Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
BCFG2.CONF(5)			     Bcfg2			 BCFG2.CONF(5)

NAME
       bcfg2.conf - Configuration parameters for Bcfg2

DESCRIPTION
       bcfg2.conf  includes  configuration parameters for the Bcfg2 server and
       client.

FILE FORMAT
       The file	is INI-style and consists of sections and options.  A  section
       begins  with  the name of the sections in square	brackets and continues
       until the next section begins.

       Options are specified in	the form "name=value".

       The file	is line-based each newline-terminated line represents either a
       comment,	a section name or an option.

       Any  line beginning with	a hash (#) is ignored, as are lines containing
       only whitespace.

SERVER OPTIONS
       These options are only necessary	on the Bcfg2 server. They  are	speci-
       fied in the [server] section of the configuration file.

       repository
	      Specifies	the path to the	Bcfg2 repository containing all	of the
	      configuration specifications. The	repository should  be  created
	      using the	bcfg2-admin init command.

       filemonitor
	      The  file	 monitor  used to watch	for changes in the repository.
	      The default is the best available	monitor. The following	values
	      are valid:

		 inotify
		 gamin
		 fam
		 pseudo

       fam_blocking
	      Whether  the server should block at startup until	the file moni-
	      tor backend has processed	all events. This can  cause  a	slower
	      startup,	but  ensure  that  all files are recognized before the
	      first client is handled.

       ignore_files
	      A	comma-separated	list of	globs that should be  ignored  by  the
	      file monitor. Default values are:

		 *~
		 *#
		 #*
		 *.swp
		 *.swpx
		 *.swx
		 SCCS
		 .svn
		 4913
		 .gitignore

       listen_all
	      This  setting tells the server to	listen on all available	inter-
	      faces.  The default is to	only listen on those interfaces	speci-
	      fied   by	 the  bcfg2  setting  in  the  components  section  of
	      bcfg2.conf.

       plugins
	      A	comma-delimited	list  of  enabled  server  plugins.  Currently
	      available	plugins	are:

		 Account
		 Base
		 Bundler
		 Bzr
		 Cfg
		 Cvs
		 Darcs
		 DBStats
		 Decisions
		 Deps
		 Editor
		 FileProbes
		 Fossil
		 Git
		 GroupPatterns
		 Guppy
		 Hg
		 Hostbase
		 Ldap
		 Metadata
		 NagiosGen
		 Ohai
		 Packages
		 Pkgmgr
		 POSIXCompat
		 Probes
		 Properties
		 PuppetENC
		 Reporting
		 Rules
		 SEModules
		 ServiceCompat
		 Snapshots
		 SSHbase
		 SSLCA
		 Statistics
		 Svn
		 TCheetah
		 TemplateHelper
		 TGenshi
		 Trigger

	      Descriptions  of	each  plugin  can be found in their respective
	      sections below.

       prefix Specifies	a prefix if the	Bcfg2 installation isn't placed	in the
	      default location (e.g. /usr/local).

       backend
	      Specifies	 which	server	core backend to	use. Current available
	      options are:

		 cherrypy
		 builtin
		 best

	      The default is best, which is currently an  alias	 for  builtin.
	      More  details on the backends can	be found in the	official docu-
	      mentation.

       user   The username or UID to run the daemon as.	Default	is 0.

       group  The group	name or	GID to run the daemon as. Default is 0.

       vcs_root
	      Specifies	the path to the	root of	 the  VCS  working  copy  that
	      holds  your Bcfg2	specification, if it is	different from reposi-
	      tory.  E.g., if the VCS repository does not hold the bcfg2  data
	      at the top level,	you may	need to	set this option.

       umask  The umask	to set for the server.	Default	is 0077.

SERVER PLUGINS
       This  section  has a listing of all the plugins currently provided with
       Bcfg2.

   Account Plugin
       The account plugin manages authentication data, including  the  follow-
       ing.

       o /etc/passwd

       o /etc/group

       o /etc/security/limits.conf

       o /etc/sudoers

       o /root/.ssh/authorized_keys

   Base	Plugin
       The  Base plugin	is a structure plugin that provides the	ability	to add
       lists of	unrelated entries into client configuration entry inventories.
       Base  works much	like Bundler in	its file format. This structure	plugin
       is good for the pile of independent configs needed for most actual sys-
       tems.

