A clarification: "whatever kicks Puppet has to run as root as well" could be something that doesn't run as root but does have sudo permissions!
-- O On Apr 6, 2013, at 12:23 PM, Owen Smith wrote: > Greetings, > > We are using Puppet to deploy application packages, so it can indeed be done. > However, you need to do some work around Puppet to enable the use cases > you've mentioned: > > * Something builds the package > * Something publishes the package to the yum repo > * Something kicks Puppet on the node(s) you want to install on (either > starting it up in daemon mode or executing it) > * Someone (or something) ensures that package declarations are properly > assigned to your node. > * At this point, Puppet takes over, figures out what packages need to be > installed/upgraded, and handles that for you, in addition to whatever > configuration and service control you've specified. > > In short: you need a build/deployment system that uses Puppet configuration > management at its core. In our case, we glued this together ourselves. > > Some things to be aware of: > * To use the YUM package provider, Puppet must run as root. Therefore, > whatever kicks Puppet has to run as root as well. We use MCollective for > this, which involves a root agent running as a daemon on the endpoint. > * Puppet's RPM/YUM providers install packages as root into the standard > system RPMDB. So, you can see, by going this route your application packages > are going to be handled just like any other system package. > > In other words, the key to making this easy is this: though the user doesn't > have root access on the node, the deployment system does. You control who can > do what to the node through authentication and authorization in the > deployment system itself, and by constraining the set of operations that the > deployment system supports. > > Let's say this solution isn't a possibility: for example, you use a custom > user/RPMDBs/prefix/RPMRC when installing via RPM. You *can* theoretically > make this work with Puppet, but you've got a lot of work on your hands, > because the existing package type/providers don't support it. You have my > sympathy, because that's where we've been, and over the years we've banged > our head against that wall so many times, for many reasons besides Puppet. > One of our tenets in moving to Puppet, however, was to stop doing things that > made our life needlessly difficult. :-) > > If you go this way, you also need to give some thought as to how you want to > upgrade an existing application on the endpoint. One way is to use 'ensure => > latest' and configure the YUM repo on the node to point to a new repo with > your updated packages when the time comes. Another possibility is to use > 'ensure => present' and do an explicit 'yum upgrade' operation through > MCollective to get the packages updated; then run Puppet to fix up the rest. > > Hope this helps! > -- O > > On Apr 4, 2013, at 6:39 AM, Dhaval wrote: > >> Hello Guys, >> >> i want to know, can we use puppet to install application packages ( not >> system packages ) .. if yes how , if someone can through some light .. >> >> my requirement is >> >> 1) application team can create package on their own and update in yum repo ( >> without root ) >> 2) application team can install package on their own ( without root ) to the >> directories mention in rpm .. >> >> let me know if anyone is aware of similar things available ? >> >> Thanks in advance ... >> >> Regards, >> D >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To post to this group, send email to puppet-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
