[PATCH] making cobbler's umask a bit more restrictive
by Justin Sherrill
When cobbler starts up and daemonizes itself, it sets its umask to 0.
The result of this is that any files (pxe configs) it writes are world
writable. When calling 'cobbler sync' from the command line it's fine,
since it will use the current users umask.
When running this from the API, however, it uses the daemon's umask
which will write the files as -rw-rw-rw-
This was reported by a spacewalk/RHN Satellite user here:
https://bugzilla.redhat.com/show_bug.cgi?id=554567
Thanks,
-Justin
--
Justin Sherrill, RHCA 1801 Varsity Drive.
Software Engineer Raleigh, NC 27603
Red Hat, Inc.
14 years, 1 month
[Patch] Cobbler default system not working
by Justin Sherrill
Hi, I've attached a fix for the default system not correctly generating
a default file with the associated profile within the pxe configuration.
Basically from the man page:
A system created with name "default" has special semantics.
If a default system object exists, it sets all undefined systems to
PXE to a specific profile. Without a "default" system name
created, PXE will fall through to local boot for unconfigured systems.
When using "default" name, don’t specify any other arguments
than --profile ... they won’t be used.
So looking through the code, I don't think this has ever worked. It
didn't look too hard to implement, so i've attached a patch which should
fix the issue. The patch addresses 2 things:
1. now a /tftpboot/pxelinux.cfg/default file is generated regardless of
whether or not a 'default' system record exists (previously it would not
create this file if the default system exists, which seems completely
wrong).
2. If a "default" cobbler system record exists, it uses it's associated
profile as the timeout menu item, otherwise it uses "local".
The two files it updates are:
/etc/cobbler/pxe/pxedefault.template
/usr/lib/python2.X/site-packages/cobbler/pxegen.py
This came from a discussion on cobbler-list.
-Justin
--
Justin Sherrill, RHCA 1801 Varsity Drive.
Software Engineer Raleigh, NC 27603
Red Hat, Inc.
14 years, 1 month
dynamically adjusted json files
by Scott Nottingham
Hello. Is there a way to prevent the automatic update of system provision
file when changes are made to the corresponding kickstart file?
In case my question is unclear, here is a little background on what I'm
getting at...
I am trying to utilize a single kickstart file to provision multiple servers
where each server differs only in the packages that are installed. To
accomplish this, I have written a script that reads a txt file containing
the name, mac, cobbler_profile_name, ip, netmask, and gateway of each server
to be provisioned. Each server, and thus each line, may have a different
cobbler_profile_name but will share a common kickstart file. My script also
dynamically changes the %packages section of the kickstart based on the
cobbler_profile_name for that particular line. The order of operations then
is: read variables from txt file. determine which packages to update
kickstart file with. update kickstart file. add server to cobbler system.
Fairly straight forward and simple --EXCEPT, even after the server is added
to the cobbler system, if the kick start file changes (i.e. the next cycle
of the script's loop), the packages for the already submitted server also
change. Is there any way to stop this from happening?
<script>
function1() {
update the kickstart file with the appropriate packages
return
}
while read name mac profile ip netmask gateway
do
case $profile in
profile_type1 ) function1;;
profile_type2 ) function2;;
...
cobbler system add --name=$name --mac=$mac --profile=$profile --ip=$ip
--netmask=$netmask --gateway=$gateway --static=yes
done < systems.txt
</script>
14 years, 1 month
[PATCH] Bugfix: allow the creation of subprofiles again
by Ian Ward Comfort
The redesign of the remote API for Cobbler 2.0 broke subprofile creation,
since new profile objects created by xapi_object_edit() were never initialized
with is_subobject=True. Fix this by adding an optional is_subobject kwarg to
new_item(), and using it when asked to add a profile with a parent attribute.
