Justin Sherrill wrote: > Michael DeHaan wrote: > >> Justin Sherrill wrote: >> >> >>> Hi All, >>> >>> Currently when you specify a port for koan it: >>> >>> 1. Tries port 80, if that fails: >>> >>> >>> >> Yes, specifically it tries http://$server:80/cobbler_api_rw first, which >> is the Apache proxied endpoint. >> >> If that fails, the usage of port is for a direct connection, not using >> Apache proxying. >> >> (Also, if --server=DISCOVER is set it will try looking through Avahi >> before doing either) >> >> >> >> >>> 2. Tries the port you specified. >>> >>> >>> >> >> >> >>> I'm changing it such that it will: >>> >>> 1. Try the port you specify, if that fails: >>> 2. Tries port 80. >>> >>> >>> Also, I'm adding support for SSL. Would koan users prefer: >>> >>> a. A '--ssl' option that tries on SSL if specified >>> >>> >>> >> I am not sure there is a good reason at all to let koan use SSL. All of >> the data koan retrieves is available over non-secured protocols (TFTP >> for starters, and HTTP) so there is nothing to hide. I think trying the >> specified port first makes sense. >> >> > For spacewalk integration this is a requirement IMHO. > Spacewalk/satellite as it is today allows provisioning over pure SSL > which is a requirement for many of our customers. I've heard many > hair-brained network security schemes from customers that require this > (not provisioning specifically, but just their traffic in general). > > If you look at what just koan is doing, i agree there isn't any reason > for it to be encrypted. If you look what koan could be a part of then > there is benefit of having the entire process be encrypted. > > -Justin > > >> >> >>> b. if 443 is passed in try on 443 with SSL, if that fails try on port >>> 80 w/o SSL >>> >>> >>> >>> >> How about if the XMLRPC port connection fails because the port is >> encrypted (with an appropriate exception which I suspect the XMLRPC >> module should raise), trying to treat the port as an SSL connection? >> The exception that gets thrown is an ExpatError (error parsing the xml). Not sure if this is a great indication or not... -Justin
>> --Michael >> >> >> >>> -Justin >>> _______________________________________________ >>> cobbler mailing list >>> [email protected] >>> https://fedorahosted.org/mailman/listinfo/cobbler >>> >>> >>> >> _______________________________________________ >> cobbler mailing list >> [email protected] >> https://fedorahosted.org/mailman/listinfo/cobbler >> >> > > _______________________________________________ > Spacewalk-devel mailing list > [EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/spacewalk-devel > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
