NIS netgroup support
Matthias Witte
I extended pssh to support NIS netgroups since we organize our hosts
in netgroups.
The patch contains these features:
* if you prefix a '-H' argument with '@' it is taken as netgroup and
the hostnames from
the netgroup triples are extracted. The resulting list ist uniqd
with regard to hostnames.
* there is an additional option '-E' which lets you exclude certain
hosts from the
resulting hostlist.
Is anyone interested?
Andrew McNabb
>
> I extended pssh to support NIS netgroups since we organize our hosts
> in netgroups.
This sounds like a very helpful feature.
> The patch contains these features:
>
> * if you prefix a '-H' argument with '@' it is taken as netgroup and
> the hostnames from
> the netgroup triples are extracted. The resulting list ist uniqd
> with regard to hostnames.
The "@" symbol is also used for specifying "user@host". Are there any
potential problems from overloading the symbol?
> * there is an additional option '-E' which lets you exclude certain
> hosts from the
> resulting hostlist.
>
> Is anyone interested?
Would you consider posting the patch on the issue tracker?
http://code.google.com/p/parallel-ssh/issues/list
Thanks for your help with PSSH.
--
Andrew McNabb
http://www.mcnabbs.org/andrew/
PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868
Matthias Witte
> On Tue, Feb 15, 2011 at 04:53:53AM -0800, Matthias Witte wrote:
> >
> > I extended pssh to support NIS netgroups since we organize our hosts
> > in netgroups.
>
> This sounds like a very helpful feature.
Since it uses ctypes and libc.6 I am not sure if that is a portable
solution.
> The "@" symbol is also used for specifying "user@host". Are there any
> potential problems from overloading the symbol?
I do not think so, since '@' must be the first character to identify a
netgroup.
> Would you consider posting the patch on the issue tracker?
>
> http://code.google.com/p/parallel-ssh/issues/list
It's done. Sorry I labelled the issue as defect.
maz
Andrew McNabb
>
> Since it uses ctypes and libc.6 I am not sure if that is a portable
> solution.
If we're careful, then I don't think this should be a problem.
Specifically, it should be possible to import ctypes at the exact time
that it's needed (in a local scope) and to give a helpful error message
when ctypes is missing and when libc.6 can't be loaded.
> > The "@" symbol is also used for specifying "user@host". Are there any
> > potential problems from overloading the symbol?
>
> I do not think so, since '@' must be the first character to identify a
> netgroup.
You're probably right. I just like to be paranoid. :)
> > Would you consider posting the patch on the issue tracker?
> >
> > http://code.google.com/p/parallel-ssh/issues/list
>
> It's done. Sorry I labelled the issue as defect.
Google's Issue Tracker seems to make it impossible to get everything
right the first time. :)
Matthias Witte
> If we're careful, then I don't think this should be a problem.
> Specifically, it should be possible to import ctypes at the exact time
> that it's needed (in a local scope) and to give a helpful error message
> when ctypes is missing and when libc.6 can't be loaded.
At the moment I am not aware how to do that. From a brief google it
seems you would use imp for that?
> > > The "@" symbol is also used for specifying "user@host". Are there any
> > > potential problems from overloading the symbol?
> >
> > I do not think so, since '@' must be the first character to identify a
> > netgroup.
>
> You're probably right. I just like to be paranoid. :)
The '@' seems to be the customary character to denote a netgroup, sudo
uses the '+'.
One could instead use the '-h' Option instead of '-H' and try to resolve
its arguments as netgroups if there is no corresponding file.
Another option might be to drop one of the options in general and always
try to interpret the argmument as a file and if that fails switch to
resolution via DNS and NIS. But then you would still want to be able to
enforce a certain unambiguous context.
--
maz
Andrew McNabb
> > If we're careful, then I don't think this should be a problem.
> > Specifically, it should be possible to import ctypes at the exact time
> > that it's needed (in a local scope) and to give a helpful error message
> > when ctypes is missing and when libc.6 can't be loaded.
>
> At the moment I am not aware how to do that. From a brief google it
> seems you would use imp for that?
It's actually not too bad. If you put "import ctypes" at the top of
your file, then the import occurs as the module is loaded. If, however,
the import line appears within a function, then the import doesn't
happen until the function is called. For example:
def do_stuff():
import ctypes
...
If do_stuff is never called, then ctypes is never imported.
Additionally, the "ctypes" name is only available within the the body of
do_stuff.
> The '@' seems to be the customary character to denote a netgroup, sudo
> uses the '+'.
>
> One could instead use the '-h' Option instead of '-H' and try to resolve
> its arguments as netgroups if there is no corresponding file.
I like the idea of sticking to whatever is customary, so the "@" sounds
good. I'm torn about whether it should be combined with the "-h", "-H",
or some new option.
> Another option might be to drop one of the options in general and always
> try to interpret the argmument as a file and if that fails switch to
> resolution via DNS and NIS. But then you would still want to be able to
> enforce a certain unambiguous context.
Yeah, it sounds like that could be ambiguous, so I'm not sure if it's
the best way to go.
By the way, would anyone ever want to specify a host along with a
netgroup? For example "-H user1@host1 -H user2@host2 -H user3@@group1"
or something like that?
Matthias Witte
> > At the moment I am not aware how to do that. From a brief google it
> > seems you would use imp for that?
>
> It's actually not too bad. If you put "import ctypes" at the top of
> your file, then the import occurs as the module is loaded. If, however,
> the import line appears within a function, then the import doesn't
> happen until the function is called. For example:
>
> def do_stuff():
> import ctypes
> ...
>
> If do_stuff is never called, then ctypes is never imported.
> Additionally, the "ctypes" name is only available within the the body of
> do_stuff.
I will try that and modify the patch. There's a busy weekend ahead so I
don't know when.
> I like the idea of sticking to whatever is customary, so the "@" sounds
> good. I'm torn about whether it should be combined with the "-h", "-H",
> or some new option.
Whatever floats your boat. At the moment I am the only one in need of
that feature. I don't know if anyone else needs NIS netgroup support so
that I cannot even be disappointed if you decide to dismiss the patch.
> By the way, would anyone ever want to specify a host along with a
> netgroup? For example "-H user1@host1 -H user2@host2 -H user3@@group1"
> or something like that?
That case should be easy to handle, I'll look into it.
--
maz