Converging on Verification with RHEL 5

Running verification

To get complete verification status, run:

bcfg2 -vqned

Unmanaged entries

• Package (top-level)

1. Enable the “Packages” plugin in /etc/bcfg2.conf, and configure the Yum repositories in /var/lib/bcfg2/Packages/sources.xml.

2. If a package is unwanted, remove it:

   sudo yum remove PACKAGE

3. Otherwise, add <Package name="PACKAGE" /> to the Base or Bundler configuration.

• Package (dependency)

1. Ensure the Yum repository sources configured in /var/lib/bcfg2/Packages/sources.xml are correct.

2. Ensure the Yum repositories themselves are up-to-date with the main package and dependencies.

3. Rebuild the Packages plugin cache:

   bcfg2-admin xcmd Packages.Refresh

• Service

1. Add <Service name="SERVICE" /> to the Base or Bundler configuration.
2. Add <Service name="SERVICE" status="on" type="chkconfig" /> to /var/lib/bcfg2/Rules/services.xml.

Incorrect entries

For a “Package”

• Failed RPM verification

1. Run rpm -V PACKAGE
2. Add configuration files (the ones with “c” next to them in the verification output) to /var/lib/bcfg2/Cfg/.

• For example, /etc/motd to /var/lib/bcfg2/Cfg/etc/motd/motd. Yes, there is an extra directory level named after the file.

1. Specify configuration files as <Path name='PATH' /> in the Base or Bundler configuration.

2. Add directories to /var/lib/bcfg2/Rules/directories.xml. For example:

   <Rules priority="0">
     <Directory name="/etc/cron.hourly" group="root" owner="root" mode="0700" />
     <Directory name="/etc/cron.daily" group="root" owner="root" mode="0700" />
   </Rules>
   

• Multiple instances

• Option A: Explicitly list the instances

1. Drop the <Package /> from the Base or Bundler configuration.

2. Add an explicit <BoundPackage> and <Instance /> configuration to a new Bundle, like the following:

   <Bundle name='keys'>
     <!-- GPG keys -->
     <BoundPackage name="gpg-pubkey" type="rpm" version="foo">
       <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL" version="217521f6" release="45e8a532"/>
       <Instance simplefile="/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" version="37017186" release="45761324"/>
     </BoundPackage>
   </Bundle>
   

3. Add the bundle to the applicable groups in /var/lib/bcfg2/Metadata/groups.xml.

• Option B: Disable verification of the package

1. Add pkg_checks="false" to the <Package /> tag.

For a “Path”

• Unclear verification problem (no details from Bcfg2)

1. Run bcfg2 -vqI to see detailed verification issues (but deny any suggested actions).

• Permissions mismatch

1. Create an info.xml file in the same directory as the configuration file. Example:

   <FileInfo>
     <Group name='webserver'>
       <Info owner='root' group='root' mode='0652'/>
     </Group>
     <Info owner='root' group='sys' mode='0651'/>
   </FileInfo>
   

Other troubleshooting tools

• Generate the physical configuration from the server side:

  bcfg2-info buildfile /test test.example.com

• Generate the physical configuration from the client side:

  bcfg2 -vqn -c/root/bcfg2-physical.xml