Installing Bcfg2
Pre-requisites
Bcfg2 is written in python using several modules not included
with most distributions. lxml provides convenient xml
handling.
The Bcfg2 server requires a few more packages. It uses either
FAM or Gamin to coherently cache repository files
and update them when they change. It also requires pyOpenSSL to
use SSL functions.
lxml is required for xml parsing. It can be downloaded from
http://www.codespeak.net/lxml. It, in turn, requires libxml2,
libxslt, and pyrex.
The python fam binding can be downloaded from
python-fam.sourceforge.net. FAM (on several linux distributions)
has been depricated in favor of gamin. The Bcfg server will
autodetect which modules are available, and use appropriate file
caching logic. It can be installed by running the setup.py script.
Bcfg2 Software Prerequisites
NameDescriptionURL
lxmlXML
Processing
pyrexC to Python language
interoperability (needed for lxml)
pyOpenSSL
OpenSSL bindings for Python
FamFile Alteration
Monitor
GaminAlternate File Alteration
Monitor
Python-famPython bindings for fam
(not needed with
gamin)
Bcfg2 Initial Setup and Testing
Once the Bcfg2 software is installed, the configuration file
and repository must be created. The example configuration file in
bcfg2/examples/bcfg2.conf can be used, with
minor modifications. This should be placed in
/etc/bcfg2.conf. If it is placed in another
location, each program takes a command line argument to specify
its alternate location.
/etc/bcfg2.conf
[server]
repository = /disks/bcfg2
structures = Bundler,Base
generators = SSHbase,Cfg,Pkgmgr,Svcmgr
This configuration file sets the top level location of the
configuration repository. It also activates two structures, and
four generators. Both structures and generators are instances of
Bcfg2 server plugins. Structures generate abstract configuration
fragments. These form the inventory of the
configuration. Generators provide client-specific literal values
for each configuration entity contained in the abstract
configuration.
Daemon Configuration
Bcfg2 uses XML-RPC over HTTPS for all communications.
All communications occur over this transport. HTTPS provides
data security, while an embedded username and password provide
authentication.
SSL Certificate Generation
SSL is used for channel-level data encryption. The
requisite SSL certificates must be generated on the server
side. The following command will generate a server key:
openssl req -x509 -nodes -days 1000 -newkey rsa:1024 \
-out bcfg2.key -keyout bcfg2.key
This command will generate an SSL key including both an
RSA key and a certificate. This is suitable for use with the
Bcfg2 server. The path to this key should be put in the
bcfg2 configuration file in section communication, setting
key.
Client Communication Setup
The Bcfg2 client must be able to find the server's
location. This is accomplished through the use of the
communication settings in /etc/bcfg2.conf
Several settings must be included in this file: the server
url, a username and a password.
/etc/bcfg2.conf
[communication]
protocol = xmlrpc/ssl
password = pwd
user = root
[components]
bcfg2 = https://bcfg2server:8765