On Dec 22, 2008, at 11:42 AM, Nigel Kersten wrote:
>
>
> On Mon, Dec 22, 2008 at 9:28 AM, Carl Caum <carl.c...@gmail.com>
> wrote:
> Most plist management can be done with the defaults command. It
> means we exec out everytime, but we could write a definition/plugin
> around it.
>
> It also has the sometimes undesirable side effect of converting all
> your xml1 property lists to binary format.
>
> We tend to use PlistBuddy here for this reason.
>
>
> I'm having trouble getting puppet to run on OS X. I installed
> 0.24.7 on my OS X server VM using gems. After signing the
> certificate on the puppetmaster side, I get this on the client side:
>
> 2008-12-22 11:25:35.796 system_profiler[6552:10b] Exception while
> calling [SPPlatformReporter updateDictionary:]
> *** -[NSCFArray objectAtIndex:]: index (3) beyond bounds (2)
> err: Could not retrieve catalog: undefined method `[]' for
> nil:NilClass
>
> I've never seen that... do you get the same bug using the packages at:
>
> http://explanatorygap.net/puppetfacter/
>
> ?
These do not work either. The problem seems to be in facter when
getting hardware information. I get this when I run facter directly:
2008-12-22 11:58:06.223 system_profiler[6613:10b] Exception while
calling [SPPlatformReporter updateDictionary:]
*** -[NSCFArray objectAtIndex:]: index (3) beyond bounds (2)
/Library/Ruby/Site/1.8/facter/util/macosx.rb:29:in
`hardware_overview': undefined method `[]' for nil:NilClass
(NoMethodError)
from /Library/Ruby/Site/1.8/facter/macosx.rb:28
from /Library/Ruby/Site/1.8/facter/util/loader.rb:72:in `load'
from /Library/Ruby/Site/1.8/facter/util/loader.rb:72:in `load_file'
from /Library/Ruby/Site/1.8/facter/util/loader.rb:38:in `load_all'
from /Library/Ruby/Site/1.8/facter/util/loader.rb:33:in `each'
from /Library/Ruby/Site/1.8/facter/util/loader.rb:33:in `load_all'
from /Library/Ruby/Site/1.8/facter/util/loader.rb:30:in `each'
from /Library/Ruby/Site/1.8/facter/util/loader.rb:30:in `load_all'
from /Library/Ruby/Site/1.8/facter/util/collection.rb:90:in `load_all'
from /Library/Ruby/Site/1.8/facter.rb:91:in `to_hash'
from /usr/bin/facter:121
Could this be because I'm running OS X as a virtual machine?
>
>
>
> Any ideas?
> On Dec 19, 2008, at 11:16 PM, Crawford Kyle wrote:
>
>>
>> On Dec 19, 2008, at 10:48 PM, Nigel Kersten wrote:
>>
>>>
>>>
>>> On Fri, Dec 19, 2008 at 7:23 PM, Crawford Kyle <kcrw...@gmail.com>
>>> wrote:
>>>
>>> On Dec 19, 2008, at 7:55 PM, Nigel Kersten wrote:
>>>>
>>>> On Fri, Dec 19, 2008 at 2:29 PM, Carl Caum <carl.c...@gmail.com>
>>>> wrote:
>>>>
>>>> Does anyone know how to go about joining Mac OS X Leopard to an
>>>> Active
>>>> Directory domain with puppet?
>>>> Primarily it needs to be broken down in to doing LDAP
>>>> authentication
>>>> with a few attribute mappings and using kerberos for the password
>>>> authentication.
>>>>
>>>> You're going to want to push out your DS preferences and then do
>>>> an exec for the joining of the machine account I imagine,
>>>> although you could do some of this with templates.....
>>>>
>>>> How were you doing this before Puppet?
>>>>
>>>> There are no native types now, because those of us doing the Mac
>>>> stuff with Puppet don't work in AD environments :)
>>>>
>>>> I'm more than happy to spend time helping you work through this
>>>> though Carl. I'm reasonably familiar with AD integration even
>>>> though we don't do it here.
>>>>
>>>> This would be a great recipe to get up on the Puppet wiki.
>>>
>>> We are in a large AD environment using Puppet. We currently handle
>>> the AD joining outside of Puppet with a python script in a launchd
>>> job that runs at first boot, though we will probably be moving
>>> this to Puppet.
>>>
>>> The typical steps are:
>>> Make sure time server is set and time is set correctly
>>> ( ntpd.conf or exec systemsetup )
>>> Activate AD plugin by enabling it in DirectoryService.plist.
>>> ( just a simple key value but I think you need to restart
>>> DirectoryService for it to notice )
>>> Configure AD plugin using dsconfigad options. ( this can take a
>>> lot of options all of these just change key values in
>>> ActiveDirectory.plist )
>>> Join to domain using dsconfigad with a limited AD account and
>>> password with permissions to add machines to your OU. ( this
>>> would need to exec the dsconfigad command with username, password,
>>> OU, machine join name. Unfortunately the password is passed to
>>> dsconfigad in clear text as a parameter )
>>> Set the authentication search path to Custom, and include your AD
>>> domain node using dscl. ( dscl exec )
>>>
>>> We do manage the time server with Puppet and setting a couple of
>>> mapping attributes in the AD plists.
>>>
>>> I'm happy to help you get this all working in Puppet as well.
>>>
>>> oh cool. I didn't realize you were doing AD integration Kyle.
>>>
>>> How are you ensuring that AD continues to be configured on the
>>> clients? Does the python launchd job do all of this? Or are you
>>> managing some components as Puppet resources?
>>>
>>> I've been thinking for a while about how to mange DirectoryService
>>> nodes as native Puppet types, but there are so many attributes to
>>> think about I'm not sure it actually simplifies matters all that
>>> much...
>>
>> Yes, I've done a lot of AD integration work. The python script I
>> wrote tests the configuration and scenarios related to AD Node
>> status and takes action if necessary. The only part in Puppet so
>> far is management of a couple AD plist keys.
>>
>> Agreed, DirectoryService node configuration can get complex. There
>> may be lower hanging fruit like improved plist management that
>> would help in all areas including DirectoryService.
>>
>> Kyle
>>
>>
>>
>>
>
>
>
>
>
>
> --
> Nigel Kersten
> Systems Administrator
> Tech Lead - MacOps
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
