I do that in this way:
On puppet.conf on the puppetmaster:
-----------------------------------
[puppetmasterd]
reports = store,rrdgraph,tagmail,log
autosign = true
environments = alpha,beta,gamma
manifest = /no/file
[beta]
modulepath = /etc/puppet/data/beta/
manifest = /etc/puppet/manifests/site-beta.pp
[alpha]
modulepath = /etc/puppet/data/alpha/
manifest = /etc/puppet/manifests/site-alpha.pp
[gamma]
modulepath = /etc/puppet/data/gamma/
manifest = /etc/puppet/manifests/site-gamma.pp
-----------------------------------
/etc/puppet/manifests/site-beta.pp has something like:
import "project_beta" (a module, in where you define your
infrastructure, placed in /etc/puppet/data/beta/ )
Permissions on /etc/puppet/data/beta/ are limited to the users/groups
that can manage files for the beta environment.
On puppet.conf on the client (for example of the beta environment):
[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
environment = beta
[puppetd]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
environments = beta
You can define also testing / production environments for each
department, with something like:
On clients:
[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
environment = betaprod
[puppetd]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
environments = betatest,betaprod
(normal puppetruns use beta-prod, with "puppetd -t --
environment=betatest" you run on the test environment of beta).
puppet.conf on the puppet master becomes something like:
[puppetmasterd]
reports = store,rrdgraph,tagmail,log
autosign = true
environments = alphatest,alphaprod,betatest,betaprod ...
manifest = /no/file
[betatest]
modulepath = /etc/puppet/data/beta/test/
manifest = /etc/puppet/manifests/site-beta.pp
[betaprod]
modulepath = /etc/puppet/data/beta/prod/
manifest = /etc/puppet/manifests/site-beta.pp
/etc/puppet/data/beta/test/ and /etc/puppet/data/beta/prod/ are both
git clones that pull from something like /etc/puppet/data/beta/
gitrepo
My2c
Alessandro Franceschi
On 7 Set, 10:24, philipp Hanselmann <philipp.hanselm...@gmail.com>
wrote:
> We are planning to use a puppet server for several internal customers at
> our school (ETHZ - Swiss Fedral Institute of Technology Zürich).
>
> One way could be to choose a separate environment for each customer ...
>
> Each customer will get a normal user on the puppet server. With this he
> can edit his files inside his own environment path ...
>
> But how can we ensure that the customers are separated? It should NOT
> be possible for customer X to choose a environment from customer Y.
>
> Is there a way to implement this?
>
> Philipp Hanselmann
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
