RE: PXE boot failed 1.5.6

@Sebastian-Roth

@Sebastian-Roth

root@fogimaging:~/trunk# git branch -v
  dev-branch 71b77da [behind 252] Release 1.5.2 to fix install bugs and new item creation bugs.
* master     d75b1d3 Merge branch 'dev-branch' of github.com:FOGProject/fogproject into dev-branch
  working    f3fe2ce [behind 67] Add testing of Redhat < 7 for maintaining native php handling vs. FPM
root@fogimaging:~/trunk#```

@Sebastian-Roth

Welcome back!

Attaching a log file from my ssh session that should have all the info you asked for.

20190625_084305.SSH.w0t0p0.5D9392E8-A16D-40C6-B829-79E0F6F88A28.36728.3482263491.log

@Tom-Elliott
Ping

@george1421

Thanks for the help Pinging @Sebastian-Roth

@george1421 said in PXE boot failed 1.5.6:

https://10.10.70.4/fog/service/ipxe/boot.php?mac=00:00:00:00:00:00

Yup

#!ipxe
set fog-ip 10.10.70.4
set fog-webroot fog
set boot-url https://${fog-ip}/${fog-webroot}
cpuid --ext 29 && set arch x86_64 || set arch i386
goto get_console
:console_set
colour --rgb 0x00567a 1 ||
colour --rgb 0x00567a 2 ||
colour --rgb 0x00567a 4 ||
cpair --foreground 7 --background 2 2 ||
goto MENU
:alt_console
cpair --background 0 1 ||
cpair --background 1 2 ||
goto MENU
:get_console
console --picture https://10.10.70.4/fog/service/ipxe/bg.png --left 100 --right 80 && goto console_set || goto alt_console
:MENU
menu
colour --rgb 0xff0000 0 ||
cpair --foreground 1 1 ||
cpair --foreground 0 3 ||
cpair --foreground 4 4 ||
item --gap Host is NOT registered!
item --gap -- -------------------------------------
item fog.local Boot from hard disk
item fog.memtest Run Memtest86+
item fog.reginput Perform Full Host Registration and Inventory
item fog.reg Quick Registration and Inventory
item fog.deployimage Deploy Image
item fog.multijoin Join Multicast Session
item fog.sysinfo Client System Information (Compatibility)
choose --default fog.local --timeout 3000 target && goto ${target}
:fog.local
sanboot --no-describe --drive 0x80 || goto MENU
:fog.memtest
kernel memdisk initrd=memtest.bin iso raw
initrd memtest.bin
boot || goto MENU
:fog.reginput
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=https://10.10.70.4/fog/ consoleblank=0 rootfstype=ext4 storage=10.10.70.4:/images/ storageip=10.10.70.4 loglevel=4 mode=manreg
imgfetch init_32.xz
boot || goto MENU
:fog.reg
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=https://10.10.70.4/fog/ consoleblank=0 rootfstype=ext4 storage=10.10.70.4:/images/ storageip=10.10.70.4 loglevel=4 mode=autoreg
imgfetch init_32.xz
boot || goto MENU
:fog.deployimage
login
params
param mac0 ${net0/mac}
param arch ${arch}
param username ${username}
param password ${password}
param qihost 1
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
param sysuuid ${uuid}
:fog.multijoin
login
params
param mac0 ${net0/mac}
param arch ${arch}
param username ${username}
param password ${password}
param sessionJoin 1
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
param sysuuid ${uuid}
:fog.sysinfo
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=https://10.10.70.4/fog/ consoleblank=0 rootfstype=ext4 storage=10.10.70.4:/images/ storageip=10.10.70.4 loglevel=4 mode=sysinfo
imgfetch init_32.xz
boot || goto MENU
:bootme
chain -ar https://10.10.70.4/fog/service/ipxe/boot.php##params ||
goto MENU
autoboot

@george1421 said in PXE boot failed 1.5.6:

netstat -an|grep :443

Yup. That works. I can get to the web UI over https

root@fogimaging:~# netstat -an|grep :443
tcp6 0 0 :::443 :::* LISTEN
tcp6 0 0 10.10.70.4:443 10.10.10.21:63466 TIME_WAIT

@george1421 said in PXE boot failed 1.5.6:

ls -la /var/www/html/fog/service/ipxe/*.php

I do have SSL enabled. The installer was originally run with -S
The installer completed successfully

root@fogimaging:~# ls -la /var/www/html/fog/service/ipxe/*.php
-rw-r–r-- 1 fogproject www-data 1958 Jun 19 08:37 /var/www/html/fog/service/ipxe/advanced.php
-rw-r–r-- 1 fogproject www-data 1139 Jun 19 08:37 /var/www/html/fog/service/ipxe/boot.php
-rw-r–r-- 1 fogproject www-data 592 Jun 19 08:37 /var/www/html/fog/service/ipxe/index.php

It does find it. What do I need to change?

I installed using force HTTPS so I tried running the buildpxe.sh and that didn’t fix the issue. I did a git pull and reran the whole installer. Still no dice.

On 1.5.6

tftp://10.10.70.4/default.ipxe… ok
https://10.10.70.4/fog/service/ipxe/boot.php… no such file or directory … (missed the rest of the line in my screen shot)
Could not boot: No such file or directory (http://ipxe.org/2d0c613b)

@Sebastian-Roth

To be clear I’m mostly speaking about the web UI right now. But the client would be important too. The way JAMF handles the migration is that it continues to use its internal CA and distributes the new cert to the machines on check in. It keeps track of those that have received the cert and compares that to its list of enrolled machines. When all machines have received the cert there is a UI element that goes from red to green letting you know that the server can now be switched to communicate via the external CA.

@Wayne-Workman

I agree that applying a cert in Apache is simple but I also believe the best experience is to meet a minimum level of security out of the box so to speak. Honestly I would say that moving the require https out of the installer flags and making it one of the dialogues (like the questions about network config) would be good enough. At least then new users (even ones following random out of date guides online most of which don’t reference the installer script flags) would be able to choose.

@Sebastian-Roth @george1421 @Wayne-Workman

While I agree that the self signed warnings are annoying; from a security standpoint it is still better and common for many self hosted services. Web communication should be secure even if it is less convenient. The fact FOG has so much power over clients (forcing re-installs, running snapins) means that the login to the web ui HAS to be encrypted. Most management services default to self signed and provide the option to replace with a thirdparty / external cert. Adding a UI element to streamline this (eg upload third party cert and restart fog from the UI) would make it more user friendly. This is the default with JAMF (tomcat) and Solarwinds.

I do agree that looking at requiring a mysql password and configuring the firewall should be addressed too.

@Sebastian-Roth

That worked. Still needed to set the force ssl flag though. SSL should probably be the default given the AD credentials that get entered into the site for a lot of users.

@Sebastian-Roth

Does this only happen on first install? I did an upgrade from 1.5.5 and didn’t see this question.

Add hostname for SSL certificate generation.

For this feature does it just read the host file on the machine or can I set this with a flag during install? I don’t currently have the FQDN in my host file, I just access it via our DNS server.

@Tom-Elliott

Will they be living in parallel for the foreseeable future or is there a merge on the horizon?

With what sounds to be the impending release of the 1.5.x (6?). The 1.6 branch seems to be several commits back from 1.5.5 (almost 200, not sure how many are just different based on the UI). Is 1.6 going to keep up with the new release or should I pump the breaks until it is more official. I prefer the UI greatly to the 1.5.5 release and am the impatient type. I just don’t want to move my system over only to have to back out.

@Sebastian-Roth

Thanks for the input. I will definitely be looking into how to help with this as it would be extremely useful to me and move FOG from being just imaging to a semi mini-management platform for a small organization like mine.

I have some hosts that were added by the client being deployed to them. These clients are remote so I cant change their pxe settings. I put in a feature request to do inventory from the client, but until then is there a way to manually enter data into the inventory pane?

Running 1.5.5