add host fields

d598e053 · anarcat · ffb9ddf1 · d598e053
Verified Commit d598e053 authored 4 years ago by anarcat
--- a/howto/ldap.md
+++ b/howto/ldap.md
@@ -509,6 +509,43 @@ skip keys that have other options.

 [authorized_keys(5)]: https://manpages.debian.org/authorized_keys.5

+
+### LDAP host fields
+
+| Group field     | Meaning                                                      |
+|-----------------|--------------------------------------------------------------|
+| `description`   | free-form text field  description                            |
+| `memory`        | main memory size, with `M` suffix (unused?)                  |
+| `disk`          | main disk size, with `G` suffixed (unused?)                  |
+| `purpose`       | like description but purpose of the host                     |
+| `architecture`  | CPU architecture (e.g. `amd64`)                              |
+| `access`        | always "restricted"?                                         |
+| `physicalHost`  | parent metal or hoster                                       |
+| `admin`         | always "torproject-admin@torproject.org"                     |
+| `distribution`  | always "Debian"                                              |
+| `l`             | location ("City, State, Country"), unused                    |
+| `ipHostNumber`  | IPv4 or IPv6 address, multiple values                        |
+| `sshRSAHostKey` | SSH server public key, multiple values                       |
+| `rebootPolicy`  | how to reboot this server: `manual`, `justdoit`, `rotation`) |
+
+The `rebootPolicy` is documented in the [upgrade
+procedures](upgrades).
+
+The `purpose` field is special in that it supports a crude markup
+language which can be used to create links in the web interface, but
+is also used to generate SSH `known_hosts` files. To quote the
+ud-generate source code:
+
+> In the purpose field, `[[host|some other text]]` (where some other
+> text is optional) makes a hyperlink on the web [interface]. We now
+> also add these hosts to the ssh `known_hosts` file.  But so that we
+> don't have to add everything we link, we can add an asterisk and say
+> `[[*...` to ignore it.  In order to be able to add stuff to ssh
+> without http linking it we also support `[[-hostname]]` entries.
+
+Otherwise the `description` and `purpose` fields are fairly similar
+and often contain the same value.
+
 #### exportOptions values

 * `AUTHKEYS`: ship the `authorized_keys` file for `sshdist`,