Bug 955695

Summary: [RFE] Better integration with the external provisioning systems - hosts
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: ksiddiqu, mkosek, pviktori
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.2.1-1.el7 Doc Type: Enhancement
Doc Text:
Feature: Add "class" option to host entries. Reason: External provisioning systems often require extra data to correctly process hosts. Result (if any): A new free-form text field "class" (userClass attribute) was added to host entries. This field can be used in automatic membership rules.
 Story Points: ---
Clone Of:
: 955698 (view as bug list) Environment:
Last Closed: 2014-06-13 12:25:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 955698    

Description Dmitri Pal 2013-04-23 14:46:00 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3583

Allow a provisioning system to define a class/tag/template for the user/host entry it provisions so that IPA can automatically create group membership structure and in future do other automatic operations.

More details can be found on the design page. 
http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems

---

The first step will be to add `userClass` attributeType for hosts. The attribute will be added in a MAY list of current objectClass `ipaHost`.

A follow-up ticket was opened for second phase of this effort: #3588.
Comment 1 Rob Crittenden 2013-04-26 15:09:43 UTC 
Fixed upstream.

master: 5af2e1779ae1a0eca785493c8ed2eb044c8e282a

ipa-3-1: 174a89247ef40e27d454387b625a7d6c7112b9bc
Comment 4 Kaleem 2013-12-23 10:43:58 UTC 
Verified.

 +-----------------------------[RPMs & OS: [RedHat - x86_64]-----------------------------+
|       ipa-admintools-3.3.3-5.el7.x86_64
|       ipa-client-3.3.3-5.el7.x86_64
|       ipa-server-3.3.3-5.el7.x86_64
|       sssd-ipa-1.11.2-1.el7.x86_64
------------------------------------------------------------------------------------------

