RE: Updating database Failed Error returned: <!DOCTYPE HTML PUBLIC .... 503 Service unavailable ....

Hi george1421,

first 'd like to thank you very much for your quick reaction.
Your effort to help me solve my problem is highly appreciated!
Regrettably this didn’t solve my problem.
I still have the same issue the update of the mariadb still fails.
The Selinux is in permissive mode now and a check of the DB proved that the DB itself is not
showing any problem:

[root@myserver ~]# mysqlcheck --all-databases
fog.clientUpdates                                  OK
fog.dirCleaner                                     OK
fog.globalSettings                                 OK
fog.greenFog                                       OK
fog.groupMembers                                   OK
fog.groups                                         OK
fog.history                                        OK
fog.hookEvents                                     OK
fog.hostAutoLogOut                                 OK
fog.hostMAC                                        OK
fog.hostScreenSettings                             OK
fog.hosts                                          OK
fog.imageGroupAssoc                                OK
fog.imagePartitionTypes                            OK
fog.imageTypes                                     OK
fog.images                                         OK
fog.imagingLog                                     OK
fog.inventory                                      OK
fog.ipxeTable                                      OK
fog.keySequence                                    OK
fog.moduleStatusByHost                             OK
fog.modules                                        OK
fog.multicastSessions                              OK
fog.multicastSessionsAssoc                         OK
fog.nfsFailures                                    OK
fog.nfsGroupMembers                                OK
fog.nfsGroups                                      OK
fog.notifyEvents                                   OK
fog.os                                             OK
fog.oui                                            OK
fog.plugins                                        OK
fog.powerManagement                                OK
fog.printerAssoc                                   OK
fog.printers                                       OK
fog.pxeMenu                                        OK
fog.scheduledTasks                                 OK
fog.schemaVersion                                  OK
fog.snapinAssoc                                    OK
fog.snapinGroupAssoc                               OK
fog.snapinJobs                                     OK
fog.snapinTasks                                    OK
fog.snapins                                        OK
fog.supportedOS                                    OK
fog.taskLog                                        OK
fog.taskStates                                     OK
fog.taskTypes                                      OK
fog.tasks                                          OK
fog.userCleanup                                    OK
fog.userTracking                                   OK
fog.users                                          OK
fog.virus                                          OK
mysql.columns_priv                                 OK
mysql.db                                           OK
mysql.event                                        OK
mysql.func                                         OK
mysql.help_category                                OK
mysql.help_keyword                                 OK
mysql.help_relation                                OK
mysql.help_topic                                   OK
mysql.host                                         OK
mysql.ndb_binlog_index                             OK
mysql.plugin                                       OK
mysql.proc                                         OK
mysql.procs_priv                                   OK
mysql.proxies_priv                                 OK
mysql.servers                                      OK
mysql.tables_priv                                  OK
mysql.time_zone                                    OK
mysql.time_zone_leap_second                        OK
mysql.time_zone_name                               OK
mysql.time_zone_transition                         OK
mysql.time_zone_transition_type                    OK
mysql.user                                         OK

[root@myserver ~]#getenforce
Permissive

The ftp connection with the fog user and the fog password that I did choose for the Linux user,
the web GUI user and the storage default in the web GUI was rechecked and worked in every case.
Login to the web GUI works , ftp connection is successfull, Linux login is working .
The password in the tftpd section was set back to “password” but that doesn’t seem to make any difference.
As an additional information I add the .fogsettings for you to check (IP addresses hidden for security reasons):

