On Tuesday, June 11, 2013 8:30:18 AM UTC-5, Matthew Ward wrote: > > I'm rather new to working with puppet so forgive me it these are solved > problems. I've read through some documentation, but was not able to find > the full set of information to answer all my questions. > > I'm being tasked with finding/configuring/developing an enterprise > resource configuration tool. We have several on the table but puppet/chef > are the only cross-platform options, so this is why I'm coming here for > help. If the problems I am trying to solve are solved, please reply with > links and I'll work it out. I'm fine with having to develop some code to > make this a reality, I just want to make sure a) I'm not reinventing the > wheel, b) I am following best practices. > > What I am trying to achieve "Resource Orchestration". What I mean is, > based on LDAP attributes, a "resource" (machine and user) would be > provisioned, configured and presented with a "custom" configured VDI. The > VDI portion is a solved issues. Managing the resources within the VDI is > what we are trying to achieve. > > Use case 1: > User "Bob", of ou=Developers, authenticates using LDAP to machine > resource "Desktop". Desktop has standard facts, as I understand it, that > can allow for custom configuration? Do users have Facts? Is it possible to > mount shares, in windows also, and present icons to the desktop to Bob? > Can, based on the LDAP attribute of Developer, something like Eclipse or > Python SDK be installed? The idea is I'm trying to make a single management > point to my LDAP and manage my resources from there. I'm not totally > married to my LDAP being my primary control point, just the user identities > inside an LDAP being the authentication and authorization. If there is > another product that sucks in LDAP resources that puppet works with, I'd > love to know. > > Use case 2: > User "Bob" authenticates, using a smart card with PKI, to resource > "Desktop". Bob's authentication works based on an enterprise attributes > from the smart card certificate. Bob, exist on multiple LDAP (e.g. > dc=test,dc=com and dc=prod,dc=com) with the same "username" (EDI/PI) from > the card. Not all users would exist in multiple domains, but Bob does. Can > I further provision the user resource and computer resource based on this > additional information? > > I'm not looking to make puppet my sole solution if it's not the right tool > to do the job. > >
Puppet is not a script engine; it is a state management tool. Although it could probably be shoehorned into the role you envision, it is not designed to adapt the target machine state to dynamic events occurring there (such as user logins). At minimum, you would need to provide your own hooks into the target systems to respond to appropriate events by triggering Puppet runs. With that said, Puppet can ensure software packages are installed; can ensure particular files are in (or absent from) particular locations, which would support customizing desktop icons; and can mount shares, among other things. It can be made to read data from LDAP via an appropriate plugin to its external data service, 'hiera'. On the other hand, I'm not sure "cross-platform" buys you all that much here, because you are going to need some non-trivial platform specific pieces. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
