On 01/06/2011 03:33 PM, jcbollinger wrote: > > On Jan 5, 8:39 pm, John Warburton <jwarbur...@gmail.com> wrote: > [...] >> Our own situation is that we have developers who build their own >> applications, and if we packaged them with RPM or pkg, then they would have >> to be installed as root. We don't trust them enough for that, so right now >> we run an exec as the application owner to unpack the tar.gz > > Like Doug, I don't quite follow that. Perhaps I misunderstand > "installed as root", because Puppet is already providing root > privileges for the installation. If you mean "installed as owned by > root" or "installed in <choose particular location>" then you are > mistaken: RPMs can easilly be built so that their files are installed > wherever you like and have whatever ownership and permissions you > like. > > If you are concerned about scriptlets in the RPM being run as root > then you can easily avoid that. Don't rely on the developers to > package their own software; instead take the tarballs they already > provide and package up all the contents in RPM form (without any > scriptlets). I do such RPMs by hand when I have to install an > application that is delivered in binary-only form (it's pretty easy), > but it should also be relatively easy to script. > > I try at all costs to avoid installing anything on my systems without > packaging it. That way I know what's (supposed to be) there, I can > update or remove it with ease, the package installation system detects > conflicts and dependencies for me, and, as a bonus, third-party tools > such as Puppet support me better.
+1 to that. Both RPM and DEB provide rather simple tools to build "dumb" packages, i.e. glorified tarballs. These are much better suited to puppet use than actual tarballs. That being said, in some places (like tomcat installation) I myself currently have puppet wget a tarball from one of my servers and unpack it, but stuffing a dumb package into my apt repo would be a saner approach there, as well. Regards, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
