Cobbler issue w/buildiso and is_selinux_enabled
by Henry Kemp
I just saw the cobbler buildiso functionality and decided to have a play
with it but it looks to be failing on working out if selinux is enabled.
I'm running this on a Centos 5.2 i386 box and it looks as though the
is_selinux_enabled function in utils.py is calling the
/usr/sbin/selinuxenabled binary from the libselinux RPM that is
installed and returns ok.
# /usr/sbin/selinuxenabled && echo $?
0
# cobbler version
cobbler 1.3.4
build date : Wed Dec 17 10:48:44 2008
git hash : 642faeb69dc16670d4ce5e6485758fbfed680f33
git date : Wed Dec 17 10:24:00 2008 +0000
# cobbler buildiso
- using/creating tempdir: /tmp/buildiso
- building tree for isolinux
- copying miscellaneous files
'NoneType' object has no attribute 'is_selinux_enabled'
File "/usr/lib/python2.4/site-packages/cobbler/cobbler.py", line 83,
in main
rc = BootCLI().run(sys.argv)
File "/usr/lib/python2.4/site-packages/cobbler/cobbler.py", line 61,
in run
return self.loader.run(args)
File "/usr/lib/python2.4/site-packages/cobbler/commands.py", line 122,
in run
return fn.run()
File "/usr/lib/python2.4/site-packages/cobbler/modules/cli_misc.py",
line 237, in run
tempdir=self.options.tempdir
File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 651, in
build_iso
return builder.run(
File "/usr/lib/python2.4/site-packages/cobbler/action_buildiso.py",
line 118, in run
utils.copyfile(f, os.path.join(isolinuxdir, os.path.basename(f)))
File "/usr/lib/python2.4/site-packages/cobbler/utils.py", line 884, in
copyfile
restorecon(dst,api)
File "/usr/lib/python2.4/site-packages/cobbler/utils.py", line 915, in
restorecon
if not api.is_selinux_enabled():
Rgds,
Henry
15 years, 4 months
utils.os_release() broken for RHEL 4 and 5
by Vreman, Peter
Current cobbler devel does not start anymore on RHEL. The problem is the os_release() detection code.
Stopping cobbler daemon: [FAILED]
Starting cobbler daemon: Traceback (most recent call last):
File "/usr/bin/cobblerd", line 102, in ?
main()
File "/usr/bin/cobblerd", line 90, in main
api = bootapi.BootAPI(log_settings=log_settings)
File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 96, in __init__
self.os_version = utils.os_release()
File "/usr/lib/python2.4/site-packages/cobbler/utils.py", line 750, in os_release
return (make, float(version), rest)
ValueError: invalid literal for float(): 5server
Below are relevant RHEL 4.6 and 5.2 outputs that can be used for the os detection:
# cat /etc/redhat-release
Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
# rpm -q --whatprovides redhat-release
redhat-release-4AS-7
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.2 (Tikanga)
# rpm -q --whatprovides redhat-release
redhat-release-5Server-5.2.0.4
Regards,
Peter
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
15 years, 4 months
[PATCH] qemu-kvm cannot emulate other architectures, however x86_64 guest can run x86 distros. Unset arch when doing kvm installs and allow virtinst.FullVirtInstall() to determine the host architecture for us
by James Laska
---
koan/qcreate.py | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/koan/qcreate.py b/koan/qcreate.py
index bb3a9c2..0b49739 100755
--- a/koan/qcreate.py
+++ b/koan/qcreate.py
@@ -60,6 +60,7 @@ def start_install(name=None, ram=None, disks=None, mac=None,
vtype = "qemu"
if virtinst.util.is_kvm_capable():
vtype = "kvm"
+ arch = None # let virtinst.FullVirtGuest() default to the host arch
elif virtinst.util.is_kqemu_capable():
vtype = "kqemu"
print "- using qemu hypervisor, type=%s" % vtype
--
1.6.0.4
15 years, 4 months
(devel/important) SELinux for EL 4 is unsupported
by Michael DeHaan
The code to make SELinux work on EL 4 is a train wreck due to the
differing policy types, while it's actually pretty easy to do on EL 5.
Rather than risking getting it wrong, those who want to run SELinux with
Cobbler /really/ should be using it on EL 5 or Fedora.
--Michael
15 years, 4 months
(devel) summary of SELinux changes
by Michael DeHaan
I've been doing a good amount of testing with Cobbler on SELinux, and
basically there are a few things that have been changed:
(A) Anton's patch to do the SELinux contexts for koan LVM parititions
(B) Closing file descriptors any time there is a subprocess call
(close_fds=True) throughout cobbler.
(C) Calling restorecon in various copies within cobbler to ensure
tftpboot context (among other things) is correct.
Combing all of these changes together should make Cobbler + koan SELinux
happy again. When testing, you are encouraged to run in permissive mode
(strict if you like) and also have
setroubleshoot installed.
The goal should be that there are /no/ warnings from setroubleshoot
whatsoever from running any Cobbler or koan operation. If you see any,
let us know.
This worked nicely for previous Cobbler versions on older OS's, but as
SELinux grows in scope and the policy changes, it's important to keep an
eye out for these things -- especially because Cobbler is glue between a
lot of different things that all need to play nice with one another.
Thanks!
--Michael
15 years, 4 months
Issue PXE booting memtest image through cobbler
by Henry Kemp
Hello - I've been looking at the image functionality within cobbler and
I've been having difficulty getting the instructions on PXE booting into
memtest to work (https://fedorahosted.org/cobbler/wiki/MemTest).
We're running the most recent version from the devel branch.
# cobbler version
cobbler 1.3.4
build date : Mon Dec 15 10:59:32 2008
git hash : b90eca66940d602093502a5084d81d01a4d81f4f
git date : Sat Dec 13 12:04:27 2008 -0500
When I add the system with a Centos 5.2 profile and do a sync it creates
the dhcp and pxe entries as expected.
# cobbler system add --name=build-test1 --profile=CentOS-5.2-i386
--hostname=build-test1 --mac=xx:xx:xx:xx:xx:xx --ip=y.y.y.y
However when I install the memtest RPM and set the client to PXE boot
into memtest I get the output below (and the same output whenever I try
to do a "cobbler sync").
# yum -y install memtest86+
# cobbler image add --name=memtest86 --file=/tftpboot/memtest86+-1.65
--image-type=direct
# cobbler system edit --name=build-test1 --image=memtest86
# cobbler system edit --name=build-test1 --image=memtest86
'NoneType' object has no attribute 'startswith'
File "/usr/lib/python2.4/site-packages/cobbler/cobbler.py", line 77,
in main
rc = BootCLI().run(sys.argv)
File "/usr/lib/python2.4/site-packages/cobbler/cobbler.py", line 57,
in run
return self.loader.run(args)
File "/usr/lib/python2.4/site-packages/cobbler/commands.py", line 122,
in run
return fn.run()
File "/usr/lib/python2.4/site-packages/cobbler/modules/cli_system.py",
line 252, in run
rc = self.object_manipulator_finish(obj, self.api.systems, self.options)
File "/usr/lib/python2.4/site-packages/cobbler/commands.py", line 418,
in object_manipulator_finish
rc = collect_fn().add(obj, save=True, with_sync=opt_sync,
with_triggers=opt_triggers, check_for_duplicate_netinfo=check_dup)
File "/usr/lib/python2.4/site-packages/cobbler/collection.py", line
263, in add
self.lite_sync.add_single_system(ref.name)
File "/usr/lib/python2.4/site-packages/cobbler/action_litesync.py",
line 144, in add_single_system
self.sync.pxegen.write_all_system_files(system)
File "/usr/lib/python2.4/site-packages/cobbler/pxegen.py", line 221,
in write_all_system_files
self.write_pxe_file(f2,system,None,None,None,image=profile)
File "/usr/lib/python2.4/site-packages/cobbler/pxegen.py", line 405,
in write_pxe_file
elif arch.startswith("ppc"):
I've tried disabling dhcp management and I get the same error message so
it looks as though something is happening in the tftp/pxe config file
generation. Any suggestions would be greatfully appreciated!
