CentOS 7 client fails to connect

adrien17

My server Fog (CentOS is in Https. On the client (CentOS 7) when I start the Fog service, I get in its log:

--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 1/27/2020 11:16 AM Client-Info Version: 0.11.17
 1/27/2020 11:16 AM Client-Info OS:      Linux
 1/27/2020 11:16 AM Middleware::Authentication Waiting for authentication timeout to pass
 1/27/2020 11:18 AM Middleware::Communication Download: https://fogus/fog/management/other/ssl/srvpublic.crt
 1/27/2020 11:18 AM Middleware::Communication ERROR: Could not download file
 1/27/2020 11:18 AM Middleware::Communication ERROR: Error: TrustFailure (Authentication failed, see inner exception.)

In the log of the server /var/log/httpd/access_log, nothing is reported for that client.

So the client receives no information about the tasks on the server.

Another thing is the status of the Fog service on the client: this status claims that the file /opt/fog-service/service.lock does not exist. But it exists and contains the Pid of the process.

systemctl status FOGService -l
● FOGService.service - FOGService
   Loaded: loaded (/usr/lib/systemd/system/FOGService.service; disabled; vendor preset: disabled)
   Active: active (exited) since Mon 2020-01-27 11:16:16 CET; 3min 48s ago
  Process: 2933 ExecStart=/opt/fog-service/control.sh start (code=exited, status=0/SUCCESS)
 Main PID: 2933 (code=exited, status=0/SUCCESS)
    Tasks: 11
   CGroup: /system.slice/FOGService.service
           └─2936 /usr/bin/mono /usr/lib/mono/4.5/mono-service.exe /opt/fog-service/FOGService.exe -d:/opt/fog-service/ -l:/opt/fog-service/service.lock

Jan 27 11:16:16 admin14 systemd[1]: Starting FOGService...
Jan 27 11:16:16 admin14 control.sh[2933]: cat: /opt/fog-service/service.lock: No such file or directory
Jan 27 11:16:16 admin14 control.sh[2933]: starting fog-service
Jan 27 11:16:16 admin14 control.sh[2933]: fog-service started

Thanks for your help.

Sebastian Roth

@adrien17 said in CentOS 7 client fails to connect:

ERROR: Error: TrustFailure (Authentication failed, see inner exception.)

Not exactly sure why this happens. Do you use a custom HTTPS certificate?

As well you might try the latest release that came out yesterday: https://github.com/FOGProject/fog-client/releases/0.11.18/

adrien17

We do not use a custom certificate.
I have installed this new version on the client. The error message in fog.log is now :

--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 1/27/2020 2:29:04 PM Client-Info Version: 0.11.18
 1/27/2020 2:29:04 PM Client-Info OS:      Linux
 1/27/2020 2:29:04 PM Middleware::Authentication Waiting for authentication timeout\
 to pass
 1/27/2020 2:29:04 PM Middleware::Communication Download: https://fogus/fog/management/other/ssl/srvpublic.crt
 1/27/2020 2:29:05 PM Middleware::Communication ERROR: SSL connection error: System\.Security.Cryptography.X509Certificates.X509ChainStatus[]
 1/27/2020 2:29:05 PM Middleware::Communication ERROR: Could not download file
 1/27/2020 2:29:05 PM Middleware::Communication ERROR: Error: TrustFailure (Authentication failed, see inner exception.)

On the server, I have had a log (in /var/log/httpd/access_log) when I installed the client :

148.60.3.96 - - [27/Jan/2020:14:16:38 +0100] "GET /fog/management/other/ca.cert.der HTTP/1.1" 200 1287 "-" "-"
148.60.3.96 - - [27/Jan/2020:14:16:39 +0100] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 237 "-" "-"
148.60.3.96 - - [27/Jan/2020:14:18:39 +0100] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 237 "-" "-"

But, after, when I restart the Fog service on the client, nothing is logged on the server.

Sebastian Roth

@adrien17 said in CentOS 7 client fails to connect:

... GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 302 ...

Well that is interesting. I am fairly sure we have seen this happen a few days ago already but I can’t seem to find the topic. Possibly this was lost when the forum went down. Right. This is probably the case.

So let’s try to get the information back together. Please run wget --no-check-certificate https://fogus/fog/management/other/ssl/srvpublic.crt on your CentOS client and post output here.

adrien17

@Sebastian-Roth said in CentOS 7 client fails to connect:

wget --no-check-certificate https://fogus/fog/management/other/ssl/srvpublic.crt

The log on the server is:

148.60.3.96 - - [27/Jan/2020:17:02:17 +0100] "GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1" 200 1749 "-" "Wget/1.14 (linux-gnu)"

Sebastian Roth

@adrien17 Have you modified the apache config by an chance?

lebrun78

@Sebastian-Roth
The apache configuration of our fog server is generated by fog

Sebastian Roth

@adrien17 Ahhhhh, should have remembered this earlier. Unfortunately there was an issue in the config being generated. Please edit /etc/httpd/conf.d/fog.conf and search for the line

SSLCertificateChainFile $webdirdest/management/other/ca.cert.der

and change to

SSLCACertificateFile $webdirdest/management/other/ca.cert.pem

Note the end of the line is also changed!! Then restart the webserver (systemctl restart httpd).

adrien17

The result is the same:
on the client the message error is again
“Communication ERROR: SSL connection error: System.Security.Cryptography.X509Certificates.X509ChainStatus[]”
and on the server nothing is logged.

Sebastian Roth

@adrien17 said in CentOS 7 client fails to connect:

and on the server nothing is logged.

I thought you see the HTTP 302 redirect on the server?!?

adrien17

No, there is not the 302 redirect in the log. It’s as if the server receives no demand from the client.
I don’t find the IP address of the client in the other files in /var/log/httpd.

Sebastian Roth

@adrien17 said in CentOS 7 client fails to connect:

On the server, I have had a log (in /var/log/httpd/access_log) when I installed the client :

Ahhhhh, sorry, I must have overlooked this was only from when you installed the fog-client.

I have searched the web for this error but haven’t found a clue yet. I will try to set this up and see if I can replicate the error.

Sebastian Roth

@adrien17 Ok, I was able to replicate, find and fix the issue. Arrrgh, should have looked into this before pushing out the new fog-client release yesterday. I knew 0.11.18 wouldn’t be bug free but didn’t think we’d catch one that quickly.

Download fixed DLL and put in /opt/fog-service/Zazzles.dll. Then stop and restart the client or reboot the computer.

adrien17

Okay, now the client gets the information from the server without error and can execute a task launched from the server.
Thanks a lot.