I am attempting to implement Puppet with the roles & profiles pattern. I have identified two distinct profiles at this point:
-security: provides a wide range of security-related configurations to hosts.
-ad_client: provides configurations to enable AD authentication to Linux clients.
I think these both make sense as independent profiles because either one may apply to a given host not necessarily both. Therefore, I think I have to make each one complete (i.e. fully instantiate classes in each) so that it can stand on its own.
However, for hosts that may require both of these profiles there exists fairly substantial overlap (e.g. both configure pam, sshd and sssd).
How can one create modular profiles but avoid such overlap?
Aucun commentaire:
Enregistrer un commentaire