[Freeipa-devel] Configuring FreeIPA with JBoss EAP

Alexander Bokovoy abokovoy at redhat.com
Fri Jun 7 13:31:46 UTC 2013 

On Fri, 07 Jun 2013, Dmitri Pal wrote:
>On 06/07/2013 08:58 AM, Martin Kosek wrote:
>> Hello Jan a Peter, freeipa-devel users,
>>
>> There was recently a project of integrating FreeIPA server with Jboss EAP. One
>> of the results of this project should be a script able to conveniently
>> configure JBoss EAP on a machine to use FreeIPA as an identity&authentication
>> backend.
>>
>> What I would like to find out is what would be the best place to store&maintain
>> such script. AFAIK, JBoss EAP did not want to keep the configuration script
>> with their project - can you Peter please share the reasons for it? I was
>> thinking it would be then easier to maintain the script according to JBoss EAP
>> releases.
>>
>> Second option would be to deploy the script with FreeIPA project. Then, they
>> would also conform to FreeIPA release schedule and not JBoss ones. So I was
>> pondering where should we put scripts like this one, it is quite a specific
>> script, so I do not want to keeping it with freeipa-client package.
>>
>> In this case I would propose creating a new optional subpackage
>> "freeipa-client-jboss" which would include all scripts/docs for the JBoss EAP
>> integration (may extend in future). In future, there may also come more
>> thematic FreeIPA integration scripts when they cannot be stored in relevant
>> upstream projects.
>>
>> Any ideas? Is the correct approach to keep configuration scripts for other
>> upstream projects?
>
>There are two parts of the question:
>1) Code aspect
>2) RPM/SRPM aspect
>
>IMO the code can live in IPA git repo in a separate directory or be a
>completely separate source code project.
>We can start with IPA repo and spin it off like we did with the
>ding-libs if we see a need.
>
>As for packaging IMO it should be a separate SRPM (or a part of IPA for
>now) and produce a separate rpm that should be conditionally installed
>if IPA client and EAP are installed on the same system. I wonder if rpm
>can do that? Sounds like a conditional require (if something like this
>is possible).
Not possible in rpm.

What we do with trusts is equally applicable here -- a separate
subpackage that holds all needed requires. In this case it would be
Requires: to JBoss EAP provides.

Then this separate rpm can be installed alone, pulling JBoss EAP.
Also Anaconda allows to choose a collection to install. Adding 'FreeIPA
Identity Management for JBoss EAP' would be relatively easy -- it is
just a list of packages to pull.

-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list