[Freeipa-devel] [PATCH] 402 Add userClass attribute for hosts

Petr Vobornik pvoborni at redhat.com
Tue Apr 23 10:28:51 UTC 2013 

On 04/23/2013 12:22 PM, Martin Kosek wrote:
> On 04/23/2013 10:10 AM, Martin Kosek wrote:
>> This new freeform host attribute will allow provisioning systems
>> to add custom tags for host objects which can be later used for
>> in automember rules or for additional local interpretation.
>>
>> Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
>> Ticket: https://fedorahosted.org/freeipa/ticket/3583
>>
>> -----
>>
>> This is how it can be used:
>>
>> # ipa hostgroup-add webservers
>> Description: web servers
>> ----------------------------
>> Added hostgroup "webservers"
>> ----------------------------
>>    Host-group: webservers
>>    Description: web servers
>>
>> # ipa automember-add --type=hostgroup webservers
>> ----------------------------------
>> Added automember rule "webservers"
>> ----------------------------------
>>    Automember Rule: webservers
>>
>> # ipa automember-add-condition --key=userclass --type=hostgroup
>> --inclusive-regex=^webserver webservers
>> ----------------------------------
>> Added condition(s) to "webservers"
>> ----------------------------------
>>    Automember Rule: webservers
>>    Inclusive Regex: userclass=^webserver
>> ----------------------------
>> Number of conditions added 1
>> ----------------------------
>>
>>
>>
>> # ipa host-add web.example.com --force --class=webserver --class=mailserver
>> ----------------------------
>> Added host "web.example.com"
>> ----------------------------
>>    Host name: web.example.com
>>    Principal name: host/web.example.com at EXAMPLE.COM
>>    Class: webserver, mailserver                    <<<<<<<<<<
>>    Password: False
>>    Member of host-groups: webservers               <<<<<<<<<<
>>    Indirect Member of netgroup: webservers
>>    Keytab: False
>>    Managed by: web.example.com
>>
>>
>> Martin
>>
>
> I just noticed that despite what the design page says, I implemented the new
> attribute both for host-add and host-mod commands.
>
> My thinking was that the attribute may have a general use and not just for the
> automember. Thus, I would not limit it to host-add only. Admins may want to
> change the attribute after the host was created (and then maybe also run the
> manual automember task computing the groups again).
>
> Martin

Which raises UI questions:

1) Do we want to add the class attrs to user and host adder dialogs? (to 
allow automember to kick in)

2) Do we want to add the attrs to user and host details pages? (to keep 
CLI and UI in sync)

-- 
Petr Vobornik

More information about the Freeipa-devel mailing list