as described in https://www.reddit.com/r/linux4noobs/comments/119i2vy/is_it_possible_to_mount_one_drive_as_a_subfolder/
probably its best to move everything away from the mount points and then create the new structure. Also as always in this occasions BACKUP before testing.
99% it will work. The path /images/dev is the tmp location for image creation, so if you mount a 3rd drive you can achieve the expected result.
Hello,
for the second part you can mount anything (e.x. /sdb, /storageip, /nasdrive ) in /images and keep the storage independent from the VMs primary disk.
@Tom-Elliott couldn’t wait till tomorrow… tested with 1.6 and works with the below settings.
also in 1.6 you need to change Subree on line 988 also.
Thank you once more for your time and effort.
@Tom-Elliott I will test your new code from working-1.6 branch on our dev server and report back (tomorrow).
@Tom-Elliott being explicit helped me better understand the verification process.
Similarly your ‘admingroup’ (I know you’ve masked it) but do you have a group in your LDAP that has a full name of: https://entitlements.it.auth.gr/<adminGroupName>?
yes it’s a full html path
I used the filter from the original code and the results are:
Admin search
Filter: (&(|(name=https://entitlements.it.auth.gr/<adminGroupName>))(edupersonentitlement=uid=usename,ou=People,o=auth,c=gr)); Result: 0
Mobile Search (empty group)
Filter: (&(|(name=))(edupersonentitlement=uid=username,ou=People,o=auth,c=gr)); Result: 0
The correct filter should be (that is what I implemented):
Admin search
Filter: (&(|(edupersonentitlement=https://entitlements.it.auth.gr/<adminGroupName>))(uid=username))
Mobile search
Filter: (&(|(edupersonentitlement=https://entitlements.it.auth.gr/<userGroupName>))(uid=username))
@Tom-Elliott said in FOG 1.5.10.1604 ldap plugin:
@AUTH-IT-Center After some pretty serious testing I think I finally got the ldap plugin working on 1.6 as well.
Basically the problem with your current filter is you only check if the group exists and the username = username, not that the username actually is a member of that group.
We do have logic, I think that double checks but I hope you can see the issue here?
Hello @Tom-Elliott and thank you in advance for your time and effort. The changes that we tried to implement came from this post.
To better give you the concept we are trying to achieve let me explain with our setup and attributes.
What we want is that if a user trying to login to FOG server with his uid = username and is member with specific eduPersonEntitlement(s) can login to FOG server and be member of the FOG admins.
@Tom-Elliott Ι did try the 1.6 branch but didn’t work… that’s when I started debugging on 1.5.10.1064 dev-branch. I made the changes based on our LDAP needs. It would be proper if all the parameters came from the LDAPServers table and dynamically used in the code (even the filter maybe?)
@Tom-Elliott though I deployed it on our production server (from my fork), of course when you push the changes I can test it on the staging server. Just let us know.
@Tom-Elliott Hello!
We wanted to integrate the ldap plugin on our OpenLDAP server and after some debug sessions we finally managed to integrate it.
I opened a pull request https://github.com/FOGProject/fogproject/pull/635 with the changes we made. I believe the filter should be dynamic to match more attributes instead of having hard-coded the name=.
Please review it and check if it can be merged. Thank you.
@Tom-Elliott glad to hear it.
Where can I check - read other events in order to get more notifications? For example the creation of a snapin task, or the creation of a multicast image tasks? (so I can create new events on slack plugin)
Thank you once more the time and effort.
Hello all,
I searched the forums and found various posts for the slack plugin not properly working. I managed to get it to work by modifying some files to match the new slack api.
I pushed the changes on my fork and requested a merge with the dev-branch of fogproject https://github.com/FOGProject/fogproject/pull/631. I tested all the events (except image fail) on our staging server.
Waiting for you review.
Thank you.
@Tom-Elliott if the directory nfs.conf.d exists the fog-nfs.conf isn’t created.
I believe the code should be:
configureNFS() {
dots "Setting up NFS configuration file"
if [[ -f "/etc/nfs.conf" ]]; then
# Fix all set port=20048 back to default values
sed -i '/^port=20048/ {s/^port=20048/# port=0/}' /etc/nfs.conf >>$error_log 2>&1
fi
# set port in nfs.conf.d directory
if [[ -f "/etc/nfs.conf" && ! -d "/etc/nfs.conf.d/" ]]; then
mkdir /etc/nfs.conf.d/
elif [[ -f "/etc/nfs.conf" && -d "/etc/nfs.conf.d/" ]]; then
cat > /etc/nfs.conf.d/fog-nfs.conf <<EOF
[mountd]
port=20048
EOF
elif [[ -f "/usr/etc/nfs.conf" && ! -d "/usr/etc/nfs.conf.d/" ]]; then
mkdir /usr/etc/nfs.conf.d/
elif [[ -f "/usr/etc/nfs.conf" && -d "/usr/etc/nfs.conf.d/" ]]; then
cat > /usr/etc/nfs.conf.d/fog-nfs.conf <<EOF
[mountd]
port=20048
EOF
fi
errorStat $?
@Tom-Elliott just a friendly reminder. The dev-branch doesn’t have the new code in functions.sh for the nfs mount.
Thank you for all your help.
@fogcloud we have an ansible playbook to handle FOG firewall rules (firewalld) and the ports used are:
allow_icmp:
- echo-request
- echo-reply
services:
- ftp
- http
- mountd
- nfs
- rpc-bind
- tftp
ports:
- { port: 20048, proto: tcp } # nfs
- { port: 20048, proto: udp } # nfs
- { port: "35350-36350", proto: udp } # tftp
- { port: "49512-65532", proto: udp } # multicast
the port 20048 is added on nfs.conf
the range 35350-36350 is added on tftp options
and the 49512-65532 is for all the dynamic ports
tested on staging server and it works.
OS: Ubuntu 22.04
FOG Server: 1.5.10.1577
Export of images and hosts now is successful
I believe the problem you are facing is the way the new export.php (https://github.com/FOGProject/fogproject/compare/1.5.10...1.5.10.41?diff=split&w=#diff-ff9e620c45c9b82140dffca512e6417f03cc4972a20a6659a4f4a248ffa56082) validates the export.
I have the same problem on a newly installed server OS: Ubuntu 22.04, FOG Server: 1.5.10.48. I changed the if statement with
echo $currentUser;
echo '<br>';
echo strtolower($_SERVER['HTTP_X_REQUESTED_WITH']);
echo '<br>';
echo _('Unauthorized');
exit;
on export.php and as it shows
User ID: 1 Name: fog
Unauthorized
the blank line is the empty variable which then forces the Unauthorized exit.
@AUTH-IT-Center with the dev-branch the created folder after the image capture has the correct permissions.
will wait for the update on stable branch to deploy to the production server.
Thank you!
@Tom-Elliott since this is the production server I will try it on a staging one and notify you.
unfortunately the same result.
also the permissions of the init.xz and init_32.xz on /var/www/html/fog/service/ipxe/ got 755 instead of 644 and the group www-data (just mentioning)
the system is 64bit