Re: [Spacewalk-list] PCX boot for spacewalk client

[Afify, Sherif S (IBS)]

Ok I got the issue its all about SElinux , once I disabled it   worked fine.

But still need the selinux , I tried the below  steps :


  1.  If SELinux is enabled in enforcing mode on your system, configure SELinux 
for Cobbler operation as follows:
     *   Permit the httpd service to act as a proxy for Cobbler.
# setsebool -P httpd_can_network_connect=1

     *   Set the public_content_t file type on the /var/lib/tftpboot file and 
/var/www/cobbler/images directory hierarchies as follows:
c.  # /usr/sbin/semanage fcontext -a -t public_content_t "/var/lib/tftpboot/.*"
# /usr/sbin/semanage fcontext -a -t public_content_t 
"/var/www/cobbler/images/.*"
Note
The semanage command is provided by the policycoreutils-python package.

  1.  Restart the cobblerd service:
# service cobblerd restart


And it set the dir/file as shown below and the boot issue of the filename 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz not find is fixed.

[root@vm1 ~]# ls -lZ /var/lib/tftpboot/.
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 aarch64
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 etc
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 grub
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 images
-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 memdisk
-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 menu.c32
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 ppc
-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 pxelinux.0
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 pxelinux.cfg
drwxr-xr-x. root root system_u:object_r:public_content_t:s0 s390x
-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 yaboot
[root@vm1 ~]# ls -lZ /var/www/cobbler/
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 aux
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 images
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 ks_mirror
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 links
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 localmirror
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 pub
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 rendered
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 repo_mirror
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 svc
drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 web
[root@vm1 ~]#


But new issue appear when I try to run "cobbler sync" (check the below )

So my question what is right configuration for  SELinux for Cobbler ?


[root@vm1 ~]# cobbler sync
task started: 2018-04-24_182931_sync
task started (id=Sync, time=Tue Apr 24 18:29:31 2018)
running pre-sync triggers
cleaning trees
removing: /var/www/cobbler/images/centos7-x86_64-server:1:usip
removing: /var/lib/tftpboot/pxelinux.cfg/01-00-1a-4a-16-01-77
Exception occured: <type 'exceptions.OSError'>
Exception value: [Errno 13] Permission denied: 
'/var/lib/tftpboot/pxelinux.cfg/01-00-1a-4a-16-01-77'
Exception Info:
  File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1192, in rmfile
    os.unlink(path)

Exception occured: <class 'cobbler.cexceptions.CX'>
Exception value: 'Error deleting 
/var/lib/tftpboot/pxelinux.cfg/01-00-1a-4a-16-01-77'
Exception Info:
  File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 95, in run
    rc = self._run(self)
   File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 186, in 
runner
    return 
self.remote.api.sync(self.options.get("verbose",False),logger=self.logger)
   File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 609, in sync
    return sync.run()
   File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line 110, in 
run
    self.clean_trees()
   File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line 199, in 
clean_trees
    utils.rmtree_contents(self.pxelinux_dir,logger=self.logger)
   File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1204, in 
rmtree_contents
    rmtree(x,logger=logger)
   File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1209, in 
rmtree
    return rmfile(path,logger=logger)
   File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1198, in 
rmfile
    raise CX(_("Error deleting %s") % path)

!!! TASK FAILED !!!
[root@vm1 ~]#

From: Afify, Sherif S (IBS)
Sent: Tuesday, April 24, 2018 12:12 PM
To: Paschedag, Robert <paschedag.netlut...@swr.de>; spacewalk-list@redhat.com
Subject: RE: PCX boot for spacewalk client

Thanks rob, I got the same error I see on the console ,


Apr 23 23:57:53 vm1 in.tftpd[14018]: RRQ from 10.222.21.2 filename 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz
Apr 23 23:57:53 vm1 in.tftpd[14019]: RRQ from 10.222.21.2 filename 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
Apr 23 23:57:53 vm1 in.tftpd[14019]: Client 10.222.21.2 File not found 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
Apr 23 23:57:53 vm1 in.tftpd[14020]: RRQ from 10.222.21.2 filename 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.0
Apr 23 23:57:53 vm1 in.tftpd[14020]: Client 10.222.21.2 File not found 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.0
Apr 23 23:57:53 vm1 in.tftpd[14021]: RRQ from 10.222.21.2 filename 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.com
Apr 23 23:57:53 vm1 in.tftpd[14021]: Client 10.222.21.2 File not found 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.com
Apr 23 23:57:53 vm1 in.tftpd[14022]: RRQ from 10.222.21.2 filename 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.c32
Apr 23 23:57:53 vm1 in.tftpd[14022]: Client 10.222.21.2 File not found 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.c32
Apr 23 23:57:53 vm1 in.tftpd[14023]: RRQ from 10.222.21.2 filename 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz
Apr 23 23:57:53 vm1 in.tftpd[14024]: RRQ from 10.222.21.2 filename 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
Apr 23 23:57:53 vm1 in.tftpd[14024]: Client 10.222.21.2 File not found 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
Apr 23 23:57:53 vm1 in.tftpd[14025]: RRQ from 10.222.21.2 filename 
//images/centos7-x86_64-server:2:usip-lab/vmlinuz.0



it looks it's a permission issue as when I try to view the cobbler folder from 
the IE it says donot have permission to view that page.

