buildiso patch, AD Auth via Kerberos and Groups authorizations modules for WebUI
by Joseph Boyer Jr.
Hi Folks,
Here is some code that I have written / modified:
First I have included a patch to action_buildiso.py, which modifies the patch written by Dave Hatton. I have updated the buildiso to be able to boot to local disk, chain.32c is need for this to work properly and I have cleaned the ISO menu a little. The major change that I have added is the ability to automatically add Rescue Booting. I have added rescue booting via and iLo/drac and via a serial console (only if you serial console is at ttyS0). You will need to change this if your serial console is on another tty. I have also added the ability to do an install via the serial console. Please note that these menu items are for systems only and do appear in the iso for profile installs. This can easily be added.
Second. I have modified authz_ownership (authz_group) to authenticate admins for everything in the WebUI and only users in /etc/cobbler/users.conf group Stagers to add, edit and delete systems and to sync. I have called the group Stagers, but you can change it to whatever you like. Please note that authz_group.py is case sensitive. This is because I use Kerberos for authentication and I need to authenticate user(a)EXAMPLE.COM<mailto:user@EXAMPLE.COM> not user(a)example.com<mailto:user@example.com>. Hence this mean, entries in /etc/cobbler/users.conf are case sensitive for this module.
Finally is my WebUI auth config which uses AD to authenticate via kerberos and /etc/cobbler/webgui.conf to allow access to cobbler's web interface.
I think that's all.
I hope this is useful.
Cheers,
Joe
Joseph Boyer Jr
Enterprise Technology Services
Liquidnet Holdings, Inc.
Joseph.Boyer(a)liquidnet.com<mailto:aengelhardtsen@liquidnet.com>
T +1 646.660.8352
C +1 646.284.8394
15 years, 9 months
Working with variables
by Chris O'Regan
To test my Cobbler setup, I copied a (pre-Cobbler) kickstart
configuration file into the kickstarts directory and set my system to
use it. That worked great. Now I am working on a default kickstart file
that will use templates to build a custom configuration automatically. I
want my system to inherit this. How can I do this from the command line?
I have tried:
cobbler system edit --name=myhost --kickstart=""
But it does not clear the value I set previously. Is there special
syntax to do this, or do I have to remove it from the "systems" file
manually?
On a related now, how do I build more complex variables with --ks_meta?
I tried the following (and a number of variations) but the parsing of it
was botched:
cobbler distro edit --name=mydistro --ksmeta='method="nfs
--server=myserver --dir=/path/to/iso/"'
Thanks,
Chris
15 years, 9 months
Booting DOS images with memdisk?
by Chris O'Regan
We have some systems that can only be updated by floppy disk. It is
possible to boot these images via PXE using memdisk and this works quite
well. I would like to add these images to Cobbler so that we have one
mechanism for maintaining PXE. Any pointers?
Thanks,
Chris
15 years, 9 months
Feature: Making repo configs more dynamic
by Michael DeHaan
re: https://fedorahosted.org/cobbler/ticket/130 and
https://fedorahosted.org/cobbler/ticket/205
Background info: When you turn on yum_post_install_mirror in
/etc/cobbler/settings, what that means is that you want your installed
systems to point back to cobbler to get updates -- it makes cobbler an
install server, but also an update server, as managed with "cobbler
reposync". This is a fairly useful feature that many people use.
Cobbler then inserts magic into the %post section wherever you have
$yum_config_stanza that puts in the appropriate wgets, so that every
system you install with cobbler makes sure to set up installed systems
so that they use cobbler as a mirror. Basically it configures yum on
each installed system. Pretty simple. (Note that changing any extra
files from /etc/yum.repos.d that you don't want is still your
responsibility to do in %post).
Further background info: In 0.9/1.0, we made the kickstart files fully
dynamic -- they were dynamically generated by mod_python (on demand) as
opposed to saved on the filesystem. However, the repo configs used by
yum_post_install_mirror were still static, as required a "cobbler sync"
to update changes -- for instance, if you reconfigured a repo or changed
what repos a profile used, you had to run "cobbler sync". This means
cobbler had to write more files on the filesystem and that "cobbler
sync" needed to be a command that was frequently used. Not so anymore.
Today, I changed that for 1.1/1.2 so that yum configs are now served
from mod_python.
An example URL like
http://cobbler.example.com/cblr/svc/op/yum/profile/sTEST-s390x will
serve up the yum config file as needed for any particular system, with
multiple repos in the same config file.
$yum_config_stanza will then be substituted as:
wget "http://cobbler.example.com/cblr/svc/op/yum/profile/sTEST-s390x" --output-document=/etc/yum.repos.d/cobbler-config.repo
Note that: "Cobbler reposync" is still an important command, and you'll
need to know about "cobbler sync" if you are using DHCP/DNS management
-- but otherwise, it's less important. When using DHCP with omapi
engaged for instance, "cobbler sync" is not needed to make DHCP changes
-- but it is still needed for DNS changes.
