@george1421 said in Broken iPXE boot loader:

@Mightmar I wonder if the devs for iPXE has changed something in the ipxe source code to cause this error message about autoexec.ipxe not found. This should be supplied by the fog project add on files. I’ll take a look at the compiler to see if something has changed. You should not see this error.

Reinstalling 1.5.10 will fix the error of the latest build of iPXE. Also you mentioned about a later version of FOG. Yes you can install that over 1.5.10 without issue. It should also have updated (but not the newest version of iPXE).

This is the first post I found searching autoexec.ipxe so replying here for future searchers.

This was an addition in a recent ipxe version, and is meant to be a way to add ipxe based functionality without needing to recompile ipxe in order to edit an embedded script (https://github.com/ipxe/ipxe/discussions/1237#discussioncomment-9847219), I can’t find the post/doc again but I remember reading in one place that ipxe added it as part of the hopes of getting a signed ipxe shim so users could use the signed shim and then use this script to add what they can’t embed. While technically we can create a blank file in /tftpboot/ i.e. just

#!ipxe

which will remove the error during boot, this can then cause kernel panics when loading into FOS. Why it does this is a bit of a mystery at the moment, maybe it’s adding to or replacing another part of our pxe menu scripts that causes something in loading the kernels to lose access to ramdisk drivers. But adding it can break everything, so for the time being, just ignore the error.

@AngryITGuy First let me say I don’t use FOG for image deployment any more since I’ve moved to a different IT group, but if this situation hit my desk I would go through a similar process as below

I have more questions than answers for you. But the good thing here is FOG is imaging these systems and can deploy windows 10 to the hardware without issue. Right away we can rule out fog’s foundational support system being broken because it can deploy win10 and win11 to other hardware and win10 to this stone hardware.

When I debug something new or strange I try to build a truth table in my head of different experiments to see what works and what not works. Something like:

Deploy and boot win10 Dell laptop: Yes
Deploy and boot win11 Dell laptop: Yes
Deploy and boot win10 Stone laptop: Yes
Deploy and boot win11 Stone laptop: No (kind of)

So now to the unknown questions (and I assume these stone laptops are in uefi mode, you mentioned ‘bios’, but your boot loader is ipxe.efi.

On this stone laptops do you have pxe setup as the default boot source or is it the hard drive? This question is to see if the boot is failing if you are booting through ipxe.efi or if the firmware is having a problem finding the boot partition. If you are booting through iPXE see if changing the boot order to the hard drive solves the issue (for this test).

You will need to turn off secure boot for this next step. If you swap the hard drives between the dell and stone computer, does the stone computer boot normally repeated times? Does the dell computer reboot repeated times OK? This check is to see if the problem moves with the hard drive. The question is around if fog combined with the disk controller hardware on the stone doing something to damage the boot sector for win11 when it deploys. The dells works, can you get the stone computers working by deploying to a dell and then transplanting the hard drive to the stone?

If you deploy win10 and then upgrade to win11 on a stone laptop (verify its working 100%) and then capture and deploy to a same make and model computer. Does it boot correctly on the second computer? Can you deploy it to the same computer it was captured from and does it work? This will test if there is something wrong with your win11 image you are trying to deploy to the stone computer.

Lets see how the above goes before we plot the next test.

Just to recap

Test booting through iPXE vs firmware booting directly to hard drive Swap the hard drives between the dells and stone computers see if the problem moves Try to capture and deploy using the same hardware. First to like computer if no work, try to deploy to same computer image was captured from.

@Tom-Elliott Yes, everything is working as expected. For the longest time, FOG would always show UTC time for when an image was captured or deployed, now it is correctly showing local time and no more zombie processes! Thanks

@RAThomas I wont make you do a PR. I already pushed it if you wanted to use the the pushed code. 🙂 thanks for testing and letting us all know!

@george1421 I would need help with where I can edit and which files to add a script for quick inventory.

@Tom-Elliott Thanks, going to switch back to 1.6 very soon.

@Tom-Elliott oh, sorry, I didn’t notice this big yellow button in the General tab

48c096ca-5f09-42d1-84dc-647e5bc6e22d-image.png

And I can see the same button for the group, so I guess I can handle this. Thank you very much @Tom-Elliott ! 😄

@Tom-Elliott

Well, the errors I can see in the /var/log/apache2/other_vhosts_access.log are:

