2006-06-29 23:29:05 +04:00
|
|
|
#!/usr/bin/env ruby
|
2005-08-29 21:12:57 +04:00
|
|
|
# == Synopsis
|
2005-08-23 20:09:14 +04:00
|
|
|
#
|
2005-08-29 21:12:57 +04:00
|
|
|
# Retrieve the client configuration from the central puppet server and apply
|
|
|
|
|
# it to the local host.
|
|
|
|
|
#
|
|
|
|
|
# Currently must be run out periodically, using cron or something similar.
|
|
|
|
|
#
|
|
|
|
|
# = Usage
|
|
|
|
|
#
|
2007-10-04 02:06:06 +04:00
|
|
|
# puppetd [-D|--daemonize|--no-daemonize] [-d|--debug] [--disable] [--enable]
|
2009-02-01 03:05:48 +03:00
|
|
|
# [-h|--help] [--fqdn <host name>] [-l|--logdest syslog|<file>|console]
|
|
|
|
|
# [-o|--onetime] [--serve <handler>] [-t|--test] [--noop]
|
|
|
|
|
# [-V|--version] [-v|--verbose] [-w|--waitforcert <seconds>]
|
2005-08-29 21:12:57 +04:00
|
|
|
#
|
|
|
|
|
# = Description
|
|
|
|
|
#
|
|
|
|
|
# This is the main puppet client. Its job is to retrieve the local machine's
|
|
|
|
|
# configuration from a remote server and apply it. In order to successfully
|
|
|
|
|
# communicate with the remote server, the client must have a certificate signed
|
|
|
|
|
# by a certificate authority that the server trusts; the recommended method
|
|
|
|
|
# for this, at the moment, is to run a certificate authority as part of the
|
|
|
|
|
# puppet server (which is the default). The client will connect and request
|
|
|
|
|
# a signed certificate, and will continue connecting until it receives one.
|
|
|
|
|
#
|
|
|
|
|
# Once the client has a signed certificate, it will retrieve its configuration
|
|
|
|
|
# and apply it.
|
|
|
|
|
#
|
2006-04-30 22:11:07 +04:00
|
|
|
# = Usage Notes
|
|
|
|
|
#
|
|
|
|
|
# +puppetd+ does its best to find a compromise between interactive use and
|
|
|
|
|
# daemon use. Run with no arguments and no configuration, it will go into the
|
|
|
|
|
# backgroun, attempt to get a signed certificate, and retrieve and apply its
|
|
|
|
|
# configuration every 30 minutes.
|
|
|
|
|
#
|
|
|
|
|
# Some flags are meant specifically for interactive use -- in particular,
|
2007-06-14 09:36:30 +04:00
|
|
|
# +test+ and +tags+ are useful. +test+ enables verbose logging, causes
|
2006-04-30 22:11:07 +04:00
|
|
|
# the daemon to stay in the foreground, exits if the server's configuration is
|
|
|
|
|
# invalid (this happens if, for instance, you've left a syntax error on the
|
|
|
|
|
# server), and exits after running the configuration once (rather than hanging
|
|
|
|
|
# around as a long-running process).
|
|
|
|
|
#
|
2007-03-19 20:43:58 +03:00
|
|
|
# +tags+ allows you to specify what portions of a configuration you want to apply.
|
2006-04-30 22:11:07 +04:00
|
|
|
# Puppet elements are tagged with all of the class or definition names that
|
2007-03-19 20:43:58 +03:00
|
|
|
# contain them, and you can use the +tags+ flag to specify one of these names,
|
2006-04-30 22:11:07 +04:00
|
|
|
# causing only configuration elements contained within that class or definition
|
|
|
|
|
# to be applied. This is very useful when you are testing new configurations --
|
|
|
|
|
# for instance, if you are just starting to manage +ntpd+, you would put all of
|
