Chapter 4 Provisioning Client Systems

Oracle supports the provisioning of Oracle Linux servers as Spacewalk client systems. You can use Spacewalk to manage Fedora-based clients and other systems by using upstream client binaries and repositories. However, note that Oracle does not provide support for these clients.

Oracle provides Spacewalk Client packages for Oracle Linux 6, for both x86_64 and x86_64 architectures. For Oracle Linux 7, only packages for the x86_64 architecture are provided.

If you configure a Spacewalk server to mirror the Spacewalk client channel that is provided on the Oracle Linux yum server and then enable this channel for a kickstart profile, Spacewalk automatically installs the Spacewalk Client software on any Oracle Linux server that it provisions and registers this server as a Spacewalk Client. You can use the spacewalk-common-channels command to configure the Spacewalk client channel, as described in Section 2.3, “Configuring Software Channels to Obtain Packages From the Oracle Linux Yum Server”.

4.1 About Kickstart Trees, Distributions, and Profiles

You can use kickstart to automate the installation of Oracle Linux systems and then use Spacewalk to provide packages during the installation.

If you want to provision bare-metal systems and virtual machines, create a distribution in Spacewalk for each combination of Oracle Linux release and system architecture that you want to install by using kickstart.

You need to set up a local directory such as /var/distro-trees on your Spacewalk server that contains the entire kickstart tree for each distribution, which includes the installation kernel, the initial ram-disk image, installation files, and information about the repositories. This directory must be readable and accessible by the httpd and tomcat6 services. The kickstart tree does not need to include any packages, as Spacewalk provides these.

Relative to the root of the kickstart tree, the installation kernel and initial ram-disk images should be located at ./images/pxeboot. For example, if the root of the kickstart tree for Oracle Linux 6 (x86_64) server installation is /var/distro-trees/ol6-x86_64-server, the installation kernel and the initial ram-disk images would be located at /var/distro-trees/ol6-x86_64-server/images/pxeboot.

See Section 4.2, “Setting Up Kickstart Trees”.

You create a kickstart distribution by associating a kickstart tree with existing channels. A client boots by using the kickstart tree but installs its software packages from the existing channels. The packages that are installed on the client will be as up to date as those that are currently available from the channels.

See Section 4.3, “Working With Kickstart Distributions”.

Note

Currently, you cannot use the spacewalk-repo-sync --sync-kickstart command to create a kickstart distribution from the channels that are available on the Oracle Linux yum server or on ULN.

After you have created a kickstart distribution, you can use it with kickstart profiles. Typically, each profile provisions a different type of server. You can configure a profile to generate a kickstart file, or you can use an existing kickstart file. You can associate as many profiles with a single distribution as you need to provision servers that share the same combination of Oracle Linux release and system architecture.

See Section 4.4, “Working With Kickstart Profiles”.

4.2 Setting Up Kickstart Trees

To set up a kickstart tree for a distribution on the Spacewalk server, do the following:

  1. If the root for all kickstart trees, typically, /var/distro-trees, does not already exist, create this directory. If required, set its SELinux file type as httpd_sys_content_t so that httpd and tomcat6 can make the files available:

    1. Create the root directory for the kickstart tree as follows:

      # mkdir -p /var/distro-trees/ol7u2-x86_64-server
    2. If SELinux is enabled in enforcing mode on your system, do the following:

      1. Use the semanage command to define the default file type of the kickstart tree as httpd_sys_content_t.

        # /usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/var/distro-trees(/.*)?"

      2. Use the restorecon command to apply the file type to the entire directory hierarchy.

        # /sbin/restorecon -R -v /var/distro-trees

        Note

        The semanage and restorecon commands are provided by the policycoreutils-python and policycoreutils packages.

  2. Download the full Oracle Linux Media Pack DVD image for the Oracle Linux release and system architecture from the Oracle Software Delivery Cloud at https://edelivery.oracle.com/linux and mount it on a suitable mount point.

    Note

    For the mount to succeed, you will need to create the /var/distro-trees/olNun-arch-server directory if it does not already exist.

    # mount -o loop /var/ISOs/DVDimage.iso /var/distro-trees/olNun-arch-server 
  3. Create an entry in the /etc/fstab file so that the system always mounts the DVD image after a reboot.

    /var/ISOs/V100082-01.iso  /var/distro-trees/OL7u2-x86_64-server  iso9660  loop,ro  0 0
  4. If you want to associate a kickstart tree with a software channel or to be able to boot iPXE clients, create a symbolic link from /var/www/html to /var/distro-trees.

    # ln -s /var/distro-trees /var/www/html/distro-trees

    The installation images will then be available at a URL such as https://swksvr_FQDN/distro-trees/olNun-arch-server/images, where swksvr_FQDN is the FQDN of the Spacewalk server or proxy.

    You should be able to see the contents of the mounted installation image listed at the URL by using a browser. If you cannot see the files, do the following:

    1. Edit the /etc/httpd/conf/httpd.conf file and enable support for directory indexing and symbolic links by specifying Options Indexes FollowSymLinks in the <Directory "/var/www/html"> section.

    2. Reload the httpd service.

      # service httpd reload

4.3 Working With Kickstart Distributions

If you want to create a kickstart distribution that uses a kickstart tree with existing software channels, you can use either the Spacewalk web interface or the Spacewalk CLI.

4.3.1 Working With Kickstart Distributions by Using the Spacewalk Web Interface

Figure 4.1 Kickstartable Distributions Page

Go to Systems, select Kickstart and then Distributions.

  • To create a distribution:

    1. Click + create new distribution.

    2. On the Create Activation Key page, enter the key settings in the following fields:

      Distribution Label

      Enter a label for the distribution, for example, ol7u4-x86_64-server.

      Tree Path

      Enter the path of the kickstart tree for the distribution, for example, /var/distro-trees/ol7u2-x86_64-server.

      Base Channel

      Select the base channel with which the distribution is associated, for example, Oracle Linux 7 (x86_64) Base.

      Installer Generation

      Select the operating system release that provided the installer, for example, Red Hat Enterprise Linux 7/Oracle Linux 7.

      Kernel Options

      Enter any options that should be specified when booting the installation kernel, for example, noapic or text.

      Post Kernel Options

      Enter any options that should be specified when booting the installed system's kernel, for example, 3 or selinux=0.

    3. Click Create Kickstart Distribution to create the distribution.

  • To view a distribution, select its entry to display its details.

  • To modify a distribution:

    1. Select the distribution whose settings you want to edit.

    2. On the Edit Kickstart Distribution page, modify the settings as required.

    3. If you want to create, modify, or delete kickstart variables:

      1. Select the Variables tab.

      2. On the Kickstart Variables page, define new variables or edit or delete existing variable entries.

      3. Click Update Variables to save your changes.

      4. Select the Edit tab to return to the Edit Kickstart Distribution page.

    4. Click Update Kickstart Distribution to save your changes.

  • To delete a distribution:

    1. Select the distribution that you want to delete.

    2. On the Edit Kickstart Distribution page, click delete distribution and then click Delete Distribution to confirm.

4.3.2 Working With Kickstart Distributions by Using the spacecmd Command

Create a distribution by using the distribution_create command, as shown in the following example:

spacecmd {SSM:0}> distribution_create 
Name: ol7-x86_64-server
Path to Kickstart Tree: /var/distro-trees/ol7-x86_64-server

Base Channels
-------------
oraclelinux6-x86_64
oraclelinux7-x86_64

Base Channel: oraclelinux7-x86_64

Install Types
-------------
fedora
generic_rpm
rhel_2.1
rhel_3
rhel_4
rhel_5
rhel_6
rhel_7
suse

