On Mon, 2008-10-20 at 16:26 +0300, Mircea Carasel wrote: > Hi, > Here is how I think that we should handle this issue (given the > discussion that we took on IRC) > In order to make sipXsupervisor to run in a distributed environment here > is what sipXconfig should offer: > 1. Create a fixed URL: > https://master:8443/sipxconfig/initial-config/<distributed-hostname> > 2. For each <distributed-hostname> should generate a password > 3. The password should validate the administrator access to the above URL > (The URL is accessed by the administrator from the distributed-hostname) > 4. Once the URL is accessed it should download on the distributed > hostname a .tar archive that contains: web certificate, > sipXsupervisor-config and domain-config. This archive will contain > information for the supXsupervisor to make it run on the distributed > hostname
That all looks correct. I've implemented the setup script side of it and will be checking it in shortly (composing mail for the dev community on the implications now). One refinement that I stumbled onto while implementing it: to use Basic authorization I also needed a user name to go with the password, so I used the distributed-hostname for that as well. One thing I did not test was whether or not there would be a problem with using our self-signed certs with the python urllib that I used to fetch the configuration; again, this will be much easier to test when there is sipXconfig support. If it's a problem, we can edit the sipx-setup script to use http rather than https while I sort it out. > Proposed solution (following guidance advice from Damian - thanks) > - Create a new Tapestry service that will provide the download URL from > above (Will have the same functionality as the existing Download service > and, in addition it will create the archive to be downloaded. Also, this > service is responsible for password generation in order to validate the > access to the fixed URL > -Create GUI that will contain text-input field to enter the password, a > text-input field to enter the distributed-hostname value, an Apply > button to perform the download from the internally generated URL > (https://master:8443/sipxconfig/initial-config/<distributed-hostname>) Not quite... we don't need a gui for this - it's not being accessed by a web browser, it's being read by a script that has its own gui. The current script assumes that the server will use HTTP Basic authentication to validate the password. If that's too much trouble to do, I could modify the script easily to send the password as a query parameter in the url, which would probably work with a gui interface: https://master:8443/sipxconfig/initial-config/<dist-host>?password=<pw> > The problem that I have is - what is the relation between the > <distributed-hostname> value and the downloaded .tar content. Why should > we generate a download URL for each distributed-hostmane? Because each distributed host has a different certificate and a different sipxsupervisor-config file. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
