[Freeipa-devel] [PATCH] 402 Add userClass attribute for hosts

Wed Apr 24 06:25:38 UTC 2013

On 04/23/2013 05:27 PM, Dmitri Pal wrote:
> On 04/23/2013 06:28 AM, Petr Vobornik wrote:
>> On 04/23/2013 12:22 PM, Martin Kosek wrote:
>>> On 04/23/2013 10:10 AM, Martin Kosek wrote:
>>>> This new freeform host attribute will allow provisioning systems
>>>> to add custom tags for host objects which can be later used for
>>>> in automember rules or for additional local interpretation.
>>>>
>>>> Design page:
>>>> http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
>>>> Ticket: https://fedorahosted.org/freeipa/ticket/3583
>>>>
>>>> -----
>>>>
>>>> This is how it can be used:
>>>>
>>>> # ipa hostgroup-add webservers
>>>> Description: web servers
>>>> ----------------------------
>>>> Added hostgroup "webservers"
>>>> ----------------------------
>>>>    Host-group: webservers
>>>>    Description: web servers
>>>>
>>>> # ipa automember-add --type=hostgroup webservers
>>>> ----------------------------------
>>>> Added automember rule "webservers"
>>>> ----------------------------------
>>>>    Automember Rule: webservers
>>>>
>>>> # ipa automember-add-condition --key=userclass --type=hostgroup
>>>> --inclusive-regex=^webserver webservers
>>>> ----------------------------------
>>>> Added condition(s) to "webservers"
>>>> ----------------------------------
>>>>    Automember Rule: webservers
>>>>    Inclusive Regex: userclass=^webserver
>>>> ----------------------------
>>>> Number of conditions added 1
>>>> ----------------------------
>>>>
>>>>
>>>>
>>>> # ipa host-add web.example.com --force --class=webserver
>>>> --class=mailserver
>>>> ----------------------------
>>>> Added host "web.example.com"
>>>> ----------------------------
>>>>    Host name: web.example.com
>>>>    Principal name: host/web.example.com at EXAMPLE.COM
>>>>    Class: webserver, mailserver                    <<<<<<<<<<
>>>>    Password: False
>>>>    Member of host-groups: webservers               <<<<<<<<<<
>>>>    Indirect Member of netgroup: webservers
>>>>    Keytab: False
>>>>    Managed by: web.example.com
>>>>
>>>>
>>>> Martin
>>>>
>>>
>>> I just noticed that despite what the design page says, I implemented
>>> the new
>>> attribute both for host-add and host-mod commands.
>>>
>>> My thinking was that the attribute may have a general use and not
>>> just for the
>>> automember. Thus, I would not limit it to host-add only. Admins may
>>> want to
>>> change the attribute after the host was created (and then maybe also
>>> run the
>>> manual automember task computing the groups again).
>>>
>>> Martin
>>
>> Which raises UI questions:
>>
>> 1) Do we want to add the class attrs to user and host adder dialogs?
>> (to allow automember to kick in)
>>
>> 2) Do we want to add the attrs to user and host details pages? (to
>> keep CLI and UI in sync)
>>
> 
> The minimal requirement was just to do it on the addition.
> I think we need two separate patches.

As for CLI part, presence in host-mod comes for free (making it show just for
host-add is actually harder, we need to add a special flag). I would leave it
there to make this attribute more general unless there is a hard requirement
for reverse.

> It is probably OK to do it in schema and addition because this we will
> backport to earlier version while modify operation + UI can be left till
> later (I mean done now but not ported back).

Ok, the UI does not have to be necessarily backported.

Martin