[PATCH] adding support for bridged interfaces and fixing the json settings issue
by James Cammarata
I've created a new feature branch on my github named bridge-interface,
which contains these commits.
Commit ea97db0b54d4e9ef593b326ac0cc6b2624bf4e7b is the JSON settings
fix for utils.py, it's in both the master and bridge-interface branch.
These patches represent a pretty major change in some of the code
paths, especially the network config snippets, so we'll need a lot of
testing. I've done testing with mixed bridges/vlans, but I haven't yet
done a bridge of a bond yet (does anyone actually do that?), so there
could be some weird corner case that I haven't run into yet.
commit de0aacd40116b35e86f6de3d7d2c4e0282f37cb8
Author: James Cammarata <jimi(a)sngx.net>
Date: Sat Jul 30 09:14:47 2011 -0500
Cleanup of bonding stuff in all files, including webui and koan.
Additional cleanup in the
network config scripts, and re-added the modprobe.conf renaming
code to the post install
network config.
commit cc07f35804058b49ea09499c0f70d211d6d4b5ef
Author: James Cammarata <jimi(a)sngx.net>
Date: Wed Jul 27 22:08:29 2011 -0500
Initial rework to allow bridge/bridge slave interfaces
Added static route configuration to pre_install_network_config
Major cleanup/reworking of post_install_network_config script
* TODO:
Need to fix web interface/templates, manage_isc, buildiso,
snippets/network_config{,_esx*} and koan
commit ea97db0b54d4e9ef593b326ac0cc6b2624bf4e7b
Author: James Cammarata <jimi(a)sngx.net>
Date: Wed Jul 27 21:23:18 2011 -0500
Fix for bad commit of some json settings test
12 years, 8 months
[PATCH] serializer module cleanup and fixes for mongodb serializer
by James Cammarata
Pushed to my github:
commit 31cbc43f55b3de1ac2531027dcae5116cbf9be1c
Author: James Cammarata <jimi(a)sngx.net>
Date: Sun Jul 31 11:41:17 2011 -0500
Fixing up some serializer module stuff:
* detecting module load errors when trying to deserialize collections
* added a what() function to all the serializer modules for ID purposes
* error detection for mongo stuff, including pymongo import
problems as well as connection issues
This should fix the issues with pymongo imports in the mongodb
serializer, as well as making some of the serializer stuff more robust
in general.
Example:
$ service cobblerd restart
Stopping cobbler daemon: [FAILED]
Starting cobbler daemon: [ OK ]
$ rpm -qa | grep pymongo
$
$ vi /etc/cobbler/modules.conf # enabling cobbler serializer for stuff
$ service cobblerd restart
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: Traceback (most recent call last):
File "/usr/bin/cobblerd", line 76, in main
api = cobbler_api.BootAPI(is_cobblerd=True)
File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 131, in __init__
self.deserialize()
File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 796, in
deserialize
return self._config.deserialize()
File "/usr/lib/python2.4/site-packages/cobbler/config.py", line 257,
in deserialize
raise CX("serializer: error loading item %s" % item.collection_type())
CX: 'serializer: error loading collection distro'
[ OK ]
12 years, 8 months
no URL decode in services.py for getting the kickstart file
by Jasper Aikema
Hello,
I tried to kickstart a SLES 11 distribution on spacewalk, but this was
not possible for me.
In spacewalk the kickstart profile have a special name: <distribution
name>:<id>:<organisation name>. The problem is the ':' in the name.
When you kickstart a SLES 11 distribution it will url encode the URL,
and change the ':' into '%3a'.
Because the services.py script does not url decode the URL, this will
not work and you get the error '# profile not found'.
I added the urldecode to the services.py script an attached the patch.
Kind regards,
Jasper Aikema
12 years, 8 months
Where are Advanced Snippets ?
by Dan White
According to <https://fedorahosted.org/cobbler/wiki/KickstartSnippets#AdvancedSnippets>, I should be able to cascade snippets with per_system, per_profile, and per_distro. I spent the last two days pounding my head against the keyboard to get this to work on my system -- without success.
So I went searching. I found reference to these directories in the file /usr/lib/python2.4/site-packages/cobbler/templar.py
I went digging at git.fedorahosted.org, and found the missing functionality in templar.py, in a function called eval_snippet. I further discovered that this chuck of code was REMOVED from templar.py on 4 August 2008 -- <http://git.fedorahosted.org/git/?p=cobbler;a=commit;h=c4b91b7049b3a7f26f5...>
So, the question is, in two parts, (a) Does this functionality still exist somewhere in the code base ? and (b) If so, where is it, please ?
