123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466 |
- # Cobbler settings file
- # Restart cobblerd and run "cobbler sync" after making changes.
- # This config file is in YAML 1.2 format; see "http://yaml.org".
- # If "true", Cobbler will allow insertions of system records that duplicate the "--dns-name" information of other system
- # records. In general, this is undesirable and should be left "false".
- allow_duplicate_hostnames: false
- # If "true", Cobbler will allow insertions of system records that duplicate the ip address information of other system
- # records. In general, this is undesirable and should be left "false".
- allow_duplicate_ips: false
- # If "true", Cobbler will allow insertions of system records that duplicate the MAC address information of other system
- # records. In general, this is undesirable.
- allow_duplicate_macs: false
- # If "true", Cobbler will allow settings to be changed dynamically without a restart of the cobblerd daemon. You can
- # only change this variable by manually editing the settings file, and you MUST restart cobblerd after changing it.
- allow_dynamic_settings: false
- # By default, installs are *not* set to send installation logs to the Cobbler server. With "anamon_enabled", automatic
- # installation templates may use the "pre_anamon" snippet to allow remote live monitoring of their installations from
- # the Cobbler server. Installation logs will be stored under "/var/log/cobbler/anamon/".
- # NOTE: This does allow an xmlrpc call to send logs to this directory, without authentication, so enable only if you are
- # ok with this limitation.
- anamon_enabled: false
- # If using "authn_pam" in the "modules.conf", this can be configured to change the PAM service authentication will be
- # tested against.
- # The default value is "login".
- authn_pam_service: "login"
- # How long the authentication token is valid for, in seconds.
- auth_token_expiration: 3600
- # This is a directory of files that Cobbler uses to make templating easier. See the Wiki for more information. Changing
- # this directory should not be required.
- autoinstall_snippets_dir: /var/lib/cobbler/snippets
- autoinstall_templates_dir: /var/lib/cobbler/templates
- # location of templates used for boot loader config generation
- boot_loader_conf_template_dir: "/etc/cobbler/boot_loader_conf"
- # Email out a report when Cobbler finishes installing a system.
- # enabled: set to true to turn this feature on
- # sender: optional
- # email: which addresses to email
- # smtp_server: used to specify another server for an MTA
- # subject: use the default subject unless overridden
- build_reporting_enabled: false
- build_reporting_sender: ""
- build_reporting_email: [ 'root@localhost' ]
- build_reporting_smtp_server: "localhost"
- build_reporting_subject: ""
- build_reporting_ignorelist: []
- # If cache_enabled is true, a cache will keep converted records in memory to make checking them faster. This helps with
- # use cases like writing out large numbers of records. There is a known issue with cache and remote XMLRPC API calls.
- # If you will use Cobbler with config management or infrastructure-as-code tools such as Terraform, it is recommended
- # to disable by setting to false.
- cache_enabled: true
- # Cheetah-language autoinstall templates can import Python modules. While this is a useful feature, it is not safe to
- # allow them to import anything they want. This whitelists which modules can be imported through Cheetah. Users can
- # expand this as needed but should never allow modules such as subprocess or those that allow access to the filesystem
- # as Cheetah templates are evaluated by cobblerd as code.
- cheetah_import_whitelist:
- - "random"
- - "re"
- - "time"
- - "netaddr"
- # Default "createrepo_flags" to use for new repositories. If you have createrepo >= 0.4.10, consider
- # "-c cache --update -C", which can dramatically improve your "cobbler reposync" time. "-s sha" enables working with
- # Fedora repos from F11/F12 from EL-4 or EL-5 without python-hashlib installed (which is not available on EL-4)
- createrepo_flags: "-c cache -s sha"
- # if no autoinstall template is specified to profile add, use this template
- default_autoinstall: /var/lib/cobbler/autoinstall_templates/default.ks
- # configure all installed systems to use these nameservers by default
- # unless defined differently in the profile. For DHCP configurations
- # you probably do /not/ want to supply this.
- default_name_servers: []
- default_name_servers_search: []
- # if using the authz_ownership module (see the Wiki), objects
- # created without specifying an owner are assigned to this
- # owner and/or group. Can be a comma seperated list.
- default_ownership:
- - "admin"
- # Cobbler has various sample automatic installation templates stored
- # in /var/lib/cobbler/autoinstall_templates/. This controls
- # what install (root) password is set up for those
- # systems that reference this variable. The factory
- # default is "cobbler" and Cobbler check will warn if
- # this is not changed.
- # The simplest way to change the password is to run
- # openssl passwd -1
- # and put the output between the "" below.
- default_password_crypted: password
- # the default template type to use in the absence of any
- # other detected template. If you do not specify the template
- # with '#template=<template_type>' on the first line of your
- # templates/snippets, Cobbler will assume try to use the
- # following template engine to parse the templates.
