Moved of puppetd, puppetca, puppetmasterd, puppetrun binary from bin to sbin

4 files changed, 455 insertions, 0 deletions

diff --git a/sbin/puppetca b/sbin/puppetca
new file mode 100755
index 000000000..771e31b71
--- /dev/null
+++ b/sbin/puppetca
@@ -0,0 +1,100 @@
+#!/usr/bin/env ruby
+
+#
+# = Synopsis
+#
+# Stand-alone certificate authority.  Capable of generating certificates
+# but mostly meant for signing certificate requests from puppet clients.
+#
+# = Usage
+#
+#   puppetca [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
+#               [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke]
+#               [-p|--print] [-c|--clean] [--verify] [host]
+#
+# = Description
+#
+# Because the puppetmasterd daemon defaults to not signing client certificate
+# requests, this script is available for signing outstanding requests.  It
+# can be used to list outstanding requests and then either sign them individually
+# or sign all of them.
+#
+# = Options
+#
+# Note that any configuration parameter that's valid in the configuration file
+# is also a valid long argument.  For example, 'ssldir' is a valid configuration
+# parameter, so you can specify '--ssldir <directory>' as an argument.
+#
+# See the configuration file documentation at
+# http://reductivelabs.com/projects/puppet/reference/configref.html for
+# the full list of acceptable parameters. A commented list of all
+# configuration options can also be generated by running puppetca with
+# '--genconfig'.
+#
+# all::
+#   Operate on all items.  Currently only makes sense with '--sign',
+#   '--clean', or '--list'.
+#
+# clean::
+#    Remove all files related to a host from puppetca's storage. This is 
+#    useful when rebuilding hosts, since new certificate signing requests
+#    will only be honored if puppetca does not have a copy of a signed
+#    certificate for that host. The certificate of the host remains valid.
+#    If '--all' is specified then all host certificates, both signed and
+#    unsigned, will be removed.
+#
+# debug::
+#   Enable full debugging.
+#
+# generate::
+#   Generate a certificate for a named client.  A certificate/keypair will be
+#   generated for each client named on the command line.
+#
+# help::
+#   Print this help message
+#
+# list::
+#   List outstanding certificate requests.  If '--all' is specified, 
+#   signed certificates are also listed, prefixed by '+'.
+#
+# print::
+#   Print the full-text version of a host's certificate.
+#
+# revoke::
+#   Revoke the certificate of a client. The certificate can be specified
+#   either by its serial number, given as a decimal number or a hexadecimal
+#   number prefixed by '0x', or by its hostname. The certificate is revoked
+#   by adding it to the Certificate Revocation List given by the 'cacrl'
+#   config parameter. Note that the puppetmasterd needs to be restarted
+#   after revoking certificates.
+#
+# sign::
+#   Sign an outstanding certificate request.  Unless '--all' is specified,
+#   hosts must be listed after all flags.
+#
+# verbose::
+#   Enable verbosity.
+#
+# version::
+#   Print the puppet version number and exit.
+#
+# verify::
+#   Verify the named certificate against the local CA certificate.
+#
+# = Example
+#
+#   $ puppetca -l
+#   culain.madstop.com
+#   $ puppetca -s culain.madstop.com
+#
+# = Author
+#
+# Luke Kanies
+#
+# = Copyright
+#
+# Copyright (c) 2005 Reductive Labs, LLC
+# Licensed under the GNU Public License
+
+require 'puppet/application/puppetca'
+Puppet::Application[:puppetca].run
\ No newline at end of file
diff --git a/sbin/puppetd b/sbin/puppetd
new file mode 100755
index 000000000..c4c106c6d
--- /dev/null
+++ b/sbin/puppetd
@@ -0,0 +1,159 @@
+#!/usr/bin/env ruby
+# == Synopsis 
+#
+# Retrieve the client configuration from the central puppet server and apply
+# it to the local host.
+#
+# Currently must be run out periodically, using cron or something similar.
