• pspacek: Does it mean extending ID views's scope to meta-directory?
• pv: I'd like to see broader design with workflow
• pv: future releases
• ab: this would be cross-functional work - work on IPA, SSSD and FleetCommander sides
• ab: would like to get the basic implementation (associate Fleet Command with Host/Host Group) to Fedora 25
• Next step would be something like SELinux mapping (beyond Fedora 25)
• This would be separate plugin for FreeIPA
• Add to 4.5 backlog for now

Hello guys,

I was wondering what's the progress on this, https://fedorahosted.org/sssd/ticket/2995 depends on this somehow and I want to make sure I have the time to implement and test the fleet-commander bits for F25 and the freezes are approaching.

As of now we just need to store a http(s)://host:port/path/to/endpoint string, though it would also be nice to add support for the polling interval in seconds (3600 is the default atm).

We added this 4.5 backlog but I'll see if we can get a prototype during FLOCK.

I will be at flock for the whole week if having me there helps at all.

Copying my comment from the SSSD ticket:

My idea on IPA side is to treat it similarly to how we do selinuxusermap. It would be a generic resource mapping with a tag:

ipa resourcemap-add --tag=fleetcommander test1 --resource=https://some.host:9989/path/to/endpoint
ipa resourcemap-add-host test1 --hostscat=all

or

ipa resourcemap-add-host test1 --hosts={server1,server2,server3}

This is trivial to implement and maintain in IPA via ipaAssociation subclass in LDAP. SSSD would anyway try to retrieve all groups a host is member of so it would be able to see this resourcemap and use its content to write down needed configuration on the host.

This would allow be generic and support multiple types of resources, including multiple Fleet Commander servers.

Closing this bug as I implemented FleetCommander support in https://github.com/abbra/freeipa-desktop-profile as a separate plugin. It is provided in Fedora already for few releases.