RE: USB Boot and point to custom FOG server IP

I’m wondering if this will work, because the script is still calling for tftp which isn’t enabled on my prod network, as stated in the OP.

@george1421
Found this link
https://forums.fogproject.org/topic/12121/compiling-ipxe-boot-kernels?lang=en-US
Should I follow this?

So I read through the instructions to create a USB bootable disk that uses ipxe.efi, which I assume is preconfigured to point to the FOG server’s main IP, which in my case is 10.0.0.10 which I use for offline imaging over a switch. What I want is to be able to change where the USB boot disk looks for and mounts the NFS share. I have a 2nd interface on my FOG server that is online and I use this for managing FOG and updating Ubuntu Server. I can mount the NFS share through this interface. Would I have to decompile the ipxe.efi file and edit it so it see’s FOGs IP as whatever I set it to?

EDIT: Had to update my question because we don’t have PXE booting set up on our online/prod network. Guess the ultimate goal is to be able to deploy fog images in other buildings using the USB drive to boot to the fog menu.

@londonfog as long as you don’t put any custom files in /var/www/fog you should be good. I have pmagic on my fog ipxe menu and put the files in /var/www/pm11_winpe and the permissions for the files are correct.

This is what my ipxe menu item parameters look like:
set tftp-path tftp://${fog-ip}
set web-path http://${fog-ip}
set pe-path ${web-path}/pm11_winpe
kernel ${tftp-path}/wimboot gui
imgfetch --name BCD ${pe-path}/BCD BCD
imgfetch --name boot.sdi ${pe-path}/boot.sdi boot.sdi
imgfetch --name bootmgr ${pe-path}/bootmgr bootmgr
imgfetch --name boot.wim ${pe-path}/boot.wim boot.wim
boot || goto MENU

@tom-elliott
Ok thought so thanks.

I think I may have figured this out already but wanted confirmation. If a host is not registered and begins a deploy task, will it still show up in Tasks>Active Tasks?

Was going to post a new thread but found I had already asked this question and no one responded. Bumping this thread because it would be nice to create a user that can only create/deploy images and set up groups for multicast etc but not have access to fog settings.

@Sebastian-Roth
The fog installer didn’t change the username in Storage and TFTP settings, it kept it as “fog”. I changed it to “fogproject” and set a password via sudo passw fog and put that password into the corresponding Storage and TFTP password fields as well as changing the username to fogproject. All is good now. Was able to update the kernel as well.

The web ui login username is still fog and a password I set. Those credentials also apply when selecting deploy image from the ipxe menu. Don’t want to mess with that since it is working and I have staff that use those creds for imaging and I don’t want them to have admin access to the server. I have a question about restricting web ui access but that will be another thread.

@sebastian-roth said in Quick question about the tftp/ftp credentials:

grep FOG_VERSION /var/www/html/fog/lib/fog/system.class.php

Hello again. Sorry for the massive delay but I tried to update the kernel and got this error “Type: 2, File: /var/www/fog/lib/fog/fogftp.class.php, Line: 465, Message: ftp_login(): Login incorrect., Host: 10.0.0.10, Username: fog”. I noticed the config’s were using fog instead of fogproject. here is the output.

administrator@ncitimageserver:~$ ls -al /var/www
total 24
drwxr-xr-x  5 root       root     4096 Mar 17 13:57 .
drwxr-xr-x 14 root       root     4096 Mar 16 18:17 ..
drwxr-xr-x 10 www-data   www-data 4096 Mar 19 19:01 fog
drwxr-xr-x  2 root       root     4096 Mar 16 18:25 html
-rw-r--r--  1 www-data   www-data   52 Mar 16 18:25 index.php
drwxrwxrwx  2 fogproject root     4096 Mar 17 15:16 pm11_winpe
administrator@ncitimageserver:~$ ls -al /var/www/fog/
total 408
drwxr-xr-x 10 www-data www-data   4096 Mar 19 19:01 .
drwxr-xr-x  5 root     root       4096 Mar 17 13:57 ..
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 api
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 client
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 commons
-rw-r--r--  1 www-data www-data 370070 Mar 16 18:25 favicon.ico
lrwxrwxrwx  1 www-data www-data     13 Mar 16 18:25 fog -> /var/www/fog/
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 fogdoc
-rw-r--r--  1 www-data www-data    572 Mar 16 18:25 index.php
drwxr-xr-x 13 www-data www-data   4096 Mar 16 18:25 lib
drwxr-xr-x 10 www-data www-data   4096 Mar 16 18:25 management
drwxr-xr-x  3 www-data www-data   4096 Mar 16 18:25 service
drwxr-xr-x  2 www-data www-data   4096 Mar 16 18:25 status

administrator@ncitimageserver:~$ ls -al /var/www/html/
total 20
drwxr-xr-x 2 root root  4096 Mar 16 18:25 .
drwxr-xr-x 5 root root  4096 Mar 17 13:57 ..
lrwxrwxrwx 1 root root    13 Mar 16 18:25 fog -> /var/www/fog/
-rw-r--r-- 1 root root 10918 Mar 16 18:17 index.html

administrator@ncitimageserver:~$ grep FOG_VERSION /var/www/fog/lib/fog/system.class.php
        define('FOG_VERSION', '1.5.9');
administrator@ncitimageserver:~$ grep FOG_VERSION /var/www/html/fog/lib/fog/system.class.php
        define('FOG_VERSION', '1.5.9');
administrator@ncitimageserver:~$

Success! Dropped the files into /var/www and used set web-path to ${fog-ip}. In case anyone else has this issue this is my iPXE menu item parameters:
set tftp-path tftp://${fog-ip}/os
set web-path http://${fog-ip}
set pe-path ${web-path}/pm11_winpe
kernel ${tftp-path}/wimboot gui
imgfetch --name BCD ${pe-path}/BCD BCD
imgfetch --name boot.sdi ${pe-path}/boot.sdi boot.sdi
imgfetch --name bootmgr ${pe-path}/bootmgr bootmgr
imgfetch --name boot.wim ${pe-path}/boot.wim boot.wim
boot || goto MENU

@sebastian-roth
I am running Ubuntu Server 20.04
I did not see DocumentRoot in /etc/apache2/apache2.conf, but I did see this: (I marked it with **). Leads me to believe that /var/www is the root share of the apache server.

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

**<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted**

@george1421 Gotcha. So is the /var/www/ directory still part of the web server or do I have to add it?

I had this set up previously, where the WIM file of my WinPE Image was downloaded via HTTP instead of TFTP. I guess during a FOG update it cleared whatever folders I had put in /var/www/fog. I can do it again, but is there a way to set a secondary web root? TFTP takes a long time to download a 500MB WIM file.

@sebastian-roth I didn’t start messing with things until they stopped working, not the other way around. You suggested this path “/var/www/html/fog/lib/fog/” (and I have also seen this path elsewhere in other posts on this forum) when in fact the system seemed to be using “/var/www/fog/lib/fog/” so something must have changed during the upgrade from 1.5.6 to 1.5.7RC2 erroneously. I think it is the ownership of that path that caused the issue. Not sure how that happened, again, before I changed anything to troubleshoot. I read through that post and it does clear things up thanks. I will bookmark it.

@sebastian-roth said in Quick question about the tftp/ftp credentials:

grep FTP_USERNAME /var/www/html/fog/lib/fog/config.class.php

define(‘TFTP_FTP_USERNAME’, “fogproject”);
define(‘STORAGE_FTP_USERNAME’, “fogproject”)

I just updated FOG to 1.5.9.45 and it changed the username back to fogproject. I went in and changed the user name to just “fog” again because that was what worked earlier today. Should I change it back to fogproject?

Also noticed that the kernel version rolled back to bzImage Version: 4.19.143. I need the latest kernel 5.6.18 because we have new laptops from Dell that need the latest kernel to get passed the FOG boot menu. As I tried to update the kernel I received this error:
Type: 2, File: /var/www/fog/lib/fog/fogftp.class.php, Line: 709, Message: ftp_put(): Could not create file., Host: 10.0.0.10, Username: fog

Let me put the username back to fogproject and see what happens. What prompted me to change the username to “fog” was the end up an image capture, it was trying to login as fogproject and kept failing.
FOG Settings>TFTP Server setting shows this under TFTP PXE KERNEL DIR: /var/www/fog/service/ipxe. Should it be /var/www/html/fog/service/ipxe?

running “sudo chown -R fog:www-data /var/www/fog/” fixed the kernel update error. Going to try an image capture/deploy to make sure everything else still works and will report.

I’m looking for a way to create a standard, non-admin user for the fog webui. This user will be able to manage images, tasks, but nothing else. I basically want to prevent this user from changing storage settings and be completely locked out from the FOG Settings menu. Is this possible?

My fog server is on 1.5.9-RC2 (I will update to 1.5.9 soon) and according to the Web UI>FOG Config>FOG Settings>TFTP Settings, the user name was set to “fogproject” and a long hash password. When I tried to update a kernel, it threw the wrong credentials error. So after some internet digging, I found that I had to change or make sure the owner of /var/www/fog/service/ipxe/ was fogproject:www-data. After doing that using “chown -R fogproject:www-data /var/www/fog/service/ipxe/”, still got the same error. I then checked what password was in the TFTP settings menu and compared it to the Storage setting menu, and they were different. Set the Storage password to the one in TFTP settings, still failed, wrong credentials. So I changed “fogproject” to just “fog” and left the password the same. Changed the owner of that ipxe folder to “fog:www-data”, tried the kernel update and it succeeded. I never changed the credentials so I am wondering if it is possible they change during an update? I am not ruling out the possibility that one of my colleagues might have changed them accidentally. I will lock down the GUI just in case. I am up and running now. I think there was a power outage this weekend and noticed that the isc-dhcp-server service was not running. I had to use “sudo systemctl enable isc-dhcp-server.service” again as I did that a few weeks ago because of the same issue. I know that is more of an Ubuntu problem than a FOG problem but figured I’d mention it in case someone has some insight.

@sebastian-roth Is it possible that running apt upgrade might have broken something? On my home server (Ubuntu Server 20.04) upgrading packages broke the qbittorent-nox service and I had to recreate the .service file and re-enable it.

Of course I didn’t run that command ever! I thought I had run something like that but I guess I didn’t. Thanks!

I am using Ubuntu Server 18.04.5 LTS. The dhcp server doesnt seem to start whenever I reboot the server. I have to run “sudo /etc/init.d/isc-dhcp-server restart” manually to get it back. I know this isn’t a FOG specific problem, but hopefully someone can help me out.