Installing Bcfg2 Pre-requisites Bcfg2 is written in python using several modules not included with most distributions. Element Tree, available from http://www.effbot.org provides convenient XML handling. The Bcfg2 server requires a few more packages. It uses either FAM or Gamin to coherently cache repository files and update them when they change. It also requires m2crypto to use SSL functions. ElementTree can be downloaded from http://www.effbot.org/downloads. It can be installed by running the setup script against the python installation. $ python setup.py build running build running build_py creating build creating build/lib creating build/lib/elementtree copying elementtree/ElementInclude.py -> build/lib/elementtree copying elementtree/ElementPath.py -> build/lib/elementtree copying elementtree/ElementTree.py -> build/lib/elementtree copying elementtree/HTMLTreeBuilder.py -> build/lib/elementtree copying elementtree/SgmlopXMLTreeBuilder.py -> build/lib/elementtree copying elementtree/SimpleXMLTreeBuilder.py -> build/lib/elementtree copying elementtree/SimpleXMLWriter.py -> build/lib/elementtree copying elementtree/TidyHTMLTreeBuilder.py -> build/lib/elementtree copying elementtree/TidyTools.py -> build/lib/elementtree copying elementtree/XMLTreeBuilder.py -> build/lib/elementtree copying elementtree/__init__.py -> build/lib/elementtree $ python setup.py install ... The python fam binding can be downloaded from python-fam.sourceforge.net. FAM (on several linux distributions) has been depricated in favor of gamin. The Bcfg server will autodetect which modules are available, and use appropriate file caching logic. Bcfg2 Installation Bcfg2 Initial Setup and Testing Once the Bcfg2 software is installed, the configuration file and repository must be created. The example configuration file in bcfg2/examples/bcfg2.conf can be used, with minor modifications. bcfg2.conf [server] repository = /disks/bcfg2 structures = Bundler,Base generators = SSHbase,Cfg,Pkgmgr,Svcmgr metadata = /disks/bcfg2/etc This configuration file sets the location of the configuration repository. It also activates two structures, and four generators. Structures are components that generate abstract configuration fragments. These are the form of the configuration. Generators provide client-specific values for each configuration settings contained in all abstract configuration fragments. Both of these are described in Section ???. Daemon Configuration Bcfg2 uses SSSlib, the communication libraries from the Scalable Systems Software project for communication abstraction. This library provides a unified messaging interface on top of several wire protocols with different authentication and encryption mechanisms. The default protocol is "challenge" which is a challenge response protocol with no data encryption. (SSL protection will be configured later). SSSlib also includes service location functionality; this allows software to locate components by name, regardless of their respective network locations. This function is provided with both static and dynamic implementations. Static component location setup will be sufficient for most Bcfg2 deployments. Static component lookups depend on the file /etc/sss.conf. This file contains information about static service locations. This file must be the same on the server and all clients for communication to work properly. A location definition for the bcfg2 component will allow all clients to find and connect to it. /etc/sss.conf ]]> This allows SSSlib to locate the bcfg2 component on the machine bcfgserver, port 8052, with the wire protocol "challenge". New-Style XML-RPC Deployments A new version of the Bcfg2 software is in testing that will provide simplified and standards compliant communications facilities. Instead of the use of SSSlib for communication, the server and clients can use HTTPS XML-RPC instead. This has required reimplementing the server and providing XML-RPC support for the client, but provides drastically simplified setup for new installs. The prerequisite list now includes ElementTree, M2Crypto (for SSL functions) and Python 2.2 or newer. ElementTree and M2Crypto are both python modules that can be easily installed and are already packaged for many Linux distributions. SSL Certificate Generation SSL is used for channel-level data encryption. The requisite SSL certificates must be generated on the server side. The following command will generate a server key: openssl req -x509 -nodes -days 1000 -newkey rsa:1024 -out server.pem -keyout server.pem This command will generate an SSL key including both an RSA key and a certificate. This is suitable for use with the Bcfg2 XML-RPC server. Communication Bootstrapping The Bcfg2 client must be able to find the server's location. This is accomplished through the use of the communication settings in /etc/bcfg2.conf Two settings for the this section are required: protocol and server url. Bcfg2 XML-RPC Communication Settings [communication] protocol = xmlrpc/ssl url = https://localhost:9443