Hi,
The last days I did some research about how to implement the registration in
WebYaST. And the more I found out about the stuff the more complicated
everthing got.
I want to give a short summary and ask for your comments here.
The registration itself is realised in a Perl module. There are currently two
wrappers that do the workflow for this module. The first is a command line
tool called "suse_register" and the second is the YaST module
"inst_suse_register" which represents the GUI pendant.
My first idea was to use the Perl module directly from Ruby. After a lot
failures it finally works with the bindings from:
http://www.yoshidam.net/Ruby.html#perl
I will prepare a package of these in the BS in case somebody needs to evaluate
Perl code from Ruby.
When I realised that the rest-service does not run as root (it did on my
workstation) but registration must run as root it made the bindings worthless.
So we have to go through the needle eye of a DBus-SCR-call and run a
commandline script (as root) and parse its output.
Well, as I only need to call a script I don't see the need to go over DBus
here. What about configuring sudo for the webservice user? Or using a tiny
setuid wrapper script? Security-wise this would make no difference, as we can
do everything via SCR-calls as root anyway. It would just make things less
complicated (1).
Fortunately I can rely on the fact that the NCC registration server (and soon
SLMS as well) offer server side caching, that means, I don't need to implement
a client side statemachine (which is hard in REST context where each next call
is the first one).
One tricky part is the zypp lock. If somebody locked the package manager on
the system and then somebody else tries to register, the zypper calls will
fail. The YaST module tells the user about it as it initialises the package
manager on startup. But how to this in REST contect? Just return an error like
"The service you are calling is temporarily not available. Please call again
later"? :) This gets less funny when it happens during a registration, as we
can/should not keep a package management lock in a REST service and thus the
lock might be taken in the meanwhile.
Ciao,
Daniel
--
J. Daniel Schmidt