cobbler cli user doesn't work after 1.x to 2.0.1 upgrade
by Chris Kelly
Hello-
I upgraded from 1.x to 2.0.1 and the cobbler cli user no longer works.
example:
[root@admin1 ~]# cobbler system add --name=foobar
cobbler.cexceptions.CX:'user <DIRECT> does not have access to
resource: xedit_system'
[root@admin1 ~]#
Looking around in the source code, I see:
/usr/lib/python2.4/site-packages/cobbler/modules/authz_ownership.py
def authorize(api_handle,user,resource,arg1=None,arg2=None):
"""
Validate a user against a resource.
All users in the file are permitted by this module.
"""
if user == "<DIRECT>":
# CLI should always be permitted
return True
...
so that should fall through fine. However, we are using LDAP
([authentication] module = authn_ldap) and I don't see any such code
in the LDAP module. It doesn't seem that adding similar code to the
authn_ldap.py file (and clearing pyo and pyc files and restarting
cobblerd) does the trick.
We are using the config file to manage users ([authorization] module =
authz_configfile) and adding <DIRECT> as a user there doesn't let root
on the command line back in.
Any ideas? Thanks!
-Chris
14 years
Serving Remote Kickstart/Snippet Files
by Devan Goodwin
Just wanted to post about some work I'm doing to support fetching
kickstarts and snippets over HTTP (and likely FTP/NFS as well). This
is to allow tighter integration for larger systems looking to
incorporate Cobbler. I wanted to post a little about what I've found
and plan to do in case it raises any alarms.
It appears you can already specify kickstarts as direct URLs, the only
caveat is that we don't do snippet replacement on them and just pass
the URL through directly to the client. I'm planning to modify this to
actually do the templating on the fly, and pass a cobbler hosted URL
for the kickstart to the client.
Snippets are expected to be stored on the local filesystem, as defined
by the /etc/cobbler/settings snippetsdir setting, I'm planning to
change this to support URLs as well. That might be a little sluggish
giving the multiple locations we check snippets for to support the
per-system and per-profile snippet functionality, but it should not
impact regular standalone cobbler users.
The kickstart behavior may need to be disabled by default in a config
setting so as not to impact existing users. The snippets should be
fine, just keep your snippetsdir pointing to the local filesystem and
nothing should change.
Let me know if you have any thoughts concerns or suggestions.
Thanks,
Devan
--
Devan Goodwin <dgoodwin(a)rm-rf.ca>
http://rm-rf.ca
14 years, 3 months
edit profile doesn't work in HEAD
by Martial Paupe
Hi list,
I've run into an issue witch is logged in a attached pdf. After bisect, it
seems to be the commit "2ff1fc3b526822f60f993c47f316b5fac0b4a1a7" or an
underlying problem that trigger that issue.
If you reverse that commit the form works again.
babatoko
14 years, 3 months
[PATCH] Another cosmetic patch to keep_*_keys snippets
by Leonid Flaks
This patch makes sure file time stamp and file permissions are preserved.
The patch is attached and is also at http://github.com/lflaks/cobbler/
--
Leon
diff --git a/snippets/keep_cfengine_keys b/snippets/keep_cfengine_keys
index 0037339..1c7b428 100644
--- a/snippets/keep_cfengine_keys
+++ b/snippets/keep_cfengine_keys
@@ -88,7 +88,7 @@ if [ "$keys_found" = "yes" ]; then
while : ; do
sleep 10
if [ -d /mnt/sysimage$SEARCHDIR ] ; then
- cp -f /tmp/$TEMPDIR/${PATTERN}* /mnt/sysimage$SEARCHDIR
+ cp -af /tmp/$TEMPDIR/${PATTERN}* /mnt/sysimage$SEARCHDIR
logger "keys copied to newly installed system"
break
fi
diff --git a/snippets/keep_files b/snippets/keep_files
index 501992c..5913d8b 100644
--- a/snippets/keep_files
+++ b/snippets/keep_files
@@ -115,7 +115,7 @@ function restore_keys
while : ; do
sleep 10
if [ -d /mnt/sysimage$SEARCHDIR ] ; then
- cp -f /tmp/$TEMPDIR/${PATTERN}* /mnt/sysimage$SEARCHDIR
+ cp -af /tmp/$TEMPDIR/${PATTERN}* /mnt/sysimage$SEARCHDIR
logger "$TEMPDIR keys copied to newly installed system"
break
fi
diff --git a/snippets/keep_rhn_keys b/snippets/keep_rhn_keys
index a9eb0b5..59bfc5d 100644
--- a/snippets/keep_rhn_keys
+++ b/snippets/keep_rhn_keys
@@ -79,7 +79,7 @@ if [ "$rhn_keys_found" = "yes" ]; then
while : ; do
sleep 10
if [ -d /mnt/sysimage/etc/sysconfig/rhn ] ; then
- cp -f /tmp/rhn/* /mnt/sysimage/etc/sysconfig/rhn/
+ cp -af /tmp/rhn/* /mnt/sysimage/etc/sysconfig/rhn/
logger "RHN KEY copied to newly installed system"
break
fi
diff --git a/snippets/keep_ssh_host_keys b/snippets/keep_ssh_host_keys
index 5c69cff..812cf08 100644
--- a/snippets/keep_ssh_host_keys
+++ b/snippets/keep_ssh_host_keys
@@ -88,7 +88,7 @@ if [ "$keys_found" = "yes" ]; then
while : ; do
sleep 10
if [ -d /mnt/sysimage$SEARCHDIR ] ; then
- cp -f /tmp/$TEMPDIR/${PATTERN}* /mnt/sysimage$SEARCHDIR
+ cp -af /tmp/$TEMPDIR/${PATTERN}* /mnt/sysimage$SEARCHDIR
logger "keys copied to newly installed system"
break
fi
14 years, 3 months
[ANN] Presenting Cobbler 2.0.2
by Alex Wood
We're happy to announce that Cobbler 2.0.2 is now in Fedora testing. We
had originally scheduled this release for late November but ran into a
few logistical problems actually getting the package out to Fedora.
