[Freeipa-devel] [PATCH] jderose 017 Giant WebUI patch part 1
Rob Crittenden
rcritten at redhat.com
Tue Sep 8 17:33:04 UTC 2009
Jason Gerard DeRose wrote:
> This is a big patch to get everyone synced up with what I'm doing on the webUI.
> The Engine is currently *very* dumb because I need to tare through a bunch of
> plugin metadata, make a lot of changes, but doing that is likely going to make
> merging any outstanding patches too difficult, break any work in progress. I
> even I backed out some crazier changes I had made, realizing the headache I was
> inviting.
>
> So what I propose is acking this and acking any other outstanding patches, and
> then quickly making the needed metadata changes in a coordinated fashion (read:
> Rob, Pavel, and I staying pretty much lock-step for a few days). The metadata
> changes aren't a lot of work, but they are very disruptive as they will change
> the plugin API slightly and will affect every Command and Object plugin we have
> (which by my count is currently 108 plugins).
>
> Some highlights:
>
> * lite-xmlrpc.py and lite-webui.py have been replaced by the new lite-server.py
> script, which mounts XML-RPC, JSON-RPC, and the WebUI all on the same paths
> as they would be under Apache (but on a different port).
>
> * Per above, the default xmlrpc_uri is now http://localhost:8888/ipa/xml
>
> * The IPA server is now a WSGI application. A few pieces still are missing, most
> notably running all this under Apache, but it's 90% there. Currently under
> Apache things will still run the same as before, just XML-RPC and not through
> the new Backend.xmlserver WSGI interface. Because IPA is a WSGI app, I think
> we should strongly consider running IPA under mod_wsgi instead of mod_python,
> although running under mod_python is still possible with a mod_python <=> WSGI
> adapter.
>
> * For flexibility and to ease debugging, the XML-RPC and JSON-RPC services can
> now also be called via GET or POST query strings. For example:
>
> http://localhost:8888/ipa/json/user_add?givenname=Jason&sn=DeRose
>
> Or
>
> http://localhost:8888/ipa/xml/user_add?givenname=Jason&sn=DeRose
>
> Is the same as:
>
> api.Command.user_add(givenname='Jason', sn='DeRose')
>
> * In theory, lite-server.py supports SSL, but there is a bug in paste 1.7.2 that
> prevents it from working under Python 2.6. To turn on SSL, just place a PEM
> format cert at ~/.ipa/lite.pem
>
>
> Anyway, this gives everyone something to play with/review till I get back from
> PTO on Thursday.
>
> Cheers,
> Jason
Have a bunch of questions/issues before I can ack this:
- We need to get the wehjit library accepted into Fedora ASAP
- There is a change to ipa-server-install that reverts your previous
patch, 016
- This patch includes the previous SSO patch that we can't commit until
we get an alternative for the Crypto package on some distros
- Is it going to be confusing to register the jsonserver in a file named
xmlserver.py?
- in rpcserver.py::extract_query(environ) should an error be raised if
these conditions aren't met? For example, you do a POST and the
content-type isn't application/x-www-form-urlencoded
Otherwise looks ok. I'm not opposed to switching to WSGI as long as we
have feature parity.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090908/61cdeab8/attachment.bin>
More information about the Freeipa-devel
mailing list