Hi Wouter,
Thank you for looking into this and sharing your findings Wouter.
Good to hear that enabling management fixed it for you.
Alas for me that's not the case.
[root@geppetto ansible]# cobbler system list
metop-20.oma.be
metop-28.oma.be
zotac-09
zotac-24.oma.be
zotac-29
zotac-36
[root@geppetto ansible]#
[root@geppetto ansible]# ./cobbler.py
{}
[root@geppetto ansible]# cobbler system edit --name=zotac-29
--management=yes
[root@geppetto ansible]# ./cobbler.py
{}
Whereas the api still works, because the following line gives lots of
output (too much to be readable):
[root@geppetto ansible]# ./cobblerdemo.py | grep zotac-29
and this being the contents:
[root@geppetto ansible]# cat ./cobblerdemo.py
#!/usr/bin/python
import xmlrpclib
server = xmlrpclib.Server("http://127.0.0.1/cobbler_api";)
server = xmlrpclib.Server("http://127.0.0.1/cobbler_api";)
print server.get_systems()
[root@geppetto ansible]#
Cheers,
Joost
Op zondag 9 februari 2014 00:07:14 UTC+1 schreef Wouter Jagers:
>
> Hi Joost,
>
> I just spent some time digging for the same. Turns out that my existing
> systems did not have "management" set and were therefore not included in
> the results.
>
> Should this be the case, you should start getting output after issuing one
> of these:
> # cobbler system edit --name=somenode --management=yes
>
> Cheers
> Wouter
>
> On Wednesday, January 22, 2014 3:27:48 PM UTC+1, Joost Ringoot wrote:
>>
>> Hello,
>>
>> I wanted to give "This
>> script"<https://raw.github.com/ansible/ansible/devel/plugins/inventory/cobbler.py>(from
>>
>> http://docs.ansible.com/intro_dynamic_inventory.html#example-the-cobbler-external-inventory-script)
>>
>> a try to do the dynamic inventory.
>>
>> Benno helped me in irc to get rid of some errors, due to not having a
>> *cobbler.ini* in the same directory.
>> *An example file can be found in
>> /opt/ansible/plugins/inventory/cobbler.ini or in git *
>> *It would be nice to include that in the manual, for newbies like me*
>>
>> Now I have currently 6 hosts in cobbler, but the script seems not aware
>> of it, see output below:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *[root@geppetto ansible]# cobbler system list metop-20.oma.be
>> <http://metop-20.oma.be> metop-28.oma.be <http://metop-28.oma.be>
>> zotac-09 zotac-24.oma.be <http://zotac-24.oma.be> zotac-29
>> zotac-36[root@geppetto ansible]# ./cobbler.py{}[root@geppetto
>> ansible]# [root@geppetto ansible]# cobbler --versionCobbler 2.4.0 source:
>> ?, ? build time: Thu Jun 20 06:07:51 2013[root@geppetto ansible]# *
>> Any ideas?
>> Would it make sense if I upload the output of
>> *[root@geppetto ansible]# python -mtrace --trace ./cobbler.py* *>
>> cobbler.py.debuglog*
>>
>> here? It is big!:
>>
>>
>>
>>
>>
>> *[root@geppetto ansible]# ls -lah cobbler.py.debuglog-rw-r--r--. 1 root
>> root 3.4M Jan 21 15:01 cobbler.py.debuglog[root@geppetto ansible]# wc -l
>> cobbler.py.debuglog76780 cobbler.py.debuglog[root@geppetto ansible]# *
>>
>>
>> Thanks
>>
>> *,*Joost
>>
>> BTW:
>> A little note on selinux, since that is often the culprit: I have it
>> running currently in permissive mode.
>> I grepped /var/log/audit/audit.log for ansible: nothing found.
>> What I found on cobbler I poured into a policy and applied it and I tried
>> again:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *[root@geppetto ansible]# grep ansible
>> /var/log/audit/audit.log[root@geppetto ansible]#[root@geppetto ansible]#
>> grep cobbler /var/log/audit/audit.logtype=AVC
>> msg=audit(1390309171.088:106152): avc: denied { write } for pid=27878
>> comm="httpd" name="webui_sessions" dev=dm-0 ino=17958021
>> scontext=system_u:system_r:httpd_t:s0
>> tcontext=system_u:object_r:cobbler_var_lib_t:s0 tclass=dirtype=AVC
>> msg=audit(1390309171.088:106152): avc: denied { add_name } for pid=27878
>> comm="httpd" name="sessionid5f93d6b7217e5248218a9c705f0769cf"
>> scontext=system_u:system_r:httpd_t:s0
>> tcontext=system_u:object_r:cobbler_var_lib_t:s0 tclass=dirtype=AVC
>> msg=audit(1390309171.088:106152): avc: denied { create } for pid=27878
>> comm="httpd" name="sessionid5f93d6b7217e5248218a9c705f0769cf"
>> scontext=system_u:system_r:httpd_t:s0
>> tcontext=system_u:object_r:cobbler_var_lib_t:s0 tclass=filetype=AVC
>> msg=audit(1390309171.088:106152): avc: denied { write } for pid=27878
>> comm="httpd" name="sessionid5f93d6b7217e5248218a9c705f0769cf" dev=dm-0
>> ino=17958488 scontext=system_u:system_r:httpd_t:s0
>> tcontext=system_u:object_r:cobbler_var_lib_t:s0 tclass=filetype=AVC
>> msg=audit(1390309171.089:106153): avc: denied { remove_name } for
>> pid=27878 comm="httpd"
>> name="sessionid5f93d6b7217e5248218a9c705f0769cf_out_Ud8hJk" dev=dm-0
>> ino=17958538 scontext=system_u:system_r:httpd_t:s0
>> tcontext=system_u:object_r:cobbler_var_lib_t:s0 tclass=dirtype=AVC
>> msg=audit(1390309171.089:106153): avc: denied { rename } for pid=27878
>> comm="httpd" name="sessionid5f93d6b7217e5248218a9c705f0769cf_out_Ud8hJk"
>> dev=dm-0 ino=17958538 scontext=system_u:system_r:httpd_t:s0
>> tcontext=system_u:object_r:cobbler_var_lib_t:s0 tclass=filetype=AVC
>> msg=audit(1390309171.089:106153): avc: denied { unlink } for pid=27878
>> comm="httpd" name="sessionid5f93d6b7217e5248218a9c705f0769cf" dev=dm-0
>> ino=17958488 scontext=system_u:system_r:httpd_t:s0
>> tcontext=system_u:object_r:cobbler_var_lib_t:s0 tclass=file[root@geppetto
>> ansible]# [root@geppetto selinux]# grep cobbler /var/log/audit/audit.log |
>> audit2allow -M cobblerpol ******************** IMPORTANT
>> ***********************To make this policy package active, execute:semodule
>> -i cobblerpol.pp[root@geppetto selinux]# semodule -i
>> cobblerpol.pp[root@geppetto selinux]# cd /etc/ansible[root@geppetto
>> ansible]# ./cobbler.py{}[root@geppetto ansible]#*
>> But no real difference,... like it should since it is permissive mode.
>>
>>
>>
>>
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
