Unable to display Fog Management Console - Newbie to Linux & Fog Project

tolaria

@wayne-workman Hi Wayne, thanks for spotting the error. Did another run and it also indicates SELINUX as permissive

cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Sebastian Roth

@tolaria said in Unable to display Fog Management Console - Newbie to Linux & Fog Project:

Hi Tom, managed to upgrade PHP to version 7.0.25, but the Fog Console is still not launching

Forget about SELinux for now. I went on the wrong track with this. Apache still has this message in the logs just because it’s capable of running with SELinux. If getenforce is showing ‘permissive’’ you are on the save side about this for now.

I think you need to be more specific on what happens when you open the URL in the browser. Do you get a blank page now or does it return a 500 internal server error or not load the page at all. For the later I’d think the firewall is still on. Run iptables -L -n -v and post output here`.

[root@sglfog01 jquek]# php -v
PHP 7.0.25 (cli) (built: Oct 27 2017 13:55:11) ( NTS )

If you see a blank page check apache error log again. Possibly the PHP version you upgraded was only the PHP CLI. This is used when running PHP on the command line but apache uses a library which could be still the old version. Best to check in the apache error log. The following line is important:

... AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 configured ...

You need PHP to be at least 5.5.0 (reference in section “Changelog”)!

tolaria

@sebastian-roth Hi Sebastian, noted and I attempted to upgrade PHP from v5.4.16 to v7.0.25, but it seems that it only upgraded certain components

I then tried to remove all versions of PHP by running yum -y remove php* and then installing PHP v7, but then it seems that it is not able to remove certain components of v5.4.16, resulting in a mixed environment where there are components of both v5.4.16 and v7.0.25 when I run the tail -n command

Error message when trying to load the Fog Console is as shown:

Network Error
A communication error occurred: “Operation timed out”

The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.

For assistance, contact your service desk.

Exception ID : tcp_error

As requested, ran the iptables -L -n -v and obtained the following results

iptables -L -n -v
Chain INPUT (policy ACCEPT 14086 packets, 2720K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0        iptables -L -n -v
Chain INPUT (policy ACCEPT 14086 packets, 2720K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 4016 packets, 760K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68
   
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 4016 packets, 760K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68

Sebastian Roth

@tolaria said in Unable to display Fog Management Console - Newbie to Linux & Fog Project:

A communication error occurred: “Operation timed out”

Ok, this is definitely a connection issue in the first place. Might be other things behind that but we need to fix that first. So run the following commands as root:

iptables -X
iptables -F
iptables -t nat -X
iptables -t nat -F
iptables -t mangle -X
iptables -t mangle -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

This is just temporary till you reboot your server. We’ll add proper rules later on.

tolaria

@sebastian-roth Hi Sebastian, have run the commands as indicated. Running this in GUI mode with Terminal as Root

[root@sglfog01 jquek]# iptables -X
[root@sglfog01 jquek]# iptables -F
[root@sglfog01 jquek]# iptables -t nax -X
iptables v1.4.21: can’t initialize iptables table `nax’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@sglfog01 jquek]# iptables -t nat -F
[root@sglfog01 jquek]# iptables -t mangle -X
[root@sglfog01 jquek]# iptables -t mangle -F
[root@sglfog01 jquek]# iptables -P INPUT ACCEPT
[root@sglfog01 jquek]# iptables -P FORWARD ACCEPT
[root@sglfog01 jquek]# iptables -P OUTPUT ACCEPT

After that, tried to open Fog Console and still fails

Sebastian Roth

@tolaria said in Unable to display Fog Management Console - Newbie to Linux & Fog Project:

After that, tried to open Fog Console and still fails

This is not helpful. Does it fail the same way as timeout or different? Maybe apache server is not running after PHP update anymore.

service httpd restart
tail -15 /var/log/httpd/error_log
date

Run as root and post full output here.

tolaria

@sebastian-roth Hi Sebastian, my bad, same exact error after I ran the iptable commands, forgot to indicate in my reply

Just did the commands as recommended in your last post,

tail -15 /var/log/httpd/error_log
[Thu Nov 16 10:20:23.671488 2017] [core:notice] [pid 4510] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Thu Nov 16 12:04:50.917584 2017] [mpm_prefork:notice] [pid 4510] AH00170: caught SIGWINCH, shutting down gracefully
[Thu Nov 16 12:05:47.395822 2017] [core:notice] [pid 982] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Thu Nov 16 12:05:47.471806 2017] [suexec:notice] [pid 982] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Nov 16 12:05:47.618523 2017] [auth_digest:notice] [pid 982] AH01757: generating secret for digest authentication …
[Thu Nov 16 12:05:47.619540 2017] [lbmethod_heartbeat:notice] [pid 982] AH02282: No slotmem from mod_heartmonitor
[Thu Nov 16 12:05:49.379196 2017] [mpm_prefork:notice] [pid 982] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.25 configured – resuming normal operations
[Thu Nov 16 12:05:49.379240 2017] [core:notice] [pid 982] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Thu Nov 16 16:03:02.220557 2017] [mpm_prefork:notice] [pid 982] AH00170: caught SIGWINCH, shutting down gracefully
[Thu Nov 16 16:03:03.303095 2017] [core:notice] [pid 5969] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Thu Nov 16 16:03:03.304266 2017] [suexec:notice] [pid 5969] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Nov 16 16:03:03.336522 2017] [auth_digest:notice] [pid 5969] AH01757: generating secret for digest authentication …
[Thu Nov 16 16:03:03.337384 2017] [lbmethod_heartbeat:notice] [pid 5969] AH02282: No slotmem from mod_heartmonitor
[Thu Nov 16 16:03:03.367540 2017] [mpm_prefork:notice] [pid 5969] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.25 configured – resuming normal operations
[Thu Nov 16 16:03:03.367575 2017] [core:notice] [pid 5969] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[root@sglfog01 jquek]# date
Thu Nov 16 16:03:22 +08 2017

Sebastian Roth

@tolaria Ok, I see the apache service restarted fine just recently. It also seems to have the correct PHP module (version 7.0.25). Are you sure you try to access the correct server in your browser? Sorry if this question sounds dumb but we better make sure.

Please run those commands to make sure:

ip a s | grep "inet" | awk '{print $2}' | cut -d'/' -f1
iptables -L -n -v

From the first command you will get several IP addresses. One will be 127.0.0.1. Just ignore that. See if you have the correct IP to access the web interface http://x.x.x.x/fog/

As well try command ping x.x.x.x from the Windows command line to see if you can actually reach the server over the network.

Wayne Workman

@tolaria said in Unable to display Fog Management Console - Newbie to Linux & Fog Project:

After that, tried to open Fog Console and still fails

What is the URL you’re trying to use for the web interface? None of this is making any sense at all. The fog installer is solid, and is especially solid on CentOS 7. Something about your setup is not standard, or fog would just work. What is not standard? Are you downloading the CentOS 7 ISO yourself? Are you installing FOG on it’s very own OS, on it’s very own hardware/vm ? What is not standard here?

Sebastian Roth

@tolaria Did you get this up and running?

Sebastian Roth

Marked as solved…