Installer Issue - Interface/Ipadress related reopend
-
@turtle331 said in Installer Issue - Interface/Ipadress related:
Hey,
I started a fresh install using the installation script. It stops on the creation of the certification for https. I cant get it past that pointthanks for the help
Additional files/before requested Files:
Hey,
sadly I am back with the same issue as before. I can confirm this is strato related. The last Command output asked is now here.
ip addr show.txtAdditional Files/current Files:
fog_error_1.5.9.log
foginstall.log
req.cnf.txt -
@Turtle331 Wohooo, this is some really special network setup with a loopback IP (plus a second proper address) on the external network interface.
I guess you need to modify the installer script for your needs to be able to go ahead.
On the other hand I am wondering if you really want to setup FOG on a Starto server?!? How would PXE booting clients reach that server? What does your network look like?
FOG was not developed with much of security in mind when it came out many years ago. While some parts can be secured (HTTPS) others are still a security nightmare (NFS, FTP). Be aware of that before you go ahead.
-
@sebastian-roth My Plan is to setup a Fog Server external for Gui configuration. Internal for PXE routing through a vpn. Roadwarrior style. For fresh installation using a openwrt flashed Device with openvpn client. Basically Fog Server on the go. Deploy, wait and go.
I an curious what do I need to change in the installation script to make it work?The goal is a pocket mass iso deployment system
-
@turtle331 said in Installer Issue - Interface/Ipadress related reopend:
For fresh installation using a openwrt flashed Device with openvpn client.
So the output of
ip addr show
is from a fresh clean OpenWRT router?How much disk space do you have on the router for storing an image? Does is have gigabit LAN? Probably the IO performance is not great but it could work. @george1421 has used Raspberry Pi as FOG server. What kind of hardware do you use?
-
@sebastian-roth Sorry for the unprecised explanation. My setup is combined through 3 parts
- Part: FOG Server on a debian 10 hosted Server
- origin for the command output/erros
- Part: a OpenWRT Router as the output for PXE, FTP and NFS
- Part: OpenVPN Software connection the FOG Server with the OpenWRT Router
This setup allow me to setup PC fast and in mass.
My Problem is that the Strato vServer has a wierd interface that the installation script cant handle. I cant change anything at the interface so I need to change the script instead. My question is, where is the problem and how does the solution look like?
-
@sebastian-roth said in Installer Issue - Interface/Ipadress related reopend:
@turtle331 said in Installer Issue - Interface/Ipadress related reopend:
For fresh installation using a openwrt flashed Device with openvpn client.
So the output of
ip addr show
is from a fresh clean OpenWRT router?No this command is from the vServer where I want to have the main FOG Server.
How much disk space do you have on the router for storing an image? Does is have gigabit LAN?
Yes it has gigabit LAN, as well as 900 Mbit/s Wifi and a good range.
Probably the IO performance is not great but it could work. @george1421 has used Raspberry Pi as FOG server. What kind of hardware do you use?
For the server I use 8 cores, 16 GB ram and 1.2TB Diskspace
-
@turtle331 Running FOG on the Raspberry Pi4 works really well if you have a small deployment. You can image off the internal microSD card at about 3.7 to 4.5GB/m. In my case I have a USB3 to SATA adapter where I put a SATA SSD and the repository for the images to create a small mobile deployment server.
I have the pi running dnsmasq pxe boot into and wayne’s ip reassignment script to have the Pi use dhcp for its LAN interface. This way I can drop the mobile deployment server on a network without needing to touch much or any of the existing network configuration to deploy images. I find the ip address of the fog using mDNS to interact with the web ui
-
@george1421 This sounds intresting as well, not gone ly. The reason why I decided to put the fogserver on a public server is pretty simple. I am a traveler, thats why I need to reduce the amount of stuff I carrying with me. A Fog Server with really good specs in the “clouds” is the best thing, I currently envisioned. Especially if I can use IPXE with CD / DvD plus smth like a “man-in-middle” device for VPN tunneling. Its less hardware I carry but a fast deploy iso system to go. For more details and scenary I would suggest to change the chat to a more private chat. There is a lot of dimension we can keep talking about.
The main topic of this Issue is that, as far as I understand, I need a custom installer. I would like to get some support on that. -
@turtle331 So are you imaging over the public internet? If so I’ve been working on some security improvements. Well at the moment its not security improvements but communication obsufication.
With FOG 1.5.9 it uses by default NFSv3 for file up and downloads. The first step I did was convert this communication over to NFSv4 which sends all client server communications over a single port (2049). This is much easier to firewall than NFSv3. I’ve also tested imaging over stunnel, but adding in stunnel make about a 40% reduction in imaging speeds into the mix. I’ve also tested moving the NFSv4 port (i.e. random high port 34049) for some obfuscation on and that works with normal transfer speeds. The bit of testing where I stopped is with kerberos nfs authentication. I ran out of time with that project. The point of me reciting this is that its possible to support secure imaging over the internet.
Some other things on my plate for over the winter holidays is having fos linux setup a VPN tunnel (openvpn) to the FOG server and then imaging over that VPN tunnel. It sure seems possible. In this case we’d usb boot into FOS linux instead of pxe booting. These are just all ideas I had to do support imaging from a cloud based FOG server to internet based target computers.
-
@george1421 Thats the stuff I talking about. If you want we can exchange contacts to keep in touch. If you want, to keep you updated if I get the VPN part working.
-
@turtle331 I would like to get a solution for the installer error