[wpkg-users] Extended hosts matches

Mon Mar 29 11:30:21 CEST 2010

Rainer Meier <r.meier at wpkg.org> writes:

> Feel free to prepare a patch for a current version of WPKG. Personally I've
> expressed many times on the list already why I think the way it's done is not
> the right one. A summary:
>

[...]

> - /applymultiple switch introduces complexity and breaks quite a lot
> of existing installations if used without caution. Moreover there is
> no scenario known to me which cannot be done without this
> functionality using existing functionality.

The problem I see with the actual functionality is that when using
extended host matches, I need to list all the meanfull combinations.

I need a different profile for winXP and win7 system configurations, 
If I want to use different profile for winXP and win7 both members of
the appli1 group, I will need:

- <host system="xp" group="appli1">
    <profile id='base'/>
    <profile id='winxp'/>
    <profile id='application1'/>
  </host>
- <host system="win7" group="appli1">
    <profile id='base'/>
    <profile id='win7'/>
    <profile id='application1'/>
  </host>

With /applymulti, this should become:
- <host system="xp" profile-id="winxp"/>
- <host system="win7" profile-id="win7"/>
- <host group="appli1" profile-id="appli1"/>
- <host name=".+" profile-id="base"/>

> So feel free to create a patch for the current version of WPKG which might be
> applied for these users who need it. I am personally OK with the delivery of
> this patch even as part of the official shipment but I don't plan yet to
> introduce this code in the stable release of WPKG.

I'll explain what I want to do, you will tell me if I'm crasy ;-)

We have 200 samba/LDAP servers so AD specific stuffs are out of
question. We want to mix global and local policies, we found easier to
manage LDAP entries than editing files or doing croned extraction.

We push generic configuration files with rsync, using only host names is
quite complicated, for now we have a basic profile which applies to host
name '.+'.

Using groups seems simpler than host name for policies, if we want to
deploy a new profile, we want to:

- add a new group
- assign computers to this group
- send the profiles/<group>.xml
- send the hosts/<group>.xml

In the future we plan to have pattern matching and references like:

- All groups can have associated profiles: <host group="(.*)" profile-id="$1"/>

We only need the following properties:
- hostname
- ipaddresses
- hostsystem
- hostgroups
- username
- usergroups

For now, I'm trying to use "WinNT://" to list group membership of my
computer, I test the following js code:

--8<---------------cut here---------------start------------->8---
var WshNetwork = WScript.CreateObject("WScript.Network");
var DomainName = WshNetwork.UserDomain.toLowerCase();
var ComputerName = WshNetwork.ComputerName.toLowerCase();
var DomainComputerName = ComputerName + "$";
var obj = GetObject("WinNT://"+DomainName+"/"+DomainComputerName+",user") ;
var Groups = obj.Groups();
for (var item =new Enumerator(Groups); !item.atEnd(); item.moveNext() ) {
    var group = item.item();
    WScript.Echo(group.Name);
}
--8<---------------cut here---------------end--------------->8---

This does not require LDAP stuffs, the only thing I wonder is if it's AD
compatible.

Can someone with an AD test it and tell me if it works?

> For Version 1.2 I plan to restructure quite a lot of code where it might be
> possible to extend the functionality - maybe by referring to eternal scripts.

Is it possible to have a look at development?

What do you think about the following (standard?) SVN layout:
- trunk : development
- branches/X.Y/fix#: X.Y bugfix development branch (copy of X.Y.Z which introduce the bug)
- tags/X.Y.Z: stable branch

I know that wpkg.js is intended to be used as-is with the blending edge
version, but I think it's a good thing to publish non-finished
development and actual stable, people will use what ever they want/need.

Regards.
-- 
Daniel Dehennin
RAIP de l'Orne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.wpkg.org/pipermail/wpkg-users/attachments/20100329/dbb60a78/attachment-0001.sig>