We haven't actually done this in production yet, but we've discussed it quite a bit. Our current theory for things like this is:
1) MySQL-based External Node Classifier. Developers get (authenticated, ACL'ed) access to a simple PHP script with two options: a dropdown list of modules for their app (i.e. myapp_v1, myapp_v2, etc.), and a link that triggers a puppet run on the client (via the API call used by "puppet kick"). The lab42 examples make use of their "puppi" tool, but our theory was based on us having to approve modules (or at least review them), and explicitly add them to the list of options for a given app. Another, simpler option would be to store your manifests/modules in SVN, and grant developers read/write access to certain paths. If you don't want to mess with an authenticated interface to trigger client runs, you could just grant them sudo access to a script that triggers the run. Of course, all of this is making two pretty large assumptions: 1) that you're using a puppet master, and it's also used for stuff more critical than this, and 2) you're using Puppet to manage the entire systems (or at least stuff other than the app deployment) I know many here may disagree with me, but I'd say that if you're intending to use Puppet to manage just the app deployment (not the whole system build/provisioning, or at least other components), you can probably find a better/easier solution. -Jason On Mar 2, 4:42 am, Thomas Rasmussen <rasmussen.tho...@gmail.com> wrote: > Hi > > I'm in the process of looking for a way to have developers deploying > on their test systems without intervention of sysadmins, to solve this > i'd like to use Puppet (either the OSS version or Enterprise, > whichever solves the problem). > > I can manage to only grant access to certain systems and limit the > ability to execute puppetd --test, however, the developers would like > to create a new version of the application and then this should be put > into place instead of the old version, but I can't seem to find a > solution to this. > > I was thinking somewhat on the option to issue a command like this: > puppetd --test --my-app-version 3.2.1 > > And then the puppet manifests will use the my-app-version variable to > fetch and deploy this specific version. I know that the manifests > should be developed with care, which is also the idea. > > Or what solutions do people use in case where developers should have > access to deploy, but not have access to the puppetmaster server? > > hope that this can be done. > > Regards > Thomas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.