<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Quickstart for CentOS — Bcfg2 1.3.0 documentation</title>
<link rel="stylesheet" href="../../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
VERSION: '1.3.0',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
<script type="text/javascript" src="../../_static/sidebar.js"></script>
<link rel="shortcut icon" href="../../_static/favicon.ico"/>
<link rel="top" title="Bcfg2 1.3.0 documentation" href="../../index.html" />
<link rel="up" title="Guides" href="../guides.html" />
<link rel="next" title="Converging on Verification with RHEL 5" href="converging_rhel5.html" />
<link rel="prev" title="Bootstrap" href="bootstrap.html" />
<link rel="stylesheet" href="../../_static/bcfg2.css" type=""/>
</head>
<body>
<div style="text-align: left; padding: 10px 10px 15px 15px">
<a href="../../index.html"><img src="../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="converging_rhel5.html" title="Converging on Verification with RHEL 5"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="bootstrap.html" title="Bootstrap"
accesskey="P">previous</a> |</li>
<li><a href="../../index.html">home</a> | </li>
<!--<li><a href="../../search.html">search</a> | </li>-->
<li><a href="../../help/index.html">help</a> | </li>
<li><a href="../../contents.html">documentation </a> »</li>
<li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li>
<li><a href="../index.html" >Appendix</a> »</li>
<li><a href="../guides.html" accesskey="U">Guides</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="quickstart-for-centos">
<span id="appendix-guides-centos"></span><h1>Quickstart for CentOS<a class="headerlink" href="#quickstart-for-centos" title="Permalink to this headline">¶</a></h1>
<p>This is a complete getting started guide for CentOS. With this document
you should be able to install a Bcfg2 server and a Bcfg2 client.</p>
<div class="section" id="install-bcfg2">
<h2>Install Bcfg2<a class="headerlink" href="#install-bcfg2" title="Permalink to this headline">¶</a></h2>
<p>The fastest way to get Bcfg2 onto your system is to use Yum or
your preferred package management tool. We’ll be using the ones
that are distributed through <a class="reference external" href="http://fedoraproject.org/wiki/EPEL">EPEL</a>, but depending on your aversion
to risk you could download an RPM from other places as well. See
<a class="reference internal" href="using-bcfg2-with-centos.html#getting-started-using-bcfg2-with-centos"><em>Using Bcfg2 With CentOS</em></a> for information about
building Bcfg2 from source and making your own packages.</p>
<div class="section" id="using-epel">
<h3>Using EPEL<a class="headerlink" href="#using-epel" title="Permalink to this headline">¶</a></h3>
<p>Make sure <a class="reference external" href="http://fedoraproject.org/wiki/EPEL">EPEL</a> is a valid repository on your server. The <a class="reference external" href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse">instructions</a> on how to do this
basically say:</p>
<div class="highlight-python"><pre>[root@centos ~]# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm</pre>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">You will have to adjust this command to match your architecture and
the current EPEL release.</p>
</div>
<p>Install the bcfg2-server and bcfg2 RPMs:</p>
<div class="highlight-python"><pre>[root@centos ~]# yum install bcfg2-server bcfg2</pre>
</div>
<p>Your system should now have the necessary software to use Bcfg2. The
next step is to set up your Bcfg2 <a class="reference internal" href="../../glossary.html#term-repository"><em class="xref std std-term">repository</em></a>.</p>
</div>
</div>
<div class="section" id="initialize-your-repository">
<h2>Initialize your repository<a class="headerlink" href="#initialize-your-repository" title="Permalink to this headline">¶</a></h2>
<p>Now that you’re done with the install, you need to initialize your
repository and setup your <tt class="docutils literal"><span class="pre">/etc/bcfg2.conf</span></tt>. <tt class="docutils literal"><span class="pre">bcfg2-admin</span> <span class="pre">init</span></tt>
is a tool which allows you to automate this:</p>
<div class="highlight-python"><pre>[root@centos ~]# bcfg2-admin init
Store bcfg2 configuration in [/etc/bcfg2.conf]:
Location of bcfg2 repository [/var/lib/bcfg2]:
Input password used for communication verification (without echoing; leave blank for a random):
What is the server's hostname: [centos]
Input the server location [https://centos:6789]:
Input base Operating System for clients:
1: Redhat/Fedora/RHEL/RHAS/Centos
2: SUSE/SLES
3: Mandrake
4: Debian
5: Ubuntu
6: Gentoo
7: FreeBSD
: 1
Generating a 2048 bit RSA private key
.........................+++
..................+++
writing new private key to '/etc/bcfg2.key'
-----
Signature ok
subject=/C=US=ST=Illinois/L=Argonne/CN=centos
Getting Private key
Repository created successfuly in /var/lib/bcfg2</pre>
</div>
<p>Change responses as necessary.</p>
</div>
<div class="section" id="start-the-server">
<h2>Start the server<a class="headerlink" href="#start-the-server" title="Permalink to this headline">¶</a></h2>
<p>You are now ready to start your bcfg2 server for the first time:</p>
<div class="highlight-python"><pre>[root@centos ~]# /sbin/service bcfg2-server start</pre>
</div>
<p>To verify that everything started ok, look for the running daemon and check the logs:</p>
<div class="highlight-python"><pre>[root@centos ~]# /etc/init.d/service bcfg2-server status
[root@centos ~]# tail /var/log/messages
Mar 29 12:42:26 centos bcfg2-server[5093]: service available at https://centos:6789
Mar 29 12:42:26 centos bcfg2-server[5093]: serving bcfg2-server at https://centos:6789
Mar 29 12:42:26 centos bcfg2-server[5093]: serve_forever() [start]
Mar 29 12:42:41 centos bcfg2-server[5093]: Handled 16 events in 0.007s</pre>
</div>
<p>Run bcfg2 to be sure you are able to communicate with the server:</p>
<div class="highlight-python"><pre>[root@centos ~]# bcfg2 -vqn
No ca is specified. Cannot authenticate the server with SSL.
No ca is specified. Cannot authenticate the server with SSL.
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Excluding Packages in global exclude list
Finished
Loaded tool drivers:
Action Chkconfig POSIX YUMng
Phase: initial
Correct entries: 0
Incorrect entries: 0
Total managed entries: 0
Unmanaged entries: 208
Phase: final
Correct entries: 0
Incorrect entries: 0
Total managed entries: 0
Unmanaged entries: 208
No ca is specified. Cannot authenticate the server with SSL.</pre>
</div>
<p>The ca message is just a warning, meaning that the client does not
have sufficient information to verify that it is talking to the
correct server. This can be fixed by distributing the ca certificate
from the server to all clients. By default, this file is available in
<tt class="docutils literal"><span class="pre">/etc/bcfg2.crt</span></tt> on the server. Copy this file to the client (with a
bundle) and add the ca option to <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt> pointing at the file,
and the client will be able to verify it is talking to the correct server
upon connection:</p>
<div class="highlight-python"><pre>[root@centos ~]# cat /etc/bcfg2.conf
[communication]
protocol = xmlrpc/ssl
password = N41lMNeW
ca = /etc/bcfg2.crt
[components]
bcfg2 = https://centos:6789</pre>
</div>
<p>Now if you run the client, no more warning:</p>
<div class="highlight-python"><pre>[root@centos ~]# bcfg2 -vqn
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Excluding Packages in global exclude list
Finished
Loaded tool drivers:
Action Chkconfig POSIX YUMng
Phase: initial
Correct entries: 0
Incorrect entries: 0
Total managed entries: 0
Unmanaged entries: 208
Phase: final
Correct entries: 0
Incorrect entries: 0
Total managed entries: 0
Unmanaged entries: 208</pre>
</div>
</div>
<div class="section" id="bring-your-first-machine-under-bcfg2-control">
<h2>Bring your first machine under Bcfg2 control<a class="headerlink" href="#bring-your-first-machine-under-bcfg2-control" title="Permalink to this headline">¶</a></h2>
<p>Now it is time to get your first machine’s configuration into your
Bcfg2 <a class="reference internal" href="../../glossary.html#term-repository"><em class="xref std std-term">repository</em></a>. Let’s start with the server itself.</p>
<div class="section" id="setup-the-server-plugins-generators-packages-plugin">
<h3>Setup the <a class="reference internal" href="../../server/plugins/generators/packages.html#server-plugins-generators-packages"><em>Packages</em></a> plugin<a class="headerlink" href="#setup-the-server-plugins-generators-packages-plugin" title="Permalink to this headline">¶</a></h3>
<p>First, replace <strong>Pkgmgr</strong> with <strong>Packages</strong> in the plugins
line of <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt>. Then create Packages layout (as per
<a class="reference internal" href="../../server/plugins/generators/packages.html#packages-exampleusage"><em>Example usage</em></a>) in <tt class="docutils literal"><span class="pre">/var/lib/bcfg2</span></tt></p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">I am using the RawURL syntax here since we are using <a class="reference external" href="http://dag.wieers.com/home-made/mrepo/">mrepo</a>
to manage our yum mirrors.</p>
</div>
<div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Sources></span>
<span class="c"><!-- CentOS (5.4) sources --></span>
<span class="nt"><YUMSource></span>
<span class="nt"><Group></span>centos-5.4<span class="nt"></Group></span>
<span class="nt"><RawURL></span>http://mrepo/centos5-x86_64/RPMS.os<span class="nt"></RawURL></span>
<span class="nt"><Arch></span>x86_64<span class="nt"></Arch></span>
<span class="nt"></YUMSource></span>
<span class="nt"><YUMSource></span>
<span class="nt"><Group></span>centos-5.4<span class="nt"></Group></span>
<span class="nt"><RawURL></span>http://mrepo/centos5-x86_64/RPMS.updates<span class="nt"></RawURL></span>
<span class="nt"><Arch></span>x86_64<span class="nt"></Arch></span>
<span class="nt"></YUMSource></span>
<span class="nt"><YUMSource></span>
<span class="nt"><Group></span>centos-5.4<span class="nt"></Group></span>
<span class="nt"><RawURL></span>http://mrepo/centos5-x86_64/RPMS.extras<span class="nt"></RawURL></span>
<span class="nt"><Arch></span>x86_64<span class="nt"></Arch></span>
<span class="nt"></YUMSource></span>
<span class="nt"></Sources></span>
</pre></div>
</div>
<p>Due to the <a class="reference internal" href="../../server/plugins/generators/packages.html#server-plugins-generators-packages-magic-groups"><em>“Magic Groups”</em></a>,
we need to modify our Metadata. Let’s add a <strong>centos5.4</strong> group which
inherits a <strong>centos</strong> group (this should replace the existing <strong>redhat</strong>
group) present in <tt class="docutils literal"><span class="pre">/var/lib/bcfg2/Metadata/groups.xml</span></tt>. The resulting
file should look something like this</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">The reason we are creating a release-specific group in this case is
that the YUMSource above is specific to the 5.4 release of centos.
That is, it should not apply to other releases (5.1, 5.3, etc).</p>
</div>
<div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Groups</span> <span class="na">version=</span><span class="s">'3.0'</span><span class="nt">></span>
<span class="nt"><Group</span> <span class="na">profile=</span><span class="s">'true'</span> <span class="na">public=</span><span class="s">'true'</span> <span class="na">default=</span><span class="s">'true'</span> <span class="na">name=</span><span class="s">'basic'</span><span class="nt">></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos-5.4'</span><span class="nt">/></span>
<span class="nt"></Group></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos-5.4'</span><span class="nt">></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos'</span><span class="nt">/></span>
<span class="nt"></Group></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'ubuntu'</span><span class="nt">/></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'debian'</span><span class="nt">/></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'freebsd'</span><span class="nt">/></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'gentoo'</span><span class="nt">/></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos'</span><span class="nt">/></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'suse'</span><span class="nt">/></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'mandrake'</span><span class="nt">/></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'solaris'</span><span class="nt">/></span>
<span class="nt"></Groups></span>
</pre></div>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">When editing your xml files by hand, it is useful to occasionally run
<cite>bcfg2-lint</cite> to ensure that your xml validates properly.</p>
</div>
<p>The final thing we need is for the client to have the proper
arch group membership. For this, we will make use of the
<a class="reference internal" href="../../unsorted/dynamic_groups.html#unsorted-dynamic-groups"><em>Dynamic Groups</em></a> capabilities of the Probes plugin. Add
Probes to your plugins line in <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt> and create the Probe.:</p>
<div class="highlight-python"><pre>[root@centos ~]# grep plugins /etc/bcfg2.conf
plugins = Base,Bundler,Cfg,...,Probes
[root@centos ~]# mkdir /var/lib/bcfg2/Probes
[root@centos ~]# cat /var/lib/bcfg2/Probes/groups
#!/bin/sh
echo "group:`uname -m`"</pre>
</div>
<p>Now we restart the bcfg2-server:</p>
<div class="highlight-python"><pre>[root@centos ~]# /etc/init.d/bcfg2-server restart</pre>
</div>
<p>If you now <tt class="docutils literal"><span class="pre">tail</span> <span class="pre">-f</span> <span class="pre">/var/log/messages</span></tt>, you will see the Packages
plugin in action, updating the cache.</p>
</div>
<div class="section" id="start-managing-packages">
<h3>Start managing packages<a class="headerlink" href="#start-managing-packages" title="Permalink to this headline">¶</a></h3>
<p>Add a base-packages bundle. Let’s see what happens when we just populate
it with the <em>yum</em> package.</p>
<div class="highlight-xml"><div class="highlight"><pre>[root@centos ~]# cat /var/lib/bcfg2/Bundler/base-packages.xml
<span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'yum'</span><span class="nt">/></span>
<span class="nt"></Bundle></span>
</pre></div>
</div>
<p>You need to reference the bundle from your Metadata. The resulting
profile group might look something like this</p>
<div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Group</span> <span class="na">profile=</span><span class="s">'true'</span> <span class="na">public=</span><span class="s">'true'</span> <span class="na">default=</span><span class="s">'true'</span> <span class="na">name=</span><span class="s">'basic'</span><span class="nt">></span>
<span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">/></span>
<span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos5.4'</span><span class="nt">/></span>
<span class="nt"></Group></span>
</pre></div>
</div>
<p>Now if we run the client, we can see what this has done for us.:</p>
<div class="highlight-python"><pre>[root@centos ~]# bcfg2 -vqn
Running probe groups
Probe groups has result:
x86_64
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Excluding Packages in global exclude list
Finished
Loaded tool drivers:
Action Chkconfig POSIX YUMng
Package pam failed verification.
Phase: initial
Correct entries: 94
Incorrect entries: 1
Total managed entries: 95
Unmanaged entries: 113
In dryrun mode: suppressing entry installation for:
Package:pam
Phase: final
Correct entries: 94
Incorrect entries: 1
Package:pam
Total managed entries: 95
Unmanaged entries: 113</pre>
</div>
<p>Interesting, our <strong>pam</strong> package failed verification. What does this
mean? Let’s have a look:</p>
<div class="highlight-python"><pre>[root@centos ~]# rpm --verify pam
....L... c /etc/pam.d/system-auth</pre>
</div>
<p>Sigh, it looks like the default RPM install for pam fails to verify
using its own verification process (trust me, it’s not the only one). At
any rate, I was able to get rid of this particular issue by removing the
symlink and running <tt class="docutils literal"><span class="pre">yum</span> <span class="pre">reinstall</span> <span class="pre">pam</span></tt>.</p>
<p>As you can see, the Packages plugin has generated the dependencies
required for the yum package automatically. The ultimate goal should
be to move all the packages from the <strong>Unmanaged</strong> entries section to
the <strong>Managed</strong> entries section. So, what exactly <em>are</em> those Unmanaged
entries?:</p>
<div class="highlight-python"><pre>[root@centos ~]# bcfg2 -veqn
Running probe groups
Probe groups has result:
x86_64
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Excluding Packages in global exclude list
Finished
Loaded tool drivers:
Action Chkconfig POSIX YUMng
Extra Package openssh-clients 4.3p2-36.el5_4.4.x86_64.
Extra Package libuser 0.54.7-2.1el5_4.1.x86_64.
...
Phase: initial
Correct entries: 95
Incorrect entries: 0
Total managed entries: 95
Unmanaged entries: 113
Phase: final
Correct entries: 95
Incorrect entries: 0
Total managed entries: 95
Unmanaged entries: 113
Package:at
Package:avahi
Package:avahi-compat-libdns_sd
...</pre>
</div>
<p>Now you can go through these and continue adding the packages you want
to your Bundle. After a while, I ended up with a minimal bundle that
looks like this</p>
<div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'exim'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'grub'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'kernel'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'krb5-workstation'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'m2crypto'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-clients'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-server'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'prelink'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'redhat-lsb'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rpm-build'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rsync'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'sysklogd'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'vim-enhanced'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'yum'</span><span class="nt">/></span>
<span class="nt"></Bundle></span>
</pre></div>
</div>
<p>Now when I run the client, you can see I have only one unmanaged
package:</p>
<div class="highlight-python"><pre>[root@centos ~]# bcfg2 -veqn
Running probe groups
Probe groups has result:
x86_64
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Excluding Packages in global exclude list
Finished
Loaded tool drivers:
Action Chkconfig POSIX YUMng
Extra Package gpg-pubkey e8562897-459f07a4.None.
Extra Package gpg-pubkey 217521f6-45e8a532.None.
Phase: initial
Correct entries: 187
Incorrect entries: 0
Total managed entries: 187
Unmanaged entries: 16
Phase: final
Correct entries: 187
Incorrect entries: 0
Total managed entries: 187
Unmanaged entries: 16
Package:gpg-pubkey
Service:atd
Service:avahi-daemon
Service:bcfg2-server
...</pre>
</div>
<p>The gpg-pubkey packages are special in that they are not really
packages. Currently, the way to manage them is using <a class="reference internal" href="../../server/configurationentries.html#boundentries"><em>BoundEntries</em></a>. So, after adding them, our Bundle now looks like this</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">This does not actually control the contents of the files,
you will need to do this part separately (see below).</p>
</div>
<div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">></span>
<span class="nt"><BoundPackage</span> <span class="na">name=</span><span class="s">"gpg-pubkey"</span> <span class="na">type=</span><span class="s">"rpm"</span> <span class="na">version=</span><span class="s">"foo"</span><span class="nt">></span>
<span class="nt"><Instance</span> <span class="na">simplefile=</span><span class="s">"/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5"</span> <span class="na">version=</span><span class="s">"e8562897"</span> <span class="na">release=</span><span class="s">"459f07a4"</span><span class="nt">/></span>
<span class="nt"><Instance</span> <span class="na">simplefile=</span><span class="s">"/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL"</span> <span class="na">version=</span><span class="s">"217521f6"</span> <span class="na">release=</span><span class="s">"45e8a532"</span><span class="nt">/></span>
<span class="nt"></BoundPackage></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'exim'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'grub'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'kernel'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'krb5-workstation'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'m2crypto'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-clients'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-server'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'prelink'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'redhat-lsb'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rpm-build'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rsync'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'sysklogd'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'vim-enhanced'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'yum'</span><span class="nt">/></span>
<span class="nt"></Bundle></span>
</pre></div>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">version=”foo” is just a dummy attribute for the gpg-pubkey Package</p>
</div>
<p>To actually push the gpg keys out via Bcfg2, you will need to manage the
files as well. This can be done by adding Path entries for each of the
gpg keys you want to manage</p>
<div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">></span>
<span class="nt"><Path</span> <span class="na">name=</span><span class="s">'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5'</span><span class="nt">/></span>
