[Spacewalk-list] PCX boot for spacewalk client
Afify, Sherif S (IBS)
Sherif.Afify at se1.bp.com
Wed Apr 25 04:43:58 UTC 2018
Ok I got the issue its all about SElinux , once I disabled it worked fine.
But still need the selinux , I tried the below steps :
1. If SELinux is enabled in enforcing mode on your system, configure SELinux for Cobbler operation as follows:
* Permit the httpd service to act as a proxy for Cobbler.
# setsebool -P httpd_can_network_connect=1
* Set the public_content_t file type on the /var/lib/tftpboot file and /var/www/cobbler/images directory hierarchies as follows:
c. # /usr/sbin/semanage fcontext -a -t public_content_t "/var/lib/tftpboot/.*"
# /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*"
Note
The semanage command is provided by the policycoreutils-python package.
1. Restart the cobblerd service:
# service cobblerd restart
And it set the dir/file as shown below and the boot issue of the filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz not find is fixed.
[root at vm1 ~]# ls -lZ /var/lib/tftpboot/.
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 aarch64
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 etc
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 grub
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 images
-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 memdisk
-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 menu.c32
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 ppc
-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 pxelinux.0
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 pxelinux.cfg
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 s390x
-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 yaboot
[root at vm1 ~]# ls -lZ /var/www/cobbler/
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 aux
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 images
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 ks_mirror
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 links
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 localmirror
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 pub
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 rendered
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 repo_mirror
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 svc
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 web
[root at vm1 ~]#
But new issue appear when I try to run "cobbler sync" (check the below )
So my question what is right configuration for SELinux for Cobbler ?
[root at vm1 ~]# cobbler sync
task started: 2018-04-24_182931_sync
task started (id=Sync, time=Tue Apr 24 18:29:31 2018)
running pre-sync triggers
cleaning trees
removing: /var/www/cobbler/images/centos7-x86_64-server:1:usip
removing: /var/lib/tftpboot/pxelinux.cfg/01-00-1a-4a-16-01-77
Exception occured: <type 'exceptions.OSError'>
Exception value: [Errno 13] Permission denied: '/var/lib/tftpboot/pxelinux.cfg/01-00-1a-4a-16-01-77'
Exception Info:
File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1192, in rmfile
os.unlink(path)
Exception occured: <class 'cobbler.cexceptions.CX'>
Exception value: 'Error deleting /var/lib/tftpboot/pxelinux.cfg/01-00-1a-4a-16-01-77'
Exception Info:
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 95, in run
rc = self._run(self)
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 186, in runner
return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 609, in sync
return sync.run()
File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line 110, in run
self.clean_trees()
File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line 199, in clean_trees
utils.rmtree_contents(self.pxelinux_dir,logger=self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1204, in rmtree_contents
rmtree(x,logger=logger)
File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1209, in rmtree
return rmfile(path,logger=logger)
File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1198, in rmfile
raise CX(_("Error deleting %s") % path)
!!! TASK FAILED !!!
[root at vm1 ~]#
From: Afify, Sherif S (IBS)
Sent: Tuesday, April 24, 2018 12:12 PM
To: Paschedag, Robert <paschedag.netlution at swr.de>; spacewalk-list at redhat.com
Subject: RE: PCX boot for spacewalk client
Thanks rob, I got the same error I see on the console ,
Apr 23 23:57:53 vm1 in.tftpd[14018]: RRQ from 10.222.21.2 filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz
Apr 23 23:57:53 vm1 in.tftpd[14019]: RRQ from 10.222.21.2 filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
Apr 23 23:57:53 vm1 in.tftpd[14019]: Client 10.222.21.2 File not found //images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
Apr 23 23:57:53 vm1 in.tftpd[14020]: RRQ from 10.222.21.2 filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz.0
Apr 23 23:57:53 vm1 in.tftpd[14020]: Client 10.222.21.2 File not found //images/centos7-x86_64-server:2:usip-lab/vmlinuz.0
Apr 23 23:57:53 vm1 in.tftpd[14021]: RRQ from 10.222.21.2 filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz.com
Apr 23 23:57:53 vm1 in.tftpd[14021]: Client 10.222.21.2 File not found //images/centos7-x86_64-server:2:usip-lab/vmlinuz.com
Apr 23 23:57:53 vm1 in.tftpd[14022]: RRQ from 10.222.21.2 filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz.c32
Apr 23 23:57:53 vm1 in.tftpd[14022]: Client 10.222.21.2 File not found //images/centos7-x86_64-server:2:usip-lab/vmlinuz.c32
Apr 23 23:57:53 vm1 in.tftpd[14023]: RRQ from 10.222.21.2 filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz
Apr 23 23:57:53 vm1 in.tftpd[14024]: RRQ from 10.222.21.2 filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
Apr 23 23:57:53 vm1 in.tftpd[14024]: Client 10.222.21.2 File not found //images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
Apr 23 23:57:53 vm1 in.tftpd[14025]: RRQ from 10.222.21.2 filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz.0
it looks it's a permission issue as when I try to view the cobbler folder from the IE it says donot have permission to view that page.
Below the the permission on the www directory and under cobbler, is that looks correct ?
[root at vm1 www]# ls -lZ
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 cobbler
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
[root at vm1 www]#
[root at vm1 www]# ls -lZ cobbler/
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 aux
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 images
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 ks_mirror
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 links
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 localmirror
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 pub
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 rendered
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 repo_mirror
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 svc
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 web
[root at vm1 www]# pwd
/var/www
[root at vm1 www]#
From: Paschedag, Robert [mailto:paschedag.netlution at swr.de]
Sent: Tuesday, April 24, 2018 11:03 AM
To: Afify, Sherif S (IBS) <Sherif.Afify at se1.bp.com<mailto:Sherif.Afify at se1.bp.com>>; spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
Subject: AW: PCX boot for spacewalk client
I'm sorry....that was my fault. Of course, have a look into /var/log/messages and search for "tftp"
[root at server log]# grep tftp /var/log/messages
Apr 23 11:09:40 server xinetd[1910]: START: tftp pid=23264 from=10.x.x.x
Apr 23 11:09:41 server in.tftpd[23265]: tftp: client does not accept options
Apr 23 11:09:41 server in.tftpd[23266]: Client 10.x.x.x finished pxelinux.0
Apr 23 11:09:41 server in.tftpd[23277]: Client 10.x.x.x finished pxelinux.cfg/default
Apr 23 11:09:41 server in.tftpd[23282]: Client 10.x.x.x finished menu.c32
Apr 23 11:09:41 server in.tftpd[23283]: Client 10.x.x.x finished pxelinux.cfg/default
Apr 23 11:09:48 server in.tftpd[23284]: Client 10.x.x.x finished /images/SLES11-SP4:1:SpacewalkDefaultOrganization/linux
Apr 23 11:09:57 server in.tftpd[23285]: Client 10.x.x.x finished /images/SLES11-SP4:1:SpacewalkDefaultOrganization/initrd
[root at server log]#
See the colons? No problem here on SW 2.7.
Robert
________________________________
Von: Afify, Sherif S (IBS) <Sherif.Afify at se1.bp.com<mailto:Sherif.Afify at se1.bp.com>>
Gesendet: Dienstag, 24. April 2018 10:48:49
An: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>; Paschedag, Robert
Betreff: PCX boot for spacewalk client
Hi Robert, the httpd error logs or access log do not show any thing , and the LogLevel in httpd is set to debug.
------------------------------
Message: 3
Date: Tue, 24 Apr 2018 06:50:30 +0000
From: "Paschedag, Robert" <paschedag.netlution at swr.de<mailto:paschedag.netlution at swr.de>>
To: "'spacewalk-list at redhat.com'" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Subject: Re: [Spacewalk-list] PCX boot for spacewalk client
Message-ID:
<DB7PR08MB30980E052FDE86B005F2577A99880 at DB7PR08MB3098.eurprd08.prod.outlook.com<mailto:DB7PR08MB30980E052FDE86B005F2577A99880 at DB7PR08MB3098.eurprd08.prod.outlook.com>>
Content-Type: text/plain; charset="windows-1252"
The colon sign is normally no problem. This is the default for all of our profiles and they work without a problem.
Please look into the webserver log in /var/log/httpd/ to check for errors.
Robert
________________________________
Von: spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com> <spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com>> im Auftrag von Afify, Sherif S (IBS) <Sherif.Afify at se1.bp.com<mailto:Sherif.Afify at se1.bp.com>>
Gesendet: Montag, 23. April 2018 18:50:36
An: 'spacewalk-list at redhat.com'
Betreff: [Spacewalk-list] PCX boot for spacewalk client
I managed configuring the cobbler via spacewalk but faced a new issue , when the client pxe boot start it start to give error that "could not find kernel image : /images/centos7-x86_64-server:1:USIP-LAB/vmlinuz"
I did some trouble shooting and the issue due to the directory name stored inside it the vmlinuz have ":" (/images/centos7-x86_64-server:1:USIP-LAB/vmlinuz").
I tried to rename it to another name do not have the ?:? sign it worked fine but every time I run ?cobbler sync? it put back the distor name created on spacewalk.
Is there a way to set the spacewalk to remove the ?:? sign ?
[cid:image001.png at 01D3DB33.F5F33C50]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2Fattachments%2F20180424%2F31abe2c3%2Fattachment.html&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Ccf0d55a21c5d45df72ed08d5a9c03799%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636601565387587373&sdata=1Q5dyRIdTyRO8a12tW7857kiGbfDl5UEvWrAZFNZw%2BI%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 36116 bytes
Desc: image001.png
URL: <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2Fattachments%2F20180424%2F31abe2c3%2Fattachment.png&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Ccf0d55a21c5d45df72ed08d5a9c03799%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636601565387587373&sdata=ZmO09pD3u0En%2B2VHzDCWbjSqgkIuvfIOaX8pzRxlEqk%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180425/8ba6c652/attachment.htm>
More information about the Spacewalk-list
mailing list