Is there a puppet equivalent to publishing commands in saltstack? (publish.publish)

Question

The basic need:

1. Perform operation on agent X
2. Perform operation on agent Y
3. Perform operation on agent X

These operations need to be performed in order, which is easily achieved with saltstack using publish.publish. Access to perform operations on agent Y is managed by the salt master.

The closest thing I have been able to find in puppet is 'external resources' (ER), since they can be used to perform operations on other agents, but ER's fall short in many ways:

• they don't support operation ordering

• targeting is based on tags, which does not take security into account

• they are so decoupled that you can't know from reading the code where an operation will be performed or where it comes from.

• there is no way to get feedback on the success or failure of an operation

Is there any puppet alternative to saltstacks publish.publish?

Answer 1

See my answer to the same question over on ask.puppetlabs.com.

Answer 2

It could be implemented with ssh.

The setup would consist of the Puppet master managing the private and public authentication keys, distributing the private key to all agent X's, and the public key to agent Y.

Then the sequence could be implemented as 3 exec's on the agent X's.

Security could be restricted by using ssh forced commands, ensuring that only the required operation is available for agent X's to invoke on agent Y.

Comments are welcome, as the security implications are beyond me