sampledoc

Ubuntu

Note

This particular how to was done on saucy, but should apply to any other stable version of Ubuntu.

Install Bcfg2

We first need to install the server. For this example, we will use the bcfg2 server package from the bcfg2 PPA (note that there is also a version available in the ubuntu archives, but it is not as up to date).

Install bcfg2-server

aptitude install bcfg2-server

Remove the default configuration preseeded by the ubuntu package:

root@saucy:~# rm -rf /etc/bcfg2* /etc/ssl/bcfg2* /var/lib/bcfg2

Initialize your repository

Now that you’re done with the install, you need to intialize your repository and setup your bcfg2.conf. bcfg2-admin init is a tool which allows you to automate this process.:

root@saucy:~# bcfg2-admin init
Store Bcfg2 configuration in [/etc/bcfg2.conf]:
Location of Bcfg2 repository [/var/lib/bcfg2]:
Input password used for communication verification (without echoing; leave blank for a random):
What is the server's hostname: [saucy]
Input the server location (the server listens on a single interface by default) [https://saucy:6789]:
Input base Operating System for clients:
1: Redhat/Fedora/RHEL/RHAS/CentOS
2: SUSE/SLES
3: Mandrake
4: Debian
5: Ubuntu
6: Gentoo
7: FreeBSD
8: Arch
: 5
Path where Bcfg2 server private key will be created [/etc/ssl/bcfg2.key]:
Path where Bcfg2 server cert will be created [/etc/ssl/bcfg2.crt]:
The following questions affect SSL certificate generation.
If no data is provided, the default values are used.
Country name (2 letter code) for certificate: US
State or Province Name (full name) for certificate: Illinois
Locality Name (eg, city) for certificate: Argonne
Repository created successfuly in /var/lib/bcfg2
Generating a 2048 bit RSA private key
....................................................................................................................+++
..............................+++
writing new private key to '/etc/ssl/bcfg2.key'
-----
Signature ok
subject=/C=US/ST=Illinois/L=Argonne/CN=saucy
Getting Private key

Of course, change responses as necessary.

Start the server

Before you start the server, you need to fix your network resolution for this host. The short and easy way is to remove the 127.0.1.1 line in /etc/hosts and move your hostname to the 127.0.0.1 line.

127.0.0.1   saucy localhost

# The following lines are desirable for IPv6 capable hosts
...

Note

This configuration is not recommended except as a quick hack to get you through this guide. Ideally you’d add a line containing the host’s actual IP address. More information on why this is broken can be found in the Debian Manual.

You are now ready to start your bcfg2 server for the first time.:

root@saucy:~# /etc/init.d/bcfg2-server start
Starting Configuration Management Server:  * bcfg2-server
root@saucy:~# tail /var/log/syslog
Jul 18 17:50:48 saucy bcfg2-server[5872]: Reconnected to syslog
Jul 18 17:50:48 saucy bcfg2-server[5872]: bcfg2-server daemonized
Jul 18 17:50:48 saucy bcfg2-server[5872]: service available at https://saucy:6789
Jul 18 17:50:48 saucy bcfg2-server[5872]: serving bcfg2-server at https://saucy:6789
Jul 18 17:50:48 saucy bcfg2-server[5872]: serve_forever() [start]
Jul 18 17:50:48 saucy bcfg2-server[5872]: Handled 13 events in 0.006s

Run bcfg2 to be sure you are able to communicate with the server:

root@saucy:~# bcfg2 -vqn
Starting Bcfg2 client run at 1374188552.53
Loaded tool drivers:
 APT         Action      DebInit     POSIX       POSIXUsers  Upstart     VCS
Loaded experimental tool drivers:
 POSIXUsers
Phase: initial
Correct entries:        0
Incorrect entries:      0
Total managed entries:  0
Unmanaged entries:      590
Phase: final
Correct entries:        0
Incorrect entries:      0
Total managed entries:  0
Unmanaged entries:      590
Finished Bcfg2 client run at 1374188563.26

Bring your first machine under Bcfg2 control

Now it is time to get your first machine’s configuration into your Bcfg2 repository. Let’s start with the server itself.

