Make sure that you set permissions appropriately for plans and tasks shipped with Puppet Enterprise (PE). Some tasks and plans included with PE are designed to be used by puppet infrastructure
commands, not users. Also, the default PE RBAC Administrators role can run all tasks and plans (in the console, Tasks, Run Tasks: All and Plans, Run Plans: All).
Version and installation information
PE version: All supported
Solution
Tasks shipped with PE vary by version. All tasks shipped with PE are in /opt/puppetlabs/puppet/modules/
. Plans shipped with PE are either in /opt/puppetlabs/puppet/modules/
or in /opt/puppetlabs/server/apps/bolt-server/lib/ruby/gems/bolt-[version]/modules
.
The tasks and plans in enterprise_tasks
and pe_install
are designed to only be used by puppet infrastructure
commands. Do not run these plans and tasks on their own. Instead, allow specific users to run puppet infrastructure
commands by setting RBAC roles for users that have the Run Tasks and Run Plans permissions.
You can also use tasks and plans included with the puppetlabs-peadm
module to help with infrastructure maintenance and tasks.
The default PE RBAC Administrators role can run all tasks and plans (in the console, Tasks, Run Tasks: All and Plans, Run Plans: All), so you might want to restrict tasks and plans to certain users or roles. To change permissions for roles and users, use our Managing access documentation.
How can we improve this article?
0 comments
Please sign in to leave a comment.
Related articles