diff options
Diffstat (limited to 'man/man8/puppetd.8')
| -rw-r--r-- | man/man8/puppetd.8 | 192 |
1 files changed, 117 insertions, 75 deletions
diff --git a/man/man8/puppetd.8 b/man/man8/puppetd.8 index a913531a0..090c3342d 100644 --- a/man/man8/puppetd.8 +++ b/man/man8/puppetd.8 @@ -4,8 +4,8 @@ Synopsis \- .\" Man page generated from reStructeredText. . .sp -Retrieve the client configuration from the central puppet server and -apply it to the local host. +Retrieve the client configuration from the puppet master and apply it to +the local host. .sp Currently must be run out periodically, using cron or something similar. .SH USAGE @@ -13,11 +13,13 @@ Currently must be run out periodically, using cron or something similar. .INDENT 3.5 .INDENT 0.0 .TP -.B puppetd [\-D|\-\-daemonize|\-\-no\-daemonize] [\-d|\-\-debug] [\-\-disable] [\-\-enable] +.B puppet agent [\-D|\-\-daemonize|\-\-no\-daemonize] [\-d|\-\-debug] . +[\-\-detailed\-exitcodes] [\-\-disable] [\-\-enable] [\-h|\-\-help] [\-\-fqdn <host name>] [\-l|\-\-logdest syslog|<file>|console] [\-o|\-\-onetime] [\-\-serve <handler>] [\-t|\-\-test] [\-\-noop] -[\-V|\-\-version] [\-v|\-\-verbose] [\-w|\-\-waitforcert <seconds>] +[\-\-digest <digest>] [\-\-fingerprint] [\-V|\-\-version] +[\-v|\-\-verbose] [\-w|\-\-waitforcert <seconds>] .UNINDENT .UNINDENT .UNINDENT @@ -36,17 +38,18 @@ Once the client has a signed certificate, it will retrieve its configuration and apply it. .SH USAGE NOTES .sp -+puppetd+ does its best to find a compromise between interactive use and -daemon use. Run with no arguments and no configuration, it will go into -the backgroun, attempt to get a signed certificate, and retrieve and -apply its configuration every 30 minutes. ++puppet agent+ does its best to find a compromise between interactive +use and daemon use. Run with no arguments and no configuration, it will +go into the backgroun, attempt to get a signed certificate, and retrieve +and apply its configuration every 30 minutes. .sp Some flags are meant specifically for interactive use \-\- in particular, -+test+ and +tags+ are useful. +test+ enables verbose logging, causes the -daemon to stay in the foreground, exits if the server\(aqs configuration is -invalid (this happens if, for instance, you\(aqve left a syntax error on -the server), and exits after running the configuration once (rather than -hanging around as a long\-running process). ++test+, +tags+ or +fingerprint+ are useful. +test+ enables verbose +logging, causes the daemon to stay in the foreground, exits if the +server\(aqs configuration is invalid (this happens if, for instance, you\(aqve +left a syntax error on the server), and exits after running the +configuration once (rather than hanging around as a long\-running +process). .sp +tags+ allows you to specify what portions of a configuration you want to apply. Puppet elements are tagged with all of the class or definition @@ -58,6 +61,15 @@ manage +ntpd+, you would put all of the new elements into an +ntpd+ class, and call puppet with +\-\-tags ntpd+, which would only apply that small portion of the configuration during your testing, rather than applying the whole thing. +.sp ++fingerprint+ is a one\-time flag. In this mode +puppet agent+ will run +once and display on the console (and in the log) the current certificate +(or certificate request) fingerprint. Providing the +\-\-digest+ option +allows to use a different digest algorithm to generate the fingerprint. +The main use is to verify that before signing a certificate request on +the master, the certificate request the master received is the same as +the one the client sent (to prevent against man\-in\-the\-middle attacks +when signing certificates). .SH OPTIONS .sp Note that any configuration parameter that\(aqs valid in the configuration @@ -66,111 +78,141 @@ configuration parameter, so you can specify \(aq\-\-server <servername>\(aq as an argument. .sp See the configuration file documentation at -\fI\%http://docs/puppetlabs.com/references/stable/configuration.html\fP for the +\fI\%http://docs.puppetlabs.com/references/stable/configuration.html\fP for the full list of acceptable parameters. A commented list of all -configuration options can also be generated by running puppetd with +configuration options can also be generated by running puppet agent with \(aq\-\-genconfig\(aq. +.INDENT 0.0 +.TP +.B daemonize: Send the process into the background. This is the +. +default. +.UNINDENT .sp -daemonize: Send the process into the background. This is the default. -.sp -no\-daemonize: Do not send the process into the background. +no\-daemonize: Do not send the process into the background. .sp -debug: Enable full debugging. +debug: Enable full debugging. .INDENT 0.0 .TP -.B disable: Disable working on the local system. This puts a lock file +.B digest: Change the certificate fingerprinting digest +. +algorithm. The default is MD5. Valid values depends +on the version of OpenSSL installed, but should +always at least contain MD5, MD2, SHA1 and SHA256. +.TP +.B detailed\-exitcodes: Provide transaction information via exit codes. If +. +this is enabled, an exit code of \(aq2\(aq means there +were changes, and an exit code of \(aq4\(aq means that +there were failures during the transaction. This +option only makes sense in conjunction with +\-\-onetime. +.TP +.B disable: Disable working on the local system. This puts a . -in place, causing +puppetd+ not to work on the system -until the lock file is removed. This is useful if you are -testing a configuration and do not want the central -configuration to override the local state until everything -is tested and committed. +lock file in place, causing +puppet agent+ not to +work on the system until the lock file is removed. +This is