NAME¶
bcfg2.conf - configuration parameters for Bcfg2
DESCRIPTION¶
- bcfg2.conf includes configuration parameters for the Bcfg2
server and
- client.
The file is INI-style and consists of sections and options. A section begins
with the name of the sections in square brackets and continues until the next
section begins.
Options are specified in the form 'name = value'.
The file is line-based each newline-terminated line represents either a comment,
a section name or an option.
Any line beginning with a hash (#) is ignored, as are lines containing only
whitespace.
SERVER OPTIONS¶
These options are only necessary on the Bcfg2 server. They are specified in the
[server] section of the configuration file.
- repository
- Specifies the path to the Bcfg2 repository containing all
of the configuration specifications. The repository should be created
using the 'bcfg2-admin init' command.
- filemonitor
- The file monitor used to watch for changes in the
repository. Values of 'gamin', 'fam', or 'pseudo' are valid.
- listen_all
- This setting tells the server to listen on all available
interfaces. The default is to only listen on those interfaces specified by
the bcfg2 setting in the components section of bcfg2.conf.
- plugins
- A comma-delimited list of enabled server plugins. Currently
available plugins are:
• Account The account plugin manages authentication data,
including:
* /etc/passwd
* /etc/group
* /etc/security/limits.conf
* /etc/sudoers
* /root/.ssh/authorized_keys
• Actions
Action entries are commands that are executed either before bundle
installation, after bundle installation or both. If exit status is
observed, a failing pre-action will cause no modification of the enclosing
bundle to be performed; all entries included in that bundle will not be
modified. Failing actions are reported through Bcfg2's reporting system,
so they can be centrally observed.
• BB The BB plugin maps users to machines and metadata to
machines. (experimental)
• Base A structure plugin that provides the ability to add
lists of unrelated entries into client configuration entry inventories.
Base works much like Bundler in its file format. This structure plugin is
good for the pile of independent configs needed for most actual systems.
• Bundler Bundler is used to describe groups of inter-dependent
configuration entries, such as the combination of packages, configuration
files, and service activations that comprise typical Unix daemons. Bundles
are used to add groups of configuration entries to the inventory of client
configurations, as opposed to describing particular versions of those
entries.
• Bzr The Bzr plugin allows you to track changes to your Bcfg2
repository using a GNU Bazaar version control backend. Currently, it
enables you to get revision information out of your repository for
reporting purposes.
• Cfg The Cfg plugin provides a repository to describe
configuration file contents for clients. In its simplest form, the Cfg
repository is just a directory tree modeled off of the directory tree on
your client machines.
• Cvs The Cvs plugin allows you to track changes to your Bcfg2
repository using a Concurrent version control backend. Currently, it
enables you to get revision information out of your repository for
reporting purposes. (experimental)
• Darcs The Darcs plugin allows you to track changes to your
Bcfg2 repository using a Darcs version control backend. Currently, it
enables you to get revision information out of your repository for
reporting purposes. (experimental)
• DBStats Direct to database statistics plugin. (0.9.6 and
later)
• Decisions The Decisions plugin has support for a centralized
set of per-entry installation decisions. This approach is needed when
particular changes are deemed "high risk"; this gives the
ability to centrally specify these changes, but only install them on
clients when administrator supervision is available. (0.9.6 and later)
• Deps The Deps plugin allows you to make a series of
assertions like "Package X requires Package Y (and optionally also
Package Z etc.)
• Editor The Editor plugin allows you to partially manage
configuration for a file. Its use is not recommended and not well
documented.
• Fossil The Fossil plugin allows you to track changes to your
Bcfg2 repository using a Fossil SCM version control backend. Currently, it
enables you to get revision information out of your repository for
reporting purposes.
• Git The Git plugin allows you to track changes to your Bcfg2
repository using a Git version control backend. Currently, it enables you
to get revision information out of your repository for reporting purposes.
• GroupPatterns The GroupPatterns plugin is a connector that
can assign clients group membership based on patterns in client hostnames.
• Hg The Hg plugin allows you to track changes to your Bcfg2
repository using a Mercurial version control backend. Currently, it
enables you to get revision information out of your repository for
reporting purposes. (experimental)
• Hostbase The Hostbase plugin is an IP management system built
on top of Bcfg2.
• Metadata The Metadata plugin is the primary method of
specifying Bcfg2 server metadata.
• NagiosGen NagiosGen is a Bcfg2 plugin that dynamically
generates Nagios configuration files based on Bcfg2 data.
• Ohai The Ohai plugin is used to detect information about the
client operating system. The data is reported back to the server using
JSON. (experimental)
• POSIXCompat The POSIXCompat plugin provides a compatibility
layer which turns new-style (1.0) POSIX entries into old-style entries
which are compatible with previous releases.
• Packages The Packages plugin is an alternative to Pkgmgr for
specifying package entries for clients. Where Pkgmgr explicitly specifies
package entry information, Packages delegates control of package version
information to the underlying package manager, installing the latest
version available from through those channels.
• Pkgmgr The Pkgmgr plugin resolves the Abstract Configuration
Entity "Package" to a package specification that the client can
use to detect, verify and install the specified package.