172.120.1.253:443 172.120.1.195 - - [09/Oct/2025:18:47:03 +0800] "POST /fog/service/Pre_Stage1.php HTTP/1.1" 500 3891 "-" "curl/8.14.1" 172.120.1.253:443 172.120.1.195 - - [09/Oct/2025:18:47:08 +0800] "POST /fog/service/Pre_Stage1.php HTTP/1.1" 500 3891 "-" "curl/8.14.1" 172.120.1.253:443 172.120.1.195 - - [09/Oct/2025:18:47:13 +0800] "POST /fog/service/Pre_Stage1.php HTTP/1.1" 500 3891 "-" "curl/8.14.1" 172.120.1.253:443 172.120.1.195 - - [09/Oct/2025:18:47:18 +0800] "POST /fog/service/Pre_Stage1.php HTTP/1.1" 500 3891 "-" "curl/8.14.1"

Regarding the /var/log/apache2/error.log are:

[Thu Oct 09 18:48:29.019424 2025] [proxy_fcgi:error] [pid 1662:tid 1662] [client 172.120.1.195:59922] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught ValueError: min(): Argument #1 ($value) must contain at least one element in /var/www/html/fog/lib/fog/image.class.php:396\nStack trace:\n#0 /var/www/html/fog/lib/fog/image.class.php(396): min()\n#1 /var/www/html/fog/lib/reg-task/taskqueue.class.php(112): Image->getStorageGroup()\n#2 /var/www/html/fog/service/Pre_Stage1.php(24): TaskQueue->checkIn()\n#3 {main}\n thrown in /var/www/html/fog/lib/fog/image.class.php on line 396' [Thu Oct 09 18:48:34.062774 2025] [proxy_fcgi:error] [pid 790:tid 790] [client 172.120.1.195:52762] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught ValueError: min(): Argument #1 ($value) must contain at least one element in /var/www/html/fog/lib/fog/image.class.php:396\nStack trace:\n#0 /var/www/html/fog/lib/fog/image.class.php(396): min()\n#1 /var/www/html/fog/lib/reg-task/taskqueue.class.php(112): Image->getStorageGroup()\n#2 /var/www/html/fog/service/Pre_Stage1.php(24): TaskQueue->checkIn()\n#3 {main}\n thrown in /var/www/html/fog/lib/fog/image.class.php on line 396' [Thu Oct 09 18:48:39.106621 2025] [proxy_fcgi:error] [pid 1461:tid 1461] [client 172.120.1.195:52776] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught ValueError: min(): Argument #1 ($value) must contain at least one element in /var/www/html/fog/lib/fog/image.class.php:396\nStack trace:\n#0 /var/www/html/fog/lib/fog/image.class.php(396): min()\n#1 /var/www/html/fog/lib/reg-task/taskqueue.class.php(112): Image->getStorageGroup()\n#2 /var/www/html/fog/service/Pre_Stage1.php(24): TaskQueue->checkIn()\n#3 {main}\n thrown in /var/www/html/fog/lib/fog/image.class.php on line 396'

The php version the server is running is:

# php --version PHP 8.2.29 (cli) (built: Jul 3 2025 16:16:05) (NTS) Copyright (c) The PHP Group Zend Engine v4.2.29, Copyright (c) Zend Technologies with Zend OPcache v8.2.29, Copyright (c), by Zend Technologies

@ecoele The fact that dev-branch is in 1700’s this informatino seems to indicate your’e still running the latest stable.

Once you switch to dev-branch you need to pull in the changes:

cd /your/path/to/fogproject git checkout dev-branch git pull cd bin sudo ./installfog.sh -y

Should get you installed.

You may also need to (from the browser) do a “CTRL + SHIFT + R” to do whats called a hard refresh in the browser to get all the latest/new javascript information.

@Tom-Elliott Hi, I finally made it. Here is a screenshot of the error, installing clone Linux, from 512 gb m2 ssd, to 500 gb m2 ssd. And an error is caused with the sections
5576202d-a566-4124-9c8f-378d29cac505-image.png
b64f740c-5e04-48db-b049-5630abcc1e0a-image.png

@Tom-Elliott, disregard this request.

I edited ‘addsubnetgroup.hook.php’ which simplified getting the client IP and adding the host to the respective group. I understand this also removes certain checks that were in place but for my environment it is now working as intended.

Old ‘addSubnetgroupHost’ function:

public function addSubnetgroupHost($arguments) { if (!in_array($this->node, (array)self::$pluginsinstalled)) { return; } $Host = $arguments['Host']; $mac = $Host->get('mac'); if (!isset($mac)) { return; } // Setup for tests $name = $ipn = $Host->get('name'); $ip = $Host->get('ip'); $ipr = self::resolveHostname($name); // Perform all tests. $ip1t = filter_var($ip, FILTER_VALIDATE_IP); $ip2t = filter_var($ipn, FILTER_VALIDATE_IP); $ip3t = filter_var($ipr, FILTER_VALIDATE_IP); // If resolve hostname returns a valid IP, set IP appropriately. // Otherwise, if the name is valid, use it. // Otherwise, return if base $ip is false. if (false !== $ip3t) { $ip = $ipr; } elseif (false !== $ip2t) { $ip = $ipn; } elseif (false === $ip1t) { return; } // Now list our subnet groups. Route::listem('subnetgroup'); $SNGroups = json_decode(Route::getData()); foreach ($SNGroups->subnetgroups as &$SNGroup) { if (in_array($SNGroup->groupID, $Host->get('groups'))) { $Host->removeGroup($SNGroup->groupID)->save(); } $subnetList = str_replace(' ', '', $SNGroup->subnets); $subnets = explode(',', $subnetList); foreach ($subnets as &$subnet) { if ($this->_ipCIDRCheck($ip, $subnet)) { $Host->addGroup($SNGroup->groupID)->save(); unset($subnet); continue 2; } unset($subnet); } unset($SNGroup); } }

New code:

public function addSubnetgroupHost($arguments) { if (!in_array($this->node, (array)self::$pluginsinstalled)) { return; } $Host = $arguments['Host']; $mac = $Host->get('mac'); if (!isset($mac)) { return; } // Use the real source IP from the request $ip = $_SERVER['REMOTE_ADDR']; // Now list our subnet groups. Route::listem('subnetgroup'); $SNGroups = json_decode(Route::getData()); foreach ($SNGroups->subnetgroups as &$SNGroup) { if (in_array($SNGroup->groupID, $Host->get('groups'))) { $Host->removeGroup($SNGroup->groupID)->save(); } $subnetList = str_replace(' ', '', $SNGroup->subnets); $subnets = explode(',', $subnetList); foreach ($subnets as &$subnet) { if ($this->_ipCIDRCheck($ip, $subnet)) { $Host->addGroup($SNGroup->groupID)->save(); unset($subnet); continue 2; } unset($subnet); } unset($SNGroup); } }

@rogalskij Yes, I had read it and tried, but FQDN did not solve it for me…

@mrowand The whole point of the checkAuthAndCSRF is to prevent unauthorized access. Based on the message I’m seeing, the 403 forbidden is happening because it’s crossing origin to get the data or the CSRF token isn’t passing correctly:

Here’s the code that validates:

// Optional defense-in-depth: Origin/Referer check for state-changing requests public static function checkOrigin(array $allowedOrigins): void { $method = strtoupper($_SERVER['REQUEST_METHOD'] ?? 'GET'); if (!in_array($method, ['POST','PUT','PATCH','DELETE'], true)) { return; } $origin = $_SERVER['HTTP_ORIGIN'] ?? null; $referer = $_SERVER['HTTP_REFERER'] ?? null; if ($origin) { foreach ($allowedOrigins as $allowed) { if (stripos($origin, $allowed) === 0) { return; } } http_response_code(403); echo _('Forbidden (disallowed Origin)'); exit; } elseif ($referer) { foreach ($allowedOrigins as $allowed) { if (stripos($referer, $allowed) === 0) { return; } } http_response_code(403); echo _('Forbidden (disallowed Referer)'); exit; } // If neither header is present, you can decide to be strict or lenient. // Often lenient to avoid breaking weird client setups. }

I suspect your console has more information leading to the specific error that was hit.

ultimately the code is working as expected and there’s something in your environment causing the issue. Now, to be fair, you said you installed Stable, and Dev-branch has a fix of which I admit I missed.

If you’re willing/able to install the dev-branch I suspect you’ll see this is working much better.

@ rodluz

Okay - So I got FOG working on my rocky 9.6 set up with a few caveats.

I had to do some work to get tftp and pxe to work correctly.

created a symlink from /var/lib/tftpboot > /tftpboot

enabled and started the tftp service manually - systemctl enable tftp & systemctl start tftp

then created a file in /etc/systemd/system/tftp.socket.d/override.conf (after making a director /tftp.socket.d and giving that file permissions) with the following code:

[Socket]
ListenDatagram=69

[Service]
ExecStart=
ExecStart=/usr/sbn/in.tftpf --foreground --secure /tftpboot

reloading the systemd service daemon - “systemctl daemon-reload” & “systemctl restart tftp.socket”

The server would then pxeboot at least BIOS at this point.

The Web UI currently seems to have php conflicts. I installed php-8.0.30-3 and the modules connected to this when installing the server. The web UI has a quirk on the FOG configuration page when you have a button for DefaultMember FOG Version: () it is not printing the version of FOG or the versions of bzimage or init.xz files and in checking using curl http://ip-address-of-server/fog/service/getversion.php - i ony see - 1.5.10.1698

here is a picture of the error

error.png

Yes, was able to confirm it is working. Thank you for your help!