Koelewijn, Marcel - Acision wrote: > Hi, > > Thinking about the procedure to define systems, and extending on the network > definition and auto-registration facilities, would it be beneficial to > provide a feature in Cobbler that would extend the auto-registration. >
For benefit of the list, currently what currently happens is that if registration is enabled in settings, and cobbler sees a new mac address, it will add a new (largely empty) system record corresponding to that mac address attached to the profile it was installed from. For instance, this is useful when installing a large number of "off the truck" systems using a PXE menu, and also building a database of the MAC addresses at the same time. > If the auto-registration is enabled and the system is not yet defined, the > system is created and provided with a simple application that will do a > hardware scan and lists resources normally configured via the kickstart back > to Cobbler. The resources will then be added to the system. cobbler edit can > be used to modify the system definition, e.g. to add the bonds, tell the > slaves which bond they belong to, assign a profile to the system. > > So instead of pre-defining the system, cobbler waits for a system to register > itself and provide a basic definition. > Pre-defining the system is important and should always be supported, though adding code to register profile-based-installs and create the new corresponding system records via XMLRPC would be an interesting feature. Ideally this could be added to koan. This is of course highly useful, but we need to be mineful of security implications if doing this in cobbler directly -- provisioning systems work best when they don't require passing credentials to systems that are being installed -- Care would need to be taken to ensure that this is (A) not enabled by default, and (B) would not overwrite or modify any existing system records, but would only store new ones. This would be for security reasons since registration should /not/ require typical XMLRPC read-write credentials. Further, care would need to be taken to do registration via a new remote.py API call, such that we didn't accept in certain fields. For instance, currently it's possible to declare a system with an IP in CIDR notation, to represent a network. We would not want someone to attempt to create a system using the registration protocol, because then they would affect provisioning on more than just the declared machine. A better way to do this, I think, would be instead install Func (fedorahosted.org/func) on all nodes, and write another tool that says "update Cobbler from Func". This would then allow us to securely contact systems that have been signed with certmaster-ca and then update the IP/other information from those systems. Tighter Func integration is included in Cobbler 1.3/devel, so this kind of tool would be easy to do, and would only have to be run on the central cobbler server. It might possibly require some additional Func modules to be written to provide info, but the existing network info and hardware modules would make sense. Basically we would be using Func to probe the network and update all the cobbler system information we find. We'd want to be careful then about multiple network interfaces and such, to make sure they were reflected accurately, and also to have a few options regarding what do if information discovered by Func contrasted with what is in Cobbler. Very good idea. It's not something that we'd want to require of everyone, but I think it woudl provide some very useful features in bringing the two apps closer together for those that wanted to use both of them. > /marcel > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be copied, > disclosed to, retained or used by, any other party. If you are not an > intended recipient then please promptly delete this e-mail and any attachment > and all copies and inform the sender. Thank you. > > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
