jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/docs/book/guides/quickstart-cheatsheet.html

1152 lines
47 KiB
HTML
Raw Normal View History

chore: update provisioning configuration and documentation Update configuration files, templates, and internal documentation for the provisioning repository system. Configuration Updates: - KMS configuration modernization - Plugin system settings - Service port mappings - Test cluster topologies - Installation configuration examples - VM configuration defaults - Cedar authorization policies Documentation Updates: - Library module documentation - Extension API guides - AI system documentation - Service management guides - Test environment setup - Plugin usage guides - Validator configuration documentation All changes are backward compatible.
2025-12-11 21:50:42 +00:00
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Quickstart Cheatsheet - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, KCL, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/guides/quickstart-cheatsheet.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="provisioning-platform-quick-reference"><a class="header" href="#provisioning-platform-quick-reference">Provisioning Platform Quick Reference</a></h1>
<p><strong>Version</strong>: 3.5.0
<strong>Last Updated</strong>: 2025-10-09</p>
<hr />
<h2 id="quick-navigation"><a class="header" href="#quick-navigation">Quick Navigation</a></h2>
<ul>
<li><a href="#plugin-commands">Plugin Commands</a> - Native Nushell plugins (10-50x faster)</li>
<li><a href="#cli-shortcuts">CLI Shortcuts</a> - 80+ command shortcuts</li>
<li><a href="#infrastructure-commands">Infrastructure Commands</a> - Servers, taskservs, clusters</li>
<li><a href="#orchestration-commands">Orchestration Commands</a> - Workflows, batch operations</li>
<li><a href="#configuration-commands">Configuration Commands</a> - Config, validation, environment</li>
<li><a href="#workspace-commands">Workspace Commands</a> - Multi-workspace management</li>
<li><a href="#security-commands">Security Commands</a> - Auth, MFA, secrets, compliance</li>
<li><a href="#common-workflows">Common Workflows</a> - Complete deployment examples</li>
<li><a href="#debug-and-check-mode">Debug and Check Mode</a> - Testing and troubleshooting</li>
<li><a href="#output-formats">Output Formats</a> - JSON, YAML, table formatting</li>
</ul>
<hr />
<h2 id="plugin-commands"><a class="header" href="#plugin-commands">Plugin Commands</a></h2>
<p>Native Nushell plugins for high-performance operations. <strong>10-50x faster than HTTP API</strong>.</p>
<h3 id="authentication-plugin-nu_plugin_auth"><a class="header" href="#authentication-plugin-nu_plugin_auth">Authentication Plugin (nu_plugin_auth)</a></h3>
<pre><code class="language-bash"># Login (password prompted securely)
auth login admin
# Login with custom URL
auth login admin --url https://control-center.example.com
# Verify current session
auth verify
# Returns: { active: true, user: "admin", role: "Admin", expires_at: "...", mfa_verified: true }
# List active sessions
auth sessions
# Logout
auth logout
# MFA enrollment
auth mfa enroll totp # TOTP (Google Authenticator, Authy)
auth mfa enroll webauthn # WebAuthn (YubiKey, Touch ID, Windows Hello)
# MFA verification
auth mfa verify --code 123456
auth mfa verify --code ABCD-EFGH-IJKL # Backup code
</code></pre>
<p><strong>Installation:</strong></p>
<pre><code class="language-bash">cd provisioning/core/plugins/nushell-plugins
cargo build --release -p nu_plugin_auth
plugin add target/release/nu_plugin_auth
</code></pre>
<h3 id="kms-plugin-nu_plugin_kms"><a class="header" href="#kms-plugin-nu_plugin_kms">KMS Plugin (nu_plugin_kms)</a></h3>
<p><strong>Performance</strong>: 10x faster encryption (~5ms vs ~50ms HTTP)</p>
<pre><code class="language-bash"># Encrypt with auto-detected backend
kms encrypt "secret data"
# vault:v1:abc123...
# Encrypt with specific backend
kms encrypt "data" --backend rustyvault --key provisioning-main
kms encrypt "data" --backend age --key age1xxxxxxxxx
kms encrypt "data" --backend aws --key alias/provisioning
# Encrypt with context (AAD for additional security)
kms encrypt "data" --context "user=admin,env=production"
# Decrypt (auto-detects backend from format)
kms decrypt "vault:v1:abc123..."
kms decrypt "-----BEGIN AGE ENCRYPTED FILE-----..."
