Just a small comment regarding #1 - @TimoGoebel did some initial work on jwt as well in https://github.com/theforeman/foreman/pull/5596 as part of an effort to introduce GraphQL, so it would be a good idea to look into that as well and see that we don’t have duplicate effort/implementations.
Hey @tbrisker, thank you for bringing this to my attention. I don’t think it really conflicts here, au contraire, I think seeing an initial implementation might help the cause Either way, if you ask me, I’ll sign a JWT, containing hostname and port retrieved from compute resource, using foreman’s private key as this is readily available. The validation on proxy side is then to be done by its public key.
Meanwhile I’ve pushed a PR for websockify (including unit tests), so, we’re closing in on point 1:
Do you mean pushing an update to EPEL? This can be a bit issue since upstream hasn’t done an update for three years (0.8.0 is the latest, also in EPEL). The code is a quite change for patch carried in EPEL (new deps), let’s see. The best thing is to ask upstream to do a release, then ask CentOS packagers to do the same. But remember, the EPEL policy is no major changes, only bugfixes Let’s figure it out, we can always carry new version in our repos.