RE: USB Boot and point to custom FOG server IP

@george1421
Let me do that on a digital napkin then I’ll upload it here in a bit

@george1421 @Sebastian-Roth
Turns out this might be more complicated than I thought. I got up to boot fog menu, after it tried to download bg.png from the offline http://url. Tried to deploy an image, logged in, then it tried to load http://10.0.0.10/fog/service/ipxe.boot.php. Before that though, it successfully loaded boot.php from the external ip. Sounds like I will have to comb through all the config files and make new versions to point to external IP but keep the 10.0.0.10 functionality…?

So it booted, read from tftp://customip, then tried to load the menu boot.php from http://10.0.0.10, so somewhere in the config is still pointing to the offline ip. I will check the code.

Just realized something. The USB boot is pulling instructions from the default.ipxe. Maybe I should tell it to pull a custom file from the fog server with the updated IP?

I missed the very first step, my bad. I didn’t have the source ipxe code. I’m compiling it now. I’ll test it out usb boot and see if I can deploy an image. Will report back.

@sebastian-roth
I do have the installer and followed the instructions, when I run “make bin-x86_64-efi/ipxe.efi EMBED=~/fogproject/src/ipxe/src/ipxescript” I get “make: *** No rule to make target ‘bin-x86_64-efi/ipxe.efi’. Stop.” Which directory should I be running this command from? I tried running it from ~/fogproject/src/ipxe/src and ~/ipxe/src with the same result.

I’m wondering if this will work, because the script is still calling for tftp which isn’t enabled on my prod network, as stated in the OP.

@george1421
Found this link
https://forums.fogproject.org/topic/12121/compiling-ipxe-boot-kernels?lang=en-US
Should I follow this?

So I read through the instructions to create a USB bootable disk that uses ipxe.efi, which I assume is preconfigured to point to the FOG server’s main IP, which in my case is 10.0.0.10 which I use for offline imaging over a switch. What I want is to be able to change where the USB boot disk looks for and mounts the NFS share. I have a 2nd interface on my FOG server that is online and I use this for managing FOG and updating Ubuntu Server. I can mount the NFS share through this interface. Would I have to decompile the ipxe.efi file and edit it so it see’s FOGs IP as whatever I set it to?

EDIT: Had to update my question because we don’t have PXE booting set up on our online/prod network. Guess the ultimate goal is to be able to deploy fog images in other buildings using the USB drive to boot to the fog menu.

@londonfog as long as you don’t put any custom files in /var/www/fog you should be good. I have pmagic on my fog ipxe menu and put the files in /var/www/pm11_winpe and the permissions for the files are correct.

This is what my ipxe menu item parameters look like:
set tftp-path tftp://${fog-ip}
set web-path http://${fog-ip}
set pe-path ${web-path}/pm11_winpe
kernel ${tftp-path}/wimboot gui
imgfetch --name BCD ${pe-path}/BCD BCD
imgfetch --name boot.sdi ${pe-path}/boot.sdi boot.sdi
imgfetch --name bootmgr ${pe-path}/bootmgr bootmgr
imgfetch --name boot.wim ${pe-path}/boot.wim boot.wim
boot || goto MENU

@tom-elliott
Ok thought so thanks.

I think I may have figured this out already but wanted confirmation. If a host is not registered and begins a deploy task, will it still show up in Tasks>Active Tasks?

Was going to post a new thread but found I had already asked this question and no one responded. Bumping this thread because it would be nice to create a user that can only create/deploy images and set up groups for multicast etc but not have access to fog settings.

@Sebastian-Roth
The fog installer didn’t change the username in Storage and TFTP settings, it kept it as “fog”. I changed it to “fogproject” and set a password via sudo passw fog and put that password into the corresponding Storage and TFTP password fields as well as changing the username to fogproject. All is good now. Was able to update the kernel as well.

The web ui login username is still fog and a password I set. Those credentials also apply when selecting deploy image from the ipxe menu. Don’t want to mess with that since it is working and I have staff that use those creds for imaging and I don’t want them to have admin access to the server. I have a question about restricting web ui access but that will be another thread.

@sebastian-roth said in Quick question about the tftp/ftp credentials:

grep FOG_VERSION /var/www/html/fog/lib/fog/system.class.php

Hello again. Sorry for the massive delay but I tried to update the kernel and got this error “Type: 2, File: /var/www/fog/lib/fog/fogftp.class.php, Line: 465, Message: ftp_login(): Login incorrect., Host: 10.0.0.10, Username: fog”. I noticed the config’s were using fog instead of fogproject. here is the output.