[root@myserver fog]# cat .fogsettings
## Start of FOG Settings
## Created by the FOG Installer
## Find more information about this file in the FOG Project wiki:
##     https://wiki.fogproject.org/wiki/index.php?title=.fogsettings
## Version: 1.5.4
## Install time: Mi 27 Mär 2019 08:36:26 CET
ipaddress='X.X.X.X'
copybackold='0'
interface='enp3s0'
submask='255.255.255.0'
routeraddress='# option routers      x.x.x.x;';'
plainrouter=''
dnsaddress='# option domain-name-servers      x.x.x.x; ';
username='fog'
password='+7351TPXMaVv5C+geraboer3gNVVGYbJEkyusfIbmlA='
osid='1'
osname='Redhat'
dodhcp='y'
bldhcp='1'
dhcpd='dhcpd'
blexports='1'
installtype='N'
snmysqluser='root'
snmysqlpass=''
snmysqlhost='localhost'
installlang='0'
storageLocation='/images'
fogupdateloaded=1
docroot='/var/www/html/'
webroot='/fog/'
caCreated='yes'
httpproto='http'
startrange='X.X.X.X'
endrange='X.X.X.X'
bootfilename='undionly.kpxe'
DHCP-Boot='undionly.kpxe=,X.X.X.X'
packages='bc curl dhcp gcc gcc-c++ genisoimage gzip httpd lftp m4 make mariadb mariadb-server mod_ssl mtools net-tools nfs-utils php php-bcmath php-cli php-common php-fpm php-gd php-ldap php-mbstring php-mcrypt php-mysqlnd php-process syslinux tar tftp-server unzip vsftpd wget xinetd xz-devel '
noTftpBuild=''
notpxedefaultfile=''
sslpath='/opt/fog/snapins/ssl/'
backupPath='/home/'
php_ver=''
php_verAdds=''
sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
## End of FOG Settings
[root@myserver fog]#

Any other ideas or proposals?

kind regards

megaadm

Hi there!

Sorry to bother you with a problem that you have already solved for others a couple of times, but it seems that the solutions don’t work for my just installed fog server. I did set up a IBM X3650 with the newest CEntOS 7.6 version following the instructions offered by the FOG project site https://wiki.fogproject.org/wiki/index.php?title=CentOS_7#Configuring_partitions_for_FOG

The only differenz is that I disabled the internal firewall and I am not using SELinux .
The installation of the fog software was successfull and the first test went well untill it said: Image captured … done
Stopping FOG Status Reporter …done
Task Complete
Updating Database … failed
Error returned: <!DOCTYPE HTML PUBLIC*_/…
<html><head>
<title> 503 Service Unavailable </title>
usw

The first tests failed with could not complete tasking because the files /bin/fog.download and /bin fog.upload were not found.
So I searched for them on another fog server we already had in use and created them as well along with the path where they were found at the other server
/root/git/fogproject/src/buildroot/package/fog/scripts/bin/fog.upload
/root/fog_1.2.0/src/buildroot/package/fog/scripts/bin/fog.upload

and as this did not solve the problem as well directly under /bin .
The other server was recently updated from fog 1.2.0 to 1.5.4 .

Creating those files helped to get further in the process of the test but
now the update f the database always fails. I observed that the image apears in /images/dev and is moved to /images and is even renamed as it should be but after the updating of the database fails the image disapears from /images again and no trace of it could be found in /images/dev eather !

Ain’t that strange???
I searched the internet for related postings and found some
for example …
Wayne Workman Feb 11, 2016, 5:40 PM

Problem and solution documented in the Wiki here: https://wiki.fogproject.org/wiki/index.php?title=Troubleshoot_FTP#Updating_Database...Failed

went through the different points and checked everything as proposed but was not able to solve the problem.

One thing I noticed was that there was a very long encrypted “password” in the .fogsettings file which was a lot shorter in the .fogsettings of the other fog server which in fact has the same password for fog. I made sure that the password is the same for the “web gui user” fog the storage default fog user and the linux fog user.
As I found a hint in the internet related to the password in the tftpd section I checked that too and found out that this was still “password”. I changed it to be the same as the other password in use but that did not help eather and comparing with the other node I saw that it was “password” too in the tftpd section. So I decided to set it back to “password”. I even tried to enter the password that I use for all fog users in plane text in the .fogsettings for"password=xxxxxxxx"
because some other guy was adviced ot take the password from the .fogsettings file and use it somewhere else to reset the password - what I did not quite understand as it is encrypted in my .fogsettings - but that made me hope that it might work the otherway round too but it did not.
I will leave office soon for today but would appreciate your support tomorrow if possible. Please let me know which config files or logs you need to analyse my little problem here. Or maybe tell me were I did something wrong according to my description here.
Kind regards

megaadm

@george1421 thx george1421 ! I inserted the proposed new line now in the fog.postinit script for a try and we’ll see what happens when the next image will be created. Of cause it would be nice if your developers could solve this issue by patching 1.5.4 or adding that as a feature enhancement in 1.5.5 .

@Quazz Hi Quazz your advice was good in deed! The image we produced showed 774 but unfortunately the owner was root and the group was root too:

[root@fogserver images]# ls -al /images/dev/6c4b905470aa
total 37754292
drwxrwxr–. 2 root root 73 Oct 15 15:51 .
drwxrwxr–. 4 fog root 66 Oct 15 15:22 …
-rwxrwxr–. 1 root root 1048576 Oct 15 15:25 d1.mbr
-rwxrwxr–. 1 root root 10336542 Oct 15 15:26 d1p1.img
-rwxrwxr–. 1 root root 34582211215 Oct 15 15:51 d1p2.img
-rwxrwxr–. 1 root root 190 Oct 15 15:25 d1.partitions
[root@fogserver images]#

For this reason the fog user fails to move the image file to /images and I have to give “write rights” to others for /images otherwise the process hangs up. And of cause “w” rights for “others” are noncompliant.
Any idea where I can change a configuration so that the created files will be owned by fog instead of root? Maybe editing the same file again with a chown statement? Something like:
sed -i -e “s#chown -R root#chown -R fog#gi” /usr/share/fog/lib/funcs.sh

@Quazz Can’t test that any more today because the windows team left already for the weekend. We will have to create an image for a customer PC on monday though and then I will see what happens.
Wish you a nice weekend !

@Quazz Thanks again that really would be great I will ask our windows team to test that right away!
Yet another question related to your first advice

<<It might work fine if you chown -R fog:fog first, though.>>

Was this meant only for the directory /image or was that meant for all the directories and files of our Fox installation?

@george1421 I updated an older Fog version to the newest because the old Fog version seemed to be unable to create or deploy windows 10 images as I was informed by our windows team

@Quazz Thanks for your advice!

I added the line
“sed -i -e “s#chmod -R 777#chmod -R 774#gi” /usr/share/fog/lib/funcs.sh”
to the fog.postinit script in the path /images/dev/postinitscripts/
which was obviously not configured at all until now:

[root@fogserver postinitscripts]# cat fog.postinit
#!/bin/bash

This file serves as a starting point to call your custom pre-imaging/post init loading scripts.

<SCRIPTNAME> should be changed to the script you’re planning to use.

Syntax of post init scripts are

#. ${postinitpath}<SCRIPTNAME>
sed -i -e “s#chmod -R 777#chmod -R 774#gi” /usr/share/fog/lib/funcs.sh
[root@fogserver postinitscripts]#

Then I looked for the funcs.sh script in /usr/share/fog/lib and had to find out that there is no directory fog under the path /usr/share in our fog installaion.

[root@fogserver share]# pwd
/usr/share
[root@fogserver share]# ls -al
total 228
drwxr-xr-x. 122 root root 4096 Oct 10 07:58 .
drwxr-xr-x. 14 root root 4096 Jun 5 16:36 …
drwxr-xr-x. 3 root root 19 Apr 27 16:53 abrt
drwxr-xr-x. 2 root root 4096 Apr 11 2018 aclocal
drwxr-xr-x. 3 root root 4096 Nov 30 2015 aclocal-1.13
drwxr-xr-x. 8 root root 102 Jun 5 16:38 alsa
drwxr-xr-x. 4 root root 31 Sep 30 2015 anaconda
drwxr-xr-x. 2 root root 29 Oct 10 2017 appdata
drwxr-xr-x. 2 root root 4096 Jul 2 12:25 applications
drwxr-xr-x. 3 root root 19 Apr 11 2018 augeas
drwxr-xr-x. 2 root root 4096 Oct 10 2017 authconfig
drwxr-xr-x. 7 root root 4096 Nov 30 2015 autoconf
drwxr-xr-x. 4 root root 4096 Nov 30 2015 automake-1.13
drwxr-xr-x. 2 root root 4096 Jul 18 2017 awk
drwxr-xr-x. 2 root root 4096 Apr 11 2018 backgrounds
drwxr-xr-x. 4 root root 60 Apr 11 2018 bash-completion
drwxr-xr-x. 4 root root 4096 Oct 10 2017 bison
drwxr-xr-x. 2 root root 65 Oct 5 2015 centos-logos
drwxr-xr-x. 2 root root 17 Oct 10 07:58 centos-release
drwxr-xr-x. 2 root root 4096 Oct 5 2015 cracklib
drwxr-xr-x. 2 root root 40 Oct 10 2017 cscope
drwxr-xr-x. 6 root root 4096 Jun 5 16:36 dbus-1
drwxr-xr-x. 3 root root 20 Oct 10 2017 defaults
drwxr-xr-x. 2 root root 6 Apr 11 2018 desktop-directories
drwxr-xr-x. 2 root root 36 Apr 11 2018 dict
drwxr-xr-x. 535 root root 20480 Oct 10 07:58 doc
drwxr-xr-x. 3 root root 22 Sep 20 2017 emacs
dr-xr-xr-x. 2 root root 6 Apr 11 2018 empty
drwxr-xr-x. 2 root root 18 Dec 15 2016 file
drwxr-xr-x. 3 root root 18 Sep 26 20:27 firewalld
drwxr-xr-x. 3 root root 19 Sep 30 2015 firstboot
drwxr-xr-x. 3 root root 23 Oct 5 2015 fontconfig
drwxr-xr-x. 3 root root 16 Oct 10 2017 fonts
drwxr-xr-x. 2 root root 24 Sep 18 07:40 fpm
drwxr-xr-x. 2 root root 6 Apr 11 2018 games
drwxr-xr-x. 3 root root 19 May 15 23:51 gcc-4.8.2
lrwxrwxrwx. 1 root root 9 Jun 5 16:36 gcc-4.8.5 -> gcc-4.8.2
drwxr-xr-x. 3 root root 22 Aug 5 2017 GConf
drwxr-xr-x. 3 root root 15 Aug 5 2017 gcr-3
drwxr-xr-x. 5 root root 50 May 15 23:51 gdb
drwxr-xr-x. 2 root root 90 Dec 15 2016 GeoIP
drwxr-xr-x. 7 root root 4096 Oct 10 2017 gettext
drwxr-xr-x. 3 root root 16 Oct 10 2017 gettext-0.19.8
drwxr-xr-x. 3 root root 19 Apr 11 2018 ghostscript
drwxr-xr-x. 4 root root 36 Jun 22 16:02 git-core
drwxr-xr-x. 3 root root 20 Apr 11 2018 glib-2.0
drwxr-xr-x. 2 root root 6 Apr 11 2018 gnome
drwxr-xr-x. 2 root root 44 Oct 5 2015 gnome-background-properties
drwxr-xr-x. 2 root root 4096 Jul 16 08:59 gnupg
drwxr-xr-x. 3 root root 33 Oct 5 2015 groff
drwxr-xr-x. 2 root root 79 Apr 16 16:50 grub
drwxr-xr-x. 2 root root 6 May 16 09:59 gtk-3.0
drwxr-xr-x. 5 root root 44 Jun 27 15:49 httpd
.
.
.

