Dne 04. 02. 21 v 15:52 Aurelien Bompard napsal(a):
Hey folks! As you've probably heard before, we're upgrading our authentication system to something that is based on FreeIPA. Here's a quick status report on that initiative.
Thx for the update!
We're currently in an integration phase, figuring out the smaller details of configuration and infrastructure setup before we switch production. - The infra team wants to do a couple things that FreeIPA does not support out of the box, like enforcing 2FA for specific services such as sudo, so we need to think about how we want to do it. - Also, using kinit with 2FA tokens proved to be more complex than we'd like it to be. - We're trying out a more continuous approach to importing accounts, because a full run takes 3 days and during the migration we'll want to run the import script without having a 3 days downtime. - We also have to do some FreeIPA performance tuning, because we have something like 120k accounts and the default configuration is not appropriate for that amount of data, especially when we want to list all groups or worse, all users.
Isn't there a plan to reduce the number of imported accounts? As far as I remember, there is not more then 1000 active Fedora contributors ...
Vít
To sum it up, we're currently working on integration and migration preparation. We need to fix these issues before we go to prod, but it's a bit difficult to say how long it's going to take (especially with perf tuning, fix one perf issue and there can be another one right behind). One sure thing is that it's better to have these issues now rather than after the switch to prod. Cheers! Aurélien _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
