Cobbler ACLs not working
by Aziz Malik
Hi,
There is a problem with the cobbler Web-UI I have got working.
I am trying to use ACLs so that some of our users are limited in their
capability to do things.
I have tried tinkering with many of the settings in the following files to
get ACLs working correctly the way I want:
/etc/cobbler/acls.conf
/etc/cobbler/users.conf
/etc/cobbler/modules.conf
It seems the ACLs are not working properly, they either give me complete
access to everything as an admin, or they give me "access denied" to
everything.
An eg of this inconsistency in the ACLs is as follows for the group jradmin:
More /etc/cobbler/acls.conf
[15:55] LINUX [root@g40lxsatlp01:/etc/cobbler]> more acls.conf
---
admin: {}
admins: {}
jradmin:
copy_distro: {}
copy_image: {}
copy_profile: {}
copy_repo: {}
modify_distro: {}
modify_image: {}
modify_profile: {}
modify_repo: {}
new_distro: {}
new_image: {}
new_profile: {}
new_repo: {}
remove_distro: {}
remove_image: {}
remove_profile: {}
remove_repo: {}
save_distro: {}
save_profile: {}
save_image: {}
save_repo: {}
write_kickstart_templates: {}
lesstrusted:
copy_*: {}
modify_distro: {}
modify_image: {}
modify_profile: {}
modify_repo: {}
modify_system:
modify-interface:
gateway-*: {}
hostname-*: {}
ip-address-*: {}
mac-address-*: {}
subnet-*: {}
new_*: {}
remove_*: {}
rename_*: {}
save_distro: {}
save_image: {}
save_profile: {}
save_repo: {}
sync: {}
write_kickstart_templates: {}
unmatched: {}
cat users.conf
[admins]
admin = ""
#cobbler = ""
#timmy = ""
[jradmin]
timmy = ""
cobbler
[lesstrusted]
#timmy = ""
BC1 = ""
#[timmy]
#timmy = ""
[BC1]
BC1 = ""
So users "timmy" and "cobbler" are both members of the group jradmin,
therefore they should have all the abilities of this group as indicated in
acls.conf. , but I cannot add anything new or even edit the existing objects
etc as I should be able to.
Also do I need to change any of the permissions in /etc/fstab to include ACL
support?
Thanks for your help.
Thanks
13 years, 5 months
How to reenable cheetah 'try' directive
by Jens Ahrens
Hi everybody,
I just upgraded from cobbler 2.0.3 to 2.0.9 and have the following problem:
In some of my kickstart templates I use the cheetah #try directive. But
since the upgrade of cobbler, I'm getting an error when trying to output
my kickstart file:
...
This 'try' directive is disabled
...
Is there any easy way to reenable it. I would not really want to rewrite
all my kickstart templates.
Thanks and Cheers,
Jens
13 years, 5 months
n00b questions
by Robert Cross
Hiya, I'm kind of new to cobbler, so apologies if any of what I'm going
to ask is dumb. Questions:
1. Are the manual pages that get loaded the definitive reference for the
available cobbler commands?
2. The configuration I'm having to use (VirtualBox running Centos 5.5
cobbler server and VB-hosted "clients") is currently using client
servers with eth0 assigned for "management" purposes and eth1 for
"system". Now I can easily setup eth1 IP addresses, nameservers etc
easily with the Web interface (which is really quite good) but I've want
to automate the VB machine generation and cobbler setup - so I need to
be able to generate my eth1 configuration from the command line. Are
there any decent references on how to do this? (the alternative is for
me to try and reverse-engineer the web interface, but I'd prefer not to
have to do this). From what I've seen it kind of looks like I need to do
a "cobbler system add ..." to setup the basic system and then use
"cobbler system edit ..." to add in all the extras that I want.
3. Anyone know why the Debian configuration has been disabled?
Presumably this is a work-in-progress? ;)
Thanks, Bob.
13 years, 5 months
cobbler + AoE
by Joe Linoff
Hi Folks:
I need some help.
I would like to boot my cobbler systems (xen domU's) onto networked AoE
block devices that are managed by a file server. For example, system1
would use /dev/etherd/e1.1, system2 would use /dev/etherd/e1.2 and so
on.
The problem is that I am not sure how to make it work.
I think that the easiest solution would be to make the AoE devices
appear on the dom0 by installing the aoe kernel module (modprobe aoe).
That could be done in the %post section of the kickstart file for the
dom0.
Unfortunately I am stuck at this point because I don't know how to tell
cobbler to use that device for the domU system.
I might be able to do it manually by specifying a xen conf entry that
looked something like this:
disk = ['phy:/dev/etherd/e1.1,xvda1,w']
But that won't work for cobbler. I was hoping that there was something I
could do in the kickstart template to say dom0 /dev/etherd/e1.1 is the
xvda for the "system1" domU. Is that possible?
Finally, is there a way to do this without involving the dom0 at all?
Could I tell the domU during the installation process that it should
install the aoe module and then use /dev/etherd/e1.1 as the disk?
Any hints would be greatly appreciated.
Thanks,
Joe
13 years, 5 months
koan problem: could not create symlink in /etc/xen/auto
by Joe Linoff
Hi Folks:
I am getting a warning about protections/ownership when I provision
domU's using koan and don't know how to fix it. Here is the command that
I am using, along with the error message and a listing of the file
permissions.
dom0 # koan --virt --system=cs-0004 --nogfx
<output snipped>
Could not create /etc/xen/auto/cs-0004 symlink. Please check write
permissions and ownership
dom0 # ls -ldg /etc/xen/auto
drwxrwxrwx 2 root 4096 Sep 28 06:38 /etc/xen/auto
What should the permissions and ownership be?
Is there some way that I could re-create those files using something
like this:
dom0 #
BTW, the domU's seem to be operating just fine but I am having problem
with convirt (a 3rd party tool) and this might be the cause because it
can't find the VM configurations.
Thanks,
Joe
13 years, 5 months
invalid xen kernel in dom0 /boot/grub/grub.conf -- how can i fix it automatically?
by Joe Linoff
Hi Folks:
When I provision my dom0 server using cobbler, it uses the wrong xen
kernel in the /boot/grub/grub.conf file which causes xend to fail with a
permissions problem. I can fix it manually but I would like to fix
automatically. There are at least two possible choices:
1) edit during the %post of kickstart or
2) configure the pxe templates (/etc/cobbler/pxe) correctly.
I think that I can manage the kickstart stuff but I do not know how to
fix the templates. Can someone help me with that or at least point me to
a reference? I didn't see anything detailed on the Trac site.
The problem and the fix are shown in detail below. The grub.conf files
are identical except for line 8.
Here is the broken grub.conf:
1 # BROKEN: it should be using /xen.gz-3.4.3 at line 8
2 default=0
3 timeout=5
4 splashimage=(hd0,0)/grub/splash.xpm.gz
5 hiddenmenu
6 title CentOS (2.6.18-194.26.1.el5xen)
7 root (hd0,0)
8 kernel /xen.gz-2.6.18-194.26.1.el5
9 module /vmlinuz-2.6.18-194.26.1.el5xen ro
root=/dev/VolGroup00/LogVol00
10 module /initrd-2.6.18-194.26.1.el5xen.img
11 title CentOS-base (2.6.18-194.26.1.el5)
12 root (hd0,0)
13 kernel /vmlinuz-2.6.18-194.26.1.el5 ro
root=/dev/VolGroup00/LogVol00
14 initrd /initrd-2.6.18-194.26.1.el5.img
Here is the fixed grub.conf:
1 # FIXED: changed /xen.gz-2.6.18-194.26.1.el5 --> /xen.gz-3.4.3 at
line 8
2 default=0
3 timeout=5
4 splashimage=(hd0,0)/grub/splash.xpm.gz
5 hiddenmenu
6 title CentOS (2.6.18-194.26.1.el5xen)
7 root (hd0,0)
8 kernel /xen.gz-3.4.3
9 module /vmlinuz-2.6.18-194.26.1.el5xen ro
root=/dev/VolGroup00/LogVol00
10 module /initrd-2.6.18-194.26.1.el5xen.img
11 title CentOS-base (2.6.18-194.26.1.el5)
12 root (hd0,0)
13 kernel /vmlinuz-2.6.18-194.26.1.el5 ro
root=/dev/VolGroup00/LogVol00
14 initrd /initrd-2.6.18-194.26.1.el5.img
Error message from /var/log/xen/xend.log:
[2011-01-05 13:54:00 6148] ERROR (SrvDaemon:349) Exception starting
xend ((13, 'Permission denied'))
Traceback (most recent call last):
File
"/usr/lib64/python2.4/site-packages/xen/xend/server/SrvDaemon.py", line
341, in run
servers = SrvServer.create()
File
"/usr/lib64/python2.4/site-packages/xen/xend/server/SrvServer.py", line
251, in create
root.putChild('xend', SrvRoot())
File
"/usr/lib64/python2.4/site-packages/xen/xend/server/SrvRoot.py", line
40, in __init__
self.get(name)
File "/usr/lib64/python2.4/site-packages/xen/web/SrvDir.py", line
