On Feb 21, 2012, at 11:46 AM, paulS wrote:
> (By the way, I should have referred to myself as a new Puppet _user_.
> I certainly didn't mean to imply that I'm a developer of Puppet open
> source software. I'm obviously not up to that challenge.)
>
> Thanks a lot, Craig.
>
> I'm using Webrick now, and will move to Apache before release to
> production. I did see the chapter 4 in Pro Puppet, Turnbull, on making
> the puppet master scalable. I also have "Pulling strings with Puppet,"
> Turbull, and have ordered "Puppet 2.7 Cookbook," Arundel.
>
> It sounds like you're suggesting a good practice is for users to su to
> the puppet user and do their work as puppet. That's what I've read and
> that's why it's bugging me that I can't seem to switch to the puppet
> user.
>
> I'll be the primary developer of modules, manifests, etc, with a
> backup person. Also a few other ops people would make changes to
> configuration files that get served out as updates to the clients.
>
> I get the part about separate environments and puppet masters for dev
> and test. Thanks for that. I need to read and understand about
> environments.
>
> As I mentioned, I'm having trouble switching to the puppet user. Maybe
> this is an Ubuntu sys admin question, but it pertains specifically to
> the puppet user. The user is set up during install. I installed from
> the following debians:
>
> facter_1.6.4-1puppetlabs1_all.deb
> puppet_2.7.9-1puppetlabs1_all.deb
> puppet-common_2.7.9-1puppetlabs1_all.deb
> puppet-dashboard_1.2.4-1puppetlabs1_all.deb
> puppetmaster_2.7.9-1puppetlabs1_all.deb
> puppetmaster-common_2.7.9-1puppetlabs1_all.deb
>
> # sam (not the real user name) has admin rights.
> # the password required here isn't the one for sam and I don't have a
> password for puppet since it was set up during install.
>
> sam@puppetmaster:~$ su - puppet
> Password:
>
> adding 'puppet ALL=(ALL) NOPASSWD:ALL' to the sudoers file didn't
> help. 'su - puppet' still wants a password.
>
> sudo password puppet # lets me create a password for puppet
>
> The command line now accepts 'su - puppet' with the password for
> puppet, but the prompt still says 'sam@puppetmaster:~$' and puppet
> won't create a subdirectory from a directory owned by puppet:puppet.
> Also I still have admin rights form the command line. I don't think
> switch user to puppet is actually occurring.
>
> The command line accepts 'sudo su - puppet' without a password, but
> same behavior as immediately above.
>
> I could blow away the puppet user and re-create it as a member of
> puppet group and not of admin. Does that seem like a good idea? I'm
> curious about the nature of the puppet user that's created during
> install, and whether I'm losing anything important if I blow it away
> and recreate with:
>
> sudo useradd puppet --create-home --user-group --shell /bin/bash
----
the one thing I have always appreciated about Linux/UNIX is that the config
files are always text files and can be fixed and thus you don't have to resort
to things like uninstalling/re-installing, deleting/recreating users because
everything is relatively easily fixed - at least assuming that you know how.
su - puppet # if done by root doesn't require a password.
# Root user doesn't need a password for anything
# if done by a user, needs puppet user's password
/etc/sudoers - 'puppet ALL=(ALL) NOPASSWD:ALL'
# Can't imagine a good reason to do this but will only
# allow user 'puppet' to sudo anything without a password
if 'su - puppet' doesn't give you the bash shell as user puppet then perhaps
you don't have a good shell set up for user puppet.
getent passwd | grep puppet # will list things like the shell
# which should be /bin/bash but if not, use chsh
sudo chsh puppet -s /bin/bash # will set puppet users shell to /bin/bash
It's also possible that user puppet's home directory is wrongly set or the
permissions are bad...
# getent passwd | grep puppet
puppet:x:1001:1001:Puppet,,,:/var/lib/puppet:/bin/bash
sudo chown puppet:puppet /var/lib/puppet -R
Craig
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
