diff options
Diffstat (limited to 'sbin')
| -rwxr-xr-x | sbin/puppetca | 107 | ||||
| -rwxr-xr-x | sbin/puppetd | 182 | ||||
| -rwxr-xr-x | sbin/puppetmasterd | 62 | ||||
| -rwxr-xr-x | sbin/puppetqd | 49 | ||||
| -rwxr-xr-x | sbin/puppetrun | 125 |
5 files changed, 0 insertions, 525 deletions
diff --git a/sbin/puppetca b/sbin/puppetca index 15bc3c64f..255680e7c 100755 --- a/sbin/puppetca +++ b/sbin/puppetca @@ -1,111 +1,4 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# Stand-alone certificate authority. Capable of generating certificates -# but mostly meant for signing certificate requests from puppet clients. -# -# = Usage -# -# puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] -# [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke] -# [-p|--print] [-c|--clean] [--verify] [--digest DIGEST] -# [--fingerprint] [host] -# -# = Description -# -# Because the puppetmasterd daemon defaults to not signing client certificate -# requests, this script is available for signing outstanding requests. It -# can be used to list outstanding requests and then either sign them individually -# or sign all of them. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'ssldir' is a valid configuration -# parameter, so you can specify '--ssldir <directory>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/projects/puppet/reference/configref.html for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppet cert with -# '--genconfig'. -# -# all:: -# Operate on all items. Currently only makes sense with '--sign', -# '--clean', or '--list'. -# -# digest:: -# Set the digest for fingerprinting (defaults to md5). Valid values depends -# on your openssl and openssl ruby extension version, but should contain at -# least md5, sha1, md2, sha256. -# -# clean:: -# Remove all files related to a host from puppet cert's storage. This is -# useful when rebuilding hosts, since new certificate signing requests -# will only be honored if puppet cert does not have a copy of a signed -# certificate for that host. The certificate of the host remains valid. -# If '--all' is specified then all host certificates, both signed and -# unsigned, will be removed. -# -# debug:: -# Enable full debugging. -# -# generate:: -# Generate a certificate for a named client. A certificate/keypair will be -# generated for each client named on the command line. -# -# help:: -# Print this help message -# -# list:: -# List outstanding certificate requests. If '--all' is specified, -# signed certificates are also listed, prefixed by '+', and revoked -# or invalid certificates are prefixed by '-' (the verification outcome -# is printed in parenthesis). -# -# print:: -# Print the full-text version of a host's certificate. -# -# fingerprint:: -# Print the DIGEST (defaults to md5) fingerprint of a host's certificate. -# -# revoke:: -# Revoke the certificate of a client. The certificate can be specified -# either by its serial number, given as a decimal number or a hexadecimal -# number prefixed by '0x', or by its hostname. The certificate is revoked -# by adding it to the Certificate Revocation List given by the 'cacrl' -# config parameter. Note that the puppetmasterd needs to be restarted -# after revoking certificates. -# -# sign:: -# Sign an outstanding certificate request. Unless '--all' is specified, -# hosts must be listed after all flags. -# -# verbose:: -# Enable verbosity. -# -# version:: -# Print the puppet version number and exit. -# -# verify:: -# Verify the named certificate against the local CA certificate. -# -# = Example -# -# $ puppet cert -l -# culain.madstop.com -# $ puppet cert -s culain.madstop.com -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005 Reductive Labs, LLC -# Licensed under the GNU Public License - require 'puppet/application/cert' Puppet::Application[:cert].run diff --git a/sbin/puppetd b/sbin/puppetd index d54834ab7..f0605c8bf 100755 --- a/sbin/puppetd +++ b/sbin/puppetd @@ -1,186 +1,4 @@ #!