Man pages
rudder(8)
DESCRIPTION
A tool to trigger actions or get information about a running rudder-agent, whether on agent or server. It only targets administration actions, for all node configuration tasks you can use the rudder-cli tool.
OPTIONS
- -h
-
Print command-line syntax and command options.
- -i
-
Print general information.
- -v
-
Print detailed information.
- -d
-
Print all available information.
- -c
-
Do not colorize output.
COMMANDS
The commands below are listed by component.
agent
commands for rudder agent, run with rudder agent command
- check
-
check if rudder agent has no problem and is running properly. Check that rudder agent is working properly.
-
generate missing UUID or keys
-
kill cfengine if there are too many processes
-
run cfengine if its daemon is missing
-
clean lock file if it is too big
-
check that policies have been properly copied
-
will sleep a random time (max half the run interval) when not run in interactive mode
Options:
-q: run the agent in quiet mode (display only error and warning messages)
-c: run the agent without color output
-f: prevent sleeping in non-interactive mode
-u: only check the uuid existence
-r: reset, do not try to restore backups
-
- diff
-
show diff between current file and the one before agent modification. This command will output file change in a diff format
Options:
-l: show diff from the given backup
-n: show diff from the nth backup before the last one
-d: show diff from a given date in the date command format (man date for details)
filename: the file to show diff from
- disable
-
forbid rudder-agent to be run by cron or service. This is useful when you want to temporarily prevent your Rudder agent from doing any modification to your system.
Options:
-s: stop rudder-agent in addition to disabling it
-k: keep cf-serverd when stopping agent
-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
- enable
-
re-enable a disabled rudder-agent.
Options:
-s: start rudder-agent in addition to enabling it
-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
- factory-reset
-
re-initialise the agent to make it be seen as a new node on the server. This command will delete all local agent data, including its uuid and keys, and also reset the agent internal state. The only configuration kept is the server hostname or ip configured in policy_server.dat. It will also send an inventory to the server, which will treat it as a new node inventory.
WARNING: This command will permanently delete your node uuid and keys, and no configuration will be applied before re-accepting and configuring the node on the server.
Options:
-f: force the reinitialization without asking for confirmation
-i: run the agent in information mode, prints basic information
-v: run the agent in verbose mode, prints detailed information
-d: run the agent in debug mode, prints low-level information
-q: run the agent in quiet mode (display only error messages)
-w: show full strings, never cut output
-c: run the agent without color output
-T: display timing information
-r: run the agent with raw output
-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.
- health
-
monitor agent health. Check that rudder agent has no problem
Options:
-n: run in nrpe mode, print a single line and return 0,1 or 2 put this line in your nrpe.cfg to use it command[check_rudder]=${RUDDER_DIR}/bin/rudder agent health -n
- history
-
read log of old agent runs. This command will output historic logs of agent runs.
Options:
-c: show history without color output
-n: show maximum n lines of history
-a: show all available lines of history (long)
- info
-
display a summary of agent information. Outputs detailed information about the agent configuration, especially what defines the node (hostname, uuid and key hash) and its policy server.
Options:
-v: run the agent in verbose mode, prints detailed information
- inventory
-
force the agent to create and send a new inventory. This will trigger a new inventory creation and send it to the policy server. Even if the agent will do it regularly, it can be used to force the update after a modification on the node. This won’t affect the node state, but only update server-side information.
Options:
-i: run the agent in information mode, prints basic information
-v: run the agent in verbose mode, prints detailed information
-d: run the agent in debug mode, prints low-level information
-q: run the agent in quiet mode (display only error messages)
-w: show full strings, never cut output
-c: run the agent without color output
-T: display timing information
-r: run the agent with raw output
-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.
-f: run the agent even if it is disabled
- log
-
read log of old agent runs. This command will output historic logs of agent runs.
