Ski Kacoroski
2008-Jul-28 21:00 UTC
[Puppet Users] Best practice for file with just a few bits of changed data
Hi, I am managing several thousand macs and we need to manage some of the user preference files. These files are often the same except for the user''s name embedded in them. Since I have the name as a fact, is there some way to make use of the template system to manage these files (e.g. have puppet create them on the fly for each user account it finds and then be sure that if the user changes it, puppet will change it right back). Appreciate pointers and best practices on how to do this. cheers, ski -- "When we try to pick out anything by itself, we find it connected to the entire universe" John Muir Chris "Ski" Kacoroski, kacoroski@gmail.com, 206-501-9803 or ski98033 on most IM services --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Nigel Kersten
2008-Jul-28 21:15 UTC
[Puppet Users] Re: Best practice for file with just a few bits of changed data
What kind of files are they Ski? Are they OS X plist files? One problem with managing plists via templates is that they come in two forms, the xml1 and the binary form. The xml format is easy to manage with puppet templates, but the problem you have is that if anything uses CFPreferences to modify the plist, it will switch over to the binary format. That''s not such a huge problem if you''re managing the whole file in puppet anyway though I guess. If you only want to manage one file, we have a mac-defaults virtual type we use to ensure the existence of certain preference values that I can send you, but I''m planning on rewriting it to use PlistBuddy or the Ruby plistlib instead of defaults as defaults is kind of annoying with certain scenarios like checking to make sure a certain value doesn''t exist. You should definitely be able to use templates to do what you want if you do want to manage the whole file though, but this is one of those cases where you might want to investigate using MCX to manage this via policy instead. Even if you don''t have a central directory service where you can store MCX data, you can always put MCX data into the DSLocal domain for 10.5 clients. Feel free to ping me about this off list if you want to look into non-puppet ways of managing this. We use a combination in some situations, with a Puppet template that manages the localhost computer record in DSLocal to set MCX policy to enforce/not enforce FileVault depending upon whether a given machine is a desktop or a laptop. The nice thing about using MCX is that the rest of the preference system is aware of it, so you''ll get bonuses like the preference panes simply greying out a certain choice, rather than the user being confused as to why they make a setting and puppet continually switches it back. On Mon, Jul 28, 2008 at 2:00 PM, Ski Kacoroski <kacoroski@gmail.com> wrote:> > Hi, > > I am managing several thousand macs and we need to manage some of the > user preference files. These files are often the same except for the > user''s name embedded in them. Since I have the name as a fact, is there > some way to make use of the template system to manage these files (e.g. > have puppet create them on the fly for each user account it finds and > then be sure that if the user changes it, puppet will change it right > back). Appreciate pointers and best practices on how to do this. > > cheers, > > ski > > -- > "When we try to pick out anything by itself, we find it > connected to the entire universe" John Muir > > Chris "Ski" Kacoroski, kacoroski@gmail.com, 206-501-9803 > or ski98033 on most IM services > > > >-- Nigel Kersten Systems Administrator Tech Lead - MacOps --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---