Sometimes Puppet providers execute their logic based on the contents of a @property_hash, which is just a representation of a resource’s actual state. Its easy enough to test a provider for the basics, but populating the @property_hash for a unit test has always been something of a chore, and often gets skipped, leaving large portions of provider code untested. I wish I’d understood this years ago, but now that I’ve got my head round it, its pretty simple. ...
User management can be a bit of a sore subject for some admins, but I’ve found it can really pay off when done correctly, though its not always clear what that means. I’ve been on both sides of that line in the past, sometimes when the line moves, and sometimes not. I’m a believer that managing the users and groups in your organization proficiently and with low overhead is important. It should be done well, if for no other reason, than to be able to state authoritatively who should have access to what and why, ideally requiring as little administrative time as possible once the system is in place. ...
Over the last year, I’ve been slowly moving some of my private Puppet code to use LDAP as a data source. Through this process, a bit of strategy, some tool and some schema has emerged I’ll share here. It’s worth noting that Puppet has had an LDAP Node Classifier for quite some time, probably longer than I’ve been using Puppet. Though looking over the documentation, you wouldn’t know it, but the most useful bit of this whole work is that fact that Puppet supports the configuration variables necessary to make a connection to an LDAP server, and those variables are available for reference. ...
I recently had some network trouble that isolated a system I use to host FreeBSD jails to be without network. The bummer of it is, that I used this particular system for hosting most of my primary working system. Things like CI and Puppet and such all lived in neat little jails, and while all the little jails and all the little services are still on disk I have no access. I suspect the hand-me-down Cisco switch is the culprit, but after years of service, meh. ...
Failure happens. Its a part of working in technology, and as a techno worker bee, my job is to ensure that those failures have as little impact on my team and my company as can be summoned. Part of this (as the business peeps say) “risk mitigation strategy”, is backups. Its a part of working in technology that I want to give as little attention as possible, so its important its low touch and that its done correctly and is available when I need it. ...