Versions Compared

Old Version 36

changes.mady.by.user Liz Nemsick

Saved on

compared with

New Version 37

changes.mady.by.user Liz Nemsick

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • It yields a DIT that is simple to understand and navigate.

  • API change is not unexpected for simp/simpkv since it is still experimental (version < 1.0.0) and not used by default.

  • SIMP can help with the transition to lowercase key names for any existing simpkv key paths or simplib::passgen password names (whether using legacy mode or simpkv mode).

    • Any SIMP-provided modules that uses simplib::passgen can be modified to ensure the password names are downcased.

    • The simplib::passgen function that uses simpkv can be modified to downcase existing password names that have any uppercase letters and then to emit a warning.

    • In the script SIMP will provide to import any existing simpkv key entries or simplib::passgen passwords into an LDAP simpkv backend, there can be a check for uppercase letters in the destination key paths. The script can either skip the import of the problematic entries, or warn the user of the conversion. Then, it would be up to the user to make any adjustments to their manifests.

...

OID Subtree Design and Custom LDAP Schema

Either option for the LDAP DIT for SIMP data requires at least one custom LDAP object class. The LDAP object class, in turn, must be specified by a unique OID

...

. This section proposes a SIMP OID subtree design to support LDAP OIDs and then uses the OIDs in schemas for the two DIT options discussed above.

SIMP OID Subtree

SIMP has an officially registered OID, 1.3.6.1.4.1.47012, under which all OIDs for Puppet, SNMP, etc should reside. Once an OID is in use, its definition is not supposed to change. In other words, an OID can be deprecated, but not removed or reassigned a different name. So, the OID tree must be designed to allow future expansion.

Below is the proposed SIMP OID subtree showing the parent OIDs for attributes and class objects needed for the SIMP DIT.

...

LDAP Schema Elements

Custom Schema

  • Multiple plugin instances, possibly from different versions of the same module, can be instantiated at the same time in the puppetserver.

    • Plugin implementations must be thread safe.

    • Plugin implementations mreventing cross-puppet-environment contamination is essential

...