wiki:UsingCobblerImport
Last modified 2 years ago Last modified on 11/10/11 14:51:38

Getting Started With Cobbler and "Cobbler Import"

About

Suppose you want to set up a network install server for several distributions. We'll show you how to do this, for a given distribution, really really quickly. For this example, we'll use Fedora as an example. What's the best way to do this? It's a command called "cobbler import", that can mirror content based on a DVD image, a tree on a mounted filesystem, or even an external rsync mirror or SSH location.

First you have to have cobbler installed and set up though, which is thankfully pretty easy to do.

Setting Up A Provisioning Server From Scratch

    yum install cobbler

    # Edit /etc/cobbler/settings for 'server' and 'next-server' addresses.
    # Comments in the config file will explain what each setting does.

    cobbler check

    # Adjust things as necessary based on the output of cobbler check above

    # Download the Fedora DVD image and mount it, either with a real CD or a
    # loopback (mkdir /somedir; mount -o loop your.iso /somedir)

    # import from inserted DVD
    cobbler import --path=/media/dvd --name=Fedora12

    # ...OR... import from the mounted ISO example
    cobbler import --path=/somedir --name=Fedora12

    cobbler sync

You're done. Really.

SElinux specific settings for F14 to keep in mind

For Fedora 14 you might want to amend the selinux policy settings.

   /usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/lib/tftpboot/.*"
   /usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/www/cobbler/images/.*"
   restorecon -R -v "/var/lib/tftpboot/"
   restorecon -R -v "/var/www/cobbler/images.*"
   # Enables cobbler to read/write public_content_rw_t
   setsebool cobbler_anon_write on
   # Enable httpd to connect to cobblerd (optional, depending on if web interface is installed)
   # Notice: If you enable httpd_can_network_connect_cobbler and you should switch httpd_can_network_connect off
   setsebool httpd_can_network_connect off
   setsebool httpd_can_network_connect_cobbler on
   #Enabled cobbler to use rsync etc.. (optional)
   setsebool cobbler_can_network_connect on
   #Enable cobbler to use CIFS based filesystems (optional)
   setsebool cobbler_use_cifs on
   # Enable cobbler to use NFS based filesystems (optional)
   setsebool cobbler_use_nfs on
   # Double check your choices
   getsebool -a|grep cobbler

Important: Once you enabled the SElinux booleans and checked that they work for you, make them permanent by using setsebool -P option on/off!!
This will save your booleans on reboot.

Alternatively, you could have also used:

    cobbler import --path=rsync://servergoeshere/path/to/distro --name=F12

This would mirror from a public rsync server (for a list of public servers visit http://mirrors.fedoraproject.org/publiclist/) without needing the DVD image.

Kickstarts are answer files that script the installation of the OS. Well, for Fedora and Red Hat based distributions it is called kickstart. We also support other distributions that have similar answer files, but let's just use kickstart as an example for now. The kickstarts automatically assigned above will install physical machines (or virtual machines -- we'll get to that later) with a default password of "cobbler" (don't worry, you can change these defaults) and a really basic set of packages. For something more complicated, you may wish to edit the default kickstarts in /var/lib/cobbler/kickstarts. You could also use cobbler to assign them new kickstart files. These files are actually Kickstart Templates, a level beyond regular kickstarts that can make advanced customizations easier to achieve. We'll talk more about that later as well.

What if you don't want to mirror the install content on your install server? Say you already have the trees from all your DVDs and/or CDs extracted on a Filer mounted over NFS somewhere. This works too, with the addition of one more argument:

    cobbler import --path=/path/where/filer/is/mounted --name=filer --available-as=nfs://nfsserver.example.org:/is/mounted/here 

The above command will set up cobbler automatically using all of the above distros (stored on the remote filer) -- but will keep the trees on NFS. This saves disk space on the Cobbler server. As you add more distros over time to the filer, you can keep running the above commands to add them to Cobbler. So, whether using some data you already have on the network, or letting cobbler create an install mirror for you, there are lots of useful options. Similarly, if you just need to change the default path where Cobbler stores data it imports (which is /var/www/cobbler/) you can also change that -- this is covered elsewhere on the Wiki.

