FOG Problems

• F

  Ugh so updating from 21.04 to 21.10 breaks the database
  • Fog_Newb

  7
  0
  Votes
  7
  Posts
  29
  Views

  F

  @quazz

  OH! Okay cool cool. Thanks

• 

  Create second admin fog user
  • Zaqen

  5
  0
  Votes
  5
  Posts
  13
  Views

  S

  @zaqen said in Create second admin fog user:

  Sorry, i try this on différent server where i use fog 1.5.9, example the new users can’t delete old image.

  What error do you get when you try to delete the old image?

• T

  Fog stuck on "Running post init script"
  • TheOddDimension

  5
  0
  Votes
  5
  Posts
  19
  Views

  S

  @theodddimension While you sure ask about a different issue I have to side with George that something is very wrong with the DHCP in your network. But I suggest you open a new topic for that problem. Keeping things separate helps to prevent from missunderstanding.

  Hello! After I mount /images to a new disk, FOG is stuck on “Running post script”.

  The video stops right where you say it hangs. So I need to ask, how long have you waited?

  What I’ve done:
  chown -R fogproject:root /images
  chmod +R 0777 /images

  The last command does not make sense. Should be chmod -R 777 /images.

  If that still does not solve your issue you need to provide more information. Run the following commands and post output here:

  mount | grep images ls -al /images
• B

  MP Bios bug 8254 timer not connect to IO APIC
  • Blrvenky

  4
  0
  Votes
  4
  Posts
  12
  Views

  

  @sebastian-roth said in MP Bios bug 8254 timer not connect to IO APIC:

  I think the kernel arg should be noapic, right?

  Yes, it sure is. I guess I can’t read what was before my eyes. Sorry.

• S

  iPXE issues on Alienware Aurora R12's
  • switch_apoc

  12
  0
  Votes
  12
  Posts
  68
  Views

  S

  @switch_apoc said in iPXE issues on Alienware Aurora R12's:

  we updated to the stable release yesterday via git to 1.5.9 (previously on 1.4.4). Do the ipxe binaries not update when Fog get’s updated? The onboard NIC appears to be a intel killer e3100

  Oh wow, 1.4.4 is really old. And 1.5.9 is not new either. I suggest you do the iPXE compile from the latest source if you still see issues.

  But it could be a network routing/firewall issue as well. Do you have other machines that work fine from that same subnet you have the Alienware machines in?

• T

  Deploying image with errors, not able to boot to Windows after image deployment
  • tramirez

  2
  0
  Votes
  2
  Posts
  20
  Views

  Q

  @tramirez Try using a different hard drive to deploy to, so we can rule out hardware issues.

• B

  Asking tftp server
  • btoffolon

  4
  0
  Votes
  4
  Posts
  21
  Views

  B

  @george1421 Hi,
  So, you were right, i have dhcp offer from an adress ip (10.139.178.1) the ip adress doesn’t tell me anything, i have fix all my ip adress on my tru DHCP so i will investigate. Thanks for your help

• R

  secure boot - dbx.esl no such file to move
  • robertkwild

  13
  0
  Votes
  13
  Posts
  68
  Views

  R

  @george1421 made it into all one script, even the mkkeys.sh

  #!/bin/bash apt-get update apt-get upgrade -y apt-get install -y openssl efitools gnu-efi git build-essential help2man libssl-dev perl -e'use CPAN; install "File::Slurp"' mkdir -p /opt/fog/secureboot/efikeys cat << EOF > /opt/fog/secureboot/mkkeys.sh #!/bin/bash # Copyright (c) 2015 by Roderick W. Smith # Updated 26-Nov-2021 by George1421 for the FOG Project # Licensed under the terms of the GPL v3 NAME=FOGProjectSB openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME PK/" -keyout efikeys/PK.key \ -out efikeys/PK.crt -days 3650 -nodes -sha256 openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME KEK/" -keyout efikeys/KEK.key \ -out efikeys/KEK.crt -days 3650 -nodes -sha256 openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME DB/" -keyout efikeys/DB.key \ -out efikeys/DB.crt -days 3650 -nodes -sha256 openssl x509 -in efikeys/PK.crt -out efikeys/PK.cer -outform DER openssl x509 -in efikeys/KEK.crt -out efikeys/KEK.cer -outform DER openssl x509 -in efikeys/DB.crt -out efikeys/DB.cer -outform DER GUID=`python3 -c 'import uuid; print(str(uuid.uuid1()))'` echo $GUID > efikeys/myGUID.txt cert-to-efi-sig-list -g $GUID efikeys/PK.crt efikeys/PK.esl cert-to-efi-sig-list -g $GUID efikeys/KEK.crt efikeys/KEK.esl cert-to-efi-sig-list -g $GUID efikeys/DB.crt efikeys/DB.esl rm -f efikeys/noPK.esl touch efikeys/noPK.esl sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ -k efikeys/PK.key -c efikeys/PK.crt PK efikeys/PK.esl efikeys/PK.auth sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ -k efikeys/PK.key -c efikeys/PK.crt PK efikeys/noPK.esl efikeys/noPK.auth sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ -k efikeys/PK.key -c efikeys/PK.crt KEK efikeys/KEK.esl efikeys/KEK.auth sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ -k efikeys/KEK.key -c efikeys/KEK.crt db efikeys/DB.esl efikeys/DB.auth chmod 0600 efikeys/*.key echo "" echo "" echo "For use with KeyTool, copy the *.auth and *.esl files to a FAT USB" echo "flash drive or to your EFI System Partition (ESP)." echo "For use with most UEFIs' built-in key managers, copy the *.cer files;" echo "but some UEFIs require the *.auth files." echo "" EOF chmod a+x /opt/fog/secureboot/mkkeys.sh cd /opt/fog/secureboot/ ./mkkeys.sh git clone git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git cd /opt/fog/secureboot/efitools make mkdir -p /opt/fog/secureboot/hwkeys cd /opt/fog/secureboot/ efi-readvar -v PK -o /opt/fog/secureboot/hwkeys/hw_PK.esl efi-readvar -v KEK -o /opt/fog/secureboot/hwkeys/hw_KEK.esl efi-readvar -v db -o /opt/fog/secureboot/hwkeys/hw_db.esl efi-readvar -v dbx -o /opt/fog/secureboot/hwkeys/hw_dbx.esl chmod 666 /opt/fog/secureboot/hwkeys/* cp /opt/fog/secureboot/efikeys/* /opt/fog/secureboot/efitools/ cp /opt/fog/secureboot/hwkeys/* /opt/fog/secureboot/efitools/ cd /opt/fog/secureboot/efitools cat hw_db.esl > DB.esl cat hw_KEK.esl > KEK.esl cat hw_dbx.esl > dbx.esl rm LockDown*efi LockDown.so LockDown.o make cp LockDown-signed.efi EnrollKeys.efi mkdir -p /tftpboot cp /opt/fog/secureboot/efitools/EnrollKeys.efi /tftpboot mv /var/www/html/fog/service/ipxe/bzImage /var/www/html/fog/service/ipxe/bzImage-unsigned sbsign --key /opt/fog/secureboot/efikeys/DB.key --cert /opt/fog/secureboot/efikeys/DB.crt --output /var/www/html/fog/service/ipxe/bzImage /var/www/html/fog/service/ipxe/bzImage-unsigned mv /var/www/html/fog/service/ipxe/bzImage32 /var/www/html/fog/service/ipxe/bzImage32-unsigned sbsign --key /opt/fog/secureboot/efikeys/DB.key --cert /opt/fog/secureboot/efikeys/DB.crt --output /var/www/html/fog/service/ipxe/bzImage32 /var/www/html/fog/service/ipxe/bzImage32-unsigned mv /var/www/html/fog/service/ipxe/refind.efi /var/www/html/fog/service/ipxe/refind-unsigned.efi sbsign --key /opt/fog/secureboot/efikeys/DB.key --cert /opt/fog/secureboot/efikeys/DB.crt --output /var/www/html/fog/service/ipxe/refind.efi /var/www/html/fog/service/ipxe/refind-unsigned.efi mv /tftpboot/ipxe.efi /tftpboot/ipxe-unsigned.efi sbsign --key /opt/fog/secureboot/efikeys/DB.key --cert /opt/fog/secureboot/efikeys/DB.crt --output /tftpboot/ipxe.efi /tftpboot/ipxe-unsigned.efi mv /tftpboot/snponly.efi /tftpboot/snponly-unsigned.efi sbsign --key /opt/fog/secureboot/efikeys/DB.key --cert /opt/fog/secureboot/efikeys/DB.crt --output /tftpboot/snponly.efi /tftpboot/snponly-unsigned.efi mv /tftpboot/snp.efi /tftpboot/snp-unsigned.efi sbsign --key /opt/fog/secureboot/efikeys/DB.key --cert /opt/fog/secureboot/efikeys/DB.crt --output /tftpboot/snp.efi /tftpboot/snp-unsigned.efi
• W

  Fail to mount during image deployment
  • WT_101

  5
  0
  Votes
  5
  Posts
  26
  Views

  

  @wt_101 said in Fail to mount during image deployment:

  We have read up the post you share but we never turn on firewall at FOG server

  Previously client system (175.168.10.20) at Site B not even able to PXE boot to site A FOG Server (192.168.10.1) until we ask our IT team to whitelist the below port BI Direction between Site A & Site B.

  The context was these are the ports that need to be open [on the fog server] so that you can apply the same rules to your network.

  If you look at the iptables entry in the url I referenced.

  echo "IPTABLES_MODULES=\"nf_conntract_tftp nf_conntrack_ftp nf_conntrack_netbios_ns\"" >> /etc/sysconfig/iptables-config for port in 80 443 21 3306 2049 20048 111 138 139 445; do iptables -I INPUT 1 -p tcp --dport $port -j ACCEPT; done for port in 69 111 4011 137; do iptables -I INPUT 1 -p udp --dport $port -j ACCEPT; done service iptables save

  It says you need to open these tcp ports {80 443 21 3306 2049 20048 111 138 139 445}

  And you need to open these udp ports {69 111 4011 137}

  FOG NFSv3 does use tcp for its data channels and not udp.

• J

  Unable to boot to disk after PXE Menu timeout
  • jmvela2x

  37
  0
  Votes
  37
  Posts
  87
  Views

  

  @jmvela2x Well this thread has been going on for 5 days now and I’m not sure I’ve done a good job explaining how FOG works.

  With DHCP Profiles setup with the same computer.

  BIOS Computer -> BIOS PXE Boot -> undionly.kpxe will be sent to target computer -> the global value of FOG Settings value contained in [BOOT EXIT TYPE] will be used -> SANBOOT for its Exit mode

  UEFI Computer -> UEFI PXE Boot -> ipxe.efi will be sent to target computer -> the global value of FOG Settings value contained in [EFI BOOT EXIT TYPE] will be used -> REFIND_EFI for its Exit mode

  This process works 99.9% of the time. The oneoffs that you might find would be UEFI based computers with quirky firmware or hardware.

• F

  iPXE problem with sanboot line
  • FrSainCpel

  7
  0
  Votes
  7
  Posts
  35
  Views

  

  @frsaincpel said in iPXE problem with sanboot line:

  iqn.2010-04.org.ipxe.dolphin

  It needs to be read as a whole. Its all part of the iqn. The iqn in this context is the product of the LUN you want to connect to.

  This is an issue/knowledge about iSCSI and not specifically with iPXE since iPXE is a consumer of the iqn.

  For example here is the iqn for a target on a synology NAS.

  iqn.2000-01.com.synology:usnycapp001.target.b0baaf47a3

  Here is the iqn for a linux iscsi target]

  iqn.2003-01.org.linux-iscsi.usnycapp103.x8664:sn.123c1c0fb7b2

  Finally here is an example iqn for a windows based iscsi initiator (akin to what iPXE is doing)

  iqn.1991-05.com.microsoft:usnycapp053.domain.com

  In “MS Windows” terms initiator == client computer, target == server and share name.

• S

  Incomplete Image Caputer
  • sonic136

  3
  0
  Votes
  3
  Posts
  16
  Views

  S

  turns out that the image had to be set to “Multiple partition image - single disk (not resizeable)”

  @Sebastian-Roth for future reference, I will be sure to mention version numbers

  Everything else worked including the .xml file.

  Thank you for the assistance!!

• L

  Advanced menu missing
  • lgwapnitsky

  2
  0
  Votes
  2
  Posts
  10
  Views

  

  @lgwapnitsky The advanced menu is something that you have to create by hand. Its creation is a bit more prehistoric than the rest of FOG. You create your Advanced menu via a text file and then paste the contents into a field in the FOG Settings page. I’d really like to see the Advanced menu integrated into the standard iPXE menu maker to make things easier for the FOG Admins. Maybe in time…

• D

  Snapin Cert Issues
  • Duncan

  6
  0
  Votes
  6
  Posts
  36
  Views

  D

  @duncan
  removed the storage node and it seems to be working now.

  Il try to rebuild the node and test again.

• C

  Windows 10 failing to join domain
  • chunter2

  9
  0
  Votes
  9
  Posts
  434
  Views

  C

  @sebastian-roth I think I may have tracked down my issue and I think it may be my fault. In my testing I was able to manually change the computer name and then the client would join the domain. I then disconnected from the domain and changed the name back to the original name and rebooted. The client then renamed the computer and joined the domain by itself. I decided to take an image of the machine at this point by first disabling the change hostname and join domain options in the fog web gui for that machine and then rename the computer back again and disconnect from the domain. I then loaded this new image on the same machine after re-enabling the change hostname and join domain in the fog web gui, and loaded it on a second machine and they both renamed and joined properly. My guess is I had never joined the domain with the first image I created. It was as clean an image as I could get. If this makes sense I think this was my issue.

  Thanks

• T

  FOG crashing during capture of image
  • tramirez

  3
  0
  Votes
  3
  Posts
  19
  Views

  T

  @sebastian-roth
  Ping results showed it would drop completely once the PC froze. And by froze I mean it would completely freeze all of the sudden, not gradually. I ended up checked the RAM, and it turns out one of the sticks was bad so instead of a total of 16gb I had 12gb. I had my Fog server with 4gb of ram and the Windows VM 8gb, so no memory left for the actual PC running it all. Just lowered RAM on windows vm to 4gb and it’s all fine. I can now continue with my testing!!
  Anyways, thanks for the reply, love seeing how helpful the FOG mods are!

• D

  problem with pxe boot
  • daansterckx

  2
  0
  Votes
  2
  Posts
  22
  Views

  S

  @daansterckx There are a couple of things you want to check:

  When the PC boots up, does it show the correct FOG server IP somewhere on the screen? On the FOG server run the following commands and post output here: ls -al /tftpboot/undionly* ps ax | grep -e xinet -e tftp netstat -antup | grep "LISTEN" | grep "69"
• J

  Conditional boot menu (UEFI or LEGACY) based on BIOS-version
  • JochenC98

  2
  0
  Votes
  2
  Posts
  19
  Views

  

  @jochenc98 What device is your dhcp server? Please state the manufacturer and version/model.

• L

  FOG Multicast Not starting anymore
  • lebrun78

  33
  0
  Votes
  33
  Posts
  122
  Views

  L

  @george1421
  changed to pm.max_spare_servers = 35
  other paramaters had the correct value

  The hardware :
  PowerEdge R440
  Intel Xeon Silver 4208 CPU @ 2.10GHz
  memory size: 16GiB
  network BCM57412 NetXtreme-E 10Gb

• B

  Install FOG on Ubuntu Server 21.10 issues
  • brakcounty

  14
  0
  Votes
  14
  Posts
  162
  Views

  S

  Just cross linking github issues here:
  https://github.com/FOGProject/fogproject/issues/454
  https://github.com/FOGProject/fogproject/issues/453