I have recently half thought about whether this was possible (but haven't done it), and i'd be interested in some best practice for the following.
We have a sysadmins department who manage ~1500 nodes across a large organisation using PE. They are responsible for the OS build and management for the whole lot. We also have a development department who are looking at Puppet to manage the bespoke apps and system app software. However this department only have approx 200 nodes that covers the usual dev, test, and live environments for their area of responsibility. The dev department like to have timely control of at least the dev and test environments (i.e. we cannot wait for the sysadmins dept to add new modules etc), but we are still reliant upon the sysadmins department to manage the OS. Whilst the situation is not ideal, any changes to the status quo are firmly NOT going to happen. We would also like to make use of MCollective to orchestrate some app deployments (stopping services in correct order, making puppet runs, actioning some custom stuff, then starting up the system in the correct order etc etc). So far I haven't seen an easy way to allow devs to only be in control of their own stuff. I'm trying to convince the sysadmins team to allow us our own puppet master that they jointly administer so that the OS gets managed as well as the app stuff. Currently it doesn't look like they are going to allow us to do that. I am looking at doing something with module paths but are limited by $environment being used by the sysadmins for their purposes (i.e. the devs will have their own modulepath in which that can upload their modules at will but it will be limited to just one that covers all of dev, test, and live. Ideally we'd like to be able to publish modules to our dev, then test, then live). I'm also worried that with MCollective the devs could affect the whole estate rather than their area as i've not yet seen a way of restricting execution. Anybody with any thoughts? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
