----- Original Message ----- > From: "James Henderson" <james.m.hender...@gmail.com> > To: puppet-users@googlegroups.com > Sent: Friday, October 11, 2013 4:18:38 PM > Subject: Re: [Puppet Users] Re: Rootless Puppet > > > > > > > > > > > You should use what works best for you, of course, but like R.I., I'm > > not > > > > sure what you mean by "not well supported". I'd estimate that Puppet > > > > non-root is not widely *used*, but that's because many of the > > resources > > > > that people want to manage cannot be modified by unprivileged users. > > > > That's not a problem that Puppet (or any other system) can solve. > > > > > > > > > > > > > > What I mean by "not well supported": > > > - installing puppet if you do not have root is a non-trivial exercise > > and > > > isn't documented anywhere that I could find. In my case we could > > probably > > > get the sys admins to install a version, but at my company it is > > definitely > > > better to do things yourself. > > > > export GEM_HOME=~/.gem > > gem install puppet > > export PATH=$PATH:~/.gem/bin > > > > puppet --version > > > That seems easy enough. Of course the docs say that installing from gem is > not recommended: > http://docs.puppetlabs.com/guides/installation.html#installing-from-gems-not-recommended > > I'm not sure why it is not recommended though.
because it doesnt bring a service script etcetc, not a problem in this instance. > > > > > > - most packages on puppetforge will not work out of the box as they do > > > assume that you have root access > > > > yes, packages are gonna require root. > > > > > - you need to write your puppet files in a special way in order to use > > > them without root > > > > not really, it just means you need to not try to do things only root can > > do > > past that nothing changes. > > However, puppet by its default assumes that you are root and implicitly > uses root only commands. > It would be convenient if puppet could understand that its deployment > context was non-root and essentially single > user. This may be too difficult to do or a bad design decision though. it wont use them if you do not use those resource types. also there are some detection of what runs as root and what not and then certain providers are disabled. no doubt some weirdness left that should be fixable > > > > > > > > - when someone asked on ask.puppetlabs.com about this configuration, > > here > > > is the answer they got: > > > > > https://ask.puppetlabs.com/question/413/puppet-agent-running-as-unprivileged-user/ > > > - this answer does not show that this is a typical and supported > > option, > > > rather it is an option that you can make work if you write all of your > > > manifests in a very particular way. > > > > the agent just works if you start it as your user, you'll have instead of > > /var/lib/puppet > > ~/.puppet and everything else roughly stays the same. > > > > If you put the manifests in your homedir you can just use puppet apply and > > do > > not even need a master to fully manage everything your user can managed > > > That sounds great. > > I think the best thing to do at this point might just be to document > exactly where the state of puppet non-root is. > > I looked at the puppet wiki, but it seems to be in a retirement phase. > > A documentation page should target people who are looking at puppet for the > first time and have a non-root requirement. > > The basic questions that need to be answered are: > > - how do I install puppet as non-root? > - are there any risks/gotchas to this sort of puppet install rather than > one of the recommended install paths? > - can I use packages that I find on puppet forge as non root? > - what sort of things do I need to watch out for if writing a non-root > puppet package? > - are there any other gotchas that I should be aware of? > > I wouldn't mind taking the answers to these questions that people are > posting here and creating a first draft of such a page. > > I do need to know where to put it. I think the best strategy is to fork > the puppet-docs repo and work with whoever can help to come out with a > decent page. yeah that sounds good -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
