Differences between revisions 17 and 18
Revision 17 as of 2006-11-05 03:18:10
Size: 13785
Comment: update work
Revision 18 as of 2007-01-05 11:51:33
Size: 13785
Editor: ?BenediktWildenhain
Comment: Updated project status
Deletions are marked like this. Additions are marked like this.
Line 433: Line 433:
||Implement changes to CipUX CipUX::Task ||2006-11-01||BenediktWildenhain||4h ||      || ||
||Write a new cat-web module or add feature to one ||2006-11- ||                  ||3h ||      || ||
||Implement changes to CipUX CipUX::Task ||2006-11-01||BenediktWildenhain||4h || 3h || (./) ||
||Write a new cat-web module or add feature to one ||2006-11- ||BenediktWildenhain||3h || 3h+ || ||

CipUX Feature Netgroup

This page describes briefly the implementation of the netgroup feature for CipUX.

?TableOfContents

Status of the project:

CipUX Netgroup Feature

Name:

CipUX_Feature_Netgroup

Status:

implementing

Programmer:

Benedikt Wildenhain

available in:

3.2.12

release:

2006-11-09

implemented in:

cipux-cibot, cipux-cat-web

History of "netgroups"

The netgroup feature was implemented for Skolelinux/ DebianEdu as a webmin module ("netgroups"). This module was able to add a host (workstation or server) to a so called "netgroup". If the host was added the host was able to mount the nfs share from the server. It was also use to divide hosts into groups.

Pros:

  • webmin module exists and works

Cons:

  • it is not userfriendly at all ("go back to save your changes")
  • it is dependend on webmin (and webmin will be removed in edge)

Therefor Kurt Gramlich suggest to implement this feature into CipUX. Bededikt Wildenhain is the chief engineer to fullfill this task.

Description of implementation of webmin module "netgroups" (by Benedikt Wildenhain)

Example output of ldapsearch before adding any host beside tjener:

dn: cn=server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: nisNetgroup
cn: server-hosts
nisNetgroupTriple: (tjener,-,-)

Output after using webmin to add a new server host:

dn: cn=server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: nisNetgroup
cn: server-hosts
nisNetgroupTriple: (my-new-server-host,-,-)
nisNetgroupTriple: (tjener,-,-)

So basically an entry named nisNetgroupTriple($hostname,-,-) was added. The following ?CommonNames (cn) have to be electable:

  • server-hosts
  • workstation-hosts
  • ltsp-server-hosts
  • printer-hosts
  • all-hosts?(=member all four groups)
  • any custom group defined by the admin (see below)

The LDAP attribute nisNetgroupTriple is defined in "nis.schema" from openldap.

  • Each entry has three fields: host, user, and domain.
  • If you leave a field blank, it allows complete access.

New object adding a new hostgroup:

dn: cn=my-new-server-group,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: nisNetgroup
cn: my-new-server-group

After adding this group as subgroup of server-hosts, a new value named memberNisNetgroup ist added:

dn: cn=server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
[...]
memberNisNetgroup: my-new-server-group

The LDAP attribute memberNisNetgroup is defined in "nis.schema" from openldap.

Description of implementation of netgroup feature in CipUX

This feature must be an optional CipUX feature, because there might be installations without NFS or network shares at all. To switch it off and on we use a variable in the "CipUX" configuration section in LDAP.

To switch it on for CipUX >=3.2.12:

cipux_task_change_cipux_config_variable_value CipUX CipUX_Feature_Netgroup 1

To switch it off for CipUX >=3.2.12:

cipux_task_change_cipux_config_variable_value CipUX CipUX_Feature_Netgroup 0

Implementation in CipUX Ldap Abstraction Layer

The netgroup class must be added in CipUX LDAP Abstraction layer.

  • cipux_add -n NID cipux_del -n NID cipux_set_value -n NID -e LDAP_Attribute -v VALUE cipux_set_value -N-e LDAP_Attribute -v VALUE triple = cipux_get_value -n NID -e LDAP_Attribute triplelist = cipux_get_value -N -e LDAP_Attribute

NID = netgroup ID (canonical name)

VALUE = (machine,user,domain) , the brackets are stored inside attribute!

triple = (machine, user,domain), , the brackets are printed out!

triplelist = linear list of triple

Implementation in CipUX::Task (CLI, XML'RPC-API)

The following CipUX::Task commands are needed:

  • list = cipux_task_list_netgroups cipux_task_create_netgroup NID cipux_task_delete_netgroup NID cipux_task_add_machine_to_netgroup NID member_MID cipux_task_remove_machine_from_netgroup NID member_MID list = cipux_task_list_machine_members_of_netgroup NID cipux_task_add_user_to_netgroup NID member_UID cipux_task_remove_user_from_netgroup NID member_UID list = cipux_task_list_user_members_of_netgroup NID cipux_task_add_domain_to_netgroup NID member_DID cipux_task_remove_domain_from_netgroup NID member_DID list = cipux_task_list_domain_members_of_netgroup NID cipux_task_add_triple_to_netgroup NID member_MID member_UID member_DID cipux_task_remove_triple_from_netgroup NID member_MID member_UID member_DID list = cipux_task_list_triple_members_of_netgroup NID

NID = Netgroup ID (canonical name)

MID = Machine ID (canonical name)

UID = User ID (canonical name)

DID = Domain ID (canonical name)

where as the following internal convetion is valid:

  • _add_machine_to_netgroup(NID,member_MID) = *_add_triple_to_netgroup(,NID,member_MID,'-','-')
  • _add_user_to_netgroup(NID,member_UID) = *_add_triple_to_netgroup(,NID,,'-',member_UID,'-')
  • _add_domain_to_netgroup(NID,member_DID) = *_add_triple_to_netgroup(,NID,'-','-',member_DID,)

Implementation in CAT (cipux-cat-web) GUI

The new feature must be available in some GUI. Because ?BenediktWildenhain or ChristianKuelker have Perl knowledge they will implement this first in cat-webmin or cat-web. Due to the fact that webmin will not be in Edge it would only make sense to implement this into cat-web. Others may implement that in the PHP branch of CAT later.

