• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    ca fog service "error failed to decrypt" when snapins in non-default directory

    Scheduled Pinned Locked Moved Solved
    Bug Reports
    fog client fog service authentication snapins ca ssl
    2
    7
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JJ FullmerJ
      JJ Fullmer Testers
      last edited by

      I had set my snapins to a different directory (/images/snapins with /images being a symlink to /home/fogRootSystem/images)
      But the original install had created the /opt/fog/snapins directory and put the ca ssl folders there.
      But then it did it put the CA ssl folders with new keys in the new /images/snapins folder.

      All day today I have been troubleshooting the client wondering why it suddenly stopped authenticating. Uninstalling and reinstalling, re-imaging, modifying the msi, resetting encryption data, running the fog install script with the --recreate-CA and --recreate-keys options. And nothing worked. Then I noticed the duplicate CA and SSL directories and got to thinking that maybe that’s not supposed to be a thing. So I moved the /opt/fog/snapins folder to my /images/snapins directory
      mv -f /opt/fog/snapins /images/snapins then deleted the opt folder rm -fr /opt/fog/snapins then made a symlink ln -s /images/snapins /opt/fog/snapins Then I reran the fog installer like this ./installfog.sh --recreate-CA --recreate-keys -Y and now the client is working again (after reinstall on the client).

      So a fix exists, but it seems that changing the snapins directory doesn’t work for the client and causes weird ca/ssl authentication errors.

      It’s possible that something else I did fixed my issue, but I am 99.9% sure that the symlink and reinstall recreating the CA is what solved it.

      Have you tried the FogApi powershell module? It's pretty cool IMHO
      https://github.com/darksidemilk/FogApi
      https://fogapi.readthedocs.io/en/latest/
      https://www.powershellgallery.com/packages/FogApi
      https://forums.fogproject.org/topic/12026/powershell-api-module

      Tom ElliottT 1 Reply Last reply Reply Quote 1
      • Tom ElliottT
        Tom Elliott @JJ Fullmer
        last edited by

        @Arrowhead-IT I’m aware of what the problem is, and it’s because I am forcing the directory of snapins to contain the ssl files.

        In the code, particularly the decrypt code, I’m specifically searching the /opt/fog/snapins/ssl folder to do the decryption, or the global FOG_SNAPINDIR setting if it is set. Maybe this can help fix the problem? I will see about making an entry to allow for dynamic use and find of the ssl folder/files. For now, I’d recommend adjusting the global value. I’ll work on making it more dynamic and adjustable per node.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        JJ FullmerJ 1 Reply Last reply Reply Quote 2
        • JJ FullmerJ
          JJ Fullmer Testers @Tom Elliott
          last edited by

          @Tom-Elliott I’m pretty sure the global value just always being used would work and just never a static directory.
          I had set the global directory originally. I don’t think that I would be able to create or deploy snapins in the gui properly otherwise.

          Have you tried the FogApi powershell module? It's pretty cool IMHO
          https://github.com/darksidemilk/FogApi
          https://fogapi.readthedocs.io/en/latest/
          https://www.powershellgallery.com/packages/FogApi
          https://forums.fogproject.org/topic/12026/powershell-api-module

          Tom ElliottT 1 Reply Last reply Reply Quote 0
          • Tom ElliottT
            Tom Elliott @JJ Fullmer
            last edited by

            @Arrowhead-IT storage nodes now contain their own snapin path, and this is what is used for everything else, it’s only the cert finding that uses the implicit check.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            Tom ElliottT 1 Reply Last reply Reply Quote 2
            • Tom ElliottT
              Tom Elliott @Tom Elliott
              last edited by

              Just bumping so I don’t forget about this.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              Tom ElliottT 1 Reply Last reply Reply Quote 1
              • Tom ElliottT
                Tom Elliott @Tom Elliott
                last edited by

                @Tom-Elliott code added.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                1 Reply Last reply Reply Quote 1
                • JJ FullmerJ
                  JJ Fullmer Testers
                  last edited by

                  Confirmed working. the CA ssl folders can now be separated from the snap-ins folder

                  Have you tried the FogApi powershell module? It's pretty cool IMHO
                  https://github.com/darksidemilk/FogApi
                  https://fogapi.readthedocs.io/en/latest/
                  https://www.powershellgallery.com/packages/FogApi
                  https://forums.fogproject.org/topic/12026/powershell-api-module

                  1 Reply Last reply Reply Quote 1
                  • 1 / 1
                  • First post
                    Last post

                  178

                  Online

                  12.0k

                  Users

                  17.3k

                  Topics

                  155.2k

                  Posts
                  Copyright © 2012-2024 FOG Project