I just wanted to follow up on this thread and let you know that I have pretty much got Puppet and LDAP doing what I want it to do.
Basically, if a node boots up and runs 'puppetd' it will check in with LDAP to see if the node is entered in the LDAP directory. If not, it will use a 'default' object in the LDAP directory that tells puppet to use some 'facter' information and enter the node in LDAP and define a few puppetclasses for the node. The puppetclasses defined tells what packages need to be installed on the specific node. Pretty slick.... As I mentioned, we are a school district with multiple architectures and multiple functions for our macs in all the schools. Each school has a different set of packages that need to be installed on specific machines. We have defined 'computer_groups' that represent all the different functionalities. The school technicians can manage what packages are installed and what computers need to be included in the 'computer_groups' for the computer's function. Puppet uses the computer's serial number as its host name and then searches all the 'computer_groups' in the LDAP directory for the 'memberUid=<sn>' and picks out the 'puppetvar' attribute which is a package that needs to be installed. There is a ruby routine that performs this function. In addition, there are packages that are architecture based so the LDAP directory is searched using the $sp-machine_model variable passed from facter. And another thing, we have some of our schools that are connected via T1 and we don't think that we can load packages onto about 40+ computers efficiently over the link, so we will be putting 'package servers' local to those sites. So we have a ruby routine that will look at the nodes domain name and determine where the node's package source will be. We are still in the testing phase of the project and I am sure that there will be changes, but using LDAP to determine package installation will be a HUGE time and money saver for us. Kurt Engle Network Engineer Eugene 4J Schools Eugene, Or. On Apr 8, 10:57 am, Kurt Engle <kurt.en...@gmail.com> wrote: > Rob, thanks again for your response. > > You are basically correct in understanding what we are trying to accomplish. > We have a number of different configurations for devices out there on our > network...too many. We are trying to get out of the business of determining > what needs to be installed on a defined group of machines. We want the local > techs to decide that and enter that information in LDAP for a given group of > computers. Puppet would just look up the package information which would be > returned as a variable to the manifest and push out the appropriate package. > Simple (conceptually) right? But, it does require some Ruby code that I have > yet to attempt to implement. > > I have done some experimentation with 'parentnode' it does function as you > mention. I was able to make a parentnode with puppetclasses defined. I took > my host and assigned it a parentnode as well as some puppetclasses. All the > packages related to both the parentnode and the device puppetclasses were > installed. However, the parentnode and the device had to be in the same > branch of the LDAP tree. I tried specifying a static LDAP path in the > parentnode value, but that did not work. As for multiple parentnodes... I > will give that a go as well. > > Thanks for all your help, > > -kurt > > On Wed, Apr 8, 2009 at 9:25 AM, Rob McBroom <pup...@skurfer.com> wrote: > > > On 2009-Apr-7, at 5:32 PM, engle wrote: > > > > I got puppet working with the LDAP search. It had to do with > > > authentication to my LDAP server. > > > Glad to hear it. > > > > We would like to define groups that represent the packages that would > > > be installed on a given computer. Then we would define the computers > > > in LDAP and assign them to the appropriate group(s). > > > Do you mean a groupOfNames in LDAP or something similar? You could > > certainly do this, but I don't know if there's an easy way to teach > > Puppet about these groups. I think you'd need to write your own code > > to get the node info out of LDAP. > > > > I have been able to define a device in LDAP, create a class based on > > > the 'puppetclass' in LDAP and install a package on the device. So, I > > > am about 1/4 of the way there. Now what I would like to do is to have > > > puppet follow a trail from the device itself to the device's group and > > > do the same thing, but have the puppetclass of the group return the > > > name of a package to puppet to install. Make Sense??? > > > You can have multiple puppetClass attributes for each machine, if that > > helps you any. Although, my approach would probably be to define the > > class(es) in LDAP, then use the class to build a list of packages. But > > maybe it would be nice for others in your organization to see all the > > packages in LDAP and not have to know about Puppet. I'm sure you have > > your reasons. Anyway, instead of groups, you might be able to > > accomplish this using parentnode. > > > > As a side but related question; what is the significance of the > > > 'parentnode' to puppet? > > > I haven't used it myself, but I believe you can have a parent node > > that defines its own puppetClass attributes, etc. Then you can have a > > "group" of machines with the same parent node and they would all > > inherit the classes (and maybe some other stuff) from that node. It's > > like saying "this machine belongs to X group" for each machine, rather > > than having a group that says "my members are A, B, C". So you > > wouldn't literally be creating groups in LDAP, but it might accomplish > > what you want. I'm not sure if you can assign multiple parent nodes. > > > -- > > Rob McBroom > > <http://www.skurfer.com/> > > > The magnitude of a problem does not affect its ownership. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
