Configuration and change management with Bcfg2

The Dean

© david harding, Fotolia

© david harding, Fotolia

Author(s): , Author(s):

The powerful Bcfg2 provides a sophisticated environment for centralized configuration management.

The experts at the department of mathematics and computer science at the Argonne National Laboratory [1] were so unhappy about having to configure their numerous computer systems manually that they started an internal research project, dubbed Bcfg2 [2], that they later released under the BSD license.

Getting Started

Bcfg2 provides a sophisticated system for describing and deploying complete client configurations. This flexible tool uses a comprehensive XML format to describe the configurations, and RPC to communicate with the clients.

Experts will find Bcfg2 easy to extend, but the learning curve is steep – the program uses a powerful, abstract approach.

Supported Platforms

Bcfg2 supports various platforms, including openSUSE, Fedora, Gentoo, and Debian, as well as their many derivatives. The tool also runs on FreeBSD, AIX, Solaris, and Mac OS X through the use of the developer's distribution-independent Encap packages [3] on top of the ready-to-run client and server packages. As an alternative, you can check out the openSUSE Build Service [4], which offers the package for a number of other platforms.

Architecture

To manage specifications, Bcfg2 uses a server that communicates with a fairly lean counterpart on the client. To install both the server and the client, which comprises just a couple of lines of Python code, you can use the package manager for your distribution.

To get the client to request updates from the server at regular intervals, you need to create a crontab entry. Alternatively, you can run Bcfg2 as a background process. In that case, the server can actively contact the agent.

Settings on managed systems are configured at the Bcfg2 server. For each client, the server stores a description, which it generates from a central specif-ication.

At the highest level, Bcfg2 works with profiles that describe classes of identical computers, such as desktop systems or web servers. Each managed machine has exactly one profile.

Specific logical system areas within the profile are organized into groups, such as office software or network settings. The groups, which can be nested recursively, let administrators organize configuration specifications in a meaningful way.

Each group in turn is made up of an arbitrary number of bundles with scope that typically extends to a single software product, such as Postfix, OpenOffice, or the nameswitch mechanism.

Profiles, groups, and bundles are defined in the metadata/groups.xml file (see Listing 1).

Listing 1

Bundle and Subgroup Definitions

01 <Groups>
02   <Group name='desktop' profile='true'>
03     <Bundle name='motd' />
04     <Bundle name='networking' />
05     <Group name='office-workstation' />
06     <Group name='debian-stable' />
07   </Group>
08
09   <Group name='webserver' profile='true'>
10     <Group name='apache' />
11     <Bundle name='networking' />
12     <!-- ... --!>
13   </Group>
14
15   <Group name='office-workstation'>
16     <Group name='gnome-desktop' />
17     <!-- ... --!>
18   </Group>
19
20   <Group name='debian-stable'
21          toolset='debian' />
22 </Groups>

Read full article as PDF:

030-035_bcfg.pdf  (884.49 kB)

Related content

  • Network Management Intro

    Professional admins with tightening IT budgets are always looking for new tools that will help them do more with less. This month we feature some popular open source applications for deploying, configuring, updating, and monitoring software and systems on the network.

  • Cfengine 3

    Automate admin tasks with the powerful Cfengine framework.

  • SCPM

    SCPM lets you switch your network configuration when your portable moves to a different network. Read on to learn more about deploying the SCPM profile manager with Suse Linux.

  • Radius and 802.1X

    The Radius protocol is typically used to authenticate users in dial-up scenarios. But Radius is also useful in LAN environments: in combination with 802.1X, Radius forces users to authenticate at a low level before the switch opens up a port.

  • FAI

    FAI helps you automate the process of installing and configuring new Debian systems.

comments powered by Disqus

Direct Download

Read full article as PDF:

030-035_bcfg.pdf  (884.49 kB)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia