On Tuesday, June 11, 2013 8:30:18 AM UTC-5, Matthew Ward
wrote:>
> I''m rather new to working with puppet so forgive me it these are
solved
> problems. I''ve read through some documentation, but was not able
to find
> the full set of information to answer all my questions.
>
> I''m being tasked with finding/configuring/developing an enterprise
> resource configuration tool. We have several on the table but puppet/chef
> are the only cross-platform options, so this is why I''m coming
here for
> help. If the problems I am trying to solve are solved, please reply with
> links and I''ll work it out. I''m fine with having to
develop some code to
> make this a reality, I just want to make sure a) I''m not
reinventing the
> wheel, b) I am following best practices.
>
> What I am trying to achieve "Resource Orchestration". What I mean
is,
> based on LDAP attributes, a "resource" (machine and user) would
be
> provisioned, configured and presented with a "custom" configured
VDI. The
> VDI portion is a solved issues. Managing the resources within the VDI is
> what we are trying to achieve.
>
> Use case 1:
> User "Bob", of ou=Developers, authenticates using LDAP to
machine
> resource "Desktop". Desktop has standard facts, as I understand
it, that
> can allow for custom configuration? Do users have Facts? Is it possible to
> mount shares, in windows also, and present icons to the desktop to Bob?
> Can, based on the LDAP attribute of Developer, something like Eclipse or
> Python SDK be installed? The idea is I''m trying to make a single
management
> point to my LDAP and manage my resources from there. I''m not
totally
> married to my LDAP being my primary control point, just the user identities
> inside an LDAP being the authentication and authorization. If there is
> another product that sucks in LDAP resources that puppet works with,
I''d
> love to know.
>
> Use case 2:
> User "Bob" authenticates, using a smart card with PKI, to
resource
> "Desktop". Bob''s authentication works based on an
enterprise attributes
> from the smart card certificate. Bob, exist on multiple LDAP (e.g.
> dc=test,dc=com and dc=prod,dc=com) with the same "username"
(EDI/PI) from
> the card. Not all users would exist in multiple domains, but Bob does. Can
> I further provision the user resource and computer resource based on this
> additional information?
>
> I''m not looking to make puppet my sole solution if it''s
not the right tool
> to do the job.
>
>
Puppet is not a script engine; it is a state management tool. Although it
could probably be shoehorned into the role you envision, it is not designed
to adapt the target machine state to dynamic events occurring there (such
as user logins). At minimum, you would need to provide your own hooks into
the target systems to respond to appropriate events by triggering Puppet
runs.
With that said, Puppet can ensure software packages are installed; can
ensure particular files are in (or absent from) particular locations, which
would support customizing desktop icons; and can mount shares, among other
things. It can be made to read data from LDAP via an appropriate plugin to
its external data service, ''hiera''.
On the other hand, I''m not sure "cross-platform" buys you all
that much
here, because you are going to need some non-trivial platform specific
pieces.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.