subtool

A utility to control the subd daemon that runs on every dominated system.

The subtool utility may be used to debug and control a running subd. Subtool may be run on any machine and can be used to manipulate various operating parameters of a running subd and perform RPC requests. It is typically run on a desktop or bastion machine.

Usage

Subtool supports several sub-commands. There are many command-line flags which provide parameters for these sub-commands. The most commonly used parameter is -subHostname which specifies which host the subd to control is running on. The basic usage pattern is:

subtool [flags...] command [args...]

Built-in help is available with the command:

subtool -h

Some of the sub-commands available are:

• boost-cpu-limit: raise the CPU limit until the next scan cycle (this does not change the priority (nice) level)
• boost-scan-limit: raise the scan I/O limit until the next scan cycle
• cleanup: empty the object cache
• delete: delete specified pathnames
• fetch: tell subd to fetch the specified object from the objectserver
• fetch-image: poll subd to find which objects in the specified image it is missing and tell it to fetch them from the objectserver
• get-config: get the current configuration from subd
• get-file: get a file from subd
• list-missing-objects: list objects in the specified image that are missing on the sub
• poll: get the checksumed file-system representation
• push-file: push a single file
• push-image: push an image directly to the subd, bypassing the dominator
• push-missing-objects: push objects in the specified image that are missing to the sub
• restart-service: restart the specified service
• set-config: set the current configuration of subd (such as rate limits for scanning the file-system and fetching objects)
• show-update-request: compute and show the update request for the specified image
• wait-for-image: wait for the sub to be updated to the specified image (another entity is responsible for triggering the update)

Note that sub-commands which change the configuration of subd may be reverted by the dominator. Thus, it may be more appropriate to use the dominator to change the configuration of all the subd instances in the fleet.

Security

Subd restricts RPC access using TLS client authentication. Subtool will load certificate and key files from the ~/.ssl directory. Subtool will present these certificates to subd. If one of the certificates is signed by a certificate authority that subd trusts, subd will grant access.