On May 6, 2013, at 19:45, Alon Bar-Lev <[email protected]> wrote:
> Hello,
>
> I don't understand why you start discussion from start... there were some
> additional facts.
>
> So first answer:
> No we cannot assume we own the machine nor own the apache, nor own the
> postgresql. These assumptions made in the past were plain wrong and cause
> more harm than good, and eventually saved no resources nor efforts.
>
> At master we altered the ajp proxy configuration to be less intrusive[1][2].
>
> We split the http configuration into three:
> 1. Install ajp proxy per our URIs[1].
> 2. Optionally set root redirection from / to /ovirt-engine
> 3. Optionally configure mod_ssl with our certificate.
I don't know if this was already brought up,
There is a conflict between our configuration and IPA's
IPA uses mod_nss and we use mod_proxy and mod_ssl , and this creates a conflict.
We can try move to mod_nss on upgrade and solve all issues
Barak
>
> The mandatory apache configuration[1] does not alter any configuration file,
> hence the chance of conflict is the chance of conflict between ovirt-engine
> URIs and other product URIs.
>
> ovirt-engine URIs:
> ---
> /UserPortal
> /OvirtEngineWeb
> /webadmin
> /docs
> /spice
> /ca.crt
> /engine.ssh.key.txt
> /rhevm.ssh.key.txt
> /ovirt-engine-style.css
> /console.vv
> /api
> /ovirt-engine
> ---
>
> As we have done this without cooperation of developers we kept URIs as-is.
>
> URIs that cannot be changed until next major:
> /engine.ssh.key.txt
> /rhevm.ssh.key.txt
> /ca.crt
> /api [I guess, although we can provide migration path alternative]
>
> All the other can be moved into /ovirt-engine with cooperation of developers,
> especially UI and Virt developers, it should be easy to do this, and reduce
> the chance of conflict.
>
> Regards,
> Alon Bar-Lev.
>
> [1] http://gerrit.ovirt.org/#/c/13318/
> [2] http://gerrit.ovirt.org/#/c/14304/
>
> ----- Original Message -----
>> From: "Sandro Bonazzola" <[email protected]>
>> To: "engine-devel" <[email protected]>
>> Cc: "users" <[email protected]>
>> Sent: Monday, May 6, 2013 6:32:08 PM
>> Subject: [Engine-devel] 3.3 scratch or upgraded installation must use Apache
>> proxy
>> (https://bugzilla.redhat.com/905754)
>>
>> Hi,
>> I'm working on https://bugzilla.redhat.com/905754, trying to have Apache
>> proxy in all 3.3 installations.
>>
>> I'm looking in the code and I've found a point where I'm in doubt about
>> how to handle the case.
>> The current engine-setup implementation perform some checks that change
>> the behavior of the installer documented as:
>>
>> 1. Check whether the relevant httpd configuration files were changed, as
>> it's an indication for the setup that the httpd application is being
>> actively used, Therefore we may need to ask (dynamic change) the user
>> whether to override this configuration.
>>
>> 2. Check if IPA is installed and drop port 80/443 support. What the
>> script really do is setting OVERRIDE_HTTPD_CONFIG default to False in
>> both cases and just for case 2 call also setHttpPortsToNonProxyDefault.
>>
>>
>> About 1, if we can consider Apache "owned" by the engine we can drop any
>> question to the user, else I think we need to ask what to do or abort
>> the setup considering the configuration as unsupported.
>>
>> About 2, it seems that the best solution for that is to abort the setup
>> if IPA is found on the same system where
>> we're installing the engine.
>> As far I've understood having IPA and engine on the same host is not a
>> supported configuration.
>>
>>
>> What do you think about this?
>>
>>
>> --
>> Sandro Bonazzola
>> Better technology. Faster innovation. Powered by community collaboration.
>> See how it works at redhat.com
>>
>> _______________________________________________
>> Engine-devel mailing list
>> [email protected]
>> http://lists.ovirt.org/mailman/listinfo/engine-devel
>>
> _______________________________________________
> Engine-devel mailing list
> [email protected]
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>
>
_______________________________________________
Engine-devel mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-devel
