FOG Project

    • Register
    • Login
    • Search
    • Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    Solved PXE Boot not working properly from Storage Node

    FOG Problems
    3
    33
    587
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Silv4n last edited by Silv4n

      Hey guys

      When I try to PXE Boot to an Storage Node it works, but the FOG Screen seems broken and deploying etc. doesn’t work. Screen when booted in FOG Menu

      For context:

      My Master Node is in a different subnet than my storage node, i’ve opened FTP, MySQL, HTTP and HTTPS between those, and replication etc. seems to work.

      Thanks in advance for any help!

      Edit: Also when trying to execute memdisk the following error comes up:
      https://imgur.com/a/zFPAjXz

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator last edited by Sebastian Roth

        @Silv4n Oh well, I should have read the whole topic more closely and think about it a bit more. Copying the certs for Apache from the master server over will cause trouble because it’s got the wrong IP/DNS name in it.

        In this case I’d suggest you re-run the installer on the storage node and tell it to recreate the Apache cert and key.

        • Make sure have set httpproto='https' in /opt/fog/.fogproject!
        • Run the installer like this: ./installfog.sh --recreate-keys

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        S 1 Reply Last reply Reply Quote 0
        • S
          Silv4n @Sebastian Roth last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator last edited by

            @george1421 said in PXE Boot not working properly from Storage Node:

            So the root cause of this:

            The fog install script does not honor https for storage node installs?
            The fog installer did not provide the necessary command line switches when installing the storage node to enable https?

            As far as I can tell right now the only issue was that the storage node was not installed with HTTPS enabled in the first place and the buildipxe script in 1.5.7 has a bug that would not compile the cert into the binaries correctly (fixed for 1.5.8 already).

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            S 1 Reply Last reply Reply Quote 1
            • george1421
              george1421 Moderator @Sebastian Roth last edited by

              @Sebastian-Roth So the root cause of this:

              1. The fog install script does not honor https for storage node installs?
              2. The fog installer did not provide the necessary command line switches when installing the storage node to enable https?

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              1 Reply Last reply Reply Quote 0
              • S
                Silv4n @Sebastian Roth last edited by Silv4n

                @Sebastian-Roth Thanks to the both of you, it worked!

                Proof: https://imgur.com/a/FiqaZNd

                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator last edited by Sebastian Roth

                  @Silv4n No, no need to reinstall apache/php stuff in this case! That part of the installer a left over from earlier. Won’t be asking in the next version anymore.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  S george1421 2 Replies Last reply Reply Quote 0
                  • S
                    Silv4n @Sebastian Roth last edited by

                    @Sebastian-Roth No problem, you’re helping me. With reinstall apache/php files or not?

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sebastian Roth Moderator last edited by Sebastian Roth

                      @Silv4n Oh well, I should have read the whole topic more closely and think about it a bit more. Copying the certs for Apache from the master server over will cause trouble because it’s got the wrong IP/DNS name in it.

                      In this case I’d suggest you re-run the installer on the storage node and tell it to recreate the Apache cert and key.

                      • Make sure have set httpproto='https' in /opt/fog/.fogproject!
                      • Run the installer like this: ./installfog.sh --recreate-keys

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        Silv4n @Sebastian Roth last edited by

                        @Sebastian-Roth https://imgur.com/a/YpoaNPz

                        1 Reply Last reply Reply Quote 0
                        • S
                          Sebastian Roth Moderator last edited by

                          @Silv4n iPXE errors out and gives you a command line. Please run command certstat and post a picture of the output here.

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          S 1 Reply Last reply Reply Quote 0
                          • S
                            Silv4n @Silv4n last edited by

                            @Sebastian-Roth Oh, and I can access the file from the browser

                            1 Reply Last reply Reply Quote 0
                            • S
                              Silv4n @Sebastian Roth last edited by

                              @Sebastian-Roth So I’ve generated the new certs etc. and now I have a new error message (Permission denied):
                              https://imgur.com/a/yK4TwNZ

                              S 1 Reply Last reply Reply Quote 0
                              • S
                                Silv4n @Sebastian Roth last edited by

                                @Sebastian-Roth Ok, in /tftpboot/default.ipxe there currently is chain https://10.144.1.22/fog/service/ipxe/boot.php##params, so there is already https. Im’m gonna try now the cert gen etc.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  Sebastian Roth Moderator last edited by Sebastian Roth

                                  @Silv4n said in PXE Boot not working properly from Storage Node:

                                  It also tries to connect there still with HTTP

                                  Edit /tftpboot/default.ipxe on the storage node and adjust the URL in the last line.

                                  Though there is another thing that you need to fix I’d guess. I haven’t done a HTTPS enabled storage node setup in a while. But I’d think your iPXE binaries on the storage node do not include the correct cert yet.

                                  As there was an issue in the build script of FOG 1.5.7 I’d suggest you do the following on your storage node:

                                  • Make sure you have the whole CA copied form your master node to your storage node. It’s in /opt/fog/snapins/ssl/CA/ and includes hidden files, so make sure you grab all of it. Put that in the same location on the storage node and make sure ownership and rights are set exactly as they were before (compare ls -al output).
                                  • Grab the iPXE build script from the latest FOG project development code branch and rebuild the iPXE binaries to include your CA cert:
                                  sudo su -
                                  cd /path/to/your/fogproject-source-dir/
                                  cd utils/FOGiPXE
                                  wget -O buildipxe.sh https://raw.githubusercontent.com/FOGProject/fogproject/dev-branch/utils/FOGiPXE/buildipxe.sh
                                  chmod +x buildipxe.sh
                                  ./buildipxe.sh
                                  
                                  • Keep an eye on this to be sure it doesn’t end with an error. Then copy the new binaries over to the destination:
                                  cd ../../packages/tftp/
                                  mkdir /tftpboot/arm64-efi
                                  mkdir /tftpboot/10secdelay/arm64-efi
                                  mkdir /tftpboot/10secdelay/i386-efi
                                  find -type f -exec cp -Rfv {} /tftpboot/{} \;
                                  
                                  • Make sure you edit /opt/fog/.fogproject and set httpproto='https' for when you re-run the FOG installer in the future.

                                  I know this might seem overly complicated but from my point of view those steps are best suited in your current situation of half HTTP/HTTPS.

                                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                  S 2 Replies Last reply Reply Quote 0
                                  • S
                                    Silv4n @george1421 last edited by

                                    @george1421 Alright, I’ve copied over the

                                    /opt/fog/snapins/ssl/.srvprivate.key
                                    

                                    And the apache service started now and after a reinstall with HTTPS (which worked now without an issues) I can access the Web GUI of the Storage Node via HTTPS. It also generated a new boot file etc. However, the PXE Boot still throws the chainloading error, when trying to actually boot in to something. It also tries to connect there still with HTTP.

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      Silv4n @george1421 last edited by

                                      @george1421 Alright, I’m gonna test that tomorrow morning or tonight and than I’ll leave feedback here.

                                      1 Reply Last reply Reply Quote 1
                                      • george1421
                                        george1421 Moderator @Silv4n last edited by george1421

                                        @Silv4n I would save those existing keys off to the side and then copy the keys over from the main fog server. This is not ‘technically’ the right way, but we just need to see it work right now.

                                        The right way would be to build new keys for the storage node using the root CA created on the master FOG node.

                                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                        S 2 Replies Last reply Reply Quote 0
                                        • S
                                          Silv4n @george1421 last edited by

                                          @george1421 Based on cookies i guess ;), for me it shows the screenshot, but im gonna copy it here instead:

                                          [Wed Feb 19 15:43:44.859522 2020] [ssl:emerg] [pid 16345] AH02565: Certificate and private key 10.144.1.22:443:0 from /var/www/fog/management/other/ssl/srvpublic.crt and /opt/fog/snapins/ssl/.srvprivate.key do not match
                                          
                                          george1421 1 Reply Last reply Reply Quote 0
                                          • george1421
                                            george1421 Moderator @Silv4n last edited by george1421

                                            @Silv4n Your link only contains an ugly picture of the US president in the ad. Please do scare me like that this early in the morning. I’m a USA citizen I see enough of that here…

                                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                            S 1 Reply Last reply Reply Quote 0
                                            • S
                                              Silv4n @george1421 last edited by

                                              @george1421 I haven’t copied the certs over yet, because there were already certs on the server, but now this error appears in the apache log, I’m not sure if copying over solves that:
                                              http://prntscr.com/r4nmiu

                                              george1421 1 Reply Last reply Reply Quote 0
                                              • 1
                                              • 2
                                              • 1 / 2
                                              • First post
                                                Last post

                                              176
                                              Online

                                              10.2k
                                              Users

                                              16.3k
                                              Topics

                                              149.9k
                                              Posts

                                              Copyright © 2012-2020 FOG Project