Setup the Packages plugin

Replace Pkgmgr with Packages in the plugins line of bcfg2.conf:

root@saucy:~# cat /etc/bcfg2.conf
[server]
repository = /var/lib/bcfg2
plugins = Bundler,Cfg,Metadata,Packages,Rules,SSHbase
# Uncomment the following to listen on all interfaces
#listen_all = true

[statistics]
sendmailpath = /usr/lib/sendmail
#web_debug = False
#time_zone =

[database]
#engine = sqlite3
# 'postgresql', 'mysql', 'mysql_old', 'sqlite3' or 'ado_mssql'.
#name =
# Or path to database file if using sqlite3.
#<repository>/bcfg2.sqlite is default path if left empty
#user =
# Not used with sqlite3.
#password =
# Not used with sqlite3.
#host =
# Not used with sqlite3.
#port =

[reporting]
transport = LocalFilesystem

[communication]
password = secret
certificate = /etc/ssl/bcfg2.crt
key = /etc/ssl/bcfg2.key
ca = /etc/ssl/bcfg2.crt

[components]
bcfg2 = https://saucy:6789

Create Packages layout (as per Example usage) in /var/lib/bcfg2

root@saucy:~# mkdir /var/lib/bcfg2/Packages
root@saucy:~# cat /var/lib/bcfg2/Packages/packages.conf
[global]
root@saucy:~# cat /var/lib/bcfg2/Packages/sources.xml
<Sources>
  <Group name="ubuntu-saucy">
    <Source type="apt" debsrc="true" recommended="true" url="http://archive.ubuntu.com/ubuntu" version="saucy">
      <Component>main</Component>
      <Component>multiverse</Component>
      <Component>restricted</Component>
      <Component>universe</Component>
      <Arch>amd64</Arch>
      <Blacklist>bcfg2</Blacklist>
      <Blacklist>bcfg2-server</Blacklist>
    </Source>
    <Source type="apt" debsrc="true" recommended="true" url="http://archive.ubuntu.com/ubuntu" version="saucy-updates">
      <Component>main</Component>
      <Component>multiverse</Component>
      <Component>restricted</Component>
      <Component>universe</Component>
      <Arch>amd64</Arch>
      <Blacklist>bcfg2</Blacklist>
      <Blacklist>bcfg2-server</Blacklist>
    </Source>
    <Source type="apt" debsrc="true" recommended="true" url="http://security.ubuntu.com/ubuntu" version="saucy-security">
      <Component>main</Component>
      <Component>multiverse</Component>
      <Component>restricted</Component>
      <Component>universe</Component>
      <Arch>amd64</Arch>
      <Blacklist>bcfg2</Blacklist>
      <Blacklist>bcfg2-server</Blacklist>
    </Source>
    <Source type="apt" debsrc="true" recommended="true" url="http://ppa.launchpad.net/bcfg2/ppa/ubuntu" version="saucy">
      <Component>main</Component>
      <Arch>amd64</Arch>
    </Source>
  </Group>
</Sources>

Above, we have grouped our package sources under ubuntu-saucy. We need to add this group to our /var/lib/bcfg2/Metadata/groups.xml so that our client is able to obtain these sources.

<Groups version='3.0'>
   <Group profile='true' public='true' default='true' name='basic'>
      <Group name='ubuntu-saucy'/>
   </Group>
   <Group name='ubuntu-saucy'>
      <Group name='ubuntu'/>
   </Group>
   <Group name='ubuntu'/>
   <Group name='debian'/>
   <Group name='freebsd'/>
   <Group name='gentoo'/>
   <Group name='redhat'/>
   <Group name='suse'/>
   <Group name='mandrake'/>
   <Group name='solaris'/>
</Groups>

Note

When editing your xml files by hand, it is useful to occasionally run bcfg2-lint -v to ensure that your xml validates properly.

The last thing we need is for the client to have the proper arch group membership. For this, we will make use of the Dynamic Group Assignment capabilities of the Probes plugin. Add Probes to your plugins line in bcfg2.conf and create the Probe.

root@saucy:~# grep plugins /etc/bcfg2.conf
plugins = Bundler,Cfg,Metadata,...,Probes
root@saucy:~# mkdir /var/lib/bcfg2/Probes
root@saucy:~# cat /var/lib/bcfg2/Probes/groups
#!/bin/sh

ARCH=$(uname -m)
case "$ARCH" in
    "x86_64")
        echo "group:amd64"
    ;;
    "i686")
        echo "group:i386"
    ;;
esac

Now we restart the bcfg2-server:

root@saucy:~# /etc/init.d/bcfg2-server restart
Stopping Configuration Management Server:  * bcfg2-server
Starting Configuration Management Server:  * bcfg2-server
root@saucy:~# tail /var/log/syslog
Jul 18 18:43:22 saucy bcfg2-server[6215]: Reconnected to syslog
Jul 18 18:43:22 saucy bcfg2-server[6215]: bcfg2-server daemonized
Jul 18 18:43:22 saucy bcfg2-server[6215]: service available at https://saucy:6789
Jul 18 18:43:22 saucy bcfg2-server[6215]: Failed to read file probed.xml: Error reading file '/var/lib/bcfg2/Probes/probed.xml': failed to load external entity "/var/lib/bcfg2/Probes/probed.xml"
Jul 18 18:43:22 saucy bcfg2-server[6215]: serving bcfg2-server at https://saucy:6789
Jul 18 18:43:22 saucy bcfg2-server[6215]: serve_forever() [start]
Jul 18 18:43:22 saucy bcfg2-server[6215]: Reloading Packages plugin
Jul 18 18:43:22 saucy bcfg2-server[6215]: Handled 15 events in 0.205s

Note

The error regarding probed.xml is non-fatal and just telling you that the file doesn’t yet exist. It will be populated once you have run a client with the Probes plugin enabled.

Start managing packages

Add a base-saucy (or whatever release you happen to be using) bundle. Let’s see what happens when we just populate it with the ubuntu-standard package.

root@saucy:~# cat /var/lib/bcfg2/Bundler/base-saucy.xml
<Bundle name='base-saucy'>
        <Package name='ubuntu-standard'/>
</Bundle>

You need to reference the bundle from your Metadata. The resulting profile group might look something like this

<Group profile='true' public='true' default='true' name='basic'>
   <Bundle name='base-saucy'/>
   <Group name='ubuntu-saucy'/>
</Group>

Now if we run the client in debug mode (-d), we can see what this has done for us.:

root@saucy:/var/lib/bcfg2# bcfg2 -vqdn
Configured logging: DEBUG to console; DEBUG to syslog
{'help': False, 'extra': False, 'ppath': '/var/cache/bcfg2', 'ca': '/etc/ssl/bcfg2.crt', 'rpm_version_fail_action': 'upgrade', 'yum_version_fail_action': 'upgrade', 'retry_delay': '1', 'posix_uid_whitelist': [], 'rpm_erase_flags': ['allmatches'], 'verbose': True, 'certificate': '/etc/ssl/bcfg2.crt', 'paranoid': False, 'rpm_installonly': ['kernel', 'kernel-bigmem', 'kernel-enterprise', 'kernel-smp', 'kernel-modules', 'kernel-debug', 'kernel-unsupported', 'kernel-devel', 'kernel-source', 'kernel-default', 'kernel-largesmp-devel', 'kernel-largesmp', 'kernel-xen', 'gpg-pubkey'], 'cache': None, 'yum24_autodep': True, 'yum_pkg_verify': True, 'probe_timeout': None, 'yum_installed_action': 'install', 'rpm_verify_fail_action': 'reinstall', 'dryrun': True, 'retries': '3', 'apt_install_path': '/usr', 'quick': True, 'password': 'secret', 'yum24_installed_action': 'install', 'kevlar': False, 'max_copies': 1, 'syslog': True, 'decision_list': False, 'configfile': '/etc/bcfg2.conf', 'remove': None, 'server': 'https://saucy:6789', 'encoding': 'UTF-8', 'timeout': 90, 'debug': True, 'yum24_installonly': ['kernel', 'kernel-bigmem', 'kernel-enterprise', 'kernel-smp', 'kernel-modules', 'kernel-debug', 'kernel-unsupported', 'kernel-devel', 'kernel-source', 'kernel-default', 'kernel-largesmp-devel', 'kernel-largesmp', 'kernel-xen', 'gpg-pubkey'], 'yum24_erase_flags': ['allmatches'], 'yum24_pkg_checks': True, 'interactive': False, 'apt_etc_path': '/etc', 'rpm_installed_action': 'install', 'yum24_verify_fail_action': 'reinstall', 'omit_lock_check': False, 'yum24_pkg_verify': True, 'serverCN': None, 'file': None, 'apt_var_path': '/var', 'posix_gid_whitelist': [], 'posix_gid_blacklist': [], 'indep': False, 'decision': 'none', 'service_mode': 'default', 'version': False, 'rpm_pkg_checks': True, 'profile': None, 'yum_pkg_checks': True, 'args': [], 'bundle': [], 'posix_uid_blacklist': [], 'user': 'root', 'key': '/etc/ssl/bcfg2.key', 'command_timeout': None, 'probe_exit': True, 'lockfile': '/var/lock/bcfg2.run', 'yum_verify_fail_action': 'reinstall', 'yum24_version_fail_action': 'upgrade', 'yum_verify_flags': [], 'logging': None, 'rpm_pkg_verify': True, 'bundle_quick': False, 'rpm_verify_flags': [], 'yum24_verify_flags': [], 'skipindep': False, 'skipbundle': [], 'portage_binpkgonly': False, 'drivers': ['APK', 'APT', 'Action', 'Blast', 'Chkconfig', 'DebInit', 'Encap', 'FreeBSDInit', 'FreeBSDPackage', 'IPS', 'MacPorts', 'OpenCSW', 'POSIX', 'POSIXUsers', 'Pacman', 'Portage', 'RPM', 'RPMng', 'RcUpdate', 'SELinux', 'SMF', 'SYSV', 'Systemd', 'Upstart', 'VCS', 'YUM', 'YUM24', 'YUMng', 'launchd']}
Starting Bcfg2 client run at 1374191628.88
Running probe groups
Running: /tmp/tmpEtgdwo
< group:amd64
Probe groups has result:
group:amd64

