Difference between revisions of "Troubleshoot FTP"
m (→Images stuck in /images/dev) |
(→Permissions) |
||
Line 299: | Line 299: | ||
<pre>ls -laR /images</pre> | <pre>ls -laR /images</pre> | ||
− | |||
− | |||
Revision as of 14:16, 15 June 2015
Contents
FTP's roles in FOG
The primary purpose is moving & renaming image files in the /images/dev folder to the /images folder. FTP is not used for image upload or download because NFS is faster. FTP is also used to download kernels and delete images. FTP is also used to report "Image Size: ON SERVER". FTP is also used for download tasking to ensure the image file you wish to deploy exists. It's also used for syncing between nodes, and putting snapins on nodes.
FTP should be able to read, write, and delete in /images/dev and /images.
Testing FTP
Try to get a file with Linux:
These commands are NOT done on your FOG server, they are done on another Linux machine (this example uses Fedora).
To explain what's happening below in the code box,
- Create a test file with some data in it to send later.
- Start ftp (may need installed first).
- Open connection to FOG server.
- Provide username.
- Provide password.
- Change to /images directory.
- List directory contents.
- Upload file.
- List directory contents to verify.
- Download the file.
- Delete the file.
- Exit ftp.
[administrator@D620 ~]$ echo 'some text here to send later' > test.txt [administrator@D620 ~]$ ftp ftp> open 10.0.0.3 Connected to 10.0.0.3 (10.0.0.3). 220 (vsFTPd 3.0.2) Name (10.0.0.3:administrator): fog 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd /images 250 Directory successfully changed. ftp> ls 227 Entering Passive Mode (10,0,0,3,204,176). 150 Here comes the directory listing. drwxrwxrwx 2 0 0 4096 Apr 10 03:38 Optiplex745WinXPconfiguredApril2015 drwxrwxrwx 2 0 0 4096 Apr 10 03:39 dev drwxrwxrwx 2 0 0 16384 Apr 07 01:58 lost+found drwxrwxrwx 2 0 0 4096 Apr 08 00:59 postdownloadscripts 226 Directory send OK. ftp> put test.txt local: test.txt remote: test.txt 227 Entering Passive Mode (10,0,0,3,132,59). 150 Ok to send data. 226 Transfer complete. 29 bytes sent in 0.000114 secs (254.39 Kbytes/sec) ftp> ls 227 Entering Passive Mode (10,0,0,3,118,48). 150 Here comes the directory listing. drwxrwxrwx 2 0 0 4096 Apr 10 03:38 Optiplex745WinXPconfiguredApril2015 drwxrwxrwx 2 0 0 4096 Apr 10 03:39 dev drwxrwxrwx 2 0 0 16384 Apr 07 01:58 lost+found drwxrwxrwx 2 0 0 4096 Apr 08 00:59 postdownloadscripts -rw-r--r-- 1 1000 1000 29 Apr 30 00:29 test.txt 226 Directory send OK. ftp> get test.txt local: test.txt remote: test.txt 227 Entering Passive Mode (10,0,0,3,190,81). 150 Opening BINARY mode data connection for test.txt (29 bytes). 226 Transfer complete. 29 bytes received in 0.000529 secs (54.82 Kbytes/sec) ftp> delete test.txt 250 Delete operation successful. ftp> exit 421 Timeout. [administrator@D620 ~]$
Try to get a file with Windows:
Explanation of the code below:
- Create a file with some data
- Start FTP
- Open connection to FOG server
- Enter username
- Enter password
- Upload file
- List directory to verify
- Download file
- Close connection
- Close FTP.
c:\SomeFolder>echo This is a bit of text to throw into a file > text.txt c:\SomeFolder>ftp ftp> open 10.0.0.3 Connected to 10.0.0.3. 220 (vsFTPd 3.0.2) User (10.0.0.3:(none)): fog 331 Please specify the password. Password: 230 Login successful. ftp> put text.txt 200 PORT command successful. Consider using PASV. 150 Ok to send data. 226 Transfer complete. ftp: 45 bytes sent in 0.00Seconds 22.50Kbytes/sec. ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. text.txt 226 Directory send OK. ftp: 10 bytes received in 0.00Seconds 10.00Kbytes/sec. ftp> get text.txt 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for text.txt (45 bytes). 226 Transfer complete. ftp: 45 bytes received in 0.00Seconds 45000.00Kbytes/sec. ftp> close 221 Goodbye. ftp> quit c:\SomeFolder>
FTP Service
Fedora 20/21
- Check the status of FTP with
systemctl status vsftpd.service(should be on and green, no errors, and enabled)
- stop, start, disable and enable FTP service.
systemctl stop vsftpd.service systemctl start vsftpd.service systemctl disable vsftpd.service systemctl enable vsftpd.service
- Test that it’s functioning by using the testing instructions at the top of this article additionally, if you open a web browser and go to
ftp://x.x.x.x
- Use fog / your-fog-account-Password for the credentials
- You should see “Index of /”
Ubuntu
- Restart FTP service.
/etc/init.d/vsftpd restart
- Enable and disable are not available due to this service being in the Upstart scripts.
- Test that it’s functioning by using the testing instructions at the top of this article additionally, if you open a web browser and go to
ftp://x.x.x.x
- Use fog / your-fog-account-Password for the credentials
- You should see “Index of /”
FTP Settings File
Fedora 20/21:
Location:
/etc/vsftpd/vsftpd.conf
To display file:
cat /etc/vsftpd/vsftpd.conf
It should look a lot like this:
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES pam_service_name=vsftpd userlist_enable=NO tcp_wrappers=YES seccomp_sandbox=NO
To edit:
vi /etc/vsftpd/vsftpd.conf
Explanation of settings:
man vsftpd.conf
Ubuntu
Location:
/etc/vsftpd.conf
To display file:
cat /etc/vsftpd.conf
It should look a lot like this:
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES pam_service_name=vsftpd userlist_enable=NO tcp_wrappers=YES seccomp_sandbox=NO
To edit:
vi /etc/vsftpd.conf
Explanation of settings:
man vsftpd
Instructions on using Vi: Vi
Disable & Verify Firewall
Fedora 20/21/22/23
Disable/stop Firewall
systemctl disable firewalld.service
systemctl stop firewalld.service
Can be undone with "start" and "enable".
Check Firewall in Fedora 20/21/22/23
systemctl status firewalld.service
Fedora 16
Add /bin/bash to /etc/shells as the vsftpd yum install does not do it correctly causing tftp timeout message
Debian/Ubuntu
sudo iptables -L
If disabled, the output should look like this:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Disable Ubuntu Firewall
sudo ufw disable
Disable Debian Firewall
iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT
Other debian settings:
/etc/hosts.deny
This setting in the above file will deny traffic from any source except locally:
ALL:ALL EXCEPT 127.0.0.1:DENY
Comment out this line like so:
#ALL:ALL EXCEPT 127.0.0.1:DENY
Windows 7
Start -> Control Panel -> View by "Small icons" -> Windows Firewall -> Turn Windows Firewall On or Off -> Turn off all three.
Configuring firewall on Linux
To set the firewall for Linux to only allow what is necessary, please see the FOG security article.
Credentials / Passwords
There are a few places where all the credentials (on a standard install) should match exactly.
- The local 'fog' user's password on the Linux FOG server
- Storage Management -> Your storage node -> Management Username & Management Password
- FOG Configuration -> FOG Settings -> TFTP Server -> FOG_TFTP_FTP_USERNAME & FOG_TFTP_FTP_PASSWORD
- /opt/fog/.fogsettings -> storageftpuser & storageftppass (For recent FOG Trunk versions only. 1.2.0 does not have this setting. 1.3.0 will though.)
All four of those should match (again, on a standard installation).
To change the password of the local fog user:
sudo passwd fog
To edit /opt/fog/.fogsettings:
vi /opt/fog/.fogsettings
Instructions on using Vi: Vi
Permissions
The credentials used for this:
Storage Management -> Storage Node -> Management Username / Management Password
Should exactly match the ownership of the /images directory and all of it's contents. The path should also match the actual path to your images directory.
You can check the permissions on all your image files with this:
ls -laR /images
You can enable all permissions (just for troubleshooting) on the /images directory recursively like this:
sudo chmod -R 777 /images
Normally, /images and all of it's contents should be owned by the local fog user. Whoever the owner is, that's the credentials you should use in you're storage node username / password fields.
You can set ownership like this:
sudo chown -R fog:root /images
Common problems and fixes
My problem isn't in the WiKi!
If you have a problem with FOG, or have a solution to a problem with FOG, please visit the forums for help or to report your solution. We try to keep the WiKi updated with things found in the forum. You can visit the forum here: FOG Forums
Image Size on server: 0
This is a common problem, and is almost always due to FTP credentials being incorrect. Please see the "Credentials" section above.
You must first upload an image to create a download task
You may get this message when you try to deploy an image to computers.
(For more recent revisions of FOG Trunk only. Not for 1.2.0, applies to 1.3.0. If you're using 1.2.0, see "credentials" above)
There are two ways you can fix this:
Way 1 (probably more work but ultimately allows you to edit your own info) : The fix is to open up the /opt/fog/.fogsettings file and search for the storageftppass= line.
This line is what the new FOG User password is set too. You can change it to whatever you like. Edit this file to make the password set to whatever you want it to be so future updates don’t break it.
Save the file and on terminal enter sudo passwd fog
Set the password to whatever you want it to be, mostly likely what is currently stored in the storage node anyway.
Way 2 (Probably the simplest way) Copy the value in the /opt/fog/.fogsettings storageftppass= line and edit your storage node to use this new password. You will also likely need to edit the FOG Configuration->FOG Settings->TFTP Server->TFTP_FTP_PASSWORD with this new password as well.
Source: Deployment/FTP not working
Images stuck in /images/dev
Images upload and are stored in /images/dev/[mac address of host] and they're never moved to /images
Error messages on client at end of upload, being close to completed:
- FTP move failed
- FTP error
- Can't rename/move Permission Denied
- FOGFTP failed to rename file
Solutions:
Ensure that storage node username and password (inside web interface's Storage Management) is configured. Make sure the path is correct. The username and password for the storage node should be identical to a local user on your FOG server.
Make sure that these credentials are correct and match your local Linux user and Storage Node credentials: FOG Configuration -> FOG Settings -> TFTP Server -> FOG_TFTP_FTP_USERNAME & FOG_TFTP_FTP_PASSWORD
You can reset a local Linux user's password like this:
sudo passwd <user>
To change the local fog user's password:
sudo passwd fog
Ensure the permissions on /images and /images/dev are correct. See permissions above.
For older versions of Ubuntu that have been upgraded to newer versions, this error could be caused by an older FTP setting that may be grandfather'ed in during the upgrade process.
This setting may be commented out or set to NO inside the settings file (see above):
write_enable=YES
Un-comment this, and set it to YES.
NOTE:
Moving images from /images/dev to /images happens during image upload. After fixing your credentials, try to re-upload and see if your image gets moved.
Images won't finish uploading, won't go past "Clearing ntfs flag"
This is permissions related. See forum threads for more details:
stuck-after-clearning-ntfs-flag
imaging-stuck-on-upload-after-finished
List permissions:
ls -laR /images
Fix permissions: Use the correct OS user, and correct storage node password to change ownership and give read/write/execute to everyone. Assumes user is "fog".
chown fog -R /images chmod -R 777 /images
Changing ownership with user AND group (replace "user" and "group" with actual values):
chown user:group -R /images