A clarification: "whatever kicks Puppet has to run as root as well" could be something that doesn't run as root but does have sudo permissions!
-- O On Apr 6, 2013, at 12:23 PM, Owen Smith wrote: > Greetings, > > We are using Puppet to deploy application packages, so it can indeed be done. > However, you need to do some work around Puppet to enable the use cases > you've mentioned: > > * Something builds the package > * Something publishes the package to the yum repo > * Something kicks Puppet on the node(s) you want to install on (either > starting it up in daemon mode or executing it) > * Someone (or something) ensures that package declarations are properly > assigned to your node. > * At this point, Puppet takes over, figures out what packages need to be > installed/upgraded, and handles that for you, in addition to whatever > configuration and service control you've specified. > > In short: you need a build/deployment system that uses Puppet configuration > management at its core. In our case, we glued this together ourselves. > > Some things to be aware of: > * To use the YUM package provider, Puppet must run as root. Therefore, > whatever kicks Puppet has to run as root as well. We use MCollective for > this, which involves a root agent running as a daemon on the endpoint. > * Puppet's RPM/YUM providers install packages as root into the standard > system RPMDB. So, you can see, by going this route your application packages > are going to be handled just like any other system package. > > In other words, the key to making this easy is this: though the user doesn't > have root access on the node, the deployment system does. You control who can > do what to the node through authentication and authorization in the > deployment system itself, and by constraining the set of operations that the > deployment system supports. > > Let's say this solution isn't a possibility: for example, you use a custom > user/RPMDBs/prefix/RPMRC when installing via RPM. You *can* theoretically > make this work with Puppet, but you've got a lot of work on your hands, > because the existing package type/providers don't support it. You have my > sympathy, because that's where we've been, and over the years we've banged > our head against that wall so many times, for many reasons besides Puppet. > One of our tenets in moving to Puppet, however, was to stop doing things that > made our life needlessly difficult. :-) > > If you go this way, you also need to give some thought as to how you want to > upgrade an existing application on the endpoint. One way is to use 'ensure => > latest' and configure the YUM repo on the node to point to a new repo with > your updated packages when the time comes. Another possibility is to use > 'ensure => present' and do an explicit 'yum upgrade' operation through > MCollective to get the packages updated; then run Puppet to fix up the rest. > > Hope this helps! > -- O > > On Apr 4, 2013, at 6:39 AM, Dhaval wrote: > >> Hello Guys, >> >> i want to know, can we use puppet to install application packages ( not >> system packages ) .. if yes how , if someone can through some light .. >> >> my requirement is >> >> 1) application team can create package on their own and update in yum repo ( >> without root ) >> 2) application team can install package on their own ( without root ) to the >> directories mention in rpm .. >> >> let me know if anyone is aware of similar things available ? >> >> Thanks in advance ... >> >> Regards, >> D >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
