Back to the main page
Using Ansible to deploy Cobbler server
Intro
This playbook installs and configure Cobbler server, it supports OL6 (Cobbler 2.6 installed) and OL7 (Cobbler 2.8 installed).
Design
A user should run the playbook as him/her-self, using the option "-K" (playbook then asks for the password to be used by sudo)
Use dedicated inventory file, and specify it with '-i' while running the playbook.
Since host's key can change, use inventory variable:
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
The command to run is : ansible-playbook -i .yml -K
The main playbook determines remote host distribution (OracleLinux) and version (6, 7), and depending of that, imports additional playbook dedicated for OL6 or 7. Hence no need to worry about OL version in the inventory file.
At the end of run, the playbook does 'cobbler check',
review the output and if needed perform some additional actions,
some of 'warning' can be safely ignored.
If SELinux is enabled, the playbook disables it, and this change requires reboot
Playbook adds some system admins as authorized Cobbler admins
Playbook setup Oracle breed and OL5-8 and OVS3-4 distro signatures.
Playbook doesn't care if system's OS authentication is against local accounts or LDAP directory (user running playbook should have account on target system, with sudo privilege)
Playbook configures Cobbler web against LDAP authentication
Implementation
List tasks
Playbook runs bunch of tasks, and if you just want to see tasks list, without their execution, run the command:
[you@ca-ansible] ansible-playbook deploy-cobbler.yml --list-tasks
playbook: deploy-cobbler.yml
play #1 (cobbler): Deploy Cobbler server on OL6 and OL7
tasks:
play #2 (cobbler): Playbook to install latest Cobbler (2.6.x) on OL6
tasks:
Ping check
Stop, disable iptables
Add epel repository
Proceed only if there is OL6 public yum repo
... shortened ...
Run Cobbler deployment
To deploy Cobbler server, first review the inventory file and make sure it's correct.
Then run the command (you'll have to type your password):
[you@ca-ansible] ansible-playbook -i inventory-cobbler.txt deploy-cobbler.yml -K
SUDO password:
Logging
Ansible logs into the file /var/log/ansible.log
Messages
A playbook run may fail for some reasons, and these are messages and what they mean.
<username> is not in the sudoers file (this is self explanatory)
Failed to connect to the host via ssh: ssh_exchange_identification: Connection closed by remote host
(verify hostname / IP in the inventory file)
Error: Package: <RPM name> Requires: <another RPM name>
(RPM dependency may fail, probably require manual installation, then run playbook again)
Aborting, target uses selinux but python bindings (libselinux-python) aren't installed
(On OL6, SELinux may need to be disabled manually first)
Once Cobbler is installed, if there is any problem, look for messages in the log file /var/log/cobbler/cobbler.log
Playbook and other files
inventory-cobbler.txt
[cobbler:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
[cobbler]
# fqdn ansible_user= ansible_ssh_pass= #comment
#ca-zdudic1.domain.com ansible_user=zdudic ansible_ssh_pass=mypasswd
users.conf
[admins]
# People who "maintain" Cobbler
milan = ""
alisa = ""
aleksai = ""
luka = ""
vojislav = ""
vladimir = ""
# etc
distro_signatures.json
{"breeds":
{
"oracle": {
"ol5": {
"signatures":["Server","Packages"],
"version_file":"oraclelinux-release-5(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-uek-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64"],
"supported_repo_breeds":["rsync", "uln", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/ATT_mbr",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[]
},
"ol6": {
"signatures":["Server","Packages"],
"version_file":"oraclelinux-release-.*6(Server)(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-uek-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64"],
"supported_repo_breeds":["rsync", "uln", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/ATT_mbr",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[]
},
"ol7": {
"signatures":["Server", "Packages"],
"version_file":"oraclelinux-release-.*7(Server)(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-uek-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64","arm"],
"supported_repo_breeds":["rsync", "uln", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/ATT_mbr",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[],
"boot_loaders":{"ppc64":["grub2"], "ppc64le":["grub2"]}
},
"ol8": {
"signatures":["BaseOS", "Server", "Packages"],
"version_file":"oraclelinux-release-.*8(Server)(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-uek-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64","arm"],
"supported_repo_breeds":["rsync", "uln", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/ATT_mbr",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[]
},
"ovs3": {
"signatures":["Server", "Packages"],
"version_file":"ovs-release-3.*\\.x86_64\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-uek(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["x86_64"],
"supported_repo_breeds":["rsync","uln","yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":true,
"default_kickstart":"/var/lib/cobbler/kickstarts/ATT_mbr",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":["isolinux/mboot.c32","isolinux/xen.gz"]
},
"ovs4": {
"signatures":["Server", "Packages"],
"version_file":"ovs-release-4.*\\.x86_64\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-uek(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["x86_64"],
"supported_repo_breeds":["rsync","uln","yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":true,
"default_kickstart":"/var/lib/cobbler/kickstarts/ATT_mbr",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":["isolinux/mboot.c32","isolinux/xen.gz"]
}
},
"redhat": {
"rhel4": {
"signatures":["RedHat/RPMS","CentOS/RPMS"],
"version_file":"(redhat|sl|centos)-release-4(AS|WS|ES)[\\.-]+(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64"],
"supported_repo_breeds":["rsync", "rhn", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/sample.ks",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[]
},
"rhel5": {
"signatures":["RedHat","Server","CentOS","Client"],
"version_file":"(redhat|sl|centos)-release-5([^\\.][\\w]*)?[\\.-]+(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64"],
"supported_repo_breeds":["rsync", "rhn", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/sample.ks",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[]
},
"rhel6": {
"signatures":["Packages"],
"version_file":"(redhat|sl|slf|centos|oraclelinux)-release-(?!notes)([\\w]*-)*6(Server)*[\\.-]+(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64"],
"supported_repo_breeds":["rsync", "rhn", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/sample_end.ks",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[]
},
"rhel7": {
"signatures":["Packages"],
"version_file":"(redhat|sl|slf|centos|oraclelinux|vzlinux)-release-(?!notes)([\\w]*-)*7(Server)*[\\.-]+(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64","ppc64le"],
"supported_repo_breeds":["rsync", "rhn", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/sample_end.ks",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[]
},
"rhel8": {
"signatures":["BaseOS"],
"version_file":"(redhat|sl|slf|centos|oraclelinux|vzlinux)-release-(?!notes)([\\w]*-)*8[\\.-]+(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64","ppc64le"],
"supported_repo_breeds":["rsync", "rhn", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/sample_end.ks",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[]
},
"fedora28": {
"signatures":["Packages"],
"version_file":"(fedora)-release-28-(.*)\\.noarch\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-(.*)\\.rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc64","ppc64le"],
"supported_repo_breeds":["rsync", "rhn", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/sample_end.ks",
"kernel_options":"repo=$tree",
"kernel_options_post":"",
"boot_files":[]
},
"cloudlinux6": {
"signatures":["Packages"],
"version_file":"(cloudlinux)-release-(.*)\\.rpm",
"version_file_regex":null,
"kernel_arch":"kernel-(.*).rpm",
"kernel_arch_regex":null,
"supported_arches":["i386","x86_64","ppc","ppc64"],
"supported_repo_breeds":["rsync", "rhn", "yum"],
"kernel_file":"vmlinuz(.*)",
"initrd_file":"initrd(.*)\\.img",
"isolinux_ok":false,
"default_kickstart":"/var/lib/cobbler/kickstarts/sample_end.ks",
"kernel_options":"",
"kernel_options_post":"",
"boot_files":[]
}
}
}
}
deploy-cobbler.yml
---
- name: Deploy Cobbler server on OL6 and OL7
# check if it's ol6 or ol7
# and import apropriate playbook
# ------------------------------------
hosts: cobbler
gather_facts: True
tasks:
- import_playbook: deploy-cobbler-ol6.yml
when: ansible_facts['distribution'] == "OracleLinux" and ansible_facts['distribution_major_version'] == "6"
- import_playbook: deploy-cobbler-ol7.yml
when: ansible_facts['distribution'] == "OracleLinux" and ansible_facts['distribution_major_version'] == "7"
deploy-cobbler-ol6.yml
---
- name : Playbook to install latest Cobbler (2.6.x) on OL6
#
# Cobbler version is the latest supported for OL6
hosts: cobbler
gather_facts: False
#
# run playbook with "-K" (ask for sudo password)
become: yes
become_user: root
#
tasks:
