[Ovirt-devel] ports and hostnames for the ovirt server
Simo Sorce
ssorce at redhat.com
Thu Mar 27 15:34:48 UTC 2008
CCing freeipa-devel to make sure I am saying the right thing as Rob is
the one sending patches for it.
On Thu, 2008-03-27 at 11:16 -0400, Perry N. Myers wrote:
> In looking at the apache configuration for the ipa server and the
> ovirt-wui, I had a few questions...
>
> Right now the assumption being made is that the FreeIPA instance always
> gets installed on the same host as the ovirt-wui. And because of this, we
> have to run the FreeIPA server on a non-standard port (8089) because it
> currently does not coexist well with other apps on the same port.
FYI: We are working on fixing this.
> Another configuration exists where the FreeIPA server is already installed
> elsewhere in the network (maybe someone is already using it for other
> purposes) and in this case it'll likely be running on port 80 on that server.
>
> Since by default FreeIPA runs on port 80, it makes more sense to always
> keep it on port 80 so that the configuration is the same whether it is
> hosted with the oVirt WUI or standalone.
It would make sense yes.
> If we agree on that (I'm open to objections here) then the next question
> is how to run FreeIPA and oVirt on the same box without conflicts. A few
> options exist:
> 1. Run oVirt on a different port instead of FreeIPA
> 2. Use name virtual hosting so that IPA runs on the base hostname and
> oVirt runs on something like ovirt.domain.com. For the developer
> install, this can be accomplished by mucking with /etc/hosts and
> for prod installs it'll involve DNS, but we already require that for
> other things. This is tricky because once we start using https and
> FreeIPA does as well, NameVirtualHosting sort of breaks down...
> 3. Relocate the ipa server so that it's not at the root URL
We are pursuing this solution in freeIPA itself. Hopefully, with some
help, we will have this soon.
> 4. Relocate the ovirt server so that it's not at the root URL
In general it would be wise to be able to use something like
http://server/service so that multiple services can be used on the same
server without clashes.
THe patches I've seen from Rob move all to
http(s)://server.name/ipa(xml), I guess ovirt could do something similar
and move to http(s)://server.name/ovirt ?
> I don't like option 3, since that also changes the default configuration
> for FreeIPA. Option 2 will work for now, but we know it'll break later
> when we start using https.
>
> Option 1 is the easiest way to get things working, as long as people don't
> object to running the mgmt ui on something other than port 80.
>
> Option 4 might solve the problem, but I'm not sure if it'll work since
> FreeIPA does URL rewriting (we can comment this out, but I'd like to not
> muck with their stuff and leave things default if possible)
>
> Thoughts?
I think opt 3 is the solution and should be adopted by both freeipa and
ovirt so that we can all be good citizens.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the ovirt-devel
mailing list