diff options
| author | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2006-07-06 04:43:07 +0000 |
|---|---|---|
| committer | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2006-07-06 04:43:07 +0000 |
| commit | 8a10b0802cd4e91d67acfad1a4e2fb47a173f5b3 (patch) | |
| tree | f50e8141821c7d983c3abf3b41facbb4582c0a74 /documentation | |
| parent | e57f6e78ce305850b93e7da683a13597eb41936f (diff) | |
| download | puppet-8a10b0802cd4e91d67acfad1a4e2fb47a173f5b3.tar.gz puppet-8a10b0802cd4e91d67acfad1a4e2fb47a173f5b3.tar.xz puppet-8a10b0802cd4e91d67acfad1a4e2fb47a173f5b3.zip | |
Adding the newly generated docs
git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1374 980ebf18-57e1-0310-9a29-db15c13687c0
Diffstat (limited to 'documentation')
| -rw-r--r-- | documentation/puppetd-executable-reference.page | 369 | ||||
| -rw-r--r-- | documentation/typedocs.page | 1864 |
2 files changed, 1233 insertions, 1000 deletions
diff --git a/documentation/puppetd-executable-reference.page b/documentation/puppetd-executable-reference.page index eb344249d..e64addcd8 100644 --- a/documentation/puppetd-executable-reference.page +++ b/documentation/puppetd-executable-reference.page @@ -15,334 +15,375 @@ This will not always be the case. I have tried to be as thorough as possible in the descriptions of the arguments, so it should be obvious whether an argument is approprite or not. -* **authconfig** (*puppet*) +Any default values are in ``block type`` at the end of the description. - The configuration file that defines the rights to the different namespaces and methods. This can be used as a coarse-grained authorization system for both ``puppetd`` and ``puppetmasterd``. +#### authconfig (<em>puppet</em>) -* **autosign** (*ca*) +The configuration file that defines the rights to the different namespaces and methods. This can be used as a coarse-grained authorization system for both ``puppetd`` and ``puppetmasterd``. ``/etc/puppet/namespaceauth.conf`` - Whether to enable autosign. Valid values are true (which autosigns any key request, and is a very bad idea), false (which never autosigns any key request), and the path to a file, which uses that configuration file to determine which keys to sign. +#### autosign (<em>ca</em>) -* **bucketdir** (*filebucket*) +Whether to enable autosign. Valid values are true (which autosigns any key request, and is a very bad idea), false (which never autosigns any key request), and the path to a file, which uses that configuration file to determine which keys to sign. ``/etc/puppet/autosign.conf`` - Where FileBucket files are stored. +#### bucketdir (<em>filebucket</em>) -* **ca_days** (*ca*) +Where FileBucket files are stored. ``/var/puppet/bucket`` - How long a certificate should be valid. +#### ca_days (<em>ca</em>) -* **ca_md** (*ca*) +How long a certificate should be valid. ``1825`` - The type of hash used in certificates. +#### ca_md (<em>ca</em>) -* **cacert** (*ca*) +The type of hash used in certificates. ``md5`` - The CA certificate. +#### cacert (<em>ca</em>) -* **cadir** (*ca*) +The CA certificate. ``/etc/puppet/ssl/ca/ca_crt.pem`` - The root directory for the certificate authority. +#### cadir (<em>ca</em>) -* **cakey** (*ca*) +The root directory for the certificate authority. ``/etc/puppet/ssl/ca`` - The CA private key. +#### cakey (<em>ca</em>) -* **capass** (*ca*) +The CA private key. ``/etc/puppet/ssl/ca/ca_key.pem`` - Where the CA stores the password for the private key +#### capass (<em>ca</em>) -* **caprivatedir** (*ca*) +Where the CA stores the password for the private key ``/etc/puppet/ssl/ca/private/ca.pass`` - Where the CA stores private certificate information. +#### caprivatedir (<em>ca</em>) -* **capub** (*ca*) +Where the CA stores private certificate information. ``/etc/puppet/ssl/ca/private`` - The CA public key. +#### capub (<em>ca</em>) -* **certdir** (*certificates*) +The CA public key. ``/etc/puppet/ssl/ca/ca_pub.pem`` - The certificate directory. +#### certdir (<em>certificates</em>) -* **classfile** (*puppetd*) +The certificate directory. ``/etc/puppet/ssl/certs`` - The file in which puppetd stores a list of the classes associated with the retrieved configuratiion. Can be loaded in the separate ``puppet`` executable using the ``--loadclasses`` option. +#### classfile (<em>puppetd</em>) -* **color** (*puppet*) +The file in which puppetd stores a list of the classes associated with the retrieved configuratiion. Can be loaded in the separate ``puppet`` executable using the ``--loadclasses`` option. ``/etc/puppet/classes.txt`` - Whether to use ANSI colors when logging to the console. +#### color (<em>puppet</em>) -* **confdir** (*puppet*) +Whether to use ANSI colors when logging to the console. ``true`` - The main Puppet configuration directory. +#### confdir (<em>puppet</em>) -* **config** (*puppetdoc*) +The main Puppet configuration directory. ``/etc/puppet`` - The configuration file for puppetdoc. +#### config (<em>puppetdoc</em>) -* **csrdir** (*ca*) +The configuration file for puppetdoc. ``/etc/puppet/puppetdoc.conf`` - Where the CA stores certificate requests +#### csrdir (<em>ca</em>) -* **dbadapter** (*puppetmaster*) +Where the CA stores certificate requests ``/etc/puppet/ssl/ca/requests`` - The type of database to use. +#### dbadapter (<em>puppetmaster</em>) -* **dblocation** (*puppetmaster*) +The type of database to use. ``sqlite3`` - The database cache for client configurations. Used for querying within the language. +#### dblocation (<em>puppetmaster</em>) -* **dbname** (*puppetmaster*) +The database cache for client configurations. Used for querying within the language. ``/var/puppet/state/clientconfigs.sqlite3`` - The name of the database to use. +#### dbname (<em>puppetmaster</em>) -* **dbpassword** (*puppetmaster*) +The name of the database to use. ``puppet`` - The database password for Client caching. Only used when networked databases are used. +#### dbpassword (<em>puppetmaster</em>) -* **dbserver** (*puppetmaster*) +The database password for Client caching. Only used when networked databases are used. ``puppet`` - The database server for Client caching. Only used when networked databases are used. +#### dbserver (<em>puppetmaster</em>) -* **dbuser** (*puppetmaster*) +The database server for Client caching. Only used when networked databases are used. ``puppet`` - The database user for Client caching. Only used when networked databases are used. +#### dbuser (<em>puppetmaster</em>) -* **fileserverconfig** (*fileserver*) +The database user for Client caching. Only used when networked databases are used. ``puppet`` - Where the fileserver configuration is stored. +#### fileserverconfig (<em>fileserver</em>) -* **genconfig** (*puppet*) +Where the fileserver configuration is stored. ``/etc/puppet/fileserver.conf`` - Whether to just print a configuration to stdout and exit. Only makes sense when used interactively. Takes into account arguments specified on the CLI. +#### genconfig (<em>puppet</em>) -* **genmanifest** (*puppet*) +Whether to just print a configuration to stdout and exit. Only makes sense when used interactively. Takes into account arguments specified on the CLI. - Whether to just print a manifest to stdout and exit. Only makes sense when used interactively. Takes into account arguments specified on the CLI. +#### genmanifest (<em>puppet</em>) -* **group** (*puppetmasterd*) +Whether to just print a manifest to stdout and exit. Only makes sense when used interactively. Takes into account arguments specified on the CLI. - The group puppetmasterd should run as. +#### group (<em>puppetmasterd</em>) -* **httplog** (*puppetd*) +The group puppetmasterd should run as. ``puppet`` - Where the puppetd web server logs. +#### httplog (<em>puppetd</em>) -* **ignoreschedules** (*puppetd*) +Where the puppetd web server logs. ``/var/puppet/log/http.log`` - Boolean; whether puppetd should ignore schedules. This is useful for initial puppetd runs. +#### ignoreschedules (<em>puppetd</em>) -* **keylength** (*ca*) +Boolean; whether puppetd should ignore schedules. This is useful for initial puppetd runs. - The bit length of keys. +#### keylength (<em>ca</em>) -* **ldapattrs** (*ldap*) +The bit length of keys. ``1024`` - The LDAP attributes to use to define Puppet classes. Values should be comma-separated. +#### ldapattrs (<em>ldap</em>) -* **ldapbase** (*ldap*) +The LDAP attributes to use to define Puppet classes. Values should be comma-separated. ``puppetclass`` - The search base for LDAP searches. It's impossible to provide a meaningful default here, although the LDAP libraries might have one already set. Generally, it should be the 'ou=Hosts' branch under your main directory. +#### ldapbase (<em>ldap</em>) -* **ldapnodes** (*ldap*) +The search base for LDAP searches. It's impossible to provide a meaningful default here, although the LDAP libraries might have one already set. Generally, it should be the 'ou=Hosts' branch under your main directory. - Whether to search for node configurations in LDAP. +#### ldapnodes (<em>ldap</em>) -* **ldapparentattr** (*ldap*) +Whether to search for node configurations in LDAP. - The attribute to use to define the parent node. +#### ldapparentattr (<em>ldap</em>) -* **ldappassword** (*ldap*) +The attribute to use to define the parent node. ``parentnode`` - The password to use to connect to LDAP. +#### ldappassword (<em>ldap</em>) -* **ldapport** (*ldap*) +The password to use to connect to LDAP. - The LDAP port. Only used if ``ldapnodes`` is enabled. +#### ldapport (<em>ldap</em>) -* **ldapserver** (*ldap*) +The LDAP port. Only used if ``ldapnodes`` is enabled. ``389`` - The LDAP server. Only used if ``ldapnodes`` is enabled. +#### ldapserver (<em>ldap</em>) -* **ldapssl** (*ldap*) +The LDAP server. Only used if ``ldapnodes`` is enabled. ``ldap`` - Whether SSL should be used when searching for nodes. Defaults to false because SSL usually requires certificates to be set up on the client side. +#### ldapssl (<em>ldap</em>) -* **ldapstring** (*ldap*) +Whether SSL should be used when searching for nodes. Defaults to false because SSL usually requires certificates to be set up on the client side. - The search string used to find an LDAP node. +#### ldapstring (<em>ldap</em>) -* **ldaptls** (*ldap*) +The search string used to find an LDAP node. ``(&(objectclass=puppetClient)(cn=%s))`` - Whether TLS should be used when searching for nodes. Defaults to false because TLS usually requires certificates to be set up on the client side. +#### ldaptls (<em>ldap</em>) -* **ldapuser** (*ldap*) +Whether TLS should be used when searching for nodes. Defaults to false because TLS usually requires certificates to be set up on the client side. - The user to use to connect to LDAP. Must be specified as a full DN. +#### ldapuser (<em>ldap</em>) -* **lexical** (*puppet*) +The user to use to connect to LDAP. Must be specified as a full DN. - Whether to use lexical scoping (vs. dynamic). +#### lexical (<em>puppet</em>) -* **listen** (*puppetd*) +Whether to use lexical scoping (vs. dynamic). - Whether puppetd should listen for connections. If this is true, then by default only the ``runner`` server is started, which allows remote authorized and authenticated nodes to connect and trigger ``puppetd`` runs. +#### listen (<em>puppetd</em>) -* **localconfig** (*puppetd*) +Whether puppetd should listen