a few small adjustments/additions, and an important change to the 'debmirror' auto-install method back to using the cobbler-included 'preseed_early_default' early-stage preseed script, as my script for testing only.

sus-admin · sus-admin · commit d12f7589c81b · 2025-01-30T18:04:39.000-05:00
diff --git a/_posts/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md b/_posts/2024-10-16-Cobbler-v3.3.6-Beginners-Guide.md
@@ -79,11 +79,17 @@ This guide assumes that both the **Cobbler Server** and **PXE Clinet(s)** are ru
 
 ## Fedora Server Basics
 
-As stated above, this document outlines the procedures necessary to install and configure Cobbler v3.3.6 on a Fedora 34 host server for local network installations/provisioning through PXE. Additionally, necessary adjustments will be made for security through **selinux** and **firewalld** on the Cobbler server. As such, it is recommended to keep things simple and **limit the number of additional applications installed** to the Cobbler server to **minimize unexpected firewall and selinux complications.**
+As stated above, this document outlines the procedures necessary to install and configure Cobbler v3.3.6 on a Fedora 34 host server for local network installations/provisioning through PXE. Additionally, recommended security measures for the Cobbler server will be detailed towards the end of this guide, including basic **selinux** and **firewalld** configs.
 
 ### Updating
 
-If Cobbler is to be installed on a Fedora 34 *Server* host, and automatic partitioning was used during initial OS installation, be sure to extend the LVM Logical Volme to a more usable capacity (recommended 95%):
+First, set a static IP address on the Cobbler server interface *(this interface does not require a gateway or DNS; the other interface may be left on DHCP or static)*
+
+```shell
+nmcli conn modify enp0s8 ipv4.method manual ipv4.addr "10.0.0.10/24"
+```
+
+If Cobbler is to be installed on a Fedora 34 *Server edition* host, and automatic partitioning was used during initial OS installation, be sure to extend the LVM Logical Volme to a more usable capacity (recommended 95%):
 
 ```shell
 lvextend /dev/mapper/fedora_$HOSTNAME-root -l+95%FREE -r
@@ -313,9 +319,15 @@ SELinux and firewall operations can seem daunting at first, especially with an a
 
 SELinux should come enabled by default on a fresh Fedora 34 Server installation, and we set it to `permissive` in the **Base Updates and Configs** section above, but sometimes `selinux` can be disabled on the kernel command line
 
-If `selinux=0` is set in the `/proc/cmdline` file, then follow the instructions found in the `/etc/selinux/config` file for the `grubby` command to enable selinux at boot time. The kernel command line parameters will take precedence over the other configurations.
+If `selinux=0` is set in the `/proc/cmdline` file, then follow the instructions found in the `/etc/selinux/config` file for the `grubby` command to enable selinux at boot time *(DO NOT reboot yet)*. The kernel command line parameters will take precedence over the other configurations.
+
+With SELinux enabled at the kernel command line, run the `getenforce` command to check the current enforcing status
+
+- if `permissive` is returned, skip to the **Enforcing SELinux** section below
+
+- if `enforcing`, skip to the **Cobbler SELinux Config** section.
 
-If the output of the `getenforce` command is already `permissive` skip to the **Enforcing SELinux** section below; if it is `enforcing` skip to the **Cobbler SELinux Config** section.
+- if `disabled`, proceed to the next section **Enabling SELinux**
 
 #### Enabling SELinux
 
@@ -367,7 +379,7 @@ systemctl restart cobblerd && sleep 10
 cobbler sync
 ```
 
-> Cobbler Triggers will run at different times depending on which directory they are placed in, and in alphabetical order within that directory. This sync-trigger specifically should typically be run after ALL sync tasks/triggers are completed
+> Cobbler Triggers will run at different times depending on which directory they are placed in, and in alphabetical order within that directory. This sync-trigger specifically should typically be run after ALL other sync tasks/triggers are completed
 > 
 > > Additionally, if there is an error with a `cobbler sync` task (trigger, or otherwise) before reaching this trigger, the sync task will terminate, and the trigger will not run, causing Cobbler files to not be relabeled appropriately... however, there are likely bigger issues at hand if the `cobbler sync` task is erroring out.
 > 
@@ -413,7 +425,7 @@ Reconfigure **enp0s8** to operate in the **new firewalld zone**
 nmcli con mod enp0s8 connection.zone cobbler
 ```
 
-> As defined above, this zone will NOT permit inbound ICMP traffic like ping
+> As defined above, this firewall zone will NOT permit inbound ICMP traffic like ping
 
 For simplicity, **enp0s3** can be left in the **default firewalld zone** (verify the current active zones with `firewall-cmd --get-active-zones`)
 
diff --git a/_posts/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md b/_posts/2024-12-02-Cobbler-v3.3.7-Debian-Deployment-Guide.md
@@ -260,9 +260,7 @@ cp /var/lib/cobbler/templates/bookworm-workaround.seed /var/lib/cobbler/template
 sed -i 's,d-i apt-setup/local0/repository,#d-i apt-setup/local0/repository,' /var/lib/cobbler/templates/bookworm-latest.seed
 sed -i 's,d-i apt-setup/local0/key,#d-i apt-setup/local0/key,' /var/lib/cobbler/templates/bookworm-latest.seed
 sed -i 's,d-i debian-installer/allow_unauthenticated,#d-i debian-installer/allow_unauthenticated,' /var/lib/cobbler/templates/bookworm-latest.seed
-sed -i 's,script=preseed_early_workaround,script=preseed_early_skip,' /var/lib/cobbler/templates/bookworm-latest.seed
-cp /var/lib/cobbler/scripts/preseed_early_workaround /var/lib/cobbler/scripts/preseed_early_skip
-echo -e '#!/bin/sh\nexit' | tee /var/lib/cobbler/scripts/preseed_early_skip
+sed -i 's,script=preseed_early_workaround,script=preseed_early_default,' /var/lib/cobbler/templates/bookworm-latest.seed
 ```
 
 Download the kernel and 2 initrd files for Debiain latest/current (12.8)