Rgds,
Henry
15 years, 4 months
Patch to allow finer grained control of BIND zone statements
by Jeffrey Ollie
In my environment I need to have finer-grained control of the BIND
zone statements generated by cobbler, so I cooked up a quick patch
that lets me do stuff like this:
#for $zone in $forward_zones
zone "$zone" in {
type master;
file "$zone";
allow-query {
any;
};
allow-transfer {
localhost;
X.X.X.X;
Y.Y.Y.Y;
};
};
#end for
#for $zone, $arpa in $reverse_zones
zone "$arpa" in {
type master;
file "$zone";
allow-query {
any;
};
allow-transfer {
localhost;
X.X.X.X;
Y.Y.Y.Y;
};
};
#end for
I've attached a version of the patch against devel, I have versions of
the patch for both devel and master in my git repo:
git://fedorapeople.org/home/fedora/jcollie/public_git/cobbler.git
branches "devel-bindzone" and "master-bindzone"
--
Jeff Ollie
"You know, I used to think it was awful that life was so unfair. Then
I thought, wouldn't it be much worse if life were fair, and all the
terrible things that happen to us come because we actually deserve
them? So, now I take great comfort in the general hostility and
unfairness of the universe."
-- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon"
15 years, 4 months
EPEL
by Adam Leach
Are there any plans to include a 1.3 release in the EPEL packages anytime
soon? I know I can build it from the source rpm's myself, but I was just
wondering for others that I've been recommending cobbler to and all 1.3's
wonderful new features....
--
Adam Leach
BS Computer/Electrical Engineering
West Virginia University
Systems Administrator - Raytheon
(304)677-4455
15 years, 4 months
[PATCH] added ubuntu breed to distro_edit.tmpl
by Henry Kemp
This patch lets you specify a distro as being an Ubuntu breed (you can
already do it on the command line).
---
webui_templates/distro_edit.tmpl | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/webui_templates/distro_edit.tmpl
b/webui_templates/distro_edit.tmpl
index 43e7325..6eac4bf 100644
--- a/webui_templates/distro_edit.tmpl
+++ b/webui_templates/distro_edit.tmpl
@@ -239,6 +239,11 @@ function disablename(value)
#else
<input type="radio" name="breed" id="breed" value="debian">Debian
#end if
+ #if $distro and $distro.breed == "ubuntu"
+ <input type="radio" name="breed" id="breed" value="ubuntu"
checked>Ubuntu
+ #else
+ <input type="radio" name="breed" id="breed" value="ubuntu">Ubuntu
+ #end if
#if $distro and $distro.breed == "suse"
<input type="radio" name="breed" id="breed" value="suse"
checked>SuSE
#else
--
1.5.5.1
15 years, 4 months
[PATCH] SELinux: make context type of the LV persistent
by Anton Arapov
Modify SELinux policy in order to make the context type of the LVM logical
volumes persistent.
---
koan/app.py | 17 +++++++++++++----
1 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/koan/app.py b/koan/app.py
index 5031bed..8ad2890 100755
--- a/koan/app.py
+++ b/koan/app.py
@@ -1420,11 +1420,20 @@ class Koan:
args = "/usr/sbin/selinuxenabled"
selinuxenabled = sub_process.call(args)
if selinuxenabled == 0:
- # permissive or enforcing or something else, and
- # set appropriate security context for LVM partition
- args = "/usr/bin/chcon -t virt_image_t %s" % partition_location
+ # required context type
+ context_type = "virt_image_t"
+
+ # change security context type to required one
+ args = "/usr/bin/chcon -t %s %s" % (context_type, partition_location)
+ print "%s" % args
+ change_context = sub_process.call(args, close_fds=True, shell=True)
+
+ # modify SELinux policy in order to preserve security context
+ # between reboots
+ args = "/usr/sbin/semanage fcontext -a -t %s %s" % (context_type, partition_location)
print "%s" % args
- change_context = sub_process.call(args, shell=True)
+ change_context |= sub_process.call(args, close_fds=True, shell=True)
+
if change_context != 0:
raise InfoException, "SELinux security context setting to LVM partition failed"
--
1.6.0.4
15 years, 4 months