1COBBLER.CONF(5)                     Cobbler                    COBBLER.CONF(5)
2
3
4

NAME

6       cobbler.conf - Cobbler Configuration File Documentation
7
8       There  are  two  main  settings  files which are located per default at
9       /etc/cobbler/:
10
11       • The file settings.yaml is following YAML specification.
12
13       • The file modules.conf is following INI specification.
14
15       NOTE:
16          Since we are cleaning a lot of tech-debt this may change over  time.
17          We are trying to find the balance which format is the best for us to
18          handle in the code and the best for admins to handle in  the  config
19          files.
20
21       WARNING:
22          If  you  are  using allow_dynamic_settings, then the comments in the
23          YAML file will vanish after the first change due to  the  fact  that
24          PyYAML doesn't support comments (Source)
25
26       There  are additional configuration file locations which need to follow
27       the YAML Syntax. These are loaded from the  include  directory  in  the
28       settings.yaml  file. Any key specified in one of these files overwrites
29       values from the main file.
30
31       WARNING:
32          When using allow_dynamic_settings the values are only  persisted  in
33          the  file  settings.yaml.  This may lead to a non expected behaviour
34          after cobblerd restarts. This is a known issue.
35

UPDATES TO THE YAML-SETTINGS-FILE

37       Starting with 3.2.1:
38
39       • We require the extension .yaml on our settings file to  indicate  the
40         format  of  the  file  to editors and comply to standards of the YAML
41         specification.
42
43       • We require the usage of booleans in the format of True and False.  If
44         you have old integer style booleans with 1 and 0 this is fine but you
45         may should convert them as soon as possible. We may decide in  a  fu‐
46         ture  version  to enforce our new way in a stricter manner. Automatic
47         conversion is only done on a best-effort/available-resources basis.
48
49       • We enforce the types of values to  the  keys.  Additional  unexpected
50         keys  will throw errors. If you have those used in Cobbler please re‐
51         port this in our issue tracker. We have decided to go this way to  be
52         able  to rely on the existence of the values. This gives us the free‐
53         dom to write less access checks to the settings without loosing  sta‐
54         bility.
55

SETTINGS.YAML

57   allow_duplicate_hostnames
58       If True, Cobbler will allow insertions of system records that duplicate
59       the --dns-name information of other system records. In general, this is
60       undesirable and should be left False.
61
62       default: False
63
64   allow_duplicate_ips
65       If True, Cobbler will allow insertions of system records that duplicate
66       the IP address information of other system records. In general, this is
67       undesirable and should be left False.
68
69       default: False
70
71   allow_duplicate_macs
72       If True, Cobbler will allow insertions of system records that duplicate
73       the mac address information of other system records. In  general,  this
74       is undesirable.
75
76       default: False
77
78   allow_dynamic_settings
79       If  True, Cobbler will allow settings to be changed dynamically without
80       a restart of the cobblerd daemon. You can only change this variable  by
81       manually editing the settings file, and you MUST restart cobblerd after
82       changing it.
83
84       default: False
85
86   always_write_dhcp_entries
87       Always write DHCP entries, regardless if netboot is enabled.
88
89       default: False
90
91   anamon_enabled
92       By default, installs are not set to send installation logs to the  Cob‐
93       bler  server. With anamon_enabled, automatic installation templates may
94       use the pre_anamon snippet to allow remote live monitoring of their in‐
95       stallations  from  the Cobbler server. Installation logs will be stored
96       under /var/log/cobbler/anamon/.
97
98       NOTE:
99          This does allow an XML-RPC call to  send  logs  to  this  directory,
100          without authentication, so enable only if you are ok with this limi‐
101          tation.
102
103       default: False
104
105   auth_token_expiration
106       How long the authentication token is valid for, in seconds.
107
108       default: 3600
109
110   authn_pam_service
111       If using authn_pam in the  modules.conf,  this  can  be  configured  to
112       change the PAM service authentication will be tested against.