Options:
-w: show full strings, never cut output
-c: show log without color output
-r: show log with raw output
-R: show log in completely unparsed mode, with no return code of 1 in case of error. A little faster.
-l: show log from the given file
-n: show log from the nth run before the last one
-d: show log from a given date in the date command format (man date for details)
-e: exit with an error if there was an error during policy application
-E: exit with an error if there a non compliance
Exit codes:
0: Agent ran normally
1: Agent encountered a critial error and could not run properly
2: Some policy encountered and error and -e parameter was passed
3: Some policy encountered a non compliance and -E parameter was passed
- modified
-
list modified files. List files recently modified by the agent.
Options:
- policy-server
-
displays or set the policy server. If called without arguments, displays current policy server. Sets the policy server to the hostname or IP given.
Arguments:
+ -t: trust provided sha256 server key hash
+ -p: server https port (only if not 443, only with -t option)
server: hostname or IP of the policy server to set
- reset
-
reset agent status and cache. Remove all locks and state cache of the agent, and restore initial policies. This won’t affect the desired state of the node, but will only reset the internal state of the agent. It is useful to test a rule without caching interference or when you have trouble with the policies updates, and is in most cases sufficient to resolve issues.
To completely reinitialize the agent and make it appear as a new node again, please use "rudder agent factory-reset" instead.
Options:
-i: run the agent in information mode, prints basic information
-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
- restore
-
restore a file as it was before Rudder modification. This command replace the file with is backup and make a new backup for de current version
Options:
-l: restore the given backup
-n: restore the nth backup before the last one
-d: restore from a given date in the date command format (man date for details)
-f: force restore, do not ask for confirmation filename: the file to show diff from
- run
-
force run agent policies. This command will force the agent to enforce current policies. You can run rudder agent update before to update the policies.
Options:
-u: update policy before running the agent (this is now the default)
-l: do not update policy before running the agent
-i: run the agent in information mode, prints basic information
-v: run the agent in verbose mode, prints detailed information (reports won’t be sent to the server)
-d: run the agent in debug mode, prints low-level information (reports won’t be sent to the server)
-q: run the agent in quiet mode (display only error messages)
-g: run the agent in full compliance mode (even if change only has been configured)
-w: show full strings, never cut output
-c: run the agent without color output
-T: display timing information
-r: run the agent with raw output
-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.
-N: do not write log in outputs dir (used when called internally)
-b: run the agent on a specific bundle, this is a debug command that should generally not be used
-D: define a class for this run
-f: run the agent even if it is disabled
-e: exit with an error if there was an error during policy application
-E: exit with an error if there a non compliance
Exit codes:
0: Agent ran normally
1: Agent encountered a critial error and could not run properly
2: Some policy encountered and error and -e parameter was passed
3: Some policy encountered a non compliance and -E parameter was passed
- server-keys-reset
-
Reset all keys known from this node.. This command will delete all known keys from this node, allowing it to connect to another server or relay by trusting it. Options:
-f: force the reset of all keys without asking for confirmation
-v: run the command in verbose mode
- set-force-audit
-
force rudder-agent to run in audit mode. This is useful when you want to ensure that the agent check compliance only, and won’t be doing any modification to your system. If agent is run in non audit, it will be automatically stopped.
Options:
-q: run the command in quiet mode (display only error messages)
-c: run the command without color output
- start
-
start the agent. Start the agent service using the appropriate service manager.
Options:
-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
- status
-
show the agent status.
Options:-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
- stop
-
stop the agent. Stop the agent service using the appropriate service manager.
Options:
-k: keep cf-serverd
-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
- unset-force-audit
-
allow agent to run in enforce mode (default). Cancel the change made by rudder agent set-force-audit.
Options:
-q: run the command in quiet mode (display only error messages)
-c: run the command without color output
- update
-
update policies on agent. The agent will fetch the last version of its policies from its configured policy server.