---
cobbler/remote.py | 19 ++++++++++---------
1 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/cobbler/remote.py b/cobbler/remote.py
index b3461e5..86c35f3 100644
--- a/cobbler/remote.py
+++ b/cobbler/remote.py
@@ -699,7 +699,7 @@ class CobblerXMLRPCInterface:
def rename_image(self,object_id,newname,token=None):
return self.rename_item("image",object_id,newname,token)
- def new_item(self,what,token):
+ def new_item(self,what,token,is_subobject=False):
"""
Creates a new (unconfigured) object, returning an object
handle that can be used with modify_* methods and then finally
@@ -710,15 +710,15 @@ class CobblerXMLRPCInterface:
self._log("new_item(%s)"%what,token=token)
self.check_access(token,"new_%s"%what)
if what == "distro":
- d = item_distro.Distro(self.api._config)
+ d = item_distro.Distro(self.api._config,is_subobject=is_subobject)
elif what == "profile":
- d = item_profile.Profile(self.api._config)
+ d = item_profile.Profile(self.api._config,is_subobject=is_subobject)
elif what == "system":
- d = item_system.System(self.api._config)
+ d = item_system.System(self.api._config,is_subobject=is_subobject)
elif what == "repo":
- d = item_repo.Repo(self.api._config)
+ d = item_repo.Repo(self.api._config,is_subobject=is_subobject)
elif what == "image":
- d = item_image.Image(self.api._config)
+ d = item_image.Image(self.api._config,is_subobject=is_subobject)
else:
raise CX("internal error, collection name is %s" % what)
key = "___NEW___%s::%s" % (what,self.__get_random(25))
@@ -729,8 +729,8 @@ class CobblerXMLRPCInterface:
return self.new_item("distro",token)
def new_profile(self,token):
return self.new_item("profile",token)
- # for API backwards compatibility reasons only:
- new_subprofile = new_profile
+ def new_subprofile(self,token):
+ return self.new_item("profile",token,is_subobject=True)
def new_system(self,token):
return self.new_item("system",token)
def new_repo(self,token):
@@ -799,7 +799,8 @@ class CobblerXMLRPCInterface:
raise CX("it seems unwise to overwrite this object, try 'edit'")
if edit_type == "add":
- handle = self.new_item(object_type, token)
+ is_subobject = object_type == "profile" and "parent" in attributes
+ handle = self.new_item(object_type, token, is_subobject=is_subobject)
else:
handle = self.get_item_handle(object_type, object_name)
--
1.7.0.2
14 years, 2 months
[PATCH] Bugfix: fetch extra metadata from upstream repositories more safely
by Ian Ward Comfort
Commit c426ce32 enhanced repository mirroring by fetching the upstream yum
repository's repomd.xml file, and parsing it for references to additional
metadata that could be downloaded and given to our local createrepo(8) call.
However, cobblerd currently downloads the origin's repomd.xml to the location
where our mirror's metadata will ultimately live, repodata/repomd.xml. This is
problematic for at least two reasons:
* Our own repository's repomd.xml is truncated every time we run a
reposync. This widens the window during which clients may try to use our
repository and find no or inconsistent metadata in it.
* Overwriting our own repomd.xml on every reposync makes extra work for
createrepo. Even worse, it can interfere with a -C option passed to our
createrepo call, since it artificially updates the file's mtime so that it
is newer than any new RPMs we may have downloaded. This problem is
exacerbated by the fact that, if createrepo skips metadata creation due to
-C, the origin's metadata (which is incorrect for our repo) is left in
place.
To resolve these issues, we save the origin's repomd.xml into our .origin
directory instead, and parse it there. (We also eliminate an unnecessary
wget(1) call while we're at it.)
---
cobbler/action_reposync.py | 14 ++++++--------
1 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/cobbler/action_reposync.py b/cobbler/action_reposync.py
index e73dc4a..3cdf1e9 100644
--- a/cobbler/action_reposync.py
+++ b/cobbler/action_reposync.py
@@ -166,11 +166,11 @@ class RepoSync:
# add any repo metadata we can use
mdoptions = []
- if os.path.isfile("%s/repodata/repomd.xml" % (dirname)):
+ if os.path.isfile("%s/.origin/repomd.xml" % (dirname)):
if not HAS_YUM:
utils.die(self.logger,"yum is required to use this feature")
- rmd = yum.repoMDObject.RepoMD('', "%s/repodata/repomd.xml" % (dirname))
+ rmd = yum.repoMDObject.RepoMD('', "%s/.origin/repomd.xml" % (dirname))
if rmd.repoData.has_key("group"):
groupmdfile = rmd.getData("group").location[1]
mdoptions.append("-g %s" % groupmdfile)
@@ -387,16 +387,14 @@ class RepoSync:
utils.die(self.logger,"no /usr/bin/wget found, please install wget")
# grab repomd.xml and use it to download any metadata we can use
- cmd2 = "/usr/bin/wget -q %s/repodata/repomd.xml -O /dev/null" % (repo_mirror)
+ cmd2 = "/usr/bin/wget -q %s/repodata/repomd.xml -O %s/repomd.xml" % (repo_mirror, temp_path)
rc = utils.subprocess_call(self.logger,cmd2)
if rc == 0:
+ # create our repodata directory now, as any extra metadata we're
+ # about to download probably lives there
if not os.path.isdir(repodata_path):
os.makedirs(repodata_path)
- cmd2 = "/usr/bin/wget -q %s/repodata/repomd.xml -O %s/repomd.xml" % (repo_mirror, repodata_path)
- rc = utils.subprocess_call(self.logger,cmd2)
- if rc !=0:
- utils.die(self.logger,"wget failed")
- rmd = yum.repoMDObject.RepoMD('', "%s/repomd.xml" % (repodata_path))
+ rmd = yum.repoMDObject.RepoMD('', "%s/repomd.xml" % (temp_path))
for mdtype in rmd.repoData.keys():
# don't download metadata files that are created by default
if mdtype not in ["primary", "primary_db", "filelists", "filelists_db", "other", "other_db"]:
--
1.7.0.2
14 years, 2 months
[PATCH] Don't warn needlessly when repo rpm_list is empty
by Ian Ward Comfort
Since our rsync, RHN (and formerly APT) repository mirrors don't support
partial mirroring with --rpm-list, we warn when a selective list is provided
and ignored. Since it's easier (using the standard user interfaces) to empty a
mistakenly-set list than to reset it to "", let's not warn when the list is
empty.
