availability: January 2017
Cobbler is an install server; batteries are included
Cobbler is a Linux installation server that allows for rapid setup of network installation environments.
With a simple series of commands, network installs can be configured for PXE, reinstallations, media-based net-installs, and virtualized installs (supporting Xen, qemu, KVM, and VMware Server). Cobbler uses a helper program called 'koan' (which interacts with Cobbler) for reinstallation and virtualization support.
This post describes how we use cobbler to setup an automated provisioning of systems for our test lab.
Cobbler's documentation is very extensive, and you can read more at https://fedorahosted.org/cobbler/wiki/
Our lab setup:
cat <<EOF >> /etc/yum.repos.d/EPEL.repo [epel] name=Epel from fedora baseurl=http://download.fedora.redhat.com/pub/epel/5/x86_64/ gpgcheck=0 EOFNow that we have the repository setup, we can easily install cobbler and it's companion services (dhcpd, bind, tftp, http)
# yum install redhat-rpm-config # yum install dhcpd bind tftp-server httpd # yum install cobblerInstalled: cobbler.noarch 0:1.4.1-1.el5 Dependency Installed: apr.x86_64 0:1.2.7-11 apr-util.x86_64 0:1.2.7-7.el5 createrepo.noarch 0:0.4.11-3.el5 httpd.x86_64 0:2.2.3-11.el5_2.centos.4 mkisofs.x86_64 9:2.01-10 mod_python.x86_64 0:3.2.8-3.1 postgresql-libs.x86_64 0:8.1.11-1.el5_1.1 python-cheetah.x86_64 0:2.0.1-1.el5 python-devel.x86_64 0:2.4.3-21.el5 tftp-server.x86_64 0:0.42-3.1.el5.centos xinetd.x86_64 2:2.3.14-10.el5 Complete!
The following potential problems were detected: #0: The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.We will set the server IP to the IP address of the vmnet8 interface = 192.168.0.1
#1: For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.In our case this is the same IP address as the cobbler server = vmnet8 interface = 192.168.0.1
#2: Must enable selinux boolean to enable Apache and web services components, run: setsebool -P httpd_can_network_connect trueNice to see that it has good instructions for selinux
#3: you need to set some SELinux content rules to ensure cobbler works correctly in your SELinux environment, run the following: /usr/sbin/semanage fcontext -a -t public_content_t "/var/lib/tftpboot/." && /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/."Detailed command to enable http server to reed content from /var/www/cobbler and have tfpboot find its files
#4: service cobblerd is not runningObviously this isn't running because we did not start it yet
#5: change 'disable' to 'no' in /etc/xinetd.d/tftpBy default tftp is disabled as it not a secure protocol and is know for it's security bugs. This disable to no will have it start. But we can further secure this by having it listen only to the vmnet8 interface by changing the /etc/xinetd.d/tftp
#6: service httpd is not runningObviously this isn't running because we did not start it yet
#7: since iptables may be running, ensure 69 (dhcp), 80(http), 25150(cobbler api), and 25151(cobbler api R/W) are unblockediptables -I RH-Firewall-1-INPUT -i vmnet8 -m udp -p udp --dport 69 -j ACCEPT
#8: reposync is not installed, need for cobbler reposync, install/upgrade yum-utils?Easy to solve with: yum install yum-utils
#9: yumdownloader is not installed, needed for cobbler repo add with --rpm-list parameter, install/upgrade yum-utils?Is solved by doing #8
#10: fencing tools were not found, and are required to use the (optional) power management features. install cman to use themIf you need these : yum install cman
# htdigest /etc/cobbler/users.digest "cobbler" $username
/sbin/service cobblerd restart /sbin/service httpd restartNow let's make apache and cobbler start after reboot!
# chkconfig httpd on ; chkconfig cobbler onWhen cobbler was installed it installed to config files in your apache /etc/httpd/conf.d:
[root@myserver conf.d]# ls /etc/httpd/conf.d/cobbler/etc/httpd/conf.d/cobbler.conf /etc/httpd/conf.d/cobbler_svc.conf If you want to have cobbler only active on the virtual (internal) interface, you need to put the whole config in a virtual host to listen on the internal address only 192.168.0.1
NameVirtualHost 192.168.0.1:80
<VirtualHost 192.168.0.1:80>
Servername cobbler
...
