├── .gitignore
├── vars
├── debian.yml
└── redhat.yml
├── site.yml
├── README.md
├── templates
├── epel.repo.j2
├── dhcpd.j2
├── cobbler.repo.j2
├── isc-dhcp-server.j2
├── ubuntu-server.preseed.j2
├── dhcp.template.j2
└── settings.j2
├── files
├── rsync
├── cobbler.conf
└── cobbler_web.conf
├── meta
└── main.yml
├── vagrant.yml
├── handlers
└── main.yml
├── tasks
├── redhat.yml
├── firewall.yml
├── debian.yml
└── main.yml
├── LICENSE
├── Vagrantfile
└── defaults
└── main.yml
/.gitignore:
--------------------------------------------------------------------------------
1 | .vagrant
2 |
--------------------------------------------------------------------------------
/vars/debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | apache_service_name: apache2
4 | daemon: cobblerd
--------------------------------------------------------------------------------
/vars/redhat.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | apache_service_name: httpd
4 | daemon: cobblerd
--------------------------------------------------------------------------------
/site.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 | sudo: true
4 | sudo_user: root
5 | roles:
6 | - ansible-cobbler
7 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ansible-cobbler
2 | ===============
3 |
4 | A simple Ansible role to install and configure Cobbler.
5 |
--------------------------------------------------------------------------------
/templates/epel.repo.j2:
--------------------------------------------------------------------------------
1 | [epel]
2 | name=EPEL
3 | baseurl=http://dl.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/x86_64/
4 | enabled=1
5 | gpgcheck=0
6 |
--------------------------------------------------------------------------------
/templates/dhcpd.j2:
--------------------------------------------------------------------------------
1 | # This file was generated by Ansible for {{ansible_fqdn}}
2 | # Do NOT modify this file by hand!
3 |
4 | # Command line options here
5 | DHCPDARGS="{{ cobbler_dhcp_listen_interfaces }}";
6 |
--------------------------------------------------------------------------------
/files/rsync:
--------------------------------------------------------------------------------
1 | # default: off
2 | # description: The rsync server is a good addition to an ftp server, as it \
3 | # allows crc checksumming etc.
4 | service rsync
5 | {
6 | disable = no
7 | flags = IPv6
8 | socket_type = stream
9 | wait = no
10 | user = root
11 | server = /usr/bin/rsync
12 | server_args = --daemon
13 | log_on_failure += USERID
14 | }
15 |
--------------------------------------------------------------------------------
/templates/cobbler.repo.j2:
--------------------------------------------------------------------------------
1 | [cobbler]
2 | name=Cobbler (2.6.x)
3 | type=rpm-md
4 | baseurl=http://download.opensuse.org/repositories/home:/libertas-ict:/cobbler26/{{ ansible_distribution }}_{{ ansible_distribution }}-{{ ansible_distribution_major_version }}/
5 | gpgcheck=1
6 | gpgkey=http://download.opensuse.org/repositories/home:/libertas-ict:/cobbler26/{{ ansible_distribution }}_{{ ansible_distribution }}-{{ ansible_distribution_major_version }}/repodata/repomd.xml.key
7 | enabled=1
8 |
--------------------------------------------------------------------------------
/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_info:
3 | author: Matthew Montgomery
4 | description:
5 | company:
6 | license: MIT
7 | min_ansible_version: 1.2
8 | platforms:
9 | - name: EL
10 | versions:
11 | - all
12 | - name: Fedora
13 | versions:
14 | - all
15 | - name: Ubuntu
16 | versions:
17 | - all
18 | - name: GenericLinux
19 | versions:
20 | - all
21 | - name: Debian
22 | versions:
23 | - all
24 | categories:
25 | - system
26 | dependencies: []
27 |
--------------------------------------------------------------------------------
/vagrant.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # file: vagrant.yml
3 | # VM config file for the Vagrant development environment
4 |
5 | hosts:
6 | # cobbler-centos:
7 | # private_ip: 10.0.3.10
8 | # memory: 512
9 | # box: chef/centos-7.0
10 | # extra_vars: { bound_interface: 'enp0s8', cobbler_dhcp_listen_interfaces: 'enp0s8' }
11 |
12 | cobbler-ubuntu:
13 | private_ip: 10.0.4.110
14 | memory: 512
15 | box: chef/ubuntu-14.04
16 | extra_vars: { bound_interface: 'eth1', cobbler_dhcp_listen_interfaces: 'eth1' }
17 |
--------------------------------------------------------------------------------
/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Handlers for cobbler notifications
3 |
4 | - name: restart xinetd
5 | service: name=xinetd state=restarted
6 |
7 | - name: restart apache
8 | service: name=apache2 state=restarted
9 |
10 | - name: restart httpd
11 | service: name=httpd state=restarted
12 |
13 | - name: restart firewalld
14 | service: name=firewalld state=restarted
15 |
16 | - name: restart cobbler
17 | service: name={{daemon}} state=restarted
18 |
19 | - name: wait for cobbler
20 | wait_for: host=127.0.0.1 port=25151 delay=5 timeout=30 state=started
21 |
22 | - name: sync cobbler
23 | command: cobbler sync
24 |
--------------------------------------------------------------------------------
/templates/isc-dhcp-server.j2:
--------------------------------------------------------------------------------
1 | # Defaults for isc-dhcp-server initscript
2 | # sourced by /etc/init.d/isc-dhcp-server
3 | # installed at /etc/default/isc-dhcp-server by the maintainer scripts
4 |
5 | #
6 | # This is a POSIX shell fragment
7 | #
8 |
9 | # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
10 | #DHCPD_CONF=/etc/dhcp/dhcpd.conf
11 |
12 | # Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
13 | #DHCPD_PID=/var/run/dhcpd.pid
14 |
15 | # Additional options to start dhcpd with.
16 | # Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
17 | #OPTIONS=""
18 |
19 | # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
20 | # Separate multiple interfaces with spaces, e.g. "eth0 eth1".
21 | INTERFACES="{{ cobbler_dhcp_listen_interfaces }}"
22 |
--------------------------------------------------------------------------------
/tasks/redhat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # ---------------
3 | # Package Sources
4 | # ---------------
5 |
6 | # yum
7 | - name: configure epel repo (yum)
8 | template: src=epel.repo.j2
9 | dest=/etc/yum.repos.d/epel.repo
10 | owner=root group=root mode=0644
11 |
12 | # ------------
13 | # Dependencies
14 | # ------------
15 |
16 | # yum
17 | - name: install dependencies (yum)
18 | yum: name={{ item }} state=present
19 | with_items:
20 | - xinetd
21 | - dhcp
22 |
23 | # -------
24 | # selinux
25 | # -------
26 | - name: set selinux to permissive (yum)
27 | selinux: policy=targeted state=permissive
28 |
29 | # -----
30 | # dhcpd
31 | # -----
32 | - name: configure dhcpd (yum)
33 | template: src=dhcpd.j2 dest=/etc/sysconfig/dhcpd
34 |
35 | - name: enable dhcpd (yum)
36 | service: name=dhcpd state=stopped enabled=true
37 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2014 Matthew Montgomery
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
23 |
--------------------------------------------------------------------------------
/files/cobbler.conf:
--------------------------------------------------------------------------------
1 | # This configuration file allows cobbler data
2 | # to be accessed over HTTP.
3 |
4 | AliasMatch ^/cblr(?!/svc/)(.*)?$ "/srv/www/cobbler$1"
5 | AliasMatch ^/cobbler_track(.*)?$ "/srv/www/cobbler$1"
6 | #AliasMatch ^/cobbler(.*)?$ "/srv/www/cobbler$1"
7 | Alias /cobbler /srv/www/cobbler
8 | Alias /cobbler_webui_content /srv/www/cobbler_webui_content
9 |
10 | WSGIScriptAliasMatch ^/cblr/svc/([^/]*) /srv/www/cobbler/svc/services.py
11 |
12 |
13 | SetEnv VIRTUALENV
14 | Options Indexes FollowSymLinks
15 | Order allow,deny
16 | Allow from all
17 |
18 |
19 | ProxyRequests off
20 |
21 | ProxyPass /cobbler_api http://localhost:25151/
22 | ProxyPassReverse /cobbler_api http://localhost:25151/
23 |
24 | BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
25 |
26 | # the webui is now part of the "cobbler-web" package
27 | # and is visited at http://.../cobbler_web not this URL.
28 | # this is only a pointer to the new page.
29 |
30 |
31 | Options Indexes FollowSymLinks
32 | Order allow,deny
33 | Allow from all
34 |
35 |
36 | = 2.4>
37 |
38 | Require all granted
39 |
40 |
41 | Require all granted
42 |
43 |
44 |
--------------------------------------------------------------------------------
/tasks/firewall.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # ---------
4 | # firewalld
5 | # ---------
6 | - name: check if firewalld is installed
7 | become: yes
8 | command: which firewalld
9 | register: firewalld
10 | changed_when: false
11 | ignore_errors: true
12 |
13 | - name: check if firewalld service is running
14 | become: yes
15 | command: firewall-cmd --state
16 | register: firewalld_svc
17 | ignore_errors: true
18 | when: firewalld|success
19 |
20 | - name: enable cobbler tftpd through firewalld
21 | become: yes
22 | firewalld: service=tftp permanent=true state=enabled
23 | notify: restart firewalld
24 | when: firewalld|success and firewalld_svc.stdout=='running'
25 |
26 | - name: enable cobbler httpd through firewalld
27 | become: yes
28 | firewalld: service=http permanent=true state=enabled
29 | notify: restart firewalld
30 | when: firewalld|success and firewalld_svc.stdout=='running'
31 |
32 | # ---
33 | # ufw
34 | # ---
35 | - name: check if ufw is installed
36 | become: yes
37 | command: which ufw
38 | register: ufw
39 | changed_when: false
40 | ignore_errors: true
41 |
42 | - name: allow tftp through ufw
43 | become: yes
44 | ufw: rule=allow port=69 proto=tcp
45 | when: ufw|success
46 |
47 | - name: allow http through ufw
48 | become: yes
49 | ufw: rule=allow port=80 proto=tcp
50 | when: ufw|success
--------------------------------------------------------------------------------
/files/cobbler_web.conf:
--------------------------------------------------------------------------------
1 | # This configuration file enables the cobbler web
2 | # interface (django version)
3 |
4 |
5 |
6 | SSLRequireSSL
7 |
8 |
9 | NSSRequireSSL
10 |
11 | SetEnv VIRTUALENV
12 | Options Indexes MultiViews
13 | AllowOverride None
14 | Order allow,deny
15 | Allow from all
16 |
17 |
18 |
19 |
20 | SSLRequireSSL
21 |
22 |
23 | NSSRequireSSL
24 |
25 | Options +Indexes +FollowSymLinks
26 | AllowOverride None
27 | Order allow,deny
28 | Allow from all
29 |
30 |
31 | # Use separate process group for wsgi
32 | WSGISocketPrefix /var/run/wsgi
33 | WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
34 | WSGIDaemonProcess cobbler_web display-name=%{GROUP}
35 | WSGIProcessGroup cobbler_web
36 | WSGIPassAuthorization On
37 |
38 | = 2.4>
39 |
40 | Require all granted
41 |
42 |
43 | Require all granted
44 |
45 |
46 |
--------------------------------------------------------------------------------
/tasks/debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # ---------------
3 | # Package Sources
4 | # ---------------
5 |
6 | - name: import cobbler key
7 | apt_key: url="{{ cobbler_ubuntu_repo_url }}/Release.key" state=present
8 | when: cobbler_manage_repo
9 |
10 | - name: import cobbler repo
11 | apt_repository: repo='deb {{ cobbler_ubuntu_repo_url }}/ ./' state=present
12 | when: cobbler_manage_repo
13 |
14 | # ------------
15 | # Dependencies
16 | # ------------
17 | #
18 | # HACK: Cobbler ubuntu deb package is still asking for python-support dependency
19 | # which is no longer provided in ubuntu 16.04 as they moved away
20 | # from python2.7 to python3
21 | - name: Fix missing package for cobbler version => 2.8
22 | apt: deb="{{ cobbler_ubuntu_dependiences_fix }}" state=present
23 | when: ansible_lsb.major_release >= 16
24 |
25 | - name: install dependencies (apt)
26 | apt: name="{{ item }}" state=present update_cache=true
27 | with_items:
28 | - xinetd
29 | - isc-dhcp-server
30 | - debmirror
31 | - libapache2-mod-python
32 | - libapache2-mod-proxy-uwsgi
33 | - fence-agents
34 | - tftpd-hpa
35 |
36 | # ---------------
37 | # isc-dhcp-server
38 | # ---------------
39 | - name: configure isc-dhcp-server (apt)
40 | template: src=isc-dhcp-server.j2 dest=/etc/default/isc-dhcp-server
41 |
42 | - name: enable isc-dhcp-server (apt)
43 | service: name=isc-dhcp-server state=stopped enabled=true
44 |
--------------------------------------------------------------------------------
/Vagrantfile:
--------------------------------------------------------------------------------
1 | # -*- mode: ruby -*-
2 | # vi: set ft=ruby :
3 |
4 | require 'yaml'
5 |
6 | $env = YAML::load_file('vagrant.yml')
7 |
8 | Vagrant.configure('2') do |config|
9 | # Create and provision each host as defined in the site's YAML file
10 | $env['hosts'].each do |host_name, host_config|
11 | config.vm.define host_name do |host|
12 | host.vm.synced_folder '.', '/vagrant', :disabled => true
13 |
14 | host.vm.box = host_config['box']
15 | host.vm.network 'private_network', :ip => host_config['private_ip']
16 | host.vm.host_name = "#{host_name}.local"
17 |
18 | if host_config['ports']
19 | host_config['ports'].each do |port|
20 | host.vm.network 'forwarded_port', :guest => port['guest'],
21 | :host => port['host']
22 | end
23 | end
24 |
25 | # VirtualBox config
26 | host.vm.provider :virtualbox do |vbox|
27 | if host_config['memory']
28 | vbox.customize ['modifyvm', :id, '--memory',
29 | host_config['memory']]
30 | end
31 | vbox.customize ['modifyvm', :id, '--usb', 'off']
32 | end
33 |
34 | # VMware config
35 | host.vm.provider :vmware_fusion do |vmware|
36 | if host_config['memory']
37 | vmware.vmx['memsize'] = host_config['memory']
38 | end
39 | vmware.vmx['numvcpus'] = '1'
40 | vmware.vmx['virtualHW.version'] = '11'
41 | vmware.vmx['vhv.enable'] = 'TRUE'
42 | vmware.gui = false
43 | end
44 |
45 | # Ansible provisioning using the generated host based inventory
46 | ENV['ANSIBLE_ROLES_PATH'] = '..'
