PXE-E32 Error; Not sure what went wrong.
-
@sebastian-roth TFTP was not enabled in firewalld so it was not getting through, but I’ve run into another error.
Could not boot: Connection timed out (http://ipxe.org/4c0a6035)
I did check the specified files on the wiki and the IP address is correct for both files. But in .fogsettings submask has: ‘Error: =4099<UP,BROADCAST,MULTICAST> is not recognized’ instead of an actual subnet mask, would this be the possible cause? -
@JazKW As far as I know from the top of my head the submask setting is mostly used to generate a valid DHCP config. If you are using a Windows DHCP server, that should not cause an issue. But I am wondering if DHCP on your FOG server is still running and might cause an issue? Please run the following commands and post results here:
ps ax | grep dhc cat /opt/fog/.fogsettings
-
@sebastian-roth This is the result I got from the two commands:
[root@FOG fog]# ps ax | grep dhc 4197 ? S 0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper 4198 ? S 0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper 19862 pts/0 S+ 0:00 grep --color=auto dhc [root@FOG fog]# cat /opt/fog/.fogsettings ## Start of FOG Settings ## Created by the FOG Installer ## Find more information about this file in the FOG Project wiki: ## https://wiki.fogproject.org/wiki/index.php?title=.fogsettings ## Version: 1.5.4 ## Install time: Thu 09 Aug 2018 08:48:22 AM EDT ipaddress='192.168.1.87' copybackold='0' interface='eth0' submask='255.255.255.0' routeraddress='192.168.1.18' plainrouter='192.168.1.18' dnsaddress='192.168.1.18' username='fog' password='Qigd/N34xpA2aa0amHlKfnz+zbeHkxgM8l4RwVAW0tk=' osid='1' osname='Redhat' dodhcp='N' bldhcp='0' dhcpd='dhcpd' blexports='1' installtype='N' snmysqluser='root' snmysqlpass='' snmysqlhost='localhost' installlang='0' storageLocation='/images' fogupdateloaded=1 docroot='/var/www/html/' webroot='/fog/' caCreated='yes' httpproto='http' startrange='' endrange='' bootfilename='undionly.kpxe' packages='bc curl gcc gcc-c++ genisoimage gzip httpd lftp m4 make mariadb mariadb-server mod_ssl mtools net-tools nfs-utils php php-bcmath php-cli php-common php-fpm php-gd php-ldap php-mbstring php-mcrypt php-mysqlnd php-process syslinux tar tftp-server unzip vsftpd wget xinetd xz-devel ' noTftpBuild='' notpxedefaultfile='' sslpath='/opt/fog/snapins/ssl/' backupPath='/home/' php_ver='' php_verAdds='' sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key' ## End of FOG Settings [root@FOG fog]#
-
@JazKW As far as I can see there is no DHCP server running or configured in fogsettings. Can you please take a picture of the
Could not boot: ...
error on screen. Possibly there is some important information we are still missing. -
@jazkw The question I wonder is why dnsmasq is running on this computer? There are valid uses for dnsmasq with FOG, but why its active with this setup.
-
@george1421 It shouldn’t be. I have it set up with the windows DHCP server. If dnsmasq is running, it shouldn’t. So at this point I would be asking how to turn it off, because it seems like it’d be what’s causing the Host machine not to be able to PXE boot.
-
-
@jazkw Well it depends on what mode dnsmasq is configured in. If its setup as proxydhcp then it could be mucking up the works. The config file path shown is not something that FOG would setup or configure. That looks like some other application configured dnsmasq for you.
If in doubt, key in
systemctl stop dnsmasq
to temporarily stop the service. Then try to pxe boot. If you still can’t understand what is going wrong then lets capture a packet trace of the pxe booting process. As long as the FOG server and the pxe booting client are on the same subnet, we can use FOG to spy on the pxe booting process. If the target computer is on a different subnet then we will need a second computer on the pxe booting computer’s subnet with wireshark installed.I have a tutorial on how to capture a pcap of the pxe booting process here: https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue
-
@george1421 Stopping dnsmasq didn’t change anything, still the same result and same error. Need to review network policy before attempting a packet capture.
-
@jazkw OK fair enough. Just be aware with the capture filter defined in that article only pxe booting and dhcp process will be captured in the pcap. No PII is available at this point in the booting process. Even windows isn’t involved where we want to capture. Now I agree if you don’t use the exact capture filter I defined you may indirectly capture info you don’t want.