- #
- # Current valid values are: cheetah, jinja2
- default_template_type: "cheetah"
- # for libvirt based installs in koan, if no virt bridge
- # is specified, which bridge do we try? For EL 4/5 hosts
- # this should be xenbr0, for all versions of Fedora, try
- # "virbr0". This can be overriden on a per-profile
- # basis or at the koan command line though this saves
- # typing to just set it here to the most common option.
- default_virt_bridge: xenbr0
- # use this as the default disk size for virt guests (GB)
- default_virt_file_size: 5
- # use this as the default memory size for virt guests (MB)
- default_virt_ram: 512
- # if koan is invoked without --virt-type and no virt-type
- # is set on the profile/system, what virtualization type
- # should be assumed? Values: xenpv, xenfv, qemu, vmware
- # (NOTE: this does not change what virt_type is chosen by import)
- default_virt_type: xenpv
- # enable gPXE booting? Enabling this option will cause Cobbler
- # to copy the undionly.kpxe file to the tftp root directory,
- # and if a profile/system is configured to boot via gpxe it will
- # chain load off pxelinux.0.
- # Default: false
- enable_gpxe: false
- # controls whether Cobbler will add each new profile entry to the default
- # PXE boot menu. This can be over-ridden on a per-profile
- # basis when adding/editing profiles with --enable-menu=false/true. Users
- # should ordinarily leave this setting enabled unless they are concerned
- # with accidental reinstalls from users who select an entry at the PXE
- # boot menu. Adding a password to the boot menus templates
- # may also be a good solution to prevent unwanted reinstallations
- enable_menu: true
- # change this port if Apache is not running plaintext on port
- # 80. Most people can leave this alone.
- http_port: 8000
- # kernel options that should be present in every Cobbler installation.
- # kernel options can also be applied at the distro/profile/system
- # level.
- kernel_options: {}
- # configuration options if using the authn_ldap module. See the
- # the Wiki for details. This can be ignored if you are not using
- # LDAP for WebUI/XMLRPC authentication.
- ldap_server: "ldap.example.com"
- ldap_base_dn: "DC=example,DC=com"
- ldap_port: 389
- ldap_tls: true
- ldap_anonymous_bind: true
- ldap_search_bind_dn: ''
- ldap_search_passwd: ''
- ldap_search_prefix: 'uid='
- ldap_tls_cacertfile: ''
- ldap_tls_keyfile: ''
- ldap_tls_certfile: ''
- # Cobbler has a feature that allows for integration with config management
- # systems such as Puppet. The following parameters work in conjunction with
- # --mgmt-classes and are described in further detail at:
- # https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system
- mgmt_classes: []
- mgmt_parameters:
- from_cobbler: true
- # if enabled, this setting ensures that puppet is installed during
- # machine provision, a client certificate is generated and a
- # certificate signing request is made with the puppet master server
- puppet_auto_setup: false
- # when puppet starts on a system after installation it needs to have
- # its certificate signed by the puppet master server. Enabling the
- # following feature will ensure that the puppet server signs the
- # certificate after installation if the puppet master server is
- # running on the same machine as Cobbler. This requires
- # puppet_auto_setup above to be enabled
- sign_puppet_certs_automatically: false
- # location of the puppet executable, used for revoking certificates
- puppetca_path: "/usr/bin/puppet"
- # when a puppet managed machine is reinstalled it is necessary to
- # remove the puppet certificate from the puppet master server before a
- # new certificate is signed (see above). Enabling the following
- # feature will ensure that the certificate for the machine to be
- # installed is removed from the puppet master server if the puppet
- # master server is running on the same machine as Cobbler. This
- # requires puppet_auto_setup above to be enabled
- remove_old_puppet_certs_automatically: false
- # choose a --server argument when running puppetd/puppet agent during autoinstall
- #puppet_server: 'puppet'
- # let Cobbler know that you're using a newer version of puppet
- # choose version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'
- #puppet_version: 2
- # choose whether to enable puppet parameterized classes or not.
- # puppet versions prior to 2.6.5 do not support parameters
- puppet_parameterized_classes: true
- # set to true to enable Cobbler's DHCP management features.
- # the choice of DHCP management engine is in /etc/cobbler/modules.conf
- manage_dhcp: true
- # set to true to enable Cobbler's DNS management features.
- # the choice of DNS mangement engine is in /etc/cobbler/modules.conf
- manage_dns: false
- # set to path of bind chroot to create bind-chroot compatible bind
- # configuration files. This should be automatically detected.
- bind_chroot_path: ""
- # set to the ip address of the master bind DNS server for creating secondary
- # bind configuration files
- bind_master: 127.0.0.1
- # set to true to enable Cobbler's TFTP management features.
