diff options
| -rwxr-xr-x | bin/filebucket | 94 | ||||
| -rwxr-xr-x | bin/pi | 45 | ||||
| -rwxr-xr-x | bin/puppet | 69 | ||||
| -rwxr-xr-x | bin/puppetdoc | 64 | ||||
| -rwxr-xr-x | bin/ralsh | 86 | ||||
| -rw-r--r-- | lib/puppet/application.rb | 4 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/filebucket | 97 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/pi | 48 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/puppet | 69 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/puppetca | 110 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/puppetd | 186 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/puppetdoc | 67 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/puppetmasterd | 65 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/puppetqd | 53 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/puppetrun | 128 | ||||
| -rwxr-xr-x | lib/puppet/util/command_line/ralsh | 89 | ||||
| -rwxr-xr-x | sbin/puppetca | 107 | ||||
| -rwxr-xr-x | sbin/puppetd | 182 | ||||
| -rwxr-xr-x | sbin/puppetmasterd | 62 | ||||
| -rwxr-xr-x | sbin/puppetqd | 49 | ||||
| -rwxr-xr-x | sbin/puppetrun | 125 |
21 files changed, 914 insertions, 885 deletions
diff --git a/bin/filebucket b/bin/filebucket index aa0a1d9d0..95ef7c6cf 100755 --- a/bin/filebucket +++ b/bin/filebucket @@ -1,99 +1,5 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# A stand-alone Puppet filebucket client. -# -# = Usage -# -# puppet filebucket [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] -# [-l|--local] [-r|--remote] -# [-s|--server <server>] [-b|--bucket <directory>] <file> <file> ... -# -# = Description -# -# This is a stand-alone filebucket client for sending files to a local -# or central filebucket. -# -# = Usage -# -# This client can operate in three modes, with only one mode per call: -# -# backup:: -# Send one or more files to the specified file bucket. Each sent file -# is printed with its resulting md5 sum. -# -# get:: -# Return the text associated with an md5 sum. The text is printed to -# stdout, and only one file can be retrieved at a time. -# -# restore:: -# Given a file path and an md5 sum, store the content associated with the -# sum into the specified file path. You can specify an entirely new path -# to this argument; you are not restricted to restoring the content to its -# original location. -# -# Note that +filebucket+ defaults to using a network-based filebucket available on -# the server named +puppet+. To use this, you'll have to be running as a user -# with valid Puppet certificates. Alternatively, you can use your local file bucket -# by specifying +--local+. -# -# = Example -# -# $ puppet filebucket backup /etc/passwd -# /etc/passwd: 429b225650b912a2ee067b0a4cf1e949 -# $ puppet filebucket restore /tmp/passwd 429b225650b912a2ee067b0a4cf1e949 -# $ -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'ssldir' is a valid configuration -# parameter, so you can specify '--ssldir <directory>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppet with -# '--genconfig'. -# -# debug:: -# Enable full debugging. -# -# help:: -# Print this help message -# -# local:: -# Use the local filebucket. This will use the default configuration -# information. -# -# remote:: -# Use a remote filebucket. This will use the default configuration -# information. -# -# server:: -# The server to send the file to, instead of locally. -# -# verbose:: -# Print extra information. -# -# version:: -# Print version information. -# -# = Example -# -# puppet filebucket -b /tmp/filebucket /my/file -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005 Reductive Labs, LLC -# Licensed under the GNU Public License - require 'puppet/application' require 'puppet/application/filebucket' @@ -1,50 +1,5 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# Print help about puppet types on the console. Run with '-h' to get detailed -# help. -# = Usage -# -# puppet describe [-h|--help] [-s|--short] [-p|--providers] [-l|--list] [-m|--meta] -# -# = Description -# -# Prints details of Puppet types, providers and metaparameters on the console. -# -# = Options -# -# help:: -# Print this help text -# -# providers:: -# Describe providers in detail for each type -# -# list:: -# List all types -# -# meta:: -# List all metaparameters -# -# short:: -# List only parameters without detail -# -# = Example -# -# puppet describe --list -# puppet describe file --providers -# puppet describe user -s -m -# -# = Author -# -# David Lutterkort -# -# = Copyright -# -# Copyright (c) 2005 Reductive Labs, LLC -# Licensed under the GNU Public License - require 'puppet/application/describe' Puppet::Application[:describe].run diff --git a/bin/puppet b/bin/puppet index 9b7c7d64d..c03070291 100755 --- a/bin/puppet +++ b/bin/puppet @@ -1,73 +1,4 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# Run a stand-alone +puppet+ manifest. -# -# = Usage -# -# puppet apply [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] [-e|--execute] -# [--detailed-exitcodes] [-l|--logdest <file>] <file> -# -# = Description -# -# This is the standalone puppet execution tool; use it to execute -# individual manifests that you write. If you need to execute site-wide -# manifests, use 'puppet agent' and 'puppet master'. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'ssldir' is a valid configuration -# parameter, so you can specify '--ssldir <directory>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppet with -# '--genconfig'. -# -# debug:: -# Enable full debugging. -# -# detailed-exitcodes:: -# Provide transaction information via exit codes. If this is enabled, an exit -# code of '2' means there were changes, and an exit code of '4' means that there -# were failures during the transaction. -# -# help:: -# Print this help message -# -# loadclasses:: -# Load any stored classes. 'puppet agent' caches configured classes (usually at -# /etc/puppet/classes.txt), and setting this option causes all of those classes -# to be set in your puppet manifest. -# -# logdest:: -# Where to send messages. Choose between syslog, the console, and a log file. -# Defaults to sending messages to the console. -# -# execute:: -# Execute a specific piece of Puppet code -# -# verbose:: -# Print extra information. -# -# = Example -# -# puppet -l /tmp/manifest.log manifest.pp -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005 Reductive Labs, LLC -# Licensed under the GNU Public License - -#Puppet::Application[:apply].run # this is so the RDoc::usage hack can find this file - require 'puppet/util/command_line' Puppet::Util::CommandLine.new.execute diff --git a/bin/puppetdoc b/bin/puppetdoc index 400a58251..ea08aa2f1 100755 --- a/bin/puppetdoc +++ b/bin/puppetdoc @@ -1,68 +1,4 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# Generate a reference for all Puppet types. Largely meant for internal Reductive -# Labs use. -# -# = Usage -# -# puppet doc [-a|--all] [-h|--help] [-o|--outputdir <rdoc outputdir>] [-m|--mode <text|pdf|markdown|trac|rdoc>] -# [-r|--reference <[type]|configuration|..