Categories

  • Get help with your FOG system.
    FOG Problems Hardware Compatibility Windows Problems Linux Problems Mac Problems General Problems
    12k Topics
    114k Posts
    J

    From the remote server, I can manually connect to mysql on the main FOG server with the fogstorage user credentials > mysql -u fogstorage -p -h x.x.x.x --ssl=FALSE (The connection fails saying the server doesn’t support SSL, which is why I add that last part)

    So I know the credentials are good, and that firewall isn’t blocking connection to MySQL. Not sure what else could be wrong.

    I copied and pasted the full installation log below the server details (removed network information like hostname/IP address)

    Here are the server details.

    Main FOG:
    OS: Debian GNU/Linux 9 (stretch)
    FOG: 1.5.5

    Storage Node:
    OS: Debian GNU/Linux 13 (trixie)
    FOG: (Trying to install the latest release, 1.5.10).

    Here are the settings FOG will use:

    Base Linux: Debian

    Detected Linux Distribution: Debian GNU/Linux

    Interface: eno1

    Server IP Address:

    Server Subnet Mask: 255.255.255.0

    Hostname:

    Installation Type: Storage Node

    Node IP Address:

    MySQL Database Host:

    MySQL Database User: fogstorage

    Send OS Name, OS Version, and FOG Version: Yes

    Are you sure you wish to continue (Y/N)

    Installation Started

    Testing internet connection…Done

    Adjusting repository (can take a long time for cleanup)…OK

    Preparing Package Manager…OK

    Packages to be installed:

    apache2 bc build-essential cpp curl g++ gawk gcc gcc-aarch64-linux-gnu genisoimage git gzip htmldoc isolinux lftp libapache2-mod-php libc6 libcurl4t64 liblzma-dev m4 mariadb-client mariadb-server net-tools nfs-kernel-server openssh-server php php-bcmath php-cli php-curl php-fpm php-gd php-json php-ldap php-mbstring php-mysql php-mysqlnd tar tftpd-hpa tftp-hpa unzip vsftpd wget zlib1g

    Skipping package: apache2…(Already Installed)

    Skipping package: bc…(Already Installed)

    Skipping package: build-essential…(Already Installed)

    Skipping package: cpp…(Already Installed)

    Skipping package: curl…(Already Installed)

    Skipping package: g++…(Already Installed)

    Skipping package: gawk…(Already Installed)

    Skipping package: gcc…(Already Installed)

    Skipping package: gcc-aarch64-linux-gnu…(Already Installed)

    Skipping package: genisoimage…(Already Installed)

    Skipping package: git…(Already Installed)

    Skipping package: gzip…(Already Installed)

    Skipping package: htmldoc…(Already Installed)

    Skipping package: isolinux…(Already Installed)

    Skipping package: lftp…(Already Installed)

    Skipping package: libapache2-mod-php…(Already Installed)

    Skipping package: libc6…(Already Installed)

    Skipping package: libcurl4t64…(Already Installed)

    Skipping package: liblzma-dev…(Already Installed)

    Skipping package: m4…(Already Installed)

    Skipping package: mariadb-client…(Already Installed)

    Skipping package: mariadb-server…(Already Installed)

    Skipping package: net-tools…(Already Installed)

    Skipping package: nfs-kernel-server…(Already Installed)

    Skipping package: openssh-server…(Already Installed)

    Skipping package: php…(Already Installed)

    Skipping package: php-bcmath…(Already Installed)

    Skipping package: php-cli…(Already Installed)

    Skipping package: php-curl…(Already Installed)

    Skipping package: php-fpm…(Already Installed)

    Skipping package: php-gd…(Already Installed)

    Skipping package: php-json…(Already Installed)

    Skipping package: php-ldap…(Already Installed)

    Skipping package: php-mbstring…(Already Installed)

    Skipping package: php-mysql…(Already Installed)

    Skipping package: php-mysql…(Already Installed)

    Skipping package: tar…(Already Installed)

    Skipping package: tftpd-hpa…(Already Installed)

    Skipping package: tftp-hpa…(Already Installed)

    Skipping package: unzip…(Already Installed)

    Skipping package: vsftpd…(Already Installed)

    Skipping package: wget…(Already Installed)

    Skipping package: zlib1g…(Already Installed)

    Updating packages as needed…OK

    Confirming package installation

    Checking package: apache2…OK

    Checking package: bc…OK

    Checking package: build-essential…OK

    Checking package: cpp…OK

    Checking package: curl…OK

    Checking package: g++…OK

    Checking package: gawk…OK

    Checking package: gcc…OK

    Checking package: gcc-aarch64-linux-gnu…OK

    Checking package: genisoimage…OK

    Checking package: git…OK

    Checking package: gzip…OK

    Checking package: htmldoc…OK

    Checking package: isolinux…OK

    Checking package: lftp…OK

    Checking package: libapache2-mod-php…OK

    Checking package: libc6…OK

    Checking package: libcurl4t64…OK

    Checking package: liblzma-dev…OK

    Checking package: m4…OK

    Checking package: mariadb-client…OK

    Checking package: mariadb-server…OK

    Checking package: net-tools…OK

    Checking package: nfs-kernel-server…OK

    Checking package: openssh-server…OK

    Checking package: php…OK

    Checking package: php-bcmath…OK

    Checking package: php-cli…OK

    Checking package: php-curl…OK

    Checking package: php-fpm…OK

    Checking package: php-gd…OK

    Checking package: php-json…OK

    Checking package: php-ldap…OK

    Checking package: php-mbstring…OK

    Checking package: php-mysql…OK

    Checking package: tar…OK

    Checking package: tftpd-hpa…OK

    Checking package: tftp-hpa…OK

    Checking package: unzip…OK

    Checking package: vsftpd…OK

    Checking package: wget…OK

    Checking package: zlib1g…OK

    Configuring services

    Setting up fogproject user…OK

    Locking fogproject as a system account…OK

    Setting up fogproject password…OK

    Checking connection to master database…Failed!

    !!!
    !! The installer was not able to run all the way to the end as !!
    !! something has caused it to fail. The following few lines are !!
    !! from the error log file which might help us figure out what’s !!
    !! wrong. Please add this information when reporting an error. !!
    !! As well you might want to take a look at the full error log !!
    !! in /root/fogproject-stable/bin/error_logs/fog_error_1.5.10.1826.log !!
    !!!

    ii unzip 6.0-29 amd64 De-archiver for .zip files
    ii vsftpd 3.0.5-0.2 amd64 lightweight, efficient FTP server written for security
    ii wget 1.25.0-2 amd64 retrieves files from the web
    ii zlib1g:amd64 1:1.3.dfsg+really1.3.1-1+b1 amd64 compression library - runtime
    New password: Retype new password: passwd: password updated successfully

  • Get the latest news on what's happening.
    Security Advisories
    184 Topics
    825 Posts
    A

    @Tom-Elliott I really appreciate that you are putting effort into providing more frequent releases, which makes it easier for everyone to deploy new security fixes in time. Keep up the good work!

  • View tutorials or talk about FOG in general.
    General Tutorials
    2k Topics
    19k Posts
    K

    @Florent Hi Florent,

    I actually have been meaning to look into this some more, but the likely answer is no, or at least, not entirely. The way that support works is, you download a signed iPXE 2.0 binary from iPXE and a copy of their signed shim. That shim is signed with the Microsoft keys and trusts the iPXE signing keys. What this means in practical terms is, all the steps above would still need to occur, it’s just that the signing of the iPXE binary is managed by iPXE, and you don’t need to enroll a key to boot iPXE.

    That said, I would imagine this only covers you for booting iPXE, any chainloaded binaries would still need to be signed either with Microsoft’s key or a MOK key you’ve enrolled on the machine. In FOG’s case this means the FOS kernel has to be signed and trusted on the system, in addition to any other binaries (for example memtest, refind) you plan to boot via FOG.

    The other likely blocker is the build itself. Naturally, only iPXE can sign binaries that the iPXE Shim will support. Currently the FOG installer actually builds a slightly modified iPXE binary from source. While I’m unsure if these are all that different from the pre-built binaries from 2.0 in terms of support and functionality, it would at the very least need to be changed to instead pull the iPXE 2.0 binaries.

    I don’t think any of these are particularly hard to overcome or deal with though. The bottom line is, 2.0 makes it easier, but only to a point. To get real proper Secure Boot support in FOG, they’ll likely need to generate their own signing keys, and start signing at least the FOS kernels (if not iPXE itself) and update FOG to include shim support somehow.

    That said, for basic support, I doubt they would need to go the full mile and get a Microsoft approved signing key, I think distributing a certificate/key you can enroll via MokManager and using a pre-existing signed shim (like the iPXE provided one) would more than suffice for most usecases. I’m not sure how difficult it would actually be to implement any of this into FOG, that’s a question for someone who knows PHP and is more familiar with the FOG codebase than I.

    Sorry if that’s a bit long winded, it’s not an easy topic to distill. Hope that helps though.

  • Report bugs, request features, or get the latest progress.
    General Feature Request Bug Reports
    2k Topics
    21k Posts
    J

    @Tom-Elliott Thanks for the clarification! I’ll try upgrading to the latest stable version, I was planning on doing this anyway.

    I’ll look into the Persistent Groups plugin and see how it works!

95

Online

12.7k

Users

17.6k

Topics

156.6k

Posts