RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1206586 - [RFE] Modular packages for FreeIPA core and additional services
Summary: [RFE] Modular packages for FreeIPA core and additional services
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-27 13:22 UTC by Martin Kosek
Modified: 2018-12-04 16:27 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-12-04 16:27:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Martin Kosek 2015-03-27 13:22:18 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4058

FreeIPA packaging tries to be modular. For example, we have `freeipa-server-trust-ad` package which installs all requirements for AD integration for server.

However, we miss such packages for other optional modules, like DNS or PKI. Someone may want to install just core FreeIPA server without any additional services, but our `freeipa-server` package still pulls quite beefy `pki-ca` package.

If we update the server be more modular with regards to PKI, admins could install core FreeIPA (CA-less) server with significantly less packages.

I would imagine that following new packages are created:
* ''freeipa-server-dns'': requires bind-dyndb-ldap
* ''freeipa-server-ca'': requires dogtag, contains any dogtag specific files
  * To make this part work, additional wiring is needed in server installer, to not depend on PKI being there and allow users to install with CA-less

Upgrades should not be difficult, we would simply set `Obsoletes freeipa-server < VERSION` to the new FreeIPA server of version VERSION and it should install both packages (and thus not breaking existent FreeIPA+CA deployments) and still avoid having strict `Requires`.

This RFE would benefit both admins wanting to run just CA-less FreeIPA, clarity of the requirement and also porting to other platforms like Debian which may not package the `freeipa-server-ca` part and still have FreeIPA core available.
Comment 1 Jan Cholasta 2015-07-21 15:37:58 UTC 
master:
https://fedorahosted.org/freeipa/changeset/f1f3ef478d8d2786269a919bb428cb2ee5372ba6
https://fedorahosted.org/freeipa/changeset/a487e42d3fb71ceb3128fb9a2055a5586c4ed851
https://fedorahosted.org/freeipa/changeset/92828d3cf50e00fe75ebf3ec9e0edc8b9c8eae35
ipa-4-2:
https://fedorahosted.org/freeipa/changeset/f555fe95dba9ec453fa10f160089dcc5404f724a
https://fedorahosted.org/freeipa/changeset/9ecfd98deb548663da9ee8caa52f32b337311aa4
https://fedorahosted.org/freeipa/changeset/eefe6dc3a2a6fb316650638c3db90ed63f8551de
Comment 3 Petr Vobornik 2017-04-06 15:59:26 UTC 
IdM team doesn't have capacity to implement this RFE in RHEL 7.4. Moving to next RHEL version. Implementing the RFE there will depend on capacity of FreeIPA upstream. Without sufficient justification there is a chance that it will be moved again later.
Comment 6 Rob Crittenden 2018-12-04 16:27:37 UTC 
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. The request was cloned to the upstream tracker a long time ago (see link to the upstream ticket above), but it was unfortunately not given priority either in the upstream project, nor in Red Hat Enterprise Linux.

Given that this request is not planned for a close release, it is highly unlikely it will be fixed in this major version of Red Hat Enterprise Linux. We are therefore closing the request as WONTFIX.

To request that Red Hat reconsiders the decision, please reopen the Bugzilla with the help of Red Hat Customer Service and provide additional business and/or technical details about it's importance to you. Please note that you can still track this request or even offer help in the referred upstream Pagure ticket to expedite the solution.
Note You need to log in before you can comment on or make changes to this bug.