From 4facb9d8ceea6ffe07297f375bf05d9c72bc6125 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 3 Dec 2013 09:14:00 -0700
Subject: Implement an IPA Foreman smartproxy server

This currently server supports only host and hostgroup commands for
retrieving, adding and deleting entries.

The incoming requests are completely unauthenticated and by default
requests must be local.

Utilize GSS-Proxy to manage the TGT.

Configuration information is in the ipa-smartproxy man page.

Design: http://www.freeipa.org/page/V3/Smart_Proxy
---
 freeipa.spec.in | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

(limited to 'freeipa.spec.in')

diff --git a/freeipa.spec.in b/freeipa.spec.in
index e851313f..d48fb5a5 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -107,7 +107,7 @@ Requires: nss >= 3.14.3-12.0
 Requires: nss-tools >= 3.14.3-12.0
 %endif
 %if 0%{?krb5_dal_version} >= 4
-Requires: krb5-server >= 1.11.5-3
+Requires: krb5-server >= 1.11.5-2
 %else
 %if 0%{krb5_dal_version} == 3
 # krb5 1.11 bumped DAL interface major version, a rebuild is needed
@@ -218,6 +218,19 @@ Cross-realm trusts with Active Directory in IPA require working Samba 4
 installation. This package is provided for convenience to install all required
 dependencies at once.
 
+
+%package server-foreman-smartproxy
+Summary: Foreman-compatible REST API for IPA
+Group: System Environment/Base
+Requires: %{name}-client = %version-%release
+Requires: python-cherrypy
+Requires: gssproxy >= 0.3.1
+Requires: python-requests
+Requires: python-kerberos >= 1.1-14
+
+%description server-foreman-smartproxy
+A Foreman-compatible REST API for managing hosts and hostgroups.
+
 %endif # ONLY_CLIENT
 
 
@@ -456,6 +469,7 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
 mkdir -p %{buildroot}%{_unitdir}
 install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service
 install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service
+install -m 644 smartproxy/ipa-smartproxy.service %{buildroot}%{_unitdir}/ipa-smartproxy.service
 # END
 mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa/backup
 %endif # ONLY_CLIENT
@@ -512,6 +526,7 @@ if [ $1 = 0 ]; then
 # NOTE: systemd specific section
     /bin/systemctl --quiet stop ipa.service || :
     /bin/systemctl --quiet disable ipa.service || :
+    /bin/systemctl --quiet stop ipa-smartproxy.service || :
 # END
 fi
 
@@ -547,6 +562,17 @@ fi
 if [ $1 -eq 0 ]; then
     %{_sbindir}/update-alternatives --remove winbind_krb5_locator.so /dev/null
 fi
+
+%preun server-foreman-smartproxy
+if [ $1 = 0 ]; then
+    /bin/systemctl --quiet disable ipa-smartproxy.service || :
+fi
+
+%post server-foreman-smartproxy
+if [ $1 -gt 1 ] ; then
+    /bin/systemctl --system daemon-reload 2>&1 || :
+    /bin/systemctl condrestart ipa-smartproxy.service 2>&1 || :
+fi
 %endif # ONLY_CLIENT
 
 %post client
@@ -781,6 +807,15 @@ fi
 %{python_sitelib}/ipaserver/dcerpc*
 %{python_sitelib}/ipaserver/install/adtrustinstance*
 %ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
+
+%files server-foreman-smartproxy
+%{_sbindir}/ipa-smartproxy
+%{_mandir}/man1/ipa-smartproxy.1.gz
+%{_mandir}/man5/ipa-smartproxy.conf.5.gz
+%attr(644,root,root) %{_unitdir}/ipa-smartproxy.service
+%config(noreplace) %{_sysconfdir}/ipa/ipa-smartproxy.conf
+%config(noreplace)%{_sysconfdir}/logrotate.d/ipa-smartproxy
+
 %endif # ONLY_CLIENT
 
 %files client
-- 
cgit