Installing Bcfg2
Pre-requisites
Bcfg2 is written in python using several modules not included
with most distributions. Element Tree, available from
http://www.effbot.org provides convenient XML handling.
The Bcfg2 server requires a few more packages. It uses either
FAM or Gamin to coherently cache repository files
and update them when they change. It also requires m2crypto to
use SSL functions.
ElementTree can be downloaded from
http://www.effbot.org/downloads. It can be installed by running
the setup script against the python installation.
$ python setup.py build
running build
running build_py
creating build
creating build/lib
creating build/lib/elementtree
copying elementtree/ElementInclude.py -> build/lib/elementtree
copying elementtree/ElementPath.py -> build/lib/elementtree
copying elementtree/ElementTree.py -> build/lib/elementtree
copying elementtree/HTMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/SgmlopXMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/SimpleXMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/SimpleXMLWriter.py -> build/lib/elementtree
copying elementtree/TidyHTMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/TidyTools.py -> build/lib/elementtree
copying elementtree/XMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/__init__.py -> build/lib/elementtree
$ python setup.py install
...
The python fam binding can be downloaded from
python-fam.sourceforge.net. FAM (on several linux distributions)
has been depricated in favor of gamin. The Bcfg server will
autodetect which modules are available, and use appropriate file
caching logic.
Bcfg2 Installation
Bcfg2 Initial Setup and Testing
Once the Bcfg2 software is installed, the configuration file
and repository must be created. The example configuration file in
bcfg2/examples/bcfg2.conf can be used, with
minor modifications.
bcfg2.conf
[server]
repository = /disks/bcfg2
structures = Bundler,Base
generators = SSHbase,Cfg,Pkgmgr,Svcmgr
metadata = /disks/bcfg2/etc
This configuration file sets the location of the
configuration repository. It also activates two structures, and
four generators. Structures are components that generate
abstract configuration fragments. These are the form of the
configuration. Generators provide client-specific values for
each configuration settings contained in all abstract
configuration fragments. Both of these are described in Section
???.
Daemon Configuration
Bcfg2 uses SSSlib, the
communication libraries from the Scalable Systems Software project
for communication abstraction. This library provides a unified
messaging interface on top of several wire protocols with
different authentication and encryption mechanisms. The default
protocol is "challenge" which is a challenge response protocol
with no data encryption. (SSL protection will be configured
later). SSSlib also includes service location functionality;
this allows software to locate components by name, regardless of
their respective network locations. This function is provided
with both static and dynamic implementations. Static component
location setup will be sufficient for most Bcfg2 deployments.
Static component lookups depend on the file
/etc/sss.conf. This file contains
information about static service locations. This file must be
the same on the server and all clients for communication to work
properly. A location definition for the bcfg2 component will
allow all clients to find and connect to it.
/etc/sss.conf
]]>
This allows SSSlib to locate the bcfg2 component on the
machine bcfgserver, port 8052, with the wire protocol "challenge".
New-Style XML-RPC Deployments
A new version of the Bcfg2 software is in testing that will
provide simplified and standards compliant communications
facilities. Instead of the use of SSSlib for communication, the
server and clients can use HTTPS XML-RPC instead. This has
required reimplementing the server and providing XML-RPC support
for the client, but provides drastically simplified setup for
new installs.
The prerequisite list now includes ElementTree, M2Crypto (for
SSL functions) and Python 2.2 or newer. ElementTree and M2Crypto
are both python modules that can be easily installed and are
already packaged for many Linux distributions.
SSL Certificate Generation
SSL is used for channel-level data encryption. The
requisite SSL certificates must be generated on the server
side. The following command will generate a server key:
openssl req -x509 -nodes -days 1000 -newkey rsa:1024 -out server.pem -keyout server.pem
This command will generate an SSL key including both an
RSA key and a certificate. This is suitable for use with the
Bcfg2 XML-RPC server.
Communication Bootstrapping
The Bcfg2 client must be able to find the server's
location. This is accomplished through the use of the
communication settings in /etc/bcfg2.conf
Two settings for the this section are required: protocol and
server url.
Bcfg2 XML-RPC Communication Settings
[communication]
protocol = xmlrpc/ssl
url = https://localhost:9443