summaryrefslogtreecommitdiffstats
path: root/doc/man/bcfg2.txt
blob: 6a77a4a3cfeb3ad64678c9c78e6f9e419037a1d7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
.. -*- mode: rst -*-
.. vim: ft=rst

bcfg2
=====

.. program:: bcfg2

Synopsis
--------

**bcfg2** [*options*]

Description
-----------

:program:`bcfg2` runs the Bcfg2 configuration process on the current
host. This process consists of the following steps.

* Fetch and execute probes
* Upload probe results
* Fetch the client configuration
* Check the current client state
* Attempt to install the desired configuration
* Upload statistics about the Bcfg2 execution and client state

Options
-------

-B                Configure everything except the given bundle(s).
-C configfile     Specify alternate bcfg2.conf location.
-D drivers        Specify a comma-delimited set of Bcfg2 tool
                  drivers. *NOTE: only drivers listed will be
                  loaded. (e.g., if you do not include POSIX, you will
                  be unable to verify/install Path entries).*
-E encoding       Specify the encoding of config files.
-I                Run bcfg2 in interactive mode. The user will be
                  prompted before each change.
-O                Omit lock check.
-P                Run bcfg2 in paranoid mode. Diffs will be logged for
                  configuration files marked as paranoid by the Bcfg2
                  server.
-Q                Run bcfg2 in "bundle quick" mode, where only entries
                  in a bundle are verified or installed. This runs
                  much faster than -q, but doesn't provide statistics
                  to the server at all. In order for this option to
                  work, the -b option must also be provided. This
                  option is incompatible with -r.
-R retrycount     Specify the number of times that the client will
                  attempt to retry network communication.
-S server         Manually specify the server location (as opposed to
                  using the value in bcfg2.conf). This should be in
                  the format "https://server:port"
-Z                Do not configure independent entries.
-b bundles        Run only the specified colon-delimited set of
                  bundles.
-c cachefile      Cache a copy of the configuration in cachefile.
--ca-cert=cacert  Specifiy the path to the SSL CA certificate.
-d                Enable debugging output.
-e                When in verbose mode, display extra entry
                  information.
-f path           Configure from a file rather than querying the
                  server.
-h                Print usage information.
-k                Run in bulletproof mode. This currently only
                  affects behavior in the debian toolset; it calls
                  apt-get update and clean and dpkg --configure
                  --pending.
-l decisionmode   Run the client in the specified decision list mode
                  ("whitelist" or "blacklist"), or "none", which can
                  be used in order to override the decision list mode
                  specified in bcfg2.conf). This approach is needed
                  when particular changes are deemed "high risk". It
                  gives the ability tocentrally specify these changes,
                  but only install them on clients when administrator
                  supervision is available. Because collaborative
                  configuration is one of the remaining hard issues in
                  configuration management, these issues typically
                  crop up in environments with several administrators
                  and much configuration variety. (This setting will
                  be ignored if the -f option is also specified).
-n                Run bcfg2 in dry-run mode. No changes will be made
                  to the system.
-o logfile        Writes a log to the specified path.
-p profile        Assert a profile for the current client.
-q                Run bcfg2 in quick mode. Package checksum
                  verification won't be performed. This mode relaxes
                  the constraints of correctness, and thus should only
                  be used in safe conditions.
-r mode           Cause bcfg2 to remove extra configuration elements
                  it detects. Mode is one of "all", "Services", or
                  "Packages". "all" removes all entries. Likewise,
                  "Services" and "Packages" remove only the extra
                  configuration elements of the respective type.
-s servicemode    Set bcfg2 interaction level for services. Default
                  behavior is to modify all services affected by
                  reconfiguration. "build" mode attempts to stop all
                  services started. "disabled" suppresses all attempts
                  to modify services.
--ssl-cert=cert   Specify the path to the SSL certificate.
--ssl-cns=CNs     Colon-delimited list of acceptable SSL server Common
                  Names.
--ssl-key=key     Specify the path to the SSL key.
-u user           Attempt to authenticate as 'user'.
-t timeout        Set the timeout (in seconds) for client
                  communication. Default is 90 seconds.
-v                Run bcfg2 in verbose mode.
-x password       Use 'password' for client communication.
-z                Only configure independent entries, ignore bundles.

See Also
--------

:manpage:`bcfg2-server(8)`, :manpage:`bcfg2-info(8)`