[Freeipa-devel] [PATCH] 1106 IPA REST smart proxy
Rob Crittenden
rcritten at redhat.com
Fri Jan 17 22:14:21 UTC 2014
Dmitri Pal wrote:
> On 01/17/2014 04:24 PM, Rob Crittenden wrote:
>> Implement an IPA RESTful Foreman-compatible smart proxy. This exposes
>> hosts and hostgroups via an unauthenticated REST API. The idea is that
>> this service runs on the Foreman server and only listens on local ports.
>>
>> It is a CherryPy-based server and that handles the majority of REST
>> for us.
>>
>> I included some tests, they can be executed with: nosetests -v
>> smartproxy/tests
>>
>> It is installable as a separate RPM but the local machine needs to be
>> an IPA client. Configuration instructions are in the ipa-rest.1 man page.
>>
>> This requires an updated python-kerberos currently only available in
>> rawhide: python-kerberos-1.1-13.fc21
>>
>> http://www.freeipa.org/page/V3/Smart_Proxy
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> What kind of the pre configuration it requires on IPA side.
> Should we setup some special permission for the host that would run this
> proxy?
Nothing is required on the server. I tested this on and off a server and
it is largely independent.
I document how to create a role and what privileges it needs. For the
time being I'm using a normal IPA user as a service user for this. If we
add services to roles I'd prefer that,
https://fedorahosted.org/freeipa/ticket/3164 .
rob
More information about the Freeipa-devel
mailing list