Installing Cobbler in CentOS 7

I’m evaluating Cobbler as my Linux installation and inventory server for my Configuration Management Database. I’ve heard good things about Cobbler and for now I’d like to share my installation steps with you. In this post I’m covering installation for cobbler and cobbler’s web interface.

Note: I’ll be updating this article if I found anything is missing, so please contact me with your feedback so I can add corrections.

Cobbler is available at the EPEL repository:

yum install epel-release -y

We’ll need some packages:

yum install cobbler cobbler-web pykickstart fence-agents xinetd setroubleshoot-server firewalld wget perl-LockFile-Simple perl-IO-Compress perl-Compress-Raw-Zlib perl-Digest-MD5 perl-Digest-SHA perl-Net-INET6Glue perl-LWP-Protocol-https -y

If you want to manage Debian/Ubuntu repositories, the debmirror script must be installed. It’s a perl script which can be downloaded from the Debian repository (look for the most recent version that fits you):

cd /tmp
wget http://ftp.es.debian.org/debian/pool/main/d/debmirror/debmirror_2.20.tar.xz
tar xf debmirror_2.20.tar.xz
cp debmirror/debmirror /usr/bin/

Cobbler uses Apache, and a TFTP server will be run using the xinetd server so we’ll enable and start some systemd services:

systemctl enable cobblerd
systemctl enable httpd
systemctl enable xinetd

systemctl start firewalld

I’ll add a firewall rule so my http and https services are open:

firewall-cmd –zone=public –add-service http –permanent
firewall-cmd –zone=public –add-service https –permanent
firewall-cmd –reload

SELinux –> If you follow my blog, you know I like to have SELinux running, so you can skip any block starting with SELinux in bolded letters. We’ll need the following booleans:

setsebool -P httpd_can_network_connect_cobbler 1
setsebool -P httpd_serve_cobbler_files 1

Time to start both Apache and Cobblerd:

systemctl start httpd
systemctl start cobblerd

We can check if cobbler is working:

cobbler –version (two dashes)

Cobbler 2.6.11
source: ?, ?
build time: Sun Jan 24 14:40:17 2016

We’ll need to configure a few things now. Set the IP address, your server will listen on. In my lab, the IP address is 192.168.2.1 so change it accordingly.

sed -i.bak ‘s/server: 127\.0\.0\.1/server: 192\.168\.2\.1/g’ /etc/cobbler/settings

The TFTP server will be started thanks to the Xinetd server:

sed -i.bak ‘/disable/c\\tdisable\t\t\t= no’ /etc/xinetd.d/tftp

systemctl start xinetd

We can download several network boot-loaders:

cobbler get-loaders (to download several network boot-loaders)

We can generate a new default password, choose a passprase and the password you prefer!

openssl passwd -1 -salt ‘A random passphrase, choose yours’ ‘your-password-here’ > /tmp/random_pass

sed -i.bak “/default_password_crypted:/c\default_password_crypted: \”$(cat /tmp/random_pass)\”” /etc/cobbler/settings

Once all the changes have been saved, restart the cobblerd daemon:

systemctl restart cobblerd

Now we can run a check to test if our configuration is good and ready. As I’m using SELinux I don’t care about the warning on “SELinux is enabled”.

cobbler check

The following are potential configuration items that you may want to fix:

1 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux

SELinux –> We have to add a new policy to avoid some SELinux issues.

yum install -y selinux-policy-devel

mkdir /root/policy
cd /root/policy
cat <<EOT > /root/policy/cobbler-web.te
policy_module(cobbler-web, 1.0)

gen_require(\`
type cobblerd_t;
type systemd_unit_file_t;
‘)

allow cobblerd_t systemd_unit_file_t:file getattr;
EOT

make -f /usr/share/selinux/devel/Makefile cobbler-web.pp

semodule -i cobbler-web.pp

Finally open the following URL, in my example my server is called cobbler.artemit.local. Please change your server name or IP address to one that fits your environment:

https://cobbler.artemit.local/cobbler_web

A certificate has been generated for SomeOrganization and it’s valid for 1 year, so deal with your browser’s SSL warning.

cobbler_screenshot

The default user is cobbler and the default password is cobbler.

That’s all for now, I’ll write some lines about configuration later, but don’t forget to read the official documentation.

 

Advertisements