diff options
Diffstat (limited to 'doc/man/bcfg2.txt')
| -rw-r--r-- | doc/man/bcfg2.txt | 214 |
1 files changed, 81 insertions, 133 deletions
diff --git a/doc/man/bcfg2.txt b/doc/man/bcfg2.txt index 54560127d..6a77a4a3c 100644 --- a/doc/man/bcfg2.txt +++ b/doc/man/bcfg2.txt @@ -1,3 +1,4 @@ +.. -*- mode: rst -*- .. vim: ft=rst bcfg2 @@ -26,139 +27,86 @@ host. This process consists of the following steps. Options ------- --B - Configure everything except the given bundle(s). - --C *configfile* - Specify alternate bcfg2.conf location. - --D [*driver1,driver2*] - Specify a set of Bcfg2 tool drivers. - - *NOTE: only drivers listed will be loaded. (e.g., if you do not - include POSIX, you will be unable to verify/install Path entries).* - --E *encoding* - Specify the encoding of config files. - --I - Run bcfg2 in interactive mode. The user will be prompted before - each change. - --O - Omit lock check. - --P - Run bcfg2 in paranoid mode. Diffs will be logged for configuration - files marked as paranoid by the Bcfg2 server. - --Q - Run bcfg2 in "bundle quick" mode, where only entries in a bundle are - verified or installed. This runs much faster than -q, but doesn't - provide statistics to the server at all. In order for this option to - work, the -b option must also be provided. This option is incompatible - with -r. - --R *retrycount* - Specify the number of times that the client will attempt to retry - network communication. - --S *https://server:port* - Manually specify the server location (as opposed to using the value - in bcfg2.conf). - --Z - Do not configure independent entries. - --b *bundle1:bundle2* - Run bcfg2 against one or multiple bundles in the configuration. - --c *cachefile* - Cache a copy of the configuration in cachefile. - ---ca-cert=\ *cacert* - Specifiy the path to the SSL CA certificate. - --d - Run bcfg2 in debug mode. - --e - When in verbose mode, display extra entry information (temporary - until verbosity rework). - --f *path* - Configure from a file rather than querying the server. - --h - Print usage information. - --k - Run in bulletproof mode. This currently only affects behavior in - the debian toolset; it calls apt-get update and clean and dpkg - --configure --pending. - --l *whitelist|blacklist|none* - Run the client in the server decision list mode (unless "none" - is specified, which can be done in order to override the decision - list mode specified in bcfg2.conf). This approach is needed when - particular changes are deemed "high risk". It gives the ability - tocentrally specify these changes, but only install them on clients - when administrator supervision is available. Because collaborative - configuration is one of the remaining hard issues in configuration - management, these issues typically crop up in environments with - several administrators and much configuration variety. (This setting - will be ignored if the -f option is also specified). - --n - Run bcfg2 in dry-run mode. No changes will be made to the system. - --o *logfile* - Writes a log to the specified path. - --p *profile* - Assert a profile for the current client. - --q - Run bcfg2 in quick mode. Package checksum verification won't be - performed. This mode relaxes the constraints of correctness, and - thus should only be used in safe conditions. - --r *mode* - Cause bcfg2 to remove extra configuration elements it detects. Mode - is one of all, Services, or Packages. All removes all entries. - Likewise, Services and Packages remove only the extra configuration - elements of the respective type. - --s *servicemode* - Set bcfg2 interaction level for services. Default behavior is to - modify all services affected by reconfiguration. build mode attempts - to stop all services started. disabled suppresses all attempts to - modify services. - ---ssl-cert=\ *cert* - Specify the path to the SSL certificate. - ---ssl-cns=\ *CN1:CN2* - List of acceptable SSL server Common Names. - ---ssl-key=\ *key* - Specify the path to the SSL key. - --u *user* - Attempt to authenticate as 'user'. - --t *timeout* - Set the timeout (in seconds) for client communication. Default is - 90 seconds. - --v - Run bcfg2 in verbose mode. - --x *password* - Use 'password' for client communication. - --z - Only configure independent entries, ignore bundles. +-B Configure everything except the given bundle(s). +-C configfile Specify alternate bcfg2.conf location. +-D drivers Specify a comma-delimited set of Bcfg2 tool + drivers. *NOTE: only drivers listed will be + loaded. (e.g., if you do not include POSIX, you will + be unable to verify/install Path entries).* +-E encoding Specify the encoding of config files. +-I Run bcfg2 in interactive mode. The user will be + prompted before each change. +-O Omit lock check. +-P Run bcfg2 in paranoid mode. Diffs will be logged for + configuration files marked as paranoid by the Bcfg2 + server. +-Q Run bcfg2 in "bundle quick" mode, where only entries + in a bundle are verified or installed. This runs + much faster than -q, but doesn't provide statistics + to the server at all. In order for this option to + work, the -b option must also be provided. This + option is incompatible with -r. +-R retrycount Specify the number of times that the client will + attempt to retry network communication. +-S server Manually specify the server location (as opposed to + using the value in bcfg2.conf). This should be in + the format "https://server:port" +-Z Do not configure independent entries. +-b bundles Run only the specified colon-delimited set of + bundles. +-c cachefile Cache a copy of the configuration in cachefile. +--ca-cert=cacert Specifiy the path to the SSL CA certificate. +-d Enable debugging output. +-e When in verbose mode, display extra entry + information. +-f path Configure from a file rather than querying the + server. +-h Print usage information. +-k Run in bulletproof mode. This currently only + affects behavior in the debian toolset; it calls + apt-get update and clean and dpkg --configure + --pending. +-l decisionmode Run the client in the specified decision list mode + ("whitelist" or "blacklist"), or "none", which can + be used in order to override the decision list mode + specified in bcfg2.conf). This approach is needed + when particular changes are deemed "high risk". It + gives the ability tocentrally specify these changes, + but only install them on clients when administrator + supervision is available. Because collaborative + configuration is one of the remaining hard issues in + configuration management, these issues typically + crop up in environments with several administrators + and much configuration variety. (This setting will + be ignored if the -f option is also specified). +-n Run bcfg2 in dry-run mode. No changes will be made + to the system. +-o logfile Writes a log to the specified path. +-p profile Assert a profile for the current client. +-q Run bcfg2 in quick mode. Package checksum + verification won't be performed. This mode relaxes + the constraints of correctness, and thus should only + be used in safe conditions. +-r mode Cause bcfg2 to remove extra configuration elements + it detects. Mode is one of "all", "Services", or + "Packages". "all" removes all entries. Likewise, + "Services" and "Packages" remove only the extra + configuration elements of the respective type. +-s servicemode Set bcfg2 interaction level for services. Default + behavior is to modify all services affected by + reconfiguration. "build" mode attempts to stop all + services started. "disabled" suppresses all attempts + to modify services. +--ssl-cert=cert Specify the path to the SSL certificate. +--ssl-cns=CNs Colon-delimited list of acceptable SSL server Common + Names. +--ssl-key=key Specify the path to the SSL key. +-u user Attempt to authenticate as 'user'. +-t timeout Set the timeout (in seconds) for client + communication. Default is 90 seconds. +-v Run bcfg2 in verbose mode. +-x password Use 'password' for client communication. +-z Only configure independent entries, ignore bundles. See Also -------- |