Jason Gerard DeRose wrote:
This is a big patch to get everyone synced up with what I'm doing on the webUI.
The Engine is currently *very* dumb because I need to tare through a bunch of
plugin metadata, make a lot of changes, but doing that is likely going to make
merging any outstanding patches too difficult, break any work in progress.  I
even I backed out some crazier changes I had made, realizing the headache I was

So what I propose is acking this and acking any other outstanding patches, and
then quickly making the needed metadata changes in a coordinated fashion (read:
Rob, Pavel, and I staying pretty much lock-step for a few days).  The metadata
changes aren't a lot of work, but they are very disruptive as they will change
the plugin API slightly and will affect every Command and Object plugin we have
(which by my count is currently 108 plugins).

Some highlights:

* lite-xmlrpc.py and lite-webui.py have been replaced by the new lite-server.py
  script, which mounts XML-RPC, JSON-RPC, and the WebUI all on the same paths
  as they would be under Apache (but on a different port).

* Per above, the default xmlrpc_uri is now http://localhost:8888/ipa/xml

* The IPA server is now a WSGI application. A few pieces still are missing, most
  notably running all this under Apache, but it's 90% there.  Currently under
  Apache things will still run the same as before, just XML-RPC and not through
  the new Backend.xmlserver WSGI interface.  Because IPA is a WSGI app, I think
  we should strongly consider running IPA under mod_wsgi instead of mod_python,
  although running under mod_python is still possible with a mod_python <=> WSGI

* For flexibility and to ease debugging, the XML-RPC and JSON-RPC services can
  now also be called via GET or POST query strings.  For example:




  Is the same as:

    api.Command.user_add(givenname='Jason', sn='DeRose')

* In theory, lite-server.py supports SSL, but there is a bug in paste 1.7.2 that
  prevents it from working under Python 2.6.  To turn on SSL, just place a PEM
  format cert at ~/.ipa/lite.pem

Anyway, this gives everyone something to play with/review till I get back from
PTO on Thursday.


Have a bunch of questions/issues before I can ack this:

- We need to get the wehjit library accepted into Fedora ASAP
- There is a change to ipa-server-install that reverts your previous patch, 016 - This patch includes the previous SSO patch that we can't commit until we get an alternative for the Crypto package on some distros - Is it going to be confusing to register the jsonserver in a file named xmlserver.py? - in rpcserver.py::extract_query(environ) should an error be raised if these conditions aren't met? For example, you do a POST and the content-type isn't application/x-www-form-urlencoded

Otherwise looks ok. I'm not opposed to switching to WSGI as long as we have feature parity.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-devel mailing list

Reply via email to