# ------------------------------
# Check is server is online
# -------------------------------
- name: Ping check
ping:
# ------------------------
# Stop, disable iptables
# -----------------------
- name: Stop, disable iptables
service:
name: "{{ item }}"
state: stopped
enabled: no
with_list:
- iptables
- ip6tables
# ------------------------------
# install needed RPMs
# cobbler to be installed from epel repo
# so we need proxy to access WWW
# hence we can also use public OL repo
# ------------------------------
- name: Add epel repository
yum_repository:
proxy: http://www-your-proxy.domain.com:80
name: epel
description: "Extra Packages for Enterprise Linux 6 - $basearch"
mirrorlist: https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
gpgcheck: no
enabled: yes
- name: Proceed only if there is OL6 public yum repo
find:
paths: /etc/yum.repos.d
patterns: 'public*ol6*'
register: result
failed_when: result.matched == 0
- lineinfile:
path: /etc/yum.conf
state: present
line: 'proxy=http://www-your-proxy.domain.com:80'
# --- this pip maybe for next time---------------------------------
#- name: Install pip
# yum:
# enablerepo: "*ol6_latest,*ol6_addons,*ol6_software_collections"
# name: python-pip
#- pip:
# name: Django==1.4
# extra_args: --proxy http://www-your-proxy.domain.com:80
# -------------------------------------------------------------------
- name: Get Django14
get_url:
url: http://your-nfs-place/shares/export/apps/Django14/Django14-1.4.20-1.el6.noarch.rpm
dest: /tmp/Django14-1.4.20-1.el6.noarch.rpm
- name: Install Cobbler Server
yum:
enablerepo: "*ol6_latest,*ol6_addons,*ol6_software_collections"
name: "{{ rpms }}"
vars:
rpms:
- wget
- xinetd
- "/tmp/Django14-1.4.20-1.el6.noarch.rpm"
- libselinux-python
- pykickstart
- cobbler
- cobbler-web
- koan
state: present
# ------------------------------
# disable SELinux
# requirement: libselinux-python on target host
# -------------------------------
- selinux:
state: disabled
# ------------------------------
# Create /tftpboot
# -------------------------------
- file:
path: /tftpboot
owner: root
group: root
mode: 0775
state: directory
- replace:
path: /etc/xinetd.d/tftp
regexp: '.*disable.*'
replace: 'disable = no'
backup: yes
# ------------------------------
# Adjust Cobbler settings
# -------------------------------
- replace:
path: /etc/cobbler/settings
regexp: '^server:.*'
replace: 'server: {{ inventory_hostname }}'
- replace:
path: /etc/cobbler/settings
regexp: '^next_server:.*'
replace: 'next_server: {{ inventory_hostname }}'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_base_dn.*'
replace: 'ldap_base_dn: "dc=domain,dc=com"'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_server.*'
replace: 'ldap_server: your-ldap-server1.domain.com your-ldap-server2.domain.com'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_port.*'
replace: 'ldap_port: 389'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_anonymous_bind.*'
replace: 'ldap_anonymous_bind: 1'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_tls.*'
replace: 'ldap_tls: 0'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_search_prefix.*'
replace: 'ldap_search_prefix: uid='
- replace:
path: /etc/cobbler/settings
regexp: '^proxy_url_ext.*'
replace: 'proxy_url_ext: http://www-your-proxy.domain.com:80'
backup: yes
# ------------------------------
# Setup authentication, authorization methods
# http://cobbler.github.io/manuals/2.8.0/5/3_-_Web_Authorization.html
# -------------------------------
- replace:
path: /etc/cobbler/modules.conf
regexp: 'module = authn_.*'
replace: 'module = authn_ldap'
- replace:
path: /etc/cobbler/modules.conf
regexp: 'module = authz_.*'
replace: 'module = authz_configfile'
backup: yes
# ------------------------------
# Setup authorization file users.conf
# -------------------------------
- name: Setup authorization file users.conf
copy:
src: users.conf
dest: /etc/cobbler/users.conf
owner: root
group: root
mode: 0644
backup: yes
# ------------------------------
# Setup Distro signature file
# -------------------------------
- name: Setup Distro signature file
copy:
src: distro_signatures.json
dest: /var/lib/cobbler/distro_signatures.json
owner: root
group: root
mode: 0644
backup: yes
# ------------------------------
# Setup login info
# -------------------------------
- replace:
path: /etc/cobbler/pxe/pxedefault.template
regexp: '^MENU TITLE.*'
replace: 'MENU TITLE Welcome to {{ inventory_hostname }}'
backup: yes
- replace:
path: /usr/share/cobbler/web/cobbler_web/templates/login.tmpl
regexp: '.*Username:.* '
replace: 'LDAP Username: '
- replace:
path: /usr/share/cobbler/web/cobbler_web/templates/login.tmpl
regexp: '.*Password:.* '
replace: 'LDAP Password: '
