<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Quickstart for CentOS — Bcfg2 1.3.0 documentation</title> <link rel="stylesheet" href="../../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../', VERSION: '1.3.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../../_static/jquery.js"></script> <script type="text/javascript" src="../../_static/underscore.js"></script> <script type="text/javascript" src="../../_static/doctools.js"></script> <script type="text/javascript" src="../../_static/sidebar.js"></script> <link rel="shortcut icon" href="../../_static/favicon.ico"/> <link rel="top" title="Bcfg2 1.3.0 documentation" href="../../index.html" /> <link rel="up" title="Guides" href="../guides.html" /> <link rel="next" title="Converging on Verification with RHEL 5" href="converging_rhel5.html" /> <link rel="prev" title="Bootstrap" href="bootstrap.html" /> <link rel="stylesheet" href="../../_static/bcfg2.css" type=""/> </head> <body> <div style="text-align: left; padding: 10px 10px 15px 15px"> <a href="../../index.html"><img src="../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="converging_rhel5.html" title="Converging on Verification with RHEL 5" accesskey="N">next</a> |</li> <li class="right" > <a href="bootstrap.html" title="Bootstrap" accesskey="P">previous</a> |</li> <li><a href="../../index.html">home</a> | </li> <!--<li><a href="../../search.html">search</a> | </li>--> <li><a href="../../help/index.html">help</a> | </li> <li><a href="../../contents.html">documentation </a> »</li> <li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="../index.html" >Appendix</a> »</li> <li><a href="../guides.html" accesskey="U">Guides</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="quickstart-for-centos"> <span id="appendix-guides-centos"></span><h1>Quickstart for CentOS<a class="headerlink" href="#quickstart-for-centos" title="Permalink to this headline">¶</a></h1> <p>This is a complete getting started guide for CentOS. With this document you should be able to install a Bcfg2 server and a Bcfg2 client.</p> <div class="section" id="install-bcfg2"> <h2>Install Bcfg2<a class="headerlink" href="#install-bcfg2" title="Permalink to this headline">¶</a></h2> <p>The fastest way to get Bcfg2 onto your system is to use Yum or your preferred package management tool. We’ll be using the ones that are distributed through <a class="reference external" href="http://fedoraproject.org/wiki/EPEL">EPEL</a>, but depending on your aversion to risk you could download an RPM from other places as well. See <a class="reference internal" href="using-bcfg2-with-centos.html#getting-started-using-bcfg2-with-centos"><em>Using Bcfg2 With CentOS</em></a> for information about building Bcfg2 from source and making your own packages.</p> <div class="section" id="using-epel"> <h3>Using EPEL<a class="headerlink" href="#using-epel" title="Permalink to this headline">¶</a></h3> <p>Make sure <a class="reference external" href="http://fedoraproject.org/wiki/EPEL">EPEL</a> is a valid repository on your server. The <a class="reference external" href="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse">instructions</a> on how to do this basically say:</p> <div class="highlight-python"><pre>[root@centos ~]# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm</pre> </div> <div class="admonition note"> <p class="first admonition-title">Note</p> <p class="last">You will have to adjust this command to match your architecture and the current EPEL release.</p> </div> <p>Install the bcfg2-server and bcfg2 RPMs:</p> <div class="highlight-python"><pre>[root@centos ~]# yum install bcfg2-server bcfg2</pre> </div> <p>Your system should now have the necessary software to use Bcfg2. The next step is to set up your Bcfg2 <a class="reference internal" href="../../glossary.html#term-repository"><em class="xref std std-term">repository</em></a>.</p> </div> </div> <div class="section" id="initialize-your-repository"> <h2>Initialize your repository<a class="headerlink" href="#initialize-your-repository" title="Permalink to this headline">¶</a></h2> <p>Now that you’re done with the install, you need to initialize your repository and setup your <tt class="docutils literal"><span class="pre">/etc/bcfg2.conf</span></tt>. <tt class="docutils literal"><span class="pre">bcfg2-admin</span> <span class="pre">init</span></tt> is a tool which allows you to automate this:</p> <div class="highlight-python"><pre>[root@centos ~]# bcfg2-admin init Store bcfg2 configuration in [/etc/bcfg2.conf]: Location of bcfg2 repository [/var/lib/bcfg2]: Input password used for communication verification (without echoing; leave blank for a random): What is the server's hostname: [centos] Input the server location [https://centos:6789]: Input base Operating System for clients: 1: Redhat/Fedora/RHEL/RHAS/Centos 2: SUSE/SLES 3: Mandrake 4: Debian 5: Ubuntu 6: Gentoo 7: FreeBSD : 1 Generating a 2048 bit RSA private key .........................+++ ..................+++ writing new private key to '/etc/bcfg2.key' ----- Signature ok subject=/C=US=ST=Illinois/L=Argonne/CN=centos Getting Private key Repository created successfuly in /var/lib/bcfg2</pre> </div> <p>Change responses as necessary.</p> </div> <div class="section" id="start-the-server"> <h2>Start the server<a class="headerlink" href="#start-the-server" title="Permalink to this headline">¶</a></h2> <p>You are now ready to start your bcfg2 server for the first time:</p> <div class="highlight-python"><pre>[root@centos ~]# /sbin/service bcfg2-server start</pre> </div> <p>To verify that everything started ok, look for the running daemon and check the logs:</p> <div class="highlight-python"><pre>[root@centos ~]# /etc/init.d/service bcfg2-server status [root@centos ~]# tail /var/log/messages Mar 29 12:42:26 centos bcfg2-server[5093]: service available at https://centos:6789 Mar 29 12:42:26 centos bcfg2-server[5093]: serving bcfg2-server at https://centos:6789 Mar 29 12:42:26 centos bcfg2-server[5093]: serve_forever() [start] Mar 29 12:42:41 centos bcfg2-server[5093]: Handled 16 events in 0.007s</pre> </div> <p>Run bcfg2 to be sure you are able to communicate with the server:</p> <div class="highlight-python"><pre>[root@centos ~]# bcfg2 -vqn No ca is specified. Cannot authenticate the server with SSL. No ca is specified. Cannot authenticate the server with SSL. Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding Packages in global exclude list Finished Loaded tool drivers: Action Chkconfig POSIX YUMng Phase: initial Correct entries: 0 Incorrect entries: 0 Total managed entries: 0 Unmanaged entries: 208 Phase: final Correct entries: 0 Incorrect entries: 0 Total managed entries: 0 Unmanaged entries: 208 No ca is specified. Cannot authenticate the server with SSL.</pre> </div> <p>The ca message is just a warning, meaning that the client does not have sufficient information to verify that it is talking to the correct server. This can be fixed by distributing the ca certificate from the server to all clients. By default, this file is available in <tt class="docutils literal"><span class="pre">/etc/bcfg2.crt</span></tt> on the server. Copy this file to the client (with a bundle) and add the ca option to <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt> pointing at the file, and the client will be able to verify it is talking to the correct server upon connection:</p> <div class="highlight-python"><pre>[root@centos ~]# cat /etc/bcfg2.conf [communication] protocol = xmlrpc/ssl password = N41lMNeW ca = /etc/bcfg2.crt [components] bcfg2 = https://centos:6789</pre> </div> <p>Now if you run the client, no more warning:</p> <div class="highlight-python"><pre>[root@centos ~]# bcfg2 -vqn Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding Packages in global exclude list Finished Loaded tool drivers: Action Chkconfig POSIX YUMng Phase: initial Correct entries: 0 Incorrect entries: 0 Total managed entries: 0 Unmanaged entries: 208 Phase: final Correct entries: 0 Incorrect entries: 0 Total managed entries: 0 Unmanaged entries: 208</pre> </div> </div> <div class="section" id="bring-your-first-machine-under-bcfg2-control"> <h2>Bring your first machine under Bcfg2 control<a class="headerlink" href="#bring-your-first-machine-under-bcfg2-control" title="Permalink to this headline">¶</a></h2> <p>Now it is time to get your first machine’s configuration into your Bcfg2 <a class="reference internal" href="../../glossary.html#term-repository"><em class="xref std std-term">repository</em></a>. Let’s start with the server itself.</p> <div class="section" id="setup-the-server-plugins-generators-packages-plugin"> <h3>Setup the <a class="reference internal" href="../../server/plugins/generators/packages.html#server-plugins-generators-packages"><em>Packages</em></a> plugin<a class="headerlink" href="#setup-the-server-plugins-generators-packages-plugin" title="Permalink to this headline">¶</a></h3> <p>First, replace <strong>Pkgmgr</strong> with <strong>Packages</strong> in the plugins line of <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt>. Then create Packages layout (as per <a class="reference internal" href="../../server/plugins/generators/packages.html#packages-exampleusage"><em>Example usage</em></a>) in <tt class="docutils literal"><span class="pre">/var/lib/bcfg2</span></tt></p> <div class="admonition note"> <p class="first admonition-title">Note</p> <p class="last">I am using the RawURL syntax here since we are using <a class="reference external" href="http://dag.wieers.com/home-made/mrepo/">mrepo</a> to manage our yum mirrors.</p> </div> <div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Sources></span> <span class="c"><!-- CentOS (5.4) sources --></span> <span class="nt"><YUMSource></span> <span class="nt"><Group></span>centos-5.4<span class="nt"></Group></span> <span class="nt"><RawURL></span>http://mrepo/centos5-x86_64/RPMS.os<span class="nt"></RawURL></span> <span class="nt"><Arch></span>x86_64<span class="nt"></Arch></span> <span class="nt"></YUMSource></span> <span class="nt"><YUMSource></span> <span class="nt"><Group></span>centos-5.4<span class="nt"></Group></span> <span class="nt"><RawURL></span>http://mrepo/centos5-x86_64/RPMS.updates<span class="nt"></RawURL></span> <span class="nt"><Arch></span>x86_64<span class="nt"></Arch></span> <span class="nt"></YUMSource></span> <span class="nt"><YUMSource></span> <span class="nt"><Group></span>centos-5.4<span class="nt"></Group></span> <span class="nt"><RawURL></span>http://mrepo/centos5-x86_64/RPMS.extras<span class="nt"></RawURL></span> <span class="nt"><Arch></span>x86_64<span class="nt"></Arch></span> <span class="nt"></YUMSource></span> <span class="nt"></Sources></span> </pre></div> </div> <p>Due to the <a class="reference internal" href="../../server/plugins/generators/packages.html#server-plugins-generators-packages-magic-groups"><em>“Magic Groups”</em></a>, we need to modify our Metadata. Let’s add a <strong>centos5.4</strong> group which inherits a <strong>centos</strong> group (this should replace the existing <strong>redhat</strong> group) present in <tt class="docutils literal"><span class="pre">/var/lib/bcfg2/Metadata/groups.xml</span></tt>. The resulting file should look something like this</p> <div class="admonition note"> <p class="first admonition-title">Note</p> <p class="last">The reason we are creating a release-specific group in this case is that the YUMSource above is specific to the 5.4 release of centos. That is, it should not apply to other releases (5.1, 5.3, etc).</p> </div> <div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Groups</span> <span class="na">version=</span><span class="s">'3.0'</span><span class="nt">></span> <span class="nt"><Group</span> <span class="na">profile=</span><span class="s">'true'</span> <span class="na">public=</span><span class="s">'true'</span> <span class="na">default=</span><span class="s">'true'</span> <span class="na">name=</span><span class="s">'basic'</span><span class="nt">></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos-5.4'</span><span class="nt">/></span> <span class="nt"></Group></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos-5.4'</span><span class="nt">></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos'</span><span class="nt">/></span> <span class="nt"></Group></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'ubuntu'</span><span class="nt">/></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'debian'</span><span class="nt">/></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'freebsd'</span><span class="nt">/></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'gentoo'</span><span class="nt">/></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos'</span><span class="nt">/></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'suse'</span><span class="nt">/></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'mandrake'</span><span class="nt">/></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'solaris'</span><span class="nt">/></span> <span class="nt"></Groups></span> </pre></div> </div> <div class="admonition note"> <p class="first admonition-title">Note</p> <p class="last">When editing your xml files by hand, it is useful to occasionally run <cite>bcfg2-lint</cite> to ensure that your xml validates properly.</p> </div> <p>The final thing we need is for the client to have the proper arch group membership. For this, we will make use of the <a class="reference internal" href="../../unsorted/dynamic_groups.html#unsorted-dynamic-groups"><em>Dynamic Groups</em></a> capabilities of the Probes plugin. Add Probes to your plugins line in <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt> and create the Probe.:</p> <div class="highlight-python"><pre>[root@centos ~]# grep plugins /etc/bcfg2.conf plugins = Base,Bundler,Cfg,...,Probes [root@centos ~]# mkdir /var/lib/bcfg2/Probes [root@centos ~]# cat /var/lib/bcfg2/Probes/groups #!/bin/sh echo "group:`uname -m`"</pre> </div> <p>Now we restart the bcfg2-server:</p> <div class="highlight-python"><pre>[root@centos ~]# /etc/init.d/bcfg2-server restart</pre> </div> <p>If you now <tt class="docutils literal"><span class="pre">tail</span> <span class="pre">-f</span> <span class="pre">/var/log/messages</span></tt>, you will see the Packages plugin in action, updating the cache.</p> </div> <div class="section" id="start-managing-packages"> <h3>Start managing packages<a class="headerlink" href="#start-managing-packages" title="Permalink to this headline">¶</a></h3> <p>Add a base-packages bundle. Let’s see what happens when we just populate it with the <em>yum</em> package.</p> <div class="highlight-xml"><div class="highlight"><pre>[root@centos ~]# cat /var/lib/bcfg2/Bundler/base-packages.xml <span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'yum'</span><span class="nt">/></span> <span class="nt"></Bundle></span> </pre></div> </div> <p>You need to reference the bundle from your Metadata. The resulting profile group might look something like this</p> <div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Group</span> <span class="na">profile=</span><span class="s">'true'</span> <span class="na">public=</span><span class="s">'true'</span> <span class="na">default=</span><span class="s">'true'</span> <span class="na">name=</span><span class="s">'basic'</span><span class="nt">></span> <span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">/></span> <span class="nt"><Group</span> <span class="na">name=</span><span class="s">'centos5.4'</span><span class="nt">/></span> <span class="nt"></Group></span> </pre></div> </div> <p>Now if we run the client, we can see what this has done for us.:</p> <div class="highlight-python"><pre>[root@centos ~]# bcfg2 -vqn Running probe groups Probe groups has result: x86_64 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding Packages in global exclude list Finished Loaded tool drivers: Action Chkconfig POSIX YUMng Package pam failed verification. Phase: initial Correct entries: 94 Incorrect entries: 1 Total managed entries: 95 Unmanaged entries: 113 In dryrun mode: suppressing entry installation for: Package:pam Phase: final Correct entries: 94 Incorrect entries: 1 Package:pam Total managed entries: 95 Unmanaged entries: 113</pre> </div> <p>Interesting, our <strong>pam</strong> package failed verification. What does this mean? Let’s have a look:</p> <div class="highlight-python"><pre>[root@centos ~]# rpm --verify pam ....L... c /etc/pam.d/system-auth</pre> </div> <p>Sigh, it looks like the default RPM install for pam fails to verify using its own verification process (trust me, it’s not the only one). At any rate, I was able to get rid of this particular issue by removing the symlink and running <tt class="docutils literal"><span class="pre">yum</span> <span class="pre">reinstall</span> <span class="pre">pam</span></tt>.</p> <p>As you can see, the Packages plugin has generated the dependencies required for the yum package automatically. The ultimate goal should be to move all the packages from the <strong>Unmanaged</strong> entries section to the <strong>Managed</strong> entries section. So, what exactly <em>are</em> those Unmanaged entries?:</p> <div class="highlight-python"><pre>[root@centos ~]# bcfg2 -veqn Running probe groups Probe groups has result: x86_64 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding Packages in global exclude list Finished Loaded tool drivers: Action Chkconfig POSIX YUMng Extra Package openssh-clients 4.3p2-36.el5_4.4.x86_64. Extra Package libuser 0.54.7-2.1el5_4.1.x86_64. ... Phase: initial Correct entries: 95 Incorrect entries: 0 Total managed entries: 95 Unmanaged entries: 113 Phase: final Correct entries: 95 Incorrect entries: 0 Total managed entries: 95 Unmanaged entries: 113 Package:at Package:avahi Package:avahi-compat-libdns_sd ...</pre> </div> <p>Now you can go through these and continue adding the packages you want to your Bundle. After a while, I ended up with a minimal bundle that looks like this</p> <div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'exim'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'grub'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'kernel'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'krb5-workstation'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'m2crypto'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-clients'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-server'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'prelink'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'redhat-lsb'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rpm-build'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rsync'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'sysklogd'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'vim-enhanced'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'yum'</span><span class="nt">/></span> <span class="nt"></Bundle></span> </pre></div> </div> <p>Now when I run the client, you can see I have only one unmanaged package:</p> <div class="highlight-python"><pre>[root@centos ~]# bcfg2 -veqn Running probe groups Probe groups has result: x86_64 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding Packages in global exclude list Finished Loaded tool drivers: Action Chkconfig POSIX YUMng Extra Package gpg-pubkey e8562897-459f07a4.None. Extra Package gpg-pubkey 217521f6-45e8a532.None. Phase: initial Correct entries: 187 Incorrect entries: 0 Total managed entries: 187 Unmanaged entries: 16 Phase: final Correct entries: 187 Incorrect entries: 0 Total managed entries: 187 Unmanaged entries: 16 Package:gpg-pubkey Service:atd Service:avahi-daemon Service:bcfg2-server ...</pre> </div> <p>The gpg-pubkey packages are special in that they are not really packages. Currently, the way to manage them is using <a class="reference internal" href="../../server/configurationentries.html#boundentries"><em>BoundEntries</em></a>. So, after adding them, our Bundle now looks like this</p> <div class="admonition note"> <p class="first admonition-title">Note</p> <p class="last">This does not actually control the contents of the files, you will need to do this part separately (see below).</p> </div> <div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">></span> <span class="nt"><BoundPackage</span> <span class="na">name=</span><span class="s">"gpg-pubkey"</span> <span class="na">type=</span><span class="s">"rpm"</span> <span class="na">version=</span><span class="s">"foo"</span><span class="nt">></span> <span class="nt"><Instance</span> <span class="na">simplefile=</span><span class="s">"/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5"</span> <span class="na">version=</span><span class="s">"e8562897"</span> <span class="na">release=</span><span class="s">"459f07a4"</span><span class="nt">/></span> <span class="nt"><Instance</span> <span class="na">simplefile=</span><span class="s">"/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL"</span> <span class="na">version=</span><span class="s">"217521f6"</span> <span class="na">release=</span><span class="s">"45e8a532"</span><span class="nt">/></span> <span class="nt"></BoundPackage></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'exim'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'grub'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'kernel'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'krb5-workstation'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'m2crypto'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-clients'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-server'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'prelink'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'redhat-lsb'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rpm-build'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rsync'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'sysklogd'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'vim-enhanced'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'yum'</span><span class="nt">/></span> <span class="nt"></Bundle></span> </pre></div> </div> <div class="admonition note"> <p class="first admonition-title">Note</p> <p class="last">version=”foo” is just a dummy attribute for the gpg-pubkey Package</p> </div> <p>To actually push the gpg keys out via Bcfg2, you will need to manage the files as well. This can be done by adding Path entries for each of the gpg keys you want to manage</p> <div class="highlight-xml"><div class="highlight"><pre><span class="nt"><Bundle</span> <span class="na">name=</span><span class="s">'base-packages'</span><span class="nt">></span> <span class="nt"><Path</span> <span class="na">name=</span><span class="s">'/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5'</span><span class="nt">/></span> <span class="nt"><Path</span> <span class="na">name=</span><span class="s">'/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL'</span><span class="nt">/></span> <span class="nt"><BoundPackage</span> <span class="na">name=</span><span class="s">"gpg-pubkey"</span> <span class="na">type=</span><span class="s">"rpm"</span> <span class="na">version=</span><span class="s">"foo"</span><span class="nt">></span> <span class="nt"><Instance</span> <span class="na">simplefile=</span><span class="s">"/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5"</span> <span class="na">version=</span><span class="s">"e8562897"</span> <span class="na">release=</span><span class="s">"459f07a4"</span><span class="nt">/></span> <span class="nt"><Instance</span> <span class="na">simplefile=</span><span class="s">"/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL"</span> <span class="na">version=</span><span class="s">"217521f6"</span> <span class="na">release=</span><span class="s">"45e8a532"</span><span class="nt">/></span> <span class="nt"></BoundPackage></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'exim'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'grub'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'kernel'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'krb5-workstation'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'m2crypto'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-clients'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'openssh-server'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'prelink'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'redhat-lsb'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rpm-build'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'rsync'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'sysklogd'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'vim-enhanced'</span><span class="nt">/></span> <span class="nt"><Package</span> <span class="na">name=</span><span class="s">'yum'</span><span class="nt">/></span> <span class="nt"></Bundle></span> </pre></div> </div> <p>Then add the files to Cfg:</p> <div class="highlight-python"><pre>mkdir -p Cfg/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 cp /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 !$/RPM-GPG-KEY-CentOS-5 mkdir -p Cfg/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL cp /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL !$/RPM-GPG-KEY-EPEL</pre> </div> <p>You will also want to add an <em>important</em> attribute to these files so that they are installed on the client prior to any attempts to install the <strong>gpg-pubkey</strong> rpm packages. This is especially important during the bootstrapping phase and can be accomplished using an <a class="reference internal" href="../../server/info.html#server-info"><em>info.xml</em></a> file that looks like the following:</p> <div class="highlight-xml"><div class="highlight"><pre><span class="nt"><FileInfo></span> <span class="nt"><Info</span> <span class="na">owner=</span><span class="s">'root'</span> <span class="na">group=</span><span class="s">'root'</span> <span class="na">mode=</span><span class="s">'0644'</span> <span class="na">important=</span><span class="s">'true'</span><span class="nt">/></span> <span class="nt"></FileInfo></span> </pre></div> </div> <p>Now, running the client shows only unmanaged Service entries. Woohoo!</p> </div> <div class="section" id="manage-services"> <h3>Manage services<a class="headerlink" href="#manage-services" title="Permalink to this headline">¶</a></h3> <p>Now let’s clear up the unmanaged service entries by adding the following entries to our bundle.</p> <div class="highlight-xml"><div class="highlight"><pre><span class="c"><!-- basic services --></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'atd'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'avahi-daemon'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'crond'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'cups'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'gpm'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'lvm2-monitor'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'mcstrans'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'messagebus'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'netfs'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'network'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'postfix'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'rawdevices'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'sshd'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">name=</span><span class="s">'syslog'</span><span class="nt">/></span> </pre></div> </div> <p>...and bind them in Rules</p> <div class="highlight-xml"><div class="highlight"><pre>[root@centos ~]# cat /var/lib/bcfg2/Rules/services.xml <span class="nt"><Rules</span> <span class="na">priority=</span><span class="s">'1'</span><span class="nt">></span> <span class="c"><!