Planning out a FOG install.

george1421

@chimchild OK then (understand this configuration is not supported by the FOG Project, my musings are simply my own).

In this future setup I would do the following.

1. Install linux on your selected hardware with a single nic installed.
2. Copy the fog 1.2.0 stable installer to the linux box, but don’t install it just yet
3. Assign a ip address for the main nic so that it is static and on the lab subnet.
4. With the main network adapter connected to the lab lan, install fog 1.2.0 stable
5. Once fog is setup and functional install the second network adapter on the campus network
6. Assign a static ip address to this nic and make sure the gateway is set on this interface only to point to your internet router on your campus network.
7. Once that is done make sure you can ping devices on your campus network from your FOG server as well as ping (or connect to) devices on the internet.
8. Now to turn your linux box into a router all you need to do is turn a switch on in the linux kernel. You can do it a few different ways. The simplest way to turn in on right away is echo 1 > /proc/sys/net/ipv4/ip_forward that will work until your FOG server is rebooted. To make it a forever change you need to edit the /etc/sysctl.conf file and add in net.ipv4.ip_forward = 1 then finally resync the settings with this command sysctl -p /etc/sysctl.conf
9. OK so now your fog server is a router. There is 2 things you need to do. In your ISP router (or next upstream router) create a static route that defines the LAB subnet, and make it accessible via the FOG server’s network interface on the campus network. That will tell your ISP router how to send data to your LAB network. Then on the LAB network you need to tell those devices that the default route off the LAB network is via the FOG server’s interface on the LAB network.

Once all of those steps are completed your fog server will act as a router between the lab network and the campus network as well as act as a pxe boot server for your lab network. The key is to set your FOG server primary nic on the subnet where you want the pxe booting and image deployment to happen first.

Wayne Workman

@george1421 NAT? And why fog stable?

george1421

@Wayne-Workman said in Planning out a FOG install.:

@george1421 NAT? And why fog stable?

NAT was not requested. So if the address space is unique to the LAB why not just make it routable and not have to mess with nat. The OP can do do NAT if he wants, but that setup is way beyond the scope of what I posted. (yes I know you can do it with iptables).

FOG stable, I guess I didn’t explain that one very well, and I missed a step.
FOG Stable because that doesn’t have to connect back to the fogproject site for kernel downloads. That installer should be self contained. It will have to be, because the FOG server is not acting like a router yet. But we need the fog installer to be sure to select the NIC connected to the lab network. That way the multicasting and other FOG settings will be configured correctly.

Now the part that should be step 10
10. Download and install the FOG 1.2.0 trunk version and update the stable version of fog 1.2.0 to the latest trunk. Now that routing is working correctly the FOG installer can reach the fogproject.org web site to pickup the checksums and files.

Wayne Workman

@george1421 In trunk, the interface stuff is corrected now, just fyi. The installer intelligently detects the correct interface and IP to use.

chimchild

This is a very informative thread

I fully understand that the configuration and steps you lined out are from you and not FOG.

I apologize if I didn’t articulate all thoughts in my head (finals this months so there’s more hamsters than normal running the wheels)

I was looking at possibly NAT-ing at the FOG box. Have the lab on a private IP range (i.e. 192.168.x.x/24) and have the Fog box NAT/Route those IP to a single weber.edu address. Over the next month or so (after finals) I plan to have a sit down with out network group too. Hopefully they will be fine with a NET situation or assign the room a specific ip-range/vlan. I expect that they definitely want to keep the clustering traffic off the school’s network.

Its great having multiple config options available.

chimchild

@Wayne-Workman

@Wayne-Workman said in Planning out a FOG install.:

@chimchild Man, honestly, tell your uni to go to wal-mart and get a 30 dollar router. (or something better).

I don’t really have a budget; I’m sure if I have sufficient justification I can get reasonable purchases authorized. Personally I enjoy the challenges of re-purposing & “recyleware”. So far all hardware (except the new boxes for the lab computers) is stuff I’ve pulled from our storage closets, or the campus warehouse store.

And this has been a nice refresher & educational Linux project for me, that I believe will translate well into real-world post-graduation interviews in the next couple years.

chimchild

@george1421

OK. Overall I plan to stay within “stable” releases. One of my goals once its set up, to be able to remotely manage it so it will be headless, and leave behind sufficient documentation for future administration after I’ve graduated next year.

chimchild

@Wayne-Workman Thanks for sharing that. I think that will be very helpful to me on my project

Wayne Workman

@chimchild Just remember, my project is GPLv3, so to use any of it, your project must be GPLv3 as well.

chimchild

@Wayne-Workman been looking over your script/code. To disable the VPN portion would I just need to comment out or remove lines 43-100? of the functions.sh file?

Wayne Workman

@chimchild A lot more than that, look at the make_setiptables() function. Also, all the components are called from the install.sh file. lines 51 - 53.

Not even going to pretend that adapting my project will be easy or optimal, but do-able yes. The whole project was made from the perspective of forcing a network through a VPN transparently and reliably.

chimchild

@Wayne-Workman
Will keep that in mind. This is still in the planing and tryng different setup & configuration stages. I don’t think the Lab itself won’t be set up until the end of summer.

chimchild

I’ve also been looking at something like this https://www.howtoforge.com/nat_iptables as possible solution or part solution, especially if Fog itself can handle the DHCP requests.

Wayne Workman

@chimchild That would do it. I favor iptables for major network appliances. It’s commands and config make more sense to me than firewalld does.