/usr/bin/env ruby -# == Synopsis -# -# Retrieve the client configuration from the puppet master and apply -# it to the local host. -# -# Currently must be run out periodically, using cron or something similar. -# -# = Usage -# -# puppet agent [-D|--daemonize|--no-daemonize] [-d|--debug] -# [--detailed-exitcodes] [--disable] [--enable] -# [-h|--help] [--fqdn <host name>] [-l|--logdest syslog|<file>|console] -# [-o|--onetime] [--serve <handler>] [-t|--test] [--noop] -# [--digest <digest>] [--fingerprint] [-V|--version] -# [-v|--verbose] [-w|--waitforcert <seconds>] -# -# = Description -# -# This is the main puppet client. Its job is to retrieve the local machine's -# configuration from a remote server and apply it. In order to successfully -# communicate with the remote server, the client must have a certificate signed -# by a certificate authority that the server trusts; the recommended method -# for this, at the moment, is to run a certificate authority as part of the -# puppet server (which is the default). The client will connect and request -# a signed certificate, and will continue connecting until it receives one. -# -# Once the client has a signed certificate, it will retrieve its configuration -# and apply it. -# -# = Usage Notes -# -# +puppet agent+ does its best to find a compromise between interactive use and -# daemon use. Run with no arguments and no configuration, it will go into the -# backgroun, attempt to get a signed certificate, and retrieve and apply its -# configuration every 30 minutes. -# -# Some flags are meant specifically for interactive use -- in particular, -# +test+, +tags+ or +fingerprint+ are useful. +test+ enables verbose logging, causes -# the daemon to stay in the foreground, exits if the server's configuration is -# invalid (this happens if, for instance, you've left a syntax error on the -# server), and exits after running the configuration once (rather than hanging -# around as a long-running process). -# -# +tags+ allows you to specify what portions of a configuration you want to apply. -# Puppet elements are tagged with all of the class or definition names that -# contain them, and you can use the +tags+ flag to specify one of these names, -# causing only configuration elements contained within that class or definition -# to be applied. This is very useful when you are testing new configurations -- -# for instance, if you are just starting to manage +ntpd+, you would put all of -# the new elements into an +ntpd+ class, and call puppet with +--tags ntpd+, -# which would only apply that small portion of the configuration during your -# testing, rather than applying the whole thing. -# -# +fingerprint+ is a one-time flag. In this mode +puppet agent+ will run once and -# display on the console (and in the log) the current certificate (or certificate -# request) fingerprint. Providing the +--digest+ option allows to use a different -# digest algorithm to generate the fingerprint. The main use is to verify that -# before signing a certificate request on the master, the certificate request the -# master received is the same as the one the client sent (to prevent against -# man-in-the-middle attacks when signing certificates). -# -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'server' is a valid configuration -# parameter, so you can specify '--server <servername>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppet agent with -# '--genconfig'. -# -# daemonize:: -# Send the process into the background. This is the default. -# -# no-daemonize:: -# Do not send the process into the background. -# -# debug:: -# Enable full debugging. -# -# digest:: -# Change the certificate fingerprinting digest algorithm. The default is MD5. -# Valid values depends on the version of OpenSSL installed, but should always -# at least contain MD5, MD2, SHA1 and SHA256. -# -# detailed-exitcodes:: -# Provide transaction information via exit codes. If this is enabled, an -# exit code of '2' means there were changes, and an exit code of '4' means -# that there were failures during the transaction. This option only makes -# sense in conjunction with --onetime. -# -# disable:: -# Disable working on the local system. This puts a lock file in place, -# causing +puppet agent+ not to work on the system until the lock file is removed. -# This is useful if you are testing a configuration and do not want the central -# configuration to override the local state until everything is tested and -# committed. -# -# +puppet agent+ uses the same lock file while it is running, so no more than one -# +puppet agent+ process is working at a time. -# -# +puppet agent+ exits after executing this. -# -# enable:: -# Enable working on the local system. This removes any lock file, causing -# +puppet agent+ to start managing the local system again (although it will continue -# to use its normal scheduling, so it might not start for another half hour). -# -# +puppet agent+ exits after executing this. -# -# fqdn:: -# Set the fully-qualified domain name of the client. This is only used for -# certificate purposes, but can be used to override the discovered hostname. -# If you need to use this flag, it is generally an indication of a setup problem. -# -# help:: -# Print this help message -# -# logdest:: -# Where