[Freeipa-devel] [PATCH] 1106 IPA REST smart proxy
Martin Kosek
mkosek at redhat.com
Fri Feb 28 11:41:59 UTC 2014
On 02/28/2014 10:47 AM, Petr Viktorin wrote:
> On 02/27/2014 10:18 PM, Rob Crittenden wrote:
>> Rob Crittenden wrote:
> [...]
>>> Ok, so try to summarize this long-running thread, I'll rename the
>>> subpackage to freeipa-server-foreman-smartproxy to make it clearer what
>>> it is/does. Right now it requires manual configuration so having the
>>> package installed should have no negative impacts (other than
>>> potentially pulling in additional dependencies).
>>>
>>> I'll leave it in smartproxy for now, it's just cleaner and better
>>> integrates with ipatests IMHO.
>>>
>>> Foreman supports SSL client auth which is great, by cherrypy does not
>>> yet. There is a pull request to add this,
>>> https://bitbucket.org/cherrypy/cherrypy/pull-request/15/added-support-for-client-certificate/activity
>>>
>>>
>>> . Foreman otherwise supports no other authentication method, so we're
>>> blocked with this. The certs for this would initially come out of
>>> Foreman/puppet.
>>>
>>> I'll submit a new patch with an updated spec but I think otherwise I've
>>> addressed the isuses Petr has raised. This thread has taken a lot of
>>> turns so it is very possible I missed something though :-)
>>
>> Updated patch based on feedback from Foreman team. I added a new URI,
>> /features, which Foreman uses to determine what capabilities a proxy has.
>>
>> rob
>
> My review is blocked because 389-ds doesn't install on Rawhide due to
> https://fedorahosted.org/389/ticket/47700
>
> Noriko, do you know of a Rawhide build that includes your fix?
Guys, if this patch still makes our master branch incompatible with F20, then
it is a NACK from me. All developers run on F20, our CI runs on F20 and I do
not think we can afford loosing that and forcing everyone to permanently switch
to rawhide - it is too unstable.
IMO the Requires and BuildRequires most be set so that RPMs are buildable and
installable on F20. The only acceptable exception is when only
freeipa-server-foreman-smartprox cannot be installed on F20, but otherwise
everything else need to work.
Thanks,
Martin
More information about the Freeipa-devel
mailing list