Man pages

rudder(8)

NAME

rudder - execute commands to control the Rudder configuration management tool.

SYNOPSIS

rudder component [-h] [-i|-v|-d] command

rudder component help

DESCRIPTION

A tool to trigger actions or get information about a running rudder-agent, whether on agent or server. It only targets administration actions, for all node configuration tasks you can use the rudder-cli tool.

OPTIONS

-h

Print command-line syntax and command options.

-i

Print general information.

-v

Print detailed information.

-d

Print all available information.

-c

Do not colorize output.

COMMANDS

The commands below are listed by component.

agent

commands for rudder agent, run with rudder agent command

check

check if rudder agent has no problem and is running properly. Check that rudder agent is working properly.

  • generate missing UUID or keys

  • kill cfengine if there are too many processes

  • run cfengine if its daemon is missing

  • clean lock file if it is too big

  • check that policies have been properly copied

  • will sleep a random time (max half the run interval) when not run in interactive mode

    Options:

    -q: run the agent in quiet mode (display only error and warning messages)

    -c: run the agent without color output

    -f: prevent sleeping in non-interactive mode

    -u: only check the uuid existence

    -r: reset, do not try to restore backups

diff

show diff between current file and the one before agent modification. This command will output file change in a diff format

Options:

-l: show diff from the given backup

-n: show diff from the nth backup before the last one

-d: show diff from a given date in the date command format (man date for details)

filename: the file to show diff from

disable

forbid rudder-agent to be run by cron or service. This is useful when you want to temporarily prevent your Rudder agent from doing any modification to your system.

Options:

-s: stop rudder-agent in addition to disabling it

-k: keep cf-serverd when stopping agent

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

enable

re-enable a disabled rudder-agent.

Options:

-s: start rudder-agent in addition to enabling it

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

factory-reset

re-initialise the agent to make it be seen as a new node on the server. This command will delete all local agent data, including its uuid and keys, and also reset the agent internal state. The only configuration kept is the server hostname or ip configured in policy_server.dat. It will also send an inventory to the server, which will treat it as a new node inventory.

WARNING: This command will permanently delete your node uuid and keys, and no configuration will be applied before re-accepting and configuring the node on the server.

Options:

-f: force the reinitialization without asking for confirmation

-i: run the agent in information mode, prints basic information

-v: run the agent in verbose mode, prints detailed information

-d: run the agent in debug mode, prints low-level information

-q: run the agent in quiet mode (display only error messages)

-w: show full strings, never cut output

-c: run the agent without color output

-T: display timing information

-r: run the agent with raw output

-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.

health

monitor agent health. Check that rudder agent has no problem

Options:

-n: run in nrpe mode, print a single line and return 0,1 or 2 put this line in your nrpe.cfg to use it command[check_rudder]=${RUDDER_DIR}/bin/rudder agent health -n

history

read log of old agent runs. This command will output historic logs of agent runs.

Options:

-c: show history without color output

-n: show maximum n lines of history

-a: show all available lines of history (long)

info

display a summary of agent information. Outputs detailed information about the agent configuration, especially what defines the node (hostname, uuid and key hash) and its policy server.

Options:

-v: run the agent in verbose mode, prints detailed information

inventory

force the agent to create and send a new inventory. This will trigger a new inventory creation and send it to the policy server. Even if the agent will do it regularly, it can be used to force the update after a modification on the node. This won’t affect the node state, but only update server-side information.

Options:

-i: run the agent in information mode, prints basic information

-v: run the agent in verbose mode, prints detailed information

-d: run the agent in debug mode, prints low-level information

-q: run the agent in quiet mode (display only error messages)

-w: show full strings, never cut output

-c: run the agent without color output

-T: display timing information

-r: run the agent with raw output

-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.

-f: run the agent even if it is disabled

log

read log of old agent runs. This command will output historic logs of agent runs.

Options:

-w: show full strings, never cut output

-c: show log without color output

-r: show log with raw output

-R: show log in completely unparsed mode, with no return code of 1 in case of error. A little faster.

-l: show log from the given file

-n: show log from the nth run before the last one

-d: show log from a given date in the date command format (man date for details)

-e: exit with an error if there was an error during policy application

-E: exit with an error if there a non compliance

Exit codes:

0: Agent ran normally

1: Agent encountered a critial error and could not run properly

2: Some policy encountered and error and -e parameter was passed

3: Some policy encountered a non compliance and -E parameter was passed

modified

list modified files. List files recently modified by the agent.

Options:

policy-server

displays or set the policy server. If called without arguments, displays current policy server. Sets the policy server to the hostname or IP given.

Arguments:

+ -t: trust provided sha256 server key hash

+ -p: server https port (only if not 443, only with -t option)

server: hostname or IP of the policy server to set

reset

reset agent status and cache. Remove all locks and state cache of the agent, and restore initial policies. This won’t affect the desired state of the node, but will only reset the internal state of the agent. It is useful to test a rule without caching interference or when you have trouble with the policies updates, and is in most cases sufficient to resolve issues.

To completely reinitialize the agent and make it appear as a new node again, please use "rudder agent factory-reset" instead.

Options:

-i: run the agent in information mode, prints basic information

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

restore

restore a file as it was before Rudder modification. This command replace the file with is backup and make a new backup for de current version

Options:

-l: restore the given backup

-n: restore the nth backup before the last one

-d: restore from a given date in the date command format (man date for details)

-f: force restore, do not ask for confirmation filename: the file to show diff from

run

force run agent policies. This command will force the agent to enforce current policies. You can run rudder agent update before to update the policies.

Options:

-u: update policy before running the agent (this is now the default)

-l: do not update policy before running the agent

-i: run the agent in information mode, prints basic information

-v: run the agent in verbose mode, prints detailed information (reports won’t be sent to the server)

-d: run the agent in debug mode, prints low-level information (reports won’t be sent to the server)

-q: run the agent in quiet mode (display only error messages)

-g: run the agent in full compliance mode (even if change only has been configured)

-w: show full strings, never cut output

-c: run the agent without color output

-T: display timing information

-r: run the agent with raw output

-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.

-N: do not write log in outputs dir (used when called internally)

-b: run the agent on a specific bundle, this is a debug command that should generally not be used

-D: define a class for this run

-f: run the agent even if it is disabled

-e: exit with an error if there was an error during policy application

-E: exit with an error if there a non compliance

Exit codes:

0: Agent ran normally

1: Agent encountered a critial error and could not run properly

2: Some policy encountered and error and -e parameter was passed

3: Some policy encountered a non compliance and -E parameter was passed

server-keys-reset

Reset all keys known from this node.. This command will delete all known keys from this node, allowing it to connect to another server or relay by trusting it. Options:

-f: force the reset of all keys without asking for confirmation

-v: run the command in verbose mode

set-force-audit

force rudder-agent to run in audit mode. This is useful when you want to ensure that the agent check compliance only, and won’t be doing any modification to your system. If agent is run in non audit, it will be automatically stopped.

Options:

-q: run the command in quiet mode (display only error messages)

-c: run the command without color output

start

start the agent. Start the agent service using the appropriate service manager.

Options:

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

status

show the agent status.
Options:

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

stop

stop the agent. Stop the agent service using the appropriate service manager.

Options:

-k: keep cf-serverd

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

unset-force-audit

allow agent to run in enforce mode (default). Cancel the change made by rudder agent set-force-audit.

Options:

-q: run the command in quiet mode (display only error messages)

-c: run the command without color output

update

update policies on agent. The agent will fetch the last version of its policies from its configured policy server.

