Joseph Boyer Jr. wrote: > > Hi Folks, > > Here is some code that I have written / modified: > > First I have included a patch to action_buildiso.py, which modifies > the patch written by Dave Hatton. I have updated the buildiso to be > able to boot to local disk, chain.32c is need for this to work > properly and I have cleaned the ISO menu a little. The major change > that I have added is the ability to automatically add Rescue Booting. > I have added rescue booting via and iLo/drac and via a serial console > (only if you serial console is at ttyS0). You will need to change this > if your serial console is on another tty. I have also added the > ability to do an install via the serial console. Please note that > these menu items are for systems only and do appear in the iso for > profile installs. This can easily be added. > > Second. I have modified authz_ownership (authz_group) to authenticate > admins for everything in the WebUI and only users in > /etc/cobbler/users.conf group Stagers to add, edit and delete systems > and to sync. I have called the group Stagers, but you can change it to > whatever you like. Please note that authz_group.py is case sensitive. > This is because I use Kerberos for authentication and I need to > authenticate [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> not > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. Hence this mean, entries > in /etc/cobbler/users.conf are case sensitive for this module. > > Finally is my WebUI auth config which uses AD to authenticate via > kerberos and /etc/cobbler/webgui.conf to allow access to cobbler’s web > interface. > > I think that’s all. > > I hope this is useful. > > Cheers, > > Joe >
Joe, Thanks for the patches, though I unfortunately cannot apply them. I will tell you though, what you can do if you would like them applied. (A) action_buildiso.py fails to apply because your local destination file is not "action_buildiso.py". In addition you say it was applied against Dave Hatton's patch -- it should be applied against devel head in git. To avoid this problem, generate patches with "git-format-patch". You will need to resend this for me to look at it. Also for future reference, this was a relatively long patch, so in general, it is preferable if you can break them into smaller patches. git-format-patch also helps with this as it can break seperate commits into seperate patches. For this time though, I won't ask you to break them down, but they do need to be applied against the correct base. (B) api.py looks ok, but not applying yet because I can't yet apply "A". (C) authz_groups -- This use case seems specific to your environment, and that's fine. This is why the cobbler auth system is modular. I don't think we need to apply this to the main tree. Alternatively, if this functionality can be added to authz_ownership without breaking existing users (it only creates the new group), I can see this being a patch to authz_ownership as opposed to creating a new file. See "E" below for one potential improvement that could make it work better with the "users.conf" without creating a new config file. (D) cli_misc.patch -- This appears to be applied against an old version as we already take a --iso. Are you using the development branch in git? If so, that would solve many of these problems. (E) webgui.conf -- ideally this would just use the existing group headers "[likethis]" in users.conf, in which case, it would not need to be a seperate conf file. If we want to extend the ownership module to understand the concept of groups with special meanings (perhaps "systemsonly" is better than "stagers" ?) that would be a good change to make. (G) cobbler.conf -- Thanks for the Kerberos example. We have a page up on the Wiki here: https://fedorahosted.org/cobbler/wiki/CobblerWithKerberos -- if you would like to add your example up there, that would be useful for other people who want to set Cobbler up with Kerberos. Hopefully the above was not too discouraging. Namely, working with git-format-patch is the best way to ensure patches are applyable, also use the devel branch as I do not apply features to "master". I am not sure the ILO/Drac options are appropriate for everyone so perhaps they should be options to pass to "cobbler buildiso" ? Anyhow, take a look at the upstream buildiso and perhaps your patches can be re-applied to there. It definitely sounds interesting. --Michael > *Joseph Boyer Jr* > *Enterprise Technology Services** ** > **Liquidnet Holdings, Inc.* > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>* > *T** * +1 646.660.8352 > *C ** *+1 646.284.8394 > > ------------------------------------------------------------------------ > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
