Greetings, Our environment consists of about 600 Redhat Enterprise Linux 3, 4, 5, and soon 6 servers. We use cfengine 2 currently, but plan on migrating to puppet. Right now, we have our root-owned cfengine client running every 15 minutes from cron contacting a single cfservd server. Additionally, our employees start their own cfengine and puppet instances on on some servers running under their various service accounts to manage their own software configurations (for example, the Hadoop team does not have root access, and runs as the 'hadoop' user with a puppet instance running as 'hadoop'). Having multiple configuration management daemons causes increased system load and it generally seems wrong.
I'd like the ability to have one puppetmasterd with our normal set of rules (after migrating from cfengine), but allow our users to add their own manifests. The trick is that these manifests must run as their service account and not as root. For example, I'd like to pull in manifests from a hadoop/ directory, and any file edits, copies, package installations, etc will run as the 'hadoop' user. I've been thinking about adding a custom provider, one which wraps commands with "su -c "command" hadoop", for example, but I'm not sure how feasible this is. Has anyone needed to do anything similar? Do you have any suggests for this new puppet user? Thanks, Jason -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
