Password and time out to aply deploy image task
-
Hi All. I would like to ask you if there is a way to add password feature and time out feature when you make a deploy of an image to a host, just to avoid the automatic image process when reboot the computer. I am working to implement this awesome tool into my enterprise but I need to satisfy my IT manager with this option. Just in case that by error, deploy an accidentally image to a server with PXE boot selected.
Thanks in advance and I need to wait for this answer to implement this tool and make my work flawless.
Regards.
Leandro@5ca -
I don’t see a way in Fog 0.32 to do this without modifying the code, which you are welcome to do.
Really, the idea behind fog being a centrally-managed, password-protected imaging system is so that technicians and administrators are the only ones that image computers, and they have to purposefully select the machine and choose to image it. It’s not an “oops, I hit a key and now my computer is wiped out” kind of system.
You can password protect most if not all of the options in the pxe boot menu so the users can’t run the items without a password.
If you are trying to protect the Head Honcho’s computer from being mistakenly imaged by a rogue or incompetent admin or technician, then you are looking for a technical solution to a personnel problem, and that never turns out well.
-
Hello, I’ve found a way to stop the script and introduce some imputs. If you follow the steps in this link: [url]http://www.fogproject.org/wiki/index.php?title=Modifying_the_Init_Image[/url]
Then I’ve found that the first script is called fog. into [COLOR=#000000]initmountdir/bin/fog[/COLOR]
[COLOR=#000000]then in the script I added the next script part copied from fog.quickinfo and modifyed[/COLOR][CODE]displayBanner;
read -p “press any key to continue” -n1 -s
ret=“”;
retry=“3”;
while [ “$ret” == “” ] && [ “$retry” != “0” ]; do
echo “”;
echo " Enter a valid FOG username and password.";
echo “”;
echo -n " Username: ";
read username;
echo “”;
echo -n " Password: ";
stty -echo
read password;
stty echo;
echo “”;
echo “”;user64=`echo -e $username | tr -d '\012' | base64`; pass64=`echo -e $password | tr -d '\012' | base64`; tmp=`wget -O - --post-data="&username=$user64&password=$pass64" "http://${web}service/xauth.php 2>/dev/null`
tmp=
wget -O - --post-data="mac=${mac}&username=$user64&password=$pass64" "http://${web}service/hostlookupbymac.php" 2>/dev/null
if [ "$tmp" == "#!ok" ]; then ret="1"; echo " * Image will continue. ";
elif [ “$tmp” == “#!ip” ]; then
ret=“”;
echo " * Error: problem with image package!";
elif [ “$tmp” == “#!ih” ]; then
ret=“”;
echo " * Error: Invalid host id!";
elif [ "$tmp" == "#!il" ]; then ret=""; echo " * Error: Invalid Login! ($retry remaining)"; else echo $tmp; fi
retry=$(( $retry - 1 ));
done
setupDNS ${dns}[/CODE]
[COLOR=#000000][/COLOR]
Also I’ve created a xauth.php to download like
[CODE]http://${web}service/hostlookupbymac.php[/CODE]
With this code
[CODE]<?php
@error_reporting(0);
require_once( “…/commons/config.php” );
require_once( “…/commons/functions.include.php” );
require_once( “…/management/lib/ImageMember.class.php” );$conn = @mysql_connect( MYSQL_HOST, MYSQL_USERNAME, MYSQL_PASSWORD);
if ( $conn )
{
$u = mysql_real_escape_string(base64_decode(trim($_POST[“username”])));
$p = mysql_real_escape_string(base64_decode(trim($_POST[“password”])));
}
?>[/CODE]I arrive to the part when the boot img, If an image is in queue, the script stop and wait for an input. then ask for a username and password. After that, shows a wget line with the file downloaded but ask again for a username and password. My question is: How can I do for link my input username and password to validate with an existing FOG username and password?
When I finish this, will upload the procedure to our wiki. Thank you[url=“/_imported_xf_attachments/0/218_sample.jpg?:”]sample.jpg[/url]
-
You are missing the part of the script that actually queries the database to see if the username and password are a valid match. Look in to the hostlookupbymac.php file and see line 43 to 58.
