GIT Update not working?

palloquin · Jan 26, 2017, 2:12 PM

Hi,

I’m trying to update my fog server to the latest version, using the guide (and video) @ https://wiki.fogproject.org/wiki/index.php?title=Upgrade_to_trunk (kudos for the clear linux noob explanations there!)

The git pull worked fine the first time, but the install never updated anything.

Below the output of a second attempt, it seems to end in “Setting up fog password…Failed!”

what could I be doing wrong?

Currently installed:
Running Version 1.3.0-RC-22
SVN Revision: 6016

[root@localhost fogproject]# git pull
Already up-to-date.
[root@localhost fogproject]# cd bin/
[root@localhost bin]# ./installfog.sh
Installing LSB_Release as needed
 * Attempting to get release information.......................Done
systemd


   +------------------------------------------+
   |     ..#######:.    ..,#,..     .::##::.  |
   |.:######          .:;####:......;#;..     |
   |...##...        ...##;,;##::::.##...      |
   |   ,#          ...##.....##:::##     ..:: |
   |   ##    .::###,,##.   . ##.::#.:######::.|
   |...##:::###::....#. ..  .#...#. #...#:::. |
   |..:####:..    ..##......##::##  ..  #     |
   |    #  .      ...##:,;##;:::#: ... ##..   |
   |   .#  .       .:;####;::::.##:::;#:..    |
   |    #                     ..:;###..       |
   |                                          |
   +------------------------------------------+
   |      Free Computer Imaging Solution      |
   +------------------------------------------+
   |  Credits: http://fogproject.org/Credits  |
   |       http://fogproject.org/Credits      |
   |       Released under GPL Version 3       |
   +------------------------------------------+


   Version: 1.3.4-RC-2 Installer/Updater


 * Found FOG Settings from previous install at: /opt/fog/.fogsettings

 * Performing upgrade using these settings


  Starting Redhat based Installation



   ######################################################################
   #     FOG now has everything it needs for this setup, but please     #
   #   understand that this script will overwrite any setting you may   #
   #   have setup for services like DHCP, apache, pxe, tftp, and NFS.   #
   ######################################################################
   # It is not recommended that you install this on a production system #
   #        as this script modifies many of your system settings.       #
   ######################################################################
   #             This script should be run by the root user.            #
   #      It will prepend the running with sudo if root is not set      #
   ######################################################################
   #           ** Notice ** FOG is difficult to setup securely          #
   #        SELinux and IPTables are usually asked to be disabled       #
   #           There have been strides in adding capabilities           #
   #          The recommendations would now be more appropriate         #
   #    to set SELinux to permissive and to disable firewall for now.   #
   #  You can find some methods to enable SELinux and maintain firewall #
   #   settings and ports. If you feel comfortable doing so please do   #
   ######################################################################
   #            Please see our wiki for more information at:            #
   ######################################################################
   #             https://wiki.fogproject.org/wiki/index.php             #
   ######################################################################

 * Here are the settings FOG will use:
 * Base Linux: Redhat
 * Detected Linux Distribution: CentOS Linux
 * Server IP Address: 172.16.1.2
 * Server Subnet Mask: 255.255.0.0
 * Interface: enp2s4
 * Installation Type: Normal Server
 * Donate: 0
 * Internationalization: 0
 * Image Storage Location: /images
 * Using FOG DHCP: No
 * DHCP will NOT be setup but you must setup your
 | current DHCP server to use FOG for PXE services.

 * On a Linux DHCP server you must set: next-server and filename

 * On a Windows DHCP server you must set options 066 and 067

 * Option 066/next-server is the IP of the FOG Server: (e.g. 172.16.1.2)
 * Option 067/filename is the bootfile: (e.g. undionly.kpxe)


 * Are you sure you wish to continue (Y/N) y

 * Installation Started

 * Installing required packages, if this fails
 | make sure you have an active internet connection.

 * Adding needed repository....................................OK
 * Preparing Package Manager...................................OK
 * Packages to be installed:

        bc curl gcc gcc-c++ gzip httpd lftp m4 make mariadb mariadb-server mod_ssl net-tools nfs-utils php php-bcmath php-cli php-common php-fpm php-gd php-ldap php-mbstring php-mcrypt php-mysqlnd php-process tar tftp-server unzip vsftpd wget xinetd


 * Skipping package: bc........................................(Already Installed)
 * Skipping package: curl......................................(Already Installed)
 * Skipping package: gcc.......................................(Already Installed)
 * Skipping package: gcc-c++...................................(Already Installed)
 * Skipping package: gzip......................................(Already Installed)
 * Skipping package: httpd.....................................(Already Installed)
 * Skipping package: lftp......................................(Already Installed)
 * Skipping package: m4........................................(Already Installed)
 * Skipping package: make......................................(Already Installed)
 * Skipping package: mariadb...................................(Already Installed)
 * Skipping package: mariadb-server............................(Already Installed)
 * Skipping package: mod_ssl...................................(Already Installed)
 * Skipping package: net-tools.................................(Already Installed)
 * Skipping package: nfs-utils.................................(Already Installed)
 * Skipping package: php.......................................(Already Installed)
 * Skipping package: php-bcmath................................(Already Installed)
 * Skipping package: php-cli...................................(Already Installed)
 * Skipping package: php-common................................(Already Installed)
 * Skipping package: php-fpm...................................(Already Installed)
 * Skipping package: php-gd....................................(Already Installed)
 * Skipping package: php-ldap..................................(Already Installed)
 * Skipping package: php-mbstring..............................(Already Installed)
 * Skipping package: php-mcrypt................................(Already Installed)
 * Skipping package: php-mysqlnd...............................(Already Installed)
 * Skipping package: php-process...............................(Already Installed)
 * Skipping package: tar.......................................(Already Installed)
 * Skipping package: tftp-server...............................(Already Installed)
 * Skipping package: unzip.....................................(Already Installed)
 * Skipping package: vsftpd....................................(Already Installed)
 * Skipping package: wget......................................(Already Installed)
 * Skipping package: xinetd....................................(Already Installed)
 * Updating packages as needed.................................OK

 * Confirming package installation

 * Checking package: bc........................................OK
 * Checking package: curl......................................OK
 * Checking package: gcc.......................................OK
 * Checking package: gcc-c++...................................OK
 * Checking package: gzip......................................OK
 * Checking package: httpd.....................................OK
 * Checking package: lftp......................................OK
 * Checking package: m4........................................OK
 * Checking package: make......................................OK
 * Checking package: mariadb...................................OK
 * Checking package: mariadb-server............................OK
 * Checking package: mod_ssl...................................OK
 * Checking package: net-tools.................................OK
 * Checking package: nfs-utils.................................OK
 * Checking package: php.......................................OK
 * Checking package: php-bcmath................................OK
 * Checking package: php-cli...................................OK
 * Checking package: php-common................................OK
 * Checking package: php-fpm...................................OK
 * Checking package: php-gd....................................OK
 * Checking package: php-ldap..................................OK
 * Checking package: php-mbstring..............................OK
 * Checking package: php-mcrypt................................OK
 * Checking package: php-mysqlnd...............................OK
 * Checking package: php-process...............................OK
 * Checking package: tar.......................................OK
 * Checking package: tftp-server...............................OK
 * Checking package: unzip.....................................OK
 * Checking package: vsftpd....................................OK
 * Checking package: wget......................................OK
 * Checking package: xinetd....................................OK

 * Configuring services

 * Setting up fog user.........................................Already setup
 * Setting up fog password.....................................Failed!
[root@localhost bin]# ```

Quazz · Jan 26, 2017, 12:54 PM

Linux distribution and version?

Can you run the output of the following command (start in the folder that you would use git pull in) and paste the results here:

tail bin/error_logs/fog_error_1.3.4(press tab here)

palloquin · Jan 26, 2017, 12:57 PM

Hey Quazz!

Results as shown:

[root@localhost fogproject]# tail bin/error_logs/fog_error_1.3.4-RC-2.log
php-mcrypt-5.6.30-1.el7.remi.x86_64
php-mysqlnd-5.6.30-1.el7.remi.x86_64
php-process-5.6.30-1.el7.remi.x86_64
tar-1.26-31.el7.x86_64
tftp-server-5.2-13.el7.x86_64
unzip-6.0-16.el7.x86_64
vsftpd-3.0.2-21.el7.x86_64
wget-1.14-13.el7.x86_64
xinetd-2.3.15-13.el7.x86_64
passwd: SELinux denying access due to security policy.

I knew just enough to check the state of SELinux:

[root@localhost fogproject]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             disabled
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              disabled
Policy deny_unknown status:     denied
Max kernel policy version:      28

Quazz · Jan 26, 2017, 7:01 AM

@palloquin So I’m guessing you’re on Centos 7.

You will have to disable Selinux for now, there is no working policy made available for it yet.

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
service iptables stop
chkconfig iptables off
yum -y update && reboot

From https://wiki.fogproject.org/wiki/index.php/Installation_on_CentOS_7

Although, since it seems you have it set to permissive currently, the following code is probably better

sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/selinux/config
service iptables stop
chkconfig iptables off
yum -y update && reboot

But I’m not 100% sure.

Tom Elliott · Jan 26, 2017, 1:01 PM

Something isn’t matching properly.

Unless you setup “permissive” SELinux AFTER trying to install the messages make no sense at all.

Wayne Workman · Jan 26, 2017, 2:12 PM

@palloquin said in GIT Update not working?:

kudos for the clear linux noob explanations there!

Thank you.

I need to spend a few weeknights remaking some of these videos so they are (more) current.

Wayne Workman · Jan 26, 2017, 8:16 AM

Having SELinux in permissive mode doesn’t block or prevent anything. The purpose of permissive mode is for SELinux to throw all the messages that it would if it were enforcing and blocking, but not actually block anything - so you can continue to run your application and tune SELinux.

palloquin · Jan 26, 2017, 2:52 PM

Hi Quazz, Tom, Wayne,

I’m just a simple boy from Windows-Country lost in the big Linux-city… all y’all be speaking linux lingo to me hoping I’ll undestand

@Quazz :

sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/selinux/config

doesn’t compute:

[root@localhost bin]# sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
sed: warning: failed to get security context of /etc/sysconfig/selinux: No data available[root@localhost bin]#

[root@localhost bin]# sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/selinux/config
sed: warning: failed to get security context of /etc/selinux/config: No data available[root@localhost bin]#

[root@localhost bin]# service iptables stop
Redirecting to /bin/systemctl stop  iptables.service
Failed to stop iptables.service: Unit iptables.service not loaded.
[root@localhost bin]# Failed to stop iptables.service: Unit iptables.service not loaded.

makes sense I guess, I tried to kill that one dead a while ago, I run in a network I trust this machine is not connected to the outside world.

Wayne Workman · Jan 26, 2017, 3:08 PM

@palloquin We still don’t know what distribution of Linux you’re running, we require this information.

palloquin · Jan 26, 2017, 3:09 PM

@Wayne-Workman
Sorry:

Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.36.3.el7.x86_64
Architecture: x86-64

palloquin · Jan 26, 2017, 9:21 AM

Solved it.

I did:

SELINUX=disabled

and then rebooted.

install worked after that, now running:

Running Version 1.3.4-RC-2
SVN Revision: 6063

What is the advised way to leave SELinux? disabled? permissive? or enforcing?

Thanks all!

Joe Schmitt · Jan 26, 2017, 3:37 PM

@palloquin selinux should be left permissive. Disabling it is strongly advised against, since it requires a bit of work to properly enable selinux once disabled.

Quazz · Jan 26, 2017, 3:38 PM

@Joe-Schmitt Pretty sure FOG doesn’t work properly in permissive mode on Centos 7 which is why it’s recommended to disabled it as per https://wiki.fogproject.org/wiki/index.php/Installation_on_CentOS_7

Joe Schmitt · Jan 26, 2017, 9:41 AM

@Quazz that is incorrect. Permissive mode will absolutely work if configured correctly.

Quazz · Jan 26, 2017, 3:40 PM

@Joe-Schmitt It was in permissive for OP and did not work, though

palloquin · Jan 26, 2017, 3:46 PM

to add to the discussion, it seem to run just fine. just updating failed.

Joe Schmitt · Jan 26, 2017, 3:50 PM

@palloquin how did you set SELinux to permissive mode? To repeat, permissive mode will absolutely work if completely set.

To expand why disabling SELinux is not advised: SELinux works by labeling files on your system. In permissive mode the labeling still takes place, but no policies are actually enforced. But when you disable SELinux that labeling system is shut off. To re-enable SELinux once disabled, it’s going to take some time. You would first have to set SELinux back into permissive mode (NEVER set back into enforced once disabled unless you know SELinux well). Once your kernel boots back into permissive mode, you would need to initiate a full filesystem relabeling which can take some time. Once that finishes you can finally safely enable SELinux.

palloquin · Jan 26, 2017, 4:13 PM

@Joe-Schmitt
Uh, I really don’t know. I suppose I followed some install instruction…

I suppose I set
SELINUX=permissive
and
setenforce=0

?

Joe Schmitt · Jan 26, 2017, 4:26 PM

@palloquin alright. I ask because the output of your sestatus command indicates some modifications of other selinux files (e.g. /sys/fs/selinux/deny_unknown and /sys/fs/selinux/mls). In general all that is needed to make SELinux permissive is to run:

setenforce 0 to set the runtime selinux enforcement policy
Edit /etc/selinux/config to read SELINUX=permissive instead of SELINUX=enforcing

But since selinux was already disabled, there’s no point in doing this now (your server setup will be fine and everything should work as normal). I do want to point out though to any @Moderators who maintain the wiki that tutorials should not instruct users to disable selinux, but instead set to permissive.

Wayne Workman · Jan 26, 2017, 5:24 PM

@Quazz said in GIT Update not working?:

@Joe-Schmitt It was in permissive for OP and did not work, though

If it was really in permissive mode and still not working, then it’s not an issue with SELinux. That older article on CentOS 7 is incorrect.

GIT Update not working?

270

12.0k

17.3k

155.1k