[Ovirt-devel] Some architecture diagrams
Daniel P. Berrange
berrange at redhat.com
Fri Feb 15 16:41:44 UTC 2008
On Fri, Feb 15, 2008 at 11:34:16AM -0500, Simo Sorce wrote:
>
> On Fri, 2008-02-15 at 15:40 +0000, Daniel P. Berrange wrote:
> > On Fri, Feb 15, 2008 at 03:34:39PM +0000, Richard W.M. Jones wrote:
> >
> > > Question (1) => we could make package ovirt depend on the parts of
> > > FreeIPA necessary (ipa-server & ipa-client I think). _If_ we can
> > > persuade FreeIPA to be a good citizen and not require its own server.
> >
> > Yes, i'd be good to have a vhost config file you can drop into the
> > /etc/httpd/config.d that would play nicely with the world - eg have
> > everything under /freeipa instead of taking over the entire apache
> > server namespace.
>
> Patches welcome :-)
>
> Btw while I am reading this list, we are planning on using something
> like rmanager to handle the FreeIPA components so that if one piece goes
> down it is either restarted or all the (interdependent) pieces go down.
To be honest, that sounds like something that is more OS / integration
policy rather than something which should be a fundamental part of
the FreeIPA app.
> However to answer Richard question, FreeIPA itself does not require to
> be the only thing running on the server (modulo the mentioned apache
> configuration problem that can be probably solved).
> But given its nature it is better, for security reasons, if it is. After
> all it contains all the Keys to the REALM :-)
Yep, we're mainly wanting to do the shared apache server for purposes of
development to reduce the number of machines required for developers.
Obviously a production deployment would take FreeIPA sercurity much
more seriously and use a separate machine.
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the ovirt-devel
mailing list