diff options
-rw-r--r-- | doc/conf.py | 107 | ||||
-rw-r--r-- | doc/man/bcfg2-admin.txt | 208 | ||||
-rw-r--r-- | doc/man/bcfg2-build-reports.txt | 39 | ||||
-rw-r--r-- | doc/man/bcfg2-crypt.txt | 121 | ||||
-rw-r--r-- | doc/man/bcfg2-info.txt | 117 | ||||
-rw-r--r-- | doc/man/bcfg2-lint.conf.txt | 126 | ||||
-rw-r--r-- | doc/man/bcfg2-lint.txt | 129 | ||||
-rw-r--r-- | doc/man/bcfg2-reports.txt | 111 | ||||
-rw-r--r-- | doc/man/bcfg2-server.txt | 51 | ||||
-rw-r--r-- | doc/man/bcfg2.conf.txt | 714 | ||||
-rw-r--r-- | doc/man/bcfg2.txt | 166 |
11 files changed, 1868 insertions, 21 deletions
diff --git a/doc/conf.py b/doc/conf.py index 96a1efbc7..ab011b2a5 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -24,10 +24,13 @@ sys.path.insert(0, os.path.abspath('..')) # -- General configuration ----------------------------------------------------- +# If your documentation needs a minimal Sphinx version, state it here. +#needs_sphinx = '1.0' + # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest', - 'sphinx.ext.intersphinx'] + 'sphinx.ext.intersphinx', 'sphinx.ext.viewcode'] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] @@ -36,7 +39,7 @@ templates_path = ['_templates'] source_suffix = '.txt' # The encoding of source files. -#source_encoding = 'utf-8' +#source_encoding = 'utf-8-sig' # The master toctree document. #master_doc = 'contents' @@ -70,12 +73,9 @@ release = '1.3.0' # Else, today_fmt is used as the format for a strftime call. #today_fmt = '%B %d, %Y' -# List of documents that shouldn't be included in the build. -#unused_docs = [] - -# List of directories, relative to source directory, that shouldn't be searched -# for source files. -exclude_trees = ['_build'] +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] # The reST default role (used for this markup: `text`) to use for all documents. #default_role = None @@ -100,8 +100,8 @@ pygments_style = 'sphinx' # -- Options for HTML output --------------------------------------------------- -# The theme to use for HTML and HTML Help pages. Major themes that come with -# Sphinx are currently 'default' and 'sphinxdoc'. +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. html_theme = 'default' # Theme options are theme-specific and customize the look and feel of a theme @@ -153,7 +153,7 @@ html_sidebars = { #html_additional_pages = {} # If false, no module index is generated. -#html_use_modindex = True +#html_domain_indices = True # If false, no index is generated. #html_use_index = True @@ -164,13 +164,19 @@ html_sidebars = { # If true, links to the reST sources are added to the pages. #html_show_sourcelink = True +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +#html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + # If true, an OpenSearch description file will be output, and all pages will # contain a <link> tag referring to it. The value of this option must be the # base URL from which the finished HTML is served. #html_use_opensearch = '' -# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml"). -#html_file_suffix = '' +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None # Output file base name for HTML help builder. htmlhelp_basename = 'Bcfg2doc' @@ -178,24 +184,29 @@ htmlhelp_basename = 'Bcfg2doc' # -- Options for LaTeX output -------------------------------------------------- -# The paper size ('letter' or 'a4'). -latex_paper_size = 'letter' +latex_elements = { +# The paper size ('letterpaper' or 'a4paper'). +#'papersize': 'letterpaper', # The font size ('10pt', '11pt' or '12pt'). -latex_font_size = '11pt' +#'pointsize': '10pt', + +# Additional stuff for the LaTeX preamble. +#'preamble': '', +} # Grouping the document tree into LaTeX files. List of tuples # (source start file, target name, title, author, documentclass [howto/manual]). # py3k compatibility if sys.hexversion >= 0x03000000: latex_documents = [ - ('contents', 'bcfg2.tex', 'Bcfg2 Documentation', - 'Narayan Desai et al.', 'manual', True), + ('index', 'Bcfg2.tex', 'Bcfg2 Documentation', + 'Narayan Desai et al.', 'manual'), ] else: latex_documents = [ - ('contents', 'bcfg2.tex', u'Bcfg2 Documentation', - u'Narayan Desai et al.', 'manual', True), + ('index', 'Bcfg2.tex', u'Bcfg2 Documentation', + u'Narayan Desai et al.', 'manual'), ] # The name of an image file (relative to this directory) to place at the top of @@ -213,7 +224,61 @@ else: #latex_appendices = [] # If false, no module index is generated. -latex_use_modindex = False +#latex_domain_indices = True + + +# -- Options for manual page output -------------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ('man/bcfg2', 'bcfg2', 'Bcfg2 client tool', [], 1), + ('man/bcfg2-admin', 'bcfg2-admin', + 'Perform repository administration tasks', [], 8), + ('man/bcfg2-build-reports', 'bcfg2-build-reports', + 'Generate state reports for Bcfg2 clients', [], 8), + ('man/bcfg2.conf', 'bcfg2.conf', + 'Configuration parameters for Bcfg2', [], 5), + ('man/bcfg2-crypt', 'bcfg2-crypt', + 'Bcfg2 encryption and decryption utility', [], 8), + ('man/bcfg2-info', 'bcfg2-info', + 'Creates a local version of the Bcfg2 server core for state observation', + [], 8), + ('man/bcfg2-lint', 'bcfg2-lint', + 'Check Bcfg2 specification for validity, common mistakes, and style', + [], 8), + ('man/bcfg2-lint.conf', 'bcfg2-lint.conf', + 'Configuration parameters for bcfg2-lint', [], 5), + ('man/bcfg2-reports', 'bcfg2-reports', + 'Query reporting system for client status', [], 8), + ('man/bcfg2-server', 'bcfg2-server', + 'Server for client configuration specifications', [], 8), +] + +# If true, show URL addresses after external links. +#man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------------ + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ('index', 'Bcfg2', u'Bcfg2 Documentation', + u'Narayan Desai', 'Bcfg2', 'One line description of project.', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' + # autodoc settings autodoc_default_flags = ['members', 'show-inheritance'] diff --git a/doc/man/bcfg2-admin.txt b/doc/man/bcfg2-admin.txt new file mode 100644 index 000000000..26e75050f --- /dev/null +++ b/doc/man/bcfg2-admin.txt @@ -0,0 +1,208 @@ +.. vim: ft=rst + +bcfg2-admin +=========== + +.. program:: bcfg2-admin + +Synopsis +-------- + +**bcfg2-admin** [-C *configfile*] *mode* [*mode args*] [*mode options*] + +Description +----------- + +:program:`bcfg2-admin` is used to perform Bcfg2 repository +administration. + +Options +------- + +-C *configfile* + Specify alternate bcfg2.conf location. + +-E *encoding* + Specify the encoding of Cfg files. + +-Q *path* + Specify the path to the server repository. + +-S *https://server:port* + Manually specify the server location (as opposed to using the value + in bcfg2.conf). + +-d + Enable debugging output. + +-h + Print usage information. + +-o *logfile* + Writes a log to the specified path. + +--ssl-key=\ *key* + Specify the path to the SSL key. + +-v + Enable verbose output. + +-x *password* + Use 'password' for client communication. + +Modes +----- + +backup + Create an archive of the entire Bcfg2 repository. +bundle *action* + Display details about the available bundles (See BUNDLE OPTIONS + below). +client *action* *client* [attribute=value] + Add, edit, or remove clients entries in metadata (See CLIENT OPTIONS + below). +compare *old* *new* + Compare two client configurations. Can be used to verify consistent + behavior between releases. Determine differences between files or + directories (See COMPARE OPTIONS below). +init + Initialize a new repository (interactive). +minestruct *client* [-f xml-file] [-g groups] + Build structure entries based on client statistics extra entries + (See MINESTRUCT OPTIONS below). +perf + Query server for performance data. +pull *client* *entry-type* *entry-name* + Install configuration information into repo based on client bad + entries (See PULL OPTIONS below). +reports [init|load_stats|purge|scrub|update] + Interact with the dynamic reporting system (See REPORTS OPTIONS + below). +snapshots [init|dump|query|reports] + Interact with the Snapshots database (See SNAPSHOTS OPTIONS below). +syncdb + Sync the Django ORM with the configured database. +tidy + Remove unused files from repository. +viz [-H] [-b] [-k] [-o png-file] + Create a graphviz diagram of client, group and bundle information + (See VIZ OPTIONS below). +xcmd + Provides a XML-RPC Command Interface to the bcfg2-server. + +BUNDLE OPTIONS +++++++++++++++ + +mode + One of the following. + + *list-xml* + List all available xml bundles + *list-genshi* + List all available genshi bundles + *show* + Interactive dialog to get details about the available bundles + +CLIENT OPTIONS +++++++++++++++ + +mode + One of the following. + + *add* + Add a client + *del* + Delete a client + *list* + List all client entries + +client + Specify the client's name. + +attribute=value + Set attribute values when adding a new client. Allowed attributes + are 'profile', 'uuid', 'password', 'location', 'secure, and + 'address'. + +COMPARE OPTIONS ++++++++++++++++ + +old + Specify the location of the old configuration file. + +new + Specify the location of the new configuration file. + +MINESTRUCT OPTIONS +++++++++++++++++++ + +client + Client whose metadata is to be searched for extra entries. + +-g *groups* + Hierarchy of groups in which to place the extra entries in. + +-f *outputfile* + Specify the xml file in which to write the extra entries. + +PULL OPTIONS +++++++++++++ + +client + Specify the name of the client to search for. + +entry type + Specify the type of the entry to pull. + +entry name + Specify the name of the entry to pull. + +REPORTS OPTIONS ++++++++++++++++ + +load_stats [-s] [-c] [-03] + Load statistics data. + +purge [--client [n]] [--days [n]] [--expired] + Purge historic and expired data. + +scrub + Scrub the database for duplicate reasons and orphaned entries. + +update + Apply any updates to the reporting database. + +SNAPSHOTS OPTIONS ++++++++++++++++++ + +init + Initialize the snapshots database. + +query + Query the snapshots database. + +dump + Dump some of the contents of the snapshots database. + +reports [-a] [-b] [-e] [--date=MM-DD-YYYY] + Generate reports for clients in the snapshots database. + +VIZ OPTIONS ++++++++++++ + +-H + Include hosts in diagram. + +-b + Include bundles in diagram. + +-o <outfile> + Write to outfile file instead of stdout. + +-k + Add a shape/color key. + +See Also +-------- + +:manpage:`bcfg2-info(8)`, :manpage:`bcfg2-server(8)` diff --git a/doc/man/bcfg2-build-reports.txt b/doc/man/bcfg2-build-reports.txt new file mode 100644 index 000000000..8d859fe26 --- /dev/null +++ b/doc/man/bcfg2-build-reports.txt @@ -0,0 +1,39 @@ +.. vim: ft=rst + +bcfg2-build-reports +=================== + +.. program:: bcfg2-build-reports + +Synopsis +-------- + +**bcfg2-build-reports** [*-A*] [*-c*] [*-s*] + +Description +----------- + +:program:`bcfg2-build-reports` is used to build all client state +reports. See the Bcfg2 manual for report setup information. + +Options +------- + +-A + Displays all data. + +-c *configuration file* + Specify an alternate report configuration path. The default is + `repo/etc/reports-configuration.xml`. + +-h + Produce a help message. + +-s *statistics path* + Use an alternative path for the statistics file. The default is + `repo/etc/statistics.xml`. + +See Also +-------- + +:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)` diff --git a/doc/man/bcfg2-crypt.txt b/doc/man/bcfg2-crypt.txt new file mode 100644 index 000000000..37e60482e --- /dev/null +++ b/doc/man/bcfg2-crypt.txt @@ -0,0 +1,121 @@ +.. vim: ft=rst + +bcfg2-crypt +=========== + +.. program:: bcfg2-crypt + +Synopsis +-------- + +**bcfg2-crypt** [-C *configfile*] [--decrypt|--encrypt] +[--cfg|--properties] [--stdout] [--remove] [--xpath *xpath*] +[-p *passphrase-or-name*] [-v] [-I] *filename* [*filename*...] + +Description +----------- + +:program:`bcfg2-crypt` performs encryption and decryption of Cfg and +Properties files. It's often sufficient to run :program:`bcfg2-crypt` +with only the name of the file you wish to encrypt or decrypt; it can +usually figure out what to do. + +Options +------- + +-C *configfile* + Specify alternate bcfg2.conf location. + +--decrypt, --encrypt + Specify which operation you'd like to perform. + :program:`bcfg2-crypt` can usually determine which is necessary + based on the contents of each file. + +--cfg + Tell :program:`bcfg2-crypt` that an XML file should be encrypted in + its entirety rather than element-by-element. This is only necessary + if the file is an XML file whose name ends with *.xml* and whose + top-level tag is *<Properties>*. See [MODES] below for details. + +--properties + Tell :program:`bcfg2-crypt` to process a file as an XML Properties + file, and encrypt the text of each element separately. This is + necessary if, for example, you've used a different top-level tag + than *Properties* in your Properties files. See [MODES] below for + details. + +--stdout + Print the resulting file to stdout instead of writing it to a file. + +--remove + Remove the plaintext file after it has been encrypted. Only + meaningful for Cfg files. + +--xpath *xpath* + Encrypt the character content of all elements that match the + specified XPath expression. The default is *\*[@encrypted]* or + *\**; see [MODES] below for more details. Only meaningful for + Properties files. + +-p *passphrase* + Specify the name of a passphrase specified in the *[encryption]* + section of *bcfg2.conf*. See [SELECTING PASSPHRASE] below for more + details. + +-v + Be verbose. + +-I + When encrypting a Properties file, interactively select the elements + whose data should be encrypted. + +-h + Display help and exit. + +Modes +----- + +:program:`bcfg2-crypt` can encrypt Cfg files or Properties files; they +are handled very differently. + +Cfg + When :program:`bcfg2-crypt` is used on a Cfg file, the entire file + is encrypted. This is the default behavior on files that are not + XML, or that are XML but whose top-level tag is not *<Properties>*. + This can be enforced by use of the *--cfg* option. + +Properties + When :program:`bcfg2-crypt` is used on a Properties file, it + encrypts the character content of elements matching the XPath + expression given by *--xpath*. By default the expression is + *\*[@encrypted]*, which matches all elements with an *encrypted* + attribute. If you are encrypting a file and that expression doesn't + match any elements, then the default is *\**, which matches + everything. When :program:`bcfg2-crypt` encrypts the character + content of an element, it also adds the *encrypted* attribute, set + to the name of the passphrase used to encrypt that element. When it + decrypts an element it does not remove *encrypted*, though; this + lets you easily and efficiently run :program:`bcfg2-crypt` against a + single Properties file to encrypt and decrypt it without needing to + specify a long list of options. See the online Bcfg2 docs on + Properties files for more information on how this works. + +Selecting passphrase +-------------------- + +The passphrase used to encrypt or decrypt a file is discovered in the +following order. + +#. The passphrase given on the command line using *-p* is used. +#. If exactly one passphrase is specified in *bcfg2.conf*, it will be + used. +#. If operating in Properties mode, *bcfg2.conf* will attempt to read + the name of the passphrase from the encrypted elements. +#. If decrypting, all passphrases will be tried sequentially. +#. If no passphrase has been determined at this point, an error is + produced and the file being encrypted or decrypted is skipped. + +See Also +-------- + +:manpage:`bcfg2-server(8)` diff --git a/doc/man/bcfg2-info.txt b/doc/man/bcfg2-info.txt new file mode 100644 index 000000000..93d159474 --- /dev/null +++ b/doc/man/bcfg2-info.txt @@ -0,0 +1,117 @@ +.. vim: ft=rst + +bcfg2-info +========== + +.. program:: bcfg2-info + +Synopsis +-------- + +**bcfg2-info** [-C *configfile*] [-E *encoding*] [-Q *repository path*] +[-h] [-p] [-x *password*] [*mode*] [*mode args*] [*mode options*] + +Description +----------- + +:program:`bcfg2-info` instantiates an instance of the Bcfg2 core for +data examination and debugging purposes. + +Options +------- + +-C *configfile* + Specify alternate bcfg2.conf location. + +-E *encoding* + Specify the encoding of config files. + +-Q *repository path* + Specify the server repository path. + +-d + Run in debug mode. + +-h + Print usage information. + +-p *profile* + Specify a profile. + +-x *password* + Set the communication password. + +Modes +----- + +build *hostname* *filename* + Build config for hostname, writing to filename. + +buildall *directory* + Build configs for all clients in directory. + +buildallfile *directory* *filename* [*hostnames*] + Build config file for all clients in directory. + +buildbundle *filename* *hostname* + Build bundle for hostname (not written to disk). If filename is a + bundle template, it is rendered. + +builddir *hostname* *dirname* + Build config for hostname, writing separate files to dirname. + +buildfile [--altsrc=*altsrc*] *filename* *hostname* + Build config file for hostname (not written to disk). + +bundles + Print out group/bundle information. + +clients + Print out client/profile information. + +config + Print out the configuration of the Bcfg2 server. + +debug + Shell out to native python interpreter. + +event_debug + Display filesystem events as they are processed. + +groups + List groups. + +help + Print the list of available commands. + +mappings [*entry type*] [*entry name*] + Print generator mappings for optional type and name. + +packageresolve *hostname* *package* [*package*...] + Resolve the specified set of packages. + +packagesources *hostname* + Show package sources. + +profile *command* *args* + Profile a single bcfg2-info command. + +quit + Exit bcfg2-info command line. + +showentries *hostname* *type* + Show abstract configuration entries for a given host. + +showclient *client1* *client2* + Show metadata for given hosts. + +update + Process pending file events. + +version + Print version of this tool. + +See Also +-------- + +:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)` diff --git a/doc/man/bcfg2-lint.conf.txt b/doc/man/bcfg2-lint.conf.txt new file mode 100644 index 000000000..6e0d237ee --- /dev/null +++ b/doc/man/bcfg2-lint.conf.txt @@ -0,0 +1,126 @@ +.. vim: ft=rst + +bcfg2-lint.conf +=============== + +Description +----------- + +bcfg2-lint.conf includes configuration parameters for bcfg2-lint. + +File format +----------- + +The file is INI-style and consists of sections and options. A section +begins with the name of the sections in square brackets and continues +until the next section begins. + +Options are specified in the form "name=value". + +The file is line-based each newline-terminated line represents either a +comment, a section name or an option. + +Any line beginning with a hash (#) is ignored, as are lines containing +only whitespace. + +The file consists of one *[lint]* section, up to one *[errors]* section, +and then any number of plugin-specific sections, documented below. (Note +that this makes it quite feasible to combine your *bcfg2-lint.conf* into +your :manpage:`bcfg2.conf(5)` file, if you so desire). + +Global options +-------------- + +These options apply to *bcfg2-lint* generally, and must be in the +*[lint]* section. + +plugins + A comma-delimited list of plugins to run. By default, all plugins + are run. This can be overridden by listing plugins on the command + line. See :manpage:`bcfg2-lint(8)` for a list of the available + plugins. + +Error handling +-------------- + +Error handling is configured in the *[errors]* section. Each option +should be the name of an error and one of *error*, *warning*, or +*silent*, which tells :program:`bcfg2-lint` how to handle the +warning. Error names and their defaults can be displayed by running +:program:`bcfg2-lint` with the *--list-errors* option. + +Plugin options +-------------- + +These options apply only to a single plugin. Each option should be in a +section named for its plugin; for instance, options for the InfoXML +plugin would be in a section called *[InfoXML]*. + +If a plugin is not listed below, then it has no configuration. + +In many cases, the behavior of a plugin can be configured by modifying +how errors from it are handled. See ERROR HANDLING, above. + +Comments +++++++++ + +The *Comments* plugin configuration specifies which VCS keywords and +comments are required for which file types. The valid types of file are +*global* (all file types), *bundler* (non-templated bundle files), +*genshibundler* (templated bundle files), *properties* (property files), +*cfg* (non-templated Cfg files), *genshi* or *cheetah* (templated Cfg +files), *infoxml* (info.xml files), and *probe* (probe files). + +The specific types (i.e., types other than "global") all supplement +global; they do not override it. The exception is if you specify an +empty option, e.g.: + + cfg_keywords = + +By default, the *$Id$* keyword is checked for and nothing else. + +Multiple keywords or comments should be comma-delimited. + + * *<type>_keywords* + +Ensure that files of the specified type have the given VCS keyword. Do +*not* include the dollar signs. I.e.: + + infoxml_keywords = Revision + +*not* + + infoxml_keywords = $Revision$ + + * *<type>_comments* + +Ensure that files of the specified type have a comment containing the +given string. In XML files, only comments are checked. In plain text +files, all lines are checked since comment characters may vary. + +InfoXML ++++++++ + +required_attrs + A comma-delimited list of attributes to require on *<Info>* tags. + Default is "owner,group,mode". + +MergeFiles +++++++++++ + +threshold + The threshold at which MergeFiles will suggest merging config files + and probes. Default is 75% similar. + +Validate +++++++++ + +schema + The full path to the XML Schema files. Default is + `/usr/share/bcfg2/schema`. This can be overridden with the + *--schema* command-line option. + +See Also +-------- + +:manpage:`bcfg2-lint(8)` diff --git a/doc/man/bcfg2-lint.txt b/doc/man/bcfg2-lint.txt new file mode 100644 index 000000000..c5d2eacee --- /dev/null +++ b/doc/man/bcfg2-lint.txt @@ -0,0 +1,129 @@ +.. vim: ft=rst + +bcfg2-lint +========== + +.. program:: bcfg2-lint + +Synopsis +-------- + +**bcfg2-lint** [*options*] [*plugin* [*plugin*...]] + +Description +----------- + +:program:`bcfg2-lint` checks the Bcfg2 specification for schema +validity, common mistakes, and other criteria. It can be quite helpful +in finding typos or malformed data. + +:program:`bcfg2-lint` exits with a return value of 2 if errors were +found, and 3 if warnings (but no errors) were found. Any other non-0 +exit value denotes some failure in the script itself. + +:program:`bcfg2-lint` is a rewrite of the older bcfg2-repo-validate +tool. + +Options +------- + +-C *configfile* + Specify alternate bcfg2.conf location. + +-Q + Specify the server repository path. + +-v + Be verbose. + +--lint-config + Specify path to bcfg2-lint.conf (default `/etc/bcfg2-lint.conf`). + +--stdin + Rather than operating on all files in the Bcfg2 specification, only + validate a list of files supplied on stdin. This mode is + particularly useful in pre-commit hooks. + + This makes a few assumptions: + + Metadata files will only be checked if a valid chain of + XIncludes can be followed all the way from clients.xml or + groups.xml. Since there are multiple formats of metadata stored + in Metadata/ (i.e., clients and groups), there is no way to + determine which sort of data a file contains unless there is a + valid chain of XIncludes. It may be useful to always specify all + metadata files should be checked, even if not all of them have + changed. + + Property files will only be validated if both the property file + itself and its matching schema are included on stdin. + +Plugins +------- + +See :manpage:`bcfg2-lint.conf(5)` for more information on the +configuration of the plugins listed below. + +Bundles + Check the specification for several issues with Bundler: bundles + referenced in metadata but not found in *Bundler/*; bundles whose + *name* attribute does not match the filename; and Genshi template + bundles that use the *<Group>* tag (which is not processed in + templated bundles). + +Comments + Check the specification for VCS keywords and any comments that are + required. By default, this only checks that the *$Id$* keyword is + included and expanded in all files. You may specify VCS keywords to + check and comments to be required in the config file. (For instance, + you might require that every file have a "Maintainer" comment.) + + In XML files, only comments are checked for the keywords and + comments required. + +Duplicates + Check for several types of duplicates in the Metadata: duplicate + groups; duplicate clients; and multiple default groups. + +InfoXML + Check that certain attributes are specified in *info.xml* files. By + default, requires that *owner*, *group*, and *mode* are specified. + Can also require that an *info.xml* exists for all Cfg files, and + that paranoid mode be enabled for all files. + +MergeFiles + Suggest that similar probes and config files be merged into single + probes or TGenshi templates. + +Pkgmgr + Check for duplicate packages specified in Pkgmgr. + +RequiredAttrs + Check that all *Path* and *BoundPath* tags have the attributes that + are required by their type (e.g., a path of type symlink must have + name and to specified to be valid). This sort of validation is + beyond the scope of an XML schema. + +Validate + Validate the Bcfg2 specification against the XML schemas. + + Property files are freeform XML, but if a *.xsd* file with a matching + filename is provided, then schema validation will be performed on + property files individually as well. For instance, if you have a + property file named *ntp.xml* then by placing a schema for that file + in *ntp.xsd* schema validation will be performed on *ntp.xml*. + + +Bugs +---- + +:program:`bcfg2-lint` may not handle some older plugins as well as it +handles newer ones. For instance, there may be some places where it +expects all of your configuration files to be handled by Cfg rather than +by a mix of Cfg and TGenshi or TCheetah. + +See Also +-------- + +:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)`, +:manpage:`bcfg2-lint.conf(5)` diff --git a/doc/man/bcfg2-reports.txt b/doc/man/bcfg2-reports.txt new file mode 100644 index 000000000..f2fe72813 --- /dev/null +++ b/doc/man/bcfg2-reports.txt @@ -0,0 +1,111 @@ +.. vim: ft=rst + +bcfg2-reports +============= + +.. program:: bcfg2-reports + +Synopsis +-------- + +**bcfg2-reports** [-a] [-b *NAME*] [-c] [-d] [-e *NAME*] [-h] +[-m *NAME*] [-s *NAME*] [-x *NAME*] [--badentry=\ *KIND,NAME*] +[--extraentry=\ *KIND,NAME*] [--fields=\ *ARG1,ARG2,...*] +[--modifiedentry=\ *KIND,NAME*] [--sort=\ *ARG1,ARG2,...*] [--stale] [-v] + +Description +----------- + +:program:`bcfg2-reports` allows you to retrieve data from the database +about clients, and the states of their current interactions. It also +allows you to change the expired/unexpired states. The utility runs as a +standalone application. It does, however, use the models from +`src/lib/Bcfg2/Reporting/models.py`. + +Options +------- + +-h + Shows help and usage info about :program:`bcfg2-reports`. + +Modes +----- + +The following are various modes available for :program:`bcfg2-reports`. + +Single-Host Modes ++++++++++++++++++ + +-b, --bad *hostname* + Shows bad entries from the current interaction of *hostname*. + +-e, --extra *hostname* + Shows extra entries from the current interaction of *hostname*. + +-m, --modified *hostname* + Shows modified entries from the current interaction of *hostname*. + +-s, --show *hostname* + Shows bad, modified, and extra entries from the current interaction + of *hostname*. + +-t, --total *hostname* + Shows total number of managed and good entries from the current + interaction of *hostname*. + +-x, --expire *hostname* + Toggles expired/unexpired state of *hostname*. + +-a, --all + Show all hosts, including expired hosts. + +Host Selection Modes +++++++++++++++++++++ + +-a, --all + Show all hosts, including expired hosts. + +-c, --clean + Show only clean hosts. + +-d, --dirty + Show only dirty hosts. + +--stale + Show hosts that haven't run in the last 24 hours. + +Entry Modes ++++++++++++ + +--badentry=\ *entry type, entry name* + Shows only hosts whose current interaction has bad entries of type + *entry type* and name *entry name*. + +--extraentry=\ *entry type, entry name* + Shows only hosts whose current interaction has extra entries of type + *entry type* and name *entry name*. + +--entrystatus=\ *entry type, entry name* + Shows the status of entry type *entry type* and name *entry name* + on all hosts. + +--modifiedentry + Shows only hosts whose current interaction has modifiedentries of + type *entry type* and name *entry name*. + +Entry Options +^^^^^^^^^^^^^ + +The following options can be used with the above Entry Modes. + +--fields=\ *FIELD,FIELD,...* + Only display the listed fields. + +--file=\ *FILE* + Read TYPE:NAME pairs from the specified file instead of the command + line. + +See Also +-------- + +:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)` diff --git a/doc/man/bcfg2-server.txt b/doc/man/bcfg2-server.txt new file mode 100644 index 000000000..dedc86549 --- /dev/null +++ b/doc/man/bcfg2-server.txt @@ -0,0 +1,51 @@ +.. vim: ft=rst + +bcfg2-server +============ + +.. program:: bcfg2-server + +Synopsis +-------- + +**bcfg2-server** [-d] [-v] [-C *configfile*] [-D *pidfile*] [-E +*encoding*] [-Q *repo path*] [-S *server url*] [-o *logfile*] [-x +*password*] [--ssl-key=\ *ssl key*] + +Description +----------- + +:program:`bcfg2-server` is the daemon component of Bcfg2 which serves +configurations to clients based on the data in its repository. + +Options +------- + +-C *configfile* + Specify alternate bcfg2.conf location. + +-D *pidfile* + Daemonize, placing the program pid in the specified pidfile. + +-E *encoding* + Specify the encoding of config files (default is UTF-8). + +-Q *repo path* + Set repository path. + +-S *https://server:port* + Set server address. + +-d + Run :program:`bcfg2-server` in debug mode. + +-v + Run :program:`bcfg2-server` in verbose mode. + +--ssl-key=\ *ssl key* + Set path to SSL key. + +See Also +-------- + +:manpage:`bcfg2(1)`, :manpage:`bcfg2-lint(8)` diff --git a/doc/man/bcfg2.conf.txt b/doc/man/bcfg2.conf.txt new file mode 100644 index 000000000..1c085e0c5 --- /dev/null +++ b/doc/man/bcfg2.conf.txt @@ -0,0 +1,714 @@ +.. vim: ft=rst + +bcfg2.conf +========== + +Description +----------- + +bcfg2.conf includes configuration parameters for the Bcfg2 server and +client. + +File format +----------- + +The file is INI-style and consists of sections and options. A section +begins with the name of the sections in square brackets and continues +until the next section begins. + +Options are specified in the form "name=value". + +The file is line-based each newline-terminated line represents either a +comment, a section name or an option. + +Any line beginning with a hash (#) is ignored, as are lines containing +only whitespace. + +Server options +-------------- + +These options are only necessary on the Bcfg2 server. They are specified +in the **[server]** section of the configuration file. + +repository + Specifies the path to the Bcfg2 repository containing all of the + configuration specifications. The repository should be created using + the `bcfg2-admin init` command. + +filemonitor + The file monitor used to watch for changes in the repository. The + default is the best available monitor. The following values are + valid:: + + inotify + gamin + fam + pseudo + +ignore_files + A comma-separated list of globs that should be ignored by the file + monitor. Default values are:: + + *~ + *# + #* + *.swp + *.swpx + *.swx + SCCS + .svn + 4913 + .gitignore + +listen_all + This setting tells the server to listen on all available interfaces. + The default is to only listen on those interfaces specified by the + bcfg2 setting in the components section of `bcfg2.conf`. + +plugins + A comma-delimited list of enabled server plugins. Currently + available plugins are:: + + Account + Base + Bundler + Bzr + Cfg + Cvs + Darcs + DBStats + Decisions + Deps + Editor + FileProbes + Fossil + Git + GroupPatterns + Guppy + Hg + Hostbase + Ldap + Metadata + NagiosGen + Ohai + Packages + Pkgmgr + POSIXCompat + Probes + Properties + PuppetENC + Reporting + Rules + SEModules + ServiceCompat + Snapshots + SSHbase + SSLCA + Statistics + Svn + TCheetah + TemplateHelper + TGenshi + Trigger + + Descriptions of each plugin can be found in their respective + sections below. + +prefix + Specifies a prefix if the Bcfg2 installation isn't placed in the + default location (e.g. `/usr/local`). + +backend + Specifies which server core backend to use. Current available + options are:: + + cherrypy + builtin + best + + The default is *best*, which is currently an alias for *builtin*. + More details on the backends can be found in the official + documentation. + +user + The username or UID to run the daemon as. Default is *0*. + +group + The group name or GID to run the daemon as. Default is *0*. + +vcs_root + Specifies the path to the root of the VCS working copy that holds + your Bcfg2 specification, if it is different from *repository*. + E.g., if the VCS repository does not hold the bcfg2 data at the top + level, you may need to set this option. + +Server Plugins +-------------- + +This section has a listing of all the plugins currently provided with +Bcfg2. + +Account Plugin +++++++++++++++ + +The account plugin manages authentication data, including the following. + +* `/etc/passwd` +* `/etc/group` +* `/etc/security/limits.conf` +* `/etc/sudoers` +* `/root/.ssh/authorized_keys` + +Base Plugin ++++++++++++ + +The Base plugin is a structure plugin that provides the ability +to add lists of unrelated entries into client configuration entry +inventories. Base works much like Bundler in its file format. This +structure plugin is good for the pile of independent configs needed for +most actual systems. + +Bundler Plugin +++++++++++++++ + +The Bundler plugin is used to describe groups of inter-dependent +configuration entries, such as the combination of packages, configuration +files, and service activations that comprise typical Unix daemons. Bundles +are used to add groups of configuration entries to the inventory of +client configurations, as opposed to describing particular versions of +those entries. + +Bzr Plugin +++++++++++ + +The Bzr plugin allows you to track changes to your Bcfg2 repository +using a GNU Bazaar version control backend. Currently, it enables you to +get revision information out of your repository for reporting purposes. + +Cfg Plugin +++++++++++ + +The Cfg plugin provides a repository to describe configuration file +contents for clients. In its simplest form, the Cfg repository is just a +directory tree modeled off of the directory tree on your client +machines. + +Cvs Plugin (experimental) ++++++++++++++++++++++++++ + +The Cvs plugin allows you to track changes to your Bcfg2 repository +using a Concurrent version control backend. Currently, it enables you to +get revision information out of your repository for reporting purposes. + +Darcs Plugin (experimental) ++++++++++++++++++++++++++++ + +The Darcs plugin allows you to track changes to your Bcfg2 repository +using a Darcs version control backend. Currently, it enables you to get +revision information out of your repository for reporting purposes. + +DBStats Plugin +++++++++++++++ + +Direct to database statistics plugin. + +Decisions Plugin +++++++++++++++++ + +The Decisions plugin has support for a centralized set of per-entry +installation decisions. This approach is needed when particular changes +are deemed "*high risk*"; this gives the ability to centrally specify +these changes, but only install them on clients when administrator +supervision is available. + +Defaults Plugin ++++++++++++++++ + +The Defaults plugin can be used to populate default attributes for +entries. Defaults is *not* a Generator plugin, so it does not actually +bind an entry; Defaults are applied after an entry has been bound, +and only populate attributes that are not yet set. + +Deps Plugin ++++++++++++ + +The Deps plugin allows you to make a series of assertions like "Package +X requires Package Y (and optionally also Package Z etc.)" + +Editor Plugin ++++++++++++++ + +The Editor plugin attempts to allow you to partially manage +configuration for a file. Its use is not recommended and not well +documented. + +FileProbes Plugin ++++++++++++++++++ + +The FileProbes plugin allows you to probe a client for a file, which is +then added to the Cfg specification. If the file changes on the client, +FileProbes can either update it in the specification or allow Cfg to +replace it. + +Fossil Plugin ++++++++++++++ + +The Fossil plugin allows you to track changes to your Bcfg2 repository +using a Fossil SCM version control backend. Currently, it enables you to +get revision information out of your repository for reporting purposes. + +Git Plugin +++++++++++ + +The Git plugin allows you to track changes to your Bcfg2 repository +using a Git version control backend. Currently, it enables you to get +revision information out of your repository for reporting purposes. + +GroupPatterns Plugin +++++++++++++++++++++ + +The GroupPatterns plugin is a connector that can assign clients group +membership based on patterns in client hostnames. + +Guppy Plugin +++++++++++++ + +The Guppy plugin is used to trace memory leaks within the bcfg2-server +process using Guppy. + +Hg Plugin (experimental) +++++++++++++++++++++++++ + +The Hg plugin allows you to track changes to your Bcfg2 repository using +a Mercurial version control backend. Currently, it enables you to get +revision information out of your repository for reporting purposes. + +Hostbase Plugin ++++++++++++++++ + +The Hostbase plugin is an IP management system built on top of Bcfg2. + +Ldap Plugin ++++++++++++ + +The Ldap plugin makes it possible to fetch data from an LDAP directory, +process it and attach it to your metadata. + +Metadata Plugin ++++++++++++++++ + +The Metadata plugin is the primary method of specifying Bcfg2 server +metadata. + +NagiosGen Plugin +++++++++++++++++ + +The NagiosGen plugin dynamically generates Nagios configuration files +based on Bcfg2 data. + +Ohai Plugin (experimental) +++++++++++++++++++++++++++ + +The Ohai plugin is used to detect information about the client operating +system. The data is reported back to the server using JSON. + +Packages Plugin ++++++++++++++++ + +The Packages plugin is an alternative to Pkgmgr for specifying package +entries for clients. Where Pkgmgr explicitly specifies package entry +information, Packages delegates control of package version information +to the underlying package manager, installing the latest version +available from through those channels. + +Pkgmgr Plugin ++++++++++++++ + +The Pkgmgr plugin resolves the Abstract Configuration Entity "Package" +to a package specification that the client can use to detect, verify and +install the specified package. + +POSIXCompat Plugin +++++++++++++++++++ + +The POSIXCompat plugin provides a compatibility layer for 1.3 POSIX +Entries so that they are compatible with older clients. + +Probes Plugin ++++++++++++++ + +The Probes plugin gives you the ability to gather information from a +client machine before you generate its configuration. This information +can be used with the various templating systems to generate +configuration based on the results. + +Properties Plugin ++++++++++++++++++ + +The Properties plugin is a connector plugin that adds information from +properties files into client metadata instances. + +PuppetENC Plugin +++++++++++++++++ + +The PuppetENC plugin is a connector plugin that adds support for Puppet +External Node Classifiers. + +Reporting Plugin +++++++++++++++++ + +The Reporting plugin enables the collection of data for use with Bcfg2's +dynamic reporting system. + +Rules Plugin +++++++++++++ + +The Rules plugin provides literal configuration entries that resolve the +abstract configuration entries normally found in the Bundler and Base +plugins. The literal entries in Rules are suitable for consumption by +the appropriate client drivers. + +SEModules Plugin +++++++++++++++++ + +The SEModules plugin provides a way to distribute SELinux modules via +Bcfg2. + +ServiceCompat Plugin +++++++++++++++++++++ + +The ServiceCompat plugin converts service entries for older clients. + +Snapshots Plugin +++++++++++++++++ + +The Snapshots plugin stores various aspects of a client’s state when the +client checks in to the server. + +SSHbase Plugin +++++++++++++++ + +The SSHbase generator plugin manages ssh host keys (both v1 and v2) for +hosts. It