On Jan 4, 2011, at 10:42 AM, Jason Parrott wrote: > Greetings, > > Our environment consists of about 600 Redhat Enterprise Linux 3, 4, 5, > and soon 6 servers. We use cfengine 2 currently, but plan on > migrating to puppet. Right now, we have our root-owned cfengine > client running every 15 minutes from cron contacting a single cfservd > server. Additionally, our employees start their own cfengine and > puppet instances on on some servers running under their various > service accounts to manage their own software configurations (for > example, the Hadoop team does not have root access, and runs as the > 'hadoop' user with a puppet instance running as 'hadoop'). Having > multiple configuration management daemons causes increased system load > and it generally seems wrong. > > I'd like the ability to have one puppetmasterd with our normal set of > rules (after migrating from cfengine), but allow our users to add > their own manifests. The trick is that these manifests must run as > their service account and not as root. For example, I'd like to pull > in manifests from a hadoop/ directory, and any file edits, copies, > package installations, etc will run as the 'hadoop' user. > > I've been thinking about adding a custom provider, one which wraps > commands with "su -c "command" hadoop", for example, but I'm not sure > how feasible this is.
This still gives them root access. All they need to do is use a normal provider. What about running both instances of puppet from cron? That should save you the resources. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