<span class="nt"><Path</span> <span class="na">name=</span><span class="s">'/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL'</span><span class="nt">/></span>
<span class="nt"><BoundPackage</span> <span class="na">name=</span><span class="s">"gpg-pubkey"</span> <span class="na">type=</span><span class="s">"rpm"</span> <span class="na">version=</span><span class="s">"foo"</span><span class="nt">></span>
<span class="nt"><Instance</span> <span class="na">simplefile=</span><span class="s">"/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5"</span> <span class="na">version=</span><span class="s">"e8562897"</span> <span class="na">release=</span><span class="s">"459f07a4"</span><span class="nt">/></span>
<span class="nt"><Instance</span> <span class="na">simplefile=</span><span class="s">"/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL"</span> <span class="na">version=</span><span class="s">"217521f6"</span> <span class="na">release=</span><span class="s">"45e8a532"</span><span class="nt">/></span>
<span class="nt"></BoundPackage></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'exim'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'grub'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'kernel'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'krb5-workstation'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'m2crypto'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-clients'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-server'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'prelink'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'redhat-lsb'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rpm-build'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rsync'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'sysklogd'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'vim-enhanced'</span><span class="nt">/></span>
<span class="nt"><Package</span> <span class="na">name=</span><span class="s">'yum'</span><span class="nt">/></span>
<span class="nt"></Bundle></span>
</pre></div>
</div>
<p>Then add the files to Cfg:</p>
<div class="highlight-python"><pre>mkdir -p Cfg/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
cp /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 !$/RPM-GPG-KEY-CentOS-5
mkdir -p Cfg/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
cp /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL !$/RPM-GPG-KEY-EPEL</pre>
</div>
<p>You will also want to add an <em>important</em> attribute to these files so
that they are installed on the client prior to any attempts to install
the <strong>gpg-pubkey</strong> rpm packages. This is especially important during the
bootstrapping phase and can be accomplished using an <a class="reference internal" href="../../server/info.html#server-info"><em>info.xml</em></a>
file that looks like the following:</p>
<div class="highlight-xml"><div class="highlight"><pre><span class="nt"><FileInfo></span>
<span class="nt"><Info</span> <span class="na">owner=</span><span class="s">'root'</span> <span class="na">group=</span><span class="s">'root'</span> <span class="na">mode=</span><span class="s">'0644'</span> <span class="na">important=</span><span class="s">'true'</span><span class="nt">/></span>
<span class="nt"></FileInfo></span>
</pre></div>
</div>
<p>Now, running the client shows only unmanaged Service entries. Woohoo!</p>
</div>
<div class="section" id="manage-services">
<h3>Manage services<a class="headerlink" href="#manage-services" title="Permalink to this headline">¶</a></h3>
<p>Now let’s clear up the unmanaged service entries by adding the following
entries to our bundle.</p>
<div class="highlight-xml"><div class="highlight"><pre><span class="c"><!-- basic services --></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'atd'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'avahi-daemon'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'crond'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'cups'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'gpm'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'lvm2-monitor'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'mcstrans'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'messagebus'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'netfs'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'network'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'postfix'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'rawdevices'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'sshd'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">name=</span><span class="s">'syslog'</span><span class="nt">/></span>
</pre></div>
</div>
<p>...and bind them in Rules</p>
<div class="highlight-xml"><div class="highlight"><pre>[root@centos ~]# cat /var/lib/bcfg2/Rules/services.xml
<span class="nt"><Rules</span> <span class="na">priority=</span><span class="s">'1'</span><span class="nt">></span>
