Preparing for the next release
by James Cammarata
Gearing up for 2.2.2, so I've gone through the master and release22
branches making sure everything has been applied. As of now, I believe
there are only 4 patches that have not been applied to release22:
commit 5d1f682946cb5bf323ea97062dabf8071c9698a1
Merge: 1b4f9ec... 7f24553...
Author: James Cammarata <jimi(a)sngx.net>
Date: Fri Nov 4 03:36:07 2011 -0500
Merge of authn_pam/https feature branch
commit 4bee30b4086a8d845bea5d39d6f2cba1f4a396aa
Author: James Cammarata <jimi(a)sngx.net>
Date: Fri Oct 28 01:11:02 2011 -0500
Enabling CSRF protection for the web interface
commit 18eb1c06779b37d89dfb2962a08236dd1bab24a6
Author: James Cammarata <jimi(a)sngx.net>
Date: Fri Nov 4 02:33:38 2011 -0500
Additional CSRF work. All URLs that modify state are now required
to be POSTs only.
commit 1b4f9ecf051422eb8512794701900f6199651442
Author: James Cammarata <jimi(a)sngx.net>
Date: Fri Nov 4 03:23:09 2011 -0500
Convert all yaml loads to safe_loads for security/safety reasons.
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883
If you notice I forgot to apply something you sent in, or if I forgot
to apply it both to master AND release22, let me know and I'll cherry
pick it over.
I'd like to get all of these in for the next release, so if anyone has
some spare cycles I'd love for some extra testing. If you typically
install RPMs, you can easily build them by cloning the git tree and
using the command "make rpms", which should generate RPMs with the
version of 2.3.1-1. Please don't test these on production servers, the
YAML load change above shouldn't cause any issues but just in case I'd
hate for someone to corrupt production data.
If you do end up testing the authn_pam/https patch, please be aware
that a pretty major change was made to the cobbler_web.conf file for
Apache. Make sure there's no rpmnew/rpmsave version of this, and that
the contents look like the following:
# This configuration file enables the cobbler web
# interface (django version)
# Force everything to go to https
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/cobbler_web
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
Here is a list of the patches applied since 2.2.1:
* FEAT: Add fedora16, rawhide, opensuse 11.2, 11.3, 11.4 and 12.1
to codes.py This should also fix ticket #611
* FEAT: Added a %post section for the cobbler-web package, which
replaces the SECRET_KEY field in the Django settings.py with a random
string
* BUGFIX: Use VALID_OS_VERSIONS from codes.py in the redhat importer.
* BUGFIX: Fixes to import_tree() to actually copy files to a safe
place when --available-as is specified.
Also some cleanup to the debian/ubuntu import module for when
--available-as is specified.
* BUGFIX: Modification to import processes so that rsync:// works as a path.
These changes should also correct the incorrect linking issue
where the link created in webdir/links/ pointed at a directory in
ks_mirror without the arch
Also removed the .old import modules for debian/ubuntu, which
were replaced with the unified manage_import_debian_ubuntu.py
* BUGFIX: add the /var/www/cobbler/pub directory to setup.py.
Calling buildiso from cobbler-web now works as expected.
* BUGFIX: patch koan (xencreate) to correct the same issue that was
broken for vmware regarding qemu_net_type
* BUGFIX: fixed issue with saving objects in the webgui failing
when it was the first of that object type saved.
* BUGFIX: Minor fix to the remote version to use the nicer extended
version available
* BUGFIX: Fix a bug in buildiso when duplicate kopt keys are used.
Reported and tested by Simon Woolsgrove <simon(a)woolsgrove.com>
* BUGFIX: Fix for koan, where vmwcreate.py was not updated to
accept the network type, causing failures.
* BUGFIX: added sign_puppet_certs_automatically to settings.py. The
fact that this was missing was causing failures in the the pre/post
puppet install modul
* BUGFIX: set the auto-boot option for a virtual machine
* BUGFIX: Correction for koan using the incorrect default port for
connecting to cobblerd
* BUGFIX: config/settings: add "manage_tftpd: 1" (default setting).
Manage_tftpd is ON by default, but it doesn't hurt to be explicit
about it, so that it's easier to disable it.
* CLEANUP: use codes.VALID_OS_VERSIONS in the freebsd importer
* CLEANUP: use codes.VALID_OS_VERSIONS in the debian/ubuntu importer
* CLEANUP: use utils.subprocess_call in services.py
* CLEANUP: use utils.subprocess_call in remote.py.
* CLEANUP: use utils.subprocess_call in scm_track.py. Also document
that 'hg' is a valid option in the settings file.
* CLEANUP: Dont import the sub_process module when it's not needed.
