IPA

Documentation

NAME

ipaquery - Print information about records in an IPA data store

SYNOPSIS

  ipaquery [--DB=DBI_URI] [--delimiter=delimiter]
        [--no-columns] [--csv]
        [--max-catalog-width=WIDTH] [--max-label-width=WIDTH]
        command [arguments]

DESCRIPTION

ipaquery prints out information about IPA catalogs and datasets.

OPTIONS

--db=DB_URI

A URI specifying the IPA data store to connect to. Due to the possible exposure of database credentials via process listings, the use of this option is discouraged. See ENVIRONMENT below for the recommended way of specifying the IPA data store URI.

--delimiter=DELIM

Specifies the character used as a field delimiter in the output. By default, ipaquery uses whitespace as the field delimiter.

--no-columns

By default, output is printed with fixed-width columns. If this switch is present, columnar output is disabled.

--csv

Output records in CSV format. This switch has the same effect as --no-columns --delimiter=,

--max-catalog-width=WIDTH

If this option is present, catalog names will be truncated at WIDTH characters. This switch is ignored if --no-columns is specified.

--max-label-width=WIDTH

If this option is present, labels will be truncated at WIDTH characters. This switch is ignored if --no-columns is specified.

COMMANDS

Currently, the following commands are supported:

catlist [prefix]

List all IPA catalogs, or those catalogs that begin with prefix

setlist catname

List all datasets which belong to the catname IPA catalog.

find query_spec

Retrieve IPA records matching query_spec from the data store (see QUERY SYNTAX below)

QUERY SYNTAX

The find command returns association records based on a simple query language. A valid query consists of one or more keyword clauses using the keywords below.

Keywords

in catalog[ catalog...]

Return only records matching the given catalog path name. To query records from multiple catalogs, enclose the catalog argument in single or double quotes, and separate the catalog paths by a space. The default matching behavior is to perform an exact match on the catalog pathname. To do a regular expression match, wrap the catalog name(s) in forward-slash characters, e.g. "/foo/" to query any catalog with "foo" in the name.

addr range

Return only records matching the given IP address range. See Argument Formats below for the syntax of the range argument.

label label[,label...]

Return only records with the given label. A comma-delimited list may be specified, in which case records will be returned matching any of the specified labels.

value value

Return only records with an associated value. Can also be a value range, e.g. 32-1024.

at time

Return only records valid at the given time.

before time

Return only records valid before the given time.

after time

Return only records valid after the given time.

between time and time

Return only records valid between the two given times.

show fields

This keyword allows you to return only the association fields specified by the fields argument. The available fields are catalog, start, end, range, label, and value. If this keyword is not supplied, the default is to return all of these fields.

Argument Formats

• range arguments can be expressed in any of the following formats:
  • single dotted quad address: 192.168.1.0
  • single integer address: 3232235776
  • dotted quad address range: 192.168.1.0-192.168.1.255
  • integer address range: 3232235776-3232236031
  • CIDR block: 192.168.1.0/24
  • CIDR block with int addr: 3232235776/24

• time arguments must be in YYYY/MM/DD[:HH[:MM[:SS]]] format. Year, month, and day are required, while the time of day can be specified to hour, minute, or second precision.

EXAMPLES

List Catalogs

List all catalogs in the IPA data store:

  $ ipaquery catlist

List all catalogs that begin with the string "dns"

  $ ipaquery catlist dns

List Datasets

List all datasets in the "dns.primary" catalog:

  $ ipaquery setlist dns.primary

Query Records

Show all records in the country code catalog:

  $ ipaquery find in geo.country

Show all records in the country code catalog on a specific date:

  $ ipaquery find in geo.country at 2009-01-20

Show all records from a list of catalogs:

  $  ipaquery find in "hosts.good hosts.bad usr.foo usr.bar"

Show all records in any catalog with "good" in the pathname:

  $ ipaquery find in "/good/"

Show all records in any catalog with "good", "bad", or "ugly" in the catalog pathname:

  $ ipaquery find in "/good/ /bad/ /ugly/"

Show all records in the country code catalog with the label "us":

  $ ipaquery find label us in geo.country

Show everything IPA knows about a single IP address:

  $ ipaquery find addr 10.1.1.1

Show everything IPA knows about a single IP address at a specific date/time:

  $ ipaquery find addr 10.1.1.1 at 2009-01-20

Show everything IPA knows about a single IP address before a given date:

  $ ipaquery find addr 10.1.1.1 before 2009-01-20

Show everything IPA knows about a single IP address after a given date:

  $ ipaquery find addr 10.1.1.1 after 2009-01-20

Show all records in geo.country, within a specific time period, in the 10.0.0.0/8 CIDR block, with label "us":

  $ ipaquery find in geo.country \
      between 2009-01-20:12:30 and 2009-01-21:12:30 \
      addr 10.0.0.0/8 label us

ENVIRONMENT

IPA_DB_URI

A URI specifying the location of (and credentials for) the IPA data store. The format of this URI is driver://user:password@hostname/database, e.g.:

    postgresql://ipauser:secret@database-server.domain.com/ipa

NOTES

Currently, only the PostgreSQL database driver is supported.

SEE ALSO

ipaimport(1), ipaexport(1)

© 2006-2010 Carnegie Mellon University Legal | Privacy Notice |