# office-hours
- b
bastelfreak
06/01/2023, 9:25 PMpersonal accounts are coming from ldap, system API accounts are local/static - s
steveax
06/01/2023, 9:27 PMso, is this a moving to a new server sort of scenario? Just trying to get a feel for what prompts the bootstrapping - b
binford2k
06/01/2023, 9:28 PM@bastelfreak are you making the case for 1. RBAC that can be managed with Puppet code, or 2. RBAC that can be automated via something, I don't care what. - b
bastelfreak
06/01/2023, 9:28 PMI prefer to manage it with puppet but I am happy with other solutions - b
bastelfreak
06/01/2023, 9:30 PM@steveax often customers have a PE infra and want to setup a new one in parallel for a migration, or a permanent second infra to move some agents to it to split llthe load - b
bastelfreak
06/01/2023, 9:31 PMand rule of thumb is often: a bare image is provided, puppet has to comfigure the rest and puppet code needs to be tracked in git - s
steveax
06/01/2023, 9:31 PMgotcha, thanks - b
bastelfreak
06/01/2023, 9:32 PMso we usually automate puppet with puppet as far as possible - s
steveax
06/01/2023, 9:36 PMso would something like the classifier’s import-hierarchy endpoint for RBAC roles & groups be helpful? - b
bastelfreak
06/01/2023, 9:37 PMabsolutly - s
steveax
06/01/2023, 9:37 PMthat seems like a non-controversial QoL improvement 😉 - b
bastelfreak
06/01/2023, 9:37 PMthen we could use it in a PE plan or wrire a type/proviser for it - s
steveax
06/01/2023, 9:41 PM’K, noted. I’ll definitely pass it along to product. - b
bastelfreak
06/01/2023, 9:42 PMawesome, thanks! - b
bastelfreak
06/01/2023, 9:46 PManother thing! - b
bastelfreak
06/01/2023, 9:46 PMI want to run a task on multiple node groups - s
steveax
06/01/2023, 9:46 PM🍿 - b
bastelfreak
06/01/2023, 9:47 PMUI allows notnto select multiple node groups - s
steveax
06/01/2023, 9:47 PMas in, I want to target nodes from multiple node groups? - b
bastelfreak
06/01/2023, 9:47 PMyes - s
steveax
06/01/2023, 9:49 PMultimately, it’s a pdb query, could wrap a plan around it, combine the rules, then use the classifier’sPOST /v1/rules/translate - s
steveax
06/01/2023, 9:50 PMthen use that for the targetspec - b
bastelfreak
06/01/2023, 9:51 PMbut then I need to get all nodes and resolve their groups? - b
bastelfreak
06/01/2023, 9:51 PMpuppetdb does not know rhe node groups? - s
steveax
06/01/2023, 9:52 PMCorrect, PDB doesn’t know about classification groups. - s
steveax
06/01/2023, 9:52 PMwhat we do is resolve the nodes by translating the classification group rules into a PDB query - b
bastelfreak
06/01/2023, 9:53 PMah the other way around - s
steveax
06/01/2023, 9:53 PMso, in a plan, you could do similar and aggregate the rules from multiple groups - b
bastelfreak
06/01/2023, 9:54 PMI would still prefer a UI adjustment :D - s
steveax
06/01/2023, 9:54 PMwe could do that directly in the Console GUI, but it’s already pretty complicated in there