1Synopsis() Synopsis()
2
6 Synopsis -
7 Retrieve the client configuration from the central puppet server and
9 apply it to the local host.
10 Currently must be run out periodically, using cron or something simi‐
12 lar.
13
17 puppetd [-D|--daemonize|--no-daemonize] [-d|--debug] [--disable]
18 [--enable]
19 [-h|--help] [--fqdn <host name>] [-l|--logdest sys‐
20 log|<file>|console] [-o|--onetime] [--serve <handler>]
21 [-t|--test] [-V|--version] [-v|--verbose] [-w|--waitforcert
22 <seconds>]
23
28 This is the main puppet client. Its job is to retrieve the local
29 machine´s configuration from a remote server and apply it. In order to
30 successfully communicate with the remote server, the client must have a
31 certificate signed by a certificate authority that the server trusts;
32 the recommended method for this, at the moment, is to run a certificate
33 authority as part of the puppet server (which is the default). The
34 client will connect and request a signed certificate, and will continue
35 connecting until it receives one.
36 Once the client has a signed certificate, it will retrieve its configu‐
38 ration and apply it.
39
43 +puppetd+ does its best to find a compromise between interactive use
44 and daemon use. Run with no arguments and no configuration, it will go
45 into the backgroun, attempt to get a signed certificate, and retrieve
46 and apply its configuration every 30 minutes.
47 Some flags are meant specifically for interactive use -- in particular,
49 +test+ and +tags+ are useful. +test+ enables verbose logging, causes
50 the daemon to stay in the foreground, exits if the server´s configura‐
51 tion is invalid (this happens if, for instance, you´ve left a syntax
52 error on the server), and exits after running the configuration once
53 (rather than hanging around as a long-running process).
54 +tags+ allows you to specify what portions of a configuration you want
56 to apply. Puppet elements are tagged with all of the class or defini‐
57 tion names that contain them, and you can use the +tags+ flag to spec‐
58 ify one of these names, causing only configuration elements contained
59 within that class or definition to be applied. This is very useful when
60 you are testing new configurations -- for instance, if you are just
61 starting to manage +ntpd+, you would put all of the new elements into
62 an +ntpd+ class, and call puppet with +--tags ntpd+, which would only
63 apply that small portion of the configuration during your testing,
64 rather than applying the whole thing.
65
69 Note that any configuration parameter that´s valid in the configuration
70 file is also a valid long argument. For example, ´server´ is a valid
71 configuration parameter, so you can specify ´--server <servername>´ as
72 an argument.
73 See the configuration file documentation at http://reductive‐
75 labs.com/projects/puppet/reference/configref.html for the full list of
76 acceptable parameters. A commented list of all configuration options
77 can also be generated by running puppetd with ´--genconfig´.
78 daemonize: Send the process into the background. This is the
80 default.
81 no-daemonize: Do not send the process into the background.
83 debug: Enable full debugging.
85 disable: Disable working on the local system. This puts a lock file
89 in place, causing +puppetd+ not to work on the system until the
90 lock file is removed. This is useful if you are testing a con‐
91 figuration and do not want the central configuration to override
92 the local state until everything is tested and committed.
93 +puppetd+ uses the same lock file while it is running, so no
95 more than one +puppetd+ process is working at a time.
96 +puppetd+ exits after executing this.
98 enable: Enable working on the local system. This removes any lock
102 file, causing +puppetd+ to start managing the local system again
103 (although it will continue to use its normal scheduling, so it
104 might not start for another half hour).
105 +puppetd+ exits after executing this.
107 fqdn: Set the fully-qualified domain name of the client. This is
111 only used for certificate purposes, but can be used to override
112 the discovered hostname. If you need to use this flag, it is
113 generally an indication of a setup problem.
114 help: Print this help message
116 logdest: Where to send messages. Choose between syslog, the
120 console, and a log file. Defaults to sending messages to syslog,
121 or the console if debugging or verbosity is enabled.
122 no-client: Do not create a config client. This will cause the daemon
126 to run without ever checking for its configuration automati‐
127 cally, and only makes sense when used in conjunction with --lis‐
128 ten.
129 onetime: Run the configuration once, rather than as a long-running
133 daemon. This is useful for interactively running puppetd.
134 serve: Start another type of server. By default, +puppetd+ will
138 start a service handler that allows authenticated and authorized
139 remote nodes to trigger the configuration to be pulled down and
140 applied. You can specify any handler here that does not require
141 configuration, e.g., filebucket, ca, or resource. The handlers
142 are in +lib/puppet/network/handler+, and the names must match
143 exactly, both in the call to +serve+ and in +names‐
144 paceauth.conf+.
145 test: Enable the most common options used for testing. These are
149 +onetime+, +verbose+, +ignorecache, and +no-usecacheonfailure+.
150 verbose: Turn on verbose reporting.
152 version: Print the puppet version number and exit.
154 waitforcert: This option only matters for daemons that do not yet have
158 certificates and it is enabled by default, with a value of 120
159 (seconds). This causes +puppetd+ to connect to the server every
160 2 minutes and ask it to sign a certificate request. This is use‐
161 ful for the initial setup of a puppet client. You can turn off
162 waiting for certificates by specifying a time of 0.
163
167 puppetd --server puppet.domain.com
168
173 Luke Kanies
174
178 Copyright (c) 2005, 2006 Reductive Labs, LLC Licensed under the GNU
179 Public License
180 Synopsis()