Red Hat Training

A Red Hat training course is available for Red Hat Satellite

4.2. Cobbler

RHN Satellite uses Cobbler for provisioning. When the kickstart profiles, trees (distributions), and systems for provisioning are updated in RHN Satellite, they are synchronized to the Cobbler instance on the RHN Satellite host. This means that Cobbler can be used directly to manage provisioning.
The following table describes the Cobbler commands:

Table 4.2. Cobbler Commands

Command Usage
cobbler profile list Run this command on the RHN Satellite host to display a list of profiles
cobbler distro list Display a list of kickstart trees, kernels, RAM disks, and other options
cobbler system list Display a list of system records, created when a kickstart is scheduled
cobbler profile report --name=profile-name or cobbler system report --name=system-name Display a more detailed output about a specific object
cobbler profile edit --name=profile-name --virt-ram=1024 Edit various parameters. This example will allocate each virtualized installation of a given profile 1GB of RAM.
cobbler system edit --name=system-name --netboot-enabled=1 Force a system to be reinstalled at the next reboot
cobbler system edit --name=system-name --profile=new-profile-name --netboot-enabled=1 Assign a system to a new profile for reinstallation
cobbler system find --profile=profile-name List all systems assigned to a profile
cobbler system find --profile="abc" | xargs -n1 --replace cobbler system edit \ --name={} --profile="def" --netboot-enabled=1 Assign all systems currently set to the abc profile to the def profile and reinstall them the next time they reboot
cobbler profile edit --name=profilename --kopts="variablename=3" --in-place Set an additional templating variable on a profile without modifying any of the other variables
cobbler system edit --name=systemname --kopts="selinux=disabled asdf=jkl" Assign various variables to a system record, and disregard any old variables that might be set
cobbler profile find --name="*webserver*" | xargs -n1 --replace cobbler profile edit --name={} --profile="RHEL5-i386" Set all new installations of any profile containing webserver as a string to use a profile named RHEL5-i386
Other Cobbler settings

There are only a few Cobbler settings that should be changed in /etc/cobbler/settings directly. The pxe_just_once option is one of these (described in Procedure 4.3, “Configuring Cobbler to use PXE”). The server option can also be changed to reflect the address or hostname of the RHN Satellite server.

After changing /etc/cobbler/settings, run the following command to pick up the changes: 
/sbin/service cobblerd restart
cobbler sync

Important

Do not adjust any other settings in /etc/cobbler/settings. RHN Satellite requires that this file remains in a certain configuration, determined by the RHN Satellite installer. Similarly, the /etc/cobbler/modules.conf file, which controls authentication sources, should remain as created by the RHN Satellite installer. Particularly, the authentication module must remain as authn_spacewalk and is not changeable.

Procedure 4.1. Configuring SELinux for use with Cobbler

SELinux support and a secure firewall is installed by default with Red Hat Enterprise Linux. To properly configure a Red Hat Enterprise Linux server to use Cobbler, SELinux must be configured to allow connections to and from the Cobbler server.
  1. To enable SELinux for Cobbler support, set the SELinux Boolean to allow HTTPD web service components, using the following command: 
    setsebool -P httpd_can_network_connect true
    The -P switch is essential, as it enables HTTPD connection persistently across all system reboots.
  2. Set SELinux file context rules for TFTP to serve the boot image file, using the following command on the Cobbler server: 
    semanage fcontext -a -t public_content_t "var/lib/tftpboot/.*"
  3. IPTables must be configured to allow incoming and outgoing network traffic on the Cobbler server.
    If you have an existing firewall ruleset using iptables, add the following rules to open the Cobbler-related ports, as follows:
    For TFTP: 
    /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
    For HTTPD: 
    /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
    For Cobbler: 
    /sbin/iptables -A INPUT -m state --state NEW -m udp -p udp --dport 25150 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25150 -j ACCEPT
    For Koan: 
    /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
  4. Save the firewall configuration: 
    /sbin/iptables-save
  5. Ensure that the configuration files are all synchronized by running the following command: 
    cobbler sync
  6. Start the Satellite server: 
    /usr/sbin/rhn-satellite start

    Warning

    Do not start or stop the cobblerd service independent of the Satellite service, as doing so may cause errors and other issues.
    Always use /usr/sbin/rhn-satellite to start or stop RHN Satellite.

Procedure 4.2. Configuring Cobbler System Records

Cobbler system records are objects within Cobbler that keep track of a system and its associated kickstart profile. To perform PXE kickstarting a Satellite kickstart profile must be tied to the Cobbler system records for the machines you intend to kickstart.
  1. Go to System DetailsProvisioning for each system and select the kickstart profile to be associated.
  2. Click Create Cobbler System Record to make the association.
  3. This association will remain in place indefinitely unless you set the pxe_just_once option to true for any given machine. In that case the association will be broken after a successful kickstart. See Procedure 4.3, “Configuring Cobbler to use PXE” for more information about this setting.

Procedure 4.3. Configuring Cobbler to use PXE

Cobbler is set up to generate PXE configurations by default, but you might want to adjust the pxe_just_once configuration option to obtain the best possible PXE workflow in the BIOS.
  1. Often, the BIOS order will be set to have the PXE boot occur first. This means that the system will not boot off the local disk unless the PXE server instructs it to do so remotely. This setup can create a boot loop, where the system continually reinstalls.
    In order to prevent boot loops, open the /etc/cobbler/settings file and add the following line: 
    pxe_just_once: 1
    This setting adds a $kickstart_done macro in the kickstart template, which tells the system to boot locally after it has completed the installation, instead of booting from the network.
  2. If you include the pxe_just_once: 1 setting, and you want to reinstall the system later on, you will need to toggle the netboot-enabled flag on the system. This can be done using either the RHN Satellite web interface, or in Cobbler directly. When the system next reboots, it will perform a PXE install, and then return to booting from the local disk until the flag is reset.
    If the BIOS is set to boot from local hard drives first, there is no need to have the pxe_just_once enabled. However, to reprovision the system using PXE, it will be necessary to zero out the MBR (master boot record).

Naming Conventions

To help keep data synchronized between RHN Satellite and Cobbler, RHN Satellite uses naming conventions for distributions and profiles. These naming conventions are important if you interact with Cobbler using the command line interface.
Distributions
$tree_name:$org_id:$org_name (if manually created)
$tree_name (if synchronized by RHN Satellite)
Profiles
$profile_name:$org_id:$org_name

Important

Do not alter names that have been automatically generated by RHN Satellite. If the name is changed RHN Satellite can no longer maintain those items.