<span class="c"><!-- basic services --></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'atd'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'avahi-daemon'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'crond'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'cups'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'gpm'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'lvm2-monitor'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'mcstrans'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'messagebus'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'netfs'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'network'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'postfix'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'rawdevices'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'sshd'</span><span class="nt">/></span>
<span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'syslog'</span><span class="nt">/></span>
<span class="nt"></Rules></span>
</pre></div>
</div>
<p>Now we run the client and see there are no more unmanaged entries!:</p>
<div class="highlight-python"><pre>[root@centos ~]# bcfg2 -veqn
Running probe groups
Probe groups has result:
x86_64
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Excluding Packages in global exclude list
Finished
Loaded tool drivers:
Action Chkconfig POSIX YUMng
Phase: initial
Correct entries: 205
Incorrect entries: 0
Total managed entries: 205
Unmanaged entries: 0
Phase: final
Correct entries: 205
Incorrect entries: 0
Total managed entries: 205
Unmanaged entries: 0</pre>
</div>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">This basic bundle is created mainly for the purposes of getting you
to a completely managed client. It is recommended that you create
bundles for appropriate services due to the way bundle updates are
managed. Please see <a class="reference internal" href="../../unsorted/writing_specification.html#unsorted-writing-specification"><em>Writing Bcfg2 Specification</em></a> for more
details.</p>
</div>
</div>
</div>
<div class="section" id="dynamic-web-reports">
<h2>Dynamic (web) reports<a class="headerlink" href="#dynamic-web-reports" title="Permalink to this headline">¶</a></h2>
<p>See installation instructions at <a class="reference internal" href="../../reports/dynamic.html#reports-dynamic"><em>Bcfg2 Web Reporting System</em></a></p>
</div>
<div class="section" id="next-steps">
<h2>Next Steps<a class="headerlink" href="#next-steps" title="Permalink to this headline">¶</a></h2>
<p><a class="reference internal" href="../../getting_started/index.html#getting-started-index-next-steps"><em>Next Steps</em></a></p>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="../../index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">Quickstart for CentOS</a><ul>
<li><a class="reference internal" href="#install-bcfg2">Install Bcfg2</a><ul>
<li><a class="reference internal" href="#using-epel">Using EPEL</a></li>
</ul>
</li>
<li><a class="reference internal" href="#initialize-your-repository">Initialize your repository</a></li>
<li><a class="reference internal" href="#start-the-server">Start the server</a></li>
<li><a class="reference internal" href="#bring-your-first-machine-under-bcfg2-control">Bring your first machine under Bcfg2 control</a><ul>
<li><a class="reference internal" href="#setup-the-server-plugins-generators-packages-plugin">Setup the <tt class="docutils literal"><span class="pre">server-plugins-generators-packages</span></tt> plugin</a></li>
<li><a class="reference internal" href="#start-managing-packages">Start managing packages</a></li>
<li><a class="reference internal" href="#manage-services">Manage services</a></li>
</ul>
</li>
<li><a class="reference internal" href="#dynamic-web-reports">Dynamic (web) reports</a></li>
<li><a class="reference internal" href="#next-steps">Next Steps</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="bootstrap.html"
title="previous chapter">Bootstrap</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="converging_rhel5.html"
title="next chapter">Converging on Verification with RHEL 5</a></p>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../../_sources/appendix/guides/centos.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="converging_rhel5.html" title="Converging on Verification with RHEL 5"
>next</a> |</li>
<li class="right" >
<a href="bootstrap.html" title="Bootstrap"
>previous</a> |</li>
<li><a href="../../index.html">home</a> | </li>
<!--<li><a href="../../search.html">search</a> | </li>-->
<li><a href="../../help/index.html">help</a> | </li>
<li><a href="../../contents.html">documentation </a> »</li>
<li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li>
<li><a href="../index.html" >Appendix</a> »</li>
<li><a href="../guides.html" >Guides</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2009-2013, Narayan Desai.
Last updated on Mar 20, 2013.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>
distrib
>
Fedora
>
17
>
i386
>
media
>
updates
>
by-pkgid
>
b50d8ee6d7871fcc13c0677a9364ed59
>
files
>
319
