----- Original Message ----- > From: "Sandro Bonazzola" <[email protected]> > To: "Alon Bar-Lev" <[email protected]> > Cc: "Barak Azulay" <[email protected]>, "engine-devel" > <[email protected]>, "Alex Lourie" <[email protected]> > Sent: Friday, May 17, 2013 11:11:54 AM > Subject: Re: [Engine-devel] 3.3 scratch or upgraded installation must use > Apache proxy > (https://bugzilla.redhat.com/905754) > > Il 08/05/2013 21:18, Alon Bar-Lev ha scritto: > > Right. > > First, we need to support any installation not just rhel. > > Second, we can support only other well behaved products. > > Until recently we were not well behaved... well we still not fully because > > we do not have our own configurable URI namespace. > > > > We cannot control which applications are installed on the same host, > > however we can: > > > > 1. postgresql: support skipping the automatic provisioning [supported in > > the otopi setup] > > 2. apache: do not enforce specific apache SSL implementation [to be done]. > > 3. apache: support skipping the automatic SSL configuration [supported]. > > 4. apache: support skipping the root redirect to ovirt application > > [supported in otopi setup] > > 5. apache: move application to own name space, example /ovirt-engine [to be > > done, I will be happy if you can help pushing this] > > 6. firewall: support skipping configuration [supported] > > 7. packaging: remove the versionlock usage. > > 8. packaging: support proper upgrade path, compatible with packaging best > > practices. > > 9. files: rename all utilities and public artifacts from engine-* to > > ovirt-engine-* > > [more?] > > > > If we do the above we are acting as well behaved application, and can > > co-exist with other well behaved applications. > > > Trying to set the point on this issue in order to start coding. > > We split the http configuration into three: > 1. Install ajp proxy per our URIs[1][2]. > 2. Optionally set root redirection from / to /ovirt-engine > 3. Optionally configure mod_ssl with our certificate. > > The mandatory apache configuration[1] does not alter any configuration file. > [1] http://gerrit.ovirt.org/13318 > [2] http://gerrit.ovirt.org/14304 > > So there is no reason for checking if user has changed the http > configuration for just forcing proxy. > > About IPA conflicts if I've understood correctly there is only collision > between mod_nss used by IPA and mod_ssl used if we enable mod_ssl > configuration. > It seems there was an issue with mod_proxy and using 2 different SSL > certificates (IPA & RHEV) on the same apache server. > > So, I can force proxy enabled and I can force SSL configuration disabled > if IPA is detected. > I can leave root redirection optional in any case. > > otopi implementation already force proxy enabled so there should be just > to disable ssl if IPA is detected. > > During the discussion about this bug it was suggested also to avoid to > force dependency on mod_ssl or force migration to mod_nss during upgrade > allowing ipa and engine to coexist. I don't think that that issue should > be tracked by https://bugzilla.redhat.com/905754 so if there is the will > to either drop dependency on mod_ssl or migrate to mod_nss please open a > new bug about that.
Right. I just mentioned that so all will be aware of this abnormality. > That could solve also another question: what if IPA is installed after > ovirt-engine? > > In order to act as well behaved application, and co-exist with other > well behaved applications there is more to do as Alon pointed out. > I think that any point not satisfied in order to behave correctly need a > bug to be opened. > > When we'll behave correctly I'll remove any check on IPA presence, > totally ignoring it and removing any enforcement about its presence. > > Am I missing something? I don't think so... just am not sure what is the answer in the past for post IPA installation... Thanks! Alon _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
