• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

ca fog service "error failed to decrypt" when snapins in non-default directory

Scheduled Pinned Locked Moved Solved
Bug Reports
fog client fog service authentication snapins ca ssl
2
7
2.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    JJ Fullmer Testers
    last edited by Jan 29, 2016, 10:40 PM

    I had set my snapins to a different directory (/images/snapins with /images being a symlink to /home/fogRootSystem/images)
    But the original install had created the /opt/fog/snapins directory and put the ca ssl folders there.
    But then it did it put the CA ssl folders with new keys in the new /images/snapins folder.

    All day today I have been troubleshooting the client wondering why it suddenly stopped authenticating. Uninstalling and reinstalling, re-imaging, modifying the msi, resetting encryption data, running the fog install script with the --recreate-CA and --recreate-keys options. And nothing worked. Then I noticed the duplicate CA and SSL directories and got to thinking that maybe that’s not supposed to be a thing. So I moved the /opt/fog/snapins folder to my /images/snapins directory
    mv -f /opt/fog/snapins /images/snapins then deleted the opt folder rm -fr /opt/fog/snapins then made a symlink ln -s /images/snapins /opt/fog/snapins Then I reran the fog installer like this ./installfog.sh --recreate-CA --recreate-keys -Y and now the client is working again (after reinstall on the client).

    So a fix exists, but it seems that changing the snapins directory doesn’t work for the client and causes weird ca/ssl authentication errors.

    It’s possible that something else I did fixed my issue, but I am 99.9% sure that the symlink and reinstall recreating the CA is what solved it.

    Have you tried the FogApi powershell module? It's pretty cool IMHO
    https://github.com/darksidemilk/FogApi
    https://fogapi.readthedocs.io/en/latest/
    https://www.powershellgallery.com/packages/FogApi
    https://forums.fogproject.org/topic/12026/powershell-api-module

    T 1 Reply Last reply Feb 16, 2016, 8:24 PM Reply Quote 1
    • T
      Tom Elliott @JJ Fullmer
      last edited by Feb 16, 2016, 8:24 PM

      @Arrowhead-IT I’m aware of what the problem is, and it’s because I am forcing the directory of snapins to contain the ssl files.

      In the code, particularly the decrypt code, I’m specifically searching the /opt/fog/snapins/ssl folder to do the decryption, or the global FOG_SNAPINDIR setting if it is set. Maybe this can help fix the problem? I will see about making an entry to allow for dynamic use and find of the ssl folder/files. For now, I’d recommend adjusting the global value. I’ll work on making it more dynamic and adjustable per node.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      J 1 Reply Last reply Feb 17, 2016, 4:05 PM Reply Quote 2
      • J
        JJ Fullmer Testers @Tom Elliott
        last edited by Feb 17, 2016, 4:05 PM

        @Tom-Elliott I’m pretty sure the global value just always being used would work and just never a static directory.
        I had set the global directory originally. I don’t think that I would be able to create or deploy snapins in the gui properly otherwise.

        Have you tried the FogApi powershell module? It's pretty cool IMHO
        https://github.com/darksidemilk/FogApi
        https://fogapi.readthedocs.io/en/latest/
        https://www.powershellgallery.com/packages/FogApi
        https://forums.fogproject.org/topic/12026/powershell-api-module

        T 1 Reply Last reply Feb 18, 2016, 1:33 AM Reply Quote 0
        • T
          Tom Elliott @JJ Fullmer
          last edited by Feb 18, 2016, 1:33 AM

          @Arrowhead-IT storage nodes now contain their own snapin path, and this is what is used for everything else, it’s only the cert finding that uses the implicit check.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          T 1 Reply Last reply Feb 23, 2016, 11:06 PM Reply Quote 2
          • T
            Tom Elliott @Tom Elliott
            last edited by Feb 23, 2016, 11:06 PM

            Just bumping so I don’t forget about this.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            T 1 Reply Last reply Feb 24, 2016, 12:57 AM Reply Quote 1
            • T
              Tom Elliott @Tom Elliott
              last edited by Feb 24, 2016, 12:57 AM

              @Tom-Elliott code added.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 1
              • J
                JJ Fullmer Testers
                last edited by Feb 24, 2016, 4:07 PM

                Confirmed working. the CA ssl folders can now be separated from the snap-ins folder

                Have you tried the FogApi powershell module? It's pretty cool IMHO
                https://github.com/darksidemilk/FogApi
                https://fogapi.readthedocs.io/en/latest/
                https://www.powershellgallery.com/packages/FogApi
                https://forums.fogproject.org/topic/12026/powershell-api-module

                1 Reply Last reply Reply Quote 1
                • 1 / 1
                1 / 1
                • First post
                  2/7
                  Last post

                188

                Online

                12.1k

                Users

                17.3k

                Topics

                155.3k

                Posts
                Copyright © 2012-2024 FOG Project