[Freeipa-devel] [PATCH] 664 entitlement support
Jakub Hrozek
jhrozek at redhat.com
Tue Feb 1 18:02:09 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/01/2011 04:15 PM, Rob Crittenden wrote:
> Jakub Hrozek wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 01/31/2011 04:29 PM, Rob Crittenden wrote:
>>> Jakub Hrozek wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> On 01/05/2011 04:38 PM, Rob Crittenden wrote:
>>>>> This patch adds a plugin and tools for managing entitlements for host
>>>>> machines.
>>>>>
>>>>> Testing is rather complex so I've attached a script to help set up the
>>>>> Candlepin server. You'll need to ping me out of band for the backend
>>>>> data. This configures the Candlepin server with an in-memory
>>>>> database so
>>>>> any time tomcat6 is restarted you'll need to reload the data.
>>>>>
>>>>> You have to run candlepin.setup as root. This will configure your
>>>>> Fedora
>>>>> tomcat6 instance.
>>>>>
>>>>> Once your candlepin server is setup and IPA is installed do something
>>>>> like:
>>>>>
>>>>> $ ipa entitle-register admin
>>>>> (password is admin)
>>>>>
>>>>> $ ipa entitle-consume 25
>>>>>
>>>>> $ ipa entitle-status
>>>>> (verify that it is 25)
>>>>>
>>>>> # ipa-compliance
>>>>> (should be 1 of 50)
>>>>>
>>>>> Our tools can consume only, not return entitlements.
>>>>>
>>>>> tickets 28, 79 and 278.
>>>>>
>>>>> rob
>>>>>
>>>>>
>>>>
>>>> can you rebase the patch so it applies cleanly on the current master?
>>>
>>> attached
>>>
>>> rob
>>
>> Functionally, the patch seems to be working fine -- great job!.
>>
>> I just have a couple of minor comments:
>> * I think a recent change to delegation.ldif conflicts with the patch.
>> I was able to do a 3-way merge, but please check it merges OK.
>>
>> * During build, rpm-build complains about /etc/cron.d/ipa-compliance
>> being listed twice
>>
>> * the two commented lines in ipa-compliance that test Bind using DM and
>> Bind using GSSAPI should be removed
>>
>> * I think that the ipa-compliance tool never deletes the directory with
>> the ccache (tmpdir)
>>
>> * in ipa-compliance:
>> + if not truncated:
>> + hostcount = len(entries)
>> + else:
>> + # FIXME: raise an error
>> + pass
>> I'm not opposed to FIXMEs in the code, but maybe there should be a
>> ticket so we don't forget them. Also, hostcount should be initialized in
>> the else: branch, later on, the code accesses it and would blow up.
>>
>> * In the entitlement plugin, the 'hidden' attributes could have
>> flags=['no_option', 'no_output'] so they don't show up in the UI
>>
>> * If I consume all the entitlements with ipa entitle-consume and ask
>> for more, I get an internal server error - we should probably catch the
>> RestlibException from candlepin
>>
>> * when I started testing I made a typo in the candlepin instance
>> hostname. ipa entitle-register then blew up.. The traceback looks like
>> it comes from rhsm. I don't think we absolutely need to fix it now, but
>> we should at least track it in a ticket.
>
> Here is a diff of the changes you suggested, I think they cover all the
> bases.
>
> rob
Looks good, thank you. If you can send a new patch with these squashed
in, I'll just run a couple of quick tests and ack.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1ISqEACgkQHsardTLnvCUQDgCfbHeiSCEhhyzepiEkr6Qp6S/W
CtkAoKmz9r+b6bVck0Cviul4eiyskc0D
=6Jh9
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list