Options:

-i: run the agent in information mode, prints basic information

-v: run the agent in verbose mode, prints detailed information

-d: run the agent in debug mode, prints low-level information

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

-f: force full update

version

get the agent version. Displays the version of the Rudder agent and of the underlying CFEngine agent.

directive

commands for rudder directive, run with rudder directive command

list

List directives that can be run on this agent. This command will list all directives an their ID to be used in directive-run command

Options:

-a: also show non runnable directives (system directives and directives with hooks)

-l: show long directive details

run

Run a specific directive on this agent. This command runs one directive without running everything else

Options:

-u: UUID of the directive to run

-A: Force audit mode

-E: Force enforce mode

-y: allow running directives with hooks (beware, this may break your system)

-i: run the agent in information mode, prints basic information

-v: run the agent in verbose mode, prints detailed information (reports won’t be sent to the server)

-d: run the agent in debug mode, prints low-level information (reports won’t be sent to the server)

-q: run the agent in quiet mode (display only error messages)

-w: show full strings, never cut output

-c: run the agent without color output

-T: display timing information

-r: run the agent with raw output

-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.

-D: define a class for this run

-f: run the agent even if it is disabled

relay

commands for rudder relay, run with rudder relay command

reload

start the relay service. Start the relay service using the appropriate service manager.

Options:

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

-p: fix permissions of file used by relayd, and start it if not running

start

start the relay service. Start the relay service using the appropriate service manager.

Options:

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

status

show the relay service status.
Options:

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

stop

stop the relay service. Stop the relay service using the appropriate service manager.

Options:

-q: run the agent in quiet mode (display only error messages)

-c: run the agent without color output

remote

commands for rudder remote, run with rudder remote command

run

trigger the execution of a remote agent. This command allows to override the agent run schedule and to immediately update the policies and enforce them on th specified node. This command is currently only allowed from the policy server of the target node.

Arguments:

nodes: comma-separated list of IP or hostname of the target node or 'all' for all nodes of the server

Options:

-i: run the agent in information mode, prints basic information

-v: run the agent in verbose mode, prints detailed information

-d: run the agent in debug mode, prints low-level information

-q: run the agent in quiet mode (display only error messages)

-w: show full strings, never cut output

-c: run the agent without color output

-T: display timing information

-r: run the agent with raw output

-R: run the agent in completely unparsed mode, with no return code of 1 in case of error. A little faster.

-D: define a class for this run

-a: run the agent on all known nodes

-g: run the agent on all nodes of the group UUID given in parameter

-e: exit with an error if there was an error during policy application

-E: exit with an error if there a non compliance

Exit codes:

0: Agent ran normally

1: Agent encountered a critial error and could not run properly

2: Some policy encountered and error and -e parameter was passed

3: Some policy encountered a non compliance and -E parameter was passed

server

commands for rudder server, run with rudder server command

create-user

create an admin user account. This commands allows inserting a new user account. It is particularly useful to create the first admin account on the server. It requires that the authentication hash is bcrypt (default from fresh 6.1).

Options:

-u: specify the user name ("admin" by default)

-p: specify the user password (use with care as it is stored in history). Set the value to "" to use $ADMIN_PASSWORD from the environment instead

debug

run a debug cf-serverd intended for a specific node. This command targets a specific node and does not affect the running infrastructure. In -l mode, it looks for existing logs for the given node. In -i mode, it uses iptables to redirect the specific node communications to the port the debug server is listening on (5310 by default).

Use Ctrl+C to stop the debug server.

Arguments:

-l: fetch debug logs for the given node

-i: run a debug server for the given node

node: IP or hostname of the host you want to debug

directive-migrate-package

create a new package directive based on an out-to-date package directive.. create a new package directive based on an out-to-date package directive.

Out-to-date package techniques are {"aptPackageInstallation", "rpmPackageInstallation"}. Not all of the options present in the old package techniques are still available. The script will stop and do nothing if one parameter is not translatable.

If the script succeed, it will create a new directive, without rule assignement and the old directive will not be changed to ensure human verification on the parameters translation.

