RE: Problem with HTTPS upgrade

@tom-elliott said in Problem with HTTPS upgrade:

buildIpxe TRUST=/var/www/fog/management/other/ca.cert.pem

I modified the paths, but something in the build process is erroring

  [FINISH] bin/realtek.kpxe
  [FINISH] bin/realtek.kkpxe
  [FINISH] bin/ipxe.lkrn
make: 'bin/ipxe.lkrn' is up to date.
  [GENISO] bin/ipxe.iso
cp: missing destination file operand after 'bin/iso.dir.RnYQV4'
Try 'cp --help' for more information.
genisoimage: Uh oh, I cant find the boot image 'isolinux.bin' !
  [FINISH] bin/ipxe.kkpxe

@tom-elliott ohhh, other posts said to “trust” that cert…so I was confused. So I should have
TRUST=/usr/lib/ssl/certs/ca-certificates.crt instead?

EDIT: That didnt work…

@sebastian-roth said in Problem with HTTPS upgrade:

@sbenson Ok, and could you please take a new picture of the current error message you see on screen with this?

The screen in sthe same as the previous screen. I even re-made the files suggested in the below code, because I wasn’t sure if the cert was recreated after i reinstalled it. In any case, its not working. Still says
Https://10.63.76.44/fog/service/ipxe/boot.php… No such file or directory

cd ~/projects/ipxe/ipxe-bios/src
make bin/undionly.kpxe EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt
make bin/ipxe.pxe EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt
make bin/undionly.kkpxe EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt
make bin/intel.pxe EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt


# simple 32 bit EFI binaries with embedded script 
cd ~/projects/ipxe/ipxe-efi/src 
make bin-i386-efi/ipxe.efi EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt
make bin-i386-efi/snponly.efi EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt
make bin-i386-efi/intel.efi EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt

# simple 64 bit EFI binaries
cd ~/projects/ipxe/ipxe-efi/src
make bin-x86_64-efi/ipxe.efi EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt
make bin-x86_64-efi/snponly.efi EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt
make bin-x86_64-efi/intel.efi EMBED=ipxescript TRUST=/var/www/fog/management/other/ssl/srvpublic.crt

@sebastian-roth
This seems to all be stemming from SSL, and I dont know if anyone else is using SSL. I found an issue with the install script previously that would make it so people couldn’t install SSL without fixing it manually. So if that was a problem and no one noticed, I don’t think anyone else uses SSL.

[11:45:12] sbenson@SRO-FOG-01[0]:/tftpboot$ cat default.ipxe
#!ipxe
cpuid --ext 29 && set arch x86_64 || set arch i386
params
param mac0 ${net0/mac}
param arch ${arch}
param platform ${platform}
param product ${product}
param manufacturer ${product}
param ipxever ${version}
param filename ${filename}
param sysuuid ${uuid}
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
:bootme
chain https://10.63.76.44/fog/service/ipxe/boot.php##params

@tom-elliott
Weird, now it is booting back to not finding http://10.63.76.44/fog/service/ipxe/boot.php changed the default.pxe and it still doesnt. Now it is using the new build version of ipxe though. oh that might be an RC4 to RC7 change it was on 9ccd8 and is now on 70544

@tom-elliott
upon doing this now the pxe booting starts, and instantly drops back to the laptop netboot selection

[12:45:21] root@SRO-FOG-01[0]:/$ diff -r tftpboot tftpboot_orig/
Binary files tftpboot/i386-efi/intel.efi and tftpboot_orig/i386-efi/intel.efi differ
Binary files tftpboot/i386-efi/ipxe.efi and tftpboot_orig/i386-efi/ipxe.efi differ
Binary files tftpboot/i386-efi/snponly.efi and tftpboot_orig/i386-efi/snponly.efi differ
Binary files tftpboot/intel.efi and tftpboot_orig/intel.efi differ
Binary files tftpboot/intel.pxe and tftpboot_orig/intel.pxe differ
Binary files tftpboot/ipxe.efi and tftpboot_orig/ipxe.efi differ
Binary files tftpboot/ipxe.pxe and tftpboot_orig/ipxe.pxe differ
Only in tftpboot: pxelinux.0
Only in tftpboot/pxelinux.cfg: default.bad
Only in tftpboot/pxelinux.cfg: default.dist
Binary files tftpboot/snponly.efi and tftpboot_orig/snponly.efi differ
Binary files tftpboot/undionly.kkpxe and tftpboot_orig/undionly.kkpxe differ
Binary files tftpboot/undionly.kpxe and tftpboot_orig/undionly.kpxe differ

@tom-elliott I said yesterday that I updated to RC7. I have the booting fixed by adding the cert to the files, but now registrations don’t work, and it’s not listing images from the ipxe “Deploy images” menu

OK, all files compiled with the the certs, now when I select deploy images, it instantly switches back to the fog main screen. I am still trying to figure out why, nothing in /var/log or /var/log/fog.

I am doing a quick registration to see if it deploys through there. And it fails to register

https://www.youtube.com/watch?v=J9UqiiQzvX0

@sebastian-roth
FYI the wiki is wrong for the efi portion
It has the wgets listed as
http://sourceforge.net/p/freeghost/code/HEAD/tree/trunk/src/ipxe-efi/src/config/…

and should be

http://sourceforge.net/p/freeghost/code/HEAD/tree/trunk/src/ipxe/src-efi/config/…

I am not sure how to recompile ipxe. I did just upgrade from RC4 to RC7 and it didn’t help. I have done a git pull and dont see anywhere to compile it

@sebastian-roth No, now the ipxe boot screen says https, and still doesn’t work. I have not re-created the SSL cert as Tom said.

@sebastian-roth said in Problem with HTTPS upgrade:

@sbenson Well, compare the URLs again. The one xou opened in your browser is HTTPS and the other one called by ipxe is HTTP…

I updated the default.ipxe to use https. as seen in the previous post.

@george1421 said in Problem with HTTPS upgrade:

@sbenson Please check the content of your /tftpboot/default.ipxe file. Did you happen by chance make a type-o when you installed fog or changed it IP address after you installed FOG? If so there are steps you need to take to get all of the bits back in alignment.

Typo when putting the info in this ticket. the IP of the server is 10.63.76.44

#!ipxe
cpuid --ext 29 && set arch x86_64 || set arch i386
params
param mac0 ${net0/mac}
param arch ${arch}
param platform ${platform}
param product ${product}
param manufacturer ${product}
param ipxever ${version}
param filename ${filename}
param sysuuid ${uuid}
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
:bootme
chain https://10.63.76.44/fog/service/ipxe/boot.php##params

@tom-elliott said in Problem with HTTPS upgrade:

(10.64.76.44 vs. 10.63.76.44)

This was a typo when I transposed the ipxe screen to here. Posting images wasnt working for me

@tom-elliott

@tom-elliott said in Problem with HTTPS upgrade:

@sbenson said in Problem with HTTPS upgrade:

https://10.63.76.44/fog/service/ipxe/boot.php

And if you goto the link as is directly in the browser?

#!ipxe
set fog-ip 10.63.76.44
set fog-webroot fog
set boot-url http://${fog-ip}/${fog-webroot}
cpuid --ext 29 && set arch x86_64 || set arch i386
goto get_console
:console_set
colour --rgb 0x00567a 1 ||
colour --rgb 0x00567a 2 ||
colour --rgb 0x00567a 4 ||
cpair --foreground 7 --background 2 2 ||
goto MENU
:alt_console
cpair --background 0 1 ||
cpair --background 1 2 ||
goto MENU
:get_console
console --picture http://10.63.76.44/fog/service/ipxe/lbs-fog-bg.png --left 100 --right 80 && goto console_set || goto alt_console
:MENU
menu
colour --rgb 0xff0000 0 ||
cpair --foreground 1 1 ||
cpair --foreground 0 3 ||
cpair --foreground 4 4 ||
item --gap Host is NOT registered!
item --gap -- -------------------------------------
item fog.local Boot from hard disk
item fog.memtest Run Memtest86+
item fog.reginput Perform Full Host Registration and Inventory
item fog.reg Quick Registration and Inventory
item fog.deployimage Deploy Image
item fog.multijoin Join Multicast Session
item fog.sysinfo Client System Information (Compatibility)
choose --default fog.local --timeout 10000 target && goto ${target}
:fog.local
sanboot --no-describe --drive 0x80 || goto MENU
:fog.memtest
kernel memdisk initrd=memtest.bin iso raw
initrd memtest.bin
boot || goto MENU
:fog.reginput
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=10.63.76.44/fog/ consoleblank=0 rootfstype=ext4 storage=10.63.76.44:/images/ storageip=10.63.76.44 loglevel=4 mode=manreg
imgfetch init_32.xz
boot || goto MENU
:fog.reg
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=10.63.76.44/fog/ consoleblank=0 rootfstype=ext4 storage=10.63.76.44:/images/ storageip=10.63.76.44 loglevel=4 mode=autoreg
imgfetch init_32.xz
boot || goto MENU
:fog.deployimage
login
params
param mac0 ${net0/mac}
param arch ${arch}
param username ${username}
param password ${password}
param qihost 1
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
param sysuuid ${uuid}
:fog.multijoin
login
params
param mac0 ${net0/mac}
param arch ${arch}
param username ${username}
param password ${password}
param sessionJoin 1
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
param sysuuid ${uuid}
:fog.sysinfo
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=127000 web=10.63.76.44/fog/ consoleblank=0 rootfstype=ext4 storage=10.63.76.44:/images/ storageip=10.63.76.44 loglevel=4 mode=sysinfo
imgfetch init_32.xz
boot || goto MENU
:bootme
chain -ar http://10.63.76.44/fog/service/ipxe/boot.php##params ||
goto MENU
autoboot

@sebastian-roth

Configuring (net0 MA:CA:DD:RE:SS:00)..... ok
Received DHCP answer on interface net0
tftp://10.64.76.44/default.ipxe... ok
https://10.63.76.44/fog/service/ipxe/boot.php... No such file or directory (http://ipxe.org/2d0c613b)
Could not boot: No such file or directory (http://ipxe.org/2d0c613b)

@tom-elliott Any suggestion on how to get it working. I did notice in the error logs i found this on each attempted boot

==> syslog <==
Aug  7 11:37:25 SRO-FOG-01 in.tftpd[24901]: tftp: client does not accept options

@sebastian-roth Ok, this was working on 1.3.0 rc like 15 or something. Upgrading to 1.5.0-rc4 seemes to have broken this.

@wayne-workman
I actually already tried this. Still doesn’t work

EDIT: well tried the default.ipxe file. I am not sure where to try the

make bin-x86_64-efi/ipxe.efi EMBED=ipxescript TRUST=/var/www/fog//management/other/ssl/srvpublic.crt

Server

• FOG Version: 1.5.0-RC-4
• OS: Ubuntu 16.04

Description

Getting an error saying
http://10.x.x.x/fog/service/ipxe/boot.php...No such file or directory.

I have SSL enabled on fog so it should be contacting https://. I am not sure if the ipxe boot agent honors HTTP 302 responses. Is this something that should be hard coded in the boot image since it comes from an https installation?

I have confirmed that the file does exist in https, and http provides a 302.