November 2011 - cobbler - Fedora Mailing-Lists

by James Cammarata

Gearing up for 2.2.2, so I've gone through the master and release22 branches making sure everything has been applied. As of now, I believe there are only 4 patches that have not been applied to release22: commit 5d1f682946cb5bf323ea97062dabf8071c9698a1 Merge: 1b4f9ec... 7f24553... Author: James Cammarata <jimi(a)sngx.net> Date: Fri Nov 4 03:36:07 2011 -0500 Merge of authn_pam/https feature branch commit 4bee30b4086a8d845bea5d39d6f2cba1f4a396aa Author: James Cammarata <jimi(a)sngx.net> Date: Fri Oct 28 01:11:02 2011 -0500 Enabling CSRF protection for the web interface commit 18eb1c06779b37d89dfb2962a08236dd1bab24a6 Author: James Cammarata <jimi(a)sngx.net> Date: Fri Nov 4 02:33:38 2011 -0500 Additional CSRF work. All URLs that modify state are now required to be POSTs only. commit 1b4f9ecf051422eb8512794701900f6199651442 Author: James Cammarata <jimi(a)sngx.net> Date: Fri Nov 4 03:23:09 2011 -0500 Convert all yaml loads to safe_loads for security/safety reasons. https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883 If you notice I forgot to apply something you sent in, or if I forgot to apply it both to master AND release22, let me know and I'll cherry pick it over. I'd like to get all of these in for the next release, so if anyone has some spare cycles I'd love for some extra testing. If you typically install RPMs, you can easily build them by cloning the git tree and using the command "make rpms", which should generate RPMs with the version of 2.3.1-1. Please don't test these on production servers, the YAML load change above shouldn't cause any issues but just in case I'd hate for someone to corrupt production data. If you do end up testing the authn_pam/https patch, please be aware that a pretty major change was made to the cobbler_web.conf file for Apache. Make sure there's no rpmnew/rpmsave version of this, and that the contents look like the following: # This configuration file enables the cobbler web # interface (django version) # Force everything to go to https RewriteEngine on RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} ^/cobbler_web RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi Here is a list of the patches applied since 2.2.1: * FEAT: Add fedora16, rawhide, opensuse 11.2, 11.3, 11.4 and 12.1 to codes.py This should also fix ticket #611 * FEAT: Added a %post section for the cobbler-web package, which replaces the SECRET_KEY field in the Django settings.py with a random string * BUGFIX: Use VALID_OS_VERSIONS from codes.py in the redhat importer. * BUGFIX: Fixes to import_tree() to actually copy files to a safe place when --available-as is specified. Also some cleanup to the debian/ubuntu import module for when --available-as is specified. * BUGFIX: Modification to import processes so that rsync:// works as a path. These changes should also correct the incorrect linking issue where the link created in webdir/links/ pointed at a directory in ks_mirror without the arch Also removed the .old import modules for debian/ubuntu, which were replaced with the unified manage_import_debian_ubuntu.py * BUGFIX: add the /var/www/cobbler/pub directory to setup.py. Calling buildiso from cobbler-web now works as expected. * BUGFIX: patch koan (xencreate) to correct the same issue that was broken for vmware regarding qemu_net_type * BUGFIX: fixed issue with saving objects in the webgui failing when it was the first of that object type saved. * BUGFIX: Minor fix to the remote version to use the nicer extended version available * BUGFIX: Fix a bug in buildiso when duplicate kopt keys are used. Reported and tested by Simon Woolsgrove <simon(a)woolsgrove.com> * BUGFIX: Fix for koan, where vmwcreate.py was not updated to accept the network type, causing failures. * BUGFIX: added sign_puppet_certs_automatically to settings.py. The fact that this was missing was causing failures in the the pre/post puppet install modul * BUGFIX: set the auto-boot option for a virtual machine * BUGFIX: Correction for koan using the incorrect default port for connecting to cobblerd * BUGFIX: config/settings: add "manage_tftpd: 1" (default setting). Manage_tftpd is ON by default, but it doesn't hurt to be explicit about it, so that it's easier to disable it. * CLEANUP: use codes.VALID_OS_VERSIONS in the freebsd importer * CLEANUP: use codes.VALID_OS_VERSIONS in the debian/ubuntu importer * CLEANUP: use utils.subprocess_call in services.py * CLEANUP: use utils.subprocess_call in remote.py. * CLEANUP: use utils.subprocess_call in scm_track.py. Also document that 'hg' is a valid option in the settings file. * CLEANUP: Dont import the sub_process module when it's not needed.

