[cobbler] reposync: repository listed more than once
I noticed that when I run "cobbler reposync", I get a message for two of the repositories that they are listed more than once: # grep 'more than' /var/log/cobbler_reposync_2016-01-01.log received on stdout: Repository epel is listed more than once in the configuration received on stdout: Repository vmware-tools-collection is listed more than once in the configuration But AFAICT they are only listed once (see below). Also the sync appears to work properly. I'm just curious why the error appears; maybe I have a configuration error and I can't find it. # cat /etc/redhat-release Red Hat Enterprise Linux Workstation release 6.7 (Santiago) # rpm -q cobbler cobbler-2.6.5-9.1.noarch # cobbler repo report | grep epel Name : epel Mirror : http://mirrors.kernel.org/fedora-epel/6/x86_64/ # cobbler repo report | grep vmware Name : vmware-tools-collection Mirror : http://packages.vmware.com/tools/esx/latest/rhel6/x86_64 # grep '\[epel\]' /etc/yum.repos.d/* /etc/yum.repos.d/epel.repo:[epel] # yum repolist all Loaded plugins: changelog, merge-conf, product-id, refresh-packagekit, rhnplugin, security This system is receiving updates from RHN Classic or RHN Satellite. vmware-tools-collection | 951 B 00:00 vmware-tools-collection/primary | 17 kB 00:00 vmware-tools-collection 40/40 repo id repo name status InstallMediaRed Hat Enterprise Linux 6.3 disabled epelExtra Packages for Enterprise Linux 6 - x86_64 enabled: 11859 epel-debuginfo Extra Packages for Enterprise Linux 6 - x86_64 - Debug disabled epel-source Extra Packages for Enterprise Linux 6 - x86_64 - Source disabled epel-testingExtra Packages for Enterprise Linux 6 - Testing - x86_64 disabled epel-testing-debuginfo Extra Packages for Enterprise Linux 6 - Testing - x86_64 - Debug disabled epel-testing-source Extra Packages for Enterprise Linux 6 - Testing - x86_64 - Source disabled local Red Hat Enterprise Linux 6Workstation - x86_64 - local rpms enabled:31 rhel-source Red Hat Enterprise Linux 6Workstation - x86_64 - Source disabled rhel-source-betaRed Hat Enterprise Linux 6Workstation Beta - x86_64 - Source disabled rhel-x86_64-workstation-6 Red Hat Enterprise Linux Workstation (v. 6 for x86_64) enabled: 17729 rhel-x86_64-workstation-6-thirdparty-oracle-javaOracle Java for RHEL Workstation (v. 6 for x86_64) enabled: 317 rhel-x86_64-workstation-optional-6 RHEL Workstation Optional (v. 6 for x86_64) enabled: 7978 rhel-x86_64-workstation-supplementary-6 RHEL Workstation Supplementary (v. 6 for x86_64) enabled: 575 testRed Hat Enterprise Linux 6Workstation - x86_64 - test rpms disabled vmware-tools-collection vmware-tools-collection enabled:40 repolist: 38529 -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/cobbler@lists.fedorahosted.org
Re: [cobbler] Install program from source tar
I find it easier to put a SNIPPET to start post logging. In the kickstart: %post mv -f /mnt/sysimage/root/ks-post.log /mnt/sysimage/root/ks-post.log.old $SNIPPET('log_ks_post') [...] The snippet "log_ks_post" contains: set -x -v exec 1>/root/ks-post.log 2>&1 That way every snippet after %post will get logged to /root/ks-post.log On 2015-10-29 5:52 PM, Locane wrote: > Yes - you should be able to simply put any bash commands you want to > run after the installation is finished in the "%post" section of the > kickstart file. It's helpful to set up some logging of it so you can > analyze after the fact what it did and didn't do. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] cobbler reposync failed
I use HTTP mirroring and would not like to see it dropped. We simply have upped the --tries number :-/ I do not use cobbler reposync, so I could use users feedback here. We should drop http mirroring or just mentioning it is unstable in Cobbler documentation is enough? Someone has used repo mirroring via HTTP successfully? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] Cobbler check fails after new install
Perhaps this step should be mentioned in the quickstart guide? It's not there now (unless I missed it). On 2015-05-11 2:07 PM, Jörgen Maas wrote: It probably was the httpd restart -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] best practices for updating major distro release on systems?
