Force SSL failure

sbenson

I was looking to force SSL and found that you can run the install with a -S. I attempted this and had an error restarting apache

* Setting up SSL FOG Server...................................OK
* Restarting Apache2 for fog vhost............................Failed!

Upon looking into the problem I found that line 9 of the apache conf for fog had a syntax error

Sep 20 14:39:38 Fog-Dev apache2[18425]: AH00526: Syntax error on line 9 of /etc/apache2/sites-enabled/001-fog.conf:
Sep 20 14:39:38 Fog-Dev apache2[18425]: Invalid command '-e<VirtualHost', perhaps misspelled or defined by a module not included in th

Looking into the config file I found this trainwreck.

-e<VirtualHost *:443>\n\tKeepAlive Off\n\tServername 192.168.76.169\n\tDocumentRoot /var/www/html/\n\tSSLEngine On\n\tSSLProtocol all -SSLv3 -SSLv2\n\tSSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA\n\tSSLHonorCipherOrder on\n\tSSLCertificateFile /var/www/html/fog//management/other/ssl/srvpublic.crt\n\tSSLCertificateKeyFile /opt/fog/snapins/ssl//.srvprivate.key\n\tSSLCertificateChainFile /var/www/html/fog//management/other/ca.cert.der\n</VirtualHost>

I can manually fix this(I think), but the install script should have this fixed.
EDIT1:
Update functions.sh. It’s missing a space.

sed -i 's/-e"/-e "/' trunk/lib/common/functions.sh

EDIT2:
After the update to functions.sh it successfully starts apache, but now has and error backing up the database.

* Resetting SSL Permissions...................................OK
* Setting up SSL FOG Server...................................OK
* Restarting Apache2 for fog vhost............................OK
* Changing permissions on apache log files....................OK
* Backing up database.........................................Failed!

Wayne Workman

what version of FOG? Tom may have already fixed this.

Run the installer as snmysqlhost='127.0.0.1' ./installfog.sh -y and see if that works. If so, edit the /opt/fog/.fogsettings file and modify snmysqlhost=

sbenson

define('FOG_VERSION', '1.3.0-RC-10');
        define('FOG_SCHEMA', 234);
        define('FOG_BCACHE_VER', 100);
-        define('FOG_SVN_REVISION', 5954);
+        define('FOG_SVN_REVISION', 5955);
        define('FOG_CLIENT_VERSION', '0.11.5');

sbenson

@Wayne-Workman

Turning on debugging and I found this

* Backing up database.........................................+ return 0
+ [[ -d /home//fog_web_1.3.0-RC-10.BACKUP ]]
+ [[ ! -d /home//fogDBbackups ]]
++ date +%Y%m%d_%I%M%S
+ wget --no-check-certificate -O /home//fogDBbackups/fog_sql_1.3.0-RC-10_20160920_031708.sql http://192.168.76.169//fog//maintenance/backup_db.php '--post-data=type=sql&fogajaxonly=1'
+ errorStat 4
+ local status=4
+ [[ 4 != 0 ]]
+ echo 'Failed!'
Failed!
+ [[ -z '' ]]
+ exit 1

http://192.168.76.169/fog/status/bandwidth.php?type=sql&fogajaxonly=1 is unable to connect
where
http://127.0.0.1/fog/status/bandwidth.php?type=sql&fogajaxonly=1 does work, but provides back

{"dev":"Unknown","rx":0,"tx":0}

EDIT: This is my fault. I am in a devel environment and I am swapping cables as to not mess up the current DHCP server(overlapping ranges, etc). It looks like my IP has changed. The database issue is on my end

sbenson

Ok, so there MIGHT be another issue with SSL and upgrading. I am running the upgrade and it says to go to http://192.168.76.10/fog/management to complete the schema upgrade.

upon doing so I get a “this connection is not secure”. I add the cert and it takes me to the standard dashboard. nothing that updates the schema. I am not sure if the update only shows up when there are actually changes that need to be made or not.

Edit: But it looks like my old IP is still listed inside the database.

Wayne Workman

@sbenson if you just run ./installfog.sh it always tells you to go to the web interface. The db’s schema doesn’t change with every update. If you would rather skip that, you can simply run the installer as ./installfog.sh -y

Tom Elliott

The failed to backup could be any number of things, but it’s most likely the problem of the db not already existing. I don’t know for sure though.

That said, I did fix the -e issue, thank you.

sbenson

@Tom-Elliott the backup was my fault. To gain access to the internet I have to swap cables. When I did the “real” dhcp server gave that server a different ip. The database had the old info.