# Decrypt with context (must match encryption context)
kms decrypt "vault:v1:abc123..." --context "user=admin,env=production"
# Generate data encryption key
kms generate-key
kms generate-key --spec AES256
# Check backend status
kms status
</code></pre>
<p><strong>Supported Backends:</strong></p>
<ul>
<li><strong>rustyvault</strong>: High-performance (~5ms) - Production</li>
<li><strong>age</strong>: Local encryption (~3ms) - Development</li>
<li><strong>cosmian</strong>: Cloud KMS (~30ms)</li>
<li><strong>aws</strong>: AWS KMS (~50ms)</li>
<li><strong>vault</strong>: HashiCorp Vault (~40ms)</li>
</ul>
<p><strong>Installation:</strong></p>
<pre><code class="language-bash">cargo build --release -p nu_plugin_kms
plugin add target/release/nu_plugin_kms
# Set backend environment
export RUSTYVAULT_ADDR="http://localhost:8200"
export RUSTYVAULT_TOKEN="hvs.xxxxx"
</code></pre>
<h3 id="orchestrator-plugin-nu_plugin_orchestrator"><a class="header" href="#orchestrator-plugin-nu_plugin_orchestrator">Orchestrator Plugin (nu_plugin_orchestrator)</a></h3>
<p><strong>Performance</strong>: 30-50x faster queries (~1ms vs ~30-50ms HTTP)</p>
<pre><code class="language-bash"># Get orchestrator status (direct file access, ~1ms)
orch status
# { active_tasks: 5, completed_tasks: 120, health: "healthy" }
# Validate workflow KCL file (~10ms vs ~100ms HTTP)
orch validate workflows/deploy.k
orch validate workflows/deploy.k --strict
# List tasks (direct file read, ~5ms)
orch tasks
orch tasks --status running
orch tasks --status failed --limit 10
</code></pre>
<p><strong>Installation:</strong></p>
<pre><code class="language-bash">cargo build --release -p nu_plugin_orchestrator
plugin add target/release/nu_plugin_orchestrator
</code></pre>
<h3 id="plugin-performance-comparison"><a class="header" href="#plugin-performance-comparison">Plugin Performance Comparison</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Operation</th><th>HTTP API</th><th>Plugin</th><th>Speedup</th></tr></thead><tbody>
<tr><td>KMS Encrypt</td><td>~50ms</td><td>~5ms</td><td><strong>10x</strong></td></tr>
<tr><td>KMS Decrypt</td><td>~50ms</td><td>~5ms</td><td><strong>10x</strong></td></tr>
<tr><td>Orch Status</td><td>~30ms</td><td>~1ms</td><td><strong>30x</strong></td></tr>
<tr><td>Orch Validate</td><td>~100ms</td><td>~10ms</td><td><strong>10x</strong></td></tr>
<tr><td>Orch Tasks</td><td>~50ms</td><td>~5ms</td><td><strong>10x</strong></td></tr>
<tr><td>Auth Verify</td><td>~50ms</td><td>~10ms</td><td><strong>5x</strong></td></tr>
</tbody></table>
</div>
<hr />
<h2 id="cli-shortcuts"><a class="header" href="#cli-shortcuts">CLI Shortcuts</a></h2>
<h3 id="infrastructure-shortcuts"><a class="header" href="#infrastructure-shortcuts">Infrastructure Shortcuts</a></h3>
<pre><code class="language-bash"># Server shortcuts
provisioning s # server (same as 'provisioning server')
provisioning s create # Create servers
provisioning s delete # Delete servers
provisioning s list # List servers
provisioning s ssh web-01 # SSH into server
# Taskserv shortcuts
provisioning t # taskserv (same as 'provisioning taskserv')
provisioning task # taskserv (alias)
provisioning t create kubernetes
provisioning t delete kubernetes
provisioning t list
provisioning t generate kubernetes
provisioning t check-updates
# Cluster shortcuts
provisioning cl # cluster (same as 'provisioning cluster')
provisioning cl create buildkit
provisioning cl delete buildkit
provisioning cl list
# Infrastructure shortcuts
provisioning i # infra (same as 'provisioning infra')
provisioning infras # infra (alias)
provisioning i list
provisioning i validate
</code></pre>
<h3 id="orchestration-shortcuts"><a class="header" href="#orchestration-shortcuts">Orchestration Shortcuts</a></h3>
<pre><code class="language-bash"># Workflow shortcuts
provisioning wf # workflow (same as 'provisioning workflow')
provisioning flow # workflow (alias)
provisioning wf list
provisioning wf status &lt;task_id&gt;
provisioning wf monitor &lt;task_id&gt;
provisioning wf stats
provisioning wf cleanup
# Batch shortcuts
provisioning bat # batch (same as 'provisioning batch')
provisioning bat submit workflows/example.k
provisioning bat list
provisioning bat status &lt;workflow_id&gt;
provisioning bat monitor &lt;workflow_id&gt;
provisioning bat rollback &lt;workflow_id&gt;
provisioning bat cancel &lt;workflow_id&gt;
provisioning bat stats
# Orchestrator shortcuts
provisioning orch # orchestrator (same as 'provisioning orchestrator')
provisioning orch start
provisioning orch stop
provisioning orch status
provisioning orch health
provisioning orch logs
</code></pre>
<h3 id="development-shortcuts"><a class="header" href="#development-shortcuts">Development Shortcuts</a></h3>
<pre><code class="language-bash"># Module shortcuts
provisioning mod # module (same as 'provisioning module')
provisioning mod discover taskserv
provisioning mod discover provider
provisioning mod discover cluster
provisioning mod load taskserv workspace kubernetes
provisioning mod list taskserv workspace
provisioning mod unload taskserv workspace kubernetes
provisioning mod sync-kcl
# Layer shortcuts
provisioning lyr # layer (same as 'provisioning layer')
provisioning lyr explain
provisioning lyr show
provisioning lyr test
provisioning lyr stats
# Version shortcuts
provisioning version check
provisioning version show
provisioning version updates
provisioning version apply &lt;name&gt; &lt;version&gt;
provisioning version taskserv &lt;name&gt;
# Package shortcuts
provisioning pack core
provisioning pack provider upcloud
provisioning pack list
provisioning pack clean
</code></pre>
<h3 id="workspace-shortcuts"><a class="header" href="#workspace-shortcuts">Workspace Shortcuts</a></h3>
<pre><code class="language-bash"># Workspace shortcuts
provisioning ws # workspace (same as 'provisioning workspace')
provisioning ws init
provisioning ws create &lt;name&gt;
provisioning ws validate
provisioning ws info
provisioning ws list
provisioning ws migrate
provisioning ws switch &lt;name&gt; # Switch active workspace
provisioning ws active # Show active workspace
# Template shortcuts
provisioning tpl # template (same as 'provisioning template')
provisioning tmpl # template (alias)
provisioning tpl list
provisioning tpl types
provisioning tpl show &lt;name&gt;
provisioning tpl apply &lt;name&gt;
provisioning tpl validate &lt;name&gt;
</code></pre>
<h3 id="configuration-shortcuts"><a class="header" href="#configuration-shortcuts">Configuration Shortcuts</a></h3>
<pre><code class="language-bash"># Environment shortcuts
provisioning e # env (same as 'provisioning env')
provisioning val # validate (same as 'provisioning validate')
provisioning st # setup (same as 'provisioning setup')
provisioning config # setup (alias)
# Show shortcuts
provisioning show settings
provisioning show servers
provisioning show config
# Initialization
provisioning init &lt;name&gt;
# All environment
provisioning allenv # Show all config and environment
</code></pre>
<h3 id="utility-shortcuts"><a class="header" href="#utility-shortcuts">Utility Shortcuts</a></h3>
<pre><code class="language-bash"># List shortcuts
provisioning l # list (same as 'provisioning list')
provisioning ls # list (alias)
provisioning list # list (full)
# SSH operations
provisioning ssh &lt;server&gt;
# SOPS operations
provisioning sops &lt;file&gt; # Edit encrypted file
# Cache management
provisioning cache clear
provisioning cache stats
# Provider operations
provisioning providers list
provisioning providers info &lt;name&gt;
# Nushell session
provisioning nu # Start Nushell with provisioning library loaded
# QR code generation
provisioning qr &lt;data&gt;
# Nushell information
provisioning nuinfo
# Plugin management
provisioning plugin # plugin (same as 'provisioning plugin')
provisioning plugins # plugin (alias)
provisioning plugin list
provisioning plugin test nu_plugin_kms
</code></pre>
<h3 id="generation-shortcuts"><a class="header" href="#generation-shortcuts">Generation Shortcuts</a></h3>
<pre><code class="language-bash"># Generate shortcuts
provisioning g # generate (same as 'provisioning generate')
provisioning gen # generate (alias)
provisioning g server
provisioning g taskserv &lt;name&gt;
provisioning g cluster &lt;name&gt;
provisioning g infra --new &lt;name&gt;
provisioning g new &lt;type&gt; &lt;name&gt;
</code></pre>
<h3 id="action-shortcuts"><a class="header" href="#action-shortcuts">Action Shortcuts</a></h3>
<pre><code class="language-bash"># Common actions
provisioning c # create (same as 'provisioning create')
provisioning d # delete (same as 'provisioning delete')
provisioning u # update (same as 'provisioning update')
# Pricing shortcuts
provisioning price # Show server pricing
provisioning cost # price (alias)
provisioning costs # price (alias)
# Create server + taskservs (combo command)
provisioning cst # create-server-task
provisioning csts # create-server-task (alias)
</code></pre>
<hr />
<h2 id="infrastructure-commands"><a class="header" href="#infrastructure-commands">Infrastructure Commands</a></h2>
<h3 id="server-management"><a class="header" href="#server-management">Server Management</a></h3>
<pre><code class="language-bash"># Create servers
provisioning server create
provisioning server create --check # Dry-run mode
provisioning server create --yes # Skip confirmation
# Delete servers
provisioning server delete
provisioning server delete --check
provisioning server delete --yes
# List servers
provisioning server list
provisioning server list --infra wuji
provisioning server list --out json
# SSH into server
provisioning server ssh web-01
provisioning server ssh db-01
# Show pricing
provisioning server price
provisioning server price --provider upcloud
</code></pre>
<h3 id="taskserv-management"><a class="header" href="#taskserv-management">Taskserv Management</a></h3>
<pre><code class="language-bash"># Create taskserv
provisioning taskserv create kubernetes
provisioning taskserv create kubernetes --check
provisioning taskserv create kubernetes --infra wuji
# Delete taskserv
provisioning taskserv delete kubernetes
provisioning taskserv delete kubernetes --check
# List taskservs
provisioning taskserv list
provisioning taskserv list --infra wuji
# Generate taskserv configuration
provisioning taskserv generate kubernetes
provisioning taskserv generate kubernetes --out yaml
# Check for updates
provisioning taskserv check-updates
provisioning taskserv check-updates --taskserv kubernetes
</code></pre>
<h3 id="cluster-management"><a class="header" href="#cluster-management">Cluster Management</a></h3>
<pre><code class="language-bash"># Create cluster
provisioning cluster create buildkit
provisioning cluster create buildkit --check
provisioning cluster create buildkit --infra wuji
# Delete cluster
provisioning cluster delete buildkit
provisioning cluster delete buildkit --check
# List clusters
provisioning cluster list
provisioning cluster list --infra wuji
</code></pre>
<hr />
<h2 id="orchestration-commands"><a class="header" href="#orchestration-commands">Orchestration Commands</a></h2>
<h3 id="workflow-management"><a class="header" href="#workflow-management">Workflow Management</a></h3>
<pre><code class="language-bash"># Submit server creation workflow
nu -c "use core/nulib/workflows/server_create.nu *; server_create_workflow 'wuji' '' [] --check"
# Submit taskserv workflow
nu -c "use core/nulib/workflows/taskserv.nu *; taskserv create 'kubernetes' 'wuji' --check"
# Submit cluster workflow
nu -c "use core/nulib/workflows/cluster.nu *; cluster create 'buildkit' 'wuji' --check"
# List all workflows
provisioning workflow list
nu -c "use core/nulib/workflows/management.nu *; workflow list"
# Get workflow statistics
provisioning workflow stats
nu -c "use core/nulib/workflows/management.nu *; workflow stats"
# Monitor workflow in real-time
provisioning workflow monitor &lt;task_id&gt;
nu -c "use core/nulib/workflows/management.nu *; workflow monitor &lt;task_id&gt;"
# Check orchestrator health
provisioning workflow orchestrator
nu -c "use core/nulib/workflows/management.nu *; workflow orchestrator"
# Get specific workflow status
provisioning workflow status &lt;task_id&gt;
nu -c "use core/nulib/workflows/management.nu *; workflow status &lt;task_id&gt;"
</code></pre>
<h3 id="batch-operations"><a class="header" href="#batch-operations">Batch Operations</a></h3>
<pre><code class="language-bash"># Submit batch workflow from KCL
provisioning batch submit workflows/example_batch.k
nu -c "use core/nulib/workflows/batch.nu *; batch submit workflows/example_batch.k"
# Monitor batch workflow progress
provisioning batch monitor &lt;workflow_id&gt;
nu -c "use core/nulib/workflows/batch.nu *; batch monitor &lt;workflow_id&gt;"
# List batch workflows with filtering
provisioning batch list
provisioning batch list --status Running
nu -c "use core/nulib/workflows/batch.nu *; batch list --status Running"
# Get detailed batch status
provisioning batch status &lt;workflow_id&gt;
nu -c "use core/nulib/workflows/batch.nu *; batch status &lt;workflow_id&gt;"
# Initiate rollback for failed workflow
provisioning batch rollback &lt;workflow_id&gt;
nu -c "use core/nulib/workflows/batch.nu *; batch rollback &lt;workflow_id&gt;"
# Cancel running batch
provisioning batch cancel &lt;workflow_id&gt;
# Show batch workflow statistics
provisioning batch stats
nu -c "use core/nulib/workflows/batch.nu *; batch stats"
</code></pre>
<h3 id="orchestrator-management"><a class="header" href="#orchestrator-management">Orchestrator Management</a></h3>
<pre><code class="language-bash"># Start orchestrator in background
cd provisioning/platform/orchestrator
./scripts/start-orchestrator.nu --background
# Check orchestrator status
./scripts/start-orchestrator.nu --check
provisioning orchestrator status
# Stop orchestrator
./scripts/start-orchestrator.nu --stop
provisioning orchestrator stop
# View logs
tail -f provisioning/platform/orchestrator/data/orchestrator.log
provisioning orchestrator logs
</code></pre>
<hr />
<h2 id="configuration-commands"><a class="header" href="#configuration-commands">Configuration Commands</a></h2>