>] [--charset CHARSET] [manifest-file] -# -# = Description -# -# If mode is not 'rdoc', then this command generates a restructured-text document describing all installed -# Puppet types or all allowable arguments to puppet executables. It is largely -# meant for internal use and is used to generate the reference document -# available on the Reductive Labs web site. -# -# In 'rdoc' mode, this command generates an html RDoc hierarchy describing the manifests that -# are in 'manifestdir' and 'modulepath' configuration directives. -# The generated documentation directory is doc by default but can be changed with the 'outputdir' option. -# -# If the command is started with 'manifest-file' command-line arguments, puppet doc generate a single -# manifest documentation that is output on stdout. -# -# = Options -# -# all:: -# Output the docs for all of the reference types. In 'rdoc' modes, this also outputs documentation for all resources -# -# help:: -# Print this help message -# -# outputdir:: -# Specifies the directory where to output the rdoc documentation in 'rdoc' mode. -# -# mode:: -# Determine the output mode. Valid modes are 'text', 'trac', 'pdf', 'markdown' and 'rdoc'. The 'pdf' and 'markdown' modes create PDF or Markdown formatted files in the /tmp directory. Note that 'trac' mode only works on Reductive Labs servers. The default mode is 'text'. In 'rdoc' mode you must provide 'manifests-path' -# -# reference:: -# Build a particular reference. Get a list of references by running +puppet doc --list+. -# -# charset:: -# Used only in 'rdoc' mode. It sets the charset used in the html files produced. -# -# = Example -# -# $ puppet doc -r type > /tmp/type_reference.rst -# or -# $ puppet doc --outputdir /tmp/rdoc --mode rdoc /path/to/manifests -# or -# $ puppet doc /etc/puppet/manifests/site.pp -# or -# $ puppet doc -m markdown -r configuration -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005-2007 Reductive Labs, LLC -# Licensed under the GNU Public License - require 'puppet/application/doc' Puppet::Application[:doc].run @@ -1,90 +1,4 @@ #!/usr/bin/env ruby -# vim: softtabstop=4 shiftwidth=4 expandtab -# -# = Synopsis -# -# Use the Puppet RAL to directly interact with the system. -# -# = Usage -# -# puppet resource [-h|--help] [-d|--debug] [-v|--verbose] [-e|--edit] -# [-H|--host <host>] [-p|--param <param>] [-t|--types] -# type <name> -# -# = Description -# -# This command provides simple facilities for converting current system state -# into Puppet code, along with some ability to use Puppet to affect the current -# state. -# -# By default, you must at least provide a type to list, which case puppet resource -# will tell you everything it knows about all instances of that type. You can -# optionally specify an instance name, and puppet resource will only describe that single -# instance. -# -# You can also add +--edit+ as an argument, and puppet resource will write its output -# to a file, open that file in an editor, and then apply the file as a Puppet -# transaction. You can easily use this to use Puppet to make simple changes to -# a system. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'ssldir' is a valid configuration -# parameter, so you can specify '--ssldir <directory>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppet with -# '--genconfig'. -# -# debug:: -# Enable full debugging. -# -# edit: -# Write the results of the query to a file, open the file in an editor, -# and read the file back in as an executable Puppet manifest. -# -# host: -# When specified, connect to the resource server on the named host -# and retrieve the list of resouces of the type specified. -# -# help: -# Print this help message. -# -# param: -# Add more parameters to be outputted from queries. -# -# types: -# List all available types. -# -# verbose:: -# Print extra information. -# -# = Example -# -# This example uses ``puppet resource`` to return Puppet configuration for the user ``luke``:: -# -# $ puppet resource user luke -# user { 'luke': -# home => '/home/luke', -# uid => '100', -# ensure => 'present', -# comment => 'Luke Kanies,,,', -# gid => '1000', -# shell => '/bin/bash', -# groups => ['sysadmin','audio','video','puppet'] -# } -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005-2007 Reductive Labs, LLC -# Licensed under the GNU Public License require 'puppet/application/resource' Puppet::Application[:resource].run diff --git a/lib/puppet/application.rb b/lib/puppet/application.rb index 38fea336d..abd930949 100644 --- a/lib/puppet/application.rb +++ b/lib/puppet/application.rb @@ -118,7 +118,7 @@ class Application require 'puppet/util' include Puppet::Util - BINDIRS = %w{sbin bin}.map{|dir| File.expand_path(File.dirname(__FILE__)) + "/../../#{dir}/*"}.join(" ") + DOCPATTERN = File.expand_path(File.dirname(__FILE__) + "/util/command_line/*" ) class << self include Puppet::Util @@ -384,7 +384,7 @@ class Application ::RDoc.const_set("PuppetSourceFile", name) #:stopdoc: # Issue #4161 def (::RDoc).caller - docfile = `grep -l 'Puppet::Application\\[:#{::RDoc::PuppetSourceFile}\\]' #{BINDIRS}`.chomp + docfile = `grep -l 'Puppet::Application\\[:#{::RDoc::PuppetSourceFile}\\]' #{DOCPATTERN}`.chomp super << "#{docfile}:0" end #:startdoc: diff --git a/lib/puppet/util/command_line/filebucket b/lib/puppet/util/command_line/filebucket new file mode 100755 index 000000000..ba9d8cdd9 --- /dev/null +++ b/lib/puppet/util/command_line/filebucket @@ -0,0 +1,97 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# A stand-alone Puppet filebucket client. +# +# = Usage +# +# puppet filebucket [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] +# [-l|--local] [-r|--remote] +# [-s|--server <server>] [-b|--bucket <directory>] <file> <file> ... +# +# = Description +# +# This is a stand-alone filebucket client for sending files to a local +# or central filebucket. +# +# = Usage +# +# This client can operate in three modes, with only one mode per call: +# +# backup:: +# Send one or more files to the specified file bucket. Each sent file +# is printed with its resulting md5 sum. +# +# get:: +# Return the text associated with an md5 sum. The text is printed to +# stdout, and only one file can be retrieved at a time. +# +# restore:: +# Given a file path and an md5 sum, store the content associated with the +# sum into the specified file path. You can specify an entirely new path +# to this argument; you are not restricted to restoring the content to its +# original location. +# +# Note that +filebucket+ defaults to using a network-based filebucket available on +# the server named +puppet+. To use this, you'll have to be running as a user +# with valid Puppet certificates. Alternatively, you can use your local file bucket +# by specifying +--local+. +# +# = Example +# +# $ puppet filebucket backup /etc/passwd +# /etc/passwd: 429b225650b912a2ee067b0a4cf1e949 +# $ puppet filebucket restore /tmp/passwd 429b225650b912a2ee067b0a4cf1e949 +# $ +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'ssldir' is a valid configuration +# parameter, so you can specify '--ssldir <directory>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppet with +# '--genconfig'. +# +# debug:: +# Enable full debugging. +# +# help:: +# Print this help message +# +# local:: +# Use the local filebucket. This will use the default configuration +# information. +# +# remote:: +# Use a remote filebucket. This will use the default configuration +# information. +# +# server:: +# The server to send the file to, instead of locally. +# +# verbose:: +# Print extra information. +# +# version:: +# Print version information. +# +# = Example +# +# puppet filebucket -b /tmp/filebucket /my/file +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:filebucket].run diff --git a/lib/puppet/util/command_line/pi b/lib/puppet/util/command_line/pi new file mode 100755 index 000000000..ae3c46e9a --- /dev/null +++ b/lib/puppet/util/command_line/pi @@ -0,0 +1,48 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# Print help about puppet types on the console. Run with '-h' to get detailed +# help. +# = Usage +# +# puppet describe [-h|--help] [-s|--short] [-p|--providers] [-l|--list] [-m|--meta] +# +# = Description +# +# Prints details of Puppet types, providers and metaparameters on the console. +# +# = Options +# +# help:: +# Print this help text +# +# providers:: +# Describe providers in detail for each type +# +# list:: +# List all types +# +# meta:: +# List all metaparameters +# +# short:: +# List only parameters without detail +# +# = Example +# +# puppet describe --list +# puppet describe file --providers +# puppet describe user -s -m +# +# = Author +# +# David Lutterkort +# +# = Copyright +# +# Copyright (c) 2005 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:describe].run diff --git a/lib/puppet/util/command_line/puppet b/lib/puppet/util/command_line/puppet new file mode 100755 index 000000000..f65ef9007 --- /dev/null +++ b/lib/puppet/util/command_line/puppet @@ -0,0 +1,69 @@ + +# +# = Synopsis +# +# Run a stand-alone +puppet+ manifest. +# +# = Usage +# +# puppet apply [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] [-e|--execute] +# [--detailed-exitcodes] [-l|--logdest <file>] <file> +# +# = Description +# +# This is the standalone puppet execution tool; use it to execute +# individual manifests that you write. If you need to execute site-wide +# manifests, use 'puppet agent' and 'puppet master'. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'ssldir' is a valid configuration +# parameter, so you can specify '--ssldir <directory>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppet with +# '--genconfig'. +# +# debug:: +# Enable full debugging. +# +# detailed-exitcodes:: +# Provide transaction information via exit codes. If this is enabled, an exit +# code of '2' means there were changes, and an exit code of '4' means that there +# were failures during the transaction. +# +# help:: +# Print this help message +# +# loadclasses:: +# Load any stored classes. 'puppet agent' caches configured classes (usually at +# /etc/puppet/classes.txt), and setting this option causes all of those classes +# to be set in your puppet manifest. +# +# logdest:: +# Where to send messages. Choose between syslog, the console, and a log file. +# Defaults to sending messages to the console. +# +# execute:: +# Execute a specific piece of Puppet code +# +# verbose:: +# Print extra information. +# +# = Example +# +# puppet -l /tmp/manifest.log manifest.pp +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:apply].run diff --git a/lib/puppet/util/command_line/puppetca b/lib/puppet/util/command_line/puppetca new file mode 100755 index 000000000..4f1a88da5 --- /dev/null +++ b/lib/puppet/util/command_line/puppetca @@ -0,0 +1,110 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# Stand-alone certificate authority. Capable of generating certificates +# but mostly meant for signing certificate requests from puppet clients. +# +# = Usage +# +# puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] +# [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke] +# [-p|--print] [-c|--clean] [--verify] [--digest DIGEST] +# [--fingerprint] [host] +# +# = Description +# +# Because the puppetmasterd daemon defaults to not signing client certificate +# requests, this script is available for signing outstanding requests. It +# can be used to list outstanding requests and then either sign them individually +# or sign all of them. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'ssldir' is a valid configuration +# parameter, so you can specify '--ssldir <directory>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/projects/puppet/reference/configref.html for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppet cert with +# '--genconfig'. +# +# all:: +# Operate on all items. Currently only makes sense with '--sign', +# '--clean', or '--list'. +# +# digest:: +# Set the digest for fingerprinting (defaults to md5). Valid values depends +# on your openssl and openssl ruby extension version, but should contain at +# least md5, sha1, md2, sha256. +# +# clean:: +# Remove all files related to a host from puppet cert's storage. This is +# useful when rebuilding hosts, since new certificate signing requests +# will only be honored if puppet cert does not have a copy of a signed +# certificate for that host. The certificate of the host remains valid. +# If '--all' is specified then all host certificates, both signed and +# unsigned, will be removed. +# +# debug:: +# Enable full debugging. +# +# generate:: +# Generate a certificate for a named client. A certificate/keypair will be +# generated for each client named on the command line. +# +# help:: +# Print this help message +# +# list:: +# List outstanding certificate requests. If '--all' is specified, +# signed certificates are also listed, prefixed by '+', and revoked +# or invalid certificates are prefixed by '-' (the verification outcome +# is printed in parenthesis). +# +# print:: +# Print the full-text version of a host's certificate. +# +# fingerprint:: +# Print the DIGEST (defaults to md5) fingerprint of a host's certificate. +# +# revoke:: +# Revoke the certificate of a client. The certificate can be specified +# either by its serial number, given as a decimal number or a hexadecimal +# number prefixed by '0x', or by its hostname. The certificate is revoked +# by adding it to the Certificate Revocation List given by the 'cacrl' +# config parameter. Note that the puppetmasterd needs to be restarted +# after revoking certificates. +# +# sign:: +# Sign an outstanding certificate request. Unless '--all' is specified, +# hosts must be listed after all flags. +# +# verbose:: +# Enable verbosity. +# +# version:: +# Print the puppet version number and exit. +# +# verify:: +# Verify the named certificate against the local CA certificate. +# +# = Example +# +# $ puppet cert -l +# culain.madstop.com +# $ puppet cert -s culain.madstop.com +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:cert].run diff --git a/lib/puppet/util/command_line/puppetd b/lib/puppet/util/command_line/puppetd new file mode 100755 index 000000000..3af2fdabf --- /dev/null +++ b/lib/puppet/util/command_line/puppetd @@ -0,0 +1,186 @@ +#!