[Ovirt-devel] ports and hostnames for the ovirt server

[Simo Sorce]

CCing freeipa-devel to make sure I am saying the right thing as Rob is
the one sending patches for it.

On Thu, 2008-03-27 at 11:16 -0400, Perry N. Myers wrote:
> In looking at the apache configuration for the ipa server and the
> ovirt-wui, I had a few questions...
> 
> Right now the assumption being made is that the FreeIPA instance always
> gets installed on the same host as the ovirt-wui.  And because of this, we
> have to run the FreeIPA server on a non-standard port (8089) because it
> currently does not coexist well with other apps on the same port.

FYI: We are working on fixing this.

> Another configuration exists where the FreeIPA server is already installed
> elsewhere in the network (maybe someone is already using it for other
> purposes) and in this case it'll likely be running on port 80 on that server.
> 
> Since by default FreeIPA runs on port 80, it makes more sense to always
> keep it on port 80 so that the configuration is the same whether it is
> hosted with the oVirt WUI or standalone.

It would make sense yes.

> If we agree on that (I'm open to objections here) then the next question
> is how to run FreeIPA and oVirt on the same box without conflicts.  A few
> options exist:
> 1. Run oVirt on a different port instead of FreeIPA
> 2. Use name virtual hosting so that IPA runs on the base hostname and
>    oVirt runs on something like ovirt.domain.com.  For the developer
>    install, this can be accomplished by mucking with /etc/hosts and
>    for prod installs it'll involve DNS, but we already require that for
>    other things.  This is tricky because once we start using https and
>    FreeIPA does as well, NameVirtualHosting sort of breaks down...
> 3. Relocate the ipa server so that it's not at the root URL

We are pursuing this solution in freeIPA itself. Hopefully, with some
help, we will have this soon.

> 4. Relocate the ovirt server so that it's not at the root URL

In general it would be wise to be able to use something like
http://server/service so that multiple services can be used on the same
server without clashes.

THe patches I've seen from Rob move all to
http(s)://server.name/ipa(xml), I guess ovirt could do something similar
and move to http(s)://server.name/ovirt ?

> I don't like option 3, since that also changes the default configuration
> for FreeIPA.  Option 2 will work for now, but we know it'll break later
> when we start using https.
> 
> Option 1 is the easiest way to get things working, as long as people don't
> object to running the mgmt ui on something other than port 80.
> 
> Option 4 might solve the problem, but I'm not sure if it'll work since
> FreeIPA does URL rewriting (we can comment this out, but I'd like to not
> muck with their stuff and leave things default if possible)
> 
> Thoughts?

I think opt 3 is the solution and should be adopted by both freeipa and
ovirt so that we can all be good citizens.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York