diff options
author | Rob Crittenden <rcritten@redhat.com> | 2013-12-03 09:14:00 -0700 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-04-30 21:57:27 +0200 |
commit | 64dcb1ec76fa706320746720431ef815eb3e9ecd (patch) | |
tree | fe2884e42b5dcc11cdd640e7d2b790d20d86e63b /freeipa.spec.in | |
parent | 923c7ab7bc0eb361dae6e6fb3f05854499625368 (diff) | |
download | freeipa-64dcb1ec76fa706320746720431ef815eb3e9ecd.tar.gz freeipa-64dcb1ec76fa706320746720431ef815eb3e9ecd.tar.xz freeipa-64dcb1ec76fa706320746720431ef815eb3e9ecd.zip |
Implement an IPA Foreman smartproxy server
This currently server supports only host and hostgroup commands for
retrieving, adding and deleting entries.
The incoming requests are completely unauthenticated and by default
requests must be local.
Utilize GSS-Proxy to manage the TGT.
Configuration information is in the ipa-smartproxy man page.
Design: http://www.freeipa.org/page/V3/Smart_Proxy
https://fedorahosted.org/freeipa/ticket/4128
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'freeipa.spec.in')
-rw-r--r-- | freeipa.spec.in | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 52817cd4d..4e3fd7351 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -57,7 +57,7 @@ BuildRequires: python-setuptools BuildRequires: python-krbV BuildRequires: python-nss BuildRequires: python-netaddr -BuildRequires: python-kerberos +BuildRequires: python-kerberos >= 1.1-14 BuildRequires: python-rhsm BuildRequires: pyOpenSSL BuildRequires: pylint @@ -79,6 +79,9 @@ BuildRequires: libverto-devel BuildRequires: systemd BuildRequires: libunistring-devel BuildRequires: python-lesscpy +BuildRequires: python-kerberos +BuildRequires: python-cherrypy +BuildRequires: python-requests # Find out Kerberos middle version to infer ABI changes in DAL driver # We cannot load DAL driver into KDC with wrong ABI. @@ -219,6 +222,19 @@ Cross-realm trusts with Active Directory in IPA require working Samba 4 installation. This package is provided for convenience to install all required dependencies at once. + +%package server-foreman-smartproxy +Summary: Foreman-compatible REST API for IPA +Group: System Environment/Base +Requires: %{name}-client = %version-%release +Requires: python-cherrypy +Requires: gssproxy >= 0.3.1 +Requires: python-requests +Requires: python-kerberos >= 1.1-14 + +%description server-foreman-smartproxy +A Foreman-compatible REST API for managing hosts and hostgroups. + %endif # ONLY_CLIENT @@ -459,6 +475,7 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so mkdir -p %{buildroot}%{_unitdir} install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service +install -m 644 smartproxy/ipa-smartproxy.service %{buildroot}%{_unitdir}/ipa-smartproxy.service # END mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa/backup %endif # ONLY_CLIENT @@ -515,6 +532,8 @@ if [ $1 = 0 ]; then # NOTE: systemd specific section /bin/systemctl --quiet stop ipa.service || : /bin/systemctl --quiet disable ipa.service || : + /bin/systemctl --quiet stop ipa-smartproxy.service || : + /bin/systemctl --quiet disable ipa-smartproxy.service || : # END fi @@ -550,6 +569,17 @@ fi if [ $1 -eq 0 ]; then %{_sbindir}/update-alternatives --remove winbind_krb5_locator.so /dev/null fi + +%preun server-foreman-smartproxy +if [ $1 = 0 ]; then + /bin/systemctl --quiet disable ipa-smartproxy.service || : +fi + +%post server-foreman-smartproxy +if [ $1 -gt 1 ] ; then + /bin/systemctl --system daemon-reload 2>&1 || : + /bin/systemctl condrestart ipa-smartproxy.service 2>&1 || : +fi %endif # ONLY_CLIENT %post client @@ -784,6 +814,17 @@ fi %{python_sitelib}/ipaserver/dcerpc* %{python_sitelib}/ipaserver/install/adtrustinstance* %ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so + +%files server-foreman-smartproxy +%doc COPYING README smartproxy/ipa-smartproxy-apache.conf +%dir %{_usr}/share/ipa/smartproxy +%{_usr}/share/ipa/smartproxy/ipa-smartproxy.py* +%{_mandir}/man1/ipa-smartproxy.1.gz +%{_mandir}/man5/ipa-smartproxy.conf.5.gz +%attr(644,root,root) %{_unitdir}/ipa-smartproxy.service +%config(noreplace) %{_sysconfdir}/ipa/ipa-smartproxy.conf +%config(noreplace)%{_sysconfdir}/logrotate.d/ipa-smartproxy + %endif # ONLY_CLIENT %files client |