12 years, 5 months

4
5
0 / 0

Error handling for xmlrpc

by Gerhardus Geldenhuis

Hi I get the following error: xmlrpclib.Fault: <Fault 1: "cobbler.cexceptions.CX:'invalid profile name: rhel5u5-x86_64'"> I am still learning python so wanted to know is all errors always going to be the exception type xmlrpclib.Fault when using xmlrpc to interact with cobbler? Secondly having grepped through the source code I found: cobbler/item_system.py: raise CX(_("invalid profile name: %s") % profile_name) reason I did this was to get a list of possible error messages that I could expect. Would doing a grep 'raise CX' cobbler/item_system.py be a to simplistic approach to find these possible error messages? To try and answer my own question... maybe because it is xmlrpc and remote you will only get this generic error and if you were in the code (local) you get different exception classes... is there any point in recreating a list of exception classes to handle errors on the client side of the xmlrpc interface. Reason I ask is I am thinking that it might be cleaner to use the try except blocks rather than a bunch of if statements for strings but I am very open to opinions/guidance. Regards -- Gerhardus Geldenhuis

12 years, 5 months

2
1
0 / 0

cobbler 2.2.1 and debian

by Eric Doutreleau

Hi i m trying to use the long waited feature of the 2.2.x version which is the debian import. i launch the following command cobbler import --name=lenny-amd64 \ --breed=debian --arch=x86_64 --os-version=lenny \ --path=rsync://ftp2.fr.debian.org/debian/dists/lenn/main/installer-amd64/current/images/netboot/debian-installer/amd64 \ --rsync-flags="--quiet" task started: 2011-11-03_114536_import task started (id=Media import, time=Thu Nov 3 11:45:36 2011) scanning rsync://ftp2.fr.debian.org/debian/dists/lenny/main/installer-amd64/curren... for a redhat-based distro signature Warning: No distro signature for kernel at rsync://ftp2.fr.debian.org/debian/dists/lenny/main/installer-amd64/curren..., using value from command line running: rsync -a 'rsync://ftp2.fr.debian.org/debian/dists/lenny/main/installer-amd64/curren...' /var/www/cobbler/ks_mirror/lenny-amd64-x86_64/ --quiet --exclude-from=/etc/cobbler/rsync.exclude --quiet received on stdout: received on stderr: adding distros creating new distro: lenny-x86_64 creating new profile: lenny-x86_64 associating repos traversing distro lenny-x86_64 descent into rsync://ftp2.fr.debian.org/debian/dists/lenny/main/installer-amd64/curren... Exception occured: exceptions.TypeError Exception value: process_repos() takes exactly 3 arguments (1 given) Exception Info: File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 93, in run rc = self._run(self) File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 232, in runner self.logger File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 759, in import_tree return manager.run(pkgdir,mirror_url,mirror_name,network_root,kickstart_file,rsync_flags,arch,breed,os_version) File "/usr/lib/python2.4/site-packages/cobbler/modules/manage_import_debian_ubuntu.py", line 249, in run self.repo_finder(distros_added) File "/usr/lib/python2.4/site-packages/cobbler/modules/manage_import_debian_ubuntu.py", line 334, in repo_finder self.process_repos() !!! TASK FAILED !!! does someone know how to import debian distrib in cobbler? -- Eric Doutreleau

12 years, 5 months

2
2
0 / 0

xmlrpc or api

by Gerhardus Geldenhuis

Hi This page: https://fedorahosted.org/cobbler/wiki/CobblerApi states: As of version 2.0, BootAPI is *not* the recommended way of interfacing with Cobbler. It directly modifies the config store in a way that may not be safe. Furthermore the modifications made will not be visible to cobblerd. The CobblerXmlrpc <https://fedorahosted.org/cobbler/wiki/CobblerXmlrpc> interface should instead be used until at least version 2.2. Is this still true? Or can we use BootAPI now? Is there anyway to get error messages back when using xmlrpc? The https://fedorahosted.org/cobbler/wiki/CobblerXmlrpc page references https://fedorahosted.org/cobbler/wiki/CobblerExceptions but it does not exist any more. I want to know if actions were successful or not. I suspect error checking is better done with the api hence my question. One last novice question, does the api only run on the same server as cobbler or can I use the api to access a remote cobbler server? Best Regards -- Gerhardus Geldenhuis

12 years, 5 months

3
7
0 / 0

WSGIScriptAlias problem again?

by Gerhardus Geldenhuis

Hi On a vanilla Red Hat 5.6 install I get the following error when trying to start httpd after having installed cobbler and cobbler-web. Starting httpd: Syntax error on line 11 of /etc/httpd/conf.d/cobbler_web.conf: Invalid command 'WSGIScriptAlias', perhaps misspelled or defined by a module not included in the server configuration I am installing the following versions: Installing: cobbler-web noarch 2.2.1-1.el5 epel-testing 251 k Installing for dependencies: cobbler noarch 2.2.1-1.el5 epel-testing 774 k mod_wsgi x86_64 3.2-1.el5 epel 70 k https://bugzilla.redhat.com/show_bug.cgi?id=605273 suggests that this is fixed but to be honest it was not very clear to me what the actual resolution was to fix the problem. I first did not have epel-testing switched and installed an older version which worked. I then removed cobbler with yum and then manually removed /var/lib/cobbler and /etc/cobbler and the config files for httpd but that still did not resolve the issue I have also completely re-installed my virtual machine just to be sure it was'nt a package thing that I did not clean up properly so any help in getting this resolved would be appreciated. Regards -- Gerhardus Geldenhuis