If you are able to capture a pcap, but don’t want to post it here, or IM me the link to the pcap, we can still work indirectly via your eyes with the pcap, but it will take much longer that way.
-
@george1421 There is one other thing I’ve noticed each time I went to uninstall and reinstall FOG, none of the services exist.
When I go to run these commandssudo rm /etc/init.d/FOGImageReplicator sudo rm /etc/init.d/FOGMulticastManager sudo rm /etc/init.d/FOGScheduler```
I get:
[root@FOG NetworkManager]# sudo rm /etc/init.d/FOGImageReplicator
rm: cannot remove ‘/etc/init.d/FOGImageReplicator’: No such file or directoryFor each one; and when I go to check where they’re supposed to be located, they aren’t there
[root@FOG init.d]# ls -la total 40 drwxr-xr-x. 2 root root 70 Aug 6 10:33 . drwxr-xr-x. 10 root root 127 Aug 6 10:32 .. -rw-r--r--. 1 root root 18104 Jan 2 2018 functions -rwxr-xr-x. 1 root root 4334 Jan 2 2018 netconsole -rwxr-xr-x. 1 root root 7293 Jan 2 2018 network -rw-r--r--. 1 root root 1160 Apr 11 03:36 README
-
@jazkw I’d have to look into what the installer is doing, but your FOG server is running in a systemd environment not systemv as the older versions of linux. SystemD uses systemctl which stores the init files in a different location instead of init.d (that is where systemv uses).
-
@george1421 Not sure if you have any control over it, but you may want to update the uninstall article on the wiki for systemd. I may have bad or redundant service files from previous install attempts, unless they were overwritten.
-
@JazKW Thanks for the picture. I see
http://.../boot.php...................... Connection timed out ...
. This is a big issue. The client is not able to load the iPXE menu stuff and fails. Are you able to open this URL in your browser from a PC within your network: http://192.168.1.87/fog/service/ipxe/boot.phpMy guess is that you have a local firewall not allowing this connection. Please check using
sudo iptables -L -n -v
(post full output here). -
@sebastian-roth No I was not able to connect to the Fog server from another PC.
EDIT: Disabling firewalld got it to work.
This is what I got from the iptables:
[root@FOG init.d]# sudo iptables -L -n -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 5331K 892M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 504K 31M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 196K 25M INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 196K 25M INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 196K 25M INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 132K 17M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 5282K packets, 800M bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68 5840K 886M OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_IN_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public all -- em1 * 0.0.0.0/0 0.0.0.0/0 [goto] 0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain FORWARD_OUT_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public all -- * em1 0.0.0.0/0 0.0.0.0/0 [goto] 0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain FORWARD_direct (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public (2 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain FWDI_public_allow (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public_deny (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public_log (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public (2 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FWDO_public_allow (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public_deny (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public_log (1 references) pkts bytes target prot opt in out source destination Chain INPUT_ZONES (1 references) pkts bytes target prot opt in out source destination 140K 18M IN_public all -- em1 * 0.0.0.0/0 0.0.0.0/0 [goto] 47 6862 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto] Chain INPUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain INPUT_direct (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT 2 -- * * 0.0.0.0/0 0.0.0.0/0 Chain IN_public (2 references) pkts bytes target prot opt in out source destination 196K 25M IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 196K 25M IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 196K 25M IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 30 1827 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain IN_public_allow (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW 15 975 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 ctstate NEW 63870 7604K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:49152:65532 ctstate NEW Chain IN_public_deny (1 references) pkts bytes target prot opt in out source destination Chain IN_public_log (1 references) pkts bytes target prot opt in out source destination Chain OUTPUT_direct (1 references) pkts bytes target prot opt in out source destination ```
-
@jazkw said in PXE-E32 Error; Not sure what went wrong.:
EDIT: Disabling firewalld got it to work.
Just add TCP port 80 to your firewall config and you should be fine. Although there might be later issues with NFS… If you are not familiar with firewall configuration you might want to leave it disabled for now till you have it all up and running. Later on you can still enable it again and add ports as needed.
-
@sebastian-roth Can go ahead and mark this as solved. Thank you for the help.