On Jan 4, 2011 10:56 AM, "Jason Parrott" <[email protected]> wrote:
> Our environment consists of about 600 Redhat Enterprise Linux 3, 4, 5,
> and soon 6 servers. We use cfengine 2 currently, but plan on
> migrating to puppet. Right now, we have our root-owned cfengine
> client running every 15 minutes from cron contacting a single cfservd
> server. Additionally, our employees start their own cfengine and
> puppet instances on on some servers running under their various
> service accounts to manage their own software configurations (for
> example, the Hadoop team does not have root access, and runs as the
> 'hadoop' user with a puppet instance running as 'hadoop'). Having
> multiple configuration management daemons causes increased system load
> and it generally seems wrong.
The puppet client will happily run from cron rather than as a daemon; we
started that at a previous job in the bad old days to work around a ruby
core memory leak, but retained it because it reduced long term memory use
and so allowed us to increase VM density on our hosts.
> I'd like the ability to have one puppetmasterd with our normal set of
> rules (after migrating from cfengine), but allow our users to add
> their own manifests. The trick is that these manifests must run as
> their service account and not as root. For example, I'd like to pull
> in manifests from a hadoop/ directory, and any file edits, copies,
> package installations, etc will run as the 'hadoop' user.
I would definitely have the hadoop people run their own puppetmaster or, at
least, provide one for them that they have control over the full manifest
set of.
(Otherwise I would have a process that you review their manifests, but
scaling that can be a challenge.)
Regards,
Daniel
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
