[Ovirt-devel] Re: ovirt integration w/ cobbler

Daniel P. Berrange berrange at redhat.com
Thu Feb 14 22:58:22 UTC 2008 

On Tue, Feb 12, 2008 at 11:55:29AM -0500, Michael DeHaan wrote:
> 
> It doesn't do ISOs yet, but that's something that could be added.
> 
> It would require some minor cobbler/koan changes.   If someone is 
> interested in working with me on that, that's great...
> if not, if I can better understand the requirements it should not be 
> that complex to add myself.
> 
> Basically I'm guessing you want to either do:
> (a)  fullvirt provisioning where there is no PXE server, and you can't 
> do kernel+initrd installs like koan does now (like Xen FV works on F8)
> (b)  non-Linux installs (make koan deploy an arbitrary OS)

Yep, we've got 2 core use cases:

 - Deploying the 'managed host' images. This is a pre-built minimal
   Fedora image essentially onl running libvirt. The idea being you
   turn on a physical host, it PXE's this image and joins itself to
   the oVirt management server and can now have guests deployed on it
   We can build images such that they have a kernel+initrd if needed.

 - Deploying the guest OS'.  This can be any OS, be it Linux, Windows
   BSD, Solaris, etc. Obviously Fedora / RHEL are trivial since we
   can always do kernel+initrd from the main distro trees.

> One thing that might also be interesting for ovirt is the koan live CD 
> ... basically it allows you to insert a CD/USB-image into any baremetal 
> machine,
> boot it, and it will install to whatever cobbler profile you want... 
> this can be either a preset profile, e.g. "foo", or can be detected 
> based on the MAC
> address.   This could be any distro as well, so a F8/F9 based installer 
> image could install EL4.   Kinda neat if you need to add new machines
> to your "cloud" and ovirt isn't the "official" provisioning server.

That sounds like a nice idea for places where we can't directly use PXE.

> The APIs are pretty solid at this point -- Virt-Factory was using them, 
> Cobbler's web UI is using them now, and I can add anything that isn't there.
> Auth is also pluggable now so we can write a module to use whatever 
> authentication system ovirt might be using.

Are there any docs on the APIs available for controlling Cobbler ?

For authentication we're basically Kerberos enabled throughout. All the
services and users have kerberos tickets / principals. If the Cobbler
APIs can be setup to go via Apache's  mod_kerb that should do the trick
quite nicely. At worse we can copy the FreeIPA approach of having Apache
do the auth and then proxypass the request through to Cobbler which can
read the authenticated username from the HTTP request.

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|

More information about the ovirt-devel mailing list