Docker OpenShift OpenStack and Containerization: June 2015

Disclaimer:

Some of the commands used in this article can be detrimental in terms of operability functionality and security in your setup or environment which the writer does not hold any responsibility of.

Use these commands at your own risk, responsibility and understanding.

==========================================================

Cobbler setup on FC21 32bit Fedora release 21 (Twenty One) Kernel 4.0.4-201.fc21.i686

with Cobbler at

cobbler-2.6.6-1.fc21.noarch

cobbler-web-2.6.6-1.fc21.noarch

Also the underlying setup was Oracle VirtualBox

++++++++++++++++++

Common Error messages accessing server https://<server_name_or_ip>/cobbler_web

[root@test httpd]# tail -f ssl_error_log

[Sun Jun 07 08:49:22.222082 2015] [ssl:warn] [pid 16863] AH01906: 192.168.10.102:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

[Sun Jun 07 08:49:22.222812 2015] [ssl:warn] [pid 16863] AH01909: 192.168.10.102:443:0 server certificate does NOT include an ID which matches the server name

[Sun Jun 07 08:49:22.354169 2015] [ssl:warn] [pid 16863] AH01906: 192.168.10.102:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

[Sun Jun 07 08:49:22.354232 2015] [ssl:warn] [pid 16863] AH01909: 192.168.10.102:443:0 server certificate does NOT include an ID which matches the server name

[Sun Jun 07 08:51:27.060917 2015] [ssl:warn] [pid 17370] AH01906: 192.168.10.102:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

[Sun Jun 07 08:51:27.061053 2015] [ssl:warn] [pid 17370] AH01909: 192.168.10.102:443:0 server certificate does NOT include an ID which matches the server name

[Sun Jun 07 08:51:27.287013 2015] [ssl:warn] [pid 17370] AH01906: 192.168.10.102:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

[Sun Jun 07 08:51:27.287013 2015] [ssl:warn] [pid 17370] AH01909: 192.168.10.102:443:0 server certificate does NOT include an ID which matches the server name

[Sun Jun 07 08:52:41.971789 2015] [wsgi:error] [pid 17390] [remote 192.168.10.101:65535] mod_wsgi (pid=17390): Exception occurred processing WSGI script '/usr/share/cobbler/web/cobbler.wsgi'.

[Sun Jun 07 08:52:41.972316 2015] [wsgi:error] [pid 17390] [remote 192.168.10.101:65535] IOError: failed to write data

++++++++++++++++++++++++++++++++++

Errors during cobbler sync

[root@test conf.d]# cobbler sync

httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback:

Traceback (most recent call last):

File "/usr/lib/python2.7/site-packages/cobbler/cli.py", line 252, in check_setup

s.ping()

File "/usr/lib/python2.7/xmlrpclib.py", line 1224, in __call__

return self.__send(self.__name, args)

File "/usr/lib/python2.7/xmlrpclib.py", line 1578, in __request

verbose=self.__verbose

File "/usr/lib/python2.7/xmlrpclib.py", line 1264, in request

return self.single_request(host, handler, request_body, verbose)

File "/usr/lib/python2.7/xmlrpclib.py", line 1312, in single_request

response.msg,

ProtocolError: <ProtocolError for 192.168.10.102:443/cobbler_api: 400 Bad Request>

++++++++++++++++++++++++++++++++++++++++++++++

[root@test conf.d]# cobbler check

httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback:

Traceback (most recent call last):

File "/usr/lib/python2.7/site-packages/cobbler/cli.py", line 252, in check_setup

s.ping()

File "/usr/lib/python2.7/xmlrpclib.py", line 1224, in __call__

return self.__send(self.__name, args)

File "/usr/lib/python2.7/xmlrpclib.py", line 1578, in __request

verbose=self.__verbose

File "/usr/lib/python2.7/xmlrpclib.py", line 1264, in request

return self.single_request(host, handler, request_body, verbose)

File "/usr/lib/python2.7/xmlrpclib.py", line 1292, in single_request

self.send_content(h, request_body)

File "/usr/lib/python2.7/xmlrpclib.py", line 1439, in send_content

connection.endheaders(request_body)

File "/usr/lib/python2.7/httplib.py", line 991, in endheaders

self._send_output(message_body)

File "/usr/lib/python2.7/httplib.py", line 844, in _send_output

self.send(msg)

File "/usr/lib/python2.7/httplib.py", line 806, in send

self.connect()

File "/usr/lib/python2.7/httplib.py", line 787, in connect

self.timeout, self.source_address)

File "/usr/lib/python2.7/socket.py", line 571, in create_connection

To get accross the above issue there needs a bit of things to be done which are as below.

