Bismillah
what is cobbler?
Cobbler is a Linux installation server that allows for rapid setup of network installation environments
http://cobbler.github.com/
Installing cobber
[root@lb-1 ~]# yum install cobbler Loaded plugins: fastestmirror, security Determining fastest mirrors * base: mirror.optus.net * epel: ftp.riken.jp * extras: mirror.optus.net * updates: mirror.optus.net base | 1.1 kB 00:00 epel | 3.7 kB 00:00 epel/primary_db | 3.8 MB 00:53 extras | 2.1 kB 00:00 updates | 1.9 kB 00:00 updates/primary_db | 866 kB 00:18 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package cobbler.noarch 0:2.2.3-2.el5 set to be updated --> Processing Dependency: yum-utils for package: cobbler --> Processing Dependency: tftp-server for package: cobbler --> Processing Dependency: python-simplejson for package: cobbler --> Processing Dependency: python-netaddr for package: cobbler --> Processing Dependency: python-cheetah for package: cobbler --> Processing Dependency: mod_wsgi for package: cobbler --> Processing Dependency: mkisofs for package: cobbler --> Processing Dependency: createrepo for package: cobbler --> Processing Dependency: PyYAML for package: cobbler --> Running transaction check ---> Package PyYAML.x86_64 0:3.08-4.el5 set to be updated --> Processing Dependency: libyaml-0.so.1()(64bit) for package: PyYAML ---> Package createrepo.noarch 0:0.4.11-3.el5 set to be updated ---> Package mkisofs.x86_64 9:2.01-10.7.el5 set to be updated ---> Package mod_wsgi.x86_64 0:3.2-2.el5 set to be updated ---> Package python-cheetah.x86_64 0:2.0.1-1.el5 set to be updated ---> Package python-netaddr.noarch 0:0.5.2-1.el5 set to be updated ---> Package python-simplejson.x86_64 0:2.0.9-8.el5 set to be updated ---> Package tftp-server.x86_64 0:0.49-2.el5.centos set to be updated --> Processing Dependency: xinetd for package: tftp-server ---> Package yum-utils.noarch 0:1.1.16-21.el5.centos set to be updated --> Running transaction check ---> Package libyaml.x86_64 0:0.1.2-3.el5 set to be updated ---> Package xinetd.x86_64 2:2.3.14-16.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================= Installing: cobbler noarch 2.2.3-2.el5 epel 795 k Installing for dependencies: PyYAML x86_64 3.08-4.el5 epel 176 k createrepo noarch 0.4.11-3.el5 base 59 k libyaml x86_64 0.1.2-3.el5 epel 53 k mkisofs x86_64 9:2.01-10.7.el5 base 608 k mod_wsgi x86_64 3.2-2.el5 epel 71 k python-cheetah x86_64 2.0.1-1.el5 epel 544 k python-netaddr noarch 0.5.2-1.el5 epel 206 k python-simplejson x86_64 2.0.9-8.el5 base 141 k tftp-server x86_64 0.49-2.el5.centos base 32 k xinetd x86_64 2:2.3.14-16.el5 base 127 k yum-utils noarch 1.1.16-21.el5.centos base 74 k Transaction Summary ============================================================================================================================================================= Install 12 Package(s) Upgrade 0 Package(s) Total download size: 2.8 M Is this ok [y/N]: y [root@lb-1 ~]# yum install cobbler-web Dependencies Resolved ============================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================= Installing: cobbler-web noarch 2.2.3-2.el5 epel 304 k Installing for dependencies: Django noarch 1.1.4-1.el5 epel 4.0 M distcache x86_64 1.4.5-14.1 base 121 k mod_ssl x86_64 1:2.2.3-65.el5.centos updates 95 k Transaction Summary ============================================================================================================================================================= Install 4 Package(s) Upgrade 0 Package(s) Total download size: 4.5 M Is this ok [y/N]: ystart the service
[root@lb-1 ~]# /etc/init.d/cobblerd start
Starting cobbler daemon: No module named ctypes
Traceback (most recent call last):
File "/usr/bin/cobblerd", line 76, in main
api = cobbler_api.BootAPI(is_cobblerd=True)
File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 127, in __init__
module_loader.load_modules()
File "/usr/lib/python2.4/site-packages/cobbler/module_loader.py", line 62, in load_modules
blip = __import__("modules.%s" % ( modname), globals(), locals(), [modname])
File "/usr/lib/python2.4/site-packages/cobbler/modules/authn_pam.py", line 53, in ?
from ctypes import CDLL, POINTER, Structure, CFUNCTYPE, cast, pointer, sizeof
ImportError: No module named ctypes
cobbler need python module named ctypes, ok lets install that.
