Re: Re: Cobbler Authorisation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dan wrote:

I'm keen on a modular approach. It means that when/if a requirement
changes later down the road, chances our we just rewrite/add a module,
rather that touch the core. Not having to touch the core also makes
integrating future releases ten times easier.


+1

Distributions/images here don't just come from sysadmins, they're also
internally created by users. Somebody may create a custom image which
they wish to deploy on their cluster of 50 systems which they're solely
responsible for. 
At present, they send us the image, we manually add it to the server,
manually amend configurations for it to be available... This is a time
consuming activity, especially if the provider is sending over several
images a week. We'd like to allow them to upload their own
images/distributions, without taking up the time of our already busy
sysadmins. We want them to take control of provisioning their systems,
from start to finish, all on their own. We simply provide the install
mechanism.

If I need to fill in any gaps here, let me know.
Yep... It's going to be difficult to model the behaviors that are important for a lot of different sites that are trying to replicate different existing policies. So, yes, this definitely points down the module route.
This seems to say that some users should be able to add distros, and edit the ones they've added, but not modify distros that belong to others. Right? Cobbler doesn't have the capability to upload initrd/kernel files to the WebUI yet, but as we do things like make "cobbler import" web accessible, that is a direction we could consider. Patches always welcome, of course :) 



Modules ftw!


:)
Yes, we need authorization/authentication at CLI, as well as webUI. Not everybody wants to use a webui and not everybody wants to use a CLI, so we need to provide an interface for both to keep them all sweet.
Most likely all the security infrastructure will be implemented at the web services layer ... so this would mean remoting the CLI. I'd rather not do this when SSH works so well and it's a kludge 
to maintain/develop otherwise.
If you've got a specific need for a remote app, you could write something simple using the XMLRPC API.
I'm guessing that would be an app that did the equivalent of "system edit" for people who just wanted 
to modify the boot configurations of their systems, etc.


_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
[Index of Archives]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux