Feature request for FOG 1.6.x - Configure image capture to use NFSv4 instead of NFSv3
-
@quinniedid said in Feature request for FOG 1.6.x - Configure image capture to use NFSv4 instead of NFSv3:
How much modification would it take to even just allow NFSv4 to work in FOG as it stands today?
I guess I don’t understand? You have NFSv4 running to day.
From the perspective of fog supporting nfsv4 out of the box. The request was for FOG 1.6.1 to move over to nfsv4. As you see the tweaks are not that much to do (assuming if someone includes all of the instructions).NFSv4 does bring in some additional levels of security that are not available in v3. I guess if we have fog admins that are willing to test nfsv4 to ensure there are no hidden gotchas it may be an easier sell. But ultimately its up to the developers to decide to include it or not.
-
@george1421 @quinniedid Regarding this I might point to the discussion we had about replacing NFSv3 - possibly even replacing NFS altogether: https://forums.fogproject.org/topic/14772/feature-request-for-fog-1-6-x-replace-nfsv3
I won’t find the time to lead this discussion on weather FOG should move to NFSv4 or change to an entire different protocol. Though I think an in depth discussion is worthwhile before heading down one or the other road.
-
@george1421 I was able to get it working, yes. I was able to do both a capture and a deploy with NFSv4 being setup.
I now have the ability to only open two ports in the firewall for all of my FOG clients. Ports 2049/tcp and 80/tcp. I have a DHCP relay server that sits on each network, and it delivers the both ipxe.efi and default.ipxe via TFTP and everything else is done with HTTP. I haven’t figured out a way to boot not using TFTP but it seems that only works if HTTP network boot is an option for the device. This way I do not have to expose a TFTP service on the FOG server or having to use a helper to get it where it needs to be.
@Sebastian-Roth Quickly looking at that discussion it seems that maybe SSH might be the future but it comes with some performance loss and some other struggles.
I would be more than happy to just have NFSv4 be the default standard because at least that is improvement until a more in depth development and assessment can be done to do something different.
Thank you all!!!
-
@quinniedid said in Feature request for FOG 1.6.x - Configure image capture to use NFSv4 instead of NFSv3:
I haven’t figured out a way to boot not using TFTP but it seems that only works if HTTP network boot is an option for the device.
The issue is the pxe rom on the target computers. They generally only speak tftp. Once iPXE gets loaded it speaks multiple languages (tftp, http, https, nfs, AoE). The problem is getting iPXE loaded in the first place over the network.
While this isn’t a sustainable solution, you can usb boot iPXE then go 100% http{s}/nfs
-
@george1421 said in Feature request for FOG 1.6.x - Configure image capture to use NFSv4 instead of NFSv3:
Changes needed to FOS for NFSv4 support
Understand these instructions are for the FOG Devs and not the general FOG admin. You need to know the insides of FOS Linux development to understand some of my notations. I did not test with the option of
port=2049
. The hope is that is the default so it shouldn’t be needed. By defining a specific port firewall rules can be crafted much easier than with NFSv3 and earlier.- In buildroot the nfs-utils packages in the nfs-utils.mak file nfsv4 support must be enabled.
NFS_UTILS_CONF_OPTS = \ --enable-nfsv4 \ --enable-nfsv41 \ ... HOST_NFS_UTILS_CONF_OPTS = \ --enable-nfsv4 \ --enable-nfsv41 \ ...
-
nfsvers=4
must be added to the mount command in the following files in the overlay fs directory
./rootfs_overlay/bin/fog line:14
./rootfs_overlay/bin/fog.mount line:17,20
./rootfs_overlay/bin/fog.av line:15
./rootfs_overlay/bin/fog.photorec -
Done. Now rebuild initrd filesystem in buildroot
I’ve compiled a FOG 1.5.9 NFSv4 version of the initrd here: https://drive.google.com/file/d/1EHLhmM9-kXpFO7kfk3H1ydEZF3q8lID1/view?usp=sharing
@george1421 It has been quite some time but I have been tasked with having to completely rebuild FOG on a new OS. I was wondering if you could spare some time to generate a new initrd-NFSv4 from the “dev-branch” for me?
Or if there are instructions somewhere I can follow to do this myself, I would be very much willing to do that as well.
