Snapins blocked and remain in "Checked in"

Joe Schmitt

@Seydoo uninstalling / installing the client requires additional steps (https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Reset_encryption_data). As for macs, if they are pending, then they do infact exist on that host (they could be tunnel interfaces, VirtualBox interfaces, or any other kind of virtual adapter),

Also be sure to check the fog.log to ensure that it is still the private key not found error, and not a new one now. Just because the client is still not authenticating doesn’t mean the underlying issue hasn’t changed.

Your original issue Private key not found is strictly a server issue. How did you copy over your installation to the new server? On fresh installs or upgrades this issue is not present, indicating its likely a permission issue from when you migrated the server, or something alike. @Tom-Elliott would be best equipped to tell you which files / permissions to check.

Seydoo

@Joe-Schmitt here are my steps

Old server : RH6.5, FOG 1.3 rc23 @IP 172.27.1.1, around 200 clients

• export Image DB

1\ install fresh OS (centos 7) @IP 172.27.1.2
2\ download fog 1.3.5 from sourceforge
3\ install FOG
4\ issues to access WEB GUI ==> uninstall php 5.x then install php7
5\ change fog user password (due to network policies) on server / web GUI / FTP (fog settings) / node admin ==> all pwd are the same (not good but my fog server is in a private VLAN)
6\ Change node storage in web GUI ==> from /images to /meti/images, snapins to /meti/snapins
7\ Create new snapins (I didn’t use the export from the old server because I had problems to deploy some snapins due to hash issues)
8\import images.csv, copy images files from old server to new server
9\ stop the old server
10\ change IP of new server ==> 172.27.1.1 (use wiki to do that)
11\ lots of host pending ==> approve them (strange pending with the MFMOA119 as explain, it’s a basic notebook with 2 virtual NIC, a wifi and an ethernet NIC==> 50 pending MAC ==> approve and then delete host, no more pending since midday)

Test deploying phase :

issue with nfs mount ==> solve with your help yesterday ==> deploy success
Test snapins deployment = issue

• my computer is the one used for snapins deployment :
  first I used ancient client ==> doesn’t work, remove it and install 0.11.11 = nothing change (privacy key …)

==> copy /opt/fog/snapins/ssl from old to new server as you told me

stil doesn’t work (fog.log is a new one i delete the old one)

My fog server is a VM, I have a snapshot of it before 1st fog install (and before php update)

You have my .fogsetting, do you need more info ?

Tom Elliott

@Seydoo From the sounds of things, you have FOG Client set to be started even though the main image is a sysprepped image?

I say this because:

There’s only a few ways for MAC’s as you’ve described to associate to a single host in the manner you’re referring to.

1. The mac’s that are registering have a common mac address that’s already “approved” with that particular host. This can happen because of Tunnel MAC’s or Virtual Host Mac addresses that would be the same on ALL hosts when imaging occurs.
2. The hostname for other hosts are identical at the time the FOG Client goes to check in. If the mac’s are not sharing a common mac, and the hostname is not different for every host, as might happen when imaging occurs, when the host goes to check in it’s passing the hostname option and associating all mac’s with that registered hostname.

As you keep saying the “Private key is not found” can you please repost a new fog.log since you’ve already “Reinstalled the client” and have “copied the original fog server’s /opt/fog/snapins folder entirely”?

Since all of this happened, have you reinstalled the FOG Server using the --recreate-Keys as @Joe-Schmitt suggested?

Seydoo

For the multipe pending MAC, no more since midday (I approve this host and then delete it)

here is a new fog.log, I reinstall fog with --recreate-keys and put all my hosts in a group to reset encryption data, then start fog Service on my computer

26/04/2017 17:24 Main Overriding exception handling
 26/04/2017 17:24 Main Bootstrapping Zazzles
 26/04/2017 17:24 Controller Initialize
 26/04/2017 17:24 Zazzles Creating main thread
 26/04/2017 17:24 Zazzles Service construction complete
 26/04/2017 17:24 Controller Start

 26/04/2017 17:24 Service Starting service
 26/04/2017 17:24 Bus Became bus server
 26/04/2017 17:24 Bus {
  "self": true,
  "channel": "Status",
  "data": "{\r\n  \"action\": \"load\"\r\n}"
}
 26/04/2017 17:24 Bus Emmiting message on channel: Status
 26/04/2017 17:24 Service Invoking early JIT compilation on needed binaries

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 26/04/2017 17:24 Client-Info Version: 0.11.11
 26/04/2017 17:24 Client-Info OS:      Windows
 26/04/2017 17:24 Middleware::Authentication Waiting for authentication timeout to pass
 26/04/2017 17:24 Middleware::Communication Download: http://172.27.1.1/fog/management/other/ssl/srvpublic.crt
 26/04/2017 17:24 Data::RSA FOG Server CA cert found
 26/04/2017 17:24 Middleware::Authentication Cert OK
 26/04/2017 17:24 Middleware::Communication POST URL: http://172.27.1.1/fog/management/index.php?sub=requestClientInfo&authorize&newService
 26/04/2017 17:24 Middleware::Response Private key not found

------------------------------------------------------------------------------
--------------------------------Authentication--------------------------------
------------------------------------------------------------------------------
 26/04/2017 17:24 Client-Info Version: 0.11.11
 26/04/2017 17:24 Client-Info OS:      Windows
 26/04/2017 17:24 Middleware::Authentication Waiting for authentication timeout to pass

Tom Elliott

@Seydoo Okay can you run:

sudo chmod -R 755 /opt/fog/snapins
sudo chown -R fog:root /opt/fog/snapins

Then look on the logs?

Seydoo

nothing change

Tom Elliott

@Seydoo Can you get output of:

ls -lharRt /opt/fog/snapins

Seydoo

@Tom-Elliott said in Snapins blocked and remain in "Checked in":

ls -lharRt /opt/fog/snapin

/opt/fog/snapins:
total 12K
drwxr-xr-x 3 fog root 4,0K 25 avril 17:53 .
drwxr-xr-x 3 fog root 4,0K 25 avril 17:53 ssl
drwxr-xr-x 5 fog root 4,0K 26 avril 17:42 ..

/opt/fog/snapins/ssl:
total 20K
drwxr-xr-x 3 fog root 4,0K 25 avril 17:53 ..
drwxr-xr-x 2 fog root 4,0K 25 avril 17:53 CA
drwxr-xr-x 3 fog root 4,0K 25 avril 17:53 .
-rwxr-xr-x 1 fog root 3,2K 26 avril 17:22 .srvprivate.key
-rwxr-xr-x 1 fog root 1,6K 26 avril 17:22 fog.csr

/opt/fog/snapins/ssl/CA:
total 20K
-rwxr-xr-x 1 fog root 1,8K 23 sept.  2016 .fogCA.pem
-rwxr-xr-x 1 fog root 3,2K 23 sept.  2016 .fogCA.key
drwxr-xr-x 2 fog root 4,0K 25 avril 17:53 .
drwxr-xr-x 3 fog root 4,0K 25 avril 17:53 ..
-rwxr-xr-x 1 fog root   17 26 avril 17:22 .srl

.srvprivate.key and fog.scr change with --recreate-keys ? because the date is not the same (today instead of 09/2016)

Tom Elliott

@Seydoo What’s defined for the SSL path in the storage node?

Seydoo

@Tom-Elliott
…
O.M.G !!!
In french I’ll say “I’m a milstone”
I completely forgot check this value (which I changed when configure my storage node)
I’m so sorry for the lost time…
Of course the path wasn’t correct, i change it with /opt/fog/snapins/ssl

Tom Elliott

@Seydoo so updating the SSL path in the storage node made things work?

Seydoo

This post is deleted!

Seydoo

Yes hostname is correct
I just have to test my snapin deployment

Ok so I have the same problem than my old server, some snapins failed to deploy due to “hash does not match”
This is a known issue for me, some snapins, I don’t know why simply doesn’t download correctly (my .exe is 1KB instead of 75203KB in server)

It seems something wrong in the settings, 3 snapins download at 1KB

BTW thanks Joe and Tom for you help, I’ll try to find out why my snapins doesn’t download correctly (all are 1ko in C:\Program Files (x86)\FOG\tmp with hash does not match in fog.log)