Planning out a FOG install.

chimchild

I’m planning out a installation of Fog for a new Linux lab of 30+ boxes at my University.

There are a possible configurations we are considering.

Each box has 2 nics one for the school’s network/internet connection, and the other for an internal LAB only lan (distributive computing projects & lessons). I was initially thinking about setting up a fog box in the lab with 2 nics one for the lab lan, and one on the school’s network so I can remote in to manage the box from my office. To me the basic install set up should work for this option.

Another option I’m looking into and was wondering if FOG supported would be to have FOG act as the LAB DHCP & NAT server/router. Each of the lab boxes then would have 1 nic, FOG box would have 2. I would still remote in to manage the FOG box. Is this an option within FOG? or would I need to set up a separate service on the box for NAT?

My group & I are looking into FOG as a possible alternative to WDS and Deployment studio in deploying images to the machines we manage, and to more easily manage all machines from a central point.

Thanks

george1421

@chimchild well a couple of things here.

1. FOG is not a router. If you want a low cost router, either pick up a $20 home internet router and load dd-wrt on it, or take a older desktop and load pfsense on it. While you can turn fog into a router, well actually linux. I would not recommend doing both on the same box.

2. Your box with 2 nics will work. I would go with the router over having 2 nics in each target computer. But you can do the dual nic thing for FOG. Your primary nic is where you will do the imaging from. I would setup the server with one nic first and get fog working, then add your second nic for remote management. It will do as you want. The key here is to get the target computers to pxe boot using the right network interface. FOG could function as the dhcp and dns server for the lab network. No problem (I would still use a router for this).

Wayne Workman

I agree with George.

But, it’s possible to turn a Linux box running FOG into a router as well. I’ve done this at home with Fedora and CentOS 7, I have written some scripts that do it for me. My whole house goes through it actually.

chimchild

@Wayne-Workman
Kewl, both are great posts, thank you guys.

I would personally would like to avoid having dual NICs in the lab boxes. Since I would be well behind the schools security walls and on the internal network I don’t necessarily need to turn the box into a full fledged router with all the security bells and whistles. I think it would just need the NAT software and basic routing of all but the DHCP & PXE traffic between NIC A & B. Or if I could get a lower end router to do that too would be nice. Some cursory googling makes it look like software wise it wouldn’t be too difficult to set up the NAT program on Linux. Time to rummage in the storage closet to see what we have that might work.

george1421

@chimchild If you are going to do the DIY router thing on a commodity desktop computer, please take a serious look at pfSense. Save your time for more value added processes. pfSense will do exactly what you need, plus you can mange it from a web based gui. For pfSense you can boot from a usb flash drive so no hard drive or cdrom is required as long as you have 4GB of ram, on a circa 2009 or newer box.

Wayne Workman

@chimchild @george1421 There’s also a project called ZeroShell that I like quite a lot.

chimchild

I’ll definitely take a look at pfSense, I’m sot sure a whole distribution solution like zeroshell would be the way to go, since I would have FOG on the same box.

Right now I’m working with a i3 quadcore 64bit (Sandybridge), with 4GB of ram. Its a micro form factor so I’ll take a look at to see if I can’t bump up the ram to 8 GB.

george1421

@chimchild So your goal is still to use the fog server as a router?

Wayne Workman

@chimchild Man, honestly, tell your uni to go to wal-mart and get a 30 dollar router. (or something better).

Junkhacker

@Wayne-Workman said in Planning out a FOG install.:

@chimchild Man, honestly, tell your uni to go to wal-mart and get a 30 dollar router. (or something better).

but make sure it’s one you can install dd-wrt or the like with. most consumer firmware doesn’t let you set options 66/67 as far as i know ( i could be wrong, haven’t brought a new router in a long time)

Wayne Workman

@Junkhacker Fog can run DHCP. Most allow you to turn DHCP off.

george1421

@Junkhacker I can say for a specialty project (jvc camera project) I purchased this home router and loaded dd-wrt on it. http://www.amazon.com/TP-LINK-TL-WR841N-Wireless-Router-300Mbps/dp/B001FWYGJS/ref=sr_1_2?ie=UTF8&qid=1460131895&sr=8-2&keywords=tp-link+home+router

For a lab router it may be a bit under-powered. But the price was right for the specific project. I think at the time I purchased it, the cost was $20USD.

Wayne Workman

here’s my OpenVPNRouter project:
https://github.com/wayneworkman/OpenVPNRouter

It’s designed to take a computer with two NICs and tunnel all traffic through PIA (private internet access), and also features DNS redirection as well. It serves DHCP, NAT, and also and acts as a firewall.

