I know that this sounds crazy and likely is :), but I was wondering if for application configuration management, there''s a way to run puppet as a non-root user. I know that lots of the types won''t be available when not running as root, but I think that the main purpose here is deploying application configuration files, not maintaining the system. My guess is that the only type that would still be applicable is file, maybe an exec type to restart the app. Is this something that''s feasible? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Mon, Jun 1, 2009 at 12:44 PM, Jon Stanley <jonstanley@gmail.com> wrote:> > I know that this sounds crazy and likely is :), but I was wondering if > for application configuration management, there''s a way to run puppet > as a non-root user. I know that lots of the types won''t be available > when not running as root, but I think that the main purpose here is > deploying application configuration files, not maintaining the system. > My guess is that the only type that would still be applicable is > file, maybe an exec type to restart the app.We''ve wanted the same thing. I''d love to have a way to delegate some subset of the puppet config to our applications group so that they can get all of the puppet features and not break our stuff or have root. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I run puppet via cron as my local user, for basic stuff. One of my
favorites is an auto-cleaning temporary directory. I throw cruft in
here, and I won''t miss it after two weeks, and no more manual cleanup.
For example, my ~/.puppet.pp:
tidy { "/home/rladams/tmp":
age => "2w"
, backup => false
, recurse => true
, rmdirs => true
, type => "mtime"
}
Crontab:
0 5 * * * /usr/bin/puppet --verbose /home/rladams/.puppet.pp >
~/.puppet.log 2>&1
You can''t do anything that requires root privs, but you can
create/maintain directories, perms on files you own, operations, etc.
Good luck!
On Mon, Jun 01, 2009 at 01:07:48PM -0400, Sam Rowe
wrote:>
> On Mon, Jun 1, 2009 at 12:44 PM, Jon Stanley <jonstanley@gmail.com>
wrote:
> >
> > I know that this sounds crazy and likely is :), but I was wondering if
> > for application configuration management, there''s a way to
run puppet
> > as a non-root user. ?I know that lots of the types won''t be
available
> > when not running as root, but I think that the main purpose here is
> > deploying application configuration files, not maintaining the system.
> > ?My guess is that the only type that would still be applicable is
> > file, maybe an exec type to restart the app.
>
> We''ve wanted the same thing. I''d love to have a way to
delegate some
> subset of the puppet config to our applications group so that they can
> get all of the puppet features and not break our stuff or have root.
>
> >
------------------------------------------------------------------
Russell Adams RLAdams@AdamsInfoServ.com
PGP Key ID: 0x1160DCB3 http://www.adamsinfoserv.com/
Fingerprint: 1723 D8CA 4280 1EC9 557F 66E8 1154 E018 1160 DCB3
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Russell Adams wrote:> I run puppet via cron as my local user, for basic stuff. One of my > favorites is an auto-cleaning temporary directory. I throw cruft in > here, and I won''t miss it after two weeks, and no more manual cleanup. > > For example, my ~/.puppet.pp: > > tidy { "/home/rladams/tmp": > age => "2w" > , backup => false > , recurse => true > , rmdirs => true > , type => "mtime" > } > > Crontab: > 0 5 * * * /usr/bin/puppet --verbose /home/rladams/.puppet.pp > ~/.puppet.log 2>&1 > > You can''t do anything that requires root privs, but you can > create/maintain directories, perms on files you own, operations, etc. > > Good luck!puppetd runs as a non-root user: geoffc@chiraz-60:~/svk/puppet/trunk$ puppetd --test info: Creating a new certificate request for chiraz-60.trinity.unimelb.edu.au info: Creating a new SSL key at /home/geoffc/.puppet/ssl/private_keys/chiraz-60.trinity.unimelb.edu.au.pem warning: peer certificate won''t be verified in this SSL session err: Could not request certificate: Certificate retrieval failed: Certificate request does not match existing certificate; run ''puppetca --clean chiraz-60.trinity.unimelb.edu.au''. I imagine if you setup a ~/.puppet.conf with some settings that specify to use a different SSL certificate, or to connect to a different puppet master than what your root puppetd connects to, you would get past the SSL problem I''ve got here, and start having a puppetd running with the permissions of that user. Either that or you''d find a few other minor issues to work around. -- +-Geoff Crompton +--Debian System Administrator +---Trinity College --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---