Converging on Verification with RHEL 5

Running verification

To get complete verification status, run:

bcfg2 -vqned

Unmanaged entries

  • Package (top-level)
  1. Enable the “Packages” plugin in {{{/etc/bcfg2.conf}}}, and configure the Yum repositories in {{{/var/lib/bcfg2/Packages/config.xml}}}.

  2. If a package is unwanted, remove it:

    sudo yum remove PACKAGE
  3. Otherwise, add {{{<Package name=”PACKAGE” />}}} to the Base or Bundler configuration.

  • Package (dependency)
  1. Ensure the Yum repository sources configured in {{{/var/lib/bcfg2/Packages/config.xml}}} are correct.

  2. Ensure the Yum repositories themselves are up-to-date with the main package and dependencies.

  3. Rebuild the Packages plugin cache:

    bcfg2-admin xcmd Packages.Refresh
  • Service
  1. Add {{{<Service name=”SERVICE” />}}} to the Base or Bundler configuration.
  2. Add {{{<Service name=”SERVICE” status=”on” type=”chkconfig” />}}} to {{{/var/lib/bcfg2/Rules/services.xml}}}.

Incorrect entries

For a “Package”

  • Failed RPM verification
  1. Run {{{rpm -V PACKAGE}}}
  2. Add configuration files (the ones with “c” next to them in the verification output) to {{{/var/lib/bcfg2/Cfg/}}}.
  • For example, {{{/etc/motd}}} to {{{/var/lib/bcfg2/Cfg/etc/motd/motd}}}. Yes, there is an extra directory level named after the file.
  1. Specify configuration files as {{{<Path name=’PATH’ />}}} in the Base or Bundler configuration.

  2. Add directories to {{{/var/lib/bcfg2/Rules/directories.xml}}}. For example:

    <Rules priority="0">
      <Directory name="/etc/cron.hourly" group="root" owner="root" perms="0700" />
      <Directory name="/etc/cron.daily" group="root" owner="root" perms="0700" />
  • Multiple instances
  • Option A: Explicitly list the instances
  1. Drop the {{{<Package />}}} from the Base or Bundler configuration.

  2. Add an explicit {{{<BoundPackage>}}} and {{{<Instance />}}} configuration to a new Bundle, like the following:

    <Bundle name='keys'>
      <!-- GPG keys -->
      <BoundPackage name="gpg-pubkey" type="yum">
        <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL" version="217521f6" release="45e8a532"/>
        <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" version="37017186" release="45761324"/>
  3. Add the bundle to the applicable groups in {{{/var/lib/bcfg2/Metadata/groups.xml}}}.

  • Option B: Disable verification of the package
  1. Add {{{pkg_checks=”false”}}} to the {{{<Package />}}} tag.

For a “Path”

  • Unclear verification problem (no details from BCFG2)
  1. Run {{{bcfg2 -vqI}}} to see detailed verification issues (but deny any suggested actions).
  • Permissions mismatch
  1. Create an {{{info.xml}}} file in the same directory as the configuration file. Example:

      <Group name='webserver'>
        <Info owner='root' group='root' perms='0652'/>
      <Info owner='root' group='sys' perms='0651'/>

Other troubleshooting tools

  • Generate the physical configuration from the server side:

    bcfg2-info buildfile /test
  • Generate the physical configuration from the client side:

    bcfg2 -vqn -c/root/bcfg2-physical.xml