Cobbler replicate over ssh
by Anthony Davis
Hi has anyone managed to replicate cobbler using ssh tunnels or any other sort of tunnels?
I am trying with
ssh -l user <master server ip> -L 80:127.0.0.1:80 -L 873:127.0.0.1:873 -L 25150:127.0.0.1:25150 -L 25151:127.0.0.1:25151
To create the tunnel
Then
cobbler replicate --master=127.0.0.1 --distro=*
But it picks up the local cobbler server and tries to replicate itself. This is because the ports I'm trying for forward are already in use. Is there any way to specify what ports to use?
Hope someone can help.
Thanks :)
11 years, 10 months
using koan with libvirt pools...
by Matthew Nicholson
it is possible, using koan, to specify which libvirt pool a given vm
should end up in? or should I just point it at the directory directly?
--
Matthew Nicholson
11 years, 10 months
Extending cobbler
by Daniel Ullfig
Hello everybody:
I’m new to the list, and I’m new to cobbler. I stumbled upon cobbler looking for a solution to an idea I have. I’m working on a voip server idea. Mostly a front end to FreeSwitch. I think most voip systems handle new phone configuration backwards. You enter configuration information into the system before plugging the phone in, and then you plug the phone in. It seems backwards to me.
What I want to do is the following:
1 – plug new IP phone into wall jack
2 – IP phone asks DHCP server for IP address
3 – DHCP server detects by the vendor code and/or MAC address, that someone has plugged a new phone in
4 – DHCP server tells cobbler that there is a new phone attached
5 – cobbler writes a default configuration file tailored for the new phone and stores it in the tftp folder.
6 – DHCP assigns an IP address to the phone.
7 – The phone gets its configuration file from the tftp server
8 – Now, even though no one input configuration info into the system, you can already dial certain numbers like 611, 911, and maybe 0. So now the installer, even if he is in a remote location, can use the phone to call a central location and configure the phone using the same IP phone. No need for a second phone, no need to be near the phone server.
Does this seem like something that would be easy to implement in Cobbler? I like that it has a nice Web interface, and that it is extensible.
Dan Ullfig
11 years, 11 months
Re: [cobbler] Cobbler-side installs to KVM, VMware?
by Eldred, Doug
Yes, we would like to be able to initiate the install from the Cobbler web or CL: enable netboot via the web, reboot via the web, etc.
The primary use case is Autotest, and it would be nice if we could treat physical boxes/blades and virtual machines the same. However, we also envision engineers wanting to reinstall their own machines, and one way regardless of real/virtual would be nice; teaching everyone two ways to do one thing seems silly if it can be avoided.
Regards,
Doug
----
MC Linux Infrastructure, 970-898-4860, Fort Collins 3UR8 (MS 57)
"Adding more [is] less successful than doing less really well." -- Sheila Coleman
-----Original Message-----
From: cobbler-bounces(a)lists.fedorahosted.org [mailto:cobbler-bounces@lists.fedorahosted.org] On Behalf Of cobbler-request(a)lists.fedorahosted.org
Sent: Saturday, June 02, 2012 6:00 AM
To: cobbler(a)lists.fedorahosted.org
Subject: cobbler Digest, Vol 48, Issue 2
Send cobbler mailing list submissions to
cobbler(a)lists.fedorahosted.org
To subscribe or unsubscribe via the World Wide Web, visit
https://fedorahosted.org/mailman/listinfo/cobbler
or, via email, send a message with subject or body 'help' to
cobbler-request(a)lists.fedorahosted.org
You can reach the person managing the list at
cobbler-owner(a)lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cobbler digest..."
Today's Topics:
1. Re: Cobbler-side installs to KVM, VMware? (Greg Swift)
----------------------------------------------------------------------
Message: 1
Date: Fri, 1 Jun 2012 13:41:16 -0500
From: Greg Swift <gregswift(a)gmail.com>
To: cobbler mailing list <cobbler(a)lists.fedorahosted.org>
Subject: Re: [cobbler] Cobbler-side installs to KVM, VMware?
Message-ID:
<CACB_2GYWDTDcpwo4E46qJz79DGic8yCpmAjiViXGLZAZjYWa4g(a)mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On Fri, May 25, 2012 at 12:51 PM, Eldred, Doug <doug.eldred(a)hp.com> wrote:
> I'm looking for an example, specifically showing the "power" settings in Cobbler, for how to initiate a Cobbler-side install to a KVM or VMware virtual machine. Most of what I've found so far involves using koan, not using the Cobbler side to kick things off.
So... koan is cobbler's took for doing these things. So that is
technically correct. Do you mean from Cobbler Web?
------------------------------
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler
End of cobbler Digest, Vol 48, Issue 2
**************************************
11 years, 11 months
More documantation on Management Classes and Resources
by Dan White
I just updated from 2.0.11-2.el5 to 2.2.2-1.el5
Things burped momentarily while I swapped out mod_python and repaired the effected config files, but that took no time at all.
I brought up the new Web-UI and one of the first things to catch my eye was the Resources heading with Packages and Files under it.
Looking for details, I found some on the "Start Here" Wiki Page:
https://github.com/cobbler/cobbler/wiki/Start%20Here
...under a sub-heading of "Management Classes and Resources"
It describes how to add a package or file resource.
It implies that these resources can be grouped into a management class.
It then references another wiki page: https://github.com/cobbler/cobbler/wiki/Built%20in%20configuration%20mana...
This page talks about "Template files" and "Leveraging Mod Python" (how do I leverage that which I just removed?)
It contains nothing about file/package resources.
Google-ing about produced a moderate amount of very confusing results, none that help.
Where, please, do I find details on these resource types and how to use them ?
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
11 years, 11 months
Cobbler 2.2.3-1 released
by James Cammarata
Just tagged and pushed this to github. I'll begin the process of
getting packages rolled out to Fedora/EPEL as soon as possible.
https://github.com/cobbler/cobbler/tree/release22
A quick highlight of the changes in this release:
- Multiple security fixes:
* CSRF support for the web GUI, which will now default to using https too.
* Power management subsystem completely re-worked to prevent
command-injection (CVE-2012-2395).
- Support for bind in chroot'd environments.
- Koan now uses virt-install CLI instead of directly accessing the virtinst API
- Various improvements for SuSE and autoyast, especially for
PPC64-based systems.
- BETA support for ESXi5 and gPXE
- BETA support for using other template languages, like jinja2
And of course tons of bug fixes.
Now that this release is out, and things have settled down from the
change in leadership, expect much more frequent minor updates to
address bugs much sooner. We will also be focusing on documentation
now, especially since many of the features above are not documented
well (or at all). Thanks to everyone who helped out with this release!
The full (and very long) CHANGELOG is as follows:
* Tue Jun 05 2012 James Cammarata <jimi(a)sngx.net> 2.2.3-1
- [BUGFIX] add dns to kernel commandline when using static interface
(frido(a)enu.zolder.org)
- [BUGFIX] issue #196 - repo environment variables bleed into other repos
during sync process This patch has reposync cleanup/restore any environment
variables that were changed during the process (jimi(a)sngx.net)
- BUGFIX quick dirty fix to work around an issue where cobbler would
not log in ldap
usernames which contain uppercase characters. at line 60 instead of "if user
in data", "if user.lower() in data" is used. It would appear the parser puts
the usernames in data[] in lowercase, and the comparison fails because "user"
does hold capitalizations. (matthiasvandegaer(a)hotmail.com)
- [BUGFIX] simplify SELinux check reporting
* Remove calls to semanage, policy prevents apps from running that directly
(and speeds up check immensely)
* Point users at a wiki page which will contain details on ensuring cobbler
works with SELinux properly (jimi(a)sngx.net)
- [BUGFIX] issue #117 - incorrect permissions on files in /var/lib/cobbler
(j-nomura(a)ce.jp.nec.com)
- [BUGFIX] issue #183 - update objects mgmt classes field when a mgmt class is
renamed (jimi(a)sngx.net)
- [BUGFIX] adding some untracked directories and the new augeas lense to the
setup.py and cobbler.spec files (jimi(a)sngx.net)
- [FEATURE] Added ability to disable grubby --copy-default behavior
for distros that may
have problems with it (jimi(a)sngx.net)
- [SECURITY] Major changes to power commands:
* Fence options are now based on /usr/sbin/fence_* - so basically anything the
fence agents package provides.
* Templates will now be sourced from
/etc/cobbler/power/fence_<powertype>.template.
These templates are optional, and are only required if you want to do extra
options for a given command. - All options for the fence agent
command are sent
over STDIN.
* Support for ipmitool is gone, use fence_ipmilan instead (which uses ipmitool
under the hood anyway). This may apply to other power types if
they were provided
by a fence_ command.
* Modified labels for the power options to be more descriptive.
(jimi(a)sngx.net)
- [BUGFIX] issue #136 - don't allow invalid characters in names when copying
objects (jimi(a)sngx.net)
- [BUGFIX] issue #168 - change input_string_or_list to use shlex for split This
function was using a regular string split, which did not allow quoted or
escaped strings to be preserved. (jimi(a)sngx.net)
- [BUGFIX] Correct method to process the template file. This Fixes the
previous issue
and process the template. (charlesrg(a)gmail.com)
- [BUGFIX] issue #170 - koan now checks length of drivers list before indexing
(daniel(a)defreez.com)
- [BUGFIX] Issue #153 - distro delete doesn't remove link from
/var/www/cobbler/links Link was being created incorrectly during the import
(jimi(a)sngx.net)
- [FEATURE] snippets: save/restore boot-device on ppc64 on fedora17
(nacc(a)us.ibm.com)
- [BUGFIX] Fixed typo in pre_anamon (brandor5(a)gmail.com)
- [BUGFIX] Added use of $http_port to server URL in pre_anamon and post_anamon
(brandor5(a)gmail.com)
- [BUGFIX] Fixed dnsmasq issue regarding missing dhcp-host entries
(cobbler(a)basjes.nl)
- [BUGFIX] in buildiso for RedHat based systems. The interface->ip
resolution was
broken when ksdevice=bootif (default) (jorgen.maas(a)gmail.com)
- [BUGFIX] rename failed for distros that did not live under ks_mirror
(jimi(a)sngx.net)
- [BUGFIX] Partial revert of commit 3c81dd3081 - incorrectly removed
the 'extends'
template directive, breaking rendering in django (jimi(a)sngx.net)
- [BUGFIX] Reverting commit 1d6c53a97, which was breaking spacewalk
Changed the web
interface stuff to use the existing extended_version() remote call
(jimi(a)sngx.net)
- [BUGFIX] Minor fix for serializer_pretty_json change, setting indent
to 0 was still
causing more formatted JSON to be output (jimi(a)sngx.net)
- [SECURITY] Adding PrivateTmp=yes to the cobblerd.service file for systemd
(jimi(a)sngx.net)
- [FEATURE] add a config option to enable pretty JSON output (disabled
by default)
(aronparsons(a)gmail.com)
- [BUGFIX] issue #107 - creating xendomains link for autoboot fails Changing an
exception to a printed warning, there's no need to completely bomb out on the
process for this (jimi(a)sngx.net)
- [BUGFIX] issue #28 - Cobbler drops errors on the floor during a replicate
Added additional logging to add_ functions to report an error if the add_item
call returns False (jimi(a)sngx.net)
- [BUGFIX] add requirement for python-simplejson to koan's package
(jimi(a)sngx.net)
- [BUGFIX] action_sync: fix sync_dhcp remote calls (nacc(a)us.ibm.com)
- [BUGFIX] Add support for KVM paravirt (justin(a)thespies.org)
- [BUGFIX] Makefile updates for debian/ubuntu systems (jimi(a)sngx.net)
- [BUGFIX] fix infinite netboot cycle with ppc64 systems (nacc(a)us.ibm.com)
- [BUGFIX] Don't allow Templar classes to be created without a valid config
There are a LOT of places in the templar.py code that use self.settings
without checking to make sure a valid config was passed in. This could cause
random stack dumps when templating, so it's better to force a config to be
passed in. Thankfully, there were only two pieces of code that actually did
this, one of which was the tftpd management module which was fixed elsewhere.
