[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Group membership implying another group membership?
|
From: |
Allen S. Rout |
|
Subject: |
Group membership implying another group membership? |
|
Date: |
25 Jan 2007 11:29:20 -0500 |
|
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Security Through Obscurity) |
So I'm starting to visualize my groups as a directed graph, with the
edges symbolizing dependencies or implied memberships. It'd be nice
if there were succinct ways of representing that in cfengine, but I'm
not even sure what the right vocabulary is to search on.
For example:
We've got LDAP servers which publish data. The data is canonically
held in a DB2 database on a mainframe somewhere.
This means that everything I call an LDAP server needs also to be a
DB2 client. I might represent this by:
groups:
ldap = ( mybox )
[yadda]
import:
ldap::
cf.ldap
cf.db2
db2::
cf.db2
snmpd::
cf.snmpd
which works, but if cf.snmpd changes behavior based on db2 group
membership, that group's just not getting set, so it won't work.
Busted. So I can represent it by
groups:
ldap = ( mybox )
db2 = ( mybox )
import:
ldap::
cf.ldap
db2::
cf.db2
snmpd::
cf.snmpd
in which case cf.snmpd knows that mybox is a db2 thing and also a LDAP
thing. But that means I have to maintain the dual membership by hand,
which is error-prone. What I _really_ want to do is more like:
groups:
ldap = ( mybox )
group-inferences:
ldap = ( db2 syslog snmpd nfs-client )
appcluster = ( db2 apache2 nfs-client )
apache2 = ( krb5-client )
....
[ A miracle occurs such that everything in ldap is now also in db2, etc. ]
import:
ldap::
cf.ldap
db2::
cf.db2
snmpd::
cf.snmpd
So, is this function present, and I'm just dense? Is this a plausible
module for me to write? Would this function be welcomed?
- Allen S. Rout
- Group membership implying another group membership?,
Allen S. Rout <=