[CentOS] cobbler fails to recognize semanage rules

Sat Dec 18 15:56:35 UTC 2010
bluethundr <bluethundr at gmail.com>

I am having a bit of trouble setting up cobbler on this machine.



cobbler check points out a few things to correct:

[root at VIRTCENT04:~]#cobbler check
The following are potential configuration items that you may want to fix:

1 : you need to set some SELinux content rules to ensure cobbler
serves content correctly in your SELinux environment, run the
following: /usr/sbin/semanage fcontext -a -t public_content_t
"/tftpboot/.*" && /usr/sbin/semanage fcontext -a -t public_content_t
"/var/www/cobbler/images/.*"
2 : you need to set some SELinux rules if you want to use cobbler-web
(an optional package), run the following: /usr/sbin/semanage fcontext
-a -t httpd_sys_content_rw_t "/var/lib/cobbler/webui_sessions/.*"
3 : some network boot-loaders are missing from
/var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to
download them, or, if you only want to handle x86/x86_64 netbooting,
you may ensure that you have installed a *recent* version of the
syslinux package installed and can ignore this message entirely.
Files in this directory, should you want to support all architectures,
should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The
'cobbler get-loaders' command is the easiest way to resolve these
requirements.
4 : since iptables may be running, ensure 69, 80, and 25151 are unblocked
5 : debmirror package is not installed, it will be required to manage
debian deployments and repositories
6 : The default password used by the sample templates for newly
installed machines (default_password_crypted in /etc/cobbler/settings)
is still set to 'cobbler' and should be changed, try: "openssl passwd
-1 -salt 'random-phrase-here' 'your-password-here'" to generate new
one

Restart cobblerd and then run 'cobbler sync' to apply changes.





I try to apply the first suggestion:

[root at VIRTCENT04:~]#/usr/sbin/semanage fcontext -a -t public_content_t
"/tftpboot/.*" && /usr/sbin/semanage fcontext -a -t public_content_t
"/var/www/cobbler/images/.*"
/usr/sbin/semanage: File context for /tftpboot/.* already defined

And the system points out that the rules are already defined by semanage.


the cobbler service restarts:

[root at VIRTCENT04:~]#service cobblerd restart
Stopping cobbler daemon:                                   [  OK  ]
Starting cobbler daemon:                                   [  OK  ]
[root at VIRTCENT04:~]#SERVING!


sync is fine


[root at VIRTCENT04:~]#cobbler sync
task started: 2010-12-18_105137_sync
task started (id=Sync, time=Sat Dec 18 10:51:37 2010)
running pre-sync triggers
cleaning trees
removing: /tftpboot/pxelinux.cfg/default
removing: /tftpboot/s390x/profile_list
copying bootloaders
copying: /usr/lib/syslinux/pxelinux.0 -> /tftpboot/pxelinux.0
copying: /usr/lib/syslinux/menu.c32 -> /tftpboot/menu.c32
copying: /boot/memtest86+-1.65 -> /tftpboot/memtest86+-1.65
copying: /usr/lib/syslinux/memdisk -> /tftpboot/memdisk
copying distros
copying images
generating PXE configuration files
rendering Rsync files
generating PXE menu structure
running post-sync triggers
*** TASK COMPLETE ***


run cobbler check again:

[root at VIRTCENT04:~]#cobbler check
The following are potential configuration items that you may want to fix:

1 : you need to set some SELinux content rules to ensure cobbler
serves content correctly in your SELinux environment, run the
following: /usr/sbin/semanage fcontext -a -t public_content_t
"/tftpboot/.*" && /usr/sbin/semanage fcontext -a -t public_content_t
"/var/www/cobbler/images/.*"
2 : you need to set some SELinux rules if you want to use cobbler-web
(an optional package), run the following: /usr/sbin/semanage fcontext
-a -t httpd_sys_content_rw_t "/var/lib/cobbler/webui_sessions/.*"
3 : some network boot-loaders are missing from
/var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to
download them, or, if you only want to handle x86/x86_64 netbooting,
you may ensure that you have installed a *recent* version of the
syslinux package installed and can ignore this message entirely.
Files in this directory, should you want to support all architectures,
should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The
'cobbler get-loaders' command is the easiest way to resolve these
requirements.
4 : since iptables may be running, ensure 69, 80, and 25151 are unblocked
5 : debmirror package is not installed, it will be required to manage
debian deployments and repositories
6 : The default password used by the sample templates for newly
installed machines (default_password_crypted in /etc/cobbler/settings)
is still set to 'cobbler' and should be changed, try: "openssl passwd
-1 -salt 'random-phrase-here' 'your-password-here'" to generate new
one

Restart cobblerd and then run 'cobbler sync' to apply changes.

same thing... what can I do to get beyond this infinite loop?
-- 
GPG me!!

gpg --keyserver pgp.mit.edu --recv-keys F186197B