Master/Storage nodes | SSL | Plugin Location

glequeau

Hello,
I would like to know what is the right way to install a FOG infrastructure with a complete SSL configuration.
For me the main difficulty lies in understanding and setting nodes with the location plugin activated. I can’t deploy snapins to my clients when I force a different location from my master node. I am interested in any useful info on this subject. Already know if it is possible
Thanks,

Sebastian Roth

@glequeau Which version of FOG do you use?

I ask because there was a bug in that part for quite some time but we fixed that in 1.5.10. See details here: https://github.com/FOGProject/fogproject/issues/371

glequeau

Hello,
I use debian 11 and v1.5.10 of FOG. Thanks for explanations. I will rebuild a test environment to try another time.
Best regards,
Glen

glequeau

Hi,

I just rebuilt two proxmox debian 11 containers with FOG 1.5.10

Master node > install HTTPS
Storage node > install HTTPS

Install plugin Location

Master node and storage node are in the default storage group
Master node > default’s Master node

Create new location > location_1
storage groupe > default
storage node > defaultmember
storage node protocol> HTTPS

Create new location > location_2
storage groupe > default
storage node > secondary node
storage node protocol> HTTPS

Create snapin in default storage group with replication enabled

Configure one host with location_1
Deploy snapin > OK, it works

Configure one host with location_2
Be sure the snapin is replicated into the storage node
Deploy snapin > it doesn’t work
What am i doing wrong ?

Here is the snapin log

---------------------------------SnapinClient---------------------------------
------------------------------------------------------------------------------
 03/07/2023 12:39:24 Client-Info Client Version: 0.13.0
 03/07/2023 12:39:24 Client-Info Client OS:      Windows
 03/07/2023 12:39:24 Client-Info Server Version: 1.5.10
 03/07/2023 12:39:24 Middleware::Response Success
 03/07/2023 12:39:24 SnapinClient Running snapin snapin_1
 03/07/2023 12:39:24 Middleware::Communication Download: https://xxxxxxxx//fog/service/snapins.file.php?mac=00:23:24:19:46:64&taskid=2
 03/07/2023 12:39:24 Data::RSA ERROR: Certificate validation failed
 03/07/2023 12:39:24 Data::RSA ERROR: Trust chain did not complete to the known authority anchor. Errors: La signature du certificat ne peut pas être vérifiée. (NotSignatureValid)
 03/07/2023 12:39:24 Middleware::Communication SSL certificate chain error: Une chaîne de certificats a été traitée mais s’est terminée par un certificat racine qui n’est pas approuvé par le fournisseur d’approbation.

 03/07/2023 12:39:24 Middleware::Communication ERROR: Could not download file
 03/07/2023 12:39:24 Middleware::Communication ERROR: La connexion sous-jacente a été fermée : Impossible d'établir une relation de confiance pour le canal sécurisé SSL/TLS.
 03/07/2023 12:39:24 SnapinClient C:\Program Files (x86)\FOG\tmp\file.zip
 03/07/2023 12:39:24 Middleware::Communication URL: https://xxxxxxxxx/fog/service/snapins.checkin.php?taskid=2&exitcode=-1&mac=00:23:24:19:46:64&newService&json
------------------------------------------------------------------------------