On ke, 09 joulu 2020, Nico Maas via FreeIPA-users wrote: It is the same as in past: FreeIPA upstream development team has no influence or control over Debian or Ubuntu packages. There is a single person (thank you, Timo!) doing whole packaging for Debian and Ubuntu and this effort is not his primary focus at Canonical. With the change of the CentOS project, there is a hope that downstream packagers for RHEL and FreeIPA upstream developers will have a better way to address needs of IPA users currently utilizing CentOS. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland

We’e in the same situation. I’d actually be willing to pay for Redhat, but not with the requirement to do a reinstall. So until RHEL 9 I need an alternative. While I have lots of reasons to dislike it, I’m currently thinking of Oracle Linux for our remaining time on 8. I’ve found delays in Centos 8 a concern already, so I’m not inclined to wait. If the IPA developers can assure us that the version in Centos 8 Stream is well tested, I’d use that instead. Historically IPA administrative tools have been brittle. Any slight difference from the environment they expect and there’s a failure, requiring days of reverse engineering an understanding of complex Python code. So I’m not inclined to gamble on a release with less testing than usual.

Alexander, as a user without support from Red Hat, can we report bugs/issues for the IdM product here on the FreeIPA list? Because, as far as I know, with RHEL there's no way to install FreeIPA branded as it. It will always be Red Hat IdM. Thank you. -----Original Message----- From: Alexander Bokovoy via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org&gt; Sent: Wednesday, December 9, 2020 1:23 PM To: Charles Hedrick <hedrick(a)cs.rutgers.edu&gt; Cc: Nico Maas <mail(a)nico-maas.de>; FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>; Alexander Bokovoy <abokovoy(a)redhat.com&gt; Subject: [Freeipa-users] Re: freeIPA Status Debian/Ubuntu On ke, 09 joulu 2020, Charles Hedrick wrote: EPEL is has Convert2RHEL: https://access.redhat.com/articles/2360841 It does reinstall of the packages in-place if I understand it right. What I see as a good change is the fact that if you'd find a bug in C8S IPA version update, reporting it to bugzilla.redhat.com would trigger a faster fix cycle than currently with CentOS 8 or 7. The only exception would probably be a CVE fix since that would still be first available to RHEL customers through an update to RHEL, same as with CentOS 8 or 7. Perhaps, even a bit faster than with CentOS 8 or 7 because fixes to C8S for security issues would most likely be automated. With most of RHEL development moving into a public space in C8S and Fedora ELN, the feedback loop should get shorter. Many of the changes were already discussed during last two years at Flock and other conferences, ongoing work in the infrastructure and processes to support this certainly make life of RHEL packagers 'interesting' but the end result is an increase of a attention to details and a lot more stability to the 'pre-release' composes. I can only talk about FreeIPA and few other projects I am involved with. For example, we are getting incredible feedback from both Rawhide and RHEL 8.x QA processes for FreeIPA 4.9.0 release candidates. The packages are not yet in RHEL 8.x development composes as we do fixes to issues found through the QA pre-verification work. Once overall state of the release candidate is at the level RHEL IdM QA team accepts, those packages will get to RHEL composes and eventually land in C8S (once the infra is ready). Once C8S is there in full capacity and running upstream CI tests on it would become a reality, we'll see even more shortening of that feedback loop length. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...

On ke, 09 joulu 2020, Charles Hedrick wrote: Difference in QA: I hope there will be very little difference. After all, C8S (hopefully) will be an automated build of what is accepted into RHEL 8.x build, after that one passed through QA. If any bug is found in RHEL 8.x build that would require a rebuild, it means as soon as the new build gets into RHEL 8.x compose, it is built for C8S. All the above is my understanding of what is essentially still being created -- as announcement said yesterday, C8S will be in full use by end of 2021. CentOS to RHEL should be straight-forward. The only difference in ipa package in CentOS is (de)-branding. I admit, I have no tests of the reinstall for that. If ipa-server-upgrade ran during package reinstall would find something weird, this could be a bug to report and fix. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland

On ke, 09 joulu 2020, Rob Crittenden via FreeIPA-users wrote: Right -- this is IPA-specific thing. It is much easier to do 'stand the replica, migrate services, remove the original replica' for IPA use case. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland