Chapter 11. Cobbler
RHN Satellite features the Cobbler server that allows administrators to centralize their system installation and provisioning infrastructure. Cobbler is an installation server that collects the various methods of performing unattended system installations, whether it be server, workstation, or guest systems in a full or para-virtualized setup.
Cobbler has several tools to assist in pre-installation guidance, kickstart file management, content channel management, and more. Features of Cobbler include:
- Installation environment analysis using the
cobbler check
command - Multi-site installation server configuration with
cobbler replicate
- Automation of kickstart file creation using
kickstart import
- Kickstart template creation and management using the Cheetah template engine and Kickstart Snippets
- Virtual machine guest installation automation with the
koan
client-side tool.
11.1. Cobbler Requirements
To use Cobbler as a PXE boot server, you should check the following guidelines:
- If you plan to use Cobbler to install systems using PXE, you must have
tftp-server
installed and configured. - If you plan to use Cobbler to PXE boot systems for installation, you must have either the ability to act as a DHCP server for Cobbler PXE booting or access to your network DHCP server
/etc/dhcp.conf
to changenext-server
to the hostname or IP address of your Cobbler server.
11.1.1. Using cobbler check
Once your Satellite server is installed, you can check that your system is correctly configured to run as a proper Cobbler boot server.
The
cobbler check
command can be run at a shell prompt as root. It will automatically run checks on several services' runtime status and configuration files for proper configuration. The following lists the services and configuration files that cobbler check
tests.
/etc/cobbler/settings
— The central cobbler configuration file;cobbler check
will check to see if you have set theserver
setting to the addressable IP or hostname of the Cobbler server, as well as thenext_server
field set to the hostname or IP of the Cobbler server if it will be also be managing DHCP services for PXE boots.- SELinux — Will verify that you have the correct SELinux setting for HTTPD services and the proper content rules for
tftp
and files in/var/www/cobbler/images/
. cobblerd
— Will check to see if you have the Cobbler daemon running.xinetd
— Will inform you that Xinetd services running and that you have changed the parameterdisabled
tono
in/etc/xinetd.d/tftp
.httpd
— Will check to see if the HTTPD service is running.iptables
— Will remind you that if you are running an IPTables firewall, that you have rules set to allow ports 69 (TFTP), 80 (HTTPD), 25150 and 25151 (Cobbler).
Run the
cobbler check
command as root on your system to see what settings and services need to be enabled to properly run Cobbler on your boot server.
Note
If you make any changes to the
/etc/cobbler/settings
file, you must run service cobblerd restart
and cobbler sync
for the changes to take effect.
11.1.2. Configuring Cobbler with /etc/cobbler/settings
Cobbler configuration is mainly done within the
/etc/cobbler/settings
file. The file contains several configurable settings, and offers detailed explanations for each setting regarding how it affects the functionality of Cobbler and whether it is recommended for users to change the setting for their environment.
Most of the settings can be left default and Cobbler will run as intended. For more information about configuring Cobbler settings, consult the
/etc/cobbler/settings
file, which documents each setting in detail.
11.1.3. Cobbler and DHCP
Cobbler supports bare-metal kickstart installation of systems configured to perform network boots using a PXE boot server. To properly implement a Cobbler installation server, administrators need to either have administrative access to the network's DHCP server or implement DHCP on the Cobbler server itself.
11.1.3.1. Configuring an Existing DHCP Server
If you have a DHCP server deployed on another system on the network, you will need administrative access to the DHCP server in order to to edit the DHCP configuration file so that it points to the Cobbler server and PXE boot image.
As root on the DHCP server, edit the /etc/dhcpd.conf file and append a new class with options for performing PXE boot installation. For example:
allow booting; allow bootp; class "PXE" { match if substring(option vendor-class-identifier, 0, 9) = "PXEClient"; next-server 192.168.2.1; filename "pxelinux.0"; }
Following each action step-by-step in the above example:
- The administrator enables network booting with the
bootp
protocol. - Then, the administrator creates a class called
PXE
, which, if a system that is configured to have PXE first in its boot priority, identifies itself asPXEClient
. - Then DHCP server then directs the system to the Cobbler server at 192.168.2.1.
- Finally, the DHCP server refers to the boot image file (in this case, at
/var/lib/tftpboot/pxelinux.0
.
11.1.4. Xinetd and TFTP
Xinetd is a daemon that manages a suite of services, including TFTP, the FTP server used for transferring the boot image to a PXE client.
To configure TFTP, you must first enable the service via Xinetd. To do this, edit the
/etc/xinetd.d/tftp
as root and change the disable = yes
line to disable = no
.
Before TFTP can start serving the
pxelinux.0
boot image, you must start the Xinetd service.
chkconfig --level 345 xinetd on /sbin/service xinetd start
The
chkconfig
command turns on the xinetd
service for all user runlevels, while the /sbin/service
command turns on xinetd
immediately.
11.1.5. Configuring SELinux and IPTables for Cobbler Support
Red Hat Enterprise Linux is installed with SELinux support in addition to secure firewall enabled by default. To properly configure a Red Hat Enterprise Linux server to use Cobbler, you must first configure these system and network safeguards to allow connections to and from the Cobbler Server.
11.1.5.1. SELinux Configuration
To enable SELinux for Cobbler support, you must set the SELinux boolean to allow HTTPD web service components. Run the following command as root on the Cobbler server:
setsebool -P httpd_can_network_connect true
The
-P
switch is essential, as it enables HTTPD connection persistently across all system reboots.
You must also set SELinux file context rules to ensure Cobbler properly functions in an SELinux system.
Run the following as root on the Cobbler server:
semanage fcontext -a -t public_content_t "var/lib/tftpboot/.*"
The command sets file context for TFTP to serve the boot image file.
11.1.5.2. IPTables Configuration
Once you have configured SELinux, you must then configure IPTables to allow incoming and outgoing network traffic on the Cobbler server.
If you have an existing firewall ruleset using IPTables, you need to add the following rules to open the requisite Cobbler-related ports. The following lists each of the requisite rules with their associated service.
- For TFTP:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT /sbin/iptables -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
- For HTTPD:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
- For Cobbler:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p udp --dport 25150 -j ACCEPT
- For Koan:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
Once those firewall rules are entered, be sure to save the firewall configuration:
/sbin/iptables-save
11.1.6. Syncing and Starting the Cobbler Service
Once all the prerequisites specified in
cobbler check
are met, you can now start the Cobbler service.
First, ensure that the configuration files are all synchronized by running the following command:
cobbler sync
Then, start the Satellite server:
/usr/sbin/rhn-satellite start
Warning
Do not start or stop the
cobblerd
service independent of the Satellite service, as doing so may cause errors and other issues.
Always use
/usr/sbin/rhn-satellite
to start or stop RHN Satellite.