The wheel squeaks more :), Question I am having now is that I am having to make all the fiels on the puppet fileserver world readable or else puppet can not access them. I understand that puppetmaster is running as root and puppet is running as puppet. What is the best practice/safest practice for setting up the fileserver directories? ( I am sure that templates will bypass alot of these issue but for now I am just learning ot make it all work.) Evan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On 02/04/2008, Evan Hisey <ehisey@gmail.com> wrote:> > The wheel squeaks more :), Question I am having now is that I am > having to make all the fiels on the puppet fileserver world readable > or else puppet can not access them. I understand that puppetmaster is > running as root and puppet is running as puppet. What is the best > practice/safest practice for setting up the fileserver directories? ( > I am sure that templates will bypass alot of these issue but for now I > am just learning ot make it all work.)If you''re talking about /var/lib/puppet/where_ever_your_files_are Try recursively setting the group and owner to "puppet." From there you should be able to set the directory/file perms as you see fit. Kent --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Kent-> If you''re talking about /var/lib/puppet/where_ever_your_files_are > > Try recursively setting the group and owner to "puppet." From there > you should be able to set the directory/file perms as you see fit. > KentThat is where I am talking about ( except I set it to /srv/puppet along with all the rest of the services, makes backup easier). I though t that was going to be the answer. Also seems more secure that way. Evan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Evan Hisey wrote:> I understand that puppetmaster is > running as root and puppet is running as puppet.You misunderstand (or just typed too quickly). puppetmasterd runs as puppet. puppetd runs as root. So any files served should be readable by user puppet on the puppetmaster server. -- Mark Foster - Sr. Systems Engineer BitPusher - premier managed services provider http://www.bitpusher.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Mark- On Wed, Apr 2, 2008 at 3:45 PM, Mark Foster <mfoster@bitpusher.com> wrote:> > Evan Hisey wrote: > > I understand that puppetmaster is > > running as root and puppet is running as puppet. > You misunderstand (or just typed too quickly). > puppetmasterd runs as puppet. puppetd runs as root. > > So any files served should be readable by user puppet on the > puppetmaster server. > > Yup I had them backwards in my head. IT made more sense to me that waylooking at how I thought the files were being pulled. Based on your correction then, Puppetmasterd reads the files and then hands them out to the puppetds that request a file? So does thatm make the default owner.group of files on a client root.root? Assuming you do not set the owner or group attributes? Evan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Evan Hisey wrote:> Yup I had them backwards in my head. IT made more sense to me that > way looking at how I thought the files were being pulled. Based on > your correction then, Puppetmasterd reads the files and then hands > them out to the puppetds that request a file? So does thatm make the > default owner.group of files on a client root.root? Assuming you do > not set the owner or group attributes?From here it looks like the default is puppet.puppet -- Mark Foster - Sr. Systems Engineer BitPusher - premier managed services provider http://www.bitpusher.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---