Ovirt devel - May 2008 - Re: one more time

On Mon, May 19, 2008 at 05:06:44PM -0400, Scott Seago
wrote:
> From 7f3c19e77a7178d7fb89c46d0a6ae6e93c46781b Mon Sep 17 00:00:00 2001
> From: Scott Seago <sseago at kodiak.boston.redhat.com>
> Date: Mon, 19 May 2008 15:14:41 -0400
> Subject: more move host/storage bits:
>  1) move hosts/storage to new HW pool
>  2) make all the move stuff work for storage in addition to hosts
>  3) fix some js errors and consolidate some of the js selection code for
the checkboxes
> 
Hey Scott.

I have committed this on the basis that it built and
installed. However there is now a problem with the
"grant_admin_privileges" script in that it requires an ldap server
(this is from Darryl's patch, not yours), so I wasn't able to test it
fully.

On that topic, do we want to make "grant_admin_privileges" fall back
gracefully if auth is turned off (as it is in my case at the moment)?

Take care,
--Hugh

Hugh O. Brock wrote:
>
>
> Hey Scott.
>
> I have committed this on the basis that it built and
> installed. However there is now a problem with the
> "grant_admin_privileges" script in that it requires an ldap
server
> (this is from Darryl's patch, not yours), so I wasn't able to test
it
> fully.
>
> On that topic, do we want to make "grant_admin_privileges" fall
back
> gracefully if auth is turned off (as it is in my case at the moment)?
>
> Take care,
> --Hugh
>   
This is a good question. At one point we'd planned a "turn auth
off"
flag (for development use only), but ultimately decided to abandon that 
effort. But when we were only using kerberos (and not LDAP yet), turning 
off auth turned out to be a two-line change to ovirt-wui.conf. Now that 
we get the user list from ldap, turning auth _and_ ldap off would be a 
larger effort, since we'd need some alternate means of generating a user 
list. Is this something we want to do, or are we now at the point that 
_all_ running ovirt instances, even dev ones, must point to a freeipa 
server?

Scott