Re: [Freeipa-users] Is systemd really a requirement for freeipa 4.x?
When I look at the SPEC file for freeipa-4.1.3, I see requirements around Systemd. Is that really a hard requirement, or is it possible to run newer FreeIPA (that is to say 4.x) on a host that hasn't been infested by systemd From an SELinux standpoint systemd is far superior to initd as it allows far more graceful domain transitions. Apart from the binary logging and it being a bit monolithic; I really don't understand the anit-systemd crowd problems. Its advantages over the now ancient initd seem to be obvious. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Is systemd really a requirement for freeipa 4.x?
Quoting Andrew Holway andrew.hol...@gmail.com: When I look at the SPEC file for freeipa-4.1.3, I see requirements around Systemd. Is that really a hard requirement, or is it possible to run newer FreeIPA (that is to say 4.x) on a host that hasn't been infested by systemd From an SELinux standpoint systemd is far superior to initd as it allows far more graceful domain transitions. Apart from the binary logging and it being a bit monolithic; I really don't understand the anit-systemd crowd problems. Its advantages over the now ancient initd seem to be obvious. hijack The binary logging is a big problem. Log to the filesystem usefully, or log to syslog. Then one can get that data into Splunk or similar. Aside from that, systemd feels like the answer to the question no one asked. It's a bit like what Oracle has done to bastardize smf(5) in Oracle Solaris 11 over what was there in Solaris 10 (and the former OpenSolaris, now illumos). The S10 incarnation was awesome, even though the definition of service manifests in xml makes me want to claw my eyes out. Oracle's Microsoftened embrace and extend? Yeah, not so much For full disclosure here, the reason I was enquiring about support on CentOS 6 is because my virtualization platform of choice is SmartOS. For CentOS 6 and Ubuntu 14.04, I am able to use a 'Branded zone' natively without having to add the KVM hardware emulation layer in there, implying better network and IO performance. That said, for this particular case, the KVM overhead really doesn't matter since a box that's only doing LDAP and kerb really needn't be all that beefy. Hell, I could probably run an authoritative KDC for ATHENA.MIT.EDU on an rpi if I were so inclined. /hijack Understanding the reason behind the requirements is quite helpful, so thanks to all who provided that. I'll work with Joyent to add systemd support to the lx brand, and in the meantime, I'll just deploy on KVM infrastructure and take the hit. I assume there's no good reason to deploy a net new setup using the 3.x release? -c -- Coy Hile coy.h...@coyhile.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Is systemd really a requirement for freeipa 4.x?
On Thu, Mar 26, 2015 at 10:49:22AM +0100, Andrew Holway wrote: From an SELinux standpoint systemd is far superior to initd as it allows far more graceful domain transitions. Have you got a link which would demonstrate how systemd helps with domain transitions? -- Jan Pazdziora Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Is systemd really a requirement for freeipa 4.x?
On 03/26/2015 08:18 AM, Coy Hile wrote: Quoting Andrew Holway andrew.hol...@gmail.com: When I look at the SPEC file for freeipa-4.1.3, I see requirements around Systemd. Is that really a hard requirement, or is it possible to run newer FreeIPA (that is to say 4.x) on a host that hasn't been infested by systemd From an SELinux standpoint systemd is far superior to initd as it allows far more graceful domain transitions. Apart from the binary logging and it being a bit monolithic; I really don't understand the anit-systemd crowd problems. Its advantages over the now ancient initd seem to be obvious. hijack The binary logging is a big problem. Log to the filesystem usefully, or log to syslog. Then one can get that data into Splunk or similar. Aside from that, systemd feels like the answer to the question no one asked. It's a bit like what Oracle has done to bastardize smf(5) in Oracle Solaris 11 over what was there in Solaris 10 (and the former OpenSolaris, now illumos). The S10 incarnation was awesome, even though the definition of service manifests in xml makes me want to claw my eyes out. Oracle's Microsoftened embrace and extend? Yeah, not so much For full disclosure here, the reason I was enquiring about support on CentOS 6 is because my virtualization platform of choice is SmartOS. For CentOS 6 and Ubuntu 14.04, I am able to use a 'Branded zone' natively without having to add the KVM hardware emulation layer in there, implying better network and IO performance. That said, for this particular case, the KVM overhead really doesn't matter since a box that's only doing LDAP and kerb really needn't be all that beefy. Hell, I could probably run an authoritative KDC for ATHENA.MIT.EDU on an rpi if I were so inclined. /hijack Understanding the reason behind the requirements is quite helpful, so thanks to all who provided that. I'll work with Joyent to add systemd support to the lx brand, and in the meantime, I'll just deploy on KVM infrastructure and take the hit. I assume there's no good reason to deploy a net new setup using the 3.x release? -c We recommend using latest - 4.1. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Is systemd really a requirement for freeipa 4.x?
When I look at the SPEC file for freeipa-4.1.3, I see requirements around Systemd. Is that really a hard requirement, or is it possible to run newer FreeIPA (that is to say 4.x) on a host that hasn't been infested by systemd (such as CentOS 6, for example)? At the moment, I'm speaking completely of the server components. thanks, -c -- Coy Hile coy.h...@coyhile.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Is systemd really a requirement for freeipa 4.x?
Coy Hile wrote: When I look at the SPEC file for freeipa-4.1.3, I see requirements around Systemd. Is that really a hard requirement, or is it possible to run newer FreeIPA (that is to say 4.x) on a host that hasn't been infested by systemd (such as CentOS 6, for example)? At the moment, I'm speaking completely of the server components. There are a slew of major dependencies that prevent IPA 4.x from working in RHEL/CentOS 6. It would be quite non-trivial to try to backport everything needed. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Is systemd really a requirement for freeipa 4.x?
On 03/25/2015 01:41 PM, Rob Crittenden wrote: Coy Hile wrote: When I look at the SPEC file for freeipa-4.1.3, I see requirements around Systemd. Is that really a hard requirement, or is it possible to run newer FreeIPA (that is to say 4.x) on a host that hasn't been infested by systemd (such as CentOS 6, for example)? At the moment, I'm speaking completely of the server components. There are a slew of major dependencies that prevent IPA 4.x from working in RHEL/CentOS 6. It would be quite non-trivial to try to backport everything needed. rob systemd is just one of the next generation technologies we had to deal with but it we had to deal with we took advantage of it. As Rob said 4.x depends on many component that are not portable back to RHEL/CentOS 6. Please consider Fedora 21/RHEL 7.1/CentOS 7.1 if you want to run latest bits. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project