1COBBLER.CONF(5) Cobbler COBBLER.CONF(5)
2
6 cobbler.conf - Cobbler Configuration File Documentation
7 There are two main settings files which are located per default at
9 /etc/cobbler/:
10 • The file settings.yaml is following YAML specification.
12 • The file modules.conf is following INI specification.
14 NOTE:
16 Since we are cleaning a lot of tech-debt this may change over time.
17 We are trying to find the balance which format is the best for us to
18 handle in the code and the best for admins to handle in the config
19 files.
20 WARNING:
22 If you are using allow_dynamic_settings or auto_migrate_settings,
23 then the comments in the YAML file will vanish after the first
24 change due to the fact that PyYAML doesn't support comments (Source)
25 There are additional configuration file locations which need to follow
27 the YAML Syntax. These are loaded from the include directory in the
28 settings.yaml file. Any key specified in one of these files overwrites
29 values from the main file.
30 WARNING:
32 When using allow_dynamic_settings the values are only persisted in
33 the file settings.yaml. This may lead to a non expected behaviour
34 after cobblerd restarts. This is a known issue.
35
37 Starting with 3.3.3
38 • default_virt_file_size is now a float as intended.
39 • We added the proxies key for first-level Uyuni & SUSE Manager sup‐
41 port. It is optional, so you can ignore it if you don't run one of
42 the two solutions or a derivative of it.
43 Starting with 3.3.2
45 • After community feedback we changed the default of the auto-migration
46 to be disabled. It can be re-enabled via the already known methods
47 cobbler-settings-Tool, the settings file key auto_migrate_settings
48 and the Daemon flag. We have decided to not change the flag for ex‐
49 isting installations.
50 Starting with 3.3.1
52 • There is a new setting bootloaders_shim_location. For details please
53 refer to the appropriate section below.
54 Starting with 3.3.0
56 • The setting enable_gpxe was replaced with enable_ipxe.
57 • The settings.d directory (/etc/cobbler/settings.d/) was deprecated
59 and will be removed in the future.
60 • There is a new CLI tool called cobbler-settings which can be used to
62 validate and migrate settings files from differente versions and to
63 modify keys in the current settings file. Have a look at the migra‐
64 tion matrix in the next paragraph to see the supported migration
65 paths. Furthermore the auto migration feature can be enabled or dis‐
66 abled.
67 • A new settings auto migration feature was implemented which automati‐
69 cally updates the settings when installing a new version. A backup of
70 the old settings file will be created in the same folder beforehand.
71 Starting with 3.2.1
73 • We require the extension .yaml on our settings file to indicate the
74 format of the file to editors and comply to standards of the YAML
75 specification.
76 • We require the usage of booleans in the format of True and False. If
78 you have old integer style booleans with 1 and 0 this is fine but you
79 may should convert them as soon as possible. We may decide in a fu‐
80 ture version to enforce our new way in a stricter manner. Automatic
81 conversion is only done on a best-effort/available-resources basis.
82 • We enforce the types of values to the keys. Additional unexpected
84 keys will throw errors. If you have those used in Cobbler please re‐
85 port this in our issue tracker. We have decided to go this way to be
86 able to rely on the existence of the values. This gives us the free‐
87 dom to write fewer access checks to the settings without losing sta‐
88 bility.
89
91┌────────┬────────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┐
92│To/From │ <2.8.5 │ 2.8.5 │ 3.0.0 │ 3.0.1 │ 3.1.0 │ 3.1.1 │ 3.1.2 │ 3.2.0 │ 3.2.1 │ 3.3.0 │ 3.3.1 │ 3.3.2 │ 3.3.3 │
93├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
94│2.8.5 │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
95├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
96│3.0.0 │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
97├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
98│3.0.1 │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
99├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
100│3.1.0 │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
101├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
102│3.1.1 │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
103├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
104│3.1.2 │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │
105├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
106│3.2.0 │ x │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │
107├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
108│3.2.1 │ x │ x │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │
109├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
110│3.3.0 │ x │ x │ x │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │
111├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
112│3.3.1 │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │
113├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
114│3.3.2 │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ o │ -- │
115├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
116│3.3.3 │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ o │
117├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
118│main │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
119└────────┴────────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┘
120 Legend: x: supported, o: same version, -: not supported
122 NOTE:
124 Downgrades are not supported!
125
127 auto_migrate_settings
128 If True Cobbler will auto migrate the settings file after upgrading
129 from older versions. The current settings are backed up in the same
130 folder before the upgrade.
131 default: True
133 allow_duplicate_hostnames
135 If True, Cobbler will allow insertions of system records that duplicate
136 the --dns-name information of other system records. In general, this is
137 undesirable and should be left False.
138 default: False
140 allow_duplicate_ips
142 If True, Cobbler will allow insertions of system records that duplicate
143 the IP address information of other system records. In general, this is
144 undesirable and should be left False.
145 default: False
147 allow_duplicate_macs
149 If True, Cobbler will allow insertions of system records that duplicate
150 the mac address information of other system records. In general, this
151 is undesirable.
152 default: False
154 allow_dynamic_settings
156 If True, Cobbler will allow settings to be changed dynamically without
157 a restart of the cobblerd daemon. You can only change this variable by
158 manually editing the settings file, and you MUST restart cobblerd after
159 changing it.
160 default: False
162 always_write_dhcp_entries
164 Always write DHCP entries, regardless if netboot is enabled.
165 default: False
167 anamon_enabled
169 By default, installs are not set to send installation logs to the Cob‐
170 bler server. With anamon_enabled, automatic installation templates may
171 use the pre_anamon snippet to allow remote live monitoring of their in‐
172 stallations from the Cobbler server. Installation logs will be stored
173 under /var/log/cobbler/anamon/.
174 NOTE:
176 This does allow an XML-RPC call to send logs to this directory,
177 without authentication, so enable only if you are ok with this limi‐
178 tation.
179 default: False
181 auth_token_expiration
183 How long the authentication token is valid for, in seconds.
184 default: 3600
186 authn_pam_service
188 If using authn_pam in the modules.conf, this can be configured to
189 change the PAM service authentication will be tested against.
190 default: "login"
192 autoinstall
194 If no autoinstall template is specified to profile add, use this tem‐
195 plate.
196 default: default.ks
198 autoinstall_snippets_dir
200 This is a directory of files that Cobbler uses to make templating eas‐
201 ier. See the Wiki for more information. Changing this directory should
202 not be required.
203 default: /var/lib/cobbler/snippets
205 autoinstall_templates_dir
207 This is a directory of files that Cobbler uses to make templating eas‐
208 ier. See the Wiki for more information. Changing this directory should
209 not be required.
210 default: /var/lib/cobbler/templates
212 bind_chroot_path
214 Set to path of bind chroot to create bind-chroot compatible bind con‐
215 figuration files.
216 default: ""
218 bind_master
220 Set to the ip address of the master bind DNS server for creating sec‐
221 ondary bind configuration files.
222 default: 127.0.0.1
224 bind_zonefile_path
226 Set to path where zonefiles of bind/named server are located.
227 default: "@@bind_zonefiles@@"
229 boot_loader_conf_template_dir
231 Location of templates used for boot loader config generation.
232 default: "/etc/cobbler/boot_loader_conf"
234 bootloaders_dir
236 TODO
237 bootloaders_shim_folder
239 This Python Glob will be responsible for finding the installed shim
240 folder. If you haven't have shim installed this bootloader link will be
241 skipped. If the Glob is not precise enough a message will be logged and
242 the link will also be skipped.
243 default: Depending on your distro. See values below.
245 • (open)SUSE: "/usr/share/efi/*/"
247 • Debian/Ubuntu: "/usr/lib/shim/"
249 • CentOS/Fedora: "/boot/efi/EFI/*/"
251 bootloaders_shim_file
253 This is a Python Regex which is responsible to find exactly a single
254 match in all files found by the Python Glob in bootloaders_shim_folder.
255 If more or fewer files are found a message will be logged.
256 default: Depending on your distro. See values below.
258 • (open)SUSE: "shim\.efi"
260 • Debian/Ubuntu: "shim*.efi.signed"
262 • CentOS/Fedora: "shim*.efi"
264 grub2_mod_dir
266 TODO
267 syslinux_dir
269 TODO
270 bootloaders_modules
272 TODO
273 bootloaders_formats
275 grubconfig_dir
276 The location where Cobbler searches for GRUB configuration files.
277 default: /var/lib/cobbler/grub_config
279 build_reporting_*
281 Email out a report when Cobbler finishes installing a system.
282 • enabled: Set to true to turn this feature on
284 • email: Which addresses to email
286 • ignorelist: TODO
288 • sender: Optional
290 • smtp_server: Used to specify another server for an MTA.
292 • subject: Use the default subject unless overridden.
294 defaults:
296 build_reporting_enabled: false
298 build_reporting_sender: ""
299 build_reporting_email: [ 'root@localhost' ]
300 build_reporting_smtp_server: "localhost"
301 build_reporting_subject: ""
302 build_reporting_ignorelist: [ "" ]
303 buildisodir
305 Used for caching the intermediate files for ISO-Building. You may want
306 to use a SSD, a tmpfs or something which does not persist across re‐
307 boots and can be easily thrown away but is also fast.
308 default: /var/cache/cobbler/buildiso
310 cheetah_import_whitelist
312 Cheetah-language autoinstall templates can import Python modules. while
313 this is a useful feature, it is not safe to allow them to import any‐
314 thing they want. This whitelists which modules can be imported through
315 Cheetah. Users can expand this as needed but should never allow modules
316 such as subprocess or those that allow access to the filesystem as
317 Cheetah templates are evaluated by cobblerd as code.
318 default:
320 • random
322 • re
324 • time
326 • netaddr
328 client_use_https
330 If set to True, all commands to the API (not directly to the XML-RPC
331 server) will go over HTTPS instead of plain text. Be sure to change the
332 http_port setting to the correct value for the web server.
333 default: False
335 client_use_localhost
337 If set to True, all commands will be forced to use the localhost ad‐
338 dress instead of using the above value which can force commands like
339 cobbler sync to open a connection to a remote address if one is in the
340 configuration and would traceback.
341 default: False
343 cobbler_master
345 Used for replicating the Cobbler instance.
346 default: ""
348 convert_server_to_ip
350 Convert hostnames to IP addresses (where possible) so DNS isn't a re‐
351 quirement for various tasks to work correctly.
352 default: False
354 createrepo_flags
356 Default createrepo_flags to use for new repositories.
357 default: "-c cache -s sha"
359 default_name_*
361 Configure all installed systems to use these name servers by default
362 unless defined differently in the profile. For DHCP configurations you
363 probably do not want to supply this.
364 defaults:
366 default_name_servers: []
368 default_name_servers_search: []
369 default_ownership
371 if using the authz_ownership module, objects created without specifying
372 an owner are assigned to this owner and/or group.
373 default:
375 • admin
377 default_password_crypted
379 Cobbler has various sample automatic installation templates stored in
380 /var/lib/cobbler/templates/. This controls what install (root) password
381 is set up for those systems that reference this variable. The factory
382 default is "cobbler" and Cobbler check will warn if this is not
383 changed. The simplest way to change the password is to run openssl
384 passwd -1 and put the output between the "".
385 default: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
387 default_template_type
389 The default template type to use in the absence of any other detected
390 template. If you do not specify the template with #template=<tem‐
391 plate_type> on the first line of your templates/snippets, Cobbler will
392 assume try to use the following template engine to parse the templates.
393 NOTE:
395 Over time we will try to deprecate and remove Cheetah3 as a template
396 engine. It is hard to package and there are fewer guides then with
397 Jinja2. Making the templating independent of the engine is a task
398 which complicates the code. Thus, please try to use Jinja2. We will
399 try to support a seamless transition on a best-effort basis.
400 Current valid values are: cheetah, jinja2
402 default: "cheetah"
404 default_virt_bridge
406 For libvirt based installs in Koan, if no virt-bridge is specified,
407 which bridge do we try? For EL 4/5 hosts this should be xenbr0, for all
408 versions of Fedora, try virbr0. This can be overridden on a per-profile
409 basis or at the Koan command line though this saves typing to just set
410 it here to the most common option.
411 default: xenbr0
413 default_virt_disk_driver
415 The on-disk format for the virtualization disk.
416 default: raw
418 default_virt_file_size
420 Use this as the default disk size for virt guests (GB).
421 default: 5.0
423 default_virt_ram
425 Use this as the default memory size for virt guests (MB).
426 default: 512
428 default_virt_type
430 If Koan is invoked without --virt-type and no virt-type is set on the
431 profile/system, what virtualization type should be assumed?
432 Current valid values are:
434 • xenpv
436 • xenfv
438 • qemu
440 • vmware
442 NOTE: this does not change what virt_type is chosen by import.
444 default: xenpv
446 enable_ipxe
448 Enable iPXE booting? Enabling this option will cause Cobbler to copy
449 the undionly.kpxe file to the TFTP root directory, and if a pro‐
450 file/system is configured to boot via iPXE it will chain load off px‐
451 elinux.0.
452 default: False
454 enable_menu
456 Controls whether Cobbler will add each new profile entry to the default
457 PXE boot menu. This can be over-ridden on a per-profile basis when
458 adding/editing profiles with --enable-menu=False/True. Users should or‐
459 dinarily leave this setting enabled unless they are concerned with ac‐
460 cidental reinstall from users who select an entry at the PXE boot menu.
461 Adding a password to the boot menus templates may also be a good solu‐
462 tion to prevent unwanted reinstallations.
463 default: True
465 http_port
467 Change this port if Apache is not running plain text on port 80. Most
468 people can leave this alone.
469 default: 80
471 include
473 Include other configuration snippets with this regular expression. This
474 is a list of folders.
475 default: [ "/etc/cobbler/settings.d/*.settings" ]
477 NOTE:
479 Will be deprecated in future releases.
480 iso_template_dir
482 Folder to search for the ISO templates. These will build the boot-menu
483 of the built ISO.
484 default: /etc/cobbler/iso
486 jinja2_includedir
488 This is a directory of files that Cobbler uses to include files into
489 Jinja2 templates. Per default this settings is commented out.
490 default: /var/lib/cobbler/jinja2
492 kernel_options
494 Kernel options that should be present in every Cobbler installation.
495 Kernel options can also be applied at the distro/profile/system level.
496 default: {}
498 ldap_*
500 Configuration options if using the authn_ldap module. See the Wiki for
501 details. This can be ignored if you are not using LDAP for We‐
502 bUI/XML-RPC authentication.
503 defaults:
505 ldap_server: "ldap.example.com"
507 ldap_base_dn: "DC=example,DC=com"
508 ldap_port: 389
509 ldap_tls: true
510 ldap_anonymous_bind: true
511 ldap_search_bind_dn: ''
512 ldap_search_passwd: ''
513 ldap_search_prefix: 'uid='
514 ldap_tls_cacertdir: ''
515 ldap_tls_cacertfile: ''
516 ldap_tls_certfile: ''
517 ldap_tls_keyfile: ''
518 ldap_tls_reqcert: 'hard'
519 ldap_tls_cipher_suite: ''
520 bind_manage_ipmi
522 When using the Bind9 DNS server, you can enable or disable if the BMCs
523 should receive own DNS entries.
524 default: False
526 manage_dhcp
528 Set to True to enable Cobbler's DHCP management features. The choice of
529 DHCP management engine is in /etc/cobbler/modules.conf.
530 default: True
532 manage_dhcp_v4
534 Set to true to enable DHCP IPv6 address configuration generation. This
535 currently only works with manager.isc DHCP module (isc dhcpd6 daemon).
536 See /etc/cobbler/modules.conf whether this isc module is chosen for
537 dhcp generation.
538 default: False
540 manage_dhcp_v6
542 Set to true to enable DHCP IPv6 address configuration generation. This
543 currently only works with manager.isc DHCP module (isc dhcpd6 daemon).
544 See /etc/cobbler/modules.conf whether this isc module is chosen for
545 dhcp generation.
546 default: False
548 manage_dns
550 Set to True to enable Cobbler's DNS management features. The choice of
551 DNS management engine is in /etc/cobbler/modules.conf.
552 default: False
554 manage_*_zones
556 If using BIND (named) for DNS management in /etc/cobbler/modules.conf
557 and manage_dns is enabled (above), this lists which zones are managed.
558 See DNS configuration management for more information.
559 defaults:
561 manage_forward_zones: []
563 manage_reverse_zones: []
564 manage_genders
566 Whether or not to manage the genders file. For more information on that
567 visit: github.com/chaos/genders
568 default: False
570 manage_rsync
572 Set to True to enable Cobbler's RSYNC management features.
573 default: False
575 manage_tftpd
577 Set to True to enable Cobbler's TFTP management features. The choice of
578 TFTP management engine is in /etc/cobbler/modules.conf.
579 default: True
581 mgmt_*
583 Cobbler has a feature that allows for integration with config manage‐
584 ment systems such as Puppet. The following parameters work in conjunc‐
585 tion with --mgmt-classes and are described in further detail at
586 Configuration Management Integrations.
587 mgmt_classes: []
589 mgmt_parameters:
590 from_cobbler: true
591 next_server_v4
593 If using Cobbler with manage_dhcp_v4, put the IP address of the Cobbler
594 server here so that PXE booting guests can find it. If you do not set
595 this correctly, this will be manifested in TFTP open timeouts.
596 default: 127.0.0.1
598 next_server_v6
600 If using Cobbler with manage_dhcp_v6, put the IP address of the Cobbler
601 server here so that PXE booting guests can find it. If you do not set
602 this correctly, this will be manifested in TFTP open timeouts.
603 default: ::1
605 nsupdate_enabled
607 This enables or disables the replacement (or removal) of records in the
608 DNS zone for systems created (or removed) by Cobbler.
609 NOTE:
611 There are additional settings needed when enabling this. Due to the
612 limited number of resources, this won't be done until 3.3.0. Thus
613 please expect to run into troubles when enabling this setting.
614 default: False
616 nsupdate_log
618 The logfile to document what records are added or removed in the DNS
619 zone for systems.
620 NOTE:
622 The functionality this settings is related to is currently not
623 tested due to tech-debt. Please use it with caution. This note will
624 be removed once we were able to look deeper into this functionality
625 of Cobbler.
626 • Required: No
628 • Default: /var/log/cobbler/nsupdate.log
630 nsupdate_tsig_algorithm
632 NOTE:
633 The functionality this settings is related to is currently not
634 tested due to tech-debt. Please use it with caution. This note will
635 be removed once we were able to look deeper into this functionality
636 of Cobbler.
637 • Required: No
639 • Default: hmac-sha512
641 nsupdate_tsig_key
643 NOTE:
644 The functionality this settings is related to is currently not
645 tested due to tech-debt. Please use it with caution. This note will
646 be removed once we were able to look deeper into this functionality
647 of Cobbler.
648 • Required: No
650 • Default: []
652 power_management_default_type
654 Settings for power management features. These settings are optional.
655 See Power Management to learn more.
656 Choices (refer to the fence-agents project for a complete list):
658 • apc_snmp
660 • bladecenter
662 • bullpap
664 • drac
666 • ether_wake
668 • ilo
670 • integrity
672 • ipmilan
674 • ipmilanplus
676 • lpar
678 • rsa
680 • virsh
682 • wti
684 default: ipmilanplus
686 proxies
688 This key is used by Uyuni (or one of its derivatives) for the Proxy
689 scenario. More information can be found here
690 Cobbler only evaluates this if the key has a list of strings as value.
692 An empty list means you don't have any proxies configured in your Uyuni
693 setup.
694 default: []
696 proxy_url_ext
698 External proxy which is used by the following commands: reposync, sig‐
699 nature update
700 defaults:
702 http: http://192.168.1.1:8080
704 https: https://192.168.1.1:8443
705 proxy_url_int
707 Internal proxy which is used by systems to reach Cobbler for kick‐
708 starts.
709 e.g.: proxy_url_int: http://10.0.0.1:8080
711 default: ""
713 puppet_auto_setup
715 If enabled, this setting ensures that puppet is installed during ma‐
716 chine provision, a client certificate is generated and a certificate
717 signing request is made with the puppet master server.
718 default: False
720 puppet_parameterized_classes
722 Choose whether to enable puppet parameterized classes or not. Puppet
723 versions prior to 2.6.5 do not support parameters.
724 default: True
726 puppet_server
728 Choose a --server argument when running puppetd/puppet agent during au‐
729 toinstall.
730 default: 'puppet'
732 puppet_version
734 Let Cobbler know that you're using a newer version of puppet. Choose
735 version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'.
736 default: 2
738 puppetca_path
740 Location of the puppet executable, used for revoking certificates.
741 default: "/usr/bin/puppet"
743 pxe_just_once
745 If this setting is set to True, Cobbler systems that pxe boot will re‐
746 quest at the end of their installation to toggle the --netboot-enabled
747 record in the Cobbler system record. This eliminates the potential for
748 a PXE boot loop if the system is set to PXE first in it's BIOS order.
749 Enable this if PXE is first in your BIOS boot order, otherwise leave
750 this disabled. See the manpage for --netboot-enabled.
751 default: True
753 nopxe_with_triggers
755 If this setting is set to True, triggers will be executed when systems
756 will request to toggle the --netboot-enabled record at the end of their
757 installation.
758 default: True
760 redhat_management_permissive
762 If using authn_spacewalk in modules.conf to let Cobbler authenticate
763 against Satellite/Spacewalk's auth system, by default it will not allow
764 per user access into Cobbler Web and Cobbler XML-RPC. In order to per‐
765 mit this, the following setting must be enabled HOWEVER doing so will
766 permit all Spacewalk/Satellite users of certain types to edit all of
767 Cobbler's configuration. these roles are: config_admin and org_admin.
768 Users should turn this on only if they want this behavior and do not
769 have a cross-multi-org separation concern. If you have a single org in
770 your satellite, it's probably safe to turn this on and then you can use
771 CobblerWeb alongside a Satellite install.
772 default: False
774 redhat_management_server
776 This setting is only used by the code that supports using Uyuni/SUSE
777 Manager/Spacewalk/Satellite authentication within Cobbler Web and Cob‐
778 bler XML-RPC.
779 default: "xmlrpc.rhn.redhat.com"
781 redhat_management_key
783 Specify the default Red Hat authorization key to use to register sys‐
784 tem. If left blank, no registration will be attempted. Similarly you
785 can set the --redhat-management-key to blank on any system to keep it
786 from trying to register.
787 default: ""
789 register_new_installs
791 If set to True, allows /usr/bin/cobbler-register (part of the Koan
792 package) to be used to remotely add new Cobbler system records to Cob‐
793 bler. This effectively allows for registration of new hardware from
794 system records.
795 default: False
797 remove_old_puppet_certs_automatically
799 When a puppet managed machine is reinstalled it is necessary to remove
800 the puppet certificate from the puppet master server before a new cer‐
801 tificate is signed (see above). Enabling the following feature will en‐
802 sure that the certificate for the machine to be installed is removed
803 from the puppet master server if the puppet master server is running on
804 the same machine as Cobbler. This requires puppet_auto_setup above to
805 be enabled
806 default: False
808 replicate_repo_rsync_options
810 Replication rsync options for repos set to override default value of
811 -avzH.
812 default: "-avzH"
814 replicate_rsync_options
816 replication rsync options for distros, autoinstalls, snippets set to
817 override default value of -avzH.
818 default: "-avzH"
820 reposync_flags
822 Flags to use for yum's reposync. If your version of yum reposync does
823 not support -l, you may need to remove that option.
824 default: "-l -n -d"
826 reposync_rsync_flags
828 Flags to use for rysync's reposync. If archive mode (-a,--archive) is
829 used then createrepo is not ran after the rsync as it pulls down the
830 repodata as well. This allows older OS's to mirror modular repos using
831 rsync.
832 default: "-rltDv --copy-unsafe-links"
834 restart_*
836 When DHCP and DNS management are enabled, cobbler sync can automati‐
837 cally restart those services to apply changes. The exception for this
838 is if using ISC for DHCP, then OMAPI eliminates the need for a restart.
839 omapi, however, is experimental and not recommended for most configura‐
840 tions. If DHCP and DNS are going to be managed, but hosted on a box
841 that is not on this server, disable restarts here and write some other
842 script to ensure that the config files get copied/rsynced to the desti‐
843 nation box. This can be done by modifying the restart services trigger.
844 Note that if manage_dhcp and manage_dns are disabled, the respective
845 parameter will have no effect. Most users should not need to change
846 this.
847 defaults:
849 restart_dns: true
851 restart_dhcp: true
852 run_install_triggers
854 Install triggers are scripts in /var/lib/cobbler/triggers/install that
855 are triggered in autoinstall pre and post sections. Any executable
856 script in those directories is run. They can be used to send email or
857 perform other actions. They are currently run as root so if you do not
858 need this functionality you can disable it, though this will also dis‐
859 able cobbler status which uses a logging trigger to audit install
860 progress.
861 default: true
863 scm_track_*
865 enables a trigger which version controls all changes to /var/lib/cob‐
866 bler when add, edit, or sync events are performed. This can be used to
867 revert to previous database versions, generate RSS feeds, or for other
868 auditing or backup purposes. Git and Mercurial are currently supported,
869 but Git is the recommend SCM for use with this feature.
870 default:
872 scm_track_enabled: false
874 scm_track_mode: "git"
875 scm_track_author: "cobbler <cobbler@localhost>"
876 scm_push_script: "/bin/true"
877 serializer_pretty_json
879 Sort and indent JSON output to make it more human-readable.
880 default: False
882 server
884 This is the address of the Cobbler server -- as it is used by systems
885 during the install process, it must be the address or hostname of the
886 system as those systems can see the server. if you have a server that
887 appears differently to different subnets (dual homed, etc), you need to
888 read the --server-override section of the manpage for how that works.
889 default: 127.0.0.1
891 sign_puppet_certs_automatically
893 When puppet starts on a system after installation it needs to have its
894 certificate signed by the puppet master server. Enabling the following
895 feature will ensure that the puppet server signs the certificate after
896 installation if the puppet master server is running on the same machine
897 as Cobbler. This requires puppet_auto_setup above to be enabled.
898 default: false
900 signature_path
902 The cobbler import workflow is powered by this file. Its location can
903 be set with this config option.
904 default: /var/lib/cobbler/distro_signatures.json
906 signature_url
908 Updates to the signatures may happen more often then we have releases.
909 To enable you to import new version we provide the most up to date sig‐
910 natures we offer on this like. You may host this file for yourself and
911 adjust it for your needs.
912 default: https://cobbler.github.io/signatures/3.0.x/latest.json
914 tftpboot_location
916 This variable contains the location of the tftpboot directory. If this
917 directory is not present Cobbler does not start.
918 Default: /srv/tftpboot
920 virt_auto_boot
922 Should new profiles for virtual machines default to auto booting with
923 the physical host when the physical host reboots? This can be overrid‐
924 den on each profile or system object.
925 default: true
927 webdir
929 Cobbler's web directory. Don't change this setting -- see the Wiki on
930 "relocating your Cobbler install" if your /var partition is not large
931 enough.
932 default: @@webroot@@/cobbler
934 webdir_whitelist
936 Directories that will not get wiped and recreated on a cobbler sync.
937 default:
939 webdir_whitelist:
941 - misc
942 - web
943 - webui
944 - localmirror
945 - repo_mirror
946 - distro_mirror
947 - images
948 - links
949 - pub
950 - repo_profile
951 - repo_system
952 - svc
953 - rendered
954 - .link_cache
955 windows_enabled
957 Set to true to enable the generation of Windows boot files in Cobbler.
958 default: False
960 For more information see Automatic Windows installation with Cobbler.
962 windows_template_dir
964 Location of templates used for Windows.
965 default: /etc/cobbler/windows
967 For more information see Automatic Windows installation with Cobbler.
969 samba_distro_share
971 Samba share name for distros
972 default: DISTRO
974 For more information see Automatic Windows installation with Cobbler.
976 xmlrpc_port
978 Cobbler's public XML-RPC listens on this port. Change this only if ab‐
979 solutely needed, as you'll have to start supplying a new port option to
980 Koan if it is not the default.
981 default: 25151
983 yum_distro_priority
985 The default yum priority for all the distros. This is only used if
986 yum-priorities plugin is used. 1 is the maximum value. Tweak with cau‐
987 tion.
988 default: true
990 yum_post_install_mirror
992 cobbler repo add commands set Cobbler up with repository information
993 that can be used during autoinstall and is automatically set up in the
994 Cobbler autoinstall templates. By default, these are only available at
995 install time. To make these repositories usable on installed systems
996 (since Cobbler makes a very convenient mirror) set this to True. Most
997 users can safely set this to True. Users who have a dual homed Cobbler
998 server, or are installing laptops that will not always have access to
999 the Cobbler server may wish to leave this as False. In that case, the
1000 Cobbler mirrored yum repos are still accessible at http://cobbler.exam‐
1001 ple.org/cblr/repo_mirror and YUM configuration can still be done manu‐
1002 ally. This is just a shortcut.
1003 default: True
1005 yumdownloader_flags
1007 Flags to use for yumdownloader. Not all versions may support --resolve.
1008 default: "--resolve"
1010
1012 If you have own custom modules which are not shipped with Cobbler di‐
1013 rectly you may have additional sections here.
1014 authentication
1016 What users can log into Cobbler via the XML-RPC API or the HTTP-API?
1017 Choices:
1019 • authentication.denyall -- No one
1021 • authentication.configfile -- Use /etc/cobbler/users.digest (default)
1023 • authentication.passthru -- Ask Apache to handle it (used for ker‐
1025 beros)
1026 • authentication.ldap -- Authenticate against LDAP
1028 • authentication.spacewalk -- Ask Spacewalk/Satellite (experimental)
1030 • authentication.pam -- Use PAM facilities
1032 • (user supplied) -- You may write your own module
1034 NOTE:
1036 A new web interface is in the making. At the moment we do not have
1037 any documentation, yet.
1038 default: authentication.configfile
1040 Hash algorithms:
1042 This parameter has currently only a meaning when the option authentica‐
1044 tion.configfile is used. The parameter decides what hashfunction algo‐
1045 rithm is used for checking the passwords.
1046 Choices:
1048 • blake2b
1050 • blake2s
1052 • sha3_512
1054 • sha3_384
1056 • sha3_256
1058 • sha3_224
1060 • shake_128
1062 • shake_256
1064 default: sha3_512
1066 authorization
1068 Once a user has been cleared by the WebUI/XML-RPC, what can they do?
1069 Choices:
1071 • authorization.allowall -- full access for all authenticated users
1073 (default)
1074 • authorization.ownership -- use users.conf, but add object ownership
1076 semantics
1077 • (user supplied) -- you may write your own module
1079 WARNING:
1081 If you want to further restrict Cobbler with ACLs for various
1082 groups, pick authorization.ownership. authorization.allowall does
1083 not support ACLs. Configuration file does but does not support ob‐
1084 ject ownership which is useful as an additional layer of control.
1085 NOTE:
1087 A new web interface is in the making. At the moment we do not have
1088 any documentation, yet.
1089 default: authorization.allowall
1091 dns
1093 Chooses the DNS management engine if manage_dns is enabled in /etc/cob‐
1094 bler/settings.yaml, which is off by default.
1095 Choices:
1097 • managers.bind -- default, uses BIND/named
1099 • managers.dnsmasq -- uses dnsmasq, also must select dnsmasq for DHCP
1101 below
1102 • managers.ndjbdns -- uses ndjbdns
1104 NOTE:
1106 More configuration is still required in /etc/cobbler
1107 For more information see DNS configuration management.
1109 default: managers.bind
1111 dhcp
1113 Chooses the DHCP management engine if manage_dhcp is enabled in
1114 /etc/cobbler/settings.yaml, which is off by default.
1115 Choices:
1117 • managers.isc -- default, uses ISC dhcpd
1119 • managers.dnsmasq -- uses dnsmasq, also must select dnsmasq for DNS
1121 above
1122 NOTE:
1124 More configuration is still required in /etc/cobbler
1125 For more information see DHCP Management.
1127 default: managers.isc
1129 tftpd
1131 Chooses the TFTP management engine if manage_tftpd is enabled in
1132 /etc/cobbler/settings.yaml, which is on by default.
1133 Choices:
1135 • managers.in_tftpd -- default, uses the system's TFTP server
1137 default: managers.in_tftpd
1139
1141 Enno Gotthold
1142
1144 2022, Enno Gotthold
11453.3 Jul 20, 2022 COBBLER.CONF(5)