Re: [Freeipa-users] Policy functionality of 2.0 requirements dropped?
[snip] > I hear the lack of resources as well. It makes complete sense that the > resources that we have are allocated into making the most important > part of the package (the "I") work right. I can do the "P" and the "A" > right now separately. > > Perhaps it makes sense to use rsyslog/rsyslogd for the logging, along > with some tools like CFt/Func for the "P" and "A" (you know, the > fantastic Red Hat ET suite +rsyslog) to start with. > The only sub project that is left out of our "A" effort is ELAPI https://fedorahosted.org/ELAPI/ But it is a bit in flux. It is designed up to some point but desperately needs a month of head down work to get it to the point when the loose ends scattered around start to make sense. I just do not have time to work on it at all. And it would be nightmare for someone to try to untangle my incomplete ideas himself. I would love someone to eventually take it over because I as a manager should not be the core contributor to a project. This does not scale. I think rsyslog is good but not good enough and eventually log collection should be brought up to the next level. > Would it be of interest to the group for me to do a little leg work on > a proposal for gathering all these tools together in a cohesive suite? > I still owe some documentation work on v2, but I've been busy with the > "project that just wont die". > Please write your ideas. It is always beneficial to evaluate options come up with a plan. > Thanks for your response and your hard work. Thank you for your interest and participation. -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Policy functionality of 2.0 requirements dropped?
> On 05/03/2010 04:32 PM, Stephen Gallagher wrote: >> >> On 05/03/2010 06:11 PM, Sean Brady wrote: >> You could try Puppet (http://puppet.reductivelabs.com/), which provides >> most of the functionality IPA v2 was originally going to provide. > And as for Puppet, I just can't bring myself to install Ruby on my servers > and give up the extra RAM that it needs. They are all tuned VM's that use > just enough resources. Perhaps I am succumbing to FUD, but it's not worth > it at this point. Maybe this change in direction with FreeI will change > that. then go with cfengine (http://www.cfengine.org) , tested solution and not a resource pig. It integrates great with netgroups, by the way. There are packages for every distribution. I run it in a esx cluster (both the esx servers and the linux vm's and it works great). -- natxo asenjo ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Policy functionality of 2.0 requirements dropped?
On 05/03/2010 05:58 PM, Dmitri Pal wrote: Sean Brady wrote: On 05/03/2010 04:32 PM, Stephen Gallagher wrote: On 05/03/2010 06:11 PM, Sean Brady wrote: I just checked out the requirements document for 2.0 again and I see that the policy and audit sections indicate that those requirements have been dropped. I didn't see anything on this list about that, although I admit I haven't had time to follow that closely. Can anyone comment on why these have been dropped, and what would replace that functionality? One area of specific concern would be the removal of 1.3.8, "Integrate machine into the existing network by downloading and applying policies related to the machine (network settings, policy, printers)"... Thanks all. You could try Puppet (http://puppet.reductivelabs.com/), which provides most of the functionality IPA v2 was originally going to provide. I was just curious as to the reasoning behind the change. I'm not really that upset about it or anything, except for the configuration download part. That was something that I was really looking forward to. It was just a little bit of a shock to see that on the site without seeing anything about it here first. And as for Puppet, I just can't bring myself to install Ruby on my servers and give up the extra RAM that it needs. They are all tuned VM's that use just enough resources. Perhaps I am succumbing to FUD, but it's not worth it at this point. Maybe this change in direction with FreeI will change that. Well, I suppose now we need to change the name to FreeI, since the PA are gone :). This change happened quite some time ago. And as far as I recall there have been an announcement about it. We can dig archives but I remember writing about it. Works for me. It must have been before I joined the ML and I just checked the website again. Also the web site has been updated several months ago to reflect the reality. The IPA is still IPA though. We are not going to change the name. The goal is ambitious but still doable. But the change of course is that for policy management we should not invent the wheel but rather integrate with one of the exiting system/configuration management solutions. And when time comes we will look in this. I 100% agree that there are lots of tools out there to do this job, and it doesn't make sense to re-invent the wheel. The same with the audit. The problem of audit needs to be solved with the open source solution eventually but currently this space is very crowded and we have not enough resources to solve I, P& A at the same time. We realized that it is not realistic and decided to focus on I and make it right. There is plenty of work in this area that would be more interesting for everybody than trying to build audit. I am talking about cross domain trusts, key management, user authentication with the smart cards and other features that land on the I side. I hear the lack of resources as well. It makes complete sense that the resources that we have are allocated into making the most important part of the package (the "I") work right. I can do the "P" and the "A" right now separately. Perhaps it makes sense to use rsyslog/rsyslogd for the logging, along with some tools like CFt/Func for the "P" and "A" (you know, the fantastic Red Hat ET suite +rsyslog) to start with. Would it be of interest to the group for me to do a little leg work on a proposal for gathering all these tools together in a cohesive suite? I still owe some documentation work on v2, but I've been busy with the "project that just wont die". Thanks for your response and your hard work. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Policy functionality of 2.0 requirements dropped?
