[Freeipa-devel] [PATCH 0031] provide a dedicated ccache file to httpd
Jan Cholasta
jcholast at redhat.com
Thu Apr 30 05:07:22 UTC 2015
Hi,
Dne 29.4.2015 v 19:42 Martin Babinsky napsal(a):
> The attached patch is a merge of PATCHES 0031-0032 incorporating Simo's
> and Martin's suggestions (see e.g.
> https://www.redhat.com/archives/freeipa-devel/2015-April/msg00327.html
> for reference).
>
> https://fedorahosted.org/freeipa/ticket/4973
IMHO we should set the environment variable in
/etc/systemd/system/httpd.service, instead of providing a new service
file, because we are just changing configuration, not creating a new
concurrent httpd instance, as is the case with ipa-memcached, and also
not using alternative httpd implementation which masks the current one,
as is the case with bind-pkcs11. It would simplify the whole thing
significantly and it's even recommended in httpd.service to do so:
# For example, to pass additional options (for instance, -D
definitions) to the
# httpd binary at startup, you need to create a file named
# "/etc/systemd/system/httpd.service" containing:
# .include /lib/systemd/system/httpd.service
# [Service]
# Environment=OPTIONS=-DMY_DEFINE
(BTW I wonder why /etc/sysconfig/httpd support was removed from httpd in
Fedora
(<http://pkgs.fedoraproject.org/cgit/httpd.git/commit/?id=0b19f7b6e1a47c6167a8ab43b4a9d1e759b54721>),
it seems like a better place to customize environment variables, rather
than having to create a modified service file...)
Anyway, I would prefer if we set it in a way that works on non-systemd
distros as well. Can't we just set "GssapiCredStore
ccache:FILE:/var/run/httpd/krbcache/krb5ccache" in
/etc/httpd/conf.d/ipa.conf?
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list