[Ovirt-devel] ovirt dependencies

Fri Feb 29 04:35:11 UTC 2008

Daniel P. Berrange wrote:
> On Thu, Feb 28, 2008 at 06:31:28PM +0000, Richard W.M. Jones wrote:
>   
>> I'm trying to build a definitive list of 'external' dependencies for
>> oVirt.  By 'external' I mean dependencies on non-Fedora packages,
>> network services, anything which needs a difficult or unusual
>> configuration.
>>
>> The underlying question here is what would it take to be able to
>> simply 'yum install ovirt-wui' to create a WUI?
>>
>> Please follow-up if I've missed any.
>>
>> (1a) FreeIPA server
>> (1b) Kerberos support in the browser
>>
>> Does someone have Scott Seago's patches for "null" authentication?
>>     
>
> I don't believe he finished it before he went away.
>
>   
Actually, I haven't started it yet -- the priorities my last week before 
I took off were on the "demoable" bits that we needed to get in place 
first. On top of that, the null auth stuff won't work until Chris does 
the same thing on the back end (since we also use kerberos for libvirt) 
and at the time he had a backlog of higher priority tasks as well.

As far as I know this is fairly high on the list of stuff for me to work 
on when I return though (although I've been out of the loop for a week, 
so some of this may have changed)
>> (4) PostgreSQL
>>
>> Setting up databases is always hard: Should we create the database?
>> What happens if the database already exists?  (Upgrades are hard to do
>> and error-prone).  But leaving a SQL file around and asking the user
>> to load it by hand seems reasonable enough.
>>
>> I notice that the current ovirt-wui RPM leaves a script around to
>> create the database but my ruby isn't good enough to tell how the full
>> database schema is created.
>>     
>
> Really a few steps:
>
>   - InitDB  - Fedora initscripts take care of this already
>   - Create user - su - postgres and add the user account 
>   - Create DB - again a manual step
>   - Config auth - twiddle pg_hba.conf
>   - Import schema - Ruby provides a convenient command for this IIRC
>
> The first 4 are pretty much common to any DB app and really a documentation
> exercise. We can provide a script to help loading of the schema.
>
>   
Yeah -- the actual schema loading is handled by ActiveRecord (the ORM 
used by rails). The code for the schema definition is contained in 
several Ruby files called "migrations" by ActiveRecord -- there is 
explicit support for db upgrades and downgrades, but the default "rake 
db:migrate" command upgrades the db schema to the latest version defined 
(or loads the whole schema for a newly-created db)
> It is a shame we can't leverage libvirt's other auth schemes though, since
> that allows TLS/x509 certs, and even  plain username+password auth. Supporting
> this though has implications for policy management / group management, since
> we had intended to push this all off to FreeIPA too.
>
> Dan.
>   
Any chance of FreeIPA supporting other auth schemes directly? Then we 
could just use those too. Is this on the roadmap, or is the plan to be 
"all kerberos, all the time"

Scott