Options:
-i: run the agent in information mode, prints basic information
-v: run the agent in verbose mode, prints detailed information
-d: run the agent in debug mode, prints low-level information
-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
-f: force full update
- version
-
get the agent version. Displays the version of the Rudder agent and of the underlying CFEngine agent.
directive
commands for rudder directive, run with rudder directive command
- list
-
List directives that can be run on this agent. This command will list all directives an their ID to be used in directive-run command
Options:
-a: also show non runnable directives (system directives and directives with hooks)
-l: show long directive details
- run
-
Run a specific directive on this agent. This command runs one directive without running everything else
Options:
-u: UUID of the directive to run
-A: Force audit mode
-E: Force enforce mode
-y: allow running directives with hooks (beware, this may break your system)
-i: run the agent in information mode, prints basic information
-v: run the agent in verbose mode, prints detailed information (reports won’t be sent to the server)
-d: run the agent in debug mode, prints low-level information (reports won’t be sent to the server)
-q: run the agent in quiet mode (display only error messages)
-w: show full strings, never cut output
-c: run the agent without color output
-T: display timing information
-r: run the agent with raw output
-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.
-D: define a class for this run
-f: run the agent even if it is disabled
relay
commands for rudder relay, run with rudder relay command
- reload
-
start the relay service. Start the relay service using the appropriate service manager.
Options:
-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
-p: fix permissions of file used by relayd, and start it if not running
- start
-
start the relay service. Start the relay service using the appropriate service manager.
Options:
-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
- status
-
show the relay service status.
Options:-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
- stop
-
stop the relay service. Stop the relay service using the appropriate service manager.
Options:
-q: run the agent in quiet mode (display only error messages)
-c: run the agent without color output
remote
commands for rudder remote, run with rudder remote command
- run
-
trigger the execution of a remote agent. This command allows to override the agent run schedule and to immediately update the policies and enforce them on th specified node. This command is currently only allowed from the policy server of the target node.
Arguments:
nodes: comma-separated list of IP or hostname of the target node or 'all' for all nodes of the server
Options:
-i: run the agent in information mode, prints basic information
-v: run the agent in verbose mode, prints detailed information
-d: run the agent in debug mode, prints low-level information
-q: run the agent in quiet mode (display only error messages)
-w: show full strings, never cut output
-c: run the agent without color output
-T: display timing information
-r: run the agent with raw output
-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.
-D: define a class for this run
-a: run the agent on all known nodes
-g: run the agent on all nodes of the group UUID given in parameter
-e: exit with an error if there was an error during policy application
-E: exit with an error if there a non compliance
Exit codes:
0: Agent ran normally
1: Agent encountered a critial error and could not run properly
2: Some policy encountered and error and -e parameter was passed
3: Some policy encountered a non compliance and -E parameter was passed
server
commands for rudder server, run with rudder server command
- create-user
-
create an admin user account. This commands allows inserting a new user account. It is particularly useful to create the first admin account on the server. It requires that the authentication hash is bcrypt (default from fresh 6.1).
Options:
-u: specify the user name ("admin" by default)
-p: specify the user password (use with care as it is stored in history). Set the value to "" to use $ADMIN_PASSWORD from the environment instead
- debug
-
run a debug cf-serverd intended for a specific node. This command targets a specific node and does not affect the running infrastructure. In -l mode, it looks for existing logs for the given node. In -i mode, it uses iptables to redirect the specific node communications to the port the debug server is listening on (5310 by default).
Use Ctrl+C to stop the debug server.
Arguments:
-l: fetch debug logs for the given node
-i: run a debug server for the given node
node: IP or hostname of the host you want to debug
- directive-migrate-package
-
create a new package directive based on an out-to-date package directive.. create a new package directive based on an out-to-date package directive.
Out-to-date package techniques are {"aptPackageInstallation", "rpmPackageInstallation"}. Not all of the options present in the old package techniques are still available. The script will stop and do nothing if one parameter is not translatable.
