When assigning permissions to run tasks and plans, it is important to evaluate the default tasks and plans that ship with Puppet Enterprise. The default PE RBAC Administrators role has the ability to run all tasks and plans (in the console, Tasks, Run Tasks: All and Plans, Run Plans: All), so you might want to restrict tasks to certain users or roles.
Version and installation information
PE version: 2019.8 and 2021.0 and later
Solution
If you need to change permissions after learning about default tasks and plans, use our Managing access documentation.
All tasks shipped with PE are in /opt/puppetlabs/puppet/modules/
. Plans shipped with PE are either in /opt/puppetlabs/puppet/modules/
or in /opt/puppetlabs/server/apps/bolt-server/lib/ruby/gems/bolt-[version]/modules
.
Tasks in /opt/puppetlabs/puppet/modules/
cd4pe_jobs::run_cd4pe_job
enterprise_tasks::add_modify_conf_keys
enterprise_tasks::backup
enterprise_tasks::check_pp_auth_role_rule
enterprise_tasks::clean
enterprise_tasks::clean_ssl_dir
enterprise_tasks::delete_reports
enterprise_tasks::disable_agent
enterprise_tasks::disable_agent_services
enterprise_tasks::disable_all_puppet_services
enterprise_tasks::disable_ca_services
enterprise_tasks::enable_agent
enterprise_tasks::enable_agent_service
enterprise_tasks::ensure_compiler_csr_attributes
enterprise_tasks::get_agent_version
enterprise_tasks::get_conf_values
enterprise_tasks::get_package_version
enterprise_tasks::get_subject_alt_names
enterprise_tasks::pg_basebackup
enterprise_tasks::reinitialize_replica
enterprise_tasks::remove_conf_keys
enterprise_tasks::remove_old_packages
enterprise_tasks::run_puppet
enterprise_tasks::set_csr_attributes
enterprise_tasks::sign
enterprise_tasks::sign_2018_1
enterprise_tasks::stop_puppetserver
enterprise_tasks::test_connect
enterprise_tasks::upgrade_agent_with_noncompliant_pxp
facter_task
facts
facts::bash
facts::powershell
facts::ruby
package
package::linux
package::windows
pe_bootstrap
pe_bootstrap::linux
pe_bootstrap::windows
pe_install::get_postgresql_info
pe_install::get_postgresql_info_2018_1
pe_patch::agent_health
pe_patch::clean_cache
pe_patch::last_boot_time
pe_patch::last_boot_time_nix
pe_patch::last_boot_time_win
pe_patch::patch_server
pe_patch::refresh_fact
puppet_conf
reboot
reboot::last_boot_time
reboot::last_boot_time_nix
reboot::last_boot_time_win
reboot::nix
reboot::win
service
service::linux
service::windows
Plans in /opt/puppetlabs/puppet/modules/
enterprise_tasks::agent_cert_regen
enterprise_tasks::configure_agent
enterprise_tasks::convert_legacy_compiler
enterprise_tasks::get_service_status
enterprise_tasks::is_subject_alt_names_allowed
enterprise_tasks::provision_compiler
enterprise_tasks::remove_old_pe_packages
enterprise_tasks::reprovision_replica
enterprise_tasks::secondary_cert_regen
enterprise_tasks::upgrade_agent_with_noncompliant_pxp
enterprise_tasks::upgrade_and_reprovision_replica
enterprise_tasks::upgrade_secondary
facts
facts::external
facts::info
pe_patch::group_patching
reboot
Plans in /opt/puppetlabs/server/apps/bolt-server/lib/ruby/gems/bolt-[version]/modules
aggregate::count
aggregate::targets
canary
puppet_connect::test_input_data
puppetdb_fact
Comments
0 comments
Please sign in to leave a comment.