On Thursday, April 4, 2013 8:39:51 AM UTC-5, Dhaval wrote: > > Hello Guys, > > i want to know, can we use puppet to install application packages ( not > system packages ) .. if yes how , if someone can through some light .. > > my requirement is > > 1) application team can create package on their own and update in yum repo > ( without root ) > 2) application team can install package on their own ( without root ) to > the directories mention in rpm .. > > These don't really seem to be Puppet issues. In particular, Puppet works within the security framework of target nodes; it does not sidestep it.
Your application team can certainly create packages for the target platform(s); this would normally be part of the test or release process, and although you could wrap some Puppet automation around it, you don't need Puppet for that. You don't need Puppet to give your application team the ability to update your yum repo. If that's what you intend to do then you might as well let them do so directly; you do not gain any meaningful security by making Puppet mediate the process. Generally speaking, package installation should require root privilege. Indeed, enabling a user to manage packages allows them to modify any file on the system, so it effectively grants them root privilege even if they don't explicitly have it. You can configure Puppet to automatically update target systems with the latest available versions of your application packages, but to do so it must run with privilege, so you cannot easily provide for your application team to trigger that behavior on demand. To sum up, the only place I really see Puppet entering the picture is the package installation part. The overall process might look like this: 1. Application team creates a new version of the application package(s) 2. Application team uploads the new package(s) to the local repository, and updates the repository metadata 3. Application team waits for the next scheduled Puppet run, during which Puppet applies the updated packages. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
