User story #5506
closedCustomize Nodes by adding attribute on them
Description
Hi,
I'm not sure if this is currently possible. Probably best to describe it now while the idea is raw.
I (think I) would like to sync CMDB data into Rudders LDAP, for example server owners (SAP guys) and usage classes (Testing, Production).
It would be helpful if there could be data for nodes that are still uninventorized and/or pending.
- adding things that are currently not queryable
- not getting that info from the node
- not having a "lapse" where a new node is there but the data will only upload 10 minutes later
- being able to use this info in forming groups
- being able to use this info in resulting cf classes
[note from release: the last point was not implemented and will be included along with #3112]
Grepping in the source a little I can see how it's done for the known attributes:
rudder-web/src/main/resources/ldapObjectAndAttributes.properties:ldap.object.networkInterfaceLogicalElement = Network interfaces
rudder-web/src/main/scala/com/normation/rudder/web/services/DisplayNode.scala: { if (showExtraFields) <li><a href={htmlId_#(jsId,"sd_net_")}>Network interfaces</a></li> else NodeSeq.Empty } ::
rudder-web/src/main/scala/com/normation/rudder/web/services/DisplayNode.scala: <li><a href={htmlId_#(jsId,"sd_net_")}>Network interfaces</a></li>
Would the plugin interface of the web app offer a way to do this?
Updated by Matthieu CERDA over 10 years ago
- Assignee set to François ARMAND
- Priority changed from 2 to 4
I think FAR is the best person to know about this.
What do you think, François ?
Updated by François ARMAND over 10 years ago
Hi,
I'm not sure I get it all, so lets rephrase it:
- Feature 1: be able to declare node that are not currently pending.
The goal is to be able to start configure that node (groups, in particular) without having to wait for an inventory.
Workflow will look like:
1/ Create the node with hostname == foo.localhost in the UI (or via API) in "already accepted" state,
2/ Configure groups with that node,
3/ Some time latter, an inventory with hostname "foo.localhost" arrives, automatically merge information with the pre-existing node
Something like #3668
- Feature 2: be able to add data in nodes (say, JSON-like data structure) and use them for groups
The goal here is to be able to add data to a node that are not linked to inventory information.
These data could be set via UI (user editing it) or API (CMDB synchronisation for ex.).
2.1/ Use the data in search to create groups
2.2/ Be able to use the data in Directives (something like parameters, see http://www.rudder-project.org/foswiki/System/ContextedVariables) and/or CFEngines promises
I think we already talked about that to.
Is it that ?
Updated by Florian Heigl over 10 years ago
Hi,
Feature 1:
I'm not sure about the "already accepted state". Personally, I'd like to keep accepting to be a separate task.
I'll check out the script from the linked #3668 tomorrow in lab.
I think that is a good script for fanf's contrib repository!
Feature 2:
yes, sounds right.
Generally, what I'm after is to make sure I can define groups from attributes that are made available from an external source and cannot be influenced from the client side. Harsh example: I don't want someone who broke into a DMZ host be able to turn this host into a server having a vastly different role. Nor should a helpless person in the wrong place be able to turn a "prod" system into a "lab" one.
So I'd like to feed this info into rudder, and have a client see the right info when it is "accepted".
On the other hand, when I feed attributes for 1000s of systems I don't want all of them to be auto-accepted just because of that. :>
Updated by François ARMAND about 10 years ago
I missed to answer to your comment, but OK, the use case is pretty clear.
There is nothing simple (i.e, as in "don't have to understand of bunch Rudder internals and code scala and even some LDAP queries") to do what you want. The logic is trivial, at least if we stay with key=value attributes (because, well, that's just a some attribute to stick to the node).
The hardest part would be the UI, to make it usable, in particular in mass edition - I'm pretty sur one's don't want to go to 200 nodes "details" node to add the same "env=prod" attribute.
Updated by Florian Heigl about 10 years ago
Hi,
I think something like this would always be pushed via external means from CMDB, not from GUI.
Or do you see a use case I don't think of?
Updated by François ARMAND about 10 years ago
I was thinking of all the people not having a CMDB :) Or generally, people wanting to use that to tags node and build there own ontologie for Rudder management only.
But you are right in all case: a first step is to have that available at least from API, it can cover a big part of use cases.
Updated by François ARMAND about 10 years ago
- Category set to Web - Nodes & inventories
- Status changed from New to 13
- Priority changed from 4 to 1 (highest)
- Target version set to 3.0.0~beta1
So, we are going to try to put at least some part of that in 3.0:
- being able to define pair of name=value for a node throught the API
- being able to see them (somewhere in node details)
- being able to create groups based on them.
That will allows to start building provisionning scenario from 3.0, and we will be able to easely add UIs after that.
Updated by François ARMAND about 10 years ago
Main architecture ideas:
- we want to be able to latter add node properties defined on the node (for example with script extension)
- we need a "source" information (inventory, user, api, etc) so that we are able to define overriden logic.
- thinking of that, I'm wondering if we should not keep all values, and have the overriden logic at use time (so that we can have "inventory say so, user say so, we keep that")
- it would make sens to have the data live in the "node", not in the inventory. But I think we don't have a sufficiently powerful search engine for that, and other things should also live in the node. So it is acceptable to have them in inventory if not possible elsewhere.
- for the api, I think we need at least:
- set the non empty set of (pair=value)+ (for each of them, add it if not defined, updated else)
- remove given non empty set of (pair=value)+ (if not defined, does nothing, else remove the pair)
- set node pairs to exactly a set of (pair=value)*
Updated by François ARMAND about 10 years ago
So, in fact, adding the key=values in the node and extending the search engine to understand them was easy.
With that, we can put user defined key=values into node, and we will be able to also have some in the inventory latter, and so we will be able to implement an overriding logic easely.
Updated by Jonathan CLARKE about 10 years ago
- Status changed from 13 to Pending release
This has made it into Rudder 3.0.0~beta1 :)
Updated by Vincent MEMBRÉ about 10 years ago
- Subject changed from Feature (or just documentation) to add custom attributes to Add custom attributes on Nodes
Updated by Vincent MEMBRÉ about 10 years ago
- Subject changed from Add custom attributes on Nodes to Customize Nodes by adding attribute on them
Updated by Vincent MEMBRÉ about 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 3.0.0~beta1 which was release on 01/12/2014.
- Announcement
- Changelog
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/
Updated by François ARMAND over 9 years ago
There is a known limitation today (3.0): these properties can't be used in directives ! Only for creating groups.
Updated by François ARMAND over 9 years ago
- Related to User story #6733: Allow Node properties to be used in directives and ncf techniques added