[cobbler] Repository access mechanisms
I am evaluating Cobbler for potential use, rather than using it actively, so my knowledge of it is superficial. Here is my question: As far as I can see, a repository can be made available to a target machine (one that is being built) in two ways: - by mirroring the repo's contents locally, on the Cobbler server, in which case the target gets the local repo URL in the ks file, and accesses it over the local network, one which is used for netboot and initial installation; - by not mirroring the repo, where the target receives the actual (remote) URL of the repo in the ks file, and accesses it via a network that faces the wider world. Is it possible to set things up so that the server proxies the repo contents, i.e. the server talks to the Internet and passes the rpm's to the target via the local network? This would be a more secure way to handle the build, without exposing a half-built machine to the world; at the same time, it would avoid piling up potentially large mirrored repositories on the Cobbler server. Thank you for shedding any light on the subject. Danko Antolovic ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] Repository access mechanisms
On 23.07.2015 [11:09:25 -0400], Danko Antolovic wrote: > I am evaluating Cobbler for potential use, rather than using it > actively, so my knowledge of it is superficial. Here is my question: > > As far as I can see, a repository can be made available to a target > machine (one that is being built) in two ways: > > - by mirroring the repo's contents locally, on the Cobbler server, > in which case the target gets the local repo URL in the ks file, and > accesses it over the local network, one which is used for netboot > and initial installation; > > - by not mirroring the repo, where the target receives the actual > (remote) URL of the repo in the ks file, and accesses it via a > network that faces the wider world. > > Is it possible to set things up so that the server proxies the repo > contents, i.e. the server talks to the Internet and passes the rpm's > to the target via the local network? Uh, do you mean can you run squid on your cobbler server? Yes, you can. -Nish ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] Repository access mechanisms
Or repo sync it. Cobbler has a repo which is synced from an internet repo. Needs some disk space. We do this with centos and oracle linux. Cobbler will do the syncing for you. Install cobbler_web and then its more obvious how it works. -- Alastair Munro -Original Message- From: Danko Antolovic To: cobbler@lists.fedorahosted.org Sent: Thu, 23 Jul 2015 16:09 Subject: [cobbler] Repository access mechanisms I am evaluating Cobbler for potential use, rather than using it actively, so my knowledge of it is superficial. Here is my question: As far as I can see, a repository can be made available to a target machine (one that is being built) in two ways: - by mirroring the repo's contents locally, on the Cobbler server, in which case the target gets the local repo URL in the ks file, and accesses it over the local network, one which is used for netboot and initial installation; - by not mirroring the repo, where the target receives the actual (remote) URL of the repo in the ks file, and accesses it via a network that faces the wider world. Is it possible to set things up so that the server proxies the repo contents, i.e. the server talks to the Internet and passes the rpm's to the target via the local network? This would be a more secure way to handle the build, without exposing a half-built machine to the world; at the same time, it would avoid piling up potentially large mirrored repositories on the Cobbler server. Thank you for shedding any light on the subject. Danko Antolovic ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] Repository access mechanisms
Thanks; I assume that you are referring to: # cobbler repo edit --name=reponame --mirror-locally=yes # cobbler reposync That is what I meant by the first option, and reposync will build/sync a local copy of whatever is in the remote repo, unless I restrict the selection of packages with --rpm-list. It will work, but I was looking into avoiding an accumulation of mirrored repos on the Cobbler server. Or am I missing something? Danko Antolovic On 07/23/2015 01:05 PM, alast...