-
@quinniedid said in Feature request for FOG 1.6.x - Configure image capture to use NFSv4 instead of NFSv3:
I have been tasked with having to completely rebuild FOG on a new OS.
Well that’s interesting. Why a new OS? Based on what software stack? Or did I just read this the wrong way and you simply meant adding NFSv4 support?
-
I just meant that I am having to rebuild the FOG server on an updated OS. I figured that an up to date version of initrd with NFSv4 support enabled would be a good idea. We have been utilizing NFSv4 for about a year and a half now. This was a requirement from our Cyber security team.
I am was running Ubuntu 18.04 before and now running Ubuntu 22.04. The new server is currently in production with the old initrd_NFSv4 george1421 made for me, working. I just wanted to make sure there wasn’t new code in the initrd that could be an issue later down the road, that would interfere with new features and what not. Which is why I guess I was asking if we could get the newest version but built to enable NFSv4 support.
-
@george1421 said in Feature request for FOG 1.6.x - Configure image capture to use NFSv4 instead of NFSv3:
`this info is not tested as of now. It needs to be tested against an NFSv4 server. I am still working on the following design changes’
Using Buildroot 2022.02.9
In the buildroot config file using nconfig
Target packages->Filesystem and flash utilities
enable package nfs-utils and then NFSv4/NFSv4.1In the initrd image edit /bin/fog
Insert the following starting at line number 3
if [[ -n $nfsv4 ]]; then nfstype="nfsvers=4," else nfstype="" fi
Now these numbers will be adjusted because of the insert from the original file
At line #19 change this:mount -o nolock,proto=tcp,rsize=32768,wsize=32768,intr,noatime "$storage" /imagesinit >/tmp/mount-output 2>&1
to this
mount -o nolock,${nfstype}proto=tcp,rsize=32768,wsize=32768,intr,noatime "$storage" /imagesinit >/tmp/mount-output 2>&1
edit /bin/fog.mount
At line 17 change to this (insert the variable from beforemount -o nolock,${nfstype}proto=tcp,rsize=32768,wsize=32768,intr,noatime "$storage" /images >/tmp/mount-output 2>&1
At line 19 to
mount -o nolock,${nfstype}proto=tcp,rsize=32768,intr,noatime "$storage" /images >/tmp/mount-output 2>&1
-
@george1421 Here is the link to the updated inits with nfsv4 built in.
https://drive.google.com/file/d/1iEIFzCO1zqmXDHnA6KKYpGDGCnjCkaNR/view?usp=share_linkI did not test it beyond “does it connect”. You need to add this parameter as a global kernel parameter. This is done in the FOG Configuration->FOG Settings menu. Hit the expand all and then search for “kernel” Enter
nfsv4
into the kernel parameter make sure you observe the case. Without that value the FOS engine will function in nfsv3 mode. Also in the fog configuration change the init from init.z to init_v41.xz (same name as the download). Lastly the download init_41.xz goes into the fog server in/var/www/html/fog/service/ipxe
directory.Also realize you need to follow the directions below to update the
/etc/exports
file, as well as build the required directory structure since the nfsv3 and nfsv4 directories are constructed differently. You will also need to hack the FOG code as indicated below to pass the proper nfsv4 directory path for the capture. Everything IS outlined below all I did here is recompile the latest version of the inits. -
@george1421 I’m working on getting an updated FOG server running using NFSv4 as well. I’ve just installed 1.5.10.10 on Ubuntu 22.04 LTS and have gone through the steps on configuring the OS and FOG for NFSv4. I’m a bit stumped on the FOS changes, so I tried using this kernel for the server. When trying to boot a client to the FOG server with a bootable USB, the client kernel panics. I’m assuming it’s because the kernel here is for a previous version of FOG. Any ideas?
-
@hancocza Its a bit complicated, but the short answer is that the inits will need to be updated to support NFSv4 then its needs to be paired with the current kernel. You will have this issue with usb booting or booting via PXE. The default inits don’t support nfsv4. The answer is they can be fixed.
@Developers can we enable the inits to be compiled with NFSv4 support but not update the scripts to include NFSv4 support. This way the FOG Admin can just unpack, add the settings and repack the inits because everything would be already compiled in. Or simply include my hack below to enable a kernel variable to enable nfsv4 and only have one master inits package.
-
This post is deleted!