POSIX: Handlers loaded: nonexistent, directory, hardlink, symlink, file, device, permissions
Loaded tool drivers:
 APT         Action      DebInit     POSIX       POSIXUsers  Upstart     VCS
Loaded experimental tool drivers:
 POSIXUsers
The following packages are specified in bcfg2:
 ubuntu-standard
The following packages are prereqs added by Packages:
 accountsservice               libdrm2                       libusb-1.0-0
 adduser                       libedit2                      libustr-1.0-1
 apparmor                      libelf1                       libuuid1
 apt                           libexpat1                     libwind0-heimdal
 apt-transport-https           libffi6                       libx11-6
 apt-utils                     libfribidi0                   libx11-data
 base-files                    libfuse2                      libxau6
 base-passwd                   libgcc1                       libxcb1
 bash                          libgck-1-0                    libxdmcp6
 bash-completion               libgcr-3-common               libxext6
 bsdmainutils                  libgcr-base-3-1               libxml2
 bsdutils                      libgcrypt11                   libxmuu1
 busybox-initramfs             libgdbm3                      libxtables10
 busybox-static                libgeoip1                     locales
 ca-certificates               libglib2.0-0                  login
 command-not-found             libglib2.0-data               logrotate
 command-not-found-data        libgnutls26                   lsb-base
 coreutils                     libgpg-error0                 lsb-release
 cpio                          libgpm2                       lshw
 cron                          libgssapi-krb5-2              lsof
 dash                          libgssapi3-heimdal            ltrace
 dbus                          libhcrypto4-heimdal           makedev
 debconf                       libheimbase1-heimdal          man-db
 debconf-i18n                  libheimntlm0-heimdal          manpages
 debianutils                   libhx509-5-heimdal            memtest86+
 diffutils                     libidn11                      mime-support
 dmidecode                     libisc92                      mlocate
 dmsetup                       libisccc90                    module-init-tools
 dnsutils                      libisccfg90                   mount
 dosfstools                    libjson-c2                    mountall
 dpkg                          libjson0                      mtr-tiny
 e2fslibs                      libk5crypto3                  multiarch-support
 e2fsprogs                     libkeyutils1                  nano
 ed                            libklibc                      ncurses-base
 file                          libkmod2                      ncurses-bin
 findutils                     libkrb5-26-heimdal            netbase
 friendly-recovery             libkrb5-3                     ntfs-3g
 ftp                           libkrb5support0               openssh-client
 fuse                          libldap-2.4-2                 openssl
 gcc-4.8-base                  liblocale-gettext-perl        parted
 geoip-database                liblwres90                    passwd
 gettext-base                  liblzma5                      pciutils
 gnupg                         libmagic1                     perl-base
 gpgv                          libmount1                     plymouth
 grep                          libncurses5                   plymouth-theme-ubuntu-text
 groff-base                    libncursesw5                  popularity-contest
 gzip                          libnewt0.52                   powermgmt-base
 hdparm                        libnfnetlink0                 ppp
 hostname                      libnih-dbus1                  pppconfig
 ifupdown                      libnih1                       pppoeconf
 info                          libnuma1                      procps
 initramfs-tools               libp11-kit0                   psmisc
 initramfs-tools-bin           libpam-modules                python-apt-common
 initscripts                   libpam-modules-bin            python3
 insserv                       libpam-runtime                python3-apt
 install-info                  libpam-systemd                python3-commandnotfound
 iproute                       libpam0g                      python3-dbus
 iproute2                      libparted0debian1             python3-distupgrade
 iptables                      libpcap0.8                    python3-gdbm
 iputils-tracepath             libpci3                       python3-minimal
 irqbalance                    libpcre3                      python3-update-manager
 iso-codes                     libpipeline1                  python3.3
 klibc-utils                   libplymouth2                  python3.3-minimal
 kmod                          libpng12-0                    readline-common
 krb5-locales                  libpolkit-gobject-1-0         rsync
 language-selector-common      libpopt0                      sed
 libaccountsservice0           libprocps0                    sensible-utils
 libacl1                       libpython3-stdlib             sgml-base
 libapparmor-perl              libpython3.3-minimal          shared-mime-info
 libapparmor1                  libpython3.3-stdlib           strace
 libapt-inst1.5                libreadline6                  systemd-services
 libapt-pkg4.12                libroken18-heimdal            sysv-rc
 libasn1-8-heimdal             librtmp0                      sysvinit-utils
 libasprintf0c2                libsasl2-2                    tar
 libatm1                       libsasl2-modules              tcpdump
 libattr1                      libselinux1                   telnet
 libaudit-common               libsemanage-common            time
 libaudit1                     libsemanage1                  tzdata
 libbind9-90                   libsepol1                     ubuntu-keyring
 libblkid1                     libslang2                     ubuntu-release-upgrader-core
 libbsd0                       libsqlite3-0                  ucf
 libbz2-1.0                    libss2                        udev
 libc-bin                      libssl1.0.0                   ufw
 libc6                         libstdc++6                    update-manager-core
 libcap-ng0                    libsystemd-daemon0            upstart
 libcap2                       libsystemd-login0             usbutils
 libcomerr2                    libtasn1-3                    util-linux
 libcurl3-gnutls               libtext-charwidth-perl        uuid-runtime
 libdb5.1                      libtext-iconv-perl            wget
 libdbus-1-3                   libtext-wrapi18n-perl         whiptail
 libdbus-glib-1-2              libtinfo5                     xauth
 libdevmapper1.02.1            libudev1                      xml-core
 libdns95                      libusb-0.1-4                  zlib1g
Phase: initial
Correct entries:        280
Incorrect entries:      0
Total managed entries:  280
Unmanaged entries:      313
Installing entries in the following bundle(s):
  base-saucy
Bundle base-saucy was not modified
Phase: final
Correct entries:        280
Incorrect entries:      0
Total managed entries:  280
Unmanaged entries:      313
Finished Bcfg2 client run at 1374191642.69

As you can see, the Packages plugin has generated the dependencies required for the ubuntu-standard package for us automatically. The ultimate goal should be to move all the packages from the Unmanaged entries section to the Managed entries section. So, what exactly are those Unmanaged entries?

Starting Bcfg2 client run at 1374192077.76
Running probe groups
Probe groups has result:
group:amd64

Loaded tool drivers:
 APT         Action      DebInit     POSIX       POSIXUsers  Upstart     VCS
Loaded experimental tool drivers:
 POSIXUsers
Phase: initial
Correct entries:        280
Incorrect entries:      0
Total managed entries:  280
Unmanaged entries:      313
Phase: final
Correct entries:        280
Incorrect entries:      0
Total managed entries:  280
Unmanaged entries:      313
POSIXGroup:adm
POSIXGroup:audio
POSIXGroup:backup
...
Package:deb:apt-xapian-index
Package:deb:aptitude
Package:deb:aptitude-common
...

Now you can go through these and continue adding the packages you want to your Bundle. Note that aptitude why is useful when trying to figure out the reason for a package being installed. Also, deborphan is helpful for removing leftover dependencies which are no longer needed. After a while, I ended up with a minimal bundle that looks like this:

<Bundle>
        <!-- packages -->
        <Package name='bcfg2-server'/>
                <!-- or dependencies -->
                <Package name='python-pyinotify'/>
                <Package name='ttf-dejavu-core'/>
        <Package name='bind9-host'/>
        <Package name='crda'/>
        <Package name='deborphan'/>
        <Package name='grub-pc'/>
        <Package name='language-pack-en'/>
        <Package name='linux-generic'/>
        <Package name='linux-headers-generic'/>
        <Package name='systemd-shim'/>
        <Package name='tasksel'/>
        <Package name='ubuntu-minimal'/>
        <Package name='ubuntu-standard'/>
                <!-- or dependencies -->
                <Package name='python3-gi'/>
                <Package name='wamerican'/>
                <Package name='wbritish'/>
        <Package name='vim'/>
</Bundle>

Once your bcfg2 -vqen output no longer shows Package entries, you can move on to the next section.

Manage users

The default setting in login.defs is for system accounts to be UIDs < 1000. We will ignore those accounts for now (you can manage them if you like at a later time).

To ignore system UID/GIDs, add the following lines to bcfg2.conf (we will also ignore the nobody uid and nogroup gid–65534).

[POSIXUsers]
uid_blacklist = 0-999,65534
gid_blacklist = 0-999,65534

If you run the client again with bcfg2 -vqen, you should now see a POSIXUser entry and POSIXGroup entry for your user account (assuming this is a fresh install with a regular user).

You can manage this user by adding the following to your bundle.

<BoundPOSIXUser name='username' uid='1000' gecos="Your Name">
    <MemberOf>adm</MemberOf>
    <MemberOf>cdrom</MemberOf>
    <MemberOf>dip</MemberOf>
