[Freeipa-devel] [PATCH] 1106 IPA REST smart proxy
Petr Viktorin
pviktori at redhat.com
Wed Mar 12 11:02:18 UTC 2014
On 03/10/2014 08:55 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> Petr Viktorin wrote:
>>> On 02/27/2014 10:18 PM, Rob Crittenden wrote:
>>>> Rob Crittenden wrote:
>>>> Updated patch based on feedback from Foreman team. I added a new URI,
>>>> /features, which Foreman uses to determine what capabilities a proxy
>>>> has.
>>>>
>>>> rob
>>>
>>> On my VMs, where the first request is handled properly but the server
>>> hangs on the second one. I gave you access to the machines for
>>> investigation.
>>
>> Sent you something out-of-band but in short, I wasn't able to reproduce
>> on your reproducing VMs :-( Ping me tomorrow and we'll try it together.
It ended up a combination of my mistake and a bug in GSSProxy. At least
you found the bug. https://fedorahosted.org/gss-proxy/ticket/121
>>> Please add the Python libraries (python-cherrypy, python-requests,
>>> python-kerberos) to BuildRequires. Otherwise the build fails due to
>>> pylint errors.
>>
>> Fixed.
>>
>>>
>>> In the man page:
>>>
>>>> +Create a host or user whose credentials will be used by the server to
>>>> make requests and add it to the role:
>>>> +
>>>> + $ ipa user\-add \-\-first=Smartproxy \-\-last=Serversmartproxy
>>>> + $ ipa role\-add\-member \-\-users=smartproxy 'Smartproxy management'
>>>
>>> the first command should be
>>> ipa user-add smartproxy --first=Smartproxy --last=Serversmartproxy
>>> since by default the username is 'sserversmartproxy'.
>>
>> The problem was a missing space before smartproxy. I have the login name
>> last in this example. Fixed.
>>
>>>
>>> A nitpick regarding the systemd service: according to [0], Type=forking
>>> should be avoided. Is there a reason against setting Type=simple, and
>>> removing the PID file?
>>
>> Because I wasn't able to get this working with cherrypy daemon mode.
>> AFAICT it forks itself and systemd wouldn't end up with the right pid so
>> can't stop the service.
>
> And now the updated patch. The changes are super-minor.
>
> rob
>
One last nitpick: the IPAErrors get encoded as JSON but the
Content-Encoding is set to text/html. It's a one-line change so I went
ahead and tested with it. ACK from me if you agree.
I spoke to Martin and he's still not satisfied with needing the COPR
repo on f20. I think we can live with it though.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1106-7+pviktori-rest.patch
Type: text/x-patch
Size: 47657 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140312/64d71077/attachment.bin>
More information about the Freeipa-devel
mailing list