Thanks.
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
12 years, 8 months
Bridged interfaces and breaking lots of stuff
by James Cammarata
I decided to go ahead and tackle the task of adding bridged interface
support to cobbler, and it's necessitating a pretty good amount of
rewriting - especially in the networking snippets. One of the things
that always kind of annoyed me was the forced use of MAC addresses. I
know that's the better way to do things, but sometimes you just don't
know the MAC ahead of time. My rewrite of the post install script now
allows you to simply use an interface by name, but at the same time
prints a warning in the kickstart saying it's a bad idea - I hope
that's a fair compromise. I'm also finally contributing some changes
I made a while back at work to setup each interface's static routes in
the pre-install network script as well, for those of us who PXE on
dual-homed networks.
Beyond that - the post install snippet has become an utter mess. There
are multiple code paths that are duplicated, and some pretty complex
logic governing the whole thing. Adding in bridged networks to that
mess would have only made it worse, so I'm rewriting it all. In this
process, I came across the part where it will rename interfaces in
modprobe.conf based on the discovered MAC address.
Is anyone actually using that? Since the newer Fedoras do away with
the modprobe.conf, I just went ahead and cut it out to simplify
things. I can hack it back in there if enough people use it, but
really I don't want to :)
Beyond that, the bridge stuff is going in quite easily - I'm
deprecating the bonding/bond_master fields and renaming them
interface_type/interface_master. Old values will be read in like
normal, but when the system object is saved they'll be saved with the
new field names instead. I pretty much just have the web templates to
fix, and some koan stuff followed by some doc cleanup (not including
the wiki yet...), so I should have a new feature branch up on my
github in a day or two.
Feedback is always welcome, thanks!
James Cammarata
12 years, 8 months
[PATCH] module for chainloading authentication modules
by James Clendenan
A patch to allow multiple "chainloaded" authn modules to be checked in
order.
These result in a logical or applying through the authentication system.
Typically I'm using it when I need an API account for a system that doesn't
or shouldn't exist in my LDAP directory for some reason.
James
---
cobbler/modules/authn_chainload.py | 64
+++++++++++++++++++++++++++++
installer_templates/modules.conf.template | 1 +
installer_templates/settings.template | 6 +++
3 files changed, 71 insertions(+), 0 deletions(-)
create mode 100644 cobbler/modules/authn_chainload.py
diff --git a/cobbler/modules/authn_chainload.py
b/cobbler/modules/authn_chainload.py
new file mode 100644
index 0000000..8de56c9
--- /dev/null
+++ b/cobbler/modules/authn_chainload.py
@@ -0,0 +1,64 @@
+"""
+Authentication module that chains other authentication modules togeter
based on
+the settings in /etc/cobbler/settings
+
+Copyright 2011
+James Clendenan <james.clendenan(a)gmail.com>
+
+This software may be freely redistributed under the terms of the GNU
+general public license.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+"""
+
+import distutils.sysconfig
+import sys
+import os
+from cobbler import utils
+from utils import _
+import traceback
+
+plib = distutils.sysconfig.get_python_lib()
+mod_path="%s/cobbler" % plib
+sys.path.insert(0, mod_path)
+
+import cexceptions
+import utils
+
+def register():
+ """
+ The mandatory cobbler module registration hook.
+ """
+ return "authn"
+
+def authenticate(api_handle,username,password):
+
+ # deny login to start
+ rc = False
+
+ authn_modules = api_handle.settings().authn_chainload_modules
+ # allow multiple or single authn_modules split by a space
+ if authn_modules.find(" "):
+ authn_modules = authn_modules.split()
+ else:
+ authn_modules = [authn_modules]
+
+ # print "authn modules: %s" % authn_modules
+
+ for module in authn_modules:
+ lib = "import %s as authn_mod" % module
+ exec(lib) # import module library
+ mod_rc = authn_mod.authenticate(api_handle,username,password)
+
+ # debuging returncode from each module
+ # print "%s rc=%s" % (module,mod_rc)
+
+ rc = rc or mod_rc
+
+ return rc
+
+if __name__ == "__main__":
+ api_handle = cobbler_api.BootAPI()
+ print authenticate(api_handle, "guest", "guest")
diff --git a/installer_templates/modules.conf.template
b/installer_templates/modules.conf.template
index 80edd77..6417444 100644
--- a/installer_templates/modules.conf.template
+++ b/installer_templates/modules.conf.template
@@ -10,6 +10,7 @@
# authn_passthru -- ask Apache to handle it (used for kerberos)
# authn_ldap -- authenticate against LDAP
# authn_spacewalk -- ask Spacewalk/Satellite (experimental)
+# authn_chainload -- chain multiple authn modules together
# authn_testing -- username/password is always testing/testing
(debug)
# (user supplied) -- you may write your own module
#
diff --git a/installer_templates/settings.template
b/installer_templates/settings.template
index 335c320..0fa618e 100644
--- a/installer_templates/settings.template
+++ b/installer_templates/settings.template
@@ -160,6 +160,12 @@ ldap_search_bind_dn: ''
ldap_search_passwd: ''
ldap_search_prefix: 'uid='
+# configuration options for authn_chainload.
+# Chainload these modules in this order. (space separated list)
+# Keep authn_denyall at the end for safety.
+authn_chainload_modules: authn_configfile authn_ldap authn_denyall
+
+
# cobbler has a feature that allows for integration with config management
# systems such as Puppet. The following parameters work in conjunction
with
# --mgmt-classes and are described in furhter detail at:
--
1.7.2.1
12 years, 8 months
[PATCH] Add freebsd media importer
by Jonathan Sabo
This adds initial support for FreeBSD (8.0,8.1,8.2) media importing.
There are some additional manual steps that have to be taken in order
to actually get the install to work, but this sets you up and puts you
in a good spot so those are pretty minimal. I'll work on documenting
the manual stuff on the Cobbler wiki when I get a minute. It's mostly
changing the name of the pxeboot file (our kernel) that's found in the
media to pxeboot.bs, which isn't found in the media and needs to be
created and added to the media. Doug and I discussed a few different
ways we might deal with this.... and we can discuss them here.... but
for now just manually updating the name of the kernel following media
import works (from my chair).
https://github.com/jsabo/cobbler/commit/dfdcabf633d3ee3ca02fc1177b3e9b2d4...
I've tested this quite a few times.
Thanks,
Jonathan
12 years, 8 months
[PATCH] fix mistake in utils.py related to testing JSON settings
by James Cammarata
A mistaken bit got committed along with the other utils stuff I sent
in last week:
index 87cd079..31c08ba 100644
--- a/cobbler/utils.py
+++ b/cobbler/utils.py
@@ -1958,10 +1958,8 @@ def get_shared_secret():
def local_get_cobbler_api_url():
# Load server and http port
try:
- #fh = open("/etc/cobbler/settings")
- fh = open("/etc/cobbler/settings.json")
- #data = yaml.load(fh.read())
- data = simplejson.load(fh)
+ fh = open("/etc/cobbler/settings")
+ data = yaml.load(fh.read())
fh.close()
except:
traceback.print_exc()
12 years, 8 months
[PATCH] a few fixes
by James Cammarata
Pushed to my github:
commit 257ef06364e224bc2af9edafb28449b0d2784521
Author: James Cammarata <jimi(a)sngx.net>
Date: Thu Jun 30 17:19:47 2011 -0500
Setting TIME_ZONE to None in web/settings.py causes a 500 error on a
RHEL5 system with python 2.4 and django 1.1. Commenting out the config
line has the same effect as setting it to None, and prevents the 500.
commit 92467ef117a730bc2ab74ac84e29056c4c28c3f8
Author: James Cammarata <jimi(a)sngx.net>
Date: Thu Jun 30 17:18:44 2011 -0500
Fixes for importing RHEL6:
* path_tail() was previously moved to utils, a couple
places in the import modules still used self.path_tail
instead of utils.path_tail, causing a stack dump
* Fixed an issue in utils.path_tail(), which was using self.
still from when it was a member of the import class
* When mirror name was set on import and using --available-as,
it was appending a lot of junk instead of just using the specified
mirror name
Not sure if those last ones were RHEL6 specific - I ran into it
because I was doing an --available-as during an import, which blew up
quite badly. Overall it fixes a few things that I missed when i did
the import module changes, though I'm sure there are more like it.
12 years, 8 months
