This is true. In the current release of FOG NFS is used to transfer the images from the fog server to the target computers. This needs to be open for the target computers to be able to read the images. You can restrict mounting the nfs share to a specific subnet, but that is it as of now.

While this version is still a years off, FOG 2.0 will have security built in from the start. But that isn’t here today.

@brooksbrown I think the terms are being mixed up here so I am trying to set this right. When installing FOG there are two different modes you can choose from, either master OR storage node (there is nothing called “master storage node”!). From your description it sounds as if you installed all your FOG servers as master nodes and therefore you have separate DBs and hosts being registered to one node won’t show up in the other node unless you register each and every client with every FOG server you have. On the other hand if you do the usual setup you’d have ONE master node (where the DB and web UI is) and several storage nodes.

The “failover setup” you intent to build is not as easy to handle I am afraid. There is a lot involved in PXE booting clients - 1st DHCP handshake from the PXE ROM, TFTP to load iPXE binary, 2nd DHCP handshake from the iPXE binary, TFTP and then HTTP request to load iPXE config, HTTP request to load kernel and initrd, 3rd DHCP handshake from the linux kernel. It might sound as if this is pretty straight forward. But if the FOG server for a particular bench fails (or is too busy) the client will get his first DHCP answer from another FOG server. For example if the 1st DHCP handshake is answered by lets say NODE 2 (as the client is on bench 2). Then the client will download the iPXE binary from NODE 2 as well. But the 2nd DHCP handshake might be answered by NODE 3 (cause NODE 2 is not fast enough this time). Still fine if they all share the same DB (which would be on the one single master node) and the client gets a consistent iPXE config (e.g. FOG menu or task).

In theory this all works but all servers kind of need to be in sync, TFTP files, kernels/initrds, FOG web UI. If you alter the kernel on one server you might see clients from a different bench booting that kernel at random.

That all said there is another reason why I think this setup is not great. For every DHCP broadcast a client sends it gets up to eight answers from all the DHCP servers. Finding an issue and keeping this all setup properly will be a nightmare I suppose! What if there is just one single setting different on NODE 6? Some clients will boot properly but others will fail randomly because of that.

I reckon one could be keen enough to set this up all in one broadcasting domain using two or three servers at the most. But definitely not eight. This will cause you so much headache I suspect. Just don’t do it if you and the rest of your team are no real network wizards who love to use tcpdump for analysing network packet dumps to figure out what’s going on.

If you intend to use the fog-client the whole idea of failover is buried alive anyway. Sure, fog-clients not reaching their particular server is not as problematic as the other stuff can be. But failover is just not possible.

I bet you better take some more time to think about the network setup now and have a lot less issues later on…

@Sebastian-Roth said in FOG 1.4.2 TFTP Open Timeout:

@cassie_280 There is one step in the installer where it tells you to go to the web interface. This is not the end. You need to hit enter after that to proceed. Not to sound rude just wanted to make sure…

I don’t know how many times I’ve reached that step and when to copy the url and hit ctrl-c to copy the url, which then aborted the install. So it does create a botched install. It does happen.

In terms of single disk productivity is the best option because the clone of this image was on average 30 minutes in multicast mode, when I used multiple partition the time to clone the image was in 2 hours and 30 minutes.

@Sebastian-Roth Yea, I’m good now, actually got it to work with a Windows DHCP server as I was hoping.

Thanks for all your help!!

@hancocza Ok, so I got this. I am looking into the building process of the FOG client right now as our client developer is absent right now. I might come up with a description of how to custom build the client (e.g. for custom SSL cert). I am still trying to get things sorted with the building tools. Let’s hope I get this fixed soon.

@Tom-Elliott using KMS server, if I leave blank will that work?

Thanks for all the advice, I appreciate it. I’m going to go with a raid 5, 5 drive SSD array in my new fog Server, a few sata drives and some time looking at the scripts to implement HSM

Have a good day as they say

Yours

Julian

@george1421

I have modified the storage group in my image definition.
I have:

cp -R /images/Dellvostro430 /images2/ sudo chmod 777 -R /images2/Dellvostro430 sudo chown fog.root -R /images2/Dellvostro430/ rm /images/Dellvostro430

I have updated the configuration for my client with the image definition modified.

And the result :

0_1500383292579_vostro430.jpg

I think it works but i waiting the end of deploy

Edit:

It works 😄

After cp + rm
Node 1:
0_1500383895890_1.jpg

Node2:
0_1500383908488_2.jpg

The final result:
0_1500383925687_3.jpg

For information, i don’t have used mysql. I can not use it anymore

Thank you one more again @george1421

@george1421 said in Can you make FOG imaging go fast?:

I can say from my production FOG server running 2 vCPUs on a 24 core vSphere server, I can achieve about 6.2GB/min transfer rates (yes I know this number is a bit misleading since it also include decompression times, but its a relative number that we all can see) for a single unicast image.