Arguments:

-o: old directive id

-c: raw color mode, all output are non-colored text

-i: verbose mode, display more detailed informations of the execution

directive-replace

replace a directive occurrence in all the Rudder rules by another directive.. replace a directive occurrence in all the Rudder rules by another directive.

Arguments:

-o: old directive id

-n: new directive id

-c: raw color mode, all output are non-colored text

-i: verbose mode, display more detailed informations of the execution

directive-upgrade

Upgrade directives to use latest technique version available. This command will migrate directives based on a given technique to the given version. If the directive version cannot be changed for any reason, the directive is skipped.

Options:

-v: run in verbose mode, prints detailed information

-n: upgrade directves based on given technique (mandatory)

-c: run without colors

-V: migrate to given version

disable-policy-distribution

Stop Rudder from distributing new policies as a server. This is useful when you want to temporarily prevent your Rudder server from doing any changes on your agents

enable-policy-distribution

Re-enable Rudder to distribute new policies as a server. This is useful after you have run "rudder server disable-policy-distribution" to allow the agent to restart the policy server. This will restart the policy server immediately.

health

monitor server health. Check that rudder agent has no problem

Options:

-w: wait for the service to be up (if you just started the server)

-n: run in nrpe mode, print a single line and return 0,1 or 2 put this line in your nrpe.cfg to use it command[check_rudder_server]=${RUDDER_DIR}/bin/rudder server health -n

reload-groups

reload dynamic groups. By default, dynamic groups are evaluated every 5 minutes. This command triggers a reload of all dynamic groups.

Options:

-i: run the agent in information mode, displays all executed commands

-c: run the agent without color output

reload-techniques

reload techniques. This command will reload the technique library into memory from the filesystem and regenerate the policies if necessary.

Options:

-i: run the agent in information mode, displays all executed commands

-c: run the agent without color output

trigger-policy-generation

trigger a policy generation. This command will trigger a policy generation, to generate policies for any nodes that may have changed

Options:

-i: run the agent in information mode, displays all executed commands

-c: run the agent without color output

upgrade-techniques

Upgrade techniques in the configuration repository from the packaged ones. This command will replace the techniques in ${RUDDER_VAR}/configuration-repository/techniques by the techniques found in ${RUDDER_DIR}/share/techniques which is installed by rudder-technique package. The upgrade can take care of user defined changes. This command creates an update branch "rudder_update" with the content of current techniques first time is it run

Options:

-u: merge updated techniques into the configuration repository

-i: create the initial version of the update branch

-o: override existing technique without looking for local changes

-f: suppress any warning and run without prompting for input

-c: use the given commit id as the update branch origin

-a --autoupdate-technique-library: automatically update technique library if autoupdate-technique-library is true by doing an override of existing Techniques

--set-autoupdate-technique-library=true/false: set the auto update technique library option at upgrade to true or false (for Rudder 5+)

-s --show: Display the currently defined options

AUTHOR

Normation SAS (contact@normation.com)

RESOURCES

Sources of the rudder command-line: https://github.com/Normation/rudder-agent/

COPYING

Copyright (C) 2014-2024 Normation SAS.

rudder-relayd(1)

NAME

rudder-relayd - Rudder relay daemon that makes the link between nodes and root server.

SYNOPSIS

rudder-relayd [--check] [--config directory]

rudder-relayd --help

DESCRIPTION

A tool to process reports and inventories from Rudder agents and forward them to the upstream relay or send them to the root server.

OPTIONS

-c, --config directory

Configuration directory to load (default is /opt/rudder/etc/relayd/).

-t, --test

Test configuration files syntax and exit.

-h, --help

Print help information.

-V, --version

Print version information.

EXIT CODES

0

Normal shutdown

1

Unexpected crash

2

Invalid configuration files

3

Other errors

AUTHOR

Rudder developers <dev@rudder.io>

RESOURCES

Main web site: https://www.rudder.io/ Documentation: https://docs.rudder.io/

COPYING

Copyright (C) 2019 Normation SAS.


← Build packages from source Variables →