- # the choice of TFTP mangement engine is in /etc/cobbler/modules.conf
- manage_tftpd: true
- # This variable contains the location of the tftpboot directory. If this directory is not present Cobbler does not
- # start.
- # Default: /var/lib/tftpboot
- tftpboot_location: "/var/lib/tftpboot"
- # set to true to enable Cobbler's RSYNC management features.
- manage_rsync: true
- # if using BIND (named) for DNS management in /etc/cobbler/modules.conf
- # and manage_dns is enabled (above), this lists which zones are managed
- # See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info
- manage_forward_zones: []
- manage_reverse_zones: []
- # if using Cobbler with manage_dhcp, put the IP address
- # of the Cobbler server here so that PXE booting guests can find it
- # if you do not set this correctly, this will be manifested in TFTP open timeouts.
- next_server: 127.0.0.1
- # settings for power management features. optional.
- # see https://github.com/cobbler/cobbler/wiki/Power-management to learn more
- # choices (refer to codes.py):
- # apc_snmp bladecenter bullpap drac ether_wake ilo integrity
- # ipmilan lpar rsa virsh wti
- power_management_default_type: 'ipmilan'
- # if this setting is set to true, Cobbler systems that pxe boot
- # will request at the end of their installation to toggle the
- # --netboot-enabled record in the Cobbler system record. This eliminates
- # the potential for a PXE boot loop if the system is set to PXE
- # first in it's BIOS order. Enable this if PXE is first in your BIOS
- # boot order, otherwise leave this disabled. See the manpage
- # for --netboot-enabled.
- pxe_just_once: true
- # if this setting is set to one, triggers will be executed when systems
- # will request to toggle the --netboot-enabled record at the end of their installation.
- nopxe_with_triggers: true
- # This setting is only used by the code that supports using Spacewalk/Satellite
- # authentication within Cobbler Web and Cobbler XMLRPC.
- redhat_management_server: "xmlrpc.rhn.redhat.com"
- # if using authn_spacewalk in modules.conf to let Cobbler authenticate
- # against Satellite/Spacewalk's auth system, by default it will not allow per user
- # access into Cobbler Web and Cobbler XMLRPC.
- # in order to permit this, the following setting must be enabled HOWEVER
- # doing so will permit all Spacewalk/Satellite users of certain types to edit all
- # of Cobbler's configuration.
- # these roles are: config_admin and org_admin
- # users should turn this on only if they want this behavior and
- # do not have a cross-multi-org seperation concern. If you have
- # a single org in your satellite, it's probably safe to turn this
- # on and then you can use CobblerWeb alongside a Satellite install.
- redhat_management_permissive: false
- # specify the default Red Hat authorization key to use to register
- # system. If left blank, no registration will be attempted. Similarly
- # you can set the --redhat-management-key to blank on any system to
- # keep it from trying to register.
- redhat_management_key: ""
- # if set to true, allows /usr/bin/cobbler-register (part of the koan package)
- # to be used to remotely add new Cobbler system records to Cobbler.
- # this effectively allows for registration of new hardware from system
- # records.
- register_new_installs: false
- # Flags to use for yum's reposync. If your version of yum reposync
- # does not support -l, you may need to remove that option.
- reposync_flags: "-l -n -d"
- # Flags to use for rysync's reposync. If flag 'a' is used then createrepo
- # is not ran after the rsync
- reposync_rsync_flags: "-rltDv --copy-unsafe-links"
- # when DHCP and DNS management are enabled, Cobbler sync can automatically
- # restart those services to apply changes. The exception for this is
- # if using ISC for DHCP, then omapi eliminates the need for a restart.
- # omapi, however, is experimental and not recommended for most configurations.
- # If DHCP and DNS are going to be managed, but hosted on a box that
- # is not on this server, disable restarts here and write some other
- # script to ensure that the config files get copied/rsynced to the destination
- # box. This can be done by modifying the restart services trigger.
- # Note that if manage_dhcp and manage_dns are disabled, the respective
- # parameter will have no effect. Most users should not need to change
- # this.
- restart_dns: true
- restart_dhcp: true
- # install triggers are scripts in /var/lib/cobbler/triggers/install
- # that are triggered in autoinstall pre and post sections. Any
- # executable script in those directories is run. They can be used
- # to send email or perform other actions. They are currently
- # run as root so if you do not need this functionality you can
- # disable it, though this will also disable "cobbler status" which
- # uses a logging trigger to audit install progress.
- run_install_triggers: true
- # enables a trigger which version controls all changes to /var/lib/cobbler
- # when add, edit, or sync events are performed. This can be used
- # to revert to previous database versions, generate RSS feeds, or for
- # other auditing or backup purposes. "git" and "hg" are currently suported,
- # but git is the recommend SCM for use with this feature.
- scm_track_enabled: false
- scm_track_mode: "git"
- scm_track_author: "cobbler <cobbler@localhost>"
- scm_push_script: "/bin/true"
- # this is the address of the Cobbler server -- as it is used
- # by systems during the install process, it must be the address
- # or hostname of the system as those systems can see the server.
- # if you have a server that appears differently to different subnets
- # (dual homed, etc), you need to read the --server-override section
- # of the manpage for how that works.
- server: 127.0.0.1
- # If set to true, all commands will be forced to use the localhost address
- # instead of using the above value which can force commands like
- # cobbler sync to open a connection to a remote address if one is in the
- # configuration and would traceback.
- client_use_localhost: false
- # If set to "true", all commands to the API (not directly to the XMLRPC server) will go over HTTPS instead of plaintext.
- # Be sure to change the "http_port" setting to the correct value for the web server.
- client_use_https: false
- # Should new profiles for virtual machines default to auto booting with the physical host when the physical host
- # reboots? This can be overridden on each profile or system object.
- virt_auto_boot: true
- # Cobbler's web directory. Don't change this setting -- see the Wiki on "Relocating your Cobbler install" if your "/var"
- # partition is not large enough.
- webdir: "/var/www/cobbler"
- # Directories that will not get wiped and recreated on a "cobbler sync".
- webdir_whitelist:
- - misc
- - web
- - webui
- - localmirror
- - repo_mirror
- - distro_mirror
- - images
- - links
- - pub
- - repo_profile
- - repo_system
- - svc
- - rendered
- - .link_cache
- # Cobbler's public XMLRPC listens on this port. Change this only
- # if absolutely needed, as you'll have to start supplying a new
- # port option to koan if it is not the default.
- xmlrpc_port: 25151
- # "cobbler repo add" commands set Cobbler up with repository
- # information that can be used during autoinstall and is automatically
- # set up in the Cobbler autoinstall templates. By default, these
- # are only available at install time. To make these repositories
- # usable on installed systems (since Cobbler makes a very convenient
- # mirror) set this to true. Most users can safely set this to true. Users
- # who have a dual homed Cobbler server, or are installing laptops that
- # will not always have access to the Cobbler server may wish to leave
- # this as false. In that case, the Cobbler mirrored yum repos are still
- # accessable at http://cobbler.example.org/cblr/repo_mirror and yum
- # configuration can still be done manually. This is just a shortcut.
- yum_post_install_mirror: true
- # the default yum priority for all the distros. This is only used if yum-priorities plugin is used.
- # 1=maximum
- # Tweak with caution!
- yum_distro_priority: 1
- # Flags to use for yumdownloader. Not all versions may support
- # --resolve.
- yumdownloader_flags: "--resolve"
- # sort and indent JSON output to make it more human-readable
- serializer_pretty_json: false
- # replication rsync options for distros, autoinstalls, snippets set to override default value of "-avzH"
- replicate_rsync_options: "-avzH"
- # replication rsync options for repos set to override default value of "-avzH"
- replicate_repo_rsync_options: "-avzH"
- # always write DHCP entries, regardless if netboot is enabled
- always_write_dhcp_entries: false
- # External proxy - used by: "get-loaders", "reposync", "signature update"
- # Eg: "http://192.168.1.1:8080" (HTTP), "https://192.168.1.1:8443" (HTTPS)
- proxy_url_ext: "http://ip:port"
- # Internal proxy - used by systems to reach Cobbler for templates
- # Eg: proxy_url_int: "http://10.0.0.1:8080"
- proxy_url_int: ""
- # This is a directory of files that Cobbler uses to include
- # files into Jinja2 templates
- jinja2_includedir: "/var/lib/cobbler/jinja2"
- # Up to now, cobblerd used $server's IP address instead of the DNS name in autoinstallation
- # file settings (pxelinux.cfg files) to save bytes, which seemed required for S/390 systems.
- # This behavior can have negative impact on installs with multi-homed Cobbler servers, because
- # not all of the IP addresses may be reachable during system install.
- # This behavior was now made conditional, with default being "off".
- convert_server_to_ip: false
- # Leftover settings
- bootloaders_dir: "/var/lib/cobbler/loaders"
- buildisodir: "/var/cache/cobbler/buildiso"
- cobbler_master: ""
- default_virt_disk_driver: "raw"
- grubconfig_dir: "/var/lib/cobbler/grub_config"
- iso_template_dir: "/etc/cobbler/iso"
- # Puppet
- puppet_server: ""
- puppet_version: 2
- # Signatures
- signature_path: "/var/lib/cobbler/distro_signatures.json"
- signature_url: "https://cobbler.github.io/signatures/3.0.x/latest.json"
- # Include other configuration snippets. Overwriting a key from this file in a childfile will overwrite the value from
- # this file.
- include: [ "/etc/cobbler/settings.d/*.settings" ]
|