Home / server / Questions / 692348
Accepted
elhombre
Asked: 2015-05-16 08:55:27 +0800 CST

Multiple agents on one host

  • 772

Is it possible two run multiple puppet agents with different user rights on one host?

I have a server which should be administered by two non related users through puppet. (one user account for the developer and one root account for the server team)

puppet

1 Answers

  1. Best Answer

    The non-root account can just run puppet agent --one-time --no-daemonize and any other flavor of puppet agent.

    Configuration and persistent data will be looked up and stored in

    • ~/.puppet/ for Puppet 3.x and older
    • ~/.puppetlabs/ for Puppet 4.x and later

    Things you want to make sure via ~/.puppet/puppet.conf:

    • you use a distinct certname setting for the secondary agent
    • you likely want to use an alternate server as well so that the certificate is not trusted by your main master (yes, you will need a new Puppet master if you want this)
    • vardir and its children such as ssldir and statedir are distinct from the system central location and writeable to the user (it's safest not to touch these at all - the defaults are quite sane; see also puppet agent --configprint all).

    Also, the manifest should be limited to resources that an unpriviliged agent can manage, such as

    • files owned by the user
    • cron jobs of the user's
    • Ruby gems installed in the user's home directory

    etc.

    • 2