On 08/21/2015 09:44 AM, Vaclav Adamec wrote: > Hi, > > Don't want to start flame, but my question is quite simple, is there > anybody who use it in real production/commercial setup without any > major issues ? don't you lack commercial support ? no issues with > auditors ?
FreeIPA is upstream for Red Hat IdM, if you wanna get commercial/enterprise support, go for Red Hat Subscription. > > after a year/two of usage/testing/troubleshooting of freeipa/redhat > ipa it seems, for me as a simple admin, to be still not very mature > project, even basic configuration isn't very stable/solid to use it in > real production. I started with latest freeipa on fedora with one > server (VM vmware), then add other master replicas but after many > issues I carefully keep one server on redhat 7 with up2date version of > ipa from rhel repos, default installation setup, no replication. But > still with stability issue (processes died occasionally, mostly due > multiple clients removing, sometimes it dies completely with cryptic > errors in journal (but sometimes no errors at all just wait for > something during restart) and only fast option is restore from snaphot > backups with loosing some clients). Performance is also issue, we > cannot register more then 4-5 servers at once, or it will timeout (but > no visible network or cpu/mem load issue). > > As there are no other complex solutions like IPA it's quite hard > decide what to use as a replacement, but right now it's seems that we > have no other option and we probably switch to simple openldap and > missing functionality cover by puppet and some 2factor solution. > > We don't need anything special, no dns handling, no certificates, no > AD connection, just simple servers/clients, users with groups and > rules for access/sudo. Multimaster (with DNS SRV) solution for higher > performance and reliability would be nice, but not necessary if we can > keep it stable and handle more clients registration. We have tens of > users/groups, hundreds servers/clients with random registration > "burst" as we use it also for temp. build environments and OpenStack > instances. > > Oficial support from RedHat is not very helpful, also they don't > provide any real training for IPA, so only option is mail conference > (very helpful, thanks for that) and tones of documentation/examples > for variety of versions, but for such complex thing probably not > enough for commercial use. IMHO, there's no official support from Red Hat on FreeIPA, I was though it was community support. If you wanna official support or real training for IdM (Identity Management) from Red Hat, go to https://access.redhat.com/products/Identity_Management > > Can I ask you for your opinion ? > > Vasek > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project