a) /etc/httpd/conf/httpd.conf looked like this (I was using an IP of 192.168.10.102 with the HTTPD listening on 443)

/etc/httpd/conf/httpd.conf

====================================

ServerRoot "/etc/httpd"

Listen *:443

Include conf.modules.d/*.conf

User apache

Group apache

ServerAdmin root@localhost

ServerName 192.168.10.102:443

AllowOverride none

Require all denied

</Directory>

DocumentRoot "/var/www"

AllowOverride None

Require all granted

</Directory>

Options Indexes FollowSymLinks

AllowOverride None

Require all granted

</Directory>

DirectoryIndex index.html

</IfModule>

Require all denied

</Files>

ErrorLog "logs/error_log"

LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %b" common

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

</IfModule>

CustomLog "logs/access_log" combined

</IfModule>

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>

AllowOverride None

Options None

Require all granted

</Directory>

TypesConfig /etc/mime.types

AddType application/x-compress .Z

AddType application/x-gzip .gz .tgz

AddType text/html .shtml

AddOutputFilter INCLUDES .shtml

</IfModule>

AddDefaultCharset UTF-8

MIMEMagicFile conf/magic

</IfModule>

EnableSendfile on

IncludeOptional conf.d/*.conf

/etc/httpd/conf.d/ssl.conf

====================================

Also to be noted with use of ssl.conf HTTPS is in use which also needs creation of the

self signed certificate.

which is explained in the next step

==========================================================

SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

SSLSessionCache shmcb:/run/httpd/sslcache(512000)

SSLSessionCacheTimeout 300

SSLRandomSeed startup file:/dev/urandom 256

SSLRandomSeed connect builtin

SSLCryptoDevice builtin

ServerName 192.168.10.102:443

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite PROFILE=SYSTEM

SSLCertificateFile /etc/pki/tls/certs/example.com.cert

SSLCertificateKeyFile /etc/pki/tls/private/example.com.key

SSLOptions +StdEnvVars

</Files>

SSLRequireSSL

</IfModule>

NSSRequireSSL

</IfModule>

SetEnv VIRTUALENV

Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all

</Directory>

SSLRequireSSL

</IfModule>

NSSRequireSSL

</IfModule>

Options +Indexes +FollowSymLinks

AllowOverride None

Order allow,deny

Allow from all

</Directory>

BrowserMatch "MSIE [2-5]" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

======================================================

Creation of the SSL Self Signed certificate and key

#openssl req -new -newkey rsa:1024 -keyout example.com.key -x509 example.com.cert

Snippet whicha appears is as below.

..............................++++++

writing new private key to 'example.com.key'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

Verify failure

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:<Enter the country code here>

State or Province Name (full name) []:<Province Name here>

Locality Name (eg, city) [Default City]:<Cibty here>

Organization Name (eg, company) [Default Company Ltd]:<Name of the Organization>

Organizational Unit Name (eg, section) []:<Name of OU>

Common Name (eg, your name or your server's hostname) []:<Name of the server>

Email Address []:<The Contact E-mail Address>

+++++++++++++++++++++++++++++++++++++++

The above generates the example.com.key and the example.com.cert which are to be placed at appropriate location

as per the Defintions in ssl.conf

For example place the certificate file at /etc/pki/tls/certs/

and

the Key file at

/etc/pki/tls/private/

This is how /etc/httpd/conf.d/cobbler.conf looked

===================================================

AliasMatch ^/cblr(?!/svc/)(.*)?$ "/var/www/cobbler$1"

AliasMatch ^/cobbler_track(.*)?$ "/var/www/cobbler$1"