   Bundler Plugin
       The  Bundler  plugin is used to describe	groups of inter-dependent con-
       figuration entries, such	as the combination of packages,	 configuration
       files, and service activations that comprise typical Unix daemons. Bun-
       dles are	used to	add groups of configuration entries to	the  inventory
       of  client configurations, as opposed to	describing particular versions
       of those	entries.

   Bzr Plugin
       The Bzr plugin allows you to track changes to your Bcfg2	repository us-
       ing  a GNU Bazaar version control backend. Currently, it	enables	you to
       get revision information	out of your repository for reporting purposes.

   Cfg Plugin
       The Cfg plugin provides a repository  to	 describe  configuration  file
       contents	 for clients. In its simplest form, the	Cfg repository is just
       a directory tree	modeled	off of the directory tree on your  client  ma-
       chines.

   Cvs Plugin (experimental)
       The Cvs plugin allows you to track changes to your Bcfg2	repository us-
       ing a Concurrent	version	control	backend. Currently, it enables you  to
       get revision information	out of your repository for reporting purposes.

   Darcs Plugin	(experimental)
       The  Darcs  plugin allows you to	track changes to your Bcfg2 repository
       using a Darcs version control backend. Currently, it enables you	to get
       revision	information out	of your	repository for reporting purposes.

   DBStats Plugin
       Direct to database statistics plugin.

   Decisions Plugin
       The Decisions plugin has	support	for a centralized set of per-entry in-
       stallation decisions. This approach is needed when  particular  changes
       are  deemed  "high  risk";  this	gives the ability to centrally specify
       these changes, but only install them on clients when administrator  su-
       pervision is available.

   Defaults Plugin
       The  Defaults plugin can	be used	to populate default attributes for en-
       tries. Defaults is not a	Generator plugin, so it	does not actually bind
       an  entry; Defaults are applied after an	entry has been bound, and only
       populate	attributes that	are not	yet set.

   Deps	Plugin
       The Deps	plugin allows you to make a series of assertions like "Package
       X requires Package Y (and optionally also Package Z etc.)"

   Editor Plugin
       The  Editor plugin attempts to allow you	to partially manage configura-
       tion for	a file.	Its use	is not recommended and not well	documented.

   FileProbes Plugin
       The FileProbes plugin allows you	to probe a client for a	file, which is
       then added to the Cfg specification. If the file	changes	on the client,
       FileProbes can either update it in the specification or	allow  Cfg  to
       replace it.

   Fossil Plugin
       The  Fossil plugin allows you to	track changes to your Bcfg2 repository
       using a Fossil SCM version control backend. Currently, it  enables  you
       to  get	revision information out of your repository for	reporting pur-
       poses.

   Git Plugin
       The Git plugin allows you to track changes to your Bcfg2	repository us-
       ing a Git version control backend. Currently, it	enables	you to get re-
       vision information out of your repository for reporting purposes.

   GroupPatterns Plugin
       The GroupPatterns plugin	is a connector that can	assign	clients	 group
       membership based	on patterns in client hostnames.

   Guppy Plugin
       The  Guppy plugin is used to trace memory leaks within the bcfg2-server
       process using Guppy.

   Hg Plugin (experimental)
       The Hg plugin allows you	to track changes to your Bcfg2 repository  us-
       ing  a  Mercurial version control backend. Currently, it	enables	you to
       get revision information	out of your repository for reporting purposes.

   Hostbase Plugin
       The Hostbase plugin is an IP management system built on top of Bcfg2.

   Ldap	Plugin
       The Ldap	plugin makes it	possible to fetch data from an LDAP directory,
       process it and attach it	to your	metadata.

   Metadata Plugin
       The  Metadata  plugin  is the primary method of specifying Bcfg2	server
       metadata.

   NagiosGen Plugin
       The NagiosGen plugin dynamically	generates Nagios  configuration	 files
       based on	Bcfg2 data.

   Ohai	Plugin (experimental)
       The  Ohai plugin	is used	to detect information about the	client operat-
       ing system. The data is reported	back to	the server using JSON.

