summaryrefslogtreecommitdiff
path: root/man/man8/puppetrun.8
diff options
context:
space:
mode:
Diffstat (limited to 'man/man8/puppetrun.8')
-rw-r--r--man/man8/puppetrun.838
1 files changed, 35 insertions, 3 deletions
diff --git a/man/man8/puppetrun.8 b/man/man8/puppetrun.8
index 2b7502310..e59cd0d60 100644
--- a/man/man8/puppetrun.8
+++ b/man/man8/puppetrun.8
@@ -1,7 +1,7 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
-.TH "PUPPET\-KICK" "8" "June 2011" "Puppet Labs, LLC" "Puppet manual"
+.TH "PUPPET\-KICK" "8" "June 2012" "Puppet Labs, LLC" "Puppet manual"
.
.SH "NAME"
\fBpuppet\-kick\fR \- Remotely control puppet agent
@@ -25,10 +25,42 @@ You will most likely have to run \'puppet kick\' as root to get access to the SS
\'puppet kick\' reads \'puppet master\'\'s configuration file, so that it can copy things like LDAP settings\.
.
.SH "USAGE NOTES"
-Puppet kick is useless unless puppet agent is listening for incoming connections and allowing access to the \fBrun\fR endpoint\. This entails starting the agent with \fBlisten = true\fR in its puppet\.conf file, and allowing access to the \fB/run\fR path in its auth\.conf file; see \fBhttp://docs\.puppetlabs\.com/guides/rest_auth_conf\.html\fR for more details\.
+Puppet kick needs the puppet agent on the target machine to be running as a daemon, be configured to listen for incoming network connections, and have an appropriate security configuration\.
.
.P
-Additionally, due to a known bug, you must make sure a namespaceauth\.conf file exists in puppet agent\'s $confdir\. This file will not be consulted, and may be left empty\.
+The specific changes required are:
+.
+.IP "\(bu" 4
+Set \fBlisten = true\fR in the agent\'s \fBpuppet\.conf\fR file (or \fB\-\-listen\fR on the command line)
+.
+.IP "\(bu" 4
+Configure the node\'s firewall to allow incoming connections on port 8139
+.
+.IP "\(bu" 4
+Insert the following stanza at the top of the node\'s \fBauth\.conf\fR file:
+.
+.IP "" 4
+.
+.nf
+
+ # Allow puppet kick access
+ path /run
+ method save
+ auth any
+ allow workstation\.example\.com
+.
+.fi
+.
+.IP "" 0
+
+.
+.IP "" 0
+.
+.P
+This example would allow the machine \fBworkstation\.example\.com\fR to trigger a Puppet run; adjust the "allow" directive to suit your site\. You may also use \fBallow *\fR to allow anyone to trigger a Puppet run, but that makes it possible to interfere with your site by triggering excessive Puppet runs\.
+.
+.P
+See \fBhttp://docs\.puppetlabs\.com/guides/rest_auth_conf\.html\fR for more details about security settings\.
.
.SH "OPTIONS"
Note that any configuration parameter that\'s valid in the configuration file is also a valid long argument\. For example, \'ssldir\' is a valid configuration parameter, so you can specify \'\-\-ssldir \fIdirectory\fR\' as an argument\.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 02:22:45 +0000