955695 – [RFE] Better integration with the external provisioning systems - hosts

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 955695 - [RFE] Better integration with the external provisioning systems - hosts

Summary: [RFE] Better integration with the external provisioning systems - hosts

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	955698
TreeView+	depends on / blocked

Reported:	2013-04-23 14:46 UTC by Dmitri Pal
Modified:	2014-06-18 00:09 UTC (History)
CC List:	3 users (show)
Fixed In Version:	ipa-3.2.1-1.el7
Doc Type:	Enhancement
Doc Text:	Feature: Add "class" option to host entries. Reason: External provisioning systems often require extra data to correctly process hosts. Result (if any): A new free-form text field "class" (userClass attribute) was added to host entries. This field can be used in automatic membership rules.
Clone Of:
Clones:	955698 (view as bug list)
Environment:
Last Closed:	2014-06-13 12:25:55 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Dmitri Pal 2013-04-23 14:46:00 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3583

Allow a provisioning system to define a class/tag/template for the user/host entry it provisions so that IPA can automatically create group membership structure and in future do other automatic operations.

More details can be found on the design page. 
http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems

---

The first step will be to add `userClass` attributeType for hosts. The attribute will be added in a MAY list of current objectClass `ipaHost`.

A follow-up ticket was opened for second phase of this effort: #3588.

Comment 1 Rob Crittenden 2013-04-26 15:09:43 UTC

Fixed upstream.

master: 5af2e1779ae1a0eca785493c8ed2eb044c8e282a

ipa-3-1: 174a89247ef40e27d454387b625a7d6c7112b9bc

Comment 4 Kaleem 2013-12-23 10:43:58 UTC

Verified.

 +-----------------------------[RPMs & OS: [RedHat - x86_64]-----------------------------+
|       ipa-admintools-3.3.3-5.el7.x86_64
|       ipa-client-3.3.3-5.el7.x86_64
|       ipa-server-3.3.3-5.el7.x86_64
|       sssd-ipa-1.11.2-1.el7.x86_64
------------------------------------------------------------------------------------------