<h3 id="environment-and-validation"><a class="header" href="#environment-and-validation">Environment and Validation</a></h3>
<pre><code class="language-bash"># Show environment variables
provisioning env
# Show all environment and configuration
provisioning allenv
# Validate configuration
provisioning validate config
provisioning validate infra
# Setup wizard
provisioning setup
</code></pre>
<h3 id="configuration-files"><a class="header" href="#configuration-files">Configuration Files</a></h3>
<pre><code class="language-bash"># System defaults
less provisioning/config/config.defaults.toml
# User configuration
vim workspace/config/local-overrides.toml
# Environment-specific configs
vim workspace/config/dev-defaults.toml
vim workspace/config/test-defaults.toml
vim workspace/config/prod-defaults.toml
# Infrastructure-specific config
vim workspace/infra/&lt;name&gt;/config.toml
</code></pre>
<h3 id="http-configuration"><a class="header" href="#http-configuration">HTTP Configuration</a></h3>
<pre><code class="language-bash"># Configure HTTP client behavior
# In workspace/config/local-overrides.toml:
[http]
use_curl = true # Use curl instead of ureq
</code></pre>
<hr />
<h2 id="workspace-commands"><a class="header" href="#workspace-commands">Workspace Commands</a></h2>
<h3 id="workspace-management"><a class="header" href="#workspace-management">Workspace Management</a></h3>
<pre><code class="language-bash"># List all workspaces
provisioning workspace list
# Show active workspace
provisioning workspace active
# Switch to another workspace
provisioning workspace switch &lt;name&gt;
provisioning workspace activate &lt;name&gt; # alias
# Register new workspace
provisioning workspace register &lt;name&gt; &lt;path&gt;
provisioning workspace register &lt;name&gt; &lt;path&gt; --activate
# Remove workspace from registry
provisioning workspace remove &lt;name&gt;
provisioning workspace remove &lt;name&gt; --force
# Initialize new workspace
provisioning workspace init
provisioning workspace init --name production
# Create new workspace
provisioning workspace create &lt;name&gt;
# Validate workspace
provisioning workspace validate
# Show workspace info
provisioning workspace info
# Migrate workspace
provisioning workspace migrate
</code></pre>
<h3 id="user-preferences"><a class="header" href="#user-preferences">User Preferences</a></h3>
<pre><code class="language-bash"># View user preferences
provisioning workspace preferences
# Set user preference
provisioning workspace set-preference editor vim
provisioning workspace set-preference output_format yaml
provisioning workspace set-preference confirm_delete true
# Get user preference
provisioning workspace get-preference editor
</code></pre>
<p><strong>User Config Location:</strong></p>
<ul>
<li>macOS: <code>~/Library/Application Support/provisioning/user_config.yaml</code></li>
<li>Linux: <code>~/.config/provisioning/user_config.yaml</code></li>
<li>Windows: <code>%APPDATA%\provisioning\user_config.yaml</code></li>
</ul>
<hr />
<h2 id="security-commands"><a class="header" href="#security-commands">Security Commands</a></h2>
<h3 id="authentication-via-cli"><a class="header" href="#authentication-via-cli">Authentication (via CLI)</a></h3>
<pre><code class="language-bash"># Login
provisioning login admin
# Logout
provisioning logout
# Show session status
provisioning auth status
# List active sessions
provisioning auth sessions
</code></pre>
<h3 id="multi-factor-authentication-mfa"><a class="header" href="#multi-factor-authentication-mfa">Multi-Factor Authentication (MFA)</a></h3>
<pre><code class="language-bash"># Enroll in TOTP (Google Authenticator, Authy)
provisioning mfa totp enroll
# Enroll in WebAuthn (YubiKey, Touch ID, Windows Hello)
provisioning mfa webauthn enroll
# Verify MFA code
provisioning mfa totp verify --code 123456
provisioning mfa webauthn verify
# List registered devices
provisioning mfa devices
</code></pre>
<h3 id="secrets-management"><a class="header" href="#secrets-management">Secrets Management</a></h3>
<pre><code class="language-bash"># Generate AWS STS credentials (15min-12h TTL)
provisioning secrets generate aws --ttl 1hr
# Generate SSH key pair (Ed25519)
provisioning secrets generate ssh --ttl 4hr
# List active secrets
provisioning secrets list
# Revoke secret
provisioning secrets revoke &lt;secret_id&gt;
# Cleanup expired secrets
provisioning secrets cleanup
</code></pre>
<h3 id="ssh-temporal-keys"><a class="header" href="#ssh-temporal-keys">SSH Temporal Keys</a></h3>
<pre><code class="language-bash"># Connect to server with temporal key
provisioning ssh connect server01 --ttl 1hr
# Generate SSH key pair only
provisioning ssh generate --ttl 4hr
# List active SSH keys
provisioning ssh list