Below the the permission on the www directory and under cobbler, is that looks 
correct ?

[root@vm1 www]# ls -lZ
drwxr-xr-x. root   root   system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 cobbler
drwxr-xr-x. root   root   system_u:object_r:httpd_sys_content_t:s0 html
[root@vm1 www]#

[root@vm1 www]# ls -lZ cobbler/
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 aux
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 images
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 ks_mirror
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 links
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 localmirror
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 pub
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 rendered
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 repo_mirror
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 svc
drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 web
[root@vm1 www]# pwd
/var/www
[root@vm1 www]#

From: Paschedag, Robert [mailto:paschedag.netlut...@swr.de]
Sent: Tuesday, April 24, 2018 11:03 AM
To: Afify, Sherif S (IBS) 
<sherif.af...@se1.bp.com<mailto:sherif.af...@se1.bp.com>>; 
spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
Subject: AW: PCX boot for spacewalk client


I'm sorry....that was my fault. Of course, have a look into /var/log/messages 
and search for "tftp"


[root@server log]# grep tftp /var/log/messages
Apr 23 11:09:40 server xinetd[1910]: START: tftp pid=23264 from=10.x.x.x
Apr 23 11:09:41 server in.tftpd[23265]: tftp: client does not accept options
Apr 23 11:09:41 server in.tftpd[23266]: Client 10.x.x.x finished pxelinux.0
Apr 23 11:09:41 server in.tftpd[23277]: Client 10.x.x.x finished 
pxelinux.cfg/default
Apr 23 11:09:41 server in.tftpd[23282]: Client 10.x.x.x finished menu.c32
Apr 23 11:09:41 server in.tftpd[23283]: Client 10.x.x.x finished 
pxelinux.cfg/default
Apr 23 11:09:48 server in.tftpd[23284]: Client 10.x.x.x finished 
/images/SLES11-SP4:1:SpacewalkDefaultOrganization/linux
Apr 23 11:09:57 server in.tftpd[23285]: Client 10.x.x.x finished 
/images/SLES11-SP4:1:SpacewalkDefaultOrganization/initrd
[root@server log]#


See the colons? No problem here on SW 2.7.



Robert



________________________________
Von: Afify, Sherif S (IBS) 
<sherif.af...@se1.bp.com<mailto:sherif.af...@se1.bp.com>>
Gesendet: Dienstag, 24. April 2018 10:48:49
An: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>; Paschedag, 
Robert
Betreff: PCX boot for spacewalk client

Hi Robert, the httpd error logs or access log do not show any thing , and the 
LogLevel in httpd is set to debug.


------------------------------

Message: 3
Date: Tue, 24 Apr 2018 06:50:30 +0000
From: "Paschedag, Robert" 
<paschedag.netlut...@swr.de<mailto:paschedag.netlut...@swr.de>>
To: "'spacewalk-list@redhat.com'" 
<spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>>
Subject: Re: [Spacewalk-list] PCX boot for spacewalk client
Message-ID:
        
<db7pr08mb30980e052fde86b005f2577a99...@db7pr08mb3098.eurprd08.prod.outlook.com<mailto:db7pr08mb30980e052fde86b005f2577a99...@db7pr08mb3098.eurprd08.prod.outlook.com>>

Content-Type: text/plain; charset="windows-1252"

The colon sign is normally no problem. This is the default for all of our 
profiles and they work without a problem.


Please look into the webserver log in /var/log/httpd/ to check for errors.


Robert




________________________________
Von: 
spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> 
<spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> 
im Auftrag von Afify, Sherif S (IBS) 
<sherif.af...@se1.bp.com<mailto:sherif.af...@se1.bp.com>>
Gesendet: Montag, 23. April 2018 18:50:36
An: 'spacewalk-list@redhat.com'
Betreff: [Spacewalk-list] PCX boot for spacewalk client




I managed configuring the cobbler via spacewalk but faced a new issue , when 
the client pxe boot start it start to give error that  "could not find kernel 
image : /images/centos7-x86_64-server:1:USIP-LAB/vmlinuz"



I did some trouble shooting and the issue due to the directory name stored 
inside it  the vmlinuz  have ":"  
(/images/centos7-x86_64-server:1:USIP-LAB/vmlinuz").



I tried to rename it to another name do not have the ?:? sign it worked fine 
but every time I run ?cobbler sync? it  put back the distor name created on 
spacewalk.



Is there a way to set the spacewalk to remove the ?:? sign ?



[cid:image001.png@01D3DB33.F5F33C50]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2Fattachments%2F20180424%2F31abe2c3%2Fattachment.html&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Ccf0d55a21c5d45df72ed08d5a9c03799%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636601565387587373&sdata=1Q5dyRIdTyRO8a12tW7857kiGbfDl5UEvWrAZFNZw%2BI%3D&reserved=0>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 36116 bytes
Desc: image001.png
URL: 
<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2Fattachments%2F20180424%2F31abe2c3%2Fattachment.png&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Ccf0d55a21c5d45df72ed08d5a9c03799%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636601565387587373&sdata=ZmO09pD3u0En%2B2VHzDCWbjSqgkIuvfIOaX8pzRxlEqk%3D&reserved=0>

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list