If the script succeed, it will create a new directive, without rule assignement and the old directive will not be changed to ensure human verification on the parameters translation.
Arguments:
-o: old directive id
-c: raw color mode, all output are non-colored text
-i: verbose mode, display more detailed informations of the execution
- directive-replace
-
replace a directive occurrence in all the Rudder rules by another directive.. replace a directive occurrence in all the Rudder rules by another directive.
Arguments:
-o: old directive id
-n: new directive id
-c: raw color mode, all output are non-colored text
-i: verbose mode, display more detailed informations of the execution
- directive-upgrade
-
Upgrade directives to use latest technique version available. This command will migrate directives based on a given technique to the given version. If the directive version cannot be changed for any reason, the directive is skipped.
Options:
-v: run in verbose mode, prints detailed information
-n: upgrade directves based on given technique (mandatory)
-c: run without colors
-V: migrate to given version
- disable-policy-distribution
-
Stop Rudder from distributing new policies as a server. This is useful when you want to temporarily prevent your Rudder server from doing any changes on your agents
- enable-policy-distribution
-
Re-enable Rudder to distribute new policies as a server. This is useful after you have run "rudder server disable-policy-distribution" to allow the agent to restart the policy server. This will restart the policy server immediately.
- health
-
monitor server health. Check that rudder agent has no problem
Options:
-w: wait for the service to be up (if you just started the server)
-n: run in nrpe mode, print a single line and return 0,1 or 2 put this line in your nrpe.cfg to use it command[check_rudder_server]=${RUDDER_DIR}/bin/rudder server health -n
- reload-groups
-
reload dynamic groups. By default, dynamic groups are evaluated every 5 minutes. This command triggers a reload of all dynamic groups.
Options:
-i: run the agent in information mode, displays all executed commands
-c: run the agent without color output
- reload-techniques
-
reload techniques. This command will reload the technique library into memory from the filesystem and regenerate the policies if necessary.
Options:
-i: run the agent in information mode, displays all executed commands
-c: run the agent without color output
- trigger-policy-generation
-
trigger a policy generation. This command will trigger a policy generation, to generate policies for any nodes that may have changed
Options:
-i: run the agent in information mode, displays all executed commands
-c: run the agent without color output
- upgrade-techniques
-
Upgrade techniques in the configuration repository from the packaged ones. This command will replace the techniques in ${RUDDER_VAR}/configuration-repository/techniques by the techniques found in ${RUDDER_DIR}/share/techniques which is installed by rudder-technique package. The upgrade can take care of user defined changes. This command creates an update branch "rudder_update" with the content of current techniques first time is it run
Options:
-u: merge updated techniques into the configuration repository
-i: create the initial version of the update branch
-o: override existing technique without looking for local changes
-f: suppress any warning and run without prompting for input
-c: use the given commit id as the update branch origin
-a --autoupdate-technique-library: automatically update technique library if autoupdate-technique-library is true by doing an override of existing Techniques
--set-autoupdate-technique-library=true/false: set the auto update technique library option at upgrade to true or false (for Rudder 5+)
-s --show: Display the currently defined options
AUTHOR
Normation SAS (contact@normation.com)
RESOURCES
Main web site: https://rudder-project.org/
Sources of the rudder command-line: https://github.com/Normation/rudder-agent/
rudder-relayd(1)
DESCRIPTION
A tool to process reports and inventories from Rudder agents and forward them to the upstream relay or send them to the root server.
OPTIONS
- -c, --config directory
-
Configuration directory to load (default is /opt/rudder/etc/relayd/).
- -t, --test
-
Test configuration files syntax and exit.
- -h, --help
-
Print help information.
- -V, --version
-
Print version information.
AUTHOR
Rudder developers <dev@rudder.io>
RESOURCES
Main web site: https://www.rudder.io/ Documentation: https://docs.rudder.io/
← Build packages from source Variables →