[Freeipa-devel] [PATCH] root everything into /ipa
Rob Crittenden
rcritten at redhat.com
Tue May 6 20:10:26 UTC 2008
Rob Crittenden wrote:
> Simo Sorce wrote:
>> On Mon, 2008-05-05 at 16:06 -0400, Rob Crittenden wrote:
>>> Simo Sorce wrote:
>>>> On Thu, 2008-04-03 at 15:24 -0400, Rob Crittenden wrote:
>>>>> Refine our web space some more so that everything we reference is
>>>>> in /ipa
>>>>>
>>>>> UI: /ipa/ui
>>>>> XML-RPC: /ipa/xml
>>>>> errors: /ipa/errors
>>>>> config: /ipa/config
>>>>>
>>>>> I had to hardcode that URI into the CSS pages but TurboGears handles
>>>>> the rest of the translations with tg.url().
>>>> Looks good!
>>>>
>>>> Thanks,
>>>> Simo.
>>>>
>>> I'm ready to check this patch in but it will break any existing
>>> installations (though not too badly).
>>>
>>> What we need to do is generate a new /etc/httpd/conf.d/ipa.conf and
>>> /etc/httpd/conf.d/ipa-rewrite.conf.
>>>
>>> I was thinking we could do this in Fedora in a %post script. Rename
>>> the current files and generate new ones (how, I'm not exactly sure
>>> yet). I suppose we could use sed to replace $REALM with the default
>>> realm from /etc/krb5.conf and the output of hostname -f for $FQDN in
>>> ipa-rewrite.conf.
>>>
>>> Opinions?
>>
>> do we distribute these files as part of the packaging or are they marked
>> configuration files?
>>
>> The problem of %post is that it doesn't have a clue whether IPA is
>> currently configured or just installed, we would need to find it out as
>> well.
>>
>> If the mere upgrade does not break a running installation we could
>> provide an upgrade script ?
>>
>
> They are not marked as config files. I suppose we need to ghost them.
>
> In any case, if the file exists I think we can assume IPA is configured.
>
> It will break the management of a running installation. Kerberos and
> LDAP will continue to work fine but the UI and the command-line tools
> will not work.
>
> The thing about an upgrade script is that users would have to know to
> run it.
Ok here is another shot at the patch. I wrote a little python script
that will update the two affected configuration files and we can add
more as necessary. The script is in /usr/sbin/ipa-upgradeconfig and is
set to run in %post of ipa-server. It will do nothing if nothing is to
be changed and will save a copy of the config any time it updates it.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-13-webroot.patch
Type: text/x-patch
Size: 19422 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080506/8bc681ac/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080506/8bc681ac/attachment-0001.bin>
More information about the Freeipa-devel
mailing list