 +-----------------------------------------------------------------------------------------+
     Test:[/CoreOS/ipa-server/rhel70-ipa/acceptance/ipa-host-cli]: [ Pass(119/119): 100% ] 
 +-----------------------------------------------------------------------------------------+
:: [   PASS   ]   Setup
:: [   PASS   ]   ipa-host-cli-001: Add lower case host
:: [   PASS   ]   ipa-host-cli-002: Add upper case host
:: [   PASS   ]   ipa-host-cli-003: Add host with dashes in hostname
:: [   PASS   ]   ipa-host-cli-004: Modify host location
:: [   PASS   ]   ipa-host-cli-005: Modify host platform
:: [   PASS   ]   ipa-host-cli-006: Modify host os
:: [   PASS   ]   ipa-host-cli-007: Modify host description
:: [   PASS   ]   ipa-host-cli-008: Modify host locality
:: [   PASS   ]   ipa-host-cli-009: Show Host Objectclasses
:: [   PASS   ]   ipa-host-cli-010: Disable Host - Remove Keytab
:: [   PASS   ]   ipa-host-cli-011: ipa host-mod modifying platform modifies os bz499016
:: [   PASS   ]   ipa-host-cli-012: Negative - add duplicate host
:: [   PASS   ]   ipa-host-cli-013: Negative - Delete host that doesn't exist
:: [   PASS   ]   ipa-host-cli-014: Negative - setattr and addattr on fqdn
:: [   PASS   ]   ipa-host-cli-015: Negative - setattr and addattr on ipaUniqueID
:: [   PASS   ]   ipa-host-cli-016: Negative - setattr and addattr on krbPrincipalName
:: [   PASS   ]   ipa-host-cli-017: Negative - setattr and addattr on serverHostName
:: [   PASS   ]   ipa-host-cli-018: setattr and addattr on nsHostLocation
:: [   PASS   ]   ipa-host-cli-019: setattr and addattr on l - locality
:: [   PASS   ]   ipa-host-cli-020: setattr and addattr on nsOsVersion
:: [   PASS   ]   ipa-host-cli-021: Negative - setattr and addattr on enrolledBy
:: [   PASS   ]   ipa-host-cli-022: Negative - setattr and addattr on enrolledBy - invalid syntax
:: [   PASS   ]   ipa-host-cli-023: setattr and addattr on description
:: [   PASS   ]   ipa-host-cli-024: Delete Hosts
:: [   PASS   ]   ipa-host-cli-025: Negative - add host not fully qualified DN
:: [   PASS   ]   ipa-host-cli-026: Modify Host that doesn't Exist
:: [   PASS   ]   ipa-host-cli-027: Find Host that doesn't Exist
:: [   PASS   ]   ipa-host-cli-028: Show Host that doesn't Exist
:: [   PASS   ]   ipa-host-cli-029: Disable Host that doesn't Exist
:: [   PASS   ]   ipa-host-cli-030: Add Host without force or add DNS record options
:: [   PASS   ]   ipa-host-cli-031: Negative - setattr and addattr on dn
:: [   PASS   ]   ipa-host-cli-032: Negative - setattr and addattr on cn
:: [   PASS   ]   ipa-host-cli-033: Negative - setattr and addattr on keytab
:: [   PASS   ]   ipa-host-cli-034: Add 10 hosts and test find returns search limit
:: [   PASS   ]   ipa-host-cli-035: find 0 hosts
:: [   PASS   ]   ipa-host-cli-036: find 7 hosts
:: [   PASS   ]   ipa-host-cli-037: find 9 hosts
:: [   PASS   ]   ipa-host-cli-038: find more hosts than exist
:: [   PASS   ]   ipa-host-cli-039: find hosts - size limit not an integer
:: [   PASS   ]   ipa-host-cli-040: find hosts - time limit 0
:: [   PASS   ]   ipa-host-cli-041: find hosts - time limit not an integer
:: [   PASS   ]   ipa-host-cli-042: add Managed By Host
:: [   PASS   ]   ipa-host-cli-043: removed Managed By Host
:: [   PASS   ]   ipa-host-cli-044: add Multiple Managed By Host
:: [   PASS   ]   ipa-host-cli-045: removed Multiple Managed By Hosts
:: [   PASS   ]   ipa-host-cli-046: Add host with DNS Record
:: [   PASS   ]   ipa-host-cli-047: Delete host without deleting DNS Record
:: [   PASS   ]   ipa-host-cli-048: Add host without force option - DNS Record Exists
:: [   PASS   ]   ipa-host-cli-049: Delete Host and Update DNS
:: [   PASS   ]   ipa-host-cli-050: Delete Host and Update DNS when DNS entries do not exist
:: [   PASS   ]   ipa-host-cli-051: Add host with DNS Record --no-reverse
:: [   PASS   ]   ipa-host-cli-052: host name ending in . 
:: [   PASS   ]   ipa-host-cli-053: Negative - add host with _
:: [   PASS   ]   ipa-host-cli-054: Negative - add host with ~
:: [   PASS   ]   ipa-host-cli-055: Negative - add host with +
:: [   PASS   ]   ipa-host-cli-056: search with man-hosts when Managed By a Host
:: [   PASS   ]   ipa-host-cli-057: search a host when Managed By Host is removed
:: [   PASS   ]   ipa-host-cli-058: search a host when Managed by multiple Hosts
:: [   PASS   ]   ipa-host-cli-059: search a host when Multiple Managed By Hosts removed
:: [   PASS   ]   ipa-host-cli-060: search a host when Manages multiple Hosts
:: [   PASS   ]   ipa-host-cli-061: Negative - search with man-hosts when host does not exist
:: [   PASS   ]   ipa-host-cli-062: search with not-man-hosts when Managed By a Host
:: [   PASS   ]   ipa-host-cli-063: search a host when Managed By Host is removed
:: [   PASS   ]   ipa-host-cli-064: search with not-man-hosts when host is Managed by multiple Hosts