• Probes The Probes plugin gives you the ability to gather
information from a client machine before you generate its configuration.
This information can be used with the various templating systems to
generate configuration based on the results.
• Properties The Properties plugin is a connector plugin that
adds information from properties files into client metadata instances.
(1.0 and later)
• Rules The Rules plugin resolves Abstract Configuration
Entities to literal configuration entries suitable for the client drivers
to consume.
• SGenshi (Deprecated) See Bundler.
• Snapshots The Snapshots plugin stores various aspects of a
client's state when the client checks in to the server.
• SSHbase The SSHbase generator plugin manages ssh host keys
(both v1 and v2) for hosts. It also manages the ssh_known_hosts file. It
can integrate host keys from other management domains and similarly export
its keys.
• Svn The Svn plugin allows you to track changes to your Bcfg2
repository using a Subversion backend. Currently, it enables you to get
revision information out of your repository for reporting purposes.
• TCheetah The TCheetah plugin allows you to use the cheetah
templating system to create files. It also allows you to include the
results of probes executed on the client in the created files.
• TGenshi The TGenshi plugin allows you to use the Genshi
templating system to create files. It also allows you to include the
results of probes executed on the client in the created files.
• Trigger Trigger is a plugin that calls external scripts when
clients are configured.
- prefix
- Specifies a prefix if the Bcfg2 installation isn't placed
in the default location (eg. /usr/local).
MDATA OPTIONS¶
These options affect the default metadata settings for Paths with type='file'.
- owner
- Global owner for Paths (defaults to root)
- group
- Global group for Paths (defaults to root)
- perms
- Global permissions for Paths (defaults to 644)
- paranoid
- Global paranoid settings for Paths (defaults to false)
- sensitive
- Global sensitive settings for Paths (defaults to false)
CLIENT OPTIONS¶
These options only affect client functionality, specified in the [client]
section.
- decision
- Specify the server decision list mode (whitelist or
blacklist). (This setting will be ignored if the client is called with the
-f option.)
- drivers
- Specify tool driver set to use. This option can be used to
explicitly specify the client tool drivers you want to use when the client
is run.
- paranoid
- Run the client in paranoid mode.
STATISTICS OPTIONS¶
Server-only, specified in the [statistics] section. These options control the
statistics collection functionality of the server.
- database_engine
- The database engine used by the statistics module. One of
either ‘postgresql’, ‘mysql’,
‘sqlite3’, or ‘ado_mssql’.
- database_name
- The name of the database to use for statistics data. If
‘database_engine’ is set to ‘sqlite3’ this is a
file path to sqlite file and defaults to $REPOSITORY_DIR/etc/brpt.sqlite
- database_user
- User for database connections. Not used for sqlite3.
- database_password
- Password for database connections. Not used for sqlite3.
- database_host
- Host for database connections. Not used for sqlite3.
- database_port
- Port for database connections. Not used for sqlite3.
- time_zone
- Specify a time zone other than that used on the system.
(Note that this will cause the bcfg2 server to log messages in this time
zone as well).
COMMUNICATION OPTIONS¶
Specified in the [communication] section. These options define settings used for
client-server communication.
- ca
- The path to a file containing the CA certificate. This file
is required on the server, and optional on clients. However, if the cacert
is not present on clients, the server cannot be verified.
- certificate
- The path to a file containing a PEM formatted certificate
which signs the key with the ca certificate. This setting is required on
the server in all cases, and required on clients if using client
certificates.
- key
- Specifies the path to a file containing the SSL Key. This
is required on the server in all cases, and required on clients if using
client certificates.
- password
- Required on both the server and clients. On the server,
sets the password clients need to use to communicate. On a client, sets
the password to use to connect to the server.
- protocol
- Communication protocol to use. Defaults to xmlrpc/ssl.
- retries
- A client-only option. Number of times to retry network
communication.
- serverCommonNames
- A client-only option. A colon-separated list of Common
Names the client will accept in the SSL certificate presented by the
server.
- user
- A client-only option. The UUID of the client.
PARANOID OPTIONS¶
These options allow for finer-grained control of the paranoid mode on the Bcfg2
client. They are specified in the [paranoid] section of the configuration
file.
- path
- Custom path for backups created in paranoid mode. The
default is in /var/cache/bcfg2.
- max_copies
- Specify a maximum number of copies for the server to keep
when running in paranoid mode. Only the most recent versions of these
copies will be kept.
COMPONENT OPTIONS¶
Specified in the [components] section.
- bcfg2
- URL of the server. On the server this specifies which
interface and port the server listens on. On the client, this specifies
where the client will attempt to contact the server. eg: bcfg2 =
https://10.3.1.6:6789
- encoding
- Text encoding of configuration files. Defaults to UTF-8.
LOGGING OPTIONS¶
Specified in the [logging] section. These options control the server logging
functionality.
path Server log file path.
SNAPSHOTS OPTIONS¶
Specified in the [snapshots] section. These options control the server snapshots
functionality.
driver sqlite
database The name of the database to use for statistics data. eg:
$REPOSITORY_DIR/etc/bcfg2.sqlite
SEE ALSO¶
bcfg2(1), bcfg2-server(8)