Can not deploy using multicast - read image_hdr block_size error

rurap

Hi everyone and sorry for my english.
I have a similar problem as the author of the topic.
I get the “read image_hdr block_size error” error when starting a multicast session.

I tested clients as it is on the help page. It looked good. But multicast still doesn’t work.

I have ubuntu server 16.04, two network cards and Iptables share the network with computers in the classroom.

Here I will find another tip that it may be a firewall problem. Is there anyone who can help me how can I disable the firewall on Ubuntu Server? if I disable iptables I won’t have internet in the classroom or am i wrong?

I have ubuntu server 16.04, two network cards and Iptables share the network with computers in the classroom.

If I understood multicast correctly, this way the whole class should be restored around the same time as one computer. Is this correct?

george1421

moderator note: I forked your topic because your conditions may be different than the previous thread. For reference the original thread is here: https://forums.fogproject.org/topic/8743/can-not-deploy-using-multicast-read-image_hdr-block_size-error

So since you are using ubuntu, have you disabled the ubuntu firewall as the recommendation in the previous thread?

Since you have 2 network adapters in this computer, do you have the correct one referenced for multicast imaging?

If I understood multicast correctly, this way the whole class should be restored around the same time as one computer. Is this correct?

Imaging the group will move as fast as the slowest computer in the group. So if you have a group of 10 computers with 8 core cpus and nvme disks, and one 486 computer with a slow hard drive all 11 computers will image as fast as the 486 computer in the group.

Successful Multicasting is more dependent on your network configuration than FOG imaging. Is the fog server and the target computers on the same IP Subnet/VLAN?

rurap

@george1421 said in Can not deploy using multicast - read image_hdr block_size error:

So since you are using ubuntu, have you disabled the ubuntu firewall as the recommendation in the previous thread?

iptables settings on my serverer:

# Generated by iptables-save v1.6.0 on Tue Sep 17 17:40:43 2019
*nat
:PREROUTING ACCEPT [162493:21912723]
:INPUT ACCEPT [4857:1000748]
:OUTPUT ACCEPT [12916:875299]
:POSTROUTING ACCEPT [9153:677268]
-A POSTROUTING -o eno1 -j MASQUERADE
COMMIT
# Completed on Tue Sep 17 17:40:43 2019
# Generated by iptables-save v1.6.0 on Tue Sep 17 17:40:43 2019
*filter
:INPUT ACCEPT [5476607:353434905]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11575842:17208139981]
-A FORWARD -i eno1 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i enp2s0 -o eno1 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Sep 17 17:40:43 2019

This is my only firewall i heave, ufw is disabled.

@george1421 said in Can not deploy using multicast - read image_hdr block_size error:

Imaging the group will move as fast as the slowest computer in the group. So if you have a group of 10 computers with 8 core cpus and nvme disks, and one 486 computer with a slow hard drive all 11 computers will image as fast as the 486 computer in the group.

I have 16 Dell Optiplex 7010 all have the same configurations, i have simple switch witch no vlans.

george1421

@rurap Hmmm this is strange, I would have expected your iptables to look like this:

 iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Are you using your fog server as a router too (between the 2 interfaces)? I see the masquerade module is being used.

Which network interface is the multicast binding to? You can find out by starting a multicast on the FOG server and then issuing the following command from the linux command prompt on the fog server. sudo ps aux | grep udp-send That should give you the command line parameters that we need to know.

Also what network interface is defined for the imaging network?

Sebastian Roth

@rurap Are you aware of the NAT configuration on your system? Why do you seem to have two network interfaces on this machine?

rurap

@george1421 said in Can not deploy using multicast - read image_hdr block_size error:

Are you using your fog server as a router too (between the 2 interfaces)? I see the masquerade module is being used.

Well, first i configure server as a router with isc-dhcp server on it. This iptables configuration is for the internet sharing (i use NAT). Then i install fog. So yes i have router and fog server on the same network interface.