@alastair-munro.com wrote: Or repo sync it. Cobbler has a repo which is synced from an internet repo. Needs some disk space. We do this with centos and oracle linux. Cobbler will do the syncing for you. Install cobbler_web and then its more obvious how it works. -- Alastair Munro -Original Message- From: Danko Antolovic To: cobbler@lists.fedorahosted.org Sent: Thu, 23 Jul 2015 16:09 Subject: [cobbler] Repository access mechanisms I am evaluating Cobbler for potential use, rather than using it actively, so my knowledge of it is superficial. Here is my question: As far as I can see, a repository can be made available to a target machine (one that is being built) in two ways: - by mirroring the repo's contents locally, on the Cobbler server, in which case the target gets the local repo URL in the ks file, and accesses it over the local network, one which is used for netboot and initial installation; - by not mirroring the repo, where the target receives the actual (remote) URL of the repo in the ks file, and accesses it via a network that faces the wider world. Is it possible to set things up so that the server proxies the repo contents, i.e. the server talks to the Internet and passes the rpm's to the target via the local network? This would be a more secure way to handle the build, without exposing a half-built machine to the world; at the same time, it would avoid piling up potentially large mirrored repositories on the Cobbler server. Thank you for shedding any light on the subject. Danko Antolovic ___ cobbler mailing list cobbler@lists.fedorahosted.org <mailto:cobbler@lists.fedorahosted.org> https://lists.fedorahosted.org/mailman/listinfo/cobbler ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
Re: [cobbler] Repository access mechanisms
I may be understanding this incorrectly, and I apologize if so... However, since it seems you are looking to have the traffic appear not to come from the half built machine, yet to communicate to the outside world (hosted repositories) could you not just set your default gateway to be the Cobbler server? Once you do that you can enable interface forwarding and NAT within IP tables to enable a proxy effect for your servers. Then in the post of your ks you could setup the proper interface and change your gateway to that network. In this way your server would then initiate any new connections to the repositories through the new Interface/Gateway. As I said I may have some flaws in this logic, but, it should work for what you are looking for... providing that I understood you correctly. On Fri, Jul 24, 2015 at 2:26 AM, Danko Antolovic wrote: > Thanks; I assume that you are referring to: > > # cobbler repo edit --name=reponame --mirror-locally=yes > # cobbler reposync > > That is what I meant by the first option, and reposync will build/sync a > local copy of whatever is in the remote repo, unless I restrict the > selection of packages with --rpm-list. > > It will work, but I was looking into avoiding an accumulation of mirrored > repos on the Cobbler server. Or am I missing something? > > Danko Antolovic > > > > > On 07/23/2015 01:05 PM, alast...@alastair-munro.com wrote: > >> Or repo sync it. Cobbler has a repo which is synced from an internet >> repo. Needs some disk space. We do this with centos and oracle linux. >> Cobbler will do the syncing for you. Install cobbler_web and then its more >> obvious how it works. >> >> -- >> Alastair Munro >> >> -Original Message- >> From: Danko Antolovic >> To: cobbler@lists.fedorahosted.org >> Sent: Thu, 23 Jul 2015 16:09 >> Subject: [cobbler] Repository access mechanisms >> >> I am evaluating Cobbler for potential use, rather than using it >> actively, so my knowledge of it is superficial. Here is my question: >> >> As far as I can see, a repository can be made available to a target >> machine (one that is being built) in two ways: >> >> - by mirroring the repo's contents locally, on the Cobbler server, in >> which case the target gets the local repo URL in the ks file, and >> accesses it over the local network, one which is used for netboot and >> initial installation; >> >> - by not mirroring the repo, where the target receives the actual >> (remote) URL of the repo in the ks file, and accesses it via a network >> that faces the wider world. >> >> Is it possible to set things up so that the server proxies the repo >> contents, i.e. the server talks to the Internet and passes the rpm's to >> the target via the local network? This would be a more secure way to >> handle the build, without exposing a half-built machine to the world; at >> the same time, it would avoid piling up potentially large mirrored >> repositories on the Cobbler server. >> >> Thank you for shedding any light on the subject. >> >> Danko Antolovic >> >> ___ >> cobbler mailing list >> cobbler@lists.fedorahosted.org <mailto:cobbler@lists.fedorahosted.org> >> https://lists.fedorahosted.org/mailman/listinfo/cobbler >> >> >> ___ >> cobbler mailing list >> cobbler@lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/cobbler >> > > ___ > cobbler mailing list > cobbler@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/cobbler > ___ cobbler mailing list cobbler@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler
