summaryrefslogtreecommitdiffstats
path: root/doc/quickstart/centos.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/quickstart/centos.txt')
-rw-r--r--doc/quickstart/centos.txt567
1 files changed, 0 insertions, 567 deletions
diff --git a/doc/quickstart/centos.txt b/doc/quickstart/centos.txt
deleted file mode 100644
index 4a702683e..000000000
--- a/doc/quickstart/centos.txt
+++ /dev/null
@@ -1,567 +0,0 @@
-.. -*- mode: rst -*-
-
-.. _EPEL: http://fedoraproject.org/wiki/EPEL
-
-.. _quickstart-centos:
-
-=====================
-Quickstart for CentOS
-=====================
-
-This is a complete getting started guide for CentOS. With this document
-you should be able to install a Bcfg2 server and a Bcfg2 client.
-
-Install Bcfg2
-=============
-
-The fastest way to get Bcfg2 onto your system is to use Yum or
-your preferred package management tool. We'll be using the ones
-that are distributed through EPEL_, but depending on your aversion
-to risk you could download an RPM from other places as well. See
-:ref:`getting_started-using_bcfg2-with-centos` for information about
-building Bcfg2 from source and making your own packages.
-
-Using EPEL
-----------
-
-Make sure EPEL_ is a valid repository on your server. The `instructions
-<http://fedoraproject.org/wiki/EPEL/FAQ#howtouse>`_ on how to do this
-basically say::
-
- [root@centos ~]# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
-
-.. note::
-
- You will have to adjust this command to match your architecture and
- the current EPEL release.
-
-Install the bcfg2-server and bcfg2 RPMs::
-
- [root@centos ~]# yum install bcfg2-server bcfg2
-
-Your system should now have the necessary software to use Bcfg2. The
-next step is to set up your Bcfg2 :term:`repository`.
-
-Initialize your repository
-==========================
-
-Now that you're done with the install, you need to initialize your
-repository and setup your ``/etc/bcfg2.conf``. ``bcfg2-admin init``
-is a tool which allows you to automate this::
-
- [root@centos ~]# bcfg2-admin init
- Store bcfg2 configuration in [/etc/bcfg2.conf]:
- Location of bcfg2 repository [/var/lib/bcfg2]:
- Input password used for communication verification (without echoing; leave blank for a random):
- What is the server's hostname: [centos]
- Input the server location [https://centos:6789]:
- Input base Operating System for clients:
- 1: Redhat/Fedora/RHEL/RHAS/Centos
- 2: SUSE/SLES
- 3: Mandrake
- 4: Debian
- 5: Ubuntu
- 6: Gentoo
- 7: FreeBSD
- : 1
- Generating a 2048 bit RSA private key
- .........................+++
- ..................+++
- writing new private key to '/etc/bcfg2.key'
- -----
- Signature ok
- subject=/C=US=ST=Illinois/L=Argonne/CN=centos
- Getting Private key
- Repository created successfuly in /var/lib/bcfg2
-
-Change responses as necessary.
-
-Start the server
-================
-
-You are now ready to start your bcfg2 server for the first time::
-
- [root@centos ~]# /sbin/service bcfg2-server start
-
-To verify that everything started ok, look for the running daemon and check the logs::
-
- [root@centos ~]# /etc/init.d/service bcfg2-server status
- [root@centos ~]# tail /var/log/messages
- Mar 29 12:42:26 centos bcfg2-server[5093]: service available at https://centos:6789
- Mar 29 12:42:26 centos bcfg2-server[5093]: serving bcfg2-server at https://centos:6789
- Mar 29 12:42:26 centos bcfg2-server[5093]: serve_forever() [start]
- Mar 29 12:42:41 centos bcfg2-server[5093]: Handled 16 events in 0.007s
-
-Run bcfg2 to be sure you are able to communicate with the server::
-
- [root@centos ~]# bcfg2 -vqn
- No ca is specified. Cannot authenticate the server with SSL.
