[Freeipa-devel] [PATCH] 402 Add userClass attribute for hosts

Martin Kosek mkosek at redhat.com
Tue Apr 23 10:22:13 UTC 2013


On 04/23/2013 10:10 AM, Martin Kosek wrote:
> This new freeform host attribute will allow provisioning systems
> to add custom tags for host objects which can be later used for
> in automember rules or for additional local interpretation.
> 
> Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
> Ticket: https://fedorahosted.org/freeipa/ticket/3583
> 
> -----
> 
> This is how it can be used:
> 
> # ipa hostgroup-add webservers
> Description: web servers
> ----------------------------
> Added hostgroup "webservers"
> ----------------------------
>   Host-group: webservers
>   Description: web servers
> 
> # ipa automember-add --type=hostgroup webservers
> ----------------------------------
> Added automember rule "webservers"
> ----------------------------------
>   Automember Rule: webservers
> 
> # ipa automember-add-condition --key=userclass --type=hostgroup
> --inclusive-regex=^webserver webservers
> ----------------------------------
> Added condition(s) to "webservers"
> ----------------------------------
>   Automember Rule: webservers
>   Inclusive Regex: userclass=^webserver
> ----------------------------
> Number of conditions added 1
> ----------------------------
> 
> 
> 
> # ipa host-add web.example.com --force --class=webserver --class=mailserver
> ----------------------------
> Added host "web.example.com"
> ----------------------------
>   Host name: web.example.com
>   Principal name: host/web.example.com at EXAMPLE.COM
>   Class: webserver, mailserver                    <<<<<<<<<<
>   Password: False
>   Member of host-groups: webservers               <<<<<<<<<<
>   Indirect Member of netgroup: webservers
>   Keytab: False
>   Managed by: web.example.com
> 
> 
> Martin
> 

I just noticed that despite what the design page says, I implemented the new
attribute both for host-add and host-mod commands.

My thinking was that the attribute may have a general use and not just for the
automember. Thus, I would not limit it to host-add only. Admins may want to
change the attribute after the host was created (and then maybe also run the
manual automember task computing the groups again).

Martin




More information about the Freeipa-devel mailing list