.. -*- mode: rst -*-
.. _server-plugins-generators-decisions:
=========
Decisions
=========
This page describes the Decisions plugin. The client has support for a
centralized set of per-entry installation decisions. This approach is
needed when particular changes are deemed "high risk"; this gives the
ability to centrally specify these changes, but only install them on
clients when administrator supervision is available. Because collaborative
configuration is one of the remaining hard issues in configuration
management, these issues typically crop up in environments with several
administrators and much configuration variety.
In these cases, the client can be configured to run in either a whitelist
or blacklist mode, wherein a list of entries is downloaded from the
server. The client uses this list to determine which incorrect entries
should be corrected during the current run of the installation tool. The
Decisions plugin is the only stock plugin that generates entries for
client's whitelists or blacklists.
.. note::
If the client is not explicitly configured to run in whitelist or
blacklist mode, the list of entries is not downloaded and decisions
is not used. See `Decision Mode`_ below.
The Decisions plugin uses a directory in the Bcfg2 repository called
Decisions. Files in the Decisions subdirectory are named similarly to
files managed by Cfg and Probes, so you can use host- and
group-specific files and the like after their basename. File basenames
are either ``whitelist`` or ``blacklist``. These files have a simple
format; the following is an example.
.. code-block:: xml
$ cat Decisions/whitelist
<Decisions>
<Decision type='Service' name='*'/>
<Decision type='Path' name='/etc/apt/apt.conf'/>
</Decisions>
This example, included as a whitelist due to its name, enables all services,
and the path entry named ``/etc/apt/apt.conf``. All these entries must
already be present in your repository, the Decisions plugin just references
them. In whitelist mode, only the given items are applied to the client; all
other entry installation will be surpressed.
In blacklist mode, every entry that is not blacklisted will be installed.
When a client asks for its whitelist or blacklist, all of the files
pertaining to that client of the correct type are aggregated into a single
list. This list is sent to the client.
.. note:: Using this plugin does not present additional prompts or
safety nets to the administrator running the client, you have to
control these via their respective options (``-I`` or ``-n``, for
example).
To add syntax highlighting to Decisions files in vim and emacs, you
can add comments such as this::
<Decisions><!--*- mode: xml; -*-->
<!-- vim: set ft=xml : -->
Decision Mode
=============
The whitelist or blacklist is only generated when a client is run in
whitelist or blacklist mode. This can either be set at the command
line with the appropriate option (``-l (whitelist|blacklist)``), or in
``bcfg2.conf`` by setting ``decision`` in the ``client`` section to
``whitelist`` or ``blacklist``).
Client behavior is not controlled unless the decision mode is set. If
you do not use Decisions, all your entries will be installed normally.
distrib
>
Fedora
>
17
>
i386
>
media
>
updates
>
by-pkgid
>
b50d8ee6d7871fcc13c0677a9364ed59
>
files
>
198
