• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Multiple FOG servers in one network

Scheduled Pinned Locked Moved
General
4
18
2.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    AndrewG78
    last edited by Aug 28, 2018, 10:38 AM

    Is it possible to run multiple FOG servers within one network?
    There is one DHCP server, so FOG servers would use dnsmasq.
    I saw there is a UUID filtering through dhcp-boot parameter in ltsp.conf, could this be used or we have some other option( if any)?
    The use case is simple, there are multiple teams with different machines, but connected to one network.

    1 Reply Last reply Reply Quote 0
    • G
      george1421 Moderator
      last edited by Aug 28, 2018, 11:53 AM

      What is your use case for needing multiple fog servers?

      Are the multiple subnets involved here?

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      1 Reply Last reply Reply Quote 0
      • A
        AndrewG78
        last edited by Aug 28, 2018, 2:09 PM

        We have only single subnet.
        As Im not bale to restrict access to specific hosts nor to images/snapins, I wanted to create Jenkins server for each team.

        G 1 Reply Last reply Aug 28, 2018, 2:47 PM Reply Quote 0
        • G
          george1421 Moderator @AndrewG78
          last edited by Aug 28, 2018, 2:47 PM

          @AndrewG78 I’m still not totally sure of the use case here. Why do you feel you need to have a fog server for each team? Is that because you need to segregate what users access which server, where each server has its own applications that should not cross teams? (I am driving to an answer here, just stick with me).

          Are you planning on using fog for “repair shop” type deployments (image it once and never see it again)?

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          A 1 Reply Last reply Aug 28, 2018, 2:56 PM Reply Quote 0
          • A
            AndrewG78 @george1421
            last edited by Aug 28, 2018, 2:56 PM

            @george1421
            Exactly, I just want to avoid the mess between users and their images/snapis/etc.
            This is not repair shop deployment type.

            G 1 Reply Last reply Aug 28, 2018, 3:07 PM Reply Quote 0
            • G
              george1421 Moderator @AndrewG78
              last edited by Aug 28, 2018, 3:07 PM

              @AndrewG78 OK the issue you are going to have is this. If all of the computers are on the same subnet then directing the pxe booting computer to the proper fog server is going to be a problem.

              You will need a way to map the pxe booting computer to a specific fog server. Typically this is done by putting the target computers in their own subnet so you can define a boot server for that subnet. You might be able to do this with dnsmasq but you would need a unique identity for each system to define the boot server. The mac address might be usable, but then you will have an administrative issue when trying to map which computer goes to which fog server.

              FOG does have a feature for the pc repair shops where you can image a computer using the iPXE menu only. In that when you pxe boot a computer, you can select deploy image from the ipxe menu. From there you can select any images on the fog server for deployment no tasking or gui access needed. To take that one step more, fog has a setting to only show the defined image for that computer on the deploy image screen. This might allow a user the ability to restore their computer directly from the iPXE menu. I’m not saying that is the proper case for your issue, but it might help.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              W 1 Reply Last reply Aug 28, 2018, 6:09 PM Reply Quote 0
              • W
                Wayne Workman @george1421
                last edited by Wayne Workman Aug 28, 2018, 12:09 PM Aug 28, 2018, 6:09 PM

                @george1421 said in Multiple FOG servers in one network:

                You will need a way to map the pxe booting computer to a specific fog server.

                ISC-DHCP can also do it. You can define a next-server for a specific MAC address, though doing that at scale would royally suck.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                Daily Clean Installation Results:
                https://fogtesting.fogproject.us/
                FOG Reporting:
                https://fog-external-reporting-results.fogproject.us/

                A 1 Reply Last reply Dec 11, 2018, 10:41 PM Reply Quote 1
                • A
                  AndrewG78 @Wayne Workman
                  last edited by Dec 11, 2018, 10:41 PM

                  @Wayne-Workman
                  @george1421
                  Would this be possible to use dnsmasq as a MAC address filter?
                  I imagine this kind of setup:

                  • Existing dhcp server in the network
                  • Fog server 1 with dnsmasq
                  • Fog server X with dnsmasq
                    dnsmasq will respond with dhcp offer as it does right now, but only to the machines included on MAC address list.
                    Simple query to FOG’s mysql will get registered hosts from DB and update the list automatically.
                    If this is not possible with dnsmasq I thought iptables could be used instead?
                    Obviously, we will lost the ability to register new machines from the FOG boot menu.
                  1 Reply Last reply Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by Sebastian Roth Dec 12, 2018, 1:58 AM Dec 12, 2018, 7:56 AM

                    @AndrewG78 said in Multiple FOG servers in one network:

                    dnsmasq will respond with dhcp offer as it does right now, but only to the machines included on MAC address list.
                    Simple query to FOG’s mysql will get registered hosts from DB and update the list automatically.
                    If this is not possible with dnsmasq I thought iptables could be used instead?
                    Obviously, we will lost the ability to register new machines from the FOG boot menu.

                    Although it’s kind of a hack I kind of like the idea. Personally I would go the iptables route but just because I love it.

                    You could even get registration working I suppose. Let me think about the whole idea a bit more. Will get back to you soon.

                    Why using dnsmasq anyway? What DHCP server do you have right now that cannot be modified to do PXE boot?

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    A 1 Reply Last reply Dec 12, 2018, 8:22 AM Reply Quote 1
                    • A
                      AndrewG78 @Sebastian Roth
                      last edited by Dec 12, 2018, 8:22 AM

                      @Sebastian-Roth said in Multiple FOG servers in one network:

                      Why using dnsmasq anyway? What DHCP server do you have right now that cannot be modified to do PXE boot?

                      I have no access to DHCP server. Company’s policy.

                      W 1 Reply Last reply Dec 12, 2018, 1:32 PM Reply Quote 0
                      • W
                        Wayne Workman @AndrewG78
                        last edited by Wayne Workman Dec 12, 2018, 7:32 AM Dec 12, 2018, 1:32 PM

                        @AndrewG78 said in Multiple FOG servers in one network:

                        I have no access to DHCP server. Company’s policy.

                        Then request changes formally, in writing. If there’s an existing ticketing system, use that. State what you need, and why you need it. State the benefits. And be polite and respectful.

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                        Daily Clean Installation Results:
                        https://fogtesting.fogproject.us/
                        FOG Reporting:
                        https://fog-external-reporting-results.fogproject.us/

                        1 Reply Last reply Reply Quote 0
                        • S
                          Sebastian Roth Moderator
                          last edited by Sebastian Roth Dec 13, 2018, 7:09 AM Dec 13, 2018, 1:07 PM

                          @AndrewG78 Having thought about this for a bit more I think this can be achieved without too much of trouble. I would suggest to not run dnsmasq service on all your FOG servers but have one FOG server designated as master proxyDHCP (dnsmasq). This way you don’t even need iptables to filter the packets. I played with the dnsmasq config a bit and came up with this:

                          # Don't function as a DNS server:
                          port=0
                          
                          # Log lots of extra information about DHCP transactions.
                          log-dhcp
                          
                          # Set the root directory for files available via FTP.
                          tftp-root=/tftpboot
                          
                          # Disable re-use of the DHCP servername and filename fields as extra
                          # option space. That's to avoid confusing some old or broken DHCP clients.
                          dhcp-no-override
                          
                          # make dnsmasq act as proxy server
                          dhcp-range=192.168.2.7,proxy
                          
                          # PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
                          pxe-prompt="Booting FOG Client", 1
                          
                          dhcp-userclass=set:ipxe,iPXE
                          dhcp-match=set:ipxe,175
                          
                          # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
                          # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
                          # This option is first and will be the default if there is no input from the user.
                          dhcp-mac=set:team1,F0:DE:F1:EB:02:E0
                          dhcp-mac=set:team2,F0:DE:F1:EB:02:E1
                          
                          # Team 1
                          pxe-service=net:team1,net:!ipxe,x86PC, "Team 1", undionly.kpxe, 192.168.2.7
                          pxe-service=net:team1,net:!ipxe,IA64_EFI, "Team 1", ipxe.efi, 192.168.2.7
                          pxe-service=net:team1,net:!ipxe,IA32_EFI, "Team 1", i386-efi/ipxe.efi, 192.168.2.7
                          pxe-service=net:team1,net:!ipxe,BC_EFI, "Team 1", ipxe.efi, 192.168.2.7
                          pxe-service=net:team1,net:!ipxe,Xscale_EFI, "Team 1", ipxe.efi, 192.168.2.7
                          pxe-service=net:team1,net:!ipxe,X86-64_EFI, "Team 1", ipxe.efi, 192.168.2.7
                          dhcp-boot=net:team1,net:ipxe,filenotneeded,,192.168.2.7
                          
                          # Team 2
                          pxe-service=net:team2,net:!ipxe,x86PC, "Team 2", undionly.kpxe, 192.168.2.4
                          pxe-service=net:team2,net:!ipxe,IA64_EFI, "Team 2", ipxe.efi, 192.168.2.4
                          pxe-service=net:team2,net:!ipxe,IA32_EFI, "Team 2", i386-efi/ipxe.efi, 192.168.2.4
                          pxe-service=net:team2,net:!ipxe,BC_EFI, "Team 2", ipxe.efi, 192.168.2.4
                          pxe-service=net:team2,net:!ipxe,Xscale_EFI, "Team 2", ipxe.efi, 192.168.2.4
                          pxe-service=net:team2,net:!ipxe,X86-64_EFI, "Team 2", ipxe.efi, 192.168.2.4
                          dhcp-boot=net:team2,net:ipxe,filenotneeded,,192.168.2.4
                          

                          You can have as many “team definitions” as you want and can assign clients via MAC address to any one team you want them to be in. The only thing you need to adapt is the IP addresses, search for 192.168.2 in the conf file and adjust to your needs.

