[Freeipa-devel] [PATCH] jderose 017 Giant WebUI patch part 1

Jason Gerard DeRose jderose at redhat.com
Mon Sep 14 19:58:38 UTC 2009 

On Tue, 2009-09-08 at 17:43 -0400, Dmitri Pal wrote:
> Rob Crittenden wrote:
> > Jason Gerard DeRose wrote:
> >> This is a big patch to get everyone synced up with what I'm doing on
> >> the webUI.
> >> The Engine is currently *very* dumb because I need to tare through a
> >> bunch of
> >> plugin metadata, make a lot of changes, but doing that is likely
> >> going to make
> >> merging any outstanding patches too difficult, break any work in
> >> progress.  I
> >> even I backed out some crazier changes I had made, realizing the
> >> headache I was
> >> inviting.
> >>
> >> So what I propose is acking this and acking any other outstanding
> >> patches, and
> >> then quickly making the needed metadata changes in a coordinated
> >> fashion (read:
> >> Rob, Pavel, and I staying pretty much lock-step for a few days).  The
> >> metadata
> >> changes aren't a lot of work, but they are very disruptive as they
> >> will change
> >> the plugin API slightly and will affect every Command and Object
> >> plugin we have
> >> (which by my count is currently 108 plugins).
> >>
> >> Some highlights:
> >>
> >> * lite-xmlrpc.py and lite-webui.py have been replaced by the new
> >> lite-server.py
> >>   script, which mounts XML-RPC, JSON-RPC, and the WebUI all on the
> >> same paths
> >>   as they would be under Apache (but on a different port).
> >>
> >> * Per above, the default xmlrpc_uri is now http://localhost:8888/ipa/xml
> >>
> >> * The IPA server is now a WSGI application. A few pieces still are
> >> missing, most
> >>   notably running all this under Apache, but it's 90% there. 
> >> Currently under
> >>   Apache things will still run the same as before, just XML-RPC and
> >> not through
> >>   the new Backend.xmlserver WSGI interface.  Because IPA is a WSGI
> >> app, I think
> >>   we should strongly consider running IPA under mod_wsgi instead of
> >> mod_python,
> >>   although running under mod_python is still possible with a
> >> mod_python <=> WSGI
> >>   adapter.
> >>
> >> * For flexibility and to ease debugging, the XML-RPC and JSON-RPC
> >> services can
> >>   now also be called via GET or POST query strings.  For example:
> >>
> >>     http://localhost:8888/ipa/json/user_add?givenname=Jason&sn=DeRose
> >>
> >>   Or
> >>
> >>     http://localhost:8888/ipa/xml/user_add?givenname=Jason&sn=DeRose
> >>
> >>   Is the same as:
> >>
> >>     api.Command.user_add(givenname='Jason', sn='DeRose')
> >>
> >> * In theory, lite-server.py supports SSL, but there is a bug in paste
> >> 1.7.2 that
> >>   prevents it from working under Python 2.6.  To turn on SSL, just
> >> place a PEM
> >>   format cert at ~/.ipa/lite.pem
> >>
> >>
> >> Anyway, this gives everyone something to play with/review till I get
> >> back from
> >> PTO on Thursday.
> >>
> >> Cheers,
> >> Jason
> >
> > Have a bunch of questions/issues before I can ack this:
> >
> > - We need to get the wehjit library accepted into Fedora ASAP
> > - There is a change to ipa-server-install that reverts your previous
> > patch, 016
> > - This patch includes the previous SSO patch that we can't commit
> > until we get an alternative for the Crypto package on some distros
> > - Is it going to be confusing to register the jsonserver in a file
> > named  xmlserver.py?
> > - in rpcserver.py::extract_query(environ) should an error be raised if
> > these conditions aren't met? For example, you do a POST and the
> > content-type isn't application/x-www-form-urlencoded
> >
> > Otherwise looks ok. I'm not opposed to switching to WSGI as long as we
> > have feature parity.
> >
> > rob
> 
> How the addition of the wehjit library affects our ability to run on
> RHEL 5.5?

It wont be a problem as long as the python-genshi package is available.
It has been in Fedora for a while, but I'm not sure about RHEL 5.4/5.5.

Last week I removed the dependency on python-sqlalchemy (which seemed a
point of contention) and am now using symlinks instead of a DB for the
asset manager (which is a better, simpler design anyway).

I'll need to test a bit more under Python2.4, but I definitely designed
it with Python2.4 compatibility in mind.

More information about the Freeipa-devel mailing list