</VirtualHost>
# /etc/init.d/httpd start & /etc/init.d/bind start & /etc/init.d/xinetd.d startNow you can access it with
# lynx http://cobbler/cobbler/webStep 4: Configuring DHCP to place nice with cobbler
# vi /etc/vmware/locations find and replace all occurences of VMNET8 DHCP = noAnother option might be to edit /usr/lib/vmware/net-services.sh, but I haven't explored this further.
# Command line options here DHCPDARGS=vmnet8Next you need to enable dhcpd support in cobbler. Edit the /etc/cobbler/cobbler.conf
manage_dns: 1 [dhcp] module = manage_isc
manage_dhcp: 1And finally edit the /etc/cobbler/dhcp.template to reflect the skeleton you need.
subnet 192.168.0.0 netmask 255.255.255.0 { option routers 192.168.0.2; option domain-name-servers 10.247.29.17; option subnet-mask 255.255.255.0; range dynamic-bootp 192.168.0.100 192.168.0.254; filename "/pxelinux.0"; default-lease-time 21600; max-lease-time 43200; next-server $next_server; }More details https://fedorahosted.org/cobbler/wiki/ManageDhcp
# Linux NAT configuration file [host] # NAT gateway address ip = 192.168.0.2 netmask = 255.255.255.0 # or ip = 192.168.0.2/24Step 5: Configuring DNS to play nice with cobbler
[dns] module = manage_bind manage_dns: 1Then we specify the domainname and ip ranges we want cobbler to manage (also in /etc/cobbler/cobbler.conf)
manage_forward_zones: [ mydomaintest.com ] manage_reverse_zones: [ 192.168.0 ]Because cobbler overwrites the bind config everytime we do a cobbler sync, we need to edit the template file to reflect our settings
options { listen-on port 53 { 192.168.0.1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; forwarders { <your dns server here>; }; };More details on https://fedorahosted.org/cobbler/wiki/ManageDns
# mount -o loop /data/mount/iso/CentOS-5.2-x86_64-bin-DVD.iso /mnt # cobbler import /mnt --arch=x86_64 --name=centos5.2-x86_64 # cobbler list distro centos5.2-x86_64 profile centos5.2-x86_64 profile rescue-centos5.2-x86_64 distro centos5.2-xen-x86_64 profile centos5.2-xen-x86_64You can see that the import actually imported both xen, the regular distro and the rescue .
# cobbler repo add --name=centos5.2-x86_64-updates --priority=70 --mirror=http://ftp.belnet.be/packages/centos/5.2/updates/x86_64 # cobbler repo add --name=EPEL-x86_64 --priority=40 --mirror=http://fr2.rpmfind.net/linux/epel/5/x86_64/Now we can ask cobbler to download the repositories
# cobbler reposync # cobbler reposync --name=EPEL-x86_64 (if you wanted only one to sync)NOTE 1: we experienced too many open files, when doing an import of another repository - https://bugzilla.redhat.com/show_bug.cgi?id=468282
_do_grab IOError: [Errno 24] Too many open files:
cobbler reposync failed ulimit -n 8192NOTE 2: if your download hangs, and you have interrupted download, chances are that you have a corruption. Remove the latest rpm that got downloaded in f.i. in /var/www/cobbler/repo_mirror/EPEL-x86_64
[root@server cobbler]# cobbler list --what=repos repo EPEL-x86_64 repo centos5.2-x86_64-updatesAdd a profile
# cobbler profile add --distro=centos5.2-x86_64 --name=centos5.2-x86_64-uptodate --repos="EPEL-x86_64 centos5.2-x86_64-updates"NOTE 3: when specifying multiple repositories, install can sometimes hang in checking dependencies during the system install. Be sure to give your virtual machine enough memory to parse the list of of packages. Otherwise it will hang erractically during "checking dependencies". 384 MB is not a lot for a virtual machine for parsing multiple repo lists ...
# cobbler system add --name pxe-test --ip=192.168.0.10 --mac=00:0C:29:2B:50:5C --profile=centos5.2-x86_update --kickstart=/var/lib/cobbler/kickstart/sample.ks --static=1 # cobbler system edit --name=pxe-test --dns-name=pxe-test.mydomaintest.com --hostname=pxe-test.mydomaintest.com # cobbler system edit --name=pxe-test --gateway=192.168.0.2 --subnet=255.255.255.0After adding the system run
# cobbler syncAnd it will automagically update dhcp, dns, http cobbler
# lynx http://192.168.0.1/cblr/svc/op/ks/system/pxe-testStep 7: PXE booting