[Freeipa-devel] [PATCH] 0119 Switch client to JSON-RPC

Petr Viktorin pviktori at redhat.com
Fri May 10 14:54:39 UTC 2013


On 04/01/2013 11:37 PM, Rob Crittenden wrote:
> Petr Viktorin wrote:
>> On 01/15/2013 12:36 PM, Petr Viktorin wrote:
>>> I meant to hold this patch a while longer to let it mature, but from
>>> what Brian Smith asked on the user list it seems it could help him.
>>>
>>> Design: http://freeipa.org/page/V3/JSON-RPC
>>> Ticket: https://fedorahosted.org/freeipa/ticket/3299
>>>
>>> See the design page for what the patch does.
>>>
>>>
>>> As much as I've tried to avoid them, the code includes some workarounds:
>>> It extends xmlrpclib to also support JSON. This is rather intrusive, but
>>> to not do that I'd need to write a parallel stack for JSON, without the
>>> help of a standard library.
>>> The registration of either jsonclient or xmlclient as "rpcclient" in the
>>> API also needs a bit of magic, since the framework requires the class
>>> name to match the attribute.
>>>
>>>
>>> To prevent backwards compatibility problems, we need to ensure that all
>>> official JSON clients send the API version, so this patch should be
>>> applied after my patches 0104-0106.
>>>
>>
>> Updating to current master.
>
> Please reverse this change in ipalib/rpc.py:
>
> @@ -665,8 +788,6 @@ class xmlclient(Connectible):
>               except Exception, e:
>                   if not fallback:
>                       raise
> -                else:
> -                    self.log.info('Connection to %s failed with %s',
> url, e)
>                   serverproxy = None
>
> This logs connection errors when the client fails over to another server.

Thanks. Done, and rebased to master.

> The changes look really good. The show stopper is that using jsonrpc
> doesn't create a session key. I noticed that xmlrpc_uri is hardcoded
> into ipalib/session.py but it appears the issue is deeper than that.

That uses only the hostname from xmlrpc_uri. When using different 
hostnames in xmlrpc_uri and jsonrpc_uri *on the server*, it'll put the 
wrong domain in the cookie. In this case I think it's the configuration 
that's wrong.

The real problem is that KerberossSession code which creates the cookie, 
was not called by the JSON server.
Patch 0223 adds it.

Patch 0224 adds the server class name (e.g. [jsonserver_kerb]) to the 
server logs. It should help debug problems specific to a backend/protocol.

-- 
Petr³


-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0119.3-Switch-client-to-JSON-RPC.patch
Type: text/x-patch
Size: 39709 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130510/1a855fd3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0223.3-Make-jsonserver_kerb-start-a-cookie-based-session.patch
Type: text/x-patch
Size: 1580 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130510/1a855fd3/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0224.3-Add-server-protocol-type-to-rpcserver-logs.patch
Type: text/x-patch
Size: 2805 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130510/1a855fd3/attachment-0002.bin>


More information about the Freeipa-devel mailing list