for connections. If this is true, then by default only the ``runner`` server is started, which allows remote authorized and authenticated nodes to connect and trigger ``puppetd`` runs. - Where puppetd caches the local configuration. An extension indicating the cache format is added automatically. +#### localconfig (<em>puppetd</em>) -* **lockdir** (*puppet*) +Where puppetd caches the local configuration. An extension indicating the cache format is added automatically. ``/etc/puppet/localconfig`` - Where lock files are kept. +#### lockdir (<em>puppet</em>) -* **logdir** (*puppet*) +Where lock files are kept. ``/var/puppet/locks`` - The Puppet log directory. +#### logdir (<em>puppet</em>) -* **manifest** (*puppetmasterd*) +The Puppet log directory. ``/var/puppet/log`` - The entry-point manifest for puppetmasterd. +#### manifest (<em>puppetmasterd</em>) -* **manifestdir** (*puppetmasterd*) +The entry-point manifest for puppetmasterd. ``/etc/puppet/manifests/site.pp`` - Where puppetmasterd looks for its manifests. +#### manifestdir (<em>puppetmasterd</em>) -* **masterhttplog** (*puppetmasterd*) +Where puppetmasterd looks for its manifests. ``/etc/puppet/manifests`` - Where the puppetmasterd web server logs. +#### masterhttplog (<em>puppetmasterd</em>) -* **masterlog** (*puppetmasterd*) +Where the puppetmasterd web server logs. ``/var/puppet/log/masterhttp.log`` - Where puppetmasterd logs. This is generally not used, since syslog is the default log destination. +#### masterlog (<em>puppetmasterd</em>) -* **masterport** (*puppetmasterd*) +Where puppetmasterd logs. This is generally not used, since syslog is the default log destination. ``/var/puppet/log/puppetmaster.log`` - Which port puppetmasterd listens on. +#### masterport (<em>puppetmasterd</em>) -* **mkusers** (*puppet*) +Which port puppetmasterd listens on. ``8140`` - Whether to create the necessary user and group that puppetd will run as. +#### mkusers (<em>puppet</em>) -* **noop** (*puppetd*) +Whether to create the necessary user and group that puppetd will run as. - Whether puppetd should be run in noop mode. +#### noop (<em>puppetd</em>) -* **paramcheck** (*ast*) +Whether puppetd should be run in noop mode. - Whether to validate parameters during parsing. +#### paramcheck (<em>ast</em>) -* **parseonly** (*puppetmasterd*) +Whether to validate parameters during parsing. ``true`` - Just check the syntax of the manifests. +#### parseonly (<em>puppetmasterd</em>) -* **passfile** (*certificates*) +Just check the syntax of the manifests. - Where puppetd stores the password for its private key. Generally unused. +#### passfile (<em>certificates</em>) -* **privatedir** (*certificates*) +Where puppetd stores the password for its private key. Generally unused. ``/etc/puppet/ssl/private/password`` - Where the client stores private certificate information. +#### plugindest (<em>puppet</em>) -* **privatekeydir** (*certificates*) +Where Puppet should store plugins that it pulls down from the central server. ``/var/puppet/plugins`` - The private key directory. +#### pluginpath (<em>puppet</em>) -* **publickeydir** (*certificates*) +Where Puppet should look for plugins. Multiple directories should be colon-separated, like normal PATH variables. ``/var/puppet/plugins`` - The public key directory. +#### pluginsignore (<em>puppet</em>) -* **puppetdlockfile** (*puppetd*) +What files to ignore when pulling down plugins.. ``.svn CVS`` - A lock file to temporarily stop puppetd from doing anything. +#### pluginsource (<em>puppet</em>) -* **puppetdlog** (*puppetd*) +From where to retrieve plugins. The standard Puppet ``file`` type is used for retrieval, so anything that is a valid file source can be used here. ``puppet://puppet/plugins`` - The log file for puppetd. This is generally not used. +#### pluginsync (<em>puppet</em>) -* **puppetport** (*puppetd*) +Whether plugins should be synced with the central server. - Which port puppetd listens on. +#### privatedir (<em>certificates</em>) -* **railslog** (*puppetmaster*) +Where the client stores private certificate information. ``/etc/puppet/ssl/private`` - Where Rails-specific logs are sent +#### privatekeydir (<em>certificates</em>) -* **req_bits** (*ca*) +The private key directory. ``/etc/puppet/ssl/private_keys`` - The bit length of the certificates. +#### publickeydir (<em>certificates</em>) -* **rrddir** (*metrics*) +The public key directory. ``/etc/puppet/ssl/public_keys`` - The directory where RRD database files are stored. +#### puppetdlockfile (<em>puppetd</em>) -* **rrdgraph** (*metrics*) +A lock file to temporarily stop puppetd from doing anything. ``/var/puppet/state/puppetdlock`` - Whether RRD information should be graphed. +#### puppetdlog (<em>puppetd</em>) -* **rundir** (*puppet*) +The log file for puppetd. This is generally not used. ``/var/puppet/log/puppetd.log`` - Where Puppet PID files are kept. +#### puppetport (<em>puppetd</em>) -* **runinterval** (*puppetd*) +Which port puppetd listens on. ``8139`` - How often puppetd applies the client configuration; in seconds +#### railslog (<em>puppetmaster</em>) -* **serial** (*ca*) +Where Rails-specific logs are sent ``/var/puppet/log/puppetrails.log`` - Where the serial number for certificates is stored. +#### report (<em>puppetd</em>) -* **server** (*puppetd*) +Whether to send reports after every transaction. - The server to which server puppetd should connect +#### reportdirectory (<em>reporting</em>) -* **setpidfile** (*puppet*) +The directory in which to store reports received from the client. Each client gets a separate subdirectory. ``/var/puppet/reports`` - Whether to store a PID file for the daemon. +#### reports (<em>reporting</em>) -* **signeddir** (*ca*) +The list of reports to generate. All reports are looked for in puppet/reports/<name>.rb, and multiple report names should be comma-separated (whitespace is okay). ``none`` - Where the CA stores signed certificates. +#### reportserver (<em>puppetd</em>) -* **ssldir** (*puppet*) +The server to which to send transaction reports. ``puppet`` - Where SSL certificates are kept. +#### req_bits (<em>ca</em>) -* **statedir** (*puppet*) +The bit length of the certificates. ``2048`` - The directory where Puppet state is stored. Generally, this directory can be removed without causing harm (although it might result in spurious service restarts). +#### rrddir (<em>metrics</em>) -* **statefile** (*puppet*) +The directory where RRD database files are stored. ``/var/puppet/rrd`` - Where puppetd and puppetmasterd store state associated with the running configuration. In the case of puppetmasterd, this file reflects the state discovered through interacting with clients. +#### rrdgraph (<em>metrics</em>) -* **storeconfigs** (*puppetmaster*) +Whether RRD information should be graphed. - Whether to store each client's configuration. This requires ActiveRecord from Ruby on Rails. +#### rundir (<em>puppet</em>) -* **tags** (*transaction*) +Where Puppet PID files are kept. ``/var/puppet/run`` - Tags to use to find objects. If this is set, then only objects tagged with the specified tags will be applied. Values must be comma-separated. +#### runinterval (<em>puppetd</em>) -* **typecheck** (*ast*) +How often puppetd applies the client configuration; in seconds ``1800`` - Whether to validate types during parsing. +#### serial (<em>ca</em>) -* **usecacheonfailure** (*puppetd*) +Where the serial number for certificates is stored. ``/etc/puppet/ssl/ca/serial`` - Whether to use the cached configuration when the remote configuration will not compile. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known-good one. +#### server (<em>puppetd</em>) -* **user** (*puppetmasterd*) +The server to which server puppetd should connect ``puppet`` - The user puppetmasterd should run as. +#### setpidfile (<em>puppet</em>) -* **vardir** (*puppet*) +Whether to store a PID file for the daemon. ``true`` - Where Puppet stores dynamic and growing data. +#### signeddir (<em>ca</em>) + +Where the CA stores signed certificates. ``/etc/puppet/ssl/ca/signed`` + +#### ssldir (<em>puppet</em>) + +Where SSL certificates are kept. ``/etc/puppet/ssl`` + +#### statedir (<em>puppet</em>) + +The directory where Puppet state is stored. Generally, this directory can be removed without causing harm (although it might result in spurious service restarts). ``/var/puppet/state`` + +#### statefile (<em>puppet</em>) + +Where puppetd and puppetmasterd store state associated with the running configuration. In the case of puppetmasterd, this file reflects the state discovered through interacting with clients. ``/var/puppet/state/state.yaml`` + +#### storeconfigs (<em>puppetmaster</em>) + +Whether to store each client's configuration. This requires ActiveRecord from Ruby on Rails. + +#### tags (<em>transaction</em>) + +Tags to use to find objects. If this is set, then only objects tagged with the specified tags will be applied. Values must be comma-separated. + +#### templatedir (<em>puppet</em>) + +Where Puppet looks for template files. ``/var/puppet/templates`` + +#### typecheck (<em>ast</em>) + +Whether to validate types during parsing. ``true`` + +#### usecacheonfailure (<em>puppetd</em>) + +Whether to use the cached configuration when the remote configuration will not compile. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known-good one. ``true`` + +#### user (<em>puppetmasterd</em>) + +The user puppetmasterd should run as. ``puppet`` + +#### vardir (<em>puppet</em>) + +Where Puppet stores dynamic and growing data. ``/var/puppet`` ---------------- -*$Id$* -*This page autogenerated on Fri Jun 16 14:45:05 PDT 2006* +*This page autogenerated on Wed Jul 05 23:33:28 CDT 2006* diff --git a/documentation/typedocs.page b/documentation/typedocs.page index d1e5a74ba..21bce23e0 100644 --- a/documentation/typedocs.page +++ b/documentation/typedocs.page @@ -6,8 +6,25 @@ title: Type Reference - -## Meta-Parameters +## Table of Contents +1. <a href='#meta-parameters'>Meta-Parameters</a> +1. <a href='#cron'>Cron</a> +1. <a href='#exec'>Exec</a> +1. <a href='#file'>File</a> +1. <a href='#filebucket'>Filebucket</a> +1. <a href='#group'>Group</a> +1. <a href='#host'>Host</a> +1. <a href='#mount'>Mount</a> +1. <a href='#package'>Package</a> +1. <a href='#port'>Port</a> +1. <a href='#schedule'>Schedule</a> +1. <a href='#service'>Service</a> +1. <a href='#sshkey'>Sshkey</a> +1. <a href='#symlink'>Symlink</a> +1. <a href='#tidy'>Tidy</a> +1. <a href='#user'>User</a> + +<h2><a name="meta-parameters">Meta-Parameters</a></h2> Metaparameters are parameters that work with any element; they are part of the Puppet framework itself rather than being part of the implementation of any @@ -15,137 +32,178 @@ given instance. Thus, any defined metaparameter can be used with any instance in your manifest, including defined components. -- **alias**: - Creates an alias for the object. Puppet uses this internally when you - provide a symbolic name: - - file { sshdconfig: - path => $operatingsystem ? { - solaris => "/usr/local/etc/ssh/sshd_config", - default => "/etc/ssh/sshd_config" - }, - source => "..." - } - - service { sshd: - subscribe => file[sshdconfig] - } - - When you use this feature, the parser sets ``sshdconfig`` as the name, - and the library sets that as an alias for the file so the dependency - lookup for ``sshd`` works. You can