backup: yes
# ------------------------------
# Start , enable needed services ...
# -------------------------------
- name: Start, enable needed services
service:
name: "{{ item }}"
state: restarted
enabled: yes
with_list:
- xinetd
- httpd
- cobblerd
# ------------------------------
# Get loaders
# -------------------------------
- name: Get loaders
raw: /usr/bin/cobbler get-loaders
register: result
failed_when:
- "result is failed and 'TASK FAILED' in result.stdout"
# ------------------------------
# Cobbler check
# -------------------------------
- name: Cobbler check
raw: cobbler check
register: result
- debug:
msg: "{{ result }}"
deploy-cobbler-ol7.yml
---
- name : Playbook to install latest Cobbler (2.8.x) on OL7
#
# Cobbler version is the latest supported for OL7
hosts: cobbler
gather_facts: False
#
# run playbook with "-K" (ask for sudo password)
become: yes
become_user: root
#
tasks:
# ------------------------------
# Check is server is online
# -------------------------------
- name: Ping check
ping:
# ------------------------
# Stop, disable firewalld
# -----------------------
- name: Stop, disable iptables
systemd:
name: firewalld
state: stopped
enabled: no
# ------------------------------
# install needed RPMs
# cobbler to be installed from epel repo
# so we need proxy to access WWW
# hence we can also use public OL repo
# ------------------------------
- name: Add epel repository
yum_repository:
proxy: http://www-your-proxy.domain.com:80
name: epel
description: "Extra Packages for Enterprise Linux 7 - $basearch"
metalink: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
gpgcheck: no
enabled: yes
- name: Proceed only if there is OL7 public yum repo
find:
paths: /etc/yum.repos.d
patterns: 'public*ol7*'
register: result
failed_when: result.matched == 0
- lineinfile:
path: /etc/yum.conf
state: present
line: 'proxy=http://www-your-proxy.domain.com:80'
- name: Get python-pygments
get_url:
url: http://ca-sunstor1/shares/export/sascratch/downloads/apps/cobbler/dep/python-pygments-1.4-10.el7.noarch.rpm
dest: /tmp/python-pygments-1.4-10.el7.noarch.rpm
- name: Get python2-django16
get_url:
url: http://your-nfs-place/export/apps/cobbler/dep/python2-django16-1.6.11.7-5.el7.noarch.rpm
dest: /tmp/python2-django16-1.6.11.7-5.el7.noarch.rpm
- name: Get python-django16-bash-completion
get_url:
url: http://your-nfs-place/export/apps/cobbler/dep/python-django16-bash-completion-1.6.11.7-5.el7.noarch.rpm
dest: /tmp/python-django16-bash-completion-1.6.11.7-5.el7.noarch.rpm
- name: Get Cobbler
get_url:
url: http://your-nfs-place/export/apps/cobbler/2.8.4/cobbler-2.8.4-4.el7.x86_64.rpm
dest: /tmp/cobbler-2.8.4-4.el7.x86_64.rpm
- name: Get Cobbler-web
get_url:
url: http://your-nfs-place/export/apps/cobbler/2.8.4/cobbler-web-2.8.4-4.el7.noarch.rpm
dest: /tmp/cobbler-web-2.8.4-4.el7.noarch.rpm
- name: Get koan
get_url:
url: http://your-nfs-place/export/apps/cobbler/2.8.4/koan-2.8.4-4.el7.noarch.rpm
dest: /tmp/koan-2.8.4-4.el7.noarch.rpm
- name: Install Cobbler Server
yum:
enablerepo: "*ol7_latest,*ol7_addons,*ol7_software_collections"
name: "{{ rpms }}"
vars:
rpms:
- wget
- xinetd
- libselinux-python
- python-ldap
- "/tmp/python-pygments-1.4-10.el7.noarch.rpm"
- "/tmp/python2-django16-1.6.11.7-5.el7.noarch.rpm"
- "/tmp/python-django16-bash-completion-1.6.11.7-5.el7.noarch.rpm"
- pykickstart
- "/tmp/cobbler-2.8.4-4.el7.x86_64.rpm"
- "/tmp/cobbler-web-2.8.4-4.el7.noarch.rpm"
- "/tmp/koan-2.8.4-4.el7.noarch.rpm"
state: present
# ------------------------------
# disable SELinux
# requirement: libselinux-python on target host
# -------------------------------
- selinux:
state: disabled
# ------------------------------
# Create /tftpboot
# -------------------------------
- file:
path: /tftpboot
owner: root
group: root
mode: 0775
state: directory
- replace:
path: /etc/xinetd.d/tftp
regexp: '.*disable.*'
replace: 'disable = no'
backup: yes
# ------------------------------
# Adjust Cobbler settings
# -------------------------------
- replace:
path: /etc/cobbler/settings
regexp: '^server:.*'
replace: 'server: {{ inventory_hostname }}'
- replace:
path: /etc/cobbler/settings
regexp: '^next_server:.*'
replace: 'next_server: {{ inventory_hostname }}'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_base_dn.*'
replace: 'ldap_base_dn: "dc=domain,dc=com"'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_server.*'
replace: 'ldap_server: your-ldap-server1.domain.com your-ldap-server2.domain.com'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_port.*'
replace: 'ldap_port: 636'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_anonymous_bind.*'
replace: 'ldap_anonymous_bind: 1'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_tls.*'
replace: 'ldap_tls: 1'
- replace:
path: /etc/cobbler/settings
regexp: '^ldap_search_prefix.*'
replace: 'ldap_search_prefix: uid='
- replace:
path: /etc/cobbler/settings
regexp: '^proxy_url_ext.*'
replace: 'proxy_url_ext: http://www-your-proxy.domain.com:80'
backup: yes
# ------------------------------
# Setup authentication, authorization methods
# http://cobbler.github.io/manuals/2.8.0/5/3_-_Web_Authorization.html
# -------------------------------
- replace:
path: /etc/cobbler/modules.conf
regexp: 'module = authn_.*'
replace: 'module = authn_ldap'
- replace:
path: /etc/cobbler/modules.conf
regexp: 'module = authz_.*'
replace: 'module = authz_configfile'
backup: yes
# ------------------------------
# Setup authorization file users.conf
# -------------------------------
- name: Setup authorization file users.conf
copy:
src: users.conf
dest: /etc/cobbler/users.conf
owner: root
group: root
mode: 0644
backup: yes
# ------------------------------
# Setup Distro signature file
# -------------------------------
- name: Setup Distro signature file
copy:
src: distro_signatures.json
dest: /var/lib/cobbler/distro_signatures.json
owner: root
group: root
mode: 0644
backup: yes
# ------------------------------
# Setup login info
# -------------------------------
- replace:
path: /etc/cobbler/pxe/pxedefault.template
regexp: '^MENU TITLE.*'
replace: 'MENU TITLE Welcome to {{ inventory_hostname }}'
backup: yes
- replace:
path: /usr/share/cobbler/web/cobbler_web/templates/login.tmpl
regexp: '.*Username:.* '
replace: 'LDAP Username: '
- replace:
path: /usr/share/cobbler/web/cobbler_web/templates/login.tmpl
regexp: '.*Password:.* '
replace: 'LDAP Password: '
backup: yes
# ------------------------------
# Start , enable needed services ...
# -------------------------------
- name: Start, enable needed services
systemd:
name: "{{ item }}"
state: restarted # start service if it's stopped
enabled: yes
with_list:
- xinetd
- httpd
- cobblerd
# ------------------------------
# Get loaders
# -------------------------------
- name: Get loaders
raw: /usr/bin/cobbler get-loaders
register: result
failed_when:
- "result is failed and 'TASK FAILED' in result.stdout"
# ------------------------------
# Cobbler check
# -------------------------------
- name: Cobbler check
raw: cobbler check
register: result
- debug:
msg: "{{ result }}"
Next
Visit https://<new_cobbler_server>/cobbler_web and review the web interface
(must be secure HTTP for OL7, otherwise a browser reads "Forbidden" access)
Review system's OS authentication
Consider installing a TLS cert for the server
Review Cobbler authorization and add new staff if needed
The directory /var/www/cobbler/ks_mirror/ is where all distributions and repository files are copied,
so you'd like this one to have big size.
If Cobbler is installed into a VM, one option is to have a symbolic link /var/www/cobbler to a NFS location,
for example /var/www/cobbler -> /u01
mount NFS share to /u01
stop cobblerd
cd /var/www ; mv cobbler .cobbler
in /var/www, create symbolic link cobbler to /u01
rsync .cobbler to /var/www/cobbler , then remove .cobbler
start cobblerd
Review what relevant distributions, profiles, systems, kickstarts, snippets have to be imported
Review replication (source, target)
The playbook creates empty /tftpboot directory. It'll be populated after distro import and replica from master
Known problems
This section contains some of known "problems" and how to resolve them.
Cobbler secure http authentication fails
This can happen on OL6 (Cobbler 2.6) and possibly some older OL7 versions.
Secure LDAP authentication fails with
"TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. Can't contact LDAP server" .
For OL6, just use 389 port, and resolution for OL7 can be "yum update" which bring a system to latest OL7 version.
Back to the main page