1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
.. -*- mode: rst -*-
.. _server-plugins-generators-tgenshi-index:
=======
TGenshi
=======
This page documents the TGenshi plugin. This plugin works with version
0.4 and newer of the genshi library.
The TGenshi plugin allows you to use the `Genshi
<http://genshi.edgewall.org>`_ templating system to create files,
instead of the various diff-based methods offered by the Cfg
plugin. It also allows you to include the results of probes executed
on the client in the created files.
To begin, you will need to download and install the Genshi templating engine.
To install on CentOS or RHEL 5, run::
sudo yum install python-genshi
Once it is installed, you can enable it by adding ``TGenshi`` to the
generators line in ``/etc/bcfg2.conf`` on your Bcfg server. For example::
generators = SSHbase,Cfg,Pkgmgr,Svcmgr,Rules,TGenshi
The TGenshi plugin makes use of a Cfg-like directory structure
located in in a TGenshi subdirectory of your repository, usually
``/var/lib/bcfg2/TGenshi``. Each file has a directory containing two file
types, template and info. Templates are named according to the genshi
format used; template.txt uses the genshi text format, and template.xml
uses the XML format.
If used with Genshi 0.5 or later the plugin also supports the `new
style
<http://genshi.edgewall.org/wiki/Documentation/0.5.x/text-templates.html>`_
text template format for files named template.newtxt. One of the
advantages of the new format is that it does not use # as a command
delimiter, making it easier to utilize for configuration files that
use # as a comment character.
Only one template format may be used per file served. Info files are
identical to those used in ``Cfg``, and ``info.xml`` files are
supported.
Inside of templates
===================
* metadata is the client's metadata
* properties.properties is an xml document of unstructured data
See the genshi `documentation
<http://genshi.edgewall.org/wiki/Documentation>`_ for examples of
Genshi syntax.
Examples: Old Genshi Syntax
---------------------------
Genshi's web pages recommend against using this syntax, as it may
disappear from future releases.
Group Negation
^^^^^^^^^^^^^^
Templates are also useful for cases where more sophisticated boolean
operations than those supported by Cfg are needed. For example, the
template::
#if "ypbound" in metadata.groups and "workstation" in metadata.groups
client is ypbound workstation
#end
#if "ubuntu" not in metadata.groups and "desktop" in metadata.groups
client is a desktop, but not an ubuntu desktop
#end
Produces:
.. code-block:: xml
<Path type="file" name="/bar.conf" owner="root" perms="0644" group="root">client is ypbound workstation
client is a desktop, but not an ubuntu desktop
</Path>
This flexibility provides the ability to build much more compact and
succinct definitions of configuration contents than Cfg can.
Templating Access Data
======================
These examples depend on the :ref:`server-plugins-grouping-BB` plugin. The
BB plugin provides additional data about users that have been allocated
nodes. It maps in a dictionary of user priviledges to client metadata
instances. Each of these plugins use this data. On this system, node
allocations map to sudo and root access.
``/var/lib/bcfg2/TGenshi/etc/sudoers/template.newtxt``::
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
# Host alias specification
# User alias specification
User_Alias ADMIN =
${','.join(metadata.BB['users'].keys())},admin1,admin2
User_Alias IMAGERS = user1,user2,user3
# Cmnd alias specification
Cmnd_Alias SYSTEMIMAGER = /usr/sbin/getimage [A-z]* [A-z]*
# Defaults
Defaults !lecture,tty_tickets,!fqdn
# User privilege specification
root ALL=(ALL) ALL
IMAGERS login=SYSTEMIMAGER
# Members of the admin group may gain root privileges
ADMIN ALL=(ALL) ALL
``/var/lib/bcfg2/TGenshi/root/.ssh/authorized_keys/template.newtxt``::
{% for user in metadata.BB['users'] %}
${"\n".join(metadata.BB['users'][user])}
{% end %}
FAQs
====
**Question**
How do I escape the $ (dollar sign) in a TGenshi text template? For
example, if I want to include SVN (subversion) keywords like $Id$ or
$HeadURL$ in TGenshi-generated files, or am templating a bourne shell
(sh/bash) script or Makefile (make).
**Answer**
Use $$ (double dollar sign) to output a literal $ (dollarsign)
in a TGenshi text template. So instead of $Id$, you'd use
$$Id$$. See also Genshi tickets `#282: Document $$ escape
convention <http://genshi.edgewall.org/ticket/282>`_ and
`#283: Allow for redefinition of template syntax per-file
<http://genshi.edgewall.org/ticket/283>`_.
Examples
========
.. toctree::
:maxdepth: 1
bcfg2-cron
clientsxml
ganglia
grubconf
hosts
iptables
motd
mycnf
test
|
