Cobbler BEFN$?FN

8lkfdXk\[`ejkXccXk`fen`k_k_\:fYYc\igifm`j`fe`e^kffc E

Cobbler helps you install new systems in a hurry. We’ll show you how to use this nifty shoemaker to deploy

Xen and VMware virtual machines. BY DAVID NALLEY

f you try to install or upgrade several uniform environment and does not take article, I show you how to set up a Cob- computers at once, you will soon into account differences in hardware or bler provisioning system and take a look @discover that manual installation is a function. Also, the image gets out of at the provisioning of virtual machines huge time sink. Even if you are working date over time – with the constant ap- with Cobbler’s helper application Koan. with a checklist, it is often difficult to get pearance of updates, managing the im- Cobbler provides a framework for con- everything installed the same way every ages can become a full-time job. The figuring and managing: time. For this reason, most systems ad- more robust way of provisioning is by ฀ ฀฀฀฀ ministrators understand the importance automatically installing the operating ฀ ฀฀฀฀ of an automated install system. system each time, rather than relying on ฀ ฀฀฀ It’s no surprise that virtually every op- a predefined disk image. This method is ฀ ฀฀฀฀฀฀ erating system has the ability to auto- generally considered more challenging. daemon mate installations. What is curious, The Cobbler project [2], born at Red By managing all the configurations for given the necessity of such systems, is Hat and lead by Michael DeHaan, signifi- all services, Cobbler literally can run an that configuring automated installation cantly lowers the barrier for provisioning entire provisioning network from a sin- typically requires so much time and ef- in . Cobbler is an all-encompassing gle box. Of course, you don’t have to use fort. In the past, automated installation framework for automated provisioning Cobbler to configure all these services required a fair amount of knowledge systems that provides a “soup-to-nuts” ฀฀฀฀฀฀฀ about networking, Pre-eXecutable Envi- solution, bringing together provisioning ronment (PXE), and, of course, the oper- prerequisites like DHCP and TFTP, pro- Table 1: Required Ports ating system itself. Those prerequisites viding management utilities for control- and Services represented a significant barrier to entry. ling software repositories, and offering Port Service Automated provisioning techniques up a framework to enable both a com- TCP 53 DNS have taken a number of forms over the mand-line and web interface for easy UDP 53 DNS years. The approach familiar to most management (Figure 1). UDP 68 DHCP people is taking a disk image of a system In addition to handling hardware- UDP 69 TFTP with the use of dd, PING (Partimage is based installs, Cobbler is proficient at TCP 80 HTTP not Ghost) [1], or another tool, then de- configuring virtual machines: You can UDP 25150 Remote syslog ploying that disk image anytime you provision a collection of or KVM vir- TCP 25151 XMLRPC need it. Unfortunately, this solution tual machines as easily as a new hard- TCP 25152 XMLRPC doesn’t scale well because it relies on a ware-based server or workstation. In this

JANUARY 2009 ISSUE 98 51

051-055_cobbler.indd 51 13.11.2008 18:41:30 Uhr BEFN$?FN Cobbler

and DHCP servers if they are already present. In the event they aren’t, you can use Cobbler to manage the daemons and their configurations. Aside from letting you manage dae- mons, Cobbler provides a framework to mirror the installation framework from a DVD or an Internet repository. Addition- ally, Cobbler can mirror and keep cur- rent with third-party repositories. In the event that PXE booting isn’t an option, ฀฀฀฀฀฀฀ that will present the user with the same installation options that are presented to a machine that uses PXE. A single Cobbler command will down- load an operating system from the Inter- ฀฀฀฀฀฀ =`^li\)1<[`k`e^XB`ZbjkXikk\dgcXk\% and make the system ready for deploy- ment. Another command grabs all of the ent sets of packages and pushes differing the operating system is installed, you packages from an update repository. configuration files based on that logic. can set up Cobbler and its dependencies. Most discussions of Cobbler focus on For example, Cobbler allows you to push For the remainder of this article, I’ll as- its ease of use, but equally important is ฀฀฀฀฀฀ sume you plan to use Cobbler as an all- its power and flexibility. For instance, your development machines might get in-one provisioning system and that it Cobbler allows you to use snippets of ฀฀฀฀฀฀฀฀- ฀฀฀฀฀ code across many configuration files. If ers get a different set. Cobbler is available in the standard re- a snippet of code needs to be in multiple This example is just a simple demon- pository set with Fedora, but with RHEL Kickstart files, you can place it in one stration of the type of flexibility that ฀฀฀฀฀฀฀฀ file. The classic use for this feature is Cobbler has built in. Another feature repositories. To install Cobbler, enter: ฀฀฀฀฀฀฀- that is getting a lot of attention is Cob- ฀฀฀฀฀฀฀฀ bler’s integration with configuration install cobbler httpd 5 Rather than being limited to simple in- management systems such as Puppet. dhcp bind tftp-server cludes, Cobbler has the power to dynam- ically insert code snippets so you can @ejkXcc`e^:fYYc\i ฀฀฀฀฀฀฀ programmatically change the configura- Although packages are available for Cob- need to configure it so that Cobbler can tion on the basis of the type of machine, bler in Debian and , they are still serve up the dynamically configured function of machine, IP address, or a very much in development. At the time Kickstart files: host of other factors. This approach al- of this writing, a machine with Fedora 8 lows you to have a single Kickstart file ฀฀฀฀฀฀฀฀฀฀ setsebool -P 5 with embedded logic that deploys differ- be a better candidate for Cobbler. Once httpd_can_network_connect true

