Jan Pazdziora wrote:
On Mon, Dec 22, 2008 at 12:44:28PM -0800, Dave Parker wrote:
4) adds to spacewalk-setup the ability to backup and generate a new
/etc/httpd/conf.d/ssl.conf. This was necessary as the default ssl.conf provided
by the mod_ssl package defines the _default_:443 ssl server, and does so in a
way that's incompatible with spacewalk for lack of three directives. As it's
improper for a second rpm to alter %config files from a first, it's implemented
instead as a question in spacewalk-setup.
I don't like the fact that the ssl.conf is created from scratch here.
The spacewalk-setup should really just take whatever the existing
ssl.conf is there and add those three directives to _default_:443,
provided they are not there already (some marker could be used, or
just look for those directives being present).
That way if the user has something else configured in their ssl.conf,
it would be preserved and Spacewalk would be a good citizen.
Alternatively we could come up and drive to Fedora / RHEL a better SSL
configuration for Apache, to maybe have something like
/etc/httpd/conf.d/ssl.conf
do something like
<VirtualHost _default_:443>
Include conf.d/ssl.d/default/*.conf
</VirtualHost>
Include conf.d/ssl.d/*.conf
so that there is an easy way to add things to the default virtual
host, and also an easy way to add additional virtual hosts.
I'd vote we go towards the later option and make Fedora/RHEL play nicer
with other apps wanting to modify the default virtual host.
At some point I believe we should actually make it possible for
spacewalk to run outside the scope of the default virtual host, so users
could have multiple web applications on their spacewalk host. Right now
we basically take over the box but it would be ideal if we had the
option of running under:
https://somehost.example.com/spacewalk/
For now I say we leave the ssl modification scheme as-is. We create
consecutive backup files with each run of spacewalk-setup so user's
original file is always available:
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf.d/ssl.conf-swsave
/etc/httpd/conf.d/ssl.conf-swsave.~1~
/etc/httpd/conf.d/ssl.conf-swsave.~2~
I'd really like to get this into Spacewalk 0.4. Anyone have any huge
objections to us pushing these changes tomorrow?
Mike
--
Mike McCune
mmccune AT redhat.com
Engineering | Portland, OR
RHN Satellite | 650.567.9039x79248
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
