Use classes and inheritance.
What I would do is something like this:
class base-node {
@package {
"sudo":
ensure => installed;
"sudo-ldap":
ensure => installed;
}
@user {
# Obviously fully define your user here.
"bob":
ensure => present;
}
}
class ldap-node inherits base-node {
realize Package["sudo-ldap"]
}
class non-ldap-node inherits base-node {
realize Package["sudo"]
realize User["bob"]
}
node some-app-node {
include ldap-node
}
node some-other-node {
include non-ldap-node
}
Hope that helps!
Regards,
Paul
On Wed, Dec 24, 2008 at 1:32 AM, gary <garyyuen@gmail.com>
wrote:>
> Hello,
>
> We have LDAP and non-LDAP nodes and some accounts that should be
> created only on non-LDAP nodes. I''m not sure the best way to
handle
> this. I can remember where to put things specifically though having
> better checks would be nice. Like
>
> debian sudo-ldap conflicts with sudo, so only one should be installed
> check define of other ldap related file like a package?
>
> users
> manage local root of every machine - seems like
> nss_initgroups_ignoreusers root in ldap.conf is necessary. Maybe my
> nsswitch and pam config could be better as well.
>
> files
> some would depend on if it''s an ldap node.
>
> Maybe it''s best to define $hasldap somewhere.
>
> Gary
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---