5
# Retrieve the client configuration from the puppet master and apply
6
# it to the local host.
8
# Currently must be run out periodically, using cron or something similar.
12
# puppet agent [-D|--daemonize|--no-daemonize] [-d|--debug]
13
# [--detailed-exitcodes] [--disable] [--enable]
14
# [-h|--help] [--certname <host name>] [-l|--logdest syslog|<file>|console]
15
# [-o|--onetime] [--serve <handler>] [-t|--test] [--noop]
16
# [--digest <digest>] [--fingerprint] [-V|--version]
17
# [-v|--verbose] [-w|--waitforcert <seconds>]
21
# This is the main puppet client. Its job is to retrieve the local machine's
22
# configuration from a remote server and apply it. In order to successfully
23
# communicate with the remote server, the client must have a certificate signed
24
# by a certificate authority that the server trusts; the recommended method
25
# for this, at the moment, is to run a certificate authority as part of the
26
# puppet server (which is the default). The client will connect and request
27
# a signed certificate, and will continue connecting until it receives one.
29
# Once the client has a signed certificate, it will retrieve its configuration
34
# +puppet agent+ does its best to find a compromise between interactive use and
35
# daemon use. Run with no arguments and no configuration, it will go into the
36
# backgroun, attempt to get a signed certificate, and retrieve and apply its
37
# configuration every 30 minutes.
39
# Some flags are meant specifically for interactive use -- in particular,
40
# +test+, +tags+ or +fingerprint+ are useful. +test+ enables verbose logging, causes
41
# the daemon to stay in the foreground, exits if the server's configuration is
42
# invalid (this happens if, for instance, you've left a syntax error on the
43
# server), and exits after running the configuration once (rather than hanging
44
# around as a long-running process).
46
# +tags+ allows you to specify what portions of a configuration you want to apply.
47
# Puppet elements are tagged with all of the class or definition names that
48
# contain them, and you can use the +tags+ flag to specify one of these names,
49
# causing only configuration elements contained within that class or definition
50
# to be applied. This is very useful when you are testing new configurations --
51
# for instance, if you are just starting to manage +ntpd+, you would put all of
52
# the new elements into an +ntpd+ class, and call puppet with +--tags ntpd+,
53
# which would only apply that small portion of the configuration during your
54
# testing, rather than applying the whole thing.
56
# +fingerprint+ is a one-time flag. In this mode +puppet agent+ will run once and
57
# display on the console (and in the log) the current certificate (or certificate
58
# request) fingerprint. Providing the +--digest+ option allows to use a different
59
# digest algorithm to generate the fingerprint. The main use is to verify that
60
# before signing a certificate request on the master, the certificate request the
61
# master received is the same as the one the client sent (to prevent against
62
# man-in-the-middle attacks when signing certificates).
67
# Note that any configuration parameter that's valid in the configuration file
68
# is also a valid long argument. For example, 'server' is a valid configuration
69
# parameter, so you can specify '--server <servername>' as an argument.
71
# See the configuration file documentation at
72
# http://docs.puppetlabs.com/references/stable/configuration.html for
73
# the full list of acceptable parameters. A commented list of all
74
# configuration options can also be generated by running puppet agent with
78
# Send the process into the background. This is the default.
81
# Do not send the process into the background.
84
# Enable full debugging.
87
# Change the certificate fingerprinting digest algorithm. The default is MD5.
88
# Valid values depends on the version of OpenSSL installed, but should always
89
# at least contain MD5, MD2, SHA1 and SHA256.
91
# detailed-exitcodes::
92
# Provide transaction information via exit codes. If this is enabled, an
93
# exit code of '2' means there were changes, and an exit code of '4' means
94
# that there were failures during the transaction. This option only makes
95
# sense in conjunction with --onetime.
98
# Disable working on the local system. This puts a lock file in place,
99
# causing +puppet agent+ not to work on the system until the lock file is removed.
100
# This is useful if you are testing a configuration and do not want the central
101
# configuration to override the local state until everything is tested and
104
# +puppet agent+ uses the same lock file while it is running, so no more than one
105
# +puppet agent+ process is working at a time.
107
# +puppet agent+ exits after executing this.
110
# Enable working on the local system. This removes any lock file, causing
111
# +puppet agent+ to start managing the local system again (although it will continue
112
# to use its normal scheduling, so it might not start for another half hour).
114
# +puppet agent+ exits after executing this.
117
# Set the certname (unique ID) of the client. The master reads this unique
118
# identifying string, which is usually set to the node's fully-qualified domain
119
# name, to determine which configurations the node will receive. Use this option
120
# to debug setup problems or implement unusual node identification schemes.
123
# Print this help message
126
# Where to send messages. Choose between syslog, the console, and a log file.
127
# Defaults to sending messages to syslog, or the console if debugging or
128
# verbosity is enabled.
131
# Do not create a config client. This will cause the daemon to run
132
# without ever checking for its configuration automatically, and only
133
# makes sense when used in conjunction with --listen.
136
# Run the configuration once. Runs a single (normally daemonized) Puppet run.
137
# Useful for interactively running puppet agent when used in conjunction with
138
# the --no-daemonize option.
141
# Display the current certificate or certificate signing request fingerprint
142
# and then exit. Use the +--digest+ option to change the digest algorithm used.
145
# Start another type of server. By default, +puppet agent+ will start
146
# a service handler that allows authenticated and authorized remote nodes to
147
# trigger the configuration to be pulled down and applied. You can specify
148
# any handler here that does not require configuration, e.g., filebucket, ca,
149
# or resource. The handlers are in +lib/puppet/network/handler+, and the names
150
# must match exactly, both in the call to +serve+ and in +namespaceauth.conf+.
153
# Enable the most common options used for testing. These are +onetime+,
154
# +verbose+, +ignorecache, +no-daemonize+, +no-usecacheonfailure+,
155
# +detailed-exit-codes+, +no-splay+, and +show_diff+.
158
# Use +noop+ mode where the daemon runs in a no-op or dry-run mode. This is useful
159
# for seeing what changes Puppet will make without actually executing the changes.
162
# Turn on verbose reporting.
165
# Print the puppet version number and exit.
168
# This option only matters for daemons that do not yet have certificates
169
# and it is enabled by default, with a value of 120 (seconds). This causes
170
# +puppet agent+ to connect to the server every 2 minutes and ask it to sign a
171
# certificate request. This is useful for the initial setup of a puppet
172
# client. You can turn off waiting for certificates by specifying a time
177
# puppet agent --server puppet.domain.com
185
# Copyright (c) 2005, 2006 Puppet Labs, LLC
186
# Licensed under the GNU Public License
188
#Puppet::Application[:agent].run