Cobbler Installation on centos 6.5

Cobbler is a powerful and flexible Linux based provisioning system that can help bring order and control to your server provisioning activities.  To quote the Cobbler website: Cobbler can help with provisioning, managing DNS and DHCP, package updates, power management, configuration management orchestration, and much more.

This covers the installation of the command line based provisioning engine as well as the web based component.  It shows how to install the latest (currently available) version of Cobbler, 2.4.4, on Centos 6.5

Prerequisites

Design your provisioning system.  For automated provisioning in your data centre environment to be effective a plan is required.  You may determine that your machine provisioning traffic can traverse your management VLAN or you may decide that it is better confined to its own VLAN (untagged).  There are pros and cons to all designs.  Carefully consider your requirements before you make any decisions. Here is a very simple diagram of a test environment that could be implemented in order to evaluate the solution.

If you are following the diagram above in your virtual environment, I recommend you creating a separate network for all build traffic.  (At the conclusion of any builds you simply shut the new machine down, change its network and restart it).  The router on the network above is a M0n0Wall router

Base OS

A minimum server specification is:

  • 2GB RAM
  • 1 vCPU
  • 50GB disk

If you intend to use this server beyond a short evaluation in your lab then a large disk size is recommended.  Remember that operating system install media and application install files will reside here

  • Build a x86_64 centos 6.5 server, minimal install.  Download the installation ISO mentioned on this Centos.org page
  • Give the server an appropriate language, keyboard type, name, IP details
  • Update the freshly installed server with the latest operating system patches
yum update -y
  • Install and start ntp
yum install ntp
chkconfig ntpd on
service ntpd start
  • Install the pre-requisite software packages
yum install -y createrepo httpd mkisofs mod_wsgi mod_ssl python-cheetah python-netaddr python-simplejson python-urlgrabber rsync dhcp nsyslinux tftp-server yum-utils wget debmirror ​fence-agents

Download and install the EPEL repo.  The cobbler installation files and (at least) one of the Python packages reside within the EPEL repos

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm

Install remaining packages

yum install -y PyYAML Django ​cobbler cobbler-web pykickstart

​All of the required software has now been installed.  The system can now be configured

Switch off iptables (temporarily)

chkconfig iptables off
service iptables stop
  • Deactivate SELinux
setenforce 0
  • With your favourite editor, open /etc/sysconfig/selinux and change single line to SELINUX=disabled
  • Reboot and check SELinux status
setenforce status

Start, and set to start on boot, all required services

chkconfig httpd on
chkconfig xinetd on
chkconfig cobblerd on
service httpd start
service xinetd start
service cobblerd start
  • Edit /etc/cobbler/modules.conf.  Find and set the follow
[authentication]
#module = authn_denyall
module = authn_configfile
[authorization]
module = authz_allowall
  • Ensure DHCP module is set to the below
[dhcp]
module = manage_isc
  • Edit /etc/cobbler/dhcp.template and ensure file is set correctly for your network configuration.  I have highlighted the likely alterations required
subnet 192.168.15.0 netmask 255.255.255.0 {
     option routers             192.168.15.1;
     option domain-name-servers 192.168.1.73;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.15.100 192.168.15.200;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;
     class "pxeclients" {
          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
          if option pxe-system-type = 00:02 {
                  filename "ia64/elilo.efi";
          } else if option pxe-system-type = 00:06 {
                  filename "grub/grub-x86.efi";
          } else if option pxe-system-type = 00:07 {
                  filename "grub/grub-x86_64.efi";
          } else {
                  filename "pxelinux.0";
          }
     }

}

Edit /etc/cobbler/settings.  Find and set the following to the settings below

manage_dhcp: 1
manage_dns: 0
server: 192.168.15.2
next_server: 192.168.15.2
  • Download and install the network boot loaders
cobbler get-loaders
  • Restart, sync and check cobbler
service cobblerd restart
cobbler sync
cobbler check
  • Edit /etc/xinetd.d/tftp and configure the service
disable = no
  • Edit /etc/xinetd.d/rsync and enable rsync
​disable = no

Restart tftp

service xinetd restart

Website Configuration

Check status of the apache http server

service httpd status

Ensure  /etc/httpd/conf.d/cobbler_web.conf is present

Set a password for the 'cobbler' user

htdigest /etc/cobbler/users.digest "Cobbler" cobbler

Restart apache http server

service httpd restart

It should now be possible to login on the cobbler web site

Navigate to http://192.168.15.2/cobbler_web and login

Cobbler logon screenCobbler logon screen after logon

So, now you have a working system, it's time to import and configure an image, ready for an automated provisioning test.

Import Operating System and Install It

Download operating system image, and mount it in a suitable location

cd ~
wget http://<From_centos_mirror>/CentOS-6.5-x86_64-minimal.iso
mkdir -p /mnt/centos65_minimal
mount -t iso9660 -o loop,ro /root/CentOS-6.5-x86_64-minimal.iso /mnt/centos65_minimal
  • Check the contents
ls -al /mnt/centos65_minimal/
  • Import the installation files into Cobbler
cobbler import --name=centos-6.5-x86_64-minimal --arch=x86_64 --path=/mnt/centos65_minimal/

You should now be able to perform an automated build but it will error due to the fact that a single line is missing from the default kickstart script assigned to this installation media when it was imported.  This is down to the fact that this is the minimal Centos installation media and not simply the standard media.

  • Edit /var/lib/cobbler/kickstarts/sample_end.ks and change the %packages line to the following
%packages --nobase
  • Sync cobbler to ensure altered template file is used to create the downloaded kickstart script
cobbler sync

Ready

You should now be ready to perform your first build.  Create you virtual machine, being careful to add its first ethernet card to the build network.  Boot it and observe PXE screen.  Select the centos65_minimal option in the menu and watch it build!

Centos option is availableCentos minimal install - build in progress

Firewall Configuration and Starting

If you remember above, we deactivated the firewall for the initial build.  This can be useful in preventing 'strange' errors' that may confuse the task at hand.  Now that the building of the solution has been completed, the firewall can be configured and restarted

Here is a set of appropriate iptables rules for the implementation above.  Lines added to the default /etc/sysconfig/iptables file are shown in bold.  Note that DNS is commented out because it is not active in the above system.  Configuration taken from the Cobbler website.

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

# DNS - TCP/UDP
# -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
# -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

# DHCP
-A INPUT -m state --state NEW -m udp -p udp --dport 68 -j ACCEPT

# TFTP - TCP/UDP
-A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT

# NTP
# -A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT

# HTTP/HTTPS
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

# Syslog for cobbler
# -A INPUT -m state --state NEW -m udp -p udp --dport 25150 -j ACCEPT

# Koan XMLRPC ports
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25152 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

SELinux

In a production environment you should strive to ensure that SELinux is enabled and enforcing.  In order to configure SELinux to work with Cobbler you should place it in 'permissive' mode so that it only reports errors as opposed to enforcing protection policies.

Next

Cobbler is a powerful and very flexible provisioning system capable of managing many install sets with multiple profiles.  In a future article I will look at some of this more advanced functionality and also look at how you can integrate it with Puppet to give your new server deployments a flying start.