Puppet with Mac and GNU/Linux

Puppet on Mac is a mixture of Puppet on Linux and Windows. Registry settings are called “secrets” and to make things easier, you need to install homebrew.

Enforcing a local admin is a little bit tedious. In the past few OSX releases, the have changed their password hashing algorithm several times. This causes a few case statements based on release version in order to set up one single local admin.

Secret management is a little more complicated than Windows registry management. First, you need to find your secret decoder website (which is now only available in the archive), next you need to rip out the puppet code to manage secrets (because nobody thought it wise to follow Puppet best practice and make a module do only one thing) and make your own personal company module, and finally you are ready to define an OSX secret. I use boxen::osx_defaults to set up the Mac equivalent of legalNoticeText with this code:

  boxen::osx_defaults { "loginwindowtext" :
    domain => '/Library/Preferences/com.apple.loginwindow.plist',
    key    => 'LoginwindowText',
    value  => "This computer system is the property of ....",
  }

Managing a GNU/Linux workstation is similar to OSX and Windows only you know what you are doing and everything makes sense because smart people write and manage the software. I choose to use KDM as the greeter is easier to customize and make the default Desktop Environment to be GNOME. On my greeter background, I have the legalNoticeText properly formatted to my liking and saved in the background image. So far I am the only GNU/Linux workstation on Puppet so I haven’t configured it to a great extent. It does help between re-installs though šŸ™‚