    <MemberOf>lpadmin</MemberOf>
    <MemberOf>plugdev</MemberOf>
    <MemberOf>sambashare</MemberOf>
    <MemberOf>sudo</MemberOf>
</BoundPOSIXUser>

Manage services

To clear up the unmanaged service entries, you will need to add the entries to your bundle. Here’s an example of what that might look like.

<!-- services -->
<Service name='bcfg2'/>
<Service name='bcfg2-report-collector'/>
<Service name='bcfg2-server'/>
<Service name='bootmisc.sh'/>
<Service name='checkfs.sh'/>
<Service name='checkroot-bootclean.sh'/>
<Service name='checkroot.sh'/>
<Service name='console'/>
<Service name='console-font'/>
<Service name='console-setup'/>
<Service name='container-detect'/>
<Service name='control-alt-delete'/>
<Service name='cron'/>
<Service name='dbus'/>
<Service name='dmesg'/>
<Service name='dns-clean'/>
<Service name='failsafe'/>
<Service name='flush-early-job-log'/>
<Service name='friendly-recovery'/>
<Service name='grub-common'/>
<Service name='hostname'/>
<Service name='hwclock'/>
<Service name='hwclock-save'/>
<Service name='irqbalance'/>
<Service name='killprocs'/>
<Service name='kmod'/>
<Service name='mountall'/>
<Service name='mountall.sh'/>
<Service name='mountall-bootclean.sh'/>
<Service name='mountall-net'/>
<Service name='mountall-reboot'/>
<Service name='mountall-shell'/>
<Service name='mountdevsubfs.sh'/>
<Service name='mounted-debugfs'/>
<Service name='mounted-dev'/>
<Service name='mounted-proc'/>
<Service name='mounted-run'/>
<Service name='mounted-tmp'/>
<Service name='mounted-var'/>
<Service name='mountkernfs.sh'/>
<Service name='mountnfs-bootclean.sh'/>
<Service name='mountnfs.sh'/>
<Service name='mtab.sh'/>
<Service name='network-interface'/>
<Service name='network-interface-container'/>
<Service name='network-interface-security'/>
<Service name='networking'/>
<Service name='ondemand'/>
<Service name='passwd'/>
<Service name='plymouth'/>
<Service name='plymouth-log'/>
<Service name='plymouth-ready'/>
<Service name='plymouth-splash'/>
<Service name='plymouth-stop'/>
<Service name='plymouth-upstart-bridge'/>
<Service name='pppd-dns'/>
<Service name='procps'/>
<Service name='rc'/>
<Service name='rc.local'/>
<Service name='rc-sysinit'/>
<Service name='rcS'/>
<Service name='resolvconf'/>
<Service name='rsync'/>
<Service name='rsyslog'/>
<Service name='setvtrgb'/>
<Service name='shutdown'/>
<Service name='single'/>
<Service name='startpar-bridge'/>
<Service name='sudo'/>
<Service name='systemd-logind'/>
<Service name='tty1'/>
<Service name='tty2'/>
<Service name='tty3'/>
<Service name='tty4'/>
<Service name='tty5'/>
<Service name='tty6'/>
<Service name='udev'/>
<Service name='udev-fallback-graphics'/>
<Service name='udev-finish'/>
<Service name='udevmonitor'/>
<Service name='udevtrigger'/>
<Service name='ufw'/>
<Service name='upstart-file-bridge'/>
<Service name='upstart-socket-bridge'/>
<Service name='upstart-udev-bridge'/>
<Service name='ureadahead'/>
<Service name='ureadahead-other'/>
<Service name='wait-for-state'/>

