Problem with HTTPS upgrade
-
Server
- FOG Version: 1.5.0-RC-4
- OS: Ubuntu 16.04
Description
Getting an error saying
http://10.x.x.x/fog/service/ipxe/boot.php...No such file or directory.I have SSL enabled on fog so it should be contacting https://. I am not sure if the ipxe boot agent honors HTTP 302 responses. Is this something that should be hard coded in the boot image since it comes from an https installation?
I have confirmed that the file does exist in https, and http provides a 302.
-
@sbenson According to the below thread, ipxe does not follow redirects, so you just need to edit /tftpboot/default.ipxe to use https instead of http
https://forums.fogproject.org/topic/10384/installfog-sh-force-https-and-ipxe -
@wayne-workman
I actually already tried this. Still doesn’t workEDIT: well tried the default.ipxe file. I am not sure where to try the
make bin-x86_64-efi/ipxe.efi EMBED=ipxescript TRUST=/var/www/fog//management/other/ssl/srvpublic.crt -
@sbenson This command is used to compile an iPXE binary from the source code and add the SSL certificate to it. Instructions on how to do this you can find in the wiki. Those instructions are for legary (undionly.kpxe) as well as for 32 bit UEFI and 64 bit UEFI. make sure you compile and put the correct ones into your /tftpboot directory. Possibly you want to compile all three if you have all those different clients. Let us know if you need help. Please post exact command and steps you tried and the error message you see. Then we will surely be able to help.
-
@sebastian-roth Ok, this was working on 1.3.0 rc like 15 or something. Upgrading to 1.5.0-rc4 seemes to have broken this.
-
@sbenson Then it’s something in ipxe code that changed this, which is well outside my own scope.
-
@tom-elliott Any suggestion on how to get it working. I did notice in the error logs i found this on each attempted boot
==> syslog <== Aug 7 11:37:25 SRO-FOG-01 in.tftpd[24901]: tftp: client does not accept options -
@sbenson said in Problem with HTTPS upgrade:
@sebastian-roth Ok, this was working on 1.3.0 rc like 15 or something. Upgrading to 1.5.0-rc4 seemes to have broken this.
What exactly do you mean by “broken”?? Please post a picture of the error you see!
The
tftpdmessage you see in syslog is just kind of a warning. Nothing serious and definitely not causing the problem. -
Configuring (net0 MA:CA:DD:RE:SS:00)..... ok Received DHCP answer on interface net0 tftp://10.64.76.44/default.ipxe... ok https://10.63.76.44/fog/service/ipxe/boot.php... No such file or directory (http://ipxe.org/2d0c613b) Could not boot: No such file or directory (http://ipxe.org/2d0c613b) -
@sbenson said in Problem with HTTPS upgrade:
And if you goto the link as is directly in the browser?
-
@sbenson What I’m seeing off the bat:
tftp://10.64.76.44/default.ipxe… ok
VS default.ipxe forwarding to:
https://10.63.76.44/fog/service/ipxe/boot.php(10.64.76.44 vs. 10.63.76.44)
-
@sbenson Please check the content of your
/tftpboot/default.ipxefile. Did you happen by chance make a type-o when you installed fog or changed it IP address after you installed FOG? If so there are steps you need to take to get all of the bits back in alignment. -
@tom-elliott said in Problem with HTTPS upgrade:
@sbenson said in Problem with HTTPS upgrade:
https://10.63.76.44/fog/service/ipxe/boot.php
And if you goto the link as is directly in the browser?
#!ipxe set fog-ip 10.63.76.44 set fog-webroot fog set boot-url http://${fog-ip}/${fog-webroot} cpuid --ext 29 && set arch x86_64 || set arch i386 goto get_console :console_set colour --rgb 0x00567a 1 || colour --rgb 0x00567a 2 || colour --rgb 0x00567a 4 || cpair --foreground 7 --background 2 2 || goto MENU :alt_console cpair --background 0 1 || cpair --background 1 2 || goto MENU :get_console console --picture http://10.63.76.44/fog/service/ipxe/lbs-fog-bg.png --left 100 --right 80 && goto console_set || goto alt_console :MENU menu colour --rgb 0xff0000 0 || cpair --foreground 1 1 || cpair --foreground 0 3 || cpair --foreground 4 4 || item --gap Host is NOT registered! item --gap -- ------------------------------------- item fog.local Boot from hard disk item fog.memtest Run Memtest86+ item fog.reginput Perform Full Host Registration and Inventory item fog.reg Quick Registration and Inventory item fog.deployimage Deploy Image item fog.multijoin Join Multicast Session item fog.sysinfo Client System Information (Compatibility) choose --default fog.local --timeout 10000 target && goto ${target} :fog.local sanboot --no-describe --drive 0x80 || goto MENU :fog.memtest kernel memdisk initrd=memtest.bin iso raw initrd memtest.bin boot || goto MENU :fog.reginput kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=10.63.76.44/fog/ consoleblank=0 rootfstype=ext4 storage=10.63.76.44:/images/ storageip=10.63.76.44 loglevel=4 mode=manreg imgfetch init_32.xz boot || goto MENU :fog.reg kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=10.63.76.44/fog/ consoleblank=0 rootfstype=ext4 storage=10.63.76.44:/images/ storageip=10.63.76.44 loglevel=4 mode=autoreg imgfetch init_32.xz boot || goto MENU :fog.deployimage login params param mac0 ${net0/mac} param arch ${arch} param username ${username} param password ${password} param qihost 1 isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme param sysuuid ${uuid} :fog.multijoin login params param mac0 ${net0/mac} param arch ${arch} param username ${username} param password ${password} param sessionJoin 1 isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme param sysuuid ${uuid} :fog.sysinfo kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=10.63.76.44/fog/ consoleblank=0 rootfstype=ext4 storage=10.63.76.44:/images/ storageip=10.63.76.44 loglevel=4 mode=sysinfo imgfetch init_32.xz boot || goto MENU :bootme chain -ar http://10.63.76.44/fog/service/ipxe/boot.php##params || goto MENU autoboot -
@tom-elliott said in Problem with HTTPS upgrade:
(10.64.76.44 vs. 10.63.76.44)
This was a typo when I transposed the ipxe screen to here. Posting images wasnt working for me
-
@george1421 said in Problem with HTTPS upgrade:
@sbenson Please check the content of your /tftpboot/default.ipxe file. Did you happen by chance make a type-o when you installed fog or changed it IP address after you installed FOG? If so there are steps you need to take to get all of the bits back in alignment.
Typo when putting the info in this ticket. the IP of the server is 10.63.76.44
#!ipxe cpuid --ext 29 && set arch x86_64 || set arch i386 params param mac0 ${net0/mac} param arch ${arch} param platform ${platform} param product ${product} param manufacturer ${product} param ipxever ${version} param filename ${filename} param sysuuid ${uuid} isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme :bootme chain https://10.63.76.44/fog/service/ipxe/boot.php##params -
@sbenson
Can you please read this:You’ll likely need to build the file with the CA file itself, typically located in ca.cert.der (
/var/www/fog/management/other/ca.cert.der) -
@sbenson Well, compare the URLs again. The one xou opened in your browser is HTTPS and the other one called by ipxe is HTTP…
-
@sebastian-roth said in Problem with HTTPS upgrade:
@sbenson Well, compare the URLs again. The one xou opened in your browser is HTTPS and the other one called by ipxe is HTTP…
I updated the default.ipxe to use https. as seen in the previous post.
-
@sbenson So is this solved then?
-
@sebastian-roth No, now the ipxe boot screen says https, and still doesn’t work. I have not re-created the SSL cert as Tom said.