Switch Cobbler utils to XML-RPC API

[SchoolGuy]

Current Orthos uses SSH to log into the Cobbler server and execute Cobbler CLI commands. This is very bad as error handling is harder and we are less flexible in terms of reusability of the code that manages Cobbler. Lastly, the performance should increase with the XML-RPC API.

[SchoolGuy]

I have started this locally. The main challenge is how to save the credentials. Extending the machine object seems reasonable but is a lot of effort. Maybe a dedicated object?

[SchoolGuy]

A nice side effect of this ticket will be that we can test the functionality more easily as we can replace the XML-RPC server object with a MagicMock and assert the usage of the MagicMock.

Integration testing is also easier as we don't need to generate the SSH keys related to the service communication.

[SchoolGuy]

I had to create https://github.com/cobbler/cobbler/issues/3799 since atm we can't retrieve the kernel options of an unsaved item.

[SchoolGuy]

So the status quo is at the moment the following according to my research:

• There are three projects that are maintained that could be used:
  • https://github.com/pyca/cryptography: Direct usage of this will be cumbersome as there is no native Django integration.
  • https://github.com/georgemarshall/django-cryptography: Wrapper that does the heavy lifting that I would need to implement. Not packaged for Tumbleweed or SLES.
  • https://github.com/erikvw/django-crypto-fields: Another wrapper that does the heavy lifting. Also not packaged for openSUSE.
• There are other projects in that realm but some are not packaged and others are not maintained.
• Saving the passwords (and usernames) as clear text seems not appropriate to me.
• Using dynamic environment variables would be possible but that is also quite some code and I don't know how well it scales that I need to do a new deployment every time that a password changes for Cobbler.
• The Cobbler passwords will ultimately be saved in the internal Salt repo since authentication.configfile is used for authentication.
• LDAP for authentication in Cobbler is possible but that is an intrusive change to the architecture (OPS wise). Also I wouldn't know atm how that helps since we can't just pass our authentication onwards to Cobbler, that would mean both Cobbler and Orthos would need to use SSO which really would increase the scope and effort of this issue. And saving the duplicated user credentials would mean we need to encrypt them again (and we would defeat the purpose of the LDAP auth in Orthos).

[SchoolGuy]

I have found out that the BMC passwords are saved as clear text in the database. As such we need to solve this in a greater manner and review the codebase as a whole for the topic of passwords. I will create a dedicated issue for this and proceed to use plaintext passwords for now.