# Revoke SSH key
provisioning ssh revoke &lt;key_id&gt;
</code></pre>
<h3 id="kms-operations-via-cli"><a class="header" href="#kms-operations-via-cli">KMS Operations (via CLI)</a></h3>
<pre><code class="language-bash"># Encrypt configuration file
provisioning kms encrypt secure.yaml
# Decrypt configuration file
provisioning kms decrypt secure.yaml.enc
# Encrypt entire config directory
provisioning config encrypt workspace/infra/production/
# Decrypt config directory
provisioning config decrypt workspace/infra/production/
</code></pre>
<h3 id="break-glass-emergency-access"><a class="header" href="#break-glass-emergency-access">Break-Glass Emergency Access</a></h3>
<pre><code class="language-bash"># Request emergency access
provisioning break-glass request "Production database outage"
# Approve emergency request (requires admin)
provisioning break-glass approve &lt;request_id&gt; --reason "Approved by CTO"
# List break-glass sessions
provisioning break-glass list
# Revoke break-glass session
provisioning break-glass revoke &lt;session_id&gt;
</code></pre>
<h3 id="compliance-and-audit"><a class="header" href="#compliance-and-audit">Compliance and Audit</a></h3>
<pre><code class="language-bash"># Generate compliance report
provisioning compliance report
provisioning compliance report --standard gdpr
provisioning compliance report --standard soc2
provisioning compliance report --standard iso27001
# GDPR operations
provisioning compliance gdpr export &lt;user_id&gt;
provisioning compliance gdpr delete &lt;user_id&gt;
provisioning compliance gdpr rectify &lt;user_id&gt;
# Incident management
provisioning compliance incident create "Security breach detected"
provisioning compliance incident list
provisioning compliance incident update &lt;incident_id&gt; --status investigating
# Audit log queries
provisioning audit query --user alice --action deploy --from 24h
provisioning audit export --format json --output audit-logs.json
</code></pre>
<hr />
<h2 id="common-workflows"><a class="header" href="#common-workflows">Common Workflows</a></h2>
<h3 id="complete-deployment-from-scratch"><a class="header" href="#complete-deployment-from-scratch">Complete Deployment from Scratch</a></h3>
<pre><code class="language-bash"># 1. Initialize workspace
provisioning workspace init --name production
# 2. Validate configuration
provisioning validate config
# 3. Create infrastructure definition
provisioning generate infra --new production
# 4. Create servers (check mode first)
provisioning server create --infra production --check
# 5. Create servers (actual deployment)
provisioning server create --infra production --yes
# 6. Install Kubernetes
provisioning taskserv create kubernetes --infra production --check
provisioning taskserv create kubernetes --infra production
# 7. Deploy cluster services
provisioning cluster create production --check
provisioning cluster create production
# 8. Verify deployment
provisioning server list --infra production
provisioning taskserv list --infra production
# 9. SSH to servers
provisioning server ssh k8s-master-01
</code></pre>
<h3 id="multi-environment-deployment"><a class="header" href="#multi-environment-deployment">Multi-Environment Deployment</a></h3>
<pre><code class="language-bash"># Deploy to dev
provisioning server create --infra dev --check
provisioning server create --infra dev
provisioning taskserv create kubernetes --infra dev
# Deploy to staging
provisioning server create --infra staging --check
provisioning server create --infra staging
provisioning taskserv create kubernetes --infra staging
# Deploy to production (with confirmation)
provisioning server create --infra production --check
provisioning server create --infra production
provisioning taskserv create kubernetes --infra production
</code></pre>
<h3 id="update-infrastructure"><a class="header" href="#update-infrastructure">Update Infrastructure</a></h3>
<pre><code class="language-bash"># 1. Check for updates
provisioning taskserv check-updates
# 2. Update specific taskserv (check mode)
provisioning taskserv update kubernetes --check
# 3. Apply update
provisioning taskserv update kubernetes
# 4. Verify update
provisioning taskserv list --infra production | where name == kubernetes
</code></pre>
<h3 id="encrypted-secrets-deployment"><a class="header" href="#encrypted-secrets-deployment">Encrypted Secrets Deployment</a></h3>
<pre><code class="language-bash"># 1. Authenticate
auth login admin
auth mfa verify --code 123456
# 2. Encrypt secrets
kms encrypt (open secrets/production.yaml) --backend rustyvault | save secrets/production.enc
# 3. Deploy with encrypted secrets
provisioning cluster create production --secrets secrets/production.enc
