On 11/06/2015 01:09 PM, Martin Babinsky wrote:
On 11/06/2015 11:06 AM, Petr Vobornik wrote:
On 11/06/2015 10:15 AM, Petr Spacek wrote:
On 6.11.2015 09:25, Martin Kosek wrote:
On 11/05/2015 07:02 PM, Petr Vobornik wrote:
On 11/02/2015 12:37 PM, Martin Kosek wrote:
On 11/02/2015 06:10 AM, Jan Cholasta wrote:
Hi,

On 22.10.2015 10:44, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/5181

This should be handled by a separate object plugin:

$ ipa servercomponent-find master.ipa.test
---------------------------
6 server components matched
---------------------------
    Component name: CA
    Enabled: TRUE
    Start order: 50

    Component name: KDC
    Enabled: TRUE
    Start order: 10

    Component name: KPASSWD
    Enabled: TRUE
    Start order: 20

    Component name: MEMCACHE
    Enabled: TRUE
    Start order: 39

    Component name: OTPD
    Enabled: TRUE
    Start order: 80

    Component name: HTTP
    Enabled: TRUE
    Start order: 40
----------------------------
Number of entries returned 6
----------------------------

This will allow us to consolidate all the ad-hoc
component-related code
scattered throughout IPA (search for enable component,
enable/disable
component, ...) into IPA command calls.

I'm not opposed to showing a summary in server-show (although
we don't do
anything like this for any other hierarchical objects), but it
should be done
just for the users' sake, not for internal use (the ticket
suggests to use this
for topology visualisation).

BTW as far as the scalability of the current solution goes, you
should have a
list of all the *non*-optional components and display
everything else.

The API proposal should be in line with our future extensions of
the API. We
for example want to move "ipa-csreplica-manage"
set-renewal-master command to
API call. Or DNSSEC generation master. Or we may want to change
some other
flag/role of a master via this interface.

So we will need something like
$ ipa server-add-role ipa.example.com --role "ca-renewal-master"
or
$ ipa servercomponent-add-role ipa.example.com CA
--role=renewal-master

Depends on usage. If we want to internally unify manipulation with
configs for
component we can create low-level commands which won't be exposed
to CLI.

E.g. ipa servercomponent-find ipa.example.com
Component name: ADTRUST
Config: enabledService, startOrder 60

<other services>

This is all what Web UI needs.


 From user perspective, for CLI, something different is better.
Martin used term
'role', lets go with that.

Idea 1:
$ ipa server-show ipa.example.com --roles
Server name: vm-073.idm.lab.eng.brq.redhat.com
   Managed suffix: dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com,
o=ipaca
   Min domain level: 0
   Max domain level: 1
   Role: dns-server, cs-server, ca-renewal-master, trust-controller

--all would imply --roles
I am thinking "Roles" could be printed out even in default listing.
It looks as
an important piece of information you want to know about your master.
I also
originally used that with servercomponent, you moved it to server
itself. It
makes also sense.

We will need a design for this servercomponent/roles anyway, to agree
on the
API with all stakeholders.

$ ipa server-add-role ipa.example.com --roles=ca-renewal-master

Just keep in mind that 'role' design requires yet another layer of
indirection
because there is no 1:1 mapping between services and roles. E.g.
'DNSSEC key
master' role consists of several services, as 'DNS server' role etc.

Also, we can get into trouble because role 'DNS server' in IPA 4.2 can
contain
different set of services than 'DNS server' in IPA 5.0 etc.

For these reasons I question necessity of 'role' abstraction. Is it
worth?


IMO yes. Current patch is better than nothing but roles are more
friendly, components are implementation detail.

Showing only CNs on components doesn't show all info. E.g.

ipa server-show `hostname`
   Server name: ipa.example.com
   Managed suffix: dc=example,dc=com, o=ipaca
   Min domain level: 0
   Max domain level: 1
   Optional components: CA, DNS, DNSKeySync, ADTRUST, EXTID, KRA

This doesn't show that the server is actually also a ca-renewal-master.
  What is the command I can use to solve: "show me what server is the
ca-renewal-master"?

In that case we would IMHO need to redesign the whole service to LDAP
mapping to incorporate server roles in some sane and scalable way. I'm
not sure if that fits in the 4.3 timeframe. If yes, the we should first
start with first putting the plumbing in and then adding API calls on top.


It is not a blocker for 4.3.

Issue here is that we are discussing implementation and API purity without use-cases. The result doesn't have to be something big in the end.

So far the only real use case was a consumption by Web UI for topology visualization. This definitely won't be part of 4.3. And Web UI will do exactly what I wrote here(hidden behind term "role".

Just display which servers are:
- vault backend (KRA)
- CS
- ca-renewal-master
- trust controller
- DNS server
- DNS key master

E.g. in form of icon (not-yet designed).

Second use case is displaying the same but in CLI (Idea 1 above).

This doesn't required any fancy refactoring. The only thing which needs to be agreed on is terminology.

It doesn't make much sense to push this patch first and then rework the
whole thing.

I agree.

I digged out some wip patch which could be actually enough (attached). It won't probably apply and the object name might not be the best.


Then what's the difference between ADTRUST and EXTID? One is smb, second
winbind but from user perspective it is the same thing - AD Trusts
controller.

Could there be DNS without DNSKeySync?




