Install of the stuff you need, and maybe some of the stuff you don't.
yum install epel-release -y
yum install cobbler cobbler-web pykickstart fence-agents-all git nc dhcp xinetdfirewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reloadOur cert provider is dumb so I'm just going to use Let's Encrypt.
git clone https://github.com/Neilpang/acme.sh
cd acme.sh; ./acme.sh --install
acme.sh --issue --apache -d bootstrap2.mwt2.orgYou should see some stuff and then:
[Thu Aug 11 11:13:28 CDT 2016] Your cert is in /root/.acme.sh/bootstrap2.mwt2.org/bootstrap2.mwt2.org.cer
[Thu Aug 11 11:13:29 CDT 2016] The intermediate CA cert is in /root/.acme.sh/bootstrap2.mwt2.org/ca.cer
[Thu Aug 11 11:13:29 CDT 2016] And the full chain certs is there: /root/.acme.sh/bootstrap2.mwt2.org/fullchain.cerOnce the cert has been created, dump it into the appropriate places:
cp ~/.acme.sh/bootstrap2.mwt2.org/bootstrap2.mwt2.org.cer /etc/pki/tls/certs
cp ~/.acme.sh/bootstrap2.mwt2.org/bootstrap2.mwt2.org.key /etc/pki/tls/privateAnd then edit SSLCertificateFile and SSLCertificateKeyFile in /etc/httpd/conf.d/ssl.conf, such that they look like this:
SSLCertificateFile /etc/pki/tls/certs/bootstrap2.mwt2.org.cer
SSLCertificateKeyFile /etc/pki/tls/private/bootstrap2.mwt2.org.key
Restart httpd and check to see if it works.
systemctl restart httpdEdit the server field in /etc/cobbler settings
server: 192.170.227.0In the same file, update the TFTP server address:
next_server: 192.170.227.0Enable DHCPd:
manage_dhcp: 1Enable "pxe just once" to avoid boot loops:
pxe_just_once: 1Turn on cobbler change tracking:
scm_track_enabled: 1
scm_track_mode: "git"Mount the mirror server as NFS, then point cobbler to it and the publically accessible HTTP server:
cobbler import --path=/mirror/pub/linux/scientific/6x/x86_64/os/ --name="SL-6x" --available-as=http://mirror.grid.uchicago.edu/pub/linux/scientific/6x/x86_64/os/
cobbler import --path=/mirror/pub/linux/scientific/6.8/x86_64/os/ --name="SL-6.8" --available-as=http://mirror.grid.uchicago.edu/pub/linux/scientific/6.8/x86_64/os/
cobbler import --path=/mirror/pub/linux/scientific/7x/x86_64/os/ --name="SL-7x" --available-as=http://mirror.grid.uchicago.edu/pub/linux/scientific/7x/x86_64/os/# DNS
firewall-cmd --zone=public --add-port=53/tcp --add-port=53/udp --permanent
# DHCP
firewall-cmd --zone=public --add-port=68/tcp --permanent
# TFTP
firewall-cmd --zone=public --add-port=69/tcp --add-port=69/udp --permanent
# NTP
firewall-cmd --zone=public --add-port=123/udp --permanent
# Misc Cobbler stuff (KOAN RPC, Syslog)
firewall-cmd --zone=public --add-port=25150/udp --add-port=25151/tcp --add-port=25152/tcp --permanent
firewall-cmd --reloadThis is mostly to make 'cobbler check' warnings go away.
Enable rsyncd
systemctl enable rsyncd.serviceGet the bootloaders for non-x86/x64 architectures:
cobbler get-loadersReset cobbler default password. First generate a new password:
openssl passwd -1
Then dump it into /etc/cobbler/settings:
default_password_crypted: "your hashed password here"
Run a cobbler check to see if everything is OK.
You'll need to have the following services running:
systemctl status cobblerd
systemctl status xinetd
systemctl status dhcpd
systemctl status httpdEdit /usr/lib/python2.7/site-packages/cobbler/modules/scm_track.py
Change the following from
rc = utils.subprocess_call(logger,"git commit -m 'API update' --author 'cobbler <[email protected]>'",shell=True)to
rc = utils.subprocess_call(logger,"git commit -m 'API update' --author 'cobbler <[email protected]>'",shell=True)
rc = utils.subprocess_call(logger,"git push origin",shell=True)Create a new repo in gitlab and then push to it
git remote add origin http://puppet.mwt2.org/MWT2/mwt2-cobbler.gitYou can permanently store the credentials (in plaintext) by using
git config credential.helper store