On Friday, November 22, 2013 1:43:01 PM UTC-6, Stuart Cracraft wrote:
>
> Hi,
>
> We do not want to have puppet changing things out from under us, then
> looking at a log file after-the-fact. We are okay with running puppet agent
> manually for the particular application we have chosen it for under our
> control. With that framework in mind, please ponder the following question.
>
> My question is: what is the method to disable puppet agent on a host
> yet still permit a manual application of a pp file.
>
> I.e. something like "modify your agent node's puppet.conf to have
> xyz-whizbang" and keep your puppet agent running in the normal way
> with /etc/init.d/puppet start and system boot using normal rc processes,
> then when you run manually either use mcollective or manually do
> a puppet apply xyz.pp on the box in question.
>
> Thanks for your wizardry.
>
>
To run the *agent* manually, once, use the --onetime --no-daemonize
options. You can certainly specify them on the command line, and I think
you can also specify them in puppet.conf (in the [agent] section). Because
this method uses the Puppet agent, it relies on a master being accessible.
To apply manifests that are resident locally on the system, use "puppet
apply" that mechanism is always a one-time, non-daemon activity.
It is important for you to decide whether you want to use the "agent"
interface or the "apply" interface, as these have very different
requirements for the location of your manifests and config data, and very
different implications for you you can or should deliver changes to those.
Either one could satisfy the requirements you described.
Note also,
1. Command-line options override the config file, so your config cannot
*prevent* an authorized user from starting the agent in daemon mode if
they intend to do so.
2. Naturally, you will also want to configure the system to not start
the daemon automatically. This is done via the same mechanism that
controls other system services (which varies with OS flavor).
As far as I am aware, the --no-client option you asked about in your
followup will not achieve what you want. That is, although it will prevent
the agent daemon from performing periodic runs, it will not do anything
useful to enable manual runs (and you don't need any special enablement for
that, anyway).
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/cca2abee-aaab-4737-84a3-dd2a9fbcf7ad%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.