RE: FOG new NFS Storage without node

@Tom-Elliott said in FOG new NFS Storage without node:

Simple.

You can not NFS share an NFS share.

I’m afraid I thought so.
But I do not have the possibility to install a Storage Node there.

Is there a possible secound way?

Hello,

Short story:
Could someone please explain to me why does NFS daisy chain mount does not work?

---

1. FOG Host settings

Long story:

1. vim /etc/fstab

10.1.1.1:/myimages /nfsmount nfs defaults 0 0

2. mount -a
3. cp -r /images/. /nfsmount - Copy all files (hidden also)
4. vim /etc/exports

/images *(ro,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0)
/images/dev *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=1)

/nfsmount *(ro,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=2)
/nfsmount/dev *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=3)

• IMPORTANT: fsid at the end of the line must be incremented

5. shotmount -e 127.0.01 - check NFS mount

• OUTPUT example

/nfsmount/dev *
/nfsmount     *
/images/dev   *
/images       *

---

2. Webinterface settings

https://10.10.10.10/fog/

1. Menu (Storage) -> (Add Storage Group) -> ‘NFSgroup’ -> Add
2. Menu (Storage) -> (Add Storage Node) ->

Storage Node Name = NFSmount	
Storage Node Description = my secound storage	
IP Address = 10.10.10.10
Web root = /fog	
Max Clients = 10	
Is Master Node = [x]	
Replication Bandwidth (Kbps)	
Storage Group = NFSgroup	
Image Path = /nfsmount/	
FTP Path = /nfsmount/
Snapin Path = /opt/fog/snapins/	
SSL Path = /opt/fog/snapins/ssl/
Bitrate	
Rexmit Hello Interval	
Interface = eth0
Is Enabled = [x]
Is Graph Enabled = [x]
Management Username = fogproject	
Management Password = ****** (copy it from default Storage)	

---

3. Create new Image

1. Menu (Images) -> (Create New Image) ->

Image Name = nfsExternTest
Image Description	
Storage Group = nfsgroup	
Operating System = Windows 10	
Image Path = /nfsmount/nfsExternTest (it refresh automatic after you created it, just create and check it again)
...

---

4. Capture new Image

1. Menu (Hosts) -> ‘select your pc’
2. change Host Image to nfsExternTest
3. in Submenu (Basic Tasks) -> Capture

5. Result

… but when i change to the default Storage… everything is fine.
Why does NFS daisy chain mount does not work or have i an error in my configuration.

Thanks for your time.

PS: For more information: adding-additional-image-storage-space-to-fog-server

@Malte-Will said in Setting up trusted SSL certificate:

@Sebastian-Roth
I solved the problem. In the end, the last thing i forgot was to change the ip of the fog server to the fqdn in the ipxe file.

Could you please explain in more detail, which ipxe file do you mean?
/opt/fog/.fogsettings first line?
ipaddress=…

We also needed to set the WEB HOST setting in the FOG Configuration to the FQDN.

Done.

My problem is that after my CA was changed and ipxe was rebuild; iPXE still trying to connect to the bare IP not to the FQDN.

PUSH

I’ve could adjust LDAP login, and allow only admins, but I’ve some students who would also like to work with it.
So I’m allowing admins (admin role) and students (mobile role) to access.
But not all students should have full access.

As I listened, there is a new idea with the new version 1.6 on this subject.
Hopefully this will solve my problem.

Hello,
I’m using LDAP with Access Control. LDAP -> User Filter = 991
I can see all LDAP users in the list and can assign them to the right role.
Problem:
When new users logging in for the first time, they have admin status. (undefined role)

Is there a way to initially assign them to a “guest” role? And promote them by hand afterwards?

@george1421
Thank you very much, thats all i need to know.

@george1421 said in Unkown character appears; UEFI boot "ipxe.efi�":

hat is your dhcp server?

infoblox

Thank for your fast answer. @george1421

Yeah that’s a bummer. Also found this article.
But as you said, i will boot PXE in legacy and use uefi.

0000 8e 74 ff fb b3 07 b8 ca 3a a4 3a f6 08 00 45 00 .t…:.:…E.
0010 00 48 70 a3 00 00 40 11 86 d7 8d 2d b4 57 8d 2d .Hp…@…-.W.-
0020 b4 78 04 3b 00 45 00 34 3e 69 00 01 75 6e 64 69 .x.;.E.4>i…undi
0030 6f 6e 6c 79 2e 6b 70 78 65 ff 00 6f 63 74 65 74 only.kpxe…octet
0040 00 74 73 69 7a 65 00 30 00 62 6c 6b 73 69 7a 65 .tsize.0.blksize
0050 00 31 34 36 38 00 .1468.

or

tÿû³¸Ê:¤:öEHp£@×-´W-´x;E4>iundionly.kpxeÿoctettsize0blksize1468

thats the last two character in binary:
11111111 00000000

Hello together,

i found a strange behaviour that is nowhere (at least i found nothing) noticed.

I’ve got a Dell Optiplex 7010 which has two boot option for PXE; UEFI or Legacy.
When booting with legacy, the bootfile “undionly.kpxe” will be send over from dhcp which is then searched on tftp server. Perfect.

UEFI bootfile “ipxe.efi”
The problem is: dhcp server send the right file, but the tftp-server got a wrong request:

somehow “�” get into the bootfilename.
I have now checked the dhcp setting for the third time. But everyting looks fine.
Infoblox is used as dhcp.

I then checked with Wireshark what the DHCP really sends.

Could it be that Dell got a firmware bug for uefi booting?
I testet now 3 different Dell modells, everytime the same result.

I hope I made a mistake somewhere, otherwise…

Bonus question: I am not able to start VirtualBox in UEFI PXE mode
I installed the expansion pack and also checked “efi”.
But PXE does not boot. Does anyone know what the problem is here?
-> Not possible Link
-> second “proof” Link

Thanks for your time.

@EZY4 I think we both have different problems.
I would suggest that you open a new thread on this.

As a tip: Install VirtualBox + ExtensionPack and set up the network boot only.
VirtualBox has iPXE, which gives you more information.

Furthermore you can use wireshark to check what exactly your machine receives from the dhcp-server.

@george1421 Good to know. Thanks for the information and help!

@Sebastian-Roth said in TFTP port is closed is it normal?:

@symrex said in TFTP port is closed is it normal?:

Sadly that i can’t check with wireshark while the pc is booting PXE

You actually can if you know how to configure a monitoring/mirroring port on your switch.

Restricted area for me, have no physical access to those.
But you got a good point…

@george1421 said in TFTP port is closed is it normal?:
what would happen if you spun up a new VM on the VM host server and tried to pxe boot into the fog iPXE menu

Great idea… lets test it.
HEUREKA: DHCP was sending to much information… to be specific:

Next-Server: xxx.xxx.xxx.xxx
Bootfile: undionly.kpxe
Option 66: yyy.yyy.yyy.yyy
Option 67: boot\x86\wdsnbp.com

Since I don’t have access to the DHCP server, someone else set up a DHCP server (I gave him my required configuration), and these additional options(66/67) came from an early configuration(someone else). After their deletion, pxe is working flawlessly.
The Dell BIOS PXE interface doesn’t give me any feedback in this regard, but wireshark and vbox and with your help I was able to find out where the problem was. It looks like option 66/67 will be prioritized when it is set.

Thank you for your help!

@george1421 Yeap looks like that.
But this .pcap is from the perspective of Windows client.

Client is sending information about name, size, type
Server is responding right: tsize, blksize, timeout

But client will not responde to this information.
While I was using the win10 tftp client, I look with wireshark on his actions.

And firewall is a good idea but; the bios legacy PXE have no firewall so there should be no restrictions.
Sadly that i can’t check with wireshark while the pc is booting PXE

Ok i have something.
I tested right now connection between Proxmox Host xxx.yyy.zzz.116 and Proxmox Guest FOG xxx.yyy.zzz.120
tftp file transfer is working fine without any issues.

But the strange thing is that Windows 10 pc with tftp can connect to the FOG tftp service but can’t download the file successfully. First 512 bytes are working but the acknowledgement from windows client is missing. Thats why the same data is send from FOG everytime.

Maybe the client from windows isn’t working properly?

@george1421 said in TFTP port is closed is it normal?:

First did you disable the ubuntu firewall on the FOG host server?

Debian 10.3
Proxmox Global iptables disabled
checked with pinging… after disabling, ICMP request comes through.

Second, install the tftpclient role on a windows 10 computer. Drop the windows 10 firewall, then key in to a cmd window tftp <fog_server_ip> GET undionly.kpxe . We only need to test to see if the file downloads, if yes then go to Third.

There’s the problem. It tries to download it, but does not get any confirmation. That’s why it only tries the first 512 bytes again and again from the beginning.

Verbindungsanforderung fehlgeschlagen.  (Connection request failed.)

Every “Data Packet” have the same content.

Third, ensure you know what device is pxe booting. The undionly.kpxe boot loader is only for bios based computers. The uefi boot loader is ipxe.efi. You can’t mix boot loaders and hardware.

Yep, BIOS Legacy is right.

Ok, after several tests I would suspect that the tftp service does not respond correctly to external connections.

tftp -v localhost -c get undionly.kpxe

This command works fine on the host maschine.
But on a another debian maschine there comes a timeout.

tcpdump says: request arrives at the host, but he does not respond.
FOG server send everytime the same data packet, maybe because the client does not acknowledge the packets?
How should it look right?

https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue

tcpdump result:

chown fogproject:root -R /tftpboot
chmod -R 777 /tftpboot

Hello together,
yesterday i installed a fresh 1.5.8 FOG server without any issues.
Then setup a external DHCP Server (Nextserver IP; Bootfile= /tftpboot/undionly.kpxe).
I tried to boot PXE from a pc, but no response. (looks like it have a connection but, abord it immediately)

Firewall, iptables are disabled. (https://wiki.fogproject.org/wiki/index.php/Unable_to_connect_to_TFTP)

After checking on the maschine

ps aux | grep tftp
/usr/sbin/in.tftpd --listen --user root --adress :69 -s /tftpboot

TFTP is running and after a local GET command

tftp localhost 
verbose
binary
status
get undionly.kpxe

The right file is there. But from a external host i can’t reach the tftp service.

And when i check the port on the host:

nmap localhost -p 69

69/tcp closed tftp

Is it normal that on the FOG maschine tftp port (69) is normaly closed?

What else could it be, that i can’t get a access from outside. Everything that i install (openvpn, ssh) have instant a open port and is accessible.

Is there somewhere a config file that i forget to setup?

Thanks for your time.

PS:
FOG is in a Proxmox VM
PC is a Dell Optiplex 7010
PXE-M0F is the error that occure
I checked with Wireshark DHCP. Everything looks good. Nextserver-ip and bootfile are right.