diff options
| author | Simon Ruderich <simon@ruderich.org> | 2013-11-12 23:48:25 +0100 |
|---|---|---|
| committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-11-14 09:27:08 -0500 |
| commit | d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3 (patch) | |
| tree | 95b76849268d44bcf6ea81f957159e3a568dcf69 /doc | |
| parent | 557377e8a1d0492f4c26b95c4a74172a9210ac3e (diff) | |
| download | bcfg2-d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3.tar.gz bcfg2-d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3.tar.bz2 bcfg2-d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3.zip | |
Add probes.allowed_groups option to restrict group assignments.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/server/plugins/probes/index.txt | 40 | ||||
| -rw-r--r-- | doc/unsorted/dynamic_groups.txt | 27 |
2 files changed, 40 insertions, 27 deletions
diff --git a/doc/server/plugins/probes/index.txt b/doc/server/plugins/probes/index.txt index 306a752b6..6f745e359 100644 --- a/doc/server/plugins/probes/index.txt +++ b/doc/server/plugins/probes/index.txt @@ -13,6 +13,9 @@ the system disk, you would want to know this information to correctly generate an `/etc/auto.master` autofs config file for each type. Here we will look at how to do this. +Probes also allow dynamic group assignment for clients, see +:ref:`_server-plugins-probes-dynamic-groups`. + First, create a ``Probes`` directory in our toplevel repository location:: @@ -119,6 +122,43 @@ is to add the ``/etc/auto.master`` to a Bundle: <Path name='/etc/auto.master'/> +.. _server-plugins-probes-dynamic-groups: + +Dynamic Group Assignment +======================== + +The output lines of the probe matching "group:" are used to +dynamically assign hosts to groups. These dynamic groups need not already +exist in ``Metadata/groups.xml``. If a dynamic group is defined in +``Metadata/groups.xml``, clients that include this group will also get +all included groups and bundles. + +Consider the following output of a probe:: + + group:debian-wheezy + group:amd64 + +This assigns the client to the groups debian-wheezy and amd64. + +To prevent clients from manipulating the probe output and choosing +unexpected groups (and receiving their potential sensitive files) you +can use the ``allowed_groups`` option in the ``[probes]`` section of +``bcfg2.conf`` on the server. This whitespace-separated list of anchored +regular expressions (must match the complete group name) controls +dynamic group assignments. Only matching groups are allowed. The +default allows all groups. + +.. versionadded:: TODO + +Example:: + + [probes] + allowed_groups = debian-(squeeze|wheezy|sid) i386 + +This allows the groups debian-squeeze, debian-wheezy, debian-sid and +i386. With the probe output from above, this setting would disallow +the group amd64. + Handling Probe Output ===================== diff --git a/doc/unsorted/dynamic_groups.txt b/doc/unsorted/dynamic_groups.txt deleted file mode 100644 index 11535dc8b..000000000 --- a/doc/unsorted/dynamic_groups.txt +++ /dev/null @@ -1,27 +0,0 @@ -.. -*- mode: rst -*- - -.. _unsorted-dynamic_groups: - -============== -Dynamic Groups -============== - -Bcfg2 supports the use of dynamic groups. These groups are not included -in a client's profile group, but instead are derived from the results -of probes executed on the client. These dynamic groups need not already -exist in ``Metadata/groups.xml``. If a dynamic group is defined in -``Metadata/groups.xml``, clients that include this group will also get -all included groups and bundles. - -Setting up dynamic groups -========================= - -In order to define a dynamic group, setup a probe that outputs the text -based on system properties:: - - group:groupname - -This output is processed by the Bcfg2 server, and results in dynamic -group membership in groupname for the client. See the :ref:`Probes -<server-plugins-probes-index>` page for a more thorough description -of probes. |