Is the client running on Mac hardware and not in a VM? Seems like system_profiler, which is used to generate default facts is failing. Maybe it doesn't work because of virtual hardware.
On Dec 22, 2008, at 12:28 PM, Carl Caum wrote: > Most plist management can be done with the defaults command. It > means we exec out everytime, but we could write a definition/plugin > around it. > > I'm having trouble getting puppet to run on OS X. I installed > 0.24.7 on my OS X server VM using gems. After signing the > certificate on the puppetmaster side, I get this on the client side: > > 2008-12-22 11:25:35.796 system_profiler[6552:10b] Exception while > calling [SPPlatformReporter updateDictionary:] > *** -[NSCFArray objectAtIndex:]: index (3) beyond bounds (2) > err: Could not retrieve catalog: undefined method `[]' for > nil:NilClass > > Any ideas? > On Dec 19, 2008, at 11:16 PM, Crawford Kyle wrote: > >> >> On Dec 19, 2008, at 10:48 PM, Nigel Kersten wrote: >> >>> >>> >>> On Fri, Dec 19, 2008 at 7:23 PM, Crawford Kyle <kcrw...@gmail.com> >>> wrote: >>> >>> On Dec 19, 2008, at 7:55 PM, Nigel Kersten wrote: >>>> >>>> On Fri, Dec 19, 2008 at 2:29 PM, Carl Caum <carl.c...@gmail.com> >>>> wrote: >>>> >>>> Does anyone know how to go about joining Mac OS X Leopard to an >>>> Active >>>> Directory domain with puppet? >>>> Primarily it needs to be broken down in to doing LDAP >>>> authentication >>>> with a few attribute mappings and using kerberos for the password >>>> authentication. >>>> >>>> You're going to want to push out your DS preferences and then do >>>> an exec for the joining of the machine account I imagine, >>>> although you could do some of this with templates..... >>>> >>>> How were you doing this before Puppet? >>>> >>>> There are no native types now, because those of us doing the Mac >>>> stuff with Puppet don't work in AD environments :) >>>> >>>> I'm more than happy to spend time helping you work through this >>>> though Carl. I'm reasonably familiar with AD integration even >>>> though we don't do it here. >>>> >>>> This would be a great recipe to get up on the Puppet wiki. >>> >>> We are in a large AD environment using Puppet. We currently handle >>> the AD joining outside of Puppet with a python script in a launchd >>> job that runs at first boot, though we will probably be moving >>> this to Puppet. >>> >>> The typical steps are: >>> Make sure time server is set and time is set correctly >>> ( ntpd.conf or exec systemsetup ) >>> Activate AD plugin by enabling it in DirectoryService.plist. >>> ( just a simple key value but I think you need to restart >>> DirectoryService for it to notice ) >>> Configure AD plugin using dsconfigad options. ( this can take a >>> lot of options all of these just change key values in >>> ActiveDirectory.plist ) >>> Join to domain using dsconfigad with a limited AD account and >>> password with permissions to add machines to your OU. ( this >>> would need to exec the dsconfigad command with username, password, >>> OU, machine join name. Unfortunately the password is passed to >>> dsconfigad in clear text as a parameter ) >>> Set the authentication search path to Custom, and include your AD >>> domain node using dscl. ( dscl exec ) >>> >>> We do manage the time server with Puppet and setting a couple of >>> mapping attributes in the AD plists. >>> >>> I'm happy to help you get this all working in Puppet as well. >>> >>> oh cool. I didn't realize you were doing AD integration Kyle. >>> >>> How are you ensuring that AD continues to be configured on the >>> clients? Does the python launchd job do all of this? Or are you >>> managing some components as Puppet resources? >>> >>> I've been thinking for a while about how to mange DirectoryService >>> nodes as native Puppet types, but there are so many attributes to >>> think about I'm not sure it actually simplifies matters all that >>> much... >> >> Yes, I've done a lot of AD integration work. The python script I >> wrote tests the configuration and scenarios related to AD Node >> status and takes action if necessary. The only part in Puppet so >> far is management of a couple AD plist keys. >> >> Agreed, DirectoryService node configuration can get complex. There >> may be lower hanging fruit like improved plist management that >> would help in all areas including DirectoryService. >> >> Kyle >> >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
