On 02/28/2014 12:41 PM, Martin Kosek wrote:
On 02/28/2014 10:47 AM, Petr Viktorin wrote:
On 02/27/2014 10:18 PM, Rob Crittenden wrote:
Rob Crittenden wrote:
[...]
Ok, so try to summarize this long-running thread, I'll rename the
subpackage to freeipa-server-foreman-smartproxy to make it clearer what
it is/does. Right now it requires manual configuration so having the
package installed should have no negative impacts (other than
potentially pulling in additional dependencies).
I'll leave it in smartproxy for now, it's just cleaner and better
integrates with ipatests IMHO.
Foreman supports SSL client auth which is great, by cherrypy does not
yet. There is a pull request to add this,
https://bitbucket.org/cherrypy/cherrypy/pull-request/15/added-support-for-client-certificate/activity
. Foreman otherwise supports no other authentication method, so we're
blocked with this. The certs for this would initially come out of
Foreman/puppet.
I'll submit a new patch with an updated spec but I think otherwise I've
addressed the isuses Petr has raised. This thread has taken a lot of
turns so it is very possible I missed something though :-)
Updated patch based on feedback from Foreman team. I added a new URI,
/features, which Foreman uses to determine what capabilities a proxy has.
rob
My review is blocked because 389-ds doesn't install on Rawhide due to
https://fedorahosted.org/389/ticket/47700
Noriko, do you know of a Rawhide build that includes your fix?
Guys, if this patch still makes our master branch incompatible with F20, then
it is a NACK from me. All developers run on F20, our CI runs on F20 and I do
not think we can afford loosing that and forcing everyone to permanently switch
to rawhide - it is too unstable.
IMO the Requires and BuildRequires most be set so that RPMs are buildable and
installable on F20. The only acceptable exception is when only
freeipa-server-foreman-smartprox cannot be installed on F20, but otherwise
everything else need to work.
Thanks,
Martin
Okay, it's not a BuildRequires; IPA doesn't build because of a lint
failure: ipalib/util.py - Module 'kerberos' has no
'authGSSClientInquireCred' member
I guess the new get_current_principal needs to be kept out of ipalib
until we move to f21. Until then we can have a lint exception; after
then we need to remove it, and add BuildRequires so lint passes.
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