Using That Server For Reinstallation

Should you have a system you want to install that Fedora 12 on (instead of whatever it is running now), right now, you can do this:

   yum install koan
   koan --server=bootserver.example.com --list=profiles
   koan --replace-self --server=bootserver.example.com --profile=F12-i386
   /sbin/reboot

The system will install the new operating system after rebooting, hands off, no interaction required.

Notice in the above example "F12-i386" is just one of the boring default profiles cobbler created for you. You can also create your own, for instance "F12-webservers" or "F12-appserver" -- whatever you would like to automate.

Using That Server For Virtualization

Want to install a virtual guest instead (perhaps Xen or KVM)? No problem.

    yum install koan
    koan --server=bootserver.example.com --virt --virt-type=xenpv --profile=F12-i386-xen

Done.

You can also use KVM or other virtualization methods. These are covered elsewhere on the Wiki. Some distributions have Xen specific profiles you need to use, though this is merged back together starting with Fedora 12.

Using That Server For PXE

Note that so far we've only mentioned reinstalling Linux systems and doing virtualized installs. PXE for network installation of "bare metal" machines is very easy too.

If you want PXE, you have two options.

If the DHCP server is somewhere else (not on the Cobbler server), you can get your dhcp server admin to point at your box as a "next-server". Easy enough.

If you want to run DHCP locally and have Cobbler manage it for you, just set manage_dhcp to 1 in /etc/cobbler/settings on the boot server, edit /etc/cobbler/dhcp.template to change some defaults, and re run "cobbler sync". You're good. Cobbler will keep track of your dhcp files for you, and you'll never have to hand edit them. (See ManageDhcp for more information on this).

Once you get PXE set up, all of the bare-metal compatible profiles will, by name, show up in PXE menus when the machines network boot. Type "menu" at the prompt and choose one from the list. Or just don't do anything and the machine will default through to local booting. (Some Xen paravirt profiles will not show up, because you cannot install these on physical machines -- this is intended)

Should you want to pin a particular system to install a particular profile the next time it reboots, just run:

    cobbler system add --name=example --mac=$mac-address --profile=$profile-name 

Then the above machine will boot directly to the profile of choice without bringing up the menu. Don't forget to read the manpage docs as there are more options for customization and control available. There are also lots of useful settings described in /etc/cobbler/settings that you will want to read over.

Firewall

Depending on your usage, you will probably need to make sure iptables is configured to allow access to the right services. Here's an example configuration:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -p icmp --icmp-type any -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# LOCALHOST
-A INPUT -i lo -j ACCEPT

# SSH
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# DNS - TCP/UDP
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
# DHCP
-A INPUT -m state --state NEW -m udp -p udp --dport 68 -j ACCEPT
# TFTP - TCP/UDP
-A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
# NTP
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
# HTTP/HTTPS
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# Syslog for cobbler
-A INPUT -m state --state NEW -m udp -p udp --dport 25150 -j ACCEPT
# Koan XMLRPC ports
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25152 -j ACCEPT

#-A INPUT -j LOG
-A INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

Adapt this to your own environment.

Services

Depending on whether you are running DHCP and DNS on the same box, you will want to enable various services:

/sbin/service httpd start
/sbin/service dhcpd start
/sbin/service xinetd start
/sbin/service cobblerd start

/sbin/chkconfig httpd on
/sbin/chkconfig dhcpd on
/sbin/chkconfig xinetd on
/sbin/chkconfig tftp on
/sbin/chkconfig cobblerd on

"cobbler check", mentioned above, will mention most of this to you.

Notes About Other Distributions

The above example covered Fedora, though things work exactly the same for RHEL and CentOS. Read SupportForOtherDistros for additional information if you are not running a Fedora or Red Hat based distribution. Support for other distributions is important to the Cobbler project, though they may require slightly different instructions.

Read More

There are lots of other topics as well as expansions on the above material on the rest of the Wiki, under UserDocs. This is only scratching the surface!