 +-----------------------------------------------------------------------------------------+
     Test:[/CoreOS/ipa-server/rhel70-ipa/acceptance/ipa-host-cli]: [ Pass(119/119): 100% ] 
 +-----------------------------------------------------------------------------------------+
:: [   PASS   ]   Setup
:: [   PASS   ]   ipa-host-cli-001: Add lower case host
:: [   PASS   ]   ipa-host-cli-002: Add upper case host
:: [   PASS   ]   ipa-host-cli-003: Add host with dashes in hostname
:: [   PASS   ]   ipa-host-cli-004: Modify host location
:: [   PASS   ]   ipa-host-cli-005: Modify host platform
:: [   PASS   ]   ipa-host-cli-006: Modify host os
:: [   PASS   ]   ipa-host-cli-007: Modify host description
:: [   PASS   ]   ipa-host-cli-008: Modify host locality
:: [   PASS   ]   ipa-host-cli-009: Show Host Objectclasses
:: [   PASS   ]   ipa-host-cli-010: Disable Host - Remove Keytab
:: [   PASS   ]   ipa-host-cli-011: ipa host-mod modifying platform modifies os bz499016
:: [   PASS   ]   ipa-host-cli-012: Negative - add duplicate host
:: [   PASS   ]   ipa-host-cli-013: Negative - Delete host that doesn't exist
:: [   PASS   ]   ipa-host-cli-014: Negative - setattr and addattr on fqdn
:: [   PASS   ]   ipa-host-cli-015: Negative - setattr and addattr on ipaUniqueID
:: [   PASS   ]   ipa-host-cli-016: Negative - setattr and addattr on krbPrincipalName
:: [   PASS   ]   ipa-host-cli-017: Negative - setattr and addattr on serverHostName
:: [   PASS   ]   ipa-host-cli-018: setattr and addattr on nsHostLocation
:: [   PASS   ]   ipa-host-cli-019: setattr and addattr on l - locality
:: [   PASS   ]   ipa-host-cli-020: setattr and addattr on nsOsVersion
:: [   PASS   ]   ipa-host-cli-021: Negative - setattr and addattr on enrolledBy
:: [   PASS   ]   ipa-host-cli-022: Negative - setattr and addattr on enrolledBy - invalid syntax
:: [   PASS   ]   ipa-host-cli-023: setattr and addattr on description
:: [   PASS   ]   ipa-host-cli-024: Delete Hosts
:: [   PASS   ]   ipa-host-cli-025: Negative - add host not fully qualified DN
:: [   PASS   ]   ipa-host-cli-026: Modify Host that doesn't Exist
:: [   PASS   ]   ipa-host-cli-027: Find Host that doesn't Exist
:: [   PASS   ]   ipa-host-cli-028: Show Host that doesn't Exist
:: [   PASS   ]   ipa-host-cli-029: Disable Host that doesn't Exist
:: [   PASS   ]   ipa-host-cli-030: Add Host without force or add DNS record options
:: [   PASS   ]   ipa-host-cli-031: Negative - setattr and addattr on dn
:: [   PASS   ]   ipa-host-cli-032: Negative - setattr and addattr on cn
:: [   PASS   ]   ipa-host-cli-033: Negative - setattr and addattr on keytab
:: [   PASS   ]   ipa-host-cli-034: Add 10 hosts and test find returns search limit
:: [   PASS   ]   ipa-host-cli-035: find 0 hosts
:: [   PASS   ]   ipa-host-cli-036: find 7 hosts
:: [   PASS   ]   ipa-host-cli-037: find 9 hosts
:: [   PASS   ]   ipa-host-cli-038: find more hosts than exist
:: [   PASS   ]   ipa-host-cli-039: find hosts - size limit not an integer
:: [   PASS   ]   ipa-host-cli-040: find hosts - time limit 0
:: [   PASS   ]   ipa-host-cli-041: find hosts - time limit not an integer
:: [   PASS   ]   ipa-host-cli-042: add Managed By Host
:: [   PASS   ]   ipa-host-cli-043: removed Managed By Host
:: [   PASS   ]   ipa-host-cli-044: add Multiple Managed By Host
:: [   PASS   ]   ipa-host-cli-045: removed Multiple Managed By Hosts
:: [   PASS   ]   ipa-host-cli-046: Add host with DNS Record
:: [   PASS   ]   ipa-host-cli-047: Delete host without deleting DNS Record
:: [   PASS   ]   ipa-host-cli-048: Add host without force option - DNS Record Exists
:: [   PASS   ]   ipa-host-cli-049: Delete Host and Update DNS
:: [   PASS   ]   ipa-host-cli-050: Delete Host and Update DNS when DNS entries do not exist
:: [   PASS   ]   ipa-host-cli-051: Add host with DNS Record --no-reverse
:: [   PASS   ]   ipa-host-cli-052: host name ending in . 
:: [   PASS   ]   ipa-host-cli-053: Negative - add host with _
:: [   PASS   ]   ipa-host-cli-054: Negative - add host with ~
:: [   PASS   ]   ipa-host-cli-055: Negative - add host with +
:: [   PASS   ]   ipa-host-cli-056: search with man-hosts when Managed By a Host
:: [   PASS   ]   ipa-host-cli-057: search a host when Managed By Host is removed
:: [   PASS   ]   ipa-host-cli-058: search a host when Managed by multiple Hosts
:: [   PASS   ]   ipa-host-cli-059: search a host when Multiple Managed By Hosts removed
:: [   PASS   ]   ipa-host-cli-060: search a host when Manages multiple Hosts
:: [   PASS   ]   ipa-host-cli-061: Negative - search with man-hosts when host does not exist
:: [   PASS   ]   ipa-host-cli-062: search with not-man-hosts when Managed By a Host
:: [   PASS   ]   ipa-host-cli-063: search a host when Managed By Host is removed
:: [   PASS   ]   ipa-host-cli-064: search with not-man-hosts when host is Managed by multiple Hosts
