On Jul 20, 2010, at 9:15 AM, noob-puppeteer wrote: > In the case of LDAP, how would this work? Would you store your entire > puppet config in LDAP or just the user information? I am looking > documentation for storing all puppet info in LDAP, and that is a bit > unwieldy, since all configuration is stored as key-value pairs. Its > almost another language on top of puppet.
I think he was referring to using LDAP to define users and groups centrally, which doesn’t really have anything to do with Puppet other than simplifying your manifests and speeding up each run. Some advice though: Set up multiple LDAP servers with replication and failover right away. We ran with just one for a while based on capacity needs alone, but you’d be amazed at all the unexpected things that go to hell when LDAP becomes unavailable. Contact me off-list if you want more information. As for using LDAP to configure Puppet, you don’t have to store everything there. As a general rule, you just assign classes to nodes in LDAP, then define the class in your manifests to do XYZ to those nodes. You can use all of the other LDAP attributes to make decisions and you can assign variables, but I’ve been able to do most of what I need just using classes. -- Rob McBroom <http://www.skurfer.com/> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
