[FFe] [MIR] maas-provision
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cobbler (Ubuntu) |
Won't Fix
|
High
|
Unassigned | ||
| maas-provision (Ubuntu) |
Fix Released
|
High
|
Dave Walker | ||
Bug Description
1. Availability: all
2. Rationale:
This package helps meet the MaaS project requirements replacing Orchestra. This packages is a key component for the MaaS project as it is the one that implements PXE, and it is used by MaaS to make the actual network deployments.
Binaries needed in main: cobbler python-cobbler cobbler-common
3. Security: No CVEs
4. QA:
This package is not in Debian.
This package is the latest upstream release. Upstream is very active.
There are 10 bug reports in Ubuntu.
5. UI standards: none
6. Dependencies: All in main.
Recommends in universe:
- debmirror
- distro-info
- hardlink
Suggests in Universe
- createrepo
- dhcp3-server
7. Standards:
Package is packaged with debhelper, and has no patching system. Source format is 3.0
3 Lintian Warnings No errors
W: cobbler: binary-
W: cobbler: binary-
W: cobbler-common: manpage-
8. Maintenance: easy
9. Background information:
This package was the core of Orchestra, and now its becoming the tool to provide the provisioning features in MaaS. This package will be used for managing debian Preseeds, PXE, power features.
| Changed in cobbler (Ubuntu): | |
| importance: | Undecided → High |
| Changed in cobbler (Ubuntu): | |
| assignee: | nobody → Jamie Strandboge (jdstrand) |
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in cobbler (Ubuntu): | |
| assignee: | Jamie Strandboge (jdstrand) → Andres Rodriguez (andreserl) |
| status: | New → In Progress |
| Jamie Strandboge (jdstrand) wrote | #2 |
| Jamie Strandboge (jdstrand) wrote | #3 |
| Changed in cobbler (Ubuntu): | |
| assignee: | Andres Rodriguez (andreserl) → nobody |
| status: | In Progress → Won't Fix |
| Changed in maas-provision (Ubuntu): | |
| importance: | Undecided → High |
| status: | New → In Progress |
| Jamie Strandboge (jdstrand) wrote | #4 |
| summary: |
- [FFe] [MIR] Cobbler + [FFe] [MIR] maas-provision |
| Jamie Strandboge (jdstrand) wrote | #5 |
| Jamie Strandboge (jdstrand) wrote | #6 |
| Jamie Strandboge (jdstrand) wrote | #7 |
| Changed in maas-provision (Ubuntu): | |
| assignee: | nobody → Dave Walker (davewalker) |
| Jamie Strandboge (jdstrand) wrote | #8 |
| Changed in maas-provision (Ubuntu): | |
| status: | In Progress → Fix Released |
- The package is not lintian clean
- It ships its own tftpd server, which is undesirable
- Has had 5 CVEs assigned since 2009.
- It ships an upstart job that runs cobblerd. While it listens on the loopback interface and is written in python, it runs as root
- While I did not perform an in depth audit, the most cursory inspection of code shows that various parts of it are not coded well (eg, use of 'os.system', predictable filenames, etc)
I don't think cobbler is supportable for 5 years and would greatly prefer to keep it out of main. I am in discussions with the server team on alternatives. If maas moved away from cobbler (LP: #975473) in the 12.04.1 timeframe, it might be acceptable to keep cobbler in main with 18 months support (with a release note stating this), but a condition of the main inclusion would be an apparmor profile.