Puppet is really meant for managing systems, not data. The data in LDAP is really more like database data, not so much as system information, even though many system services use it to get information.
Consider if you would use Puppet to manage data (like web site content) in a MySQL database. You might use Puppet to create the table structure as part of the installation process, but not to revise the data itself. ❧ Brian Mathis On Thu, Nov 14, 2013 at 2:50 AM, William Leese <william.le...@meltwater.com>wrote: > Hi, > > I'm faced with the question if we should be doing user management directly > using freeipa (an integrated LDAP, Kerberos, CA, etc) or by manipulating > freeipa using Puppet. > Installation and configuration of the service is already performed through > Puppet so this only concerns the data stored by freeipa (users, groups, > sshkeys, sudo permissions, etc). > > Pros of puppet: > - everything goes through source control > - we love puppet > > Cons: > - exposing all functionality is near impossible and thus the chances of > the puppet config not being a perfect representation of the freeipa config > is rather high > > I was wondering if fellow admins have faced this question and have any > insights I should consider. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/c0ad2090-2eae-4561-9b2d-4f31b6fe9b6e%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CALKwpEypTcgHOAyk05uM%3DALsYui%2BLNKbw2BXfXx9_D1yrS_KQA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
