Hi All, I'm currently using puppet to deploy our O/S configuration to servers. I've got a requirement to allow a semi-trusted set of external users to deploy application configuration onto these same hosts. For example, they'd be allowed to configure anything under a /apps directory.
What would be the best way to achieve this? Ideally, I don't think I want to give them access to our puppet master, although if we really had to we could, and restrict them to a set of directories on the master using appropriate permissions. Should I think about running a second puppet master - either under a different user or on a different host? Can a puppet client talk to multiple masters? Is there any way to restrict them so they can only write modules that update files under the /apps filesystem? For example, if I'm populating /etc/hosts via an existing class, I don't want them to be able to write something that conflicts with this. Perhaps I should be using environments for this type of setup? Any pointers would be welcome. Many thanks, Richard. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
