• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Fail to mount during image deployment

Scheduled Pinned Locked Moved
FOG Problems
3
7
569
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    WT_101
    last edited by Jan 25, 2022, 10:02 AM

    bec759a6-1ac0-4731-b4d5-83d4faf09744-image.png

    We encounter this error while trying to perform image deployment over different subnet (FOG Server at subnet A, client at subnet B) & firewall with below ports whitelisted:
    80/tcp
    443/tcp
    69/udp
    1024-65535/udp
    111/udp and 111/tcp
    2049/udp and 2049/tcp

    We tried to manually mount from the system and it failed as well
    2b4856b1-831f-4b0c-b198-33a80361d5b4-image.png

    We do try to telnet 2049 ports it can connect successful
    bba1a45b-1718-4260-8497-0bb647567e8d-image.png

    Is there any ports/configuration need to be done in order for it to work?

    G 1 Reply Last reply Jan 25, 2022, 11:20 AM Reply Quote 0
    • G
      george1421 Moderator @WT_101
      last edited by Jan 25, 2022, 11:20 AM

      @wt_101 Here is a post that talks about firewall configuration
      https://forums.fogproject.org/topic/6162/firewall-configuration

      The issue is nfsv3 needs a wide port range to communicate correctly. Potentially switching over to NFSv4 will help eliminate this large firewall range requirement. FOG is not there yet but its on the roadmap.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      W 1 Reply Last reply Feb 24, 2022, 1:37 AM Reply Quote 0
      • W
        WT_101
        last edited by WT_101 Jan 26, 2022, 12:52 AM Jan 26, 2022, 6:49 AM

        Hi @george1421

        We have read up the post you share but we never turn on firewall at FOG server. So we not quite sure how the firewall configuration able to resolved the issue we encounter.

        Let me explain in detail to you on our setup. We have 2 Site: Site A and Site B

        Site A

        • FOG Server installed at Site A (192.168.10.1)
        • It having multiple subnet e.g 192.168.10.0 & 192.168.20.0
        • We tested client system at site A for both subnet192.168.10.0 & 192.168.20.0 able to perform image capture & deployment smoothly

        Site B

        • client system at subnet (175.168.10.0)
        • client system (175.168.10.20) able to perform PXE boot getting FOG NBP file though the FOG Server at site A (192.168.10.1)
        • client system (175.168.10.20) also able to detect the tasks(capture, deploy, debug) created from site A FOG Server

        Previously client system (175.168.10.20) at Site B not even able to PXE boot to site A FOG Server (192.168.10.1) until we ask our IT team to whitelist the below port BI Direction between Site A & Site B.
        80/tcp
        443/tcp
        69/udp
        1024-65535/udp
        111/udp and 111/tcp
        2049/udp and 2049/tcp

        Now client system (175.168.10.20) at Site B Fail at “Mounting File System”

        Can you advise is there any other ports need to be open to resolve this issue? Or any method we can troubleshoot on why we facing this issue?

        We do refer to below site found that the port highlight in yellow is not open. Will these causing the mounting fail?
        476fdd9a-6315-459d-ba02-9760c40106cc-image.png
        https://wiki.fogproject.org/wiki/index.php/FOGUserGuide#Full_Listing_of_Ports_used_by_FOG_server_and_client

        Please do let me know if anything is unclear

        Thank You

        G 1 Reply Last reply Jan 26, 2022, 1:06 PM Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by Jan 26, 2022, 9:32 AM

          @wt_101 said in Fail to mount during image deployment:

          1024-65535/udp

          I think the issue is here. NFS used TCP high ports. So you’d need to ask for 1024-65535/tcp as well. Though obviously this would render a firewall more or less useless.

          If you can’t open the firewall then you might get involved in FOG development and help adding NFSv4 or other solutions like sshfs more quickly.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 1
          • G
            george1421 Moderator @WT_101
            last edited by Jan 26, 2022, 1:06 PM

            @wt_101 said in Fail to mount during image deployment:

            We have read up the post you share but we never turn on firewall at FOG server

            Previously client system (175.168.10.20) at Site B not even able to PXE boot to site A FOG Server (192.168.10.1) until we ask our IT team to whitelist the below port BI Direction between Site A & Site B.

            The context was these are the ports that need to be open [on the fog server] so that you can apply the same rules to your network.

            If you look at the iptables entry in the url I referenced.

            echo "IPTABLES_MODULES=\"nf_conntract_tftp nf_conntrack_ftp nf_conntrack_netbios_ns\"" >> /etc/sysconfig/iptables-config
            for port in 80 443 21 3306 2049 20048 111 138 139 445; do iptables -I INPUT 1 -p tcp --dport $port -j ACCEPT; done
            for port in 69 111 4011 137; do iptables -I INPUT 1 -p udp --dport $port -j ACCEPT; done
            service iptables save
            

            It says you need to open these tcp ports {80 443 21 3306 2049 20048 111 138 139 445}

            And you need to open these udp ports {69 111 4011 137}

            FOG NFSv3 does use tcp for its data channels and not udp.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            1 Reply Last reply Reply Quote 1
            • W
              WT_101 @george1421
              last edited by Feb 24, 2022, 1:37 AM

              Hi @george1421

              The mount is working due to the high port 1024-65535 is not open causing the mount fail.

              Just to understand on NFSv4. We tested with debug task on the current FOS are able perform mount using NFSv4.

              Is there any concern on changing the FOS mounting with NFSv4?
              f659d3aa-fb55-42de-83db-4ff563bcb94b-image.png

              G 1 Reply Last reply Feb 24, 2022, 3:20 AM Reply Quote 0
              • G
                george1421 Moderator @WT_101
                last edited by Feb 24, 2022, 3:20 AM

                @wt_101 I do have a proof of concept for NFSv4 and I’m running it on one of my production FOG servers. https://forums.fogproject.org/topic/14791/feature-request-for-fog-1-6-x-configure-image-capture-to-use-nfsv4-instead-of-nfsv3/10

                The tough spot is that you need different inits with NFSv4 enabled. The default inits that come with FOG have nfsv4 disabled. The other issue with nfsv4 is that the shares are changed a bit into a virtual share. My PoC thread also covers that. I really need to consolidate that into an easy to follow thread. I was going to save pushing for nfsv4 in FOG 1.6.x series but that series is getting pushed out because of the lack of dev time. Here are the inits from Jun 2021 with nfsv4 enabled: https://drive.google.com/file/d/1EHLhmM9-kXpFO7kfk3H1ydEZF3q8lID1/view?usp=sharing

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post

                146

                Online

                12.0k

                Users

                17.3k

                Topics

                155.2k

                Posts
                Copyright © 2012-2024 FOG Project