2007-03-19 20:43:58 +03:00
|
|
|
# the new elements into an +ntpd+ class, and call puppet with +--tags ntpd+,
|
2006-04-30 22:11:07 +04:00
|
|
|
# which would only apply that small portion of the configuration during your
|
|
|
|
|
# testing, rather than applying the whole thing.
|
2006-04-12 03:08:48 +04:00
|
|
|
#
|
2005-08-29 21:12:57 +04:00
|
|
|
# = Options
|
|
|
|
|
#
|
2006-02-08 02:12:33 +03:00
|
|
|
# Note that any configuration parameter that's valid in the configuration file
|
|
|
|
|
# is also a valid long argument. For example, 'server' is a valid configuration
|
|
|
|
|
# parameter, so you can specify '--server <servername>' as an argument.
|
|
|
|
|
#
|
2006-04-30 22:11:07 +04:00
|
|
|
# See the configuration file documentation at
|
2008-05-16 19:06:18 +04:00
|
|
|
# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for
|
2006-09-19 13:05:04 +04:00
|
|
|
# the full list of acceptable parameters. A commented list of all
|
|
|
|
|
# configuration options can also be generated by running puppetd with
|
|
|
|
|
# '--genconfig'.
|
2006-04-30 22:11:07 +04:00
|
|
|
#
|
|
|
|
|
# daemonize::
|
2007-10-04 02:06:06 +04:00
|
|
|
# Send the process into the background. This is the default.
|
|
|
|
|
#
|
|
|
|
|
# no-daemonize::
|
|
|
|
|
# Do not send the process into the background.
|
2006-04-30 22:11:07 +04:00
|
|
|
#
|
|
|
|
|
# debug::
|
|
|
|
|
# Enable full debugging.
|
2006-02-08 02:12:33 +03:00
|
|
|
#
|
2006-02-14 03:14:56 +03:00
|
|
|
# disable::
|
|
|
|
|
# Disable working on the local system. This puts a lock file in place,
|
|
|
|
|
# causing +puppetd+ not to work on the system until the lock file is removed.
|
|
|
|
|
# This is useful if you are testing a configuration and do not want the central
|
|
|
|
|
# configuration to override the local state until everything is tested and
|
|
|
|
|
# committed.
|
|
|
|
|
#
|
2006-04-12 03:08:48 +04:00
|
|
|
# +puppetd+ uses the same lock file while it is running, so no more than one
|
|
|
|
|
# +puppetd+ process is working at a time.
|
|
|
|
|
#
|
2006-02-14 03:14:56 +03:00
|
|
|
# +puppetd+ exits after executing this.
|
|
|
|
|
#
|
|
|
|
|
# enable::
|
|
|
|
|
# Enable working on the local system. This removes any lock file, causing
|
2006-04-12 03:08:48 +04:00
|
|
|
# +puppetd+ to start managing the local system again (although it will continue
|
|
|
|
|
# to use its normal scheduling, so it might not start for another half hour).
|
2006-02-14 03:14:56 +03:00
|
|
|
#
|
|
|
|
|
# +puppetd+ exits after executing this.
|
|
|
|
|
#
|
2005-08-29 21:12:57 +04:00
|
|
|
# fqdn::
|
|
|
|
|
# Set the fully-qualified domain name of the client. This is only used for
|
|
|
|
|
# certificate purposes, but can be used to override the discovered hostname.
|
|
|
|
|
# If you need to use this flag, it is generally an indication of a setup problem.
|
|
|
|
|
#
|
2006-04-30 22:11:07 +04:00
|
|
|
# help::
|
|
|
|
|
# Print this help message
|
|
|
|
|
#
|
2005-08-29 21:12:57 +04:00
|
|
|
# logdest::
|
|
|
|
|
# Where to send messages. Choose between syslog, the console, and a log file.
|
2006-02-08 02:12:33 +03:00
|
|
|
# Defaults to sending messages to syslog, or the console if debugging or
|