(jimi(a)sngx.net)
- [BUGFIX] instance of Templar() was being created without a config passed in
This caused a stack dump when the manage_in_tftpd module tried to access the
config settings (jimi(a)sngx.net)
- [BUGFIX] Fix for issue #17 - Make cobbler import be more squeaky
when it doesn't
import anything (jimi(a)sngx.net)
- [FEATURE] autoyast_sample: save and restore boot device order
(nacc(a)us.ibm.com)
- [BUGFIX] Fix for issue #105 - buildiso fails Added a new option for buildiso:
--mkisofs-opts, which allows specifying extra options to mkisofs TODO: add
input box to web interface for this option (jimi(a)sngx.net)
- [BUGFIX] incorrect lower-casing of kickstart paths - regression from issue
#43 (jimi(a)sngx.net)
- [FEATURE] Automatically detect and support bind chroot (orion(a)cora.nwra.com)
- [FEATURE] Add yumopts to kickstart repos (orion(a)cora.nwra.com)
- [BUGFIX] Fix issue with cobbler system reboot (nacc(a)us.ibm.com)
- [BUGFIX] fix stack trace in write_pxe_file if distro==None
(smoser(a)brickies.net)
- [BUGFIX] Changed findkeys function to be consisten with
keep_ssh_host_keys snippet
(flaks(a)bnl.gov)
- [BUGFIX] Fix for issue #15 - cobbler image command does not recognize
--image-type=memdisk (jimi(a)sngx.net)
- [BUGFIX] Issue #13 - reposync with --tries > 1 always repeats, even on
success The success flag was being set when the reposync ran, but didn't
break out of the retry loop - easy fix (jimi(a)sngx.net)
- [BUGFIX] Fix for issue #42 - kickstart not found error when path has leading
space (jimi(a)sngx.net)
- [BUGFIX] Fix for issue #26 - Web Interface: Profile Edit
* Added jquery UI stuff
* Added javascript to generic_edit template to make all selects in the
class "edit" resizeable
(jimi(a)sngx.net)
- [BUGFIX] Fix for issue #53 - cobbler system add without --profile exits 0,
but does nothing (jimi(a)sngx.net)
- [BUGFIX] Issue #73 - Broken symlinks on distro rename from web_gui
(jimi(a)sngx.net)
- regular OS version maintenance (jorgen.maas(a)gmail.com)
- [BUGFIX] let koan not overwrite existing initrd+kernel (ug(a)suse.de)
- [FEATURE] koan:
* Port imagecreate to virt-install (crobinso(a)redhat.com)
* Port qcreate to virt-install (crobinso(a)redhat.com)
* Port xen creation to virt-install (crobinso(a)redhat.com)
- [FEATURE] new snippet allows for certificate-based RHN registration
(jim.nachlin(a)gawker.com)
- [FEATURE] Have autoyast by default behave more like RHEL, regarding
networking etc.
(chorn(a)fluxcoil.net)
- [BUGFIX] sles patches (chorn(a)fluxcoil.net)
- [BUGFIX] Simple fix for issue where memtest entries were not getting
created after
installing memtest86+ and doing a cobbler sync (rharriso(a)redhat.com)
- [BUGFIX] REMOTE_ADDR was not being set in the arguments in calls to CobblerSvc
instance causing ip address not to show up in install.log.