Sean Brady wrote: > > On 05/03/2010 04:32 PM, Stephen Gallagher wrote: >> On 05/03/2010 06:11 PM, Sean Brady wrote: >>> I just checked out the requirements document for 2.0 again and I see >>> that the policy and audit sections indicate that those requirements >>> have >>> been dropped. I didn't see anything on this list about that, although I >>> admit I haven't had time to follow that closely. >>> >>> Can anyone comment on why these have been dropped, and what would >>> replace that functionality? One area of specific concern would be the >>> removal of 1.3.8, "Integrate machine into the existing network by >>> downloading and applying policies related to the machine (network >>> settings, policy, printers)"... >>> >>> Thanks all. >>> >>> >> You could try Puppet (http://puppet.reductivelabs.com/), which provides >> most of the functionality IPA v2 was originally going to provide. >> >> > > > I was just curious as to the reasoning behind the change. I'm not > really that upset about it or anything, except for the configuration > download part. That was something that I was really looking forward > to. It was just a little bit of a shock to see that on the site > without seeing anything about it here first. > > And as for Puppet, I just can't bring myself to install Ruby on my > servers and give up the extra RAM that it needs. They are all tuned > VM's that use just enough resources. Perhaps I am succumbing to FUD, > but it's not worth it at this point. Maybe this change in direction > with FreeI will change that. > > Well, I suppose now we need to change the name to FreeI, since the PA > are gone :). This change happened quite some time ago. And as far as I recall there have been an announcement about it. We can dig archives but I remember writing about it. Also the web site has been updated several months ago to reflect the reality. The IPA is still IPA though. We are not going to change the name. The goal is ambitious but still doable. But the change of course is that for policy management we should not invent the wheel but rather integrate with one of the exiting system/configuration management solutions. And when time comes we will look in this. The same with the audit. The problem of audit needs to be solved with the open source solution eventually but currently this space is very crowded and we have not enough resources to solve I, P & A at the same time. We realized that it is not realistic and decided to focus on I and make it right. There is plenty of work in this area that would be more interesting for everybody than trying to build audit. I am talking about cross domain trusts, key management, user authentication with the smart cards and other features that land on the I side. -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Policy functionality of 2.0 requirements dropped?
On 05/03/2010 04:32 PM, Stephen Gallagher wrote: On 05/03/2010 06:11 PM, Sean Brady wrote: I just checked out the requirements document for 2.0 again and I see that the policy and audit sections indicate that those requirements have been dropped. I didn't see anything on this list about that, although I admit I haven't had time to follow that closely. Can anyone comment on why these have been dropped, and what would replace that functionality? One area of specific concern would be the removal of 1.3.8, "Integrate machine into the existing network by downloading and applying policies related to the machine (network settings, policy, printers)"... Thanks all. You could try Puppet (http://puppet.reductivelabs.com/), which provides most of the functionality IPA v2 was originally going to provide. I was just curious as to the reasoning behind the change. I'm not really that upset about it or anything, except for the configuration download part. That was something that I was really looking forward to. It was just a little bit of a shock to see that on the site without seeing anything about it here first. And as for Puppet, I just can't bring myself to install Ruby on my servers and give up the extra RAM that it needs. They are all tuned VM's that use just enough resources. Perhaps I am succumbing to FUD, but it's not worth it at this point. Maybe this change in direction with FreeI will change that. Well, I suppose now we need to change the name to FreeI, since the PA are gone :). ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Policy functionality of 2.0 requirements dropped?
On 05/03/2010 06:11 PM, Sean Brady wrote: I just checked out the requirements document for 2.0 again and I see that the policy and audit sections indicate that those requirements have been dropped. I didn't see anything on this list about that, although I admit I haven't had time to follow that closely. Can anyone comment on why these have been dropped, and what would replace that functionality? One area of specific concern would be the removal of 1.3.8, "Integrate machine into the existing network by downloading and applying policies related to the machine (network settings, policy, printers)"... Thanks all. You could try Puppet (http://puppet.reductivelabs.com/), which provides most of the functionality IPA v2 was originally going to provide. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Policy functionality of 2.0 requirements dropped?
I just checked out the requirements document for 2.0 again and I see that the policy and audit sections indicate that those requirements have been dropped. I didn't see anything on this list about that, although I admit I haven't had time to follow that closely. Can anyone comment on why these have been dropped, and what would replace that functionality? One area of specific concern would be the removal of 1.3.8, "Integrate machine into the existing network by downloading and applying policies related to the machine (network settings, policy, printers)"... Thanks all. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
