Hi All, I'm currently using puppet to deploy our O/S configuration to servers. I've got a requirement to allow a semi-trusted set of external users to deploy application configuration onto these same hosts. For example, they'd be allowed to configure anything under a /apps directory.
What would be the best way to achieve this? Ideally, I don't think I want to give them access to our puppet master, although if we really had to we could, and restrict them to a set of directories on the master using appropriate permissions. Should I think about running a second puppet master - either under a different user or on a different host? Can a puppet client talk to multiple masters? Is there any way to restrict them so they can only write modules that update files under the /apps filesystem? For example, if I'm populating /etc/hosts via an existing class, I don't want them to be able to write something that conflicts with this. Perhaps I should be using environments for this type of setup? Any pointers would be welcome. Many thanks, Richard. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.