Red Hat SummitChapter 11. Cobbler
RHN Satellite features the Cobbler server that allows administrators to centralize their system installation and provisioning infrastructure. Cobbler is an installation server that collects the various methods of performing unattended system installations, whether it be server, workstation, or guest systems in a full or para-virtualized setup.
Cobbler has several tools to assist in pre-installation guidance, kickstart file management, installation environment management, and more. Features of Cobbler include:
- Installation environment analysis using the
cobbler checkcommand - Multi-site installation server configuration with
cobbler replicate - Kickstart template creation and management using the Cheetah template engine and Kickstart Snippets
- Virtual machine guest installation automation with the
koanclient-side tool.
11.1. Cobbler Requirements
リンクのコピーリンクがクリップボードにコピーされました!
To use Cobbler as a PXE boot server, you should check the following guidelines:
- If you plan to use Cobbler to install systems using PXE, you must have
tftp-serverinstalled and configured. - If you plan to use Cobbler to PXE boot systems for installation, you must have either the ability to act as a DHCP server for Cobbler PXE booting or access to your network DHCP server
/etc/dhcp.confto changenext-serverto the hostname or IP address of your Cobbler server.
11.1.1. Configuring Cobbler with /etc/cobbler/settings
リンクのコピーリンクがクリップボードにコピーされました!
Cobbler configuration is mainly done within the
/etc/cobbler/settings file. The file contains several configurable settings, and offers detailed explanations for each setting regarding how it affects the functionality of Cobbler and whether it is recommended for users to change the setting for their environment.
Most of the settings can be left default and Cobbler will run as intended. For more information about configuring Cobbler settings, consult the
/etc/cobbler/settings file, which documents each setting in detail.
11.1.2. Cobbler and DHCP
リンクのコピーリンクがクリップボードにコピーされました!
Cobbler supports bare-metal kickstart installation of systems configured to perform network boots using a PXE boot server. To properly implement a Cobbler installation server, administrators need to either have administrative access to the network's DHCP server or implement DHCP on the Cobbler server itself.
11.1.2.1. Configuring an Existing DHCP Server
リンクのコピーリンクがクリップボードにコピーされました!
If you have a DHCP server deployed on another system on the network, you will need administrative access to the DHCP server in order to to edit the DHCP configuration file so that it points to the Cobbler server and PXE boot image.
As root on the DHCP server, edit the /etc/dhcpd.conf file and append a new class with options for performing PXE boot installation. For example:
Following each action step-by-step in the above example:
- The administrator enables network booting with the
bootpprotocol. - Then, the administrator creates a class called
PXE, which, if a system that is configured to have PXE first in its boot priority, identifies itself asPXEClient. - Then DHCP server then directs the system to the Cobbler server at 192.168.2.1.
- Finally, the DHCP server retrieves the
pxelinux.0bootloader file.
11.1.3. Xinetd and TFTP
リンクのコピーリンクがクリップボードにコピーされました!
Xinetd is a daemon that manages a suite of services, including TFTP, the FTP server used for transferring the boot image to a PXE client.
To configure TFTP, you must first enable the service via Xinetd. To do this, edit the
/etc/xinetd.d/tftp as root and change the disable = yes line to disable = no.
Before TFTP can start serving the
pxelinux.0 boot image, you must start the Xinetd service.
chkconfig --level 345 xinetd on /sbin/service xinetd start
chkconfig --level 345 xinetd on
/sbin/service xinetd start
The
chkconfig command turns on the xinetd service for all user runlevels, while the /sbin/service command turns on xinetd immediately.
11.1.4. Configuring SELinux and IPTables for Cobbler Support
リンクのコピーリンクがクリップボードにコピーされました!
Red Hat Enterprise Linux is installed with SELinux support in addition to secure firewall enabled by default. To properly configure a Red Hat Enterprise Linux server to use Cobbler, you must first configure these system and network safeguards to allow connections to and from the Cobbler Server.
11.1.4.1. SELinux Configuration
リンクのコピーリンクがクリップボードにコピーされました!
To enable SELinux for Cobbler support, you must set the SELinux boolean to allow HTTPD web service components. Run the following command as root on the Cobbler server:
setsebool -P httpd_can_network_connect true
setsebool -P httpd_can_network_connect true
The
-P switch is essential, as it enables HTTPD connection persistently across all system reboots.
11.1.4.2. IPTables Configuration
リンクのコピーリンクがクリップボードにコピーされました!
Once you have configured SELinux, you must then configure IPTables to allow incoming and outgoing network traffic on the Cobbler server.
If you have an existing firewall ruleset using IPTables, you need to add the following rules to open the requisite Cobbler-related ports. The following lists each of the requisite rules with their associated service.
- For TFTP:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT /sbin/iptables -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT /sbin/iptables -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPTCopy to Clipboard Copied! Toggle word wrap Toggle overflow - For HTTPD:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPTCopy to Clipboard Copied! Toggle word wrap Toggle overflow - For Cobbler and Koan XMLRPC:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPTCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Once those firewall rules are entered, be sure to save the firewall configuration:
/sbin/iptables-save
/sbin/iptables-save
11.1.5. Syncing and Starting the Cobbler Service
リンクのコピーリンクがクリップボードにコピーされました!
Once all the prerequisites specified in
cobbler check are configured to your needs, you can now start the Cobbler service.
Start the Satellite server with the following command:
/usr/sbin/rhn-satellite start
/usr/sbin/rhn-satellite start
Warning
Do not start or stop the
cobblerd service independent of the Satellite service, as doing so may cause errors and other issues.
Always use
/usr/sbin/rhn-satellite to start or stop RHN Satellite.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}