RE: What ports does FOG use?

@fogcloud we have an ansible playbook to handle FOG firewall rules (firewalld) and the ports used are:

   allow_icmp:
      - echo-request
      - echo-reply
    services:
      - ftp
      - http
      - mountd
      - nfs
      - rpc-bind
      - tftp
    ports:
      - { port: 20048, proto: tcp }  # nfs
      - { port: 20048, proto: udp }  # nfs
      - { port: "35350-36350", proto: udp }  # tftp
      - { port: "49512-65532", proto: udp }  # multicast

the port 20048 is added on nfs.conf
the range 35350-36350 is added on tftp options
and the 49512-65532 is for all the dynamic ports

@PatrickL

you might want to check https://forums.fogproject.org/topic/17648/massive-cpu-usage-from-a-service

also please state the FOG version you are using. If its before 1.5.10.41 there were some security issues that were patched.

@Tom-Elliott couldn’t wait till tomorrow… tested with 1.6 and works with the below settings.

also in 1.6 you need to change Subree on line 988 also.

Thank you once more for your time and effort.

I believe the problem you are facing is the way the new export.php (https://github.com/FOGProject/fogproject/compare/1.5.10...1.5.10.41?diff=split&w=#diff-ff9e620c45c9b82140dffca512e6417f03cc4972a20a6659a4f4a248ffa56082) validates the export.

I have the same problem on a newly installed server OS: Ubuntu 22.04, FOG Server: 1.5.10.48. I changed the if statement with

echo $currentUser;
echo '<br>';
echo strtolower($_SERVER['HTTP_X_REQUESTED_WITH']);
echo '<br>';
echo _('Unauthorized');
exit;

on export.php and as it shows

User ID: 1 Name: fog

Unauthorized

the blank line is the empty variable which then forces the Unauthorized exit.

@Fog_Newb

try the below

/dev/disk/by-uuid/d61ab2ae-b79a-4b07-bfc5-4678ab0902f4 /images ext4 defaults 0 1
/dev/disk/by-uuid/3d7874cb-8c59-4e6d-8735-fb8361994590 /imagesdev ext4 defaults 0 1
/imagesdev  /images/dev   none    defaults,bind   0   0

Sources:

• https://man.archlinux.org/man/systemd.mount.5
• https://wiki.archlinux.org/title/Fstab#Bind_mount

@Jim-Graczyk obviously your setup is more complex than others and will happily wait for the steps you took to migrate.

In our case we migrated from CentOS 7 to Ubuntu 22 following the migration guide (for images, ssl certs, didn’t create new CA https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG#If_old_server_was_FOG_1.3.0.2B ) with new server name, ip (same cname) and by only resetting encryption data on all hosts the fog clients worked smoothly.

@jaoyer hello. Everything is well documented on https://wiki.fogproject.org/wiki/index.php?title=Migrate_FOG give it a read.

We have it implement with the below code. See if it helps.

kernel http://${fog-ip}/fog/service/ipxe/ltsp/casper/vmlinuz
initrd http://${fog-ip}/fog/service/ipxe/ltsp/casper/initrd.lz
imgargs vmlinuz ip=dhcp root=/dev/nfs netboot=nfs nfsroot=9.9.9.9(replace with your real ip):/images/ltsp locale=en_US.UTF-8 keyboard-configuration/layoutcode=us mirror/country=US boot=casper ipv6.disable=1
boot || goto failed

@MarkG hello, the wiki has you covered. We migrated to new FOG server (new hostname, new ip) added a cname to match the old server and everything worked like a charm.

As always in this situations test with 1-2 hosts by manually setting the new server (hosts file) to simulate the migration.

@Tom-Elliott

today I had to add some hosts (manually) and the force reboot was indeed checked when I added the hostname and mac address.

Is it possible that the registration from the FOS client doesn’t apply it on host creation?

@pilipp_edv

for the record the Active Directory is working only for the Windows clients as described in the FOG client repo but as you said you don’t want them to join only rename. Since we are discussing for linux clients maybe that is the clue for not being enabled by default.

The database cells hostUseAD and hostEnforce are the ones that enable the procedure to occur. Another test would be to add a host and check what value it has on the dB for hosts.hostUseAD and hosts.hostEnforce without adding the host to the group or changing anything from the dashboard.

@pilipp_edv

can you check the services tab on your dashboard? Is the hostname changer ticked?

also how is the host created in the first place (manually, autoregister, api?)

@PatrickL

you might want to check https://forums.fogproject.org/topic/17648/massive-cpu-usage-from-a-service

also please state the FOG version you are using. If its before 1.5.10.41 there were some security issues that were patched.

@Fog_Newb

try the below

/dev/disk/by-uuid/d61ab2ae-b79a-4b07-bfc5-4678ab0902f4 /images ext4 defaults 0 1
/dev/disk/by-uuid/3d7874cb-8c59-4e6d-8735-fb8361994590 /imagesdev ext4 defaults 0 1
/imagesdev  /images/dev   none    defaults,bind   0   0

Sources:

• https://man.archlinux.org/man/systemd.mount.5
• https://wiki.archlinux.org/title/Fstab#Bind_mount

@Fog_Newb said in FOG has issues if the temp image location is on another drive. FOG 1.5.10.1612 Ubuntu Server24.04.1 LTS:

/dev/disk/by-uuid/d61ab2ae-b79a-4b07-bfc5-4678ab0902f4 /images ext4 defaults 0 1
/dev/disk/by-uuid/3d7874cb-8c59-4e6d-8735-fb8361994590 /images/dev ext4 defaults 0 1

based on the reddit post you should try

/dev/disk/by-uuid/d61ab2ae-b79a-4b07-bfc5-4678ab0902f4 /images ext4 defaults 0 1
/dev/disk/by-uuid/3d7874cb-8c59-4e6d-8735-fb8361994590 /images/dev auto bind,x-systemd.requires=/images 0 0