diff options
author | James Turnbull <james@lovedthanlost.net> | 2009-03-21 02:27:00 +1100 |
---|---|---|
committer | James Turnbull <james@lovedthanlost.net> | 2009-03-21 02:27:00 +1100 |
commit | 3e0a9cda8c6f3866c85fd20dd56a6bafcc0e0db7 (patch) | |
tree | c3de5be042f18937419e82512f0a0e11108146f5 /sbin | |
parent | 6ddebf4d6f5f1537987cdc15a32f439149d73ce6 (diff) | |
download | puppet-3e0a9cda8c6f3866c85fd20dd56a6bafcc0e0db7.tar.gz puppet-3e0a9cda8c6f3866c85fd20dd56a6bafcc0e0db7.tar.xz puppet-3e0a9cda8c6f3866c85fd20dd56a6bafcc0e0db7.zip |
Moved of puppetd, puppetca, puppetmasterd, puppetrun binary from bin to sbin
Diffstat (limited to 'sbin')
-rwxr-xr-x | sbin/puppetca | 100 | ||||
-rwxr-xr-x | sbin/puppetd | 159 | ||||
-rwxr-xr-x | sbin/puppetmasterd | 66 | ||||
-rwxr-xr-x | sbin/puppetrun | 130 |
4 files changed, 455 insertions, 0 deletions
diff --git a/sbin/puppetca b/sbin/puppetca new file mode 100755 index 000000000..771e31b71 --- /dev/null +++ b/sbin/puppetca @@ -0,0 +1,100 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# Stand-alone certificate authority. Capable of generating certificates +# but mostly meant for signing certificate requests from puppet clients. +# +# = Usage +# +# puppetca [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] +# [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke] +# [-p|--print] [-c|--clean] [--verify] [host] +# +# = Description +# +# Because the puppetmasterd daemon defaults to not signing client certificate +# requests, this script is available for signing outstanding requests. It +# can be used to list outstanding requests and then either sign them individually +# or sign all of them. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'ssldir' is a valid configuration +# parameter, so you can specify '--ssldir <directory>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/projects/puppet/reference/configref.html for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppetca with +# '--genconfig'. +# +# all:: +# Operate on all items. Currently only makes sense with '--sign', +# '--clean', or '--list'. +# +# clean:: +# Remove all files related to a host from puppetca's storage. This is +# useful when rebuilding hosts, since new certificate signing requests +# will only be honored if puppetca does not have a copy of a signed +# certificate for that host. The certificate of the host remains valid. +# If '--all' is specified then all host certificates, both signed and +# unsigned, will be removed. +# +# debug:: +# Enable full debugging. +# +# generate:: +# Generate a certificate for a named client. A certificate/keypair will be +# generated for each client named on the command line. +# +# help:: +# Print this help message +# +# list:: +# List outstanding certificate requests. If '--all' is specified, +# signed certificates are also listed, prefixed by '+'. +# +# print:: +# Print the full-text version of a host's certificate. +# +# revoke:: +# Revoke the certificate of a client. The certificate can be specified +# either by its serial number, given as a decimal number or a hexadecimal +# number prefixed by '0x', or by its hostname. The certificate is revoked +# by adding it to the Certificate Revocation List given by the 'cacrl' +# config parameter. Note that the puppetmasterd needs to be restarted +# after revoking certificates. +# +# sign:: +# Sign an outstanding certificate request. Unless '--all' is specified, +# hosts must be listed after all flags. +# +# verbose:: +# Enable verbosity. +# +# version:: +# Print the puppet version number and exit. +# +# verify:: +# Verify the named certificate against the local CA certificate. +# +# = Example +# +# $ puppetca -l +# culain.madstop.com +# $ puppetca -s culain.madstop.com +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005 Reductive Labs, LLC +# Licensed under the GNU Public License + +require 'puppet/application/puppetca' +Puppet::Application[:puppetca].run
\ No newline at end of file diff --git a/sbin/puppetd b/sbin/puppetd new file mode 100755 index 000000000..c4c106c6d --- /dev/null +++ b/sbin/puppetd @@ -0,0 +1,159 @@ +#!/usr/bin/env ruby +# == Synopsis +# +# Retrieve the client configuration from the central puppet server and apply +# it to the local host. +# +# Currently must be run out periodically, using cron or something similar. +# +# = Usage +# +# puppetd [-D|--daemonize|--no-daemonize] [-d|--debug] [--disable] [--enable] +# [-h|--help] [--fqdn <host name>] [-l|--logdest syslog|<file>|console] +# [-o|--onetime] [--serve <handler>] [-t|--test] [--noop] +# [-V|--version] [-v|--verbose] [-w|--waitforcert <seconds>] +# +# = Description +# +# This is the main puppet client. Its job is to retrieve the local machine's +# configuration from a remote server and apply it. In order to successfully +# communicate with the remote server, the client must have a certificate signed +# by a certificate authority that the server trusts; the recommended method +# for this, at the moment, is to run a certificate authority as part of the +# puppet server (which is the default). The client will connect and request +# a signed certificate, and will continue connecting until it receives one. +# +# Once the client has a signed certificate, it will retrieve its configuration +# and apply it. +# +# = Usage Notes +# +# +puppetd+ does its best to find a compromise between interactive use and +# daemon use. Run with no arguments and no configuration, it will go into the +# backgroun, attempt to get a signed certificate, and retrieve and apply its +# configuration every 30 minutes. +# +# Some flags are meant specifically for interactive use -- in particular, +# +test+ and +tags+ are useful. +test+ enables verbose logging, causes +# the daemon to stay in the foreground, exits if the server's configuration is +# invalid (this happens if, for instance, you've left a syntax error on the +# server), and exits after running the configuration once (rather than hanging +# around as a long-running process). +# +# +tags+ allows you to specify what portions of a configuration you want to apply. +# Puppet elements are tagged with all of the class or definition names that +# contain them, and you can use the +tags+ flag to specify one of these names, +# causing only configuration elements contained within that class or definition +# to be applied. This is very useful when you are testing new configurations -- +# for instance, if you are just starting to manage +ntpd+, you would put all of +# the new elements into an +ntpd+ class, and call puppet with +--tags ntpd+, +# which would only apply that small portion of the configuration during your +# testing, rather than applying the whole thing. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'server' is a valid configuration +# parameter, so you can specify '--server <servername>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppetd with +# '--genconfig'. +# +# daemonize:: +# Send the process into the background. This is the default. +# +# no-daemonize:: +# Do not send the process into the background. +# +# debug:: +# Enable full debugging. +# +# disable:: +# Disable working on the local system. This puts a lock file in place, +# causing +puppetd+ not to work on the system until the lock file is removed. +# This is useful if you are testing a configuration and do not want the central +# configuration to override the local state until everything is tested and +# committed. +# +# +puppetd+ uses the same lock file while it is running, so no more than one +# +puppetd+ process is working at a time. +# +# +puppetd+ exits after executing this. +# +# enable:: +# Enable working on the local system. This removes any lock file, causing +# +puppetd+ to start managing the local system again (although it will continue +# to use its normal scheduling, so it might not start for another half hour). +# +# +puppetd+ exits after executing this. +# +# fqdn:: +# Set the fully-qualified domain name of the client. This is only used for +# certificate purposes, but can be used to override the discovered hostname. +# If you need to use this flag, it is generally an indication of a setup problem. +# +# help:: +# Print this help message +# +# logdest:: +# Where to send messages. Choose between syslog, the console, and a log file. +# Defaults to sending messages to syslog, or the console if debugging or +# verbosity is enabled. +# +# no-client:: +# Do not create a config client. This will cause the daemon to run +# without ever checking for its configuration automatically, and only +# makes sense when used in conjunction with --listen. +# +# onetime:: +# Run the configuration once, rather than as a long-running daemon. This is +# useful for interactively running puppetd. +# +# serve:: +# Start another type of server. By default, +puppetd+ will start +# a service handler that allows authenticated and authorized remote nodes to +# trigger the configuration to be pulled down and applied. You can specify +# any handler here that does not require configuration, e.g., filebucket, ca, +# or resource. The handlers are in +lib/puppet/network/handler+, and the names +# must match exactly, both in the call to +serve+ and in +namespaceauth.conf+. +# +# test:: +# Enable the most common options used for testing. These are +onetime+, +# +verbose+, +ignorecache, and +no-usecacheonfailure+. +# +# noop:: +# Use +noop+ mode where the daemon runs in a no-op or dry-run mode. This is useful +# for seeing what changes Puppet will make without actually executing the changes. +# +# verbose:: +# Turn on verbose reporting. +# +# version:: +# Print the puppet version number and exit. +# +# waitforcert:: +# This option only matters for daemons that do not yet have certificates +# and it is enabled by default, with a value of 120 (seconds). This causes +# +puppetd+ to connect to the server every 2 minutes and ask it to sign a +# certificate request. This is useful for the initial setup of a puppet +# client. You can turn off waiting for certificates by specifying a time +# of 0. +# +# = Example +# +# puppetd --server puppet.domain.com +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005, 2006 Reductive Labs, LLC +# Licensed under the GNU Public License + +require 'puppet/application/puppetd' +Puppet::Application[:puppetd].run diff --git a/sbin/puppetmasterd b/sbin/puppetmasterd new file mode 100755 index 000000000..9f12f678c --- /dev/null +++ b/sbin/puppetmasterd @@ -0,0 +1,66 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# The central puppet server. Functions as a certificate authority by default. +# +# = Usage +# +# puppetmasterd [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help] +# [-l|--logdest <file>|console|syslog] [-v|--verbose] [-V|--version] +# +# = Description +# +# This is the puppet central daemon. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'ssldir' is a valid configuration +# parameter, so you can specify '--ssldir <directory>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppetmasterdd with +# '--genconfig'. +# +# daemonize:: +# Send the process into the background. This is the default. +# +# no-daemonize:: +# Do not send the process into the background. +# +# debug:: +# Enable full debugging. +# +# help:: +# Print this help message. +# +# logdest:: +# Where to send messages. Choose between syslog, the console, and a log file. +# Defaults to sending messages to syslog, or the console +# if debugging or verbosity is enabled. +# +# verbose:: +# Enable verbosity. +# +# version:: +# Print the puppet version number and exit. +# +# = Example +# +# puppetmasterd +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005 Reductive Labs, LLC +# Licensed under the GNU Public License + +require 'puppet/application/puppetmasterd' +Puppet::Application[:puppetmasterd].run diff --git a/sbin/puppetrun b/sbin/puppetrun new file mode 100755 index 000000000..da4f24a98 --- /dev/null +++ b/sbin/puppetrun @@ -0,0 +1,130 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# Trigger a puppetd run on a set of hosts. +# +# = Usage +# +# puppetrun [-a|--all] [-c|--class <class>] [-d|--debug] [-f|--foreground] +# [-h|--help] [--host <host>] [--no-fqdn] [--ignoreschedules] +# [-t|--tag <tag>] [--test] [-p|--ping] +# +# = Description +# +# This script can be used to connect to a set of machines running +puppetd+ +# and trigger them to run their configurations. The most common usage would +# be to specify a class of hosts and a set of tags, and +puppetrun+ would +# look up in LDAP all of the hosts matching that class, then connect to +# each host and trigger a run of all of the objects with the specified tags. +# +# If you are not storing your host configurations in LDAP, you can specify +# hosts manually. +# +# You will most likely have to run +puppetrun+ as root to get access to +# the SSL certificates. +# +# +puppetrun+ reads +puppetmaster+'s configuration file, so that it can copy +# things like LDAP settings. +# +# = Usage Notes +# +# +puppetrun+ is useless unless +puppetd+ is listening. See its documentation +# for more information, but the gist is that you must enable +listen+ on the +# +puppetd+ daemon, either using +--listen+ on the command line or adding +# 'listen: true' in its config file. In addition, you need to set the daemons +# up to specifically allow connections by creating the +namespaceauth+ file, +# normally at '/etc/puppet/namespaceauth.conf'. This file specifies who has +# access to each namespace; if you create the file you must add every namespace +# you want any Puppet daemon to allow -- it is currently global to all Puppet +# daemons. +# +# An example file looks like this:: +# +# [fileserver] +# allow *.madstop.com +# +# [puppetmaster] +# allow *.madstop.com +# +# [puppetrunner] +# allow culain.madstop.com +# +# This is what you would install on your Puppet master; non-master hosts could +# leave off the 'fileserver' and 'puppetmaster' namespaces. +# +# Expect more documentation on this eventually. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'ssldir' is a valid configuration +# parameter, so you can specify '--ssldir <directory>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/projects/puppet/reference/configref.html for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppetmasterdd with +# '--genconfig'. +# +# +# all:: +# Connect to all available hosts. Requires LDAP support at this point. +# +# class:: +# Specify a class of machines to which to connect. This only works if you +# have LDAP configured, at the moment. +# +# debug:: +# Enable full debugging. +# +# foreground:: +# Run each configuration in the foreground; that is, when connecting to a host, +# do not return until the host has finished its run. The default is false. +# +# help:: +# Print this help message +# +# host:: +# A specific host to which to connect. This flag can be specified more +# than once. +# +# ignoreschedules:: +# Whether the client should ignore schedules when running its configuration. +# This can be used to force the client to perform work it would not normally +# perform so soon. The default is false. +# +# parallel:: +# How parallel to make the connections. Parallelization is provided by forking +# for each client to which to connect. The default is 1, meaning serial execution. +# +# tag:: +# Specify a tag for selecting the objects to apply. Does not work with the +# --test option. +# +# +# test:: +# Print the hosts you would connect to but do not actually connect. This +# option requires LDAP support at this point. +# +# ping:: +# +# Do a ICMP echo against the target host. Skip hosts that don't respond to ping. +# +# = Example +# +# sudo puppetrun -p 10 --host host1 --host host2 -t remotefile -t webserver +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005 Reductive Labs, LLC +# Licensed under the GNU Public License + +require 'puppet/application/puppetrun' +Puppet::Application[:puppetrun].run + |