RE: Nas Buffalo need help

@doubleve The important settings are:

• Storage Node Name: any name you like to use
• IP Address: the IP of you NAS
• Max Clients: set that to 10 for now
• Is Master Node: No!
• Storage Group: probably use the default group in your setup
• Image Path: the path you share as NFS volume, e.g. /volume1/images
• FTP Path: same as above
• Is Enabled: Yes!
• Management Username: the user you created on the NAS - default we use is fogproject and you might want to use that too
• Management Password: password set for the above user

@ty900000 said in FOG/Apache PKI/Certificate Authentication:

I did manage to get the FOG and the CA certificate installed and functional. It took a little rewriting of the functions.sh. This made HTTPS work properly, too

Not sure if you are aware of the installing having a command line switch forcing it to setup FOG with HTTPS?! Run ./installfog.sh --force-https and it should generate the right Apache config for you as well as compile iPXE binaries with the CA cert to trust included.

@george1421 Thanks heaps for your comment on this. Neither have I been involved in developing the LDAP plugin nor have I used it myself yet. I wasn’t aware of the point that a user account is needed. From what you said I would think PKI authentication would need to be added as a plugin just as well. Probably the LDAP plugin is a good start.

There is some good information on how to grab the client certificate information within PHP (and also what is needed on the Apache side again): https://cweiske.de/tagebuch/ssl-client-certificates.htm

Now to start off you’d generate at least one client certificate:

sudo -i
cd /opt/fog/snapins/ssl
openssl genrsa -out user1.key 4096
openssl req -new -sha512 -key user1.key -out user1.csr

The last command will ask you for certificate details like country code and most importantly Common Name (CN) and Email Address. Those two could be important later on in the PHP code.

Next step: Sign the certificate request using the FOG server CA.

openssl x509 -req -in user1.csr -CA ./CA/.fogCA.pem -CAkey ./CA/.fogCA.key -CAcreateserial -out user1.crt -days 3650

You end up with a PEM certificate in user1.crt that should be importable in Firefox and other browsers.

@fogQuestions said in Can fog deploy images to a single partition?:

However, whenever I deploy images to from my FOG server to my computer, the iPXE software gets wiped by my image.

May I ask why you have iPXE installed on disk at all? Usually this is send to the client on PXE boot on the fly and there is no need to have it on disk.

Can fog deploy images to a single partition? If so how?

Yes you can define an image in the web UI to capture/deploy only one single partition. The problem with this is that on the target machine you already need to have the correct partition layout set from an earlier deploy as we don’t touch that but simply deploy the contents of that one single partition set in the image definition.

@gusto So is there anything we can do for you?

@gusto Thanks for clarifying! As I see this post is from Nov 1, 2018 - some time after I have used LXC myself. I don’t have a Proxmox server at hand so I can’t try myself, sorry.

• Do you get any error messages?
• What output do you get when running showmount -e in the FOG LXC container?
• Have you tried mounting the NFS share from another machine?

@george1421 As we don’t fancy the NVMe energy saving modes I don’t see why we shouldn’t set this for everyone. Sure we don’t know the consequences yet but most of us seem pretty assured this is not causing harm but only helps. Keeping my fingers crossed. The more people test dev-branch the sooner we’ll know.

@Sebastian-Roth I see no harm in it, though I did run into cases where APST had to be explicitily disabled because the latency parameter wasn’t sufficient. But we can cross that bridge if it pops up.

@thennessey Sorry for the long delay but this is something I need time and concentration to work on. I had a play with the files you shared in the google drive and I am wondering if you have tried to deploy this image to a machine yet?!? Because I couldn’t find the same problem that I had described in the other post with your d1.mbr and then just did the practical test of trying to deploy a test machine (VirtualBox VM) with your partition layout files. Worked absolutely great on a 100 GB disk in the VM.

So it looks like you have some difference in the images and the latest one doesn’t seem to have the problem! I am almost absolutely sure this image will deploy to any disk as small as roughly 20 GB!!

There must be something in the disk layout of the other images you made that was causing the initial problem. Can you please provide the same files from those images so I can take a look and hopefully I might even figure out a way to detect this problem within the deployment process and correct on the fly or show an appropriate message to the user.

@vic60400 Would be interesting to hear if (and how) you were able to exchange the certificates. Other users might find it very helpful.

Found and should be fixed if you do the latest pull.

Thank you,