RE: VM won't boot from PXE on proxmox

@ordinatous You mentioned you have the fog server on esxi. Is putting your image vm on esxi an option? That’s where I keep mine and it works rather well. I just keep it turned off when it’s not being configured and captured.

A minor update has been released

Release notes: https://github.com/darksidemilk/FogApi/releases/tag/2303.5.33
PSgallery Listing: https://www.powershellgallery.com/packages/FogApi/2302.5.33

@Sebastian-Roth So I think I found something related to this that may be a bug.

We recently got some Lenovo x1 yoga gen7’s. They have an internal mac with the pass through option, but usb-c or usb adapter is the only option.

When I have pass through on and register the host with a usb-c mac it registered the host with the passed-through address.
When I then reboot to re-image, the pxe boot menu detected the usb mac instead and said the host wasn’t registered
I added the usb mac to the host manually as a second mac and then it worked fine.
So at different points in the process of pxe boot, it gets a different mac when pass-through is enabled, I’d expect it to always use the passed-through mac.

I don’t know if this is a new hardware behavior or new fog behavior. I have another lenovo laptop I need to image today that also does the mac passthrough. I’ll do some testing with that one if I have the time.

@ordinatous For using ipxe.efi you need to change the VM settings to use uefi instead of bios/legacy mode. I’m not familiar with proxmox but I found this related guide https://blog.hadenes.io/post/convert-a-proxmox-windows-guest-from-bios-to-uefi/#:~:text=Open the Proxmox web interface and navigate to,if you plan to upgrade to Windows 11)
It’s not all relevant as it starts with how to convert the windows install (if you already installed windows in bios mode, I would suggest redoing it in uefi mode unless all your hardware can only use bios mode). But this bit is how to change to uefi mode.

Open the Proxmox web interface and navigate to the options for the guest machine.
Add a new “EFI disk” to the guest machine, making sure to enable the “Pre-Enrolled-Keys” option.
Add a new “TPM” device to the guest machine. (only necessary if you plan to upgrade to Windows 11)
Change the “BIOS” option from “SeaBIOS” to “OVMF”.

@ordinatous Is it just freezing after that last screenshot you added? It looks correct up to that point. Are you able to boot to the fog menu from a physical device?

@ordinatous
Have you tried using uefi mode and using ipxe.efi or snponly.efi?
Or if you must use legacy, have you tried a different pxe bootfile like undionly.kkpxe or ipxe.kpxe ? You just need to specify a different file in option 66

@Sebastian-Roth Just an FYI, I ran into this again on different hardware. An HP Z2 G4 Workstation did the same thing.
There may have been more to it though, still troubleshooting a bit. My failsafe in the postdownload script to have it still join the domain through the unattend file was injected into the file, but the computer did not join the domain through that method, there may have been a different reason for that though.

Point being, there could be other hardware that weirdly doesn’t get all the variables. I sadly can’t super test on this hardware as I discovered it when imaging a production machine that I can’t take out of production for testing. But I can probably find a chance to get the fos level device info or something.

As a side note:
The image type description in the wiki (I got there from the balloon help: https://wiki.fogproject.org/wiki/index.php?title=Managing_FOG#Images) points to a non-existing page (404): https://docs.fogproject.org/en/latest/management/image-management.html

Thanks! @JJ-Fullmer would you find the time to fix that quickly?

Fixed!
@medchemii thanks for letting us know. We changed the structure of the new docs page a bit and it affected the links. We’re working on getting redirection working for old links still

@wass This is 100% supported and the recommended way to use fog. One thing you need to do for sure is disable secure boot on the machine as the ipxe bootfile isn’t a signed boot file (it hopefully will be in the not too distant future).

The other important step is setting up your dhcp server to point to fog by setting option 66/67 on your dhcp server, see also https://docs.fogproject.org/en/latest/installation/network-setup/

If there’s a more specific part of the setup you need help with we’ll happily guide you through it

@sega said in Coding a shortcut Webview/Problem with the API:

Ok, the call in Postman worked now, I just had to change a setting.
Now I want to import that call in html/js. But I just get an error as response:

GET http://192.168.xxx.xxx/fog/task/active net::ERR_ABORTED 403 (Forbidden)

I’m pretty sure I have to change something in the fetch function? But I’m not sure. The HTML file is right now running on a local PHP server.

fetch("http://192.168.xxx.xxx/fog/task/active", {
        method: "GET",
        mode: "no-cors",
        headers: {
          "fog-api-token": "token",
          "fog-user-token": "token"
        }
      })

Does this fetch function work for other things in your custom page?

I’m not a php expert, but I found this post that suggests using a curl extension or using file_get_contents with json_encode and json_decode

https://stackoverflow.com/questions/9802788/call-a-rest-api-in-php

@Tom-Elliott might know more about using php with the api.

@Sebastian-Roth I realizing it doesn’t matter as much now since you got it recreated, but I am using vmware workstation and I am using the ipxe.efi boot file.

@mosi Are you saying you recreated the problem on a VM with 3 nics or the problem doesn’t happen in that case?
Also, are all nics connected to the network? Are they in a nic team/bond/aggregate link? Connected to different subnets? only 1 connected?

EDIT: I tested this in a VM and recreated the problem. It didn’t matter if 1 or all adapters were connected, if 3+ exist on an unregistered host it behaves as @mosi describes.

UPDATE: I also tried some previous bzImage and init versions, all the same behavior.

@ajm2358 Is this a usb mac (or macs) that you use on devices that don’t have built-in lan?

I have a powershell method for doing this via the api, but the full solution requires some infrastructure work to store the defined macs used for imaging somewhere you can get them. I embed them in an internal powershell module I use for provisioning. You may really just need one or 2 functions from this example and I also haven’t tested it working just copy paste. You would for sure need to install the module and connect to the api first. I took this from my module but I believe it should work once you have the module installed, imported, and connected.

After a computer finishes imaging and provisioning, my last step is uses the powershell fogapi module (see the links in my signature for info on the module) to run

$usbmacs = [pscustomobject]@{
  mac = "00:00:00:00:00";
  description = "mac description, I have these defined in a json, this is an inline example";
}

$result = Remove-UsbMac -usbMacs.mac  -hostname ($ENV:COMPUTERNAME);

Then I make sure all the macs that are valid are present

$physicalMacs = (get-netadapter | select-object -expand macaddress).replace("-",":")
                    $fogHost = (Get-FogHost -hostName $ENV:COMPUTERNAME) 
                    $hostID = ($fogHost.id);
                    $pendingFogmacs = Get-FogHostPendingMacs -hostID $hostID;
                    $pendingFogmacs | ForEach-Object {
                        $pendingMac = $_;
                        if ($usbMacs.mac -notcontains $pendingMac.mac) {
                            "Mac $pendingMac is pending and is not usbmac" | Out-Host;
                            if ($physicalMacs -contains $pendingMac) {
                                "Mac $($pendingMac.mac) is attached to this device, approving" | Out-Host;
                                Approve-FogPendingMac -macObject $pendingMac;
                            } else {
                                if ($pendingMac.hostID -eq $hostID) {
                                    "Mac $($pendingMac.mac) is not attached to this device, removing it from Fog" | Out-Host
                                    Deny-FogPendingMac -macObject $pendingMac;
                                }
                            }
                        } else {
                            "Mac $($pendingMac.mac) is a usbmac, removing it from Fog" | Out-Host
                            Deny-FogPendingMac -macObject $pendingMac;
                        }
                    }
                    $fogMacs = Get-FogMacAddresses;
                    $physicalMacs | ForEach-Object {
                        $mac = $_;
                        $fogMac = $fogmacs | Where-Object mac -eq $mac;
                        if ($null -eq $fogMac) {
                            if ($mac -notin $usbMacs.mac) {
                                "$mac doesn't exist in fog, adding it for the host" | Out-Host;
                                try {
                                    Add-FogHostMac -hostID $hostID -macAddress $_ -forceUpdate;
                                } catch {
                                    Write-Warning "secondary mac address $($_) failed to add to host"
                                }
                            } else {
                                "Usb mac $mac is attached, remove usb mac after provisioning!" | out-host;
                            }
                        } else {
                            $otherHost = Get-FogHost -hostid $fogmac.hostId
                            "Mac address $mac is already assigned to or pending for a different host, $($otherhost.name)" | out-host;
                        }
                    }

Then I make sure I didn’t break the host on accident during that by unintentionally deleting all the macs

try {
                        $hostObj = (Get-FogHost -hostName $ENV:COMPUTERNAME)
                        if (!$hostObj) {
                            throw "host not found by name, trying by active mac instead"
                        }
                    } catch {
                        $mac = get-activeMacAddress;
                        $hostObj = Get-FogHost -macAddr $mac;
                    }

                    if ($hostObj.pending -ne '0') {
                        Write-Verbose "The host is pending or not explicitly set to not pending in fog, adjust host to be approved be setting pending to '0'";
                        try {
                            Reset-HostEncryption -fogHost $hostObj;
                            $hostObj.pending = "0";
                            $jsonData = $hostObj | Select-Object id,pending | ConvertTo-Json;
                            Update-FogObject -type object -coreObject host -IDofObject $hostObj.id -jsonData $jsonData;
                            Restart-Service FOGService;
                        } catch {
                            Write-Verbose "There was an issue resetting host encryption or when running set-fogou -force. Host id is $($hostObj.id)"
                        }
                    }

TL;DR

Take a look at the Fog API Powershell Module especially the Remove-USBMac function and the Deny-FogPendingMac function. You can also use the above example for a more robust solution. The above solution also assumes its being run from the host in question, you can also manage any host remotely through the api.

@mosi But you have a use case where you want to be able to image a server machine without ever registering it in fog, yes? Is it not working on a multi-nic device new fog version 1.5.10 or is this the first time you’ve tried it on a multi-nic device?

@sega said in Coding a shortcut Webview/Problem with the API:

There isn’t any documentation about the various taskTypeIDs, I think thats my main problem.

It’s on the todo list, it’s a long todo list though.

In the interim:

You can get the tasktype ids from the urls in the gui
i.e. you go to a hosts task page
http://fogserver/fog/management/index.php?node=host&sub=edit&id=1#host-tasks

And each link to a task type on that page ends with &type=# where that number is that tasks id.

To then figure out the required fields for that task you have to look into the various classes. For tasks its a bit trickier to find that it is for objects. I sadly don’t remember how I figured out where those fields were, I think @Tom-Elliott helped me a few years back and I forgot to write down the origin of it all.

@sega I believe you need more in your json post

I have a function in the fogApi powershell module to deploy an image.
The code is in the syntax for powershell not curl, but it should give you an idea.
https://github.com/darksidemilk/FogApi/blob/master/FogApi/Public/Send-FogImage.ps1

i.e. a simple deploy image now task of a host’s assigned image would have json like this

{
    "taskTypeID": "1",
    "shutdown":"0",
    "other2":"0",
    "other4":"1",
    "isActive":"1" 
}

IIRC other2 is debug task and other4 is wake on lan

@mosi So you’re saying that
You boot an unregistered host to pxe
You select deploy image
It does nothing and jumps back to the menu.

You then disable the second nic in the bios, it then does work.

Does it work if you register the multi-nic host and then deploy to it? You can just delete the registration later if desired. If you don’t install the fog client on the server, having it registered there will just make it accessible for future imaging.

@DC09 Fun fact, the latest dev-branch is currently the same as the just released fog 1.5.10 in the master branch, so you’re techncially on the newest stable branch. Less fun fact, that didn’t instantly fix the problem.

I’m using kernel version 5.15.68 and I know that is working on the 840 g9 aio. I am using ipxe.efi for the bootfile. I believe fog 1.5.10 ships with 5.15.93 and it appears you’ve updated to the 5.15.98 version with the kernel update tool. Is that correct?

Do you still get the legacy NIC Wrapper during pxe boot with the new version?

Are there any bios updates available for the laptops?

Are there any bios settings related to mac address passthrough or alternate mac? I’ve only ever seen that on lenovo’s that have an embedded ethernet nic that requires a proprietary adapter to connect to, but maybe it’s a thing for more manufacturer’s now?

@Sebastian-Roth said in failed to import module:

@kalafina The fog-client is a 32 bit application as far as I know. So you might get around by installing the 32-bit Dell Command | PowerShell Provider v2.7.0 found here: https://www.dell.com/support/kbdoc/en-us/000177240/dell-command-powershell-provider?lwp=rt

If switching to the 32 bit module doesn’t work like @Sebastian-Roth suggests, you could also try changing to the alternate version of powershell in the snapinrun with path "%SYSTEMROOT%\SYSWOW64\windowspowershell\v1.0\powershell.exe"

@Scootframer
I found some things on some of these errors that suggest stopping or restarting the nfs service on the server, that doesn’t seem like the best workaround, but could be something.
What pxe boot file are you using? Have you tried reverting to an older kernel or init? You can download the bzImage with a different name in the kernel downloader within the fog gui and then set the host you’re capturing to use the alternate test kernel (so you’re not changing the kernel that you know is working for deploying images). i.e. go download the previous kernel from what you last updated and name it bzImage-test and then on the host your capturing put bzImage-test in the hosts kernel field in the fog gui and redo the debug capture steps and see what happens.

Also, are you able to run the chmod command on the server (instead of from the client in the debug session)?