[root@lb-1 ~]# yum install python-ctypes Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: mirror.optus.net * epel: ftp.riken.jp * extras: mirror.optus.net * updates: mirror.optus.net Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package python-ctypes.x86_64 0:1.0.2-3.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================= Installing: python-ctypes x86_64 1.0.2-3.el5 base 210 k Transaction Summary ============================================================================================================================================================= Install 1 Package(s) Upgrade 0 Package(s) Total download size: 210 k Is this ok [y/N]: ystart the service now
[root@lb-1 ~]# /etc/init.d/cobblerd restart Stopping cobbler daemon: [FAILED] Starting cobbler daemon: [ OK ]Check the installation again using cobbler check
[root@lb-1 ~]# cobbler check
httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback:
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/cobbler/cli.py", line 184, in check_setup
s.ping()
File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib64/python2.4/xmlrpclib.py", line 1137, in request
headers
ProtocolError:
ok from the error message we need to start the web server
[root@lb-1 ~]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: Syntax error on line 10 of /etc/httpd/conf.d/cobbler.conf:
Invalid command 'WSGIScriptAliasMatch', perhaps misspelled or defined by a module not included in the server configuration
[FAILED]
we failed to start the web server, it's said we need to load wsgi module
check the module first
[root@lb-1 conf.d]# rpm -qa | grep mod_wsgi mod_wsgi-3.2-2.el5the module already install, next the web server configuration
[root@lb-1 ~]# cd /etc/httpd/conf.d/ [root@lb-1 conf.d]# ls cobbler.conf cobbler_web.conf php.conf proxy_ajp.conf README ssl.conf welcome.conf wsgi.confok we found it at wsgi.conf. just unmark the LoadModule
[root@lb-1 conf.d]# vi wsgi.conf ################################################################################# # mod_python and mod_wsgi compatibility note ################################################################################# # mod_wsgi will deadlock if run in daemon mode while mod_python is enabled # do not enable both mod_python and mod_wsgi if you are going to use the # WSGIDaemonProcess directive # In previous version of mod_wsgi, apache would segfault when both mod_wsgi # and mod_python were enabled. This update does not guarantee that will not # happen. ################################################################################# # Do not enable mod_python and mod_wsgi in the same apache process. ################################################################################# LoadModule wsgi_module modules/mod_wsgi.sorestart the web server
[root@lb-1 conf.d]# /etc/init.d/httpd restart Stopping httpd: [FAILED] Starting httpd: [ OK ]check the installation, again!
[root@lb-1 conf.d]# cobbler check
httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback:
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/cobbler/cli.py", line 184, in check_setup
s.ping()
File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib64/python2.4/xmlrpclib.py", line 1137, in request
headers
ProtocolError:
Whoaa, we still have the error message, :-)
lets take a look at audit.log, maybe there's a clue there.
[root@lb-1 conf.d]# grep cobbler /var/log/audit/audit.log | audit2why
[root@lb-1 conf.d]# grep httpd /var/log/audit/audit.log | audit2why
type=AVC msg=audit(1348017941.735:42): avc: denied { name_connect } for pid=3621 comm="httpd" dest=25151 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings; check boolean settings.
You can see the necessary allow rules by running audit2allow with this audit message as input.
type=AVC msg=audit(1348017978.187:45): avc: denied { name_connect } for pid=23479 comm="httpd" dest=25151 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings; check boolean settings.
You can see the necessary allow rules by running audit2allow with this audit message as input.
type=AVC msg=audit(1348017992.713:48): avc: denied { name_connect } for pid=24327 comm="httpd" dest=25151 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings; check boolean settings.
You can see the necessary allow rules by running audit2allow with this audit message as input.
Ahaa... so the SELinux preventing the httpd,
just make a selinux module to enable it.
[root@lb-1 conf.d]# grep httpd /var/log/audit/audit.log | audit2allow -M httpdcobbler ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i httpdcobbler.ppInstall the selinux module
[root@lb-1 conf.d]# semodule -i httpdcobbler.ppOR using setsebool
setsebool -P httpd_can_network_connect truerun cobbler check again,and ..
[root@lb-1 conf.d]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in /etc/xinetd.d/rsync
6 : since iptables may be running, ensure 69, 80/443, and 25151 are unblocked
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : ksvalidator was not found, install pykickstart
9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
Restart cobblerd and then run 'cobbler sync' to apply changes.
Alhamdulillah, it's run now.
next I will explain how to configuring cobbler, like make a profile, kickstart etc.
nice one.
ReplyDeleteHi,
ReplyDeleteRather than using audit2allow for the SElinux, I think you just need to
setsebool httpd_can_connect_cobbler=on
Hi, that also can
DeleteThanks