Cannot deploy image - Connection Time Out
-
I’ve been running through the forums trying to solve this situation, but I cannot seem to figure out the issue.
The server IP is correct, this last worked back in June or July when I deployed the images last to this computer. The only changes I had made were to setting the FOG Boot Settings afterwards of REFIND_EFI and SANBOOT following issues where other machines (the same laptop Make/Model) would not correctly boot into Windows. I successfully fixed the issue, but never deployed that fix to a different group of machines, which I am trying to do now, as they no longer boot into Windows 10.
The FOG server is deployed on an Ubuntu 20.04.3 server on an ESXi 7.0+ host. I have FOG 1.5.9
I get the following error:
Init Version: 20200906
Could not mount images folder (/bin/fog.download)
Args Passed:
Reason: mount: mounting 192.168.3.200:/images/ on /images failed: Connection timed outneo@fog-server:~$ showmount -e 127.0.0.1 Export list for 127.0.0.1: /images/dev * /images *neo@fog-server:~$ cat /etc/exports /images *(ro,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0) /images/dev *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=1)neo@fog-server:~$ ls -alR /images /images: total 24 drwxrwxrwx 6 fogproject root 4096 Jul 26 14:13 . drwxr-xr-x 23 root root 4096 Jun 10 10:51 .. drwxrwxrwx 2 fogproject root 4096 Jun 11 13:03 Classroom_10June21 drwxrwxrwx 2 fogproject root 4096 Jul 26 14:13 CyberDawg drwxrwxrwx 3 fogproject root 4096 Jul 26 14:13 dev -rwxrwxrwx 1 fogproject root 0 Jun 10 10:51 .mntcheck drwxrwxrwx 2 fogproject root 4096 Jun 10 10:51 postdownloadscripts /images/Classroom_10June21: total 21735316 drwxrwxrwx 2 fogproject root 4096 Jun 11 13:03 . drwxrwxrwx 6 fogproject root 4096 Jul 26 14:13 .. -rwxrwxrwx 1 fogproject root 4 Jun 11 12:57 d1.fixed_size_partitions -rwxrwxrwx 1 fogproject root 1048576 Jun 11 12:57 d1.mbr -rwxrwxrwx 1 fogproject root 1034 Jun 11 12:57 d1.minimum.partitions -rwxrwxrwx 1 fogproject root 60 Jun 11 12:57 d1.original.fstypes -rwxrwxrwx 1 fogproject root 0 Jun 11 12:57 d1.original.swapuuids -rwxrwxrwx 1 fogproject root 51680073 Jun 11 12:57 d1p1.img -rwxrwxrwx 1 fogproject root 139889 Jun 11 12:57 d1p2.img -rwxrwxrwx 1 fogproject root 20907221295 Jun 11 13:03 d1p3.img -rwxrwxrwx 1 fogproject root 502906493 Jun 11 13:03 d1p4.img -rwxrwxrwx 1 fogproject root 793919046 Jun 11 13:04 d1p5.img -rwxrwxrwx 1 fogproject root 1034 Jun 11 12:57 d1.partitions /images/CyberDawg: total 22033668 drwxrwxrwx 2 fogproject root 4096 Jul 26 14:13 . drwxrwxrwx 6 fogproject root 4096 Jul 26 14:13 .. -rwxrwxrwx 1 fogproject root 8 Jul 26 14:06 d1.fixed_size_partitions -rwxrwxrwx 1 fogproject root 1048576 Jul 26 14:06 d1.mbr -rwxrwxrwx 1 fogproject root 1034 Jul 26 14:06 d1.minimum.partitions -rwxrwxrwx 1 fogproject root 20 Jul 26 14:06 d1.original.fstypes -rwxrwxrwx 1 fogproject root 0 Jul 26 14:06 d1.original.swapuuids -rwxrwxrwx 1 fogproject root 48645785 Jul 26 14:07 d1p1.img -rwxrwxrwx 1 fogproject root 139889 Jul 26 14:07 d1p2.img -rwxrwxrwx 1 fogproject root 21215771924 Jul 26 14:13 d1p3.img -rwxrwxrwx 1 fogproject root 502910420 Jul 26 14:13 d1p4.img -rwxrwxrwx 1 fogproject root 793918878 Jul 26 14:13 d1p5.img -rwxrwxrwx 1 fogproject root 1034 Jul 26 14:06 d1.partitions /images/dev: total 12 drwxrwxrwx 3 fogproject root 4096 Jul 26 14:13 . drwxrwxrwx 6 fogproject root 4096 Jul 26 14:13 .. -rwxrwxrwx 1 fogproject root 0 Jun 10 10:51 .mntcheck drwxrwxrwx 2 fogproject root 4096 Jun 10 10:51 postinitscripts /images/dev/postinitscripts: total 12 drwxrwxrwx 2 fogproject root 4096 Jun 10 10:51 . drwxrwxrwx 3 fogproject root 4096 Jul 26 14:13 .. -rwxrwxrwx 1 fogproject root 249 Jun 10 10:51 fog.postinit /images/postdownloadscripts: total 12 drwxrwxrwx 2 fogproject root 4096 Jun 10 10:51 . drwxrwxrwx 6 fogproject root 4096 Jul 26 14:13 .. -rwxrwxrwx 1 fogproject root 235 Jun 10 10:51 fog.postdownloadWhen I ssh into the machine on debug I still get the connection timeout notification.
[Wed Oct 13 root@fogclient ~]# mkdir /images [Wed Oct 13 root@fogclient ~]# ping 192.168.3.200 PING 192.168.3.200 (192.168.3.200): 56 data bytes 64 bytes from 192.168.3.200: seq=0 ttl=63 time=0.717 ms ^C --- 192.168.3.200 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.717/0.717/0.717 ms [Wed Oct 13 root@fogclient ~]# mount -o nolock,proto=tcp,rsize=32768,wsize=32768,intr,noatime "192.168.3.200:/images/dev" /images mount: mounting 192.168.3.200:/images/dev on /images failed: Connection timed out [Wed Oct 13 root@fogclient ~]# mount -o nolock,proto=tcp,rsize=32768,wsize=32768,intr,noatime "192.168.3.200:/images" /images mount: mounting 192.168.3.200:/images on /images failed: Connection timed outAny help is greatly appreciated.
-
@george1421 I’ve updated to NFSv4 and the firewall has been reenabled and FOG is working.
-
@grobinson2k1 said in Cannot deploy image - Connection Time Out:
Where do I place your custom compiled init_nfsv4?
it goes into /var/www/html/fog/service/ipxe directory. Then in FOG Configuration->FOG Settings click on the expand all button and search for init.xz replace that with init_nfsv4.xz and save the settings. This will force the nfsv4 disk to be loaded for every computer.
-
@grobinson2k1 said in Cannot deploy image - Connection Time Out:
I dropped it and it worked, …
Great to see you and George figured this out so quickly!
Correct, they are on two different subnets, but the same layer 3 switch. There was no other firewall between them.
Allow me a quick comment on this. Two different subnets can be on the same layer 3 switch but they won’t be able to communication with each other unless there is a router involved! Sure router does not need to be a firewall but most often is a combined thing. So what I am saying is, that there needs to be a router in between those two subnets and this might also play a role - maybe not with the NFS issue you see now but keep that in mind if you want to do milticasting as well!!
-
Fortunately, I can snapshot the VM for this and I get the steps all the way until I get to the custom init file.
Where do I place your custom compiled init_nfsv4?
-
@grobinson2k1 I have a how to that I never wrote (yet). The discussion is in this tread: https://forums.fogproject.org/post/143625
The changes are pretty simple. you need to make one edit to the FOG programming code and then use the nfsv4 init.
And then you need to use my custom init (virtual hard drive for FOS Linux): https://drive.google.com/file/d/1EHLhmM9-kXpFO7kfk3H1ydEZF3q8lID1/view?usp=sharing
Read over the entire thread to make sure you understand what is happening. At the very least if you mess up FOG for some reason you can just rerun the fog installer and it will fixup what was changed.
-
@george1421 Sounds good, can we mark this as solved. I hope you can get NFSv4 ported for FOG.
I guess I will either leave the firewall off for now, until I have to figure out how to make it secure later. Or when I need to deploy I will turn the firewall off and back on after I am done.
-
@grobinson2k1 see the issue with NFSv3 is that its not very firewall friendly. You need to have a large port range open unless you can specifically define a smaller range. I have been working on a NFSv4 port for FOG that works just over the single 2048 port which is much easier to firewall off.
-
@george1421 said in Cannot deploy image - Connection Time Out:
So I’m guessing that the target computer and the fog server are on different subnets? Is there any type of screening firewall between the two?
Correct, they are on two different subnets, but the same layer 3 switch. There was no other firewall between them.
Now as to this…
Can you drop the firewall on the FOG server and test to see if you can connect?
I dropped it and it worked, which pisses me off. I have not modified the firewall settings since when it last worked. Now, I guess I need to play with the ports to solve that issue.
-
@grobinson2k1 OK good so we know a bunch more than we did a few minutes ago.
So I’m guessing that the target computer and the fog server are on different subnets? Is there any type of screening firewall between the two?
21,22,80,111,443,2049,20499/tcp
69,111,2049,6080/udpFor NFSv3 I don’t think this is enough ports open. For NFSv4 its right.
Can you drop the firewall on the FOG server and test to see if you can connect?
Also be aware that I’m building a truth table here and if I don’t focus on something then its OK. There is a logic to how we debug this.
-
Hi George. Thanks for the quick response.
@george1421 said in Cannot deploy image - Connection Time Out:
IP address of fog server?
192.168.3.200
IP address of fogclient?
192.168.121.2
Did someone enable the firewall on the FOG server?
neo@fog-server:~$ sudo ufw status Status: active To Action From -- ------ ---- 123/udp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 21,22,80,111,443,2049,20499/tcp ALLOW 192.168.121.0/24 69,111,2049,6080/udp ALLOW 192.168.121.0/24 21,22,80,111,443,2049,20499/tcp ALLOW 192.168.122.0/24 69,111,2049,6080/udp ALLOW 192.168.122.0/24 21,22,80,111,443,2049,20499/tcp ALLOW 192.168.11.0/24 69,111,2049,6080/udp ALLOW 192.168.11.0/24 3000 ALLOW Anywhere 123/udp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 3000 (v6) ALLOW Anywhere (v6)Are the needed nfs services running on the FOG server? (I think yes because showmount returned the exported directories. But it doesn’t hurt to confirm).
neo@fog-server:~$ sudo systemctl status nfs-server ● nfs-server.service - NFS server and services Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled) Drop-In: /run/systemd/generator/nfs-server.service.d └─order-with-mounts.conf Active: active (exited) since Fri 2021-10-08 11:23:40 EDT; 5 days ago Process: 1042 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS) Process: 1043 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS) Main PID: 1043 (code=exited, status=0/SUCCESS) Oct 08 11:23:39 fog-server systemd[1]: Starting NFS server and services... Oct 08 11:23:40 fog-server systemd[1]: Finished NFS server and services. -
@grobinson2k1 said in Cannot deploy image - Connection Time Out:
192.168.3.200
Ok there are a few bits of info missing yet.
- IP address of fog server?
- IP address of fogclient?
- Did someone enable the firewall on the FOG server?
- Are the needed nfs services running on the FOG server? (I think yes because showmount returned the exported directories. But it doesn’t hurt to confirm).