                          Simply add new hosts to your dnsmasq config and they should perfectly register with the FOG server you teamed it up with.

                          This is a first proposal. Sure you could generate the dhcp-mac= definitions from the database. It would also be possible to add more dnsmasq foo to direct unregistered clients to a special PXE menu where you could choose which team it belongs to and send it off to register on a particular FOG team server. Sure it need some modification of code to achieve that but I am sure it can be done.

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          A G 2 Replies Last reply Dec 13, 2018, 1:48 PM Reply Quote 1
                          • A
                            AndrewG78 @Sebastian Roth
                            last edited by Dec 13, 2018, 1:48 PM

                            @Sebastian-Roth
                            HI. Thanks for this.
                            Looks very promising. Will tests this method soon.

                            1 Reply Last reply Reply Quote 0
                            • G
                              george1421 Moderator @Sebastian Roth
                              last edited by Dec 13, 2018, 2:55 PM

                              @Sebastian-Roth @AndrewG78

                              That way will work well, except host management will be a big PITA. I haven’t tried this but Sebastian’s well defined concept could be extended to make it a bit easier to manage with a bash/mysql script.

                              Since the dnsmasq configurations are additive I would suggest moving this section out to a new file in /etc/dnsmasq.d directory. If the default dnsmasq config file is called ltsp.conf, create a new one starting with a lower letter like amac_table.conf and add these into that file.

                              dhcp-mac=set:team1,F0:DE:F1:EB:02:E0
                              dhcp-mac=set:team2,F0:DE:F1:EB:02:E1
                              

                              Then in FOG add the computers that are part of team 1 to a group in FOG called team1, the computers that are part of team 2 into a FOG group called team2 and so on. Use loops so that you can expand groups and membership numbers.

                              Then finally create a bash script to build amac_table.conf from the FOG mysql database looping through the groups the last bit of the script will be to restart dnsmasq service.

                              The is only a suggestion, if you have a small number of groups/hosts then manually managing the groups in dnsmasq would be easier, but if you had more than a handful it would be advantageous to use scripting to manage the lists.

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                              A 1 Reply Last reply Dec 14, 2018, 9:11 AM Reply Quote 1
                              • A
                                AndrewG78 @george1421
                                last edited by Dec 14, 2018, 9:11 AM

                                @george1421 @Sebastian-Roth
                                Thank you for your valuable input. My idea is to separate not only the hosts but also snapins/images/literally everything. What I want to achieve is to have dedicated Fog server per team. The process of MAC address separation must be fully automatic.
                                I will develop the script that will:

                                1. Query database for hosts in the 60s loop
                                2. Write MAC list to temp_mac file.
                                3. If there is no amac_table.conf file, write temp_mac file as amac_table.conf
                                4. If amac_table.conf exists, do diff on these files
                                5. If files are same, do nothing
                                6. If files differ, copy temp_mac over the amac_table.conf and restart dnsmasq service.
                                  My only concern is, how to tell dnsmasq to read this particular file and how data should be formatted inside this MAC conf file?
                                  May you shed some light on it ?
                                  Obviously I will share my work here.
                                1 Reply Last reply Reply Quote 0
                                • S
                                  Sebastian Roth Moderator
                                  last edited by Dec 14, 2018, 11:37 AM

                                  @AndrewG78 said in Multiple FOG servers in one network:

                                  My only concern is, how to tell dnsmasq to read this particular file and how data should be formatted inside this MAC conf file?
                                  May you shed some light on it ?

                                  File needs to look like this and if you name it /etc/dnsmasq.d/amac_table.conf your dnsmasq service will automatically consider those definitions:

                                  dhcp-mac=set:team1,F0:DE:F1:EB:02:E0
                                  dhcp-mac=set:team2,F0:DE:F1:EB:02:E1
                                  ...
                                  

                                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                  A 1 Reply Last reply May 13, 2019, 7:58 AM Reply Quote 0
                                  • A
                                    AndrewG78 @Sebastian Roth
                                    last edited by Sebastian Roth May 13, 2019, 2:23 AM May 13, 2019, 7:58 AM

                                    @Sebastian-Roth @george1421
                                    Hi.
                                    After quite a long time, I found free time to test filtering through the mac table configuration file.
                                    It is working!!! Thx for the tips here.
                                    However, I’d like to understand strange dnsmasq logs I noticed in the messages.

                                    1. There are several identical broadcast responses.
                                    2. There is tftpd error - Error code 8: User aborted the transfer
                                      Beside of above, it works 🙂
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003016
                                    PXE(ens160) <MAC> proxy
                                    tags: team1, ens160
                                    next server: <IP>
                                    broadcast response
                                    sent size:  1 option: 53 message-type  2
                                    sent size:  4 option: 54 server-identifier  <IP>
                                    sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
                                    sent size: 17 option: 97 client-machine-id  
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003016
                                    PXE(ens160) <MAC> proxy
                                    tags: team1, ens160
                                    next server: <IP>
                                    broadcast response
                                    sent size:  1 option: 53 message-type  2
                                    sent size:  4 option: 54 server-identifier  <IP>
                                    sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
                                    sent size: 17 option: 97 client-machine-id  
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003016
                                    PXE(ens160) <MAC> proxy
                                    tags: team1, ens160
                                    next server: <IP>
                                    broadcast response
                                    sent size:  1 option: 53 message-type  2
                                    sent size:  4 option: 54 server-identifier  <IP>
                                    sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
                                    sent size: 17 option: 97 client-machine-id  
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003016
                                    PXE(ens160) <MAC> proxy
                                    tags: team1, ens160
                                    next server: <IP>
                                    broadcast response
                                    sent size:  1 option: 53 message-type  2
                                    sent size:  4 option: 54 server-identifier  <IP>
                                    sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
                                    sent size: 17 option: 97 client-machine-id  
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003016
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003016
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003016
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003016
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003016
                                    PXE(ens160) <MAC> proxy
                                    tags: team1, ens160
                                    bootfile name: ipxe.efi
                                    server name: <IP>
                                    next server: <IP>
                                    sent size:  1 option: 53 message-type  5
                                    sent size:  4 option: 54 server-identifier  <IP>
                                    sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
                                    sent size: 17 option: 97 client-machine-id  
                                    in.tftpd[27886]: Error code 8: User aborted the transfer
                                    in.tftpd[27887]: Client <machine_IP>finished ipxe.efi
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003010
                                    user class: iPXE
                                    PXE(ens160) <MAC> proxy
                                    tags: ipxe, team1, ens160
                                    bootfile name: filenotneeded
                                    next server: <IP>
                                    broadcast response
                                    sent size:  1 option: 53 message-type  2
                                    sent size:  4 option: 54 server-identifier  <IP>
                                    sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
                                    sent size: 17 option: 97 client-machine-id  
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003010
                                    user class: iPXE
                                    PXE(ens160) <MAC> proxy
                                    tags: ipxe, team1, ens160
                                    bootfile name: filenotneeded
                                    next server: <IP>
                                    broadcast response
                                    sent size:  1 option: 53 message-type  2
                                    sent size:  4 option: 54 server-identifier  <IP>
                                    sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
                                    sent size: 17 option: 97 client-machine-id  
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003010
                                    user class: iPXE
                                    PXE(ens160) <MAC> proxy
                                    tags: ipxe, team1, ens160
                                    bootfile name: filenotneeded
                                    next server: <IP>
                                    broadcast response
                                    sent size:  1 option: 53 message-type  2
                                    sent size:  4 option: 54 server-identifier  <IP>
                                    sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
                                    sent size: 17 option: 97 client-machine-id  
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003010
                                    user class: iPXE
                                    PXE(ens160) <MAC> proxy
                                    tags: ipxe, team1, ens160
                                    bootfile name: filenotneeded
                                    next server: <IP>
                                    broadcast response
                                    sent size:  1 option: 53 message-type  2
                                    sent size:  4 option: 54 server-identifier  <IP>
                                    sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
                                    sent size: 17 option: 97 client-machine-id  
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003010
                                    user class: iPXE
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003010
                                    user class: iPXE
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003010
                                    user class: iPXE
                                    available DHCP subnet: <IP>/255.255.255.0
                                    vendor class: PXEClient:Arch:00007:UNDI:003010
                                    user class: iPXE
                                    localhost in.tftpd[27997]: Client <machine_IP>finished default.ipxe
                                    
                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      Sebastian Roth Moderator
                                      last edited by May 13, 2019, 8:32 AM

                                      @AndrewG78 said:

                                      There are several identical broadcast responses.

                                      Can’t explain that without having a full wireshark/tcpdump pcap file. Way too much information is missing to be able to get a glimpse on why this might happen

                                      There is tftpd error - Error code 8: User aborted the transfer

                                      It’s kind of a known thing. Before loading the boot file via TFTP the client requests the file size (via RRQ query command). The server answers the size query and for some weird reason the client sends back a “User aborted the transfer” and then sends a new request to actually download the file.

                                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                      1 Reply Last reply Reply Quote 0
                                      • 1 / 1
                                      • First post
                                        Last post

                                      162

                                      Online

                                      12.0k

                                      Users

                                      17.3k

                                      Topics

                                      155.2k

                                      Posts
                                      Copyright © 2012-2024 FOG Project