-- basic services --></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'atd'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'avahi-daemon'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'bcfg2-server'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'crond'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'cups'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'gpm'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'lvm2-monitor'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'mcstrans'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'messagebus'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'netfs'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'network'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'postfix'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'rawdevices'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'sshd'</span><span class="nt">/></span> <span class="nt"><Service</span> <span class="na">type=</span><span class="s">'chkconfig'</span> <span class="na">status=</span><span class="s">'on'</span> <span class="na">name=</span><span class="s">'syslog'</span><span class="nt">/></span> <span class="nt"></Rules></span> </pre></div> </div> <p>Now we run the client and see there are no more unmanaged entries!:</p> <div class="highlight-python"><pre>[root@centos ~]# bcfg2 -veqn Running probe groups Probe groups has result: x86_64 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding Packages in global exclude list Finished Loaded tool drivers: Action Chkconfig POSIX YUMng Phase: initial Correct entries: 205 Incorrect entries: 0 Total managed entries: 205 Unmanaged entries: 0 Phase: final Correct entries: 205 Incorrect entries: 0 Total managed entries: 205 Unmanaged entries: 0</pre> </div> <div class="admonition warning"> <p class="first admonition-title">Warning</p> <p class="last">This basic bundle is created mainly for the purposes of getting you to a completely managed client. It is recommended that you create bundles for appropriate services due to the way bundle updates are managed. Please see <a class="reference internal" href="../../unsorted/writing_specification.html#unsorted-writing-specification"><em>Writing Bcfg2 Specification</em></a> for more details.</p> </div> </div> </div> <div class="section" id="dynamic-web-reports"> <h2>Dynamic (web) reports<a class="headerlink" href="#dynamic-web-reports" title="Permalink to this headline">¶</a></h2> <p>See installation instructions at <a class="reference internal" href="../../reports/dynamic.html#reports-dynamic"><em>Bcfg2 Web Reporting System</em></a></p> </div> <div class="section" id="next-steps"> <h2>Next Steps<a class="headerlink" href="#next-steps" title="Permalink to this headline">¶</a></h2> <p><a class="reference internal" href="../../getting_started/index.html#getting-started-index-next-steps"><em>Next Steps</em></a></p> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="../../index.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">Quickstart for CentOS</a><ul> <li><a class="reference internal" href="#install-bcfg2">Install Bcfg2</a><ul> <li><a class="reference internal" href="#using-epel">Using EPEL</a></li> </ul> </li> <li><a class="reference internal" href="#initialize-your-repository">Initialize your repository</a></li> <li><a class="reference internal" href="#start-the-server">Start the server</a></li> <li><a class="reference internal" href="#bring-your-first-machine-under-bcfg2-control">Bring your first machine under Bcfg2 control</a><ul> <li><a class="reference internal" href="#setup-the-server-plugins-generators-packages-plugin">Setup the <tt class="docutils literal"><span class="pre">server-plugins-generators-packages</span></tt> plugin</a></li> <li><a class="reference internal" href="#start-managing-packages">Start managing packages</a></li> <li><a class="reference internal" href="#manage-services">Manage services</a></li> </ul> </li> <li><a class="reference internal" href="#dynamic-web-reports">Dynamic (web) reports</a></li> <li><a class="reference internal" href="#next-steps">Next Steps</a></li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="bootstrap.html" title="previous chapter">Bootstrap</a></p> <h4>Next topic</h4> <p class="topless"><a href="converging_rhel5.html" title="next chapter">Converging on Verification with RHEL 5</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="../../_sources/appendix/guides/centos.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="converging_rhel5.html" title="Converging on Verification with RHEL 5" >next</a> |</li> <li class="right" > <a href="bootstrap.html" title="Bootstrap" >previous</a> |</li> <li><a href="../../index.html">home</a> | </li> <!--<li><a href="../../search.html">search</a> | </li>--> <li><a href="../../help/index.html">help</a> | </li> <li><a href="../../contents.html">documentation </a> »</li> <li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="../index.html" >Appendix</a> »</li> <li><a href="../guides.html" >Guides</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009-2013, Narayan Desai. Last updated on Mar 20, 2013. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>