useful if you are testing a configuration +and do not want the central configuration to +override the local state until everything is tested +and committed. .UNINDENT .sp -+puppetd+ uses the same lock file while it is running, so no more than -one +puppetd+ process is working at a time. ++puppet agent+ uses the same lock file while it is running, so no more +than one +puppet agent+ process is working at a time. .sp -+puppetd+ exits after executing this. ++puppet agent+ exits after executing this. .INDENT 0.0 .TP -.B enable: Enable working on the local system. This removes any lock +.B enable: Enable working on the local system. This removes any . -file, causing +puppetd+ to start managing the local system -again (although it will continue to use its normal -scheduling, so it might not start for another half hour). +lock file, causing +puppet agent+ to start managing +the local system again (although it will continue to +use its normal scheduling, so it might not start for +another half hour). .UNINDENT .sp -+puppetd+ exits after executing this. ++puppet agent+ exits after executing this. .INDENT 0.0 .TP -.B fqdn: Set the fully\-qualified domain name of the client. This is +.B fqdn: Set the fully\-qualified domain name of the client. . -only used for certificate purposes, but can be used to -override the discovered hostname. If you need to use this -flag, it is generally an indication of a setup problem. +This is only used for certificate purposes, but can +be used to override the discovered hostname. If you +need to use this flag, it is generally an indication +of a setup problem. .UNINDENT .sp -help: Print this help message +help: Print this help message .INDENT 0.0 .TP -.B logdest: Where to send messages. Choose between syslog, the +.B logdest: Where to send messages. Choose between syslog, the . -console, and a log file. Defaults to sending messages to -syslog, or the console if debugging or verbosity is -enabled. +console, and a log file. Defaults to sending +messages to syslog, or the console if debugging or +verbosity is enabled. .TP -.B no\-client: Do not create a config client. This will cause the daemon +.B no\-client: Do not create a config client. This will cause the . -to run without ever checking for its configuration -automatically, and only makes sense when used in -conjunction with \-\-listen. +daemon to run without ever checking for its +configuration automatically, and only makes sense +when used in conjunction with \-\-listen. .TP -.B onetime: Run the configuration once. Runs a single daemonized +.B onetime: Run the configuration once. Runs a single (normally . -Puppet run. Useful for interactively running puppetd and -hence used in conjunction with the \-\-no\-daemonize option. +daemonized) Puppet run. Useful for interactively +running puppet agent when used in conjunction with +the \-\-no\-daemonize option. .TP -.B serve: Start another type of server. By default, +puppetd+ will -. -start a service handler that allows authenticated and -authorized remote nodes to trigger the configuration to be -pulled down and applied. You can specify any handler here -that does not require configuration, e.g., filebucket, ca, -or resource. The handlers are in -+lib/puppet/network/handler+, and the names must match -exactly, both in the call to +serve+ and in -+namespaceauth.conf+. +.B fingerprint: Display the current certificate or certificate +. +signing request fingerprint and then exit. Use the ++\-\-digest+ option to change the digest algorithm +used. .TP -.B test: Enable the most common options used for testing. These are +.B serve: Start another type of server. By default, +puppet . -+onetime+, +verbose+, +ignorecache, +no\-daemonize+, and -+no\-usecacheonfailure+. +agent+ will start a service handler that allows +authenticated and authorized remote nodes to trigger +the configuration to be pulled down and applied. You +can specify any handler here that does not require +configuration, e.g., filebucket, ca, or resource. +The handlers are in +lib/puppet/network/handler+, +and the names must match exactly, both in the call +to +serve+ and in +namespaceauth.conf+. .TP -.B noop: Use +noop+ mode where the daemon runs in a no\-op or +.B test: Enable the most common options used for testing. +. +These are +onetime+, +verbose+, +ignorecache, ++no\-daemonize+, and +no\-usecacheonfailure+. +.TP +.B noop: Use +noop+ mode where the daemon runs in a no\-op or . dry\-run mode. This is useful for seeing what changes -Puppet will make without actually executing the changes. +Puppet will make without actually executing the +changes. .UNINDENT .sp -verbose: Turn on verbose reporting. +verbose: Turn on verbose reporting. .sp -version: Print the puppet version number and exit. +version: Print the puppet version number and exit. .INDENT 0.0 .TP -.B waitforcert: This option only matters for daemons that do not yet have -. -certificates and it is enabled by default, with a value of -120 (seconds). This causes +puppetd+ to connect to the -server every 2 minutes and ask it to sign a certificate -request. This is useful for the initial setup of a puppet -client. You can turn off waiting for certificates by -specifying a time of 0. +.B waitforcert: This option only matters for daemons that do not yet +. +have certificates and it is enabled by default, with +a value of 120 (seconds). This causes +puppet agent+ +to connect to the server every 2 minutes and ask it +to sign a certificate request. This is useful for +the initial setup of a puppet client. You can turn +off waiting for certificates by specifying a time of +0. .UNINDENT .SH EXAMPLE .INDENT 0.0 .INDENT 3.5 .sp -puppetd \-\-server puppet.domain.com +puppet agent \-\-server puppet.domain.com .UNINDENT .UNINDENT .SH AUTHOR |