Milestone Bcfg2 1.2.0 Release

Completed 11 years ago (12/07/11 22:30:00)


Number of tickets:

67 / 67


9 / 9


8 / 8


50 / 50

Note: Templates written for Bcfg2 <= 1.1.x which access metadata.Properties[file].data will have to be modified to use the "xdata" attribute instead of "data". Note: This release has important changes to the Packages plugin which will require you to convert your existing Packages configuration. The tools/ exists to assist with this migration.


  • Add a number of features to SSHbase: (from Chris St. Pierre)
    • Support for group-specific host keys
    • Support for fully static host- and group-specific ssh_known_hosts
    • (Support for totally generic host keys and ssh_known_hosts, too, but that's pretty useless.)
    • Support for info.xml, info, and :info files; only info.xml is likely to be useful, with the <Path> directive
  • SSHbase: ECDSA key support from ticket #1063
  • Improve error handling of Packages plugin (from Mike McCallister?)
  • improve error logging during LDAP query processing (from Torsten Rehn)
  • Cfg: Add support for .cheetah files (from Joe Digilio)
  • Initial support for the APK management in Alpine Linux (from Fabian Affolter on behalf of Cameron Banta)
  • Packages (from Chris St. Pierre)
    • Added support for yum libraries (if available and configured). This can dramatically reduce memory usage, and fixed several bugs:
      • #1014 (Package plugin can't resolve dependencies for rpms with Require: tags for full paths that aren't Provided explicitly)
      • #991 (Dependency Resolution difference between Package and yum)
      • #996 (Packages high memory usage)
    • Added support for Yum package groups when using yum libraries (#1039)
    • Fixed #911 (bcfg2 output for wrong package version with Packages is misleading)
    • YUMng turns down the Yum debug level itself depending on the debug/verbosity level requested by bcfg2 so you don't have to reduce the Yum debug level on a global basis
    • Added support for Pulp repositories, including registering Pulp consumers and binding to repositories
    • Added ability to disable magic OS groups
  • made all XMLFileBacked plugins (e.g., GroupPatterns?) support XInclude (from Chris St. Pierre)
  • added Defaults plugin (from Chris St. Pierre)
  • made templated bundles understand <Group> and <Client> tags (from Chris St. Pierre)
  • Split large codebases
  • Reports: Make database_port setting optional (from Holger Weiß)


  • Add server side support for python 3
  • Add VCS checkout client tool (Ticket #754)
  • Rules: Add regex support
  • APT: Add type='ignore' support (patch from tie on IRC)
  • Reports: Interface fixes for toggling expanding/collapsing lists (from mkd)
  • Metadata: Better handling of floating cert-authenticated clients (fix from mkd in Ticket #1030)
  • Fix chmod in "bcfg2-admin init" (from Joe Digilio)
  • Action: Fix whitelist mode (from mkd Resolves #1029)
  • Fix security bugs with unescaped input to the shell
  • bcfg2-info: added buildbundle command to bcfg2-info to render a bundle template
  • Packages:
    • Better config handling: Split into packages.conf (which contains one-time configuration directives) and sources.xml (which contains the actual package sources.) The config file looks like a StructFile?, and supports <Client> tags and negated Client and Group tags. Packages.Reload (_not_ Refresh) is run on changes to the sources config. tools/ is provided to convert to the new format.
    • Automagic handling of GPG keys. The new config format handles association of GPG keys go with repos; Packages then Does The Right Thing and gets them to the clients, gets them installed properly, and handles them in the specification. At the moment this only works for yum repos, not APT.
    • Automatic generation of yum configs using the sources and GPG keys supplied. APT configs are not done yet.
    • The early vestiges of integration with Pulp (
  • Updated information about disabling per-package checks (from Brent Bloxam)
  • added write() method to Properties to write back persistent changes (from Chris St. Pierre)
  • Rewrote DirectoryBacked? so it handles files contained in an arbitrary directory layout (from Mike McCallister?)
  • Treat Bound entries like unbound entries for calculating prerequisites in Deps (from Mike McCallister?)
  • Chkconfig: Use LANG=C to avoid locale conflicts (fix from adsaman on IRC resolves #1028 and #926)
  • Miscellaneous bcfg2-admin bug fixes (from Chris St. Pierre)
  • Chkconfig: pipe stderr to /dev/null to prevent failure (from Josh Koenig)
  • made info.xml files understand <Path> tags to better set permissions on altsrc'd files (from Chris St. Pierre)
  • added Genshi template syntax checker, other misc. bcfg2-lint cleanup (from Chris St. Pierre)
  • Sphinx documentation fixes (from Mike McCallister?)
  • Schemas: change client.xsd, allow multiple Client entries in XIncluded file (from Jonathan Billings)
  • made ohai plugin fail gracefully on machines without ohai installed (from Chris St. Pierre)
  • Refactor (from Raúl Cuza)
  • bcfg2-info: Remove "generators" command (from Holger Weiß)
  • Enhanced bcfg2-admin viz to allow output to be limited to one client. (from Mike McCallister?)
  • bcfg2-admin compare (from Holger Weiß):
    • Check for removed files
    • Check for removed bundles
    • Handle all <Independent> tags
    • Handle POSIX <Path> entries
    • Actually do something
  • prevent KeyErrors? when directories get changed by rsync (from Torsten Rehn)
  • Initial systemd .service files added (from Fabian Affolter)
  • bcfg2-reports:
    • Catch getopt exceptions
    • Catch "--badentry=/tmp/nonexistent"
  • New Info attribute: "sensitive" (from Holger Weiß)
    • The contents/diffs of <Path>s which are marked as "sensitive" are now omitted from the reports transmitted to the server, so that they won't end up in the statistics database.
  • GroupPatterns?: add support for multiple group targets in a single clause
  • YUMng: Add multiarch capabilities
  • Added auth attrib to list of valid attribs that the Client object can add/update (from Kristian Kostecky)
  • Numerous man page (and other documentation) fixes from Holger Weiß
  • Cfg: Add support for perms='inherit' (Ticket #642)


