I have a somewhat unique situation. Our systems team manages our main puppet master, and the development team is fine with everything however they are thinking of using it to control some elements on their desktop machines, whilst still being connected to our central puppet master.
Since we don't want the changes they make to go into our puppet master.. is there a way of puppet importing a manifest from the node directly?
As in.. on the developer machine, they put a file "/root/development.pp" or something, and then on our puppet master we put something like
node { "developermachine":
# Do the majority of normal things
# import "/root/development.pp"
}
We have a few different options we can take about security of write access to the puppet manifests, but if puppet were to support something like this it would probably be the cleanest for us.
Any help is appreciated :)
Why not push out a cron.d entry that runs the puppet agent against a known file.
I.e: make a 30 minute (maybe @reboot) cron job of
puppetrun /etc/puppet/userpuppet.pp
or similar.You'd have to trust your users, alot, but i'm assuming that's not an issue here.
Puppet allows you to provide a script that will generate configuration for a node. See here for more information and examples.
Given that, you can easily come up with all sorts of alternative ways of allowing developers to setup their own machines.
Setup a root crontab entry to run: /usr/bin/puppet apply /root/development.pp
See https://puppet.com/docs/puppet/latest/services_apply.html for more information.
The more "proper" way of doing things would be to create a "developer" environment on your puppet master, and point only the development workstations to that environment. You could even give the developers git access to commit to that branch and auto-deploy that without impacting your production environments.
https://puppet.com/docs/puppet/latest/env_environments.html
http://puppetlabs.com/blog/git-workflow-and-puppet-environments/