|
|
|
|
# verbosity is enabled.
|
2005-08-29 21:12:57 +04:00
|
|
|
#
|
2006-12-06 23:41:10 +03:00
|
|
|
# no-client::
|
|
|
|
|
# Do not create a config client. This will cause the daemon to run
|
|
|
|
|
# without ever checking for its configuration automatically, and only
|
|
|
|
|
# makes sense when used in conjunction with --listen.
|
|
|
|
|
#
|
2006-01-19 00:30:56 +03:00
|
|
|
# onetime::
|
2006-01-24 01:38:39 +03:00
|
|
|
# Run the configuration once, rather than as a long-running daemon. This is
|
|
|
|
|
# useful for interactively running puppetd.
|
|
|
|
|
#
|
2006-05-19 02:16:03 +04:00
|
|
|
# serve::
|
2007-05-18 21:51:49 +04:00
|
|
|
# Start another type of server. By default, +puppetd+ will start
|
2007-05-02 22:15:28 +04:00
|
|
|
# a service handler that allows authenticated and authorized remote nodes to
|
|
|
|
|
# trigger the configuration to be pulled down and applied. You can specify
|
|
|
|
|
# any handler here that does not require configuration, e.g., filebucket, ca,
|
|
|
|
|
# or resource. The handlers are in +lib/puppet/network/handler+, and the names
|
|
|
|
|
# must match exactly, both in the call to +serve+ and in +namespaceauth.conf+.
|
2006-05-19 02:16:03 +04:00
|
|
|
#
|
2006-04-12 03:08:48 +04:00
|
|
|
# test::
|
|
|
|
|
# Enable the most common options used for testing. These are +onetime+,
|
2009-05-18 11:23:07 +04:00
|
|
|
# +verbose+, +ignorecache, +no-daemonize+, and +no-usecacheonfailure+.
|
2006-04-12 03:08:48 +04:00
|
|
|
#
|
2008-05-16 19:06:18 +04:00
|
|
|
# noop::
|
|
|
|
|
# Use +noop+ mode where the daemon runs in a no-op or dry-run mode. This is useful
|
|
|
|
|
# for seeing what changes Puppet will make without actually executing the changes.
|
|
|
|
|
#
|
2005-08-29 21:12:57 +04:00
|
|
|
# verbose::
|
|
|
|
|
# Turn on verbose reporting.
|
|
|
|
|
#
|
|
|
|
|
# version::
|
|
|
|
|
# Print the puppet version number and exit.
|
|
|
|
|
#
|
2005-08-30 02:53:44 +04:00
|
|
|
# waitforcert::
|
2006-04-30 22:11:07 +04:00
|
|
|
# This option only matters for daemons that do not yet have certificates
|
2006-07-21 19:37:15 +04:00
|
|
|
# and it is enabled by default, with a value of 120 (seconds). This causes
|
|
|
|
|
# +puppetd+ to connect to the server every 2 minutes and ask it to sign a
|
2006-04-30 22:11:07 +04:00
|
|
|
# certificate request. This is useful for the initial setup of a puppet
|
2006-06-08 20:18:48 +04:00
|
|
|
# client. You can turn off waiting for certificates by specifying a time
|
|
|
|
|
# of 0.
|
2005-08-30 02:53:44 +04:00
|
|
|
#
|
2005-08-29 21:12:57 +04:00
|
|
|
# = Example
|
|
|
|
|
#
|
2006-02-08 02:12:33 +03:00
|
|
|
# puppetd --server puppet.domain.com
|
2005-08-29 21:12:57 +04:00
|
|
|
#
|
|
|
|
|
# = Author
|
|
|
|
|
#
|
|
|
|
|
# Luke Kanies
|
|
|
|
|
#
|
|
|
|
|
# = Copyright
|
|
|
|
|
#
|
2006-02-08 02:12:33 +03:00
|
|
|
# Copyright (c) 2005, 2006 Reductive Labs, LLC
|
2005-08-29 21:12:57 +04:00
|
|
|
# Licensed under the GNU Public License
|
2005-08-23 20:09:14 +04:00
|
|
|
|
2009-02-14 19:16:20 +03:00
|
|
|
require 'puppet/application/puppetd'
|
|
|
|
|
Puppet::Application[:puppetd].run
|
