[Freeipa-users] How to config automembership for IP or subnet

Martin Kosek mkosek at redhat.com
Thu Oct 15 10:50:20 UTC 2015 

On 10/14/2015 05:51 PM, zhiyong xue wrote:
> Thanks Martin.
> 
> This is the document link:
> https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/automember.html
> It says : Dividing hosts based on their IP address or subnet.

Ah, I see. This is rather old and deprecated guide (see
http://www.freeipa.org/page/Upstream_User_Guide for details), but this
information is even in the newest guide:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/automember.html

I am not sure how this should be practically achieved actually. Automember can
only decide on information that is already in the entry in LDAP ADD, or later
when Automembership task is explicitly re-run.

I think we should simply change this use case as it is not true. I filed a
ticket to fix the docs:

https://bugzilla.redhat.com/show_bug.cgi?id=1272043

> After I installed ipa-client-install the host would be registered to server
> automatically. I have many clients in two subnets ,it's impossible to add
> description manually.

I see. I suspect you would have to do some scripting around that, for example a
cron job or any other job that would find the IP address of the new hosts,
store the subnet or other identificator in FreeIPA host entry and run
automembership for this entry.

This would add the right membership, based on the rules.

> 
> 2015-10-14 22:29 GMT+08:00 Martin Kosek <mkosek at redhat.com>:
> 
>> On 10/14/2015 03:33 PM, zhiyong xue wrote:
>>> The document said
>>
>> Hi,
>>
>> What document you have in mind?
>>
>>> we can create automembership rule based by IP or subnet.
>>> But there's no any sample about it. Anyone know knows how to create them?
>>
>> If the information/attribute is not in the LDAP entry for the Host,
>> Automember
>> has no means of applying the rule and adding the membership. The only idea
>> I
>> have now is that you could create the Host entries before
>> ipa-client-install is
>> run, and manually set some attribute containing the subnet identification
>> to
>> description os Host Class attribute that Automember could consume.
>>
>>> I have two subnets and need to create two host groups for them. And all
>>> host name were auto generated without any pattern.
>>>
>>> Thanks all.
>>>
>>>
>>>
>>
>>
>

More information about the Freeipa-users mailing list