Client
The following steps guide you on how to install and configure the Pullconf client component pullconf on a client system.
Download the .deb package from GitHub:
wget https://github.com/puetzp/pullconf/releases/download/v0.4.2/pullconf_0.4.2-1_amd64.deb
Or: Install Rust, download the source code and build the package yourself:
cargo install cargo-deb
cargo deb -p pullconf
Install the package:
sudo dpkg -i pullconf_0.4.2_amd64.deb
The installation script sets up a systemd service unit (pullconf.service), a timer unit (pullconf.timer) and a data directory. Check the service unit status:
sudo systemctl status pullconf.service
As you may notice the unit is not enabled by the installation script, because it lacks an [Install] section. It is a static service unit that is activated by a scheduler and exits after resources have been applied. The timer unit from the package is used to execute the pullconf.service unit regularly. By default it is configured to trigger the service unit every five minutes.
Optional: Take a look at the timer unit:
sudo systemctl cat pullconf.timer
Optional: Adjust the OnCalendar expression or other settings by creating an override file:
sudo systemctl edit pullconf.timer
Optional: If you prefer a different scheduling method, disable the timer unit and configure the scheduler of your choice:
sudo systemctl disable pullconf.timer
If this is your first installation the service unit (pullconf.service) will likely be in the "failed" state after being triggered for the first time by the scheduler, because some mandatory configuration parameters need to be set up. Refer to the log at /var/log/pullconf/pullconf.log to see what might be missing to successfully run the program.
As with the server component pullconf is configured via environment variables. As you can see in the systemd unit file the unit reads environment variables from /etc/pullconf/environment (the required format is documented here. Refer to the following table for all available parameters.
| Name | Description | Mandatory | Default |
|---|---|---|---|
| PULLCONF_SERVER | The socket address of the pullconfd server that pullconf should connect to, e.g. pullconf.local | yes | |
| PULLCONF_API_KEY | The API key that is used by the client to authenticate to the server. This should be a long, random string. A suitable string can be generated by running openssl rand -base64 32 | yes | |
| RUST_LOG | This variable is read by the underlying logging library. Check their documentation for a complete overview of valid values. | no | info |
Once pullconf.timer triggers pullconf.service the updated values from /etc/pullconf/environment will be used. To run the service unit out-of-schedule simply run:
sudo systemctl start pullconf.service
However unless the client is already known to the server pullconf.service will likely fail again. That is because pullconf tries to authenticate to pullconfd with a hostname and its API key. Both are still unknown to pullconfd as long as no client configuration file exists on the server side. Proceed to creating a client configuration file to let the client successfully fetch its list of resources from the server.
Note that pullconf will only trust a server certificate from pullconfd that can be verified through the platform's trusted roots. If the server certificate is signed by an internal or custom certificate authority, the CA certificate must be copied to
/usr/local/share/ca-certificatesand then added to the truststore via the commandupdate-ca-certificates.