---
cobbler/action_reposync.py | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/cobbler/action_reposync.py b/cobbler/action_reposync.py
index e73dc4a..a1383e4 100644
--- a/cobbler/action_reposync.py
+++ b/cobbler/action_reposync.py
@@ -208,7 +208,7 @@ class RepoSync:
if not repo.mirror_locally:
utils.die(self.logger,"rsync:// urls must be mirrored locally, yum cannot access them directly")
- if repo.rpm_list != "":
+ if repo.rpm_list != "" and repo.rpm_list != []:
self.logger.warning("--rpm-list is not supported for rsync'd repositories")
# FIXME: don't hardcode
@@ -250,7 +250,7 @@ class RepoSync:
# detect cases that require special handling
- if repo.rpm_list != "":
+ if repo.rpm_list != "" and repo.rpm_list != []:
has_rpm_list = True
# create yum config file for use by reposync
@@ -438,7 +438,7 @@ class RepoSync:
#
# # detect cases that require special handling
#
-# if repo.rpm_list != "":
+# if repo.rpm_list != "" and repo.rpm_list != []:
# utils.die(self.logger,"has_rpm_list not yet supported on apt repos")
#
# if not repo.arch:
--
1.7.0.2
14 years, 2 months
[PATCH] Bugfix: run createrepo on partial yum mirrors
by Ian Ward Comfort
Though the comment removed here suggests that the original intent was to skip
running createrepo(8) on full mirrors created with reposync(1), the check was
reversed, and createrepo was in fact skipped for partial mirrors created with
yumdownloader(1). As it happens the comment is wrong, and we actually have to
run createrepo for *all* local yum mirrors.
---
cobbler/action_reposync.py | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/cobbler/action_reposync.py b/cobbler/action_reposync.py
index e73dc4a..6cc6498 100644
--- a/cobbler/action_reposync.py
+++ b/cobbler/action_reposync.py
@@ -407,9 +407,8 @@ class RepoSync:
utils.die(self.logger,"wget failed")
# now run createrepo to rebuild the index
- # only needed if we didn't use yum's reposync already.
- if not has_rpm_list and repo.mirror_locally:
+ if repo.mirror_locally:
os.path.walk(dest_path, self.createrepo_walker, repo)
# create the config file the hosts will use to access the repository.
--
1.7.0.2
14 years, 2 months
[PATCH] Change default mode for new directories from 0777 to 0755
by Ian Ward Comfort
Currently only reposync, sync, pxegen and templar call utils.mkdir without
providing an explicit mode. Since all the directories created by these actions
should be mode 0755 by default, not world-writable (!), this change shouldn't
break anything now, and should be safer going forward.
---
cobbler/utils.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/cobbler/utils.py b/cobbler/utils.py
index 4dedbf8..87a8e4a 100644
--- a/cobbler/utils.py
+++ b/cobbler/utils.py
@@ -1142,7 +1142,7 @@ def rmtree(path,logger=None):
raise CX(_("Error deleting %s") % path)
return True
-def mkdir(path,mode=0777,logger=None):
+def mkdir(path,mode=0755,logger=None):
try:
if logger is not None:
logger.info("mkdir: %s" % path)
--
1.7.0.2
14 years, 2 months
[PATCH] Change default mode for new directories from 0777 to 0755
by Ian Ward Comfort
Currently only reposync, sync, pxegen and templar call utils.mkdir without
providing an explicit mode. Since all the directories created by these actions
should be mode 0755 by default, not world-writable (!), this change shouldn't
break anything now, and should be safer going forward.
---
cobbler/utils.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/cobbler/utils.py b/cobbler/utils.py
index 4dedbf8..87a8e4a 100644
--- a/cobbler/utils.py
+++ b/cobbler/utils.py
@@ -1142,7 +1142,7 @@ def rmtree(path,logger=None):
raise CX(_("Error deleting %s") % path)
return True
-def mkdir(path,mode=0777,logger=None):
+def mkdir(path,mode=0755,logger=None):
try:
if logger is not None:
logger.info("mkdir: %s" % path)
--
1.7.0.2
14 years, 2 months