Re: [Freeipa-devel] [PATCH 0072] Provide ipa-client-advise tool

Wed, 19 Jun 2013 11:39:06 -0700 

On 06/19/2013 08:30 PM, Rob Crittenden wrote:

Tomas Babej wrote:

[big snip]

Providing new version which should address mentioned issues:
   - advice plugins now inherit directly from Plugin, initial approach
via Method class was abandoned
   - new Namespace api.Advice collects all the advice plugins
   - tool renamed to ipa-advise to express a more general use case

Additional improvements:
   - keywords are now generated out of Advice class's name, where
underscores are replaced by hyphens
   - rewritten the example plugin in the docs, and provided more
information there
   - instead of --setup option to provide configuration, ipa-advise
takes one positional argument
   - renamed to ipa-advise

Concerns:
   - man page might need more improvements

I'll craft a design page for plugin authors, might be useful, even if
the info is in the package docs.

-----------------------------------------------
Here's a little preview:

[tbabej@vm-001 ~]$ sudo ipa-advise fedora-authconfig
------------------------------------------------------------------------------------------------ 

Authconfig instructions for configuring Fedora 18/19 client with IPA
server without use of SSSD.
------------------------------------------------------------------------------------------------ 

/sbin/authconfig --enableldap --ldapserver=vm-001.idm.com
--enablerfc2307bis --enablekrb5

[tbabej@vm-001 ~]$ sudo ipa-advise fedora-authconfig4
invalid 'setup': No instructions are available for 'fedora_authconfig4'.
See the list of available configuration advices using the --list option.

[tbabej@vm-001 ~]$ sudo ipa-advise
-------------------------
List of available advices
-------------------------
     fedora-authconfig : Authconfig instructions for configuring Fedora
18/19 client with IPA server without use of SSSD.
If it's just providing advise why does it need root access? Or is it expected to provide advise based on current configuration? 

rob
Original purpose I had in mind was to provide an option for plugin authors to connect via autobind to the LDAP.
Now there's also a option of using our api commands, e.g. to read trust-related information out of the tree. However some parts of the tree are not exposed, so if some plugin needs to access information, about replica topology for example, I guess they would need to use this approach. 

Tomas


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to