=head1 NAME cobbler is a command line tool for configuring a provisioning and update server. It supports provisioning via PXE (network booting), virtualization (Xen or QEMU/KVM), and re-installs of existing Linux systems. The latter two features are enabled by usage of 'koan' on the remote system. Update server features include yum mirroring and integration of those mirrors with kickstart. =head1 SYNOPSIS cobbler command [subcommand] [--arg1=value1] [--arg2=value2] =head1 DESCRIPTION Cobbler manages provisioning using a tiered concept of Distributions, Profiles, Systems, and Repositories. Distributions contain information about what kernel and initrd are used, plus metadata (required kernel parameters, etc). Profiles associate a Distribution with a kickstart file and optionally customize the metadata further. Systems associate a MAC, IP, and/or hostname with a distribution and optionally customize the metadata further. Repositories contain yum mirror information. Using cobbler to mirror repositories is an optional/advanced The main advantage of cobbler is that it glues together a lot of disjoint technologies and concepts and abstracts the user from the need to understand them. It allows the systems administrator to concentrate on what he needs to do, and not how it is done. =head1 SEE ALSO For help in building kickstarts, try using the "system-config-kickstart" tool, or install a new system and look at the /root/anaconda-ks.cfg file left over from the installer. General kickstart questions can also be asked at kickstart-list@redhat.com. Cobbler ships some kickstart templates in /etc/cobbler that may also prove helpful. =head1 COBBLER USAGE =head2 SETUP After installing, run "cobbler check" to verify that cobbler's ecosystem is configured correctly. This will also create an initial settings state file that cobbler will ask you to modify using a text editor. Any problems detected should be corrected, with the potential exception of DHCP related warnings. Run "cobbler sync" after making any changes to the configuration files to ensure those changes are applied. It is especially important that the server name field be accurate in /var/lib/cobbler/settings, without this field being correct, kickstart trees will not be found, and automated installtions will fail. For PXE, if DHCP is to be run from the cobbler server, the dhcp configuration file should be changed as suggested by "cobbler check". If DHCP is not run locally, the "next-server" field on the DHCP server should point to the cobbler server's IP and the filename should be set to "pxelinux.0". Alternatively, cobbler can also generate your dhcp configuration file if you want to run dhcp locally -- this is covered in a later section. If you don't already have a dhcp setup, allowing cobbler to manage it may prove to be useful. If you already have a setup, moving an existing setup to be managed from within cobbler is relatively painless and is entirely optional. If you are not interested in network booting via PXE and just want to use koan to install virtual systems, DHCP can be totally ignored. =head2 ADDING A DISTRIBUTION This first step towards configurating what you want to provision is to add a distribution to the cobbler's configuration. If there is an rsync mirror, DVD, or filesystem tree available that you would rather import instead, skip down to the documentation about the "import" command. It's really a lot easier, and it only requires waiting for the mirror content to be copied. Imported mirrors also save time during install since they don't have to hit external install sources. However if you have the content locally already and don't want to create another copy of it, you'll want to use the manual distro add commands. B =over =item name a string identifying the distribution, this should be something like "rhel4". =item kernel an absolute filesystem path to a kernel image =item initrd an absolute filesystem path to a initrd image =item kopts (optional) sets kernel command-line arguments that the distro, and profiles/systems dependant on it, will use. Example: --kopts="foo=bar baz=3 asdf" =item arch (optional) sets the architecture for the PXE bootloader The default setting ('standard') will use pxelinux. Set to 'ia64' to use elilo. 'x86' and 'x86_64' effectively do the same thing as standard. =item ksmeta (optional) This is an advanced feature that sets kickstart variables to substitute, thus enabling kickstart files to be treated as templates. Example: --ksmeta="foo=bar baz=3 asdf" See the section on "Kickstart Templating" for further information. =item breed Defaults to "redhat", which is a suitable value for Fedora and Centos as well. It means anything redhat based. There is limited experimental support for specifying "debian" or "suse", which treats the kickstart file as a different format and changes the kernel arguments appropriately. Support for other types of distributions is possible in the future. The file used for the answer file, regardless of the breed setting, is the value used for --kickstart when creating the profile. =back =head2 ADDING A PROFILE A profile associates a distribution to