Installing Bcfg2
Pre-requisites
Bcfg2 is written in python using several modules not included
with most distributions. SSSlib, available from
ftp://ftp.mcs.anl.gov/pub/sss/, provides communication
abstraction. Element Tree, available from http://www.effbot.org
provides convenient XML handling. Bcfg2 uses FAM (server-size)
to coherently cache repository files and update them when they
change.
ElementTree can be downloaded from
http://www.effbot.org/downloads. It can be installed by running
the setup script against the python installation.
$ python setup.py build
running build
running build_py
creating build
creating build/lib
creating build/lib/elementtree
copying elementtree/ElementInclude.py -> build/lib/elementtree
copying elementtree/ElementPath.py -> build/lib/elementtree
copying elementtree/ElementTree.py -> build/lib/elementtree
copying elementtree/HTMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/SgmlopXMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/SimpleXMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/SimpleXMLWriter.py -> build/lib/elementtree
copying elementtree/TidyHTMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/TidyTools.py -> build/lib/elementtree
copying elementtree/XMLTreeBuilder.py -> build/lib/elementtree
copying elementtree/__init__.py -> build/lib/elementtree
$ python setup.py install
...
SSSlib can be downloaded from
ftp://ftp.mcs.anl.gov/pub/sss. It can either be built from source
or prebuilt packages can be downloaded from the same location.
Bcfg2 Installation
Bcfg2 Initial Setup and Testing
Once the Bcfg2 software is installed, the configuration file
and repository must be created. The example configuration file in
bcfg2/examples/bcfg2.conf can be used, with
minor modifications.
bcfg2.conf
[server]
repository = /disks/bcfg2
structures = Bundler,Base
generators = SSHbase,Cfg,Pkgmgr,Svcmgr
metadata = /disks/bcfg2/etc
This configuration file sets the location of the
configuration repository. It also activates two structures, and
four generators. Structures are components that generate
abstract configuration fragments. These are the form of the
configuration. Generators provide client-specific values for
each configuration settings contained in all abstract
configuration fragments. Both of these are described in Section
???.
Daemon Configuration
Bcfg2 uses SSSlib, the
communication libraries from the Scalable Systems Software project
for communication abstraction. This library provides a unified
messaging interface on top of several wire protocols with
different authentication and encryption mechanisms. The default
protocol is "challenge" which is a challenge response protocol
with no data encryption. (SSL protection will be configured
later). SSSlib also includes service location functionality;
this allows software to locate components by name, regardless of
their respective network locations. This function is provided
with both static and dynamic implementations. Static component
location setup will be sufficient for most Bcfg2 deployments.
Static component lookups depend on the file
/etc/sss.conf. This file contains
information about static service locations. This file must be
the same on the server and all clients for communication to work
properly. A location definition for the bcfg2 component will
allow all clients to find and connect to it.
/etc/sss.conf
]]>
This allows SSSlib to locate the bcfg2 component on the
machine bcfgserver, port 8052, with the wire protocol "challenge".
New-Style XML-RPC Deployments
A new version of the Bcfg2 software is in testing that will
provide simplified and standards compliant communications
facilities. Instead of the use of SSSlib for communication, the
server and clients can use HTTPS XML-RPC instead. This has
required reimplementing the server and providing XML-RPC support
for the client, but provides drastically simplified setup for
new installs.
The prerequisite list now includes ElementTree, M2Crypto (for
SSL functions) and Python 2.2 or newer. ElementTree and M2Crypto
are both python modules that can be easily installed and are
already packaged for many Linux distributions.
SSL Certificate Generation
SSL is used for channel-level data encryption. The
requisite SSL certificates must be generated on the server
side. I need to figure out how to do this.
Communication Bootstrapping
The Bcfg2 client must be able to find the server's
location. This is accomplished through the use of the
communication settings in /etc/bcfg2.conf
Two settings for the this section are required: protocol and
server url.
Bcfg2 XML-RPC Communication Settings
[communication]
protocol = xmlrpc/ssl
url = https://localhost:9443