[Freeipa-devel] [PATCH] root everything into /ipa

Rob Crittenden rcritten at redhat.com
Tue May 6 20:10:26 UTC 2008 

Rob Crittenden wrote:
> Simo Sorce wrote:
>> On Mon, 2008-05-05 at 16:06 -0400, Rob Crittenden wrote:
>>> Simo Sorce wrote:
>>>> On Thu, 2008-04-03 at 15:24 -0400, Rob Crittenden wrote:
>>>>> Refine our web space some more so that everything we reference is
>>>>> in /ipa
>>>>>
>>>>> UI: /ipa/ui
>>>>> XML-RPC: /ipa/xml
>>>>> errors: /ipa/errors
>>>>> config: /ipa/config
>>>>>
>>>>> I had to hardcode that URI into the CSS pages but TurboGears handles
>>>>> the rest of the translations with tg.url().
>>>> Looks good!
>>>>
>>>> Thanks,
>>>> Simo.
>>>>
>>> I'm ready to check this patch in but it will break any existing 
>>> installations (though not too badly).
>>>
>>> What we need to do is generate a new /etc/httpd/conf.d/ipa.conf and 
>>> /etc/httpd/conf.d/ipa-rewrite.conf.
>>>
>>> I was thinking we could do this in Fedora in a %post script. Rename 
>>> the current files and generate new ones (how, I'm not exactly sure 
>>> yet). I suppose we could use sed to replace $REALM with the default 
>>> realm from /etc/krb5.conf and the output of hostname -f for $FQDN in 
>>> ipa-rewrite.conf.
>>>
>>> Opinions?
>>
>> do we distribute these files as part of the packaging or are they marked
>> configuration files?
>>
>> The problem of %post is that it doesn't have a clue whether IPA is
>> currently configured or just installed, we would need to find it out as
>> well.
>>
>> If the mere upgrade does not break a running installation we could
>> provide an upgrade script ?
>>
> 
> They are not marked as config files. I suppose we need to ghost them.
> 
> In any case, if the file exists I think we can assume IPA is configured.
> 
> It will break the management of a running installation. Kerberos and 
> LDAP will continue to work fine but the UI and the command-line tools 
> will not work.
> 
> The thing about an upgrade script is that users would have to know to 
> run it.

Ok here is another shot at the patch. I wrote a little python script 
that will update the two affected configuration files and we can add 
more as necessary. The script is in /usr/sbin/ipa-upgradeconfig and is 
set to run in %post of ipa-server. It will do nothing if nothing is to 
be changed and will save a copy of the config any time it updates it.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-13-webroot.patch
Type: text/x-patch
Size: 19422 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080506/8bc681ac/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080506/8bc681ac/attachment-0001.bin>

More information about the Freeipa-devel mailing list