...boot.php... Permission denied
-
Fog stopped working.
After the weekend, our FOG-Server is not working properly anymore.
While attempting to boot over PXE, we get the following error.
On thursday everything was working as intended.
This Problem is still occuring after a complete reinstall of the server.OS: Ubuntu server 18.04 LTS
FOG-Version: 1.5.7 -
Can you get to the web ui with a browser?
If you look in the apache error log file what does it tell you? /var/log/apache2 there should be an access and error log in there.
I noticed that you are doing https, did something change in that area like a certificate expiring?
-
@george1421 ,
I can access the web UI without any problems.
I can also access the boot.php in my browser.In the apache logs there is nothing appearing.
The certificates we use are valid till august.
-
@Malte-Will URLs are https://. Did you manually enable this or install with
--force-https
option? -
@Malte-Will You can access the web ui using https?
If ipxe was not recompiled with the certificate so that I understands https you might get that error message too.
-
@Malte-Will said in .../boot.php... Permission denied:
After the weekend, our FOG-Server is not working properly anymore.
Certificate not valid anymore? But that would mean you’ve installed your FOG server many years ago.
-
@Sebastian-Roth,
I eneabled https on installation with the -S (–force-https) option.
I build ipxe with the correct certificate. -
@george1421,
We use our own certificates and I compiled the ipxe with the correct CA certificate. -
@Malte-Will So you are able to connect to https://<fog_server_ip>/fog/service/ipxe/boot.php just fine AND by inspecting the certificate it is the correct certificate to what you expected? This sure does appear like a certificate mismatch between ipxe and the apache web server.
-
@george1421 I just rebuild the ipxe files with the correct CA-certificate, just to check if I messed up and I am still getting the error. I don’t think it is a mismatch. It worked before with the exact same certificates.
Yes I am able to connect to https://<fog_server_ip>/fog/service/ipxe/boot.php just fine. It also shows the correct certificate.
-
@Malte-Will I don’t know of a way off the top of my head to confirm the certificate identity in ipxe vs what the web server has. I wonder for grins if you edit /tftpboot/default.ipxe and for a test remove the s from https and then save it. Then pxe boot. I’m interested if you get the same permission denied message.
-
@george1421 I first tried to set the SSLCertificateChainFile in the apache site config to the original cert and then back to the one we use, after restarting apache I now get the following error code while booting with pxe: 0x432fe698
I think my system is cursed. -
@Malte-Will said:
I first tried to set the SSLCertificateChainFile in the apache site config …
Good you mention this. Take a look at my comment here: https://github.com/FOGProject/fogproject/pull/354#discussion_r359494768 - seems like we still have this issue in the code. While I am not sure if this is causing the iPXE issue it definitely should be changed! Please try
SSLCACertificateFile
(instead ofSSLCertificateChainFile
) andca.cert.pem
(instead ofca.cert.der
).If not then we need to start taking a closer look at the certificates you are actually using.
After the weekend, our FOG-Server is not working properly anymore.
I am still wondering why it worked before? What changed? Did you do Linux system updates? Changed a config? Re-ran the FOG installer?
-
@Malte-Will bump
-
@Malte-Will When doing some testing myself yesterday I figured what’s wrong with this. Should have done this earlier but there was so much else on the list.
Take a look at this change: https://github.com/FOGProject/fogproject/commit/e424b0417fc56dba2d7ba34665817e0f7b0f857c
For some yet unknown reason the build parameters need to be in different order to make this work. I find it very strange because we had a similar thing with the build parameter (ref) and I am fairly sure I did test this when pushing the change in Jun 2019. My assumption is a change in the make files were causing this again. Hope this is fixed now and shouldn’t come back.
-
I have just upgraded my fog server to 1.5.9-RC1.4 not sure if this issue is still present. I am receiving the following error message when trying to pxe boot.
https://“InternalIPAddress”/fog/service/ipxe/boot.php… Permission denied (http://ipxe.org/0216eb8f)
Could not boot: Permission denied (http://ipxe.org/0216eb8f)Cheers
Jason
-
@jasonm Please try this:
sudo -i touch /opt/fog/snapins/ssl/CA/.fogCA.pem cd /path/to/fogproject/bin ./installfog.sh
Please let us know if the issue can be solved this way. I will need to fix that in the installer.
-
@Sebastian-Roth I had the same symptoms that @jasonm had. I tried the resolution you put on May 6, 2020 and that worked to resolve my permission denied issue.
-
@Chris-Shipley Thanks for bringing this topic back up again as I had lost track of this.
Just pushed a commit to take care of this.
-
@Sebastian-Roth excellent, thanks!