1COBBLER.CONF(5) Cobbler COBBLER.CONF(5)
2
6 cobbler.conf - Cobbler Configuration File Documentation
7 There are two main settings files: settings and modules.conf. Both
9 files can be found under /etc/cobbler/ and both are written in YAML.
10
12 allow_duplicate_hostnames
13 if 1, cobbler will allow insertions of system records that duplicate
14 the --dns-name information of other system records. In general, this
15 is undesirable and should be left 0.
16 default: 0
18 allow_duplicate_ips
20 if 1, cobbler will allow insertions of system records that duplicate
21 the ip address information of other system records. In general, this
22 is undesirable and should be left 0.
23 default: 0
25 allow_duplicate_macs
27 If 1, cobbler will allow insertions of system records that duplicate
28 the mac address information of other system records. In general, this
29 is undesirable.
30 default: 0
32 allow_dynamic_settings
34 If 1, cobbler will allow settings to be changed dynamically without a
35 restart of the cobblerd daemon. You can only change this variable by
36 manually editing the settings file, and you MUST restart cobblerd after
37 changing it.
38 default: 0
40 anamon_enabled
42 By default, installs are not set to send installation logs to the cob‐
43 bler server. With anamon_enabled, automatic installation templates may
44 use the pre_anamon snippet to allow remote live monitoring of their
45 installations from the cobbler server. Installation logs will be stored
46 under /var/log/cobbler/anamon/.
47 Note: This does allow an xmlrpc call to send logs to this directory,
49 without authentication, so enable only if you are ok with this limita‐
50 tion.
51 default: 0
53 authn_pam_service
55 If using authn_pam in the modules.conf, this can be configured to
56 change the PAM service authentication will be tested against.
57 default: "login"
59 auth_token_expiration
61 How long the authentication token is valid for, in seconds.
62 default: 3600
64 autoinstall_snippets_dir
66 This is a directory of files that cobbler uses to make templating eas‐
67 ier. See the Wiki for more information. Changing this directory should
68 not be required.
69 default: /var/lib/cobbler/snippets
71 autoinstall_templates_dir
73 This is a directory of files that cobbler uses to make templating eas‐
74 ier. See the Wiki for more information. Changing this directory should
75 not be required.
76 default: /var/lib/cobbler/templates
78 boot_loader_conf_template_dir
80 Location of templates used for boot loader config generation.
81 default: "/etc/cobbler/boot_loader_conf"
83 build_reporting_*
85 Email out a report when cobbler finishes installing a system.
86 · enabled: set to 1 to turn this feature on
88 · sender: optional
90 · email: which addresses to email
92 · smtp_server: used to specify another server for an MTA
94 · subject: use the default subject unless overridden
96 defaults:
98 build_reporting_enabled: 0
100 build_reporting_sender: ""
101 build_reporting_email: [ 'root@localhost' ]
102 build_reporting_smtp_server: "localhost"
103 build_reporting_subject: ""
104 build_reporting_ignorelist: [ "" ]
105 cheetah_import_whitelist
107 Cheetah-language autoinstall templates can import Python modules. while
108 this is a useful feature, it is not safe to allow them to import any‐
109 thing they want. This whitelists which modules can be imported through
110 Cheetah. Users can expand this as needed but should never allow modules
111 such as subprocess or those that allow access to the filesystem as
112 Cheetah templates are evaluated by cobblerd as code.
113 default:
115 · "random"
117 · "re"
119 · "time"
121 · "netaddr"
123 createrepo_flags
125 Default createrepo_flags to use for new repositories. If you have cre‐
126 aterepo >= 0.4.10, consider -c cache --update -C, which can dramati‐
127 cally improve your cobbler reposync time. -s sha enables working with
128 Fedora repos from F11/F12 from EL-4 or EL-5 without python-hashlib
129 installed (which is not available on EL-4)
130 default: "-c cache -s sha"
132 default_autoinstall
134 If no autoinstall template is specified to profile add, use this tem‐
135 plate.
136 default: /var/lib/cobbler/autoinstall_templates/default.ks
138 default_name_*
140 Configure all installed systems to use these nameservers by default
141 unless defined differently in the profile. For DHCP configurations you
142 probably do /not/ want to supply this.
143 defaults:
145 default_name_servers: []
147 default_name_servers_search: []
148 default_ownership
150 if using the authz_ownership module (see the Wiki), objects created
151 without specifying an owner are assigned to this owner and/or group.
152 Can be a comma seperated list.
153 default:
155 · "admin"
157 default_password_crypted
159 Cobbler has various sample automatic installation templates stored in
160 /var/lib/cobbler/autoinstall_templates/. This controls what install
161 (root) password is set up for those systems that reference this vari‐
162 able. The factory default is "cobbler" and cobbler check will warn if
163 this is not changed. The simplest way to change the password is to run
164 openssl passwd -1 and put the output between the "".
165 default: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
167 default_template_type
169 The default template type to use in the absence of any other detected
170 template. If you do not specify the template with #template=<tem‐
171 plate_type> on the first line of your templates/snippets, cobbler will
172 assume try to use the following template engine to parse the templates.
173 Current valid values are: cheetah, jinja2
175 default: "cheetah"
177 default_virt_bridge
179 For libvirt based installs in koan, if no virt-bridge is specified,
180 which bridge do we try? For EL 4/5 hosts this should be xenbr0, for all
181 versions of Fedora, try virbr0. This can be overriden on a per-profile
182 basis or at the koan command line though this saves typing to just set
183 it here to the most common option.
184 default: xenbr0
186 default_virt_file_size
188 Use this as the default disk size for virt guests (GB).
189 default: 5
191 default_virt_ram
193 Use this as the default memory size for virt guests (MB).
194 default: 512
196 default_virt_type
198 If koan is invoked without --virt-type and no virt-type is set on the
199 profile/system, what virtualization type should be assumed?
200 Current valid values are: xenpv, xenfv, qemu, vmware
202 NOTE: this does not change what virt_type is chosen by import.
204 default: xenpv
206 enable_gpxe
208 Enable gPXE booting? Enabling this option will cause cobbler to copy
209 the undionly.kpxe file to the tftp root directory, and if a pro‐
210 file/system is configured to boot via gpxe it will chain load off
211 pxelinux.0.
212 default: 0
214 enable_menu
216 Controls whether cobbler will add each new profile entry to the default
217 PXE boot menu. This can be over-ridden on a per-profile basis when
218 adding/editing profiles with --enable-menu=0/1. Users should ordinarily
219 leave this setting enabled unless they are concerned with accidental
220 reinstalls from users who select an entry at the PXE boot menu. Adding
221 a password to the boot menus templates may also be a good solution to
222 prevent unwanted reinstallations
223 default: 1
225 http_port
227 Change this port if Apache is not running plaintext on port 80. Most
228 people can leave this alone.
229 default: 80
231 kernel_options
233 Kernel options that should be present in every cobbler installation.
234 Kernel options can also be applied at the distro/profile/system level.
235 default: {}
237 ldap_*
239 Configuration options if using the authn_ldap module. See the the Wiki
240 for details. This can be ignored if you are not using LDAP for
241 WebUI/XMLRPC authentication.
242 defaults:
244 ldap_server: "ldap.example.com"
246 ldap_base_dn: "DC=example,DC=com"
247 ldap_port: 389
248 ldap_tls: 1
249 ldap_anonymous_bind: 1
250 ldap_search_bind_dn: ''
251 ldap_search_passwd: ''
252 ldap_search_prefix: 'uid='
253 ldap_tls_cacertfile: ''
254 ldap_tls_keyfile: ''
255 ldap_tls_certfile: ''
256 mgmt_*
258 Cobbler has a feature that allows for integration with config manage‐
259 ment systems such as Puppet. The following parameters work in conjunc‐
260 tion with --mgmt-classes and are described in further detail at:
261 https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system
262 mgmt_classes: []
264 mgmt_parameters:
265 from_cobbler: 1
266 puppet_auto_setup
268 If enabled, this setting ensures that puppet is installed during
269 machine provision, a client certificate is generated and a certificate
270 signing request is made with the puppet master server.
271 default: 0
273 sign_puppet_certs_automatically
275 When puppet starts on a system after installation it needs to have its
276 certificate signed by the puppet master server. Enabling the following
277 feature will ensure that the puppet server signs the certificate after
278 installation if the puppet master server is running on the same machine
279 as cobbler. This requires puppet_auto_setup above to be enabled.
280 default: 0
282 puppetca_path
284 Location of the puppet executable, used for revoking certificates.
285 default: "/usr/bin/puppet"
287 remove_old_puppet_certs_automatically
289 When a puppet managed machine is reinstalled it is necessary to remove
290 the puppet certificate from the puppet master server before a new cer‐
291 tificate is signed (see above). Enabling the following feature will
292 ensure that the certificate for the machine to be installed is removed
293 from the puppet master server if the puppet master server is running on
294 the same machine as cobbler. This requires puppet_auto_setup above to
295 be enabled
296 default: 0
298 puppet_server
300 Choose a --server argument when running puppetd/puppet agent during
301 autoinstall. This one is commented out by default.
302 default: 'puppet'
304 puppet_version
306 Let cobbler know that you're using a newer version of puppet. Choose
307 version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'.
308 This one is commented out by default.
309 default: 2
311 puppet_parameterized_classes
313 Choose whether to enable puppet parameterized classes or not. Puppet
314 versions prior to 2.6.5 do not support parameters. This one is com‐
315 mented out by default.
316 default: 1
318 manage_dhcp
320 Set to 1 to enable Cobbler's DHCP management features. The choice of
321 DHCP management engine is in /etc/cobbler/modules.conf
322 default: 0
324 manage_dns
326 Set to 1 to enable Cobbler's DNS management features. The choice of DNS
327 mangement engine is in /etc/cobbler/modules.conf
328 default: 0
330 bind_chroot_path
332 Set to path of bind chroot to create bind-chroot compatible bind con‐
333 figuration files. This should be automatically detected.
334 default: ""
336 bind_master
338 Set to the ip address of the master bind DNS server for creating sec‐
339 ondary bind configuration files.
340 default: 127.0.0.1
342 manage_tftpd
344 Set to 1 to enable Cobbler's TFTP management features. the choice of
345 TFTP mangement engine is in /etc/cobbler/modules.conf
346 default: 1
348 tftpboot_location
350 This variable contains the location of the tftpboot directory. If this
351 directory is not present cobbler does not start.
352 Default: /srv/tftpboot
354 manage_rsync
356 Set to 1 to enable Cobbler's RSYNC management features.
357 default: 0
359 manage_*
361 If using BIND (named) for DNS management in /etc/cobbler/modules.conf
362 and manage_dns is enabled (above), this lists which zones are managed.
363 See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management)
364 for more info
365 defaults:
367 manage_forward_zones: []
369 manage_reverse_zones: []
370 next_server
372 If using cobbler with manage_dhcp, put the IP address of the cobbler
373 server here so that PXE booting guests can find it. If you do not set
374 this correctly, this will be manifested in TFTP open timeouts.
375 default: 127.0.0.1
377 power_management_default_type
379 Settings for power management features. These settings are optional.
380 See https://github.com/cobbler/cobbler/wiki/Power-management to learn
381 more.
382 Choices (refer to codes.py):
384 · apc_snmp
386 · bladecenter
388 · bullpap
390 · drac
392 · ether_wake
394 · ilo
396 · integrity
398 · ipmilan
400 · ipmitool
402 · lpar
404 · rsa
406 · virsh
408 · wti
410 default: ipmitool
412 power_template_dir
414 The commands used by the power management module are sourced from what
415 directory?
416 default: "/etc/cobbler/power"
418 pxe_just_once
420 If this setting is set to 1, cobbler systems that pxe boot will request
421 at the end of their installation to toggle the --netboot-enabled record
422 in the cobbler system record. This eliminates the potential for a PXE
423 boot loop if the system is set to PXE first in it's BIOS order. Enable
424 this if PXE is first in your BIOS boot order, otherwise leave this dis‐
425 abled. See the manpage for --netboot-enabled.
426 default: 1
428 nopxe_with_triggers
430 If this setting is set to one, triggers will be executed when systems
431 will request to toggle the --netboot-enabled record at the end of their
432 installation.
433 default: 1
435 redhat_management_server
437 This setting is only used by the code that supports using Space‐
438 walk/Satellite authentication within Cobbler Web and Cobbler XMLRPC.
439 default: "xmlrpc.rhn.redhat.com"
441 redhat_management_permissive
443 If using authn_spacewalk in modules.conf to let cobbler authenticate
444 against Satellite/Spacewalk's auth system, by default it will not allow
445 per user access into Cobbler Web and Cobbler XMLRPC. In order to permit
446 this, the following setting must be enabled HOWEVER doing so will per‐
447 mit all Spacewalk/Satellite users of certain types to edit all of cob‐
448 bler's configuration. these roles are: config_admin and org_admin.
449 Users should turn this on only if they want this behavior and do not
450 have a cross-multi-org seperation concern. If you have a single org in
451 your satellite, it's probably safe to turn this on and then you can use
452 CobblerWeb alongside a Satellite install.
453 default: 0
455 redhat_management_key
457 Specify the default Red Hat authorization key to use to register sys‐
458 tem. If left blank, no registration will be attempted. Similarly you
459 can set the --redhat-management-key to blank on any system to keep it
460 from trying to register.
461 default: ""
463 register_new_installs
465 If set to 1, allows /usr/bin/cobbler-register (part of the koan pack‐
466 age) to be used to remotely add new cobbler system records to cobbler.
467 This effectively allows for registration of new hardware from system
468 records.
469 default: 0
471 reposync_flags
473 Flags to use for yum's reposync. If your version of yum reposync does
474 not support -l, you may need to remove that option.
475 default: "-l -n -d"
477 restart_*
479 When DHCP and DNS management are enabled, cobbler sync can automati‐
480 cally restart those services to apply changes. The exception for this
481 is if using ISC for DHCP, then omapi eliminates the need for a restart.
482 omapi, however, is experimental and not recommended for most configura‐
483 tions. If DHCP and DNS are going to be managed, but hosted on a box
484 that is not on this server, disable restarts here and write some other
485 script to ensure that the config files get copied/rsynced to the desti‐
486 nation box. This can be done by modifying the restart services trigger.
487 Note that if manage_dhcp and manage_dns are disabled, the respective
488 parameter will have no effect. Most users should not need to change
489 this.
490 defaults:
492 restart_dns: 1
494 restart_dhcp: 1
495 run_install_triggers
497 Install triggers are scripts in /var/lib/cobbler/triggers/install that
498 are triggered in autoinstall pre and post sections. Any executable
499 script in those directories is run. They can be used to send email or
500 perform other actions. They are currently run as root so if you do not
501 need this functionality you can disable it, though this will also dis‐
502 able cobbler status which uses a logging trigger to audit install
503 progress.
504 default: 1
506 scm_track_*
508 enables a trigger which version controls all changes to /var/lib/cob‐
509 bler when add, edit, or sync events are performed. This can be used to
510 revert to previous database versions, generate RSS feeds, or for other
511 auditing or backup purposes. Git and Mercurial are currently supported,
512 but Git is the recommend SCM for use with this feature.
513 default:
515 scm_track_enabled: 0
517 scm_track_mode: "git"
518 scm_track_author: "cobbler <cobbler@localhost>"
519 scm_push_script: "/bin/true"
520 server
522 This is the address of the cobbler server -- as it is used by systems
523 during the install process, it must be the address or hostname of the
524 system as those systems can see the server. if you have a server that
525 appears differently to different subnets (dual homed, etc), you need to
526 read the --server-override section of the manpage for how that works.
527 default: 127.0.0.1
529 client_use_localhost
531 If set to 1, all commands will be forced to use the localhost address
532 instead of using the above value which can force commands like cobbler
533 sync to open a connection to a remote address if one is in the configu‐
534 ration and would traceback.
535 default: 0
537 client_use_https
539 If set to 1, all commands to the API (not directly to the XMLRPC
540 server) will go over HTTPS instead of plaintext. Be sure to change the
541 http_port setting to the correct value for the web server.
542 default: 0
544 virt_auto_boot
546 Should new profiles for virtual machines default to auto booting with
547 the physical host when the physical host reboots? This can be overrid‐
548 den on each profile or system object.
549 default: 1
551 webdir
553 Cobbler's web directory. Don't change this setting -- see the Wiki on
554 "relocating your cobbler install" if your /var partition is not large
555 enough.
556 default: @@webroot@@/cobbler
558 webdir_whitelist
560 Directories that will not get wiped and recreated on a cobbler sync.
561 default:
563 webdir_whitelist:
565 - misc
566 - web
567 - webui
568 - localmirror
569 - repo_mirror
570 - distro_mirror
571 - images
572 - links
573 - pub
574 - repo_profile
575 - repo_system
576 - svc
577 - rendered
578 - .link_cache
579 xmlrpc_port
581 Cobbler's public XMLRPC listens on this port. Change this only if abso‐
582 lutely needed, as you'll have to start supplying a new port option to
583 koan if it is not the default.
584 default: 25151
586 yum_post_install_mirror
588 cobbler repo add commands set cobbler up with repository information
589 that can be used during autoinstall and is automatically set up in the
590 cobbler autoinstall templates. By default, these are only available at
591 install time. To make these repositories usable on installed systems
592 (since cobbler makes a very convenient mirror) set this to 1. Most
593 users can safely set this to 1. Users who have a dual homed cobbler
594 server, or are installing laptops that will not always have access to
595 the cobbler server may wish to leave this as 0. In that case, the cob‐
596 bler mirrored yum repos are still accessible at http://cobbler.exam‐
597 ple.org/cblr/repo_mirror and yum configuration can still be done manu‐
598 ally. This is just a shortcut.
599 default: 1
601 yum_distro_priority
603 The default yum priority for all the distros. This is only used if
604 yum-priorities plugin is used. 1 is the maximum value. Tweak with cau‐
605 tion.
606 default: 1
608 yumdownloader_flags
610 Flags to use for yumdownloader. Not all versions may support --resolve.
611 default: "--resolve"
613 serializer_pretty_json
615 Sort and indent JSON output to make it more human-readable.
616 default: 0
618 replicate_rsync_options
620 replication rsync options for distros, autoinstalls, snippets set to
621 override default value of -avzH
622 default: "-avzH"
624 replicate_repo_rsync_options
626 Replication rsync options for repos set to override default value of
627 -avzH
628 default: "-avzH"
630 always_write_dhcp_entries
632 Always write DHCP entries, regardless if netboot is enabled.
633 default: 0
635 proxy_url_ext:
637 External proxy - used by: get-loaders, reposync, signature update. Per
638 default commented out.
639 defaults:
641 http: http://192.168.1.1:8080
643 https: https://192.168.1.1:8443
644 proxy_url_int
646 Internal proxy - used by systems to reach cobbler for kickstarts.
647 E.g.: proxy_url_int: http://10.0.0.1:8080
649 default: ""
651 jinja2_includedir
653 This is a directory of files that cobbler uses to include files into
654 Jinja2 templates. Per default this settings is commented out.
655 default: /var/lib/cobbler/jinja2
657 include
659 Include other configuration snippets with this regular expresion.
660 default: [ "/etc/cobbler/settings.d/*.settings" ]
662
664 If you have own custom modules which are not shipped with Cobbler
665 directly you may have additional sections here.
666 authentication
668 What users can log into the WebUI and Read-Write XMLRPC?
669 Choices:
671 · authn_denyall -- no one (default)
673 · authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
675 · authn_passthru -- ask Apache to handle it (used for kerberos)
677 · authn_ldap -- authenticate against LDAP
679 · authn_spacewalk -- ask Spacewalk/Satellite (experimental)
681 · authn_pam -- use PAM facilities
683 · authn_testing -- username/password is always testing/testing
685 (debug)
686 · (user supplied) -- you may write your own module
688 WARNING: this is a security setting, do not choose an option blindly.
690 For more information:
692 · https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
694 · https://github.com/cobbler/cobbler/wiki/Security-overview
696 · https://github.com/cobbler/cobbler/wiki/Kerberos
698 · https://github.com/cobbler/cobbler/wiki/Ldap
700 default: authn_configfile
702 authorization
704 Once a user has been cleared by the WebUI/XMLRPC, what can they do?
705 Choices:
707 · authz_allowall -- full access for all authneticated users (default)
709 · authz_ownership -- use users.conf, but add object ownership seman‐
711 tics
712 · (user supplied) -- you may write your own module
714 WARNING: this is a security setting, do not choose an option blindly.
716 If you want to further restrict cobbler with ACLs for various groups,
717 pick authz_ownership. authz_allowall does not support ACLs. config‐
718 file does but does not support object ownership which is useful as an
719 additional layer of control.
720 For more information:
722 · https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
724 · https://github.com/cobbler/cobbler/wiki/Security-overview
726 · https://github.com/cobbler/cobbler/wiki/Web-authorization
728 default: authz_allowall
730 dns
732 Chooses the DNS management engine if manage_dns is enabled in /etc/cob‐
733 bler/settings, which is off by default.
734 Choices:
736 · manage_bind -- default, uses BIND/named
738 · manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dhcp
740 below
741 · manage_ndjbdns -- uses ndjbdns
743 NOTE: More configuration is still required in /etc/cobbler
745 For more information:
747 https://github.com/cobbler/cobbler/wiki/Dns-management
748 default: manage_bind
750 dhcp
752 Chooses the DHCP management engine if manage_dhcp is enabled in
753 /etc/cobbler/settings, which is off by default.
754 Choices:
756 · manage_isc -- default, uses ISC dhcpd
758 · manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dns
760 above
761 NOTE: More configuration is still required in /etc/cobbler
763 For more information:
765 https://github.com/cobbler/cobbler/wiki/Dhcp-management
766 default: manage_isc
768 tftpd
770 Chooses the TFTP management engine if manage_tftp is enabled in
771 /etc/cobbler/settings, which is ON by default.
772 Choices:
774 · manage_in_tftpd -- default, uses the system's tftp server
776 · manage_tftpd_py -- uses cobbler's tftp server
778 default: manage_in_tftpd
780
782 Enno Gotthold
783
785 2020, Jörgen Maas
7863.0 Feb 21, 2020 COBBLER.CONF(5)