Please review pull request #479: Doc/2.7.x/puppet kick howto in manpage opened by (daniel-pittman)
Description:
Previously we told users where they had to look to get this to work; now we
tell them exactly which steps to take, hopefully reducing the barrier for entry.
Signed-off-by: Daniel Pittman [email protected]
- Opened: Thu Feb 09 21:45:27 UTC 2012
- Based on: puppetlabs:2.7.x (6dbaaea727b6f8f61c2880ffc460c915d3d4a9f2)
- Requested merge: daniel-pittman:doc/2.7.x/puppet-kick-howto-in-manpage (37a3efefb63456121afb182315aef84a622676e1)
Diff follows:
diff --git a/lib/puppet/application/kick.rb b/lib/puppet/application/kick.rb index bf6178e..cdeefbe 100644 --- a/lib/puppet/application/kick.rb +++ b/lib/puppet/application/kick.rb @@ -76,16 +76,39 @@ def help USAGE NOTES ----------- -Puppet kick is useless unless puppet agent is listening for incoming -connections and allowing access to the `run` endpoint. This entails -starting the agent with `listen = true` in its puppet.conf file, and -allowing access to the `/run` path in its auth.conf file; see -`http://docs.puppetlabs.com/guides/rest_auth_conf.html` for more -details. - -Additionally, due to a known bug, you must make sure a -namespaceauth.conf file exists in puppet agent's $confdir. This file -will not be consulted, and may be left empty. +Puppet kick needs the puppet agent running as a daemon on the target machine, +and configured to listen for incoming network connections, with an appropriate +security configuration. + +The specific changes required are: + +Set `listen = true` in `puppet.conf` or on the command line: + +Once this has taken effect your agent will be listening on port 8139 for HTTPS +requests - including the trigger to kick off a Puppet run. + +If necessary, open firewall rules to allow access to that port on the agent. + +Allow kick access via REST authentication: + +Edit the `/etc/puppet/auth.conf` file and add: + + path /run + method save + allow workstation.example.com + +That will allow the machine `workstation.example.com` to trigger a Puppet run; +you should adjust that to match your system. + +You can just allow anyone to trigger a Puppet run, but that allows for +arbitrary numbers of Puppet runs to be triggered - consuming resources - and +might make it easier to exploit any security issues that turn up. + +See `http://docs.puppetlabs.com/guides/rest_auth_conf.html` for more details. + +Additionally, due to a known bug, you must make sure a namespaceauth.conf file +exists in puppet agent's $confdir. This file will not be consulted, and may be +left empty. OPTIONS -------
-- You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
