@salted_cashews Are you sure the image was captured with Zstd as well? If you change that option in the image setting you need to re-capture it!
Running a debug deploy task and ssh into it (you need to set a root password within the booted FOS environment on your client machine using passwd command) to look at the partclone.log is definitely a good idea.
@lucas942 When you see the “Error returned: Invalid Storage Group”, can you please connect to the database on your FOG server and run the following query:
shell> mysql -u root -p
Password:
...
mysql> use fog;
...
mysql> SELECT taskID,taskName,taskCreateTime,taskHostID,taskNFSGroupID FROM tasks ORDER BY taskID DESC LIMIT 5;
...
Take a picture or copy&paste the whole output here.
@Chimpish Sorry, had lots of work over the last days and not much time to take a thorough look at this. Re-reading the whole thread I see that I have missed an important piece of information. Changing the images directory is kind of an advanced thing within FOG because there are various places where you need to change the setting. Seems like you have properly changed /opt/fog/.fogsettings as well as the storage node settings in the web UI but the NFS exports are still pointing to the old location. Should have been fixed when you re-run the installer script after changing /opt/fog/.fogsettings but you can also do it manually. Just edit /etc/exports and restart your FOG server after that.
I am just wondering why you decided to change the image location. Probably because your Ubuntu system was setup with a separate partition mounted to /home with more available space. Sure you can move your images to /home/fog/images to use that space but a proper way of extending your images space (moving the images to a different partition) is described in the wiki: https://wiki.fogproject.org/wiki/index.php/Add_%26_Extend_a_2nd_Virtual_HDD
Not saying one way is correct and the other is wrong. I just think that it’s worth knowing both and having 15+ years of hands on experience with Linux I’d definitely go the way described in the wiki article.
@processor Did you get to test if it’s definitely the changed inits causing/fixing the FTP error?
@ErwinBullen Hmmm, seems like the compressed image file cannot be read properly. Possibly it’s corrupt? Do you have enough space on your server to do an extraction test?
cd /images/B-Blok-v18-v4
file d1p2.img
zcat d1p2.img > partition2_extraction_test.img
Please take a picture of the output of those commands and post here.
@astrugatch said in FOG 1.5.6 Officially Released:
Adding a UI element to streamline this (eg upload third party cert and restart fog from the UI) would make it more user friendly. This is the default with JAMF (tomcat) and Solarwinds.
As discussed here it’s not as easy as it sounds: https://forums.fogproject.org/topic/12926/fog-behind-reverse-proxy
But I am with you that we should encourage more people to make it more secure and one important step would be to ask within the installer. Just not sure yet if we make the default choice yes or no.
@george1421 @Wayne-Workman Thanks for your thoughts on this! Definitely helpful to get some more inspiration on this topic.
I guess we need to distinguish between different communications when talking about SSL. As George mentioned there are two (or actually three) different things communicating, one fog-client to FOG server, the other one IT admin web browser to FOG web UI and as third communicator there is iPXE to load the boot menu. The fog-client is using it’s own encryption protocol (HTTP within an encrypted tunnel based on certificates similar to HTTPS but not exactly like it!) since years and switching that to the official HTTPS standard is doable but not planned at the moment. The encryption used is state of the art and as strong as HTTS (SSL/TLS) is.
We transfer login password, AD credentials (when configuring those) and other things like that on the web UI communication and I definitely see that securing this should be easy to accomplish for users who want/need it. But we still default to plain HTTP partly because we provide pre-compiled iPXE binaries that cannot include a SSL CA trust certificate as every FOG server in the world generates it’s own CA on the first install. So delivering pre-compiled iPXE binaries is not possible. I have added a script (utils/FOGiPXE/buildipxe.sh) some time ago that is called to compile a full set of HTTPS enabled iPXE binaries embedding the “personal” FOG server CA into them. This works in most cases but it’s quite a heavy challenge if something goes wrong and we need to guide people through debugging this.
Perhaps it could be made easier to setup SSL, rather than forcing it? Perhaps make it optional, and defaulting to ‘no’.
Ok, that would be just renaming the option from force-ssl to use-ssl and ask for it as an installer question I reckon. Could do.
One of the things we are seeing with modern web browsers is that they are not liking self signed certificates. So every site you go to that has a self signed certificate you get the warning and have to click through a few screens to get to the site that employs a self signed certificate.
True, but let’s encrypt is not an option here as Wayne already explained. Maybe we should make it easier (provide a tool) to import the CA certificate into the browser store to get rid of the self signed messages. Not sure if that might cause other issues for users?!
Beyond SSL there are a few things that FOG developers could do it improve FOG’s security stance (i.e. mysql, secure password, firewall, etc).
Definitely a good point!!! Should fix that before we get into encrypting everything.
Open up the discussion. Should FOG install as SSL by default? What potential pitfalls could we face?
@Chimpish Can you please post a picture of the VMware network settings of the client VM you are trying to capture?
The fog server is serving as the dhcp server on the network, had some trouble getting it set up
If you select the right options the FOG installer will to that for you. No need to manually do that. And from the fogsettings output you posted it looks like you have chosen to let the installer setup DHCP server for you. Can you please post the contents of your DHCP server configuration here as well. Just to make sure there is no issue in that.
@ianabc Have not had any time to look into this. Haven’t used that plugin in a long time and need to fiddle with it before I can give you any answer. Might be on the weekend.
@george1421 Two very good questions which I don’t seem to be able to answer.
Well, can give it a try - more guessing. As far as I see it the only dependencies we have is .NET framework and Zazzles library (that we install with the client). I don’t know of any other service that we depend on.
@Fernando-Gietz Can you please check Windows event log and fog client log (C:\fog.log or C:\Program Files (x86)\fog\fog.log) to see if there is any valuable information?
This kind of issue has been discussed in the forums some while ago. Back then Joe fixed something and a new client version was released. So I am wondering if the issue is back again: https://forums.fogproject.org/topic/8184/windows-10-client-0-11-4-windows-service
Do you sysprep your image? https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#FOG_Client_with_Sysprep
@processor Which version of the init file are we talking about here? Sure the new one is from 1.5.6 but what version is the older one from that you tested?
From the error message we see in the picture I still can’t imagine that a change of the init file (this being the only change) can cause this error. That ftp code is running on the FOG server and only invoked by the client through URL calls. Those URL calls have not changed in a long time as far as I know.
Are you absolutely sure that simply changing the init file (/var/www/html/fog/service/ipxe/init.xz) from a new version to an older one (which version?) triggers fixes this error? How did you move to the older init version? Simply by copying the file or re-running an older installer?
@DarKFeeliN Do you set Wireshark to capture in promiscious mode?
@ErwinBullen Did you update all your nodes to 1.5.6?
@Fernando-Gietz Not sure I get this correctly. Is the FOGService on all your clients set to “delayed start” ? I think it really should be set to delayed.
@ckasdf Please send us a picture of that or even better a video!
@george1421 Can we move this discussion to another thread or even better open an issue for it so it won’t get lost in the depths of the forum??
@Gordon-Taylor Am I on the wrong track here? I can’t see your issue being related to the one posted here in any way. Here we are very likely talking about a miss-configuration (typo in bzImage name). Did you get the exact same error message “Could not select: Exec format error”??
@george1421 @Gordon-Taylor What mysql bug are we talking about here?! Do you mean using an empty mysql root account password in FOG?
@mtanigawa Shall we keep this issue open. Will you get to look into this over the next days?
@Chimpish On the other hand I am wondering about the No route to host error message. That usually means that the client is in a different network subnet than the server and there is no route set on the client that would make it possible to reach the FOG server.
What IP address is assigned to the client?? And what is serving DHCP in your network?? The FOG server or a Windows DHCP server?