Install Type: rhel_7

To list all activation keys, use the distribution_list command:

spacecmd {SSM:0}> distribution_list
ol6-x86_64-server
ol7-x86_64-server

To display the details of an activation key, use the distribution_details command:

spacecmd {SSM:0}> distribution_details ol7-x86_64-server
Name:    ol7-x86_64-server
Path:    /var/distro-trees/ol7-x86_64-server
Channel: oraclelinux7-x86_64

To delete an activation key, use the distribution_delete command:

spacecmd {SSM:0}> distribution_delete ol7-x86_64-server
ol7-x86_64-server

Delete distribution tree(s) [y/N]: y

4.4 Working With Kickstart Profiles

A kickstart configuration file contains all of the information that kickstart requires to perform an automated installation of a server. Every Oracle Linux installation creates a kickstart file, which is /root/anaconda-ks.cfg. You can use this file to repeat an installation, or you can customize the settings in this file for different system configurations. The file is also useful for troubleshooting a boot-time problem with an installed system. You can use Spacewalk to create a kickstart profile that generates a kickstart file or you can create a profile that contains a kickstart file that you have uploaded or copied into Spacewalk.

You can use either the Spacewalk web interface or the Spacewalk command line to configure kickstart profiles.

4.4.1 Adding GPG Keys and SSL Certificates by Using the Spacewalk Web Interface

Oracle Linux ships with the GPG key that is required for each version by default. However, you must manually add GPG keys for any third-party vendors.

The Oracle GPG key that is appropriate for the installed version is stored by default at file:///etc/pki/rpm-gpg-RPM-GPG-KEY on every Oracle Linux server.

Add a GPG key or SSL certificate to Spacewalk as follows:

  1. Go to Systems, select Kickstart and then GPG and SSL Keys to display the GPG Public Keys and SSL Certificates page.

  2. Click Create Stored Key/Cert to display the Create GPG/SSL Key page.

  3. Enter a text description of the key or certificate in the Description field.

  4. Select GPG or SSL, as appropriate, from the Type pull-down menu.

  5. Either click Browse and select the key or certificate file to upload or paste the file contents into the Key contents field.

    Note

    GPG keys must be in ASCII, not binary, format.

  6. Click Create Key.

After you have added the GPG keys and SSL certificates to Spacewalk, you can associate them with kickstart profiles as described in Section 4.4.2, “Working With Kickstart Profiles by Using the Spacewalk Web Interface”.

4.4.2 Working With Kickstart Profiles by Using the Spacewalk Web Interface

Figure 4.2 Kickstart Profiles Page

Go to Systems, select Kickstart and then Profiles.

  • To create a profile that contains a kickstart file generated by Spacewalk:

    1. Click + create new kickstart profile.

    2. On Step 1, Create kickstart Profile page, enter the profile settings in the following fields:

      Label

      Enter a label for the profile, for example, ol7u4-x86_64-minimal.

      Base Channel

      Select the base channel with which the distribution is associated, for example, Oracle Linux 7 (x86_64) Base.

      Kickstartable Tree

      Select the kickstart distribution with which the profile is associated, for example, ol7u4-x86_64-server.

      Virtualization Type

      Select the virtualization type.

      For Oracle Linux installations on virtual machines that are hosted by Oracle VM or Oracle VM VirtualBox, select None.

      For Oracle Linux 6 and Oracle Linux 7 as a Kernel-based Virtual Machine (KVM) guest, select KVM Virtualized Guest.

      Click Next.

    3. On Step 2, Distribution File Location page, click Next to accept the default download location that Spacewalk creates from the kickstart tree.

    4. On Step 3, Root Password page, enter and verify the root password for newly installed systems, and click Finish to create the profile.

      You can now configure the kickstart profile itself. The following steps describe the changes that are usually required to create a useable profile.

      Note

      At any stage, you can select Kickstart File to view the kickstart file that Spacewalk would generate from the profile by using the saved configuration settings.

    5. Select Kickstart Details to display the Details page.

      1. On the Details page, you can do the following:

        • Edit the Kickstart label.

        • Change the virtualization type.

        • Activate or de-activate the profile.

        • Configure custom post and pre script logging.

        • Choose whether to save a copy of the kickstart configuration to /root on an installed system.

        • Select an organization default profile.

        • Specify installation and post-installation kernel options.

        • Add a description of the profile.

        Click Update Kickstart to save your changes.

      2. Select Operating System and select the check boxes for the child channels that you want to associate with the profile.

        Note

        To enable Spacewalk to register the system automatically, select the Spacewalk Client channel.

        The Software URL path is the virtual location where Spacewalk hosts the installation packages. It is not a real path in the file system.

        Click Update Kickstart to save your changes.

      3. (Optional) Select Variables to define any kickstart variables that you require, then click Update Variables to save your changes.

      4. Select Advanced Options to modify the kickstart options, then click Update Kickstart to save your changes.

        For more information about the available kickstart options, see Appendix A, Kickstart Options.

      5. If you intend to install bare-metal systems, select Bare Metal Kickstart and follow the instructions on the Bare Metal Kickstart page. This page lists the URL of the kickstart file that you can use to install bare-metal systems and enables you to define the IP address ranges that are associated with the profile.

    6. Select System Details to display the Details page:

      1. On the Details page, you can do the following:

        • Choose the default SELinux mode for the installed system.

        • Enable or disable Spacewalk configuration file management by selecting or deselecting the Enable Spacewalk Configuration Management check box.

          Note

          You must also include the rhncfg, rhncfg-actions, and rhncfg-client packages for installation.

        • Enable or disable Spacewalk remote commands by selecting or deselecting the Enable Spacewalk Remote Commands check box.

          Note

          You must also include the rhncfg, rhncfg-actions, and rhncfg-client packages for installation.

        • Choose whether to reuse an existing profile, replace the existing profile, or create a new profile but retain the existing profile.

        • Change the root password for installed systems.

          Note

          If you make any other changes on this page, you must re-enter and verify the root password.

        Click Update System Details to save your changes.

      2. Select Locale, then select the default time zone for installed systems and whether the hardware clock uses UTC, and click Update Locale Preferences to save your changes.

      3. Select Partitioning to define the partitions to be created during installation, then click Update Partitions to save your changes.

        Note

        Clear the partitioning configuration if you select the automatic-partitioning option autopart on the Advanced Options page.

      4. Select GPG & SSL to display a list of the GPG keys and SSL certificates that are known to Spacewalk. Select the keys and certificates that should be imported into the %post section of the kickstart profile, then click Update Keys to save your selection.

        For information about adding a GPG key or SSL certificate to Spacewalk, see Section 4.4.1, “Adding GPG Keys and SSL Certificates by Using the Spacewalk Web Interface”.

    7. Select Software to display the Package Groups page.

      1. Edit the list of packages to be installed:

        • For sample lists of packages, see Appendix B, Sample Minimum Package Lists.

        • The @ Base entry installs a minimal group of packages that are required to install a system.

          If you want to specify the list of base packages explicitly, select the Don't install @Base package group check box.

        • If you do not want the installation to halt if it cannot locate a package, select the Ignore missing packages check box.

        • If you have associated the Spacewalk Client channel with the profile, Spacewalk installs the Spacewalk Client packages automatically. You do not need to specify them in this list.

        • If you enable configuration file management and remote commands by selecting the Enable Spacewalk Configuration Management and Enable Spacewalk Remote Commands check boxes on the Details page, include the rhncfg, rhncfg-actions, and rhncfg-client packages.

        • If you want to be able to apply updates and actions to a client system immediately from the Spacewalk server, include the osad package.

      2. Click Update Packages to save your changes.

    8. Select Activation Keys, then select the activation key to associate with the profile, and click Update Activation Keys to save your changes.

      Note

      A Spacewalk server activates the channels that are associated with an activation key when it registers the Spacewalk client at the end of the provisioning process. Enabling the Spacewalk Client channel by specifying the activation key is not sufficient to install the Spacewalk client software during the kickstart process. Instead, you must specify the packages in the kickstart profile. The channels that are available to a Spacewalk client during a kickstart installation and the channels that are available after installation are independent. You can use channels during a kickstart installation that are not available after installation if the activation key does not enable them.

    9. Select Scripts to define commands that you want to run on the system before or after installation.

      You can configure a preinstallation or post-installation script by using the following fields:

      Scripting Language

      (Optional) The path name of the script language interpreter, such as /usr/bin/python.

      Leave blank if you want to run bash shell commands.

      Script Name

      Enter a name for the script.

      Script Contents

      Select the script type from the pull-down list: Shell, XML, Ruby, Python, or perl, and enter the script in the text area.

      Script Execution Time

      Select the time at which the script is executed from the pull-down list: Pre Script for before installation or Post Script for after installation.

      nochroot

      (Optional) Select whether the script should run outside a chroot jail.

      erroronfail

      (Optional) Select to stop the installation if an error occurs when the script runs.

      Template

      (Optional) Select to enable Cobbler templating for the script.

    Note

    If you want to be able to apply updates and actions to a client system immediately from the Spacewalk server, include the osad package for installation, which contains the Open Source Architecture (OSA) daemon and use the following kickstart option to enable the osad service:

    services --enabled=osad

    If you do not enable configuration file management and remote commands by selecting the Enable Spacewalk Configuration Management and Enable Spacewalk Remote Commands check boxes on the Details page, you can alternatively include the rhncfg, rhncfg-actions, and rhncfg-client packages for installation and configure rhn-actions-control to run on the client system in the post-installation shell:

    rhn-actions-control --enable-all

    For more information, see the rhn-actions-control(8) manual page.

  • To create a profile that contains a kickstart file that you upload or copy into Spacewalk, do the following:

    1. Click upload new kickstart file.

    2. On the Kickstart Details page, enter the key settings in the following fields:

      Label

      Enter a label for the profile, for example, ol6-x86_64-custom.

      Kickstartable Tree

      Select the kickstart distribution with which the profile is associated, for example. ol6-x86_64-server.

      Virtualization Type

      Select the virtualization type. For Oracle Linux installations on virtual machines that are hosted by Oracle VM or Oracle VM VirtualBox, select None.

    3. Do one of the following:

      • Copy and paste the contents of a kickstart file into the File Contents text box.

      • Click Browse..., then select the path of a kickstart file and click Upload file to upload it to the File Contents text box.

    4. If necessary, edit the kickstart file contents in the File Contents text box.

    5. Click Update.

  • To view a profile, select its entry to display its details.

  • To modify a profile, do the following:

    1. Select the profile for which you want to modify settings.

    2. Select each tab and page that contains settings that you want to modify.

    3. Click the Confirmation button on each page to save your changes.

  • To delete a profile, do the following:

    1. Select the distribution that you want to delete.

    2. On the Kickstart Details page, click delete kickstart and then click Delete Kickstart to confirm.

4.4.3 Working With Kickstart Profiles by Using the spacecmd Command

You can list all of the kickstart profiles by using the kickstart_list command as follows:

spacecmd {SSM:0}> kickstart_list
ol6u6-x86_64-minimal

To display the details of a kickstart profile, use the kickstart_details command:

spacecmd {SSM:0}> kickstart_details ol6u6-x86_64-minimal
Name:        ol6u6-x86_64-minimal
Label:       ol6u6-x86_64-minimal
Tree:        ol6-x86_64-server
Active:      True
Advanced:    False
Org Default: False

Configuration Management: False
Remote Commands:          False

Software Channels
-----------------
ol6u6-x86_64

Advanced Options
----------------
auth --enableshadow --passalgo=sha256
bootloader --location mbr
clearpart --all
firewall --disabled
keyboard us
lang en_US
network --bootproto dhcp
rootpw $5$ZdYXHxbNqu76Q5dG$.KWiOPyrGk8V5q/FEqYbWpCZdD5St387sn7jOyPH400
selinux --permissive
timezone America/New_York
url --url /var/distro-trees/ol6-x86_64-server

Software
--------
@ Base

Crypto Keys
-----------
RHN-ORG-TRUSTED-SSL-CERT

Variables
---------
org = 1

To display the contents of the kickstart file that a profile generates, use the kickstart_getcontents command:

spacecmd {SSM:0}> kickstart_getcontents ol6u6-x86_64-minimal
# Kickstart config file generated by Spacewalk Config Management
# Profile Label : ol6u6-x86_64-minimal
# Date Created  : 2015-06-11 11:34:15.157666

install
text
network --bootproto dhcp
url --url http://swksvr.mydom.com/ks/dist/ol6-x86_64-server
lang en_US
keyboard us
zerombr
clearpart --all
bootloader --location mbr
timezone America/New_York
auth --enableshadow --passalgo=sha256
rootpw --iscrypted $5$ZdYXHxbNqu76Q5dG$.KWiOPyrGk8V5q/FEqYbWpCZdD5St387sn7jOyPH400
selinux --permissive
reboot
firewall --disabled
skipx
autopart
...

The spacecmd command provides a large number of commands for managing kickstart profiles. Use the help command to find out more information:

spacecmd {SSM:0}> help

Documented commands (type help <topic>):
========================================
...              
kickstart_addactivationkeys
kickstart_addchildchannels
kickstart_addcryptokeys
kickstart_addfilepreservations
kickstart_addoption
kickstart_addpackages
kickstart_addscript
kickstart_addvariable
kickstart_clone
kickstart_create
kickstart_delete
kickstart_details
kickstart_diff
kickstart_disableconfigmanagement
kickstart_disableremotecommands
kickstart_enableconfigmanagement
kickstart_enablelogging
kickstart_enableremotecommands
kickstart_export
kickstart_getcontents
kickstart_getupdatetype
kickstart_import
kickstart_import_raw
kickstart_importjson
kickstart_list
kickstart_listactivationkeys
kickstart_listchildchannels
kickstart_listcryptokeys
kickstart_listcustomoptions
kickstart_listoptions
kickstart_listpackages
kickstart_listscripts
kickstart_listvariables
kickstart_removeactivationkeys
kickstart_removechildchannels
kickstart_removecryptokeys
kickstart_removefilepreservations
kickstart_removeoptions
kickstart_removepackages
kickstart_removescript
kickstart_removevariables
kickstart_rename
kickstart_setcustomoptions
kickstart_setdistribution
kickstart_setlocale
kickstart_setpartitions
kickstart_setselinux
kickstart_setupdatetype
kickstart_updatevariable
...
spacecmd {SSM:0}> help kickstart_create
kickstart_create: Create a Kickstart profile
usage: kickstart_create [options]

options:
  -n NAME
  -d DISTRIBUTION
  -p ROOT_PASSWORD
  -v VIRT_TYPE ['none', 'para_host', 'qemu', 'xenfv', 'xenpv']

4.5 Installing Client Systems by Using Kickstart

To install a client system from a generated kickstart file, you can do one of the following:

  • Boot the system from a real or virtual CD-ROM drive by using a boot ISO image or a full DVD image that you have downloaded from the Oracle Software Delivery Cloud at https://edelivery.oracle.com/linux, specifying the network location of the kickstart file as a boot option.

    This installation method is suitable for installing virtual machines or if you need to install only a small number of bare-metal systems at a local site.

  • After configuring DHCP to support network booting of PXE clients and Cobbler to support the requirements of individual clients, boot the system from the network.

    This installation method is suitable for installing virtual machines or if you need to install bare-metal systems at both local and remote sites.

4.5.1 Configuring Cobbler and DHCP to Support Network Booting

The following procedure assumes that you have configured a DHCP server on the same system as the Spacewalk server. If DHCP is already provided on your network, you will need to work with your Network Administrator to configure network (PXE) boot support.

To configure Cobbler and DHCP to support the booting of client systems over the network, follow these steps:

  1. Install the cobbler-loaders and dhcp packages.

    # yum install cobbler-loaders dhcp

  2. To configure Cobbler to manage the DHCP service, edit /etc/cobbler/settings and modify the manage_dhcp setting.

    manage_dhcp: 1
  3. Edit the DHCP server configuration template file (/etc/cobbler/dhcp.template) and change the subnet configuration for your local configuration.

    The following example show how to select either the pxelinux boot loader for BIOS-based PXE clients or the GRUB boot loader for UEFI-based PXE clients:

    # ******************************************************************
    # Cobbler managed dhcpd.conf file
    #
    # generated from cobbler dhcp.conf template ($date)
    # Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
    # in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
    # overwritten.
    #
    # ******************************************************************
    
    ddns-update-style interim;
    
    allow booting;
    allow bootp;
    
    ignore client-updates;
    set vendorclass = option vendor-class-identifier;
    option pxe-system-type code 93 = unsigned integer 16;
    set pxetype = option pxe-system-type;
    
    option domain-name "mydom.com";
    
    subnet 192.168.1..0 netmask 255.255.255.0 {
      option domain-name-servers 192.168.1.1;
      option broadcast-address 192.168.1.255;
      option routers 192.168.1.254;
      default-lease-time 14400;
      max-lease-time 28800;
      pool {
        range 192.168.1.101 192.168.1.200;
      }
    }
    
    #for dhcp_tag in $dhcp_tags.keys():
        ## group could be subnet if your dhcp tags line up with your subnets
        ## or really any valid dhcpd.conf construct ... if you only use the
        ## default dhcp tag in cobbler, the group block can be deleted for a
        ## flat configuration
    # group for Cobbler DHCP tag: $dhcp_tag
    group {
            #for mac in $dhcp_tags[$dhcp_tag].keys():
                #set iface = $dhcp_tags[$dhcp_tag][$mac]
        host $iface.name {
            hardware ethernet $mac;
            #if $iface.ip_address:
            fixed-address $iface.ip_address;
            #end if
            #if $iface.hostname:
            option host-name "$iface.hostname";
            #end if
            #if $iface.netmask:
            option subnet-mask $iface.netmask;
            #end if
            #if $iface.gateway:
            option routers $iface.gateway;
            #end if
            if substring(vendorclass, 0, 9)="PXEClient" {
              if pxetype=00:06 or pxetype=00:07 {
                  filename "/grub/grub.efi";
              } else {
                  filename "/pxelinux.0";
              }
            }
            ## Cobbler defaults to $next_server, but some users
            ## may like to use $iface.system.server for proxied setups
            next-server $next_server;
            ## next-server $iface.next_server;
        }
            #end for
    }
    #end for

    The previous example also configures a pool of generally available IP addresses in the range 192.168.1.101 through 192.168.1.200 on the 192.168.1/24 subnet. Systems in this pool do not boot by using PXE.

    All comments or commented-out DHCP directives in /etc/cobbler/dhcp.template are preceded by a double hash (##) to prevent Cobbler from interpreting them.

    Spacewalk configures Cobbler to use TFTP to serve the boot-loader configuration files from the /var/lib/tftpboot directory. For more information about the format of these files, see Section 4.5.3, “About Boot Loader Configuration Files”.

    If you want DHCP to support network booting of iPXE clients, see Section 4.5.4, “Configuring DHCP to Support iPXE Clients”.

  4. If SELinux is enabled in enforcing mode on your system, configure SELinux for Cobbler operation as follows:

    1. Permit the httpd service to act as a proxy for Cobbler.

      # setsebool -P httpd_can_network_connect=1
    2. Set the public_content_t file type on the /var/lib/tftpboot file and /var/www/cobbler/images directory hierarchies as follows:

      # /usr/sbin/semanage fcontext -a -t public_content_t "/var/lib/tftpboot/.*"
      # /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*"
      Note

      The semanage command is provided by the policycoreutils-python package.

  5. Restart the cobblerd service:

    # service cobblerd restart
  6. Start the httpd service and configure it to start after a reboot.

    # service httpd start
    # chkconfig httpd on
    Note

    If you make any changes to /etc/cobbler/dhcp.template, run the cobbler sync command.

    If you make any changes to /etc/cobbler/settings, restart the cobblerd service and then run the cobbler sync command.

  7. To support booting of UEFI-based PXE clients, copy the /boot/efi/EFI/redhat/grub.efi file to /var/lib/tftpboot/grub.

    # cp /boot/efi/EFI/redhat/grub.efi /var/lib/tftpboot/grub 
  8. Configure the firewall to allow access through DHCP requests.

    For Oracle Linux 6:

    # iptables -I INPUT -i eth1 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
    # service iptables save

    In the previous example, the server expects to receive requests on interface eth1.

    For Oracle Linux 7:

    # firewall-cmd --permanent --zone=public --remove-interface=enp0s3
    # firewall-cmd --permanent --zone=internal --add-interface=enp0s3
    # firewall-cmd --permanent --zone=internal --add-port=67/udp
    # firewall-cmd --permanent --zone=internal --add-port=68/udp
    # firewall-cmd --reload

    In the previous example, the server expects to receive requests on interface enp0s3 in the internal zone.

4.5.2 Adding a PXE Client To Be Provisioned by Spacewalk

Add a PXE client to be provisioned by Spacewalk as follows:

  1. List the kickstart profiles in Spacewalk that are usable by Cobbler.

    # cobbler profile list
       ol6u6-x86_64-devsys:1:SpacewalkDefaultOrganization
       ol6u6-x86_64-server:1:SpacewalkDefaultOrganization
  2. Use the cobbler system add command to define the host name, MAC address, and IP address of the target PXE client and the profile that you want to install, as shown in the following example:

    # cobbler system add --name=svr1.mydom.com --hostname=svr1.mydom.com --mac=08:00:27:c6:a1:16 \
      --ip=92.168.1.253 --profile=ol6u6-x86_64-server:1:SpacewalkDefaultOrganization

    If you are provisioning a client that uses an IP address from a DHCP address pool, you might use a command such as the following:

    # cobbler system add --name=devsys2 --hostname=devsys2 \
      --profile=ol6u6-x86_64-devsys:1:SpacewalkDefaultOrganization \
      --kopts="ksdevice=eth0"

    The --kopts option enables you to specify options to be added to the kernel boot line. In this example, ksdevice=eth0 specifies the network interface that kickstart should use for installation, which prevents the installation pausing to prompt you to choose which network interface to use.

