Bcfg2 is written in python using several modules not included with most distributions. lxml provides convenient xml handling. The Bcfg2 server requires a few more packages. It uses either FAM or Gamin to coherently cache repository files and update them when they change. It also requires pyOpenSSL to use SSL functions. lxml is required for xml parsing. It can be downloaded from http://www.codespeak.net/lxml. It, in turn, requires libxml2, libxslt, and pyrex. The python fam binding can be downloaded from python-fam.sourceforge.net. FAM (on several linux distributions) has been depricated in favor of gamin. The Bcfg server will autodetect which modules are available, and use appropriate file caching logic. It can be installed by running the setup.py script. NameDescriptionURLlxmlXML ProcessingpyrexC to Python language interoperability (needed for lxml)pyOpenSSL OpenSSL bindings for PythonFamFile Alteration MonitorGaminAlternate File Alteration MonitorPython-famPython bindings for fam (not needed with gamin) Once the Bcfg2 software is installed, the configuration file and repository must be created. The example configuration file in bcfg2/examples/bcfg2.conf can be used, with minor modifications. This should be placed in /etc/bcfg2.conf. If it is placed in another location, each program takes a command line argument to specify its alternate location. [server] repository = /disks/bcfg2 structures = Bundler,Base generators = SSHbase,Cfg,Pkgmgr,Svcmgr This configuration file sets the top level location of the configuration repository. It also activates two structures, and four generators. Both structures and generators are instances of Bcfg2 server plugins. Structures generate abstract configuration fragments. These form the inventory of the configuration. Generators provide client-specific literal values for each configuration entity contained in the abstract configuration. Bcfg2 uses XML-RPC over HTTPS for all communications. All communications occur over this transport. HTTPS provides data security, while an embedded username and password provide authentication. SSL is used for channel-level data encryption. The requisite SSL certificates must be generated on the server side. The following command will generate a server key: openssl req -x509 -nodes -days 1000 -newkey rsa:1024 \ -out bcfg2.key -keyout bcfg2.key This command will generate an SSL key including both an RSA key and a certificate. This is suitable for use with the Bcfg2 server. The path to this key should be put in the bcfg2 configuration file in section communication, setting key. The Bcfg2 client must be able to find the server's location. This is accomplished through the use of the communication settings in /etc/bcfg2.conf Several settings must be included in this file: the server url, a username and a password. [communication] protocol = xmlrpc/ssl password = pwd user = root [components] bcfg2 = https://bcfg2server:8765