/usr/bin/env ruby + +# == Synopsis +# +# Retrieve the client configuration from the puppet master and apply +# it to the local host. +# +# Currently must be run out periodically, using cron or something similar. +# +# = Usage +# +# puppet agent [-D|--daemonize|--no-daemonize] [-d|--debug] +# [--detailed-exitcodes] [--disable] [--enable] +# [-h|--help] [--fqdn <host name>] [-l|--logdest syslog|<file>|console] +# [-o|--onetime] [--serve <handler>] [-t|--test] [--noop] +# [--digest <digest>] [--fingerprint] [-V|--version] +# [-v|--verbose] [-w|--waitforcert <seconds>] +# +# = Description +# +# This is the main puppet client. Its job is to retrieve the local machine's +# configuration from a remote server and apply it. In order to successfully +# communicate with the remote server, the client must have a certificate signed +# by a certificate authority that the server trusts; the recommended method +# for this, at the moment, is to run a certificate authority as part of the +# puppet server (which is the default). The client will connect and request +# a signed certificate, and will continue connecting until it receives one. +# +# Once the client has a signed certificate, it will retrieve its configuration +# and apply it. +# +# = Usage Notes +# +# +puppet agent+ does its best to find a compromise between interactive use and +# daemon use. Run with no arguments and no configuration, it will go into the +# backgroun, attempt to get a signed certificate, and retrieve and apply its +# configuration every 30 minutes. +# +# Some flags are meant specifically for interactive use -- in particular, +# +test+, +tags+ or +fingerprint+ are useful. +test+ enables verbose logging, causes +# the daemon to stay in the foreground, exits if the server's configuration is +# invalid (this happens if, for instance, you've left a syntax error on the +# server), and exits after running the configuration once (rather than hanging +# around as a long-running process). +# +# +tags+ allows you to specify what portions of a configuration you want to apply. +# Puppet elements are tagged with all of the class or definition names that +# contain them, and you can use the +tags+ flag to specify one of these names, +# causing only configuration elements contained within that class or definition +# to be applied. This is very useful when you are testing new configurations -- +# for instance, if you are just starting to manage +ntpd+, you would put all of +# the new elements into an +ntpd+ class, and call puppet with +--tags ntpd+, +# which would only apply that small portion of the configuration during your +# testing, rather than applying the whole thing. +# +# +fingerprint+ is a one-time flag. In this mode +puppet agent+ will run once and +# display on the console (and in the log) the current certificate (or certificate +# request) fingerprint. Providing the +--digest+ option allows to use a different +# digest algorithm to generate the fingerprint. The main use is to verify that +# before signing a certificate request on the master, the certificate request the +# master received is the same as the one the client sent (to prevent against +# man-in-the-middle attacks when signing certificates). +# +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'server' is a valid configuration +# parameter, so you can specify '--server <servername>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppet agent with +# '--genconfig'. +# +# daemonize:: +# Send the process into the background. This is the default. +# +# no-daemonize:: +# Do not send the process into the background. +# +# debug:: +# Enable full debugging. +# +# digest:: +# Change the certificate fingerprinting digest algorithm. The default is MD5. +# Valid values depends on the version of OpenSSL installed, but should always +# at least contain MD5, MD2, SHA1 and SHA256. +# +# detailed-exitcodes:: +# Provide transaction information via exit codes. If this is enabled, an +# exit code of '2' means there were changes, and an exit code of '4' means +# that there were failures during the transaction. This option only makes +# sense in conjunction with --onetime. +# +# disable:: +# Disable working on the local system. This puts a lock file in place, +# causing +puppet agent+ not to work on the system until the lock file is removed. +# This is useful if you are testing a configuration and do not want the central +# configuration to override the local state until everything is tested and +# committed. +# +# +puppet agent+ uses the same lock file while it is running, so no more than one +# +puppet agent+ process is working at a time. +# +# +puppet agent+ exits after executing this. +# +# enable:: +# Enable working on the local system. This removes any lock file, causing +# +puppet agent+ to start managing the local system again (although it will continue +# to use its normal scheduling, so it might not start for another half hour). +# +# +puppet agent+ exits after executing this. +# +# fqdn:: +# Set the fully-qualified domain name of the client. This is only used for +# certificate purposes, but can be used to override the discovered hostname. +# If you need to use this flag, it is generally an indication of a setup problem. +# +# help:: +# Print this help message +# +# logdest:: +# Where to send messages. Choose between syslog, the console, and a log file. +# Defaults to sending messages to syslog, or the console if debugging or +# verbosity is enabled. +# +# no-client:: +# Do not create a config client. This will cause the daemon to run +# without ever checking for its configuration automatically, and only +# makes sense when used in conjunction with --listen. +# +# onetime:: +# Run the configuration once. Runs a single (normally daemonized) Puppet run. +# Useful for interactively running puppet agent when used in conjunction with +# the --no-daemonize option. +# +# fingerprint:: +# Display the current certificate or certificate signing request fingerprint +# and then exit. Use the +--digest+ option to change the digest algorithm used. +# +# serve:: +# Start another type of server. By default, +puppet agent+ will start +# a service handler that allows authenticated and authorized remote nodes to +# trigger the configuration to be pulled down and applied. You can specify +# any handler here that does not require configuration, e.g., filebucket, ca, +# or resource. The handlers are in +lib/puppet/network/handler+, and the names +# must match exactly, both in the call to +serve+ and in +namespaceauth.conf+. +# +# test:: +# Enable the most common options used for testing. These are +onetime+, +# +verbose+, +ignorecache, +no-daemonize+, and +no-usecacheonfailure+. +# +# noop:: +# Use +noop+ mode where the daemon runs in a no-op or dry-run mode. This is useful +# for seeing what changes Puppet will make without actually executing the changes. +# +# verbose:: +# Turn on verbose reporting. +# +# version:: +# Print the puppet version number and exit. +# +# waitforcert:: +# This option only matters for daemons that do not yet have certificates +# and it is enabled by default, with a value of 120 (seconds). This causes +# +puppet agent+ to connect to the server every 2 minutes and ask it to sign a +# certificate request. This is useful for the initial setup of a puppet +# client. You can turn off waiting for certificates by specifying a time +# of 0. +# +# = Example +# +# puppet agent --server puppet.domain.com +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005, 2006 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:agent].run diff --git a/lib/puppet/util/command_line/puppetdoc b/lib/puppet/util/command_line/puppetdoc new file mode 100755 index 000000000..d9bbbec33 --- /dev/null +++ b/lib/puppet/util/command_line/puppetdoc @@ -0,0 +1,67 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# Generate a reference for all Puppet types. Largely meant for internal Reductive +# Labs use. +# +# = Usage +# +# puppet doc [-a|--all] [-h|--help] [-o|--outputdir <rdoc outputdir>] [-m|--mode <text|pdf|markdown|trac|rdoc>] +# [-r|--reference <[type]|configuration|..