If you change the /etc/cobbler/settings file to contain the following settings, Cobbler will manage configuration and ฀฀฀฀฀฀฀- lation client. The server and next_server settings relate to PXE booting and are used in configuring DHCP and defining where machines should look to get boot information. In this case, the cobbler server has the address 192.168.1.5:

manage_dhcp: 1 manage_dns: 1 next_server: '192.168.1.5' server: '192.168.1.5'

If you use an address other than =`^li\(1:fYYc\iZfd\jn`k_Xefgk`feXcn\Y$YXj\[`ek\i]XZ\% 192.168.1.5, modify /etc/cobbler/dhcp.

52 ISSUE 98 JANUARY 2009

051-055_cobbler.indd 52 13.11.2008 18:41:33 Uhr Cobbler BEFN$?FN

template appropriately to match the net- Listing 1: Cobbler’s Configuration Check work you have chosen. If you don’t do 01 [root@nalleyt61 ~]# cobbler check 09 #3: One or more kickstart this, machines will unsuccessfully at- 02 The following potential problems 10 templates references default tempt to PXE boot to the 192.168.1.5 03 were detected: 11 password 'cobbler' and should address, and machines booted with a 04 #0: service cobblerd is not running 12 be changed for security reasons ฀฀฀฀ will vainly attempt to reach installation 05 #1: service httpd is not running 13 : /etc/cobbler/sample.ks, repositories on 192.168.1.5. 06 #2: since iptables may be running, 14 /etc/cobbler/legacy.ks, In /etc/cobbler/named.template, you’ll 07 ensure 69, 80, 25150, and 25151 are 15 /etc/cobbler/sample_end.ks want to set the listen_on variable to 08 unblocked match the IP address of the Cobbler server. This step defines one of the few One of the interesting features of Cob- cobbler reposync information items Cobbler needs to con- bler is that it provisions systems dynami- ฀฀฀฀฀฀฀ cally based on the latest packages. This For a home setup or installfest, you course, it instructs the bind configura- means that if Cobbler knows about an might disregard the following setting, ฀฀฀฀฀฀฀฀฀ update repository, it will install the latest but if Cobbler will be running in a large ฀฀฀ updated packages in that repository. lab or in a corporate environment, you This can save lots of time by eliminating will want to point your installed ma- listen-on port 53 5 post-install updates, particularly if it has chines at the repositories Cobbler is now { 192.168.1.5; }; been a long while since the distribution keeping locally. This allows you to main- was released. Also, you are not limited tain a local update repository and update If you are using a firewall, make sure to update repositories; you could just as all of your machines based on that re- you open the ports shown in Table 1. easily use a repository for Dell’s Open- pository. You can change this setting in ฀฀฀฀฀ /etc/cobbler/settings to match: >\kk`e^k_\9`kj packages or some other third-party re- Now it is time to import the first distri- pository. yum_post_install_mirror: 1 bution. Cobbler makes this an easy, one- To define an update repository, use the command step, with only two argu- cobbler repo add command, assign the Cobbler uses the concept of a profile to ments: the name you assign to the distri- repository a name, and then specify the define a collection of common configura- bution and the location of the installa- location: tion settings. A Cobbler profile consists tion data. The installation files can be of a distribution, optionally one or more pulled from install media or from the cobbler repo add 5 additional repositories, and the installa- Internet. --name=F9-updates tion configuration file. This flexible tech- If you have DVD install media, the --mirror=5 nique allows you to use the same distri- command is as easy as: http://mirror.anl.gov/fe bution in multiple profiles – each with dora/linux/updates/9/i386/ different installation configuration files – cobbler import --name=F9 5 or even different repositories. In addition --mirror=/media/dvd With a repository defined by the preced- to providing flexibility, the profile ap- ing command, the actual content is proach also minimizes the amount of To use an Internet mirror, enter: synced from the mirror to the local Cob- storage used over a traditional image- bler server with the following command. based provisioning system. A profile for cobbler 5 To keep this local repository in sync, installing Fedora 9 with the latest up- import -name=F9 --mirror=5 you need to run this command regularly dates would look like: rsync://mirror.anl.gov/5 or automate it with a cron job. Note that, fedora/linux/releases/9/5 if you have defined multiple repositories, cobbler profile add --name= Fedora/i386/ this command will sync them all: Fedora9 --distro=F9-i386

