Alan Barrett wrote:
On Wed, 10 Feb 2010, Michael DeHaan wrote:
We're attempting to provide a reason to not use cron :)
I have a requirement that puppet may not change anything on a production
host without change control approval in advance. It would be nice if a
new version of puppet had better support for this use case.
Of course there are change control procedures for getting the manifests
updated on the puppetmaster, but that's not enough; it's also necessary
to run the puppet client only when specifically authorised. For
example, the manifest update and a --noop mode client puppet run might
happen during working hours, but the --no-noop client puppet run might
happen during a maintenance window after hours.
As far as I am aware, the existing combination of "puppetd --listen"
on each client, and "puppetrun" on a central server, does not handle
this use case, so I run "puppetd --onetime --noop" or "puppetd --onetime
--no-noop" via ssh.
--apb (Alan Barrett)
So let me get this straight: You run --noop throughout the day,
aggregate the changes that need to be made, and then have a EOD/EOW
"change control" meeting to go over them and determine if you need to
run puppet without --noop ?
-scott
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
