• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Problem with HTTPS upgrade

Scheduled Pinned Locked Moved Solved
FOG Problems
7
86
19.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    Tom Elliott @sbenson
    last edited by Aug 15, 2017, 9:24 PM

    @sbenson if you would like, please.

    Though I’m going to imagine the pull failed to switch.

    Try:

    git reset --hard
    git checkout working
    git pull
    /root/buildIpxe TRUST=/var/www/fog/management/other/ca.cert.pem
    cd bin
    ./installfog.sh -y
    

    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

    S 1 Reply Last reply Aug 15, 2017, 9:25 PM Reply Quote 0
    • S
      sbenson @Tom Elliott
      last edited by sbenson Aug 15, 2017, 3:38 PM Aug 15, 2017, 9:25 PM

      @tom-elliott the whole problem is the -S, so i am guessing you want a -S in there too?

      EDIT: Did not work still, and is listed as http:// not https:// so default.ipxe didn’t get changed
      EDIT2: Hardcoded https in /tftpboot/default.ipxe. now it booting says https but still file not found

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by Aug 15, 2017, 10:21 PM

        @sbenson Open https://10.63.76.44/fog/service/ipxe/boot.php in your browser again and see if there are still http:// URLs or https:// now! Post the full output here if you would like us to have a look as well.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        S 1 Reply Last reply Aug 15, 2017, 10:22 PM Reply Quote 0
        • S
          sbenson @Sebastian Roth
          last edited by Aug 15, 2017, 10:22 PM

          @sebastian-roth it’s all https now

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by Aug 16, 2017, 5:50 AM

            @sbenson Please post the output and a picture of the error on screen as well. I am pretty sure there is something that we all overlook but might notice when we see listing and picture of the error.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            S 1 Reply Last reply Aug 16, 2017, 4:45 PM Reply Quote 0
            • S
              sbenson @Sebastian Roth
              last edited by Aug 16, 2017, 4:45 PM

              @sebastian-roth
              https://youtu.be/Cw7VgV4s3j8

              1 Reply Last reply Reply Quote 0
              • B
                bmcalister
                last edited by bmcalister Aug 17, 2017, 10:13 AM Aug 17, 2017, 4:06 PM

                @sbenson
                I just went through this exact process to get HTTPS working for my fog deployment. One of the more helpful things, especially for where you are at right now, was to enable debugging on the ipxe build as the file not found error was due to a couple of other issues related to the certificate. Additionally, although it shouldn’t have been necessary, building the CA certificate into the ipxe build solved another issue I had with it. To do the above, using Tom’s script, you would pass CERT and DEBUG to it like so (I used my own CA cert and not the FOG one, so the paths were different for me, but should be correct for you. Additionally, tls is likely the only debug option that you might need, but just in case I included the others):

                /root/buildIPXE CERT=/var/www/fog/management/other/ca.cert.pem TRUST=/var/www/fog/management/other/ca.cert.pem DEBUG=tls,x509,certstore
                

                Once built, you’ll of course need to reinstall FOG with the new build. When the client boots, it should give you much more insight into what is happening and why it is reporting the file cannot be found (assuming building in the cert doesn’t solve the issue you’re having). Once it booted, I ran into an issue with the check-in script not understanding the HTTPS redirect, but this is resolved in the working version now (I’m personally on the current release version, with some custom changes that are already in the working version).

                Hope it helps.

                EDIT: Oh, should probably also point out that if you do try this and eventually get it working, removing the debugging after would be a good idea so your systems don’t spew out debug text on boot.

                T S 2 Replies Last reply Aug 17, 2017, 4:41 PM Reply Quote 1
                • T
                  Tom Elliott @bmcalister
                  last edited by Aug 17, 2017, 4:41 PM

                  @bmcalister Thank you, I’m not familiar with the process to build in certificates to this helps me out just as much as the community as a whole. I didn’t even know there was a CERT argument that could be passed in.

                  @sbenson Hopefully this helps you too and sorry I didn’t know about this sooner.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  S 1 Reply Last reply Aug 17, 2017, 4:54 PM Reply Quote 0
                  • S
                    sbenson @bmcalister
                    last edited by Aug 17, 2017, 4:51 PM

                    @bmcalister Well guess what, it’s working now. Something in the

                    /root/buildIPXE CERT=/var/www/fog/management/other/ca.cert.pem TRUST=/var/www/fog/management/other/ca.cert.pem DEBUG=tls,x509,certstore
                    

                    fixed it. So, turning debugging off might not work. Deploying an image now to see if that works, which seems to be working.

                    1 Reply Last reply Reply Quote 0
                    • S
                      sbenson @Tom Elliott
                      last edited by Aug 17, 2017, 4:54 PM

                      @tom-elliott said in Problem with HTTPS upgrade:

                      CERT argument

                      Oh I am so over this issue i am blindly copying and pasting commands that look correct at first glance. I totally missed the CERT= argument

                      1 Reply Last reply Reply Quote 0
                      • S
                        sbenson
                        last edited by Aug 17, 2017, 4:55 PM

                        Here’s something else I have found now. Deploying an image is going at 127MB/min, where previously it was going at 8GB/min

                        T 1 Reply Last reply Aug 17, 2017, 5:06 PM Reply Quote 0
                        • T
                          Tom Elliott @sbenson
                          last edited by Aug 17, 2017, 5:06 PM

                          @sbenson Maybe a fluke? Mind restarting the fog server see if it helps out a little?

                          I doubt there’s anything else causing it as the init’s have nothing to do with the network boot process (after iPXE releases the init’s and kernels) which hasn’t changed beyond the change to actually follow the redirects back to the fog server in https mode as required.

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          S 1 Reply Last reply Aug 17, 2017, 5:17 PM Reply Quote 0
                          • S
                            sbenson @Tom Elliott
                            last edited by Aug 17, 2017, 5:17 PM

                            @tom-elliott I will reboot it(its a VM), but I also attempted to register a host and it didn’t work 3 times.
                            http://www.youtube.com/watch?v=sCV7x1zKBwE

                            T 1 Reply Last reply Aug 17, 2017, 5:19 PM Reply Quote 0
                            • T
                              Tom Elliott @sbenson
                              last edited by Aug 17, 2017, 5:19 PM

                              @sbenson No Viable mac’s to use… hmmmm. I’ll take a quick look for that.

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              1 Reply Last reply Reply Quote 0
                              • T
                                Tom Elliott
                                last edited by Aug 17, 2017, 5:22 PM

                                So the No Viable mac’s to use comes from the host page when it’s attempting to add the primary mac to the host. I know this portion works as I have deregistered and registered multiple hosts even in the latest working tree. Do you have MAC Filters setup that maybe this machine’s mac address is being filtered out before it gets a chance to use it?

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                S 1 Reply Last reply Aug 17, 2017, 5:28 PM Reply Quote 0
                                • S
                                  sbenson @Tom Elliott
                                  last edited by Aug 17, 2017, 5:28 PM

                                  @tom-elliott No, no mac filters setup, this is a new laptop that I have been testing only with fog. I just rebooted the server, and now its going at ~1GB/min

                                  T 1 Reply Last reply Aug 17, 2017, 5:33 PM Reply Quote 0
                                  • T
                                    Tom Elliott @sbenson
                                    last edited by Aug 17, 2017, 5:33 PM

                                    @sbenson Maybe patch cable is iffy? There’s really loads of variables that can cause speed issues and nothing has been changed in regards to partclone with the exception of hfsplus to patch a 32 bit integer overflow potential. So if it’s going so slow I would say start by checking the network cable, switch it’s connected to, etc…

                                    I don’t know anything else on the server beyond image replication, but that only occurs if you have multiple storage nodes (which I’m just guessing you don’t at this point).

                                    The no suitable mac’s issue might be due to the https switchover, though everything else appears to be working as expected. I know the mac address is “usable” so I’ll see what I can do to try to replicate it.

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                    S 2 Replies Last reply Aug 17, 2017, 5:35 PM Reply Quote 0
                                    • S
                                      sbenson @Tom Elliott
                                      last edited by Aug 17, 2017, 5:35 PM

                                      @tom-elliott I’ll swap it out for another, it was working fine the last time I imaged a machine. I’ll let you know

                                      S 1 Reply Last reply Aug 17, 2017, 9:52 PM Reply Quote 0
                                      • S
                                        sbenson @sbenson
                                        last edited by sbenson Aug 17, 2017, 6:19 PM Aug 17, 2017, 9:52 PM

                                        @sbenson Nope still slow

                                        EDIT: New patch, 3 different ports. Could it be because the content wasn’t actually over https previously… Registering still doesn’t work. Though I am still working off of the “Working” trunk. I will try 1.5.0 RC8 tomorrow with the debugging turned off.

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          sbenson
                                          last edited by Aug 18, 2017, 4:03 PM

                                          Updates, the fix for enabling https works

                                          ./buildIpxe CERT=/var/www/fog/management/other/ca.cert.pem TRUST=/var/www/fog/management/other/ca.cert.pem DEBUG=tls,x509,certstore
                                          

                                          Let me just give you a rundown of everything that happened.
                                          Yesterday
                                          Fog 1.5.0 RC7 With SSL with ipxe built with CERT and DEBUG
                                          Image deploy: 1GB/min(Slow)
                                          Host registration fails

                                          This morning
                                          Fog 1.5.0 RC8 without SSL with ipxe built with CERT
                                          Host registration succeded(PC-45)
                                          Image deploy: 8.25GB/min

                                          Fog 1.5.0 RC8 With SSL with ipxe built with CERT
                                          registration detection fails(doesn’t see that it is PC-45)
                                          Host registration fails
                                          attempting to deploy and it takes the username/pass and just drops me back to fog

                                          If you want any more information I can test this all

                                          1 Reply Last reply Reply Quote 0
                                          • 1
                                          • 2
                                          • 3
                                          • 4
                                          • 5
                                          • 3 / 5
                                          3 / 5
                                          • First post
                                            59/86
                                            Last post

                                          152

                                          Online

                                          12.0k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project