We mainly use it to delegate full xcat privileges to all nodes for a small set
of admins, so that they don't have to use the root account.
For a secondary use case we tried to delegate provisioning only access to a
group of nodes, for a group of users. These were nodes for with this subgroup
was developing the OS, so we struggled a while with trying to limit their
access to specific postscripts, template and pkglist files, while also
providing them a means of doing version control on these files and finally
decided to create a snapshoted set of rpm repositories for them, that they
could control, and abstracted all the pkglist and postscript type data into
rpms. The specific repo versions corresponding with each of their OS releases,
are stored in a custom xcat table. This allowed the postscripts and kickstart
templates to be very static. To control what version of a build was deployed
to a node, they only needed the ability to change our custom repo attrtibutes
for the node.
From: Jarrod B Johnson [mailto:[email protected]]
Sent: Wednesday, September 04, 2013 10:36 AM
To: [email protected]
Subject: [xcat-user] policy table survey...
How many people customize policy table at all?
How many people customize it to some end other than trying to limit an
administrator to certain nodes?
I'm contemplating schemes which may one day lead to a world with a scheme that
is less open ended than the current policy tabel, more explicit roles and
grouping of users with nodes, and changing all the 'special' authentication
cases (e.g. bmcconfig, getpostscript) to normal and consolidate all the
specialness to a single facility to bootstrap getting a node certificate (which
then can be tweaked to do allow/deny various special authentication schemes to
allow people to decide how much they care about security balanced against the
availability of the more secure mechanisms).
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