>] [--charset CHARSET] [manifest-file] +# +# = Description +# +# If mode is not 'rdoc', then this command generates a restructured-text document describing all installed +# Puppet types or all allowable arguments to puppet executables. It is largely +# meant for internal use and is used to generate the reference document +# available on the Reductive Labs web site. +# +# In 'rdoc' mode, this command generates an html RDoc hierarchy describing the manifests that +# are in 'manifestdir' and 'modulepath' configuration directives. +# The generated documentation directory is doc by default but can be changed with the 'outputdir' option. +# +# If the command is started with 'manifest-file' command-line arguments, puppet doc generate a single +# manifest documentation that is output on stdout. +# +# = Options +# +# all:: +# Output the docs for all of the reference types. In 'rdoc' modes, this also outputs documentation for all resources +# +# help:: +# Print this help message +# +# outputdir:: +# Specifies the directory where to output the rdoc documentation in 'rdoc' mode. +# +# mode:: +# Determine the output mode. Valid modes are 'text', 'trac', 'pdf', 'markdown' and 'rdoc'. The 'pdf' and 'markdown' modes create PDF or Markdown formatted files in the /tmp directory. Note that 'trac' mode only works on Reductive Labs servers. The default mode is 'text'. In 'rdoc' mode you must provide 'manifests-path' +# +# reference:: +# Build a particular reference. Get a list of references by running +puppet doc --list+. +# +# charset:: +# Used only in 'rdoc' mode. It sets the charset used in the html files produced. +# +# = Example +# +# $ puppet doc -r type > /tmp/type_reference.rst +# or +# $ puppet doc --outputdir /tmp/rdoc --mode rdoc /path/to/manifests +# or +# $ puppet doc /etc/puppet/manifests/site.pp +# or +# $ puppet doc -m markdown -r configuration +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005-2007 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:doc].run diff --git a/lib/puppet/util/command_line/puppetmasterd b/lib/puppet/util/command_line/puppetmasterd new file mode 100755 index 000000000..c58612c0f --- /dev/null +++ b/lib/puppet/util/command_line/puppetmasterd @@ -0,0 +1,65 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# The central puppet server. Functions as a certificate authority by default. +# +# = Usage +# +# puppet master [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help] +# [-l|--logdest <file>|console|syslog] [-v|--verbose] [-V|--version] +# +# = Description +# +# This is the puppet central daemon. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'ssldir' is a valid configuration +# parameter, so you can specify '--ssldir <directory>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppetmasterdd with +# '--genconfig'. +# +# daemonize:: +# Send the process into the background. This is the default. +# +# no-daemonize:: +# Do not send the process into the background. +# +# debug:: +# Enable full debugging. +# +# help:: +# Print this help message. +# +# logdest:: +# Where to send messages. Choose between syslog, the console, and a log file. +# Defaults to sending messages to syslog, or the console +# if debugging or verbosity is enabled. +# +# verbose:: +# Enable verbosity. +# +# version:: +# Print the puppet version number and exit. +# +# = Example +# +# puppet master +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:master].run diff --git a/lib/puppet/util/command_line/puppetqd b/lib/puppet/util/command_line/puppetqd new file mode 100755 index 000000000..439db5cb0 --- /dev/null +++ b/lib/puppet/util/command_line/puppetqd @@ -0,0 +1,53 @@ +#!/usr/bin/env ruby + +# == Synopsis +# +# Retrieve serialized records from a queue and process them in order. +# +# = Usage +# +# puppet queue [-d|--debug] [-v|--verbose] +# +# = Description +# +# This is a simple application that just processes entities in a queue as they +# are recieved. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'server' is a valid configuration +# parameter, so you can specify '--server <servername>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppetd with +# '--genconfig'. +# +# debug:: +# Enable full debugging. +# +# help:: +# Print this help message +# +# verbose:: +# Turn on verbose reporting. +# +# version:: +# Print the puppet version number and exit. +# +# = Example +# +# puppet queue +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2009 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:queue].run diff --git a/lib/puppet/util/command_line/puppetrun b/lib/puppet/util/command_line/puppetrun new file mode 100755 index 000000000..ee95c47eb --- /dev/null +++ b/lib/puppet/util/command_line/puppetrun @@ -0,0 +1,128 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# Trigger a puppet agent run on a set of hosts. +# +# = Usage +# +# puppet kick [-a|--all] [-c|--class <class>] [-d|--debug] [-f|--foreground] +# [-h|--help] [--host <host>] [--no-fqdn] [--ignoreschedules] +# [-t|--tag <tag>] [--test] [-p|--ping] <host> [<host> [...]] +# +# = Description +# +# This script can be used to connect to a set of machines running +puppet agent+ +# and trigger them to run their configurations. The most common usage would +# be to specify a class of hosts and a set of tags, and +puppet kick+ would +# look up in LDAP all of the hosts matching that class, then connect to +# each host and trigger a run of all of the objects with the specified tags. +# +# If you are not storing your host configurations in LDAP, you can specify +# hosts manually. +# +# You will most likely have to run +puppet kick+ as root to get access to +# the SSL certificates. +# +# +puppet kick+ reads +puppet master+'s configuration file, so that it can copy +# things like LDAP settings. +# +# = Usage Notes +# +# +puppet kick+ is useless unless +puppet agent+ is listening. See its documentation +# for more information, but the gist is that you must enable +listen+ on the +# +puppet agent+ daemon, either using +--listen+ on the command line or adding +# 'listen: true' in its config file. In addition, you need to set the daemons +# up to specifically allow connections by creating the +namespaceauth+ file, +# normally at '/etc/puppet/namespaceauth.conf'. This file specifies who has +# access to each namespace; if you create the file you must add every namespace +# you want any Puppet daemon to allow -- it is currently global to all Puppet +# daemons. +# +# An example file looks like this:: +# +# [fileserver] +# allow *.madstop.com +# +# [puppetmaster] +# allow *.madstop.com +# +# [puppetrunner] +# allow culain.madstop.com +# +# This is what you would install on your Puppet master; non-master hosts could +# leave off the 'fileserver' and 'puppetmaster' namespaces. +# +# Expect more documentation on this eventually. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'ssldir' is a valid configuration +# parameter, so you can specify '--ssldir <directory>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/projects/puppet/reference/configref.html for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppet master with +# '--genconfig'. +# +# +# all:: +# Connect to all available hosts. Requires LDAP support at this point. +# +# class:: +# Specify a class of machines to which to connect. This only works if you +# have LDAP configured, at the moment. +# +# debug:: +# Enable full debugging. +# +# foreground:: +# Run each configuration in the foreground; that is, when connecting to a host, +# do not return until the host has finished its run. The default is false. +# +# help:: +# Print this help message +# +# host:: +# A specific host to which to connect. This flag can be specified more +# than once. +# +# ignoreschedules:: +# Whether the client should ignore schedules when running its configuration. +# This can be used to force the client to perform work it would not normally +# perform so soon. The default is false. +# +# parallel:: +# How parallel to make the connections. Parallelization is provided by forking +# for each client to which to connect. The default is 1, meaning serial execution. +# +# tag:: +# Specify a tag for selecting the objects to apply. Does not work with the +# --test option. +# +# +# test:: +# Print the hosts you would connect to but do not actually connect. This +# option requires LDAP support at this point. +# +# ping:: +# +# Do a ICMP echo against the target host. Skip hosts that don't respond to ping. +# +# = Example +# +# sudo puppet kick -p 10 -t remotefile -t webserver host1 host2 +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:kick].run diff --git a/lib/puppet/util/command_line/ralsh b/lib/puppet/util/command_line/ralsh new file mode 100755 index 000000000..b866eded6 --- /dev/null +++ b/lib/puppet/util/command_line/ralsh @@ -0,0 +1,89 @@ +#!/usr/bin/env ruby + +# +# = Synopsis +# +# Use the Puppet RAL to directly interact with the system. +# +# = Usage +# +# puppet resource [-h|--help] [-d|--debug] [-v|--verbose] [-e|--edit] +# [-H|--host <host>] [-p|--param <param>] [-t|--types] +# type <name> +# +# = Description +# +# This command provides simple facilities for converting current system state +# into Puppet code, along with some ability to use Puppet to affect the current +# state. +# +# By default, you must at least provide a type to list, which case puppet resource +# will tell you everything it knows about all instances of that type. You can +# optionally specify an instance name, and puppet resource will only describe that single +# instance. +# +# You can also add +--edit+ as an argument, and puppet resource will write its output +# to a file, open that file in an editor, and then apply the file as a Puppet +# transaction. You can easily use this to use Puppet to make simple changes to +# a system. +# +# = Options +# +# Note that any configuration parameter that's valid in the configuration file +# is also a valid long argument. For example, 'ssldir' is a valid configuration +# parameter, so you can specify '--ssldir <directory>' as an argument. +# +# See the configuration file documentation at +# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for +# the full list of acceptable parameters. A commented list of all +# configuration options can also be generated by running puppet with +# '--genconfig'. +# +# debug:: +# Enable full debugging. +# +# edit: +# Write the results of the query to a file, open the file in an editor, +# and read the file back in as an executable Puppet manifest. +# +# host: +# When specified, connect to the resource server on the named host +# and retrieve the list of resouces of the type specified. +# +# help: +# Print this help message. +# +# param: +# Add more parameters to be outputted from queries. +# +# types: +# List all available types. +# +# verbose:: +# Print extra information. +# +# = Example +# +# This example uses ``puppet resource`` to return Puppet configuration for the user ``luke``:: +# +# $ puppet resource user luke +# user { 'luke': +# home => '/home/luke', +# uid => '100', +# ensure => 'present', +# comment => 'Luke Kanies,,,', +# gid => '1000', +# shell => '/bin/bash', +# groups => ['sysadmin','audio','video','puppet'] +# } +# +# = Author +# +# Luke Kanies +# +# = Copyright +# +# Copyright (c) 2005-2007 Reductive Labs, LLC +# Licensed under the GNU Public License + +#Puppet::Application[:resource].run diff --git a/sbin/puppetca b/sbin/puppetca index 15bc3c64f..255680e7c 100755 --- a/sbin/puppetca +++ b/sbin/puppetca @@ -1,111 +1,4 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# Stand-alone certificate authority. Capable of generating certificates -# but mostly meant for signing certificate requests from puppet clients. -# -# = Usage -# -# puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] -# [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke] -# [-p|--print] [-c|--clean] [--verify] [--digest DIGEST] -# [--fingerprint] [host] -# -# = Description -# -# Because the puppetmasterd daemon defaults to not signing client certificate -# requests, this script is available for signing outstanding requests. It -# can be used to list outstanding requests and then either sign them individually -# or sign all of them. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'ssldir' is a valid configuration -# parameter, so you can specify '--ssldir <directory>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/projects/puppet/reference/configref.html for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppet cert with -# '--genconfig'. -# -# all:: -# Operate on all items. Currently only makes sense with '--sign', -# '--clean', or '--list'. -# -# digest:: -# Set the digest for fingerprinting (defaults to md5). Valid values depends -# on your openssl and openssl ruby extension version, but should contain at -# least md5, sha1, md2, sha256. -# -# clean:: -# Remove all files related to a host from puppet cert's storage. This is -# useful when rebuilding hosts, since new certificate signing requests -# will only be honored if puppet cert does not have a copy of a signed -# certificate for that host. The certificate of the host remains valid. -# If '--all' is specified then all host certificates, both signed and -# unsigned, will be removed. -# -# debug:: -# Enable full debugging. -# -# generate:: -# Generate a certificate for a named client. A certificate/keypair will be -# generated for each client named on the command line. -# -# help:: -# Print this help message -# -# list:: -# List outstanding certificate requests. If '--all' is specified, -# signed certificates are also listed, prefixed by '+', and revoked -# or invalid certificates are prefixed by '-' (the verification outcome -# is printed in parenthesis). -# -# print:: -# Print the full-text version of a host's certificate. -# -# fingerprint:: -# Print the DIGEST (defaults to md5) fingerprint of a host's certificate. -# -# revoke:: -# Revoke the certificate of a client. The certificate can be specified -# either by its serial number, given as a decimal number or a hexadecimal -# number prefixed by '0x', or by its hostname. The certificate is revoked -# by adding it to the Certificate Revocation List given by the 'cacrl' -# config parameter. Note that the puppetmasterd needs to be restarted -# after revoking certificates. -# -# sign:: -# Sign an outstanding certificate request. Unless '--all' is specified, -# hosts must be listed after all flags. -# -# verbose:: -# Enable verbosity. -# -# version:: -# Print the puppet version number and exit. -# -# verify:: -# Verify the named certificate against the local CA certificate. -# -# = Example -# -# $ puppet cert -l -# culain.madstop.com -# $ puppet cert -s culain.madstop.com -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005 Reductive Labs, LLC -# Licensed under the GNU Public License - require 'puppet/application/cert' Puppet::Application[:cert].run diff --git a/sbin/puppetd b/sbin/puppetd index d54834ab7..f0605c8bf 100755 --- a/sbin/puppetd +++ b/sbin/puppetd @@ -1,186 +1,4 @@ #!