+#
+# = Usage
+#
+#   puppetd  [-D|--daemonize|--no-daemonize] [-d|--debug] [--disable] [--enable]
+#       [-h|--help] [--fqdn <host name>] [-l|--logdest syslog|<file>|console]
+#       [-o|--onetime] [--serve <handler>] [-t|--test] [--noop]
+#       [-V|--version] [-v|--verbose] [-w|--waitforcert <seconds>]
+#
+# = Description
+#
+# This is the main puppet client.  Its job is to retrieve the local machine's
+# configuration from a remote server and apply it.  In order to successfully
+# communicate with the remote server, the client must have a certificate signed
+# by a certificate authority that the server trusts; the recommended method
+# for this, at the moment, is to run a certificate authority as part of the
+# puppet server (which is the default).  The client will connect and request
+# a signed certificate, and will continue connecting until it receives one.
+#
+# Once the client has a signed certificate, it will retrieve its configuration
+# and apply it.
+#
+# = Usage Notes
+#
+# +puppetd+ does its best to find a compromise between interactive use and
+# daemon use.  Run with no arguments and no configuration, it will go into the
+# backgroun, attempt to get a signed certificate, and retrieve and apply its
+# configuration every 30 minutes.
+#
+# Some flags are meant specifically for interactive use -- in particular,
+# +test+ and +tags+ are useful.  +test+ enables verbose logging, causes
+# the daemon to stay in the foreground, exits if the server's configuration is
+# invalid (this happens if, for instance, you've left a syntax error on the
+# server), and exits after running the configuration once (rather than hanging
+# around as a long-running process).
+#
+# +tags+ allows you to specify what portions of a configuration you want to apply.
+# Puppet elements are tagged with all of the class or definition names that
+# contain them, and you can use the +tags+ flag to specify one of these names,
+# causing only configuration elements contained within that class or definition
+# to be applied.  This is very useful when you are testing new configurations --
+# for instance, if you are just starting to manage +ntpd+, you would put all of
+# the new elements into an +ntpd+ class, and call puppet with +--tags ntpd+,
+# which would only apply that small portion of the configuration during your
+# testing, rather than applying the whole thing.
+#
+# = Options
+#
+# Note that any configuration parameter that's valid in the configuration file
+# is also a valid long argument.  For example, 'server' is a valid configuration
+# parameter, so you can specify '--server <servername>' as an argument.
+#
+# See the configuration file documentation at
+# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for
+# the full list of acceptable parameters. A commented list of all
+# configuration options can also be generated by running puppetd with
+# '--genconfig'.
+#
+# daemonize::
+#   Send the process into the background.  This is the default.
+#
+# no-daemonize::
+#   Do not send the process into the background.
+#
+# debug::
+#   Enable full debugging.
+#
+# disable::
+#   Disable working on the local system.  This puts a lock file in place,
+#   causing +puppetd+ not to work on the system until the lock file is removed.
+#   This is useful if you are testing a configuration and do not want the central
+#   configuration to override the local state until everything is tested and
+#   committed.
+#
+#   +puppetd+ uses the same lock file while it is running, so no more than one
+#   +puppetd+ process is working at a time.
+#
+#   +puppetd+ exits after executing this.
+#
+# enable::
+#   Enable working on the local system.  This removes any lock file, causing
+#   +puppetd+ to start managing the local system again (although it will continue
+#   to use its normal scheduling, so it might not start for another half hour).
+#
+#   +puppetd+ exits after executing this.
+#
+# fqdn::
+#   Set the fully-qualified domain name of the client.  This is only used for
+#   certificate purposes, but can be used to override the discovered hostname.
+#   If you need to use this flag, it is generally an indication of a setup problem.
+#
+# help::
+#   Print this help message
+#
+# logdest::
+#   Where to send messages.  Choose between syslog, the console, and a log file.
+#   Defaults to sending messages to syslog, or the console if debugging or
+#   verbosity is enabled.
+#
+# no-client::
+#   Do not create a config client.  This will cause the daemon to run
+#   without ever checking for its configuration automatically, and only
+#   makes sense when used in conjunction with --listen.
+#
+# onetime::
+#   Run the configuration once, rather than as a long-running daemon.  This is
+#   useful for interactively running puppetd.
+#
+# serve::
+#   Start another type of server.  By default, +puppetd+ will start
+#   a service handler that allows authenticated and authorized remote nodes to
+#   trigger the configuration to be pulled down and applied.  You can specify
+#   any handler here that does not require configuration, e.g., filebucket, ca,
+#   or resource.  The handlers are in +lib/puppet/network/handler+, and the names
+#   must match exactly, both in the call to +serve+ and in +namespaceauth.conf+.
+#
+# test::
+#   Enable the most common options used for testing.  These are +onetime+,
+#   +verbose+, +ignorecache, and +no-usecacheonfailure+.
+#
+# noop::
+#   Use +noop+ mode where the daemon runs in a no-op or dry-run mode.  This is useful
+#   for seeing what changes Puppet will make without actually executing the changes.
+#
+# verbose::
+#   Turn on verbose reporting.
+#
+# version::
+#   Print the puppet version number and exit.
+#
+# waitforcert::
+#   This option only matters for daemons that do not yet have certificates
+#   and it is enabled by default, with a value of 120 (seconds).  This causes
+#   +puppetd+ to connect to the server every 2 minutes and ask it to sign a
+#   certificate request.  This is useful for the initial setup of a puppet
+#   client.  You can turn off waiting for certificates by specifying a time
+#   of 0.
+#
+# = Example
+#
+#   puppetd --server puppet.domain.com
+#
+# = Author
+#
+# Luke Kanies
+#
+# = Copyright
+#
+# Copyright (c) 2005, 2006 Reductive Labs, LLC
+# Licensed under the GNU Public License
+
+require 'puppet/application/puppetd'
+Puppet::Application[:puppetd].run
diff --git a/sbin/puppetmasterd b/sbin/puppetmasterd
new file mode 100755
index 000000000..9f12f678c
--- /dev/null
+++ b/sbin/puppetmasterd
@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+
+#
+# = Synopsis
+#
+# The central puppet server.  Functions as a certificate authority by default.
+#
+# = Usage
+#
+#   puppetmasterd [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help]
+#       [-l|--logdest <file>|console|syslog] [-v|--verbose] [-V|--version]
+#
+# = Description
+#
+# This is the puppet central daemon.
+#
+# = Options
+#
+# Note that any configuration parameter that's valid in the configuration file
+# is also a valid long argument.  For example, 'ssldir' is a valid configuration
+# parameter, so you can specify '--ssldir <directory>' as an argument.
+#
+# See the configuration file documentation at
+# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for
+# the full list of acceptable parameters. A commented list of all
+# configuration options can also be generated by running puppetmasterdd with
+# '--genconfig'.
+#
+# daemonize::
+#   Send the process into the background.  This is the default.
+#
+# no-daemonize::
+#   Do not send the process into the background.
+#
+# debug::
+#   Enable full debugging.
+#
+# help::
+#   Print this help message.
+#
+# logdest::
+#   Where to send messages.  Choose between syslog, the console, and a log file.
+#   Defaults to sending messages to syslog, or the console
+#   if debugging or verbosity is enabled.
+#
+# verbose::
+#   Enable verbosity.
+#
+# version::
+#   Print the puppet version number and exit.
+#
+# = Example
+#
+#   puppetmasterd
+#
+# = Author
+#
+# Luke Kanies
+#
+# = Copyright
+#
+# Copyright (c) 2005 Reductive Labs, LLC
+# Licensed under the GNU Public License
+
+require 'puppet/application/puppetmasterd'
+Puppet::Application[:puppetmasterd].run
diff --git a/sbin/puppetrun b/sbin/puppetrun
new file mode 100755
index 000000000..da4f24a98
--- /dev/null
+++ b/sbin/puppetrun
@@ -0,0 +1,130 @@
+#!/usr/bin/env ruby
+
+#
+# = Synopsis
+#
+# Trigger a puppetd run on a set of hosts.