# 4. Verify deployment
orch tasks --status completed
</code></pre>
<hr />
<h2 id="debug-and-check-mode"><a class="header" href="#debug-and-check-mode">Debug and Check Mode</a></h2>
<h3 id="debug-mode"><a class="header" href="#debug-mode">Debug Mode</a></h3>
<p>Enable verbose logging with <code>--debug</code> or <code>-x</code> flag:</p>
<pre><code class="language-bash"># Server creation with debug output
provisioning server create --debug
provisioning server create -x
# Taskserv creation with debug
provisioning taskserv create kubernetes --debug
# Show detailed error traces
provisioning --debug taskserv create kubernetes
</code></pre>
<h3 id="check-mode-dry-run"><a class="header" href="#check-mode-dry-run">Check Mode (Dry Run)</a></h3>
<p>Preview changes without applying them with <code>--check</code> or <code>-c</code> flag:</p>
<pre><code class="language-bash"># Check what servers would be created
provisioning server create --check
provisioning server create -c
# Check taskserv installation
provisioning taskserv create kubernetes --check
# Check cluster creation
provisioning cluster create buildkit --check
# Combine with debug for detailed preview
provisioning server create --check --debug
</code></pre>
<h3 id="auto-confirm-mode"><a class="header" href="#auto-confirm-mode">Auto-Confirm Mode</a></h3>
<p>Skip confirmation prompts with <code>--yes</code> or <code>-y</code> flag:</p>
<pre><code class="language-bash"># Auto-confirm server creation
provisioning server create --yes
provisioning server create -y
# Auto-confirm deletion
provisioning server delete --yes
</code></pre>
<h3 id="wait-mode"><a class="header" href="#wait-mode">Wait Mode</a></h3>
<p>Wait for operations to complete with <code>--wait</code> or <code>-w</code> flag:</p>
<pre><code class="language-bash"># Wait for server creation to complete
provisioning server create --wait
# Wait for taskserv installation
provisioning taskserv create kubernetes --wait
</code></pre>
<h3 id="infrastructure-selection"><a class="header" href="#infrastructure-selection">Infrastructure Selection</a></h3>
<p>Specify target infrastructure with <code>--infra</code> or <code>-i</code> flag:</p>
<pre><code class="language-bash"># Create servers in specific infrastructure
provisioning server create --infra production
provisioning server create -i production
# List servers in specific infrastructure
provisioning server list --infra production
</code></pre>
<hr />
<h2 id="output-formats"><a class="header" href="#output-formats">Output Formats</a></h2>
<h3 id="json-output"><a class="header" href="#json-output">JSON Output</a></h3>
<pre><code class="language-bash"># Output as JSON
provisioning server list --out json
provisioning taskserv list --out json
# Pipeline JSON output
provisioning server list --out json | jq '.[] | select(.status == "running")'
</code></pre>
<h3 id="yaml-output"><a class="header" href="#yaml-output">YAML Output</a></h3>
<pre><code class="language-bash"># Output as YAML
provisioning server list --out yaml
provisioning taskserv list --out yaml
# Pipeline YAML output
provisioning server list --out yaml | yq '.[] | select(.status == "running")'
</code></pre>
<h3 id="table-output-default"><a class="header" href="#table-output-default">Table Output (Default)</a></h3>
<pre><code class="language-bash"># Output as table (default)
provisioning server list
provisioning server list --out table
# Pretty-printed table
provisioning server list | table
</code></pre>
<h3 id="text-output"><a class="header" href="#text-output">Text Output</a></h3>
<pre><code class="language-bash"># Output as plain text
provisioning server list --out text
</code></pre>
<hr />
<h2 id="performance-tips"><a class="header" href="#performance-tips">Performance Tips</a></h2>
<h3 id="use-plugins-for-frequent-operations"><a class="header" href="#use-plugins-for-frequent-operations">Use Plugins for Frequent Operations</a></h3>
<pre><code class="language-bash"># ❌ Slow: HTTP API (50ms per call)
for i in 1..100 { http post http://localhost:9998/encrypt { data: "secret" } }
# ✅ Fast: Plugin (5ms per call, 10x faster)
for i in 1..100 { kms encrypt "secret" }
</code></pre>
<h3 id="batch-operations-1"><a class="header" href="#batch-operations-1">Batch Operations</a></h3>
<pre><code class="language-bash"># Use batch workflows for multiple operations
provisioning batch submit workflows/multi-cloud-deploy.k
</code></pre>
<h3 id="check-mode-for-testing"><a class="header" href="#check-mode-for-testing">Check Mode for Testing</a></h3>
<pre><code class="language-bash"># Always test with --check first
provisioning server create --check
provisioning server create # Only after verification
</code></pre>
<hr />