  3. By default, GRUB displays a boot menu for UEFI-based clients and prompts you to choose an entry. To prevent GRUB from displaying this menu, edit the /etc/cobbler/pxe/grubsystem.template fiile and add default=0, hiddenmenu, and timeout=0 entries, as shown in the following example:

    default=0
    hiddenmenu
    timeout=0
    
    title $profile_name
        root (nd)
        kernel $kernel_path $kernel_options
        initrd $initrd_path
  4. Run the cobbler sync command:

    # cobbler sync
    task started: YYYY-MM-DD_hhmmss_sync
    task started (id=Sync, time=date)
    ...
    generating PXE configuration files
    generating: /var/lib/tftpboot/pxelinux.cfg/01-08-00-27-c6-a1-16
    generating: /var/lib/tftpboot/grub/01-08-00-27-c6-a1-16
    rendering DHCP files
    generating /etc/dhcp/dhcpd.conf
    ...
    *** TASK COMPLETE ***

    Cobbler creates pxelinux and GRUB boot configuration files for the client in the /var/lib/tftpboot/pxelinux.cfg and /var/lib/tftpboot/grub files. These files are named for the client's MAC address prefixed by 01-, which represents the ARP hardware type for Ethernet, and use dashes to separate each byte value instead of colons. These client-specific files are based on the /etc/cobbler/pxe/pxesystem.template and /etc/cobbler/pxe/grubsystem.template files.

    Cobbler also creates generic pxelinux.cfg/default and grub/efidefault boot configuration files from /etc/cobbler/pxe/pxeprofile.template and /etc/cobbler/pxe/grubprofile.template.

    Cobbler adds an entry for the client to the /etc/dhcp/dhcpd.conf file, which is based on /etc/cobbler/dhcp.template, as shown in the following example:

    # group for Cobbler DHCP tag: default
    group {
        host generic1 {
            hardware ethernet 08:00:27:c6:a1:16;
            fixed-address 192.168.1.253;
            option host-name "svr1.mydom.com";
            if substring(vendorclass, 0, 9)="PXEClient" {
              if pxetype=00:06 or pxetype=00:07 {
                  filename "/grub/grub.efi";
              } else {
                  filename "/pxelinux.0";
              }
            }
            next-server swksvr.mydom.com;
        }
    }
    Note

    If an error message is generated that indicates that the dhcpd service could not be started, run the following command:

    # systemctl restart dhcpd
  5. Display the PXE systems that are known to Cobbler.

    # cobbler system list
       svr1.mydom.com

4.5.3 About Boot Loader Configuration Files

A boot-loader configuration file for BIOS-based PXE clients uses pxelinux configuration settings, as shown in the following Oracle Linux 6 example:

default ol6u9
prompt 0
timeout 1
label ol6u9
        kernel /images/ol6-x86_64:1:SpacewalkDefaultOrganization/vmlinuz
        ipappend 2
        append initrd=/images/ol6-x86_64:1:SpacewalkDefaultOrganization/initrd.img \
          ksdevice=bootif lang=en_US kssendmac text \
          ks=http://192.168.1.3/cblr/svc/op/ks/system/svr1.mydom.com

Do not use the \ line-continuation character. This character is used in the example to denote that the line has been broken for printing. The append directive and all of its arguments must be on the same line.

To enable the boot: prompt to be displayed, change the value of prompt to 1. To display the prompt, press Shift or Alt at the console.

The default directive identifies the default boot entry by its label value, ol6u6.

Pxelinux boots the client by using the default boot entry after timeout/10 seconds.

The kernel directive defines the name of the kernel executable and the append directive defines any parameters that should be appended when loading the kernel, such as the name of the ram-disk image and the location of the kickstart file.

The ipappend 2 directive specifies that the Installer should use the same network interface as the system used to boot.

For pxelinux, the kernel and ram-disk image file paths are relative to /var/lib/tftpboot. The default boot loader configuration file for pxelinux is /var/lib/tftpboot/pxelinux.cfg/default

A boot-loader configuration file for UEFI-based PXE clients uses GRUB configuration settings:

default=0
hiddenmenu
timeout=0

title ol6u6-x86_64-server:1:SpacewalkDefaultOrganization
    root (nd)
    kernel /images/ol6-x86_64:1:SpacewalkDefaultOrganization/vmlinuz \
      ksdevice=bootif lang=en_US kssendmac text \
      ks=http://192.168.1.3/cblr/svc/op/ks/system/svr1.mydom.com
    initrd /images/ol6-x86_64:1:SpacewalkDefaultOrganization/initrd.img

Note the following additional important points about boot loader configuration:

  • Do not use the \ line-continuation character. This character is used in the example to denote that the line has been broken for printing. The kernel directive and all of its arguments must be on the same line.

  • The timeout=0 and hiddenmenu directives cause the default kernel to boot immediately without allowing you to press a key to display a menu or modify the configuration of a boot entry. The default kernel is defined as the first entry (0), which is the only entry listed in this file.

  • The root directive defines that the kernel and initial ram-disk image files are available on the network device (nd), indicating that the files are available by using TFTP.

  • The kernel directive defines the name of the kernel executable and any parameters that should be appended when loading the kernel, such as the location of the installation packages, and how to access these packages. The initrd directive specifies the initial ram-disk image file.

  • For GRUB, the kernel and ram-disk image file paths are relative to /var/lib/tftpboot/grub. The default boot loader configuration file for GRUB is /var/lib/tftpboot/grub/efidefault.

To support different types of client, a configuration file can be named for the following:

  • Client's UUID (for example, a8943708-c6f6-51b9-611e-74e6ac80b93d)

  • Client's MAC address prefixed by 01-, which represents the ARP hardware type for Ethernet, and by using dashes to separate each byte value instead of colons (for example, 01-80-00-27-c6-a1-16)

  • Client's IP address expressed in hexadecimal without any leading 0x (for example, C0A801FD represents the IP address 192.168.1.253)

Cobbler writes client boot configuration files to both /var/lib/tftpboot/grub and /var/lib/tftpboot/pxelinux.cfg to handle both UEFI or BIOS-based PXE clients.

The boot loader looks for a configuration file in the following order until it finds a matching file name:

  • UUID (for example, a8943708-c6f6-51b9-611e-74e6ac80b93d)

  • 01-MAC_address (for example, 01-80-00-27-c6-a1-16)

  • Full 32 bits of the IP address (for example, C0A801FD)

  • Most significant 28 bits of the IP address (for example, C0A801F)

  • Most significant 24 bits of the IP address (for example, C0A801)

  • Most significant 20 bits of the IP address (for example, C0A80)

  • Most significant 16 bits of the IP address (for example, C0A8)

  • Most significant 12 bits of the IP address (for example, C0A)

  • Most significant 8 bits of the IP address (for example, C0)

  • Most significant 4 bits of the IP address (for example, C)

  • default (BIOS) or efidefault (EFI)

For more information about GRUB, type the info grub command to access the GRUB manual.

For more information about pxelinux, see https://wiki.syslinux.org/wiki/index.php?title=PXELINUX.

4.5.4 Configuring DHCP to Support iPXE Clients

iPXE extends the capabilities of PXE in many ways, including the following:

  • iPXE clients can boot by using HTTP, iSCSI, AoE, and FCoE

  • The boot process can be controlled by using scripts

  • DNS lookup is available

  • Booting across wide area networks or the Internet is possible

The gpxelinux.0 boot loader provides some iPXE features, such as DNS lookup and HTTP file transfer, and is available in the syslinux package. It does not support iPXE commands or scripts.

You can use gpxelinux.0 with BIOS-based PXE clients and with UEFI-based PXE clients in legacy mode but not in UEFI mode.