The package will move into Fedora stable in a week or so assuming no one
encounters any major bugs.
The F12 packages can be found under the following tree:
http://download.fedora.devel.redhat.com/pub/fedora/linux//updates/testing...
The change log is below
- (FEAT) Added support for Cobbler4j
- (FEAT) Added method for enabling autostart on qemu domains
- (BUGF) web ui: move sessions directory to /var
- (BUGF) Update the vlanpattern regex to cover more common virtual
interface formats
- (BUGF) cobbler check: fix BIND detection
- (BUGF) Fix error message creating profile without a distro
- (BUGF) use proper HTTP error codes
- (BUGF) Create more intuitive system for displaying actions under
configuration items.
- (BUGF) Fixed hardlinking
- (BUGF) Creating subprofile in WebUI no longer fails on default_ownership
- (BUGF) No longer delete excluded files in reposync rsync
- (BUGF) Add fedora12 and fedora13 as valid 'redhat' versions
- (BUGF) Correct improper distro creation while importing i386 Fedora/RHEL.
- (BUGF) Better messaging for invalid object errors
- (BUGF) Added a legacy sync mechanism
- (BUGF) No longer bundle libraries on distros where they are already
available
And on a personal note, thanks to everyone for bearing with us as we are
learning to fill Michael's shoes.
--------------
Regards,
Alex, Devan, John, and Scott
--
Senior Software Engineer
Red Hat
919.754.4445
14 years, 4 months
Bug Report
by Kristian Kostecky
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I believe I've encountered a bug with using cobbler where a sub-profile that inherits the template-files directive of the parent and defines the ksmeta="X=Y" does not make the $X variable available to any advanced templating you perform (ie. is not available in $searchList(). However, if you define ksmeta and template-files within the same profile, you are able to access the ksmeta variable defined and it shows up in $searchList().
- - Create a profile with --template-files="X=Y" where the template file X uses the ksmeta variable A (defined in the next step).
- - Create a sub-profile with --inherit="first profile" and define --ksmeta="A=B"
- - Create and build a system out that uses the sub-profile and take a look at the template file Y, that is supposed to be created.
Results:
The system builds out, but the template file, Y does not have access to the ksmeta variables defined in the sub-profile that the system is using.
Reasons I think this is a bug:
The ksmeta variables ARE available if you define ksmeta in the same profile (or subprofile) as the --template-file you are attempting to construct. In the man page for --inherit, it mentions that all parent settings will be overridden by what's in the sub-profile *except* --ksmeta and --ksopts. In this case, it seems that ksmeta is not being pulled in from the parent profile.
Possible workaround:
Define ksmeta and template-files in the same sub-profile. I'm having to do this now to get it working, but it's a bit of a hack and doesn't work like the man page specifies.
Thanks so much,
Kris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
iEYEARECAAYFAkshEtgACgkQzlDC+kIIIbp0fwCeJKS9ZxZXeO9NlJxvfVXRj32o
Om4AniclS/IEyu97JRNGvUAX0WwV0QyG
=Irfh
-----END PGP SIGNATURE-----
14 years, 4 months
New feature
by Rytis Sileika
Hi,
I've created a patch that introduces new setting: rsync_user.
Currently cobbler replicate would run 'rsync remote_server:...', so
the user will be assumed to be 'root'. For "paswordless" replications
this is not ideal, as making "paswordless" root account is generally
not a good idea.
This setting allows specifying any user on the remote system,
effectively changing rsync command to 'rsync user@remote_server:...'.
If not specified it will not append anything.
Kind regards,
Rytis
14 years, 4 months
[PATCH] Simple correction to 3 snippets - '#end' replaced with '#end raw'
by Leonid Flaks
The patch is attached, it is also at http://github.com/lflaks/cobbler/
--
Leon
diff --git a/snippets/keep_cfengine_keys b/snippets/keep_cfengine_keys
index 5fd9e37..0037339 100644
--- a/snippets/keep_cfengine_keys
+++ b/snippets/keep_cfengine_keys
@@ -94,4 +94,4 @@ if [ "$keys_found" = "yes" ]; then
fi
done &
fi
-#end
+#end raw
diff --git a/snippets/keep_rhn_keys b/snippets/keep_rhn_keys
index 94f265b..a9eb0b5 100644
--- a/snippets/keep_rhn_keys
+++ b/snippets/keep_rhn_keys
@@ -85,4 +85,4 @@ if [ "$rhn_keys_found" = "yes" ]; then
fi
done &
fi
-#end
+#end raw
diff --git a/snippets/keep_ssh_host_keys b/snippets/keep_ssh_host_keys
index be1d2d4..5c69cff 100644
--- a/snippets/keep_ssh_host_keys
+++ b/snippets/keep_ssh_host_keys
@@ -94,4 +94,5 @@ if [ "$keys_found" = "yes" ]; then
fi
done &
fi
-#end
+#end raw
+
14 years, 4 months
Re-Introduction
by Jeroen van Meeuwen
Hey guys,
I just wanted to let you know I'm back in the Cobbler realm of things.
-- Jeroen
14 years, 4 months