[Ovirt-devel] Some architecture diagrams

[Daniel P. Berrange]

On Fri, Feb 15, 2008 at 11:34:16AM -0500, Simo Sorce wrote:
> 
> On Fri, 2008-02-15 at 15:40 +0000, Daniel P. Berrange wrote:
> > On Fri, Feb 15, 2008 at 03:34:39PM +0000, Richard W.M. Jones wrote:
> >  
> > > Question (1) => we could make package ovirt depend on the parts of 
> > > FreeIPA necessary (ipa-server & ipa-client I think).  _If_ we can 
> > > persuade FreeIPA to be a good citizen and not require its own server.
> > 
> > Yes, i'd be good to have a vhost config file you can drop into the
> > /etc/httpd/config.d  that would play nicely with the world - eg have
> > everything under /freeipa  instead of taking over the entire apache
> > server namespace.
> 
> Patches welcome :-)
> 
> Btw while I am reading this list, we are planning on using something
> like rmanager to handle the FreeIPA components so that if one piece goes
> down it is either restarted or all the (interdependent) pieces go down.

To be honest, that sounds like something that is more OS / integration
policy rather than something which should be a fundamental part of
the FreeIPA app.

> However to answer Richard question, FreeIPA itself does not require to
> be the only thing running on the server (modulo the mentioned apache
> configuration problem that can be probably solved).
> But given its nature it is better, for security reasons, if it is. After
> all it contains all the Keys to the REALM :-)

Yep, we're mainly wanting to do the shared apache server for purposes of
development to reduce the number of machines required for developers.
Obviously a production deployment would take FreeIPA sercurity much
more seriously and use a separate machine.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|