Converging on Verification with RHEL 5

Running verification

To get complete verification status, run:

bcfg2 -vqned

Unmanaged entries

  • Package (top-level)
  1. Enable the “Packages” plugin in /etc/bcfg2.conf, and configure the Yum repositories in /var/lib/bcfg2/Packages/sources.xml.

  2. If a package is unwanted, remove it:

    sudo yum remove PACKAGE
    
  3. Otherwise, add <Package name="PACKAGE" /> to the Bundler configuration.

  • Package (dependency)
  1. Ensure the Yum repository sources configured in /var/lib/bcfg2/Packages/sources.xml are correct.

  2. Ensure the Yum repositories themselves are up-to-date with the main package and dependencies.

  3. Rebuild the Packages plugin cache:

    bcfg2-admin xcmd Packages.Refresh
    
  • Service
  1. Add <Service name="SERVICE" /> to the Bundler configuration.
  2. Add <Service name="SERVICE" status="on" type="chkconfig" /> to /var/lib/bcfg2/Rules/services.xml.

Incorrect entries

For a “Package”

  • Failed RPM verification
  1. Run rpm -V PACKAGE
  2. Add configuration files (the ones with “c” next to them in the verification output) to /var/lib/bcfg2/Cfg/.
  • For example, /etc/motd to /var/lib/bcfg2/Cfg/etc/motd/motd. Yes, there is an extra directory level named after the file.
  1. Specify configuration files as <Path name='PATH' /> in the Bundler configuration.

  2. Add directories to /var/lib/bcfg2/Rules/directories.xml. For example:

    <Rules priority="0">
      <Directory name="/etc/cron.hourly" group="root" owner="root" mode="0700" />
      <Directory name="/etc/cron.daily" group="root" owner="root" mode="0700" />
    </Rules>
    
  • Multiple instances
  • Option A: Explicitly list the instances
  1. Drop the <Package /> from the Bundler configuration.

  2. Add an explicit <BoundPackage> and <Instance /> configuration to a new Bundle, like the following:

    <Bundle>
      <!-- GPG keys -->
      <BoundPackage name="gpg-pubkey" type="rpm" version="foo">
        <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL" version="217521f6" release="45e8a532"/>
        <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" version="37017186" release="45761324"/>
      </BoundPackage>
    </Bundle>
    
  3. Add the bundle to the applicable groups in /var/lib/bcfg2/Metadata/groups.xml.

  • Option B: Disable verification of the package
  1. Add pkg_checks="false" to the <Package /> tag.

For a “Path”

  • Unclear verification problem (no details from Bcfg2)
  1. Run bcfg2 -vqI to see detailed verification issues (but deny any suggested actions).
  • Permissions mismatch
  1. Create an info.xml file in the same directory as the configuration file. Example:

    <FileInfo>
      <Group name='webserver'>
        <Info owner='root' group='root' mode='0652'/>
      </Group>
      <Info owner='root' group='sys' mode='0651'/>
    </FileInfo>
    

Other troubleshooting tools

  • Generate the physical configuration from the server side:

    bcfg2-info buildfile /test test.example.com
    
  • Generate the physical configuration from the client side:

    bcfg2 -vqn -c/root/bcfg2-physical.xml