RE: deploy image with UEFI

@wass This is 100% supported and the recommended way to use fog. One thing you need to do for sure is disable secure boot on the machine as the ipxe bootfile isn’t a signed boot file (it hopefully will be in the not too distant future).

The other important step is setting up your dhcp server to point to fog by setting option 66/67 on your dhcp server, see also https://docs.fogproject.org/en/latest/installation/network-setup/

If there’s a more specific part of the setup you need help with we’ll happily guide you through it

@sega said in Coding a shortcut Webview/Problem with the API:

Ok, the call in Postman worked now, I just had to change a setting.
Now I want to import that call in html/js. But I just get an error as response:

GET http://192.168.xxx.xxx/fog/task/active net::ERR_ABORTED 403 (Forbidden)

I’m pretty sure I have to change something in the fetch function? But I’m not sure. The HTML file is right now running on a local PHP server.

fetch("http://192.168.xxx.xxx/fog/task/active", {
        method: "GET",
        mode: "no-cors",
        headers: {
          "fog-api-token": "token",
          "fog-user-token": "token"
        }
      })

Does this fetch function work for other things in your custom page?

I’m not a php expert, but I found this post that suggests using a curl extension or using file_get_contents with json_encode and json_decode

https://stackoverflow.com/questions/9802788/call-a-rest-api-in-php

@Tom-Elliott might know more about using php with the api.

@Sebastian-Roth I realizing it doesn’t matter as much now since you got it recreated, but I am using vmware workstation and I am using the ipxe.efi boot file.

@mosi Are you saying you recreated the problem on a VM with 3 nics or the problem doesn’t happen in that case?
Also, are all nics connected to the network? Are they in a nic team/bond/aggregate link? Connected to different subnets? only 1 connected?

EDIT: I tested this in a VM and recreated the problem. It didn’t matter if 1 or all adapters were connected, if 3+ exist on an unregistered host it behaves as @mosi describes.

UPDATE: I also tried some previous bzImage and init versions, all the same behavior.

@ajm2358 Is this a usb mac (or macs) that you use on devices that don’t have built-in lan?

I have a powershell method for doing this via the api, but the full solution requires some infrastructure work to store the defined macs used for imaging somewhere you can get them. I embed them in an internal powershell module I use for provisioning. You may really just need one or 2 functions from this example and I also haven’t tested it working just copy paste. You would for sure need to install the module and connect to the api first. I took this from my module but I believe it should work once you have the module installed, imported, and connected.

After a computer finishes imaging and provisioning, my last step is uses the powershell fogapi module (see the links in my signature for info on the module) to run

$usbmacs = [pscustomobject]@{
  mac = "00:00:00:00:00";
  description = "mac description, I have these defined in a json, this is an inline example";
}

$result = Remove-UsbMac -usbMacs.mac  -hostname ($ENV:COMPUTERNAME);

Then I make sure all the macs that are valid are present

$physicalMacs = (get-netadapter | select-object -expand macaddress).replace("-",":")
                    $fogHost = (Get-FogHost -hostName $ENV:COMPUTERNAME) 
                    $hostID = ($fogHost.id);
                    $pendingFogmacs = Get-FogHostPendingMacs -hostID $hostID;
                    $pendingFogmacs | ForEach-Object {
                        $pendingMac = $_;
                        if ($usbMacs.mac -notcontains $pendingMac.mac) {
                            "Mac $pendingMac is pending and is not usbmac" | Out-Host;
                            if ($physicalMacs -contains $pendingMac) {
                                "Mac $($pendingMac.mac) is attached to this device, approving" | Out-Host;
                                Approve-FogPendingMac -macObject $pendingMac;
                            } else {
                                if ($pendingMac.hostID -eq $hostID) {
                                    "Mac $($pendingMac.mac) is not attached to this device, removing it from Fog" | Out-Host
                                    Deny-FogPendingMac -macObject $pendingMac;
                                }
                            }
                        } else {
                            "Mac $($pendingMac.mac) is a usbmac, removing it from Fog" | Out-Host
                            Deny-FogPendingMac -macObject $pendingMac;
                        }
                    }
                    $fogMacs = Get-FogMacAddresses;
                    $physicalMacs | ForEach-Object {
                        $mac = $_;
                        $fogMac = $fogmacs | Where-Object mac -eq $mac;
                        if ($null -eq $fogMac) {
                            if ($mac -notin $usbMacs.mac) {
                                "$mac doesn't exist in fog, adding it for the host" | Out-Host;
                                try {
                                    Add-FogHostMac -hostID $hostID -macAddress $_ -forceUpdate;
                                } catch {
                                    Write-Warning "secondary mac address $($_) failed to add to host"
                                }
                            } else {
                                "Usb mac $mac is attached, remove usb mac after provisioning!" | out-host;
                            }
                        } else {
                            $otherHost = Get-FogHost -hostid $fogmac.hostId
                            "Mac address $mac is already assigned to or pending for a different host, $($otherhost.name)" | out-host;
                        }
                    }

Then I make sure I didn’t break the host on accident during that by unintentionally deleting all the macs

try {
                        $hostObj = (Get-FogHost -hostName $ENV:COMPUTERNAME)
                        if (!$hostObj) {
                            throw "host not found by name, trying by active mac instead"
                        }
                    } catch {
                        $mac = get-activeMacAddress;
                        $hostObj = Get-FogHost -macAddr $mac;
                    }

                    if ($hostObj.pending -ne '0') {
                        Write-Verbose "The host is pending or not explicitly set to not pending in fog, adjust host to be approved be setting pending to '0'";
                        try {
                            Reset-HostEncryption -fogHost $hostObj;
                            $hostObj.pending = "0";
                            $jsonData = $hostObj | Select-Object id,pending | ConvertTo-Json;
                            Update-FogObject -type object -coreObject host -IDofObject $hostObj.id -jsonData $jsonData;
                            Restart-Service FOGService;
                        } catch {
                            Write-Verbose "There was an issue resetting host encryption or when running set-fogou -force. Host id is $($hostObj.id)"
                        }
                    }

TL;DR

Take a look at the Fog API Powershell Module especially the Remove-USBMac function and the Deny-FogPendingMac function. You can also use the above example for a more robust solution. The above solution also assumes its being run from the host in question, you can also manage any host remotely through the api.

@mosi But you have a use case where you want to be able to image a server machine without ever registering it in fog, yes? Is it not working on a multi-nic device new fog version 1.5.10 or is this the first time you’ve tried it on a multi-nic device?

@sega said in Coding a shortcut Webview/Problem with the API:

There isn’t any documentation about the various taskTypeIDs, I think thats my main problem.

It’s on the todo list, it’s a long todo list though.

In the interim:

You can get the tasktype ids from the urls in the gui
i.e. you go to a hosts task page
http://fogserver/fog/management/index.php?node=host&sub=edit&id=1#host-tasks

And each link to a task type on that page ends with &type=# where that number is that tasks id.

To then figure out the required fields for that task you have to look into the various classes. For tasks its a bit trickier to find that it is for objects. I sadly don’t remember how I figured out where those fields were, I think @Tom-Elliott helped me a few years back and I forgot to write down the origin of it all.

@sega I believe you need more in your json post

I have a function in the fogApi powershell module to deploy an image.
The code is in the syntax for powershell not curl, but it should give you an idea.
https://github.com/darksidemilk/FogApi/blob/master/FogApi/Public/Send-FogImage.ps1

i.e. a simple deploy image now task of a host’s assigned image would have json like this

{
    "taskTypeID": "1",
    "shutdown":"0",
    "other2":"0",
    "other4":"1",
    "isActive":"1" 
}

IIRC other2 is debug task and other4 is wake on lan

@mosi So you’re saying that
You boot an unregistered host to pxe
You select deploy image
It does nothing and jumps back to the menu.

You then disable the second nic in the bios, it then does work.

Does it work if you register the multi-nic host and then deploy to it? You can just delete the registration later if desired. If you don’t install the fog client on the server, having it registered there will just make it accessible for future imaging.

@DC09 Fun fact, the latest dev-branch is currently the same as the just released fog 1.5.10 in the master branch, so you’re techncially on the newest stable branch. Less fun fact, that didn’t instantly fix the problem.

I’m using kernel version 5.15.68 and I know that is working on the 840 g9 aio. I am using ipxe.efi for the bootfile. I believe fog 1.5.10 ships with 5.15.93 and it appears you’ve updated to the 5.15.98 version with the kernel update tool. Is that correct?

Do you still get the legacy NIC Wrapper during pxe boot with the new version?

Are there any bios updates available for the laptops?

Are there any bios settings related to mac address passthrough or alternate mac? I’ve only ever seen that on lenovo’s that have an embedded ethernet nic that requires a proprietary adapter to connect to, but maybe it’s a thing for more manufacturer’s now?

@Sebastian-Roth said in failed to import module:

@kalafina The fog-client is a 32 bit application as far as I know. So you might get around by installing the 32-bit Dell Command | PowerShell Provider v2.7.0 found here: https://www.dell.com/support/kbdoc/en-us/000177240/dell-command-powershell-provider?lwp=rt

If switching to the 32 bit module doesn’t work like @Sebastian-Roth suggests, you could also try changing to the alternate version of powershell in the snapinrun with path "%SYSTEMROOT%\SYSWOW64\windowspowershell\v1.0\powershell.exe"

@Scootframer
I found some things on some of these errors that suggest stopping or restarting the nfs service on the server, that doesn’t seem like the best workaround, but could be something.
What pxe boot file are you using? Have you tried reverting to an older kernel or init? You can download the bzImage with a different name in the kernel downloader within the fog gui and then set the host you’re capturing to use the alternate test kernel (so you’re not changing the kernel that you know is working for deploying images). i.e. go download the previous kernel from what you last updated and name it bzImage-test and then on the host your capturing put bzImage-test in the hosts kernel field in the fog gui and redo the debug capture steps and see what happens.

Also, are you able to run the chmod command on the server (instead of from the client in the debug session)?

@kalafina The fog client runs snapins as the system user. It looks like it also may be running the 32 bit version of powershell but he module is specifying 64 bit in the manifest or something like that. What does your snapin definition look like in the gui ?

@RTOadmin Can you provide
some examples of what you see working on the fog side and what you see not ?
The log of what’s broken ?
Version of fog and fog client ?

@DC09 I would suggest trying the dev-branch.
where you have the git fog fog cloned run git checkout dev-branch then do a git pull and then run that installer to update to the latest “dev” version.

I would also try, with or without that, updating your bzImage kernel, there’s a thing in the gui for that see also https://docs.fogproject.org/en/latest/management/other-settings.html?highlight=Kernel#updating-the-kernel

I am using the dev version and kernel version 5.15.68 and recently imaged some hp eliteOne 840 G9’s without issue. All in ones, Not laptops, but similar enough models I’m sure

@typotony That’s Great to hear!
Glad you got it working and that it was as easy as intended.

@JJ-Fullmer
A new version has been published!

Release notes here:

https://github.com/darksidemilk/FogApi/releases/tag/2303.5.26

@typotony You’re missing a - where you’re defining the -fogserver you’re also adding a - into it, it’s -fogserver not fog-server fog-server is the default value for that setting. You can also try just running set-fogserversettings -interactive without params and it should prompt you for each value. You also don’t want http in there, just the hostname (ip should work fine too but I haven’t tested that, but its just pulled in as a string into the url, so no reason it wouldn’t work)

Set-FogServerSettings -fogApiToken 'mytoken' -fogUserToken 'mytoken' -fog-server '192.168.150.25';

That should do the trick

@typotony I had a chance to test things on linux with the examples I gave and all works swimmingly.

You can install pwsh on linux a few different ways, I usually user snap because it works the same on all distros. I used the LTS version. Microsoft’s instructions are found here https://learn.microsoft.com/en-us/powershell/scripting/install/install-other-linux?view=powershell-7.3

Here’s the commands in redhat based linux I use to get pwsh installed. I imagine you could simply swap yum fo apt/apt-get in debian distros for that first command
prefix sudo if you’re not running as root.

yum -y install snapd
#create this symlink to be able to use "classic" snaps required by the pwsh package
ln -s /var/lib/snapd/snap /snap
#enable and start snapd services
systemctl enable --now snapd.socket
systemctl enable --now snapd.service
systemctl start snapd.service
systemctl start snapd.socket
#install LTS pwsh
snap install powershell --channel=lts/stable --classic
#start pwsh (you may have to logout/login to refresh your path)
pwsh

Bottom line though, you can automate the export and import operations using the api. My examples here use json but you could also use Export-csv to save the definitions as csvs but you’d then have to import them as objects and convert them to jsons, all of which there are built in functions for, but json is a bit simpler for this I think.

In order to do a multi-direction sync, you’ll probably need to add some extra processing to the export. i.e. check the .deployed variable in each image definition to determine if it has been updated and only export it then if that already exists.

To automate this, once you’ve configured the fogApi on each fog server those settings are saved securely for that user, so you can make a script for this that you plop in a cronjob for exporting and importing. i.e you do an export from each server to the /images/imageDefinitions folder
before your sync of the /images directory to cloud, then after you pull the latest you run the import that will add new ones and update existing ones.

For reference

To test this:
On my prod server I installed pwsh and the fogApi module and I made a new folder at /images/imageDefinitions and used the export-imagedefinitions function I put in my last comment to export the json definitions of each image to there.

In my dev server I mounted a clone of the /images disk from my prod server to /images (could have also mounted the nfs share and rsynced them, this was just faster for me at the time) Then installed pwsh and the module. Then I ran the import-imageDefinitions function specifiying the import path of /images/imageDefinitions. It added all the definitions and all the images show up and are ready to be used on the dev server.

I will probably add a general version of the export and import functions to the api as this could be handy for migrating servers in general.