- No ca is specified. Cannot authenticate the server with SSL.
- Loaded plugins: fastestmirror
- Loading mirror speeds from cached hostfile
- Excluding Packages in global exclude list
- Finished
- Loaded tool drivers:
- Action Chkconfig POSIX YUMng
-
- Phase: initial
- Correct entries: 0
- Incorrect entries: 0
- Total managed entries: 0
- Unmanaged entries: 208
-
-
- Phase: final
- Correct entries: 0
- Incorrect entries: 0
- Total managed entries: 0
- Unmanaged entries: 208
-
- No ca is specified. Cannot authenticate the server with SSL.
-
-The ca message is just a warning, meaning that the client does not
-have sufficient information to verify that it is talking to the
-correct server. This can be fixed by distributing the ca certificate
-from the server to all clients. By default, this file is available in
-``/etc/bcfg2.crt`` on the server. Copy this file to the client (with a
-bundle) and add the ca option to ``bcfg2.conf`` pointing at the file,
-and the client will be able to verify it is talking to the correct server
-upon connection::
-
- [root@centos ~]# cat /etc/bcfg2.conf
-
-
- [communication]
- protocol = xmlrpc/ssl
- password = N41lMNeW
- ca = /etc/bcfg2.crt
-
- [components]
- bcfg2 = https://centos:6789
-
-Now if you run the client, no more warning::
-
- [root@centos ~]# bcfg2 -vqn
- Loaded plugins: fastestmirror
- Loading mirror speeds from cached hostfile
- Excluding Packages in global exclude list
- Finished
- Loaded tool drivers:
- Action Chkconfig POSIX YUMng
-
- Phase: initial
- Correct entries: 0
- Incorrect entries: 0
- Total managed entries: 0
- Unmanaged entries: 208
-
-
- Phase: final
- Correct entries: 0
- Incorrect entries: 0
- Total managed entries: 0
- Unmanaged entries: 208
-
-Bring your first machine under Bcfg2 control
-============================================
-
-Now it is time to get your first machine's configuration into your
-Bcfg2 :term:`repository`. Let's start with the server itself.
-
-
-Setup the `Packages`_ plugin
-----------------------------
-
-.. _Packages: http://trac.mcs.anl.gov/projects/bcfg2/wiki/Plugins/Packages
-
-First, replace **Pkgmgr** with **Packages** in the plugins
-line of ``bcfg2.conf``. Then create Packages layout (as per
-:ref:`packages-exampleusage`) in ``/var/lib/bcfg2``
-
-.. note:: I am using the RawURL syntax here since we are using `mrepo`_
- to manage our yum mirrors.
-
-.. _mrepo: http://dag.wieers.com/home-made/mrepo/
-
-.. code-block:: xml
-
- <Sources>
- <!-- CentOS (5.4) sources -->
- <YUMSource>
- <Group>centos5.4</Group>
- <RawURL>http://mrepo/centos5-x86_64/RPMS.os</RawURL>
- <Arch>x86_64</Arch>
- </YUMSource>
- <YUMSource>
- <Group>centos5.4</Group>
- <RawURL>http://mrepo/centos5-x86_64/RPMS.updates</RawURL>
- <Arch>x86_64</Arch>
- </YUMSource>
- <YUMSource>
- <Group>centos5.4</Group>
- <RawURL>http://mrepo/centos5-x86_64/RPMS.extras</RawURL>
- <Arch>x86_64</Arch>
- </YUMSource>
- </Sources>
-
-Due to the `Magic Groups`_, we need to modify our Metadata. Let's
-add a **centos5.4** group which inherits a **centos** group
-(this should replace the existing **redhat** group) present in
-``/var/lib/bcfg2/Metadata/groups.xml``. The resulting file should look
-something like this
-
-.. _Magic Groups: http://trac.mcs.anl.gov/projects/bcfg2/wiki/Plugins/Packages#MagicGroups
-
-.. code-block:: xml
-
- <Groups version='3.0'>
- <Group profile='true' public='true' default='true' name='basic'>
- <Group name='centos5.4'/>
- </Group>
- <Group name='centos5.4'>
- <Group name='centos'/>
- </Group>
- <Group name='ubuntu'/>
- <Group name='debian'/>
- <Group name='freebsd'/>
- <Group name='gentoo'/>
- <Group name='centos'/>
- <Group name='suse'/>
- <Group name='mandrake'/>
- <Group name='solaris'/>
- </Groups>
-
-.. note::
- When editing your xml files by hand, it is useful to occasionally run
- `bcfg2-repo-validate` to ensure that your xml validates properly.
-
-The final thing we need is for the client to have the proper
-arch group membership. For this, we will make use of the
-:ref:`unsorted-dynamic_groups` capabilities of the Probes plugin. Add
-Probes to your plugins line in ``bcfg2.conf`` and create the Probe.::
-
- [root@centos ~]# grep plugins /etc/bcfg2.conf
- plugins = Base,Bundler,Cfg,Metadata,Packages,Probes,Rules,SSHbase
- [root@centos ~]# mkdir /var/lib/bcfg2/Probes
- [root@centos ~]# cat /var/lib/bcfg2/Probes/groups
- #!/bin/sh
-
- echo "group:`uname -m`"
-
-Now we restart the bcfg2-server::
-
- [root@centos ~]# /etc/init.d/bcfg2-server restart
-
-If you tail ``/var/log/syslog`` now, you will see the Packages plugin in
-action, updating the cache.
-
-Start managing packages
------------------------
-
-Add a base-packages bundle. Let's see what happens when we just populate
-it with the *yum* package.
-
-.. code-block:: xml
-
- [root@centos ~]# cat /var/lib/bcfg2/Bundler/base-packages.xml
- <Bundle name='base-packages'>
- <Package name='yum'/>
- </Bundle>
-
-You need to reference the bundle from your Metadata. The resulting
-profile group might look something like this
-
-.. code-block:: xml
-
- <Group profile='true' public='true' default='true' name='basic'>
- <Bundle name='base-packages'/>
- <Group name='centos5.4'/>
- </Group>
-
-Now if we run the client, we can see what this has done for us.::
-
- [root@centos ~]# bcfg2 -vqn
- Running probe groups
- Probe groups has result:
- x86_64
- Loaded plugins: fastestmirror
- Loading mirror speeds from cached hostfile
- Excluding Packages in global exclude list
- Finished
- Loaded tool drivers:
- Action Chkconfig POSIX YUMng
- Package pam failed verification.
-
- Phase: initial
- Correct entries: 94
- Incorrect entries: 1
- Total managed entries: 95
- Unmanaged entries: 113
-
- In dryrun mode: suppressing entry installation for:
- Package:pam
-
- Phase: final
- Correct entries: 94
- Incorrect entries: 1
- Package:pam
- Total managed entries: 95
- Unmanaged entries: 113
-
-Interesting, our **pam** package failed verification. What does this
-mean? Let's have a look::
-
- [root@centos ~]# rpm --verify pam
- ....L... c /etc/pam.d/system-auth
-
-Sigh, it looks like the default RPM install for pam fails to verify
-using its own verification process (trust me, it's not the only one). At
-any rate, I was able to get rid of this particular issue by removing the
-symlink and running ``yum reinstall pam``.
-
-As you can see, the Packages plugin has generated the dependencies
-required for the yum package automatically. The ultimate goal should
-be to move all the packages from the **Unmanaged** entries section to
-the **Managed** entries section. So, what exactly *are* those Unmanaged
-entries?::
-
- [root@centos ~]# bcfg2 -veqn
- Running probe groups
- Probe groups has result:
- x86_64
- Loaded plugins: fastestmirror
- Loading mirror speeds from cached hostfile
- Excluding Packages in global exclude list
- Finished
- Loaded tool drivers:
- Action Chkconfig POSIX YUMng
- Extra Package openssh-clients 4.3p2-36.el5_4.4.x86_64.
- Extra Package libuser 0.54.7-2.1el5_4.1.x86_64.
- ...
-
- Phase: initial
- Correct entries: 95
- Incorrect entries: 0
- Total managed entries: 95
- Unmanaged entries: 113
-
-
- Phase: final
- Correct entries: 95
- Incorrect entries: 0
- Total managed entries: 95
- Unmanaged entries: 113
- Package:at
- Package:avahi
- Package:avahi-compat-libdns_sd
- ...
-
-Now you can go through these and continue adding the packages you want
-to your Bundle. After a while, I ended up with a minimal bundle that
-looks like this
-
-.. code-block:: xml
-
- <Bundle name='base-packages'>
- <Package name='bcfg2-server'/>
- <Package name='exim'/>
- <Package name='grub'/>
- <Package name='kernel'/>
- <Package name='krb5-workstation'/>
- <Package name='m2crypto'/>
- <Package name='openssh-clients'/>
- <Package name='openssh-server'/>
- <Package name='prelink'/>
- <Package name='redhat-lsb'/>
- <Package name='rpm-build'/>
- <Package name='rsync'/>
- <Package name='sysklogd'/>
- <Package name='vim-enhanced'/>
- <Package name='yum'/>
- </Bundle>
-
-Now when I run the client, you can see I have only one unmanaged
-package::
-
- [root@centos ~]# bcfg2 -veqn
- Running probe groups
- Probe groups has result:
- x86_64
- Loaded plugins: fastestmirror
- Loading mirror speeds from cached hostfile
- Excluding Packages in global exclude list
- Finished
- Loaded tool drivers:
- Action Chkconfig POSIX YUMng
- Extra Package gpg-pubkey e8562897-459f07a4.None.
- Extra Package gpg-pubkey 217521f6-45e8a532.None.
-
- Phase: initial
- Correct entries: 187
- Incorrect entries: 0
- Total managed entries: 187
- Unmanaged entries: 16
-
-
- Phase: final
- Correct entries: 187
- Incorrect entries: 0
- Total managed entries: 187
- Unmanaged entries: 16
- Package:gpg-pubkey
- Service:atd
- Service:avahi-daemon
- Service:bcfg2-server
- ...
-
-The gpg-pubkey packages are special in that they are not really
-packages. Currently, the way to manage them is using :ref:`BoundEntries
-<boundentries>`. So, after adding them, our Bundle now looks like this
-
-.. note:: This does not actually control the contents of the files,
- you will need to do this part separately (see below).
