1COBBLER.CONF(5) Cobbler COBBLER.CONF(5)
2
3
4
6 cobbler.conf - Cobbler Configuration File Documentation
7
8 There are two main settings files which are located per default at
9 /etc/cobbler/:
10
11 • The file settings.yaml is following YAML specification.
12
13 • The file modules.conf is following INI specification.
14
15 NOTE:
16 Since we are cleaning a lot of tech-debt this may change over time.
17 We are trying to find the balance which format is the best for us to
18 handle in the code and the best for admins to handle in the config
19 files.
20
21 WARNING:
22 If you are using allow_dynamic_settings or auto_migrate_settings,
23 then the comments in the YAML file will vanish after the first
24 change due to the fact that PyYAML doesn't support comments (Source)
25
26 There are additional configuration file locations which need to follow
27 the YAML Syntax. These are loaded from the include directory in the
28 settings.yaml file. Any key specified in one of these files overwrites
29 values from the main file.
30
31 WARNING:
32 When using allow_dynamic_settings the values are only persisted in
33 the file settings.yaml. This may lead to a non expected behaviour
34 after cobblerd restarts. This is a known issue.
35
37 Starting with 3.3.3
38 • default_virt_file_size is now a float as intended.
39
40 • We added the proxies key for first-level Uyuni & SUSE Manager sup‐
41 port. It is optional, so you can ignore it if you don't run one of
42 the two solutions or a derivative of it.
43
44 Starting with 3.3.2
45 • After community feedback we changed the default of the auto-migration
46 to be disabled. It can be re-enabled via the already known methods
47 cobbler-settings-Tool, the settings file key auto_migrate_settings
48 and the Daemon flag. We have decided to not change the flag for ex‐
49 isting installations.
50
51 Starting with 3.3.1
52 • There is a new setting bootloaders_shim_location. For details please
53 refer to the appropriate section below.
54
55 Starting with 3.3.0
56 • The setting enable_gpxe was replaced with enable_ipxe.
57
58 • The settings.d directory (/etc/cobbler/settings.d/) was deprecated
59 and will be removed in the future.
60
61 • There is a new CLI tool called cobbler-settings which can be used to
62 validate and migrate settings files from differente versions and to
63 modify keys in the current settings file. Have a look at the migra‐
64 tion matrix in the next paragraph to see the supported migration
65 paths. Furthermore the auto migration feature can be enabled or dis‐
66 abled.
67
68 • A new settings auto migration feature was implemented which automati‐
69 cally updates the settings when installing a new version. A backup of
70 the old settings file will be created in the same folder beforehand.
71
72 Starting with 3.2.1
73 • We require the extension .yaml on our settings file to indicate the
74 format of the file to editors and comply to standards of the YAML
75 specification.
76
77 • We require the usage of booleans in the format of True and False. If
78 you have old integer style booleans with 1 and 0 this is fine but you
79 may should convert them as soon as possible. We may decide in a fu‐
80 ture version to enforce our new way in a stricter manner. Automatic
81 conversion is only done on a best-effort/available-resources basis.
82
83 • We enforce the types of values to the keys. Additional unexpected
84 keys will throw errors. If you have those used in Cobbler please re‐
85 port this in our issue tracker. We have decided to go this way to be
86 able to rely on the existence of the values. This gives us the free‐
87 dom to write fewer access checks to the settings without losing sta‐
88 bility.
89
91┌────────┬────────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┬───────┐
92│To/From │ <2.8.5 │ 2.8.5 │ 3.0.0 │ 3.0.1 │ 3.1.0 │ 3.1.1 │ 3.1.2 │ 3.2.0 │ 3.2.1 │ 3.3.0 │ 3.3.1 │ 3.3.2 │ 3.3.3 │
93├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
94│2.8.5 │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
95├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
96│3.0.0 │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
97├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
98│3.0.1 │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
99├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
100│3.1.0 │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
101├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
102│3.1.1 │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
103├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
104│3.1.2 │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │ -- │
105├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
106│3.2.0 │ x │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │ -- │
107├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
108│3.2.1 │ x │ x │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │ -- │
109├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
110│3.3.0 │ x │ x │ x │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │ -- │
111├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
112│3.3.1 │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ o │ -- │ -- │
113├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
114│3.3.2 │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ o │ -- │
115├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
116│3.3.3 │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ x │ o │
117├────────┼────────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┼───────┤
118│main │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │ -- │
119└────────┴────────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┴───────┘
120
121 Legend: x: supported, o: same version, -: not supported
122
123 NOTE:
124 Downgrades are not supported!
125
127 auto_migrate_settings
128 If True Cobbler will auto migrate the settings file after upgrading
129 from older versions. The current settings are backed up in the same
130 folder before the upgrade.
