[et-mgmt-tools] boot locally after install via cobbler

Michael DeHaan mdehaan at redhat.com
Fri Aug 3 14:41:11 UTC 2007 

Peter Wright wrote:
> Harry Hoffman wrote:
>>
>> Hi Peter,
>>
>> No, I don't think that'll work... but if you wrote a quick cgi to accept
>> the args of mac addr and netboot then you could exec the cobbler
>> command...
>>
>> something like
>>
>> %post
>>
>> wget 
>> http://cobbler/cgi-bin/done_install?mac=00:11:22:33:44:55&netboot=n 
>> <http://cobbler/cgi-bin/done_install?mac=00:11:22:33:44:55&netboot=n>
>>
>> You'd of course want to do the normal sanitization of user data.
>>
>> I've got a script that I could modify to do this, let me know if you
>> need/want it.
>>
>> Cheers,
>> Harry
>>
>
>
>
> ok - i think i'm getting this thing now.  nice - if you don't mind 
> posting that script i'd love to take a look at it.
>
> -p
>
Harry has the right idea -- still though, CGI scripts should be running 
as the apache user and not root.   This means they won't (by design) 
have access to modify the cobbler configuration.   What you would really 
want to do is write a simple script that can /only/ disable the netboot 
field and then grant SSH access for only that one command.   There is 
some example of that technique posted here, which I personally haven't 
used, but I have it on good authority that it works well :)

http://www.mythic-beasts.com/support/dyndns_howto.html

This way (writing a script that calls "cobbler system edit --name=name 
--netboot-enabled=0") you make sure you've allowed remote access to 
changing only that one
specific flag.   (This particular flag has the result of removing the 
per-system configuration file in /tftpboot that enables the system to 
boot to a specific PXE target)

Incidentally, Matt Hyclak wrote a script to do this before you could do 
this in the cobbler command line.  That script is mentioned on this page:

https://hosted.fedoraproject.org/projects/cobbler/wiki/CobblerApi

The alternative is to SSH is to make the cgi to do this setuid root, 
which has security implications.

Another (perhaps simpler) option is set network boot lower in the BIOS 
order (so hard drives first), and then when it comes time to reinstall 
them, you can use
"koan --replace-self --server=bootserver.example.com --profile=name" to 
do the reinstall rather than needing to PXE.  If the Linux box is 
already running, you can invoke that koan call over SSH followed by a 
call to /sbin/reboot.    That will essentially do the same thing, and is 
what I do and generally recommend.



>
>
>
>>
>> > Harry Hoffman wrote:
>> >>
>> >> Hi Peter,
>> >>
>> >> I had this same problem... it should be said that with >= cobbler-0.5
>> >> there is a option to edit the system:
>> >> cobbler system add --name=string --profile=string [--mac=macaddress]
>> >>        [--ip=ipaddress] [--hostname=hostname] [--kopts=string] 
>> [--ipad-
>> >>        dress=string] [--ksmeta=string] [--netboot-enabled=Y/N
>> >>
>> >> The nice thing about cobbler via (git - yeah, it's a messed up 
>> name) is
>> >> that a make in the d/l'd src directory will build you a rpm with 
>> proper
>> >> version so that yum upgrades will overwrite it.
>> >>
>> >> It's a pretty trivial process, feel free to ask questions.
>> >>
>> >
>> > Awesome, thanks Harry - I'll start diving into this tomorrow then.  
>> Just
>> > to make sure I understand clearly.  With the newer version I should be
>> > able to run something like this during %post:
>> >
>> > cobbler system edit --name=$MAC --netboot-enabled=N
>> >
>> > -pete
>> >
>> >>
>> >>
>> >> > hi all,
>> >> > i'm currently working on moving a cluster over from Xcat to 
>> cobbler.
>> >> so
>> >> > far things have gone quite smoothly, i have imported several 
>> distros -
>> >> > created my own distros and gotten my custom kickstart's working 
>> quite
>> >> > easilly!
>> >> >
>> >> > my question is i have not figured out how one has an 
>> installation dial
>> >> > back to the cobbler master node and tell it that it no longer 
>> needs to
>> >> > to re-install itself.  with Xcat during the %post phase your node
>> >> would
>> >> > set it's status on the Xcat master node to boot locally after 
>> install
>> >> -
>> >> > is there something similar for cobbler?
>> >> >
>> >> > hopefully i'm missing something basic here, but have had no luck
>> >> reading
>> >> > through the man pages or mailing list archives.
>> >> >
>> >> > thanks!
>> >> > -pete
>> >> >
>> >> > --
>> >> > Peter Wright
>> >> > Systems Administrator
>> >> > Sony Pictures Imageworks
>> >> > wright at imageworks.com
>> >> > www.imageworks.com
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > et-mgmt-tools mailing list
>> >> > et-mgmt-tools at redhat.com
>> >> > https://www.redhat.com/mailman/listinfo/et-mgmt-tools
>> >> >
>> >>
>> >>
>> >> _______________________________________________
>> >> et-mgmt-tools mailing list
>> >> et-mgmt-tools at redhat.com
>> >> https://www.redhat.com/mailman/listinfo/et-mgmt-tools
>> >>
>> >
>> >
>> > --
>> > Peter Wright
>> > Systems Administrator
>> > Sony Pictures Imageworks
>> > wright at imageworks.com
>> > www.imageworks.com
>> >
>> >
>> >
>>
>>
>>
>
>

More information about the et-mgmt-tools mailing list