Multiple Juju Relationships to a Single Charm

Sat Oct 4 11:04:37 UTC 2014

Hi Michael,

Thanks for elaborating. Afaics, the crux is two fold.

The primary of being able to establish multiple relations between apache
and identity providers per virtual host. This is supported today via api
and cli. From a juju terminology apache is an IDP interface requirer (aka
client) and the IDP is a provider (aka server). Simply doing juju
add-relation apache idp multiple times suffices to add multiple relations
between apache and different identity provider. Part of the confusion about
this may have been a result of the gui not supporting this. The algorithm i
used in the gui for dimming non valid relation targets, tries to simplify
the common case and provide a guide to users and wont consider 'require'
relation endpoints already satisfied as needing further relations
established. Potentially the gui needs some sort of option/key press to
enable an 'advanced' mode when creating relations that provides for this (i
just filed bug http://pad.lv/1377414 for it).

The secondary issue is that providing for configuration of the virtualhost
idp mapping this way is currently tedious, as the config for the idp
relation and virtualhost needs to flow from the service config or other
charm accessible data source and then mapped onto the individual relation
instances by the charm. This has come up in the context of other relation
workflows/use cases as well. There are tentative plans to address it via
providing for relation configuration that can be provided by the admin and
managed as part of the relation lifecycle. ie add-relation apache idp
--config="vhost=http://myapp.com acct=0123"  Fwiw. The majority of the juju
developers are sprinting this week on code and feature futures and relation
config is on the agenda.

cheers,

Kapil

On Fri, Oct 3, 2014 at 3:09 PM, Michael Schwartz <mike at gluu.org> wrote:

> Kapil,
>
> Here is a picture of a Juju Deployment of the Gluu Server:
>  http://www.gluu.org/blog/wp-content/uploads/2014/10/juju-
> screenshot-gluu-apache.png
>
> In this digram, the Gluu Server is where the person is authenticated. It
> is the Central "Identity Provider" or IDP.
>
> Everything's great right? The Apache Server uses the Gluu Server for
> Authentication... nice and simple.
>
> The only problem.. the world is not quite so simple. Apache has a widely
> used feature to support virtual hosting. So if you are an ISP, unless you
> want to deploy one apache server for every customer, the above relationship
> doesn't do you much good.
>
> In the real world, there are multiple IDPs. Many domains have their own
> IDP. Google is really just another domain on the Internet. Many companies
> also use google to authenticate their people.
>
> So in this diagram: http://www.gluu.org/blog/wp-
> content/uploads/2014/10/juju_apache_charm.png
>
> I was showing a situation where a single Apache Web server might have
> multiple folders for different websites that it is serving, and each
> website may have a different IDP.
>
> Does that help? Can juju provide a nice interface or CLI controls for this?
>
> thx,
>
> Mike
>
>
>
> On 2014-10-03 13:30, Kapil Thangavelu wrote:
>
>> not quite clear why you think it doesn't work, could you outline what
>> you'd like to do and where the difficulty arises. a picture is worth a
>> thousand words, but some words as context are useful to frame it.
>>
>> -k
>>
>> On Fri, Oct 3, 2014 at 1:15 PM, Michael Schwartz <mike at gluu.org>
>> wrote:
>>
>>  Juju'ers:
>>>
>>> If you consider virtual hosting on a web server, each web folder
>>> may be a different client, who may have their own OpenID Provider. I
>>> made a quick diagram:
>>>
>>>
>>>  http://www.gluu.org/blog/wp-content/uploads/2014/10/juju_
>> apache_charm.png
>>
>>> [1]
>>>
>>> As far as I can tell, there is no really good way to do this in
>>> Juju. Any ideas?
>>>
>>> thx,
>>>
>>> Mike
>>>
>>> -------------------------------------
>>> Michael Schwartz
>>> Gluu
>>> Founder / CEO
>>> @gluufederation
>>>
>>> --
>>> Juju mailing list
>>> Juju at lists.ubuntu.com
>>> Modify settings or unsubscribe at:
>>> https://lists.ubuntu.com/mailman/listinfo/juju [2]
>>>
>>
>>
>>
>> Links:
>> ------
>> [1] http://www.gluu.org/blog/wp-content/uploads/2014/10/juju_
>> apache_charm.png
>> [2] https://lists.ubuntu.com/mailman/listinfo/juju
>>
>
> --
>
>
> -------------------------------------
> Michael Schwartz
> Gluu
> Founder / CEO
> mike at gluu.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20141004/8f9bec92/attachment.html>