Red Hat NETWORK SATELLITE 5.3.0 Deployment Manual page 53

Bare Metal
4. Finally, the DHCP server refers to the boot image file (in this case, at /var/lib/tftpboot/
pxelinux.0.
5.8.1.2.2. Xinetd and TFTP
Xinetd is a daemon that manages a suite of services, including TFTP, the FTP server used for
transferring the boot image to a PXE client.
To configure TFTP, you must first enable the service via Xinetd. To do this, edit the /etc/xinetd.d/
tftp as root and change the disable = yes line to disable = no.
Alternatively, you can use the following command:
chkconfig xinetd on
Before TFTP can start serving the pxelinux.0 boot image, you must start the Xinetd service.
chkconfig --level 345 xinetd on
/sbin/service xinetd start
The chkconfig command turns on the xinetd service for all user runlevels, while the /sbin/
service command turns on xinetd immediately.
5.8.1.2.3. Configuring SELinux and IPTables for Cobbler Support
Red Hat Enterprise Linux is installed with SELinux support in addition to secure firewall enabled
by default. To properly configure a Red Hat Enterprise Linux server to use Cobbler, you must first
configure these system and network safeguards to allow connections to and from the Cobbler Server.
5.8.1.2.3.1. SELinux Configuration
To enable SELinux for Cobbler support, you must set the SELinux boolean to allow HTTPD web
service components. Run the following command as root on the Cobbler server:
setsebool -P httpd_can_network_connect true
The -P switch is essential, as it enables HTTPD connection persistently across all system reboots.
You must also set SELinux file context rules to ensure Cobbler properly functions in an SELinux
system.
Run the following as root on the Cobbler server:
semanage fcontext -a -t public_content_t "var/lib/tftpboot/.*"
The command sets file context for TFTP to serve the boot image file.
5.8.1.2.3.2. IPTables Configuration
Once you have configured SELinux, you must then configure IPTables to allow incoming and outgoing
network traffic on the Cobbler server.
45