diff options
author | Sol Jerome <solj@ices.utexas.edu> | 2010-03-26 15:29:32 -0500 |
---|---|---|
committer | Sol Jerome <solj@ices.utexas.edu> | 2010-03-26 15:29:32 -0500 |
commit | 0431e9fcd2fa3c6c40a7de9821f388bec3557364 (patch) | |
tree | 7215a4f66ae8152b80ef60844034ae163c2774df /doc | |
parent | b83d5c4bec70d53a85a6897d2d2271ea58c3cf20 (diff) | |
download | bcfg2-0431e9fcd2fa3c6c40a7de9821f388bec3557364.tar.gz bcfg2-0431e9fcd2fa3c6c40a7de9821f388bec3557364.tar.bz2 bcfg2-0431e9fcd2fa3c6c40a7de9821f388bec3557364.zip |
doc: Add information about unmanaged host public ssh keys
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/client/modes.txt | 2 | ||||
-rw-r--r-- | doc/server/configurationentries.txt | 2 | ||||
-rw-r--r-- | doc/server/plugins/generators/rules.txt | 2 | ||||
-rw-r--r-- | doc/server/plugins/generators/sshbase.txt | 23 | ||||
-rw-r--r-- | doc/server/plugins/generators/tcheetah.txt | 27 | ||||
-rw-r--r-- | doc/server/plugins/generators/tgenshi/clientsxml.txt | 18 | ||||
-rw-r--r-- | doc/server/plugins/generators/tgenshi/test.txt | 12 |
7 files changed, 58 insertions, 28 deletions
diff --git a/doc/client/modes.txt b/doc/client/modes.txt index f2f2b175e..f3f48ca38 100644 --- a/doc/client/modes.txt +++ b/doc/client/modes.txt @@ -59,7 +59,7 @@ will also keep the five most recent backups of files. Overall client service mode =========================== -`New in version 1.0.0` +.. versionadded:: 1.0.0 Overall client service mode. Specified on the client using ``-s <service mode``. diff --git a/doc/server/configurationentries.txt b/doc/server/configurationentries.txt index fd278e188..b07f8de2a 100644 --- a/doc/server/configurationentries.txt +++ b/doc/server/configurationentries.txt @@ -34,7 +34,7 @@ Non-POSIX entries POSIX entries ============= -`New in 1.0` +.. versionadded:: 1.0.0 The unified POSIX Path entries prevent inconsistent configuration specifications of multiple entries for a given path. The following table diff --git a/doc/server/plugins/generators/rules.txt b/doc/server/plugins/generators/rules.txt index 3c546dac0..fb2b07cc4 100644 --- a/doc/server/plugins/generators/rules.txt +++ b/doc/server/plugins/generators/rules.txt @@ -144,7 +144,7 @@ Service Tag Service mode descriptions ^^^^^^^^^^^^^^^^^^^^^^^^^ -`New in version 1.0.0` +.. versionadded:: 1.0.0 * manual diff --git a/doc/server/plugins/generators/sshbase.txt b/doc/server/plugins/generators/sshbase.txt index 3e4454fb8..ec378956d 100644 --- a/doc/server/plugins/generators/sshbase.txt +++ b/doc/server/plugins/generators/sshbase.txt @@ -59,6 +59,29 @@ At this point, SSHbase will generate new keys for any client without a recorded key in the repository, and will generate an ssh_known_hosts file appropriately. +Adding public keys for unmanaged hosts +====================================== + +If you have some hosts which are not managed by Bcfg2, but you would +still like to have their public ssh keys available in +``ssh_known_hosts``, you can add their public keys to the ``SSHbase`` +directory with a *.static* ending. + +Example: + +``a.static``:: + + TEST1 + +``b.static``:: + + TEST2 + +The generated ``ssh_known_hosts`` file:: + + TEST1 + TEST2 + Blog post ========= diff --git a/doc/server/plugins/generators/tcheetah.txt b/doc/server/plugins/generators/tcheetah.txt index e985816c9..e5d8de9b5 100644 --- a/doc/server/plugins/generators/tcheetah.txt +++ b/doc/server/plugins/generators/tcheetah.txt @@ -55,11 +55,11 @@ ClientMetadata of file `Bcfg2/Server/Plugins/Metadata.py self.properties =============== -properties is a python `ElementTree <http://codespeak.net/lxml/>`_ -object, loaded from the data in ``/var/lib/bcfg2/etc/properties.xml``. -That file should have a ``Properties`` node at its root. +Properties is a python `ElementTree <http://codespeak.net/lxml/>`_ +object, loaded from the data in ``/var/lib/bcfg2/Properties/<properties +file>.xml``. That file should have a ``Properties`` node at its root. -Example ``properties.xml``: +Example ``Properties/example.xml``: .. code-block:: xml @@ -75,13 +75,13 @@ You may use any of the ElementTree methods to access data in your template. Several examples follow, each producing an identical result on the host 'www.example.com':: - $self.properties.find('host').find('www.example.com').find('rootdev').text - $self.properties.find('host').find($self.metadata.hostname).find('rootdev').text - ${self.properties.xpath('host/www.example.com/rootdev')[0].text} - ${self.properties.xpath('host/' + self.metadata.hostname + '/rootdev')[0].text} + $self.Properties['example.xml'].find('host').find('www.example.com').find('rootdev').text + $self.Properties['example.xml'].find('host').find($self.metadata.hostname).find('rootdev').text + ${self.Properties['example.xml'].xpath('host/www.example.com/rootdev')[0].text} + ${self.Properties['example.xml'].xpath('host/' + self.metadata.hostname + '/rootdev')[0].text} #set $path = 'host/' + $self.metadata.hostname + '/rootdev' - ${self.properties.xpath($path)[0].text} - ${self.properties.xpath(path)[0].text} + ${self.Properties['example.xml'].xpath($path)[0].text} + ${self.Properties['example.xml'].xpath(path)[0].text} Simple Example ============== @@ -169,7 +169,12 @@ consistent, randomized time between midnight and 7am.:: 52 6 1 * * root test -x /usr/sbin/anacron || run-parts --report /etc/cron.monthly. .. note:: Comments and Cheetah - As Cheetah processes your templates it will consider hash "#" style comments to be actual comments in the template and will strip them from the final config file. If you would like to preserve the comment in the final config file you need to escape the hash character '\#' which will tell Cheetah (and Python) that you do in fact want the comment to appear in the final config file.:: + As Cheetah processes your templates it will consider hash "#" style + comments to be actual comments in the template and will strip them + from the final config file. If you would like to preserve the comment + in the final config file you need to escape the hash character '\#' + which will tell Cheetah (and Python) that you do in fact want the + comment to appear in the final config file.:: # This is a comment in my template which will be stripped when it's processed through Cheetah \# This comment will appear in the generated config file. diff --git a/doc/server/plugins/generators/tgenshi/clientsxml.txt b/doc/server/plugins/generators/tgenshi/clientsxml.txt index 3d5553570..10be3232c 100644 --- a/doc/server/plugins/generators/tgenshi/clientsxml.txt +++ b/doc/server/plugins/generators/tgenshi/clientsxml.txt @@ -12,17 +12,17 @@ Here is an example of maintaining the bcfg2 server's There are two main advantages: -#. Password storage is centralized in the ``etc/properties.xml`` file - this helps maintain consistency, makes changing passwords easier, - and also makes it easier to share your configurations with other - sites/people. +#. Password storage is centralized in the ``Properties/passwords.xml`` + file this helps maintain consistency, makes changing passwords + easier, and also makes it easier to share your configurations with + other sites/people. #. You can template the file using Genshi's `{% def %}` syntax, which makes `clients.xml` much more readable. An important thing to note is how the `name` variable is handled - when just referring to it the standard `${name}` syntax is used, but when it is used as a variable in the expression to get the password, - `password="${properties.properties.find('password').find('bcfg2-client').find(name).text}"`, + `password="${metadata.Properties['passwords.xml'].find('password').find('bcfg2-client').find(name).text}"`, it is just referred to as `name`. There is the disadvantage that sometimes 2 passes will be needed to get @@ -38,7 +38,7 @@ Possible improvements: #. We really don't care what the client passwords are, just that they exist, so instead of listing them a master password combined with some kind of one-way hash based on the `name` might make more sense, - and make `properties.xml` easier to maintain. + and make ``Properties/passwords.xml`` easier to maintain. * TGenshi/var/lib/bcfg2/Metadata/clients.xml/template.newtxt: @@ -53,7 +53,7 @@ Possible improvements: profile="${profile}" name="${name}" uuid="${name}" - password="${properties.properties.find('password').find('bcfg2-client').find(name).text}" + password="${metadata.Properties['passwords.xml'].find('password').find('bcfg2-client').find(name).text}" address="${address}" location="fixed" secure="true" @@ -64,7 +64,7 @@ Possible improvements: profile="${profile}" name="${name}" uuid="${name}" - password="${properties.properties.find('password').find('bcfg2-client').find(name).text}" + password="${metadata.Properties['passwords.xml'].find('password').find('bcfg2-client').find(name).text}" location="floating" secure="true" />\ @@ -77,7 +77,7 @@ Possible improvements: ${dynamic('group-person-somename','somename.office.example.com')} </Clients> - * etc/properties.xml snippit: + * Properties/passwords.xml snippit: .. code-block:: xml diff --git a/doc/server/plugins/generators/tgenshi/test.txt b/doc/server/plugins/generators/tgenshi/test.txt index 5dd5efae8..a4f33bb14 100644 --- a/doc/server/plugins/generators/tgenshi/test.txt +++ b/doc/server/plugins/generators/tgenshi/test.txt @@ -5,10 +5,12 @@ test ==== +FIXME: This example needs to be retested with new Properties plugin. + As submitted by dclark This file just shows you what's available. It assumes a -``/var/lib/bcfg2/etc/properties.xml`` file with an entry like this: +``/var/lib/bcfg2/Properties/test.xml`` file with an entry like this: .. code-block:: xml @@ -35,16 +37,16 @@ This file just shows you what's available. It assumes a {% end %}\ {% end %}\ - {% if metadata.probes %}\ + {% if metadata.Probes %}\ Probes: - {% for probe, value in metadata.probes.iteritems() %}\ + {% for probe, value in metadata.Probes.iteritems() %}\ $probe $value {% end %}\ {% end %}\ Two main ways to get the same property value: - ${properties.properties.find('password').find('bcfg2').text} - ${properties.properties.xpath('password/bcfg2')[0].text} + ${metadata.Properties['test.xml'].find('password').find('bcfg2').text} + ${metadata.Properties['test.xml'].xpath('password/bcfg2')[0].text} One way to get information about metadata and properties: |