[Freeipa-devel] Configuring FreeIPA with JBoss EAP

[Dmitri Pal]

On 06/07/2013 09:31 AM, Alexander Bokovoy wrote:
> On Fri, 07 Jun 2013, Dmitri Pal wrote:
>> On 06/07/2013 08:58 AM, Martin Kosek wrote:
>>> Hello Jan a Peter, freeipa-devel users,
>>>
>>> There was recently a project of integrating FreeIPA server with
>>> Jboss EAP. One
>>> of the results of this project should be a script able to conveniently
>>> configure JBoss EAP on a machine to use FreeIPA as an
>>> identity&authentication
>>> backend.
>>>
>>> What I would like to find out is what would be the best place to
>>> store&maintain
>>> such script. AFAIK, JBoss EAP did not want to keep the configuration
>>> script
>>> with their project - can you Peter please share the reasons for it?
>>> I was
>>> thinking it would be then easier to maintain the script according to
>>> JBoss EAP
>>> releases.
>>>
>>> Second option would be to deploy the script with FreeIPA project.
>>> Then, they
>>> would also conform to FreeIPA release schedule and not JBoss ones.
>>> So I was
>>> pondering where should we put scripts like this one, it is quite a
>>> specific
>>> script, so I do not want to keeping it with freeipa-client package.
>>>
>>> In this case I would propose creating a new optional subpackage
>>> "freeipa-client-jboss" which would include all scripts/docs for the
>>> JBoss EAP
>>> integration (may extend in future). In future, there may also come more
>>> thematic FreeIPA integration scripts when they cannot be stored in
>>> relevant
>>> upstream projects.
>>>
>>> Any ideas? Is the correct approach to keep configuration scripts for
>>> other
>>> upstream projects?
>>
>> There are two parts of the question:
>> 1) Code aspect
>> 2) RPM/SRPM aspect
>>
>> IMO the code can live in IPA git repo in a separate directory or be a
>> completely separate source code project.
>> We can start with IPA repo and spin it off like we did with the
>> ding-libs if we see a need.
>>
>> As for packaging IMO it should be a separate SRPM (or a part of IPA for
>> now) and produce a separate rpm that should be conditionally installed
>> if IPA client and EAP are installed on the same system. I wonder if rpm
>> can do that? Sounds like a conditional require (if something like this
>> is possible).
> Not possible in rpm.
>
> What we do with trusts is equally applicable here -- a separate
> subpackage that holds all needed requires. In this case it would be
> Requires: to JBoss EAP provides.
>
> Then this separate rpm can be installed alone, pulling JBoss EAP.
> Also Anaconda allows to choose a collection to install. Adding 'FreeIPA
> Identity Management for JBoss EAP' would be relatively easy -- it is
> just a list of packages to pull.
>
Makes sense.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/