Ossipee started off as OS-IPA. As it morphed into a tool for building development clusters,I realized it was more useful to split the building of the cluster from the Install and configuration of the application on that cluster. To install IPA and OpenStack, and integrate them together, we now use an ansible-playbook called Rippowam.

Continue reading


OpenStack is a big distributed system. FreeIPA is designed for security in distributed system. In order to develop and test each of them, separately or together, I need a distributed system. Virtualization has been a key technology for making this kind of work possible. OpenStack is great of managing virtualization. Added to that is the benefits found when we “fly our own airplanes.” Thus, I am using OpenStack to develop OpenStack.

Steve Okay took this while waiting for a flight to LAS

Early to Rise
757-200 lifts off Rwy 1 at SFO at sunrise. Credit Steve Okay. Used With Permission

Continue reading

Installing RPM Build Dependencies

If you ever want to build and RPM, you need to make sure that the things it requires are installed. These are listed in the SPEC file on lines that begin with BuildRequires.  Installing these by hand is time consuming enough that it should be automated.  Here’s a first hack in Python.


import sys
import re

build_re = re.compile('BuildRequires:.*')
compare_re = re.compile('.*=.*')

def main():
    if (len(sys.argv) > 1):
        spec = open(sys.argv[1])
        for line in spec:
            if build_re.match(line):
                for token in line.rsplit(" "):
                    if build_re.match(token):
                    if compare_re.match(token):
                    token = token.rstrip(" ,\n\r")
                    if len(token) > 0:
                        print token

if __name__ == "__main__":

To use it, save in a file called and run:

sudo yum install `./ ~/rpmbuild/SPECS/krb5.spec`

Debugging with in FreeIPA

Kerberos doesn’t tell you who you are. Seems like a funny thing, but when you use Kerberos Auth on the web, the browser has not way of telling you “this is the principal that you are using.” For the UI in FreeIPA, I need to display just thins information. To find it, I have to look to the server to tell me.

Thus begins my study of FreeIPA plugins. I wrote a simple plugin, the whoami plugin, that did just what I needed. I returned the Principal in the summary, and all was good.

Now I need more. I need to know the role groups of which the current user is a member. This information is on the user object already. So, good-bye whoami plugin: we are going to add your behavior to the user plugin, where it belongs.

The key piece of information that made this work possible was how to get a breakpoint to stop the code and let me step through it. The trick, probably old hat to the Pythonistas out there, but new to me was this simple line:

import pdb; pdb.set_trace()

Without that, none of the breakpoints I’d set would get executed, maybe due to threading or something. Not sure, but with this, I was able to determine that what I needed to do was to modify the filter.

I ran the lite-server like this:


Which is actually preferable to running it like this

python -m pdb

As you don’t have to type cont, and the debugger is still activated by the breakpoints.