Hi, Being a recent convert and having recently gone through the kickstart process I may be able to offer a couple of pointers while it's fresh in my mind. The postinstall can just be used to pull in the puppet packages and start script leaving puppet to do the rest. Most of the work in my case seemed to get done as modules as these required pulling in associated files and seemed large enough pieces to justify package style treatment
My layout was like this:- /etc/puppet/templates #holds .erb files /etc/puppet/manifests #holds nodes.pp site.pp /etc/puppet/manifests/classes #holds smaller .pp files that do not justify full module treatment e.g. motd change /etc/puppet/manifests/os # holds os specific classes .eg satellite registration /etc/puppet/modules # holds all the slightly bigger pieces that tend to pull in other files /etc/puppet/modules/automount /etc/puppet/modules/automount/files # contains auto_master etc /etc/puppet/modules/automount/manifests # contains site.pp with the automount class containing file and service resources /etc/puppet/modules/sshkeys /etc/puppet/modules/sshkeys/files /etc/puppet/modules/sshkeys/manifests /etc/puppet/modules/ldap /etc/puppet/modules/ldap/files /etc/puppet/modules/ldap/manifests /etc/puppet/modules/apache /etc/puppet/modules/apache/files /etc/puppet/modules/apache/templates /etc/puppet/modules/apache/manifests /etc/puppet/modules/postfix /etc/puppet/modules/postfix/files /etc/puppet/modules/postfix/manifests /etc/puppet/modules/mysql /etc/puppet/modules/mysql/files /etc/puppet/modules/mysql/manifests To build up the kickstart I would focus on peforming the initial post-install on your kickstart client. Then, on the puppet server complete a module and test back on the client (without kickstarting) by running puppetd in tag mode pointing to the newly configured module:- puppetd --server <server_name> --test --tags automount Doing it this way may save lots of repeated kickstarts. Otherwise you will waste 30mins each time waiting for the os to be rebuild Having briefly looked at your kickstart file which seems largely about file tweaks to comply with your security guidelines I guess a lot of it could go in the classes directory with names such as GEN006520.pp which could contain a file resource to do the chmods. Unfortunately, in-situ file editing does not seem to be one of puppet's strong points at the moment so you may find yourself copying in lots of files or using workarounds involving exec. Following that same naming scheme you could create modules in the same way eg /etc/puppet/modules/GEN006255 which would contain subdirs files/ manifests/ templates. The possible advantage of using that is that your tags would refllect the compliance points. The downside is that you'll probably need a look up sheet to remind yourself what each bit is doing I would strongly advise btw, reading the Understanding Puppet book and all the references in the right hand bar of the wiki (e.g resources ref, types ref, style guides etc) but it sounds like in such a security conscious environment as yours puppet definitely fits the bill as once your systems are built to that spec puppet will keep them that way Good luck Paul 2008/11/11 Aaron Lippold <[EMAIL PROTECTED]> > Hello Puppet List, > > I was hoping to get some help starting looking at moving my current > kickstart baseline to using puppet. I have been reading up on puppet > and really think it would be a great. > > I am looking to start by making the right classes in puppet to manage > the configuration details in the %post section of this ks. > > There are some CM items that look fairly strait forward to implement ( > chmods, killing services, users etc.), however some things like pam.d > management, login management, sshd banner/noroot login, nosuid in > fstab mounts, auditd configuration management, etc. I could use a > little discussion on where to use modules, templates, recipes. > > I have attached a ks file with a good portion of what type of CM items > I need to work with so folks can get an idea of what I am trying to > sort out. > > Also, I would like to also like to 'tag' my CM items with specific > codes to match them with tracking numbers used in other systems. So, > "ITEM001 -> Boot loader with use a password" etc. I am hoping that > puppet can handle this and if necessary remap the 'tags' if I go from > Coding X to Coding Y. > > Any thoughts, suggestions etc. would be appreciated. > > Yours, > > Aaron > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