Hopefully that was not too confusing, the purpose of this is to explain
why more files in /var/www/cobbler are no longer being generated and a
bit about URLs for those that pay attention to how cobbler serves things up.
This has already been pushed to cobbler's devel branch. If you have
any questions/comments, please ask!
Thanks,
Michael
15 years, 9 months
Genome uses Cobbler
by Michael DeHaan
This is a project some of our IT folks have built to manage developer
"lifecycle" environments using git, cobbler, puppet, and func.
http://genome.et.redhat.com/docs/genome/
While I do not expect the workflows used by this application apply
directly to the way most people here use Cobbler, it is still a good
example of how you can use Cobbler to power the provisioning piece of
another systems management application or another in-house framework --
much like we intend to do with Spacewalk
(http://redhat.com/spacewalk). Basically they have a wizard/script
that walks the user through several questions, generates a cobbler
system record, and then deploys that system with koan -- managing it
later with Func and Puppet.
Questions should be directed to the list for that project.
If you are using Cobbler as part of another open-source application, or
are interested in doing so, let us know and I'll add your app to the
"who uses Cobbler" page!
https://fedorahosted.org/cobbler/wiki/WhoUsesCobbler
Thanks!
--Michael
15 years, 9 months
Can i kickstart a jumpstart?
by Jonas Andersson
Hi,
Im very fond of cobbler and the swift installs that can be made with it and needless to say we would like to widen our use of the product which leads my to my question.. Is there any way of creating a kickstart for solaris 10, or are we talking about apples and bananas in this case since Sun has their jumpstart?
Regards
Jonas
15 years, 9 months
Fixes to bash-completion
by John Villalovos
Here is the latest bash-completion script against the development
branch as of this morning.
15 years, 9 months
Patch to make findks work based on MAC address
by Carsten Clasohm
Attached is a patch for
/usr/lib/python2.4/site-packages/cobbler/services.py, which allows
findks to match based on the MAC address.
The patch is relative to the version from
http://git.fedoraproject.org/git/?p=cobbler;a=commit;h=482d5494c13f1fbeb5...
--- services.py.git 2008-07-21 13:23:16.000000000 +0200
+++ services.py 2008-07-21 14:19:47.000000000 +0200
@@ -93,2 +93,2 @@
self.__xmlrpc_setup()
systems = self.remote.get_systems()
+ candidates = []
+
# if kssendmac was in the kernel options line, see
# if a system can be found matching the MAC address. This
# is more specific than an IP match.
@@ -101,3 +103,13 @@
if macinput is not None:
# FIXME: will not key off other NICs, problem?
mac = macinput.split()[1].strip()
+
+ for x in systems:
+ for y in x["interfaces"]:
+ if x["interfaces"][y]["mac_address"].lower() == mac.lower():
+ candidates.append(x)
+
+ if len(candidates) > 1:
+ return "FAILED: multiple matches based on MAC"
+ elif len(candidates) == 1:
+ return candidates[0]["name"]
ip = rest["REMOTE_ADDR"]
- candidates = []
for x in systems:
for y in x["interfaces"]:
if x["interfaces"][y]["ip_address"] == ip:
@@ -113,6 +124,6 @@
if len(candidates) == 0:
return "FAILED: no match (%s,%s)" % (ip, macinput)
elif len(candidates) > 1:
- return "FAILED: multiple matches"
+ return "FAILED: multiple matches based on IP"
elif len(candidates) == 1:
return candidates[0]["name"]
15 years, 9 months
Re: z/VM CMS TFTP client available...
by Dave Jones
Michael,
one would find the z/VM CMS TFTP client on TCPMAINT's 592
minidisk. TCPMAINT is a VM user id that is created as part
of the normal z/VM installation process.
DJ
----- Original Message -----
From: Michael DeHaan <mdehaan(a)redhat.com>
To: cobbler mailing list <cobbler(a)lists.fedorahosted.org>
Subject: Re: z/VM CMS TFTP client available...
Date: Tue, 22 Jul 2008 07:33:30 -0400
> dave wrote:
> > Hi, gang.
> >
> > In order to support cobbler in the z/VM (IBM mainframe
> > environment), there is now a TFTP client application
> > available for CMS. Just FYI..
> >
> > DJ
> > _______________________________________________
> > cobbler mailing list
> > cobbler(a)lists.fedorahosted.org
> > https://fedorahosted.org/mailman/listinfo/cobbler
> >
>
> Cool.
>
> Where would someone looking for it find it?
>
> --Michael
>
>
> _______________________________________________
> cobbler mailing list
> cobbler(a)lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/cobbler
15 years, 9 months