Dmitri Pal wrote:
On 01/17/2014 04:24 PM, Rob Crittenden wrote:
Implement an IPA RESTful Foreman-compatible smart proxy. This exposes
hosts and hostgroups via an unauthenticated REST API. The idea is that
this service runs on the Foreman server and only listens on local ports.
It is a CherryPy-based server and that handles the majority of REST
for us.
I included some tests, they can be executed with: nosetests -v
smartproxy/tests
It is installable as a separate RPM but the local machine needs to be
an IPA client. Configuration instructions are in the ipa-rest.1 man page.
This requires an updated python-kerberos currently only available in
rawhide: python-kerberos-1.1-13.fc21
http://www.freeipa.org/page/V3/Smart_Proxy
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
What kind of the pre configuration it requires on IPA side.
Should we setup some special permission for the host that would run this
proxy?
Nothing is required on the server. I tested this on and off a server and
it is largely independent.
I document how to create a role and what privileges it needs. For the
time being I'm using a normal IPA user as a service user for this. If we
add services to roles I'd prefer that,
https://fedorahosted.org/freeipa/ticket/3164 .
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