84, in get
val = val.getobj()
File "/usr/lib64/python2.4/site-packages/xen/web/SrvDir.py", line
52, in getobj
self.obj = klassobj()
File
"/usr/lib64/python2.4/site-packages/xen/xend/server/SrvNode.py", line
30, in __init__
self.xn = XendNode.instance()
File "/usr/lib64/python2.4/site-packages/xen/xend/XendNode.py", line
948, in instance
inst = XendNode()
File "/usr/lib64/python2.4/site-packages/xen/xend/XendNode.py", line
91, in __init__
self.other_config["xen_pagesize"] =
self.xeninfo_dict()["xen_pagesize"]
File "/usr/lib64/python2.4/site-packages/xen/xend/XendNode.py", line
937, in xeninfo_dict
return dict(self.xeninfo())
File "/usr/lib64/python2.4/site-packages/xen/xend/XendNode.py", line
881, in xeninfo
info['xen_scheduler'] = self.xenschedinfo()
File "/usr/lib64/python2.4/site-packages/xen/xend/XendNode.py", line
871, in xenschedinfo
sched_id = self.xc.sched_id_get()
Error: (13, 'Permission denied')
Thanks,
Joe
13 years, 5 months
xm create -c <domU> is failing: can't find config file for koan VM
by Joe Linoff
Hi Folks:
I created two domU's using koan with the -nofgx switch:
dom0 % koan --virt --nogfx --system=foo
dom0 % koan --virt --nogfx --system=bar
They both configured properly.
I then ran xm list:
Name ID Mem VCPUs State
Time(s)
Domain-0 0 1024 16 r-----
621.6
foo 2048 2
0.0
bar 2048 2
0.0
I then ran xm create -c foo and got this error:
dom0 # xm create -c foo
Error: Unable to open config file: foo
Usage: xm create <ConfigFile> [options] [vars]
I then ran xm create -c bar and got the same error:
dom0 # xm create -c bar
Error: Unable to open config file: bar
Usage: xm create <ConfigFile> [options] [vars]
It is probably the case that some sort of error occurred during the
configuration/setup phase. Unfortunately I had to go to a meeting and
missed the output.
How can I debug this?
Here is the output of --display for foo:
dom0 # koan --display --system=foo
- looking for Cobbler at http://<server>/cobbler_api
- reading URL: http://<server>/cblr/svc/op/ks/system/foo
install_tree: http://<server>/cblr/links/centos-5.5-xen-x86_64
name : foo
distro : centos-5.5-xen-x86_64
profile : centos-5.5-xen-x86_64-domU
kickstart : http://<server>/cblr/svc/op/ks/system/foo
ks_meta :
tree=http://@@http_server@@/cblr/links/centos-5.5-xen-x86_64
install_tree :
http://<server>/cblr/links/centos-5.5-xen-x86_64
kernel :
/var/www/cobbler/ks_mirror/centos-5.5-x86_64/images/xen/vmlinuz
initrd :
/var/www/cobbler/ks_mirror/centos-5.5-x86_64/images/xen/initrd.img
netboot_enabled : True
kernel_options : ks=http://<server>/cblr/svc/op/ks/system/foo
ksdevice=link kssendmac lang= text
repos : centos-5.5-x86_64-addons
centos-5.5-x86_64-contrib centos-5.5-x86_64-elrepo
centos-5.5-x86_64-epel centos-5.5-x86_64-extras centos-5.5-x86_64-os
centos-5.5-x86_64-updates centos-5.5-x86_64-xen
virt_ram : 2048
virt_type : xenpv
virt_path :
virt_auto_boot : 0
Thanks,
Joe
13 years, 5 months
NOOB: where are the cobbler generated domU cfg files?
by Joe Linoff
Hi Folks:
I used cobbler to create a domU guest named "foo" and it worked well but
I didn't see /etc/xen/foo on the dom0 machine. I did see the xmexample
cfg files.
Is a xen configuration file created by cobbler? If so, where would one
find it?
Regards,
Joe
13 years, 5 months
disabling second nic and HP firmware cd...
by Corey Kovacs
Folks,
Is there a built in 'correct' way to ensure that my second nics are
not configured during build and left alone when using the network
config snippets delivered with cobbler?
RIght now, when the nodes finish building, the undefined second nic
tries to dhcp even though I've not given it a config.
I am getting around this by making the appropriate changes to
ifcfg-eth1 via two 'sed' lines but if there is a 'better' way I'd
rather do that than rely on a post config.
Also,
are people using the livecd boot method for booting HP firmware disks?
How about the SSTK?
Thanks
Corey
13 years, 5 months