SaltStack grains, modules, and states to manage Mac OS X.
The motivation for this repository is to provide SaltStack modules that call native API through PyObjC, in addition to command line tools. This gives a greater level of control than executing commands by themselves, which is what puppet, chef etc. are doing.
WARNING: A lot of modules are in a very early state of development, check the list below to see which are usable.
VERY IMPORTANT: You must disable multiprocessing on the Mac OS X minions for CoreFoundation modules to work. This is
because salt-minion threading does not work at all with CoreFoundation API. If you do not do this, the minion will
crash without warning when trying to execute some modules. This is not the case with salt-call
as it does not seem to
use multiple threads. Modules using the CoreFoundation API are listed below, marked with CF.
If you do use any of these modules you must edit your minion configuration file,
usually /etc/salt/minion
to include the following line:
multiprocessing: False
This repository can then be added to your file_roots
or whichever fileserver backend you happen to be using for your
master or masterless setup.
- filevault_enabled FileVault state, True or False.
- mac_admin_users List of users in the local admin group.
- mac_current_user Currently logged in user.
- mac_has_wireless AirPort or WiFi device enabled, True or False.
- mac_java_vendor JRE vendor (Apple or Oracle)
- mac_java_version JRE version string
- mac_laptop 'mac_desktop' or 'mac_laptop', indicating the hardware type.
- mac_timezone Current system timezone.
- ard mature Remote Management service configuration.
- authorization CF broken Utility module for granting authorization to CoreFoundation API.
- bluetooth mature Manage bluetooth.
- cups beta Configure printers
- desktop broken Interact with and manage the current users session.
- dscl beta Query and modify the local directory service.
- finder broken Interact with the Finder. Query and modify sidebar items (LSSharedFileList).
- keychain broken Add/Remove keychains and keychain items
- launchd broken Attempt to load jobs through CoreFoundation (completely broken)
- login beta Manage loginwindow preferences, Manage login items for current user.
- plist beta Manage PropertyList files/key values.
- power mature Interact with system power (i.e sleep/shutdown/reboot).
- mac_od_user mac_user module replacement using native DirectoryServices framework.
- mac_od_group mac_group module replacement using native DirectoryServices framework.
- mac_od_shadow mac_shadow module replacement using native DirectoryServices framework.
General Roadmap Notes:
-
SaltStack Shortcomings:
- services: launchctl.py enumeration of standard directories could potentially be faster through other API
methods. If i want to be really pedantic then
restart()
doesnt need the-w
flag for overrides. - pkg: brew.py/macports.py No implementation for
installer
tool? Steal another implementation just so that Salt could be used to bootstrap other package management solutions. - netstat: No netstat implementation for osx
- ps: No ps implementation for osx
- services: launchctl.py enumeration of standard directories could potentially be faster through other API
methods. If i want to be really pedantic then
-
Stuff that should be parity with macadmin:
- computer/computer group records (DSLocal)
- authorization db
- everything and anything that relates to profile installation
-
Need to support configuration profile management including generation and remote enrollment.
Requires the SaltTesting
package to execute unit and integration tests.