47 | host.vm.provision 'ansible' do |ansible|
48 | ansible.playbook = 'site.yml'
49 | ansible.extra_vars = host_config['extra_vars']
50 | end
51 | end
52 | end
53 | end
54 |
--------------------------------------------------------------------------------
/templates/ubuntu-server.preseed.j2:
--------------------------------------------------------------------------------
1 | # Ubuntu Server Quick Install
2 | # by Dustin Kirkland
3 | # * Documentation: http://bit.ly/uquick-doc
4 |
5 | d-i debian-installer/locale string en_US.UTF-8
6 | d-i debian-installer/splash boolean false
7 | d-i debian-installer/allow_unauthenticated string false
8 | d-i debian-installer/exit/halt boolean false
9 | d-i debian-installer/exit/poweroff boolean false
10 |
11 | d-i mirror/country string manual
12 | {% if ubuntu_mirror is defined %}
13 | d-i mirror/http/hostname string {{ ubuntu_mirror }}
14 | {% endif %}
15 | d-i mirror/http/directory string /ubuntu/
16 | {#d-i mirror/http/proxy string http://$http_server:3142/#}
17 |
18 | d-i console-setup/ask_detect boolean false
19 | d-i console-setup/layoutcode string us
20 | d-i console-setup/variantcode string
21 |
22 | d-i netcfg/get_nameservers string
23 | d-i netcfg/get_ipaddress string
24 | d-i netcfg/get_netmask string 255.255.255.0
25 | d-i netcfg/get_gateway string
26 | d-i netcfg/confirm_static boolean true
27 |
28 | d-i clock-setup/utc boolean true
29 |
30 | d-i partman-auto/method string regular
31 | d-i partman-lvm/device_remove_lvm boolean true
32 | d-i partman-lvm/confirm boolean true
33 | d-i partman/confirm_write_new_label boolean true
34 | d-i partman/choose_partition select Finish partitioning and write changes to disk
35 | d-i partman/confirm boolean true
36 | d-i partman/confirm_nooverwrite boolean true
37 | d-i partman/default_filesystem string ext3
38 |
39 | d-i clock-setup/utc boolean true
40 | d-i clock-setup/ntp boolean true
41 | d-i clock-setup/ntp-server string ntp.ubuntu.com
42 |
43 | d-i base-installer/kernel/image string linux-server
44 |
45 | d-i passwd/root-login boolean false
46 | d-i passwd/make-user boolean true
47 | d-i passwd/user-fullname string ubuntu
48 | d-i passwd/username string ubuntu
49 | d-i passwd/user-password-crypted password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4.
50 | d-i passwd/user-uid string
51 | d-i passwd/user-default-groups string adm cdrom dialout lpadmin plugdev sambashare
52 |
53 | d-i user-setup/allow-password-weak boolean false
54 | d-i user-setup/encrypt-home boolean false
55 |
56 | d-i apt-setup/services-select multiselect security
57 | d-i apt-setup/security_host string security.ubuntu.com
58 | d-i apt-setup/security_path string /ubuntu
59 |
60 | d-i pkgsel/upgrade select safe-upgrade
61 | d-i pkgsel/language-packs multiselect
62 | d-i pkgsel/update-policy select none
63 | d-i pkgsel/updatedb boolean true
64 | d-i pkgsel/include string openssh-server
65 |
66 | d-i lilo-installer/skip boolean false
67 |
68 | d-i grub-installer/skip boolean false
69 | d-i grub-installer/only_debian boolean true
70 | d-i grub-installer/with_other_os boolean true
71 |
72 | d-i finish-install/keep-consoles boolean false
73 | d-i finish-install/reboot_in_progress note
74 | d-i cdrom-detect/eject boolean true
75 |
76 | d-i preseed/late_command string \
77 | wget -O /dev/null http://$http_server:$http_port/cblr/svc/op/nopxe/system/$system_name; \
78 | wget -O /dev/null http://$http_server:$http_port/cblr/svc/op/trig/mode/post/system/$system_name; \
79 | true
80 |
--------------------------------------------------------------------------------
/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Default values suitable for a Vagrant environment
3 |
4 | # settings
5 | # WARNING: The default password is "changeme" fine for demo purposes
6 | # but should be set to something more secure.
7 | cobbler_default_password_crypted: $1$0j9R7J3U$qhH8N9oXlytT.pEjjSud60
8 | bound_interface: eth1
9 |
10 | cobbler_get_loaders: true
11 | cobbler_signature_update: true
12 | cobbler_proxy_url_ext:
13 | # dhcpd
14 | cobbler_dhcp_listen_interfaces: eth1
15 |
16 | # dhcp.template
17 | subnets:
18 | - {
19 | cobbler_dhcp_subnet: 10.0.2.0,
20 | cobbler_dhcp_netmask: 255.255.255.0,
21 | cobbler_dhcp_option_routers: 10.0.2.2,
22 | cobbler_dhcp_option_domain_name_servers: 10.0.2.2,
23 | cobbler_dhcp_option_subnet_mask: 255.255.255.0,
24 | cobbler_dhcp_dynamic_bootp_start: 10.0.2.100,
25 | cobbler_dhcp_dynamic_bootp_end: 10.0.2.254,
26 | }
27 | # ubuntu repo
28 | cobbler_manage_repo: true
29 | cobbler_ubuntu_release: 14.04
30 | cobbler_ubuntu_dependiences_fix: http://launchpadlibrarian.net/109052632/python-support_1.0.15_all.deb
31 | cobbler_ubuntu_repo_url: "http://download.opensuse.org/repositories/home:/libertas-ict:/cobbler26/xUbuntu_{{ cobbler_ubuntu_release }}/"
32 |
33 | # cobbler version
34 | cobbler_version: "2.6.11-1"
35 |
36 | # ubuntu preseed
37 | ubuntu_mirror: archive.ubuntu.com
38 |
39 | kickstarts: []
40 | # - {
41 | # src: ../../files/cobbler/ubuntu-server.seed,
42 | # dest: /var/lib/cobbler/kickstarts/ubuntu-server.preseed
43 | # }
44 |
45 | # cobbler distros iso
46 | distros: []
47 | # - {
48 | # name: ubuntu-14.04-mini,
49 | # arch: x86_64,
50 | # url: 'http://archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/mini.iso',
51 | # file: /root/iso/ubuntu-14.04-mini.iso,
52 | # path: /root/iso/ubuntu-14.04-mini/,
53 | # kickstart: /var/lib/cobbler/kickstarts/ubuntu-server.preseed
54 | # }
55 |
56 | # cobbler distro imports
57 | # Uncomment (and change) the following lines if you wish to import a distro.
58 | distro_imports: []
59 | # - {
60 | # name: centos-6.6,
61 | # arch: x86_64,
62 | # url: 'rsync://mirrors.nl.kernel.org::centos/6.6/os/x86_64/'',
63 | # }
64 | # - {
65 | # name: centos-7.0.1406,
66 | # arch: x86_64,
67 | # url: 'rsync://mirrors.nl.kernel.org::centos/6.6/os/x86_64/',
68 | # }
69 |
70 | # cobbler repos
71 | # Uncomment (and change) the following lines if you wish to add a repo.
72 | repos: []
73 | # - {
74 | # name: centos-updates-6.6-x86_64,
75 | # arch: x86_64,
76 | # mirror: 'http://mirrors.nl.kernel.org/centos/6.6/updates/x86_64/',
77 | # mirror_locally: Y,
78 | # }
79 | # - {
80 | # name: epel-6-x86_64,
81 | # arch: x86_64,
82 | # mirror: 'http://mirrors.nl.kernel.org/fedora-epel/6/x86_64/',
83 | # mirror_locally: Y,
84 | # }
85 |
86 | # cobbler profiles
87 | # Uncomment (and change) the following lines if you wish to add a profile.
88 | profiles: []
89 | # - {
90 | # name: centos-6.6-x86_64,
91 | # distro: centos-6.6-x86_64,
92 | # kickstart: /var/lib/cobbler/kickstarts/sample_end.ks,
93 | # ksmeta: 'ksvariable=hello',
94 | # repos: 'centos-updates-6.6-x86_64 epel-6-x86_64',
95 | # }
96 |
97 | # cobbler systems
98 | systems: []
99 | # - {
100 | # name: cobbler-node1,
101 | # hostname: cobbler-node1.local,
102 | # profile: ubuntu-14.04-mini-x86_64,
103 | # interface: eth0,
104 | # ip: 10.0.2.100,
105 | # netmask: 255.255.255.0,
106 | # gateway: 10.0.2.2,
107 | # mac: '00:50:56:25:2B:19',
108 | # netboot: 'false'
109 | # dhcptag: 192.168.10.0,
110 | # next_server: 192.168.10.11
111 | # }
112 |
--------------------------------------------------------------------------------
/templates/dhcp.template.j2:
--------------------------------------------------------------------------------
1 | # This file was generated by Ansible for {{ansible_fqdn}}
2 | # Do NOT modify this file by hand!
3 |
4 | # ******************************************************************
5 | # Cobbler managed dhcpd.conf file
6 | #
7 | # generated from cobbler dhcp.conf template ($date)
8 | # Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
9 | # in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
10 | # overwritten.
11 | #
12 | # ******************************************************************
13 |
14 | ddns-update-style interim;
15 |
16 | allow booting;
17 | allow bootp;
18 |
19 | ignore client-updates;
20 | set vendorclass = option vendor-class-identifier;
21 | default-lease-time 7200;
22 | max-lease-time 7200;
23 |
24 | option pxe-system-type code 93 = unsigned integer 16;
25 | option classless-routes code 121 = array of unsigned integer 8;
26 |
27 | {% for item in subnets %}
28 | subnet {{ item.cobbler_dhcp_subnet }} netmask {{ item.cobbler_dhcp_netmask }} {
29 | option routers {{ item.cobbler_dhcp_option_routers }};
30 | option domain-name-servers {{ item.cobbler_dhcp_option_domain_name_servers }};
31 | option subnet-mask {{ item.cobbler_dhcp_option_subnet_mask }};
32 | range dynamic-bootp {{ item.cobbler_dhcp_dynamic_bootp_start }} {{ item.cobbler_dhcp_dynamic_bootp_end }};
33 | default-lease-time 21600;
34 | max-lease-time 43200;
35 | next-server $next_server;
36 | {% if item.cobbler_dhcp_static_routes is defined %}
37 | # defines the type of data used to send the routing informations
38 | option classless-routes {% for static_route in item.cobbler_dhcp_static_routes %} {{ static_route }} {% if loop.last %};{% else %},
39 | {% endif %}{% endfor %}
40 | {% endif %}
41 | # deny unknown-clients;
42 | class "pxeclients" {
43 | match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
44 | if option pxe-system-type = 00:02 {
45 | filename "ia64/elilo.efi";
46 | } else if option pxe-system-type = 00:06 {
47 | filename "grub/grub-x86.efi";
48 | } else if option pxe-system-type = 00:07 {
49 | filename "grub/grub-x86_64.efi";
50 | } else {
51 | filename "pxelinux.0";
52 | }
53 | }
54 |
55 | }
56 | {% endfor %}
57 |
58 | #for dhcp_tag in $dhcp_tags.keys():
59 | ## group could be subnet if your dhcp tags line up with your subnets
60 | ## or really any valid dhcpd.conf construct ... if you only use the
61 | ## default dhcp tag in cobbler, the group block can be deleted for a
62 | ## flat configuration
63 | # group for Cobbler DHCP tag: $dhcp_tag
64 | group {
65 | #for mac in $dhcp_tags[$dhcp_tag].keys():
66 | #set iface = $dhcp_tags[$dhcp_tag][$mac]
67 | host $iface.name {
68 | hardware ethernet $mac;
69 | #if $iface.ip_address:
70 | fixed-address $iface.ip_address;
71 | #end if
72 | #if $iface.hostname:
73 | option host-name "$iface.hostname";
74 | #end if
75 | #if $iface.netmask:
76 | option subnet-mask $iface.netmask;
77 | #end if
78 | #if $iface.gateway:
79 | option routers $iface.gateway;
80 | #end if
81 | {% for item in subnets %}
82 | {% if item.cobbler_dhcp_static_routes is defined %}
83 | # defines the type of data used to send the routing informations
84 | option classless-routes {% for static_route in item.cobbler_dhcp_static_routes %} {{ static_route }} {% if loop.last %};{% else %},
85 | {% endif %}{% endfor %}
86 | {% endif %}
87 | {% endfor %}
88 | #if $iface.enable_gpxe:
89 | if exists user-class and option user-class = "gPXE" {
90 | filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
91 | } else if exists user-class and option user-class = "iPXE" {
92 | filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
93 | } else {
94 | filename "undionly.kpxe";
95 | }
96 | #else
97 | filename "$iface.filename";
98 | #end if
99 | ## Cobbler defaults to $next_server, but some users
100 | ## may like to use $iface.system.server for proxied setups
101 | next-server $next_server;
102 | ## next-server $iface.next_server;
103 | }
104 | #end for
105 | }
106 | #end for
107 |
--------------------------------------------------------------------------------
/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # file: main.yml
3 | # The tasks for the Cobbler role
4 |
5 | # -------------
6 | # Prerequisites
7 | # -------------
8 |
9 | - name: unsupported package manager
10 | fail: msg='this playbook requries RedHat or Debian based system'
11 | when: ansible_os_family|lower != 'redhat' and ansible_os_family|lower != 'debian'
12 |
13 | - name: Include OS specific tasks
14 | include: '{{ ansible_os_family | lower }}.yml'
15 |
16 | - name: Include OS required variables
17 | include_vars: '{{ ansible_os_family | lower }}.yml'
18 |
19 | - include: firewall.yml
20 |
21 | # -------
22 | # Cobbler
23 | # -------
24 | - name: install cobbler (yum)
25 | yum: name=cobbler state=present
26 | when: ansible_pkg_mgr == 'yum'
27 |
28 | - name: install cobbler (apt)
29 | apt: name=cobbler={{ cobbler_version }} state=present
30 | when: ansible_pkg_mgr == 'apt'
31 |
32 | - name: enable required apache modules
33 | apache2_module: state=present name={{ item }}
34 | with_items:
35 | - proxy
36 | - proxy_http
37 | - status
38 | when: apache_service_name == 'apache2'
39 |
40 | - name: copy cobbler config files
41 | copy: src=cobbler.conf
42 | dest=/etc/apache2/conf-enabled/cobbler.conf
43 | mode=0644
44 | when: apache_service_name == 'apache2'
45 |
46 | - name: copy cobbler_web config files
47 | copy: src=cobbler_web.conf
48 | dest=/etc/apache2/conf-enabled/cobbler_web.conf
49 | mode=0644
50 | notify:
51 | - restart apache
52 | when: apache_service_name == 'apache2'
53 |
54 | - name: configure xinetd rsync
55 | copy: src=rsync
56 | dest=/etc/xinetd.d/
57 | owner=root group=root mode=0644
58 | notify:
59 | - restart xinetd
60 |
61 | - name: start and enable xinetd
62 | service: name={{ item }} state=started enabled=true
63 | with_items:
64 | - xinetd
65 | - "{{ apache_service_name }}"
66 |
67 | - meta: flush_handlers
68 |
69 | - name: configure cobbler
70 | template: src=settings.j2 dest=/etc/cobbler/settings
71 | notify:
72 | - restart cobbler
73 | - wait for cobbler
74 | - sync cobbler
75 |
76 | - name: start and enable cobbler
77 | service: name={{ daemon }} state=started enabled=true
78 |
79 | - name: wait for cobbler
80 | wait_for: host=127.0.0.1 port=25151 delay=5 timeout=30 state=started
81 |
82 | - name: get cobbler loaders
83 | command: cobbler get-loaders
84 | args:
85 | creates: /var/lib/cobbler/loaders/README
86 | when: cobbler_get_loaders
87 | notify:
88 | - restart cobbler
89 | - wait for cobbler
90 | - sync cobbler
91 |
92 | - name: update cobbler signatures
93 | command: cobbler signature update
94 | when: cobbler_signature_update
95 | notify:
96 | - restart cobbler
97 | - wait for cobbler
98 | - sync cobbler
99 |
100 | - name: configure cobbler dhcp
101 | template: src=dhcp.template.j2 dest=/etc/cobbler/dhcp.template
102 | notify:
103 | - restart cobbler
104 | - wait for cobbler
105 | - sync cobbler
106 |
107 | # ---------------------
108 | # Cobbler Kickstarts
109 | # ---------------------
110 |
111 | - name: adding defualt ubuntu preseed
112 | template: src=ubuntu-server.preseed.j2 dest=/etc/cobbler/ubuntu-server.preseed
113 |
114 | - name: copy user defined kickstart files
115 | copy:
116 | src: "{{ item.src }}"
117 | dest: "{{ item.dest }}"
118 | owner: "{{ item.owner | default('root') }}"
119 | group: "{{ item.group | default('root') }}"
120 | mode: "{{ item.mode | default('0644') }}"
121 | with_items: "{{ kickstarts }}"
122 | notify:
123 | - restart cobbler
124 |
125 | # ---------------------
126 | # Cobbler Distributions
127 | # ---------------------
128 |
129 | # Attempt to un-mount any previous disto mount points, can occur if previous run failed
130 | - name: umount isos
131 | ignore_errors: yes
132 | shell: umount {{ item.path | quote }}
133 | with_items:
134 | - "{{ distros }}"
135 | when: distros is defined
136 |
137 | - name: create iso directory to hold distro images
138 | file: path=~/iso state=directory
139 |
140 | # Download each defined distro ISO if it doesn't already exist
141 | - name: download distro iso files
142 | get_url: url={{ item.url }} dest={{ item.file }}
143 | with_items:
144 | - "{{ distros }}"
145 | when: distros is defined
146 |
147 | # Add the each distro/profile pair only if the distro doesn't already exist
148 | - name: check distro exists in cobbler
149 | shell: "cobbler distro report --name={{ item.name | quote }}-{{ item.arch | quote }} > /dev/null"
150 | ignore_errors: yes
151 | changed_when: no
152 | register: distro_result
153 | when: distros is defined
154 | with_items:
155 | - "{{ distros }}"
156 |
157 | - debug: msg="Distro watch {{ distro_result }}"
158 |
159 | - name: add distro/profile pairs to cobbler
160 | shell: >
161 | (mkdir -p {{ item.path | quote }}
162 | && mount -t iso9660 -o loop,ro {{ item.file | quote }} {{ item.path | quote }}
163 | && cobbler import --path={{ item.path | quote }} --name={{ item.name | quote }} --arch={{ item.arch | quote }} {% if item.kickstart is defined %}--kickstart={{ item.kickstart | quote }}{% endif %}
164 | && umount {{ item.path | quote }})
165 | with_items:
166 | - "{{ distros }}"
167 | when: distros is defined and distro_result|failed
168 | notify:
169 | - restart cobbler
170 | - wait for cobbler
171 | - sync cobbler
172 |
173 | #- name: check distro for import exists in cobbler
174 | # with_items: distro_imports
175 | # command: cobbler distro report --name="{{ item.name }}"
176 | # register: distro_imports_result
177 | # ignore_errors: true
178 | # when: distro_imports is defined
179 |
180 | #- name: import distro to cobbler
181 | # shell: cobbler import --name="{{ item.name }}-{{ item.arch }}" --path="{{ item.url }}" --arch="{{ item.arch }}"
182 | # with_items: distro_imports
183 | # when: distro_imports is defined and distro_imports_result|failed
184 | # notify:
185 | # - restart cobbler
186 | # - wait for cobbler
187 | # - sync cobbler
188 |
189 | # ---------------
190 | # Cobbler Repos
191 | # ---------------
192 |
193 | - name: add repos to cobbler
194 | shell: >
195 | cobbler repo add
196 | --clobber
197 | --name={{ item.name | quote }}
198 | --mirror={{ item.mirror | quote }}
199 | {% if item.arch is defined %}--arch={{ item.arch | quote }}{% endif %}
200 | {% if item.mirror_locally is defined %}--mirror-locally={{ item.mirror_locally | quote }}{% endif %}
201 | when: repos is defined
202 | with_items:
203 | - "{{ repos }}"
204 | notify:
205 | - restart cobbler
206 | - wait for cobbler
207 | - sync cobbler
208 |
209 | # ---------------
210 | # Cobbler Profiles
211 | # ---------------
212 |
213 | - name: add profiles to cobbler
214 | shell: >
215 | cobbler profile add
216 | --clobber
217 | --name={{ item.name | quote }}
218 | --distro={{ item.distro | quote }}
219 | {% if item.kickstart is defined %}--kickstart={{ item.kickstart | quote }}{% endif %}
220 | {% if item.ksmeta is defined %}--ksmeta={{ item.ksmeta | quote }}{% endif %}
221 | {% if item.kopts is defined %}--kopts={{ item.kopts | quote }}{% endif %}
222 | {% if item.kopts_post is defined %}--kopts-post={{ item.kopts_post | quote }}{% endif %}
223 | {% if item.repos is defined %}--repos={{ item.repos | quote }}{% endif %}
224 | when: profiles is defined
225 | with_items:
226 | - "{{ profiles }}"
227 | notify:
228 | - restart cobbler
229 | - wait for cobbler
230 | - sync cobbler
231 |
232 | # ---------------
233 | # Cobbler Systems
234 | # ---------------
235 |
236 | - debug: var=systems
237 |
238 | - name: add systems to cobbler
239 | shell: >
240 | cobbler system add
241 | --clobber
242 | --name={{ item.name | quote }}
243 | --hostname={{ item.hostname | quote }}
244 | --profile={{ item.profile | quote }}
245 | --ip-address={{ item.ip | quote }}
246 | --subnet={{ item.netmask | quote }}
247 | --gateway={{ item.gateway | quote }}
248 | --mac={{ item.mac | quote }}
249 | --interface={{ item.interface | quote }}
250 | {% if item.netboot is defined %}--netboot-enabled={{ item.netboot | quote }}{% endif %}
251 | {% if item.dns_name is defined %}--dns_name={{ item.dns_name | quote }}{% endif %}
252 | {% if item.static is defined %}--static={{ item.static }}{% endif %}
253 | {% if item.kopts is defined %}--kopts={{ item.kopts | quote }}{% endif %}
254 | {% if item.kopts_post is defined %}--kopts-post={{ item.kopts_post | quote }}{% endif %}
255 | {% if item.ksmeta is defined %}--ksmeta={{ item.ksmeta | quote }}{% endif %}
256 | {% if item.dhcptag is defined %}--dhcp-tag={{ item.dhcptag | quote }}{% endif %}
257 | {% if item.next_server is defined %}--server={{ item.next_server | quote }}{% endif %}
258 | {% if item.mgmt_classes is defined %}--mgmt-classes={{ item.mgmt_classes }}{% endif %}
259 | when: systems is defined
260 | with_items:
261 | - "{{ systems }}"
262 | notify:
263 | - restart cobbler
264 | - wait for cobbler
265 | - sync cobbler
266 |
--------------------------------------------------------------------------------
/templates/settings.j2:
--------------------------------------------------------------------------------
1 | ---
2 | # This file was generated by Ansible for {{ansible_fqdn}}
3 | # Do NOT modify this file by hand!
4 |
5 | # cobbler settings file
6 | # restart cobblerd and run "cobbler sync" after making changes
7 | # This config file is in YAML 1.0 format
8 | # see http://yaml.org
9 | # ==========================================================
10 | # if 1, cobbler will allow insertions of system records that duplicate
11 | # the --dns-name information of other system records. In general,
12 | # this is undesirable and should be left 0.
13 | allow_duplicate_hostnames: 0
14 |
15 | # if 1, cobbler will allow insertions of system records that duplicate
16 | # the ip address information of other system records. In general,
17 | # this is undesirable and should be left 0.
18 | allow_duplicate_ips: 0
19 |
20 | # if 1, cobbler will allow insertions of system records that duplicate
21 | # the mac address information of other system records. In general,
22 | # this is undesirable.
23 | allow_duplicate_macs: 0
24 |
25 | # if 1, cobbler will allow settings to be changed dynamically without
26 | # a restart of the cobblerd daemon. You can only change this variable
27 | # by manually editing the settings file, and you MUST restart cobblerd
28 | # after changing it.
29 | allow_dynamic_settings: 0
30 |
31 | # by default, installs are *not* set to send installation logs to the cobbler
32 | # # # server. With 'anamon_enabled', kickstart templates may use the pre_anamon
33 | # # # snippet to allow remote live monitoring of their installations from the
34 | # # # cobbler server. Installation logs will be stored under
35 | # # # /var/log/cobbler/anamon/. NOTE: This does allow an xmlrpc call to send logs
36 | # # # to this directory, without authentication, so enable only if you are
37 | # # # ok with this limitation.
38 | anamon_enabled: 0
39 |
40 | # If using authn_pam in the modules.conf, this can be configured
41 | # to change the PAM service authentication will be tested against.
42 | # The default value is "login".
43 | authn_pam_service: "login"
44 |
45 | # How long the authentication token is valid for, in seconds
46 | auth_token_expiration: 3600
47 |
48 | # Email out a report when cobbler finishes installing a system.
49 | # enabled: set to 1 to turn this feature on
50 | # sender: optional
51 | # email: which addresses to email
52 | # smtp_server: used to specify another server for an MTA
53 | # subject: use the default subject unless overridden
54 | build_reporting_enabled: 0
55 | build_reporting_sender: ""
56 | build_reporting_email: [ 'root@localhost' ]
57 | build_reporting_smtp_server: "localhost"
58 | build_reporting_subject: ""
59 | build_reporting_ignorelist: [ "" ]
60 |
61 | # Cheetah-language kickstart templates can import Python modules.
62 | # while this is a useful feature, it is not safe to allow them to
63 | # import anything they want. This whitelists which modules can be
64 | # imported through Cheetah. Users can expand this as needed but
65 | # should never allow modules such as subprocess or those that
66 | # allow access to the filesystem as Cheetah templates are evaluated
67 | # by cobblerd as code.
68 | cheetah_import_whitelist:
69 | - "random"
70 | - "re"
71 | - "time"
72 |
73 | # Default createrepo_flags to use for new repositories. If you have
74 | # createrepo >= 0.4.10, consider "-c cache --update -C", which can
75 | # dramatically improve your "cobbler reposync" time. "-s sha"
76 | # enables working with Fedora repos from F11/F12 from EL-4 or
77 | # EL-5 without python-hashlib installed (which is not available
78 | # on EL-4)
79 | createrepo_flags: "-c cache -s sha"
80 |
81 | # if no kickstart is specified to profile add, use this template
82 | default_kickstart: /var/lib/cobbler/kickstarts/ubuntu-server.preseed
83 |
84 | # configure all installed systems to use these nameservers by default
85 | # unless defined differently in the profile. For DHCP configurations
86 | # you probably do /not/ want to supply this.
87 | default_name_servers: []
88 |
89 | # if using the authz_ownership module (see the Wiki), objects
90 | # created without specifying an owner are assigned to this
91 | # owner and/or group. Can be a comma seperated list.
92 | default_ownership:
93 | - "admin"
94 |
95 | # cobbler has various sample kickstart templates stored
96 | # in /var/lib/cobbler/kickstarts/. This controls
97 | # what install (root) password is set up for those
98 | # systems that reference this variable. The factory
99 | # default is "cobbler" and cobbler check will warn if
100 | # this is not changed.
101 | # The simplest way to change the password is to run
102 | # openssl passwd -1
103 | # and put the output between the "" below.
104 | default_password_crypted: "{{ cobbler_default_password_crypted }}"
105 |
106 | # the default template type to use in the absence of any
107 | # other detected template. If you do not specify the template
108 | # with '#template=' on the first line of your
109 | # templates/snippets, cobbler will assume try to use the
110 | # following template engine to parse the templates.
111 | #
112 | # Current valid values are: cheetah, jinja2
113 | default_template_type: "cheetah"
114 |
115 | # for libvirt based installs in koan, if no virt bridge
116 | # is specified, which bridge do we try? For EL 4/5 hosts
117 | # this should be xenbr0, for all versions of Fedora, try
118 | # "virbr0". This can be overriden on a per-profile
119 | # basis or at the koan command line though this saves
120 | # typing to just set it here to the most common option.
121 | default_virt_bridge: virbr0
122 |
123 | # use this as the default disk size for virt guests (GB)
124 | default_virt_file_size: 5
125 |
126 | # use this as the default memory size for virt guests (MB)
127 | default_virt_ram: 512
128 |
129 | # if koan is invoked without --virt-type and no virt-type
130 | # is set on the profile/system, what virtualization type
131 | # should be assumed? Values: xenpv, xenfv, qemu, vmware
132 | # (NOTE: this does not change what virt_type is chosen by import)
133 | default_virt_type: qemu
134 |
135 | # enable gPXE booting? Enabling this option will cause cobbler
136 | # to copy the undionly.kpxe file to the tftp root directory,
137 | # and if a profile/system is configured to boot via gpxe it will
138 | # chain load off pxelinux.0.
139 | # Default: 0
140 | enable_gpxe: 0
141 |
142 | # controls whether cobbler will add each new profile entry to the default
143 | # PXE boot menu. This can be over-ridden on a per-profile
144 | # basis when adding/editing profiles with --enable-menu=0/1. Users
145 | # should ordinarily leave this setting enabled unless they are concerned
146 | # with accidental reinstalls from users who select an entry at the PXE
147 | # boot menu. Adding a password to the boot menus templates
148 | # may also be a good solution to prevent unwanted reinstallations
149 | enable_menu: 1
150 |
151 | # enable Func-integration? This makes sure each installed machine is set up
152 | # to use func out of the box, which is a powerful way to script and control
153 | # remote machines.
154 | # Func lives at http://fedorahosted.org/func
155 | # read more at https://github.com/cobbler/cobbler/wiki/Func-integration
156 | # you will need to mirror Fedora/EPEL packages for this feature, so see
157 | # https://github.com/cobbler/cobbler/wiki/Manage-yum-repos if you want cobbler
158 | # to help you with this
159 | func_auto_setup: 0
160 | func_master: overlord.example.org
161 |
162 | # change this port if Apache is not running plaintext on port
163 | # 80. Most people can leave this alone.
164 | http_port: 80
165 |
166 | # kernel options that should be present in every cobbler installation.
167 | # kernel options can also be applied at the distro/profile/system
168 | # level.
169 | kernel_options:
170 | ksdevice: bootif
171 | lang: ' '
172 | text: ~
173 | locale: en_US
174 | priority: critical
175 |
176 | # s390 systems require additional kernel options in addition to the
177 | # above defaults
178 | kernel_options_s390x:
179 | RUNKS: 1
180 | ramdisk_size: 40000
181 | root: /dev/ram0
182 | ro: ~
183 | ip: off
184 | vnc: ~
185 |
186 | # configuration options if using the authn_ldap module. See the
187 | # the Wiki for details. This can be ignored if you are not using
188 | # LDAP for WebUI/XMLRPC authentication.
189 | ldap_server: "ldap.example.com"
190 | ldap_base_dn: "DC=example,DC=com"
191 | ldap_port: 389
192 | ldap_tls: 1
193 | ldap_anonymous_bind: 1
194 | ldap_search_bind_dn: ''
195 | ldap_search_passwd: ''
196 | ldap_search_prefix: 'uid='
197 | ldap_tls_cacertfile: ''
198 | ldap_tls_keyfile: ''
199 | ldap_tls_certfile: ''
200 |
201 | # cobbler has a feature that allows for integration with config management
202 | # systems such as Puppet. The following parameters work in conjunction with
203 | # --mgmt-classes and are described in furhter detail at:
204 | # https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system
205 | mgmt_classes: []
206 | mgmt_parameters:
207 | from_cobbler: 1
208 |
209 | # if enabled, this setting ensures that puppet is installed during
210 | # machine provision, a client certificate is generated and a
211 | # certificate signing request is made with the puppet master server
212 | puppet_auto_setup: 0
213 |
214 | # when puppet starts on a system after installation it needs to have
215 | # its certificate signed by the puppet master server. Enabling the
216 | # following feature will ensure that the puppet server signs the
217 | # certificate after installation if the puppet master server is
218 | # running on the same machine as cobbler. This requires
219 | # puppet_auto_setup above to be enabled
220 | sign_puppet_certs_automatically: 0
221 |
222 | # location of the puppet executable, used for revoking certificates
223 | puppetca_path: "/usr/bin/puppet"
224 |
225 | # when a puppet managed machine is reinstalled it is necessary to
226 | # remove the puppet certificate from the puppet master server before a
227 | # new certificate is signed (see above). Enabling the following
228 | # feature will ensure that the certificate for the machine to be
229 | # installed is removed from the puppet master server if the puppet
230 | # master server is running on the same machine as cobbler. This
231 | # requires puppet_auto_setup above to be enabled
232 | remove_old_puppet_certs_automatically: 0
233 |
234 | # choose a --server argument when running puppetd/puppet agent during kickstart
235 | #puppet_server: 'puppet'
236 |
237 | # let cobbler know that you're using a newer version of puppet
238 | # choose version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'
239 | #puppet_version: 2
240 |
241 | # choose whether to enable puppet parameterized classes or not.
242 | # puppet versions prior to 2.6.5 do not support parameters
243 | #puppet_parameterized_classes: 1
244 |
245 | # set to 1 to enable Cobbler's DHCP management features.
246 | # the choice of DHCP management engine is in /etc/cobbler/modules.conf
247 | manage_dhcp: 1
248 |
249 | # set to 1 to enable Cobbler's DNS management features.
250 | # the choice of DNS mangement engine is in /etc/cobbler/modules.conf
251 | manage_dns: 0
252 |
253 | # set to path of bind chroot to create bind-chroot compatible bind
254 | # configuration files. This should be automatically detected.
255 | bind_chroot_path: ""
256 |
257 | # set to the ip address of the master bind DNS server for creating secondary
258 | # bind configuration files
259 | bind_master: 127.0.0.1
260 |
261 | # set to 1 to enable Cobbler's TFTP management features.
262 | # the choice of TFTP mangement engine is in /etc/cobbler/modules.conf
263 | manage_tftpd: 1
264 |
265 | # set to 1 to enable Cobbler's RSYNC management features.
266 | manage_rsync: 0
267 |
268 | # if using BIND (named) for DNS management in /etc/cobbler/modules.conf
269 | # and manage_dns is enabled (above), this lists which zones are managed
270 | # See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info
271 | manage_forward_zones: []
272 | manage_reverse_zones: []
273 |
274 | # if using cobbler with manage_dhcp, put the IP address
275 | # of the cobbler server here so that PXE booting guests can find it
276 | # if you do not set this correctly, this will be manifested in TFTP open timeouts.
277 | next_server: {{ hostvars[inventory_hostname]['ansible_' + bound_interface]['ipv4']['address'] }}
278 |
279 | # settings for power management features. optional.
280 | # see https://github.com/cobbler/cobbler/wiki/Power-management to learn more
281 | # choices (refer to codes.py):
282 | # apc_snmp bladecenter bullpap drac ether_wake ilo integrity
283 | # ipmilan ipmitool lpar rsa virsh wti
284 | power_management_default_type: 'ipmitool'
285 |
286 | # the commands used by the power management module are sourced
287 | # from what directory?
288 | power_template_dir: "/etc/cobbler/power"
289 |
290 | # if this setting is set to 1, cobbler systems that pxe boot
291 | # will request at the end of their installation to toggle the
292 | # --netboot-enabled record in the cobbler system record. This eliminates
293 | # the potential for a PXE boot loop if the system is set to PXE
294 | # first in it's BIOS order. Enable this if PXE is first in your BIOS
295 | # boot order, otherwise leave this disabled. See the manpage
296 | # for --netboot-enabled.
297 | pxe_just_once: 1
298 |
299 | # the templates used for PXE config generation are sourced
300 | # from what directory?
301 | pxe_template_dir: "/etc/cobbler/pxe"
302 |
303 | # Path to where system consoles are
304 | consoles: "/var/consoles"
305 |
306 | # Are you using a Red Hat management platform in addition to Cobbler?
307 | # Cobbler can help you register to it. Choose one of the following:
308 | # "off" : I'm not using Red Hat Network, Satellite, or Spacewalk
309 | # "hosted" : I'm using Red Hat Network
310 | # "site" : I'm using Red Hat Satellite Server or Spacewalk
311 | # You will also want to read: https://github.com/cobbler/cobbler/wiki/Tips-for-RHN
312 | redhat_management_type: "off"
313 |
314 | # if redhat_management_type is enabled, choose your server
315 | # "management.example.org" : For Satellite or Spacewalk
316 | # "xmlrpc.rhn.redhat.com" : For Red Hat Network
317 | # This setting is also used by the code that supports using Spacewalk/Satellite users/passwords
318 | # within Cobbler Web and Cobbler XMLRPC. Using RHN Hosted for this is not supported.
319 | # This feature can be used even if redhat_management_type is off, you just have
320 | # to have authn_spacewalk selected in modules.conf
321 | redhat_management_server: "xmlrpc.rhn.redhat.com"
322 |
323 | # specify the default Red Hat authorization key to use to register
324 | # system. If left blank, no registration will be attempted. Similarly
325 | # you can set the --redhat-management-key to blank on any system to
326 | # keep it from trying to register.
327 | redhat_management_key: ""
328 |
329 | # if using authn_spacewalk in modules.conf to let cobbler authenticate
330 | # against Satellite/Spacewalk's auth system, by default it will not allow per user
331 | # access into Cobbler Web and Cobbler XMLRPC.
332 | # in order to permit this, the following setting must be enabled HOWEVER
333 | # doing so will permit all Spacewalk/Satellite users of certain types to edit all
334 | # of cobbler's configuration.
335 | # these roles are: config_admin and org_admin
336 | # users should turn this on only if they want this behavior and
337 | # do not have a cross-multi-org seperation concern. If you have
338 | # a single org in your satellite, it's probably safe to turn this
339 | # on and then you can use CobblerWeb alongside a Satellite install.
340 | redhat_management_permissive: 0
341 |
342 | # if set to 1, allows /usr/bin/cobbler-register (part of the koan package)
343 | # to be used to remotely add new cobbler system records to cobbler.
344 | # this effectively allows for registration of new hardware from system
345 | # records.
346 | register_new_installs: 0
347 |
348 | # Flags to use for yum's reposync. If your version of yum reposync
349 | # does not support -l, you may need to remove that option.
350 | reposync_flags: "-l -n -d"
351 |
352 | # when DHCP and DNS management are enabled, cobbler sync can automatically
353 | # restart those services to apply changes. The exception for this is
354 | # if using ISC for DHCP, then omapi eliminates the need for a restart.
355 | # omapi, however, is experimental and not recommended for most configurations.
356 | # If DHCP and DNS are going to be managed, but hosted on a box that
357 | # is not on this server, disable restarts here and write some other
358 | # script to ensure that the config files get copied/rsynced to the destination
359 | # box. This can be done by modifying the restart services trigger.
360 | # Note that if manage_dhcp and manage_dns are disabled, the respective
361 | # parameter will have no effect. Most users should not need to change
362 | # this.
363 | restart_dns: 1
364 | restart_dhcp: 1
365 |
366 | # install triggers are scripts in /var/lib/cobbler/triggers/install
367 | # that are triggered in kickstart pre and post sections. Any
368 | # executable script in those directories is run. They can be used
369 | # to send email or perform other actions. They are currently
370 | # run as root so if you do not need this functionality you can
371 | # disable it, though this will also disable "cobbler status" which
372 | # uses a logging trigger to audit install progress.
373 | run_install_triggers: 1
374 |
375 | # enables a trigger which version controls all changes to /var/lib/cobbler
376 | # when add, edit, or sync events are performed. This can be used
377 | # to revert to previous database versions, generate RSS feeds, or for
378 | # other auditing or backup purposes. "git" and "hg" are currently suported,
379 | # but git is the recommend SCM for use with this feature.
380 | scm_track_enabled: 0
381 | scm_track_mode: "git"
382 |
383 | # this is the address of the cobbler server -- as it is used
384 | # by systems during the install process, it must be the address
385 | # or hostname of the system as those systems can see the server.
386 | # if you have a server that appears differently to different subnets
387 | # (dual homed, etc), you need to read the --server-override section
388 | # of the manpage for how that works.
389 | server: {{ hostvars[inventory_hostname]['ansible_' + bound_interface]['ipv4']['address'] }}
390 |
391 | # If set to 1, all commands will be forced to use the localhost address
392 | # instead of using the above value which can force commands like
393 | # cobbler sync to open a connection to a remote address if one is in the
394 | # configuration and would traceback.
395 | client_use_localhost: 0
396 |
397 | # If set to 1, all commands to the API (not directly to the XMLRPC
398 | # server) will go over HTTPS instead of plaintext. Be sure to change
399 | # the http_port setting to the correct value for the web server
400 | client_use_https: 0
401 |
402 | # this is a directory of files that cobbler uses to make
403 | # templating easier. See the Wiki for more information. Changing
404 | # this directory should not be required.
405 | snippetsdir: /var/lib/cobbler/snippets
406 |
407 | # Normally if a kickstart is specified at a remote location, this
408 | # URL will be passed directly to the kickstarting system, thus bypassing
409 | # the usual snippet templating Cobbler does for local kickstart files. If
410 | # this option is enabled, Cobbler will fetch the file contents internally
411 | # and serve a templated version of the file to the client.
412 | template_remote_kickstarts: 0
413 |
414 | # should new profiles for virtual machines default to auto booting with the physical host when the physical host reboots?
415 | # this can be overridden on each profile or system object.
416 | virt_auto_boot: 1
417 |
418 | # cobbler's web directory. Don't change this setting -- see the
419 | # Wiki on "relocating your cobbler install" if your /var partition
420 | # is not large enough.
421 | webdir: /srv/www/cobbler
422 |
423 | # cobbler's public XMLRPC listens on this port. Change this only
424 | # if absolutely needed, as you'll have to start supplying a new
425 | # port option to koan if it is not the default.
426 | xmlrpc_port: 25151
427 |
428 | # "cobbler repo add" commands set cobbler up with repository
429 | # information that can be used during kickstart and is automatically
430 | # set up in the cobbler kickstart templates. By default, these
431 | # are only available at install time. To make these repositories
432 | # usable on installed systems (since cobbler makes a very convient)
433 | # mirror, set this to 1. Most users can safely set this to 1. Users
434 | # who have a dual homed cobbler server, or are installing laptops that
435 | # will not always have access to the cobbler server may wish to leave
436 | # this as 0. In that case, the cobbler mirrored yum repos are still
437 | # accessable at http://cobbler.example.org/cblr/repo_mirror and yum
438 | # configuration can still be done manually. This is just a shortcut.
439 | yum_post_install_mirror: 1
440 |
441 | # the default yum priority for all the distros. This is only used
442 | # if yum-priorities plugin is used. 1=maximum. Tweak with caution.
443 | yum_distro_priority: 1
444 |
445 | # Flags to use for yumdownloader. Not all versions may support
446 | # --resolve.
447 | yumdownloader_flags: "--resolve"
448 |
449 | # sort and indent JSON output to make it more human-readable
450 | serializer_pretty_json: 0
451 |
452 | # replication rsync options for distros, kickstarts, snippets set to override default value of "-avzH"
453 | replicate_rsync_options: "-avzH"
454 |
455 | # replication rsync options for repos set to override default value of "-avzH"
456 | replicate_repo_rsync_options: "-avzH"
457 |
458 | # always write DHCP entries, regardless if netboot is enabled
459 | always_write_dhcp_entries: 1
460 |
461 | # external proxy - used by: get-loaders, reposync, signature update
462 | # eg: proxy_url_ext: "http://192.168.1.1:8080"
463 | proxy_url_ext: "{{ cobbler_proxy_url_ext }}"
464 |
465 | # internal proxy - used by systems to reach cobbler for kickstarts
466 | # eg: proxy_url_int: "http://10.0.0.1:8080"
467 | proxy_url_int: ""
468 |
469 |
--------------------------------------------------------------------------------