:: [   PASS   ]   ipa-host-cli-065: search with not-man-by-host when Multiple Managed By Hosts removed
:: [   PASS   ]   ipa-host-cli-066: search with not-man-hosts when Manages multiple Hosts
:: [   PASS   ]   ipa-host-cli-067: Negative - search with not-man-hosts when host does not exist
:: [   PASS   ]   ipa-host-cli-068: --pkey-only test of ipa host-find
:: [   PASS   ]   ipa-host-cli-069: Negative - host name ending in . - a host without trailing . already exist
:: [   PASS   ]   ipa-host-cli-070: delete a host name ending in . 
:: [   PASS   ]   ipa-host-cli-071: host-show when the name ending in . 
:: [   PASS   ]   ipa-host-cli-072: host-add-managedby when the name ending in . 
:: [   PASS   ]   ipa-host-cli-073: host-remove-managedby when the name ending in . 
:: [   PASS   ]   ipa-host-cli-074: host-mod when the name ending in . 
:: [   PASS   ]   ipa-host-cli-075: host-find when the name ending in . 
:: [   PASS   ]   ipa-host-cli-076: host-disable when the name ending in . 
:: [   PASS   ]   ipa-host-cli-077: Positive host-find test using --in-hbacrules
:: [   PASS   ]   ipa-host-cli-078: Negative host-find test using --in-hbacrules
:: [   PASS   ]   ipa-host-cli-079: Positive host-find test using --not-in-hbacrules
:: [   PASS   ]   ipa-host-cli-080: Negative host-find test using --not-in-hbacrules
:: [   PASS   ]   ipa-host-cli-081: Positive test of search of hosts in a sudorules
:: [   PASS   ]   ipa-host-cli-082: Negative test of search of hosts in a sudorule
:: [   PASS   ]   ipa-host-cli-083: Positive test of search of hosts not in a sudorule
:: [   PASS   ]   ipa-host-cli-084: Negative test of search of hosts not in a sudorule
:: [   PASS   ]   ipa-host-cli-085: Positive test of search of host after it has been removed from the sudorule
:: [   PASS   ]   ipa-host-cli-086: Negative test of search of host after it has been removed from the sudorule
:: [   PASS   ]   ipa-host-cli-macaddress-startup Install nss-pam-ldapd package, set ethers to ldap and create temp directory.
:: [   PASS   ]   ipa-host-cli-094: add a host with --macaddress --force
:: [   PASS   ]   ipa-host-cli-095: Delete Host
:: [   PASS   ]   ipa-host-cli-096: Add host with --macaddress and DNS Record
:: [   PASS   ]   ipa-host-cli-097: Delete host that has --macaddress without deleting DNS Record
:: [   PASS   ]   ipa-host-cli-098: Add host with --macaddress without force option - DNS Record Exists
:: [   PASS   ]   ipa-host-cli-099: Delete Host that has -macaddress and Update DNS
:: [   PASS   ]   ipa-host-cli-100: host-mod of a host with --macaddress 
:: [   PASS   ]   ipa-host-cli-101: setattr --macaddress
:: [   PASS   ]   ipa-host-cli-102: setattr --macaddress and addattr on macaddress
:: [   PASS   ]   ipa-host-cli-103: Modify Host with --macaddress - host doesn't Exist
:: [   PASS   ]   ipa-host-cli-104: addattr --macaddress
:: [   PASS   ]   ipa-host-cli-105: delattr --macaddress
:: [   PASS   ]   ipa-host-cli-106: delattr --macaddress with incorrect value
:: [   PASS   ]   ipa-host-cli-107: Negative - add a host with invalid macaddress
:: [   PASS   ]   ipa-host-cli-108: delattr --macaddress with lowercase
:: [   PASS   ]   ipa-host-cli-macaddress-cleanup Remove nss-pam-ldapd, nsswitch.conf back on default and remove temp directory.
:: [   PASS   ]   ipa-host-bugzilla-001: BZ807388 - Error message has not a user friendly 'u' character in it.
:: [   PASS   ]   ipa-host-bugzilla-002: BZ827392 - Random password characters should be limited.
:: [   PASS   ]   ipa-host-bugzilla-003: BZ918261 - Some managed netgroups are not suppressed in host and hostgroup commands output
:: [   PASS   ]   BZ955695 TC1 Check userClass attribute exists in objectClass ipaHost in schema bz955695
:: [   PASS   ]   BZ955695 TC2 Add host in single hostgroup using regex set for hostgroup bz955695
:: [   PASS   ]   BZ955695 TC3 Add host in multiple hostgroups using regex set for hostgroups bz955695
:: [   PASS   ]   BZ955695 TC4 Add host using non-existing regex
:: [   PASS   ]   BZ955695 TC5 Find hosts using single value for class parameter
:: [   PASS   ]   BZ955695 TC6 Find hosts using multiple values for class parameter
:: [   PASS   ]   BZ955695 TC7 ipa host-find with non-existent value for class parameter
:: [   PASS   ]   BZ955695 TC8 change hostgroup of host using class parameter to another hostgroup
:: [   PASS   ]   BZ955695 TC9 Add host in multiple hostgroups using class parameter from a single hostgroup
:: [   PASS   ]   BZ955695 TC10 help text displays this new parameter
:: [   PASS   ]   Cleanup
:: [   PASS   ]   /CoreOS/ipa-server/rhel70-ipa/acceptance/ipa-host-cli

 +----------------------------------------------------------------------+
                    Fail / unfinished / ABORT [ Fail(0/119): 0% ]
 +----------------------------------------------------------------------+

Comment 5 Ludek Smid 2014-06-13 12:25:55 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.