While most users will interact with BundleWrap through the bw command line utility, you can also use it from your own code to extract data or further automate config management tasks.

Even within BundleWrap itself (e.g. templates, libs, and hooks) you are often given repo and/or node objects to work with. Their methods and attributes are documented below.

Some general notes on using BundleWrap's API:

  • There can be an arbitrary amount of bundlewrap.repo.Repository objects per process.
  • Repositories are read as needed and not re-read when something changes. Modifying files in a repo during the lifetime of the matching Repository object may result in undefined behavior.


Here's a short example of how to use BundleWrap to get the uptime for a node.

from bundlewrap.repo import Repository

repo = Repository("/path/to/my/repo")
node = repo.get_node("mynode")
uptime = node.run("uptime")



The starting point of any interaction with BundleWrap. An object of this class represents the repository at the given path.


A list of all groups in the repo (instances of bundlewrap.group.Group)


A list of all group names in this repo.


A list of all nodes in the repo (instances of bundlewrap.node.Node)


A list of all node names in this repo


The current git, hg or bzr revision of this repo. None if no SCM was detected.


Returns the Group object for the given name.


Returns the Node object with the given name.


Returns a list of Node objects where every node is a member of every group name given.


Returns all Node objects that are a member of at least one of the given group names.


Returns a list of Node objects in the named group.


A system managed by BundleWrap.


A list of all bundles associated with this node (instances of bundlewrap.bundle.Bundle)


A list of bundlewrap.group.Group objects this node belongs to


The DNS name BundleWrap uses to connect to this node


A list of items on this node (instances of subclasses of bundlewrap.items.Item)


A large number derived from the node's name. This number is very likely to be unique for your entire repository. You can, for example, use this number to easily "jitter" cronjobs:

'{} {} * * * root /my/script'.format(
    node.magic_number % 60,
    node.magic_number % 2 + 4,


A dictionary of custom metadata, merged from information in nodes.py and groups.py


The internal identifier for this node

.download(remote_path, local_path)

Downloads a file from the node.

remote_path Which file to get from the node local_path Where to put the file


Get the Item object with the given ID (e.g. "file:/etc/motd").


True if the node has a bundle with the given name.


True if the node has a bundle with any of the given names.


True if the node is in a group with the given name.


True if the node is in a group with any of the given names.

.run(command, may_fail=False)

Runs a command on the node. Returns an instance of bundlewrap.operations.RunResult.

command What should be executed on the node may_fail If False, bundlewrap.exceptions.RemoteException will be raised if the command does not return 0.

.upload(local_path, remote_path, mode=None, owner="", group="")

Uploads a file to the node.

local_path Which file to upload remote_path Where to put the file on the target node mode File mode, e.g. "0644" owner Username of the file owner group Group name of the file group


A user-defined group of nodes.


The name of this group


A list of all nodes in this group (instances of bundlewrap.node.Node, includes subgroup members)


A Fault acts as a lazy stand-in object for the result of a given callback function. These objects are returned from the "vault" attached to Repository objects:

>>> repo.vault.password_for("demo")
<bundlewrap.utils.Fault object at 0x10782b208>

Only when the value property of a Fault is accessed or when the Fault is converted to a string, the callback function is executed. In the example above, this means that the password is only generated when it is really required (e.g. when used in a template). This is particularly useful when used in metadata in connection with secrets. Users will be able to generate metadata with Faults in it, even if they lack the required keys for the decryption operation represented by the Fault. The key will only be required for files etc. that actually use it. If a Fault cannot be resolved (e.g. for lack of the required key), BundleWrap can just skip the item using the Fault, while still allowing other items on the same node to be applied.

Faults also support some rudimentary string operations such as appending a string or another Fault, as well as some string methods:

>>> f = repo.vault.password_for("1") + ":" + repo.vault.password_for("2")
>>> f
<bundlewrap.utils.Fault object at 0x10782b208>
>>> f.value
>>> f += " "
>>> f.value
'VOd5PC:JUgYUb '
>>> f.strip().value
>>> repo.vault.password_for("1").format_into("Password: {}").value
'Password: VOd5PC'

These string methods are supported on Faults: format, lower, lstrip, replace, rstrip, strip, upper, zfill