To configure the DHCP service to support iPXE clients, follow these steps:

  1. Edit the DHCP server configuration template file /etc/cobbler/dhcp.template as follows:

    1. Add the following lines to define the iPXE options for DHCP:

      option space ipxe;
      option ipxe-encap-opts code 175 = encapsulate ipxe;
      option ipxe.priority code 1 = signed integer 8;
      option ipxe.keep-san code 8 = unsigned integer 8;
      option ipxe.skip-san-boot code 9 = unsigned integer 8;
      option ipxe.syslogs code 85 = string;
      option ipxe.cert code 91 = string;
      option ipxe.privkey code 92 = string;
      option ipxe.crosscert code 93 = string;
      option ipxe.no-pxedhcp code 176 = unsigned integer 8;
      option ipxe.bus-id code 177 = string;
      option ipxe.bios-drive code 189 = unsigned integer 8;
      option ipxe.username code 190 = string;
      option ipxe.password code 191 = string;
      option ipxe.reverse-username code 192 = string;
      option ipxe.reverse-password code 193 = string;
      option ipxe.version code 235 = string;
      option iscsi-initiator-iqn code 203 = string;
      option ipxe.pxeext code 16 = unsigned integer 8;
      option ipxe.iscsi code 17 = unsigned integer 8;
      option ipxe.aoe code 18 = unsigned integer 8;
      option ipxe.http code 19 = unsigned integer 8;
      option ipxe.https code 20 = unsigned integer 8;
      option ipxe.tftp code 21 = unsigned integer 8;
      option ipxe.ftp code 22 = unsigned integer 8;
      option ipxe.dns code 23 = unsigned integer 8;
      option ipxe.bzimage code 24 = unsigned integer 8;
      option ipxe.multiboot code 25 = unsigned integer 8;
      option ipxe.slam code 26 = unsigned integer 8;
      option ipxe.srp code 27 = unsigned integer 8;
      option ipxe.nbi code 32 = unsigned integer 8;
      option ipxe.pxe code 33 = unsigned integer 8;
      option ipxe.elf code 34 = unsigned integer 8;
      option ipxe.comboot code 35 = unsigned integer 8;
      option ipxe.efi code 36 = unsigned integer 8;
      option ipxe.fcoe code 37 = unsigned integer 8;
      option ipxe.vlan code 38 = unsigned integer 8;
      option ipxe.menu code 39 = unsigned integer 8;
      option ipxe.sdi code 40 = unsigned integer 8;
      option ipxe.nfs code 41 = unsigned integer 8;
    2. If you do not use a proxy DHCP server, specify the following line to speed up negotiation with the DHCP server:

      option ipxe.no-pxedhcp 1;
    3. Add the following line to define the user-class option:

      option user-class code 77 = string;
    4. Configure the DHCP server to provide the IP addresses of name servers that iPXE clients can use to resolve domain names to IP addresses:

      option domain-name-servers 192.168.1.1, 192.168.1.4, 192.168.1.8;
    5. Configure DHCP to specify the gpxelinux.0 boot loader for non-iPXE clients and the URI of a boot script for iPXE clients:

      if exists user-class and option user-class = "iPXE" {
            filename "http://web.mydom.com/pxeboot.ipxe";
        } else {
            filename "gpxelinux.0";
        }

      In the previous example, pure iPXE clients run the HTTP-served boot script pxeboot.ipxe.

      The following is an example of a boot script for an iPXE client:

      #!ipxe
      
      dhcp
      kernel http://swksvr.mydom.com/distro-trees/ol6u9-x86_64-server/images/pxeboot/vmlinuz
      initrd http://swksvr.mydom.com/distro-trees/ol6u9-x86_64-server/images/pxeboot/initrd.img
      boot vmlinuz initrd=initrd.img ksdevice=bootif lang=en_US kssendmac text \
      ks=http://192.168.1.3/cblr/svc/op/ks/profile/ol6-x86_64-minimal:1:SpacewalkDefaultOrganization

      dhcp configures the client's network interfaces.

      kernel downloads the installation kernel.

      initrd downloads the initial ram-disk image file.

      boot boots the downloaded installation kernel. Boot line parameters, such as the name of the initial ram-disk file and the location of the kickstart file, are specified as additional arguments.

      Do not use the \ line-continuation character. This character is used in the example to denote that the line has been broken for printing. The boot command and all of its arguments must be on the same line.

      For more information, see https://ipxe.org/scripting and https://ipxe.org/cmd.

      Non-iPXE clients boot by using gpelinux.0. A configuration file for gpxelinux.0 is named in the same way as for pxelinux.0 as described in Section 4.5.3, “About Boot Loader Configuration Files”. Unlike pxelinux.0, you can use HTTP to access the installation kernel and initial ram-disk image files.

      The following is an example of a configuration file for gpxelinux.0:

      prompt 0
      default ol6u6
      timeout 0
      
      label ol6u9
      kernel http://swksvr.mydom.com/distro-trees/ol6u9-x86_64-server/images/pxeboot/vmlinuz
      append initrd=http://swksvr.mydom.com/distro-trees/ol6u9-x86_64-server/images/pxeboot/initrd.img \
      ksdevice=bootif lang=en_US kssendmac text \
      ks=http://192.168.1.3/cblr/svc/op/ks/profile/ol6-x86_64-minimal:1:SpacewalkDefaultOrganization
      ipappend 2

      Do not use the \ line-continuation character. This character is used in the example to denote that the line has been broken for printing. The append keyword and all of its arguments must be on the same line.

  2. Run the cobbler sync command:

    # cobbler sync
    task started: YYYY-MM-DD_hhmmss_sync
    task started (id=Sync, time=date)
    ...
    rendering DHCP files
    generating /etc/dhcp/dhcpd.conf
    ...
    *** TASK COMPLETE ***

    The Cobbler service regenerates the /etc/dhcp/dhcpd.conf file and reloads the dhcpd service.

    If you make any further changes to /etc/cobbler/dhcp.template, run the cobbler sync command. You do not need to run this command if you change the content of the boot loader configuration files.

4.6 Creating a Kickstart Profile in Cobbler

You can also create kickstart profiles in Cobbler outside of Spacewalk. As for Spacewalk, a profile defines how to configure an installation if the target client has to perform a certain role. For example, you might want to configure a system as a web or database server. To create a profile in Cobbler, you associate a kickstart file with a distribution.

Note

Cobbler-only profiles are not visible from within Spacewalk.

You can use the cobbler profile list command as follows to list the profiles that are known to Cobbler:

# cobbler profile list
   ol6u9-x86_64

To find out which kickstart file a profile uses, run the cobbler profile report command:

# cobbler profile report ol6u9-x86_64 | grep Kickstart
Kickstart                      : /var/lib/cobbler/kickstarts/sample.ks
Kickstart Metadata             : {}

The default sample.ks file and other kickstart files that Cobbler provides in /var/lib/cobbler/kickstarts are unlikely to be suitable for provisioning clients.

To create a new profile for a distribution, follow these steps:

  1. Create the kickstart file to associate with a distribution.

    For example, the following file, named ol6u6_basic_server.ks, contains a kickstart definition for a basic Oracle Linux 6 server:

    # Oracle Linux 6 Basic Server
    # Use text-based installation
    text
    # Install using HTTP from a URL provided by Cobbler
    url --url=$tree
    # Define localized settings
    lang en_US.UTF-8
    keyboard us
    timezone --utc America/New_York
    # Configure network interface settings
    network --onboot yes --device eth0 --bootproto dhcp --noipv6
    # root password is an SHA-512 hash provided by Cobbler
    rootpw  --iscrypted $default_password_crypted
    authconfig --enableshadow --passalgo=sha512
    # Allow only SSH connections
    firewall --service=ssh
    # Configure SELinux enforcing mode
    selinux --enforcing
    # Perform a new installation, removing all existing partitions
    # before configuring the new boot loader and disk partitions
    install
    zerombr
    clearpart --drives=sda --all --initlabel
    bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
    autopart
    # Shutdown and power off the system after installation is finished
    # to allow you to change the boot order or make other changes.
    poweroff
    # Alternatives are halt (default), reboot, and shutdown,
    # which might not be suitable for unattended installations
    
    # Package groups and packages to be installed
    %packages
    ...
    %end

    For sample package lists, see Appendix B, Sample Minimum Package Lists.

    Note

    This example requires that you configure an SHA-512 password hash for the default_password_crypted setting in /etc/cobbler/settings.

    The previous example does not take advantage of the power of kickstart templating and snippets for managing large numbers of profiles and systems in Cobbler. For more information, see the cobbler(1) manual page and http://www.cobblerd.org/.

  2. If SELinux is enabled in enforcing mode on your system and you create the kickstart file in a directory other than /var/lib/cobbler/kickstarts, for example /var/kickstart, do the following:

    1. Type the semanage command to define the default file type of the directory hierarchy as cobbler_var_lib_t:

      # /usr/sbin/semanage fcontext -a -t cobbler_var_lib_t "/var/kickstart(/.*)?"

    2. Type the restorecon command to apply the file type to the entire directory hierarchy.

      # /sbin/restorecon -R -v /var/kickstart

    3. For each kickstart file in the directory, type the chcon command to set the SELinux user to system_u.

      # chcon -u system_u /var/kickstart/*.ks

    If SELinux is enabled in enforcing mode on your system, and you create the kickstart file in /var/lib/cobbler/kickstarts or in a directory on which you have defined the default file type as cobbler_var_lib_t, type the chcon command to set the SELinux user of the file to system_u:

    # chcon -u system_u ol6u6_basic_server.ks

    You can use the ls -Z command to display the context:

    # ls -Z ol6u9_basic_server.ks
    -rw-rw-r--. root root system_u:object_r:cobbler_var_lib_t:s0 ol6u9_basic_server.ks

    The correct SELinux context for a kickstart file used by Cobbler is system_u:object_r:cobbler_var_lib_t:s0.

  3. Create the profile by running the cobbler profile add command:

    # cobbler profile add --name=ol6u9_basic_server --distro=ol6u9-x86_64 \
    --kickstart=/var/lib/cobbler/kickstarts/ol6u9_basic_server.ks
    Note

    If the command returns the error kickstart not found for a file that does exist at the specified path, the file's SELinux context is incorrect. See the previous step for details of how to set the correct SELinux context on a file.

  4. Display the profiles that are now known to Cobbler by running the cobbler profile list command.

    # cobbler profile list
       ol6u9-x86_64
       ol6u9_basic_server

    The ol6u9-x86_64 profile is unlikely to be usable. If you want to remove a profile, use the cobbler profile remove command, as shown in the following example:

    # cobbler profile remove --name=ol6u9-x86_64
    # cobbler profile list
       ol6u9_basic_server
    Note

    Removing a profile also removes any client system definitions that you have created from that profile.

You can now define the PXE clients that Cobbler can provision based on the profile that you created. See Section 4.6.1, “Adding a PXE Client To Be Provisioned by Cobbler”.

4.6.1 Adding a PXE Client To Be Provisioned by Cobbler

To add a PXE client to be provisioned by Cobbler, follow these steps:

  1. Define the host name, MAC address, and IP address of the target PXE client and the profile that you want to installl by using the cobbler system add command:

    # cobbler system add --name=svr1 --hostname=svr1 --mac=08:00:27:c6:a1:16 \
    --ip=10.0.0.253 --profile=ol6u9_basic_server

    If you are provisioning a desktop client that uses an IP address from a DHCP address pool, you might use a command such as the following:

    # cobbler system add --name=devsys2 --hostname=devsys2 --profile=ol6u9_devsys --kopts="ksdevice=eth0"

    The --kopts option enables you to specify options to be added to the kernel boot line. In this example, ksdevice=eth0 specifies the network interface that kickstart should use for installation, which prevents the installation pausing to prompt you to choose which network interface to use.

  2. By default, GRUB displays a boot menu for UEFI-based clients and prompts you to choose an entry. To prevent GRUB from displaying this menu, edit /etc/cobbler/pxe/grubsystem.template and add default=0, hiddenmenu, and timeout=0 entries, as shown in the following example:

    default=0
    hiddenmenu
    timeout=0
    
    title $profile_name
        root (nd)
        kernel $kernel_path $kernel_options
        initrd $initrd_path
  3. Run the cobbler sync command.

    # cobbler sync
    task started: YYYY-MM-DD_hhmmss_sync
    task started (id=Sync, time=date)
    ...
    generating PXE configuration files
    generating: /var/lib/tftpboot/pxelinux.cfg/01-08-00-27-c6-a1-16
    generating: /var/lib/tftpboot/grub/01-08-00-27-c6-a1-16
    rendering DHCP files
    generating /etc/dhcp/dhcpd.conf
    ...
    *** TASK COMPLETE ***

    Cobbler creates pxelinux and GRUB boot configuration files for the client in /var/lib/tftpboot/pxelinux.cfg and /var/lib/tftpboot/grub. These files are named for the client's MAC address prefixed by 01-, which represents the ARP hardware type for Ethernet, and use dashes to separate each byte value instead of colons. These client-specific files are based on /etc/cobbler/pxe/pxesystem.template and /etc/cobbler/pxe/grubsystem.template.

    Cobbler also creates generic pxelinux.cfg/default and grub/efidefault boot configuration files from /etc/cobbler/pxe/pxeprofile.template and /etc/cobbler/pxe/grubprofile.template.

    Cobbler adds an entry for the client to /etc/dhcp/dhcpd.conf, which is based on /etc/cobbler/dhcp.template, as shown in the following example:

    # group for Cobbler DHCP tag: default
    group {
        host generic1 {
            hardware ethernet 08:00:27:c6:a1:16;
            fixed-address 10.0.0.253;
            option host-name "svr1";
            if substring(vendorclass, 0, 9)="PXEClient" {
              if pxetype=00:06 or pxetype=00:07 {
                  filename "/grub/grub.efi";
              } else {
                  filename "/pxelinux.0";
              }
            }
            next-server 10.0.0.6;
        }
    }
  4. Display the systems that are known to Cobbler by running the cobbler system list command:

    # cobbler system list
       svr1
       svr2

4.6.2 Removing a PXE Client Definition From Cobbler

To remove a PXE Client definition from Cobbler, follow these steps:

  1. Display the systems that are known to Cobbler by typing the cobbler system list command:

    # cobbler system list
       svr1
       svr2
  2. Specify the name of the system that you want to remove by typing the cobbler system remove, as shown in the following example where svr2 is the system that you want to remove:

    # cobbler system remove --name=svr2
  3. Run the cobbler sync to update the Cobbler configuration.

    # cobbler sync
    task started: YYYY-MM-DD_hhmmss_sync
    task started (id=Sync, time=date)
    ...
    generating PXE configuration files
    rendering DHCP files
    generating /etc/dhcp/dhcpd.conf
    ...
    *** TASK COMPLETE ***
  4. Verify that svr2 has been removed as follows:

    # cobbler system list
       svr1

4.7 Provisioning KVM Hosts by Using Spacewalk

The following procedure describes how to use Spacewalk to provision a KVM host. Before performing this procedure, ensure that you have done the following:

  • You are familiar with how to set up and use activation keys and kickstart profiles in Spacewalk and how to configure Cobbler, DHCP, and boot loaders to support network installation of client systems.

    See Chapter 3, Working With Activation Keys in Spacewalk, Section 4.4, “Working With Kickstart Profiles”, and Section 4.5, “Installing Client Systems by Using Kickstart”.

  • You have set up a base channel and kickstartable tree for the Oracle Linux distribution that you want to install on the KVM host.

  • The system that you configure as a KVM host must have VT-x acceleration enabled in the BIOS or UEFI firmware and be able to forward this capability to any KVM guests. Suitable systems are bare-metal systems with VT-x enabled and Oracle VM virtual machines that have been configured with this capability. Oracle VirtualBox virtual machines do not support this functionality and are not suitable.

To provision a KVM host, follow these steps:

  1. In Spacewalk, create an activation key that is specific to KVM hosts on the desired platform: Oracle Linux 6 (x86_64) or Oracle Linux 7 (x86_64).

    Enter the key settings as follows:

    Description

    Enter a description for the key, for example, Oracle Linux 7 (x86_64) KVM host.

    Key

    Enter a meaningful label for the activation key, for example, kvmhost-oraclelinux7-x86_64.

    Usage

    Leave blank to enable unlimited use by clients.

    Base Channels

    Select the base channel with which the key is associated: Oracle Linux 7 (x86_64) Base.

    Add-on Entitlements

    If you are running the KVM hypervisor on Oracle Linux 6 or Oracle Linux 7, you should enable the Virtualization entitlement. This entitlement installs additional packages on the target host so that Spacewalk is able to identify and manage virtual guests on that host.

    Universal Default

    Select if the key should be used as the default activation key for all newly-registered systems.

    Note

    Oracle strongly recommends that you do not associate any channels with a universal default key. Spacewalk uses the universal default key if a key is not specified so it might be used by any version of any operating system.

  2. In Spacewalk, create a kickstart profile for KVM host systems on the desired platform and do the following:

    1. Associate the activation key that you created in Step 1 with the profile.

    2. Enter the profile settings as follows:

      Label

      Enter a label for the profile. for example, kvmhost-ol7u4-x86_64.

      Base Channel

      Select the base channel with which the distribution is associated, for example, Oracle Linux 7 Update 4 (x86_64) Base.

      Kickstartable Tree

      Select the kickstart distribution with which the profile is associated, for example, ol7u4-x86_64-server.

      Virtualization Type

      Select the virtualization type as None.

    3. Configure the following software packages, which kickstart should install on the host, in addition to the @Base and @Core packages:

      Virtualization packages (required for a KVM host):
      • @virtualization-hypervisor

      • @virtualization-tools

      Virtualization packages (recommended):
      • qemu-kvm-tools (provides debugging and diagnostic utilities.)

      • virt-manager (provides a graphical virtual machine manager that you can use with KVM.)

      • virt-viewer (provides a graphical console client for connecting to virtual machines)

      Graphical desktop packages (required to use the Virtual Machine Manager):
      • @^graphical-server-environment (provides a full graphical server environment)

      • @fonts

      • @gnome-desktop (select alternate desktop environment such as KDE if preferred)

      • @x11

      Spacewalk client packages (recommended):

      • rhncfg

      • rhncfg-actions

      • rhncfg-client

      Suggested optional packages:
      • @input-methods (Only include if the graphical-server-environment is enabled. Otherwise, not recommended.)

      • @internet-browser (Only include if the graphical-server-environment is enabled. Otherwise, not recommended.)

      • @multimedia (Only include if the graphical-server-environment is enabled. Otherwise, not recommended.)

      • kexec-tools

      • osad (enables you to apply updates and actions to a client system immediately from the Spacewalk server)

    4. In the kickstart profile, configure any kickstart advanced options that you require, such as keyboard, lang, or network.

    5. Set up the %pre or %post sections for any pre or post-installation configuration that you want kickstart to perform.

      For example, you can enable configuration file management and remote commands by including the rhncfg, rhncfg-actions, and rhncfg-client packages and configuring rhn-actions-control to run in the post-installation shell:

      rhn-actions-control --enable-all
  3. Configure Cobbler or DHCP to provide IP and TFTP settings so that the guest being installed can access the appropriate boot loader to continue the provisioning process.

  4. Configure the boot-loader configuration file that the boot loader uses to locate the installation kernel, the ram-disk image, and the kickstart file that is served by Spacewalk.

  5. After setting up the Spacewalk kickstart profile, Cobbler, DHCP, and boot-loader configuration, boot the target host system from the network, which starts the installation process.

4.8 Provisioning KVM Guests by Using Spacewalk

The following procedure describes how to use Spacewalk to provision KVM guests.

Before you begin, ensure that you have done the following:

To provision a KVM guest, follow these steps:

  1. In Spacewalk, create an activation key that is specific to KVM hosts on the desired platform: Oracle Linux 6 (x86_64) or Oracle Linux 7 (x86_64). Enter the key settings as follows:

    Description

    Enter a description for the key for example, Oracle Linux 7 (x86_64) KVM guest.

    Key

    Enter a meaningful label for the activation key, for example, kvmguest-oraclelinux7-x86_64.

    Usage

    Leave blank to enable unlimited use by clients.

    Base Channels

    Select the base channel with which the key is associated:

    Oracle Linux 7 (x86_64) Base.

    Add-on Entitlements
    Note

    No add-on entitlements are required for a virtual guest. The Virtualization entitlement is only required for virtual hosts. Do not select it when creating a virtual guest kickstart profile.

    Universal Default

    Select this option if the key should be used as the default activation key for all newly-registered systems.

    Note

    Oracle strongly recommends that you do not associate any channels with a universal default key. Spacewalk uses the universal default key if a key is not specified so it might be used by any version of any operating system.

  2. In Spacewalk, create a kickstart profile for KVM host systems on the desired platform:

    1. Associate the activation key that you created with the profile.

    2. Enter the profile settings as follows:

      Label

      Enter a label for the profile, for example, kvmguest-ol7u4-x86_64.

      Base Channel

      Select the base channel with which the distribution is associated, for example, Oracle Linux 7 Update 4 (x86_64) Base.

      Kickstartable Tree

      Select the kickstart distribution with which the profile is associated, for example, ol7u4-x86_64-server.

      Virtualization Type

      For a KVM guest, select the virtualization type as KVM Virtualized Guest. KVM supports only HVM guests.

    3. Configure the software packages that kickstart should install on the host in addition to the @Base package. The intended function of the guest system determines the set of packages. However, Oracle recommends the following additional packages for a KVM guest that is also a Spacewalk client:

      • @guest-agents (agents used when running under a hypervisor)

      • @guest-desktop-agents (agents used when running as a virtualized desktop)

      • acpid (enables you to control the power state of the guest from the host)

      • osad (enables you to apply updates and actions to a client system immediately from the Spacewalk server)

      • rhncfg

      • rhncfg-actions

      • rhncfg-client

    4. In the kickstart profile, configure any kickstart advanced options that you require, such as keyboard, lang, or network.

    5. Set up the %pre or %post sections for any pre or post-installation configuration that you want kickstart to perform.

      For example, you can enable configuration file management and remote commands by including the rhncfg, rhncfg-actions, and rhncfg-client packages and configuring rhn-actions-control to run in the post-installation shell:

      rhn-actions-control --enable-all
  3. If you want to install the guest by using PXE network booting and kickstart, do the following:

    1. Configure Cobbler or DHCP to provide IP and TFTP settings so that the guest being installed can access the appropriate boot loader to continue the provisioning process.

    2. Configure the configuration file that the boot loader uses to locate the installation kernel, the ram-disk image, and the kickstart file served by Spacewalk.

    3. After setting up the Spacewalk kickstart profile, Cobbler, DHCP, and boot-loader configuration, boot the target guest system from the network to start the installation process.

    If you want to install the guest by using a network installation, use a boot image that is made available over HTTP by the Spacewalk server. You can use a full ISO image, a UEK boot image, or a RHCK boot image in conjunction with kickstart, depending on your requirements.