to send messages. Choose between syslog, the console, and a log file. -# Defaults to sending messages to syslog, or the console if debugging or -# verbosity is enabled. -# -# no-client:: -# Do not create a config client. This will cause the daemon to run -# without ever checking for its configuration automatically, and only -# makes sense when used in conjunction with --listen. -# -# onetime:: -# Run the configuration once. Runs a single (normally daemonized) Puppet run. -# Useful for interactively running puppet agent when used in conjunction with -# the --no-daemonize option. -# -# fingerprint:: -# Display the current certificate or certificate signing request fingerprint -# and then exit. Use the +--digest+ option to change the digest algorithm used. -# -# serve:: -# Start another type of server. By default, +puppet agent+ will start -# a service handler that allows authenticated and authorized remote nodes to -# trigger the configuration to be pulled down and applied. You can specify -# any handler here that does not require configuration, e.g., filebucket, ca, -# or resource. The handlers are in +lib/puppet/network/handler+, and the names -# must match exactly, both in the call to +serve+ and in +namespaceauth.conf+. -# -# test:: -# Enable the most common options used for testing. These are +onetime+, -# +verbose+, +ignorecache, +no-daemonize+, and +no-usecacheonfailure+. -# -# noop:: -# Use +noop+ mode where the daemon runs in a no-op or dry-run mode. This is useful -# for seeing what changes Puppet will make without actually executing the changes. -# -# verbose:: -# Turn on verbose reporting. -# -# version:: -# Print the puppet version number and exit. -# -# waitforcert:: -# This option only matters for daemons that do not yet have certificates -# and it is enabled by default, with a value of 120 (seconds). This causes -# +puppet agent+ to connect to the server every 2 minutes and ask it to sign a -# certificate request. This is useful for the initial setup of a puppet -# client. You can turn off waiting for certificates by specifying a time -# of 0. -# -# = Example -# -# puppet agent --server puppet.domain.com -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005, 2006 Reductive Labs, LLC -# Licensed under the GNU Public License require 'puppet/application/agent' Puppet::Application[:agent].run diff --git a/sbin/puppetmasterd b/sbin/puppetmasterd index 53b9242ab..70c80112c 100755 --- a/sbin/puppetmasterd +++ b/sbin/puppetmasterd @@ -1,66 +1,4 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# The central puppet server. Functions as a certificate authority by default. -# -# = Usage -# -# puppet master [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help] -# [-l|--logdest <file>|console|syslog] [-v|--verbose] [-V|--version] -# -# = Description -# -# This is the puppet central daemon. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'ssldir' is a valid configuration -# parameter, so you can specify '--ssldir <directory>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppetmasterdd with -# '--genconfig'. -# -# daemonize:: -# Send the process into the background. This is the default. -# -# no-daemonize:: -# Do not send the process into the background. -# -# debug:: -# Enable full debugging. -# -# help:: -# Print this help message. -# -# logdest:: -# Where to send messages. Choose between syslog, the console, and a log file. -# Defaults to sending messages to syslog, or the console -# if debugging or verbosity is enabled. -# -# verbose:: -# Enable verbosity. -# -# version:: -# Print the puppet version number and exit. -# -# = Example -# -# puppet master -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005 Reductive Labs, LLC -# Licensed under the GNU Public License - require 'puppet/application/master' Puppet::Application[:master].run diff --git a/sbin/puppetqd b/sbin/puppetqd index 56c82ca46..10f7800b1 100755 --- a/sbin/puppetqd +++ b/sbin/puppetqd @@ -1,53 +1,4 @@ #!/usr/bin/env ruby -# == Synopsis -# -# Retrieve serialized records from a queue and process them in order. -# -# = Usage -# -# puppet queue [-d|--debug] [-v|--verbose] -# -# = Description -# -# This is a simple application that just processes entities in a queue as they -# are recieved. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'server' is a valid configuration -# parameter, so you can specify '--server <servername>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppetd with -# '--genconfig'. -# -# debug:: -# Enable full debugging. -# -# help:: -# Print this help message -# -# verbose:: -# Turn on verbose reporting. -# -# version:: -# Print the puppet version number and exit. -# -# = Example -# -# puppet queue -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2009 Reductive Labs, LLC -# Licensed under the GNU Public License require 'puppet/application/queue' Puppet::Application[:queue].run diff --git a/sbin/puppetrun b/sbin/puppetrun index 169513df3..47b224549 100755 --- a/sbin/puppetrun +++ b/sbin/puppetrun @@ -1,130 +1,5 @@ #!/usr/bin/env ruby -# -# = Synopsis -# -# Trigger a puppet agent run on a set of hosts. -# -# = Usage -# -# puppet kick [-a|--all] [-c|--class <class>] [-d|--debug] [-f|--foreground] -# [-h|--help] [--host <host>] [--no-fqdn] [--ignoreschedules] -# [-t|--tag <tag>] [--test] [-p|--ping] <host> [<host> [...]] -# -# = Description -# -# This script can be used to connect to a set of machines running +puppet agent+ -# and trigger them to run their configurations. The most common usage would -# be to specify a class of hosts and a set of tags, and +puppet kick+ would -# look up in LDAP all of the hosts matching that class, then connect to -# each host and trigger a run of all of the objects with the specified tags. -# -# If you are not storing your host configurations in LDAP, you can specify -# hosts manually. -# -# You will most likely have to run +puppet kick+ as root to get access to -# the SSL certificates. -# -# +puppet kick+ reads +puppet master+'s configuration file, so that it can copy -# things like LDAP settings. -# -# = Usage Notes -# -# +puppet kick+ is useless unless +puppet agent+ is listening. See its documentation -# for more information, but the gist is that you must enable +listen+ on the -# +puppet agent+ daemon, either using +--listen+ on the command line or adding -# 'listen: true' in its config file. In addition, you need to set the daemons -# up to specifically allow connections by creating the +namespaceauth+ file, -# normally at '/etc/puppet/namespaceauth.conf'. This file specifies who has -# access to each namespace; if you create the file you must add every namespace -# you want any Puppet daemon to allow -- it is currently global to all Puppet -# daemons. -# -# An example file looks like this:: -# -# [fileserver] -# allow *.madstop.com -# -# [puppetmaster] -# allow *.madstop.com -# -# [puppetrunner] -# allow culain.madstop.com -# -# This is what you would install on your Puppet master; non-master hosts could -# leave off the 'fileserver' and 'puppetmaster' namespaces. -# -# Expect more documentation on this eventually. -# -# = Options -# -# Note that any configuration parameter that's valid in the configuration file -# is also a valid long argument. For example, 'ssldir' is a valid configuration -# parameter, so you can specify '--ssldir <directory>' as an argument. -# -# See the configuration file documentation at -# http://reductivelabs.com/projects/puppet/reference/configref.html for -# the full list of acceptable parameters. A commented list of all -# configuration options can also be generated by running puppet master with -# '--genconfig'. -# -# -# all:: -# Connect to all available hosts. Requires LDAP support at this point. -# -# class:: -# Specify a class of machines to which to connect. This only works if you -# have LDAP configured, at the moment. -# -# debug:: -# Enable full debugging. -# -# foreground:: -# Run each configuration in the foreground; that is, when connecting to a host, -# do not return until the host has finished its run. The default is false. -# -# help:: -# Print this help message -# -# host:: -# A specific host to which to connect. This flag can be specified more -# than once. -# -# ignoreschedules:: -# Whether the client should ignore schedules when running its configuration. -# This can be used to force the client to perform work it would not normally -# perform so soon. The default is false. -# -# parallel:: -# How parallel to make the connections. Parallelization is provided by forking -# for each client to which to connect. The default is 1, meaning serial execution. -# -# tag:: -# Specify a tag for selecting the objects to apply. Does not work with the -# --test option. -# -# -# test:: -# Print the hosts you would connect to but do not actually connect. This -# option requires LDAP support at this point. -# -# ping:: -# -# Do a ICMP echo against the target host. Skip hosts that don't respond to ping. -# -# = Example -# -# sudo puppet kick -p 10 -t remotefile -t webserver host1 host2 -# -# = Author -# -# Luke Kanies -# -# = Copyright -# -# Copyright (c) 2005 Reductive Labs, LLC -# Licensed under the GNU Public License - require 'puppet/application/kick' Puppet::Application[:kick].run |