So I searched for the funcs.sh through all the directories and found two at different places:

[root@fogserver share]# find / -name funcs.sh
/root/git/fogproject/src/buildroot/package/fog/scripts/usr/share/fog/lib/funcs.sh
/root/fog_1.2.0/src/buildroot/package/fog/scripts/usr/share/fog/lib/funcs.sh
[root@fogserver share]#

In both funcs.sh scripts I made a grep for chmod, 777, and 774 and did not find any of those strings:

[root@fogserver share]# grep 777 /root/fog_1.2.0/src/buildroot/package/fog/scripts/usr/share/fog/lib/funcs.sh
[root@fogserver share]# grep chmod /root/fog_1.2.0/src/buildroot/package/fog/scripts/usr/share/fog/lib/funcs.sh
[root@fogserver share]# grep chmod /root/git/fogproject/src/buildroot/package/fog/scripts/usr/share/fog/lib/funcs.sh

Just to make sure made a I grep for /image too and got only the same few results and those were without any “chmod” statements:

[root@fogserver postinitscripts]# grep /image /root/git/fogproject/src/buildroot/package/fog/scripts/usr/share/fog/lib/funcs.sh

the directory to store images in (e.g. /image/dev/xyz) as the third parameter

the directory images stored in (e.g. /image/xyz) as the third parameter

the directory images stored in (e.g. /image/xyz) as the third parameter

[root@fogserver postinitscripts]#

So none of the two seems to be the script you were writing about.
The reason might be that we are runnining a different version of fog here (FOG Version 1.5.4) and therefore the installation and some pathes differ.

If I got you right the “sed” command you proposed should have looked for the string “chmod -R 777” in the script /usr/share/fog/lib/funcs.sh and change that to “chmod -R 774”
So what am I supposed to do now? The fog.postinit script will not do any good as it is now. That much is sure. I appreciate your support and thank you very much for taking your time and trying to be helpful.

Thank you very much for this really quick response!
Unfortunately this is not a solution for us because 777
is against the IBM compliance policies no matter which directory or file it is (“You might have to set the permissions on /images/dev to 777”).
Of course I know how to change the rights manually to avoid findings in the
automated scan reports. But as the images are created by the Windows team
and I am working in the Linux Team I don’t always notice in time that new images
are created and transferred to my Linux Fog server.
So if there isn’t any configuration file where I can change the standard rights for new images to 774 for example - this would mean I’ll have to think about automated daily checks by a script and let ether the script
restrict the rights or do that manually after being informed via mail about new image files.

Having installed fogproject-1.5.4 on CentOS 7 we experience issues with the IBM compliance.
When we create new images, the image directories and the image files inside these directories in the directory /images are owned by root and show 777 as file rights which conflicts with the IBM compliance:

[root@fog_server images]# ls -al
total 8
drwxrwxr-x. 14 fog root 4096 Oct 10 11:23 .
dr-xr-xr-x. 21 root root 4096 Jul 5 17:09 …
drwxrwxr–. 3 fog root 46 Oct 9 16:13 dev
drwxrwxrwx. 2 root root 130 Oct 2 11:11 EXAMPLE_image
-rwxrwxr–. 1 fog root 0 Jun 28 13:20 .mntcheck
[root@fog_server images]# cd EXAMPLE_image
[root@fog _server EXAMPLE_image]# ls -al
total 21646780
drwxrwxrwx. 2 root root 130 Oct 2 11:11 .
drwxrwxr-x. 14 fog root 4096 Oct 10 11:23 …
-rwxrwxrwx–. 1 root root 1048576 Oct 2 10:54 d1.mbr
-rwxrwxrwx. 1 root root 283 Oct 2 10:54 d1.original.uuids
-rwxrwxrwx. 1 root root 13285538 Oct 2 10:54 d1p1.img
-rwxrwxrwx. 1 root root 8784293 Oct 2 10:54 d1p2.img
-rwxrwxrwx. 1 root root 21761439393 Oct 2 11:10 d1p3.img
-rwxrwxrwx. 1 root root 381722661 Oct 2 11:11 d1p4.img
-rwxrwxrwx. 1 root root 880 Oct 2 10:54 d1.partitions
[root@fog_server EXAMPLE_image]#

The images are created as a task in the fog web gui with the user fog so I would have expected that the owner of the newly created image would be fog as well.
Can anybody tell me where the ownership and the 777 rights of new images are configured?
There has to be a configuration file where the standard ownership and file rights for new images are defined.

Any advice is appreciated.
Kind regards

aborn