131
132 default: True
133
134 allow_duplicate_hostnames
135 If True, Cobbler will allow insertions of system records that duplicate
136 the --dns-name information of other system records. In general, this is
137 undesirable and should be left False.
138
139 default: False
140
141 allow_duplicate_ips
142 If True, Cobbler will allow insertions of system records that duplicate
143 the IP address information of other system records. In general, this is
144 undesirable and should be left False.
145
146 default: False
147
148 allow_duplicate_macs
149 If True, Cobbler will allow insertions of system records that duplicate
150 the mac address information of other system records. In general, this
151 is undesirable.
152
153 default: False
154
155 allow_dynamic_settings
156 If True, Cobbler will allow settings to be changed dynamically without
157 a restart of the cobblerd daemon. You can only change this variable by
158 manually editing the settings file, and you MUST restart cobblerd after
159 changing it.
160
161 default: False
162
163 always_write_dhcp_entries
164 Always write DHCP entries, regardless if netboot is enabled.
165
166 default: False
167
168 anamon_enabled
169 By default, installs are not set to send installation logs to the Cob‐
170 bler server. With anamon_enabled, automatic installation templates may
171 use the pre_anamon snippet to allow remote live monitoring of their in‐
172 stallations from the Cobbler server. Installation logs will be stored
173 under /var/log/cobbler/anamon/.
174
175 NOTE:
176 This does allow an XML-RPC call to send logs to this directory,
177 without authentication, so enable only if you are ok with this limi‐
178 tation.
179
180 default: False
181
182 auth_token_expiration
183 How long the authentication token is valid for, in seconds.
184
185 default: 3600
186
187 authn_pam_service
188 If using authn_pam in the modules.conf, this can be configured to
189 change the PAM service authentication will be tested against.
190
191 default: "login"
192
193 autoinstall
194 If no autoinstall template is specified to profile add, use this tem‐
195 plate.
196
197 default: default.ks
198
199 autoinstall_snippets_dir
200 This is a directory of files that Cobbler uses to make templating eas‐
201 ier. See the Wiki for more information. Changing this directory should
202 not be required.
203
204 default: /var/lib/cobbler/snippets
205
206 autoinstall_templates_dir
207 This is a directory of files that Cobbler uses to make templating eas‐
208 ier. See the Wiki for more information. Changing this directory should
209 not be required.
210
211 default: /var/lib/cobbler/templates
212
213 bind_chroot_path
214 Set to path of bind chroot to create bind-chroot compatible bind con‐
215 figuration files.
216
217 default: ""
218
219 bind_master
220 Set to the ip address of the master bind DNS server for creating sec‐
221 ondary bind configuration files.
222
223 default: 127.0.0.1
224
225 bind_zonefile_path
226 Set to path where zonefiles of bind/named server are located.
227
228 default: "@@bind_zonefiles@@"
229
230 boot_loader_conf_template_dir
231 Location of templates used for boot loader config generation.
232
233 default: "/etc/cobbler/boot_loader_conf"
234
235 bootloaders_dir
236 TODO
237
238 bootloaders_shim_folder
239 This Python Glob will be responsible for finding the installed shim
240 folder. If you haven't have shim installed this bootloader link will be
241 skipped. If the Glob is not precise enough a message will be logged and
242 the link will also be skipped.
243
244 default: Depending on your distro. See values below.
245
246 • (open)SUSE: "/usr/share/efi/*/"
247
248 • Debian/Ubuntu: "/usr/lib/shim/"
249
250 • CentOS/Fedora: "/boot/efi/EFI/*/"
251
252 bootloaders_shim_file
253 This is a Python Regex which is responsible to find exactly a single
254 match in all files found by the Python Glob in bootloaders_shim_folder.
255 If more or fewer files are found a message will be logged.
256
257 default: Depending on your distro. See values below.
258
259 • (open)SUSE: "shim\.efi"
260
261 • Debian/Ubuntu: "shim*.efi.signed"
262
263 • CentOS/Fedora: "shim*.efi"
264
265 grub2_mod_dir
266 TODO
267
268 syslinux_dir
269 TODO
270
271 bootloaders_modules
272 TODO
273
274 bootloaders_formats
275 grubconfig_dir
276 The location where Cobbler searches for GRUB configuration files.
277
278 default: /var/lib/cobbler/grub_config
279
280 build_reporting_*
281 Email out a report when Cobbler finishes installing a system.
282
283 • enabled: Set to true to turn this feature on
284
285 • email: Which addresses to email
286
287 • ignorelist: TODO
288
289 • sender: Optional
290
291 • smtp_server: Used to specify another server for an MTA.
292
293 • subject: Use the default subject unless overridden.
294
295 defaults:
296
297 build_reporting_enabled: false
298 build_reporting_sender: ""
299 build_reporting_email: [ 'root@localhost' ]
300 build_reporting_smtp_server: "localhost"
301 build_reporting_subject: ""
302 build_reporting_ignorelist: [ "" ]
303
304 buildisodir
305 Used for caching the intermediate files for ISO-Building. You may want
306 to use a SSD, a tmpfs or something which does not persist across re‐
307 boots and can be easily thrown away but is also fast.
308
309 default: /var/cache/cobbler/buildiso
310
311 cheetah_import_whitelist
312 Cheetah-language autoinstall templates can import Python modules. while
313 this is a useful feature, it is not safe to allow them to import any‐
314 thing they want. This whitelists which modules can be imported through
315 Cheetah. Users can expand this as needed but should never allow modules
316 such as subprocess or those that allow access to the filesystem as
317 Cheetah templates are evaluated by cobblerd as code.
318
319 default:
320
321 • random
322
323 • re
324
325 • time
326
327 • netaddr
328
329 client_use_https
330 If set to True, all commands to the API (not directly to the XML-RPC
331 server) will go over HTTPS instead of plain text. Be sure to change the
332 http_port setting to the correct value for the web server.
333
334 default: False
335
336 client_use_localhost
337 If set to True, all commands will be forced to use the localhost ad‐
338 dress instead of using the above value which can force commands like
339 cobbler sync to open a connection to a remote address if one is in the
340 configuration and would traceback.
341
342 default: False
343
344 cobbler_master
345 Used for replicating the Cobbler instance.
346
347 default: ""
348
349 convert_server_to_ip
350 Convert hostnames to IP addresses (where possible) so DNS isn't a re‐
351 quirement for various tasks to work correctly.
352
353 default: False
354
355 createrepo_flags
356 Default createrepo_flags to use for new repositories.
357
358 default: "-c cache -s sha"
359
360 default_name_*
361 Configure all installed systems to use these name servers by default
362 unless defined differently in the profile. For DHCP configurations you
363 probably do not want to supply this.
364
365 defaults:
366
367 default_name_servers: []
368 default_name_servers_search: []
369
370 default_ownership
371 if using the authz_ownership module, objects created without specifying
372 an owner are assigned to this owner and/or group.
373
374 default:
375
376 • admin
377
378 default_password_crypted
379 Cobbler has various sample automatic installation templates stored in
380 /var/lib/cobbler/templates/. This controls what install (root) password
381 is set up for those systems that reference this variable. The factory
382 default is "cobbler" and Cobbler check will warn if this is not
383 changed. The simplest way to change the password is to run openssl
384 passwd -1 and put the output between the "".
385
386 default: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
387
388 default_template_type
389 The default template type to use in the absence of any other detected
390 template. If you do not specify the template with #template=<tem‐
391 plate_type> on the first line of your templates/snippets, Cobbler will
392 assume try to use the following template engine to parse the templates.
393
394 NOTE:
395 Over time we will try to deprecate and remove Cheetah3 as a template
396 engine. It is hard to package and there are fewer guides then with
397 Jinja2. Making the templating independent of the engine is a task
398 which complicates the code. Thus, please try to use Jinja2. We will
399 try to support a seamless transition on a best-effort basis.
400
401 Current valid values are: cheetah, jinja2
402
403 default: "cheetah"
404
405 default_virt_bridge
406 For libvirt based installs in Koan, if no virt-bridge is specified,
407 which bridge do we try? For EL 4/5 hosts this should be xenbr0, for all
408 versions of Fedora, try virbr0. This can be overridden on a per-profile
409 basis or at the Koan command line though this saves typing to just set
410 it here to the most common option.