--
Petr Vobornik
From 66a244d3ba31d12dce6843a6bca13806ed036aec Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 11 Jun 2015 15:40:38 +0200
Subject: [PATCH 747/748] add serverservice internal commands

---
 API.txt                  | 71 ++++++++++++++++++++++++++++++++++++++++++++++++
 ipalib/plugins/server.py | 62 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 133 insertions(+)

diff --git a/API.txt b/API.txt
index ff53e9457ebaa36004556feebd88515aea2a7a8d..9fcc02e8c8608e1e8062a99e7413e112eb7dd342 100644
--- a/API.txt
+++ b/API.txt
@@ -3834,6 +3834,77 @@ option: Str('version?', exclude='webui')
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
+command: serverservice_add
+args: 2,6,3
+arg: Str('servercn', cli_name='server', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='cn', multivalue=False, primary_key=True, required=True)
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('ipaconfigstring', attribute=True, cli_name='ipaconfigstring', multivalue=True, required=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
+command: serverservice_del
+args: 2,8,4
+arg: Str('servercn', cli_name='server', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('criteria?', noextrawhitespace=False)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('cn', attribute=True, autofill=False, cli_name='cn', multivalue=False, primary_key=True, query=True, required=False)
+option: Str('ipaconfigstring', attribute=True, autofill=False, cli_name='ipaconfigstring', multivalue=True, query=True, required=False)
+option: Flag('pkey_only?', autofill=True, default=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Int('sizelimit?', autofill=False, minvalue=0)
+option: Int('timelimit?', autofill=False, minvalue=0)
+option: Str('version?', exclude='webui')
+output: Output('count', <type 'int'>, None)
+output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: Output('truncated', <type 'bool'>, None)
+command: serverservice_find
+args: 2,8,4
+arg: Str('servercn', cli_name='server', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('criteria?', noextrawhitespace=False)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('cn', attribute=True, autofill=False, cli_name='cn', multivalue=False, primary_key=True, query=True, required=False)
+option: Str('ipaconfigstring', attribute=True, autofill=False, cli_name='ipaconfigstring', multivalue=True, query=True, required=False)
+option: Flag('pkey_only?', autofill=True, default=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Int('sizelimit?', autofill=False, minvalue=0)
+option: Int('timelimit?', autofill=False, minvalue=0)
+option: Str('version?', exclude='webui')
+output: Output('count', <type 'int'>, None)
+output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: Output('truncated', <type 'bool'>, None)
+command: serverservice_mod
+args: 2,8,3
+arg: Str('servercn', cli_name='server', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='cn', multivalue=False, primary_key=True, query=True, required=True)
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('delattr*', cli_name='delattr', exclude='webui')
+option: Str('ipaconfigstring', attribute=True, autofill=False, cli_name='ipaconfigstring', multivalue=True, required=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Flag('rights', autofill=True, default=False)
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
+command: serverservice_show
+args: 2,4,3
+arg: Str('servercn', cli_name='server', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='cn', multivalue=False, primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Flag('rights', autofill=True, default=False)
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
 command: service_add
 args: 1,11,3
 arg: Str('krbprincipalname', attribute=True, cli_name='principal', multivalue=False, primary_key=True, required=True)
diff --git a/ipalib/plugins/server.py b/ipalib/plugins/server.py
index 7fc44197343dbb651782fbf79993cbbe8818efed..4ac006955740808b5f3eab6d7b6a44f7bb9c9055 100644
--- a/ipalib/plugins/server.py
+++ b/ipalib/plugins/server.py
@@ -94,3 +94,65 @@ class server_del(LDAPDelete):
     __doc__ = _('Delete IPA server.')
     NO_CLI = True
     msg_summary = _('Deleted IPA server "%(value)s"')
+
+
+@register()
+class serverservice(LDAPObject):
+    """
+    IPA server service
+    """
+    NO_CLI = True
+    parent_object = 'server'
+    container_dn = api.env.container_masters
+    object_name = _('serverservice')
+    object_name_plural = _('servers')
+    object_class = ['top', 'ipaconfigobject']
+    default_attributes = [
+        'cn', 'ipaconfigstring',
+    ]
+    takes_params = (
+        Str(
+            'cn',
+            primary_key=True,
+        ),
+        Str(
+            'ipaconfigstring*',
+        ),
+    )
+
+
+@register()
+class serverservice_find(LDAPSearch):
+    __doc__ = _('Search for IPA servers services.')
+    NO_CLI = True
+    msg_summary = ngettext(
+        '%(count)d IPA server service matched',
+        '%(count)d IPA server services matched', 0
+    )
+
+
+@register()
+class serverservice_show(LDAPRetrieve):
+    __doc__ = _('Show IPA server service.')
+    NO_CLI = True
+
+
+@register()
+class serverservice_add(LDAPCreate):
+    __doc__ = _('Add an IPA server service to be managed.')
+    NO_CLI = True
+    msg_summary = _('Added new server service "%(value)s"')
+
+
+@register()
+class serverservice_mod(LDAPUpdate):
+    __doc__ = _('Modify an IPA server service.')
+    NO_CLI = True
+    msg_summary = _('Modified IPA server service "%(value)s"')
+
+
+@register()
+class serverservice_del(LDAPSearch):
+    __doc__ = _('Delete IPA server service.')
+    NO_CLI = True
+    msg_summary = _('Deleted IPA server service "%(value)s"')
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to