RE: FOG iPXE menu “Deploy Image” not working

FOG iPXE meu is doing cert validation check at some point. Where would I need to change so it can verify my cert?
I’m on Rhel 9 running apache 2.4. No error on any of the log file.

Please help!!!

Hello all,
I have narrowed down the issue a bit further.
The issue is with my own web certificate and ipxe.
I reran the installation with -S option for https. The installer built ipxe files using FOG generated ssl certs. I was able to go to FOG iPXE menu and get into Deploy image just fine and of course, fog website I complained that I don’t have a valid cert. It accepted my login when going to Deploy Image and I got the normal FOG menu color/background.
Then I pointed ssl cert to my own cert in fog.conf, and rebuild the ipxe files then the issue started. Fog website worked fine with a valid certificate but I could not login to Deploy Image and FOG iPEXE menu color/background changed.
I used this method on the old server in the past and it worked for many many years but it is no longer the case.
What is the new and proper way to set up FOG with https using my own cert? Thanks.

New installation and new host but I’m not sure why I’m not getting the default background and menu/text colors.

Hi,

I’m setting up a new FOG server. The installation went through successfully. I can deploy image just fine when scheduling a task through the web UI. However, Deploy Image function from FOG iPXE doesn’t work. After entering user/password (either correct or not), the screen goes back to the FOG menu. I reran the installation many times. I even deleted fog database from mysql and deleted fog web folder but nothing help.

FOG version: 1.5.10.1634

What could be the problem? Thank you in advance for your help!

Hi @Tom-Elliott. Do you know which settings do I need to change so outgoing email is not coming from Apache?
I changed the outgoing email for FROM EMAIL and EMAIL BINARY in the web UI to donotreply@mydomain.com. Notification email went out as apache@myfogserver.localdomain. I then set myorigin = mydomain.com in main.cf, I received the notification from donotreply@mydomain.com which looks correct but according to maillog, and full header of the email, the email was sent from apache@mydomain.com.

Hi @rogalskij. Did you have change anything for EMAIL BINARY after installing Postfix? If I want to use a specific FROM EMAIL address , would I need to replace noreply@${server-name}.com in EMAIL BINARY to that specific from email address?

@mashina Pick a class D IP address (except 224.0. 1.1) and put in it multicast address from your last screenshot to see if it helps.

@rtarr I had to renew my cert. Recompiled iPXE binary with error and chainload failed during PXE boot. Adding that line and recompiling worked without error. Thank you!

Hello all,

Happy holidays!

We are on latest released FOG 1.5.10. I upgraded from PHP 7.4 to 8.1 and 8.2. I’m getting HTTP ERROR 500 for both versions when logging with LDAP or any unknown accounts that are not listed under “User Management”. I re-ran the installation but it didn’t help. Would anyone be able to assist?

Thank you!

Hello all,

Our security team has asked us to enable SSO and use DUO for authentication through web and accessing FOS menu. We are on version 1.5.9 and only LDAP is available. With the released of version 1.5.10, can we SSO or is there away to use SSO with 1.5.9?

Thank you!

Thank you all for your help. I was able get an exemption from the security team for ftp plaintext. I’m down to the last issue about the nfs mount points and folder permissions. They don’t like the fact that these mount points are open to everyone. What is the proper way to secure them?
I currently have:
/images *(ro,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0)
/images/dev *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=1)

What is the proper permission for /images folder (and sub folders)? It is now set to drwxrwxrwx. fogproject root 4096.

@technolust It looks like your Storage node is pointing to /fogserver/images. Verify if it exists otherwise change your image path and FTP path to /images

@Sebastian-Roth @george1421 Thank you. I’ll give them the source code to see what they say. @george1421 I explained that to them. They are okay with it but they need a written document from the developer in order to grant a exemption.

Good morning @george1421 @Sebastian-Roth. The security team agreed to grant an exception for ftp plain text authentication but they do need some documentations from the developer. I looked through the wiki but I could any places that mention this. Could you please point me to the right place?

@sebastian-roth Yes, sir! Lesson learned…for now.

@george1421 @Sebastian-Roth Thank you all for your help. I downgraded to php7 but couldn’t get around the HTTP error 500. We didn’t take a snapshot of the VM before messing around with it. It took a while for the admin to restore our FOG server from the backup. I’m staying at PHP 7.4.28 and mysql 5.7.33 for now.

@george1421 I updated FOG to 1.5.9 while working on these issues and was able to enable HTTPS with a custom cert. The site was loading fine/we were able to clone images from FOG server.

The security team also wanted me to update PHP 7.2.34 and mysql to the latest version.
I updated PHP to 8.1.3 and now the website is not loading. I’m getting HTTP ERROR 500.
What are the right steps to update php and its dependencies and MYSQL?
Sorry for asking too may questions.

Please scratch out my previous question.

systemctl enable httpd.service resolved it.

@george1421 I updated httpd to httpd2.4 version 2.4.52. Webservice is running but FOG webservice is not. I’m getting URL not found. I know there is an easy fix but I couldn’t find it on my note. I forgot to take a snap shot and don’t want to mess around to cause more damage =). Could you please point me some hint how to remedy this issue?