<h2 id="help-system"><a class="header" href="#help-system">Help System</a></h2>
<h3 id="command-specific-help"><a class="header" href="#command-specific-help">Command-Specific Help</a></h3>
<pre><code class="language-bash"># Show help for specific command
provisioning help server
provisioning help taskserv
provisioning help cluster
provisioning help workflow
provisioning help batch
# Show help for command category
provisioning help infra
provisioning help orch
provisioning help dev
provisioning help ws
provisioning help config
</code></pre>
<h3 id="bi-directional-help"><a class="header" href="#bi-directional-help">Bi-Directional Help</a></h3>
<pre><code class="language-bash"># All these work identically:
provisioning help workspace
provisioning workspace help
provisioning ws help
provisioning help ws
</code></pre>
<h3 id="general-help"><a class="header" href="#general-help">General Help</a></h3>
<pre><code class="language-bash"># Show all commands
provisioning help
provisioning --help
# Show version
provisioning version
provisioning --version
</code></pre>
<hr />
<h2 id="quick-reference-common-flags"><a class="header" href="#quick-reference-common-flags">Quick Reference: Common Flags</a></h2>
<div class="table-wrapper"><table><thead><tr><th>Flag</th><th>Short</th><th>Description</th><th>Example</th></tr></thead><tbody>
<tr><td><code>--debug</code></td><td><code>-x</code></td><td>Enable debug mode</td><td><code>provisioning server create --debug</code></td></tr>
<tr><td><code>--check</code></td><td><code>-c</code></td><td>Check mode (dry run)</td><td><code>provisioning server create --check</code></td></tr>
<tr><td><code>--yes</code></td><td><code>-y</code></td><td>Auto-confirm</td><td><code>provisioning server delete --yes</code></td></tr>
<tr><td><code>--wait</code></td><td><code>-w</code></td><td>Wait for completion</td><td><code>provisioning server create --wait</code></td></tr>
<tr><td><code>--infra</code></td><td><code>-i</code></td><td>Specify infrastructure</td><td><code>provisioning server list --infra prod</code></td></tr>
<tr><td><code>--out</code></td><td>-</td><td>Output format</td><td><code>provisioning server list --out json</code></td></tr>
</tbody></table>
</div>
<hr />
<h2 id="plugin-installation-quick-reference"><a class="header" href="#plugin-installation-quick-reference">Plugin Installation Quick Reference</a></h2>
<pre><code class="language-bash"># Build all plugins (one-time setup)
cd provisioning/core/plugins/nushell-plugins
cargo build --release --all
# Register plugins
plugin add target/release/nu_plugin_auth
plugin add target/release/nu_plugin_kms
plugin add target/release/nu_plugin_orchestrator
# Verify installation
plugin list | where name =~ "auth|kms|orch"
auth --help
kms --help
orch --help
# Set environment
export RUSTYVAULT_ADDR="http://localhost:8200"
export RUSTYVAULT_TOKEN="hvs.xxxxx"
export CONTROL_CENTER_URL="http://localhost:3000"
</code></pre>
<hr />
<h2 id="related-documentation"><a class="header" href="#related-documentation">Related Documentation</a></h2>
<ul>
<li><strong>Complete Plugin Guide</strong>: <code>docs/user/PLUGIN_INTEGRATION_GUIDE.md</code></li>
<li><strong>Plugin Reference</strong>: <code>docs/user/NUSHELL_PLUGINS_GUIDE.md</code></li>
<li><strong>From Scratch Guide</strong>: <code>docs/guides/from-scratch.md</code></li>
<li><strong>Update Infrastructure</strong>: <code>docs/guides/update-infrastructure.md</code></li>
<li><strong>Customize Infrastructure</strong>: <code>docs/guides/customize-infrastructure.md</code></li>
<li><strong>CLI Architecture</strong>: <code>.claude/features/cli-architecture.md</code></li>
<li><strong>Security System</strong>: <code>docs/architecture/ADR-009-security-system-complete.md</code></li>
</ul>
<hr />
<p><strong>For fastest access to this guide</strong>: <code>provisioning sc</code></p>
<p><strong>Last Updated</strong>: 2025-10-09
<strong>Maintained By</strong>: Platform Team</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../guides/customize-infrastructure.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../migration/index.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../guides/customize-infrastructure.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../migration/index.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<!-- Livereload script (if served using the cli tool) -->
<script>
const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload";
const socket = new WebSocket(wsAddress);
socket.onmessage = function (event) {
if (event.data === "reload") {
socket.close();
location.reload();
}
};
window.onbeforeunload = function() {
socket.close();
}
</script>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>
Reference in New Issue Copy Permalink