Philip Brown
2013-Jul-11 17:06 UTC
[Puppet Users] Delegation of responsability for SOME things
Howdy folks, "we" the sysadmins at $DAYJOB, are liking puppet for our OS setups. Now we are interested in something that''s going to make application deployment and config easier. Trouble is, we''re a large shop. So we have a separate "application support" group, whom we dont particularly want to give out root access to. Is there some "best practices" method to allow some non-root-blessed group, to have *partial* access to puppet, for purposes of application deployment only? And/or is there some other tool that is better suited for this sort of thing? In some ways, we''d prefer to keep the appdevelopers off our puppetmaster machine entirely, since we wouldnt want them to accidentally get access to some machine because we forgot to chmod some directory that is not their responsability, that also has passwords or public keys in it. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Nikola Petrov
2013-Jul-12 06:30 UTC
Re: [Puppet Users] Delegation of responsability for SOME things
Why don''t you use some other tool for application deployment? This will make your life a lot easier! In my experience puppet is not the best option for application deployment because it uses "pull" based changes. In some usecases this is just not possible and a push based solution is far better. Tools like fabric or capistrano are examples of push based solutions for deployment In the best scenario you declare what needs to be installed on each system for the application to run properly and then let the users deploy/redeploy their systems. -- Nikola On Thu, Jul 11, 2013 at 10:06:27AM -0700, Philip Brown wrote:> Howdy folks, > > "we" the sysadmins at $DAYJOB, are liking puppet for our OS setups. > Now we are interested in something that''s going to make application > deployment and config easier. > > Trouble is, we''re a large shop. So we have a separate "application support" > group, whom we dont particularly want to give out root access to. > > Is there some "best practices" method to allow some non-root-blessed group, > to have *partial* access to puppet, for purposes of application deployment > only? > > And/or is there some other tool that is better suited for this sort of > thing? > > In some ways, we''d prefer to keep the appdevelopers off our puppetmaster > machine entirely, since we wouldnt want them to accidentally get access to > some machine because we forgot to chmod some directory that is not their > responsability, that also has passwords or public keys in it. > > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.