Re: [Freeipa-devel] FreeIPA on RHEL/CentOS 7.0
On 09/25/2014 11:09 AM, Jan Pazdziora wrote: > On Thu, Sep 25, 2014 at 08:55:46AM +0200, Martin Kosek wrote: >> >>> I'd like to use these yum repos for Docker images and I wonder what >>> naming I should use for the branches and tags -- centos-7-upstream, >>> centos-7-4.0.3, or something else? >> >> centos-7-latest (with mkosek/freeipa copr) >> centos-7-4-0 (with potential future mkosek/freeipa-4-0 copr) >> centos-7-4-1 (with potential future mkosek/freeipa-4-1 copr) >> >> Makes sense? > > Yes, thanks. > Although now looking at the branch names, people may confused CentOS/RHEL version with FreeIPA version (I am referring to 7-4-0 part). So centos-7-ipa-latest centos-7-ipa-4-1 centos-7-ipa-4-0 may be better + would also reflect the actual branch names. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA on RHEL/CentOS 7.0
On Thu, Sep 25, 2014 at 08:55:46AM +0200, Martin Kosek wrote: > > > I'd like to use these yum repos for Docker images and I wonder what > > naming I should use for the branches and tags -- centos-7-upstream, > > centos-7-4.0.3, or something else? > > centos-7-latest (with mkosek/freeipa copr) > centos-7-4-0 (with potential future mkosek/freeipa-4-0 copr) > centos-7-4-1 (with potential future mkosek/freeipa-4-1 copr) > > Makes sense? Yes, thanks. -- Jan Pazdziora Principal Software Engineer, Identity Management Engineering, Red Hat ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA on RHEL/CentOS 7.0
On Thu, Sep 25, 2014 at 08:55:46AM +0200, Martin Kosek wrote: > On 09/24/2014 06:19 PM, Jan Pazdziora wrote: > > On Wed, Sep 24, 2014 at 11:00:21AM +0200, Martin Kosek wrote: > >> > >> I just rebuilt latest fixed pki-core&tomcat for our Copr > >> (http://copr.fedoraproject.org/coprs/mkosek/freeipa/builds/). We are now > >> very > >> close to having a functional repo for RHEL/CentOS 7.0. > >> > >> With couple minor changes to the spec file, I was able to install FreeIPA > >> 4.0.3 > > > > What will be the content of these yum repos going forward? Will > > they be fixated at 4.0.3, or will they always contain the latest > > greatest release? > > My current vision for this Copr was for it to have the latest greatest stable > (-ish) FreeIPA versino. I.e. as soon as we release 4.1, it would contain 4.1 > and it's dependencies. We do the same with SSSD 1.11.x and it's been quite a success, we've received several bug reports from people who run this repository. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA on RHEL/CentOS 7.0
On 09/24/2014 06:19 PM, Jan Pazdziora wrote: > On Wed, Sep 24, 2014 at 11:00:21AM +0200, Martin Kosek wrote: >> >> I just rebuilt latest fixed pki-core&tomcat for our Copr >> (http://copr.fedoraproject.org/coprs/mkosek/freeipa/builds/). We are now very >> close to having a functional repo for RHEL/CentOS 7.0. >> >> With couple minor changes to the spec file, I was able to install FreeIPA >> 4.0.3 > > What will be the content of these yum repos going forward? Will > they be fixated at 4.0.3, or will they always contain the latest > greatest release? My current vision for this Copr was for it to have the latest greatest stable (-ish) FreeIPA versino. I.e. as soon as we release 4.1, it would contain 4.1 and it's dependencies. > Would it make sense to create one copr repo per > release, versioned, so that even when 4.0.4 or 4.1.0 is out, the > 4.0.3 content is still available? It makes sense, yes - especially if there would be an interest in this from our users or your Docker use cases - given the maintenance burden. We can build some semi-automatism around it though to make the maintenance easier, I myself have some scripts ready to handle the builds. > I'd like to use these yum repos for Docker images and I wonder what > naming I should use for the branches and tags -- centos-7-upstream, > centos-7-4.0.3, or something else? centos-7-latest (with mkosek/freeipa copr) centos-7-4-0 (with potential future mkosek/freeipa-4-0 copr) centos-7-4-1 (with potential future mkosek/freeipa-4-1 copr) Makes sense? Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA on RHEL/CentOS 7.0
On Wed, Sep 24, 2014 at 11:00:21AM +0200, Martin Kosek wrote: > > I just rebuilt latest fixed pki-core&tomcat for our Copr > (http://copr.fedoraproject.org/coprs/mkosek/freeipa/builds/). We are now very > close to having a functional repo for RHEL/CentOS 7.0. > > With couple minor changes to the spec file, I was able to install FreeIPA > 4.0.3 What will be the content of these yum repos going forward? Will they be fixated at 4.0.3, or will they always contain the latest greatest release? Would it make sense to create one copr repo per release, versioned, so that even when 4.0.4 or 4.1.0 is out, the 4.0.3 content is still available? I'd like to use these yum repos for Docker images and I wonder what naming I should use for the branches and tags -- centos-7-upstream, centos-7-4.0.3, or something else? -- Jan Pazdziora Principal Software Engineer, Identity Management Engineering, Red Hat ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA on RHEL/CentOS 7.0
On 24.9.2014 11:00, Martin Kosek wrote: Hello, I just rebuilt latest fixed pki-core&tomcat for our Copr (http://copr.fedoraproject.org/coprs/mkosek/freeipa/builds/). We are now very close to having a functional repo for RHEL/CentOS 7.0. With couple minor changes to the spec file, I was able to install FreeIPA 4.0.3 and it's dependencies to 7.0, ipa-server-install *almost* finished (client installation failed). I filed the remaining issues in https://fedorahosted.org/freeipa/ticket/4562 1. and 3, should be straightforward. However, I wonder about 2. Should FreeIPA Copr be in a business of building system selinux-policy for supported platforms? I personally think it shouldn't as otherwise different Coprs enabled on a system may clash with their system policies. I see 2 paths: 1) The better but very difficult one - for other platforms ship own SELinux policy with rules and changes that are missing in the oldest supported version SELinux policy and that cause AVCs with latest upstream FreeIPA. 2) The worse but easy: Change selinux-policy Requires so that it matches the oldest selinux-policy version and recommend people to run the Copr FreeIPA version with permissive SELinux. 3) The most complicated but most flexible way: - Build a new selinux policy package in separate COPR - Let people chose if they want to run SELinux in permissive mode or rather install IPA-supplied policy package -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel