For testing you could edit the facter ruby code to return hardcoded values instead of running system profiler. I think it just adds everything to a hash then prefixes it with 'sp' if I remember correctly. I've edited ours to return other data.
Kyle On Dec 22, 2008, at 1:02 PM, Carl Caum <carl.c...@gmail.com> wrote: > Ok, yeah. That's what I was thinking. I can't test this on > physical hardware since both our physical XServes are in > production. I'll see if I can get a mac mini ordered. > > On Dec 22, 2008, at 11:57 AM, Crawford Kyle wrote: > >> Is the client running on Mac hardware and not in a VM? Seems like >> system_profiler, which is used to generate default facts is >> failing. Maybe it doesn't work because of virtual hardware. >> >> >> On Dec 22, 2008, at 12:28 PM, Carl Caum wrote: >> >>> Most plist management can be done with the defaults command. It >>> means we exec out everytime, but we could write a definition/ >>> plugin around it. >>> >>> I'm having trouble getting puppet to run on OS X. I installed >>> 0.24.7 on my OS X server VM using gems. After signing the >>> certificate on the puppetmaster side, I get this on the client side: >>> >>> 2008-12-22 11:25:35.796 system_profiler[6552:10b] Exception while >>> calling [SPPlatformReporter updateDictionary:] >>> *** -[NSCFArray objectAtIndex:]: index (3) beyond bounds (2) >>> err: Could not retrieve catalog: undefined method `[]' for >>> nil:NilClass >>> >>> Any ideas? >>> On Dec 19, 2008, at 11:16 PM, Crawford Kyle wrote: >>> >>>> >>>> On Dec 19, 2008, at 10:48 PM, Nigel Kersten wrote: >>>> >>>>> >>>>> >>>>> On Fri, Dec 19, 2008 at 7:23 PM, Crawford Kyle >>>>> <kcrw...@gmail.com> wrote: >>>>> >>>>> On Dec 19, 2008, at 7:55 PM, Nigel Kersten wrote: >>>>>> >>>>>> On Fri, Dec 19, 2008 at 2:29 PM, Carl Caum >>>>>> <carl.c...@gmail.com> wrote: >>>>>> >>>>>> Does anyone know how to go about joining Mac OS X Leopard to an >>>>>> Active >>>>>> Directory domain with puppet? >>>>>> Primarily it needs to be broken down in to doing LDAP >>>>>> authentication >>>>>> with a few attribute mappings and using kerberos for the password >>>>>> authentication. >>>>>> >>>>>> You're going to want to push out your DS preferences and then >>>>>> do an exec for the joining of the machine account I imagine, >>>>>> although you could do some of this with templates..... >>>>>> >>>>>> How were you doing this before Puppet? >>>>>> >>>>>> There are no native types now, because those of us doing the >>>>>> Mac stuff with Puppet don't work in AD environments :) >>>>>> >>>>>> I'm more than happy to spend time helping you work through this >>>>>> though Carl. I'm reasonably familiar with AD integration even >>>>>> though we don't do it here. >>>>>> >>>>>> This would be a great recipe to get up on the Puppet wiki. >>>>> >>>>> We are in a large AD environment using Puppet. We currently >>>>> handle the AD joining outside of Puppet with a python script in >>>>> a launchd job that runs at first boot, though we will probably >>>>> be moving this to Puppet. >>>>> >>>>> The typical steps are: >>>>> Make sure time server is set and time is set correctly >>>>> ( ntpd.conf or exec systemsetup ) >>>>> Activate AD plugin by enabling it in DirectoryService.plist. >>>>> ( just a simple key value but I think you need to restart >>>>> DirectoryService for it to notice ) >>>>> Configure AD plugin using dsconfigad options. ( this can take a >>>>> lot of options all of these just change key values in >>>>> ActiveDirectory.plist ) >>>>> Join to domain using dsconfigad with a limited AD account and >>>>> password with permissions to add machines to your OU. ( this >>>>> would need to exec the dsconfigad command with username, >>>>> password, OU, machine join name. Unfortunately the password is >>>>> passed to dsconfigad in clear text as a parameter ) >>>>> Set the authentication search path to Custom, and include your >>>>> AD domain node using dscl. ( dscl exec ) >>>>> >>>>> We do manage the time server with Puppet and setting a couple of >>>>> mapping attributes in the AD plists. >>>>> >>>>> I'm happy to help you get this all working in Puppet as well. >>>>> >>>>> oh cool. I didn't realize you were doing AD integration Kyle. >>>>> >>>>> How are you ensuring that AD continues to be configured on the >>>>> clients? Does the python launchd job do all of this? Or are you >>>>> managing some components as Puppet resources? >>>>> >>>>> I've been thinking for a while about how to mange >>>>> DirectoryService nodes as native Puppet types, but there are so >>>>> many attributes to think about I'm not sure it actually >>>>> simplifies matters all that much... >>>> >>>> Yes, I've done a lot of AD integration work. The python script I >>>> wrote tests the configuration and scenarios related to AD Node >>>> status and takes action if necessary. The only part in Puppet so >>>> far is management of a couple AD plist keys. >>>> >>>> Agreed, DirectoryService node configuration can get complex. >>>> There may be lower hanging fruit like improved plist management >>>> that would help in all areas including DirectoryService. >>>> >>>> Kyle >>>> >>>> >>>> >>>> >>> >>> >>> >>> >> >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
