0

I'm having issues getting my Puppet agent to launch. I will be using the agent with the --onetime parameter as I want to agent to pull its configuration rather than the Puppet Master pushing.

I am using Puppet version 2.73 for both master and agent on a Debian host.

I am in an environment where each user action with regards to the puppet agent execution must be recorded, so sudo seems like the obvious choice to launch the Puppet agent.

However, when launching the Puppet agent as sudo, I receive some errors:

user@puppetagent$ sudo puppet agent --onetime
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/hostname
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/hostname
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/dnsdomainname
/usr/lib/ruby/vendor_ruby/puppet/util.rb:215: command not found: /bin/hostname
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
/usr/lib/ruby/vendor_ruby/facter/kernel.rb:14: command not found: /bin/uname -s
Could not prepare for execution: could not create PID file: /var/run/puppet/agent.pid

When I perform this same action as root, there are no issues.

I read some puppet labs documentation (which I can't find now) which mentioned running the agent with then sudo command may not be possible.

So my question: is it possible to run the puppet agent as a non-privileged user by running sudo? If so, what sort of changes must I make to the sudoers file, assuming this is what needs to be modified.

If this is not possible, can anyone suggest some alternatives for 1) running the puppet agent only on one host at a time so that configuration is pulled and 2) having this action recorded.

fuero
  • 9,591
  • 1
  • 35
  • 40
PuffinMaster
  • 1
  • 2
  • Consider changing your `sudoers` towards preserving the content of the `PATH` environment variable for this command. The `not found` errors scream of `PATH` issues. – Felix Frank May 08 '15 at 11:54

1 Answers1

1

I don't get the requirement of "one host at a time". Puppet is perfectly capable of serving and recording multiple puppet agent runs at a time.

Just to rule out that it's an environment issue, run sudo -i <command>.

Anyway, using Puppet in push mode might be more fitting to your demands. The puppet agent (which you need to reconfigure first) will listen for a connection from the puppetmaster, making it initiate a puppet run.

You can do this by running puppet kick on the puppetmaster.

Paper trail is generated by the client's report that's uploaded to the master and auditd (on both client and master) logging to a syslog server (sudo's logging isn't that reliable) tracking you issuing the command.

fuero
  • 9,591
  • 1
  • 35
  • 40
  • 1
    While still OK for his version, just to mention to future readers: `puppet kick` is deprecated (https://docs.puppetlabs.com/puppet/3.7/reference/deprecated_command.html#puppet-kick) – faker May 01 '15 at 09:21