#!/usr/bin/ruby # == Synopsis # # Retrieve the client configuration from the central puppet server and apply # it to the local host. # # Currently must be run out periodically, using cron or something similar. # # = Usage # # puppetd [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] # [--ssldir ] [-l|--logdest |console>] # [--fqdn ] [-p|--port ] [-s|--server ] # [-w|--waitforcert ] [-c|--confdir ] # # = Description # # This is the main puppet client. Its job is to retrieve the local machine's # configuration from a remote server and apply it. In order to successfully # communicate with the remote server, the client must have a certificate signed # by a certificate authority that the server trusts; the recommended method # for this, at the moment, is to run a certificate authority as part of the # puppet server (which is the default). The client will connect and request # a signed certificate, and will continue connecting until it receives one. # # Once the client has a signed certificate, it will retrieve its configuration # and apply it. # # = Options # # confdir:: # The configuration root directory, where +puppetmasterd+ defaults to looking # for all of its configuration files. Defaults to +/etc/puppet+. # # debug:: # Enable full debugging. # # fqdn:: # Set the fully-qualified domain name of the client. This is only used for # certificate purposes, but can be used to override the discovered hostname. # If you need to use this flag, it is generally an indication of a setup problem. # # help:: # Print this help message # # logdest:: # Where to send messages. Choose between syslog, the console, and a log file. # Defaults to sending messages to /var/puppet/log/puppet.log, or the console # if debugging or verbosity is enabled. # # port:: # The port to which to connect on the remote server. Currently defaults to 8139. # # server:: # The remote server from whom to receive the local configuration. Currently # must also be the certificate authority. Currently defaults to 'puppet'. # # ssldir:: # Where to store and find certificates. Defaults to /etc/puppet/ssl. # # verbose:: # Turn on verbose reporting. # # version:: # Print the puppet version number and exit. # # waitforcert:: # Have the process wait around, continuously retrying for the certificate # each seconds. # # = Example # # puppet -s puppet.domain.com # # = Author # # Luke Kanies # # = Copyright # # Copyright (c) 2005 Reductive Labs, LLC # Licensed under the GNU Public License require 'puppet' require 'puppet/server' require 'puppet/client' require 'getoptlong' $haveusage = true begin require 'rdoc/usage' rescue LoadError $haveusage = false end result = GetoptLong.new( [ "--confdir", "-c", GetoptLong::REQUIRED_ARGUMENT ], [ "--debug", "-d", GetoptLong::NO_ARGUMENT ], [ "--fqdn", "-f", GetoptLong::REQUIRED_ARGUMENT ], [ "--help", "-h", GetoptLong::NO_ARGUMENT ], [ "--logdest", "-l", GetoptLong::REQUIRED_ARGUMENT ], [ "--noop", "-n", GetoptLong::NO_ARGUMENT ], [ "--port", "-p", GetoptLong::REQUIRED_ARGUMENT ], [ "--server", "-s", GetoptLong::REQUIRED_ARGUMENT ], [ "--ssldir", GetoptLong::REQUIRED_ARGUMENT ], [ "--verbose", "-v", GetoptLong::NO_ARGUMENT ], [ "--version", "-V", GetoptLong::NO_ARGUMENT ], [ "--waitforcert", "-w", GetoptLong::REQUIRED_ARGUMENT ] ) server = "puppet" fqdn = nil args = {} waitforcert = false begin result.each { |opt,arg| case opt when "--confdir" Puppet[:puppetconf] = arg when "--help" if $haveusage RDoc::usage && exit else puts "No help available unless you have RDoc::usage installed" exit end when "--version" puts "%s" % Puppet.version exit when "--verbose" Puppet[:loglevel] = :info when "--debug" Puppet[:loglevel] = :debug when "--noop" Puppet[:noop] = true when "--ssldir" Puppet[:ssldir] = arg when "--fqdn" fqdn = arg when "--server" server = arg when "--port" args[:Port] = arg when "--logdest" # FIXME we should be able to have log.rb check the validity of the dst case arg when "syslog", "console", /^\//: Puppet[:logdest] = arg else $stderr.puts "Invalid log destination %s" % arg end when "--waitforcert" waitforcert = arg end } rescue GetoptLong::InvalidOption => detail $stderr.puts "Try '#{$0} --help'" #$stderr.puts detail # FIXME RDoc::usage doesn't seem to work #if $haveusage # RDoc::usage(1,'usage') #end exit(1) end bg = false unless Puppet[:loglevel] == :debug or Puppet[:loglevel] == :info bg = true end args[:Server] = server if fqdn args[:FQDN] = fqdn end client = Puppet::Client::MasterClient.new(args) unless client.readcert if waitforcert begin while ! client.requestcert do Puppet.notice "Did not receive certificate" sleep waitforcert end rescue => detail Puppet.err "Could not request certificate: %s" % detail.to_s exit(23) end else unless client.requestcert Puppet.notice "No certificates; exiting" exit(1) end end end if bg unless Puppet[:logdest] == :file Puppet[:logdest] = Puppet[:logfile] end client.daemonize end # now set up the network client with the certs, now that we have them client.setcerts # and then retrieve and apply our configuration begin client.getconfig client.apply rescue => detail Puppet.err detail.to_s exit(13) end # $Id$