Re: boot locally after install via cobbler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael DeHaan wrote:
Michael DeHaan wrote:
Peter Wright wrote:
Harry Hoffman wrote:

Hi Peter,

No, I don't think that'll work... but if you wrote a quick cgi to accept
the args of mac addr and netboot then you could exec the cobbler
command...

something like

%post

wget http://cobbler/cgi-bin/done_install?mac=00:11:22:33:44:55&netboot=n <http://cobbler/cgi-bin/done_install?mac=00:11:22:33:44:55&netboot=n>

You'd of course want to do the normal sanitization of user data.

I've got a script that I could modify to do this, let me know if you
need/want it.

Cheers,
Harry




ok - i think i'm getting this thing now. nice - if you don't mind posting that script i'd love to take a look at it.

-p

Harry has the right idea -- still though, CGI scripts should be running as the apache user and not root. This means they won't (by design) have access to modify the cobbler configuration. What you would really want to do is write a simple script that can /only/ disable the netboot field and then grant SSH access for only that one command. There is some example of that technique posted here, which I personally haven't used, but I have it on good authority that it works well :)

http://www.mythic-beasts.com/support/dyndns_howto.html

This way (writing a script that calls "cobbler system edit --name=name --netboot-enabled=0") you make sure you've allowed remote access to changing only that one specific flag. (This particular flag has the result of removing the per-system configuration file in /tftpboot that enables the system to boot to a specific PXE target)

Incidentally, Matt Hyclak wrote a script to do this before you could do this in the cobbler command line. That script is mentioned on this page:

https://hosted.fedoraproject.org/projects/cobbler/wiki/CobblerApi

The alternative is to SSH is to make the cgi to do this setuid root, which has security implications.

Another (perhaps simpler) option is set network boot lower in the BIOS order (so hard drives first), and then when it comes time to reinstall them, you can use "koan --replace-self --server=bootserver.example.com --profile=name" to do the reinstall rather than needing to PXE. If the Linux box is already running, you can invoke that koan call over SSH followed by a call to /sbin/reboot. That will essentially do the same thing, and is what I do and generally recommend.



Talking on IRC,

We've decided we're going to implement the following:

When /var/lib/cobbler/settings parameter "pxe_just_once" is set to 1, we're going to add a line to the bottom of the kickstart to call a CGI script. (You'll also have to add a sudoers entry that we can define in the manpage)

There's going to be a wget to a CGI script that takes a cobbler system name as a parameter. This script invokes cobbler_set_netboot via sudo, which can do nothing else but toggle the netboot-enabled parameter.
cobbler_set_netboot has permissions to only toggle the netboot flag

So, in summary, all a user will need to do is:
-- flip the pxe_just_once switch in the settings file
-- add a sudoers entry (cobbler check can even show the user what this entry must look like)

We can do this :)


I was overthinking this. We can use the XMLRPC interface to help out the CGI script and eliminate the sudo problem altogether.

Even better...









> Harry Hoffman wrote:
>>
>> Hi Peter,
>>
>> I had this same problem... it should be said that with >= cobbler-0.5
>> there is a option to edit the system:
>> cobbler system add --name=string --profile=string [--mac=macaddress] >> [--ip=ipaddress] [--hostname=hostname] [--kopts=string] [--ipad-
>>        dress=string] [--ksmeta=string] [--netboot-enabled=Y/N
>>
>> The nice thing about cobbler via (git - yeah, it's a messed up name) is >> that a make in the d/l'd src directory will build you a rpm with proper
>> version so that yum upgrades will overwrite it.
>>
>> It's a pretty trivial process, feel free to ask questions.
>>
>
> Awesome, thanks Harry - I'll start diving into this tomorrow then. Just > to make sure I understand clearly. With the newer version I should be
> able to run something like this during %post:
>
> cobbler system edit --name=$MAC --netboot-enabled=N
>
> -pete
>
>>
>>
>> > hi all,
>> > i'm currently working on moving a cluster over from Xcat to cobbler.
>> so
>> > far things have gone quite smoothly, i have imported several distros - >> > created my own distros and gotten my custom kickstart's working quite
>> > easilly!
>> >
>> > my question is i have not figured out how one has an installation dial >> > back to the cobbler master node and tell it that it no longer needs to
>> > to re-install itself.  with Xcat during the %post phase your node
>> would
>> > set it's status on the Xcat master node to boot locally after install
>> -
>> > is there something similar for cobbler?
>> >
>> > hopefully i'm missing something basic here, but have had no luck
>> reading
>> > through the man pages or mailing list archives.
>> >
>> > thanks!
>> > -pete
>> >
>> > --
>> > Peter Wright
>> > Systems Administrator
>> > Sony Pictures Imageworks
>> > wright@xxxxxxxxxxxxxx
>> > www.imageworks.com
>> >
>> >
>> > _______________________________________________
>> > et-mgmt-tools mailing list
>> > et-mgmt-tools@xxxxxxxxxx
>> > https://www.redhat.com/mailman/listinfo/et-mgmt-tools
>> >
>>
>>
>> _______________________________________________
>> et-mgmt-tools mailing list
>> et-mgmt-tools@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/et-mgmt-tools
>>
>
>
> --
> Peter Wright
> Systems Administrator
> Sony Pictures Imageworks
> wright@xxxxxxxxxxxxxx
> www.imageworks.com
>
>
>






_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools

_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools

_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools

[Index of Archives]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux