On Fri, Feb 18, 2011 at 11:29:12AM -0800, Daniel Pittman wrote: > On Thu, Feb 17, 2011 at 15:18, Robin Lee Powell > <rlpow...@digitalkingdom.org> wrote: > > On Thu, Feb 17, 2011 at 09:30:33AM -0800, Daniel Pittman wrote: > > > >> You could use the resource description tool, in a generate call in the > >> appropriate resource, to have puppet ruun the process of rebuilding the > >> appropriate manifest content on demand. (Probably needs a little scripting > >> wrapped around it to get the content in the right format.) > > > > I'm not following that at all, I'm afraid; especially "the resource > > description tool"; can you give me an example? > > So, if you want puppet to manage the user stuff, and to update a > manifest to reflect changes on one system later you can use 'puppet > resource user' to list all users known on the system, or 'puppet > resource user daniel' to get details on just daniel. > > That outputs a resource blob in puppet manifest format that you can > stick into a manifest somewhere to have puppet manage that user on > other systems. Basically, "tell me what would make this resource".
That is absolutely fascinating; I didn't know about that at all. I thought it might be nice to find out more about it, at which point I noticed that "man puppet" on my system is almost totally useless: Usage: puppet command space separated arguments Available commands are: agent, apply, cert, describe, doc, filebucket, kick, master, queue, resource and there appears to be no man pages for most of those commands. Is local documentation for this stuff distributed anymore? I'm on Debian with puppet package 2.6.2-4 I *did* find http://docs.puppetlabs.com/guides/tools.html , which says to read the man pages, but doesn't say what they're called. -_- Ah. It looks like what I want in "man ralsh" and "man pi" and similar, even though "pi file" doesn't work but "puppet describe file" does. That's a bit unfortunate. If someone can tell me what repo to patch against, I could generate a patch to turn things into git-style man pages, i.e. "man puppet-describe". > >> For the file content I would add another fileserver mount for > >> /home on that system, then serve the content into the appropriate > >> target location. > > > > An interesting idea, but I can see some decently heavy security > > issues there, and I'm sufficiently ignorant of puppet's security > > model to be afraid of them. > > As I understood it you already proposed coping those files, which > means that you are not really opening any more security issues by > doing it from the source rather than copying the source. (Puppet is a > read-only file server, if that helps. :) I would only be copying selected files; .bashrc, for example. That's very different from allowing access, even read-only, to everything in a user's home dir. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which "this parrot is dead" is "ti poi spitaki cu morsi", but "this sentence is false" is "na nei". My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
