Alexander, as a user without support from Red Hat, can we report bugs/issues for the IdM
product here on the FreeIPA list? Because, as far as I know, with RHEL there's no way
to install FreeIPA branded as it. It will always be Red Hat IdM.
From: Alexander Bokovoy via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
Sent: Wednesday, December 9, 2020 1:23 PM
To: Charles Hedrick <hedrick(a)cs.rutgers.edu>
Cc: Nico Maas <mail(a)nico-maas.de>; FreeIPA users list
<freeipa-users(a)lists.fedorahosted.org>; Alexander Bokovoy
Subject: [Freeipa-users] Re: freeIPA Status Debian/Ubuntu
On ke, 09 joulu 2020, Charles Hedrick wrote:
We’e in the same situation. I’d actually be willing to pay for Redhat,
but not with the requirement to do a reinstall. So until RHEL 9 I need
an alternative. While I have lots of reasons to dislike it, I’m
currently thinking of Oracle Linux for our remaining time on 8. I’ve
found delays in Centos 8 a concern already, so I’m not inclined to
EPEL is has Convert2RHEL: https://access.redhat.com/articles/2360841
It does reinstall of the packages in-place if I understand it right.
If the IPA developers can assure us that the version in Centos 8
is well tested, I’d use that instead. Historically IPA administrative
tools have been brittle. Any slight difference from the environment
they expect and there’s a failure, requiring days of reverse
engineering an understanding of complex Python code. So I’m not
inclined to gamble on a release with less testing than usual.
What I see as a good change is the fact that if you'd find a bug in C8S IPA version
update, reporting it to bugzilla.redhat.com
would trigger a faster fix cycle than
currently with CentOS 8 or 7. The only exception would probably be a CVE fix since that
would still be first available to RHEL customers through an update to RHEL, same as with
CentOS 8 or 7. Perhaps, even a bit faster than with CentOS 8 or 7 because fixes to C8S for
security issues would most likely be automated.
With most of RHEL development moving into a public space in C8S and Fedora ELN, the
feedback loop should get shorter. Many of the changes were already discussed during last
two years at Flock and other conferences, ongoing work in the infrastructure and processes
to support this certainly make life of RHEL packagers 'interesting' but the end
result is an increase of a attention to details and a lot more stability to the
I can only talk about FreeIPA and few other projects I am involved with.
For example, we are getting incredible feedback from both Rawhide and RHEL 8.x QA
processes for FreeIPA 4.9.0 release candidates. The packages are not yet in RHEL 8.x
development composes as we do fixes to issues found through the QA pre-verification work.
Once overall state of the release candidate is at the level RHEL IdM QA team accepts,
those packages will get to RHEL composes and eventually land in C8S (once the infra is
ready). Once C8S is there in full capacity and running upstream CI tests on it would
become a reality, we'll see even more shortening of that feedback loop length.
> On Dec 9, 2020, at 7:45 AM, Alexander Bokovoy via FreeIPA-users
> On ke, 09 joulu 2020, Nico Maas via FreeIPA-users wrote:
>> Yes, however, rolling-release is not for everyone and every usecase,
>> hence I am asking of the status of the Debian and Ubuntu
>> implementations :).
> It is the same as in past: FreeIPA upstream development team has no
> influence or control over Debian or Ubuntu packages. There is a
> single person (thank you, Timo!) doing whole packaging for Debian and
> Ubuntu and this effort is not his primary focus at Canonical.
> With the change of the CentOS project, there is a hope that
> downstream packagers for RHEL and FreeIPA upstream developers will
> have a better way to address needs of IPA users currently utilizing CentOS.
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering Red Hat Limited, Finland
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to
> Fedora Code of Conduct:
> List Guidelines:
> List Archives:
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering Red Hat Limited, Finland
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines