Re: [Spacewalk-list] PCX boot for spacewalk client

[Robert Paschedag]

Am 25. April 2018 06:43:58 MESZ schrieb "Afify, Sherif S (IBS)" 
<sherif.af...@se1.bp.com>:
>Ok I got the issue its all about SElinux , once I disabled it   worked
>fine.
>
>But still need the selinux , I tried the below  steps :
>
>
>1.  If SELinux is enabled in enforcing mode on your system, configure
>SELinux for Cobbler operation as follows:
>     *   Permit the httpd service to act as a proxy for Cobbler.
># setsebool -P httpd_can_network_connect=1
>
>*   Set the public_content_t file type on the /var/lib/tftpboot file
>and /var/www/cobbler/images directory hierarchies as follows:
>c.  # /usr/sbin/semanage fcontext -a -t public_content_t
>"/var/lib/tftpboot/.*"
># /usr/sbin/semanage fcontext -a -t public_content_t
>"/var/www/cobbler/images/.*"
>Note
>The semanage command is provided by the policycoreutils-python package.
>
>  1.  Restart the cobblerd service:
># service cobblerd restart
>
>
>And it set the dir/file as shown below and the boot issue of the
>filename //images/centos7-x86_64-server:2:usip-lab/vmlinuz not find is
>fixed.
>
>[root@vm1 ~]# ls -lZ /var/lib/tftpboot/.
>drwxr-xr-x. root root system_u:object_r:public_content_t:s0 aarch64
>drwxr-xr-x. root root system_u:object_r:public_content_t:s0 etc
>drwxr-xr-x. root root system_u:object_r:public_content_t:s0 grub
>drwxr-xr-x. root root system_u:object_r:public_content_t:s0 images
>-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 memdisk
>-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 menu.c32
>drwxr-xr-x. root root system_u:object_r:public_content_t:s0 ppc
>-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 pxelinux.0
>drwxr-xr-x. root root system_u:object_r:public_content_t:s0
>pxelinux.cfg
>drwxr-xr-x. root root system_u:object_r:public_content_t:s0 s390x
>-rw-r--r--. root root system_u:object_r:cobbler_var_lib_t:s0 yaboot
>[root@vm1 ~]# ls -lZ /var/www/cobbler/
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 aux
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 images
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0
>ks_mirror
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 links
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0
>localmirror
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 pub
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0
>rendered
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0
>repo_mirror
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 svc
>drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 web
>[root@vm1 ~]#
>
>
>But new issue appear when I try to run "cobbler sync" (check the below
>)
>
>So my question what is right configuration for  SELinux for Cobbler ?
>
>
>[root@vm1 ~]# cobbler sync
>task started: 2018-04-24_182931_sync
>task started (id=Sync, time=Tue Apr 24 18:29:31 2018)
>running pre-sync triggers
>cleaning trees
>removing: /var/www/cobbler/images/centos7-x86_64-server:1:usip
>removing: /var/lib/tftpboot/pxelinux.cfg/01-00-1a-4a-16-01-77
>Exception occured: <type 'exceptions.OSError'>
>Exception value: [Errno 13] Permission denied:
>'/var/lib/tftpboot/pxelinux.cfg/01-00-1a-4a-16-01-77'
>Exception Info:
>File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1192, in
>rmfile
>    os.unlink(path)
>
>Exception occured: <class 'cobbler.cexceptions.CX'>
>Exception value: 'Error deleting
>/var/lib/tftpboot/pxelinux.cfg/01-00-1a-4a-16-01-77'
>Exception Info:
>File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 95, in
>run
>    rc = self._run(self)
>File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 186, in
>runner
>return
>self.remote.api.sync(self.options.get("verbose",False),logger=self.logger)
>File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 609, in
>sync
>    return sync.run()
>File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line
>110, in run
>    self.clean_trees()
>File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line
>199, in clean_trees
>    utils.rmtree_contents(self.pxelinux_dir,logger=self.logger)
>File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1204, in
>rmtree_contents
>    rmtree(x,logger=logger)
>File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1209, in
>rmtree
>    return rmfile(path,logger=logger)
>File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 1198, in
>rmfile
>    raise CX(_("Error deleting %s") % path)
>
>!!! TASK FAILED !!!
>[root@vm1 ~]#
>
>From: Afify, Sherif S (IBS)
>Sent: Tuesday, April 24, 2018 12:12 PM
>To: Paschedag, Robert <paschedag.netlut...@swr.de>;
>spacewalk-list@redhat.com
>Subject: RE: PCX boot for spacewalk client
>
>Thanks rob, I got the same error I see on the console ,
>
>
>Apr 23 23:57:53 vm1 in.tftpd[14018]: RRQ from 10.222.21.2 filename
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz
>Apr 23 23:57:53 vm1 in.tftpd[14019]: RRQ from 10.222.21.2 filename
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
>Apr 23 23:57:53 vm1 in.tftpd[14019]: Client 10.222.21.2 File not found
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
>Apr 23 23:57:53 vm1 in.tftpd[14020]: RRQ from 10.222.21.2 filename
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.0
>Apr 23 23:57:53 vm1 in.tftpd[14020]: Client 10.222.21.2 File not found
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.0
>Apr 23 23:57:53 vm1 in.tftpd[14021]: RRQ from 10.222.21.2 filename
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.com
>Apr 23 23:57:53 vm1 in.tftpd[14021]: Client 10.222.21.2 File not found
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.com
>Apr 23 23:57:53 vm1 in.tftpd[14022]: RRQ from 10.222.21.2 filename
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.c32
>Apr 23 23:57:53 vm1 in.tftpd[14022]: Client 10.222.21.2 File not found
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.c32
>Apr 23 23:57:53 vm1 in.tftpd[14023]: RRQ from 10.222.21.2 filename
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz
>Apr 23 23:57:53 vm1 in.tftpd[14024]: RRQ from 10.222.21.2 filename
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
>Apr 23 23:57:53 vm1 in.tftpd[14024]: Client 10.222.21.2 File not found
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.cbt
>Apr 23 23:57:53 vm1 in.tftpd[14025]: RRQ from 10.222.21.2 filename
>//images/centos7-x86_64-server:2:usip-lab/vmlinuz.0
>
>
>
>it looks it's a permission issue as when I try to view the cobbler
>folder from the IE it says donot have permission to view that page.
>
>Below the the permission on the www directory and under cobbler, is
>that looks correct ?
>
>[root@vm1 www]# ls -lZ
>drwxr-xr-x. root   root   system_u:object_r:httpd_sys_script_exec_t:s0
>cgi-bin
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0
>cobbler
>drwxr-xr-x. root   root   system_u:object_r:httpd_sys_content_t:s0 html
>[root@vm1 www]#
>
>[root@vm1 www]# ls -lZ cobbler/
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 aux
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 images
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0
>ks_mirror
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 links
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0
>localmirror
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 pub
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0
>rendered
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0
>repo_mirror
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 svc
>drwxrwxrwx. apache apache system_u:object_r:cobbler_var_lib_t:s0 web
>[root@vm1 www]# pwd
>/var/www
>[root@vm1 www]#
>
>From: Paschedag, Robert [mailto:paschedag.netlut...@swr.de]
>Sent: Tuesday, April 24, 2018 11:03 AM
>To: Afify, Sherif S (IBS)
><sherif.af...@se1.bp.com<mailto:sherif.af...@se1.bp.com>>;
>spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
>Subject: AW: PCX boot for spacewalk client
>
>
>I'm sorry....that was my fault. Of course, have a look into
>/var/log/messages and search for "tftp"
>
>
>[root@server log]# grep tftp /var/log/messages
>Apr 23 11:09:40 server xinetd[1910]: START: tftp pid=23264
>from=10.x.x.x
