Bcfg2 Agent Mode
As of Bcfg2 1.0.0, this is deprecated in favor of AgentWithSSH.
As of version 0.9.5, the bcfg2 client introduces "agent mode," allowing bcfg2 client runs to be initiated remotely. This capability allows the bcfg2 client process to run continuously on a client and listen for a reconfiguration command, usually from the server, rather than run periodically via the established method of invocation via cron.
This mode is useful for active repair of specific problems on clients because it allows you to make a change to the configuration on the server and instantly run the client, effectively pushing out the configuration change, rather than waiting for it to propagate. The feature is designed intentionally to be simple. When bcfg2 is run on the command line in agent mode, the options it is started with are respected for each remote-instantiated run. This is intended to protect from unintended action on remote clients.
Use
Use of this mode requires, first, appropriate configuration of the client. Because it will be running as an XML-RPC client, each client is required to have an SSL Certificate and private key--just like the server. Generate them individually or copy the same out to each of your clients.
$ openssl x509 -in /etc/bcfg2.key -fingerprint -noout
Additionally, it is necessary to specify "agent-port" and "server fingerprint" via the config file or command line. The finger print is used to authenticate the server. The fingerprint is specified in the same form provided by "bcfg2-admin fingerprint", i.e. lowercase and without colons. It can be specified using the -F flag, or using the config file parameter "fingerprint" in the "communication" section. The agent port can be supplied using the -g flag, or using "agent-port" config file parameter in the "communication" section.
With the .key file, a server fingerprint, and agent-port configured, run bcfg2 on the client with the -A flag. It will wait for a reconfiguration command from the server. This is issued by using the bcfg2-remote command on the server. The only option is to run the client; the options used when the client was started on the client machine will be used to execute the reconfiguration operation.
See also AgentWithSSH for a description of how to setup agent-like functionality using SSH.
