PiP or package for mission critical useage?

[Michael Muenz]

Hey guys,

I'm a Debian guy and want to run the software with the latest Debian 8. The documentation tells me to use the Ubuntu packages, but I'm a bit afraid it this is a long term solution?

Also the packages are only available fot Ubuntu LTS 14.4, not the 16.4. 

So what is the best way for a mission critical use with some LTS type? Use of PiP? Use old LTS? Use Debian 7 and wait for a stable Debian 8 package?

I don't like CentOS, so this is not a real alternative for me.

Thanks!

Michael

[Cornelius Kölbel]

Hello Michael,

I would recommend using pip with a virtual environment.
Honestly I am also thinking about switching packages to virtual
environments. PIP installations are also supported by the enterprise
SLAs. So you can be sure, that this is no dead end.

The 14.04 packages have dependencies to python modules. The privacyidea
modules reside in the systems module path.
Dependent modules are also taken from the system. Which is sometimes
difficult, due to version differences!
And with 16.04 there is also a naming conflict in dependent modules.

So I am in fact thinking about having the packages (deb-packages)
containing self contained python virtual envs.
The debian package and the RPM packages already work this way...

So when updating your system with apt-get the pip installed self
contained privacyidea virtualenv will also be updated.

Kind regards
Cornelius

> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/77685887-ce6c-4003-820f-a8b4679e6cf5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

[Michael Muenz]

Cornelius,

Thanks for your fast reply! Until now I'm very familiar with LinOTP and it works pretty good with Debian 8, but your new feature to manage certificates could be a killer (for LinOTP).

I'll have a look at PIP and try to migrate some accounts for testing.

Keep up with the good work!

Michael

[Cornelius Kölbel]

Hi Michael,

I think there are also some other interesting things, besides the
mordern UI and the redesigned REST API like

* assign tokens to machines
* offline OTP
* radius migration
* event handler
to name a few...

Nevertheless, I am curious for your feedback.

Kind regards
Cornelius

> https://groups.google.com/d/msgid/privacyidea/456dda03-aac7-4d04-9b72-1d69cfeed0f2%40googlegroups.com.

[Michael Muenz]

I checked the PIP stuff, but is this really usable for productive usage? 

This seems to me like a virtual testing environment. 

Is there a init.script or will I have to start it always via py-manage? 

When I think about a support team and teach it how stuff works, they will kill me when they see a new thing like this :)

Michael

[Cornelius Kölbel]

Do you have such a poor standing at the support team? ;-)

Of course you will not run it with py-mange the same way you will not
run linotp with the crappy old paster!

You will not need an init script, since it runs as a web service.

Read
http://privacyidea.readthedocs.io/en/latest/installation/system/wsgiscript.html
and here you will see the real killer feature, i.e.
you can run several independent instances of privacyIDEA on one machine!

Kind regards
Cornelius

> https://groups.google.com/d/msgid/privacyidea/dbbdfdaf-6afe-4b8a-b4e2-27aa8f6734d1%40googlegroups.com.

[Michael Muenz]

Sadly ... yes :) 

Ok, I've installed the Trusty packages with Jessie so collect some ideas of how all things work. 

Now I have a fresh setup and was able to import some users from ldap. 

Will try to import some Safenet and Feitian tokens and test the WebCA :)) 

Michael

[Cornelius Kölbel]

Hi Michael,

in case of CA take a look here:
http://privacyidea.readthedocs.io/en/latest/configuration/caconnectors.html

privacyIDEA comes with a basic local CA connector, which is calling a
local openssl configuration. The CA connector concept is the idea of
allowing different kind of CA. If someone wants to dive into RPC you
could also connect to a microsoft CA.

The CA functionality for local CA was improved in the latest version,
but still - as the trust of the CA does not come from privacyIDEA itself
but from the underlying CA - you need to do some setup in openssl.

Kind regards
Cornelius

> https://groups.google.com/d/msgid/privacyidea/fed4185c-58de-4da5-88f5-896511763722%40googlegroups.com.

[Michael Muenz]

Thanks, really appreciate your help! :) 

I'll set up a local CA, shouldn't be an issue. 

I there also a link to check the token vadility via curl? 

[Michael Muenz]

Forget it, found the function in the user table UI, works perfectly, also with the freeradius plugin.

Now it's time for the CA. :)

You received this message because you are subscribed to a topic in the Google Groups "privacyidea" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/privacyidea/f9ueFECvKG8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to privacyidea...@googlegroups.com.

To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.

To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/a221fe35-2575-4a6c-b30e-9548e8994822%40googlegroups.com.

[Cornelius Kölbel]

Full code documentation
http://privacyidea.readthedocs.io/en/latest/modules/index.html

And REST validate API
http://privacyidea.readthedocs.io/en/latest/modules/api/validate.html

> https://groups.google.com/d/msgid/privacyidea/a221fe35-2575-4a6c-b30e-9548e8994822%40googlegroups.com.