I'm using cobbler-2.6.5-9.1 on RHEL 6.6 (yes I know this is not the latest release; I hope it's not relevant in this context). What's the best way to create distros and repositories so that deployed systems are always pointed to the lastest base and updates? The problem I'm trying to solve is how to upgrade already-deployed systems to the latest release. The problem I have is this, e.g.: 1. Imported distro centos65-x86_64 a. defined updates repository to some server/centos/6/updates/x86_64/ 2. System is deployed using CentOS 6.5. cobbler.config automatically configures yum: a) core-0 to ks_mirror/centos65-x86_64 b) updates to repo_mirror/centos6-updates The above works fine until CentOS 6.6 comes out. At some point (I haven't figured out when -- does anyone know?), the updates repository for CentOS will only work correctly for CentOS 6.6 systems. CentOS 6.5 system updates are majorly broken at this point -- It will see new updates for packages that are installed, but often the dependencies are for new packages in the CentOS 6.6 base. The CentOS 6.5 machine can't see the packages and therefore can't resolve dependencies. What I've been doing is: 1. Import distro centos66-x86_64 to cobbler 2. On each client system, update yum config to point core-0 to ks_mirror/centos66-x86_64. yum update at this point will upgrade from CentOS 6.5 to 6.6. If what I'm doing is the right/best way, fine -- I'm just wondering if there is a better way to organize this so updates don't break on existing systems and I don't have to touch every client system when its time to upgrade. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] Import RHEL 5u11
I followed this process for CentOS 6.6 and it worked: http://edvoncken.net/2011/08/importing-multiple-centos-linux-dvds-into-cobbler/ On 2014-10-31 8:38 AM, Newman, Stuart J. (GSFC-428.0)[HONEYWELL TECHNOLOGY SOLUTIONS INC] wrote: What is the proper way to import both discs of the rhel 5u11 set? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] gpgcheck=0 for all repos?
I have cobbler 2.4.0 (from EPEL) on RHEL6.5. When I do a wget for a system's cobber-config.repo, all the repos have gpgcheck set to 0: # wget -q http://cobbler/cblr/svc/op/yum/system/jaguar; -O - | grep gpg gpgcheck=0 gpgcheck=0 gpgcheck=0 This did not use to be the case, so something changed on the server, but I don't know what.. I'm guessing this is coming from the local config.repo files in all my repository mirrors. From my reading of the code in action_reposync.py, if I set the yum option gpgcheck=1 for all my repositories, when I do a reposync, it will write gpgcheck=1 into the config.repo file. Is that correct? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] WARNING when deleting directories in /var/www/cobbler ???
Someone at my org was experimenting with repositories and links on the cobbler server, like: # ls -ld /var/www/cobbler/repo* lrwxrwxrwx. 1 root root 34 Mar 19 11:26 repo_mirror - /var/www/cobbler/repo_mirror_build/ drwxr-xr-x. 2 root apache 4096 Mar 19 20:07 repo_mirror_build/ drwxr-xr-x. 2 root apache 4096 Mar 19 20:08 repo_mirror_patch/ Unfortunately when I ran a cobbler sync it deleted both real directories: # cobbler sync task started: 2014-03-19_200751_sync task started (id=Sync, time=Wed Mar 19 20:07:51 2014) running pre-sync triggers cleaning trees *removing: /var/www/cobbler/repo_mirror_build* *removing: /var/www/cobbler/repo_mirror_patch* So of course I'm restoring things -- but in the future, could there perhaps be a setting that prevents disastrous removal of entire repositories? Or at the very least, a README or something in the directory that says DON'T PUT USER DIRECTORIES HERE or something? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] ESXi 5.5 Import ...
