• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Multiple FOG servers in one network

Scheduled Pinned Locked Moved
General
4
18
2.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Sebastian Roth Moderator
    last edited by Sebastian Roth Dec 12, 2018, 1:58 AM Dec 12, 2018, 7:56 AM

    @AndrewG78 said in Multiple FOG servers in one network:

    dnsmasq will respond with dhcp offer as it does right now, but only to the machines included on MAC address list.
    Simple query to FOG’s mysql will get registered hosts from DB and update the list automatically.
    If this is not possible with dnsmasq I thought iptables could be used instead?
    Obviously, we will lost the ability to register new machines from the FOG boot menu.

    Although it’s kind of a hack I kind of like the idea. Personally I would go the iptables route but just because I love it.

    You could even get registration working I suppose. Let me think about the whole idea a bit more. Will get back to you soon.

    Why using dnsmasq anyway? What DHCP server do you have right now that cannot be modified to do PXE boot?

    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

    A 1 Reply Last reply Dec 12, 2018, 8:22 AM Reply Quote 1
    • A
      AndrewG78 @Sebastian Roth
      last edited by Dec 12, 2018, 8:22 AM

      @Sebastian-Roth said in Multiple FOG servers in one network:

      Why using dnsmasq anyway? What DHCP server do you have right now that cannot be modified to do PXE boot?

      I have no access to DHCP server. Company’s policy.

      W 1 Reply Last reply Dec 12, 2018, 1:32 PM Reply Quote 0
      • W
        Wayne Workman @AndrewG78
        last edited by Wayne Workman Dec 12, 2018, 7:32 AM Dec 12, 2018, 1:32 PM

        @AndrewG78 said in Multiple FOG servers in one network:

        I have no access to DHCP server. Company’s policy.

        Then request changes formally, in writing. If there’s an existing ticketing system, use that. State what you need, and why you need it. State the benefits. And be polite and respectful.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
        Daily Clean Installation Results:
        https://fogtesting.fogproject.us/
        FOG Reporting:
        https://fog-external-reporting-results.fogproject.us/

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by Sebastian Roth Dec 13, 2018, 7:09 AM Dec 13, 2018, 1:07 PM

          @AndrewG78 Having thought about this for a bit more I think this can be achieved without too much of trouble. I would suggest to not run dnsmasq service on all your FOG servers but have one FOG server designated as master proxyDHCP (dnsmasq). This way you don’t even need iptables to filter the packets. I played with the dnsmasq config a bit and came up with this:

          # Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# make dnsmasq act as proxy server
dhcp-range=192.168.2.7,proxy

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Booting FOG Client", 1

dhcp-userclass=set:ipxe,iPXE
dhcp-match=set:ipxe,175

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
dhcp-mac=set:team1,F0:DE:F1:EB:02:E0
dhcp-mac=set:team2,F0:DE:F1:EB:02:E1

# Team 1
pxe-service=net:team1,net:!ipxe,x86PC, "Team 1", undionly.kpxe, 192.168.2.7
pxe-service=net:team1,net:!ipxe,IA64_EFI, "Team 1", ipxe.efi, 192.168.2.7
pxe-service=net:team1,net:!ipxe,IA32_EFI, "Team 1", i386-efi/ipxe.efi, 192.168.2.7
pxe-service=net:team1,net:!ipxe,BC_EFI, "Team 1", ipxe.efi, 192.168.2.7
pxe-service=net:team1,net:!ipxe,Xscale_EFI, "Team 1", ipxe.efi, 192.168.2.7
pxe-service=net:team1,net:!ipxe,X86-64_EFI, "Team 1", ipxe.efi, 192.168.2.7
dhcp-boot=net:team1,net:ipxe,filenotneeded,,192.168.2.7

# Team 2
pxe-service=net:team2,net:!ipxe,x86PC, "Team 2", undionly.kpxe, 192.168.2.4
pxe-service=net:team2,net:!ipxe,IA64_EFI, "Team 2", ipxe.efi, 192.168.2.4
pxe-service=net:team2,net:!ipxe,IA32_EFI, "Team 2", i386-efi/ipxe.efi, 192.168.2.4
pxe-service=net:team2,net:!ipxe,BC_EFI, "Team 2", ipxe.efi, 192.168.2.4
pxe-service=net:team2,net:!ipxe,Xscale_EFI, "Team 2", ipxe.efi, 192.168.2.4
pxe-service=net:team2,net:!ipxe,X86-64_EFI, "Team 2", ipxe.efi, 192.168.2.4
dhcp-boot=net:team2,net:ipxe,filenotneeded,,192.168.2.4

          You can have as many “team definitions” as you want and can assign clients via MAC address to any one team you want them to be in. The only thing you need to adapt is the IP addresses, search for 192.168.2 in the conf file and adjust to your needs.

          Simply add new hosts to your dnsmasq config and they should perfectly register with the FOG server you teamed it up with.

          This is a first proposal. Sure you could generate the dhcp-mac= definitions from the database. It would also be possible to add more dnsmasq foo to direct unregistered clients to a special PXE menu where you could choose which team it belongs to and send it off to register on a particular FOG team server. Sure it need some modification of code to achieve that but I am sure it can be done.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          A G 2 Replies Last reply Dec 13, 2018, 1:48 PM Reply Quote 1
          • A
            AndrewG78 @Sebastian Roth
            last edited by Dec 13, 2018, 1:48 PM

            @Sebastian-Roth
            HI. Thanks for this.
            Looks very promising. Will tests this method soon.

            1 Reply Last reply Reply Quote 0
            • G
              george1421 Moderator @Sebastian Roth
              last edited by Dec 13, 2018, 2:55 PM

              @Sebastian-Roth @AndrewG78

              That way will work well, except host management will be a big PITA. I haven’t tried this but Sebastian’s well defined concept could be extended to make it a bit easier to manage with a bash/mysql script.

              Since the dnsmasq configurations are additive I would suggest moving this section out to a new file in /etc/dnsmasq.d directory. If the default dnsmasq config file is called ltsp.conf, create a new one starting with a lower letter like amac_table.conf and add these into that file.

              dhcp-mac=set:team1,F0:DE:F1:EB:02:E0
dhcp-mac=set:team2,F0:DE:F1:EB:02:E1

              Then in FOG add the computers that are part of team 1 to a group in FOG called team1, the computers that are part of team 2 into a FOG group called team2 and so on. Use loops so that you can expand groups and membership numbers.

              Then finally create a bash script to build amac_table.conf from the FOG mysql database looping through the groups the last bit of the script will be to restart dnsmasq service.

              The is only a suggestion, if you have a small number of groups/hosts then manually managing the groups in dnsmasq would be easier, but if you had more than a handful it would be advantageous to use scripting to manage the lists.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              A 1 Reply Last reply Dec 14, 2018, 9:11 AM Reply Quote 1
              • A
                AndrewG78 @george1421
                last edited by Dec 14, 2018, 9:11 AM

                @george1421 @Sebastian-Roth
                Thank you for your valuable input. My idea is to separate not only the hosts but also snapins/images/literally everything. What I want to achieve is to have dedicated Fog server per team. The process of MAC address separation must be fully automatic.
                I will develop the script that will:

                1. Query database for hosts in the 60s loop
                2. Write MAC list to temp_mac file.
                3. If there is no amac_table.conf file, write temp_mac file as amac_table.conf
                4. If amac_table.conf exists, do diff on these files
                5. If files are same, do nothing
                6. If files differ, copy temp_mac over the amac_table.conf and restart dnsmasq service.
                  My only concern is, how to tell dnsmasq to read this particular file and how data should be formatted inside this MAC conf file?
                  May you shed some light on it ?
                  Obviously I will share my work here.
                1 Reply Last reply Reply Quote 0
                • S
                  Sebastian Roth Moderator
                  last edited by Dec 14, 2018, 11:37 AM

                  @AndrewG78 said in Multiple FOG servers in one network:

                  My only concern is, how to tell dnsmasq to read this particular file and how data should be formatted inside this MAC conf file?
                  May you shed some light on it ?

                  File needs to look like this and if you name it /etc/dnsmasq.d/amac_table.conf your dnsmasq service will automatically consider those definitions:

                  dhcp-mac=set:team1,F0:DE:F1:EB:02:E0
dhcp-mac=set:team2,F0:DE:F1:EB:02:E1
...

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  A 1 Reply Last reply May 13, 2019, 7:58 AM Reply Quote 0
                  • A
                    AndrewG78 @Sebastian Roth
                    last edited by Sebastian Roth May 13, 2019, 2:23 AM May 13, 2019, 7:58 AM

                    @Sebastian-Roth @george1421
                    Hi.
                    After quite a long time, I found free time to test filtering through the mac table configuration file.
                    It is working!!! Thx for the tips here.
                    However, I’d like to understand strange dnsmasq logs I noticed in the messages.

                    1. There are several identical broadcast responses.
                    2. There is tftpd error - Error code 8: User aborted the transfer
                      Beside of above, it works 🙂
                    available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003016
PXE(ens160) <MAC> proxy
tags: team1, ens160
next server: <IP>
broadcast response
sent size:  1 option: 53 message-type  2
sent size:  4 option: 54 server-identifier  <IP>
sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
sent size: 17 option: 97 client-machine-id  
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003016
PXE(ens160) <MAC> proxy
tags: team1, ens160
next server: <IP>
broadcast response
sent size:  1 option: 53 message-type  2
sent size:  4 option: 54 server-identifier  <IP>
sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
sent size: 17 option: 97 client-machine-id  
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003016
PXE(ens160) <MAC> proxy
tags: team1, ens160
next server: <IP>
broadcast response
sent size:  1 option: 53 message-type  2
sent size:  4 option: 54 server-identifier  <IP>
sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
sent size: 17 option: 97 client-machine-id  
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003016
PXE(ens160) <MAC> proxy
tags: team1, ens160
next server: <IP>
broadcast response
sent size:  1 option: 53 message-type  2
sent size:  4 option: 54 server-identifier  <IP>
sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
sent size: 17 option: 97 client-machine-id  
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003016
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003016
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003016
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003016
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003016
PXE(ens160) <MAC> proxy
tags: team1, ens160
bootfile name: ipxe.efi
server name: <IP>
next server: <IP>
sent size:  1 option: 53 message-type  5
sent size:  4 option: 54 server-identifier  <IP>
sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
sent size: 17 option: 97 client-machine-id  
in.tftpd[27886]: Error code 8: User aborted the transfer
in.tftpd[27887]: Client <machine_IP>finished ipxe.efi
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003010
user class: iPXE
PXE(ens160) <MAC> proxy
tags: ipxe, team1, ens160
bootfile name: filenotneeded
next server: <IP>
broadcast response
sent size:  1 option: 53 message-type  2
sent size:  4 option: 54 server-identifier  <IP>
sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
sent size: 17 option: 97 client-machine-id  
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003010
user class: iPXE
PXE(ens160) <MAC> proxy
tags: ipxe, team1, ens160
bootfile name: filenotneeded
next server: <IP>
broadcast response
sent size:  1 option: 53 message-type  2
sent size:  4 option: 54 server-identifier  <IP>
sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
sent size: 17 option: 97 client-machine-id  
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003010
user class: iPXE
PXE(ens160) <MAC> proxy
tags: ipxe, team1, ens160
bootfile name: filenotneeded
next server: <IP>
broadcast response
sent size:  1 option: 53 message-type  2
sent size:  4 option: 54 server-identifier  <IP>
sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
sent size: 17 option: 97 client-machine-id  
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003010
user class: iPXE
PXE(ens160) <MAC> proxy
tags: ipxe, team1, ens160
bootfile name: filenotneeded
next server: <IP>
broadcast response
sent size:  1 option: 53 message-type  2
sent size:  4 option: 54 server-identifier  <IP>
sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
sent size: 17 option: 97 client-machine-id  
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003010
user class: iPXE
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003010
user class: iPXE
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003010
user class: iPXE
available DHCP subnet: <IP>/255.255.255.0
vendor class: PXEClient:Arch:00007:UNDI:003010
user class: iPXE
localhost in.tftpd[27997]: Client <machine_IP>finished default.ipxe
                    1 Reply Last reply Reply Quote 0
                    • S
                      Sebastian Roth Moderator
                      last edited by May 13, 2019, 8:32 AM

                      @AndrewG78 said:

                      There are several identical broadcast responses.

                      Can’t explain that without having a full wireshark/tcpdump pcap file. Way too much information is missing to be able to get a glimpse on why this might happen

                      There is tftpd error - Error code 8: User aborted the transfer

                      It’s kind of a known thing. Before loading the boot file via TFTP the client requests the file size (via RRQ query command). The server answers the size query and for some weird reason the client sends back a “User aborted the transfer” and then sends a new request to actually download the file.

                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      • First post
                        Last post

                      167

                      Online

                      12.1k

                      Users

                      17.3k

                      Topics

                      155.3k

                      Posts
                      Copyright © 2012-2024 FOG Project