Normation – CC-BY-SAnormation.com

CobblerCobbler

Fast and reliable multi-OS provisionningFast and reliable multi-OS provisionning

Matthieu CERDA – LOADays 2013

Normation – Tous droits réservésnormation.com

Who are you

Job System administrator

Phone: +33 6 30 53 40 00

Email : matthieu.cerda@normation.com

Web site : www.normation.com

@Kegeruneku

Normation – CC-BY-SAnormation.com 3

Problem

● Problem : Deploying new VMs is a painfully heavy and error-prone process.

● Solution: A tool able to automatize this the best way possible !

Normation – CC-BY-SAnormation.com 4

PXE

● “The Preboot eXecution Environment (PXE, also known as Pre-Execution Environment; sometimes pronounced "pixie") is an environment to boot computers using a network interface independently of data storage devices (like hard disks) or installed operating systems.” (Thanks Wikipedia)

●Created to respond to a simple problem: before it, even with automated installations, the administrator needed to move towards the machine, and boot it manually with a media.

● Administrators are lazy (well, I am), and thus needed something to install a machine from the boot to the login prompt, with the least human interference possible.

Normation – CC-BY-SAnormation.com 5

Problem (again)

● PXE boot needs a tight and coherent integration of all these services:

● DHCP● TFTP● HTTP● (DNS, optionnal)

● Installing them and setting them requires specific experience, skills and time.

● Time + skills = investment (either from people or from the wallet)

● 1st problem: PXE is expensive

Normation – CC-BY-SAnormation.com 6

Problem (this is getting annoying !!!)

● PXE boot needs a tight and coherent integration of all these services:

● DHCP● TFTP● HTTP● (DNS, optionnal)

● Keeping them in sync is horrifyingly painful, you KNOW something will break one day or another (typos, forgot to copy a file ...)

● So, 2nd trouble: PXE is hard to manage

Normation – CC-BY-SAnormation.com 7

Context

ID Card● Name : ● Birthdate : 2007● Language : Python● Licence : GPL● Author : Michael DeHaan ( You went to the Ansible presentation this morning, did you ? )● Dependencies : DHCP/TFTP/[DNS]● Disponibility : Packages ( or sources )

● Tested and approved™ :

Normation – CC-BY-SAnormation.com 8

A little project history

Birth

2011: Site switching from Fedora hosting to Github

2012: Used by Canonical for OpenStack tests

Normation – CC-BY-SAnormation.com 9

Global architecture

Distributions

Kernel Initrd Arguments Classes

Profiles

Repositories Network Proxy Classes

System

LDAP RHN/RHM Network Virtualization Puppet

REST API

Normation – CC-BY-SAnormation.com 10

Global architecture

CLI Koan

LibVirt

API

Cobbler

PXE

DNS TFTP DHCP

Physical machines

Virtual machines

HTTP

Web UI

Normation – CC-BY-SAnormation.com 11

Distro

●A basic representation of an OS

●Added through the CLI

Normation – CC-BY-SAnormation.com 12

Profile

●Abstraction layer between distros ans systems

●Can be used to define roles, for example: web_server, dns_server...

Normation – CC-BY-SAnormation.com 13

System

●The most important part, what the user will see !

●Will define physical or virtual entities, like a libvirt VM or a plain computer. The MAC address serves as a binding between the low level PXE and the system definition.

Normation – CC-BY-SAnormation.com 14

KOAN

● Works “out of the box”

● Adds LibVirt support to Cobbler

Normation – CC-BY-SAnormation.com 15

KOAN

● Demo !!!

Normation – CC-BY-SAnormation.com 16

Configuration

● /etc/cobbler/settings● YAML file, setting global variables and special cobblerd specific

parameters● Can then be overriden by other abstraction layers

● /etc/cobbler/modules● Defines which services will be managed (and how)● Also defines how authentication will be done (for web UI for

example)

● /var/lib/cobbler/...● Stores all the distro/profile/system/... configurations

Normation – CC-BY-SAnormation.com 17

Usefulness

● “So, why is Cobbler so useful for you ?”

● Aptitude/yum install cobbler, as simple as that

● Just works, out of the box

● Easy integration with Virtualization software

● Seriously, managing PXE by hand is a pain in the neck...

● “Remember when we used to manage kickstart files by hand ?”● “Yeah, so many hours I could have used to slack looking at cat

videos...”

Normation – CC-BY-SAnormation.com 18

Usefulness

● “Can I deploy this in my company / home / toaster now ?”

● Yes ! It actually integrates well with existing machines/services.

● Just works, out of the box

● All you need is a machine, a distro CD / ISO and you're done.

● Can by used as an emergency crash recovery solution● Used in a french company after a natural catastrophe (flood) to

restore quickly a new bunch of machines back to an operationnal state. [reference needed]

Normation – CC-BY-SAnormation.com 19

Integration with existing services

● Cobbler can integrate with services like:

● Local repository mirrors

● Local DNS / TFTP / ... services

● Configuration management: CFEngine / Puppet / Chef / Ansible / ...

Normation – CC-BY-SAnormation.com 20

Protips

● When you install Cobbler, remember some important points

● SELinux is tricky

● DISABLE STP ON YOUR BRIDGES !!!

● If something fails, check your firewall. If it still fails, check again.

● Always have a sandbox environment to play with.● KVM is a great tool, especially with libvirt

● Keep It Simple and Safe

Normation – CC-BY-SAnormation.com 21

Extensibility

● We develop Rudder, an IT automatization and conformity tool.

● Goal: Add a support for Cobbler

● Problem: Cobbler only supports Cobbler at this time !

● Solution: Add the necessary bindings ourselves ! (All hail Python \o/)

Let us take a slightly more complex case...

System

LDAP RHN/RHM Network Virtualization Puppet Rudder

Normation – CC-BY-SAnormation.com 22

Extensibility

Normation – CC-BY-SAnormation.com 23

Thank you for your attention !( Questions time )