/usr/bin/env ruby -# == Synopsis -# -# Retrieve the client configuration from the puppet master and apply -# it to the local host. -# -# Currently must be run out periodically, using cron or something similar. -# -# = Usage -# -# puppet agent [-D|--daemonize|--no-daemonize] [-d|--debug] -# [--detailed-exitcodes] [--disable] [--enable] -# [-h|--help] [--fqdn <host name>] [-l|--logdest syslog|<file>|console] -# [-o|--onetime] [--serve <handler>] [-t|--test] [--noop] -# [--digest <digest>] [--fingerprint] [-V|--version] -# [-v|--verbose] [-w|--waitforcert <seconds>] -# -# = Description -# -# This is the main puppet client. Its job is to retrieve the local machine's -# configuration from a remote server and apply it. In order to successfully -# communicate with the remote server, the client must have a certificate signed -# by a certificate authority that the server trusts; the recommended method -# for this, at the moment, is to run a certificate authority as part of the -# puppet server (which is the default). The client will connect and request -# a signed certificate, and will continue connecting until it receives one. -# -# Once the client has a signed certificate, it will retrieve its configuration -# and apply it. -# -# = Usage Notes -# -# +puppet agent+ does its best to find a compromise between interactive use and -# daemon use. Run with no arguments and no configuration, it will go into the -# backgroun, attempt to get a signed certificate, and retrieve and apply its -# configuration every 30 minutes. -# -# Some flags are meant specifically for interactive use -- in particular, -# +test+, +tags+ or +fingerprint+ are useful. +test+ enables verbose logging, causes -# the daemon to stay in the foreground, exits if the server's configuration is -# invalid (this happens if, for instance, you've left a syntax error on the -# server), and exits after running the configuration once (rather than hanging -# around as a long-running process). -# -# +tags+ allows you to specify what portions of a configuration you want to apply. -# Puppet elements are tagged with all of the class or definition names that -# contain them, and you can use the +tags+ flag to specify one of these names, -# causing only configuration elements contained within that class or definition -# to be applied. This is very useful when you are testing new configurations -- -# for instance, if you are just starting to manage +ntpd+, you would put all of -# the new elements into an +ntpd+ class, and call puppet with +--tags ntpd+, -# which would only apply that small portion of the configuration during your -# testing, rather than applying the whole thing. -# -# +fingerprint+ is a one-time flag. In this mode +puppet agent+ will run once and -# display on the console (and in the log) the current certificate (or certificate -# request) fingerprint. Providing the +--digest+ option allows to use a different -# digest algorithm to generate the fingerprint. The main use is to verify that -# before signing a certificate request on the master, the certificate request the -# master received is the same as the one the client sent (to prevent against -# man-in-the-middle attacks when signing certificates). -# -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'server' is a valid configuration -# parameter, so you can specify '--server <servername>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppet agent with -# '--genconfig'. -# -# daemonize:: -# Send the process into the background. This is the default. -# -# no-daemonize:: -# Do not send the process into the background. -# -# debug:: -# Enable full debugging. -# -# digest:: -# Change the certificate fingerprinting digest algorithm. The default is MD5. -# Valid values depends on the version of OpenSSL installed, but should always -# at least contain MD5, MD2, SHA1 and SHA256. -# -# detailed-exitcodes:: -# Provide transaction information via exit codes. If this is enabled, an -# exit code of '2' means there were changes, and an exit code of '4' means -# that there were failures during the transaction. This option only makes -# sense in conjunction with --onetime. -# -# disable:: -# Disable working on the local system. This puts a lock file in place, -# causing +puppet agent+ not to work on the system until the lock file is removed. -# This is useful if you are testing a configuration and do not want the central -# configuration to override the local state until everything is tested and -# committed. -# -# +puppet agent+ uses the same lock file while it is running, so no more than one -# +puppet agent+ process is working at a time. -# -# +puppet agent+ exits after executing this. -# -# enable:: -# Enable working on the local system. This removes any lock file, causing -# +puppet agent+ to start managing the local system again (although it will continue -# to use its normal scheduling, so it might not start for another half hour). -# -# +puppet agent+ exits after executing this. -# -# fqdn:: -# Set the fully-qualified domain name of the client. This is only used for -# certificate purposes, but can be used to override the discovered hostname. -# If you need to use this flag, it is generally an indication of a setup problem. -# -# help:: -# Print this help message -# -# logdest:: -# Where to send messages. Choose between syslog, the console, and a log file. -# Defaults to sending messages to syslog, or the console if debugging or -# verbosity is enabled. -# -# no-client:: -# Do not create a config client. This will cause the daemon to run -# without ever checking for its configuration automatically, and only -# makes sense when used in conjunction with --listen. -# -# onetime:: -# Run the configuration once. Runs a single (normally daemonized) Puppet run. -# Useful for interactively running puppet agent when used in conjunction with -# the --no-daemonize option. -# -# fingerprint:: -# Display the current certificate or certificate signing request fingerprint -# and then exit. Use the +--digest+ option to change the digest algorithm used. -# -# serve:: -# Start another type of server. By default, +puppet agent+ will start -# a service handler that allows authenticated and authorized remote nodes to -# trigger the configuration to be pulled down and applied. You can specify -# any handler here that does not require configuration, e.g., filebucket, ca, -# or resource. The handlers are in +lib/puppet/network/handler+, and the names -# must match exactly, both in the call to +serve+ and in +namespaceauth.conf+. -# -# test:: -# Enable the most common options used for testing. These are +onetime+, -# +verbose+, +ignorecache, +no-daemonize+, and +no-usecacheonfailure+. -# -# noop:: -# Use +noop+ mode where the daemon runs in a no-op or dry-run mode. This is useful -# for seeing what changes Puppet will make without actually executing the changes. -# -# verbose:: -# Turn on verbose reporting. -# -# version:: -# Print the puppet version number and exit. -# -# waitforcert:: -# This option only matters for daemons that do not yet have certificates -# and it is enabled by default, with a value of 120 (seconds). This causes -# +puppet agent+ to connect to the server every 2 minutes and ask it to sign a -# certificate request. This is useful for the initial setup of a puppet -# client. You can turn off waiting for certificates by specifying a time -# of 0. -# -# = Example -# -# puppet agent --server puppet.domain.com -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005, 2006 Reductive Labs, LLC -# Licensed under the GNU Public License require 'puppet/application/agent' Puppet::Application[:agent].run diff --git a/sbin/puppetmasterd b/sbin/puppetmasterd index 53b9242ab..70c80112c 100755 --- a/sbin/puppetmasterd +++ b/sbin/puppetmasterd @@ -1,66 +1,4 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# The central puppet server. Functions as a certificate authority by default. -# -# = Usage -# -# puppet master [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help] -# [-l|--logdest <file>|console|syslog] [-v|--verbose] [-V|--version] -# -# = Description -# -# This is the puppet central daemon. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'ssldir' is a valid configuration -# parameter, so you can specify '--ssldir <directory>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppetmasterdd with -# '--genconfig'. -# -# daemonize:: -# Send the process into the background. This is the default. -# -# no-daemonize:: -# Do not send the process into the background. -# -# debug:: -# Enable full debugging. -# -# help:: -# Print this help message. -# -# logdest:: -# Where to send messages. Choose between syslog, the console, and a log file. -# Defaults to sending messages to syslog, or the console -# if debugging or verbosity is enabled. -# -# verbose:: -# Enable verbosity. -# -# version:: -# Print the puppet version number and exit. -# -# = Example -# -# puppet master -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005 Reductive Labs, LLC -# Licensed under the GNU Public License - require 'puppet/application/master' Puppet::Application[:master].run diff --git a/sbin/puppetqd b/sbin/puppetqd index 56c82ca46..10f7800b1 100755 --- a/sbin/puppetqd +++ b/sbin/puppetqd @@ -1,53 +1,4 @@ #!/usr/bin/env ruby -# == Synopsis -# -# Retrieve serialized records from a queue and process them in order. -# -# = Usage -# -# puppet queue [-d|--debug] [-v|--verbose] -# -# = Description -# -# This is a simple application that just processes entities in a queue as they -# are recieved. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'server' is a valid configuration -# parameter, so you can specify '--server <servername>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppetd with -# '--genconfig'. -# -# debug:: -# Enable full debugging. -# -# help:: -# Print this help message -# -# verbose:: -# Turn on verbose reporting. -# -# version:: -# Print the puppet version number and exit. -# -# = Example -# -# puppet queue -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2009 Reductive Labs, LLC -# Licensed under the GNU Public License require 'puppet/application/queue' Puppet::Application[:queue].run diff --git a/sbin/puppetrun b/sbin/puppetrun index 169513df3..47b224549 100755 --- a/sbin/puppetrun +++ b/sbin/puppetrun @@ -1,130 +1,5 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# Trigger a puppet agent run on a set of hosts. -# -# = Usage -# -# puppet kick [-a|--all] [-c|--class <class>] [-d|--debug] [-f|--foreground] -# [-h|--help] [--host <host>] [--no-fqdn] [--ignoreschedules] -# [-t|--tag <tag>] [--test] [-p|--ping] <host> [<host> [...]] -# -# = Description -# -# This script can be used to connect to a set of machines running +puppet agent+ -# and trigger them to run their configurations. The most common usage would -# be to specify a class of hosts and a set of tags, and +puppet kick+ would -# look up in LDAP all of the hosts matching that class, then connect to -# each host and trigger a run of all of the objects with the specified tags. -# -# If you are not storing your host configurations in LDAP, you can specify -# hosts manually. -# -# You will most likely have to run +puppet kick+ as root to get access to -# the SSL certificates. -# -# +puppet kick+ reads +puppet master+'s configuration file, so that it can copy -# things like LDAP settings. -# -# = Usage Notes -# -# +puppet kick+ is useless unless +puppet agent+ is listening. See its documentation -# for more information, but the gist is that you must enable +listen+ on the -# +puppet agent+ daemon, either using +--listen+ on the command line or adding -# 'listen: true' in its config file. In addition, you need to set the daemons -# up to specifically allow connections by creating the +namespaceauth+ file, -# normally at '/etc/puppet/namespaceauth.conf'. This file specifies who has -# access to each namespace; if you create the file you must add every namespace -# you want any Puppet daemon to allow -- it is currently global to all Puppet -# daemons. -# -# An example file looks like this:: -# -# [fileserver] -# allow *.madstop.com -# -# [puppetmaster] -# allow *.madstop.com -# -# [puppetrunner] -# allow culain.madstop.com -# -# This is what you would install on your Puppet master; non-master hosts could -# leave off the 'fileserver' and 'puppetmaster' namespaces. -# -# Expect more documentation on this eventually. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'ssldir' is a valid configuration -# parameter, so you can specify '--ssldir <directory>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/projects/puppet/reference/configref.html for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppet master with -# '--genconfig'. -# -# -# all:: -# Connect to all available hosts. Requires LDAP support at this point. -# -# class:: -# Specify a class of machines to which to connect. This only works if you -# have LDAP configured, at the moment. -# -# debug:: -# Enable full debugging. -# -# foreground:: -# Run each configuration in the foreground; that is, when connecting to a host, -# do not return until the host has finished its run. The default is false. -# -# help:: -# Print this help message -# -# host:: -# A specific host to which to connect. This flag can be specified more -# than once. -# -# ignoreschedules:: -# Whether the client should ignore schedules when running its configuration. -# This can be used to force the client to perform work it would not normally -# perform so soon. The default is false. -# -# parallel:: -# How parallel to make the connections. Parallelization is provided by forking -# for each client to which to connect. The default is 1, meaning serial execution. -# -# tag:: -# Specify a tag for selecting the objects to apply. Does not work with the -# --test option. -# -# -# test:: -# Print the hosts you would connect to but do not actually connect. This -# option requires LDAP support at this point. -# -# ping:: -# -# Do a ICMP echo against the target host. Skip hosts that don't respond to ping. -# -# = Example -# -# sudo puppet kick -p 10 -t remotefile -t webserver host1 host2 -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005 Reductive Labs, LLC -# Licensed under the GNU Public License - require 'puppet/application/kick' Puppet::Application[:kick].run |