I haven’t worked on it in a while but it’s working. Installation is rough around the edges and I’ve not made it beautiful or polished yet.

You can adjust the bits and bobs to remove the VPN part easily.

HOWEVER,
I still recommend buying a router!

chimchild

I would like to do do it all in one box.

Right now the box will just be handling one Lab/Room, and will largely be an experiment. If it goes well we would like to to set up a more central Fog server (either a VM or physical box) and start migrating our Macs and then out Windows deployments onto it.

george1421

@chimchild OK then (understand this configuration is not supported by the FOG Project, my musings are simply my own).

In this future setup I would do the following.

1. Install linux on your selected hardware with a single nic installed.
2. Copy the fog 1.2.0 stable installer to the linux box, but don’t install it just yet
3. Assign a ip address for the main nic so that it is static and on the lab subnet.
4. With the main network adapter connected to the lab lan, install fog 1.2.0 stable
5. Once fog is setup and functional install the second network adapter on the campus network
6. Assign a static ip address to this nic and make sure the gateway is set on this interface only to point to your internet router on your campus network.
7. Once that is done make sure you can ping devices on your campus network from your FOG server as well as ping (or connect to) devices on the internet.
8. Now to turn your linux box into a router all you need to do is turn a switch on in the linux kernel. You can do it a few different ways. The simplest way to turn in on right away is echo 1 > /proc/sys/net/ipv4/ip_forward that will work until your FOG server is rebooted. To make it a forever change you need to edit the /etc/sysctl.conf file and add in net.ipv4.ip_forward = 1 then finally resync the settings with this command sysctl -p /etc/sysctl.conf
9. OK so now your fog server is a router. There is 2 things you need to do. In your ISP router (or next upstream router) create a static route that defines the LAB subnet, and make it accessible via the FOG server’s network interface on the campus network. That will tell your ISP router how to send data to your LAB network. Then on the LAB network you need to tell those devices that the default route off the LAB network is via the FOG server’s interface on the LAB network.

Once all of those steps are completed your fog server will act as a router between the lab network and the campus network as well as act as a pxe boot server for your lab network. The key is to set your FOG server primary nic on the subnet where you want the pxe booting and image deployment to happen first.

Wayne Workman

@george1421 NAT? And why fog stable?

george1421

@Wayne-Workman said in Planning out a FOG install.:

@george1421 NAT? And why fog stable?

NAT was not requested. So if the address space is unique to the LAB why not just make it routable and not have to mess with nat. The OP can do do NAT if he wants, but that setup is way beyond the scope of what I posted. (yes I know you can do it with iptables).

FOG stable, I guess I didn’t explain that one very well, and I missed a step.
FOG Stable because that doesn’t have to connect back to the fogproject site for kernel downloads. That installer should be self contained. It will have to be, because the FOG server is not acting like a router yet. But we need the fog installer to be sure to select the NIC connected to the lab network. That way the multicasting and other FOG settings will be configured correctly.

Now the part that should be step 10
10. Download and install the FOG 1.2.0 trunk version and update the stable version of fog 1.2.0 to the latest trunk. Now that routing is working correctly the FOG installer can reach the fogproject.org web site to pickup the checksums and files.

Wayne Workman

@george1421 In trunk, the interface stuff is corrected now, just fyi. The installer intelligently detects the correct interface and IP to use.

chimchild

This is a very informative thread

I fully understand that the configuration and steps you lined out are from you and not FOG.

I apologize if I didn’t articulate all thoughts in my head (finals this months so there’s more hamsters than normal running the wheels)

I was looking at possibly NAT-ing at the FOG box. Have the lab on a private IP range (i.e. 192.168.x.x/24) and have the Fog box NAT/Route those IP to a single weber.edu address. Over the next month or so (after finals) I plan to have a sit down with out network group too. Hopefully they will be fine with a NET situation or assign the room a specific ip-range/vlan. I expect that they definitely want to keep the clustering traffic off the school’s network.

Its great having multiple config options available.

chimchild

@Wayne-Workman

@Wayne-Workman said in Planning out a FOG install.:

@chimchild Man, honestly, tell your uni to go to wal-mart and get a 30 dollar router. (or something better).

I don’t really have a budget; I’m sure if I have sufficient justification I can get reasonable purchases authorized. Personally I enjoy the challenges of re-purposing & “recyleware”. So far all hardware (except the new boxes for the lab computers) is stuff I’ve pulled from our storage closets, or the campus warehouse store.

And this has been a nice refresher & educational Linux project for me, that I believe will translate well into real-world post-graduation interviews in the next couple years.