-
Hello, thanks to your post I figured out how to authenticate with the server. Now i have another problem, the script modified is this:
[CODE]displayBanner;
ret=“”;
retry=“3”;
echo “Please enter a key to continue the task”
read -t 5 input
if [[ $? -ne 0 ]]
then
echo “User did not enter any input”
[B]>>>>Here should do something<<<<[/B]
else
echo “User did input as $input”
firetry=$(( $retry - 1 ));
ret=“”;
retry=“3”;
while [ “$ret” == “” ] && [ “$retry” != “0” ]; do
echo “”;
echo " Enter a valid FOG username and password.";
echo “”;
echo -n " Username: ";
read username;
echo “”;
echo -n " Password: ";
stty -echo
read password;
stty echo;
echo “”;
echo “”;user64=`echo -e $username | tr -d '\012' | base64`; pass64=`echo -e $password | tr -d '\012' | base64`; tmp=`wget -O - --post-data="&username=$user64&password=$pass64" "http://${web}service/xauth.php 2>/dev/null`
tmp=
wget -O - --post-data="mac=${mac}&username=$user64&password=$pass64" "http://${web}service/hostlookupbymac.php" 2>/dev/null
if [ "$tmp" == "#!ok" ]; then ret="1"; echo " * Image will continue. ";
elif [ “$tmp” == “#!ip” ]; then
ret=“”;
echo " * Error: problem with image package!";
elif [ “$tmp” == “#!ih” ]; then
ret=“”;
echo " * Error: Invalid host id!";
elif [ "$tmp" == "#!il" ]; then ret=""; echo " * Error: Invalid Login! ($retry remaining)"; else [B]>>>>Here should do something, same action that before<<<<[/B]; fi retry=$(( $retry - 1 ));
done[/CODE]
With this new script, fog file script into /tftpboot/fog/images/initmountdir/bin/ ask for an input, here I have 2 ways. first if there are no input then the script [U]should[/U] [B]stop this script, ask for reboot[/B] or [B]boot from hard disk, but this does nothing.[/B] Then the second option ask for an username and password. If your input is correct, the script continue his work, but if is not, again [U]should[/U] [B]stop this script, ask for reboot[/B] or [B]boot from hard disk, and again does nothing, [/B]and keep with the script course.
Is there a way to make this happen? I passed all night in google trying to find a way to call a boot from hard disk, stop the script course, reboot computer or jump to pxe menu. All of your help is much appreciated. Thank you
-
You will need to either continue with the normal boot process if the username and password are good, or call the functions that remove the imaging task from the database and tftpboot folder on the server, and tell the machine to reboot if there is no input or username and password is bad.
The original quickimage workflow is:
[LIST=1]
[]pxeboot client
[]quickimage selected
[]quickimige script runs, which prompts for info and verifies it.
[]if info is good, schedule an imaging task (tftpboot file and database entry for normal deploy task). If info is bad, quit quick image script with error.
[]call reboot function, computer reboots
[]client pxeboots and either sees a task file in the /tftpboot folder and starts task, or does NOT see a task file and displays FOG menu.
[/LIST]
Your workflow should be:
[LIST=1]
[]pxeboot client
[]tftpboot file already exists because it was scheduled on the web console and you just want confirmation
[]modified fog script begins running, stops to ask for a username and password
[]fog script checks username and password against xauth.php
[]xauth.php returns good or bad code
[]if good code, continue normal deploy. if bad code, call function to remove task from database and tftpboot and reboot client
[/LIST] -
Hello, I wish an excellent week for you. I’ve found a way to reach what I need, with my acknowledge until now. In the script I made that when ask for an input and no input has been done, the computer halt. But when an input has been done, ask for an username and password. Then the script ask for my php file. But does not authenticate anymore. Could you revise my php file for programming issues plz?
[url=“/_imported_xf_attachments/0/219_xauth.php?:”]xauth.php[/url]
-
The attached version should return “#!ok” if the username and password are a valid FOG login for any user in the database. Otherwise, it returns “#!il” for Invalid Login.
Since the pxeboot file and task are already present when you check for valid username and password, you still need to call the functions to continue imaging for “#!ok” response, or remove the imaging task and pxeboot file for “#!il” response. You can loop through to give multiple chances to input username and password, but you would do that in the fog script in the initrdmntdir/bin/whatever file.
[url=“/_imported_xf_attachments/0/220_xauth.php?:”]xauth.php[/url]
-
I realy don’t know how to do that, still haven’t enough knowledge to do this… I almost lost my opportunity of use FOG in my workplace… here is a screenshot of my script. I realy don’t know how to do what you mentioned.
[ATTACH]221[/ATTACH][url=“/_imported_xf_attachments/0/221_Foggy.jpg?:”]Foggy.jpg[/url]
-
How about you upload your script as a .php file or something and I’ll see if I can hack it together to do what you want.
-
[COLOR=#000000][FONT=Calibri]Thank you so much i really appreciate this so much.[/FONT][/COLOR]
[COLOR=#000000][FONT=Calibri]I am using the php attached in the above this post, and also here is the fog file, what you can find at initmountdir/bin. Note: Is not .txt file, but without extension I am not able to upload it.[/FONT][/COLOR][COLOR=#000000][FONT=Calibri]Again thank you so much![/FONT][/COLOR]
[url=“/_imported_xf_attachments/0/225_fog.txt?:”]fog.txt[/url]