That figure is not network transfer speed or compression/decompression speed nor is it an aggrigate, it is simply write speed to the host’s disk.

It doesn’t represent or reflect network transfer speed or decompression speeds. These things are very loosely related to the write speed just as the disk you’re using is related to the write speed - but this figure does not tell where any bottleneck is.

Trying to use this figure to gauge network transfer speed would be like trying to gauge the mail man’s speed based on how long it takes me to go check my mailbox (if the post office used that as their metric, the mailman would be fired because I check my mail every few days).

Further, your bottleneck is probably not the next person’s bottleneck. My experience with multiple FOG servers on multiple types of hardware has shown that tuning FOG is a matter of balancing network throughput with a host’s ability to decompress. We cannot speed up how fast a host’s disk can write, it’s maximum write speed is still it’s maximum write speed no matter what we do with CPU or Network or Compression or RAM - the idea is simply to always have data waiting to be written to disk without delay, and how to balance the CPU’s ability to decompress with the network’s ability to transmit to many clients at once, and the FOG server’s ability to serve many clients at once. This all comes back to two simple things I think: Max Clients and compression rate.

It’s a balancing act of these two things. Of course, ZSTD is the most superior compression algorithm, which is why it’s not one of the two simple things. But it’s compression rate is.

The FOG Server’s disk does play a role - but at my last job, I was clearly hitting the network’s maximum throughput bottleneck - so a solid state disk would not have helped.

At any rate, the script below is an example of how to automate the monitoring & collecting of things from FOS: https://github.com/FOGProject/fog-community-scripts/blob/master/fogAutomatedTesting/postinit.sh
That’s what I’d use to collect any custom metrics you want to monitor more quickly, instead of doing a debug every time and manually monitoring.

@george1421 Yes, thank you george.

@george1421 ahah thanks really 😉

I will be back soon (tomorrow) for a new thread 😄
I used FOG since 3 years and this solution is beautiful !

@george1421 thank you so much 🙂
Have a good night 😉

@Tom-Elliott
I wasn’t aware that snapins automatically showed under the groups… If that’s the case then it kinda threw me for a loop. Now to recover from my own little screw up… oh well lesson learned… don’t be a dummy 🙂

@Quazz @kmstory
I do this already… here is my menu entry.

menu DBAN Nuke Menu item autonuke AutoNuke DoD 3-Pass item zero AutoNuke 1-Pass Zero Wipe item choose-disk Single Disk Selection item return Back to top menu... item choose --default return --timeout 10000 target && goto ${target} :autonuke kernel http://${fog-ip}/dban/dban.bzi nuke="dwipe --autonuke" silent vga=785 boot || goto failed :zero kernel http://${fog-ip}/dban/dban.bzi nuke="dwipe --autonuke --method zero" silent vga=785 boot || goto failed :choose-disk kernel http://${fog-ip}/dban/dban.bzi nuke="dwipe" silent vga=785 boot || goto failed :return chain ${boot-url}/service/ipxe/boot.php?mac=${net0/mac} || prompt goto MENU

As you can probably tell, from that menu, I have the DBAN iso extracted to this folder /var/www/html/dban/

Try it out… Works wonders for me.

Hi,

may something usefull inside:
https://forums.fogproject.org/topic/10392/audit-mode-no-changes-get-applied-to-default-profile/3

Regards X23

@Tom-Elliott Thanks!

@george1421 said in Storage Group Activity:

ask, (before you change this value) what is your goal here? Are you trying simultaneous deployments? Depending on your VM infrastructure, if you try to deploy more than 10 images from a single storage node at the same time you will run into VM resource constraints (i.e. network saturation, unable to move data fast enough from the vmdk file, and so on). So increasing this number will not improve performance, but actually hurt your overall deployment speed (IMO the default of 10 is too high to start with).
If you need to deploy more than 5 systems simultaneously (via unicast) I might consider switching over to multicast deployments. With a multicast deployment only a single image is transmitted over your network for any number of clients at the same time.
If you want to continue to use unicast imaging (because your network is multicas

Okay Thank You!

@gabbas If you were using the latest version of the new fog client, it will rename the object for you in active directory.

You probably can start here: https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy

several different methods, enable all, auto enable, or enable by clsid done by GPO.

@TaTa said in DNSMASQ 2.76-5 on Jessie:

Has anyone tried this version on Jessie?

Yes, but not from the stretch repository. We have documentation on how to compile it for Debian 8 here: https://wiki.fogproject.org/wiki/index.php?title=ProxyDHCP_with_dnsmasq#Compiling_dnsmasq_2.76_if_you_need_uefi_support

In general, is it okay to use packages designed for Stretch on Jessie?

No idea. Try it on a test box. Worst thing that can happen is it doesn’t work, then you can come back here and let the world know. My personal advice though - don’t use Stretch packages on Jessie - just my 2 cents. They have two different names for a reason.