113
114       default: "login"
115
116   autoinstall_snippets_dir
117       This  is a directory of files that Cobbler uses to make templating eas‐
118       ier. See the Wiki for more information. Changing this directory  should
119       not be required.
120
121       default: /var/lib/cobbler/snippets
122
123   autoinstall_templates_dir
124       This  is a directory of files that Cobbler uses to make templating eas‐
125       ier. See the Wiki for more information. Changing this directory  should
126       not be required.
127
128       default: /var/lib/cobbler/templates
129
130   bind_chroot_path
131       Set  to  path of bind chroot to create bind-chroot compatible bind con‐
132       figuration files. This should be automatically detected.
133
134       default: ""
135
136   bind_master
137       Set to the ip address of the master bind DNS server for  creating  sec‐
138       ondary bind configuration files.
139
140       default: 127.0.0.1
141
142   boot_loader_conf_template_dir
143       Location of templates used for boot loader config generation.
144
145       default: "/etc/cobbler/boot_loader_conf"
146
147   bootloaders_dir
148       The  location  where  Cobbler searches for the bootloaders to copy into
149       the web directory.
150
151       default: /var/lib/cobbler/loaders
152
153   grubconfig_dir
154       The location where Cobbler searches for GRUB configuration files.
155
156       default: /var/lib/cobbler/grub_config
157
158   build_reporting_*
159       Email out a report when Cobbler finishes installing a system.
160
161       • enabled: Set to true to turn this feature on
162
163       • email: Which addresses to email
164
165       • ignorelist: TODO
166
167       • sender: Optional
168
169       • smtp_server: Used to specify another server for an MTA.
170
171       • subject: Use the default subject unless overridden.
172
173       defaults:
174
175          build_reporting_enabled: false
176          build_reporting_sender: ""
177          build_reporting_email: [ 'root@localhost' ]
178          build_reporting_smtp_server: "localhost"
179          build_reporting_subject: ""
180          build_reporting_ignorelist: [ "" ]
181
182   buildisodir
183       Used for caching the intermediate files for ISO-Building. You may  want
184       to  use  a  SSD, a tmpfs or something which does not persist across re‐
185       boots and can be easily thrown away but is also fast.
186
187       default: /var/cache/cobbler/buildiso
188
189   cache_enabled
190       If cache_enabled is True, a cache will keep converted records in memory
191       to  make  checking  them faster. This helps with use cases like writing
192       out large numbers of records. There is a known issue with cache and re‐
193       mote  XML-RPC API calls. If you will use Cobbler with config management
194       or infrastructure-as-code tools such as Terraform, it is recommended to
195       disable by setting to False.
196
197       default: True
198
199   cheetah_import_whitelist
200       Cheetah-language autoinstall templates can import Python modules. while
201       this is a useful feature, it is not safe to allow them to  import  any‐
202       thing  they want. This whitelists which modules can be imported through
203       Cheetah. Users can expand this as needed but should never allow modules
204       such  as  subprocess  or  those  that allow access to the filesystem as
205       Cheetah templates are evaluated by cobblerd as code.
206
207       default:
208
209random
210
211re
212
213time
214
215netaddr
216
217   client_use_https
218       If set to True, all commands to the API (not directly  to  the  XML-RPC
219       server) will go over HTTPS instead of plain text. Be sure to change the
220       http_port setting to the correct value for the web server.
221
222       default: False
223
224   client_use_localhost
225       If set to True, all commands will be forced to use  the  localhost  ad‐
226       dress  instead  of  using the above value which can force commands like
227       cobbler sync to open a connection to a remote address if one is in  the
228       configuration and would traceback.
229
230       default: False
231
232   cobbler_master
233       Used for replicating the Cobbler instance.
234
235       default: ""
236
237   convert_server_to_ip
238       Convert  hostnames  to IP addresses (where possible) so DNS isn't a re‐
239       quirement for various tasks to work correctly.
240
241       default: False
242
243   createrepo_flags
244       Default createrepo_flags to use for new repositories.
245
246       default: "-c cache -s sha"
247
248   default_autoinstall
249       If no autoinstall template is specified to profile add, use  this  tem‐
250       plate.
251
252       default: /var/lib/cobbler/templates/default.ks
253
254   default_name_*
255       Configure  all  installed  systems to use these name servers by default
256       unless defined differently in the profile. For DHCP configurations  you
257       probably do not want to supply this.
258
259       defaults:
260
261          default_name_servers: []
262          default_name_servers_search: []
263
264   default_ownership
265       if using the authz_ownership module, objects created without specifying
266       an owner are assigned to this owner and/or group.
267
268       default:
269
270admin
271
272   default_password_crypted
273       Cobbler has various sample automatic installation templates  stored  in
274       /var/lib/cobbler/templates/. This controls what install (root) password
275       is set up for those systems that reference this variable.  The  factory
276       default  is  "cobbler"  and  Cobbler  check  will  warn  if this is not
277       changed. The simplest way to change the  password  is  to  run  openssl
278       passwd -1 and put the output between the "".
279
280       default: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
281
282   default_template_type
283       The  default  template type to use in the absence of any other detected
284       template. If you do  not  specify  the  template  with  #template=<tem‐
285       plate_type>  on the first line of your templates/snippets, Cobbler will
286       assume try to use the following template engine to parse the templates.
287
288       NOTE:
289          Over time we will try to deprecate and remove Cheetah3 as a template
290          engine.  It  is hard to package and there are fewer guides then with
291          Jinja2. Making the templating independent of the engine  is  a  task
292          which  complicates the code. Thus, please try to use Jinja2. We will
293          try to support a seamless transition on a best-effort basis.
294
295       Current valid values are: cheetah, jinja2
296
297       default: "cheetah"
298
299   default_virt_bridge
300       For libvirt based installs in Koan, if  no  virt-bridge  is  specified,
301       which bridge do we try? For EL 4/5 hosts this should be xenbr0, for all
302       versions of Fedora, try virbr0. This can be overridden on a per-profile
303       basis  or at the Koan command line though this saves typing to just set
304       it here to the most common option.
305
306       default: xenbr0
307
308   default_virt_disk_driver
309       The on-disk format for the virtualization disk.
310
311       default: raw
312
313   default_virt_file_size
314       Use this as the default disk size for virt guests (GB).
315
316       default: 5
317
318   default_virt_ram
319       Use this as the default memory size for virt guests (MB).
320
321       default: 512
322
323   default_virt_type
324       If Koan is invoked without --virt-type and no virt-type is set  on  the
325       profile/system, what virtualization type should be assumed?
326
327       Current valid values are:
328
329xenpv
330
331xenfv
332
333qemu
334
335vmware
336
337       NOTE: this does not change what virt_type is chosen by import.
338
339       default: xenpv
340
341   enable_gpxe
342       Enable  gPXE  booting?  Enabling this option will cause Cobbler to copy
343       the undionly.kpxe file to the  TFTP  root  directory,  and  if  a  pro‐
344       file/system  is  configured to boot via gPXE it will chain load off px‐
345       elinux.0.
346
347       NOTE:
348          We now gPXE is not active anymore and try to  transition  the  code,
349          settings and guide we have to iPXE.
350
351       default: False
352
353   enable_menu
354       Controls whether Cobbler will add each new profile entry to the default
355       PXE boot menu. This can be over-ridden  on  a  per-profile  basis  when
356       adding/editing profiles with --enable-menu=False/True. Users should or‐
357       dinarily leave this setting enabled unless they are concerned with  ac‐
358       cidental reinstall from users who select an entry at the PXE boot menu.
359       Adding a password to the boot menus templates may also be a good  solu‐
360       tion to prevent unwanted reinstallations.
361
362       default: True
363
364   http_port
365       Change  this  port if Apache is not running plain text on port 80. Most
366       people can leave this alone.
367
368       default: 80
369
370   include
371       Include other configuration snippets with this regular expression. This
372       is a list of folders.
373
374       default: [ "/etc/cobbler/settings.d/*.settings" ]
375
376   iso_template_dir
377       Folder  to search for the ISO templates. These will build the boot-menu
378       of the built ISO.
379
380       default: /etc/cobbler/iso
381
382   jinja2_includedir
383       This is a directory of files that Cobbler uses to  include  files  into
384       Jinja2 templates. Per default this settings is commented out.
385
386       default: /var/lib/cobbler/jinja2
387
388   kernel_options
389       Kernel  options  that  should be present in every Cobbler installation.
390       Kernel options can also be applied at the distro/profile/system level.
391
392       default: {}
393
394   ldap_*
395       Configuration options if using the authn_ldap module. See the Wiki  for
396       details.  This  can  be  ignored  if  you  are  not  using LDAP for We‐
397       bUI/XML-RPC authentication.
398
399       defaults:
400
401          ldap_server: "ldap.example.com"
402          ldap_base_dn: "DC=example,DC=com"
403          ldap_port: 389
404          ldap_tls: true
405          ldap_anonymous_bind: true
406          ldap_search_bind_dn: ''
407          ldap_search_passwd: ''
408          ldap_search_prefix: 'uid='
409          ldap_tls_cacertfile: ''
410          ldap_tls_keyfile: ''
411          ldap_tls_certfile: ''
412
413   bind_manage_ipmi
414       When using the Bind9 DNS server, you can enable or disable if the  BMCs
415       should receive own DNS entries.
416
417       default: False
418
419   manage_dhcp
420       Set to True to enable Cobbler's DHCP management features. The choice of
421       DHCP management engine is in /etc/cobbler/modules.conf.
422
423       default: True
424
425   manage_dns
426       Set to True to enable Cobbler's DNS management features. The choice  of
427       DNS management engine is in /etc/cobbler/modules.conf.
428
429       default: False
430
431   manage_*_zones
432       If  using  BIND (named) for DNS management in /etc/cobbler/modules.conf
433       and manage_dns is enabled (above), this lists which zones are  managed.
434       See dns-management for more information.
435
436       defaults:
437
438          manage_forward_zones: []
439          manage_reverse_zones: []
440
441   manage_genders
442       Whether or not to manage the genders file. For more information on that
443       visit: github.com/chaos/genders
444
445       default: False
446
447   manage_rsync
448       Set to True to enable Cobbler's RSYNC management features.
449
450       default: False
451
452   manage_tftpd
453       Set to True to enable Cobbler's TFTP management features. The choice of
454       TFTP management engine is in /etc/cobbler/modules.conf.
455
456       default: True
457
458   mgmt_*
459       Cobbler  has  a feature that allows for integration with config manage‐
460       ment systems such as Puppet. The following parameters work in  conjunc‐
461       tion with --mgmt-classes and are described in further detail at config‐
462       uration-management.
463
464          mgmt_classes: []
465          mgmt_parameters:
466              from_cobbler: true
467
468   next_server
469       If using Cobbler with manage_dhcp, put the IP address  of  the  Cobbler
470       server  here  so that PXE booting guests can find it. If you do not set
471       this correctly, this will be manifested in TFTP open timeouts.
472
473       default: 127.0.0.1
474
475   nsupdate_enabled
476       This enables or disables the replacement (or removal) of records in the
477       DNS zone for systems created (or removed) by Cobbler.
478
479       NOTE:
480          There  are additional settings needed when enabling this. Due to the
481          limited number of resources, this won't be done  until  3.3.0.  Thus
482          please expect to run into troubles when enabling this setting.
483
484       default: False
485
486   nsupdate_log
487       The  logfile  to  document what records are added or removed in the DNS
488       zone for systems.
489
490       NOTE:
491          The functionality this settings  is  related  to  is  currently  not
492          tested  due to tech-debt. Please use it with caution. This note will
493          be removed once we were able to look deeper into this  functionality
494          of Cobbler.
495
496       • Required: No
497
498       • Default: /var/log/cobbler/nsupdate.log
499
500   nsupdate_tsig_algorithm
501       NOTE:
502          The  functionality  this  settings  is  related  to is currently not
503          tested due to tech-debt. Please use it with caution. This note  will
504          be  removed once we were able to look deeper into this functionality
505          of Cobbler.
506
507       • Required: No
508
509       • Default: hmac-sha512
510
511   nsupdate_tsig_key
512       NOTE:
513          The functionality this settings  is  related  to  is  currently  not
514          tested  due to tech-debt. Please use it with caution. This note will
515          be removed once we were able to look deeper into this  functionality
516          of Cobbler.
517
518       • Required: No
519
520       • Default: []
521
522   power_management_default_type
523       Settings  for  power  management features. These settings are optional.
524       See power-management to learn more.
525
526       Choices (refer to the fence-agents project for a complete list):
527
528       • apc_snmp
529
530       • bladecenter
531
532       • bullpap
533
534       • drac
535
536       • ether_wake
537
538       • ilo
539
540       • integrity
541
542       • ipmilan
543
544       • ipmilanplus
545
546       • lpar
547
548       • rsa
549
550       • virsh
551
552       • wti
553
554       default: ipmilanplus
555
556   proxy_url_ext
557       External proxy which is used by the  following  commands:  get-loaders,
558       reposync, signature update
559
560       defaults:
561
562          http: http://192.168.1.1:8080
563          https: https://192.168.1.1:8443
564
565   proxy_url_int
566       Internal  proxy  which  is  used  by systems to reach Cobbler for kick‐
567       starts.
568
569       e.g.: proxy_url_int: http://10.0.0.1:8080
570
571       default: ""
572
573   puppet_auto_setup
574       If enabled, this setting ensures that puppet is  installed  during  ma‐
575       chine  provision,  a  client certificate is generated and a certificate
576       signing request is made with the puppet master server.
577
578       default: False
579
580   puppet_parameterized_classes
581       Choose whether to enable puppet parameterized classes  or  not.  Puppet
582       versions prior to 2.6.5 do not support parameters.
583
584       default: True
585
586   puppet_server
587       Choose a --server argument when running puppetd/puppet agent during au‐
588       toinstall.
589
590       default: 'puppet'
591
592   puppet_version
593       Let Cobbler know that you're using a newer version  of  puppet.  Choose
594       version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'.
595
596       default: 2
597
598   puppetca_path
599       Location of the puppet executable, used for revoking certificates.
600
601       default: "/usr/bin/puppet"
602
603   pxe_just_once
604       If  this setting is set to True, Cobbler systems that pxe boot will re‐
605       quest at the end of their installation to toggle the  --netboot-enabled
606       record  in the Cobbler system record. This eliminates the potential for
607       a PXE boot loop if the system is set to PXE first in it's  BIOS  order.
608       Enable  this  if  PXE is first in your BIOS boot order, otherwise leave
609       this disabled. See the manpage for --netboot-enabled.
610
611       default: True
612
613   nopxe_with_triggers
614       If this setting is set to True, triggers will be executed when  systems
615       will request to toggle the --netboot-enabled record at the end of their
616       installation.
617
618       default: True
619
620   redhat_management_permissive
621       If using authn_spacewalk in modules.conf to  let  Cobbler  authenticate
622       against Satellite/Spacewalk's auth system, by default it will not allow
623       per user access into Cobbler Web and Cobbler XML-RPC. In order to  per‐
624       mit  this,  the following setting must be enabled HOWEVER doing so will
625       permit all Spacewalk/Satellite users of certain types to  edit  all  of
626       Cobbler's  configuration.  these roles are: config_admin and org_admin.
627       Users should turn this on only if they want this behavior  and  do  not
628       have  a cross-multi-org separation concern. If you have a single org in
629       your satellite, it's probably safe to turn this on and then you can use
630       CobblerWeb alongside a Satellite install.
631
632       default: False
633
634   redhat_management_server
635       This  setting  is  only used by the code that supports using Uyuni/SUSE
636       Manager/Spacewalk/Satellite authentication within Cobbler Web and  Cob‐
637       bler XML-RPC.
638
639       default: "xmlrpc.rhn.redhat.com"
640
641   redhat_management_key
642       Specify  the  default Red Hat authorization key to use to register sys‐
643       tem. If left blank, no registration will be  attempted.  Similarly  you
644       can  set  the --redhat-management-key to blank on any system to keep it
645       from trying to register.
646
647       default: ""
648
649   register_new_installs
650       If set to True, allows  /usr/bin/cobbler-register  (part  of  the  Koan
651       package)  to be used to remotely add new Cobbler system records to Cob‐
652       bler. This effectively allows for registration  of  new  hardware  from
653       system records.
654
655       default: False
656
657   remove_old_puppet_certs_automatically
658       When  a puppet managed machine is reinstalled it is necessary to remove
659       the puppet certificate from the puppet master server before a new  cer‐
660       tificate is signed (see above). Enabling the following feature will en‐
661       sure that the certificate for the machine to be  installed  is  removed
662       from the puppet master server if the puppet master server is running on
663       the same machine as Cobbler. This requires puppet_auto_setup  above  to
664       be enabled
665
666       default: False
667
668   replicate_repo_rsync_options
669       Replication  rsync  options  for repos set to override default value of
670       -avzH.
671
672       default: "-avzH"
673
674   replicate_rsync_options
675       replication rsync options for distros, autoinstalls,  snippets  set  to
676       override default value of -avzH.
677
678       default: "-avzH"
679
680   reposync_flags
681       Flags  to  use for yum's reposync. If your version of yum reposync does
682       not support -l, you may need to remove that option.
683
684       default: "-l -n -d"
685
686   reposync_rsync_flags
687       Flags to use for rysync's reposync. If archive mode  (-a,--archive)  is
688       used  then  createrepo  is not ran after the rsync as it pulls down the
689       repodata as well. This allows older OS's to mirror modular repos  using
690       rsync.
691
692       default: "-rltDv --copy-unsafe-links"
693
694   restart_*
695       When  DHCP  and  DNS management are enabled, cobbler sync can automati‐
696       cally restart those services to apply changes.  The exception for  this
697       is if using ISC for DHCP, then OMAPI eliminates the need for a restart.
698       omapi, however, is experimental and not recommended for most configura‐
699       tions.  If  DHCP  and  DNS are going to be managed, but hosted on a box
700       that is not on this server, disable restarts here and write some  other
701       script to ensure that the config files get copied/rsynced to the desti‐
702       nation box. This can be done by modifying the restart services trigger.
703       Note  that  if  manage_dhcp and manage_dns are disabled, the respective
704       parameter will have no effect. Most users should  not  need  to  change
705       this.
706
707       defaults:
708
709          restart_dns: true
710          restart_dhcp: true
711
712   run_install_triggers
713       Install  triggers are scripts in /var/lib/cobbler/triggers/install that
714       are triggered in autoinstall pre  and  post  sections.  Any  executable
715       script  in  those directories is run. They can be used to send email or
716       perform other actions.  They are currently run as root so if you do not
717       need  this functionality you can disable it, though this will also dis‐
718       able cobbler status which uses  a  logging  trigger  to  audit  install
719       progress.
720
721       default: true
722
723   scm_track_*
724       enables  a  trigger which version controls all changes to /var/lib/cob‐
725       bler when add, edit, or sync events are performed. This can be used  to
726       revert  to previous database versions, generate RSS feeds, or for other
727       auditing or backup purposes. Git and Mercurial are currently supported,
728       but Git is the recommend SCM for use with this feature.
729
730       default:
731
732          scm_track_enabled: false
733          scm_track_mode: "git"
734          scm_track_author: "cobbler <cobbler@localhost>"
735          scm_push_script: "/bin/true"
736
737   serializer_pretty_json
738       Sort and indent JSON output to make it more human-readable.
739
740       default: False
741
742   server
743       This  is  the address of the Cobbler server -- as it is used by systems
744       during the install process, it must be the address or hostname  of  the
745       system  as  those systems can see the server. if you have a server that
746       appears differently to different subnets (dual homed, etc), you need to
747       read the --server-override section of the manpage for how that works.
748
749       default: 127.0.0.1
750
751   sign_puppet_certs_automatically
752       When  puppet starts on a system after installation it needs to have its
753       certificate signed by the puppet master server.  Enabling the following
754       feature  will ensure that the puppet server signs the certificate after
755       installation if the puppet master server is running on the same machine
756       as Cobbler. This requires puppet_auto_setup above to be enabled.
757
758       default: false
759
760   signature_path
761       The  cobbler  import workflow is powered by this file. Its location can
762       be set with this config option.
763
764       default: /var/lib/cobbler/distro_signatures.json
765
766   signature_url
767       Updates to the signatures may happen more often then we have  releases.
768       To enable you to import new version we provide the most up to date sig‐
769       natures we offer on this like. You may host this file for yourself  and
770       adjust it for your needs.
771
772       default: https://cobbler.github.io/signatures/3.0.x/latest.json
773
774   tftpboot_location
775       This  variable contains the location of the tftpboot directory. If this
776       directory is not present Cobbler does not start.
777
778       Default: /srv/tftpboot
779
780   virt_auto_boot
781       Should new profiles for virtual machines default to auto  booting  with
782       the physical host when the physical host reboots?  This can be overrid‐
783       den on each profile or system object.
784
785       default: true
786
787   webdir
788       Cobbler's web directory.  Don't change this setting -- see the Wiki  on
789       "relocating  your  Cobbler install" if your /var partition is not large
790       enough.
791
792       default: @@webroot@@/cobbler
793
794   webdir_whitelist
795       Directories that will not get wiped and recreated on a cobbler sync.
796
797       default:
798
799          webdir_whitelist:
800            - misc
801            - web
802            - webui
803            - localmirror
804            - repo_mirror
805            - distro_mirror
806            - images
807            - links
808            - pub
809            - repo_profile
810            - repo_system
811            - svc
812            - rendered
813            - .link_cache
814
815   xmlrpc_port
816       Cobbler's public XML-RPC listens on this port. Change this only if  ab‐
817       solutely needed, as you'll have to start supplying a new port option to
818       Koan if it is not the default.
819
820       default: 25151
821
822   yum_distro_priority
823       The default yum priority for all the distros.  This  is  only  used  if
824       yum-priorities  plugin is used. 1 is the maximum value. Tweak with cau‐
825       tion.
826
827       default: true
828
829   yum_post_install_mirror
830       cobbler repo add commands set Cobbler up  with  repository  information
831       that  can be used during autoinstall and is automatically set up in the
832       Cobbler autoinstall templates. By default, these are only available  at
833       install  time.  To  make these repositories usable on installed systems
834       (since Cobbler makes a very convenient mirror) set this to True.   Most
835       users  can safely set this to True. Users who have a dual homed Cobbler
836       server, or are installing laptops that will not always have  access  to
837       the  Cobbler  server may wish to leave this as False. In that case, the
838       Cobbler mirrored yum repos are still accessible at http://cobbler.exam
839       ple.org/cblr/repo_mirror  and YUM configuration can still be done manu‐
840       ally. This is just a shortcut.
841
842       default: True
843
844   yumdownloader_flags
845       Flags to use for yumdownloader. Not all versions may support --resolve.
846
847       default: "--resolve"
848

MODULES.CONF

850       If you have own custom modules which are not shipped with  Cobbler  di‐
851       rectly you may have additional sections here.
852
853   authentication
854       What users can log into the WebUI and Read-Write XML-RPC?
855
856       Choices:
857
858       • authn_denyall    -- no one (default)
859
860       • authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
861
862       • authn_passthru   -- ask Apache to handle it (used for kerberos)
863
864       • authn_ldap       -- authenticate against LDAP
865
866       • authn_spacewalk  -- ask Spacewalk/Satellite (experimental)
867
868       • authn_pam        -- use PAM facilities
869
870       • authn_testing     -- username/password is always testing/testing (de‐
871         bug)
872
873       • (user supplied)  -- you may write your own module
874
875       WARNING: this is a security setting, do not choose an option blindly.
876
877       For more information:
878
879       • web-interface
880
881https://cobbler.readthedocs.io/en/release28/5_web-interface/security_overview.html
882
883https://cobbler.readthedocs.io/en/release28/5_web-interface/web_authentication.html#defer-to-apache-kerberos
884
885https://cobbler.readthedocs.io/en/release28/5_web-interface/web_authentication.html#ldap
886
887       default: authn_configfile
888
889   authorization
890       Once a user has been cleared by the WebUI/XML-RPC, what can they do?
891
892       Choices:
893
894       • authz_allowall   -- full access for all authenticated users (default)
895
896       • authz_ownership   --  use users.conf, but add object ownership seman‐
897         tics
898
899       • (user supplied)  -- you may write your own module
900
901       WARNING: this is a security setting, do not choose an  option  blindly.
902       If  you  want to further restrict Cobbler with ACLs for various groups,
903       pick authz_ownership.  authz_allowall does not support ACLs. Configura‐
904       tion file does but does not support object ownership which is useful as
905       an additional layer of control.
906
907       For more information:
908
909       • web-interface
910
911https://cobbler.readthedocs.io/en/release28/5_web-interface/security_overview.html
912
913https://cobbler.readthedocs.io/en/release28/5_web-interface/web_authentication.html
914
915       default: authz_allowall
916
917   dns
918       Chooses the DNS management engine if manage_dns is enabled in /etc/cob‐
919       bler/settings.yaml, which is off by default.
920
921       Choices:
922
923       • manage_bind    -- default, uses BIND/named
924
925       • manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for DHCP be‐
926         low
927
928       • manage_ndjbdns -- uses ndjbdns
929
930       NOTE: More configuration is still required in /etc/cobbler
931
932       For more information see dns-management.
933
934       default: manage_bind
935
936   dhcp
937       Chooses the  DHCP  management  engine  if  manage_dhcp  is  enabled  in
938       /etc/cobbler/settings.yaml, which is off by default.
939
940       Choices:
941
942       • manage_isc     -- default, uses ISC dhcpd
943
944       • manage_dnsmasq  --  uses  dnsmasq,  also  must select dnsmasq for DNS
945         above
946
947       NOTE: More configuration is still required in /etc/cobbler
948
949       For more information see dhcp-management.
950
951       default: manage_isc
952
953   tftpd
954       Chooses the TFTP  management  engine  if  manage_tftpd  is  enabled  in
955       /etc/cobbler/settings.yaml, which is on by default.
956
957       Choices:
958
959       • manage_in_tftpd -- default, uses the system's TFTP server
960
961       • manage_tftpd_py -- uses Cobbler's TFTP server
962
963       default: manage_in_tftpd
964

AUTHOR

966       Enno Gotthold
967
969       2021, Enno Gotthold
970
971
972
973
9743.2                              Sep 23, 2021                  COBBLER.CONF(5)
Impressum