bcfg2 - Bcfg2 client tool
runs the Bcfg2 configuration process on the current host. This
process consists of the following steps.
- Fetch and execute probes
- Upload probe results
- Fetch the client configuration
- Check the current client state
- Attempt to install the desired configuration
- Upload statistics about the Bcfg2 execution and client
- Configure everything except the given bundle(s).
- -C configfile
- Specify alternate bcfg2.conf location.
- -D drivers
- Specify a comma-delimited set of Bcfg2 tool drivers.
NOTE: only drivers listed will be loaded. (e.g., if you do not
include POSIX, you will be unable to verify/install Path
- -E encoding
- Specify the encoding of config files.
- Run bcfg2 in interactive mode. The user will be prompted
before each change.
- Omit lock check.
- Run bcfg2 in paranoid mode. Diffs will be logged for
configuration files marked as paranoid by the Bcfg2 server.
- Run bcfg2 in "bundle quick" mode, where only
entries in a bundle are verified or installed. This runs much faster than
-q, but doesn't provide statistics to the server at all. In order for this
option to work, the -b option must also be provided. This option is
incompatible with -r.
- -R retrycount
- Specify the number of times that the client will attempt to
retry network communication.
- -S server
- Manually specify the server location (as opposed to using
the value in bcfg2.conf). This should be in the format "
- Do not configure independent entries.
- -b bundles
- Run only the specified colon-delimited set of bundles.
- -c cachefile
- Cache a copy of the configuration in cachefile.
- Specifiy the path to the SSL CA certificate.
- Enable debugging output.
- When in verbose mode, display extra entry information.
- -f path
- Configure from a file rather than querying the server.
- Print usage information.
- Run in bulletproof mode. This currently only affects
behavior in the debian toolset; it calls apt-get update and clean and dpkg
- -l decisionmode
- Run the client in the specified decision list mode
("whitelist" or "blacklist"), or "none",
which can be used in order to override the decision list mode specified in
bcfg2.conf). This approach is needed when particular changes are deemed
"high risk". It gives the ability tocentrally specify these
changes, but only install them on clients when administrator supervision
is available. Because collaborative configuration is one of the remaining
hard issues in configuration management, these issues typically crop up in
environments with several administrators and much configuration variety.
(This setting will be ignored if the -f option is also specified).
- Run bcfg2 in dry-run mode. No changes will be made to the
- -o logfile
- Writes a log to the specified path.
- -p profile
- Assert a profile for the current client.
- Run bcfg2 in quick mode. Package checksum verification
won't be performed. This mode relaxes the constraints of correctness, and
thus should only be used in safe conditions.
- -r mode
- Cause bcfg2 to remove extra configuration elements it
detects. Mode is one of "all", "Services",
"Packages", or "Users". "all" removes all
extra entries. "Services", "Packages", and
"Users" remove only the extra configuration elements of the
respective type. ("Services" actually just disables extra
services, since they can't be removed, and "Users" removes extra
POSIXUser and POSIXUser entries.)
- -s servicemode
- Set bcfg2 interaction level for services. Default behavior
is to modify all services affected by reconfiguration. "build"
mode attempts to stop all services started. "disabled"
suppresses all attempts to modify services.
- Specify the path to the SSL certificate.
- Colon-delimited list of acceptable SSL server Common
- Specify the path to the SSL key.
- -u user
- Attempt to authenticate as 'user'.
- -t timeout
- Set the timeout (in seconds) for client communication.
Default is 90 seconds.
- Run bcfg2 in verbose mode.
- -x password
- Use 'password' for client communication.
- Only configure independent entries, ignore bundles.