Hi, I tried to import Dell's custom ESXi 5.5 image today but it failed. I'm guessing the signatures I'm using isn't right for the Dell respin but I don't know how to generate the proper signature. Is that indeed the problem, and if so, how do I fix the signatures to work? Here's what I tried : This is on RHEL6.5 with cobbler-2.4.0-1 from EPEL * Added the bootcfg_esxi55.template from https://gist.github.com/relistan/7794032 to /etc/cobbler/pxe * Replaced distro_signatures.json with the one at https://github.com/cobbler/cobbler/raw/master/config/distro_signatures.json * Mounted the Dell ISO image : mount -o loop /home/rjacobson/VMware-VMvisor-Installer-5.5.0-1331820.x86_64-Dell_Customized_A01.iso /mnt/loop * cobbler import --name esxi5.5-dell_A01 --path /mnt/loop I get these errors: http://pastebin.com/JX5pMNJk The final error being: No signature matched in /var/www/cobbler/ks_mirror/esxi5.5-dell_A01-x86_64 !!! TASK FAILED !!! On 2014-01-07 11:04 AM, Simon Earthrowl wrote: Finally cracked it today! So there are two files needed to be updated. The file exist in github - and need to be updated on your server manually. So first download to a safe place the following files: * https://github.com/cobbler/cobbler/raw/master/config/distro_signatures.json * https://gist.github.com/relistan/7794032 - you need *bootcfg_esxi55.template* distro_signatures.json replaces the existing files /etc/cobbler/distro_signatures.json and /var/lib/cobbler/distro_signatures.json while bootcfg_esxi55.template becomes /etc/cobbler/pxe/bootcfg_esxi55.template I've not done anything other than import with these changes. However Karl Matthias comments may help with subsequent steps. Kind regards Simon http://www.eseye.com -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] Cobbler 2.4 with LDAP(AD) auth
I'm using an older version of cobbler (2.2.3) but in my version the ldap settings are in /etc/cobbler/settings; I don't have a setup file... In any case, in my settings file my ldap_search_prefix is: ldap_search_prefix: 'uid=' So you may just need an = at the end (or whatever LDAP search operator(s) you want to use), e.g.: ldap_search_prefix: 'sAMAccountName=' On 2013-09-30 1:59 PM, Danilo Chilene wrote: Hello, I'm trying setup Cobbler with LDAP(AD), below the configuration of /etc/cobbler/modules.conf and /etc/cobbler/setup: modules.conf: [authentication] module = authn_ldap [authorization] module = authz_allowall setup: ldap_server: 192.168.0.1 ldap_base_dn: dc=domain,dc=com ldap_port: 389 ldap_tls: 0 ldap_anonymous_bind: 0 ldap_search_bind_dn: 'CN=Admin,OU=Users,dc=domain,dc=com' ldap_search_passwd: strangepassword' ldap_search_prefix: 'sAMAccountName' ldap_tls_cacertfile: '' ldap_tls_keyfile: '' ldap_tls_certfile: '' Cobbler Version: cobbler-2.4.0-1.el6.noarch cobbler-web-2.4.0-1.el6.noarch -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] Cobbler 2.4 with LDAP(AD) auth
On 2013-10-01 12:59 PM, Danilo Chilene wrote: Hello Robert, Already tried using the = and got another error: Mon Sep 30 14:36:02 2013 - INFO | Exception occured: class 'ldap.OPERATIONS_ERROR' Mon Sep 30 14:36:02 2013 - INFO | Exception value: {'info': '04DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1', 'desc': 'Operations error'} Well that's better -- the prefix is probably ok. Now you have a simple bind error -- most likely incorrect login credentials. If your server allows anonymous bind, you can use that in your cobbler config. If your LDAP server doesn't allow anon bind, then test your credentials with the demo_connect.py script below, see http://www.cobblerd.org/manuals/2.4.0/6/2/2_-_LDAP.html #!/usr/bin/python Copyright 2007-2009, Red Hat, Inc and Others Michael DeHaan michael.dehaan AT gmail This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA from xmlrpclib import ServerProxy import optparse if __name__ == __main__: p = optparse.OptionParser() p.add_option(-u,--user,dest=user,default=test) p.add_option(-p,--pass,dest=password,default=test) # NOTE: if you've changed your xmlrpc_rw port or # disabled xmlrpc_rw this test probably won't work sp = ServerProxy(http://127.0.0.1:25151;) (options, args) = p.parse_args() print - trying to login with user=%s % options.user token = sp.login(options.user,options.password) print - token: %s % token print - authenticated ok, now seeing if user is authorized check = sp.check_access(token,imaginary_method_name) print - access ok? %s % check == -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] overriding name_servers_search
