@Tom-Elliott, disregard this request.

I edited ‘addsubnetgroup.hook.php’ which simplified getting the client IP and adding the host to the respective group. I understand this also removes certain checks that were in place but for my environment it is now working as intended.

Old ‘addSubnetgroupHost’ function:

public function addSubnetgroupHost($arguments) { if (!in_array($this->node, (array)self::$pluginsinstalled)) { return; } $Host = $arguments['Host']; $mac = $Host->get('mac'); if (!isset($mac)) { return; } // Setup for tests $name = $ipn = $Host->get('name'); $ip = $Host->get('ip'); $ipr = self::resolveHostname($name); // Perform all tests. $ip1t = filter_var($ip, FILTER_VALIDATE_IP); $ip2t = filter_var($ipn, FILTER_VALIDATE_IP); $ip3t = filter_var($ipr, FILTER_VALIDATE_IP); // If resolve hostname returns a valid IP, set IP appropriately. // Otherwise, if the name is valid, use it. // Otherwise, return if base $ip is false. if (false !== $ip3t) { $ip = $ipr; } elseif (false !== $ip2t) { $ip = $ipn; } elseif (false === $ip1t) { return; } // Now list our subnet groups. Route::listem('subnetgroup'); $SNGroups = json_decode(Route::getData()); foreach ($SNGroups->subnetgroups as &$SNGroup) { if (in_array($SNGroup->groupID, $Host->get('groups'))) { $Host->removeGroup($SNGroup->groupID)->save(); } $subnetList = str_replace(' ', '', $SNGroup->subnets); $subnets = explode(',', $subnetList); foreach ($subnets as &$subnet) { if ($this->_ipCIDRCheck($ip, $subnet)) { $Host->addGroup($SNGroup->groupID)->save(); unset($subnet); continue 2; } unset($subnet); } unset($SNGroup); } }

New code:

public function addSubnetgroupHost($arguments) { if (!in_array($this->node, (array)self::$pluginsinstalled)) { return; } $Host = $arguments['Host']; $mac = $Host->get('mac'); if (!isset($mac)) { return; } // Use the real source IP from the request $ip = $_SERVER['REMOTE_ADDR']; // Now list our subnet groups. Route::listem('subnetgroup'); $SNGroups = json_decode(Route::getData()); foreach ($SNGroups->subnetgroups as &$SNGroup) { if (in_array($SNGroup->groupID, $Host->get('groups'))) { $Host->removeGroup($SNGroup->groupID)->save(); } $subnetList = str_replace(' ', '', $SNGroup->subnets); $subnets = explode(',', $subnetList); foreach ($subnets as &$subnet) { if ($this->_ipCIDRCheck($ip, $subnet)) { $Host->addGroup($SNGroup->groupID)->save(); unset($subnet); continue 2; } unset($subnet); } unset($SNGroup); } }

@rogalskij Yes, I had read it and tried, but FQDN did not solve it for me…

@mrowand The whole point of the checkAuthAndCSRF is to prevent unauthorized access. Based on the message I’m seeing, the 403 forbidden is happening because it’s crossing origin to get the data or the CSRF token isn’t passing correctly:

Here’s the code that validates:

// Optional defense-in-depth: Origin/Referer check for state-changing requests public static function checkOrigin(array $allowedOrigins): void { $method = strtoupper($_SERVER['REQUEST_METHOD'] ?? 'GET'); if (!in_array($method, ['POST','PUT','PATCH','DELETE'], true)) { return; } $origin = $_SERVER['HTTP_ORIGIN'] ?? null; $referer = $_SERVER['HTTP_REFERER'] ?? null; if ($origin) { foreach ($allowedOrigins as $allowed) { if (stripos($origin, $allowed) === 0) { return; } } http_response_code(403); echo _('Forbidden (disallowed Origin)'); exit; } elseif ($referer) { foreach ($allowedOrigins as $allowed) { if (stripos($referer, $allowed) === 0) { return; } } http_response_code(403); echo _('Forbidden (disallowed Referer)'); exit; } // If neither header is present, you can decide to be strict or lenient. // Often lenient to avoid breaking weird client setups. }

I suspect your console has more information leading to the specific error that was hit.

ultimately the code is working as expected and there’s something in your environment causing the issue. Now, to be fair, you said you installed Stable, and Dev-branch has a fix of which I admit I missed.

If you’re willing/able to install the dev-branch I suspect you’ll see this is working much better.

@ rodluz

Okay - So I got FOG working on my rocky 9.6 set up with a few caveats.

I had to do some work to get tftp and pxe to work correctly.

created a symlink from /var/lib/tftpboot > /tftpboot

enabled and started the tftp service manually - systemctl enable tftp & systemctl start tftp

then created a file in /etc/systemd/system/tftp.socket.d/override.conf (after making a director /tftp.socket.d and giving that file permissions) with the following code:

[Socket]
ListenDatagram=69

[Service]
ExecStart=
ExecStart=/usr/sbn/in.tftpf --foreground --secure /tftpboot

reloading the systemd service daemon - “systemctl daemon-reload” & “systemctl restart tftp.socket”

The server would then pxeboot at least BIOS at this point.

The Web UI currently seems to have php conflicts. I installed php-8.0.30-3 and the modules connected to this when installing the server. The web UI has a quirk on the FOG configuration page when you have a button for DefaultMember FOG Version: () it is not printing the version of FOG or the versions of bzimage or init.xz files and in checking using curl http://ip-address-of-server/fog/service/getversion.php - i ony see - 1.5.10.1698

here is a picture of the error

error.png

Yes, was able to confirm it is working. Thank you for your help!

@boombasstic This is known and will be fixed automatically on the 15th, but please if you need to switch to the dev-branch and install it. Then you should be able to export reports.

@phant0mbot said in Dell OptiPlex 3000 Thin Client:

have tried both SAN and GRUB exit options

boot loader == snponly.efi

These are in contradiction with each other. SAN boot and Grub are bios boot methods. snponly.efi is a uefi boot loader. Since you are getting into the fog iPXE menu we can assume the hardware IS uefi based since it is booting snp.efi. Try a uefi exit mode of rEFInd (refind) to see if that will boot from the hard drive. The default value can be set globally in the fog configuration->fog settings page. Don’t force a bios attempted boot from a uefi booted computer, that never works.

Not sure if anybody has actually had a chance to look at my docker image yet. I’m throwing my hat in the ring for maintaining an official image, but I’d need some help with it.

@Tom-Elliott I figured it out.

I was getting confused by the similar language between the installation process and storage group setup.

A normal installation is just a fog storage node that has a web server and UI on it. A FOG network requires atleast one to work. However a Storage node can be set as the master of a storage group no matter the installation type.

My problem was that because the storage node in the “Bris” storage group did not have a master node setup, the default group could not replicate any images or snapins over. All storage groups must have a master for it to work effectively.

@Tom-Elliott feel free to clarify any of the above rant.

Thank you for the information. I used a bare metal machine. I started with a VM but then just used a old pc. I tried it with Fedora then Ubuntu but did not have any luck. I did not get any errors when installing with the install script.

I will take a look at the information you gave me and see if I can get anything working.

@collegestjoseph Can you try out this testing kernel and let us know if it works? https://github.com/rluzuriaga/fos/releases/tag/EXP_20250927

@Jchinn412 The answer is it depends on how you have your disk structure setup

Post the results of these two commands.

lsblk
df -h

It maybe easy or harder (but not impossible) depending on how you have the disk created.

@Fog_Newb Yep, it’s as I suspected:

The Line:

Subsystem sftp /usr/lib/openssh/sftp-server

should be changed to:

Subsystem sftp internal-sftp

Then restart ssh services: systemctl restart sshd

Then your Storage Node testing should succeed!

@george1421 I see now and you’re right as my clients are all legacy boot/BIOS boot non UEFI and would not benefit from the client-arch examination.

I’ve already declarations set for each host in my dhcpd.conf file in terms if MAC to IP and so adding another field of filename “some boot loader file” won’t be impossible.

Thanks you for this exercise as I’ve learned some very important things here.

Because I’m not affiliated with FOG in any official capacity and I’ve never actually contributed to it in any way before, I completely avoided making any actual changes to the source. I have noticed that there could be a couple of things that could make the docker implementation a little easier though, specifically around the FOG services themselves. I’m not entirely sure they are completely container friendly, but I really need more hands on this to test it out thoroughly.

Also, I used Debian 13 as the base image for this and it ends up being pretty large (2.5GB). It might be possible to shrink this with alpine-linux but I didn’t want to break a bunch of stuff and then have to spend more time chasing those bugs. Anybody that wants to work that angle, please feel free.

@Frode-Woldsund

I created an image. Give it a go and let me know

https://forums.fogproject.org/topic/18000/unofficial-docker-image-beta

@tchavei2

check out my image! Let me know if it works for you

https://forums.fogproject.org/topic/18000/unofficial-docker-image-beta

My RP address was not pointing to my FOG server 🤦

Once this was adjusted, multicast is functional. Definitely a good reminder to start small.

Hi

In fact, I really want to use those third party package because they do things very well
My snapin configuration are not tied to a specific version of a package, it’s the upstream repo who take care of that

But I have found how to install my install.bat file

Here is the solution

Snapin Name: 7zip Snapin Description: Installation de 7zip Snapin Type: Snapin Pack Template Snapin Pack Template : PowerShell x64 script Snapin Pack File: "%SYSTEMROOT%\sysnative\windowspowershell\v1.0\powershell.exe" # autofilled Snapin Pack Arguments: -ExecutionPolicy Bypass Set-Location "$env:ProgramFiles\FOG\tmp\7zip"; & ".\install.bat" Snapin File (exists): 7-Zip_25.01-1_x64.zip Snapin Enabled : x Snapin Arguments Hidden: Snapin Timeout (seconds): 0 Replicate?: x Reboot after install: Shutdown after install: Snapin Command read-only: "%SYSTEMROOT%\sysnative\windowspowershell\v1.0\powershell.exe" -ExecutionPolicy Bypass Set-Location "$env:ProgramFiles\FOG\tmp\7zip"; & ".\install.bat" # autofilled

It works like a charm

Maybe it should go in FOG documentation as an example

The third party repo I mentioned is there https://gricad-gitlab.univ-grenoble-alpes.fr/legi/soft/trokata/winsoft-main/

LEGI is a French research lab, and the repo is under MIT Licence. I am not the owner, but it’s a great work. I will explain more about that later.