diff options
Diffstat (limited to 'doc/appendix')
| -rw-r--r-- | doc/appendix/guides/centos.txt | 8 | ||||
| -rw-r--r-- | doc/appendix/guides/fedora.txt | 2 | ||||
| -rw-r--r-- | doc/appendix/guides/import-existing-ssh-keys.txt | 128 | ||||
| -rw-r--r-- | doc/appendix/guides/ubuntu.txt | 4 | ||||
| -rw-r--r-- | doc/appendix/guides/web-reports-install.txt | 7 |
5 files changed, 139 insertions, 10 deletions
diff --git a/doc/appendix/guides/centos.txt b/doc/appendix/guides/centos.txt index db463b210..b0321eebc 100644 --- a/doc/appendix/guides/centos.txt +++ b/doc/appendix/guides/centos.txt @@ -248,7 +248,7 @@ arch group membership. For this, we will make use of the Probes to your plugins line in ``bcfg2.conf`` and create the Probe.:: [root@centos ~]# grep plugins /etc/bcfg2.conf - plugins = Base,Bundler,Cfg,Metadata,Packages,Probes,Rules,SSHbase + plugins = Base,Bundler,Cfg,...,Probes [root@centos ~]# mkdir /var/lib/bcfg2/Probes [root@centos ~]# cat /var/lib/bcfg2/Probes/groups #!/bin/sh @@ -259,8 +259,8 @@ Now we restart the bcfg2-server:: [root@centos ~]# /etc/init.d/bcfg2-server restart -If you tail ``/var/log/syslog`` now, you will see the Packages plugin in -action, updating the cache. +If you now ``tail -f /var/log/messages``, you will see the Packages +plugin in action, updating the cache. Start managing packages ----------------------- @@ -569,4 +569,4 @@ Now we run the client and see there are no more unmanaged entries! :: Dynamic (web) reports ===================== -See installation instructions at :ref:`server-reports-install` +See installation instructions at :ref:`reports-dynamic` diff --git a/doc/appendix/guides/fedora.txt b/doc/appendix/guides/fedora.txt index 1dd4f6db0..f32eaa8c6 100644 --- a/doc/appendix/guides/fedora.txt +++ b/doc/appendix/guides/fedora.txt @@ -139,7 +139,7 @@ The ``bcfg2.conf`` file contains only standard plugins so far. [server] repository = /var/lib/bcfg2 - plugins = Base,Bundler,Cfg,Metadata,Pkgmgr,Rules,SSHbase + plugins = SSHbase,Cfg,Pkgmgr,Rules,Metadata,Base,Bundler [statistics] sendmailpath = /usr/lib/sendmail diff --git a/doc/appendix/guides/import-existing-ssh-keys.txt b/doc/appendix/guides/import-existing-ssh-keys.txt new file mode 100644 index 000000000..d0f679b59 --- /dev/null +++ b/doc/appendix/guides/import-existing-ssh-keys.txt @@ -0,0 +1,128 @@ +.. -*- mode: rst -*- + +.. _appendix-guides-import-existing-ssh-keys: + +======================== +Import existing ssh keys +======================== + +.. note:: + + In order for the instructions in this guide to work, you will need + to first setup the :ref:`reporting system <reports-dynamic>` so that + the server has the information needed to create the existing + entries. + +This guide details the process for importing existing ssh keys into your +server repository. + +Add a bundle for ssh +==================== + +After verifying that SSHbase is listed on the plugins line in +``/etc/bcfg2.conf``, you need to create a bundle containing the +appropriate entries.:: + + cat > /tmp/ssh.xml << EOF + <Bundle name='ssh'> + <Path name='/etc/ssh/ssh_host_dsa_key'/> + <Path name='/etc/ssh/ssh_host_rsa_key'/> + <Path name='/etc/ssh/ssh_host_dsa_key.pub'/> + <Path name='/etc/ssh/ssh_host_rsa_key.pub'/> + <Path name='/etc/ssh/ssh_host_key'/> + <Path name='/etc/ssh/ssh_host_key.pub'/> + <Path name='/etc/ssh/ssh_known_hosts'/> + </Bundle> + +:: + + mv /tmp/ssh.xml /var/lib/bcfg2/Bundle + +Next, you need to add the ssh bundle to the client's metadata in +groups.xml. + +Validate your repository +======================== + +Validation can be performed using the following command:: + + ``bcfg2-repo-validate -v`` + +Run the bcfg2 client +==================== + +:: + bcfg2 -vqn + +You will see the incorrect entries for the ssh files:: + + Phase: initial + Correct entries: 0 + Incorrect entries: 7 + Total managed entries: 7 + Unmanaged entries: 649 + + In dryrun mode: suppressing entry installation for: + Path:/etc/ssh/ssh_host_dsa_key