12 years, 5 months
Error handling for xmlrpc
by Gerhardus Geldenhuis
Hi
I get the following error:
xmlrpclib.Fault: <Fault 1: "cobbler.cexceptions.CX:'invalid profile name:
rhel5u5-x86_64'">
I am still learning python so wanted to know is all errors always going to
be the exception type
xmlrpclib.Fault when using xmlrpc to interact with cobbler?
Secondly having grepped through the source code I found:
cobbler/item_system.py: raise CX(_("invalid profile name: %s") %
profile_name)
reason I did this was to get a list of possible error messages that I could
expect. Would doing a
grep 'raise CX' cobbler/item_system.py
be a to simplistic approach to find these possible error messages?
To try and answer my own question... maybe because it is xmlrpc and remote
you will only get this generic error and if you were in the code (local)
you get different exception classes... is there any point in recreating a
list of exception classes to handle errors on the client side of the xmlrpc
interface. Reason I ask is I am thinking that it might be cleaner to use
the try except blocks rather than a bunch of if statements for strings but
I am very open to opinions/guidance.
Regards
--
Gerhardus Geldenhuis
12 years, 5 months
cobbler 2.2.1 and debian
by Eric Doutreleau
Hi
i m trying to use the long waited feature of the 2.2.x version which is
the debian import.
i launch the following command
cobbler import --name=lenny-amd64 \
--breed=debian --arch=x86_64 --os-version=lenny \
--path=rsync://ftp2.fr.debian.org/debian/dists/lenn/main/installer-amd64/current/images/netboot/debian-installer/amd64
\
--rsync-flags="--quiet"
task started: 2011-11-03_114536_import
task started (id=Media import, time=Thu Nov 3 11:45:36 2011)
scanning
rsync://ftp2.fr.debian.org/debian/dists/lenny/main/installer-amd64/curren...
for a redhat-based distro signature
Warning: No distro signature for kernel at
rsync://ftp2.fr.debian.org/debian/dists/lenny/main/installer-amd64/curren...,
using value from command line
running: rsync -a
'rsync://ftp2.fr.debian.org/debian/dists/lenny/main/installer-amd64/curren...'
/var/www/cobbler/ks_mirror/lenny-amd64-x86_64/ --quiet
--exclude-from=/etc/cobbler/rsync.exclude --quiet
received on stdout:
received on stderr:
adding distros
creating new distro: lenny-x86_64
creating new profile: lenny-x86_64
associating repos
traversing distro lenny-x86_64
descent into
rsync://ftp2.fr.debian.org/debian/dists/lenny/main/installer-amd64/curren...
Exception occured: exceptions.TypeError
Exception value: process_repos() takes exactly 3 arguments (1 given)
Exception Info:
File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 93, in run
rc = self._run(self)
File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 232,
in runner
self.logger
File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 759, in
import_tree
return
manager.run(pkgdir,mirror_url,mirror_name,network_root,kickstart_file,rsync_flags,arch,breed,os_version)
File
"/usr/lib/python2.4/site-packages/cobbler/modules/manage_import_debian_ubuntu.py",
line 249, in run
self.repo_finder(distros_added)
File
"/usr/lib/python2.4/site-packages/cobbler/modules/manage_import_debian_ubuntu.py",
line 334, in repo_finder
self.process_repos()
!!! TASK FAILED !!!
does someone know how to import debian distrib in cobbler?
--
Eric Doutreleau
12 years, 5 months
WSGIScriptAlias problem again?
by Gerhardus Geldenhuis
Hi
On a vanilla Red Hat 5.6 install I get the following error when trying to
start httpd after having installed cobbler and cobbler-web.
Starting httpd: Syntax error on line 11 of
/etc/httpd/conf.d/cobbler_web.conf:
Invalid command 'WSGIScriptAlias', perhaps misspelled or defined by a
module not included in the server configuration
I am installing the following versions:
Installing:
cobbler-web noarch
2.2.1-1.el5
epel-testing
251 k
Installing for dependencies:
cobbler noarch
2.2.1-1.el5
epel-testing
774 k
mod_wsgi x86_64
3.2-1.el5
epel
70 k
https://bugzilla.redhat.com/show_bug.cgi?id=605273 suggests that this is
fixed but to be honest it was not very clear to me what the actual
resolution was to fix the problem.
I first did not have epel-testing switched and installed an older version
which worked. I then removed cobbler with yum and then manually removed
/var/lib/cobbler and /etc/cobbler and the config files for httpd but that
still did not resolve the issue
I have also completely re-installed my virtual machine just to be sure it
was'nt a package thing that I did not clean up properly so any help in
getting this resolved would be appreciated.
Regards
--
Gerhardus Geldenhuis
12 years, 5 months
ESXi 5 import
by John Paget Bourke
Hi,
I would like to build some ESXi 5 servers from cobbler.