CAT-web uses the LDAP entry in the configuration section:

use CipUX::Cat::Web;

my $CipUX_Feature_Netgroup = &rpc($login,$ticket,
                                  "cipux_task_tell_me_cipux_config_variable_value",
                                  ["CipUX","CipUX_Feature_Netgroup"]) || 0;
if($CipUX_Feature_Netgroup){
  # do some thing
}

[...] (to be continued)

Usage of the Netgroups in CipUX

With the CipUX XML-RPC client/server

[ ... ]

Within the LDAP Abstraction Layer

This guide is for developers who implement CipUX::Task commands.

Warning: you should not use the LDAP Abstraction Layer directly if you are not knowing what you are doing. You can erease easily your database or write nonsense inside a huge amount of database fields. This might leed into a complete unfunctional server. Use CipUX::Task commands instaed!

cipux_get_value

Retrieve the value for "server-hosts":

./cipux_get_value -n server-hosts -e nisNetgroupTriple

Result:

(tjener,-,-)

Retrieving all values of nisNetgroupTriple for all groups:

./cipux_get_value -N  -e nisNetgroupTriple

Result:

server-hosts    (tjener,-,-)
workstation-hosts       x
all-hosts       x
printer-hosts   x
ltsp-server-hosts       x

(e.g.: between "all-hosts" and "x" is a \t)

Retrieving all nisNetgroupMember of all netgroups (default there is none!):

./cipux_get_value -N  -e nisNetgroupMember

Result:

server-hosts    x
workstation-hosts       x
all-hosts       x
printer-hosts   x
ltsp-server-hosts       x

("x" stands for "no-value"; derived from Japanese and called "batsu")

Add a host to all groups:

./cipux_set_value -N -a -e nisNetgroupTriple -v '(cleon,-,-)'

Result:

You can verify this:

./cipux_get_value -N  -e nisNetgroupTriple

Result:

server-hosts    (tjener,-,-)    (cleon,-,-)
workstation-hosts       (cleon,-,-)
all-hosts       (cleon,-,-)
printer-hosts   (cleon,-,-)
ltsp-server-hosts       (cleon,-,-)

Remove a host from printer-hosts:

./cipux_set_value -n printer-hosts -d -e nisNetgroupTriple -v '(cleon,-,-)

Result:

You can verify this:

./cipux_get_value -N  -e nisNetgroupTriple

Result:

server-hosts    (tjener,-,-)    (cleon,-,-)
workstation-hosts       (cleon,-,-)
all-hosts       (cleon,-,-)
printer-hosts   x
ltsp-server-hosts       (cleon,-,-)

Remove host from all netgroups:

./cipux_set_value -N -d -e nisNetgroupTriple -v '(cleon,-,-)'

Result:

You can verify this:

./cipux_get_value -N  -e nisNetgroupTriple

Result:

server-hosts    (tjener,-,-)
workstation-hosts       x
all-hosts       x
printer-hosts   x
ltsp-server-hosts       x

cipux_set_value

Adding the machine "cleon" to the workstations

./cipux_set_value -n workstation-hosts -e nisNetgroupTriple -v cleon

Result:

ldap_modify: Invalid syntax (21)
        additional info: nisNetgroupTriple: value #0 invalid per syntax

This is wrong, because the the syntax of nisNetgroupTriple is different. You should do it like this:

./cipux_set_value -n workstation-hosts -e nisNetgroupTriple -v '(cleon,-,-)'

Result:

You can check that with cipux_get_value:

./cipux_get_value -N -e nisNetgroupTriple

Result:

server-hosts    (tjener,-,-)
workstation-hosts       (cleon,-,-)
all-hosts       x
printer-hosts   x
ltsp-server-hosts       x

cipux_add

Adding laptops:

./cipux_add -n --attribute cn=laptop-hosts

Result:

adding new entry "cn=laptop-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no"

cipux_del

Removing laptops:

./cipux_del -n laptop-hosts

Result:

Work on the project

Task:

when:

who:

plan:

costs:

done:

Initial Talk for creating planning concept

2006-10-28

?BenediktWildenhain

1h

30m

(./)

Create a wiki page for coordination

2006-10-29

ChristianKuelker

1h

1h

(./)

Write description about webmin module "netgroups"

2006-11-01

?BenediktWildenhain

2h

90m

(./)

Planning implementation details

2006-11-01

both

1h

30m

(./)

Update this page with implementation details

2006-11-01

ChristianKuelker

2h

50m

(./)

Implement changes to CipUX LDAP Abstraction L.

2006-11-04

ChristianKuelker

0h

2h

(./)

Implement changes to CipUX CipUX::Task

2006-11-01

?BenediktWildenhain

4h

3h

(./)

Write a new cat-web module or add feature to one

2006-11-

?BenediktWildenhain

3h

3h+

Test the new feature on development system

2006-11-

1h

Bugfixing

2006-11-

1h

Test the new feature on development system

2006-11-

1h

Test the new feature on fresh installed system

2006-11-

2h

hopefully no Bugfixing

2006-11-

0h

Project finished

2006-11-

18h30m