RE: FOGScheduler service log dont works (r7386)

Well, the service is logging but this file is not in /opt/fog/log/fogscheduler.log. The file is in /fogscheduler.log

Hi,
I want to add that I have done some changes in the reports, imaging log report too, to make pre-filters and not shows all the registries.

For example, in the imaging log report you can do a a prefilter by image name, user name or hostname. In this way, the result is more small and you don’t need erase registries in the database.

The new version of the reports are available in the “working” branch

Hi @antonionardella ,

I tried to reproduce the problem but I can’t (log with bad credentials). My log files don’t show the password or the username.

Can you paste the error to try find where launch the exception or the error?

Well, I have tested the installer og FOG 1.5.4 and works fine but first you need something.

Add the remi-php70 repository
rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm (I had installed it)
yum-config-manager --enable remi-php70
yum -y update

The last command update the php70 to the remi-php70 version (in my case php 7.0.32) and desinstalled the php70w version (I installed the php 7.0 version from webtonic repository)

I run the installer and works fine. I will test it again in the production server, if it is success, please, close the ticket

My two cents.

In RHEL7 I have compiled the dnsmasq 0.78 version using these instructions and doing some changes.

Install the necesary packages:

sudo yum install nettle-devel
sudo yum install libidn2-devel
sudo yum install libnetfilter_conntrack-devel
sudo yum install dbus-devel

config.h options:

/* #define HAVE_LUASCRIPT */
#define HAVE_DBUS
/* #define HAVE_IDN*/
#define HAVE_LIBIDN2
#define HAVE_CONNTRACK
#define HAVE_DNSSEC

Compiling and starting the service:

sudo make install
sudo systemctl start dnsmasq
sudo systemctl status dnsmasq

Output:

dnsmasq -v
Dnsmasq version 2.78  Copyright (c) 2000-2017 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.

Hi @quinniedid ,

You can disable this plugin erasing one registry in the database. In the database:

MariaDB [fog]> select * from plugins;
±----±--------------±-------±-----------±---------±-------±-------±-------±-------±-------+
| pID | pName | pState | pInstalled | pVersion | pAnon1 | pAnon2 | pAnon3 | pAnon4 | pAnon5 |
±----±--------------±-------±-----------±---------±-------±-------±-------±-------±-------+
| 48 | accesscontrol | 1 | 1 | 1 | | | | | |
| 44 | xixare | 1 | 1 | 1 | | | | | |
| 53 | LDAP | 1 | 1 | 1 | | | | | |
| 41 | wolbroadcast | 1 | 1 | 1 | | | | | |
±----±--------------±-------±-----------±---------±-------±-------±-------±-------±-------+
4 rows in set (0.00 sec)

And now delete it:

MariaDB [fog]> delete from plugins where pID = pDI_of_your_AccessControlPlugin;

In my case pID=48.

With this you will have the control back.

UPDATE: TAke in account that this process do a “dirty” unsintall of the plugin. To uninstall correctly the plugin, use the FOG User Interface and unstall it from Plugins menu.

I can confirm that works fine

I had an issue like this in March, not the same but …

LDAP Plugin with openLDAP

The problem was the filter and the work around was a little change in the code. We can try to see where is the problem and make a little change.

The filter:

&(|(name=admins))(member=uid=JohnDoe,ou=People,dc=domain,dc=org)

Doesnt work well, but the next one:

&(|(cn=admins))(member=uid=JohnDoe,ou=People,dc=domain,dc=org)

Works fine.

I think if we do a little change in the code in line 640 of ldap.class.php:

        $userGroups = explode(',', $userGroup);
        $userGroups = array_map('trim', $userGroups);
        $filter = sprintf(
            '(&(|(name=%s))(%s=%s))',
            implode(')(name=', (array)$userGroups),
            $grpMemAttr,
            $this->escape($userDN, null, LDAP_ESCAPE_FILTER)
        );
        /**
         * The attribute to get.
         */
        $attr = array($grpMemAttr);
        /**
         * Execute the ldap query
         */
        $result = $this->_result($grpSearchDN, $filter, $attr);

To:

        $userGroups = explode(',', $userGroup);
        $userGroups = array_map('trim', $userGroups);
        $filter = sprintf(
            '(&(|(cn=%s))(%s=%s))', /*<------------ CHANGE THIS*/
            implode(')(name=', (array)$userGroups),
            $grpMemAttr,
            $this->escape($userDN, null, LDAP_ESCAPE_FILTER)
        );
        /**
         * The attribute to get.
         */
        $attr = array($grpMemAttr);
        /**
         * Execute the ldap query
         */
        $result = $this->_result($grpSearchDN, $filter, $attr);

Works?

Hi @m144 ,

I fixed this bug in working dev branch of git repository

Some recomendations about this plugin:

• Don’t asociate the “fog” user to one role. This user is special, like a system user, in this way you can use it to roll back of changes.
• Test the role and their rules first with one local test user.

Hi @Tom-Elliott again,

We found who does the query XD accidentaly. If you access to the host edit page, the query is made. For example:

/fog/management/index.php?node=host&sub=edit&id=614

Then, every time a technician accesses the page of a host, my server is freezed XD. The problem is the hostLoginHistory() function which is called by edit() function in line 3257 from hostmanagementpage.class.php.

Hi @Sebastian-Roth and @Tom-Elliott ,

I have fixed this bug in my server making a little change in hostlogins function.

File: hostmanagementpage.class.php
Line: 3767

Route::listem('UserTracking');

To:

Route::listem('UserTracking',
            array(
                'hostID' => $this->obj->get('id'),
                'action' => array('', 0, 1)
            )
        );

I can push the changes but, maybe is better that Sebastian or Tom do them.