use this parameter yourself, - but note that only the library can use these aliases; for instance, - the following code will not work: - - file { "/etc/ssh/sshd_config": - owner => root, - group => root, - alias => sshdconfig - } - - file { sshdconfig: - mode => 644 - } - - There's no way here for the Puppet parser to know that these two stanzas - should be affecting the same file. - - See the [language tutorial][] for more information. - - [language tutorial]: languagetutorial.html - -- **check**: - States which should have their values retrieved - but which should not actually be modified. This is currently used - internally, but will eventually be used for querying, so that you - could specify that you wanted to check the install state of all - packages, and then query the Puppet client daemon to get reports - on all packages. -- **loglevel**: - Sets the level that information will be logged. - The log levels have the biggest impact when logs are sent to - syslog (which is currently the default). Valid values are ``debug``, ``info``, ``notice``, ``warning``, ``err``, ``alert``, ``emerg``, ``crit``, ``verbose``. -- **noop**: - Boolean flag indicating whether work should actually - be done. *true*/**false** -- **require**: - One or more objects that this object depends on. - This is used purely for guaranteeing that changes to required objects - happen before the dependent object. For instance: - - # Create the destination directory before you copy things down - file { "/usr/local/scripts": - ensure => directory - } - - file { "/usr/local/scripts/myscript": - source => "puppet://server/module/myscript", - mode => 755, - require => file["/usr/local/scripts"] - } - - Note that Puppet will autorequire everything that it can, and - there are hooks in place so that it's easy for elements to add new - ways to autorequire objects, so if you think Puppet could be - smarter here, let us know. - - In fact, the above code was redundant -- Puppet will autorequire - any parent directories that are being managed; it will - automatically realize that the parent directory should be created - before the script is pulled down. - - Currently, exec elements will autorequire their CWD (if it is - specified) plus any fully qualified paths that appear in the - command. For instance, if you had an ``exec`` command that ran - the ``myscript`` mentioned above, the above code that pulls the - file down would be automatically listed as a requirement to the - ``exec`` code, so that you would always be running againts the - most recent version. -- **schedule**: - On what schedule the object should be managed. You must create a - schedule object, and then reference the name of that object to use - that for your schedule: - - schedule { daily: - period => daily, - range => "2-4" - } - - exec { "/usr/bin/apt-get update": - schedule => daily +#### alias +Creates an alias for the object. Puppet uses this internally when you +provide a symbolic name: + + file { sshdconfig: + path => $operatingsystem ? { + solaris => "/usr/local/etc/ssh/sshd_config", + default => "/etc/ssh/sshd_config" + }, + source => "..." + } + + service { sshd: + subscribe => file[sshdconfig] + } + +When you use this feature, the parser sets ``sshdconfig`` as the name, +and the library sets that as an alias for the file so the dependency +lookup for ``sshd`` works. You can use this parameter yourself, +but note that only the library can use these aliases; for instance, +the following code will not work: + + file { "/etc/ssh/sshd_config": + owner => root, + group => root, + alias => sshdconfig + } + + file { sshdconfig: + mode => 644 + } + +There's no way here for the Puppet parser to know that these two stanzas +should be affecting the same file. + +See the [language tutorial][] for more information. + +[language tutorial]: languagetutorial.html + + +#### before +This parameter is the opposite of **require** -- it guarantees +that the specified object is applied later than the specifying +object: + + file { "/var/nagios/configuration": + source => "...", + recurse => true, + before => exec["nagios-rebuid"] + } + + exec { "nagios-rebuild": + command => "/usr/bin/make", + cwd => "/var/nagios/configuration" + } + +This will make sure all of the files are up to date before the +make command is run. + +#### check +States which should have their values retrieved +but which should not actually be modified. This is currently used +internally, but will eventually be used for querying, so that you +could specify that you wanted to check the install state of all +packages, and then query the Puppet client daemon to get reports +on all packages. + +#### loglevel +Sets the level that information will be logged. +The log levels have the biggest impact when logs are sent to +syslog (which is currently the default). Valid values are ``debug``, ``info``, ``notice``, ``warning``, ``err``, ``alert``, ``emerg``, ``crit``, ``verbose``. + +#### noop +Boolean flag indicating whether work should actually +be done. *true*/**false** + +#### notify +This parameter is the opposite of **subscribe** -- it sends events +to the specified object: + + file { "/etc/sshd_config": + source => "....", + notify => service[sshd] + } + + service { sshd: + ensure => running + } + +This will restart the sshd service if the sshd config file changes. + +#### require +One or more objects that this object depends on. +This is used purely for guaranteeing that changes to required objects +happen before the dependent object. For instance: + + # Create the destination directory before you copy things down + file { "/usr/local/scripts": + ensure => directory + } + + file { "/usr/local/scripts/myscript": + source => "puppet://server/module/myscript", + mode => 755, + require => file["/usr/local/scripts"] + } + +Note that Puppet will autorequire everything that it can, and +there are hooks in place so that it's easy for elements to add new +ways to autorequire objects, so if you think Puppet could be +smarter here, let us know. + +In fact, the above code was redundant -- Puppet will autorequire +any parent directories that are being managed; it will +automatically realize that the parent directory should be created +before the script is pulled down. + +Currently, exec elements will autorequire their CWD (if it is +specified) plus any fully qualified paths that appear in the +command. For instance, if you had an ``exec`` command that ran +the ``myscript`` mentioned above, the above code that pulls the +file down would be automatically listed as a requirement to the +``exec`` code, so that you would always be running againts the +most recent version. + +#### schedule +On what schedule the object should be managed. You must create a +schedule object, and then reference the name of that object to use +that for your schedule: + + schedule { daily: + period => daily, + range => "2-4" + } + + exec { "/usr/bin/apt-get update": + schedule => daily + } + +The creation of the schedule object does not need to appear in the +configuration before objects that use it. + +#### subscribe +One or more objects that this object depends on. Changes in the +subscribed to objects result in the dependent objects being +refreshed (e.g., a service will get restarted). For instance: + + class nagios { + file { "/etc/nagios/nagios.conf": + source => "puppet://server/module/nagios.conf", + alias => nagconf # just to make things easier for me } - - The creation of the schedule object does not need to appear in the - configuration before objects that use it. -- **subscribe**: - One or more objects that this object depends on. Changes in the - subscribed to objects result in the dependent objects being - refreshed (e.g., a service will get restarted). For instance: - - class nagios { - file { "/etc/nagios/nagios.conf": - source => "puppet://server/module/nagios.conf", - alias => nagconf # just to make things easier for me - } - - service { nagios: - running => true, - subscribe => file[nagconf] - } + service { nagios: + running => true, + subscribe => file[nagconf] } -- **tag**: - Add the specified tags to the associated element. While all elements - are automatically tagged with as much information as possible - (e.g., each class and component containing the element), it can - be useful to add your own tags to a given element. - - Tags are currently useful for things like applying a subset of a - host's configuration: - - puppetd --test --tag mytag + } + +#### tag +Add the specified tags to the associated element. While all elements +are automatically tagged with as much information as possible +(e.g., each class and component containing the element), it can +be useful to add your own tags to a given element. + +Tags are currently useful for things like applying a subset of a +host's configuration: - This way, when you're testing a configuration you can run just the - portion you're testing. + puppetd --test --tag mytag + +This way, when you're testing a configuration you can run just the +portion you're testing. + ## Types @@ -177,7 +235,7 @@ in your manifest, including defined components. ---------------- -## cron +<h2><a name='cron'>cron</a></h2> Installs and manages cron jobs. All fields except the command and the user are optional, although specifying no periodic fields would result in the command being executed every @@ -202,69 +260,82 @@ Example: ### Cron Parameters -- **command**: - The command to execute in the cron job. The environment - provided to the command varies by local system rules, and it is - best to always provide a fully qualified command. The user's - profile is not sourced when the command is run, so if the - user's environment is desired it should be sourced manually. - - All cron parameters support ``absent`` as a value; this will - remove any existing values for that field. -- **ensure**: - The basic state that the object should be in. Valid values are ``present``, ``absent``. -- **environment**: - Any environment settings associated with this cron job. They - will be stored between the header and the job in the crontab. There - can be no guarantees that other, earlier settings will not also - affect a given cron job. - - Also, Puppet cannot automatically determine whether an existing, - unmanaged environment setting is associated with a given cron - job. If you already have cron jobs with environment settings, - then Puppet will keep those settings in the same place in the file, - but will not associate them with a specific job. -- **hour**: - The hour at which to run the cron job. Optional; - if specified, must be between 0 and 23, inclusive. -- **minute**: - The minute at which to run the cron job. - Optional; if specified, must be between 0 and 59, inclusive. -- **month**: - The month of the year. Optional; if specified - must be between 1 and 12 or the month name (e.g., December). -- **monthday**: - The day of the month on which to run the - command. Optional; if specified, must be between 1 and 31. -- **name**: - The symbolic name of the cron job. This name - is used for human reference only and is generated automatically - for cron jobs found on the system. This generally won't - matter, as Puppet will do its best to match existing cron jobs - against specified jobs (and Puppet adds a comment to cron jobs it - adds), but it is at least possible that converting from - unmanaged jobs to managed jobs might require manual - intervention. - - The names can only have alphanumeric characters plus the '-' - character. -- **user**: - The user to run the command as. This user must - be allowed to run cron jobs, which is not currently checked by - Puppet. - - The user defaults to whomever Puppet is running as. -- **weekday**: - The weekday on which to run the command. - Optional; if specified, must be between 0 and 6, inclusive, with - 0 being Sunday, or must be the name of the day (e.g., Tuesday). +#### command +The command to execute in the cron job. The environment +provided to the command varies by local system rules, and it is +best to always provide a fully qualified command. The user's +profile is not sourced when the command is run, so if the +user's environment is desired it should be sourced manually. + +All cron parameters support ``absent`` as a value; this will +remove any existing values for that field. + +#### ensure +The basic state that the object should be in. Valid values are ``absent``, ``present``. + +#### environment +Any environment settings associated with this cron job. They +will be stored between the header and the job in the crontab. There +can be no guarantees that other, earlier settings will not also +affect a given cron job. + +Also, Puppet cannot automatically determine whether an existing, +unmanaged environment setting is associated with a given cron +job. If you already have cron jobs with environment settings, +then Puppet will keep those settings in the same place in the file, +but will not associate them with a specific job. + +#### hour +The hour at which to run the cron job. Optional; +if specified, must be between 0 and 23, inclusive. + +#### minute +The minute at which to run the cron job. +Optional; if specified, must be between 0 and 59, inclusive. + +#### month +The month of the year. Optional; if specified +must be between 1 and 12 or the month name (e.g., December). + +#### monthday +The day of the month on which to run the +command. Optional; if specified, must be between 1 and 31. + +#### name (*namevar*) +The symbolic name of the cron job. This name +is used for human reference only and is generated automatically +for cron jobs found on the system. This generally won't +matter, as Puppet will do its best to match existing cron jobs +against specified jobs (and Puppet adds a comment to cron jobs it +adds), but it is at least possible that converting from +unmanaged jobs to managed jobs might require manual +intervention. + +The names can only have alphanumeric characters plus the '-' +character. + +#### special +Special schedules only supported on FreeBSD. + +#### user +The user to run the command as. This user must +be allowed to run cron jobs, which is not currently checked by +Puppet. + +The user defaults to whomever Puppet is running as. + +#### weekday +The weekday on which to run the command. +Optional; if specified, must be between 0 and 6, inclusive, with +0 being Sunday, or must be the name of the day (e.g., Tuesday). + ---------------- -## exec +<h2><a name='exec'>exec</a></h2> Executes external commands. It is critical that all commands executed using this mechanism can be run multiple times without harm, i.e., they are *idempotent*. One useful way to create idempotent @@ -311,101 +382,112 @@ it is a Puppet bug if you need ``exec`` to do your work. ### Exec Parameters -- **command**: (*namevar*) - The actual command to execute. Must either be fully qualified - or a search path for the command must be provided. If the command - succeeds, any output produced will be logged at the instance's - normal log level (usually ``notice``), but if the command fails - (meaning its return code does not match the specified code) then - any output is logged at the ``err`` log level. -- **creates**: - A file that this command creates. If this - parameter is provided, then the command will only be run - if the specified file does not exist. - - exec { "tar xf /my/tar/file.tar": - cwd => "/var/tmp", - creates => "/var/tmp/myfile", - path => ["/usr/bin", "/usr/sbin"] - } - -- **cwd**: - The directory from which to run the command. If - this directory does not exist, the command will fail. -- **group**: - The group to run the command as. This seems to work quite - haphazardly on different platforms -- it is a platform issue - not a Ruby or Puppet one, since the same variety exists when - running commnands as different users in the shell. -- **logoutput**: - Whether to log output. Defaults to logging output at the - loglevel for the ``exec`` element. Values are **true**, *false*, - and any legal log level. Valid values are ``true``, ``false``, ``debug``, ``info``, ``notice``, ``warning``, ``err``, ``alert``, ``emerg``, ``crit``. -- **onlyif**: - If this parameter is set, then this ``exec`` will only run if - the command returns 0. For example: - - exec { "logrotate": - path => "/usr/bin:/usr/sbin:/bin", - onlyif => "test `du /var/log/messages | cut -f1` -gt 100000" - } - - This would run ``logrotate`` only if that test returned true. - - Note that this command follows the same rules as the main command, - which is to say that it must be fully qualified if the path is not set. -- **path**: - The search path used for command execution. - Commands must be fully qualified if no path is specified. Paths - can be specified as an array or as a colon-separated list. -- **refreshonly**: - The command should only be run as a - refresh mechanism for when a dependent object is changed. It only - makes sense to use this option when this command depends on some - other object; it is useful for triggering an action: - - # Pull down the main aliases file - file { "/etc/aliases": - source => "puppet://server/module/aliases" - } - - # Rebuild the database, but only when the file changes - exec { newaliases: - path => ["/usr/bin", "/usr/sbin"], - subscribe => file["/etc/aliases"], - refreshonly => true - } +#### command (*namevar*) +The actual command to execute. Must either be fully qualified +or a search path for the command must be provided. If the command +succeeds, any output produced will be logged at the instance's +normal log level (usually ``notice``), but if the command fails +(meaning its return code does not match the specified code) then +any output is logged at the ``err`` log level. + +#### creates +A file that this command creates. If this +parameter is provided, then the command will only be run +if the specified file does not exist. + + exec { "tar xf /my/tar/file.tar": + cwd => "/var/tmp", + creates => "/var/tmp/myfile", + path => ["/usr/bin", "/usr/sbin"] + } + + +#### cwd +The directory from which to run the command. If +this directory does not exist, the command will fail. + +#### group +The group to run the command as. This seems to work quite +haphazardly on different platforms -- it is a platform issue +not a Ruby or Puppet one, since the same variety exists when +running commnands as different users in the shell. + +#### logoutput +Whether to log output. Defaults to logging output at the +loglevel for the ``exec`` element. Values are **true**, *false*, +and any legal log level. Valid values are ``true``, ``false``, ``debug``, ``info``, ``notice``, ``warning``, ``err``, ``alert``, ``emerg``, ``crit``. + +#### onlyif +If this parameter is set, then this ``exec`` will only run if +the command returns 0. For example: - Note that only ``subscribe`` can trigger actions, not ``require``, - so it only makes sense to use ``refreshonly`` with ``subscribe``. Valid values are ``true``, ``false``. -- **returns**: - The expected return code. An error will be returned if the - executed command returns something else. Defaults to 0. -- **unless**: - If this parameter is set, then this ``exec`` will run unless - the command returns 0. For example: - - exec { "/bin/echo root >> /usr/lib/cron/cron.allow": - path => "/usr/bin:/usr/sbin:/bin", - unless => "grep root /usr/lib/cron/cron.allow 2>/dev/null" - } + exec { "logrotate": + path => "/usr/bin:/usr/sbin:/bin", + onlyif => "test `du /var/log/messages | cut -f1` -gt 100000" + } + +This would run ``logrotate`` only if that test returned true. + +Note that this command follows the same rules as the main command, +which is to say that it must be fully qualified if the path is not set. + +#### path +The search path used for command execution. +Commands must be fully qualified if no path is specified. Paths +can be specified as an array or as a colon-separated list. + +#### refreshonly +The command should only be run as a +refresh mechanism for when a dependent object is changed. It only +makes sense to use this option when this command depends on some +other object; it is useful for triggering an action: - This would add ``root`` to the cron.allow file (on Solaris) unless - ``grep`` determines it's already there. + # Pull down the main aliases file + file { "/etc/aliases": + source => "puppet://server/module/aliases" + } + + # Rebuild the database, but only when the file changes + exec { newaliases: + path => ["/usr/bin", "/usr/sbin"], + subscribe => file["/etc/aliases"], + refreshonly => true + } + +Note that only ``subscribe`` can trigger actions, not ``require``, +so it only makes sense to use ``refreshonly`` with ``subscribe``. Valid values are ``true``, ``false``. + +#### returns +The expected return code. An error will be returned if the +executed command returns something else. Defaults to 0. + +#### unless +If this parameter is set, then this ``exec`` will run unless +the command returns 0. For example: - Note that this command follows the same rules as the main command, - which is to say that it must be fully qualified if the path is not set. -- **user**: - The user to run the command as. Note that if you - use this then any error output is not currently captured. This - is because of a bug within Ruby. + exec { "/bin/echo root >> /usr/lib/cron/cron.allow": + path => "/usr/bin:/usr/sbin:/bin", + unless => "grep root /usr/lib/cron/cron.allow 2>/dev/null" + } + +This would add ``root`` to the cron.allow file (on Solaris) unless +``grep`` determines it's already there. + +Note that this command follows the same rules as the main command, +which is to say that it must be fully qualified if the path is not set. + +#### user +The user to run the command as. Note that if you +use this then any error output is not currently captured. This +is because of a bug within Ruby. + ---------------- -## file +<h2><a name='file'>file</a></h2> Manages local files, including setting ownership and permissions, creation of both files and directories, and retrieving entire files from remote servers. As Puppet matures, it @@ -419,156 +501,171 @@ native element to support what you are doing. ### File Parameters -- **backup**: - Whether files should be backed up before - being replaced. If a filebucket is specified, files will be - backed up there; else, they will be backed up in the same directory - with a ``.puppet-bak`` extension,, and no backups - will be made if backup is ``false``. - - To use filebuckets, you must first create a filebucket in your - configuration: - - filebucket { main: - server => puppet - } - - The ``puppetmasterd`` daemon creates a filebucket by default, - so you can usually back up to your main server with this - configuration. Once you've described the bucket in your - configuration, you can use it in any file: - - file { "/my/file": - source => "/path/in/nfs/or/something", - backup => main - } - - This will back the file up to the central server. - - At this point, the only benefits to doing so are that you do not - have backup files lying around on each of your machines, a given - version of a file is only backed up once, and you can restore - any given file manually, no matter how old. Eventually, - transactional support will be able to automatically restore - filebucketed files. -- **checksum**: - How to check whether a file has changed. **md5**/*lite-md5*/ - *time*/*mtime* Valid values are ``timestamp``, ``md5``, ``mtime``, ``nosum``, ``time``, ``md5lite``. Values can also match ``(?