[Spacewalk-devel] Re: Updating koan for SSL, and other port things..

Justin Sherrill jsherril at redhat.com
Tue Nov 25 13:14:07 EST 2008


Justin Sherrill wrote:
> Michael DeHaan wrote:
>   
>> Justin Sherrill wrote:
>>   
>>     
>>> Hi All,
>>>
>>> Currently when you specify a port for koan it:
>>>
>>> 1.  Tries port 80, if that fails:
>>>   
>>>     
>>>       
>> Yes, specifically it tries http://$server:80/cobbler_api_rw first, which 
>> is the Apache proxied endpoint.
>>
>> If that fails, the usage of port is for a direct connection, not using 
>> Apache proxying.
>>
>> (Also, if --server=DISCOVER is set it will try looking through Avahi 
>> before doing either)
>>
>>
>>   
>>     
>>> 2.  Tries the port you specified.
>>>   
>>>     
>>>       
>>
>>   
>>     
>>> I'm changing it  such that it will:
>>>
>>> 1.  Try the port you specify, if that fails:
>>> 2.  Tries port 80.
>>>
>>>
>>> Also, I'm adding support for SSL.  Would koan users prefer:
>>>
>>> a.  A '--ssl' option that tries on SSL if specified
>>>   
>>>     
>>>       
>> I am not sure there is a good reason at all to let koan use SSL. All of 
>> the data koan retrieves is available over non-secured protocols (TFTP 
>> for starters, and HTTP) so there is nothing to hide. I think trying the 
>> specified port first makes sense.
>>   
>>     
>     For spacewalk integration this is a requirement IMHO. 
> Spacewalk/satellite as it is today allows provisioning over pure SSL
> which is a requirement for many of our customers.   I've heard many
> hair-brained network security schemes from customers that require this
> (not provisioning specifically, but just their traffic in general). 
>
> If you look at what just koan is doing, i agree there isn't any reason
> for it to be encrypted.  If you look what koan could be a part of then
> there is benefit of having the entire process be encrypted.
>
> -Justin
>
>   
>>   
>>     
>>> b.  if 443 is passed in try on 443 with SSL, if that fails try on port
>>> 80 w/o SSL
>>>
>>>   
>>>     
>>>       
>> How about if the XMLRPC port connection fails because the port is 
>> encrypted (with an appropriate exception which I suspect the XMLRPC 
>> module should raise), trying to treat the port as an SSL connection?
>>     
The exception that gets thrown is an ExpatError (error parsing the
xml).  Not sure if this is a great indication or not...
-Justin

>> --Michael
>>
>>   
>>     
>>> -Justin
>>> _______________________________________________
>>> cobbler mailing list
>>> cobbler at lists.fedorahosted.org
>>> https://fedorahosted.org/mailman/listinfo/cobbler
>>>   
>>>     
>>>       
>> _______________________________________________
>> cobbler mailing list
>> cobbler at lists.fedorahosted.org
>> https://fedorahosted.org/mailman/listinfo/cobbler
>>   
>>     
>
> _______________________________________________
> Spacewalk-devel mailing list
> Spacewalk-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-devel
>   




More information about the Spacewalk-devel mailing list