What if I Use a Non–RH-like Distro? Listing 2: Starting Services It’s no surprise that Cobbler is great at deploying and Fedora; after all, Cobbler’s 01 /sbin/chkconfig httpd on primary author, Michael DeHaan, is a Red Hat employee and Fedora contributor, and

02 /sbin/chkconfig dhcpd on Cobbler originated (and still lives) within Red Hat’s Emerging Technologies division.

03 /sbin/chkconfig xinetd on However, Cobbler will also install SUSE and Debian-based distributions. Some of the other interesting options that are already available include PXE booting any Live CD and 04 /sbin/chkconfig tftp on updating firmware for network hardware from HP and Dell. As of this writing, develop- 05 /sbin/chkconfig cobblerd on ment work is occurring to provide provisioning of Windows, Solaris, and hard drive im- 06 /sbin/service httpd start ages that are operating system agnostic. 07 /sbin/service dhcpd start For those who don’t want to use Fedora or RHEL for their provisioning system, Debian 08 /sbin/service xinetd start and Ubuntu community members are working to get it packaged and functional for 09 /sbin/service cobblerd start Debian-based distributions.

JANUARY 2009 ISSUE 98 53

051-055_cobbler.indd 53 13.11.2008 18:41:33 Uhr BEFN$?FN Cobbler

[authentication] module = authn_configfile

This change will allow connections to http://192.168.1.5/cobbler/web with a username of cobbler and a password of cobbler. Please be sure to change the password to something other than the default as follows:

htdigest 5 /etc/cobbler/users.digest 5 "Cobbler" cobbler

From within the web interface, system administrators can add, modify, and d elete distributions, repositories, and =`^li\*18gif]`c\XjjfZ`Xk\jX[`jki`Ylk`fen`k_XB`ZbjkXik]`c\Xe[fk_\ij\kk`e^j% profiles. At this point, you can PXE boot or --updates=F9-updates Cobbler from functioning, or one of the boot to a Cobbler-generated network --kickstart=5 prerequisite services not running. You ฀฀฀฀฀฀฀฀ /etc/cobbler/sample.ks can invoke that mechanism with the fol- that’s completely automated. lowing command: ฀฀฀฀฀฀ Note that I listed sample.ks as the Kick- file will present the user with the same start file. That particular file will install a cobbler check options and experience as if you had used minimal system. It is a good idea to add PXE. The resultant CD already has the some packages and possibly make some At this point, Cobbler should return the connection information to point back to configuration changes in the Kickstart results (Listing 1). Cobbler and the list of available profiles. file. This sample.ks is a good base to Problem numbers 0 and 1 (service cob- start with, though because it certainly blerd is not running and service httpd is M`iklXcGifm`j`fe`e^n`k_ has the minimum requirements, and you not running, respectively) will be recti- BfXe can add from there. fied shortly. Problem number 2 (since ip- Koan, Cobbler’s client-side helper appli- After you make any changes to /etc/ tables may be running, ensure 69, 80, cation, makes it easy to deploy virtual cobbler/settings (or use any of the cob- 25150, and 25151 are unblocked) will machines. With a Cobbler server in bler commands), you’ll want to run cob- throw an alert if iptables is running, so place, you can use Koan to configure bler sync so that the changes are re- as long as the ports listed above are your virtual disk, network, and other flected by the Cobbler daemon. Now is a opened, this problem can be ignored. ฀฀฀฀฀ good time to do so: Problem number 3 (One or more kick- automatically; and start the virtual ma- start templates references default pass- chine. Moreover, Koan works with Xen, cobbler sync word 'cobbler' and should be changed for KVM, and certain versions of VMware. security reasons) will show up because Currently, only VMware Workstation Cobbler also comes with a configuration- all of the sample Kickstarts have a root ฀฀฀฀฀฀ checking mechanism that looks for password that is cobbler. This situation things that might be awry, such as a fire- is only a problem if those Kickstarts are ฀฀฀฀฀ to be used. The root password in each of those files can be changed easily. Be- Table 2: Koan Override cause I assume that a user- created Kick- Options start file will be used, wherein a unique Option Description root password will be set, you can disre- --virt-name Name of virtual machine gard this problem as well. to create The services that Cobbler uses must --virt-type Forces use of qemu/ xen/ be started and configured to start on vmware boot (see Listing 2). At this point, I --virt-ram Size in megabytes should indicate that 90 percent of Cob- --virt-bridge Name of bridge device bler’s configuration is also available in --virt-path Use this block device, di- the web interface. By changing the [au- rectory thentication] portion of /etc/cobbler/ =`^li\+1K_\]lcciXe^\f]gif]`c\fgk`fej --no-gfx Do not use VNC graphics modules.conf, you can enable access to f]]\ijX]c\o`Yc\]iXd\nfib]fiZljkfd`q`e^ (Xen only) the web interface: k_\m`iklXcjpjk\d%

54 ISSUE 98 JANUARY 2009

051-055_cobbler.indd 54 13.11.2008 18:41:36 Uhr GET YOUR HANDS ON SOME HOT NEW BOOKS ฀฀฀฀฀฀฀฀฀฀฀ command will take care of provisioning a virtual machine: FROM APRESS koan --server=5 cobber.example.org 5 --virt --virt-type=qemu 5 --profile=Fedora9

The preceding command will contact Cobbler to determine Peter Seebach the amount of RAM and disk space, write the configuration 978-1-4302-1043-6 file, start the virtual machine, and install the operating sys- $34.99 | 376 pp | November 2008 ฀฀฀฀฀฀฀฀฀ such as the amount of memory. Table 2 shows some override options available to Koan. VMware-based virtual machines require a bit more work – Ron Peters but only one more line. Essentially, you need to define a sys- 978-1-4302-1841-8 tem record in Cobbler for the new virtual machine’s MAC ad- $39.99 | 330 pp | December 2008 dress and assign a profile:

cobbler system add --name=foo 5 --mac=00:50:56:00:00:00 5 #on the cobbler server Kirk Bauer and Nathan Campi koan --server=5 978-1-4302-1059-7 $49.99 | 425 pp | December 2008 cobbler.example.org 5 --name=foo --virt 5 --virt-type=vmware 5 #on the vmware host Andy Channelle 978-1-4302-1590-5 One cautionary note: VMware requires that the MAC address $39.99 | 500 pp | December 2008 of the virtual machine be between 00:50:56:00:00:00 and 00:50:56:3F:FF:FF for networking to function properly. :feZclj`fe Cobbler is a great enterprise-capable tool that removes a lot of Sander van Vugt the traditional headaches associated with setting up a provi- 978-1-4302-1622-3 sioning system. This makes it great not just for the users at $44.99 | 400 pp | December 2008 large data centers and clusters, but also for a LUG that wants to set up a network install server for an installfest. p

What if I Don’t Have Control of DHCP? Sander van Vugt 978-1-4302-1082-5 Not having control over DHCP is a common enough problem, $39.99 | 424 pp | September 2008 especially in larger organizations. In some cases, networks don’t even use DHCP, and some machines that use network cards don’t support PXE booting. To enable PXE booting, Cob- bler needs to have DHCP push out several options. One of those is the next-server option, which identifies what server is running tftpd and that the machines can load boot information for PXE. The other field is the file name that PXE will load from the tftp server. If you aren’t able to configure a DHCP server to provide these settings, Cobbler can build a small ISO that con- For more information about Apress titles, tains essentially the same information that PXE booting would please visit www.apress.com yield. For a Cobbler-generated network install ISO, enter: cobbler buildiso Don’t want to wait for the printed book? Order the eBook now at INFO http://eBookshop.apress.com!

[1] Partimage is not Ghost: http:// ping. windowsdream. com/ [2] Cobbler project: https:// fedorahosted. org/ cobbler [3] Kickstart documentation: http:// fedoraproject. org/ wiki/ / Options

051-055_cobbler.indd 55 13.11.2008 18:41:37 Uhr