Fix Cobbler error at first install

Bismillah
what is cobbler?
Cobbler is a Linux installation server that allows for rapid setup of network installation environments
http://cobbler.github.com/

Installing cobber
[root@lb-1 ~]# yum install cobbler
Loaded plugins: fastestmirror, security
Determining fastest mirrors
 * base: mirror.optus.net
 * epel: ftp.riken.jp
 * extras: mirror.optus.net
 * updates: mirror.optus.net
base                                                                                                                                  | 1.1 kB     00:00     
epel                                                                                                                                  | 3.7 kB     00:00     
epel/primary_db                                                                                                                       | 3.8 MB     00:53     
extras                                                                                                                                | 2.1 kB     00:00     
updates                                                                                                                               | 1.9 kB     00:00     
updates/primary_db                                                                                                                    | 866 kB     00:18     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package cobbler.noarch 0:2.2.3-2.el5 set to be updated
--> Processing Dependency: yum-utils for package: cobbler
--> Processing Dependency: tftp-server for package: cobbler
--> Processing Dependency: python-simplejson for package: cobbler
--> Processing Dependency: python-netaddr for package: cobbler
--> Processing Dependency: python-cheetah for package: cobbler
--> Processing Dependency: mod_wsgi for package: cobbler
--> Processing Dependency: mkisofs for package: cobbler
--> Processing Dependency: createrepo for package: cobbler
--> Processing Dependency: PyYAML for package: cobbler
--> Running transaction check
---> Package PyYAML.x86_64 0:3.08-4.el5 set to be updated
--> Processing Dependency: libyaml-0.so.1()(64bit) for package: PyYAML
---> Package createrepo.noarch 0:0.4.11-3.el5 set to be updated
---> Package mkisofs.x86_64 9:2.01-10.7.el5 set to be updated
---> Package mod_wsgi.x86_64 0:3.2-2.el5 set to be updated
---> Package python-cheetah.x86_64 0:2.0.1-1.el5 set to be updated
---> Package python-netaddr.noarch 0:0.5.2-1.el5 set to be updated
---> Package python-simplejson.x86_64 0:2.0.9-8.el5 set to be updated
---> Package tftp-server.x86_64 0:0.49-2.el5.centos set to be updated
--> Processing Dependency: xinetd for package: tftp-server
---> Package yum-utils.noarch 0:1.1.16-21.el5.centos set to be updated
--> Running transaction check
---> Package libyaml.x86_64 0:0.1.2-3.el5 set to be updated
---> Package xinetd.x86_64 2:2.3.14-16.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                                   Arch                           Version                                         Repository                    Size
=============================================================================================================================================================
Installing:
 cobbler                                   noarch                         2.2.3-2.el5                                     epel                         795 k
Installing for dependencies:
 PyYAML                                    x86_64                         3.08-4.el5                                      epel                         176 k
 createrepo                                noarch                         0.4.11-3.el5                                    base                          59 k
 libyaml                                   x86_64                         0.1.2-3.el5                                     epel                          53 k
 mkisofs                                   x86_64                         9:2.01-10.7.el5                                 base                         608 k
 mod_wsgi                                  x86_64                         3.2-2.el5                                       epel                          71 k
 python-cheetah                            x86_64                         2.0.1-1.el5                                     epel                         544 k
 python-netaddr                            noarch                         0.5.2-1.el5                                     epel                         206 k
 python-simplejson                         x86_64                         2.0.9-8.el5                                     base                         141 k
 tftp-server                               x86_64                         0.49-2.el5.centos                               base                          32 k
 xinetd                                    x86_64                         2:2.3.14-16.el5                                 base                         127 k
 yum-utils                                 noarch                         1.1.16-21.el5.centos                            base                          74 k

Transaction Summary
=============================================================================================================================================================
Install      12 Package(s)
Upgrade       0 Package(s)

Total download size: 2.8 M
Is this ok [y/N]: y

[root@lb-1 ~]# yum install cobbler-web
Dependencies Resolved

=============================================================================================================================================================
 Package                              Arch                            Version                                         Repository                        Size
=============================================================================================================================================================
Installing:
 cobbler-web                          noarch                          2.2.3-2.el5                                     epel                             304 k
Installing for dependencies:
 Django                               noarch                          1.1.4-1.el5                                     epel                             4.0 M
 distcache                            x86_64                          1.4.5-14.1                                      base                             121 k
 mod_ssl                              x86_64                          1:2.2.3-65.el5.centos                           updates                           95 k

Transaction Summary
=============================================================================================================================================================
Install       4 Package(s)
Upgrade       0 Package(s)

Total download size: 4.5 M
Is this ok [y/N]: y


start the service
[root@lb-1 ~]# /etc/init.d/cobblerd start
Starting cobbler daemon: No module named ctypes
Traceback (most recent call last):
  File "/usr/bin/cobblerd", line 76, in main
    api = cobbler_api.BootAPI(is_cobblerd=True)
  File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 127, in __init__
    module_loader.load_modules()
  File "/usr/lib/python2.4/site-packages/cobbler/module_loader.py", line 62, in load_modules
    blip =  __import__("modules.%s" % ( modname), globals(), locals(), [modname])
  File "/usr/lib/python2.4/site-packages/cobbler/modules/authn_pam.py", line 53, in ?
    from ctypes import CDLL, POINTER, Structure, CFUNCTYPE, cast, pointer, sizeof
ImportError: No module named ctypes

cobbler need python module named ctypes, ok lets install that.
[root@lb-1 ~]# yum install python-ctypes
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: mirror.optus.net
 * epel: ftp.riken.jp
 * extras: mirror.optus.net
 * updates: mirror.optus.net
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package python-ctypes.x86_64 0:1.0.2-3.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                                   Arch                               Version                                 Repository                        Size
=============================================================================================================================================================
Installing:
 python-ctypes                             x86_64                             1.0.2-3.el5                             base                             210 k

Transaction Summary
=============================================================================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 210 k
Is this ok [y/N]: y

start the service now
[root@lb-1 ~]# /etc/init.d/cobblerd restart
Stopping cobbler daemon:                                   [FAILED]
Starting cobbler daemon:                                   [  OK  ]

Check the installation again using cobbler check
[root@lb-1 ~]# cobbler check
httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback:
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/cobbler/cli.py", line 184, in check_setup
    s.ping()
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1137, in request
    headers
ProtocolError: 
ok from the error message we need to start the web server
[root@lb-1 ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: Syntax error on line 10 of /etc/httpd/conf.d/cobbler.conf:
Invalid command 'WSGIScriptAliasMatch', perhaps misspelled or defined by a module not included in the server configuration
                                                           [FAILED]
we failed to start the web server, it's said we need to load wsgi module
check the module first
[root@lb-1 conf.d]# rpm -qa | grep mod_wsgi
mod_wsgi-3.2-2.el5
the module already install, next the web server configuration
[root@lb-1 ~]# cd /etc/httpd/conf.d/
[root@lb-1 conf.d]# ls
cobbler.conf  cobbler_web.conf  php.conf  proxy_ajp.conf  README  ssl.conf  welcome.conf  wsgi.conf
ok we found it at wsgi.conf.
just unmark the LoadModule
[root@lb-1 conf.d]# vi wsgi.conf 

#################################################################################
# mod_python and mod_wsgi compatibility note
#################################################################################
# mod_wsgi will deadlock if run in daemon mode while mod_python is enabled
# do not enable both mod_python and mod_wsgi if you are going to use the
# WSGIDaemonProcess directive
# In previous version of mod_wsgi, apache would segfault when both mod_wsgi
# and mod_python were enabled.  This update does not guarantee that will not
# happen.
#################################################################################
# Do not enable mod_python and mod_wsgi in the same apache process.
#################################################################################

LoadModule wsgi_module modules/mod_wsgi.so
restart the web server
[root@lb-1 conf.d]# /etc/init.d/httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd:                                            [  OK  ]

check the installation, again!
[root@lb-1 conf.d]# cobbler check
httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback:
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/cobbler/cli.py", line 184, in check_setup
    s.ping()
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1137, in request
    headers
ProtocolError: 
Whoaa, we still have the error message, :-)
lets take a look at audit.log, maybe there's a clue there.
[root@lb-1 conf.d]# grep cobbler /var/log/audit/audit.log | audit2why
[root@lb-1 conf.d]# grep httpd /var/log/audit/audit.log | audit2why
type=AVC msg=audit(1348017941.735:42): avc:  denied  { name_connect } for  pid=3621 comm="httpd" dest=25151 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
 Was caused by:
  Missing or disabled TE allow rule.
  Allow rules may exist but be disabled by boolean settings; check boolean settings.
  You can see the necessary allow rules by running audit2allow with this audit message as input.

type=AVC msg=audit(1348017978.187:45): avc:  denied  { name_connect } for  pid=23479 comm="httpd" dest=25151 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
 Was caused by:
  Missing or disabled TE allow rule.
  Allow rules may exist but be disabled by boolean settings; check boolean settings.
  You can see the necessary allow rules by running audit2allow with this audit message as input.

type=AVC msg=audit(1348017992.713:48): avc:  denied  { name_connect } for  pid=24327 comm="httpd" dest=25151 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
 Was caused by:
  Missing or disabled TE allow rule.
  Allow rules may exist but be disabled by boolean settings; check boolean settings.
  You can see the necessary allow rules by running audit2allow with this audit message as input.
Ahaa... so the SELinux preventing the httpd,
just make a selinux module to enable it.
[root@lb-1 conf.d]# grep httpd /var/log/audit/audit.log | audit2allow -M httpdcobbler
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i httpdcobbler.pp

Install the selinux module
[root@lb-1 conf.d]# semodule -i httpdcobbler.pp

OR using setsebool
setsebool -P httpd_can_network_connect true
run cobbler check again,and ..
[root@lb-1 conf.d]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
    https://github.com/cobbler/cobbler/wiki/Selinux
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in /etc/xinetd.d/rsync
6 : since iptables may be running, ensure 69, 80/443, and 25151 are unblocked
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : ksvalidator was not found, install pykickstart
9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one

Restart cobblerd and then run 'cobbler sync' to apply changes.

Alhamdulillah, it's run now.
next I will explain how to configuring cobbler, like make a profile, kickstart etc.

Comments

  1. Hi,

    Rather than using audit2allow for the SElinux, I think you just need to
    setsebool httpd_can_connect_cobbler=on

    ReplyDelete

Post a Comment