additional specialized options, such as a kickstart automation file. Profiles are the core unit of provisioning and at least one profile must exist for every distribution to be provisioned. A profile might represent, for instance, a web server or desktop configuration. In this way, profiles define a role to be performed. B Arguments are as listed for distributions, save for the removal of "arch" and "breed", and with the additions listed below: =over =item name a descriptive name. This could be something like "rhel4webservers" or "fc6desktops". =item distro the name of a previously defined cobbler distribution =item kickstart Local filesystem path to a kickstart file. If this parameter is not provided, the kickstart file will default to /etc/cobbler/default.ks. This file is initially blank, meaning default kickstarts are not automated "out of the box". Admins can change the default.ks if they desire.. =item virt-file-size (optional) (Virt-only) how large the disk image should be in gigabytes. The default is "5". =item virt-ram (optional) (Virt-only) how many megabytes of RAM to consume. The default is 512 MB. =item virt-types (optional) (Virt-only) koan can install images using either Xen paravirt ("xenpv") or QEMU/KVM ("qemu"). Choose one or the other strings to specify, or values will default to the value given for "default_virt_type" in /var/lib/cobbler/settings. If you have not changed this setting, the default is "xenpv". See the "koan" manpage for more documentation. =item virt-path (optional) (Virt-only) where to store the virtual image. Except for advanced cases, this parameter can usually be omitted. For disk images, the value is an absolute path to an existing directory with an optional file name component. There is also some experimental support for specifying partitions "/dev/sda4" or volume groups "VolGroup00", etc. =item repos (optional) a space delimited list of all the repos (created with "cobbler repo add" and "cobbler reposync") that this profile can make use of during kickstart installation. For example, an example might be --repos="fc6i386updates fc6i386extras". =item inherit (optional) profiles may inherit from other profiles in lieu of specifing --distro. Inherited profiles will override any settings specified in their parent, with the exception of --ksmet(templating) and --kopts (kernel options), which will be blended together. Example: If profile A has --kopts="x=7 y=2", B inherits from A, and B has --kopts="x=9 z=2", the actual kernel options that will be used for B are "x=7 y=2 z=2". Example: If profile B has --virt-ram=256 and A has --virt-ram of 512, profile B will use the value 256. Example: If profile A has a --virt-file-size of 5 and B does not specify a size, B will use the value from A. =back =head2 ADDING A SYSTEM System records map a piece of hardware with the cobbler profile to be assigned to run on it. This may be thought of as chosing a role for a specific system. Note that if provisioning via koan and PXE menus alone, it is not required to create system records, though they are useful when system specific templating is required or to establish that a specific system should always recieve a specific software install. If there is a specific role inteded for a given machine, system records should be created for it. B Adds a cobbler System to the configuration. Arguments are specified as per "profile add" with the following changes: =over =item name The system name works like the name option for other commands. If the name looks like a MAC address or an IP, the name will implicitly be used for either --mac or --ip, respectively. Best practice usage would suggest use a system --name that is a MAC address, because the MAC address is globally unique, unchanging, and very explicit. A system created with name "default" has special semantics. If a default system object exists, it sets all undefined systems to PXE to a specific profile. Without a "default" system name created, PXE will fall through to local boot for unconfigured systems. =item mac Specifying a mac address via --mac allows the system object to boot via PXE. If the name of the cobbler system already looks like a mac address, this is inferred from the system name and does not need to be specified. MAC addresses have the format AA:BB:CC:DD:EE:FF. =item ip If cobbler is configured to generate a DHCP configuratition (see advanced section), use this setting to define a specific IP for this system in DHCP. Leaving off this parameter will result in no DHCP management for this particular system. Example: ---ip=192.168.1.50 Note for Itanium users: this setting is always required for IA64 regardless of whether DHCP management is enabled. =item hostname If using the DHCP configuration feature (see advanced section) with dnsmasq, use this to define a hostname for the system to recieve from DNS. If not using DHCP management or not using dnsmasq, this field is treated as a descriptive comment and is basically ignored. Example: --hostname=mycomputer.example.com =item --kickstart (optional) While it is recommended that the --kickstart parameter is only used within for the "profile add" command, there are scenarios when an install base switching to cobbler may have kickstarts created on a per-system basis (one kickstart for each system, nothing shared) and may not want to immediately make use of the cobbler templating system. This allows specifing a kickstart for use on a per-system basis. Creation of a parent profile is still required. If the kickstart is a filesystem location, it will still be treated as a cobbler template. =item --netboot-enabled If set false, the system will be provisionable through koan but not through standard PXE. This will allow the system to fall back to default PXE boot behavior without deleting the cobbler system object. The default value allows PXE. =end =head2 ADDING A REPOSITORY TO MIRROR Repository mirroring allows cobbler to mirror not only install trees ("cobbler import" does this for you) but also optional packages, 3rd party content, and even updates. Mirroring all of this content locally on your network will result in faster, more up-to-date installations and faster updates. If you are only provisioning a home setup, this will probably be overkill, though it can be very useful for larger setups (labs, datacenters, etc). B =over =item mirror The addresss of the yum mirror. This can be an rsync:// URL, an ssh location, or a http:// or ftp:// mirror location. Filesystem paths also work. The mirror address should specify an exact repository to mirror -- just one architecture and just one distribution. If you have a seperate repo to mirror for a different arch, add that repo seperately. Here's an example of what looks like a good URL: rsync://yourmirror.example.com/fedora-linux-core/updates/6/i386 (for rsync protocol) http://mirrors.kernel.org/fedora/extras/6/i386/ (for http://) user@yourmirror.example.com/fedora-linux-core/updates/6/i386 (for SSH) Experimental support is also provided for mirroring RHN content when you need a fast local mirror. The mirror syntax for this is --mirror=rhn://channel-name and you must have entitlements for this to work. This requires the cobbler server to be installed on RHEL5 or later. =item name This name is used as the save location for the mirror. If the mirror represented, say, Fedora Core 6 i386 updates, a good name would be "fc6i386updates". Again, be specific. This name corresponds with values given to the --repos parameter of "cobbler profile add". If a profile has a --repos value that matches the name here, that repo can be automatically set up during provisioning. This means that, if supported by Anaconda, the repo can be used during kickstart install -- and -- either way, it can be automatically configured for use by the provisioned clients (see --local-filename). See the documentation on "cobbler profile add" for more information. =item local-filename Local filename specifies, for kickstarts containing the template parameter "yum_config_stanza", what files to populate on provisioned clients in /etc/yum.repos.d. In other words, if this value is "foo", the repo would be installed on provisioned clients as "/etc/yum.repos.d/foo.repo". If you don't want clients to have this repo installed, don't add a name for the repo, and provisioned machines will not configure yum to know about this repo -- you can still do it manually if you choose. The repository will still be used for installation, it just won't get installed automatically in /etc/yum.repos.d on the client. See /etc/cobbler/kickstart_fc6.ks for an example of how to employ this within a kickstart template. =item rpm-list By specifying a space-delimited list of package names for --rpm-list, one can decide to mirror only a part of a repo (the list of packages given, plus dependencies). This may be helpful in conserving time/space/bandwidth. For instance, when mirroring FC6 Extras, it may be desired to mirror just cobbler and koan, and skip all of the games. To do this, use --rpm-list="cobbler koan". This option only works for http:// and ftp:// repositories. It will be ignored for other mirror types, such as local paths and rsync:// mirrors. =item createrepo-flags Specifies optional flags to feed into the createrepo tool, which is called when "cobbler reposync" is run for the given repository. The defaults are '-c cache'. =item arch Specifies what architecture the repository should use. By default the current system arch (of the server) is used, which may not be desirable. Using this to override the default arch allows mirroring of source repositories (using --arch=src). =back =head2 DISPLAYING CONFIGURATION ENTRIES The following commands are usable regardless of how you are using cobbler. "report" gives detailed configuration info. "list" just lists the names of items in the configuration. Run these commands to check how you have cobbler configured. B B B B Alternatively, you could look at the configuration files in /var/lib/cobbler to see the same information. =head2 DELETING CONFIGURATION ENTRIES If you want to remove a specific object, use the remove command with the name that was used to add it. B B B B =head2 EDITING If you want to change a particular setting without doing an "add" again, use the "edit" command, using the same name you gave when you added the item. Anything supplied in the parameter list will overwrite the settings in the existing object, preserving settings not mentioned. B =head2 COPYING Objects can also be copied: B =head2 RENAMING Objects can also be renamed, as long as other objects don't reference them. B =head2 REBUILDING CONFIGURATIONS B Cobbler sync is used to repair or rebuild the contents /tftpboot or /var/www/cobbler when something has changed behind the scenes. It brings the filesystem up to date with the configuration as understood by cobbler. Sync should be run whenever files in /var/www/cobbler are manually edited or when making changes to kickstart files. In practice, this should not happen often, though running sync too many times does not cause any adverse effects. If using cobbler to manage a DHCP server (see the advanced section of this manpage), sync does need to be run after systems are added to regenerate and reload the DHCP configuration. =head1 EXAMPLES =head2 IMPORT WORKFLOW This example shows how to create a provisioning infrastructure from a distribution mirror. Then a default PXE configuration is created, so that by default systems will PXE boot into a fully automated install process for that distribution. You can use a network rsync mirror or a mounted DVD location. B B # OR B # wait for mirror to rsync... B B B B =head2 NORMAL WORKFLOW The following example uses a local kernel and initrd file (already downloaded), and shows how profiles would be created using two different kickstarts -- one for a web server configuration and one for a database server. Then, a machine is assigned to each profile. B B B B B B B B =head2 REPOSITORY MIRRORING WORKFLOW The following example shows how to set up a repo mirror for two repositories, and create a profile that will auto install those repository configurations on provisioned systems using that profile. B # set up your cobbler distros here. B B B B =head2 XEN For Virt, be sure the distro uses a Virt kernel and initrd and follow similar steps as above, adding additional parameters as desired: B Specify reasonable values for the Virt image size (in GB) and RAM requirements (in MB): B Define systems only if desired. koan can also provision based on the profile name. B If you have just installed cobbler, be sure that the "cobblerd" service is running and that port 25151 is unblocked. See the manpage for koan for the client side steps. =head1 ADVANCED TOPICS =head2 PXE MENUS Cobbler will automatically generate PXE menus for all profiles it has defined. Running "cobbler sync" is required to generate and update these menus. To access the menus, type "menu" at the "boot:" prompt while a system is PXE booting. If nothing is typed, the network boot will default to a local boot. If "menu" is typed, the user can then choose and provision any cobbler profile the system knows about. If the association between a system (MAC address) and a profile is already known, it may be more useful to just use "system add" commands and declare that relationship in cobbler; however many use cases will prefer having a PXE system, especially when provisioning is done at the same time as installing new physical machines. If this behavior is not desired, run "cobbler system add --name=default --profile=plugh" to default all PXE booting machines to get a new copy of the profile "plugh". To go back to the menu system, run "cobbler system remove --name=default" and then "cobbler sync" to regenerate the menus. When using PXE menu deployment exclusively, it is not neccessary to make cobbler system records, although the two can easily be mixed. Additionally, note that all files generated for the pxe menu configurations are templatable, so if you wish to change the color scheme or equivalent, see the files in /etc/cobbler. =head2 KICKSTART TEMPLATING The --ksmeta options above require more explanation. If and only if --kickstart options reference filesystem URLs, --ksmeta allows for templating of the kickstart files to achieve advanced functions. If the --ksmeta option for a profile read --ksmeta="foo=7 bar=llama", anywhere in the kickstart file where the string "$bar" appeared would be replaced with the string "llama". To apply these changes, "cobbler sync" must be run to generate custom kickstarts for each profile/system. For NFS and HTTP kickstart URLs, the "--ksmeta" options will have no effect. This is a good reason to let cobbler manage your kickstart files, though the URL functionality is provided for integration with legacy infrastructure, possibly including web apps that already generate kickstarts. Templated kickstart files are processed by the templating program/package Cheetah, so anything you can do in a Cheetah template can be done to a kickstart template. Learn more at http://www.cheetahtemplate.org/learn.html When working with Cheetah, be sure to escape any shell macros that look like "$(this)" with something like "\$(this)" or errors may show up during the sync process. Should you want to express larger sections of templating (more that can be decently expressed on the command line), you may want to edit /var/lib/cobbler/ files directly. Keep in mind that changes need to be valid YAML 1.0 syntax and "cobbler sync" should be run after making any changes to those files. =head2 DHCP CONFIGURATION MANAGEMENT Cobbler can optionally help you manage DHCP and (depending on how used) DNS as it relates to systems you wish to provision/control. This allows cobbler to essentially maintain a database of all of your installed systems, and be a central point of control for aspects related to setting up those systems. This feature is off by default and must be turned on by setting 'manage_dhcp' to 1 in /var/lib/cobbler/settings. Choices include ISC dhcpd (default), or DNSmasq, which can be chosen by setting manage_dhcp_mode to 'dnsmasq'. If you choose dnsmasq and want to revert to ISC, change the setting to 'isc'. Depending on your choice, cobbler will use /etc/cobbler/dhcpd.template or /etc/cobbler/dnsmasq.template as a starting point. This file must be user edited for the user's particular networking environment. Read the file and understand how the particular app (ISC dhcpd or dnsmasq) work before proceeding. If you already have DHCP configuration data that you would like to preserve (say DHCP was manually configured earlier), insert the relevant portions of it into the template file, as running "cobbler sync" will overwrite your previous configuration. In summary, if this manage_dhcp bit is enabled, the following features are enabled: (A) pinning dhcp hostnames to MAC addresses automatically. (B) relatively seamless mixing of Itanium and x86/x86_64 machines in a PXE environment (ISC only) (C) assigning hostnames to MAC addresses using DNS (dnsmasq only). These options are all enabled by using the --hostname and --ip-address options when using the "cobbler system add" command. Itanium systems names also need to be assigned to a distro that was created with the "--arch=ia64" parameter. If you have Itanium systems, you must (for now) choose 'isc' for 'manage_dhcp_mode' in the /var/lib/cobbler/settings file, and are required to use --ip-address when creating the system object in order for those systems to PXE. The dhcpd.conf file will be updated each time "cobbler sync" is run, and not until then, so it is important to remember to use "cobbler sync" when using this feature. Support for online updates to DHCP (and DNS, in this dnsmasq case) are pending. =head2 ENCHANT While the normal provisioning procedure is either to PXE bare-metal, or use koan to do something else (kickstart an existing system or deploy Virt), cobbler contains yet another option, called "enchant". Enchant takes a configuration that has already been defined (be sure to run "cobbler sync" before using "cobbler enchant") and applies it to a remote system that might not have koan installed. Users might want to use this command to replace a server that is being repurposed, or when no PXE environment can be created. Essentially what enchant does is allow koan to be executed remotely from the cobbler server. Running "enchant" in it's normal mode will replace the operating system of the target machine, so use it with caution. Usage: B Usage: B Adding a "--virt=yes" to either form will provision a virtualized image rather than reprovisioning the remote machine. The default behavior is machine (not virtual) re-provisioning. Example: B Before using enchant, configure the location of the koan noarch RPM in /var/lib/cobbler/settings (a local path) and re-run "cobbler sync". Enterprising users will notice this is not much more than a wrapper around SSH commands to koan, but it's OS version agnostic and gets koan installed even if it's not available via up2date/yum. =head2 IMPORTING TREES Cobbler can auto-add distributions and profiles from remote sources, whether this is a filesystem path or an rsync mirror. This can save a lot of time when setting up a new provisioning environment. This is a feature that many users will want to take advantage of, and is very simple to use. After an import is run, cobbler will try to detect the distribution type and automatically assign kickstarts. By default, it will provision the system by erasing the hard drive, setting up eth0 for dhcp, and using a default password of "cobbler". If this is undesirable, edit the kickstart files in /etc/cobbler to do something else or change the kickstart setting after cobbler creates the profile. Mirrored content is saved automatically in /var/www/cobbler/ks_mirror. Example: B Example2: B Example3: B Example4: B Once imported, run a "cobbler list" or "cobbler report" to see what you've added. By default, the rsync operations will exclude PPC content, debug RPMs, and ISO images -- to change what is excluded during an import, see /etc/cobbler/rsync.exclude. =head2 DEFAULT PXE BOOT BEHAVIOR What happens when PXE booting a system when cobbler has no record of the system being booted? By default, cobbler will configure PXE to boot to the contents of /etc/cobbler/default.pxe, which (if unmodified) will just fall through to the local boot process. Administrators can modify this file if they like to change that behavior. An easy way to specify a default cobbler profile to PXE boot is to create a system named "default". This will cause /etc/cobbler/default.pxe to be ignored. To restore the previous behavior do a "cobbler system remove" on the "default" system. B B =head2 REPO MANAGEMENT This has already been covered a good bit in the command reference section. Yum repository management is an optional feature, and is not required to provision through cobbler. However, if cobbler is configured to mirror certain repositories, it can then be used to associate profiles with those repositories. Systems installed under those profiles will then be autoconfigured to use these repository mirrors in /etc/yum.repos.d, and if supported (Fedora Core 6 and later) these repositories can be leveraged even within Anaconda. This can be useful if (A) you have a large install base, (B) you want fast installation and upgrades for your systems, or (C) have some extra software not in a standard repository but want provisioned systems to know about that repository. Make sure there is plenty of space in cobbler's webdir, which defaults to /var/www/cobbler. B Cobbler reposync is the command to use to update repos as configured with "cobbler repo add". Mirroring can take a long time, and usage of cobbler reposync prior to cobbler sync is needed to ensure provisioned systems have the files they need to actually use the mirrored repositories. If you just add repos and never run "cobbler reposync", the repos will never be mirrored. This is probably a command you would want to put on a crontab, though the frequency of that crontab and where the output goes is left up to the systems administrator. For those familiar with yum's reposync, cobbler's reposync is a wrapper around the yum command. Please use "cobbler reposync" to update cobbler mirrors, as reposync does not perform all required steps. Also cobbler adds support for rsync and SSH locations, where as yum's reposync only supports what yum supports (http/ftp). Note that if a cobbler import provides enough information to use the boot server as a yum mirror for core packages, cobbler can set up kickstarts to use the cobbler server as a mirror instead of the outside world. If this feature is desirable, it can be turned on by setting yum_core_mirror_from_server to 1 in /var/lib/cobbler/settings (and rerunning "cobbler sync"). You should not enable this feature if machines are provisioned on a different VLAN/network than production. =head2 KICKSTART TRACKING Cobbler knows how to keep track of the status of kickstarting machines. B Using the status command will show when cobbler thinks a machine started kickstarting and when it last requested a file. This is a good way to track machines that may have gone interactive during kickstarts. Cobbler will also make a special request in the post section of the kickstart to signal when a machine is finished kickstarting. To use this feature, the kickstart tree files need to be served via a http://server/cblr/... URL, which happens automatically when using the "cobbler import" command to pull in a kickstart tree from an rsync mirror. If kickstart trees are somewhere else, one can still benefit from the kickstart tracking feature by adding a symlink to /var/www/cobbler/localmirror/distroname will allow the kickstarts to be served through the tracking URL mentioned above. Be sure to use the http://server/cblr/ URL to point to the kickstart tree for each distro you want to track. Note that kickstart tracking support using syslog requires an Anaconda that supports syslog forwarding. RHEL5 is good, as is FC6 and later. URL tracking currently requires python2.3 or higher on the server for the mod_python piece to work. This will likely be improved later to better support older distros acting as a cobbler server. =head2 TWEAKING Enterprising users can edit the files in /var/lib/cobbler directly versus using the command line. The repair mechanism for user error here is to delete the files in /var/lib/cobbler. There are also a few configuration files in /etc/cobbler that can be edited. Running "cobbler sync" is required to apply any changes that are made manually. =head2 TRIGGERS Triggers provide a way to integrate cobbler with arbitrary 3rd party software without modifying cobbler's code. When adding a distro, profile, system, or repo, all scripts in /var/lib/cobbler/triggers/add are executed for the particular object type. Each particular file must be executable and it is executed with the name of the item being added as a parameter. Deletions work similarly -- delete triggers live in /var/lib/cobbler/triggers/delete. Order of execution is arbitrary, and cobbler does not ship with any triggers by default. =head2 API Cobbler also makes itself available as a Python API for use by higher level management software. Learn more at http://cobbler.et.redhat.com =head1 EXIT_STATUS cobbler's command line returns a zero for success and non-zero for failure. =head1 ADDITIONAL RESOURCES Cobbler has a mailing list for user and development-related questions/comments at et-mgmt-tools@redhat.com. At the time of writing, there is also a IRC channel on irc.freenode.net (#cobbler). =head1 AUTHOR Michael DeHaan