[Freeipa-devel] [PATCH] 1106 IPA REST smart proxy
Petr Viktorin
pviktori at redhat.com
Fri Feb 28 11:59:57 UTC 2014
On 02/28/2014 12:41 PM, Martin Kosek wrote:
> On 02/28/2014 10:47 AM, Petr Viktorin wrote:
>> On 02/27/2014 10:18 PM, Rob Crittenden wrote:
>>> Rob Crittenden wrote:
>> [...]
>>>> Ok, so try to summarize this long-running thread, I'll rename the
>>>> subpackage to freeipa-server-foreman-smartproxy to make it clearer what
>>>> it is/does. Right now it requires manual configuration so having the
>>>> package installed should have no negative impacts (other than
>>>> potentially pulling in additional dependencies).
>>>>
>>>> I'll leave it in smartproxy for now, it's just cleaner and better
>>>> integrates with ipatests IMHO.
>>>>
>>>> Foreman supports SSL client auth which is great, by cherrypy does not
>>>> yet. There is a pull request to add this,
>>>> https://bitbucket.org/cherrypy/cherrypy/pull-request/15/added-support-for-client-certificate/activity
>>>>
>>>>
>>>> . Foreman otherwise supports no other authentication method, so we're
>>>> blocked with this. The certs for this would initially come out of
>>>> Foreman/puppet.
>>>>
>>>> I'll submit a new patch with an updated spec but I think otherwise I've
>>>> addressed the isuses Petr has raised. This thread has taken a lot of
>>>> turns so it is very possible I missed something though :-)
>>>
>>> Updated patch based on feedback from Foreman team. I added a new URI,
>>> /features, which Foreman uses to determine what capabilities a proxy has.
>>>
>>> rob
>>
>> My review is blocked because 389-ds doesn't install on Rawhide due to
>> https://fedorahosted.org/389/ticket/47700
>>
>> Noriko, do you know of a Rawhide build that includes your fix?
>
> Guys, if this patch still makes our master branch incompatible with F20, then
> it is a NACK from me. All developers run on F20, our CI runs on F20 and I do
> not think we can afford loosing that and forcing everyone to permanently switch
> to rawhide - it is too unstable.
>
> IMO the Requires and BuildRequires most be set so that RPMs are buildable and
> installable on F20. The only acceptable exception is when only
> freeipa-server-foreman-smartprox cannot be installed on F20, but otherwise
> everything else need to work.
>
> Thanks,
> Martin
>
Okay, it's not a BuildRequires; IPA doesn't build because of a lint
failure: ipalib/util.py - Module 'kerberos' has no
'authGSSClientInquireCred' member
I guess the new get_current_principal needs to be kept out of ipalib
until we move to f21. Until then we can have a lint exception; after
then we need to remove it, and add BuildRequires so lint passes.
--
Petr³
More information about the Freeipa-devel
mailing list