diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/appendix/guides/authentication.txt | 33 | ||||
-rw-r--r-- | doc/development/client-driver.txt | 9 | ||||
-rw-r--r-- | doc/development/plugins.txt | 8 | ||||
-rw-r--r-- | doc/development/utils.txt | 15 | ||||
-rw-r--r-- | doc/server/plugins/grouping/metadata.txt | 46 |
5 files changed, 93 insertions, 18 deletions
diff --git a/doc/appendix/guides/authentication.txt b/doc/appendix/guides/authentication.txt index 3fd0e1e2d..b8ec82590 100644 --- a/doc/appendix/guides/authentication.txt +++ b/doc/appendix/guides/authentication.txt @@ -132,13 +132,26 @@ controlled through the use of the auth attribute in Allowed values are: - +---------------+------------------------------------------+ - | **Auth Type** | **Meaning** | - +===============+==========================================+ - | cert | Certificates must be used | - +---------------+------------------------------------------+ - | cert+password | Certificate or password may be used | - +---------------+------------------------------------------+ - | bootstrap | Password can be used for one client run, | - | | after that certificate is required | - +---------------+------------------------------------------+ ++-------------------+------------------------------------------+ +| Auth Type | Meaning | ++===================+==========================================+ +| ``cert`` | Certificates must be used | ++-------------------+------------------------------------------+ +| ``cert+password`` | Certificate or password may be used. If | +| | a certificate is used, the password must | +| | also be used. | ++-------------------+------------------------------------------+ +| ``bootstrap`` | Password can be used for one client run, | +| | after that only certificate is allowed | ++-------------------+------------------------------------------+ + +``cert+password`` is the default. This can be changed by setting the +``authentication`` parameter in the ``[communcation]`` section of +``bcfg2.conf``. For instance, to set ``bootstrap`` mode as the global +default, you would add the following to ``bcfg2.conf``:: + + [communication] + authentication = bootstrap + +``bootstrap`` mode is currently incompatible with the +:ref:`server-plugins-grouping-metadata-clients-database`. diff --git a/doc/development/client-driver.txt b/doc/development/client-driver.txt index 29216acd5..5977f2a91 100644 --- a/doc/development/client-driver.txt +++ b/doc/development/client-driver.txt @@ -65,6 +65,11 @@ Base Classes Helper Classes -------------- -.. autoclass:: Bcfg2.Client.Tools.ClassName -.. autoclass:: Bcfg2.Client.Tools.Executor .. autoclass:: Bcfg2.Client.Tools.ToolInstantiationError + +See Also +-------- + +* :ref:`development-compat` +* :ref:`development-utils` + diff --git a/doc/development/plugins.txt b/doc/development/plugins.txt index 91a4e6868..593c2f83e 100644 --- a/doc/development/plugins.txt +++ b/doc/development/plugins.txt @@ -175,7 +175,7 @@ decorate functions that you would like to track execution times for: .. code-block:: python from Bcfg2.Server.Plugin import track_statistics - + @track_statistics() def do_something(self, ...): ... @@ -208,3 +208,9 @@ Plugin Exceptions ----------------- .. automodule:: Bcfg2.Server.Plugin.exceptions + +See Also +-------- + +* :ref:`development-compat` +* :ref:`development-utils diff --git a/doc/development/utils.txt b/doc/development/utils.txt new file mode 100644 index 000000000..a4c158bf0 --- /dev/null +++ b/doc/development/utils.txt @@ -0,0 +1,15 @@ +.. -*- mode: rst -*- + +.. _development-utils: + +================ +Common Utilities +================ + +Some helper functions, classes, etc., are useful to both the client +and server. Some of these are used to maintain +:ref:`development-compat`, and should go in ``Bcfg2.Compat``. Those +that aren't strictly for Python compatibility go in ``Bcfg2.Utils``, +which is documented below. + +.. automodule:: Bcfg2.Utils diff --git a/doc/server/plugins/grouping/metadata.txt b/doc/server/plugins/grouping/metadata.txt index a6ed37f8e..f4c5cbcb3 100644 --- a/doc/server/plugins/grouping/metadata.txt +++ b/doc/server/plugins/grouping/metadata.txt @@ -32,7 +32,7 @@ clients.xml =========== The ``clients.xml`` file contains the mappings of Profile Groups -to clients. The file is just a series of *<Client />* tags, each of which +to clients. The file is just a series of ``<Client />`` tags, each of which describe one host. A sample file is below: .. code-block:: xml @@ -43,7 +43,7 @@ describe one host. A sample file is below: <Client profile="kerberos-master" name="kdc.example.com"/> <Client profile="mail-server" name="mail.example.com"/> <Client name='foo' address='10.0.0.1'> - <Alias name='foo-mgmt' address='10.1.0.1'/> + <Alias name='foo-mgmt' address='10.1.0.1'/> </Client> </Clients> @@ -197,9 +197,9 @@ useful results: .. code-block:: xml - <Groups version='3.0' xmlns:xi="http://www.w3.org/2001/XInclude"> - <xi:include href="my-groups.xml" /> - <xi:include href="their-groups.xml" /> + <Groups xmlns:xi="http://www.w3.org/2001/XInclude"> + <xi:include href="my-groups.xml" /> + <xi:include href="their-groups.xml" /> </Groups> Each of the included groups files has the same format. These files are @@ -207,6 +207,42 @@ properly validated by ``bcfg2-lint``. This mechanism is useful for composing group definitions from multiple sources, or setting different permissions in an svn repository. +You can also optionally include a file that may or may not exist with +the ``fallback`` tag: + +.. code-block:: xml + + <Groups xmlns:xi="http://www.w3.org/2001/XInclude"> + <xi:include href="my-groups.xml"/> + <xi:include href="their-groups.xml"><xi:fallback/></xi:include> + </Groups> + +In this case, if ``their-groups.xml`` does not exist, no error will be +raised and everything will work fine. (You can also use ``fallback`` +to include a different file, or explicit content in the case that the +parent include does not exist.) + +Wildcard XInclude +~~~~~~~~~~~~~~~~~ + +.. versionadded:: 1.3.1 + +Bcfg2 supports an extension to XInclude that allows you to use shell +globbing in the hrefs. (Stock XInclude doesn't support this, since +the href is supposed to be a URL.) + +For instance: + + <Groups xmlns:xi="http://www.w3.org/2001/XInclude"> + <xi:include href="groups/*.xml"/> + </Groups> + +This would include all ``*.xml`` files in the ``groups`` subdirectory. + +Note that if a glob finds no files, that is treated the same as if a +single included file does not exist. You should use the ``fallback`` +tag, described above, if a glob may potentially find no files. + Probes ====== |