-
-.. code-block:: xml
-
- <Bundle name='base-packages'>
- <BoundPackage name="gpg-pubkey" type="yum" version="foo">
- <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5" version="e8562897" release="459f07a4"/>
- <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL" version="217521f6" release="45e8a532"/>
- </BoundPackage>
- <Package name='bcfg2-server'/>
- <Package name='exim'/>
- <Package name='grub'/>
- <Package name='kernel'/>
- <Package name='krb5-workstation'/>
- <Package name='m2crypto'/>
- <Package name='openssh-clients'/>
- <Package name='openssh-server'/>
- <Package name='prelink'/>
- <Package name='redhat-lsb'/>
- <Package name='rpm-build'/>
- <Package name='rsync'/>
- <Package name='sysklogd'/>
- <Package name='vim-enhanced'/>
- <Package name='yum'/>
- </Bundle>
-
-.. note:: version="foo" is just a dummy attribute for the gpg-pubkey Package
-
-To actually push the gpg keys out via Bcfg2, you will need to manage the
-files as well. This can be done by adding Path entries for each of the
-gpg keys you want to manage
-
-.. code-block:: xml
-
- <Bundle name='base-packages'>
- <Path name='/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5'/>
- <Path name='/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL'/>
- <BoundPackage name="gpg-pubkey" type="rpm">
- <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5" version="e8562897" release="459f07a4"/>
- <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL" version="217521f6" release="45e8a532"/>
- </BoundPackage>
- <Package name='bcfg2-server'/>
- <Package name='exim'/>
- <Package name='grub'/>
- <Package name='kernel'/>
- <Package name='krb5-workstation'/>
- <Package name='m2crypto'/>
- <Package name='openssh-clients'/>
- <Package name='openssh-server'/>
- <Package name='prelink'/>
- <Package name='redhat-lsb'/>
- <Package name='rpm-build'/>
- <Package name='rsync'/>
- <Package name='sysklogd'/>
- <Package name='vim-enhanced'/>
- <Package name='yum'/>
- </Bundle>
-
-Then add the files to Cfg::
-
- mkdir -p Cfg/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
- cp /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 !$/RPM-GPG-KEY-CentOS-5
- mkdir -p Cfg/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
- cp /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL !$/RPM-GPG-KEY-EPEL
-
-Now, running the client shows only unmanaged Service entries. Woohoo!
-
-Manage services
----------------
-
-Now let's clear up the unmanaged service entries by adding the following
-entries to our bundle.
-
-.. code-block:: xml
-
- <!-- basic services -->
- <Service name='atd'/>
- <Service name='avahi-daemon'/>
- <Service name='bcfg2-server'/>
- <Service name='crond'/>
- <Service name='cups'/>
- <Service name='gpm'/>
- <Service name='lvm2-monitor'/>
- <Service name='mcstrans'/>
- <Service name='messagebus'/>
- <Service name='netfs'/>
- <Service name='network'/>
- <Service name='postfix'/>
- <Service name='rawdevices'/>
- <Service name='sshd'/>
- <Service name='syslog'/>
-
-...and bind them in Rules
-
-.. code-block:: xml
-
- [root@centos ~]# cat /var/lib/bcfg2/Rules/services.xml
- <Rules priority='1'>
- <!-- basic services -->
- <Service type='chkconfig' status='on' name='atd'/>
- <Service type='chkconfig' status='on' name='avahi-daemon'/>
- <Service type='chkconfig' status='on' name='bcfg2-server'/>
- <Service type='chkconfig' status='on' name='crond'/>
- <Service type='chkconfig' status='on' name='cups'/>
- <Service type='chkconfig' status='on' name='gpm'/>
- <Service type='chkconfig' status='on' name='lvm2-monitor'/>
- <Service type='chkconfig' status='on' name='mcstrans'/>
- <Service type='chkconfig' status='on' name='messagebus'/>
- <Service type='chkconfig' status='on' name='netfs'/>
- <Service type='chkconfig' status='on' name='network'/>
- <Service type='chkconfig' status='on' name='postfix'/>
- <Service type='chkconfig' status='on' name='rawdevices'/>
- <Service type='chkconfig' status='on' name='sshd'/>
- <Service type='chkconfig' status='on' name='syslog'/>
- </Rules>
-
-Now we run the client and see there are no more unmanaged entries! ::
-
- [root@centos ~]# bcfg2 -veqn
- Running probe groups
- Probe groups has result:
- x86_64
- Loaded plugins: fastestmirror
- Loading mirror speeds from cached hostfile
- Excluding Packages in global exclude list
- Finished
- Loaded tool drivers:
- Action Chkconfig POSIX YUMng
-
- Phase: initial
- Correct entries: 205
- Incorrect entries: 0
- Total managed entries: 205
- Unmanaged entries: 0
-
-
- Phase: final
- Correct entries: 205
- Incorrect entries: 0
- Total managed entries: 205
- Unmanaged entries: 0
-
-Dynamic (web) reports
-=====================
-
-See installation instructions at :ref:`server-reports-install`