411
412 default: xenbr0
413
414 default_virt_disk_driver
415 The on-disk format for the virtualization disk.
416
417 default: raw
418
419 default_virt_file_size
420 Use this as the default disk size for virt guests (GB).
421
422 default: 5.0
423
424 default_virt_ram
425 Use this as the default memory size for virt guests (MB).
426
427 default: 512
428
429 default_virt_type
430 If Koan is invoked without --virt-type and no virt-type is set on the
431 profile/system, what virtualization type should be assumed?
432
433 Current valid values are:
434
435 • xenpv
436
437 • xenfv
438
439 • qemu
440
441 • vmware
442
443 NOTE: this does not change what virt_type is chosen by import.
444
445 default: xenpv
446
447 enable_ipxe
448 Enable iPXE booting? Enabling this option will cause Cobbler to copy
449 the undionly.kpxe file to the TFTP root directory, and if a pro‐
450 file/system is configured to boot via iPXE it will chain load off px‐
451 elinux.0.
452
453 default: False
454
455 enable_menu
456 Controls whether Cobbler will add each new profile entry to the default
457 PXE boot menu. This can be over-ridden on a per-profile basis when
458 adding/editing profiles with --enable-menu=False/True. Users should or‐
459 dinarily leave this setting enabled unless they are concerned with ac‐
460 cidental reinstall from users who select an entry at the PXE boot menu.
461 Adding a password to the boot menus templates may also be a good solu‐
462 tion to prevent unwanted reinstallations.
463
464 default: True
465
466 http_port
467 Change this port if Apache is not running plain text on port 80. Most
468 people can leave this alone.
469
470 default: 80
471
472 include
473 Include other configuration snippets with this regular expression. This
474 is a list of folders.
475
476 default: [ "/etc/cobbler/settings.d/*.settings" ]
477
478 NOTE:
479 Will be deprecated in future releases.
480
481 iso_template_dir
482 Folder to search for the ISO templates. These will build the boot-menu
483 of the built ISO.
484
485 default: /etc/cobbler/iso
486
487 jinja2_includedir
488 This is a directory of files that Cobbler uses to include files into
489 Jinja2 templates. Per default this settings is commented out.
490
491 default: /var/lib/cobbler/jinja2
492
493 kernel_options
494 Kernel options that should be present in every Cobbler installation.
495 Kernel options can also be applied at the distro/profile/system level.
496
497 default: {}
498
499 ldap_*
500 Configuration options if using the authn_ldap module. See the Wiki for
501 details. This can be ignored if you are not using LDAP for We‐
502 bUI/XML-RPC authentication.
503
504 defaults:
505
506 ldap_server: "ldap.example.com"
507 ldap_base_dn: "DC=example,DC=com"
508 ldap_port: 389
509 ldap_tls: true
510 ldap_anonymous_bind: true
511 ldap_search_bind_dn: ''
512 ldap_search_passwd: ''
513 ldap_search_prefix: 'uid='
514 ldap_tls_cacertdir: ''
515 ldap_tls_cacertfile: ''
516 ldap_tls_certfile: ''
517 ldap_tls_keyfile: ''
518 ldap_tls_reqcert: 'hard'
519 ldap_tls_cipher_suite: ''
520
521 bind_manage_ipmi
522 When using the Bind9 DNS server, you can enable or disable if the BMCs
523 should receive own DNS entries.
524
525 default: False
526
527 manage_dhcp
528 Set to True to enable Cobbler's DHCP management features. The choice of
529 DHCP management engine is in /etc/cobbler/modules.conf.
530
531 default: True
532
533 manage_dhcp_v4
534 Set to true to enable DHCP IPv6 address configuration generation. This
535 currently only works with manager.isc DHCP module (isc dhcpd6 daemon).
536 See /etc/cobbler/modules.conf whether this isc module is chosen for
537 dhcp generation.
538
539 default: False
540
541 manage_dhcp_v6
542 Set to true to enable DHCP IPv6 address configuration generation. This
543 currently only works with manager.isc DHCP module (isc dhcpd6 daemon).
544 See /etc/cobbler/modules.conf whether this isc module is chosen for
545 dhcp generation.
546
547 default: False
548
549 manage_dns
550 Set to True to enable Cobbler's DNS management features. The choice of
551 DNS management engine is in /etc/cobbler/modules.conf.
552
553 default: False
554
555 manage_*_zones
556 If using BIND (named) for DNS management in /etc/cobbler/modules.conf
557 and manage_dns is enabled (above), this lists which zones are managed.
