Linux provisioning automation with Cobbler

Learn how to set up and run, Cobbler, an install and provisioning server. It holds OS images and manages PXE booting, network configuration and deploys and installs them. It supports a wide variety of platforms including Red Hat, Ubuntu, Debian, SuSE and others including provisioning Linux partitions on the IBM zSeries s390 mainframe.

Turning on a host, loading a DVD, booting the host and running the installation tool are all steps than can be largely automated. In the Red Hat and Ubuntu/Debian world one tool is becoming well known for being on the cutting edge of provisioning automation – Cobbler.

Cobbler is an install and provisioning server that holds deployable operating system images and manages PXE booting, network configuration and allows the deployment and installation of these images. It supports a wide variety of platforms including Red Hat and its derivatives, Ubuntu, Debian, SuSE and others including provisioning Linux partitions on the IBM zSeries s390 mainframe. It also allows integration with the Puppet configuration management tool to allow you to configure your newly provisioned hosts.

Installing Cobbler
We're going to install on a Red Hat Enterprise Linux 5 host. Cobbler currently has RPM packages available via the EPEL repository, or you can install from source. Ubuntu/Debian packages are on the way.

To install Cobbler, we need some prerequisite packages:

 $ sudo yum install yum-utils createrepo dhcp tftp-server httpd

You may already have these packages installed, in which case Yum will skip them. Now we add the EPEL repository.

 $ sudo rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

You can then install the cobbler package.

 $ sudo yum install cobbler

Configuring Cobbler
Cobbler comes with a very handy check function that tells what needs to be done to configure it.

 $ sudo cobbler check

The check command will provide a list of the things we need to do to configure it but the broad steps we need to take are

  • Configure Cobbler and DHCP to respond to PXE boot requests
  • Configure TFTPd
  • Add appropriate firewall rules
  • Start Apache and the Cobbler daemon

First, we configure /etc/cobbler/settings. We need to update two fields in this file, server and next_server and replace the existing values (usually with the IP address of your host, so a PXE-booted host can find your Cobbler host, for example:

 server next_server

To update Cobbler's configuration with our changes we run:

 $ sudo cobbler sync

We need to do this every time we change the settings.

Setting up DHCP management, TFTP server and firewalls
We also need to decide if we want Cobbler to manage our DHCP or use an existing server. If we want to enable Cobbler to manage our DHCP server, then we need to enable another option in the /etc/cobbler/settings file:

 manage_dhcp: 1

We also need a template dhcpd.conf file that Cobbler will use to configure your DHCP server, /etc/cobbler/dhcp.template. An example file is installed with Cobbler that you can you edit to suit your environment. If we don't want Cobbler to manage our DHCP then we need to add PXE boot configuration, usually the allow bootp, allow booting, and the next-server and filename options to our dhcpd.conf file to point PXE booting hosts to our Cobbler PXE server.

We also need to enable a TFTP server to send a boot file to the booting host. To do this we edit the /etc/xinet.d/tftp file and change the value of the disable option to no to enable the TFTP server. We then enable the TFTP server:

 $ sudo chkconfig tftp on

We also need to make sure hosts can connect to the Cobbler server through any firewalls – we need ports 69, 80, 25150, and 25151 open.

Lastly, we need to start Apache and the Cobbler daemon:

 $ sudo service cobblerd start $ sudo service httpd start

Adding profiles to Cobbler
Once Cobbler is running we can add profiles to it – profiles allow us to build hosts. We'll create our first profile using the import command.

 $ sudo cobbler import --mirror=/media/cdrom --name=RHEL5 --arch=i386

This imports an image contained on a CD/DVD mounted at /media/cdrom. We can also specify an image online:

 $ sudo cobbler import --mirror=rsync://ftp.iinet.net.au/pub/fedora/linux/releases/10/Fedora/i386/ --name=Fedora10 --arch=i386

The other two options in the import, --name and --arch, are the name of the profile and its architecture, these are combined to create the name of the profile, in this case RHEL5-i386.

Now choose a host or virtual machine you wish to build and reboot it. Your host may automatically search for a boot device on your network, but more likely you will need to adjust its BIOS settings to adjust the boot order. In order to boot from Cobbler, you need to specify that your host boots from the network first. When your host boots, it will request an IP address from the network and get an answer from your DHCP server.

Your host will boot to a command line appropriately called boot:. From here, you can launch the Cobbler menu by typing menu.

We can select the profile we'd like to install. If we don't select a profile, the first item on the menu, local, will be selected which continues the boot process on the host. If we select RHEL5-i386 then the anaconda installation process will start and your host will begin installation. And that's it! You've configured and built a host with Cobbler.

Learning more about Cobbler
This is just the start with Cobbler. You can also configure Kickstart files to automate our installation, configure specific hosts and classes of hosts, and link Cobbler into Puppet to configure our newly built hosts. Cobbler also has a simple Web interface we can use to manage some of its options.

Click on image for larger version

You can find further information about Cobbler at the Wiki -- there you will find some useful tips for troubleshooting Cobbler. The Cobbler community also has a mailing list and an active IRC channel on Freenode at #cobbler.

For more information about Cobbler, you can read Chapter 19 of Pro Linux System Administration.

ABOUT THE AUTHOR: James Turnbull works for the National Australia Bank as the manager of the CERT (Computer Emergency Response Team). He is an experienced infrastructure architect with a background in Linux/Unix, AS/400, Windows, and storage systems. He has been involved in security consulting, infrastructure security design, SLA and service definition and has an abiding interest in security metrics and measurement. James is also involved in the Free and Open Source Software community as a developer and contributor.

Dig Deeper on Linux servers