Class: Puppet::Application::Agent

Inherits:

Puppet::Application

• Object
• Puppet::Application
• Puppet::Application::Agent

Defined in:

lib/vendor/puppet/application/agent.rb

Constant Summary

Constants inherited from Puppet::Application

DOCPATTERN

Constants included from Util

Util::AbsolutePathPosix, Util::AbsolutePathWindows

Instance Attribute Summary

• #agent ⇒ Object

  Returns the value of attribute agent.

• #args ⇒ Object

  Returns the value of attribute args.

• #daemon ⇒ Object

  Returns the value of attribute daemon.

• #host ⇒ Object

  Returns the value of attribute host.

Attributes inherited from Puppet::Application

#command_line, #options

Instance Method Summary

• #enable_disable_client(agent) ⇒ Object
• #fingerprint ⇒ Object
• #help ⇒ Object
• #main ⇒ Object
• #onetime ⇒ Object
• #preinit ⇒ Object
• #run_command ⇒ Object
• #setup ⇒ Object
• #setup_agent ⇒ Object
• #setup_host ⇒ Object
• #setup_listen ⇒ Object
• #setup_test ⇒ Object

  Enable all of the most common test options.

Methods inherited from Puppet::Application

[], banner, clear!, clear?, #configure_indirector_routes, controlled_run, exit, find, #handlearg, #initialize, interrupted?, #name, option, option_parser_commands, #parse_options, restart!, restart_requested?, #run, run_mode, #set_run_mode, #setup_logs, should_not_parse_config, should_parse_config, #should_parse_config?, should_parse_config?, stop!, stop_requested?

Methods included from Util

absolute_path?, activerecord_version, benchmark, binread, chuser, classproxy, #execfail, #execpipe, execute, execute_posix, execute_windows, logmethods, memory, path_to_uri, proxy, replace_file, safe_posix_fork, symbolize, symbolizehash, symbolizehash!, synchronize_on, thinmark, #threadlock, uri_to_path, wait_for_output, which, withumask

Methods included from Util::POSIX

#get_posix_field, #gid, #idfield, #methodbyid, #methodbyname, #search_posix_field, #uid

Constructor Details

This class inherits a constructor from Puppet::Application

Instance Attribute Details

#agent ⇒ Object

Returns the value of attribute agent.

# File 'lib/vendor/puppet/application/agent.rb', line 8

def agent
  @agent
end

#args ⇒ Object

Returns the value of attribute args.

# File 'lib/vendor/puppet/application/agent.rb', line 8

def args
  @args
end

#daemon ⇒ Object

Returns the value of attribute daemon.

# File 'lib/vendor/puppet/application/agent.rb', line 8

def daemon
  @daemon
end

#host ⇒ Object

Returns the value of attribute host.

# File 'lib/vendor/puppet/application/agent.rb', line 8

def host
  @host
end

Instance Method Details

#enable_disable_client(agent) ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 374

def enable_disable_client(agent)
  if options[:enable]
    agent.enable
  elsif options[:disable]
    agent.disable
  end
  exit(0)
end

#fingerprint ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 317

def fingerprint
  unless cert = host.certificate || host.certificate_request
    $stderr.puts "Fingerprint asked but no certificate nor certificate request have yet been issued"
    exit(1)
    return
  end
  unless fingerprint = cert.fingerprint(options[:digest])
    raise ArgumentError, "Could not get fingerprint for digest '#{options[:digest]}'"
  end
  puts fingerprint
end

#help ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 87

def help
  "\npuppet-agent(8) -- The puppet agent daemon\n========\n\nSYNOPSIS\n--------\nRetrieves the client configuration from the puppet master and applies it to\nthe local host.\n\nThis service may be run as a daemon, run periodically using cron (or something\nsimilar), or run interactively for testing purposes.\n\n\nUSAGE\n-----\npuppet agent [--certname <name>] [-D|--daemonize|--no-daemonize]\n[-d|--debug] [--detailed-exitcodes] [--digest <digest>] [--disable] [--enable]\n[--fingerprint] [-h|--help] [-l|--logdest syslog|<file>|console]\n[--no-client] [--noop] [-o|--onetime] [--serve <handler>] [-t|--test]\n[-v|--verbose] [-V|--version] [-w|--waitforcert <seconds>]\n\n\nDESCRIPTION\n-----------\nThis is the main puppet client. Its job is to retrieve the local\nmachine's configuration from a remote server and apply it. In order to\nsuccessfully communicate with the remote server, the client must have a\ncertificate signed by a certificate authority that the server trusts;\nthe recommended method for this, at the moment, is to run a certificate\nauthority as part of the puppet server (which is the default). The\nclient will connect and request a signed certificate, and will continue\nconnecting until it receives one.\n\nOnce the client has a signed certificate, it will retrieve its\nconfiguration and apply it.\n\n\nUSAGE NOTES\n-----------\n'puppet agent' does its best to find a compromise between interactive\nuse and daemon use. Run with no arguments and no configuration, it will\ngo into the background, attempt to get a signed certificate, and retrieve\nand apply its configuration every 30 minutes.\n\nSome flags are meant specifically for interactive use -- in particular,\n'test', 'tags' or 'fingerprint' are useful. 'test' enables verbose\nlogging, causes the daemon to stay in the foreground, exits if the\nserver's configuration is invalid (this happens if, for instance, you've\nleft a syntax error on the server), and exits after running the\nconfiguration once (rather than hanging around as a long-running\nprocess).\n\n'tags' allows you to specify what portions of a configuration you want\nto apply. Puppet elements are tagged with all of the class or definition\nnames that contain them, and you can use the 'tags' flag to specify one\nof these names, causing only configuration elements contained within\nthat class or definition to be applied. This is very useful when you are\ntesting new configurations -- for instance, if you are just starting to\nmanage 'ntpd', you would put all of the new elements into an 'ntpd'\nclass, and call puppet with '--tags ntpd', which would only apply that\nsmall portion of the configuration during your testing, rather than\napplying the whole thing.\n\n'fingerprint' is a one-time flag. In this mode 'puppet agent' will run\nonce and display on the console (and in the log) the current certificate\n(or certificate request) fingerprint. Providing the '--digest' option\nallows to use a different digest algorithm to generate the fingerprint.\nThe main use is to verify that before signing a certificate request on\nthe master, the certificate request the master received is the same as\nthe one the client sent (to prevent against man-in-the-middle attacks\nwhen signing certificates).\n\n\nOPTIONS\n-------\nNote that any configuration parameter that's valid in the configuration\nfile is also a valid long argument. For example, 'server' is a valid\nconfiguration parameter, so you can specify '--server <servername>' as\nan argument.\n\nSee the configuration file documentation at\nhttp://docs.puppetlabs.com/references/stable/configuration.html for the\nfull list of acceptable parameters. A commented list of all\nconfiguration options can also be generated by running puppet agent with\n'--genconfig'.\n\n* --certname:\nSet the certname (unique ID) of the client. The master reads this\nunique identifying string, which is usually set to the node's\nfully-qualified domain name, to determine which configurations the\nnode will receive. Use this option to debug setup problems or\nimplement unusual node identification schemes.\n\n* --daemonize:\nSend the process into the background. This is the default.