Puppet for dslocal Files

Configuring puppet to push out the file required for dslocal is not difficult. On my systems I only need to push out the contents of the 'computergroup' directory.

First we need to get the server to make the files available. I copy the files to from /private/var/db/dslocal/nodes/Default/computergroups to /var/puppet/bucket and make sure they are owned root:staff (puppet will complain if it can't copy the files to an existing users ownership). I also make the files 'rw' for the group. Puppet will change all this eventually.

Now we need a file /etc/puppet/fileserver.conf so that puppetmasterd runs its file server. Here's mine:

[computergroups]
    path /private/var/puppet/bucket/computergroups
    allow *

As you can see it's pretty complicated

Now we need to add to our manifest. Here's the lines :

file { "/private/var/db/dslocal/nodes/Default/computergroups":
    type    => 'directory',
    ensure  => 'directory',
    recurse => true,
    purge   => true,
    replace => false,
    owner   => 'root',
    group   => 'wheel',
    mode    => 600
    source  => "puppet://$server/computergroups",
}

Note that 'ensure' makes sure we are pointing to the right sort of object, 'recurse' means we check both the directory and all it's contents, 'purge' means we remove files that are no longer on our source, 'replace' makes sure that when we . The 'source' item is obvious from our 'fileserver.conf' but note that we used double quotes rather than single to have the variable name replaced

We could handle everything in dslocal/nodes/Default just as easily by shifting the name in fileserver.conf and the name in the manifest.

Check Handling MCX for details on handling the MCX preference records. Check Computers and Groups From the Command Line for some scripting for adding a computer to a computer group.