 2.0 again and I see
that the policy and audit sections indicate that those requirements
been dropped. I didn't see anything on this list about that, although I
admit I haven't had time to follow that closely.
Can anyone comment on why these have been dropped, and what would
replace that functionality? One area of specific concern would be the
removal of 1.3.8, "Integrate machine into the existing network by
downloading and applying policies related to the machine (network
settings, policy, printers)"...
You could try Puppet (http://puppet.reductivelabs.com/), which provides
most of the functionality IPA v2 was originally going to provide.
I was just curious as to the reasoning behind the change. I'm not
really that upset about it or anything, except for the configuration
download part. That was something that I was really looking forward
to. It was just a little bit of a shock to see that on the site
without seeing anything about it here first.
And as for Puppet, I just can't bring myself to install Ruby on my
servers and give up the extra RAM that it needs. They are all tuned
VM's that use just enough resources. Perhaps I am succumbing to FUD,
but it's not worth it at this point. Maybe this change in direction
with FreeI will change that.
Well, I suppose now we need to change the name to FreeI, since the PA
are gone :).
This change happened quite some time ago.
And as far as I recall there have been an announcement about it.
We can dig archives but I remember writing about it.
Works for me. It must have been before I joined the ML and I just
checked the website again.
Also the web site has been updated several months ago to reflect the
The IPA is still IPA though. We are not going to change the name.
The goal is ambitious but still doable.
But the change of course is that for policy management we should not
invent the wheel but rather integrate with one of the exiting
system/configuration management solutions. And when time comes we will
look in this.
I 100% agree that there are lots of tools out there to do this job, and
it doesn't make sense to re-invent the wheel.
I hear the lack of resources as well. It makes complete sense that the
resources that we have are allocated into making the most important part
of the package (the "I") work right. I can do the "P" and the "A" right
The same with the audit. The problem of audit needs to be solved with
the open source solution eventually but currently this space is very
crowded and we have not enough resources to solve I, P& A at the same
time. We realized that it is not realistic and decided to focus on I and
make it right. There is plenty of work in this area that would be more
interesting for everybody than trying to build audit. I am talking about
cross domain trusts, key management, user authentication with the smart
cards and other features that land on the I side.
Perhaps it makes sense to use rsyslog/rsyslogd for the logging, along
with some tools like CFt/Func for the "P" and "A" (you know, the
fantastic Red Hat ET suite +rsyslog) to start with.
Would it be of interest to the group for me to do a little leg work on a
proposal for gathering all these tools together in a cohesive suite? I
still owe some documentation work on v2, but I've been busy with the
"project that just wont die".
Thanks for your response and your hard work.
Freeipa-users mailing list