   Packages Plugin
       The Packages plugin is an alternative to	Pkgmgr for specifying  package
       entries	for  clients.  Where Pkgmgr explicitly specifies package entry
       information, Packages delegates control of package version  information
       to the underlying package manager, installing the latest	version	avail-
       able from through those channels.

   Pkgmgr Plugin
       The Pkgmgr plugin resolves the Abstract Configuration Entity  "Package"
       to  a  package  specification that the client can use to	detect,	verify
       and install the specified package.

   POSIXCompat Plugin
       The POSIXCompat plugin provides a compatibility layer for 1.3 POSIX En-
       tries so	that they are compatible with older clients.

   Probes Plugin
       The  Probes  plugin  gives you the ability to gather information	from a
       client machine before you generate its configuration. This  information
       can  be used with the various templating	systems	to generate configura-
       tion based on the results.

   Properties Plugin
       The Properties plugin is	a connector plugin that	adds information  from
       properties files	into client metadata instances.

   PuppetENC Plugin
       The PuppetENC plugin is a connector plugin that adds support for	Puppet
       External	Node Classifiers.

   Reporting Plugin
       The Reporting plugin enables  the  collection  of  data	for  use  with
       Bcfg2's dynamic reporting system.

   Rules Plugin
       The  Rules  plugin  provides literal configuration entries that resolve
       the abstract configuration entries normally found in  the  Bundler  and
       Base plugins. The literal entries in Rules are suitable for consumption
       by the appropriate client drivers.

   SEModules Plugin
       The SEModules plugin provides a way to distribute SELinux  modules  via
       Bcfg2.

   ServiceCompat Plugin
       The ServiceCompat plugin	converts service entries for older clients.

   Snapshots Plugin
       The  Snapshots  plugin  stores various aspects of a clientas state when
       the client checks in to the server.

   SSHbase Plugin
       The SSHbase generator plugin manages ssh	host keys (both	v1 and v2) for
       hosts.  It also manages the ssh_known_hosts file. It can	integrate host
       keys from other management domains and similarly	export its keys.

   SSLCA Plugin
       The SSLCA plugin	is designed to handle creation of SSL privatekeys  and
       certificates on request.

   Statistics
       The Statistics plugin is	deprecated (see	Reporting).

   Svn Plugin
       The Svn plugin allows you to track changes to your Bcfg2	repository us-
       ing a Subversion	backend. Currently, it enables you to get revision in-
       formation out of	your repository	for reporting purposes.

   TCheetah Plugin
       The  TCheetah plugin allows you to use the cheetah templating system to
       create files. It	also allows you	to include the results of probes  exe-
       cuted on	the client in the created files.

   TGenshi Plugin
       The  TGenshi  plugin  allows you	to use the Genshi templating system to
       create files. It	also allows you	to include the results of probes  exe-
       cuted on	the client in the created files.

   Trigger Plugin
       The  Trigger plugin provides a method for calling external scripts when
       clients are configured.

CACHING	OPTIONS
       These options are specified in the [caching] section.

	  client_metadata
		 The following four caching modes  are	available  for	client
		 metadata:

		 o off:	 No  caching  of client	metadata objects is performed.
		   This	is the default.

		 o initial: Only initial metadata objects are cached.  Initial
		   metadata  objects  are  created  only  from the data	in the
		   Metadata plugin, before additional groups from other	 plug-
		   ins are merged in.

		 o cautious:  Final  metadata  objects	are  cached,  but each
		   clientas cache is cleared at	the start of each client  run,
		   immediately	after  probe  data  is received. Cache is also
		   cleared as in aggressive mode. on is	 a  synonym  for  cau-
		   tious.

		 o aggressive:	Final metadata objects are cached. Each	plugin
		   is responsible for clearing cache when appropriate.

CLIENT OPTIONS
       These options only affect client	functionality. They can	 be  specified
       in the [client] section.

	  decision
		 Specify  the  server  decision	list mode (whitelist or	black-
		 list).	 (This settiing	will  be  ignored  if  the  client  is
		 called	with the -f option).

	  drivers
		 Specify  tool	driver	set to use. This option	can be used to
		 explicitly specify the	client tool drivers you	 want  to  use
		 when the client is run.

	  paranoid
		 Run the client	in paranoid mode.

	  profile
		 Assert	the given profile for the host.

COMMUNICATION OPTIONS
       Specified in the	[communication]	section. These options define settings
       used for	client-server communication.

	  ca	 The path to a file containing the CA certificate.  This  file
		 is  required on the server, and optional on clients. However,
		 if the	cacert is not present on clients, the server cannot be
		 verified.

	  certificate
		 The  path  to	a  file	containing a PEM formatted certificate
		 which signs the key with the ca certificate. This setting  is
		 required  on the server in all	cases, and required on clients
		 if using client certificates.

	  key	 Specifies the path to a file containing the SSL Key. This  is
		 required  on the server in all	cases, and required on clients
		 if using client certificates.

	  password
		 Required on both the server and clients. On the server,  sets
		 the password clients need to use to communicate. On a client,
		 sets the password to use to connect to	the server.

	  protocol
		 Communication protocol	to use.	Defaults to xmlrpc/ssl.

	  retries
		 A client-only option. Number of times to retry	network	commu-
		 nication. Default is 3	retries.

	  retry_delay
		 A  client-only	 option.  Number of seconds to wait in between
		 retrying network communication. Default is 1 second.

	  serverCommonNames
		 A client-only option. A colon-separated list of Common	 Names
		 the  client  will  accept in the SSL certificate presented by
		 the server.

	  timeout
		 A client-only option. The network communication timeout.

	  user	 A client-only option. The UUID	of the client.

COMPONENT OPTIONS
       Specified in the	[components] section.

	  bcfg2	 URL of	the server. On the server this specifies which	inter-
		 face  and  port  the  server  listens on. On the client, this
		 specifies where  the  client  will  attempt  to  contact  the
		 server.

		 e.g. bcfg2 = https://10.3.1.6:6789

	  encoding
		 Text encoding of configuration	files. Defaults	to UTF-8.

	  lockfile
		 The  path  to	the  client lock file, which is	used to	ensure
		 that only one Bcfg2 client runs at a time on a	single client.

LOGGING	OPTIONS
       Specified in the	[logging] section. These options  control  the	server
       logging functionality.

	  debug	 Whether  or  not to enable debug-level	log output. Default is
		 false.

	  path	 Server	log file path.

	  syslog Whether or not	to send	logging	data  to  syslog.  Default  is
		 true.

	  verbose
		 Whether  or  not  to  enable  verbose	log output. Default is
		 false.

MDATA OPTIONS
       Specified in the	[mdata]	section.  These	 options  affect  the  default
       metadata	settings for Paths with	type='file'.

	  owner	 Global	owner for Paths	(defaults to root)

	  group	 Global	group for Paths	(defaults to root)

	  mode	 Global	permissions for	Paths (defaults	to 644)

	  secontext
		 Global	 SELinux  context  for Path entries (defaults to __de-
		 fault__, which	restores the expected context)

	  paranoid
		 Global	paranoid settings for Paths (defaults to false)

	  sensitive
		 Global	sensitive settings for Paths (defaults to false)

	  important
		 Global	important settings for Paths. Defaults to false.

PACKAGES OPTIONS
       The following options are specified in the [packages] section.

	  resolver
		 Enable	dependency resolution. Default is 1 (true).

	  metadata
		 Enable	metadata processing. Default is	1 (true). If  metadata
		 is disabled, itas implied that	resolver is also disabled.

	  yum_config
		 The path at which to generate Yum configs. No default.

	  apt_config
		 The path at which to generate APT configs. No default.

	  gpg_keypath
		 The  path on the client where RPM GPG keys will be copied be-
		 fore  they  are  imported   on	  the	client.	  Default   is
		 /etc/pki/rpm-gpg.

	  version
		 Set the version attribute used	when binding Packages. Default
		 is auto.

       The following options are specified in the [packages:yum] section.

	  use_yum_libraries
		 By default, Bcfg2 uses	an internal  implementation  of	 Yumas
		 dependency  resolution	 and  other routines so	that the Bcfg2
		 server	can be run on a	host that does not support Yum itself.
		 If  you  run the Bcfg2	server on a machine that does have Yum
		 libraries, however, you can enable use	of  those  native  li-
		 braries in Bcfg2 by setting this to 1.

	  helper Path  to  bcfg2-yum-helper.  By default, Bcfg2	looks first in
		 $PATH and then	in /usr/sbin/bcfg2-yum-helper for the helper.

       The following options are specified in the [packages:pulp] section.

	  username
		 The username of a Pulp	user that will be used to register new
		 clients and bind them to repositories.

	  password
		 The password of a Pulp	user that will be used to register new
		 clients and bind them to repositories.

       All other options in the	[packages:yum] section will  be	 passed	 along
       verbatim	 to  the Yum configuration if you are using the	native Yum li-
       brary support.

PARANOID OPTIONS
       These options allow for finer-grained control of	the paranoid  mode  on
       the  Bcfg2  client. They	are specified in the [paranoid]	section	of the
       configuration file.

	  path	 Custom	path for backups created in paranoid mode. The default
		 is in /var/cache/bcfg2.

	  max_copies
		 Specify  a  maximum  number  of copies	for the	server to keep
		 when running in paranoid mode.	Only the most recent  versions
		 of these copies will be kept.

SNAPSHOTS OPTIONS
       Specified  in the [snapshots] section. These options control the	server
       snapshots functionality.

	  driver sqlite

	  database
		 The name of the database to use for statistics	data.

		 e.g.: $REPOSITORY_DIR/etc/bcfg2.sqlite

SSLCA OPTIONS
       These options are necessary to configure	the SSLCA plugin  and  can  be
       found in	the [sslca_default] section of the configuration file.

	  config Specifies  the	location of the	openssl	configuration file for
		 your CA.

	  passphrase
		 Specifies the passphrase for the CAas private key (if	neces-
		 sary).	 If  no	passphrase exists, it is assumed that the pri-
		 vate key is stored unencrypted.

	  chaincert
		 Specifies the location	of your	ssl chaining certificate. This
		 is  used when pre-existing certifcate hostfiles are found, so
		 that they can be validated and	only regenerated  if  they  no
		 longer	meet the specification.	If youare using	a self signing
		 CA this would be the CA cert that you generated.

DATABASE OPTIONS
       Server-only, specified in the [database]	section. These options control
       the database connection of the server.

	  engine The database engine used by the statistics module. One	of the
		 following:

		     postgresql
		     mysql
		     sqlite3
		     ado_mssql

	  name	 The name of the database  to  use  for	 statistics  data.  If
		 'database_engine'  is set to 'sqlite3'	this is	a file path to
		 the	sqlite	  file	  and	  defaults     to     $REPOSI-
		 TORY_DIR/etc/brpt.sqlite.

	  user	 User for database connections.	Not used for sqlite3.

	  password
		 Password for database connections. Not	used for sqlite3.

	  host	 Host for database connections.	Not used for sqlite3.

	  port	 Port for database connections.	Not used for sqlite3.

	  options
		 Various options for the database connection. The value	is ex-
		 pected	as multiple key=value pairs,  separated	 with  commas.
		 The concrete value depends on the database engine.

REPORTING OPTIONS
	  config Specifies  the	 location  of the reporting configuration (de-
		 fault is /etc/bcfg2-web.conf.

	  time_zone
		 Specifies a time zone other than that	used  on  the  system.
		 (Note	that  this will	cause the Bcfg2	server to log messages
		 in this time zone as well).

	  web_debug
		 Turn on Django	debugging.

SEE ALSO
       bcfg2(1), bcfg2-server(8)

1.3				 July 19, 2013			 BCFG2.CONF(5)

NAME | DESCRIPTION | FILE FORMAT | SERVER OPTIONS | SERVER PLUGINS | CACHING OPTIONS | CLIENT OPTIONS | COMMUNICATION OPTIONS | COMPONENT OPTIONS | LOGGING OPTIONS | MDATA OPTIONS | PACKAGES OPTIONS | PARANOID OPTIONS | SNAPSHOTS OPTIONS | SSLCA OPTIONS | DATABASE OPTIONS | REPORTING OPTIONS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=bcfg2.conf&sektion=5&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help