\n\n* --no-daemonize:\nDo not send the process into the background.\n\n* --debug:\nEnable full debugging.\n\n* --detailed-exitcodes:\nProvide transaction information via exit codes. If this is enabled, an exit\ncode of '2' means there were changes, an exit code of '4' means there were\nfailures during the transaction, and an exit code of '6' means there were both\nchanges and failures.\n\n* --digest:\nChange the certificate fingerprinting digest algorithm. The default is\nMD5. Valid values depends on the version of OpenSSL installed, but\nshould always at least contain MD5, MD2, SHA1 and SHA256.\n\n* --disable:\nDisable working on the local system. This puts a lock file in place,\ncausing 'puppet agent' not to work on the system until the lock file\nis removed. This is useful if you are testing a configuration and do\nnot want the central configuration to override the local state until\neverything is tested and committed.\n\n'puppet agent' uses the same lock file while it is running, so no more\nthan one 'puppet agent' process is working at a time.\n\n'puppet agent' exits after executing this.\n\n* --enable:\nEnable working on the local system. This removes any lock file,\ncausing 'puppet agent' to start managing the local system again\n(although it will continue to use its normal scheduling, so it might\nnot start for another half hour).\n\n'puppet agent' exits after executing this.\n\n* --fingerprint:\nDisplay the current certificate or certificate signing request\nfingerprint and then exit. Use the '--digest' option to change the\ndigest algorithm used.\n\n* --help:\nPrint this help message\n\n* --logdest:\nWhere to send messages. Choose between syslog, the console, and a log\nfile. Defaults to sending messages to syslog, or the console if\ndebugging or verbosity is enabled.\n\n* --no-client:\nDo not create a config client. This will cause the daemon to run\nwithout ever checking for its configuration automatically, and only\nmakes sense when puppet agent is being run with listen = true in puppet.conf\nor was started with the `--listen` option.\n\n* --noop:\nUse 'noop' mode where the daemon runs in a no-op or dry-run mode. This\nis useful for seeing what changes Puppet will make without actually\nexecuting the changes.\n\n* --onetime:\nRun the configuration once. Runs a single (normally daemonized) Puppet\nrun. Useful for interactively running puppet agent when used in\nconjunction with the --no-daemonize option.\n\n* --serve:\nStart another type of server. By default, 'puppet agent' will start a\nservice handler that allows authenticated and authorized remote nodes\nto trigger the configuration to be pulled down and applied. You can\nspecify any handler here that does not require configuration, e.g.,\nfilebucket, ca, or resource. The handlers are in\n'lib/puppet/network/handler', and the names must match exactly, both\nin the call to 'serve' and in 'namespaceauth.conf'.\n\n* --test:\nEnable the most common options used for testing. These are 'onetime',\n'verbose', 'ignorecache', 'no-daemonize', 'no-usecacheonfailure',\n'detailed-exit-codes', 'no-splay', and 'show_diff'.\n\n* --verbose:\nTurn on verbose reporting.\n\n* --version:\nPrint the puppet version number and exit.\n\n* --waitforcert:\nThis option only matters for daemons that do not yet have certificates\nand it is enabled by default, with a value of 120 (seconds). This\ncauses 'puppet agent' to connect to the server every 2 minutes and ask\nit to sign a certificate request. This is useful for the initial setup\nof a puppet client. You can turn off waiting for certificates by\nspecifying a time of 0.\n\n\nEXAMPLE\n-------\n  $ puppet agent --server puppet.domain.com\n\n\nDIAGNOSTICS\n-----------\n\nPuppet agent accepts the following signals:\n\n* SIGHUP:\nRestart the puppet agent daemon.\n* SIGINT and SIGTERM:\nShut down the puppet agent daemon.\n* SIGUSR1:\nImmediately retrieve and apply configurations from the puppet master.\n* SIGUSR2:\nClose file descriptors for log files and reopen them. Used with logrotate.\n\nAUTHOR\n------\nLuke Kanies\n\n\nCOPYRIGHT\n---------\nCopyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License\n\n  HELP\nend\n"

#main ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 356

def main
  Puppet.notice "Starting Puppet client version #{Puppet.version}"

  @daemon.start
end

#onetime ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 329

def onetime
  unless options[:client]
    $stderr.puts "onetime is specified but there is no client"
    exit(43)
    return
  end

  @daemon.set_signal_traps

  begin
    report = @agent.run
  rescue => detail
    puts detail.backtrace if Puppet[:trace]
    Puppet.err detail.to_s
  end

  @daemon.stop(:exit => false)

  if not report
    exit(1)
  elsif options[:detailed_exitcodes] then
    exit(report.exit_status)
  else
    exit(0)
  end
end

#preinit ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 10

def preinit
  # Do an initial trap, so that cancels don't get a stack trace.
  Signal.trap(:INT) do
    $stderr.puts "Cancelling startup"
    exit(0)
  end

  {
    :waitforcert => nil,
    :detailed_exitcodes => false,
    :verbose => false,
    :debug => false,
    :centrallogs => false,
    :setdest => false,
    :enable => false,
    :disable => false,
    :client => true,
    :fqdn => nil,
    :serve => [],
    :digest => :MD5,
    :graph => true,
    :fingerprint => false,
  }.each do |opt,val|
    options[opt] = val
  end

  @args = {}
  require 'puppet/daemon'
  @daemon = Puppet::Daemon.new
  @daemon.argv = ARGV.dup
end

#run_command ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 311

def run_command
  return fingerprint if options[:fingerprint]
  return onetime if Puppet[:onetime]
  main
end

#setup ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 439

def setup
  setup_test if options[:test]

  setup_logs

  exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?

  args[:Server] = Puppet[:server]
  if options[:fqdn]
    args[:FQDN] = options[:fqdn]
    Puppet[:certname] = options[:fqdn]
  end

  if options[:centrallogs]
    logdest = args[:Server]

    logdest += ":" + args[:Port] if args.include?(:Port)
    Puppet::Util::Log.newdestination(logdest)
  end

  Puppet.settings.use :main, :agent, :ssl

  # Always ignoreimport for agent. It really shouldn't even try to import,
  # but this is just a temporary band-aid.
  Puppet[:ignoreimport] = true

  # We need to specify a ca location for all of the SSL-related i
  # indirected classes to work; in fingerprint mode we just need
  # access to the local files and we don't need a ca.
  Puppet::SSL::Host.ca_location = options[:fingerprint] ? :none : :remote

  Puppet::Transaction::Report.indirection.terminus_class = :rest
  # we want the last report to be persisted locally
  Puppet::Transaction::Report.indirection.cache_class = :yaml

  # Override the default; puppetd needs this, usually.
  # You can still override this on the command-line with, e.g., :compiler.
  Puppet[:catalog_terminus] = :rest

  # Override the default.
  Puppet[:facts_terminus] = :facter

  Puppet::Resource::Catalog.indirection.cache_class = :yaml

  unless options[:fingerprint]
    setup_agent
  else
    setup_host
  end
end

#setup_agent ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 410

def setup_agent
  # We need tomake the client either way, we just don't start it
  # if --no-client is set.
  require 'puppet/agent'
  require 'puppet/configurer'
  @agent = Puppet::Agent.new(Puppet::Configurer)

  enable_disable_client(@agent) if options[:enable] or options[:disable]

  @daemon.agent = agent if options[:client]

  # It'd be nice to daemonize later, but we have to daemonize before the
  # waitforcert happens.
  @daemon.daemonize if Puppet[:daemonize]

  setup_host

  @objects = []

  # This has to go after the certs are dealt with.
  if Puppet[:listen]
    unless Puppet[:onetime]
      setup_listen
    else
      Puppet.notice "Ignoring --listen on onetime run"
    end
  end
end

#setup_host ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 404

def setup_host
  @host = Puppet::SSL::Host.new
  waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : 120)
  cert = @host.wait_for_cert(waitforcert) unless options[:fingerprint]
end

#setup_listen ⇒ Object

# File 'lib/vendor/puppet/application/agent.rb', line 383

def setup_listen
  unless FileTest.exists?(Puppet[:rest_authconfig])
    Puppet.err "Will not start without authorization file #{Puppet[:rest_authconfig]}"
    exit(14)
  end

  handlers = nil

  if options[:serve].empty?
    handlers = [:Runner]
  else
    handlers = options[:serve]
  end

  require 'puppet/network/server'
  # No REST handlers yet.
  server = Puppet::Network::Server.new(:xmlrpc_handlers => handlers, :port => Puppet[:puppetport])

  @daemon.server = server
end

#setup_test ⇒ Object

Enable all of the most common test options.

# File 'lib/vendor/puppet/application/agent.rb', line 363

def setup_test
  Puppet.settings.handlearg("--ignorecache")
  Puppet.settings.handlearg("--no-usecacheonfailure")
  Puppet.settings.handlearg("--no-splay")
  Puppet.settings.handlearg("--show_diff")
  Puppet.settings.handlearg("--no-daemonize")
  options[:verbose] = true
  Puppet[:onetime] = true
  options[:detailed_exitcodes] = true
end