I understand ESXi is supported, but when I try import it does not work
[root@Config esxi5]# cobbler import --name=ESXi5 --arch=x86_64
--path=/media/esxi5/ --rsync-flags="--quiet"
task started: 2011-11-02_193127_import
task started (id=Media import, time=Wed Nov 2 19:31:27 2011)
scanning /media/esxi5/ for a redhat-based distro signature
*** TASK COMPLETE ***
If I try to import ESXi 4.1 it seems ok
[root@Config ~]# cobbler import --name=ESXi41 --arch=x86_64
--path=/media/esxi41/ --rsync-flags="--quiet"
task started: 2011-11-02_200431_import
task started (id=Media import, time=Wed Nov 2 20:04:31 2011)
scanning /media/esxi41/ for a redhat-based distro signature
Found a vmware compatible signature: imagedd.bz2
running: rsync -a '/media/esxi41/' /var/www/cobbler/ks_mirror/ESXi41-x86_64
--exclude-from=/etc/cobbler/rsync.exclude --progress --quiet
Can someone point me at a place where I can modify the code to import ESXi5
? Are there any other considerations ?
Thanks
John
12 years, 5 months
cobbler 2.2.1 and external authentification
by Eric Doutreleau
Hi
i have just migrate from 2.0.11 to 2.2.1 and my external
authentification doesn't work anymore.
in order to do that i have in my modules.conf file the following sentence
[authentication]
module = authn_passthru
[authorization]
module = authz_allowall
and in the cobbler_web.conf in the /etc/httpd/conf.d directory
<VirtualHost *:80>
# Do not log the requests generated from the event notification system
SetEnvIf Request_URI ".*/op/events/user/.*" dontlog
# Log only what remains
CustomLog logs/access_log combined env=!dontlog
WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
<Location "/cobbler_web">
AuthBasicAuthoritative Off
AuthType CAS
AuthName cobbler
AuthLDAPUrl "ldap://ldap1.int-evry.fr/dc=int-evry,dc=fr"
require ldap-group CN=s2ia-isr,Ou=Groups,dc=int-evry,dc=fr
Require valid-user
</Location>
when i try to log i m redirected to my SSO banner i log in it but after
i got the cobbler banner instead of going passthru.
when i look at the apache logs i see that i m authenticated
157.159.21.152 - doutrele [02/Nov/2011:09:02:49 -0500] "GET
/cobbler_web/ HTTP/1.1" 200 1060 "-" "Mozilla/5.0 (X11; Linux i686)
AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.0 Safari/535.7"
but it seems that cobbler didn't care about that.
does someone know how to solve that problem?
thanks in advance for any help
--
Eric Doutreleau
12 years, 5 months
Bug with saving objects in the web GUI
by James Cammarata
I ran across this tonight, and thought I'd send an email out in case
others run into it in the future.
I noticed that trying to create an object (for example a system) was
failing when there were no other objects of that kind stored in
cobbler. I tracked the issue back to a feature we introduced in 2.2,
where an object's fields were updated only if the field value changed.
I've corrected the issue, which will be included in the next release.
For now, if you run into this issue I believe you can fix it by
manually deleting all of the files in the sessions directory
(/var/lib/cobbler/webui_sessions/ by default) since that is where the
cached field information is stored. A sign that you're running into
this issue is a log message in cobbler.log similar to this:
INFO | add_item(profile); ['']
Notice the empty string - that should be the object name. The field
info is stored in a hash, where the key is "type_name" (for example:
profile_test1), so theoretically if you add an object, then delete it,
then recreate it with the exact same name you could theoretically run
into this too, where fields are not updating like you'd expect.
Overall, I'm noticing some name space pollution in the session, so I
may work on cleaning that up in the near future.
12 years, 5 months
Build route and production route differs
by Gerhardus Geldenhuis
Hi
I have a strange situation. A few servers in our infrastructure has a
different gateway than the rest and when I create the server in cobbler I
set this gateway as I want it configured in afterwards. However this caused
the build to fail as this ip/network does not support dhcp and building of
the server won't work using this different gateway.
One way of fixing this would be to add some additional if statements to the
network snippets.
Does anyone else have a similar problem and suggestions for solutions?
Regards
--
Gerhardus Geldenhuis
12 years, 5 months
interface ends up named eth2-eth0
by Daniel Kertby
Hi all,
First, thanks to you developers for continuing the excellent work on
Cobbler!
Now to the issue,
The system - has 3 network interfaces, were the third interface is used as
the public interface.
When installing Red Hat 5.5, interface 'eth0' will be assigned to the
interface which was used during the installation.
12 years, 5 months