Alias /cobbler /var/www/cobbler

Alias /cobbler_webui_content /var/www/cobbler_webui_content

WSGIScriptAliasMatch ^/cblr/svc/([^/]*) /var/www/cobbler/svc/services.py

SetEnv VIRTUALENV

Options Indexes FollowSymLinks

Order allow,deny

Allow from all

</Directory>

ProxyRequests off

ProxyPass /cobbler_api http://localhost:25151/

ProxyPassReverse /cobbler_api http://localhost:25151/

BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On

Options Indexes FollowSymLinks

Order allow,deny

Allow from all

</Directory>

This is now /etc/httpd/conf.d/cobbler_web.conf looked

=======================================================

SSLRequireSSL

</IfModule>

NSSRequireSSL

</IfModule>

SetEnv VIRTUALENV

Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all

</Directory>

SSLRequireSSL

</IfModule>

NSSRequireSSL

</IfModule>

Options +Indexes +FollowSymLinks

AllowOverride None

Order allow,deny

Allow from all

</Directory>

WSGISocketPrefix /var/run/wsgi

WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi

WSGIDaemonProcess cobbler_web display-name=%{GROUP}

WSGIProcessGroup cobbler_web

Require all granted

</Location>

</IfVersion>

+++++++++++++++++++++++++++++++++++++++++++++++++++++

Once these are in place do Restart HTTPD and Cobbler

In higher versions of LINUX you can use systemctl

[root@test ~]# service httpd restart

Redirecting to /bin/systemctl restart httpd.service

Enter SSL pass phrase for 192.168.10.102:443 (RSA) : *********

[root@test ~]#

#service cobblerd restart

=======================================

For HTTPs and COBBLER here is how the cobbler settings file looks like

---

allow_duplicate_hostnames: 0

allow_duplicate_ips: 0

allow_duplicate_macs: 0

allow_dynamic_settings: 0

anamon_enabled: 0

authn_pam_service: "login"

auth_token_expiration: 3600

build_reporting_enabled: 0

build_reporting_sender: ""

build_reporting_email: [ 'root@localhost' ]

build_reporting_smtp_server: "localhost"

build_reporting_subject: ""

build_reporting_ignorelist: [ "" ]

cheetah_import_whitelist:

- "random"

- "re"

- "time"

createrepo_flags: "-c cache -s sha"

default_kickstart: /var/lib/cobbler/kickstarts/default.ks

default_name_servers: []

default_ownership:

- "admin"

default_password_crypted: "$1$)U*#@WASNAAS$6Pmn#34354SDFSDFR/4Fe."

default_template_type: "cheetah"

default_virt_bridge: xenbr0

default_virt_file_size: 5

default_virt_ram: 512

default_virt_type: xenpv

enable_gpxe: 0

enable_menu: 1

func_auto_setup: 0

func_master: overlord.example.org

http_port: 443 # Cobbler will try to reach HTTPD at port 443 instead 80

kernel_options:

ksdevice: bootif

lang: ' '

text: ~

kernel_options_s390x:

RUNKS: 1

ramdisk_size: 40000

root: /dev/ram0

ro: ~

ip: off

vnc: ~

ldap_server: "test.example.com"

ldap_base_dn: "DC=example,DC=com"

ldap_port: 389

ldap_tls: 1

ldap_anonymous_bind: 1

ldap_search_bind_dn: ''

ldap_search_passwd: ''

ldap_search_prefix: 'uid='

ldap_tls_cacertfile: ''

ldap_tls_keyfile: ''

ldap_tls_certfile: ''

mgmt_classes: []

mgmt_parameters:

from_cobbler: 1

puppet_auto_setup: 0

sign_puppet_certs_automatically: 0

puppetca_path: "/usr/bin/puppet"

remove_old_puppet_certs_automatically: 0

manage_dhcp: 1

manage_dns: 1

bind_chroot_path: ""

bind_master: 192.168.10.102

manage_tftpd: 1

manage_rsync: 0

manage_forward_zones: []

manage_reverse_zones: []

next_server: 192.168.10.102

power_management_default_type: 'ipmitool'

power_template_dir: "/etc/cobbler/power"

pxe_just_once: 0

pxe_template_dir: "/etc/cobbler/pxe"

consoles: "/var/consoles"

redhat_management_type: "off"

redhat_management_key: ""

redhat_management_permissive: 0

register_new_installs: 0

reposync_flags: "-l -n -d"

restart_dns: 1

restart_dhcp: 1

run_install_triggers: 1

scm_track_enabled: 0

scm_track_mode: "git"

server: 192.168.10.102 ##### Very important this is where cobbler will RUN

client_use_localhost: 0

client_use_https: 1 # Very Imporant to help Cobbler know the clients will run HTTPS

snippetsdir: /var/lib/cobbler/snippets

template_remote_kickstarts: 0

virt_auto_boot: 1

webdir: /var/www/cobbler

xmlrpc_port: 25151

yum_post_install_mirror: 1

yum_distro_priority: 1

yumdownloader_flags: "--resolve"

serializer_pretty_json: 0

replicate_rsync_options: "-avzH"

replicate_repo_rsync_options: "-avzH"

always_write_dhcp_entries: 0

proxy_url_ext: ""

proxy_url_int: ""

++++++++++++++++++++++++++++++++++++++++++++

Also look at the HTTPS access and error logs at /var/log/httpd/ssl_access_log and /var/log/httpd/ssl_error_log

These are good places to know what is happening with the SSL access and what needs to be fixed.

[Sun Jun 07 07:49:06.966815 2015] [lbmethod_heartbeat:notice] [pid 4513] AH02282: No slotmem from mod_heartmonitor

[Sun Jun 07 07:49:06.967049 2015] [ssl:warn] [pid 4513] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]

[Sun Jun 07 07:49:07.041210 2015] [mpm_prefork:notice] [pid 4513] AH00163: Apache/2.4.12 (Fedora) OpenSSL/1.0.1k-fips SVN/1.8.11 mod_wsgi/4.3.2 Python/2.7.8 configured -- resuming normal operations

[Sun Jun 07 07:49:07.051929 2015] [core:notice] [pid 4513] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

[Sun Jun 07 07:49:31.177930 2015] [ssl:error] [pid 4519] [client 192.168.10.101:61859] AH02219: access to /usr/share/cobbler/web/cobbler.wsgi failed, reason: SSL connection required

[Sun Jun 07 07:49:33.587279 2015] [ssl:error] [pid 4519] [client 192.168.10.101:61859] AH02219: access to /usr/share/cobbler/web/cobbler.wsgi failed, reason: SSL connection required

[Sun Jun 07 07:51:06.896190 2015] [ssl:error] [pid 4517] [client 192.168.10.101:61860] AH02219: access to /usr/share/cobbler/web/cobbler.wsgi failed, reason: SSL connection required

[Sun Jun 07 07:51:11.612255 2015] [autoindex:error] [pid 4517] [client 192.168.10.101:61860] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive

[Sun Jun 07 07:59:57.484222 2015] [autoindex:error] [pid 4630] [client 192.168.10.101:61885] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive

[Sun Jun 07 08:00:03.108819 2015] [ssl:error] [pid 4516] [client 192.168.10.101:61893] AH02219: access to /usr/share/cobbler/web/cobbler.wsgi failed, reason: SSL connection required

[Sun Jun 07 08:02:54.925936 2015] [ssl:error] [pid 4516] [client 192.168.10.101:61953] AH02219: access to /usr/share/cobbler/web/cobbler.wsgi failed, reason: SSL connection required

[Sun Jun 07 08:04:20.773105 2015] [ssl:error] [pid 6895] [client 192.168.10.101:61956] AH02219: access to /usr/share/cobbler/web/cobbler.wsgi failed, reason: SSL connection required

[Sun Jun 07 08:04:22.785703 2015] [ssl:error] [pid 6895] [client 192.168.10.101:61956] AH02219: access to /usr/share/cobbler/web/cobbler.wsgi failed, reason: SSL connection required

[Sun Jun 07 08:05:06.757210 2015] [ssl:error] [pid 6894] [client 192.168.10.101:61969] AH02219: access to /var/www/cobbler_webui_content failed, reason: SSL connection required

[Sun Jun 07 08:05:58.697820 2015] [mpm_prefork:notice] [pid 4513] AH00170: caught SIGWINCH, shutting down gracefully

[Sun Jun 07 08:05:59.999026 2015] [core:notice] [pid 8038] SELinux policy enabled; httpd running as context system_u:system_r:kernel_t:s0

++++++++++++++++++++++++++++++++++++++++++++++++

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443

[Sat May 30 18:30:29.314787 2015] [mpm_prefork:alert] [pid 1117] no listening sockets available, shutting down

[Sat May 30 18:30:29.314805 2015] [:emerg] [pid 1117] AH00019: Unable to open logs, exiting

[Sat May 30 18:55:19.884126 2015] [suexec:notice] [pid 1071] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

[Sat May 30 18:55:19.928509 2015] [ssl:warn] [pid 1071] AH01916: Init: (192.168.10.102:443) You configured HTTP(80) on the standard HTTPS(443) port!

[Sat May 30 18:55:20.085428 2015] [core:crit] [pid 1071] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443

(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443

+++++++++++++++++

Creation of additional user and password to access the COBBLER WEB

[root@test conf.d]# cat /etc/cobbler/users.digest

cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3

root:Cobbler:7ece7a4#$@$r%%$#ds23QW3zxzdfed83449

[root@test conf.d]# htdigest /etc/cobbler/users.digest "Cobbler" root

Changing password for user root in realm Cobbler

New password:

Re-type new password:

[root@test conf.d]#

[root@test conf.d]# cat /etc/cobbler/users.digest

cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3

root:Cobbler:7ece7a4#$@$r%%$#ds23QW3zxzdfed83449

++++++++++++++++++++++++

Or also you can try Running Cobbler in the unconfined mode. This needs installation of the

software as

yum install /usr/share/selinux/devel/Makefile

This will install selinux-policy-devel-3.13.1-105.13.fc21.noarch

Create a file like below

[root@test ~]# more /etc/httpd/conf.d/cobbler_unconfined.te

policy_module(cobbler_unconfined, 1.0)

gen_require(`

type cobblerd_t;

unconfined_domain(cobblerd_t)

[root@test ~]#

This will help configuring Cobbler run in the unconfined mode.

make -f /usr/share/selinux/devel/Makefile cobbler_unconfined.pp

[root@test conf.d]# make -f /usr/share/selinux/devel/Makefile cobbler_unconfined.pp

Compiling targeted cobbler_unconfined module

/usr/bin/checkmodule: loading policy configuration from tmp/cobbler_unconfined.tmp

/usr/bin/checkmodule: policy configuration loaded

/usr/bin/checkmodule: writing binary representation (version 17) to tmp/cobbler_unconfined.mod

Creating targeted cobbler_unconfined.pp policy package

rm tmp/cobbler_unconfined.mod.fc tmp/cobbler_unconfined.mod

[root@test conf.d]# semodule -i cobbler_unconfined.pp

[root@test conf.d]# semodule -l | grep cobbler

cobbler 1.2.0

cobbler_unconfined 1.0

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Running Cobbler in SELInux Environemnt with SElinux enabled.

This is how my Typical SELinux setting looked like

[root@test ~]# sestatus

SELinux status: enabled

SELinuxfs mount: /sys/fs/selinux

SELinux root directory: /etc/selinux

Loaded policy name: targeted

Current mode: permissive

Mode from config file: permissive

Policy MLS status: enabled

Policy deny_unknown status: allowed

Max kernel policy version: 29

[root@test ~]#

[root@test ~]# cat /etc/sysconfig/selinux | grep -v -e ^# -e ^$

SELINUX=permissive

SELINUXTYPE=targeted

[root@test ~]#

I had to allow Cobbler get the communications through. Cobbler here was usinhg HTTPS as the

proxy.

[root@test conf.d]# getsebool -a | grep -i cobbler

cobbler_anon_write --> on

cobbler_can_network_connect --> on

cobbler_use_cifs --> on

cobbler_use_nfs --> on

httpd_can_network_connect_cobbler --> on

httpd_serve_cobbler_files --> on

To set the above you can use

setsebool cobbler_can_network_connect 1

setsebool cobbler_anon_write 1

setsebool cobbler_use_cifs 1

setsebool cobbler_use_nfs 1

setsebool httpd_serve_cobbler_files 1

++++++++++++++++++++++++++++++

Once these are in place do

systemctl restart httpd (give the SSL passphrase as needed)

systemctl cobblerd restart

cobbler check

cobbler sync

look at the online messages when you run cobbler check.

===================================

Start making cobbler

cobbler check

Install DHCP as suggested by Cobbler and to be used by Cobbler later on

yum install dhcpd

Get the loaders for LINUX versions which Cobbler will use to install OS

cobbler get_loaders

Install BIND to serve as NAMED for use by Cobbler

yum install bind

Other Auxiliary things needed

yum install rysnc xinted tftpd

Edit the configuration files as below

[root@test httpd]# cat /etc/xinetd.d/rsync

# default: off

# description: The rsync server is a good addition to an ftp server, as it \

# allows crc checksumming etc.

service rsync

{

disable = no

flags = IPv6

socket_type = stream

wait = no

user = root

server = /usr/bin/rsync

server_args = --daemon

log_on_failure += USERID

}

[root@test httpd]# cat /etc/xinetd.d/tftp

# default: off

# description: The tftp server serves files using the trivial file transfer \

# protocol. The tftp protocol is often used to boot diskless \

# workstations, download configuration files to network-aware printers, \

# and to start the installation process for some operating systems.

service tftp

{

disable = no

socket_type = dgram

protocol = udp

wait = yes

user = root

server = /usr/sbin/in.tftpd

server_args = -B 1380 -v -s /var/lib/tftpboot

per_source = 11

cps = 100 2

flags = IPv4

}

==========================

Enable and start these services

systemctl enable xinetd

Note that the DHCPD will need more configuration

/bin/systemctl restart dhcpd.service

/bin/systemctl restart tftp.service

systemctl cobblerd restart

cobbler check

cobbler sync

In case SE Contexts of files/folders have changed unintentionally as compared to the defaults, use restorecon to restore the contexts.

------------------------------------

For IPtables coming in way you can do

iptables -F

This will flush the IPtables rules for the time so that you can test cobbler working also you can tune IPTABLES rules

=========================================

And the Result is running and accessible cobbler web at the https://<cobbler_server>/cobbler_web URL

Important References