I'd like to override a profile-set variable for one particular system, but I can't figure out how to do it. For the system, I want to completely replace name_servers_search with foo.com, but when I put in 'foo.com' for name_servers_search for the system (using the web interface), it just appended it to the profile's value list rather than replacing it: # cobbler profile dumpvars --name=feds | grep name_servers_search default_name_servers_search : [] name_servers_search : ['gsfc.nasa.gov', 'nasa.gov'] # cobbler system dumpvars --name=test | grep name_servers_search default_name_servers_search : [] name_servers_search : ['gsfc.nasa.gov', 'nasa.gov', 'foo.com'] Platform: cobbler-2.2.3-2.el6.noarch, cobbler-web-2.2.3-2.el6.noarch (EPEL) on RHEL6.4 -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] overriding name_servers_search
On 3/18/2013 9:18 AM, James Cammarata wrote: Unfortunately there is no way around this, name servers and the search domains are inherited up. What you could do instead is to copy your feds profile and name it feds-no-dns or something similar which will have no name server search assigned, and then assign systems to it for which you want to manually specify the DNS variables. Thanks. I was thinking I could also make my own post_install_network_config snippet and add an #if, like #if $name_servers_search.contains('override:') [more code to just extract the 'override' text...] But yeah, making another profile is pretty easy too :) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] No more tabs, cannot add/remove repos via web interface
On 3/8/2013 3:54 PM, Orion Poplawski wrote: Running: server: cobbler-2.4.0-beta3.el6.noarch client: Fedora 18 with Firefox For a while now (don't remember when it changed), I cannot add or remove items from the repos list on a profile. Also, it seems I no longer have separate tabs, but just a list of all the options. Anyone else seeing this? I have seen this before; using a different browser seemed to fix it. (Firefox 10 ESR did not work, but FF 17 ESR did). -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] langsupport in pxerescue.ks
I created a rescus profile in cobbler using: cobbler profile add --comment=Rescue for RHEL 6.4 --distro=rhel6u4-x86_64 --kickstart=/var/lib/cobbler/kickstarts/pxerescue.ks --kopts=rescue --name=rescue-rhel6u4-x86_64 When I booted it, anaconda complained that langsupport is not a valid keyword. It seems to have been removed from anaconda, see: https://bugzilla.redhat.com/show_bug.cgi?id=160789 Should it then be removed from the cobbler pxerescue.ks file, or is there a reason to keep it in (e.g. legacy support)? Perhaps change it to: # uncomment this for legacy systems # langsupport en_US -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] PXE boot Hiren?
I'm trying to setup cobbler to PXE boot Hiren's boot CD. I realize this is more a tftp question than cobbler... but this is the type of audience that has probably done it for their own environments. I was able to manually modify pxelinux.cfg by following, e.g. http://fogproject.org/forum/threads/integrating-iso-hirens-boot-cd-into-fog.219/ i.e. : LABEL hiren-15.2 kernel /memdisk append iso initrd=/images/hiren.15.2.iso raw MENU LABEL hiren-15.2 Booting from them menu item gets me (after a long time loading the ~600 MB hiren ISO into memory!) to the normal Hiren boot screen, but when I attempt to start something like Partition Magic, it fails to boot after a couple seconds with the error: ERROR: could not insert 'phram': Input/output error mount: special device /dev/mtdblock0 does not exist I've tried other configurations, e.g. the one here: http://www.techtrunch.com/linux/boot-hiren-boot-cd-network But that one didn't work at all (selecting the item in the menu just immediately went back to the PXE menu) Any tips appreciated! -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] set cobbler variables from PXE menu?