+#
+# = Usage
+#
+#   puppetrun [-a|--all] [-c|--class <class>] [-d|--debug] [-f|--foreground]
+#       [-h|--help] [--host <host>] [--no-fqdn] [--ignoreschedules]
+#       [-t|--tag <tag>] [--test] [-p|--ping]
+#
+# = Description
+#
+# This script can be used to connect to a set of machines running +puppetd+
+# and trigger them to run their configurations.  The most common usage would
+# be to specify a class of hosts and a set of tags, and +puppetrun+ would
+# look up in LDAP all of the hosts matching that class, then connect to
+# each host and trigger a run of all of the objects with the specified tags.
+#
+# If you are not storing your host configurations in LDAP, you can specify
+# hosts manually.
+#
+# You will most likely have to run +puppetrun+ as root to get access to
+# the SSL certificates.
+#
+# +puppetrun+ reads +puppetmaster+'s configuration file, so that it can copy
+# things like LDAP settings.
+#
+# = Usage Notes
+#
+# +puppetrun+ is useless unless +puppetd+ is listening.  See its documentation
+# for more information, but the gist is that you must enable +listen+ on the
+# +puppetd+ daemon, either using +--listen+ on the command line or adding
+# 'listen: true' in its config file.  In addition, you need to set the daemons
+# up to specifically allow connections by creating the +namespaceauth+ file,
+# normally at '/etc/puppet/namespaceauth.conf'.  This file specifies who has
+# access to each namespace; if you create the file you must add every namespace
+# you want any Puppet daemon to allow -- it is currently global to all Puppet
+# daemons.
+#
+# An example file looks like this::
+#
+#     [fileserver]
+#         allow *.madstop.com
+# 
+#     [puppetmaster]
+#         allow *.madstop.com
+# 
+#     [puppetrunner]
+#         allow culain.madstop.com
+#
+# This is what you would install on your Puppet master; non-master hosts could
+# leave off the 'fileserver' and 'puppetmaster' namespaces.
+#
+# Expect more documentation on this eventually.
+#
+# = Options
+#
+# Note that any configuration parameter that's valid in the configuration file
+# is also a valid long argument.  For example, 'ssldir' is a valid configuration
+# parameter, so you can specify '--ssldir <directory>' as an argument.
+#
+# See the configuration file documentation at
+# http://reductivelabs.com/projects/puppet/reference/configref.html for
+# the full list of acceptable parameters. A commented list of all
+# configuration options can also be generated by running puppetmasterdd with
+# '--genconfig'.
+#
+#
+# all::
+#   Connect to all available hosts.  Requires LDAP support at this point.
+#
+# class::
+#   Specify a class of machines to which to connect.  This only works if you
+#   have LDAP configured, at the moment.
+#
+# debug::
+#   Enable full debugging.
+#
+# foreground::
+#   Run each configuration in the foreground; that is, when connecting to a host,
+#   do not return until the host has finished its run.  The default is false.
+#
+# help::
+#   Print this help message
+#
+# host::
+#   A specific host to which to connect.  This flag can be specified more
+#   than once.
+#
+# ignoreschedules::
+#   Whether the client should ignore schedules when running its configuration.
+#   This can be used to force the client to perform work it would not normally
+#   perform so soon.  The default is false.
+#
+# parallel::
+#   How parallel to make the connections.  Parallelization is provided by forking
+#   for each client to which to connect.  The default is 1, meaning serial execution.
+#
+# tag::
+#   Specify a tag for selecting the objects to apply. Does not work with the
+#   --test option.
+#
+#
+# test::
+#   Print the hosts you would connect to but do not actually connect. This
+#   option requires LDAP support at this point.
+#
+# ping::
+#   
+#   Do a ICMP echo against the target host. Skip hosts that don't respond to ping.
+#
+# = Example
+#
+#   sudo puppetrun -p 10 --host host1 --host host2 -t remotefile -t webserver
+#
+# = Author
+#
+# Luke Kanies
+#
+# = Copyright
+#
+# Copyright (c) 2005 Reductive Labs, LLC
+# Licensed under the GNU Public License
+
+require 'puppet/application/puppetrun'
+Puppet::Application[:puppetrun].run
+