Giters

glarizza / x_types

A collection of custom Puppet types and providers for Mac OS X.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

X_types

A collection of custom Puppet types and providers for Mac OS X.

Version: 0.0.1

Requirements:

  • Minimum OS: Mac OS X 10.5.8

  • RubyCocoa 1.0.2 or greater if deploying on Mac OS X Lion

    • Mac OS X Lion’s RubyCocoa contains a bug that will segfault under certain conditions

  • You can do something savage like this to get it installed…

<code>

case $::macosx_productversion_major {
  "10.7": {
    package { "RubyCocoa-1.0.2-OSX10.7.dmg":
      provider => 'pkgdmg',
      ensure => 'present',
      source  => 'http://iweb.dl.sourceforge.net/project/rubycocoa/RubyCocoa/1.0.2/RubyCocoa-1.0.2-OSX10.7.dmg',
      alias => 'rubycocoa',
    }
    exec { '/sbin/reboot':
      subscribe => Package['rubycocoa'],
      refreshonly => true,
    } 
  } 
}

</code>

  • Or you can be civilized and install it at the same you install Puppet and Facter

  • X_types has not been tested with Mac OS X 10.8 Mountain Lion

    • There will definitely be problems…

Notes:

At first glance, this module may appear to duplicate previous Puppet functionality (it does), but it is worth noting that X_types has the ability to create and manage resources in arbitrary dslocal nodes – a concept specific to Mac OS X management. It also adds support for managing some functionality specific to Mac OS X.

X_types also addresses bug #6017 in the Puppet mcx type by adding modality to this type and other similar types.

Examples:

Core Functionality:

Declare the x_types class

<code>

class { 'x_types': safe => 'false' }

</code>

  • It is not required that you declare the x_types class, but it is recommended.

  • The class takes a single parameter: $safe. This is a hook to prevent x_types from loading on incompatible machines.

  • The default value of $safe is ‘true’. To disable this check, send the parameter ‘false’.

Create a new dslocal node

<code>

x_node { 'MCX':
  active => 'true',
  provider => 'dslocal',
  ensure => 'present'
}

</code>

Create a new computer in the designated node

<code>

x_computer { "$::hostname":
  dslocal_node  => 'MCX',
  en_address    => "$::macaddress_en0",
  hardware_uuid => "$::sp_platform_uuid",
  ensure        => 'present',
  require       => X_node['MCX']
}

</code>

Create a new computer group and add the new computer record to it

<code>

x_computergroup { 'SomePolicyGroup':
  dslocal_node  => 'MCX',
  members       =>["$::hostname"],
  gid           => '5000',
  ensure        => 'present',
  require       => X_computer["$::hostname"]
}

</code>

Import MCX policy on the target computer group

  • Setting autocratic mode to ‘true’ expunges the previous mcx_settings from the target record prior to application.

  • Setting this to ‘false’, performs a merge where the policy that Puppet applies always takes precedence.

  • autocratic => ‘true’ is the default

<code>

  x_policy { 'SomePolicyGroup':
  dslocal_node  => 'MCX',
  provider      => 'x_mcx',
  type          => 'computergroup',
  plist         => '/private/etc/policy/mcx/applesoftwareupdates.plist',
  autocratic    => 'false',
  ensure        => 'present',
}

</code>

Special Providers:

Enable Apple Remote Desktop

<code>

x_remotemanagement { 'ard_setup':
  users     => { 'myadmin' => '-1073741569' },
  dirgroups => 'ardadmin, ardinteract, ardmanage, ardreports',
  dirlogins => 'enable',
  menuextra => 'disable',
  ensure    => 'running',
}

</code>

Bind to an Active Directory

  • Unless we have an authoritative hostname, abort bind operation

<code>

if "$::fqdn" == "$::certname" {
  x_node { 'some.domain':
    active        => 'true',
    ensure        => 'present'
    provider      => 'activedirectory',
    active        => 'true',
    computerid    => 'some_machine',
    username      => 'some_user',
    password      => 'a_password',
    ou            => 'CN=Computers',
    domain        => 'some.domain',
    mobile        => 'disable',
    mobileconfirm => 'disable',
    localhome     => 'disable',
    useuncpath    => 'enable',
    protocol      => 'afp',
    shell         => '/bin/false',
    groups        => 'SOME_DOMAIN\some_group,SOME_DOMAIN\another_group',
    passinterval  => '0',
  }
} else {
  $msg = "Our FQDN ($::fqdn) does not match our certname ($::certname). Aborting Puppet run..."
  notice($msg)
  notify { $msg: }
}

</code>

Enable ipfw and apply a set of rules

  • Rules read from a text file in the following form

  • rule_num action proto from range to range

  • Example: 12308 allow ip from 192.168.0.0/16 to any

<code>

x_firewall { 'ipfw':
  verbosity => '2',
  file      => '/private/etc/ipfw/ipfw_rules',
  require   => File['/private/etc/ipfw'],
}

</code>

Create a login or logout hooks

  • Allows you to define two types: login or logout

  • Allows you to set a precedence for each script per type

  • Scripts that share a precedence will be executed alphabetically

  • Script content defined inline or as a file on disk

<code>

 x_hook { 'loguser_in':
   type     => 'login',
   priority => '0',
   ensure   => 'present',
   content  => "
     #!/bin/bash
     USER_NAME=\${1}
     USER_UID=\${2}
     USER_GID=\${3}
     /usr/bin/syslog -s -r $syslog_server -l Info \"Login: \${USER_NAME}, uid=\${USER_UID}, gid=\${USER_GID}\"
     exit 0
   "
}

</code>

Custom Facts:

  • rubycocoa_version: returns authoritative RubyCocoa version

  • mac_console_users: adds 3 new custom facts

    • mac_console_users_names: names of users who have console sessions

    • mac_console_users_current: name of the user with current session

    • mac_console_users_total: number of user sessions

Known Issues:

  • x_group provider is missing (unimplemented)

  • x_mcx provider will continually re-apply policy under certain conditions (see comments in x_mcx.rb and x_policy.rb)

  • x_profile provider for x_policy type still unimplemented

  • x_firewall: alf provider unimplemented

About

A collection of custom Puppet types and providers for Mac OS X.