1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
.TH Synopsis "" "" ""
.SH NAME
Synopsis \-
.\" Man page generated from reStructeredText.
Retrieve the client configuration from the central puppet server and
apply it to the local host.
Currently must be run out periodically, using cron or something similar.
.SH USAGE
.\" visit_block_quote
.TP
.B puppetd [\-D|\-\-daemonize|\-\-no\-daemonize] [\-d|\-\-debug] [\-\-disable] [\-\-enable]
[\-h|\-\-help] [\-\-fqdn <host name>] [\-l|\-\-logdest syslog|<file>|console]
[\-o|\-\-onetime] [\-\-serve <handler>] [\-t|\-\-test]
[\-V|\-\-version] [\-v|\-\-verbose] [\-w|\-\-waitforcert <seconds>]
.\" depart_block_quote
.SH DESCRIPTION
This is the main puppet client. Its job is to retrieve the local
machine\'s configuration from a remote server and apply it. In order to
successfully communicate with the remote server, the client must have a
certificate signed by a certificate authority that the server trusts;
the recommended method for this, at the moment, is to run a certificate
authority as part of the puppet server (which is the default). The
client will connect and request a signed certificate, and will continue
connecting until it receives one.
Once the client has a signed certificate, it will retrieve its
configuration and apply it.
.SH USAGE NOTES
+puppetd+ does its best to find a compromise between interactive use and
daemon use. Run with no arguments and no configuration, it will go into
the backgroun, attempt to get a signed certificate, and retrieve and
apply its configuration every 30 minutes.
Some flags are meant specifically for interactive use \-\- in particular,
+test+ and +tags+ are useful. +test+ enables verbose logging, causes the
daemon to stay in the foreground, exits if the server\'s configuration is
invalid (this happens if, for instance, you\'ve left a syntax error on
the server), and exits after running the configuration once (rather than
hanging around as a long\-running process).
+tags+ allows you to specify what portions of a configuration you want
to apply. Puppet elements are tagged with all of the class or definition
names that contain them, and you can use the +tags+ flag to specify one
of these names, causing only configuration elements contained within
that class or definition to be applied. This is very useful when you are
testing new configurations \-\- for instance, if you are just starting to
manage +ntpd+, you would put all of the new elements into an +ntpd+
class, and call puppet with +\-\-tags ntpd+, which would only apply that
small portion of the configuration during your testing, rather than
applying the whole thing.
.SH OPTIONS
Note that any configuration parameter that\'s valid in the configuration
file is also a valid long argument. For example, \'server\' is a valid
configuration parameter, so you can specify \'\-\-server <servername>\' as
an argument.
See the configuration file documentation at
http://reductivelabs.com/projects/puppet/reference/configref.html for
the full list of acceptable parameters. A commented list of all
configuration options can also be generated by running puppetd with
\'\-\-genconfig\'.
daemonize: Send the process into the background. This is the default.
no\-daemonize: Do not send the process into the background.
debug: Enable full debugging.
.TP
.B disable: Disable working on the local system. This puts a lock file
in place, causing +puppetd+ not to work on the system
until the lock file is removed. This is useful if you are
testing a configuration and do not want the central
configuration to override the local state until everything
is tested and committed.
+puppetd+ uses the same lock file while it is running, so no more than
one +puppetd+ process is working at a time.
+puppetd+ exits after executing this.
.TP
.B enable: Enable working on the local system. This removes any lock
file, causing +puppetd+ to start managing the local system
again (although it will continue to use its normal
scheduling, so it might not start for another half hour).
+puppetd+ exits after executing this.
.TP
.B fqdn: Set the fully\-qualified domain name of the client. This is
only used for certificate purposes, but can be used to
override the discovered hostname. If you need to use this
flag, it is generally an indication of a setup problem.
help: Print this help message
.TP
.B logdest: Where to send messages. Choose between syslog, the
console, and a log file. Defaults to sending messages to
syslog, or the console if debugging or verbosity is
enabled.
.TP
.B no\-client: Do not create a config client. This will cause the daemon
to run without ever checking for its configuration
automatically, and only makes sense when used in
conjunction with \-\-listen.
.TP
.B onetime: Run the configuration once, rather than as a long\-running
daemon. This is useful for interactively running puppetd.
.TP
.B serve: Start another type of server. By default, +puppetd+ will
start a service handler that allows authenticated and
authorized remote nodes to trigger the configuration to be
pulled down and applied. You can specify any handler here
that does not require configuration, e.g., filebucket, ca,
or resource. The handlers are in
+lib/puppet/network/handler+, and the names must match
exactly, both in the call to +serve+ and in
+namespaceauth.conf+.
.TP
.B test: Enable the most common options used for testing. These are
+onetime+, +verbose+, +ignorecache, and
+no\-usecacheonfailure+.
verbose: Turn on verbose reporting.
version: Print the puppet version number and exit.
.TP
.B waitforcert: This option only matters for daemons that do not yet have
certificates and it is enabled by default, with a value of
120 (seconds). This causes +puppetd+ to connect to the
server every 2 minutes and ask it to sign a certificate
request. This is useful for the initial setup of a puppet
client. You can turn off waiting for certificates by
specifying a time of 0.
.SH EXAMPLE
.\" visit_block_quote
puppetd \-\-server puppet.domain.com
.\" depart_block_quote
.SH AUTHOR
Luke Kanies
.SH COPYRIGHT
Copyright (c) 2005, 2006 Reductive Labs, LLC Licensed under the GNU
Public License
.\" Generated by docutils manpage writer on 2008-05-05 09:33.
.\"
|