Bug 1206586

Summary: [RFE] Modular packages for FreeIPA core and additional services
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED WONTFIX QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: pasik, pvoborni, rcritten
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-04 16:27:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Kosek 2015-03-27 13:22:18 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4058

FreeIPA packaging tries to be modular. For example, we have `freeipa-server-trust-ad` package which installs all requirements for AD integration for server.

However, we miss such packages for other optional modules, like DNS or PKI. Someone may want to install just core FreeIPA server without any additional services, but our `freeipa-server` package still pulls quite beefy `pki-ca` package.

If we update the server be more modular with regards to PKI, admins could install core FreeIPA (CA-less) server with significantly less packages.

I would imagine that following new packages are created:
* ''freeipa-server-dns'': requires bind-dyndb-ldap
* ''freeipa-server-ca'': requires dogtag, contains any dogtag specific files
  * To make this part work, additional wiring is needed in server installer, to not depend on PKI being there and allow users to install with CA-less

Upgrades should not be difficult, we would simply set `Obsoletes freeipa-server < VERSION` to the new FreeIPA server of version VERSION and it should install both packages (and thus not breaking existent FreeIPA+CA deployments) and still avoid having strict `Requires`.

This RFE would benefit both admins wanting to run just CA-less FreeIPA, clarity of the requirement and also porting to other platforms like Debian which may not package the `freeipa-server-ca` part and still have FreeIPA core available.
Comment 1 Jan Cholasta 2015-07-21 15:37:58 UTC 
master:
https://fedorahosted.org/freeipa/changeset/f1f3ef478d8d2786269a919bb428cb2ee5372ba6
https://fedorahosted.org/freeipa/changeset/a487e42d3fb71ceb3128fb9a2055a5586c4ed851
https://fedorahosted.org/freeipa/changeset/92828d3cf50e00fe75ebf3ec9e0edc8b9c8eae35
ipa-4-2:
https://fedorahosted.org/freeipa/changeset/f555fe95dba9ec453fa10f160089dcc5404f724a
https://fedorahosted.org/freeipa/changeset/9ecfd98deb548663da9ee8caa52f32b337311aa4
https://fedorahosted.org/freeipa/changeset/eefe6dc3a2a6fb316650638c3db90ed63f8551de
Comment 3 Petr Vobornik 2017-04-06 15:59:26 UTC 
IdM team doesn't have capacity to implement this RFE in RHEL 7.4. Moving to next RHEL version. Implementing the RFE there will depend on capacity of FreeIPA upstream. Without sufficient justification there is a chance that it will be moved again later.
Comment 6 Rob Crittenden 2018-12-04 16:27:37 UTC 
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. The request was cloned to the upstream tracker a long time ago (see link to the upstream ticket above), but it was unfortunately not given priority either in the upstream project, nor in Red Hat Enterprise Linux.

Given that this request is not planned for a close release, it is highly unlikely it will be fixed in this major version of Red Hat Enterprise Linux. We are therefore closing the request as WONTFIX.

To request that Red Hat reconsiders the decision, please reopen the Bugzilla with the help of Red Hat Customer Service and provide additional business and/or technical details about it's importance to you. Please note that you can still track this request or even offer help in the referred upstream Pagure ticket to expedite the solution.