You are here: Home Presentations Configuration Management and Bcfg2

Configuration Management and Bcfg2

by Matt Baker last modified Jan 17, 2011 11:52 AM

Staff development week summer 2010

Why Configuration Management?

  • One repository to rule them all
  • Description of the whole infrastructure
  • Declarative and inspecting
  • Push vs pull?
  • Contenders: Cfengine, Puppet, Bcfg2, others?

Bcfg2: The basics

  • Client Server model
      • Server: configuration specification repository
        • Metadata
        • Abstract Configuration (Structures)
        • Literal Configuration (Generators)
      • Client: applies the specification
        • Probes
        • Download
        • Update
        • Statistics

Bcfg2: Repository

  • Directory for each plugin
  • XML files for abstract configuration
  • Plain text and directory structure for literal configuration
  • Genshi templates
    • Can embed python in genshi templates

Bcfg2: Metadata

  • python namespace "metadata"
    • Metadata/clients.xml & Metadata/groups.xml
      • Plugin Connectors:
      • Properties/
      • Probes/
      • Home grown?

Bcfg2: Metadata: Clients

  • (Mostly) managed by the server
<Clients version="3.0">
  <Client profile="debian-lenny-x86-bcfg2"
             name="bcfg2-prod.ilrt.bris.ac.uk"
             pingable="Y" pingtime="1269346434.78"/>
</Clients>

Bcfg2: Metadata: Groups

  • Profiles are built from collections of Groups (Inheritance model)
<Groups version='3.0'>
        <Group name='apache-php5-server'>
                <Group name='apache-app-server'/>
                <Bundle name='apache-php5'/>
                <Bundle name='php5'/>
        </Group>
        <Group name='apache-drupal-server'>
                <Group name='apache-php5-server'/>
                <Bundle name='drupal'/>
        </Group>
</Groups>

Bcfg2: Metadata: Properties

  • Properties are arbitrary data stores
  • Example: Properties/admins.xml
<Properties>
  <Admins>
    <Admin name="Joe Blogs" uid="1234" user="jblogs" />
    <Admin name="Jack Hill" uid="2345" user="jhill" />
  </Admins>
</Properties>

Bcfg2: Structures 

  • Base
  • Bundles

Bcfg2: Structures: example

  • Simple bundle for openssh
<Bundle name='openssh' version='2.0'>
        <Group name='debian'>
                <Package name='ssh'/>
                <Package name='openssh-server'/>
                <Package name='openssh-client'/>
                <Service name='ssh'/>
                <Path name='/etc/pam.d/sshd'/>
        </Group>
</Bundle>

Bcfg2: Structures: Genshi example

<Bundle name="admins" xmlns:py="http://genshi.edgewall.org/">
     <?python data = metadata.Properties['admins.xml'].data
              admins = data.xpath('.//Admin') ?>
     <py:for each="admin in admins">
         <?python user = admin.get('user') ?>
         <BoundPath type="directory" name="/home/${user}"
             group="${user}" owner='${user}' perms='750'/>
         <BoundPath type="directory" name="/home/${user}/.ssh"
             group="${user}" owner='${user}' perms='700'/>
         <Path name="/home/${user}/.ssh/authorized_keys"/>
     </py:for>
 </Bundle>

Bcfg2: Generators

  • Cfg
  • TGenshi
  • Packages
  • SSHBase
  • NagiosGen
  • etc, etc...

Bcfg2: Generators: Cfg directory structure

Cfg/etc/motd/motd
Cfg/etc/motd/motd.G50_centos
Cfg/etc/motd/motd.G50_debian.cat
Cfg/etc/motd/motd.H_bcfg2-prod.ilrt.bris.ac.uk
Cfg/etc/motd/info.xml

Bcfg2: Generators: TGenshi example

  • TGenshi/etc/exports/template.newtxt
{% python
 from socket import gethostbyname
 def nfs_clients(group):
  clients = []
  for host in metadata.query.names_by_groups([group]):
   clients.append("%s(rw)" % gethostbyname(host))
  return(' '.join(clients)) %}\
{% if 'pkgrepo-server' in metadata.groups %}\
# Ganeti OS images
/var/images ${nfs_clients('ganeti2-service')}
{% end %}\

Bcfg2: Client tools: Probes

  • Probes/megaraid
    • Output available in metadata.Probes['megaraid']
    • Output of "group:something" sets dynamic group name
    • Possible uses for ohai, dmidecode, lspci, etc
#!/bin/sh
if [ -f /proc/modules ] && \
 grep "megaraid_" /proc/modules | grep -v sas ;then
        echo "group:megaraid-hardware"
else
        echo "None"
fi

Bcfg2: Reports

  • Command line:
$ /usr/sbin/bcfg2-reports -s my-p0.ilrt.bris.ac.uk
Bad Entries:
Package:linux-modules-2.6.18-6-xen-amd64
Package:python-ssl
Extra Entries:
Service:rsyslog
Package:xml-core
Package:iamerican
Package:exim4
Package:sgml-base

Bcfg2: Interaction

$ /usr/sbin/bcfg2-admin query g=bcfg2-server g=production
bcfg2-prod.ilrt.bris.ac.uk

$ /usr/sbin/bcfg2-info buildfile <filename> <hostname>
 - build config file for hostname (not written to disk)

$ /usr/sbin/bcfg2-info showclient <client1> <client2>
 - show metadata for given hosts

$ /usr/sbin/bcfg2-info debug
 - shell out to native python interpreter

Bcfg2: Interaction: Links

Bcfg2: Interaction: Full circle

  • A fab demo?
$ fab hosts:metadata-group rpull:bundle

Bcfg2: Fin

  • Questions?
Document Actions