12 years, 5 months

2
4
0 / 0

ESXi 5 import

by John Paget Bourke

Hi, I would like to build some ESXi 5 servers from cobbler. I understand ESXi is supported, but when I try import it does not work [root@Config esxi5]# cobbler import --name=ESXi5 --arch=x86_64 --path=/media/esxi5/ --rsync-flags="--quiet" task started: 2011-11-02_193127_import task started (id=Media import, time=Wed Nov 2 19:31:27 2011) scanning /media/esxi5/ for a redhat-based distro signature *** TASK COMPLETE *** If I try to import ESXi 4.1 it seems ok [root@Config ~]# cobbler import --name=ESXi41 --arch=x86_64 --path=/media/esxi41/ --rsync-flags="--quiet" task started: 2011-11-02_200431_import task started (id=Media import, time=Wed Nov 2 20:04:31 2011) scanning /media/esxi41/ for a redhat-based distro signature Found a vmware compatible signature: imagedd.bz2 running: rsync -a '/media/esxi41/' /var/www/cobbler/ks_mirror/ESXi41-x86_64 --exclude-from=/etc/cobbler/rsync.exclude --progress --quiet Can someone point me at a place where I can modify the code to import ESXi5 ? Are there any other considerations ? Thanks John

12 years, 5 months

4
4
0 / 0

cobbler 2.2.1 and external authentification

by Eric Doutreleau

Hi i have just migrate from 2.0.11 to 2.2.1 and my external authentification doesn't work anymore. in order to do that i have in my modules.conf file the following sentence [authentication] module = authn_passthru [authorization] module = authz_allowall and in the cobbler_web.conf in the /etc/httpd/conf.d directory <VirtualHost *:80> # Do not log the requests generated from the event notification system SetEnvIf Request_URI ".*/op/events/user/.*" dontlog # Log only what remains CustomLog logs/access_log combined env=!dontlog WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi <Location "/cobbler_web"> AuthBasicAuthoritative Off AuthType CAS AuthName cobbler AuthLDAPUrl "ldap://ldap1.int-evry.fr/dc=int-evry,dc=fr" require ldap-group CN=s2ia-isr,Ou=Groups,dc=int-evry,dc=fr Require valid-user </Location> when i try to log i m redirected to my SSO banner i log in it but after i got the cobbler banner instead of going passthru. when i look at the apache logs i see that i m authenticated 157.159.21.152 - doutrele [02/Nov/2011:09:02:49 -0500] "GET /cobbler_web/ HTTP/1.1" 200 1060 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.0 Safari/535.7" but it seems that cobbler didn't care about that. does someone know how to solve that problem? thanks in advance for any help -- Eric Doutreleau

12 years, 5 months

2
2
0 / 0

Bug with saving objects in the web GUI

by James Cammarata

I ran across this tonight, and thought I'd send an email out in case others run into it in the future. I noticed that trying to create an object (for example a system) was failing when there were no other objects of that kind stored in cobbler. I tracked the issue back to a feature we introduced in 2.2, where an object's fields were updated only if the field value changed. I've corrected the issue, which will be included in the next release. For now, if you run into this issue I believe you can fix it by manually deleting all of the files in the sessions directory (/var/lib/cobbler/webui_sessions/ by default) since that is where the cached field information is stored. A sign that you're running into this issue is a log message in cobbler.log similar to this: INFO | add_item(profile); [''] Notice the empty string - that should be the object name. The field info is stored in a hash, where the key is "type_name" (for example: profile_test1), so theoretically if you add an object, then delete it, then recreate it with the exact same name you could theoretically run into this too, where fields are not updating like you'd expect. Overall, I'm noticing some name space pollution in the session, so I may work on cleaning that up in the near future.

12 years, 5 months

2
1
0 / 0

Build route and production route differs

by Gerhardus Geldenhuis

Hi I have a strange situation. A few servers in our infrastructure has a different gateway than the rest and when I create the server in cobbler I set this gateway as I want it configured in afterwards. However this caused the build to fail as this ip/network does not support dhcp and building of the server won't work using this different gateway. One way of fixing this would be to add some additional if statements to the network snippets. Does anyone else have a similar problem and suggestions for solutions? Regards -- Gerhardus Geldenhuis

12 years, 5 months

2
1
0 / 0

interface ends up named eth2-eth0

by Daniel Kertby

Hi all, First, thanks to you developers for continuing the excellent work on Cobbler! Now to the issue, The system - has 3 network interfaces, were the third interface is used as the public interface. When installing Red Hat 5.5, interface 'eth0' will be assigned to the interface which was used during the installation.

12 years, 5 months

4
6
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

cobbler November 2011