Problem with HTTPS upgrade
-
@george1421 said in Problem with HTTPS upgrade:
@sbenson Please check the content of your /tftpboot/default.ipxe file. Did you happen by chance make a type-o when you installed fog or changed it IP address after you installed FOG? If so there are steps you need to take to get all of the bits back in alignment.
Typo when putting the info in this ticket. the IP of the server is 10.63.76.44
#!ipxe cpuid --ext 29 && set arch x86_64 || set arch i386 params param mac0 ${net0/mac} param arch ${arch} param platform ${platform} param product ${product} param manufacturer ${product} param ipxever ${version} param filename ${filename} param sysuuid ${uuid} isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme :bootme chain https://10.63.76.44/fog/service/ipxe/boot.php##params -
@sbenson
Can you please read this:You’ll likely need to build the file with the CA file itself, typically located in ca.cert.der (
/var/www/fog/management/other/ca.cert.der) -
@sbenson Well, compare the URLs again. The one xou opened in your browser is HTTPS and the other one called by ipxe is HTTP…
-
@sebastian-roth said in Problem with HTTPS upgrade:
@sbenson Well, compare the URLs again. The one xou opened in your browser is HTTPS and the other one called by ipxe is HTTP…
I updated the default.ipxe to use https. as seen in the previous post.
-
@sbenson So is this solved then?
-
@sebastian-roth No, now the ipxe boot screen says https, and still doesn’t work. I have not re-created the SSL cert as Tom said.
-
@sbenson What Tom was saying is not re-creating the SSL certs but compiling your own iPXE binaries with the cert included…
-
I am not sure how to recompile ipxe. I did just upgrade from RC4 to RC7 and it didn’t help. I have done a git pull and dont see anywhere to compile it
-
@sebastian-roth said in Problem with HTTPS upgrade:
@sbenson This command is used to compile an iPXE binary from the source code and add the SSL certificate to it. Instructions on how to do this you can find in the wiki. Those instructions are for legary (undionly.kpxe) as well as for 32 bit UEFI and 64 bit UEFI. make sure you compile and put the correct ones into your /tftpboot directory. Possibly you want to compile all three if you have all those different clients. Let us know if you need help. Please post exact command and steps you tried and the error message you see. Then we will surely be able to help.
-
@sebastian-roth
FYI the wiki is wrong for the efi portion
It has the wgets listed as
http://sourceforge.net/p/freeghost/code/HEAD/tree/trunk/src/ipxe-efi/src/config/…and should be
http://sourceforge.net/p/freeghost/code/HEAD/tree/trunk/src/ipxe/src-efi/config/…
-
OK, all files compiled with the the certs, now when I select deploy images, it instantly switches back to the fog main screen. I am still trying to figure out why, nothing in /var/log or /var/log/fog.
I am doing a quick registration to see if it deploys through there. And it fails to register
-
@sbenson Can you create a backup of your /tftpboot folder.
I’d also ask that you update to the latest rc please. I added, after rc4 I think, the links will change for the protocol being requested. rc4 still caused defaults to jump to http for internal links.
-
Create a backup of your current /tftpboot say as /tftpboot_persSigned.
Upgrade.
Once upgrade complete do:
mv /tftpboot /tftpboot_orig mv /tftpboot{_persSigned,} -
@tom-elliott I said yesterday that I updated to RC7. I have the booting fixed by adding the cert to the files, but now registrations don’t work, and it’s not listing images from the ipxe “Deploy images” menu
-
@tom-elliott
upon doing this now the pxe booting starts, and instantly drops back to the laptop netboot selection[12:45:21] root@SRO-FOG-01[0]:/$ diff -r tftpboot tftpboot_orig/ Binary files tftpboot/i386-efi/intel.efi and tftpboot_orig/i386-efi/intel.efi differ Binary files tftpboot/i386-efi/ipxe.efi and tftpboot_orig/i386-efi/ipxe.efi differ Binary files tftpboot/i386-efi/snponly.efi and tftpboot_orig/i386-efi/snponly.efi differ Binary files tftpboot/intel.efi and tftpboot_orig/intel.efi differ Binary files tftpboot/intel.pxe and tftpboot_orig/intel.pxe differ Binary files tftpboot/ipxe.efi and tftpboot_orig/ipxe.efi differ Binary files tftpboot/ipxe.pxe and tftpboot_orig/ipxe.pxe differ Only in tftpboot: pxelinux.0 Only in tftpboot/pxelinux.cfg: default.bad Only in tftpboot/pxelinux.cfg: default.dist Binary files tftpboot/snponly.efi and tftpboot_orig/snponly.efi differ Binary files tftpboot/undionly.kkpxe and tftpboot_orig/undionly.kkpxe differ Binary files tftpboot/undionly.kpxe and tftpboot_orig/undionly.kpxe differ -
As to why it keeps redirecting to the main boot system I’m not sure, but seeing as some items are seemingly selectable (such as being able to boot to register hosts?)
I’ve updated the init’s in an attempt to ensure the curl requests follow redirects. Please see if it at least allows you to boot and register a host?
To download please do:
wget https://fogproject.org/inits/init.xz -O /var/www/fog/service/ipxe/init.xz wget https://fogproject.org/inits/init_32.xz -O /var/www/fog/service/ipxe/init_32.xz -
@tom-elliott
Weird, now it is booting back to not finding http://10.63.76.44/fog/service/ipxe/boot.php changed the default.pxe and it still doesnt. Now it is using the new build version of ipxe though. oh that might be an RC4 to RC7 change it was on 9ccd8 and is now on 70544 -
@sbenson said in Problem with HTTPS upgrade:
Weird, now it is booting back to not finding http://10.63.76.44/fog/service/ipxe/boot.php changed the default.pxe and it still doesnt
From what to what did you change the
default.ipxefile? Maybe you edited the wrong file - getting confused moving around the /tftpboot directories and files!? -
@sebastian-roth
This seems to all be stemming from SSL, and I dont know if anyone else is using SSL. I found an issue with the install script previously that would make it so people couldn’t install SSL without fixing it manually. So if that was a problem and no one noticed, I don’t think anyone else uses SSL.[11:45:12] sbenson@SRO-FOG-01[0]:/tftpboot$ cat default.ipxe #!ipxe cpuid --ext 29 && set arch x86_64 || set arch i386 params param mac0 ${net0/mac} param arch ${arch} param platform ${platform} param product ${product} param manufacturer ${product} param ipxever ${version} param filename ${filename} param sysuuid ${uuid} isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme :bootme chain https://10.63.76.44/fog/service/ipxe/boot.php##params -
@sbenson Ok, and could you please take a new picture of the current error message you see on screen with this?
