Make sure that you set permissions appropriately for plans and tasks shipped with Puppet Enterprise (PE). Some tasks and plans included with PE are designed to be used by puppet infrastructure commands, not users. Also, the default PE RBAC Administrators role can run all tasks and plans (in the console, Tasks, Run Tasks: All and Plans, Run Plans: All).
Version and installation information
PE version: All supported
Solution
Tasks shipped with PE vary by version. All tasks shipped with PE are in /opt/puppetlabs/puppet/modules/. Plans shipped with PE are either in /opt/puppetlabs/puppet/modules/ or in /opt/puppetlabs/server/apps/bolt-server/lib/ruby/gems/bolt-[version]/modules.
The tasks and plans in enterprise_tasks and pe_install are designed to only be used by puppet infrastructure commands. Do not run these plans and tasks on their own. Instead, allow specific users to run puppet infrastructure commands by setting RBAC roles for users that have the Run Tasks and Run Plans permissions.
You can also use tasks and plans included with the puppetlabs-peadm module to help with infrastructure maintenance and tasks.
The default PE RBAC Administrators role can run all tasks and plans (in the console, Tasks, Run Tasks: All and Plans, Run Plans: All), so you might want to restrict tasks and plans to certain users or roles. To change permissions for roles and users, use our Managing access documentation.
How can we improve this article?
0 comments
Please sign in to leave a comment.
Related articles