:: [   PASS   ]   ipa-host-cli-065: search with not-man-by-host when Multiple Managed By Hosts removed
:: [   PASS   ]   ipa-host-cli-066: search with not-man-hosts when Manages multiple Hosts
:: [   PASS   ]   ipa-host-cli-067: Negative - search with not-man-hosts when host does not exist
:: [   PASS   ]   ipa-host-cli-068: --pkey-only test of ipa host-find
:: [   PASS   ]   ipa-host-cli-069: Negative - host name ending in . - a host without trailing . already exist
:: [   PASS   ]   ipa-host-cli-070: delete a host name ending in . 
:: [   PASS   ]   ipa-host-cli-071: host-show when the name ending in . 
:: [   PASS   ]   ipa-host-cli-072: host-add-managedby when the name ending in . 
:: [   PASS   ]   ipa-host-cli-073: host-remove-managedby when the name ending in . 
:: [   PASS   ]   ipa-host-cli-074: host-mod when the name ending in . 
:: [   PASS   ]   ipa-host-cli-075: host-find when the name ending in . 
:: [   PASS   ]   ipa-host-cli-076: host-disable when the name ending in . 
:: [   PASS   ]   ipa-host-cli-077: Positive host-find test using --in-hbacrules
:: [   PASS   ]   ipa-host-cli-078: Negative host-find test using --in-hbacrules
:: [   PASS   ]   ipa-host-cli-079: Positive host-find test using --not-in-hbacrules
:: [   PASS   ]   ipa-host-cli-080: Negative host-find test using --not-in-hbacrules
:: [   PASS   ]   ipa-host-cli-081: Positive test of search of hosts in a sudorules
:: [   PASS   ]   ipa-host-cli-082: Negative test of search of hosts in a sudorule
:: [   PASS   ]   ipa-host-cli-083: Positive test of search of hosts not in a sudorule
:: [   PASS   ]   ipa-host-cli-084: Negative test of search of hosts not in a sudorule
:: [   PASS   ]   ipa-host-cli-085: Positive test of search of host after it has been removed from the sudorule
:: [   PASS   ]   ipa-host-cli-086: Negative test of search of host after it has been removed from the sudorule
:: [   PASS   ]   ipa-host-cli-macaddress-startup Install nss-pam-ldapd package, set ethers to ldap and create temp directory.
:: [   PASS   ]   ipa-host-cli-094: add a host with --macaddress --force
:: [   PASS   ]   ipa-host-cli-095: Delete Host
:: [   PASS   ]   ipa-host-cli-096: Add host with --macaddress and DNS Record
:: [   PASS   ]   ipa-host-cli-097: Delete host that has --macaddress without deleting DNS Record
:: [   PASS   ]   ipa-host-cli-098: Add host with --macaddress without force option - DNS Record Exists
:: [   PASS   ]   ipa-host-cli-099: Delete Host that has -macaddress and Update DNS
:: [   PASS   ]   ipa-host-cli-100: host-mod of a host with --macaddress 
:: [   PASS   ]   ipa-host-cli-101: setattr --macaddress
:: [   PASS   ]   ipa-host-cli-102: setattr --macaddress and addattr on macaddress
:: [   PASS   ]   ipa-host-cli-103: Modify Host with --macaddress - host doesn't Exist
:: [   PASS   ]   ipa-host-cli-104: addattr --macaddress
:: [   PASS   ]   ipa-host-cli-105: delattr --macaddress
:: [   PASS   ]   ipa-host-cli-106: delattr --macaddress with incorrect value
:: [   PASS   ]   ipa-host-cli-107: Negative - add a host with invalid macaddress
:: [   PASS   ]   ipa-host-cli-108: delattr --macaddress with lowercase
:: [   PASS   ]   ipa-host-cli-macaddress-cleanup Remove nss-pam-ldapd, nsswitch.conf back on default and remove temp directory.
:: [   PASS   ]   ipa-host-bugzilla-001: BZ807388 - Error message has not a user friendly 'u' character in it.
:: [   PASS   ]   ipa-host-bugzilla-002: BZ827392 - Random password characters should be limited.
:: [   PASS   ]   ipa-host-bugzilla-003: BZ918261 - Some managed netgroups are not suppressed in host and hostgroup commands output
:: [   PASS   ]   BZ955695 TC1 Check userClass attribute exists in objectClass ipaHost in schema bz955695
:: [   PASS   ]   BZ955695 TC2 Add host in single hostgroup using regex set for hostgroup bz955695
:: [   PASS   ]   BZ955695 TC3 Add host in multiple hostgroups using regex set for hostgroups bz955695
:: [   PASS   ]   BZ955695 TC4 Add host using non-existing regex
:: [   PASS   ]   BZ955695 TC5 Find hosts using single value for class parameter
:: [   PASS   ]   BZ955695 TC6 Find hosts using multiple values for class parameter
:: [   PASS   ]   BZ955695 TC7 ipa host-find with non-existent value for class parameter
:: [   PASS   ]   BZ955695 TC8 change hostgroup of host using class parameter to another hostgroup
:: [   PASS   ]   BZ955695 TC9 Add host in multiple hostgroups using class parameter from a single hostgroup
:: [   PASS   ]   BZ955695 TC10 help text displays this new parameter
:: [   PASS   ]   Cleanup
:: [   PASS   ]   /CoreOS/ipa-server/rhel70-ipa/acceptance/ipa-host-cli

 +----------------------------------------------------------------------+
                    Fail / unfinished / ABORT [ Fail(0/119): 0% ]
 +----------------------------------------------------------------------+
Comment 5 Ludek Smid 2014-06-13 12:25:55 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.