Problem with HTTPS upgrade
-
@Sebastian-Roth yes, the istaller did rerun without a problem. After sone tests i copied the files from the /fogproject/ folder manualy. Same result!
There were no build errors running the script.
For now i edited the default.kpxe (not sure about the right file name by now) and removed the „s“ from the https connection to try normal http. Then i found the apache rewrite rule - after changing it and removing the rewrite, it woked! Sure, there is no „security“ by now but i know that the ipxe files are good and the chainboot is working.
On monday i will to look deeper in the rewrite rules, because the boot.php could not be found. Could be a certificate error but i am not sure if the ipxe error output should be different then. Could also be a broken link, but therefor it looks right.
Not sure where is the problem by now.
-
@FritzBox360 Thinking more about this I had an idea. We had a special case with Ubuntu handling redirects differently. This was about the API but I can imagine this also causing what you see here: https://github.com/FOGProject/fogproject/issues/263
On the other hand I added a fix for that which should be in version 1.5.5 already. So maybe I am on the wrong track. Still take a look at the issue because there might be valuable information and commands like
apachectl -Sto track down the issue.Please let us know if this is something we can fix in the code.
-
@Sebastian-Roth thank you for the reply and thanks for the link. I checked it with the apachectl -S but i am running only the two fog hosts - so it is okay. There is no apache default site availibe.
But i am on a new track now:
As you can see here there should be some cmds to check for certificates e.g. certstat - if this option is set in the general.h file. So i got the idea to check if sth. is availible.
After running into the error posted here i can press “s” for the ipxe shell - now i should be able to run the ipxe cmds (i think?!) but they are not availibe e.g. certstat “not found” - so i am not sure if the compiling is right here. Maybe we are missing the https, also selectable in general.h, or/and the whole certification instances.
I am very new to this compiling topic but i am trying to get into it - maybe you can help here or you got an idea to check for enabled modules in ipxe. thx.
-
@FritzBox360 Take a look at the github repo to find our current iPXE header files we use to compile the binaries - legacy BIOS and UEFI. As far as I can see both HTTPS protocoll and
cert*commands are enabled.I might try a HTTPS enabled ubuntu install tonight to see if I can figure out what’s wrong. No promise though. Not sure if I find the time.
-
@FritzBox360 Just did a fresh clean test install Ubuntu 18.04.1 server. Installed FOG and build iPXE binaries:
cd fogproject/bin ./installfog.sh --force-https --recreate-CA --recreate-keys ... cd ../utils/FOGiPXE/ ./buildipxe.sh ...Make sure you let it run the installer at the end or copy the binaries by hand.
This was tested in a virtualbox test environment with legacy BIOS boot as vbox doesn’t support UEFI PXE boot, at least not the version I have. So UEFI could be different, though I don’t expect it to be.
-
@Sebastian-Roth thanks for your time
I did the same with the same error … Fresh installation of ubuntu with a fresh fog server. I will try it again on other hardware and another setup later this week. -
@FritzBox360 Please grep the logs (especially the compile stuff) and post here. I suppose there is something wrong with this.
Do you use git pull to get the repository or do you download the ZIP archive from github?
-
@Sebastian-Roth okay, here is what i tried:
- Freh install of ubuntu-18.04.1.0-live-server-amd64.iso in VMware. After the server is ready i did this.
sudo -i apt update apt upgrade reboot sudo -i cd /root git clone https://github.com/FOGProject/fogproject.git cd fogproject/bin ./installfog.sh -C -K -S cd .. cd utils/FOGiPXE/ ./buildipxe.shfog_error_1.5.5.log --> here
foginstall.log --> here
build.log --> hereLooks fine for me - but did not work. I will try it another setup later.
Edit: I am unable to upload my logfiles here - if i select a file for upload nothing happens - so i used pastebin, hope that is okay. Using CodeBlocks in the forum was to big.
-
@FritzBox360 Great you posted all the logs. Definitely helpful here I reckon. In the install log I see that you install FOG without DHCP. So I suppose you have a DHCP server running in your network that provides PXE boot information (aka DHCP option 66 and 67). What kind of DHCP is this? Which boot file name does it point to? And which server? Does it point to the FOG server as PXE TFTP server or a different machine?
The install and build logs seem all fine.
-
@Sebastian-Roth thank you for pointing me at the DHCP! I found the problem! All files are fine, but our company DHCP was not! After trying it in a seperated VMware Network it worked like a charm! So all the effort was in vain - i am sorry
We have an old fog running 1.4.4 in our DHCP config for managing the PXE Menu because we are running multiple (i)PXE Services in one subnet. I created a new boot menu item to forward the pxe boot to the new fog server.
like this:
iseq ${net0/mac} a0:36:9f:bd:XX:XX && goto testing || :testing set pxeserver:ipv4 FOG-IP set next-server ${pxeserver} chain tftp://FOG-IP/default.ipxe exitGot it from here in 2017: https://forums.fogproject.org/topic/9648/add-a-second-pxe-boot-option
Worked fine, until now … And by now, i understand why no certification cmds were availibe because it got stuck in the old fog enviroment. Need sth. to reload the enviroment i think. I will take a look into it to find a way. Maybe i will open a new topic here!
Thank you @Sebastian-Roth for taking the time! Your scrips are fine - it was my fault …