@george1421 said in Can not deploy using multicast - read image_hdr block_size error:

Which network interface is the multicast binding to? …
Also what network interface is defined for the imaging network?

For multicasting i will check tomorrow, for fog is the enp2s0 But i think is the same interface for both

rurap

@Sebastian-Roth said in Can not deploy using multicast - read image_hdr block_size error:

Are you aware of the NAT configuration on your system? Why do you seem to have two network interfaces on this machine?

It seems to me that some misunderstanding has crept in. Maybe because of the lack of my language skills.

my network looks like this:
I have an ubuntu 16.04 server set up on a regular pc (dell optiplex 7010) with 2 network cards.
To one card I connected the network from the outside and the other card I connected to the switch and then to other computers in the class
I installed and configured the dhcp server, shared the internet from the first card to the second, so that the internet works in the classroom. Then I installed and configured FOG
Everything works, imaging, restoring and internet. Only multicasting does not work.

I don’t have much experience in networks, did I do something wrong up to this point?

Sebastian Roth

@rurap Setting up FOG with two network interfaces is kind of an advanced setup. Combining FOG with a NAT router config adds another layer of things that can interfere. I am not saying this doesn’t work per se. It’s just not a default FOG setup and we don’t test those kind of things.

I’d suggest you start by looking at the log files (in /var/log/fog) to see what information we get from the FOGMulticastManager service when the error happens. Be aware that FOGMulticastManager tries to pick the right network interface and might fail on your system with two NICs.

If that doesn’t yield any success you should look into manually testing multicast as described in the wiki: https://wiki.fogproject.org/wiki/index.php?title=Multicast#Troubleshooting

rurap

@Sebastian-Roth

So it’s easiest to install FOG on a separate server with one card and plug it into the switch. Do I understand correctly?

george1421

@rurap Your setup can work, its just a bit strange to use the FOG server as a router and an imaging solution. As Sebastian said this is an advanced setup. I personally could make it work but I’ve worked with linux and internetworking for almost 20 years… man I’m old…

Anyway, we need to understand your current configuration. Do what I suggested about capturing what udp-send is binding to. You have an advantage that your imaging network is isolated and on a single switch.

Also in regards to the imaging network switch what is that switch model and manufacturer. Some switches need certain settings turned on for multicasting to work correctly.

rurap

@george1421

Thank you for your response. I don’t know why but I thought all the time that FOG should be installed on the server / router behind NAT. It didn’t occur to me that it could be a normal host on the network. I don’t need Fog working as a router and image server. Now I see that it makes no sense. So I’ll try to install it on a separate host computer and see what happens.

My switch is TP-LINK TL-SF1024. So it’s not an advanced device. But if I can run FOG on it, I’ll talk to my boss about something better.

Thanks to everyone for the answers, I will let you know if it works.

rurap

Hi again.
Now I have one network interface - the FOG server plugged in the switch. Switch is plugged into hardware dhcp so I used dnsmasq from here and then soluion from here

in both cases I get something like this:

Sebastian Roth

@rurap Please search our wiki for TFTP troubleshoting und follow the instructions to test the TFTP stuff.

george1421

@rurap Please post the content of your ltsp.conf file.

rurap

@george1421

This is from Ubuntu server 18.1 and dnsmasq 2.9 verssion:

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# The boot filename, Server name, Server Ip Address
dhcp-boot=undionly.kpxe,,192.168.25.117

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# inspect the vendor class string and match the text to set the tag
dhcp-vendorclass=BIOS,PXEClient:Arch:00000
dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
dhcp-vendorclass=UEFI,PXEClient:Arch:00007
dhcp-vendorclass=UEFI64,PXEClient:Arch:00009

# Set the boot file name based on the matching tag from the vendor class (above)
dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,192.168.25.117
dhcp-boot=net:UEFI,ipxe.efi,,192.168.25.117
dhcp-boot=net:UEFI64,ipxe.efi,,192.168.25.117

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Booting FOG Client", 1

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
pxe-service=X86PC, "Boot to FOG", undionly.kpxe
pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi

dhcp-range=192.168.25.117,proxy

And this one is from Ubuntu 16.04, dnsmasq 2.5 :

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Dnsmasq can also function as a TFTP server. You may uninstall
# tftpd-hpa if you like, and uncomment the next line:
# enable-tftp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# The boot filename, Server name, Server Ip Address
dhcp-boot=undionly.kpxe,,192.168.25.137

# rootpath option, for NFS
#dhcp-option=17,/images

# kill multicast
#dhcp-option=vendor:PXEClient,6,2b

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Press F8 for boot menu", 3

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
pxe-service=X86PC, "Boot from network", undionly

# A boot service type of 0 is special, and will abort the
# net boot procedure and continue booting from local media.
#pxe-service=X86PC, "Boot from local hard disk", 0

# If an integer boot service type, rather than a basename is given, then the
# PXE client will search for a suitable boot service for that type on the
# network. This search may be done by multicast or broadcast, or direct to a
# server if its IP address is provided.
# pxe-service=x86PC, "Install windows from RIS server", 1

# This range(s) is for the public interface, where dnsmasq functions
# as a proxy DHCP server providing boot information but no IP leases.
# Any ip in the subnet will do, so you may just put your server NIC ip here.
# Since dnsmasq is not providing true DHCP services, you do not want it
# handing out IP addresses.  Just put your servers IP address for the interface
# that is connected to the network on which the FOG clients exist.
# If this setting is incorrect, the dnsmasq may not start, rendering
# your proxyDHCP ineffective.
dhcp-range=192.168.25.137,proxy

# This range(s) is for the private network on 2-NIC servers,
# where dnsmasq functions as a normal DHCP server, providing IP leases.
# dhcp-range=192.168.0.20,192.168.0.250,8h

# For static client IPs, and only for the private subnets,
# you may put entries like this:
# dhcp-host=00:20:e0:3b:13:af,10.160.31.111,client111,infinite```

george1421

@rurap The 16.04 version will not dynamiclly support uefi and bios the 18.1 will. Now certain firmware needs an additional kick to get it to boot.

In this section add in the fog server’s IP address.

pxe-service=X86PC, "Boot to FOG", undionly.kpxe
pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi

change it to

pxe-service=X86PC, "Boot to FOG", undionly.kpxe,192.168.25.117
pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi,192.168.25.117
pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi,192.168.25.117

Then restart dnsmasq

george1421

@rurap The more I look at your picture the more I think it should be working. (I can see that its not) but the auto select says “Booting to FOG” so that means its getting and processing this line:

pxe-service=X86PC, "Boot to FOG", undionly.kpxe

We can see in the picture the boot server IP is 192.168.25.117, so we know its processing this line.

dhcp-boot=undionly.kpxe,,192.168.25.117

It should have everything it needs to boot.

We may need to grab a packet capture to see what the client is objecting to.

rurap

@george1421
your suggestion did not work. I looked for TFTP troubleshoting like @Sebastian-Roth says and used the command:

tftp -v x.x.x.x -m binary -c get undionly.kpxe

and i have got nothing.
I searched the system a bit and found something like this:
this is my tftp-hpa configuration file

# /etc/default/tftpd-hpa

TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/var/lib/tftpboot"
TFTP_ADDRESS=":69"
TFTP_OPTIONS="--secure"

there are no files in this directory, so where is the undionly.kpxe?

george1421

@rurap Please check to see if the files are in /tftpboot directory. It sounds like the tftp service didn’t get configured properly for fog to function.

As I said dnsmasq should have been working, with that final change (which you will probably want to remove now) if it didn’t work then we would have focused on the tftp server. So you did good moving forward to debug.

So if the files are in /tftpboot change the file path in the tftp config file to match then restart the tftpd service.

rurap

@george1421

There is no / tftpboot directory.

I install everything again, I have no idea what happened to this catalog. I could have sworn that this catalog was yesterday.