also manages the ssh_known_hosts file. It can integrate host +keys from other management domains and similarly export its keys. + +SSLCA Plugin +++++++++++++ + +The SSLCA plugin is designed to handle creation of SSL privatekeys and +certificates on request. + +Statistics +++++++++++ + +The Statistics plugin is deprecated (see Reporting). + +Svn Plugin +++++++++++ + +The Svn plugin allows you to track changes to your Bcfg2 repository +using a Subversion backend. Currently, it enables you to get revision +information out of your repository for reporting purposes. + +TCheetah Plugin ++++++++++++++++ + +The TCheetah plugin allows you to use the cheetah templating system to +create files. It also allows you to include the results of probes +executed on the client in the created files. + +TGenshi Plugin +++++++++++++++ + +The TGenshi plugin allows you to use the Genshi templating system to +create files. It also allows you to include the results of probes +executed on the client in the created files. + +Trigger Plugin +++++++++++++++ + +The Trigger plugin provides a method for calling external scripts when +clients are configured. + +Client options +-------------- + +These options only affect client functionality. They can be specified in +the **[client]** section. + + decision + Specify the server decision list mode (whitelist or blacklist). + (This settiing will be ignored if the client is called with the + -f option). + + drivers + Specify tool driver set to use. This option can be used to + explicitly specify the client tool drivers you want to use when + the client is run. + + paranoid + Run the client in paranoid mode. + + profile + Assert the given profile for the host. + +Communication options +--------------------- + +Specified in the **[communication]** section. These options define +settings used for client-server communication. + + ca + The path to a file containing the CA certificate. This file is + required on the server, and optional on clients. However, if the + cacert is not present on clients, the server cannot be verified. + + certificate + The path to a file containing a PEM formatted certificate which + signs the key with the ca certificate. This setting is required + on the server in all cases, and required on clients if using + client certificates. + + key + Specifies the path to a file containing the SSL Key. This is + required on the server in all cases, and required on clients if + using client certificates. + + password + Required on both the server and clients. On the server, sets + the password clients need to use to communicate. On a client, + sets the password to use to connect to the server. + + protocol + Communication protocol to use. Defaults to xmlrpc/ssl. + + retries + A client-only option. Number of times to retry network + communication. Default is 3 retries. + + retry_delay + A client-only option. Number of seconds to wait in between + retrying network communication. Default is 1 second. + + serverCommonNames + A client-only option. A colon-separated list of Common Names the + client will accept in the SSL certificate presented by the server. + + timeout + A client-only option. The network communication timeout. + + user + A client-only option. The UUID of the client. + +Component options +----------------- + +Specified in the **[components]** section. + + bcfg2 + URL of the server. On the server this specifies which interface + and port the server listens on. On the client, this specifies + where the client will attempt to contact the server. + + e.g. `bcfg2 = https://10.3.1.6:6789` + + encoding + Text encoding of configuration files. Defaults to UTF-8. + + lockfile + The path to the client lock file, which is used to ensure that + only one Bcfg2 client runs at a time on a single client. + +Logging options +--------------- + +Specified in the **[logging]** section. These options control the server +logging functionality. + + debug + Whether or not to enable debug-level log output. Default is false. + + path + Server log file path. + + syslog + Whether or not to send logging data to syslog. Default is true. + + verbose + Whether or not to enable verbose log output. Default is false. + +MDATA options +------------- + +Specified in the **[mdata]** section. These options affect the default +metadata settings for Paths with type='file'. + + owner + Global owner for Paths (defaults to root) + + group + Global group for Paths (defaults to root) + + mode + Global permissions for Paths (defaults to 644) + + secontext + Global SELinux context for Path entries (defaults to + *__default__*, which restores the expected context) + + paranoid + Global paranoid settings for Paths (defaults to false) + + sensitive + Global sensitive settings for Paths (defaults to false) + + important + Global important settings for Paths. Defaults to false. + +Packages options +---------------- + +The following options are specified in the **[packages]** section. + + resolver + Enable dependency resolution. Default is 1 (true). + + metadata + Enable metadata processing. Default is 1 (true). If metadata is + disabled, it’s implied that resolver is also disabled. + + yum_config + The path at which to generate Yum configs. No default. + + apt_config + The path at which to generate APT configs. No default. + + gpg_keypath + The path on the client where RPM GPG keys will be copied before + they are imported on the client. Default is `/etc/pki/rpm-gpg`. + + version + Set the version attribute used when binding Packages. Default is + auto. + +The following options are specified in the **[packages:yum]** section. + + use_yum_libraries + By default, Bcfg2 uses an internal implementation of Yum’s + dependency resolution and other routines so that the Bcfg2 server + can be run on a host that does not support Yum itself. If you + run the Bcfg2 server on a machine that does have Yum libraries, + however, you can enable use of those native libraries in Bcfg2 + by setting this to 1. + + helper + Path to bcfg2-yum-helper. By default, Bcfg2 looks first in $PATH + and then in `/usr/sbin/bcfg2-yum-helper` for the helper. + +The following options are specified in the **[packages:pulp]** section. + + username + The username of a Pulp user that will be used to register new + clients and bind them to repositories. + + password + The password of a Pulp user that will be used to register new + clients and bind them to repositories. + +All other options in the **[packages:yum]** section will be passed along +verbatim to the Yum configuration if you are using the native Yum +library support. + +Paranoid options +---------------- + +These options allow for finer-grained control of the paranoid mode on +the Bcfg2 client. They are specified in the **[paranoid]** section of +the configuration file. + + path + Custom path for backups created in paranoid