I would like to start a discussion regarding the migration of current
FreeIPA services that are running on OpenShift v2 that was obsoleted 
and will go soon EOL (the ultimate cut-off date is Dec 31, 2017).
After a short discussion I had with several FreeIPA developers, the
preference remained with keeping this application on OpenShift (v3
generation), as it will let us easily maintain it on a PaaS, without
having to care about maintaining our own infra. It will be also easy to
delegate maintenance powers to more people.
Given above, I have now set up a Pro account with OpenShift v3 and
migrated the base FreeIPA wiki as an application there, with today
snapshot of data and images. When the POC deployment is ready and
approved on this list, I can switch the current wiki to readonly and
request change of "www.freeipa.org" DNS records to get it to production.
The POC wiki is running in , with OpenShift application sources being
stored in a public git repo . Eventually, the OpenShift could be
configured to rebuild the wiki after a git push to , to enable easy
changes to wiki to it's maintainers. Let me know if there are any
concerns about having the wiki sources public. The secrets and keys are
of course not in the repo, but configured via OpenShift environment
The POC now runs pretty well, the only issue I found so far is linking
the wiki user authentication with Fedora auth. The problem is that the
current OpenID plugin  is deprecated and does not run with modern PHP
version and I could not get the new OpenID Connect one  to work
reliably with our wiki and Fedora OIDC service. I either received
authentication errors or later problems with linking the authenticated
user to current account. So for now I gave up and enabled simple
password auth by password again.
Martin Kosek <mkosek(a)redhat.com>
Manager, Software Engineering - Identity Management Team
Red Hat, Inc.
Title: #1148: Use namespace-aware meta importer for ipaplatform
Instead of symlinks and build-time configuration the ipaplatform module
is now able to auto-detect platforms on import time. The meta importer
uses the platform 'ID' from /etc/os-releases. It falls back to 'ID_LIKE'
on platforms like CentOS, which has ID=centos and ID_LIKE="rhel fedora".
The meta importer is able to handle namespace packages and the
ipaplatform package has been turned into a namespace package in order to
support external platform specifications.
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1148/head:pr1148
git checkout pr1148