(jweber(a)cofront.net)
- [BUGFIX] add missing import of shutil (aparsons(a)redhat.com)
- [BUGFIX] add a sample kickstart file for ESXi (aparsons(a)redhat.com)
- [BUGFIX] the ESXi installer allows two nameservers to be defined
(aparsons(a)redhat.com)
- [BUGFIX] close file descriptors on backgrounded processes to avoid
hanging %%pre
(aparsons(a)redhat.com)
- [BUGFIX] rsync copies the repositories with --delete hence deleting
everyhting local
that isn't on the source server. The createrepo then creates (following the
default settings) a cache directory ... which is deleted by the next rsync
run. Putting the cache directory in the rsync exclude list avoids this
deletion and speeds up running reposync dramatically. (niels(a)basjes.nl)
- [BUGFIX] Properly blame SELinux for httpd_can_network_connect type
errors on initial
setup. (michael.dehaan(a)gmail.com)
- fix install=... kernel parameter when importing a SUSE distro (ug(a)suse.de)
- [BUGFIX] Force Django to use the system's TIME_ZONE by default.
(jorgen.maas(a)gmail.com)
- [FEATURE] Separated check for permissions from file existence check.
(aaron.peschel(a)gmail.com)
- [BUGFIX] If the xendomain symlink already exists, a clearer error
will be produced.
(aaron.peschel(a)gmail.com)
- [FEATURE] Adding support for ESXi5, and fixing a few minor things
(like not having a
default kickstart for esxi4) Todos: * The esxi*-ks.cfg files are empty, and
need proper kickstart templates * Import bug testing and general kickstart
testing (jimi(a)sngx.net)
- [FEATURE] Adding basic support for gPXE (jimi(a)sngx.net)
- [FEATURE] Add arm as a valid architecture. (chuck.short(a)canonical.com)
- [SECURITY] Changes PYTHON_EGG_CACHE to a safer path owned just by
the webserver.
(chuck.short(a)canonical.com)
- [BUGFIX] koan: do not include ks_meta args when obtaining tree When
obtaining the tree
for Ubuntu machines, ensure that ks_meta args are not passed as part of the
tree if they exist. (chuck.short(a)canonical.com)
- [FEATURE] koan: Use grub2 for --replace-self instead of grubby The koan option
'--replace-self' uses grubby, which relies on grub1, to replace a local
installation by installing the new kernel/initrd into grub menu entries.
Ubuntu/Debian no longer uses it grub1. This patch adds the ability to use
grub2 to add the kernel/initrd downloaded to a menuentry. On reboot, it will
boot from the install kernel reinstalling the system. Fixes (LP: #766229)
(chuck.short(a)canonical.com)
- [BUGFIX] Fix reposync missing env variable for debmirror Fixes
missing HOME env
variable for debmirror by hardcoding the environment variable to
/var/lib/cobbler (chuck.short(a)canonical.com)
- [BUGFIX] Fix creation of repo mirror when importing iso. Fixes the
creation of a
disabled repo mirror when importing ISO's such as the mini.iso that does not
contain any mirror/packages. Additionally, really enables 'apt' as possible
repository. (chuck.short(a)canonical.com)
- [BUGFIX] adding default_template_type to settings.py, caused some issues with
templar when the setting was not specified in the /etc/cobbler/settings
(jimi(a)sngx.net)
- [BUGFIX] fix for following issue: can't save networking options of a system
in cobbler web interface. (#8) (jimi(a)sngx.net)
- [BUGFIX] Add a new setting to force CLI commands to use the
localhost for xmlrpc
(chjohnst(a)gmail.com)
- [BUGFIX] Don't blow up on broken links under /var/www/cobbler/links
(jeffschroeder(a)computer.org)
- [SECURITY] Making https the default for the cobbler web GUI. Also
modifying the cobbler-
web RPM build to require mod_ssl and mod_wsgi (missing wsgi was an oversight,
just correcting it now) (jimi(a)sngx.net)
- [FEATURE] Adding authn_pam. This also creates a new setting -
authn_pam_service, which
allows the user to configure which PAM service they want to use for cobblerd.
The default is the 'login' service (jimi(a)sngx.net)
- [SECURITY] Change in cobbler.spec to modify permissions on webui
sessions directory to
prevent non-privileged user acccess to the session keys (jimi(a)sngx.net)
- [SECURITY] Enabling CSRF protection for the web interface (jimi(a)sngx.net)
- [SECURITY] Convert all yaml loads to safe_loads for security/safety reasons.
