Domain Controller Server Role
The Fedora Server Product will provide a standard deployment mechanism for a Linux Domain Controller (powered by the FreeIPA project).
- Name: Stephen Gallagher
- Name: Simo Sorce
- Email: firstname.lastname@example.org
- Release notes owner: Petr Bokoc pbokoc at redhat dot com
- Product: Server
- Responsible WG: Server WG
The Fedora Server will be shipped with a role-deployment mechanism. One such role will be to act as a primary or replica Domain Controller for the Linux machines in the network.
This will be implemented by taking advantage of the FreeIPA project, packaging it up within the Server Role Framework and enabling it to be deployed through the mechanisms described in the Server Role Infrastructure Change Proposal.
Benefit to Fedora
The major advantage to Fedora is a vast simplification in the setup and deployment of a managed Linux network. With the Domain Controller Role, the user will be asked to provide a few very basic pieces of information about their network and the role deployment tools will do the rest of the work for them. With a Domain Controller in place, previously-complex tasks such as setting up single-sign-on between machines will be trivial to accomplish.
- Proposal owners:
- FreeIPA and the optional CA and DNS components need to be packaged appropriately for use with the Server Role Infrastructure.
- A D-BUS API plugin needs to be written and tested to support deployment and monitoring of the Domain Controller Role.
- Other developers:
- Release engineering:
- Pre-loading roles will need to be a capability of the Anaconda install system, both in the graphical installer and kickstart
- Policies and guidelines:
- Packaging guidelines for this Change should be inherited from the Server Role Infrastructure Change Proposal.
Fedora Server Roles are applicable only to machines that have been installed using the Fedora Server Product install media. As such, there is no direct way to upgrade to this state from Fedora 20, which did not have the Fedora Server Product.
How To Test
- What special hardware / data / etc. is needed (if any)?
- This Role should work on any Fedora Server installation as long as the underlying FreeIPA technologies support the architecture.
- How do I prepare my system to test this change? What packages need to be installed, config files edited, etc.?
- Testing should be performed on a clean installation of Fedora Server, both through kickstart and interactive install.
- What specific actions do I perform to check that the change is working like it's supposed to?
- There will be a role-deployment tool provided, as well as possibly a Cockpit module, to deploy the Domain Controller Role. These tools should be run to do the initial deployment. Subsequent testing should be performed by joining additional (physical or virtual) machines to this domain using realmd.
- What are the expected results of those actions?
- A domain should be made available to the network with very little effort and clients should be able to join it.
Users will now be provided with an easy way to deploy a Domain Controller for their Linux environment. If they are using Cockpit, this will be presented to them with a simple GUI.
This Change depends heavily on the Fedora Server Role Infrastructure Change.
Individual parts of this Change may or may not be completed in time for Fedora 21. This may include a Cockpit graphical UI tool and an OpenLMI remote management tool.
- Contingency mechanism: No contingency plan; this must be completed as a blocker for the Fedora Server release
- Contingency deadline: N/A
- Blocks release? Yes
- Blocks product? Fedora Server
Documentation has not yet been written, but we will be coordinating with the Fedora Documentation team.