Add the literal entries in Rules to bind the Service entries from above.

root@saucy:~# cat /var/lib/bcfg2/Rules/services.xml
<Rules priority='1'>
    <!-- sysv services -->
    <Service name='bcfg2' type='deb' status='on'/>
    <Service name='bcfg2-server' type='deb' status='on'/>
    <Service name='dns-clean' type='deb' status='on'/>
    <Service name='grub-common' type='deb' status='on'/>
    <Service name='sudo' type='deb' status='on'/>

    <Service name='killprocs' type='deb' bootstatus='on' status='ignore'/>
    <Service name='ondemand' type='deb' bootstatus='on' status='ignore'/>
    <Service name='pppd-dns' type='deb' bootstatus='on' status='ignore'/>
    <Service name='rc.local' type='deb' bootstatus='on' status='ignore'/>
    <Service name='rsync' type='deb' bootstatus='on' status='ignore'/>
    <Service name='single' type='deb' bootstatus='on' status='ignore'/>

    <Service name='bcfg2-report-collector' type='deb' status='off'/>

    <!-- upstart services -->
    <Service name='bootmisc.sh' type='upstart' status='on'/>
    <Service name='checkfs.sh' type='upstart' status='on'/>
    <Service name='checkroot-bootclean.sh' type='upstart' status='on'/>
    <Service name='checkroot.sh' type='upstart' status='on'/>
    <Service name='cron' type='upstart' status='on'/>
    <Service name='dbus' type='upstart' status='on'/>
    <Service name='mountall.sh' type='upstart' status='on'/>
    <Service name='mountall-bootclean.sh' type='upstart' status='on'/>
    <Service name='mountdevsubfs.sh' type='upstart' status='on'/>
    <Service name='mountkernfs.sh' type='upstart' status='on'/>
    <Service name='mountnfs-bootclean.sh' type='upstart' status='on'/>
    <Service name='mountnfs.sh' type='upstart' status='on'/>
    <Service name='mtab.sh' type='upstart' status='on'/>
    <Service name='network-interface' type='upstart' status='on' parameters='INTERFACE=eth0'/>
    <Service name='network-interface-security' type='upstart' status='on' parameters='JOB=network-interface/eth0'/>
    <Service name='networking' type='upstart' status='on'/>
    <Service name='plymouth-ready' type='upstart' status='ignore'/>
    <Service name='resolvconf' type='upstart' status='on'/>
    <Service name='rsyslog' type='upstart' status='on'/>
    <Service name='startpar-bridge' type='upstart' status='ignore'/>
    <Service name='systemd-logind' type='upstart' status='on'/>
    <Service name='tty1' type='upstart' status='on'/>
    <Service name='tty2' type='upstart' status='on'/>
    <Service name='tty3' type='upstart' status='on'/>
    <Service name='tty4' type='upstart' status='on'/>
    <Service name='tty5' type='upstart' status='on'/>
    <Service name='tty6' type='upstart' status='on'/>
    <Service name='udev' type='upstart' status='on'/>
    <Service name='ufw' type='upstart' status='on'/>
    <Service name='upstart-file-bridge' type='upstart' status='on'/>
    <Service name='upstart-socket-bridge' type='upstart' status='on'/>
    <Service name='upstart-udev-bridge' type='upstart' status='on'/>
    <Service name='wait-for-state' type='upstart' status='ignore'/>

