红帽全球峰会20.2. Adding Hosts to an IDM Host Group
Identity Management (IDM) supports the ability to set up automatic membership rules based on a system's attributes. Red Hat Satellite's realm feature provides administrators with the ability to map the Red Hat Satellite host groups to the IDM parameter "userclass" which allow administrators to configure automembership.
When nested host groups are used, they are sent to the IDM server as they are displayed in the Red Hat Satellite User Interface. For example, "Parent/Child/Child".
Note
The Satellite Server or Capsule Server sends updates to the IDM server, however automembership rules are only applied at initial registration.
- On the IDM server, create a host group:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Where:- hostgroup_name is the hostgroup's name.
- hostgroup_description is the hostgroup's description.
- Create an automembership rule:
ipa automember-add --type=hostgroup automember_rule
# ipa automember-add --type=hostgroup automember_rule ---------------------------------- Added automember rule "automember_rule" ---------------------------------- Automember Rule: automember_ruleCopy to Clipboard Copied! Toggle word wrap Toggle overflow Where:automember-addflags the group as an automember group.--type=hostgroupidentifies that the target group is a host group, not a user group.- automember_rule is the name you wish to identify the automember rule by.
- Define an automembership condition based on the userclass attribute:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Where:automember-add-conditionallows you to add regular expression conditions to identify group members.--key=userclassspecifies the key attribute as userclass.--type=hostgroupidentifies that the target group is a host group, not a user group.--inclusive-regex=^webserver is a regular expression pattern to identify matching values.- hostgroup_name is the target hostgroup's name.
When a system is added to the Satellite Server's hostgroup_name host group, it will now automatically be added to the Identity Management server's "hostgroup_name" host group as well. IDM host groups allow for Host-Based Access Controls (HBAC), sudo policies and other IDM functions.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}