558 See DNS configuration management for more information.
559
560 defaults:
561
562 manage_forward_zones: []
563 manage_reverse_zones: []
564
565 manage_genders
566 Whether or not to manage the genders file. For more information on that
567 visit: github.com/chaos/genders
568
569 default: False
570
571 manage_rsync
572 Set to True to enable Cobbler's RSYNC management features.
573
574 default: False
575
576 manage_tftpd
577 Set to True to enable Cobbler's TFTP management features. The choice of
578 TFTP management engine is in /etc/cobbler/modules.conf.
579
580 default: True
581
582 mgmt_*
583 Cobbler has a feature that allows for integration with config manage‐
584 ment systems such as Puppet. The following parameters work in conjunc‐
585 tion with --mgmt-classes and are described in further detail at
586 Configuration Management Integrations.
587
588 mgmt_classes: []
589 mgmt_parameters:
590 from_cobbler: true
591
592 next_server_v4
593 If using Cobbler with manage_dhcp_v4, put the IP address of the Cobbler
594 server here so that PXE booting guests can find it. If you do not set
595 this correctly, this will be manifested in TFTP open timeouts.
596
597 default: 127.0.0.1
598
599 next_server_v6
600 If using Cobbler with manage_dhcp_v6, put the IP address of the Cobbler
601 server here so that PXE booting guests can find it. If you do not set
602 this correctly, this will be manifested in TFTP open timeouts.
603
604 default: ::1
605
606 nsupdate_enabled
607 This enables or disables the replacement (or removal) of records in the
608 DNS zone for systems created (or removed) by Cobbler.
609
610 NOTE:
611 There are additional settings needed when enabling this. Due to the
612 limited number of resources, this won't be done until 3.3.0. Thus
613 please expect to run into troubles when enabling this setting.
614
615 default: False
616
617 nsupdate_log
618 The logfile to document what records are added or removed in the DNS
619 zone for systems.
620
621 NOTE:
622 The functionality this settings is related to is currently not
623 tested due to tech-debt. Please use it with caution. This note will
624 be removed once we were able to look deeper into this functionality
625 of Cobbler.
626
627 • Required: No
628
629 • Default: /var/log/cobbler/nsupdate.log
630
631 nsupdate_tsig_algorithm
632 NOTE:
633 The functionality this settings is related to is currently not
634 tested due to tech-debt. Please use it with caution. This note will
635 be removed once we were able to look deeper into this functionality
636 of Cobbler.
637
638 • Required: No
639
640 • Default: hmac-sha512
641
642 nsupdate_tsig_key
643 NOTE:
644 The functionality this settings is related to is currently not
645 tested due to tech-debt. Please use it with caution. This note will
646 be removed once we were able to look deeper into this functionality
647 of Cobbler.
648
649 • Required: No
650
651 • Default: []
652
653 power_management_default_type
654 Settings for power management features. These settings are optional.
655 See Power Management to learn more.
656
657 Choices (refer to the fence-agents project for a complete list):
658
659 • apc_snmp
660
661 • bladecenter
662
663 • bullpap
664
665 • drac
666
667 • ether_wake
668
669 • ilo
670
671 • integrity
672
673 • ipmilan
674
675 • ipmilanplus
676
677 • lpar
678
679 • rsa
680
681 • virsh
682
683 • wti
684
685 default: ipmilanplus
686
687 proxies
688 This key is used by Uyuni (or one of its derivatives) for the Proxy
689 scenario. More information can be found here
690
691 Cobbler only evaluates this if the key has a list of strings as value.
692 An empty list means you don't have any proxies configured in your Uyuni
693 setup.
694
695 default: []
696
697 proxy_url_ext
698 External proxy which is used by the following commands: reposync, sig‐
699 nature update
700
701 defaults:
702
703 http: http://192.168.1.1:8080
704 https: https://192.168.1.1:8443
705
706 proxy_url_int
707 Internal proxy which is used by systems to reach Cobbler for kick‐
708 starts.
709
710 e.g.: proxy_url_int: http://10.0.0.1:8080
711
712 default: ""
713
714 puppet_auto_setup
715 If enabled, this setting ensures that puppet is installed during ma‐
716 chine provision, a client certificate is generated and a certificate
717 signing request is made with the puppet master server.
718
719 default: False
720
721 puppet_parameterized_classes
722 Choose whether to enable puppet parameterized classes or not. Puppet
723 versions prior to 2.6.5 do not support parameters.
724
725 default: True
726
727 puppet_server
728 Choose a --server argument when running puppetd/puppet agent during au‐
729 toinstall.
730
731 default: 'puppet'
732
733 puppet_version
734 Let Cobbler know that you're using a newer version of puppet. Choose
735 version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'.
736
737 default: 2
738
739 puppetca_path
740 Location of the puppet executable, used for revoking certificates.
741
742 default: "/usr/bin/puppet"
743
744 pxe_just_once
745 If this setting is set to True, Cobbler systems that pxe boot will re‐
746 quest at the end of their installation to toggle the --netboot-enabled
747 record in the Cobbler system record. This eliminates the potential for
748 a PXE boot loop if the system is set to PXE first in it's BIOS order.
749 Enable this if PXE is first in your BIOS boot order, otherwise leave
750 this disabled. See the manpage for --netboot-enabled.
751
752 default: True
753
754 nopxe_with_triggers
755 If this setting is set to True, triggers will be executed when systems
756 will request to toggle the --netboot-enabled record at the end of their
757 installation.
758
759 default: True
760
761 redhat_management_permissive
762 If using authn_spacewalk in modules.conf to let Cobbler authenticate
763 against Satellite/Spacewalk's auth system, by default it will not allow
764 per user access into Cobbler Web and Cobbler XML-RPC. In order to per‐
765 mit this, the following setting must be enabled HOWEVER doing so will
766 permit all Spacewalk/Satellite users of certain types to edit all of
767 Cobbler's configuration. these roles are: config_admin and org_admin.
768 Users should turn this on only if they want this behavior and do not
769 have a cross-multi-org separation concern. If you have a single org in
770 your satellite, it's probably safe to turn this on and then you can use
771 CobblerWeb alongside a Satellite install.
772
773 default: False
774
775 redhat_management_server
776 This setting is only used by the code that supports using Uyuni/SUSE
777 Manager/Spacewalk/Satellite authentication within Cobbler Web and Cob‐
778 bler XML-RPC.
779
780 default: "xmlrpc.rhn.redhat.com"
781
782 redhat_management_key
783 Specify the default Red Hat authorization key to use to register sys‐
784 tem. If left blank, no registration will be attempted. Similarly you
785 can set the --redhat-management-key to blank on any system to keep it
786 from trying to register.
787
788 default: ""
789
790 register_new_installs
791 If set to True, allows /usr/bin/cobbler-register (part of the Koan
792 package) to be used to remotely add new Cobbler system records to Cob‐
793 bler. This effectively allows for registration of new hardware from
794 system records.
795
796 default: False
797
798 remove_old_puppet_certs_automatically
799 When a puppet managed machine is reinstalled it is necessary to remove
800 the puppet certificate from the puppet master server before a new cer‐
801 tificate is signed (see above). Enabling the following feature will en‐
802 sure that the certificate for the machine to be installed is removed
803 from the puppet master server if the puppet master server is running on
804 the same machine as Cobbler. This requires puppet_auto_setup above to
805 be enabled
806
807 default: False
808
809 replicate_repo_rsync_options
810 Replication rsync options for repos set to override default value of
811 -avzH.
812
813 default: "-avzH"
814
815 replicate_rsync_options
816 replication rsync options for distros, autoinstalls, snippets set to
817 override default value of -avzH.
818
819 default: "-avzH"
820
821 reposync_flags
822 Flags to use for yum's reposync. If your version of yum reposync does
823 not support -l, you may need to remove that option.
824
825 default: "-l -n -d"
826
827 reposync_rsync_flags
828 Flags to use for rysync's reposync. If archive mode (-a,--archive) is
829 used then createrepo is not ran after the rsync as it pulls down the
830 repodata as well. This allows older OS's to mirror modular repos using
831 rsync.
832
833 default: "-rltDv --copy-unsafe-links"
834
835 restart_*
836 When DHCP and DNS management are enabled, cobbler sync can automati‐
837 cally restart those services to apply changes. The exception for this
838 is if using ISC for DHCP, then OMAPI eliminates the need for a restart.
839 omapi, however, is experimental and not recommended for most configura‐
840 tions. If DHCP and DNS are going to be managed, but hosted on a box
841 that is not on this server, disable restarts here and write some other
842 script to ensure that the config files get copied/rsynced to the desti‐
843 nation box. This can be done by modifying the restart services trigger.
844 Note that if manage_dhcp and manage_dns are disabled, the respective
845 parameter will have no effect. Most users should not need to change
846 this.
847
848 defaults:
849
850 restart_dns: true
851 restart_dhcp: true
852
853 run_install_triggers
854 Install triggers are scripts in /var/lib/cobbler/triggers/install that
855 are triggered in autoinstall pre and post sections. Any executable
856 script in those directories is run. They can be used to send email or
857 perform other actions. They are currently run as root so if you do not
858 need this functionality you can disable it, though this will also dis‐
859 able cobbler status which uses a logging trigger to audit install
860 progress.
861
862 default: true
863
864 scm_track_*
865 enables a trigger which version controls all changes to /var/lib/cob‐
866 bler when add, edit, or sync events are performed. This can be used to
867 revert to previous database versions, generate RSS feeds, or for other
868 auditing or backup purposes. Git and Mercurial are currently supported,
869 but Git is the recommend SCM for use with this feature.
870
871 default:
872
873 scm_track_enabled: false
874 scm_track_mode: "git"
875 scm_track_author: "cobbler <cobbler@localhost>"
876 scm_push_script: "/bin/true"
877
878 serializer_pretty_json
879 Sort and indent JSON output to make it more human-readable.
880
881 default: False
882
883 server
884 This is the address of the Cobbler server -- as it is used by systems
885 during the install process, it must be the address or hostname of the
886 system as those systems can see the server. if you have a server that
887 appears differently to different subnets (dual homed, etc), you need to
888 read the --server-override section of the manpage for how that works.
889
890 default: 127.0.0.1
891
892 sign_puppet_certs_automatically
893 When puppet starts on a system after installation it needs to have its
894 certificate signed by the puppet master server. Enabling the following
895 feature will ensure that the puppet server signs the certificate after
896 installation if the puppet master server is running on the same machine
897 as Cobbler. This requires puppet_auto_setup above to be enabled.
898
899 default: false
900
901 signature_path
902 The cobbler import workflow is powered by this file. Its location can
903 be set with this config option.
904
905 default: /var/lib/cobbler/distro_signatures.json
906
907 signature_url
908 Updates to the signatures may happen more often then we have releases.
909 To enable you to import new version we provide the most up to date sig‐
910 natures we offer on this like. You may host this file for yourself and
911 adjust it for your needs.
912
913 default: https://cobbler.github.io/signatures/3.0.x/latest.json
914
915 tftpboot_location
916 This variable contains the location of the tftpboot directory. If this
917 directory is not present Cobbler does not start.
918
919 Default: /srv/tftpboot
920
921 virt_auto_boot
922 Should new profiles for virtual machines default to auto booting with
923 the physical host when the physical host reboots? This can be overrid‐
924 den on each profile or system object.
925
926 default: true
927
928 webdir
929 Cobbler's web directory. Don't change this setting -- see the Wiki on
930 "relocating your Cobbler install" if your /var partition is not large
931 enough.
932
933 default: @@webroot@@/cobbler
934
935 webdir_whitelist
936 Directories that will not get wiped and recreated on a cobbler sync.
937
938 default:
939
940 webdir_whitelist:
941 - misc
942 - web
943 - webui
944 - localmirror
945 - repo_mirror
946 - distro_mirror
947 - images
948 - links
949 - pub
950 - repo_profile
951 - repo_system
952 - svc
953 - rendered
954 - .link_cache
955
956 windows_enabled
957 Set to true to enable the generation of Windows boot files in Cobbler.
958
959 default: False
960
961 For more information see Automatic Windows installation with Cobbler.
962
963 windows_template_dir
964 Location of templates used for Windows.
965
966 default: /etc/cobbler/windows
967
968 For more information see Automatic Windows installation with Cobbler.
969
970 samba_distro_share
971 Samba share name for distros
972
973 default: DISTRO
974
975 For more information see Automatic Windows installation with Cobbler.
976
977 xmlrpc_port
978 Cobbler's public XML-RPC listens on this port. Change this only if ab‐
979 solutely needed, as you'll have to start supplying a new port option to
980 Koan if it is not the default.
981
982 default: 25151
983
984 yum_distro_priority
985 The default yum priority for all the distros. This is only used if
986 yum-priorities plugin is used. 1 is the maximum value. Tweak with cau‐
987 tion.