-mix:^\{md5|md5lite|timestamp|mtime|time\})``. -- **content**: - Specify the contents of a file as a string. Newlines, tabs, and spaces - can be specified using the escaped syntax (e.g., \n for a newline). The - primary purpose of this parameter is to provide a kind of limited - templating: - - define resolve(nameserver1, nameserver2, domain, search) { - $str = "search $search - domain $domain - nameserver $nameserver1 - nameserver $nameserver2 - " - - file { "/etc/resolv.conf": - content => $str - } - } - - Yes, it's very primitive, and it's useless for larger files, but it - is mostly meant as a stopgap measure for simple cases. -- **ensure**: - Whether to create files that don't currently exist. - Possible values are *absent*, *present* (equivalent to *file*), - *file*, and *directory*. Specifying 'absent' will delete the file, - although currently this will not recursively delete directories. - - Anything other than those values will be considered to be a symlink. - For instance, the following text creates a link: - - # Useful on solaris - file { "/etc/inetd.conf": - ensure => "/etc/inet/inetd.conf" - } - - You can make relative links: - - # Useful on solaris - file { "/etc/inetd.conf": - ensure => "inet/inetd.conf" +#### backup +Whether files should be backed up before +being replaced. If a filebucket is specified, files will be +backed up there; else, they will be backed up in the same directory +with a ``.puppet-bak`` extension,, and no backups +will be made if backup is ``false``. + +To use filebuckets, you must first create a filebucket in your +configuration: + + filebucket { main: + server => puppet + } + +The ``puppetmasterd`` daemon creates a filebucket by default, +so you can usually back up to your main server with this +configuration. Once you've described the bucket in your +configuration, you can use it in any file: + + file { "/my/file": + source => "/path/in/nfs/or/something", + backup => main + } + +This will back the file up to the central server. + +At this point, the only benefits to doing so are that you do not +have backup files lying around on each of your machines, a given +version of a file is only backed up once, and you can restore +any given file manually, no matter how old. Eventually, +transactional support will be able to automatically restore +filebucketed files. + +#### checksum +How to check whether a file has changed. **md5**/*lite-md5*/ +*time*/*mtime* Valid values are ``timestamp``, ``md5lite``, ``md5``, ``mtime``, ``nosum``, ``time``. Values can also match ``(?-mix:^\{md5|md5lite|timestamp|mtime|time\})``. + +#### content +Specify the contents of a file as a string. Newlines, tabs, and spaces +can be specified using the escaped syntax (e.g., \n for a newline). The +primary purpose of this parameter is to provide a kind of limited +templating: + + define resolve(nameserver1, nameserver2, domain, search) { + $str = "search $search + domain $domain + nameserver $nameserver1 + nameserver $nameserver2 + " + + file { "/etc/resolv.conf": + content => $str } + } + +Yes, it's very primitive, and it's useless for larger files, but it +is mostly meant as a stopgap measure for simple cases. + +#### ensure +Whether to create files that don't currently exist. +Possible values are *absent*, *present* (equivalent to *file*), +*file*, and *directory*. Specifying 'absent' will delete the file, +although currently this will not recursively delete directories. + +Anything other than those values will be considered to be a symlink. +For instance, the following text creates a link: - If you need to make a relative link to a file named the same - as one of the valid values, you must prefix it with ``./`` or - something similar. - - You can also make recursive symlinks, which will create a - directory structure that maps to the target directory, - with directories corresponding to each directory - and links corresponding to each file. Valid values are ``directory``, ``absent`` (also called ``false``), ``link``, ``file`` (also called ``present``). Values can also match ``(?-mix:.)``. -- **group**: - Which group should own the file. Argument can be either group - name or group ID. -- **ignore**: - A parameter which omits action on files matching - specified patterns during recursion. Uses Ruby's builtin globbing - engine, so shell metacharacters are fully supported, e.g. ``[a-z]*``. - Matches that would descend into the directory structure are ignored, - e.g., ``*/*``. -- **linkmaker**: - An internal parameter used by the *symlink* - type to do recursive link creation. -- **links**: - How to handle links during file actions. During file copying, - ``follow`` will copy the target file instead of the link, ``manage`` - will copy the link itself, and ``ignore`` will just pass it by. - When not copying, ``manage`` and ``ignore`` behave equivalently - (because you cannot really ignore links entirely during local - recursion), and ``follow`` will manage the file to which the - link points. Valid values are ``follow``, ``manage``, ``ignore``. -- **mode**: - Mode the file should be. Currently relatively limited: - you must specify the exact mode the file should be. -- **owner**: - To whom the file should belong. Argument can be user name or - user ID. -- **path**: (*namevar*) - The path to the file to manage. Must be fully qualified. -- **recurse**: - Whether and how deeply to do recursive - management. Valid values are ``true``, ``false``, ``inf``. Values can also match ``(?-mix:^[0-9]+$)``. -- **source**: - Copy a file over the current file. Uses ``checksum`` to - determine when a file should be copied. Valid values are either - fully qualified paths to files, or URIs. Currently supported URI - types are *puppet* and *file*. - - This is one of the primary mechanisms for getting content into - applications that Puppet does not directly support and is very - useful for those configuration files that don't change much across - sytems. For instance: + # Useful on solaris + file { "/etc/inetd.conf": + ensure => "/etc/inet/inetd.conf" + } + +You can make relative links: - class sendmail { - file { "/etc/mail/sendmail.cf": - source => "puppet://server/module/sendmail.cf" - } + # Useful on solaris + file { "/etc/inetd.conf": + ensure => "inet/inetd.conf" + } + +If you need to make a relative link to a file named the same +as one of the valid values, you must prefix it with ``./`` or +something similar. + +You can also make recursive symlinks, which will create a +directory structure that maps to the target directory, +with directories corresponding to each directory +and links corresponding to each file. Valid values are ``link``, ``absent`` (also called ``false``), ``directory``, ``file`` (also called ``present``). Values can also match ``(?-mix:.)``. + +#### group +Which group should own the file. Argument can be either group +name or group ID. + +#### ignore +A parameter which omits action on files matching +specified patterns during recursion. Uses Ruby's builtin globbing +engine, so shell metacharacters are fully supported, e.g. ``[a-z]*``. +Matches that would descend into the directory structure are ignored, +e.g., ``*/*``. + +#### linkmaker +An internal parameter used by the *symlink* +type to do recursive link creation. + +#### links +How to handle links during file actions. During file copying, +``follow`` will copy the target file instead of the link, ``manage`` +will copy the link itself, and ``ignore`` will just pass it by. +When not copying, ``manage`` and ``ignore`` behave equivalently +(because you cannot really ignore links entirely during local +recursion), and ``follow`` will manage the file to which the +link points. Valid values are ``follow``, ``manage``, ``ignore``. + +#### mode +Mode the file should be. Currently relatively limited: +you must specify the exact mode the file should be. + +#### owner +To whom the file should belong. Argument can be user name or +user ID. + +#### path (*namevar*) +The path to the file to manage. Must be fully qualified. + +#### recurse +Whether and how deeply to do recursive +management. Valid values are ``true``, ``false``, ``inf``. Values can also match ``(?-mix:^[0-9]+$)``. + +#### source +Copy a file over the current file. Uses ``checksum`` to +determine when a file should be copied. Valid values are either +fully qualified paths to files, or URIs. Currently supported URI +types are *puppet* and *file*. + +This is one of the primary mechanisms for getting content into +applications that Puppet does not directly support and is very +useful for those configuration files that don't change much across +sytems. For instance: + + class sendmail { + file { "/etc/mail/sendmail.cf": + source => "puppet://server/module/sendmail.cf" } - - See the [fileserver docs][] for information on how to configure - and use file services within Puppet. - - - [fileserver docs]: fsconfigref.html - -- **target**: - The target for creating a link. Currently, symlinks are the - only type supported. Valid values are ``notlink``. Values can also match ``(?-mix:.)``. -- **type**: - A read-only state to check the file type. + } + +See the [fileserver docs][] for information on how to configure +and use file services within Puppet. + + +[fileserver docs]: fsconfigref.html + + +#### target +The target for creating a link. Currently, symlinks are the +only type supported. Valid values are ``notlink``. Values can also match ``(?-mix:.)``. + +#### type +A read-only state to check the file type. + ---------------- -## filebucket +<h2><a name='filebucket'>filebucket</a></h2> A repository for backing up files. If no filebucket is defined, then files will be backed up in their current directory, but the filebucket can be either a host- or site-global repository @@ -583,28 +680,45 @@ sum and retrieve the file with that sum from the filebucket), but when transactions are fully supported filebuckets will be used to undo transactions. +You will normally want to define a single filebucket for your +whole network and then use that as the default backup location: + + # Define the bucket + filebucket { main: server => puppet } + + # Specify it as the default target + File { backup => main } + +Puppetmaster servers create a filebucket by default, so this will +work in a default configuration. + + ### Filebucket Parameters -- **name**: - The name of the filebucket. -- **path**: - The path to the local filebucket. If this is - not specified, then the bucket is remote and *server* must be - specified. -- **port**: - The port on which the remote server is listening. - Defaults to the normal Puppet port, 8140. -- **server**: - The server providing the filebucket. If this is - not specified, then the bucket is local and *path* must be - specified. +#### name (*namevar*) +The name of the filebucket. + +#### path +The path to the local filebucket. If this is +not specified, then the bucket is remote and *server* must be +specified. + +#### port +The port on which the remote server is listening. +Defaults to the normal Puppet port, 8140. + +#### server +The server providing the filebucket. If this is +not specified, then the bucket is local and *path* must be +specified. + ---------------- -## group +<h2><a name='group'>group</a></h2> Manage groups. This type can only create groups. Group membership must be managed on individual users. This element type uses the prescribed native tools for creating groups and generally @@ -617,89 +731,105 @@ but if you desperately need it to be so, please contact us. ### Group Parameters -- **ensure**: - The basic state that the object should be in. Valid values are ``present``, ``absent``. -- **gid**: - The group ID. Must be specified numerically. If not - specified, a number will be picked, which can result in ID - differences across systems and thus is not recommended. The - GID is picked according to local system standards. -- **name**: - The group name. While naming limitations vary by - system, it is advisable to keep the name to the degenerate - limitations, which is a maximum of 8 characters beginning with - a letter. +#### ensure +The basic state that the object should be in. Valid values are ``absent``, ``present``. + +#### gid +The group ID. Must be specified numerically. If not +specified, a number will be picked, which can result in ID +differences across systems and thus is not recommended. The +GID is picked according to local system standards. + +#### name (*namevar*) +The group name. While naming limitations vary by +system, it is advisable to keep the name to the degenerate +limitations, which is a maximum of 8 characters beginning with +a letter. + ---------------- -## host +<h2><a name='host'>host</a></h2> Installs and manages host entries. For most systems, these entries will just be in /etc/hosts, but some systems (notably OS X) will have different solutions. ### Host Parameters -- **alias**: - Any alias the host might have. Multiple values must be - specified as an array. Note that this state has the same name - as one of the metaparams; using this state to set aliases will - make those aliases available in your Puppet scripts and also on - disk. -- **ensure**: - The basic state that the object should be in. Valid values are ``present``, ``absent``. -- **ip**: - The host's IP address. -- **name**: - The host name. +#### alias +Any alias the host might have. Multiple values must be +specified as an array. Note that this state has the same name +as one of the metaparams; using this state to set aliases will +make those aliases available in your Puppet scripts and also on +disk. + +#### ensure +The basic state that the object should be in. Valid values are ``absent``, ``present``. + +#### ip +The host's IP address. + +#### name (*namevar*) +The host name. + ---------------- -## mount +<h2><a name='mount'>mount</a></h2> Manages mounted mounts, including putting mount information into the mount table. ### Mount Parameters -- **atboot**: - Whether to mount the mount at boot. Not all platforms - support this. -- **blockdevice**: - The the device to fsck. This is state is only valid - on Solaris, and in most cases will default to the correct - value. -- **device**: - The device providing the mount. This can be whatever - device is supporting by the mount, including network - devices or devices specified by UUID rather than device - path, depending on the operating system. -- **dump**: - Whether to dump the mount. Not all platforms - support this. -- **ensure**: - Create, remove, or mount a filesystem mount. Valid values are ``present``, ``mounted``, ``absent``. -- **fstype**: - The mount type. Valid values depend on the - operating system. -- **options**: - Mount options for the mounts, as they would - appear in the fstab. -- **pass**: - The pass in which the mount is checked. -- **path**: (*namevar*) - The mount path for the mount. +#### atboot +Whether to mount the mount at boot. Not all platforms +support this. + +#### blockdevice +The the device to fsck. This is state is only valid +on Solaris, and in most cases will default to the correct +value. + +#### device +The device providing the mount. This can be whatever +device is supporting by the mount, including network +devices or devices specified by UUID rather than device +path, depending on the operating system. + +#### dump +Whether to dump the mount. Not all platforms +support this. + +#### ensure +Create, remove, or mount a filesystem mount. Valid values are ``absent``, ``mounted``, ``present``. + +#### fstype +The mount type. Valid values depend on the +operating system. + +#### options +Mount options for the mounts, as they would +appear in the fstab. + +#### pass +The pass in which the mount is checked. + +#### path (*namevar*) +The mount path for the mount. + ---------------- -## package +<h2><a name='package'>package</a></h2> Manage packages. There is a basic dichotomy in package support right now: Some package types (e.g., yum and apt) can retrieve their own package files, while others (e.g., rpm and @@ -714,120 +844,140 @@ want to use ``rpm`` then the ``rpm`` tools must be available. ### Package Parameters -- **adminfile**: - A file containing package defaults for installing packages. - This is currently only used on Solaris. The value will be - validated according to system rules, which in the case of - Solaris means that it should either be a fully qualified path - or it should be in /var/sadm/install/admin. -- **category**: - A read-only parameter set by the package. -- **description**: - A read-only parameter set by the package. -- **ensure**: - What state the package should be in. - *latest* only makes sense for those packaging formats that can - retrieve new packages on their own and will throw an error on - those that cannot. Valid values are ``latest``, ``present`` (also called ``installed``), ``absent``. -- **instance**: - A read-only parameter set by the package. -- **name**: - The package name. This is the name that the packaging - system uses internally, which is sometimes (especially on Solaris) - a name that is basically useless to humans. If you want to - abstract package installation, then you can use aliases to provide - a common name to packages: - - # In the 'openssl' class - $ssl = $operationgsystem ? { - solaris => SMCossl, - default => openssl - } - - # It is not an error to set an alias to the same value as the - # object name. - package { $ssl: - ensure => installed, - alias => openssl - } - - . etc. . - - $ssh = $operationgsystem ? { - solaris => SMCossh, - default => openssh - } - - # Use the alias to specify a dependency, rather than - # having another selector to figure it out again. - package { $ssh: - ensure => installed, - alias => openssh, - require => package[openssl] - } - -- **platform**: - A read-only parameter set by the package. -- **responsefile**: - A file containing any necessary answers to questions asked by - the package. This is currently only used on Solaris. The - value will be validated according to system rules, but it should - generally be a fully qualified path. -- **root**: - A read-only parameter set by the package. -- **source**: - From where to retrieve the package. -- **status**: - A read-only parameter set by the package. -- **type**: - The package format. You will seldom need to specify this -- - Puppet will discover the appropriate format for your platform. -- **vendor**: - A read-only parameter set by the package. -- **version**: - For some platforms this is a read-only parameter set by the - package, but for others, setting this parameter will cause - the package of that version to be installed. It just depends - on the features of the packaging system. +#### adminfile +A file containing package defaults for installing packages. +This is currently only used on Solaris. The value will be +validated according to system rules, which in the case of +Solaris means that it should either be a fully qualified path +or it should be in /var/sadm/install/admin. + +#### category +A read-only parameter set by the package. + +#### description +A read-only parameter set by the package. + +#### ensure +What state the package should be in. +*latest* only makes sense for those packaging formats that can +retrieve new packages on their own and will throw an error on +those that cannot. Valid values are ``latest``, ``absent``, ``present`` (also called ``installed``). + +#### instance +A read-only parameter set by the package. + +#### name (*namevar*) +The package name. This is the name that the packaging +system uses internally, which is sometimes (especially on Solaris) +a name that is basically useless to humans. If you want to +abstract package installation, then you can use aliases to provide +a common name to packages: + + # In the 'openssl' class + $ssl = $operationgsystem ? { + solaris => SMCossl, + default => openssl + } + + # It is not an error to set an alias to the same value as the + # object name. + package { $ssl: + ensure => installed, + alias => openssl + } + + . etc. . + + $ssh = $operationgsystem ? { + solaris => SMCossh, + default => openssh + } + + # Use the alias to specify a dependency, rather than + # having another selector to figure it out again. + package { $ssh: + ensure => installed, + alias => openssh, + require => package[openssl] + } + + +#### platform +A read-only parameter set by the package. + +#### responsefile +A file containing any necessary answers to questions asked by +the package. This is currently only used on Solaris. The +value will be validated according to system rules, but it should +generally be a fully qualified path. + +#### root +A read-only parameter set by the package. + +#### source +From where to retrieve the package. + +#### status +A read-only parameter set by the package. + +#### type +The package format. You will seldom need to specify this -- +Puppet will discover the appropriate format for your platform. + +#### vendor +A read-only parameter set by the package. + +#### version +For some platforms this is a read-only parameter set by the +package, but for others, setting this parameter will cause +the package of that version to be installed. It just depends +on the features of the packaging system. + ---------------- -## port +<h2><a name='port'>port</a></h2> Installs and manages port entries. For most systems, these entries will just be in /etc/services, but some systems (notably OS X) will have different solutions. ### Port Parameters -- **alias**: - Any aliases the port might have. Multiple values must be - specified as an array. Note that this state has the same name as - one of the metaparams; using this state to set aliases will make - those aliases available in your Puppet scripts and also on disk. -- **description**: - The port description. -- **ensure**: - The basic state that the object should be in. Valid values are ``present``, ``absent``. -- **name**: - The port name. -- **number**: - The port number. -- **protocols**: - The protocols the port uses. Valid values are *udp* and *tcp*. - Most services have both protocols, but not all. If you want - both protocols, you must specify that; Puppet replaces the - current values, it does not merge with them. If you specify - multiple protocols they must be as an array. +#### alias +Any aliases the port might have. Multiple values must be +specified as an array. Note that this state has the same name as +one of the metaparams; using this state to set aliases will make +those aliases available in your Puppet scripts and also on disk. + +#### description +The port description. + +#### ensure +The basic state that the object should be in. Valid values are ``absent``, ``present``. + +#### name (*namevar*) +The port name. + +#### number +The port number. + +#### protocols +The protocols the port uses. Valid values are *udp* and *tcp*. +Most services have both protocols, but not all. If you want +both protocols, you must specify that; Puppet replaces the +current values, it does not merge with them. If you specify +multiple protocols they must be as an array. + ---------------- -## schedule +<h2><a name='schedule'>schedule</a></h2> Defined schedules for Puppet. The important thing to understand about how schedules are currently implemented in Puppet is that they can only be used to stop an element from being applied, they never @@ -873,77 +1023,82 @@ This will cause elements to be applied every 30 minutes by default. ### Schedule Parameters -- **name**: - The name of the schedule. This name is used to retrieve the - schedule when assigning it to an object: - - schedule { daily: - period => daily, - range => [2, 4] - } - - exec { "/usr/bin/apt-get update": - schedule => daily - } - -- **period**: - The period of repetition for an element. Choose from among - a fixed list of *hourly*, *daily*, *weekly*, and *monthly*. - The default is for an element to get applied every time that - Puppet runs, whatever that period is. - - Note that the period defines how often a given element will get - applied but not when; if you would like to restrict the hours - that a given element can be applied (e.g., only at night during - a maintenance window) then use the ``range`` attribute. +#### name (*namevar*) +The name of the schedule. This name is used to retrieve the +schedule when assigning it to an object: - If the provided periods are not sufficient, you can provide a - value to the *repeat* attribute, which will cause Puppet to - schedule the affected elements evenly in the period the - specified number of times. Take this schedule: - - schedule { veryoften: - period => hourly, - repeat => 6 - } - - This can cause Puppet to apply that element up to every 10 minutes. - - At the moment, Puppet cannot guarantee that level of - repetition; that is, it can run up to every 10 minutes, but - internal factors might prevent it from actually running that - often (e.g., long-running Puppet runs will squash conflictingly - scheduled runs). - - See the ``periodmatch`` attribute for tuning whether to match - times by their distance apart or by their specific value. Valid values are ``hourly``, ``daily``, ``weekly``, ``monthly``. -- **periodmatch**: - Whether periods should be matched by number (e.g., the two times - are in the same hour) or by distance (e.g., the two times are - 60 minutes apart). *number*/**distance** Valid values are ``number``, ``distance``. -- **range**: - The earliest and latest that an element can be applied. This - is always a range within a 24 hour period, and hours must be - specified in numbers between 0 and 23, inclusive. Minutes and - seconds can be provided, using the normal colon as a separator. - For instance: - - schedule { maintenance: - range => "1:30 - 4:30" - } - - This is mostly useful for restricting certain elements to being - applied in maintenance windows or during off-peak hours. -- **repeat**: - How often the application gets repeated in a given period. - Defaults to 1. + schedule { daily: + period => daily, + range => [2, 4] + } + + exec { "/usr/bin/apt-get update": + schedule => daily + } + + +#### period +The period of repetition for an element. Choose from among +a fixed list of *hourly*, *daily*, *weekly*, and *monthly*. +The default is for an element to get applied every time that +Puppet runs, whatever that period is. + +Note that the period defines how often a given element will get +applied but not when; if you would like to restrict the hours +that a given element can be applied (e.g., only at night during +a maintenance window) then use the ``range`` attribute. + +If the provided periods are not sufficient, you can provide a +value to the *repeat* attribute, which will cause Puppet to +schedule the affected elements evenly in the period the +specified number of times. Take this schedule: + + schedule { veryoften: + period => hourly, + repeat => 6 + } + +This can cause Puppet to apply that element up to every 10 minutes. + +At the moment, Puppet cannot guarantee that level of +repetition; that is, it can run up to every 10 minutes, but +internal factors might prevent it from actually running that +often (e.g., long-running Puppet runs will squash conflictingly +scheduled runs). + +See the ``periodmatch`` attribute for tuning whether to match +times by their distance apart or by their specific value. Valid values are ``hourly``, ``daily``, ``weekly``, ``monthly``. + +#### periodmatch +Whether periods should be matched by number (e.g., the two times +are in the same hour) or by distance (e.g., the two times are +60 minutes apart). *number*/**distance** Valid values are ``number``, ``distance``. + +#### range +The earliest and latest that an element can be applied. This +is always a range within a 24 hour period, and hours must be +specified in numbers between 0 and 23, inclusive. Minutes and +seconds can be provided, using the normal colon as a separator. +For instance: + + schedule { maintenance: + range => "1:30 - 4:30" + } + +This is mostly useful for restricting certain elements to being +applied in maintenance windows or during off-peak hours. + +#### repeat +How often the application gets repeated in a given period. +Defaults to 1. + ---------------- -## service +<h2><a name='service'>service</a></h2> Manage running services. Service support unfortunately varies widely by platform -- some platforms have very little if any concept of a running service, and some have a very codified and @@ -956,207 +1111,235 @@ use a platform that has very good service support. ### Service Parameters -- **binary**: - The path to the daemon. This is only used for - systems that do not support init scripts. This binary will be - used to start the service if no ``start`` parameter is - provided. -- **enable**: - Whether a service should be enabled to start at boot. - This state behaves quite differently depending on the platform; - wherever possible, it relies on local tools to enable or disable - a given service. *true*/*false*/*runlevels* Valid values are ``true``, ``false``. -- **ensure**: - Whether a service should be running. **true**/*false* Valid values are ``running`` (also called ``true``), ``stopped`` (also called ``false``). -- **hasstatus**: - Declare the the service's init script has a - functional status command. Based on testing, it was found - that a large number of init scripts on different platforms do - not support any kind of status command; thus, you must specify - manually whether the service you are running has such a - command (or you can specify a specific command using the - ``status`` parameter). - - If you do not specify anything, then the service name will be - looked for in the process table. -- **name**: - The name of the service to run. This name - is used to find the service in whatever service subsystem it - is in. -- **path**: - The search path for finding init scripts. -- **pattern**: - The pattern to search for in the process table. - This is used for stopping services on platforms that do not - support init scripts, and is also used for determining service - status on those service whose init scripts do not include a status - command. - - If this is left unspecified and is needed to check the status - of a service, then the service name will be used instead. - - The pattern can be a simple string or any legal Ruby pattern. -- **restart**: - Specify a *restart* command manually. If left - unspecified, the service will be stopped and then started. -- **running**: - A place-holder parameter that wraps ``ensure``, because - ``running`` is deprecated. You should use ``ensure`` instead - of this, but using this will still work, albeit with a - warning. -- **start**: - Specify a *start* command manually. Most service subsystems - support a ``start`` command, so this will not need to be - specified. -- **status**: - Specify a *status* command manually. If left - unspecified, the status method will be determined - automatically, usually by looking for the service in the - process table. -- **stop**: - Specify a *stop* command manually. -- **type**: - The service type. For most platforms, it does not make - sense to set this parameter, as the default is based on - the builtin service facilities. The service types available are: - - * **base**: You must specify everything. - * **init**: Assumes ``start`` and ``stop`` commands exist, but you - must specify everything else. - * **debian**: Debian's own specific version of ``init``. - * **smf**: Solaris 10's new Service Management Facility. - Valid values are ``base``, ``init``, ``debian``, ``redhat``, ``smf``. +#### binary +The path to the daemon. This is only used for +systems that do not support init scripts. This binary will be +used to start the service if no ``start`` parameter is +provided. + +#### enable +Whether a service should be enabled to start at boot. +This state behaves quite differently depending on the platform; +wherever possible, it relies on local tools to enable or disable +a given service. *true*/*false*/*runlevels* Valid values are ``true``, ``false``. + +#### ensure +Whether a service should be running. **true**/*false* Valid values are ``running`` (also called ``true``), ``stopped`` (also called ``false``). + +#### hasstatus +Declare the the service's init script has a +functional status command. Based on testing, it was found +that a large number of init scripts on different platforms do +not support any kind of status command; thus, you must specify +manually whether the service you are running has such a +command (or you can specify a specific command using the +``status`` parameter). + +If you do not specify anything, then the service name will be +looked for in the process table. + +#### name (*namevar*) +The name of the service to run. This name +is used to find the service in whatever service subsystem it +is in. + +#### path +The search path for finding init scripts. + +#### pattern +The pattern to search for in the process table. +This is used for stopping services on platforms that do not +support init scripts, and is also used for determining service +status on those service whose init scripts do not include a status +command. + +If this is left unspecified and is needed to check the status +of a service, then the service name will be used instead. + +The pattern can be a simple string or any legal Ruby pattern. + +#### restart +Specify a *restart* command manually. If left +unspecified, the service will be stopped and then started. + +#### running +A place-holder parameter that wraps ``ensure``, because +``running`` is deprecated. You should use ``ensure`` instead +of this, but using this will still work, albeit with a +warning. + +#### start +Specify a *start* command manually. Most service subsystems +support a ``start`` command, so this will not need to be +specified. + +#### status +Specify a *status* command manually. If left +unspecified, the status method will be determined +automatically, usually by looking for the service in the +process table. + +#### stop +Specify a *stop* command manually. + +#### type +The service type. For most platforms, it does not make +sense to set this parameter, as the default is based on +the builtin service facilities. The service types available are: + +* **base**: You must specify everything. +* **init**: Assumes ``start`` and ``stop`` commands exist, but you + must specify everything else. +* **debian**: Debian's own specific version of ``init``. +* **smf**: Solaris 10's new Service Management Facility. + Valid values are ``base``, ``init``, ``debian``, ``redhat``, ``smf``. + ---------------- -## sshkey +<h2><a name='sshkey'>sshkey</a></h2> Installs and manages ssh host keys. At this point, this type only knows how to install keys into /etc/ssh/ssh_known_hosts, and it cannot manage user authorized keys yet. ### Sshkey Parameters -- **alias**: - Any alias the host might have. Multiple values must be - specified as an array. Note that this state has the same name - as one of the metaparams; using this state to set aliases will - make those aliases available in your Puppet scripts. -- **ensure**: - The basic state that the object should be in. Valid values are ``present``, ``absent``. -- **key**: - The key itself; generally a long string of hex digits. -- **name**: - The host name. -- **type**: - The encryption type used. Probably ssh-dss or ssh-rsa. +#### alias +Any alias the host might have. Multiple values must be +specified as an array. Note that this state has the same name +as one of the metaparams; using this state to set aliases will +make those aliases available in your Puppet scripts. + +#### ensure +The basic state that the object should be in. Valid values are ``absent``, ``present``. + +#### key +The key itself; generally a long string of hex digits. + +#### name (*namevar*) +The host name. + +#### type +The encryption type used. Probably ssh-dss or ssh-rsa. + ---------------- -## symlink +<h2><a name='symlink'>symlink</a></h2> Create symbolic links to existing files. **This type is deprecated; use file instead.** ### Symlink Parameters -- **ensure**: - Create a link to another file. Currently only symlinks - are supported, and attempts to replace normal files with - links will currently fail, while existing but incorrect symlinks - will be removed. -- **path**: (*namevar*) - The path to the file to manage. Must be fully qualified. -- **recurse**: - If target is a directory, recursively create - directories (using `file`'s `source` parameter) and link all - contained files. For instance: - - # The Solaris Blastwave repository installs everything - # in /opt/csw; link it into /usr/local - symlink { "/usr/local": - ensure => "/opt/csw", - recurse => true - } - - - Note that this does not link directories -- any directories - are created in the destination, and any files are linked over. +#### ensure +Create a link to another file. Currently only symlinks +are supported, and attempts to replace normal files with +links will currently fail, while existing but incorrect symlinks +will be removed. + +#### path (*namevar*) +The path to the file to manage. Must be fully qualified. + +#### recurse +If target is a directory, recursively create +directories (using `file`'s `source` parameter) and link all +contained files. For instance: + + # The Solaris Blastwave repository installs everything + # in /opt/csw; link it into /usr/local + symlink { "/usr/local": + ensure => "/opt/csw", + recurse => true + } + + +Note that this does not link directories -- any directories +are created in the destination, and any files are linked over. + ---------------- -## tidy +<h2><a name='tidy'>tidy</a></h2> Remove unwanted files based on specific criteria. ### Tidy Parameters -- **age**: - Tidy files whose age is equal to or greater than - the specified number of days. -- **backup**: - Whether files should be backed up before - being replaced. If a filebucket is specified, files will be - backed up there; else, they will be backed up in the same directory - with a ``.puppet-bak`` extension,, and no backups - will be made if backup is ``false``. - - To use filebuckets, you must first create a filebucket in your - configuration: - - filebucket { main: - server => puppet - } - - The ``puppetmasterd`` daemon creates a filebucket by default, - so you can usually back up to your main server with this - configuration. Once you've described the bucket in your - configuration, you can use it in any file: - - file { "/my/file": - source => "/path/in/nfs/or/something", - backup => main - } - - This will back the file up to the central server. - - At this point, the only benefits to doing so are that you do not - have backup files lying around on each of your machines, a given - version of a file is only backed up once, and you can restore - any given file manually, no matter how old. Eventually, - transactional support will be able to automatically restore - filebucketed files. -- **path**: (*namevar*) - The path to the file or directory to manage. Must be fully - qualified. -- **recurse**: - If target is a directory, recursively descend - into the directory looking for files to tidy. -- **rmdirs**: - Tidy directories in addition to files; that is, remove - directories whose age is older than the specified criteria. -- **size**: - Tidy files whose size is equal to or greater than - the specified size. Unqualified values are in kilobytes, but - *b*, *k*, and *m* can be appended to specify *bytes*, *kilobytes*, - and *megabytes*, respectively. Only the first character is - significant, so the full word can also be used. -- **type**: - Set the mechanism for determining age. - **atime**/*mtime*/*ctime*. +#### age +Tidy files whose age is equal to or greater than +the specified number of days. + +#### backup +Whether files should be backed up before +being replaced. If a filebucket is specified, files will be +backed up there; else, they will be backed up in the same directory +with a ``.puppet-bak`` extension,, and no backups +will be made if backup is ``false``. + +To use filebuckets, you must first create a filebucket in your +configuration: + + filebucket { main: + server => puppet + } + +The ``puppetmasterd`` daemon creates a filebucket by default, +so you can usually back up to your main server with this +configuration. Once you've described the bucket in your +configuration, you can use it in any file: + + file { "/my/file": + source => "/path/in/nfs/or/something", + backup => main + } + +This will back the file up to the central server. + +At this point, the only benefits to doing so are that you do not +have backup files lying around on each of your machines, a given +version of a file is only backed up once, and you can restore +any given file manually, no matter how old. Eventually, +transactional support will be able to automatically restore +filebucketed files. + +#### path (*namevar*) +The path to the file or directory to manage. Must be fully +qualified. + +#### recurse +If target is a directory, recursively descend +into the directory looking for files to tidy. + +#### rmdirs +Tidy directories in addition to files; that is, remove +directories whose age is older than the specified criteria. + +#### size +Tidy files whose size is equal to or greater than +the specified size. Unqualified values are in kilobytes, but +*b*, *k*, and *m* can be appended to specify *bytes*, *kilobytes*, +and *megabytes*, respectively. Only the first character is +significant, so the full word can also be used. + +#### type +Set the mechanism for determining age. +**atime**/*mtime*/*ctime*. + ---------------- -## user +<h2><a name='user'>user</a></h2> Manage users. Currently can create and modify users, but cannot delete them. Theoretically all of the parameters are optional, but if no parameters are specified the comment will @@ -1173,41 +1356,50 @@ but if you desperately need it to be so, please contact us. ### User Parameters -- **comment**: - A description of the user. Generally is a user's full name. -- **ensure**: - The basic state that the object should be in. Valid values are ``present``, ``absent``. -- **gid**: - The user's primary group. Can be specified numerically or - by name. -- **groups**: - The groups of which the user is a member. The primary - group should not be listed. Multiple groups should be - specified as an array. -- **home**: - The home directory of the user. The directory must be created - separately and is not currently checked for existence. -- **membership**: - Whether specified groups should be treated as the only groups - of which the user is a member or whether they should merely - be treated as the minimum membership list. Valid values are ``inclusive``, ``minimum``. -- **name**: - User name. While limitations are determined for - each operating system, it is generally a good idea to keep to - the degenerate 8 characters, beginning with a letter. -- **shell**: - The user's login shell. The shell must exist and be - executable. -- **uid**: - The user ID. Must be specified numerically. For new users - being created, if no user ID is specified then one will be - chosen automatically, which will likely result in the same user - having different IDs on different systems, which is not - recommended. +#### comment +A description of the user. Generally is a user's full name. + +#### ensure +The basic state that the object should be in. Valid values are ``absent``, ``present``. + +#### gid +The user's primary group. Can be specified numerically or +by name. + +#### groups +The groups of which the user is a member. The primary +group should not be listed. Multiple groups should be +specified as an array. + +#### home +The home directory of the user. The directory must be created +separately and is not currently checked for existence. + +#### membership +Whether specified groups should be treated as the only groups +of which the user is a member or whether they should merely +be treated as the minimum membership list. Valid values are ``inclusive``, ``minimum``. + +#### name (*namevar*) +User name. While limitations are determined for +each operating system, it is generally a good idea to keep to +the degenerate 8 characters, beginning with a letter. + +#### shell +The user's login shell. The shell must exist and be +executable. + +#### uid +The user ID. Must be specified numerically. For new users +being created, if no user ID is specified then one will be +chosen automatically, which will likely result in the same user +having different IDs on different systems, which is not +recommended. + ---------------- -*This page autogenerated on Mon Jun 19 11:58:10 PDT 2006* +*This page autogenerated on Wed Jul 05 23:37:01 CDT 2006* |