Dear all, I am very new to puppet, I have been playing with puppet a long time ago, I haven't done anything recently with puppet but I try to follow it. One of my main concern with puppet and what I try to achieve is to have puppet running as both root and non root in the same time.
It won't be a suprise to you but I want to use puppet as root user to setup and ensure the consistency of my server's configuration, and I would like my users to be able to use puppet to manage their applications configuration. I saw the video of Spencer, and now found this topic. As you correctly said, there is not a lot of documentation out there describing experience of people using puppet as non root. I believe things have changed since the last post on this subject here (Nov 2013) and I wanted to ask you guys if you have had some success, evolution in the way you use puppet as non root ? Anything changed with latest puppet versions to achieve this ? Mat On Friday, October 11, 2013 at 10:22:03 PM UTC+1, R.I. Pienaar wrote: > > > > ----- Original Message ----- > > From: "James Henderson" <[email protected] <javascript:>> > > To: [email protected] <javascript:> > > Sent: Friday, October 11, 2013 4:18:38 PM > > Subject: Re: [Puppet Users] Re: Rootless Puppet > > > > > > > > > > > > > > > > You should use what works best for you, of course, but like R.I., > I'm > > > not > > > > > sure what you mean by "not well supported". I'd estimate that > Puppet > > > > > non-root is not widely *used*, but that's because many of the > > > resources > > > > > that people want to manage cannot be modified by unprivileged > users. > > > > > That's not a problem that Puppet (or any other system) can solve. > > > > > > > > > > > > > > > > > > What I mean by "not well supported": > > > > - installing puppet if you do not have root is a non-trivial > exercise > > > and > > > > isn't documented anywhere that I could find. In my case we could > > > probably > > > > get the sys admins to install a version, but at my company it is > > > definitely > > > > better to do things yourself. > > > > > > export GEM_HOME=~/.gem > > > gem install puppet > > > export PATH=$PATH:~/.gem/bin > > > > > > puppet --version > > > > > That seems easy enough. Of course the docs say that installing from gem > is > > not recommended: > > > http://docs.puppetlabs.com/guides/installation.html#installing-from-gems-not-recommended > > > > > I'm not sure why it is not recommended though. > > because it doesnt bring a service script etcetc, not a problem in this > instance. > > > > > > > > > > - most packages on puppetforge will not work out of the box as they > do > > > > assume that you have root access > > > > > > yes, packages are gonna require root. > > > > > > > > - you need to write your puppet files in a special way in order to > use > > > > them without root > > > > > > not really, it just means you need to not try to do things only root > can > > > do > > > past that nothing changes. > > > > However, puppet by its default assumes that you are root and implicitly > > uses root only commands. > > It would be convenient if puppet could understand that its deployment > > context was non-root and essentially single > > user. This may be too difficult to do or a bad design decision though. > > it wont use them if you do not use those resource types. also there are > some > detection of what runs as root and what not and then certain providers are > disabled. no doubt some weirdness left that should be fixable > > > > > > > > > > > > > > - when someone asked on ask.puppetlabs.com about this > configuration, > > > here > > > > is the answer they got: > > > > > > > > https://ask.puppetlabs.com/question/413/puppet-agent-running-as-unprivileged-user/ > > > > > - this answer does not show that this is a typical and supported > > > option, > > > > rather it is an option that you can make work if you write all of > your > > > > manifests in a very particular way. > > > > > > the agent just works if you start it as your user, you'll have instead > of > > > /var/lib/puppet > > > ~/.puppet and everything else roughly stays the same. > > > > > > If you put the manifests in your homedir you can just use puppet apply > and > > > do > > > not even need a master to fully manage everything your user can > managed > > > > > That sounds great. > > > > I think the best thing to do at this point might just be to document > > exactly where the state of puppet non-root is. > > > > I looked at the puppet wiki, but it seems to be in a retirement phase. > > > > A documentation page should target people who are looking at puppet for > the > > first time and have a non-root requirement. > > > > The basic questions that need to be answered are: > > > > - how do I install puppet as non-root? > > - are there any risks/gotchas to this sort of puppet install rather > than > > one of the recommended install paths? > > - can I use packages that I find on puppet forge as non root? > > - what sort of things do I need to watch out for if writing a non-root > > puppet package? > > - are there any other gotchas that I should be aware of? > > > > I wouldn't mind taking the answers to these questions that people are > > posting here and creating a first draft of such a page. > > > > I do need to know where to put it. I think the best strategy is to fork > > the puppet-docs repo and work with whoever can help to come out with a > > decent page. > > yeah that sounds good > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c191b64c-6ca8-46b8-9f12-24b953cfed25%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