  • POSIX: Add recursive permissions (Ticket #871)
  • Probes: make Bcfg2 automatically handle JSON, XML, and YAML output (fixes tickets #710 and #888)
  • Tons of Validate plugin fixes
  • Make -q turn off package verification in YUMng
  • YUM: Make YUMng the preferred client tool on RPM systems
  • Frame: Fix 'important' entry installation in decision mode (Reported by m4z on irc)
  • bcfg2-reports
    • Show total numbers of entries
    • Show modified entries
    • Accept and create non-ASCII diffs
    • Fix --badentry and --extraentry
  • Options: Set default encoding to UTF-8 (as per Holger Weiß's suggestion)
  • Proxy: Catch traceback when name resolution fails (#1012)
  • Deprecate Base in favor of Bundler
  • Only listen on specified interface by default (Ticket #1013)
    • This change may require you to add a listen_all setting in bcfg2.conf if you want the server to listen on all available interfaces.
  • added -t option to set client timeout
  • POSIX: Clarify normalization error (Reported by Tim Goodaire)
  • allow setting whitelist/blacklist mode in bcfg2.conf
  • Cfg:
    • Fix the output encoding of Genshi templates
    • Fix bcfg2-admin pull behavior for genshi templates (#1010)
    • Fix PluginExecutionError
  • bcfg2: Convert specification from Unicode to UTF-8 (Resolves ticket #1009)
  • Added FileProbes plugin
  • log more useful error message if python-ldap is not installed
  • DBStats: Stop duplicating data in reports_reason
  • NagiosGen rewrite
    • Rewrote NagiosGen config to use NagiosGen/config.xml, which understands <Group> and <Client> tags, rather than the client-specific Properties/NagiosGen.xml and the group-specific but limited NagiosGen/parents.xml. Includes schema and bcfg2-lint updates necessary. Wrote conversion tool,, which converts everything but the <default/> tag in the old NagiosGen.xml, which cannot be reasonably converted to StructFile format.
  • Client/Tools: Get rid of popen2 (in favor of subprocess)
    • This changes the client prerequisites to python 2.4 or greater.
  • SvcTool: Add interactive_only mode
  • Add basic support for systemd services. (from Jeffrey Ollie)
    • TODO: boot time service management


  • Rewrote bcfg2-repo-validate as bcfg2-lint (from Chris St. Pierre)
  • Metadata: Stop stripping comments from clients.xml (Resolves #929)
  • SSLServer: Stop raising trapped exceptions from XMLRPCRequestHandler. Causes the server to wedge. (Resolves #970)
  • bcfg2.spec: Spec file fix from Jonathan Billings
  • schemas
    • A number of schema changes/fixes/updates
    • Added Genshi schema, made Genshi bundles validate
    • Build DTD docs, provide -doc subpackage in RPM (Resolves #984)
  • Metadata: Handle writes to XInclude files within clients.xml (Resolves #841)
  • Change condition test for python version to work on Mac OS X 10.6.6 with Xcode 3.2.5.
  • Probes: Patch to sort nested items from (Resolves #987)
  • SMF: Report current service status when using the Solaris SMF driver. (Resolves #988)
  • POSIX: Implement recursive attribute for nonexistent Paths
  • Service: Allow services that are both supervised and custom (Ticket #979)
  • YUMng: Fix handling of gpg-pubkey packages by yum 3.2.20 on SLES
  • Better handling of backup files in paranoid mode (Patch from mkd ticket #995)
  • Add support for genshi bundles with .xml extension (Ticket #861)
  • man: Add man page for bcfg2-ping-sweep (#997)
  • debian: Remove fam dependencies (
  • add ability to ignore a debian Service
  • various PY3K + PEP8 fixes (attempting to support 2 and 3 simultaneously)
  • Fix Python 2.7 authentication header issue (Patch from Gordon Messmer 42169282aa36b97808e3b5046fab1dfa41ea81e5)
  • Reports: Use the newer DATABASES option in (#1002)
  • Tools: Skip Installation for mode='manual' services (#965)


  • Massive reporting updates from Tim Laszlo (including a new bcfg2-web package)
  • Cfg/TGenshi unification from Tim Laszlo (Ticket #806)
  • SSLCA for automated certificate generation from Graham Hagger
  • Pacman support for Archlinux from Asaf Ohaion
  • New bundle-quick mode
  • New bcfg2-admin backup mode from Fabian Affolter
  • Massive documentation updates from Fabian Affolter
  • SSL certificate localization (in bcfg2-admin init) from Fabian Affolter
  • Ldap plugin from Torsten Rehn (Ticket #815)
  • Implement central git repository for new users to grab when first starting out with Bcfg2 (continuous work in progress available at
Note: See TracRoadmap for help on using the roadmap.