Ask Your Question

You are not allowed to run puppet on this host

asked 2017-08-21 06:13:09 -0500

itonthemove gravatar image

Hi, I'm new to puppet but is there a way to prevent puppet from running on a specific host i.e. if "puppet agent --test" is run on that host, the following message would be displayed "You are not allowed to run puppet on this host" and puppet would not run i.e. /usr/bin/puppet would exit without running. Thanks.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-08-21 11:32:59 -0500

DarylW gravatar image

That sounds like someone has run puppet agent --disable "You are not allowed to run puppet on this host"

--disable Disable working on the local system. This puts a lock file in place, causing 'puppet agent' not to work on the system until the lock file is removed. This is useful if you are testing a configuration and do not want the central configuration to override the local state until everything is tested and committed.

Disable can also take an optional message that will be reported by the 'puppet agent' at the next disabled run.

'puppet agent' uses the same lock file while it is running, so no more than one 'puppet agent' process is working at a time.

'puppet agent' exits after executing this.

If you run puppet agent --enable, does it then allow you to run puppet agent -t Also, check that the puppet binary isn't linked to a script that simply prints an error message and exits using which puppet

edit flag offensive delete link more


Sorry if I didn't explain my issue properly. I want the server to come back with "you are not allowed to run puppet on this host". The puppet service has been stopped but there is nothing preventing anyone from running "puppet agent --test". So I want that message to appear and puppet to exit.

itonthemove gravatar imageitonthemove ( 2017-08-21 13:28:05 -0500 )edit

Put noop=true in Puppet.conf. If they execute or start Puppet it will not clobber local changes. Only log/report what would have changed.

bess gravatar imagebess ( 2017-08-21 20:44:31 -0500 )edit

Thanks. There are a few servers involved which would require local modification to puppet.conf which defeats the purpose of puppet. I was wondering if there was a way of puppet'ing some config where, based on hostname, puppet would either run or error with a "you're not allowed" message.

itonthemove gravatar imageitonthemove ( 2017-08-22 03:04:44 -0500 )edit

If you manually run `puppet agent --disable "You are not allowed.." then anytime someone goes to run puppet, they will see that message, but puppet also will not be able to run on it's own.

DarylW gravatar imageDarylW ( 2017-08-22 07:30:54 -0500 )edit

I understand but I was after a method that would allow me to have the same config on all hosts but puppet would error if it was run on a host with a specific hostname.

itonthemove gravatar imageitonthemove ( 2017-08-22 07:45:54 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-08-21 06:13:09 -0500

Seen: 42 times

Last updated: Aug 21