...boot.php... Permission denied
-
@Sebastian-Roth,
I eneabled https on installation with the -S (–force-https) option.
I build ipxe with the correct certificate. -
@george1421,
We use our own certificates and I compiled the ipxe with the correct CA certificate. -
@Malte-Will So you are able to connect to https://<fog_server_ip>/fog/service/ipxe/boot.php just fine AND by inspecting the certificate it is the correct certificate to what you expected? This sure does appear like a certificate mismatch between ipxe and the apache web server.
-
@george1421 I just rebuild the ipxe files with the correct CA-certificate, just to check if I messed up and I am still getting the error. I don’t think it is a mismatch. It worked before with the exact same certificates.
Yes I am able to connect to https://<fog_server_ip>/fog/service/ipxe/boot.php just fine. It also shows the correct certificate.
-
@Malte-Will I don’t know of a way off the top of my head to confirm the certificate identity in ipxe vs what the web server has. I wonder for grins if you edit /tftpboot/default.ipxe and for a test remove the s from https and then save it. Then pxe boot. I’m interested if you get the same permission denied message.
-
@george1421 I first tried to set the SSLCertificateChainFile in the apache site config to the original cert and then back to the one we use, after restarting apache I now get the following error code while booting with pxe: 0x432fe698
I think my system is cursed. -
@Malte-Will said:
I first tried to set the SSLCertificateChainFile in the apache site config …
Good you mention this. Take a look at my comment here: https://github.com/FOGProject/fogproject/pull/354#discussion_r359494768 - seems like we still have this issue in the code. While I am not sure if this is causing the iPXE issue it definitely should be changed! Please try
SSLCACertificateFile
(instead ofSSLCertificateChainFile
) andca.cert.pem
(instead ofca.cert.der
).If not then we need to start taking a closer look at the certificates you are actually using.
After the weekend, our FOG-Server is not working properly anymore.
I am still wondering why it worked before? What changed? Did you do Linux system updates? Changed a config? Re-ran the FOG installer?
-
@Malte-Will bump
-
@Malte-Will When doing some testing myself yesterday I figured what’s wrong with this. Should have done this earlier but there was so much else on the list.
Take a look at this change: https://github.com/FOGProject/fogproject/commit/e424b0417fc56dba2d7ba34665817e0f7b0f857c
For some yet unknown reason the build parameters need to be in different order to make this work. I find it very strange because we had a similar thing with the build parameter (ref) and I am fairly sure I did test this when pushing the change in Jun 2019. My assumption is a change in the make files were causing this again. Hope this is fixed now and shouldn’t come back.
-
I have just upgraded my fog server to 1.5.9-RC1.4 not sure if this issue is still present. I am receiving the following error message when trying to pxe boot.
https://“InternalIPAddress”/fog/service/ipxe/boot.php… Permission denied (http://ipxe.org/0216eb8f)
Could not boot: Permission denied (http://ipxe.org/0216eb8f)Cheers
Jason
-
@jasonm Please try this:
sudo -i touch /opt/fog/snapins/ssl/CA/.fogCA.pem cd /path/to/fogproject/bin ./installfog.sh
Please let us know if the issue can be solved this way. I will need to fix that in the installer.
-
@Sebastian-Roth I had the same symptoms that @jasonm had. I tried the resolution you put on May 6, 2020 and that worked to resolve my permission denied issue.
-
@Chris-Shipley Thanks for bringing this topic back up again as I had lost track of this.
Just pushed a commit to take care of this.
-
@Sebastian-Roth excellent, thanks!
-
@Sebastian-Roth
https://forums.fogproject.org/topic/14733/permission-denied-on-boot-phpMod note: Moved topics to new above thread -Geo