administrator@ncitimageserver:~$ ls -al /var/www
total 24
drwxr-xr-x  5 root       root     4096 Mar 17 13:57 .
drwxr-xr-x 14 root       root     4096 Mar 16 18:17 ..
drwxr-xr-x 10 www-data   www-data 4096 Mar 19 19:01 fog
drwxr-xr-x  2 root       root     4096 Mar 16 18:25 html
-rw-r--r--  1 www-data   www-data   52 Mar 16 18:25 index.php
drwxrwxrwx  2 fogproject root     4096 Mar 17 15:16 pm11_winpe
administrator@ncitimageserver:~$ ls -al /var/www/fog/
total 408
drwxr-xr-x 10 www-data www-data   4096 Mar 19 19:01 .
drwxr-xr-x  5 root     root       4096 Mar 17 13:57 ..
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 api
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 client
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 commons
-rw-r--r--  1 www-data www-data 370070 Mar 16 18:25 favicon.ico
lrwxrwxrwx  1 www-data www-data     13 Mar 16 18:25 fog -> /var/www/fog/
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 fogdoc
-rw-r--r--  1 www-data www-data    572 Mar 16 18:25 index.php
drwxr-xr-x 13 www-data www-data   4096 Mar 16 18:25 lib
drwxr-xr-x 10 www-data www-data   4096 Mar 16 18:25 management
drwxr-xr-x  3 www-data www-data   4096 Mar 16 18:25 service
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 status

administrator@ncitimageserver:~$ ls -al /var/www/html/
total 20
drwxr-xr-x 2 root root  4096 Mar 16 18:25 .
drwxr-xr-x 5 root root  4096 Mar 17 13:57 ..
lrwxrwxrwx 1 root root    13 Mar 16 18:25 fog -> /var/www/fog/
-rw-r--r-- 1 root root 10918 Mar 16 18:17 index.html

administrator@ncitimageserver:~$ grep FOG_VERSION /var/www/fog/lib/fog/system.class.php
        define('FOG_VERSION', '1.5.9');
administrator@ncitimageserver:~$ grep FOG_VERSION /var/www/html/fog/lib/fog/system.class.php
        define('FOG_VERSION', '1.5.9');
administrator@ncitimageserver:~$

Success! Dropped the files into /var/www and used set web-path to ${fog-ip}. In case anyone else has this issue this is my iPXE menu item parameters:
set tftp-path tftp://${fog-ip}/os
set web-path http://${fog-ip}
set pe-path ${web-path}/pm11_winpe
kernel ${tftp-path}/wimboot gui
imgfetch --name BCD ${pe-path}/BCD BCD
imgfetch --name boot.sdi ${pe-path}/boot.sdi boot.sdi
imgfetch --name bootmgr ${pe-path}/bootmgr bootmgr
imgfetch --name boot.wim ${pe-path}/boot.wim boot.wim
boot || goto MENU

@sebastian-roth
I am running Ubuntu Server 20.04
I did not see DocumentRoot in /etc/apache2/apache2.conf, but I did see this: (I marked it with **). Leads me to believe that /var/www is the root share of the apache server.

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

**<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted**

@george1421 Gotcha. So is the /var/www/ directory still part of the web server or do I have to add it?

I had this set up previously, where the WIM file of my WinPE Image was downloaded via HTTP instead of TFTP. I guess during a FOG update it cleared whatever folders I had put in /var/www/fog. I can do it again, but is there a way to set a secondary web root? TFTP takes a long time to download a 500MB WIM file.

@sebastian-roth I didn’t start messing with things until they stopped working, not the other way around. You suggested this path “/var/www/html/fog/lib/fog/” (and I have also seen this path elsewhere in other posts on this forum) when in fact the system seemed to be using “/var/www/fog/lib/fog/” so something must have changed during the upgrade from 1.5.6 to 1.5.7RC2 erroneously. I think it is the ownership of that path that caused the issue. Not sure how that happened, again, before I changed anything to troubleshoot. I read through that post and it does clear things up thanks. I will bookmark it.

@sebastian-roth said in Quick question about the tftp/ftp credentials:

grep FTP_USERNAME /var/www/html/fog/lib/fog/config.class.php

define(‘TFTP_FTP_USERNAME’, “fogproject”);
define(‘STORAGE_FTP_USERNAME’, “fogproject”)

I just updated FOG to 1.5.9.45 and it changed the username back to fogproject. I went in and changed the user name to just “fog” again because that was what worked earlier today. Should I change it back to fogproject?

Also noticed that the kernel version rolled back to bzImage Version: 4.19.143. I need the latest kernel 5.6.18 because we have new laptops from Dell that need the latest kernel to get passed the FOG boot menu. As I tried to update the kernel I received this error:
Type: 2, File: /var/www/fog/lib/fog/fogftp.class.php, Line: 709, Message: ftp_put(): Could not create file., Host: 10.0.0.10, Username: fog

Let me put the username back to fogproject and see what happens. What prompted me to change the username to “fog” was the end up an image capture, it was trying to login as fogproject and kept failing.
FOG Settings>TFTP Server setting shows this under TFTP PXE KERNEL DIR: /var/www/fog/service/ipxe. Should it be /var/www/html/fog/service/ipxe?

running “sudo chown -R fog:www-data /var/www/fog/” fixed the kernel update error. Going to try an image capture/deploy to make sure everything else still works and will report.