Is it possible to set cobbler variables by using the Tab key at the PXE menu? I tried just adding the variable itself, like: foo=1 But that didn't seem to work. At least, the if statement I had to check for that variable didn't find it. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] LDAP auth with SSL on port 636: Bad file descriptor
I tried to setup LDAP auth with SSL on my cobbler server, per the wiki instructions at: https://github.com/cobbler/cobbler/wiki/Ldap I was able to get LDAP auth *without* SSL working. However, when I enable SSL, I get the error Bad file descriptor in cobbler.log. I found an existing issue documented at: https://github.com/cobbler/cobbler/issues/217 I messed around with the config a bunch, and did find a working configuration with TLS: 1. use port 389 2. use ldap_tls = 1 But as far as I can tell, there is no way to use port 636 -- I tried it with ldap_tls both 0 and 1. I either get Bad file descriptor or Can't contact LDAP server. I'd like to use 636 because it ensures SSL or TLS is being used -- whereas port 389 will allow cleartext if the client is not configured correctly. Is there are a way to do that? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] slow PXE boot when primary NIC unplugged
I need some help with a PXE/TFTP problem. My cobbler server has two NICs; the primary is connected to the 'net, and the secondary is dedicated to a deployment LAN. DHCP and PXE/TFTP work very well when both NICs are connected. However, when I disconnect the primary (internet) NIC, TFTP does some ... weird things When I PXE boot a system that isn't defined in cobbler (because I want to just use the boot menu), the search for the boot file takes 20 seconds between each failure: Trying to load: pxelinux.cfg/44454c4c-4a00-1057-8035-cac04f314431 [~20 second pause...] Trying to load: pxelinux.cfg/01-00-19-b9-cd-8c-43 [~20 second pause...] Trying to load: pxelinux.cfg/C0A80A69 [~20 second pause...] Trying to load: pxelinux.cfg/C0A80A6 [etc...] (full log at http://pastebin.com/rnrzE95d) This problem does not occur when the primary NIC is connected. When its connected, it still searches, but each one immediately fails, until it gets to pxelinux.cfg/default -- then it gives me the menu as expected. The whole process takes under 1 second. Also, if I start a PXE boot with the primary disconnected, then connect the primary NIC while the boot is stalled, it returns to its normal speedy boot. Not sure if relevant -- In settings my manage_dns is 0. Any ideas what is causing the delay? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
[cobbler] outgoing firewall rules for reposync?
I'm going to move my cobbler server (RHEL6.3, cobbler 2.2.2) to a network that has default deny on outbound connections. We are configured to use the following repos: rhn://rhel-x86_64-workstation-6 rhn://rhel-x86_64-workstation-optional-6 rhn://rhel-x86_64-workstation-supplementary-6 From our tests running reposync on our open network, it seems that reposync, by default, uses the Akamai CDN. I imagine this would make things very complicated for our firewall, since we can't allow by DNS (only by IP). How would you suggest I handle this? Allow an entire Akamai subnet (though i don't know how to determine which subnet)? Configure yum somehow? Ideally I'd like to use an HTTP proxy but right now we don't have one available to us. I noticed that, at least for up2date, RHN allows one to disable Location-aware updates, see: https://access.redhat.com/knowledge/node/53075 but I'm not sure if this would affect how reposync operates. (anyone know?) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
[cobbler] SELinux open issues (was Re: Cobbler web logon)
On 4/24/2012 12:45 PM, James Cammarata wrote: SElinux issue I brlieve. Cobbler check will give you the command to fix that, though it has been noted in issue #139 that the label is incorrect. Well, it appears to be not only the label, but the path also needs to be changed. Stuart Newman already pointed this out in another email to the list. I'm not sure -- should Stuart be the one to make a correction/comment to issue 139? We think this is the correct command: /usr/sbin/semanage fcontext -a -t httpd_sys_rw_content_t /var/lib/cobbler/webui_sessions(/.*)? (changed /.* to (/.*)? because the webui_sessions directory needs the httpd_sys_rw_content_t context as well -- not the default var_lib_cobbler_t (I think that's what it was previously). Also, I don't see an issue on github regarding the other incorrect selinux commands for the tftpboot directory. This was also mentioned on the list earlier. Again, the correct commands appear to be: /usr/sbin/semanage fcontext -a -t public_content_t /var/lib/tftpboot(/.*)? /usr/sbin/semanage fcontext -a -t public_content_t /var/www/cobbler/images(/.*)? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] SELinux open issues (was Re: Cobbler web logon)
On 4/24/2012 1:24 PM, Robert Jacobson wrote: On 4/24/2012 12:45 PM, James Cammarata wrote: SElinux issue I brlieve. Cobbler check will give you the command to fix that, though it has been noted in issue #139 that the label is incorrect. Well, it appears to be not only the label, but the path also needs to be changed. Stuart Newman already pointed this out in another email to the list. I'm not sure -- should Stuart be the one to make a correction/comment to issue 139? We think this is the correct command: /usr/sbin/semanage fcontext -a -t httpd_sys_rw_content_t /var/lib/cobbler/webui_sessions(/.*)? (changed /.* to (/.*)? because the webui_sessions directory needs the httpd_sys_rw_content_t context as well -- not the default var_lib_cobbler_t (I think that's what it was previously). Also, I don't see an issue on github regarding the other incorrect selinux commands for the tftpboot directory. This was also mentioned on the list earlier. Again, the correct commands appear to be: /usr/sbin/semanage fcontext -a -t public_content_t /var/lib/tftpboot(/.*)? /usr/sbin/semanage fcontext -a -t public_content_t /var/www/cobbler/images(/.*)? I forgot, after running the above commands, it's probably necessary to run restorecon /var/lib/cobbler/webui_sessions restorecon /var/lib/tftpboot restorecon /var/www/cobbler/images -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
[cobbler] reposync - no .origin directories
Maybe I just never noticed these errors, or perhaps it's because I just updated to 2.2.1... I did a reposync and received some worrying messages: Fri Apr 13 08:01:11 2012 - INFO | running: /usr/bin/wget -q http://192.168.57.40/repos/rhel-x86_64-workstation-6/repodata/repomd.xml -O /var/www/cobbler/repo_mirror/rhel6_x64_updates/.origin/repomd.xml Fri Apr 13 08:01:11 2012 - INFO | received on stdout: Fri Apr 13 08:01:11 2012 - DEBUG | received on stderr: /var/www/cobbler/repo_mirror/rhel6_x64_updates/.origin/repomd.xml: No such file or directory Similarly for every repo I had defined. I looked and found that the .origin directory did not exist in /var/www/cobbler/repo_mirror/[reponame]/ Is this a problem or not? Are the repomd.xml files required? Do I need to create the .origin directories? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] [RELEASE] 2.2.2-1 now available
On 4/12/2012 1:10 PM, Jack Peterson wrote: Just attempted to upgrade cobbler to 2.2.1 from EPEL (CentOS 6 x86_64) and I'm now encountering an error. Has anyone experienced this or a solution? Perhaps not very helpful, but I'm seeing the exact same thing on my RHEL 6.2 system (x86_64) after performing the same update. # rpm -q cobbler cobbler-web cobbler-2.2.1-1.el6.noarch cobbler-web-2.2.1-1.el6.noarch -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] [RELEASE] 2.2.2-1 now available
? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] [RELEASE] 2.2.2-1 now available
On 4/12/2012 3:00 PM, Robert Jacobson wrote: Now Iwhen I try to login to the web interface, the browser reports Internal server error; setroubleshoot shows I'm getting SELinux errors on the sessions: [snip] * Plugin restorecon (99.5 confidence) suggests * If you want to fix the label. /var/lib/cobbler/webui_sessions/sessionidc784de1d76c5e28c949a78aaafb414de default label should be httpd_sys_rw_content_t. Then you can run restorecon. Do # /sbin/restorecon -v /var/lib/cobbler/webui_sessions/sessionidc784de1d76c5e28c949a78aaafb414de [snip] # ll -Zd /var/lib/cobbler/webui_sessions/ drwxrwxr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 /var/lib/cobbler/webui_sessions// The fix was this: # chcon -t httpd_sys_rw_content_t /var/lib/cobbler/webui_sessions I'm imagine it will get broken again on the next upgrade? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] [RELEASE] 2.2.2-1 now available
One more item (bug?); I don't know if this is system-specific to RHEL/CentOS or not: Cobbler check says to run this: /usr/sbin/semanage fcontext -a -t httpd_sys_content_rw_t /var/lib/cobbler/webui_sessions/.* But in my audit log (and sealert), the context should be httpd_sys_rw_content_t NOT httpd_sys_content_rw_t as reported by cobbler check -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] In which version of Cobbler is version X.Y of distro Z officially supported
On 3/20/2012 9:09 AM, Jörgen Maas wrote: [snip] I think this is an area where contributions from the community would be very nice, even for the non-coder types it's a good way to contribute to the project. I don't suppose there are test procedures written somewhere? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
[cobbler] cobbler Web UI scripts create excessive server CPU usage?