Path:/etc/ssh/ssh_host_rsa_key + Path:/etc/ssh/ssh_host_dsa_key.pub Path:/etc/ssh/ssh_host_rsa_key.pub + Path:/etc/ssh/ssh_host_key Path:/etc/ssh/ssh_known_hosts + Path:/etc/ssh/ssh_host_key.pub + + Phase: final + Correct entries: 0 + Incorrect entries: 7 + Path:/etc/ssh/ssh_host_dsa_key Path:/etc/ssh/ssh_host_rsa_key + Path:/etc/ssh/ssh_host_dsa_key.pub Path:/etc/ssh/ssh_host_rsa_key.pub + Path:/etc/ssh/ssh_host_key Path:/etc/ssh/ssh_known_hosts + Path:/etc/ssh/ssh_host_key.pub + Total managed entries: 7 + Unmanaged entries: 649 + +Install the client's ssh keys into the Bcfg2 repository +======================================================= + +Now, we pull the ssh host key data for the client out of the uploaded +stats and insert it as host-specific copies of these files in +``/var/lib/bcfg2/SSHBase``.:: + + for key in ssh_host_dsa_key ssh_host_key; do + sudo bcfg2-admin pull <clientname> Path /etc/ssh/$key + sudo bcfg2-admin pull <clientname> Path /etc/ssh/${key}.pub + done + +This for loop pulls data that was collected by the bcfg2 client out of +the statistics file and installs it into the repository. This means that +the client will keep the same ssh keys and the bcfg2 server can start +generating a correct ssh_known_hosts file for the client. + +Run the bcfg2 client (again) +============================ + +:: + bcfg2 -vqn + +This time, we will only see 1 incorrect entry.:: + + Phase: initial + Correct entries: 6 + Incorrect entries: 1 + Total managed entries: 7 + Unmanaged entries: 649 + + In dryrun mode: suppressing entry installation for: + Path:/etc/ssh/ssh_known_hosts + + Phase: final + Correct entries: 6 + Incorrect entries: 1 + Path:/etc/ssh/ssh_known_hosts + Total managed entries: 7 + Unmanaged entries: 649 + +Now, the only wrong entry is the ssh_known_hosts file!, so go ahead +and install it:: + + bcfg2 -vqI + +After answering 'y' to the interactive prompt, the client will install +the known_hosts file successfully. diff --git a/doc/appendix/guides/ubuntu.txt b/doc/appendix/guides/ubuntu.txt index 595005018..54aa62cce 100644 --- a/doc/appendix/guides/ubuntu.txt +++ b/doc/appendix/guides/ubuntu.txt @@ -119,7 +119,7 @@ Replace Pkgmgr with Packages in the plugins line of ``bcfg2.conf``:: root@lucid:~# cat /etc/bcfg2.conf [server] repository = /var/lib/bcfg2 - plugins = Base,Bundler,Cfg,Metadata,Packages,Rules,SSHbase + plugins = SSHbase,Cfg,Packages,Rules,Metadata,Base,Bundler [statistics] sendmailpath = /usr/lib/sendmail @@ -207,7 +207,7 @@ Probes to your plugins line in ``bcfg2.conf`` and create the Probe. .. code-block:: sh root@lucid:~# grep plugins /etc/bcfg2.conf - plugins = Base,Bundler,Cfg,Metadata,Packages,Probes,Rules,SSHbase + plugins = Base,Bundler,Cfg,...,Probes root@lucid:~# mkdir /var/lib/bcfg2/Probes root@lucid:~# cat /var/lib/bcfg2/Probes/groups #!/bin/sh diff --git a/doc/appendix/guides/web-reports-install.txt b/doc/appendix/guides/web-reports-install.txt index af2e240fa..7ec7efb4e 100644 --- a/doc/appendix/guides/web-reports-install.txt +++ b/doc/appendix/guides/web-reports-install.txt @@ -136,7 +136,7 @@ Add DBStats to the plugins line of ``bcfg2.conf``. The resulting [server] repository = /var/lib/bcfg2 - plugins = Base,Bundler,Cfg,DBStats,Metadata,Packages,Probes,Rules,SSHbase + plugins = Base,Bundler,Cfg,...,DBStats Start/restart the Bcfg2 server:: @@ -148,8 +148,9 @@ statistics to the database). Download the static reports content:: + [root@system01 ~]# git clone git://git.mcs.anl.gov/bcfg2 [root@system01 ~]# cd /var/www/ - [root@system01 ~]# svn co https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2/reports + [root@system01 ~]# mv /path/to/bcfg2/checkout/reports ./ Configure Apache using :ref:`dynamic-http-install` as a guide @@ -159,7 +160,7 @@ then have something like this:: [server] repository = /var/lib/bcfg2 - plugins = Base,Bundler,Cfg,DBStats,Metadata,Packages,Probes,Rules,SSHbase + plugins = Base,Bundler,Cfg,...,DBStats [statistics] sendmailpath = /usr/lib/sendmail |