Hi. On Dec 13, 2010, at 1:30 PM, Jesús Couto wrote: > Hi. > > Lets say that for several administrative/burocratic/procedural reasons, you > dont have the option of running puppet as root, in any way - not as a daemon > on the managed node, nor as root on the command line with puppet apply. Say, > you are the "middleware" application team and you dont have the rights to > touch any part of the server that are not your apache/tomcat/whatever > instances, so you run puppet under your "middleware" account(s) > > Do you think there is still value to be obtained from puppet with this > limitation? Anybody running it that way and wants to share why and what > benefits do they get? For what I can see it should be possible but then you > throw out a lot of functionality - your manifests cant do things like ensure > an user or a package are installed, cause that needs root, probably you cant > even start the services if they use privileged ports unless somebody else > defined a sudo for you to do it, but you can deploy files under your user, > instantiate templates, maybe.... maybe with correct reporting tell the > "system" level guys that you need X or Y done when the manifest dies cause it > is not in place, etc.
my customer has different departments who have different responsibilities. the unix team started with puppet implementation on os level. very soon an application team learned about puppet and asked for inclusion of their config files but were forced to use their own puppetmaster. we now have two puppetmasters and two instances of puppetclient running on a server: one client is used for base os and one for the application configuration. the base os puppet client runs in daemon mode and connects every 30 minutes to puppetmaster the application puppet is running in application user space (non-root) and runs in listen mode. the application team can initiate a puppetrun on their application puppetmaster. another option which was discussed but declined was using different or cascaded vcs repositories. Martin > ------------------------------ > > Jesús Couto F. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
