Pullconf - Documentation

Installation

Server

The following steps guide you on how to install and configure the Pullconf server component pullconfd.

Download and install the .deb package from GitHub:

$ wget https://github.com/puetzp/pullconf/releases/download/v0.1.0/pullconfd_0.1.0-1_amd64.deb

$ sudo dpkg -i pullconfd_0.1.0_amd64.deb

The installation script sets up a systemd service unit and a configuration and data directory. Check the unit's status:

$ sudo systemctl status pullconfd.service

If this is your first installation the unit will likely be in the "failed" state, because some mandatory configuration parameters may need to be set up. Refer to the log at /var/log/pullconfd/pullconfd.log to see what might be missing to start the unit.

pullconfd is configured via environment variables. As you can see in the systemd unit file the unit reads environment variables from /etc/pullconfd/environment (the required format is documented here). Refer to the following table for all available parameters.

Name	Description	Mandatory	Default
PULLCONF_LISTEN_ON	The socket address which the server should bind to.	yes	`127.0.0.1:443`
PULLCONF_TLS_CERTIFICATE	Path to a TLS certificate file that pullconfd uses to enable encryption. The file must be readable by the `pullconf` user.	yes	`/etc/pullconfd/tls/server.crt`
PULLCONF_TLS_PRIVATE_KEY	Path to a TLS private key file that pullconfd uses to enable encryption. The file must be readable by the `pullconf` user.	yes	`/etc/pullconfd/tls/server.key`
PULLCONF_RESOURCE_DIR	Directory where the resource configuration are located. This directory must have two sub directories `$PULLCONF_RESOURCE_DIR/clients` and `$PULLCONF_RESOURCE_DIR/groups`. Since only files with a .toml extension are parsed by the Pullconf server and everything else is ignored, these configuration directories can also be managed via `git` or other version control software.	yes	`/etc/pullconfd/resources`
PULLCONF_ASSET_DIR	Directory where static file assets are stored and downloaded from clients, e.g. when they are part of a file resource. The contents of this directory are exposed by pullconfd under the `/assets` endpoint. Clients are only authorized to download files that are referenced in their configuration. The content of this directory can also be arbitrarily nested according to your needs.	yes	`/etc/pullconfd/assets`
PULLCONF_LOG_FORMAT	pullconfd uses structured logging. This variable determines the output format of the logs. Valid values are: `logfmt` `json`	no	`logfmt`
LOG_LEVEL	This variable is read by the underlying logging library. Check their documentation for a complete overview of valid values. Usually one of these will do: `error` `warn` `info` `debug` `trace`	no	`info`

If the unit was in a "failed" state and you needed to change some configuration parameters, the unit must be restarted:

$ sudo systemctl restart pullconfd.service

systemd will then re-apply the settings from the environment file. Whenever environment variables are changed the unit must be restarted. However when files in $PULLCONF_RESOURCE_DIR change a reload will suffice to re-read files from this directory:

$ sudo systemctl reload pullconfd.service

Note that if the changed configuration cannot be successfully validated, the server will continue to operate with the old configuration.