>Apr 23 11:09:41 server in.tftpd[23265]: tftp: client does not accept
>options
>Apr 23 11:09:41 server in.tftpd[23266]: Client 10.x.x.x finished
>pxelinux.0
>Apr 23 11:09:41 server in.tftpd[23277]: Client 10.x.x.x finished
>pxelinux.cfg/default
>Apr 23 11:09:41 server in.tftpd[23282]: Client 10.x.x.x finished
>menu.c32
>Apr 23 11:09:41 server in.tftpd[23283]: Client 10.x.x.x finished
>pxelinux.cfg/default
>Apr 23 11:09:48 server in.tftpd[23284]: Client 10.x.x.x finished
>/images/SLES11-SP4:1:SpacewalkDefaultOrganization/linux
>Apr 23 11:09:57 server in.tftpd[23285]: Client 10.x.x.x finished
>/images/SLES11-SP4:1:SpacewalkDefaultOrganization/initrd
>[root@server log]#
>
>
>See the colons? No problem here on SW 2.7.
>
>
>
>Robert
>
>
>
>________________________________
>Von: Afify, Sherif S (IBS)
><sherif.af...@se1.bp.com<mailto:sherif.af...@se1.bp.com>>
>Gesendet: Dienstag, 24. April 2018 10:48:49
>An: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>;
>Paschedag, Robert
>Betreff: PCX boot for spacewalk client
>
>Hi Robert, the httpd error logs or access log do not show any thing ,
>and the LogLevel in httpd is set to debug.
>
>
>------------------------------
>
>Message: 3
>Date: Tue, 24 Apr 2018 06:50:30 +0000
>From: "Paschedag, Robert"
><paschedag.netlut...@swr.de<mailto:paschedag.netlut...@swr.de>>
>To: "'spacewalk-list@redhat.com'"
><spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>>
>Subject: Re: [Spacewalk-list] PCX boot for spacewalk client
>Message-ID:
><db7pr08mb30980e052fde86b005f2577a99...@db7pr08mb3098.eurprd08.prod.outlook.com<mailto:db7pr08mb30980e052fde86b005f2577a99...@db7pr08mb3098.eurprd08.prod.outlook.com>>
>
>Content-Type: text/plain; charset="windows-1252"
>
>The colon sign is normally no problem. This is the default for all of
>our profiles and they work without a problem.
>
>
>Please look into the webserver log in /var/log/httpd/ to check for
>errors.
>
>
>Robert
>
>
>
>
>________________________________
>Von:
>spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>
><spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>>
>im Auftrag von Afify, Sherif S (IBS)
><sherif.af...@se1.bp.com<mailto:sherif.af...@se1.bp.com>>
>Gesendet: Montag, 23. April 2018 18:50:36
>An: 'spacewalk-list@redhat.com'
>Betreff: [Spacewalk-list] PCX boot for spacewalk client
>
>
>
>
>I managed configuring the cobbler via spacewalk but faced a new issue ,
>when the client pxe boot start it start to give error that  "could not
>find kernel image : /images/centos7-x86_64-server:1:USIP-LAB/vmlinuz"
>
>
>
>I did some trouble shooting and the issue due to the directory name
>stored inside it  the vmlinuz  have ":" 
>(/images/centos7-x86_64-server:1:USIP-LAB/vmlinuz").
>
>
>
>I tried to rename it to another name do not have the ?:? sign it worked
>fine but every time I run ?cobbler sync? it  put back the distor name
>created on spacewalk.
>
>
>
>Is there a way to set the spacewalk to remove the ?:? sign ?
>
>
>
>[cid:image001.png@01D3DB33.F5F33C50]
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2Fattachments%2F20180424%2F31abe2c3%2Fattachment.html&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Ccf0d55a21c5d45df72ed08d5a9c03799%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636601565387587373&sdata=1Q5dyRIdTyRO8a12tW7857kiGbfDl5UEvWrAZFNZw%2BI%3D&reserved=0>
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: image001.png
>Type: image/png
>Size: 36116 bytes
>Desc: image001.png
>URL:
><https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2Fattachments%2F20180424%2F31abe2c3%2Fattachment.png&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Ccf0d55a21c5d45df72ed08d5a9c03799%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636601565387587373&sdata=ZmO09pD3u0En%2B2VHzDCWbjSqgkIuvfIOaX8pzRxlEqk%3D&reserved=0>

There should already be correct selinux settings. Look in 
/etc/selinux/policy/targeted/context/ files.

I don't know the exact path right now but you should find it.

Robert
-- 
sent from my mobile device

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list