Thanks James, that's great news. Am I to assume that we are recommending 2.2.1-1 for all stable installations at this point, and 2.3.1 is a development build only? and as such not really recommended for production usage? Thanks, James Clendenan On Wed, Apr 11, 2012 at 8:35 PM, James Cammarata <jimi(a)sngx.net&gt; wrote:

Excellent! Good work James! -- Grtz, Jörgen Maas

Just attempted to upgrade cobbler to 2.2.1 from EPEL (CentOS 6 x86_64) and I'm now encountering an error. Has anyone experienced this or a solution? sudo /etc/init.d/cobblerd restart Stopping cobbler daemon: [FAILED] Starting cobbler daemon: Traceback (most recent call last): File "/usr/bin/cobblerd", line 76, in main api = cobbler_api.BootAPI(is_cobblerd=True) File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 130, in __init__ self.deserialize() File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 795, in deserialize return self._config.deserialize() File "/usr/lib/python2.6/site-packages/cobbler/config.py", line 266, in deserialize raise CX("serializer: error loading collection %s. Check /etc/cobbler/modules.conf" % item.collection_type()) CX: 'serializer: error loading collection distro. Check /etc/cobbler/modules.conf' Googling doesn't show too much yet and I'm not too interested in messing around with the python as one sources suggests removing some exception catching (bad practice to begin with). On Thu, Apr 12, 2012 at 6:06 AM, Greg Swift <gregswift(a)gmail.com&gt; wrote: -- Jack Peterson Jack.Peterson(a)gmail.com (425) 372 - 8514 (Cell)

On 12.04.2012 19:17, Robert Jacobson wrote: There have been some changes in the configuration files. Look for .rpmnew files in /etc/cobbler and diff them to the old one. The same applies to /etc/httpd/conf.d/cobbler.conf HTH Luc

Thanks, just redoing the settings + modules.conf files helped get things running. I encountered some SELinux issues as well. Side note: with SELinux enforcing cobbler check fails to locate apache. with it set to permissive everything works fine. I'll have to dig into it a little later :-) On Thu, Apr 12, 2012 at 10:40 AM, James Cammarata <jimi(a)sngx.net&gt; wrote: -- Jack Peterson Jack.Peterson(a)gmail.com (425) 372 - 8514 (Cell)

On 4/12/2012 1:40 PM, James Cammarata wrote: Thanks, going through that now. A few questions: Where is the "default kickstart template"? I thought it would be /var/lib/cobbler/kickstarts/default.ks, but "$kickstart_start/_done" doesn't appear in that file (or any file in /var/lib/cobbler/kickstarts/) There are several references to $SNIPPET('kickstart_start') in those files, but nothing to $SNIPPET('kickstart_start')/done or $kickstart_start/_done In any case , as Jack Peterson mentioned, there appears to be a SELinux issue. I ran setroubleshoot: Apr 12 13:58:24 GS-444-E10285 setroubleshoot: SELinux is preventing /usr/bin/python from write access on the directory /var/www/cobbler/rendered. For complete SELinux messages. run sealert -l 528b9bb7-e539-4d67-a82a-c89fb7fbc01e [root@GS-444-E10285 cobbler]# sealert -l 528b9bb7-e539-4d67-a82a-c89fb7fbc01e SELinux is preventing /usr/bin/python from write access on the directory /var/www/cobbler/rendered. ***** Plugin restorecon (99.5 confidence) suggests ************************* If you want to fix the label. /var/www/cobbler/rendered default label should be cobbler_var_lib_t. Then you can run restorecon. Do # /sbin/restorecon -v /var/www/cobbler/rendered ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that python should be allowed write access on the rendered directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp The directory /var/www/cobbler/rendered doesn't exist -- where'd it go? I looked on my another test server (which still has cobbler 2.0) and the rendered directory exists -- did updating to 2.2.1 delete it? In any case, since /var/www/cobbler/rendered didn't exist I couldn't run restorecon -- so I did the obvious: - created /var/www/cobbler/rendered - ran /sbin/restorecon -v /var/www/cobbler/rendered Then I started cobblerd successfully. I also restarted httpd. Now Iwhen I try to login to the web interface, the browser reports "Internal server error"; setroubleshoot shows I'm getting SELinux errors on the sessions: Apr 12 14:48:54 GS-444-E10285 setroubleshoot: SELinux is preventing /usr/sbin/httpd from write access on the directory /var/lib/cobbler/webui_sessions/sessionidc784de1d76c5e28c949a78aaafb414de. For complete SELinux messages. run sealert -l 5775d69f-80d1-4283-afa0-1860bb3aed60 # sealert -l 5775d69f-80d1-4283-afa0-1860bb3aed60 SELinux is preventing /usr/sbin/httpd from write access on the directory /var/lib/cobbler/webui_sessions/sessionidc784de1d76c5e28c949a78aaafb414de. ***** Plugin restorecon (99.5 confidence) suggests ************************* If you want to fix the label. /var/lib/cobbler/webui_sessions/sessionidc784de1d76c5e28c949a78aaafb414de default label should be httpd_sys_rw_content_t. Then you can run restorecon. Do # /sbin/restorecon -v /var/lib/cobbler/webui_sessions/sessionidc784de1d76c5e28c949a78aaafb414de ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that httpd should be allowed write access on the sessionidc784de1d76c5e28c949a78aaafb414de directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp # ll /var/lib/cobbler/webui_sessions/ total 0 # ll -Zd /var/lib/cobbler/webui_sessions/ drwxrwxr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 /var/lib/cobbler/webui_sessions// I tried running restorecon on /var/lib/cobbler/webui_sessions/ but this did not resolve the login issue. I also tried running the SELinux-related commands from cobbler check: # /usr/sbin/semanage fcontext -a -t httpd_sys_content_rw_t "/var/lib/cobbler/webui_sessions/.*" # /usr/sbin/semanage fcontext -a -t public_content_t "/var/lib/tftpboot/.*" && /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*" (NOTE: there is an error in the "cobbler check" output, the quotes are in the wrong place: /usr/sbin/semanage fcontext -a -t public_content_t "/var/lib/tftpboot/.*" && /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler"/images/.* ) In any case, that did not resolve the login issue. Any ideas? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Robert Jacobson Robert.C.Jacobson(a)nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591

On Thu, Apr 12, 2012 at 2:11 PM, Robert Jacobson <robert.c.jacobson(a)nasa.gov&gt; wrote: I don't think so, I believe it was moved to /var/lib/cobbler from /usr/share/cobbler in 2.2 and should remain there going forward.

On Thu, Apr 12, 2012 at 2:27 PM, Robert Jacobson <robert.c.jacobson(a)nasa.gov&gt; wrote: Just a quick follow-up: Issue #139 has been opened to track/correct the incorrect label reported above.

Backup /etc/cobbler/modules.conf, then copy over /etc/cobbler/modules.conf.rpmnew to modules.conf. make your changes and restart cobbler. ________________________________ Eddie Velez Senior UNIX Systems Administrator 2560 N. First Street San Jose, CA 95131 408-904-4136 Office 408-307-1632 Cell [cid:image001.gif@01CD1895.A2952710]<http://www.emulex.com/> [cid:image002.gif@01CD1895.A2952710]<http://www.twitter.com/emulex>[cid:image003.gif@01CD1895.A2952710]<http://www.friendfeed.com/emulex>[cid:image004.gif@01CD1895.A2952710]<http://www.google.com/reader/shared/emulexinc>[cid:image005.gif@01CD1895.A2952710]<http://www.facebook.com/pages/Emulex-Corporation/116933412473>[cid:image006.gif@01CD1895.A2952710]<http://www.slideshare.net/emulex>[cid:image007.gif@01CD1895.A2952710]<http://www.emulex.com/rss.xml>[cid:image008.gif@01CD1895.A2952710]<http://www.youtube.com/EmulexVideo>[cid:image009.gif@01CD1895.A2952710]<http://www.emulex.com/resources/blogs.html> From: cobbler-bounces(a)lists.fedorahosted.org [mailto:cobbler-bounces@lists.fedorahosted.org] On Behalf Of Jack Peterson Sent: Thursday, April 12, 2012 10:11 AM To: cobbler mailing list Subject: Re: [cobbler] [RELEASE] 2.2.2-1 now available Just attempted to upgrade cobbler to 2.2.1 from EPEL (CentOS 6 x86_64) and I'm now encountering an error. Has anyone experienced this or a solution? sudo /etc/init.d/cobblerd restart Stopping cobbler daemon: [FAILED] Starting cobbler daemon: Traceback (most recent call last): File "/usr/bin/cobblerd", line 76, in main api = cobbler_api.BootAPI(is_cobblerd=True) File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 130, in __init__ self.deserialize() File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 795, in deserialize return self._config.deserialize() File "/usr/lib/python2.6/site-packages/cobbler/config.py", line 266, in deserialize raise CX("serializer: error loading collection %s. Check /etc/cobbler/modules.conf" % item.collection_type()) CX: 'serializer: error loading collection distro. Check /etc/cobbler/modules.conf' Googling doesn't show too much yet and I'm not too interested in messing around with the python as one sources suggests removing some exception catching (bad practice to begin with). On Thu, Apr 12, 2012 at 6:06 AM, Greg Swift <gregswift@gmail.com<mailto:gregswift@gmail.com>> wrote: awesome. Guess I need to get around to updating my primary systems now (my pre-prod box is already running that version) _______________________________________________ cobbler mailing list cobbler@lists.fedorahosted.org<mailto:cobbler@lists.fedorahosted.org> https://fedorahosted.org/mailman/listinfo/cobbler -- Jack Peterson Jack.Peterson@gmail.com<mailto:Jack.Peterson@gmail.com> (425) 372 - 8514 (Cell)