[et-mgmt-tools] Cobbler kerberos support testing (& other 1.0 notes/ramblings)

Tue Apr 15 21:55:31 UTC 2008

Hello Cobbler land,

I wanted to give a quick update on some things going on in Cobbler 
development.    So far the 0.9.X branch is coming along very nicely and 
the changelog is already quite large.    A lot of this can use testing 
now and will help us get a much nicer release out earlier.  Of 
particular interest:  Kerberos added yesterday.   It's an optional 
authentication mode, and if anyone wants to test it see the following:

https://fedorahosted.org/cobbler/wiki/CobblerWithKerberos

This feature pretty much relies on Apache to get things done and should 
be pretty easy to set up if you already have a Kerberos Apache config 
for another application.   As always, the default out-of-the-box 
configuration is the simple config file (digest) based one, so Kerberos 
will not be required for a Cobbler setup in any case.   (Slightly 
related -- We've also talked about doing LDAP authorization in addition 
to authentication for a future release --f or those who want to control 
ownership but don't want to use the config file).

I'm also working on updating the Cobbler "status" command (which has 
been pretty weak for a while) for the 0.9/1.0 release.   This feature 
will now log the IP/MAC and profile/system names of any provisioning 
requests, so you'll be able to see what a particular ip/mac is installed 
to, even if it's not in your Cobbler "database", and when it was last 
installed.  For installing systems, you'll also be able to see how long 
they have been installing.  This will be much better than the existing 
status implementation, which relies on Apache logs and isn't very 
accurate when it tries to determine when things happened (when it 
works).  We'll continue to log syslog for distros that support it as well.

There have also been some good ideas on IRC over the last few days about 
improving the WebUI to better deal with the ownership modes.  A couple 
of those ideas including offering a simpler webui view for "lowly users" 
that only allow them to edit select fields of what they own -- for 
instance, they can see they own profile X and Y, and systems A, B, and 
C, and can choose to flip the netboot flags of system C and reinstall it 
if they wish, etc.   Another thing we'll likely want to add is search to 
the WebUI, so if you have a very large number of systems, and just want 
to find out what a particular hostname/ip/mac is running, it will be 
quick to do that.   The final thing that I want to address for the WebUI 
for 0.9/1.0 is being able to create/copy kickstart templates as opposed 
to just being able to edit them.   That should round out the webapp a 
good bit.   Other ideas welcome.   Surfacing cobbler status is probably 
also a good idea, especially if we can find a nice way to show the "last 
installed date" for systems and other neat stuff like that.   I also 
want to look at ACLs and running Cobbler as non-root (possibly) though 
that may be a later release depending on how development goes, probably 
a quick 1.1/1.2 release.

Anyhow, if you have a kerberos setup and don't mind playing with git 
(see the first parts of 
https://fedorahosted.org/cobbler/wiki/PatchProcess) -- testing is very 
welcome.   The latest version of the rest of the development changelog 
is always available here:  

http://git.fedorahosted.org/git/?p=cobbler;a=blob_plain;f=CHANGELOG;hb=devel

And as always, other comments about what you'd like to see in Cobbler 
are always welcome to.  We have an RFE list in Trac for holding the 
ideas.  If you don't have a Trac account you can get one at 
https://admin.fedoraproject.org/accounts and Trac is here:  
https://fedorahosted.org/cobbler/report

Thanks!

--Michael