HOWTO Configure Cobbler on Fedora or Red Hat

From Consultancy.EdVoncken.NET

Contents 1 Preparation 1.1 Fedora 1.2 Red Hat or CentOS 2 Installation 3 Configuration 4 Troubleshooting 5 Navigation

Preparation

Fedora

I used Fedora 12 x86_64 on a MacBook Pro. Cobbler packages are available from the standard Fedora repositories.

Red Hat or CentOS

Make sure you have the EPEL repository available.

Installation

Install at least the following software:

 cobbler
 cobbler-web
 dnsmasq
 httpd
 mod_dav_svn
 rsync
 subversion
 tftp-server
 viewvc
 xinetd
 yum-utils

You will also want to install the following utility - Cobbler picks it up and offers it in the PXE boot menu after running "cobbler sync", a nice way to run a hardware test:

 memtest86+

You should be using SElinux for better protection against security issues. For Cobbler, we should tell SElinux to allow network access from Apache. This is needed because Apache is used as a kind of proxy server for Cobbler:

 # setsebool -P httpd_can_network_connect=1

If you do not configure SElinux correctly, you may receive the following error message from "cobbler check":

 httpd does not appear to be running and proxying cobbler

Configure Apache and Cobbler to start automatically:

 # chkconfig httpd on
 # service httpd start
 # chkconfig cobblerd on
 # service cobblerd start

Configuration

Check your setup:

 # cobbler check

 The following are potential configuration items that you may want to fix:
 
 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost,
      or kickstarting features will not work.  This should be a resolvable hostname or IP for
      the boot server as reachable by all machines that will use it.
 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set
      to something other than 127.0.0.1, and should match the IP of the boot server on
      the PXE network.
 3 : you need to set some SELinux content rules to ensure cobbler works correctly in your
      SELinux environment, run the following:
      /usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && \
      /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*"
 4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run
      'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64
      netbooting, you may ensure that you have installed a *recent* version of the syslinux
      package installed and can ignore this message entirely.  Files in this directory, should
      you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot.
     The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
 5 : change 'disable' to 'no' in /etc/xinetd.d/tftp
 6 : change 'disable' to 'no' in /etc/xinetd.d/rsync
 7 : since iptables may be running, ensure 69, 80, and 25151 are unblocked
 8 : debmirror package is not installed, it will be required to manage debian deployments and repositories
 9 : The default password used by the sample templates for newly installed machines
      (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed,
      try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
 
 Restart cobblerd and then run 'cobbler sync' to apply changes.

OK, let's fix these issues and re-check:

 # chkconfig tftp on
 # chkconfig rsync on
 
 # /usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && \
    /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*"
 
 # cobbler get-loaders

Troubleshooting

Cobbler and SELinux tend to fight quite a bit. The issues are slowly being solved, but they are irritating. Do not forget to read the logfiles (/var/log/cobbler/tasks/) for more information about any problems you may encounter.

rsync fails during "cobbler import"

The SELinux policy prevents rsync from accessing /var/www/cobbler/ks_mirror/. Refer to ticket 503 for more information. Apply a workaround on your Cobbler server as follows:

 setsebool -P rsync_disable_trans on

rsync fails during "cobbler replicate"

Make sure you have the rsync server running on the Cobbler master (chkconfig rsync on). On all Cobbler master and slave servers, apply the following workaround:

 setsebool -P rsync_disable_trans on

Navigation

• HOWTO Build your own provisioning server
  • HOWTO Configure Cobbler on Fedora or Red Hat
  • HOWTO Set up a Subversion repository for provisioning
  • HOWTO Set up a Post-Install environment for provisioning
  • HOWTO Set up a Yum repository for provisioning