On Thu, 2015-06-25 at 15:33 +0000, Craig White wrote: > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Harald Dunkel > Sent: Wednesday, June 24, 2015 12:07 AM > To: freeipa-users > Subject: [Freeipa-users] hesitate to deploy freeipa > > Hi folks, > > I have a general problem with freeipa: It is *highly* complex and > depends upon too many systems working together correctly (IMHO). > > My concern is, if there is a problem, then the usual tools following > the Unix paradigm (do one thing and do it well) don't help anymore. I > can speak only for my own stomach, but it turns upside down when I > think about this. > > > Your thoughts on this? > ---- > Well, it's a good thing that you don't use XWindows. > > You already have a humble opinion on something that you aren't using > yet? Seriously? > > It's clearly not for you, thanks for playing. > > Craig >
Craig, it is a legitimate question to ask, there is no need to make snarky remarks. Harald, the reason I (and others) started this project many years ago is that trying to set up all components myself was boring and highly error prone, and you would always end up with a bag of parts that had a lot of mismatches, and some functionality was always missing or poor or incomplete, due to the imperfect integration. Yes, the whole project is complex, but not because we like complexity, it is complex because the problem space is complex and we are bound to use existing protocols, which sometimes add in complexity, and we want to offer useful features to admins, so they can think about managing stuff and not about the plumbing all the time. The best option is to study the individual components and how they are integrated, just like you (presumably) studied how a Unix/Linus OS is put together and operates. An OS is not simpler in anyway, but you probably do not see the complexity as menacing anymore because you are familiar with how it works. The same familiarity can be attained with FreeIPA, all the components are available, the configuration directives are mostly where you expect them to be, and all the glue code is in the FreeIPA repositories if you want to go deep into the minutiae, and understand the nuanced integration for some of the plumbing. It can be studied and understood. I would say that time would be better invested in learning how FreeIPA works rather than trying to build your own and be the only one that knows (or forgets) how things were put together ad hoc. Collaborating on a project means you are not alone and can share experiences, ask for help and in general get up to speed with various parts of the infrastructure as you need it, not being forced to know everything like a pro before even starting. This is my humble opinion. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