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883 (jimi(a)sngx.net)
- [FEATURE] Added the setting 'default_template_type' to the settings
file, and created
logic to use that in Templar().render(). Also added an option to the same
function to pass the template type in as an argument. (jimi(a)sngx.net)
- [FEATURE] Initial commit for adding support for other template
languages, namely jinja2
in this case (jimi(a)sngx.net)
11 years, 11 months
Fedora 12 ppc Distro Import Error
by Bob Cochran
Greetings,
Last night I had fun importing 3 different distros into cobbler version
2.3.1. However there was a problem with one of the imports.
Distro 1 was Fedora 12 ppc64. I downloaded the Fedora 12 DVD from the
Fedorahosted.org archives and imported the DVD. Cobbler got upset with
me because in the import request I used '--arch=ppc' and the software
detected arch=ppc64. So I redid the import statement with --arch=ppc64
and after a while the import task ended with '***TASK FAILED***'. There
was no other error output to indicate a problem with the processing.
Just the final statement '***TASK FAILED***. Do I need to back out this
import in some way? Do I need to redo the import?
Distro 2 was Fedora 17 i386. Import succeeded.
Distro 3 was Fedora 17 x86_64. import succeeded.
Thanks a ton for any help!
Bob Cochran
11 years, 11 months
Updating From Github
by Bob Cochran
I want to confirm that I understand how to update my current cobbler
installation from Github. Yes, I am aware that it is
development-in-progress and could contain a few glitches. I want to play
with it anyhow. Here is what I did several days ago:
* git clone ...
* (as root) `make install`
* `make webtest`
[I learn how to set up DNS and BIND, learns a few lessons on httpd, and
begins to work with the web parts of cobbler...and goofs around with
settings]
[I learn how to `cobbler import` a distro, and do it a couple times]
I do a 'git pull' and discover that cobbler has some updates!
To incorporate these updates into my current implementation of Cobbler,
I become root and run `make webtest`. This will update Cobbler without
destroying my settings or imported distros.
Is that the correct way of doing it?
Thanks
Bob
11 years, 11 months
Permissions For Directory /var/lib/cobbler/webui_sessions
by Bob Cochran
Hello!
Several days ago, I downloaded cobbler from github and 'make install'ed
it. I then played around with doing this
http://blog.milford.io/2012/03/getting-a-basic-cobbler-server-going-on-ce...
...but it seems focused on an older version of Cobbler, and I have not
had success in getting logged in to the cobbler_web interface. Perhaps
I'm wrong.
Next, I restored the cobbler_web.conf file that my cobbler build
produced, and reran htdigest according to the Cobbler wiki instructions at
https://github.com/cobbler/cobbler/wiki/Cobbler%20web%20interface
I have not added any distros or repos or other content yet to the
cobbler implementation on this machine.
I then attempted to log in to the web interface for the first time. I
was able to enter my username and password with no trouble, but it died
at this screen (only a part of which is shown):
That directory ( /var/lib/cobbler/webui_sessions ) is owned by
root.root. I assume it needs to be owned by apache.root. Is this correct?
Does the entire directory tree starting at /var/lib/cobbler have to be
owned by apache.root?
Thanks!
Bob Cochran
11 years, 11 months
Cobbler-side installs to KVM, VMware?
by Eldred, Doug
I'm looking for an example, specifically showing the "power" settings in Cobbler, for how to initiate a Cobbler-side install to a KVM or VMware virtual machine. Most of what I've found so far involves using koan, not using the Cobbler side to kick things off.
To my surprise, even though there's a "fence_vmware" command, Cobbler is unaware of it. I've tried ipmitool based on one example, but haven't figured out the other power values to set in Cobbler.
Thanks in advance for any clues or documentation.
Regards,
Doug
----
MC Linux Infrastructure, 970-898-4860, Fort Collins 3UR8 (MS 57)
"We should not let the much that is to do obscure the much which has been done." -- Calvin Coolidge
11 years, 11 months