diff options
Diffstat (limited to 'man/man8/puppetd.8')
-rw-r--r-- | man/man8/puppetd.8 | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/man/man8/puppetd.8 b/man/man8/puppetd.8 new file mode 100644 index 000000000..83b172809 --- /dev/null +++ b/man/man8/puppetd.8 @@ -0,0 +1,184 @@ +.TH Synopsis "" "" "" +.SH NAME +Synopsis \- + +.\" Man page generated from reStructeredText. +Retrieve the client configuration from the central puppet server and +apply it to the local host. + +Currently must be run out periodically, using cron or something similar. + + +.SH USAGE + +.\" visit_block_quote + +.TP +.B puppetd [\-D|\-\-daemonize|\-\-no\-daemonize] [\-d|\-\-debug] [\-\-disable] [\-\-enable] +[\-h|\-\-help] [\-\-fqdn <host name>] [\-l|\-\-logdest syslog|<file>|console] +[\-o|\-\-onetime] [\-\-serve <handler>] [\-t|\-\-test] +[\-V|\-\-version] [\-v|\-\-verbose] [\-w|\-\-waitforcert <seconds>] + + +.\" depart_block_quote + +.SH DESCRIPTION +This is the main puppet client. Its job is to retrieve the local +machine\'s configuration from a remote server and apply it. In order to +successfully communicate with the remote server, the client must have a +certificate signed by a certificate authority that the server trusts; +the recommended method for this, at the moment, is to run a certificate +authority as part of the puppet server (which is the default). The +client will connect and request a signed certificate, and will continue +connecting until it receives one. + +Once the client has a signed certificate, it will retrieve its +configuration and apply it. + + +.SH USAGE NOTES ++puppetd+ does its best to find a compromise between interactive use and +daemon use. Run with no arguments and no configuration, it will go into +the backgroun, attempt to get a signed certificate, and retrieve and +apply its configuration every 30 minutes. + +Some flags are meant specifically for interactive use \-\- in particular, ++test+ and +tags+ are useful. +test+ enables verbose logging, causes the +daemon to stay in the foreground, exits if the server\'s configuration is +invalid (this happens if, for instance, you\'ve left a syntax error on +the server), and exits after running the configuration once (rather than +hanging around as a long\-running process). + ++tags+ allows you to specify what portions of a configuration you want +to apply. Puppet elements are tagged with all of the class or definition +names that contain them, and you can use the +tags+ flag to specify one +of these names, causing only configuration elements contained within +that class or definition to be applied. This is very useful when you are +testing new configurations \-\- for instance, if you are just starting to +manage +ntpd+, you would put all of the new elements into an +ntpd+ +class, and call puppet with +\-\-tags ntpd+, which would only apply that +small portion of the configuration during your testing, rather than +applying the whole thing. + + +.SH OPTIONS +Note that any configuration parameter that\'s valid in the configuration +file is also a valid long argument. For example, \'server\' is a valid +configuration parameter, so you can specify \'\-\-server <servername>\' as +an argument. + +See the configuration file documentation at +http://reductivelabs.com/projects/puppet/reference/configref.html for +the full list of acceptable parameters. A commented list of all +configuration options can also be generated by running puppetd with +\'\-\-genconfig\'. + +daemonize: Send the process into the background. This is the default. + +no\-daemonize: Do not send the process into the background. + +debug: Enable full debugging. + + +.TP +.B disable: Disable working on the local system. This puts a lock file +in place, causing +puppetd+ not to work on the system +until the lock file is removed. This is useful if you are +testing a configuration and do not want the central +configuration to override the local state until everything +is tested and committed. + ++puppetd+ uses the same lock file while it is running, so no more than +one +puppetd+ process is working at a time. + ++puppetd+ exits after executing this. + + +.TP +.B enable: Enable working on the local system. This removes any lock +file, causing +puppetd+ to start managing the local system +again (although it will continue to use its normal +scheduling, so it might not start for another half hour). + ++puppetd+ exits after executing this. + + +.TP +.B fqdn: Set the fully\-qualified domain name of the client. This is +only used for certificate purposes, but can be used to +override the discovered hostname. If you need to use this +flag, it is generally an indication of a setup problem. + +help: Print this help message + + +.TP +.B logdest: Where to send messages. Choose between syslog, the +console, and a log file. Defaults to sending messages to +syslog, or the console if debugging or verbosity is +enabled. + + +.TP +.B no\-client: Do not create a config client. This will cause the daemon +to run without ever checking for its configuration +automatically, and only makes sense when used in +conjunction with \-\-listen. + + +.TP +.B onetime: Run the configuration once, rather than as a long\-running +daemon. This is useful for interactively running puppetd. + + +.TP +.B serve: Start another type of server. By default, +puppetd+ will +start a service handler that allows authenticated and +authorized remote nodes to trigger the configuration to be +pulled down and applied. You can specify any handler here +that does not require configuration, e.g., filebucket, ca, +or resource. The handlers are in ++lib/puppet/network/handler+, and the names must match +exactly, both in the call to +serve+ and in ++namespaceauth.conf+. + + +.TP +.B test: Enable the most common options used for testing. These are ++onetime+, +verbose+, +ignorecache, and ++no\-usecacheonfailure+. + +verbose: Turn on verbose reporting. + +version: Print the puppet version number and exit. + + +.TP +.B waitforcert: This option only matters for daemons that do not yet have +certificates and it is enabled by default, with a value of +120 (seconds). This causes +puppetd+ to connect to the +server every 2 minutes and ask it to sign a certificate +request. This is useful for the initial setup of a puppet +client. You can turn off waiting for certificates by +specifying a time of 0. + + +.SH EXAMPLE + +.\" visit_block_quote +puppetd \-\-server puppet.domain.com + + +.\" depart_block_quote + +.SH AUTHOR +Luke Kanies + + +.SH COPYRIGHT +Copyright (c) 2005, 2006 Reductive Labs, LLC Licensed under the GNU +Public License + + +.\" Generated by docutils manpage writer on 2008-03-22 17:46. +.\" |