mode. The default is + in `/var/cache/bcfg2`. + + max_copies + Specify a maximum number of copies for the server to keep when + running in paranoid mode. Only the most recent versions of these + copies will be kept. + +Snapshots options +----------------- + +Specified in the **[snapshots]** section. These options control the +server snapshots functionality. + + driver + sqlite + + database + The name of the database to use for statistics data. + + e.g.: `$REPOSITORY_DIR/etc/bcfg2.sqlite` + +SSLCA options +------------- + +These options are necessary to configure the SSLCA plugin and can be +found in the **[sslca_default]** section of the configuration file. + + config + Specifies the location of the openssl configuration file for + your CA. + + passphrase + Specifies the passphrase for the CA’s private key (if + necessary). If no passphrase exists, it is assumed that the + private key is stored unencrypted. + + chaincert + Specifies the location of your ssl chaining certificate. This is + used when pre-existing certifcate hostfiles are found, so that + they can be validated and only regenerated if they no longer + meet the specification. If you’re using a self signing CA this + would be the CA cert that you generated. + +Database options +---------------- + +Server-only, specified in the **[database]** section. These options +control the database connection of the server. + + engine + The database engine used by the statistics module. One of the + following:: + + postgresql + mysql + sqlite3 + ado_mssql + + name + The name of the database to use for statistics data. If + 'database_engine' is set to 'sqlite3' this is a file path to + the sqlite file and defaults to `$REPOSITORY_DIR/etc/brpt.sqlite`. + + user + User for database connections. Not used for sqlite3. + + password + Password for database connections. Not used for sqlite3. + + host + Host for database connections. Not used for sqlite3. + + port + Port for database connections. Not used for sqlite3. + + time_zone + Specify a time zone other than that used on the system. (Note + that this will cause the Bcfg2 server to log messages in this + time zone as well). + +See Also +-------- + +:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)` diff --git a/doc/man/bcfg2.txt b/doc/man/bcfg2.txt new file mode 100644 index 000000000..54560127d --- /dev/null +++ b/doc/man/bcfg2.txt @@ -0,0 +1,166 @@ +.. vim: ft=rst + +bcfg2 +===== + +.. program:: bcfg2 + +Synopsis +-------- + +**bcfg2** [*options*] + +Description +----------- + +:program:`bcfg2` runs the Bcfg2 configuration process on the current +host. This process consists of the following steps. + +* Fetch and execute probes +* Upload probe results +* Fetch the client configuration +* Check the current client state +* Attempt to install the desired configuration +* Upload statistics about the Bcfg2 execution and client state + +Options +------- + +-B + Configure everything except the given bundle(s). + +-C *configfile* + Specify alternate bcfg2.conf location. + +-D [*driver1,driver2*] + Specify a set of Bcfg2 tool drivers. + + *NOTE: only drivers listed will be loaded. (e.g., if you do not + include POSIX, you will be unable to verify/install Path entries).* + +-E *encoding* + Specify the encoding of config files. + +-I + Run bcfg2 in interactive mode. The user will be prompted before + each change. + +-O + Omit lock check. + +-P + Run bcfg2 in paranoid mode. Diffs will be logged for configuration + files marked as paranoid by the Bcfg2 server. + +-Q + Run bcfg2 in "bundle quick" mode, where only entries in a bundle are + verified or installed. This runs much faster than -q, but doesn't + provide statistics to the server at all. In order for this option to + work, the -b option must also be provided. This option is incompatible + with -r. + +-R *retrycount* + Specify the number of times that the client will attempt to retry + network communication. + +-S *https://server:port* + Manually specify the server location (as opposed to using the value + in bcfg2.conf). + +-Z + Do not configure independent entries. + +-b *bundle1:bundle2* + Run bcfg2 against one or multiple bundles in the configuration. + +-c *cachefile* + Cache a copy of the configuration in cachefile. + +--ca-cert=\ *cacert* + Specifiy the path to the SSL CA certificate. + +-d + Run bcfg2 in debug mode. + +-e + When in verbose mode, display extra entry information (temporary + until verbosity rework). + +-f *path* + Configure from a file rather than querying the server. + +-h + Print usage information. + +-k + Run in bulletproof mode. This currently only affects behavior in + the debian toolset; it calls apt-get update and clean and dpkg + --configure --pending. + +-l *whitelist|blacklist|none* + Run the client in the server decision list mode (unless "none" + is specified, which can be done in order to override the decision + list mode specified in bcfg2.conf). This approach is needed when + particular changes are deemed "high risk". It gives the ability + tocentrally specify these changes, but only install them on clients + when administrator supervision is available. Because collaborative + configuration is one of the remaining hard issues in configuration + management, these issues typically crop up in environments with + several administrators and much configuration variety. (This setting + will be ignored if the -f option is also specified). + +-n + Run bcfg2 in dry-run mode. No changes will be made to the system. + +-o *logfile* + Writes a log to the specified path. + +-p *profile* + Assert a profile for the current client. + +-q + Run bcfg2 in quick mode. Package checksum verification won't be + performed. This mode relaxes the constraints of correctness, and + thus should only be used in safe conditions. + +-r *mode* + Cause bcfg2 to remove extra configuration elements it detects. Mode + is one of all, Services, or Packages. All removes all entries. + Likewise, Services and Packages remove only the extra configuration + elements of the respective type. + +-s *servicemode* + Set bcfg2 interaction level for services. Default behavior is to + modify all services affected by reconfiguration. build mode attempts + to stop all services started. disabled suppresses all attempts to + modify services. + +--ssl-cert=\ *cert* + Specify the path to the SSL certificate. + +--ssl-cns=\ *CN1:CN2* + List of acceptable SSL server Common Names. + +--ssl-key=\ *key* + Specify the path to the SSL key. + +-u *user* + Attempt to authenticate as 'user'. + +-t *timeout* + Set the timeout (in seconds) for client communication. Default is + 90 seconds. + +-v + Run bcfg2 in verbose mode. + +-x *password* + Use 'password' for client communication. + +-z + Only configure independent entries, ignore bundles. + +See Also +-------- + +:manpage:`bcfg2-server(8)`, :manpage:`bcfg2-info(8)` |