988
989 default: true
990
991 yum_post_install_mirror
992 cobbler repo add commands set Cobbler up with repository information
993 that can be used during autoinstall and is automatically set up in the
994 Cobbler autoinstall templates. By default, these are only available at
995 install time. To make these repositories usable on installed systems
996 (since Cobbler makes a very convenient mirror) set this to True. Most
997 users can safely set this to True. Users who have a dual homed Cobbler
998 server, or are installing laptops that will not always have access to
999 the Cobbler server may wish to leave this as False. In that case, the
1000 Cobbler mirrored yum repos are still accessible at http://cobbler.exam‐
1001 ple.org/cblr/repo_mirror and YUM configuration can still be done manu‐
1002 ally. This is just a shortcut.
1003
1004 default: True
1005
1006 yumdownloader_flags
1007 Flags to use for yumdownloader. Not all versions may support --resolve.
1008
1009 default: "--resolve"
1010
1012 If you have own custom modules which are not shipped with Cobbler di‐
1013 rectly you may have additional sections here.
1014
1015 authentication
1016 What users can log into Cobbler via the XML-RPC API or the HTTP-API?
1017
1018 Choices:
1019
1020 • authentication.denyall -- No one
1021
1022 • authentication.configfile -- Use /etc/cobbler/users.digest (default)
1023
1024 • authentication.passthru -- Ask Apache to handle it (used for ker‐
1025 beros)
1026
1027 • authentication.ldap -- Authenticate against LDAP
1028
1029 • authentication.spacewalk -- Ask Spacewalk/Satellite (experimental)
1030
1031 • authentication.pam -- Use PAM facilities
1032
1033 • (user supplied) -- You may write your own module
1034
1035 NOTE:
1036 A new web interface is in the making. At the moment we do not have
1037 any documentation, yet.
1038
1039 default: authentication.configfile
1040
1041 Hash algorithms:
1042
1043 This parameter has currently only a meaning when the option authentica‐
1044 tion.configfile is used. The parameter decides what hashfunction algo‐
1045 rithm is used for checking the passwords.
1046
1047 Choices:
1048
1049 • blake2b
1050
1051 • blake2s
1052
1053 • sha3_512
1054
1055 • sha3_384
1056
1057 • sha3_256
1058
1059 • sha3_224
1060
1061 • shake_128
1062
1063 • shake_256
1064
1065 default: sha3_512
1066
1067 authorization
1068 Once a user has been cleared by the WebUI/XML-RPC, what can they do?
1069
1070 Choices:
1071
1072 • authorization.allowall -- full access for all authenticated users
1073 (default)
1074
1075 • authorization.ownership -- use users.conf, but add object ownership
1076 semantics
1077
1078 • (user supplied) -- you may write your own module
1079
1080 WARNING:
1081 If you want to further restrict Cobbler with ACLs for various
1082 groups, pick authorization.ownership. authorization.allowall does
1083 not support ACLs. Configuration file does but does not support ob‐
1084 ject ownership which is useful as an additional layer of control.
1085
1086 NOTE:
1087 A new web interface is in the making. At the moment we do not have
1088 any documentation, yet.
1089
1090 default: authorization.allowall
1091
1092 dns
1093 Chooses the DNS management engine if manage_dns is enabled in /etc/cob‐
1094 bler/settings.yaml, which is off by default.
1095
1096 Choices:
1097
1098 • managers.bind -- default, uses BIND/named
1099
1100 • managers.dnsmasq -- uses dnsmasq, also must select dnsmasq for DHCP
1101 below
1102
1103 • managers.ndjbdns -- uses ndjbdns
1104
1105 NOTE:
1106 More configuration is still required in /etc/cobbler
1107
1108 For more information see DNS configuration management.
1109
1110 default: managers.bind
1111
1112 dhcp
1113 Chooses the DHCP management engine if manage_dhcp is enabled in
1114 /etc/cobbler/settings.yaml, which is off by default.
1115
1116 Choices:
1117
1118 • managers.isc -- default, uses ISC dhcpd
1119
1120 • managers.dnsmasq -- uses dnsmasq, also must select dnsmasq for DNS
1121 above
1122
1123 NOTE:
1124 More configuration is still required in /etc/cobbler
1125
1126 For more information see DHCP Management.
1127
1128 default: managers.isc
1129
1130 tftpd
1131 Chooses the TFTP management engine if manage_tftpd is enabled in
1132 /etc/cobbler/settings.yaml, which is on by default.
1133
1134 Choices:
1135
1136 • managers.in_tftpd -- default, uses the system's TFTP server
1137
1138 default: managers.in_tftpd
1139
1141 Enno Gotthold
1142
1144 2023, Enno Gotthold
1145
1146
1147
1148
11493.3 Jul 19, 2023 COBBLER.CONF(5)