Permalink
Please sign in to comment.
Browse files
Added ipa::server::user, ipa::server::config and newer diff engine.
This patch could probably be split into separate pieces but we're in hack mode, so why bother? It does however add some important pieces. * The ipa::server::config type lets you set config options. Available options are listed in the code. Some of these aren't enabled yet because they weren't needed at the moment. Have a look at the code to see. * The ipa::server::user type lets you manage users in the same style that you used for managing hosts or services. Many admins will want to use this feature for including their "core" administrative users, and set user_excludes so that the rest of the database can be managed manually. See the example for some hints on getting started. Be careful not to wipe your user database! Test with --noop first :) * The diff.py difference engine was essentially rewritten from scratch. The original version was quite simply, a hack. It soon became too crufty, and with the need to add more types such as user, a clean engine was needed. All difference checking now happens with individual comparator functions. They support function decorators to make it easy to wrangle the arg data and the ipa to see if they are really different. Please test extensively, and let me know how you like this code. Thanks! James
- Loading branch information...
1 parent
7b8a118
commit ba515e13968bf83902735cfb7be33556db6ae4ec
purpleidea
committed
Jul 9, 2013
purpleidea
committed
Showing
with
1,318 additions
and 132 deletions.
- +45 −0 examples/simple-usage3.pp
- +501 −128 files/diff.py
- +772 −4 manifests/init.pp
| @@ -0,0 +1,45 @@ | ||
| +# here is an example of how to use user excludes and types: | ||
| + | ||
| +# on the ipa server: | ||
| +# NOTE: the 'admin' user is automatically excluded from being auto purged... | ||
| +class { '::ipa::server': | ||
| + shorewall => true, | ||
| + user_excludes => [ | ||
| + "^test[0-9]{1,}\$", # test\d | ||
| + ], | ||
| +} | ||
| + | ||
| +# create an unmanaged user | ||
| +ipa::server::user { 'james': | ||
| + first => 'James', | ||
| + last => 'Shubin', | ||
| + modify => false, | ||
| + watch => false, | ||
| +} | ||
| + | ||
| +# create a managed user | ||
| +ipa::server::user { 'ntesla': | ||
| + first => 'Nikola', | ||
| + last => 'Tesla', | ||
| + city => 'Shoreham', | ||
| + state => 'New York', | ||
| + postalcode => '11786', | ||
| +} | ||
| + | ||
| +# create a user using a full principal as the primary key | ||
| +# NOTE: the principal itself can't be edited without a remove/add | ||
| +ipa::server::user { 'aturing/admin@EXAMPLE.COM': | ||
| + first => 'Alan', | ||
| + last => 'Turning', | ||
| + random => true, # set a password randomly | ||
| + password_file => true, # store the password in plain text ! (bad) | ||
| +} | ||
| + | ||
| +# create a user by principal but without the instance set | ||
| +ipa::server::user { 'arthur@EXAMPLE.COM': | ||
| + first => 'Arthur', | ||
| + last => 'Guyton', | ||
| + jobtitle => 'Physiologist', | ||
| + orgunit => 'Research', | ||
| +} | ||
| + |
Oops, something went wrong.
0 comments on commit
ba515e1