Hi, I had a problem the other day; my cobbler server (RHEL6.2, cobbler-2.0.11-2.el6.noarch, cobbler-web-2.0.11-2.el6.noarch) was bogged down quite a bit my httpd processes. Nearly all the CPU was being used. I believe I have narrowed it down to the 4-or-5 tabs I had ;eft open to the cobbler web interface. They were open for several hours at least (maybe a day?). Restarting apache didn't resolve the issue -- the CPU usage climbed very high again. But after I closed the tabs (and restarted apache again), the CPU usage went back to idle. It's odd -- just one tab consumes 4% CPU just sitting at the cobbler home page. It appears that the pages execute periodic ajax queries. If you have a lot of tabs open, those queries seem to add up and create a bottleneck of some kind (???). If I turn off Javascript in the browser, the CPU usage on the server goes away. Anyone else seeing this? Is there anything I can do on the server side to alleviate this? Obviously I can avoid opening a bunch of tabs -- but that's the way I like to work! :( -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] cobbler Web UI scripts create excessive server CPU usage?
On 3/12/2012 1:04 PM, Orion Poplawski wrote: Same here: https://github.com/cobbler/cobbler/issues/37 https://fedorahosted.org/cobbler/ticket/631 Interesting. I'll have to try running strace. You're running cobber-2.2.3 though? We're both on RHEL, I wonder if it is platform specific somehow. James, what linux are you running on? Any idea what sysctl settings might be a problem? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] created system in web interface. Where's the kickstart file?
On 2/29/2012 2:12 AM, André Gemünd wrote: I'm not sure I understand the question right, but the kickstart file is generated ad-hoc on access through the HTTP server. You can view the output through cobbler system getks --name=YourSystem The templates lie in /var/lib/cobbler/kickstarts Greetings André Thanks. I think my problem was -- I didn't realize before that the kickstart was being generated dynamically. I was looking for a file on the system systemname because that's what the browser displayed in the URL. But I now realize there is no such file. What I should have been doing is looking at the profile and seeing what template it was based on (in this case it was sample.ks). sample.ks is full of snippets, so it doesn't really look like the final kickstart file presented to the client. i.e. The final kickstart file is dynamically generated and doesn't exist anywhere on the system. Another gotcha I found, related to the parsing error I was seeing. It seems that the output of the snippets (generated by Cheetah?) can contain $() clauses, but the Cheetah parser will not accept $() as input without escaping the dollar($) with a backslash (\). I have a related question but I'm going to start a new thread to avoid mucking up this one. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] created system in web interface. Where's the kickstart file?
Moderator is slow .. my original message with an attachment did not go through yet. Here's the original without the attachment: On 2/28/12 12:39 PM, Robert Jacobson wrote: I just got started with cobbler. I set it up a RHEL6.2 desktop VM, added the EPEL repo, and installed cobbler and cobbler-web: cobbler-2.0.11-2.el6.noarch cobbler-web-2011-2.el6.noarch I imported the RHEL6.2 install media into cobbler, then added a new system based on that profile. I PXE-booted another VM using the server and it seems to be working perfectly. So.. where the heck is the kickstart file on the filesystem? Using the web interface, I can view it, but I'll be darned if I can find the thing on the server anywhere. AFAICT there's no way to edit the thing through the web UI, right? I also tried creating a new kickstart file (again, in the web UI), by copying and pasting the kickstart file that was automatically generated. However, when I try that, I get a server error (lots of debug output not shown here) in /cobbler_web/ksfile/save. Cheetah.Parse.ParseError: Error in the Python code which Cheetah generated for this template: [...] (full error attached) BTW, I tried creating just a simple kickstart file with a comment -- that works fine. I only get the error when I copy/paste the auto-generated kickstart. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson robert.c.jacob...@nasa.gov Flight Ops. TeamSolar Dynamics Observatory (SDO) Bldg 14, E232 (301) 286-1591 ___ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler