Converging on Verification with RHEL 5

Running verification

To get complete verification status, run:

bcfg2 -vqned

Unmanaged entries

• Package (top-level)

1. Enable the “Packages” plugin in {{{/etc/bcfg2.conf}}}, and configure the Yum repositories in {{{/var/lib/bcfg2/Packages/config.xml}}}.

2. If a package is unwanted, remove it:

   sudo yum remove PACKAGE

3. Otherwise, add {{{<Package name=”PACKAGE” />}}} to the Base or Bundler configuration.

• Package (dependency)

1. Ensure the Yum repository sources configured in {{{/var/lib/bcfg2/Packages/config.xml}}} are correct.

2. Ensure the Yum repositories themselves are up-to-date with the main package and dependencies.

3. Rebuild the Packages plugin cache:

   bcfg2-admin xcmd Packages.Refresh

• Service

1. Add {{{<Service name=”SERVICE” />}}} to the Base or Bundler configuration.
2. Add {{{<Service name=”SERVICE” status=”on” type=”chkconfig” />}}} to {{{/var/lib/bcfg2/Rules/services.xml}}}.

Incorrect entries

For a “Package”

• Failed RPM verification

1. Run {{{rpm -V PACKAGE}}}
2. Add configuration files (the ones with “c” next to them in the verification output) to {{{/var/lib/bcfg2/Cfg/}}}.

• For example, {{{/etc/motd}}} to {{{/var/lib/bcfg2/Cfg/etc/motd/motd}}}. Yes, there is an extra directory level named after the file.

1. Specify configuration files as {{{<Path name=’PATH’ />}}} in the Base or Bundler configuration.

2. Add directories to {{{/var/lib/bcfg2/Rules/directories.xml}}}. For example:

   <Rules priority="0">
     <Directory name="/etc/cron.hourly" group="root" owner="root" perms="0700" />
     <Directory name="/etc/cron.daily" group="root" owner="root" perms="0700" />
   </Rules>
   

• Multiple instances

• Option A: Explicitly list the instances

1. Drop the {{{<Package />}}} from the Base or Bundler configuration.

2. Add an explicit {{{<BoundPackage>}}} and {{{<Instance />}}} configuration to a new Bundle, like the following:

   <Bundle name='keys'>
     <!-- GPG keys -->
     <BoundPackage name="gpg-pubkey" type="yum">
       <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL" version="217521f6" release="45e8a532"/>
       <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" version="37017186" release="45761324"/>
     </BoundPackage>
   </Bundle>
   

3. Add the bundle to the applicable groups in {{{/var/lib/bcfg2/Metadata/groups.xml}}}.

• Option B: Disable verification of the package

1. Add {{{pkg_checks=”false”}}} to the {{{<Package />}}} tag.

For a “Path”

• Unclear verification problem (no details from BCFG2)

1. Run {{{bcfg2 -vqI}}} to see detailed verification issues (but deny any suggested actions).

• Permissions mismatch

1. Create an {{{info.xml}}} file in the same directory as the configuration file. Example:

   <FileInfo>
     <Group name='webserver'>
       <Info owner='root' group='root' perms='0652'/>
     </Group>
     <Info owner='root' group='sys' perms='0651'/>
   </FileInfo>
   

Other troubleshooting tools

• Generate the physical configuration from the server side:

  bcfg2-info buildfile /test test.example.com

• Generate the physical configuration from the client side:

  bcfg2 -vqn -c/root/bcfg2-physical.xml