[et-mgmt-tools] boot locally after install via cobbler

Michael DeHaan mdehaan at redhat.com
Fri Aug 3 15:40:23 UTC 2007 

Michael DeHaan wrote:
> Michael DeHaan wrote:
>> Peter Wright wrote:
>>> Harry Hoffman wrote:
>>>>
>>>> Hi Peter,
>>>>
>>>> No, I don't think that'll work... but if you wrote a quick cgi to 
>>>> accept
>>>> the args of mac addr and netboot then you could exec the cobbler
>>>> command...
>>>>
>>>> something like
>>>>
>>>> %post
>>>>
>>>> wget 
>>>> http://cobbler/cgi-bin/done_install?mac=00:11:22:33:44:55&netboot=n 
>>>> <http://cobbler/cgi-bin/done_install?mac=00:11:22:33:44:55&netboot=n>
>>>>
>>>> You'd of course want to do the normal sanitization of user data.
>>>>
>>>> I've got a script that I could modify to do this, let me know if you
>>>> need/want it.
>>>>
>>>> Cheers,
>>>> Harry
>>>>
>>>
>>>
>>>
>>> ok - i think i'm getting this thing now.  nice - if you don't mind 
>>> posting that script i'd love to take a look at it.
>>>
>>> -p
>>>
>> Harry has the right idea -- still though, CGI scripts should be 
>> running as the apache user and not root.   This means they won't (by 
>> design) have access to modify the cobbler configuration.   What you 
>> would really want to do is write a simple script that can /only/ 
>> disable the netboot field and then grant SSH access for only that one 
>> command.   There is some example of that technique posted here, which 
>> I personally haven't used, but I have it on good authority that it 
>> works well :)
>>
>> http://www.mythic-beasts.com/support/dyndns_howto.html
>>
>> This way (writing a script that calls "cobbler system edit 
>> --name=name --netboot-enabled=0") you make sure you've allowed remote 
>> access to changing only that one
>> specific flag.   (This particular flag has the result of removing the 
>> per-system configuration file in /tftpboot that enables the system to 
>> boot to a specific PXE target)
>>
>> Incidentally, Matt Hyclak wrote a script to do this before you could 
>> do this in the cobbler command line.  That script is mentioned on 
>> this page:
>>
>> https://hosted.fedoraproject.org/projects/cobbler/wiki/CobblerApi
>>
>> The alternative is to SSH is to make the cgi to do this setuid root, 
>> which has security implications.
>>
>> Another (perhaps simpler) option is set network boot lower in the 
>> BIOS order (so hard drives first), and then when it comes time to 
>> reinstall them, you can use
>> "koan --replace-self --server=bootserver.example.com --profile=name" 
>> to do the reinstall rather than needing to PXE.  If the Linux box is 
>> already running, you can invoke that koan call over SSH followed by a 
>> call to /sbin/reboot.    That will essentially do the same thing, and 
>> is what I do and generally recommend.
>>
>>
>
> Talking on IRC,
>
> We've decided we're going to implement the following:
>
> When /var/lib/cobbler/settings parameter "pxe_just_once" is set to 1, 
> we're going to add a line to the bottom of the kickstart to call
> a CGI script.   (You'll also have to add a sudoers entry that we can 
> define in the manpage)
>
> There's going to be a wget to a CGI script that takes a cobbler system 
> name as a parameter.
> This script invokes cobbler_set_netboot via sudo, which can do nothing 
> else but toggle the netboot-enabled parameter.
> cobbler_set_netboot has permissions to only toggle the netboot flag
>
> So, in summary, all a user will need to do is:
> -- flip the pxe_just_once switch in the settings file
> -- add a sudoers entry (cobbler check can even show the user what this 
> entry must look like)
>
> We can do this :)
>
>
I was overthinking this.  We can use the XMLRPC interface to help out 
the CGI script and eliminate the sudo problem altogether.

Even better...


>
>
>>
>>>
>>>
>>>
>>>>
>>>> > Harry Hoffman wrote:
>>>> >>
>>>> >> Hi Peter,
>>>> >>
>>>> >> I had this same problem... it should be said that with >= 
>>>> cobbler-0.5
>>>> >> there is a option to edit the system:
>>>> >> cobbler system add --name=string --profile=string 
>>>> [--mac=macaddress]
>>>> >>        [--ip=ipaddress] [--hostname=hostname] [--kopts=string] 
>>>> [--ipad-
>>>> >>        dress=string] [--ksmeta=string] [--netboot-enabled=Y/N
>>>> >>
>>>> >> The nice thing about cobbler via (git - yeah, it's a messed up 
>>>> name) is
>>>> >> that a make in the d/l'd src directory will build you a rpm with 
>>>> proper
>>>> >> version so that yum upgrades will overwrite it.
>>>> >>
>>>> >> It's a pretty trivial process, feel free to ask questions.
>>>> >>
>>>> >
>>>> > Awesome, thanks Harry - I'll start diving into this tomorrow 
>>>> then.  Just
>>>> > to make sure I understand clearly.  With the newer version I 
>>>> should be
>>>> > able to run something like this during %post:
>>>> >
>>>> > cobbler system edit --name=$MAC --netboot-enabled=N
>>>> >
>>>> > -pete
>>>> >
>>>> >>
>>>> >>
>>>> >> > hi all,
>>>> >> > i'm currently working on moving a cluster over from Xcat to 
>>>> cobbler.
>>>> >> so
>>>> >> > far things have gone quite smoothly, i have imported several 
>>>> distros -
>>>> >> > created my own distros and gotten my custom kickstart's 
>>>> working quite
>>>> >> > easilly!
>>>> >> >
>>>> >> > my question is i have not figured out how one has an 
>>>> installation dial
>>>> >> > back to the cobbler master node and tell it that it no longer 
>>>> needs to
>>>> >> > to re-install itself.  with Xcat during the %post phase your node
>>>> >> would
>>>> >> > set it's status on the Xcat master node to boot locally after 
>>>> install
>>>> >> -
>>>> >> > is there something similar for cobbler?
>>>> >> >
>>>> >> > hopefully i'm missing something basic here, but have had no luck
>>>> >> reading
>>>> >> > through the man pages or mailing list archives.
>>>> >> >
>>>> >> > thanks!
>>>> >> > -pete
>>>> >> >
>>>> >> > --
>>>> >> > Peter Wright
>>>> >> > Systems Administrator
>>>> >> > Sony Pictures Imageworks
>>>> >> > wright at imageworks.com
>>>> >> > www.imageworks.com
>>>> >> >
>>>> >> >
>>>> >> > _______________________________________________
>>>> >> > et-mgmt-tools mailing list
>>>> >> > et-mgmt-tools at redhat.com
>>>> >> > https://www.redhat.com/mailman/listinfo/et-mgmt-tools
>>>> >> >
>>>> >>
>>>> >>
>>>> >> _______________________________________________
>>>> >> et-mgmt-tools mailing list
>>>> >> et-mgmt-tools at redhat.com
>>>> >> https://www.redhat.com/mailman/listinfo/et-mgmt-tools
>>>> >>
>>>> >
>>>> >
>>>> > --
>>>> > Peter Wright
>>>> > Systems Administrator
>>>> > Sony Pictures Imageworks
>>>> > wright at imageworks.com
>>>> > www.imageworks.com
>>>> >
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>
>>>
>>
>> _______________________________________________
>> et-mgmt-tools mailing list
>> et-mgmt-tools at redhat.com
>> https://www.redhat.com/mailman/listinfo/et-mgmt-tools
>
> _______________________________________________
> et-mgmt-tools mailing list
> et-mgmt-tools at redhat.com
> https://www.redhat.com/mailman/listinfo/et-mgmt-tools

More information about the et-mgmt-tools mailing list