1COBBLER.CONF(5) Cobbler COBBLER.CONF(5)
2
3
4
6 cobbler.conf - Cobbler Configuration File Documentation
7
8 There are two main settings files which are located per default at
9 /etc/cobbler/:
10
11 • The file settings.yaml is following YAML specification.
12
13 • The file modules.conf is following INI specification.
14
15 NOTE:
16 Since we are cleaning a lot of tech-debt this may change over time.
17 We are trying to find the balance which format is the best for us to
18 handle in the code and the best for admins to handle in the config
19 files.
20
21 WARNING:
22 If you are using allow_dynamic_settings, then the comments in the
23 YAML file will vanish after the first change due to the fact that
24 PyYAML doesn't support comments (Source)
25
26 There are additional configuration file locations which need to follow
27 the YAML Syntax. These are loaded from the include directory in the
28 settings.yaml file. Any key specified in one of these files overwrites
29 values from the main file.
30
31 WARNING:
32 When using allow_dynamic_settings the values are only persisted in
33 the file settings.yaml. This may lead to a non expected behaviour
34 after cobblerd restarts. This is a known issue.
35
37 Starting with 3.2.1:
38
39 • We require the extension .yaml on our settings file to indicate the
40 format of the file to editors and comply to standards of the YAML
41 specification.
42
43 • We require the usage of booleans in the format of True and False. If
44 you have old integer style booleans with 1 and 0 this is fine but you
45 may should convert them as soon as possible. We may decide in a fu‐
46 ture version to enforce our new way in a stricter manner. Automatic
47 conversion is only done on a best-effort/available-resources basis.
48
49 • We enforce the types of values to the keys. Additional unexpected
50 keys will throw errors. If you have those used in Cobbler please re‐
51 port this in our issue tracker. We have decided to go this way to be
52 able to rely on the existence of the values. This gives us the free‐
53 dom to write less access checks to the settings without loosing sta‐
54 bility.
55
57 allow_duplicate_hostnames
58 If True, Cobbler will allow insertions of system records that duplicate
59 the --dns-name information of other system records. In general, this is
60 undesirable and should be left False.
61
62 default: False
63
64 allow_duplicate_ips
65 If True, Cobbler will allow insertions of system records that duplicate
66 the IP address information of other system records. In general, this is
67 undesirable and should be left False.
68
69 default: False
70
71 allow_duplicate_macs
72 If True, Cobbler will allow insertions of system records that duplicate
73 the mac address information of other system records. In general, this
74 is undesirable.
75
76 default: False
77
78 allow_dynamic_settings
79 If True, Cobbler will allow settings to be changed dynamically without
80 a restart of the cobblerd daemon. You can only change this variable by
81 manually editing the settings file, and you MUST restart cobblerd after
82 changing it.
83
84 default: False
85
86 always_write_dhcp_entries
87 Always write DHCP entries, regardless if netboot is enabled.
88
89 default: False
90
91 anamon_enabled
92 By default, installs are not set to send installation logs to the Cob‐
93 bler server. With anamon_enabled, automatic installation templates may
94 use the pre_anamon snippet to allow remote live monitoring of their in‐
95 stallations from the Cobbler server. Installation logs will be stored
96 under /var/log/cobbler/anamon/.
97
98 NOTE:
99 This does allow an XML-RPC call to send logs to this directory,
100 without authentication, so enable only if you are ok with this limi‐
101 tation.
102
103 default: False
104
105 auth_token_expiration
106 How long the authentication token is valid for, in seconds.
107
108 default: 3600
109
110 authn_pam_service
111 If using authn_pam in the modules.conf, this can be configured to
112 change the PAM service authentication will be tested against.
113
114 default: "login"
115
116 autoinstall_snippets_dir
117 This is a directory of files that Cobbler uses to make templating eas‐
118 ier. See the Wiki for more information. Changing this directory should
119 not be required.
120
121 default: /var/lib/cobbler/snippets
122
123 autoinstall_templates_dir
124 This is a directory of files that Cobbler uses to make templating eas‐
125 ier. See the Wiki for more information. Changing this directory should
126 not be required.
127
128 default: /var/lib/cobbler/templates
129
130 bind_chroot_path
131 Set to path of bind chroot to create bind-chroot compatible bind con‐
132 figuration files. This should be automatically detected.
133
134 default: ""
135
136 bind_master
137 Set to the ip address of the master bind DNS server for creating sec‐
138 ondary bind configuration files.
139
140 default: 127.0.0.1
141
142 boot_loader_conf_template_dir
143 Location of templates used for boot loader config generation.
144
145 default: "/etc/cobbler/boot_loader_conf"
146
147 bootloaders_dir
148 The location where Cobbler searches for the bootloaders to copy into
149 the web directory.
150
151 default: /var/lib/cobbler/loaders
152
153 grubconfig_dir
154 The location where Cobbler searches for GRUB configuration files.
155
156 default: /var/lib/cobbler/grub_config
157
158 build_reporting_*
159 Email out a report when Cobbler finishes installing a system.
160
161 • enabled: Set to true to turn this feature on
162
163 • email: Which addresses to email
164
165 • ignorelist: TODO
166
167 • sender: Optional
168
169 • smtp_server: Used to specify another server for an MTA.
170
171 • subject: Use the default subject unless overridden.
172
173 defaults:
174
175 build_reporting_enabled: false
176 build_reporting_sender: ""
177 build_reporting_email: [ 'root@localhost' ]
178 build_reporting_smtp_server: "localhost"
179 build_reporting_subject: ""
180 build_reporting_ignorelist: [ "" ]
181
182 buildisodir
183 Used for caching the intermediate files for ISO-Building. You may want
184 to use a SSD, a tmpfs or something which does not persist across re‐
185 boots and can be easily thrown away but is also fast.
186
187 default: /var/cache/cobbler/buildiso
188
189 cache_enabled
190 If cache_enabled is True, a cache will keep converted records in memory
191 to make checking them faster. This helps with use cases like writing
192 out large numbers of records. There is a known issue with cache and re‐
193 mote XML-RPC API calls. If you will use Cobbler with config management
194 or infrastructure-as-code tools such as Terraform, it is recommended to
195 disable by setting to False.
196
197 default: True
198
199 cheetah_import_whitelist
200 Cheetah-language autoinstall templates can import Python modules. while
201 this is a useful feature, it is not safe to allow them to import any‐
202 thing they want. This whitelists which modules can be imported through
203 Cheetah. Users can expand this as needed but should never allow modules
204 such as subprocess or those that allow access to the filesystem as
205 Cheetah templates are evaluated by cobblerd as code.
206
207 default:
208
209 • random
210
211 • re
212
213 • time
214
215 • netaddr
216
217 client_use_https
218 If set to True, all commands to the API (not directly to the XML-RPC
219 server) will go over HTTPS instead of plain text. Be sure to change the
220 http_port setting to the correct value for the web server.
221
222 default: False
223
224 client_use_localhost
225 If set to True, all commands will be forced to use the localhost ad‐
226 dress instead of using the above value which can force commands like
227 cobbler sync to open a connection to a remote address if one is in the
228 configuration and would traceback.
229
230 default: False
231
232 cobbler_master
233 Used for replicating the Cobbler instance.
234
235 default: ""
236
237 convert_server_to_ip
238 Convert hostnames to IP addresses (where possible) so DNS isn't a re‐
239 quirement for various tasks to work correctly.
240
241 default: False
242
243 createrepo_flags
244 Default createrepo_flags to use for new repositories.
245
246 default: "-c cache -s sha"
247
248 default_autoinstall
249 If no autoinstall template is specified to profile add, use this tem‐
250 plate.
251
252 default: /var/lib/cobbler/templates/default.ks
253
254 default_name_*
255 Configure all installed systems to use these name servers by default
256 unless defined differently in the profile. For DHCP configurations you
257 probably do not want to supply this.
258
259 defaults:
260
261 default_name_servers: []
262 default_name_servers_search: []
263
264 default_ownership
265 if using the authz_ownership module, objects created without specifying
266 an owner are assigned to this owner and/or group.
267
268 default:
269
270 • admin
271
272 default_password_crypted
273 Cobbler has various sample automatic installation templates stored in
274 /var/lib/cobbler/templates/. This controls what install (root) password
275 is set up for those systems that reference this variable. The factory
276 default is "cobbler" and Cobbler check will warn if this is not
277 changed. The simplest way to change the password is to run openssl
278 passwd -1 and put the output between the "".
279
280 default: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
281
282 default_template_type
283 The default template type to use in the absence of any other detected
284 template. If you do not specify the template with #template=<tem‐
285 plate_type> on the first line of your templates/snippets, Cobbler will
286 assume try to use the following template engine to parse the templates.
287
288 NOTE:
289 Over time we will try to deprecate and remove Cheetah3 as a template
290 engine. It is hard to package and there are fewer guides then with
291 Jinja2. Making the templating independent of the engine is a task
292 which complicates the code. Thus, please try to use Jinja2. We will
293 try to support a seamless transition on a best-effort basis.
294
295 Current valid values are: cheetah, jinja2
296
297 default: "cheetah"
298
299 default_virt_bridge
300 For libvirt based installs in Koan, if no virt-bridge is specified,
301 which bridge do we try? For EL 4/5 hosts this should be xenbr0, for all
302 versions of Fedora, try virbr0. This can be overridden on a per-profile
303 basis or at the Koan command line though this saves typing to just set
304 it here to the most common option.
305
306 default: xenbr0
307
308 default_virt_disk_driver
309 The on-disk format for the virtualization disk.
310
311 default: raw
312
313 default_virt_file_size
314 Use this as the default disk size for virt guests (GB).
315
316 default: 5
317
318 default_virt_ram
319 Use this as the default memory size for virt guests (MB).
320
321 default: 512
322
323 default_virt_type
324 If Koan is invoked without --virt-type and no virt-type is set on the
325 profile/system, what virtualization type should be assumed?
326
327 Current valid values are:
328
329 • xenpv
330
331 • xenfv
332
333 • qemu
334
335 • vmware
336
337 NOTE: this does not change what virt_type is chosen by import.
338
339 default: xenpv
340
341 enable_gpxe
342 Enable gPXE booting? Enabling this option will cause Cobbler to copy
343 the undionly.kpxe file to the TFTP root directory, and if a pro‐
344 file/system is configured to boot via gPXE it will chain load off px‐
345 elinux.0.
346
347 NOTE:
348 We now gPXE is not active anymore and try to transition the code,
349 settings and guide we have to iPXE.
350
351 default: False
352
353 enable_menu
354 Controls whether Cobbler will add each new profile entry to the default
355 PXE boot menu. This can be over-ridden on a per-profile basis when
356 adding/editing profiles with --enable-menu=False/True. Users should or‐
357 dinarily leave this setting enabled unless they are concerned with ac‐
358 cidental reinstall from users who select an entry at the PXE boot menu.
359 Adding a password to the boot menus templates may also be a good solu‐
360 tion to prevent unwanted reinstallations.
361
362 default: True
363
364 http_port
365 Change this port if Apache is not running plain text on port 80. Most
366 people can leave this alone.
367
368 default: 80
369
370 include
371 Include other configuration snippets with this regular expression. This
372 is a list of folders.
373
374 default: [ "/etc/cobbler/settings.d/*.settings" ]
375
376 iso_template_dir
377 Folder to search for the ISO templates. These will build the boot-menu
378 of the built ISO.
379
380 default: /etc/cobbler/iso
381
382 jinja2_includedir
383 This is a directory of files that Cobbler uses to include files into
384 Jinja2 templates. Per default this settings is commented out.
385
386 default: /var/lib/cobbler/jinja2
387
388 kernel_options
389 Kernel options that should be present in every Cobbler installation.
390 Kernel options can also be applied at the distro/profile/system level.
391
392 default: {}
393
394 ldap_*
395 Configuration options if using the authn_ldap module. See the Wiki for
396 details. This can be ignored if you are not using LDAP for We‐
397 bUI/XML-RPC authentication.
398
399 defaults:
400
401 ldap_server: "ldap.example.com"
402 ldap_base_dn: "DC=example,DC=com"
403 ldap_port: 389
404 ldap_tls: true
405 ldap_anonymous_bind: true
406 ldap_search_bind_dn: ''
407 ldap_search_passwd: ''
408 ldap_search_prefix: 'uid='
409 ldap_tls_cacertfile: ''
410 ldap_tls_keyfile: ''
411 ldap_tls_certfile: ''
412
413 bind_manage_ipmi
414 When using the Bind9 DNS server, you can enable or disable if the BMCs
415 should receive own DNS entries.
416
417 default: False
418
419 manage_dhcp
420 Set to True to enable Cobbler's DHCP management features. The choice of
421 DHCP management engine is in /etc/cobbler/modules.conf.
422
423 default: True
424
425 manage_dns
426 Set to True to enable Cobbler's DNS management features. The choice of
427 DNS management engine is in /etc/cobbler/modules.conf.
428
429 default: False
430
431 manage_*_zones
432 If using BIND (named) for DNS management in /etc/cobbler/modules.conf
433 and manage_dns is enabled (above), this lists which zones are managed.
434 See dns-management for more information.
435
436 defaults:
437
438 manage_forward_zones: []
439 manage_reverse_zones: []
440
441 manage_genders
442 Whether or not to manage the genders file. For more information on that
443 visit: github.com/chaos/genders
444
445 default: False
446
447 manage_rsync
448 Set to True to enable Cobbler's RSYNC management features.
449
450 default: False
451
452 manage_tftpd
453 Set to True to enable Cobbler's TFTP management features. The choice of
454 TFTP management engine is in /etc/cobbler/modules.conf.
455
456 default: True
457
458 mgmt_*
459 Cobbler has a feature that allows for integration with config manage‐
460 ment systems such as Puppet. The following parameters work in conjunc‐
461 tion with --mgmt-classes and are described in further detail at config‐
462 uration-management.
463
464 mgmt_classes: []
465 mgmt_parameters:
466 from_cobbler: true
467
468 next_server
469 If using Cobbler with manage_dhcp, put the IP address of the Cobbler
470 server here so that PXE booting guests can find it. If you do not set
471 this correctly, this will be manifested in TFTP open timeouts.
472
473 default: 127.0.0.1
474
475 nsupdate_enabled
476 This enables or disables the replacement (or removal) of records in the
477 DNS zone for systems created (or removed) by Cobbler.
478
479 NOTE:
480 There are additional settings needed when enabling this. Due to the
481 limited number of resources, this won't be done until 3.3.0. Thus
482 please expect to run into troubles when enabling this setting.
483
484 default: False
485
486 nsupdate_log
487 The logfile to document what records are added or removed in the DNS
488 zone for systems.
489
490 NOTE:
491 The functionality this settings is related to is currently not
492 tested due to tech-debt. Please use it with caution. This note will
493 be removed once we were able to look deeper into this functionality
494 of Cobbler.
495
496 • Required: No
497
498 • Default: /var/log/cobbler/nsupdate.log
499
500 nsupdate_tsig_algorithm
501 NOTE:
502 The functionality this settings is related to is currently not
503 tested due to tech-debt. Please use it with caution. This note will
504 be removed once we were able to look deeper into this functionality
505 of Cobbler.
506
507 • Required: No
508
509 • Default: hmac-sha512
510
511 nsupdate_tsig_key
512 NOTE:
513 The functionality this settings is related to is currently not
514 tested due to tech-debt. Please use it with caution. This note will
515 be removed once we were able to look deeper into this functionality
516 of Cobbler.
517
518 • Required: No
519
520 • Default: []
521
522 power_management_default_type
523 Settings for power management features. These settings are optional.
524 See power-management to learn more.
525
526 Choices (refer to the fence-agents project for a complete list):
527
528 • apc_snmp
529
530 • bladecenter
531
532 • bullpap
533
534 • drac
535
536 • ether_wake
537
538 • ilo
539
540 • integrity
541
542 • ipmilan
543
544 • ipmilanplus
545
546 • lpar
547
548 • rsa
549
550 • virsh
551
552 • wti
553
554 default: ipmilanplus
555
556 proxy_url_ext
557 External proxy which is used by the following commands: get-loaders,
558 reposync, signature update
559
560 defaults:
561
562 http: http://192.168.1.1:8080
563 https: https://192.168.1.1:8443
564
565 proxy_url_int
566 Internal proxy which is used by systems to reach Cobbler for kick‐
567 starts.
568
569 e.g.: proxy_url_int: http://10.0.0.1:8080
570
571 default: ""
572
573 puppet_auto_setup
574 If enabled, this setting ensures that puppet is installed during ma‐
575 chine provision, a client certificate is generated and a certificate
576 signing request is made with the puppet master server.
577
578 default: False
579
580 puppet_parameterized_classes
581 Choose whether to enable puppet parameterized classes or not. Puppet
582 versions prior to 2.6.5 do not support parameters.
583
584 default: True
585
586 puppet_server
587 Choose a --server argument when running puppetd/puppet agent during au‐
588 toinstall.
589
590 default: 'puppet'
591
592 puppet_version
593 Let Cobbler know that you're using a newer version of puppet. Choose
594 version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'.
595
596 default: 2
597
598 puppetca_path
599 Location of the puppet executable, used for revoking certificates.
600
601 default: "/usr/bin/puppet"
602
603 pxe_just_once
604 If this setting is set to True, Cobbler systems that pxe boot will re‐
605 quest at the end of their installation to toggle the --netboot-enabled
606 record in the Cobbler system record. This eliminates the potential for
607 a PXE boot loop if the system is set to PXE first in it's BIOS order.
608 Enable this if PXE is first in your BIOS boot order, otherwise leave
609 this disabled. See the manpage for --netboot-enabled.
610
611 default: True
612
613 nopxe_with_triggers
614 If this setting is set to True, triggers will be executed when systems
615 will request to toggle the --netboot-enabled record at the end of their
616 installation.
617
618 default: True
619
620 redhat_management_permissive
621 If using authn_spacewalk in modules.conf to let Cobbler authenticate
622 against Satellite/Spacewalk's auth system, by default it will not allow
623 per user access into Cobbler Web and Cobbler XML-RPC. In order to per‐
624 mit this, the following setting must be enabled HOWEVER doing so will
625 permit all Spacewalk/Satellite users of certain types to edit all of
626 Cobbler's configuration. these roles are: config_admin and org_admin.
627 Users should turn this on only if they want this behavior and do not
628 have a cross-multi-org separation concern. If you have a single org in
629 your satellite, it's probably safe to turn this on and then you can use
630 CobblerWeb alongside a Satellite install.
631
632 default: False
633
634 redhat_management_server
635 This setting is only used by the code that supports using Uyuni/SUSE
636 Manager/Spacewalk/Satellite authentication within Cobbler Web and Cob‐
637 bler XML-RPC.
638
639 default: "xmlrpc.rhn.redhat.com"
640
641 redhat_management_key
642 Specify the default Red Hat authorization key to use to register sys‐
643 tem. If left blank, no registration will be attempted. Similarly you
644 can set the --redhat-management-key to blank on any system to keep it
645 from trying to register.
646
647 default: ""
648
649 register_new_installs
650 If set to True, allows /usr/bin/cobbler-register (part of the Koan
651 package) to be used to remotely add new Cobbler system records to Cob‐
652 bler. This effectively allows for registration of new hardware from
653 system records.
654
655 default: False
656
657 remove_old_puppet_certs_automatically
658 When a puppet managed machine is reinstalled it is necessary to remove
659 the puppet certificate from the puppet master server before a new cer‐
660 tificate is signed (see above). Enabling the following feature will en‐
661 sure that the certificate for the machine to be installed is removed
662 from the puppet master server if the puppet master server is running on
663 the same machine as Cobbler. This requires puppet_auto_setup above to
664 be enabled
665
666 default: False
667
668 replicate_repo_rsync_options
669 Replication rsync options for repos set to override default value of
670 -avzH.
671
672 default: "-avzH"
673
674 replicate_rsync_options
675 replication rsync options for distros, autoinstalls, snippets set to
676 override default value of -avzH.
677
678 default: "-avzH"
679
680 reposync_flags
681 Flags to use for yum's reposync. If your version of yum reposync does
682 not support -l, you may need to remove that option.
683
684 default: "-l -n -d"
685
686 reposync_rsync_flags
687 Flags to use for rysync's reposync. If archive mode (-a,--archive) is
688 used then createrepo is not ran after the rsync as it pulls down the
689 repodata as well. This allows older OS's to mirror modular repos using
690 rsync.
691
692 default: "-rltDv --copy-unsafe-links"
693
694 restart_*
695 When DHCP and DNS management are enabled, cobbler sync can automati‐
696 cally restart those services to apply changes. The exception for this
697 is if using ISC for DHCP, then OMAPI eliminates the need for a restart.
698 omapi, however, is experimental and not recommended for most configura‐
699 tions. If DHCP and DNS are going to be managed, but hosted on a box
700 that is not on this server, disable restarts here and write some other
701 script to ensure that the config files get copied/rsynced to the desti‐
702 nation box. This can be done by modifying the restart services trigger.
703 Note that if manage_dhcp and manage_dns are disabled, the respective
704 parameter will have no effect. Most users should not need to change
705 this.
706
707 defaults:
708
709 restart_dns: true
710 restart_dhcp: true
711
712 run_install_triggers
713 Install triggers are scripts in /var/lib/cobbler/triggers/install that
714 are triggered in autoinstall pre and post sections. Any executable
715 script in those directories is run. They can be used to send email or
716 perform other actions. They are currently run as root so if you do not
717 need this functionality you can disable it, though this will also dis‐
718 able cobbler status which uses a logging trigger to audit install
719 progress.
720
721 default: true
722
723 scm_track_*
724 enables a trigger which version controls all changes to /var/lib/cob‐
725 bler when add, edit, or sync events are performed. This can be used to
726 revert to previous database versions, generate RSS feeds, or for other
727 auditing or backup purposes. Git and Mercurial are currently supported,
728 but Git is the recommend SCM for use with this feature.
729
730 default:
731
732 scm_track_enabled: false
733 scm_track_mode: "git"
734 scm_track_author: "cobbler <cobbler@localhost>"
735 scm_push_script: "/bin/true"
736
737 serializer_pretty_json
738 Sort and indent JSON output to make it more human-readable.
739
740 default: False
741
742 server
743 This is the address of the Cobbler server -- as it is used by systems
744 during the install process, it must be the address or hostname of the
745 system as those systems can see the server. if you have a server that
746 appears differently to different subnets (dual homed, etc), you need to
747 read the --server-override section of the manpage for how that works.
748
749 default: 127.0.0.1
750
751 sign_puppet_certs_automatically
752 When puppet starts on a system after installation it needs to have its
753 certificate signed by the puppet master server. Enabling the following
754 feature will ensure that the puppet server signs the certificate after
755 installation if the puppet master server is running on the same machine
756 as Cobbler. This requires puppet_auto_setup above to be enabled.
757
758 default: false
759
760 signature_path
761 The cobbler import workflow is powered by this file. Its location can
762 be set with this config option.
763
764 default: /var/lib/cobbler/distro_signatures.json
765
766 signature_url
767 Updates to the signatures may happen more often then we have releases.
768 To enable you to import new version we provide the most up to date sig‐
769 natures we offer on this like. You may host this file for yourself and
770 adjust it for your needs.
771
772 default: https://cobbler.github.io/signatures/3.0.x/latest.json
773
774 tftpboot_location
775 This variable contains the location of the tftpboot directory. If this
776 directory is not present Cobbler does not start.
777
778 Default: /srv/tftpboot
779
780 virt_auto_boot
781 Should new profiles for virtual machines default to auto booting with
782 the physical host when the physical host reboots? This can be overrid‐
783 den on each profile or system object.
784
785 default: true
786
787 webdir
788 Cobbler's web directory. Don't change this setting -- see the Wiki on
789 "relocating your Cobbler install" if your /var partition is not large
790 enough.
791
792 default: @@webroot@@/cobbler
793
794 webdir_whitelist
795 Directories that will not get wiped and recreated on a cobbler sync.
796
797 default:
798
799 webdir_whitelist:
800 - misc
801 - web
802 - webui
803 - localmirror
804 - repo_mirror
805 - distro_mirror
806 - images
807 - links
808 - pub
809 - repo_profile
810 - repo_system
811 - svc
812 - rendered
813 - .link_cache
814
815 xmlrpc_port
816 Cobbler's public XML-RPC listens on this port. Change this only if ab‐
817 solutely needed, as you'll have to start supplying a new port option to
818 Koan if it is not the default.
819
820 default: 25151
821
822 yum_distro_priority
823 The default yum priority for all the distros. This is only used if
824 yum-priorities plugin is used. 1 is the maximum value. Tweak with cau‐
825 tion.
826
827 default: true
828
829 yum_post_install_mirror
830 cobbler repo add commands set Cobbler up with repository information
831 that can be used during autoinstall and is automatically set up in the
832 Cobbler autoinstall templates. By default, these are only available at
833 install time. To make these repositories usable on installed systems
834 (since Cobbler makes a very convenient mirror) set this to True. Most
835 users can safely set this to True. Users who have a dual homed Cobbler
836 server, or are installing laptops that will not always have access to
837 the Cobbler server may wish to leave this as False. In that case, the
838 Cobbler mirrored yum repos are still accessible at http://cobbler.exam‐
839 ple.org/cblr/repo_mirror and YUM configuration can still be done manu‐
840 ally. This is just a shortcut.
841
842 default: True
843
844 yumdownloader_flags
845 Flags to use for yumdownloader. Not all versions may support --resolve.
846
847 default: "--resolve"
848
850 If you have own custom modules which are not shipped with Cobbler di‐
851 rectly you may have additional sections here.
852
853 authentication
854 What users can log into the WebUI and Read-Write XML-RPC?
855
856 Choices:
857
858 • authn_denyall -- no one (default)
859
860 • authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
861
862 • authn_passthru -- ask Apache to handle it (used for kerberos)
863
864 • authn_ldap -- authenticate against LDAP
865
866 • authn_spacewalk -- ask Spacewalk/Satellite (experimental)
867
868 • authn_pam -- use PAM facilities
869
870 • authn_testing -- username/password is always testing/testing (de‐
871 bug)
872
873 • (user supplied) -- you may write your own module
874
875 WARNING: this is a security setting, do not choose an option blindly.
876
877 For more information:
878
879 • web-interface
880
881 • https://cobbler.readthedocs.io/en/release28/5_web-interface/security_overview.html
882
883 • https://cobbler.readthedocs.io/en/release28/5_web-interface/web_authentication.html#defer-to-apache-kerberos
884
885 • https://cobbler.readthedocs.io/en/release28/5_web-interface/web_authentication.html#ldap
886
887 default: authn_configfile
888
889 authorization
890 Once a user has been cleared by the WebUI/XML-RPC, what can they do?
891
892 Choices:
893
894 • authz_allowall -- full access for all authenticated users (default)
895
896 • authz_ownership -- use users.conf, but add object ownership seman‐
897 tics
898
899 • (user supplied) -- you may write your own module
900
901 WARNING: this is a security setting, do not choose an option blindly.
902 If you want to further restrict Cobbler with ACLs for various groups,
903 pick authz_ownership. authz_allowall does not support ACLs. Configura‐
904 tion file does but does not support object ownership which is useful as
905 an additional layer of control.
906
907 For more information:
908
909 • web-interface
910
911 • https://cobbler.readthedocs.io/en/release28/5_web-interface/security_overview.html
912
913 • https://cobbler.readthedocs.io/en/release28/5_web-interface/web_authentication.html
914
915 default: authz_allowall
916
917 dns
918 Chooses the DNS management engine if manage_dns is enabled in /etc/cob‐
919 bler/settings.yaml, which is off by default.
920
921 Choices:
922
923 • manage_bind -- default, uses BIND/named
924
925 • manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for DHCP be‐
926 low
927
928 • manage_ndjbdns -- uses ndjbdns
929
930 NOTE: More configuration is still required in /etc/cobbler
931
932 For more information see dns-management.
933
934 default: manage_bind
935
936 dhcp
937 Chooses the DHCP management engine if manage_dhcp is enabled in
938 /etc/cobbler/settings.yaml, which is off by default.
939
940 Choices:
941
942 • manage_isc -- default, uses ISC dhcpd
943
944 • manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for DNS
945 above
946
947 NOTE: More configuration is still required in /etc/cobbler
948
949 For more information see dhcp-management.
950
951 default: manage_isc
952
953 tftpd
954 Chooses the TFTP management engine if manage_tftpd is enabled in
955 /etc/cobbler/settings.yaml, which is on by default.
956
957 Choices:
958
959 • manage_in_tftpd -- default, uses the system's TFTP server
960
961 • manage_tftpd_py -- uses Cobbler's TFTP server
962
963 default: manage_in_tftpd
964
966 Enno Gotthold
967
969 2021, Enno Gotthold
970
971
972
973
9743.2 Sep 23, 2021 COBBLER.CONF(5)