[Freeipa-devel] [PATCH] 402 Add userClass attribute for hosts

Dmitri Pal dpal at redhat.com
Tue Apr 23 15:27:29 UTC 2013 

On 04/23/2013 06:28 AM, Petr Vobornik wrote:
> On 04/23/2013 12:22 PM, Martin Kosek wrote:
>> On 04/23/2013 10:10 AM, Martin Kosek wrote:
>>> This new freeform host attribute will allow provisioning systems
>>> to add custom tags for host objects which can be later used for
>>> in automember rules or for additional local interpretation.
>>>
>>> Design page:
>>> http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
>>> Ticket: https://fedorahosted.org/freeipa/ticket/3583
>>>
>>> -----
>>>
>>> This is how it can be used:
>>>
>>> # ipa hostgroup-add webservers
>>> Description: web servers
>>> ----------------------------
>>> Added hostgroup "webservers"
>>> ----------------------------
>>>    Host-group: webservers
>>>    Description: web servers
>>>
>>> # ipa automember-add --type=hostgroup webservers
>>> ----------------------------------
>>> Added automember rule "webservers"
>>> ----------------------------------
>>>    Automember Rule: webservers
>>>
>>> # ipa automember-add-condition --key=userclass --type=hostgroup
>>> --inclusive-regex=^webserver webservers
>>> ----------------------------------
>>> Added condition(s) to "webservers"
>>> ----------------------------------
>>>    Automember Rule: webservers
>>>    Inclusive Regex: userclass=^webserver
>>> ----------------------------
>>> Number of conditions added 1
>>> ----------------------------
>>>
>>>
>>>
>>> # ipa host-add web.example.com --force --class=webserver
>>> --class=mailserver
>>> ----------------------------
>>> Added host "web.example.com"
>>> ----------------------------
>>>    Host name: web.example.com
>>>    Principal name: host/web.example.com at EXAMPLE.COM
>>>    Class: webserver, mailserver                    <<<<<<<<<<
>>>    Password: False
>>>    Member of host-groups: webservers               <<<<<<<<<<
>>>    Indirect Member of netgroup: webservers
>>>    Keytab: False
>>>    Managed by: web.example.com
>>>
>>>
>>> Martin
>>>
>>
>> I just noticed that despite what the design page says, I implemented
>> the new
>> attribute both for host-add and host-mod commands.
>>
>> My thinking was that the attribute may have a general use and not
>> just for the
>> automember. Thus, I would not limit it to host-add only. Admins may
>> want to
>> change the attribute after the host was created (and then maybe also
>> run the
>> manual automember task computing the groups again).
>>
>> Martin
>
> Which raises UI questions:
>
> 1) Do we want to add the class attrs to user and host adder dialogs?
> (to allow automember to kick in)
>
> 2) Do we want to add the attrs to user and host details pages? (to
> keep CLI and UI in sync)
>

The minimal requirement was just to do it on the addition.
I think we need two separate patches.
It is probably OK to do it in schema and addition because this we will
backport to earlier version while modify operation + UI can be left till
later (I mean done now but not ported back).

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-devel mailing list