Hi Damian, On Sat, Jan 26, 2013 at 1:12 PM, <[email protected]> wrote: > Hi All, > > I am currently looking at using PE to provide our config management (and > orchestrated deployment via MCollective) for our app stack. It is currently > used to manage the Linux OS estate but not yet for Windows. I'd like to use > the same tool so that the people who develop and manage apps on both OS only > have a single learning curve and given PE is already used in the > organisation that is my first choice. > In my initial investigation there are a number of critical functions that > currently cannot be managed out the box (or via modules on PuppetForge) > which i would have expected from a tool such as this. (I appreciate that > Windows support on Puppet is relatively new and that I could create my own > modules. However that would mean learning Ruby *and* Puppet, diverting > resource away from their main job, and convincing management to allow custom > coding something that they'd expect out of the box of such a tool is going > to be tricky!). > > So, are there currently any plans to provide > - NTFS file support to allow detailed control of permissions settings and > not relying on the very limited POSIX -> Windows mapping in the current File > resource. (And yes i understand the RAL and reasons behind it, but this is > kind of a deal breaker for us for the Windows side of our estate)?
This is on our Windows roadmap, filed as https://projects.puppetlabs.com/issues/13249. Recently, the priority has increased as we've been hearing similar comments from other users. With that said, I'm curious what use cases you're looking to solve. Are you looking to specify the complete state of the DACL, e.g. grant permissions to these accounts, deny to these, control inheritance? Or a partial state, e.g. ensure administrators has full control and ignore other ACEs that are present. Or is it a compliance issue, e.g. ensure only administrators can write? Also are you looking to manage DACLs on other securable objects, e.g. registry keys. Also are you looking to manage SACLs? > - Setting the user for a Service on Windows? (I know i could probably exec > out to sc.exe to achieve this but would like it config managed) This is filed as https://projects.puppetlabs.com/issues/17706. It would be trivial to implement, as we already have the SID resolution code in place, and it would be similar to how we manage the user account for scheduled tasks. > > And probably not for this forum (but i know PuppetLabs employees are > reading)... > - Do you have any idea of of when MCollective support in Puppet Enterprise > will be provided for Windows. I can't specify when exactly, but this is a high priority for us. The top-level ticket is filed as https://projects.puppetlabs.com/issues/11206. The hard work of getting mcollective running on windows has already been done. The remaining issues are around packaging, updating PE modules to support windows, and better mcollective control of the puppet agent, all of which are straightforward tasks. Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