    <Service name='console' type='upstart' status='off'/>
    <Service name='console-font' type='upstart' status='off'/>
    <Service name='console-setup' type='upstart' status='off'/>
    <Service name='container-detect' type='upstart' status='off'/>
    <Service name='control-alt-delete' type='upstart' status='off'/>
    <Service name='dmesg' type='upstart' status='off'/>
    <Service name='failsafe' type='upstart' status='off'/>
    <Service name='flush-early-job-log' type='upstart' status='off'/>
    <Service name='friendly-recovery' type='upstart' status='off'/>
    <Service name='hostname' type='upstart' status='off'/>
    <Service name='hwclock' type='upstart' status='off'/>
    <Service name='hwclock-save' type='upstart' status='off'/>
    <Service name='irqbalance' type='upstart' status='off'/>
    <Service name='kmod' type='upstart' status='off'/>
    <Service name='mountall' type='upstart' status='off'/>
    <Service name='mountall-net' type='upstart' status='off'/>
    <Service name='mountall-reboot' type='upstart' status='off'/>
    <Service name='mountall-shell' type='upstart' status='off'/>
    <Service name='mounted-debugfs' type='upstart' status='off'/>
    <Service name='mounted-dev' type='upstart' status='off'/>
    <Service name='mounted-proc' type='upstart' status='off'/>
    <Service name='mounted-run' type='upstart' status='off'/>
    <Service name='mounted-tmp' type='upstart' status='off'/>
    <Service name='mounted-var' type='upstart' status='off'/>
    <Service name='network-interface-container' type='upstart' status='off'/>
    <Service name='passwd' type='upstart' status='off'/>
    <Service name='plymouth' type='upstart' status='off'/>
    <Service name='plymouth-log' type='upstart' status='off'/>
    <Service name='plymouth-splash' type='upstart' status='off'/>
    <Service name='plymouth-stop' type='upstart' status='off'/>
    <Service name='plymouth-upstart-bridge' type='upstart' status='off'/>
    <Service name='procps' type='upstart' status='off'/>
    <Service name='rc' type='upstart' status='off'/>
    <Service name='rc-sysinit' type='upstart' status='off'/>
    <Service name='rcS' type='upstart' status='off'/>
    <Service name='setvtrgb' type='upstart' status='off'/>
    <Service name='shutdown' type='upstart' status='off'/>
    <Service name='udev-fallback-graphics' type='upstart' status='off'/>
    <Service name='udev-finish' type='upstart' status='off'/>
    <Service name='udevmonitor' type='upstart' status='off'/>
    <Service name='udevtrigger' type='upstart' status='off'/>
    <Service name='ureadahead' type='upstart' status='off'/>
    <Service name='ureadahead-other' type='upstart' status='off'/>
</Rules>

Now we run the client and see there are no more unmanaged entries!

root@saucy:~# bcfg2 -vqn
Starting Bcfg2 client run at 1374271524.83
Running probe groups
Probe groups has result:
group:amd64

Loaded tool drivers:
 APT         Action      DebInit     POSIX       POSIXUsers  Upstart     VCS
Loaded experimental tool drivers:
 POSIXUsers
Phase: initial
Correct entries:        519
Incorrect entries:      0
Total managed entries:  519
Unmanaged entries:      0
Phase: final
Correct entries:        519
Incorrect entries:      0
Total managed entries:  519
Unmanaged entries:      0
All entries correct.
Finished Bcfg2 client run at 1374271541.56

Warning

This basic bundle is created mainly for the purposes of getting you to a completely managed client. It is recommended that you create bundles for appropriate services due to the way bundle updates are managed. Please see Writing Bcfg2 Specification for more details.

Upstart

Upstart services are defined like this:

<Service name="cron" status="on"  type="upstart"/>

Some Upstart services require additional parameters, like network-interface and bridge-network-interface:

<Service name="network-interface" status="on" type="upstart" parameters="INTERFACE=eth0"/>
<Service name="bridge-network-interface" status="on" type="upstart" parameters="INTERFACE=br0"/>

Dynamic (web) reports

See installation instructions at Web Reporting Quickstart

Next Steps

Next Steps