Is FOG able to fit my needs?

eadhor

Its one location with multiple sub-customers. You could see it as a shopping mall where each store is a sub-customer with up to 100 PCs.

So i could create the image here in Germany, transfer it to the server in Britain and then it should work?

Sebastian Roth

@george1421 said in Is FOG able to fit my needs?:

You must have dhcp enabled on this network for pxe booting to work.

While George is absolutely right about this in the way FOG is meant to usually work (PXE boot which needs DHCP!) this could be avoided by USB booting the clients for deployment of an image. So all the PCs would usually boot from the disk and if someone wants to change the image he has to plug-in the “magic FOG USB key” and hit F12 to boot from that. Just an idea.

@eadhor Your setup sounds kind of special but I think it can be done. Probably needs some modifications but it’s still way better than sending the PCs back and forth.

The sub-customers should only see their own images and not the ones from other sub-customers.

There are several different ways of achieving this I reckon.

Setup as many FOG servers (in VMs for example) as you have sub-customers - depending on the network structure this might be a good idea anyway
Possibly FOG plugin accesscontrol is good enough for your needs
Modify FOG to your needs (it’s open source)
…

Sebastian Roth

@eadhor As a side note I wanted to add that we are here to help you setting this up properly and possibly even add some code changes to make it work for you (if we think this would be interesting to others as well). From what you are saying this sounds like FOG would save your company a huge amount of money! We’d love to see you making some donation to the project if FOG is working for you.

eadhor

@Sebastian-Roth
I can tell that my superiors, but i cant promise anything I am at the end of the food-chain in this company

Thanks so far. I will start in early october with a REF-System if i get a go.

eadhor

@Sebastian-Roth

magic FOG USB key isn’t an option, because the PC’s are not so easy accessible, but it would be an option if there is no other way.

Sebastian Roth

@eadhor said in Is FOG able to fit my needs?:

I will start in early october with a REF-System if i get a go.

I’d advice you to start setting up a FOG server in the next couple of weeks (maybe at home in a VM if you don’t have resources at work) to get to know the system. You only need two VMs as a starter. Showing your supervisor how easy things would be using FOG will probably help in the decision process.

magic FOG USB key isn’t an option, because the PC’s are not so easy accessible, but it would be an option if there is no other way.

Not sure what that means (locked up in a different room?) but maybe a USB extension cord would do the trick…

Sebastian Roth

Just thinking out load about the special case of non-PXE and non-USB bootable environment. CD-boot would be another option. In case all this does not work it would be possible (not tried yet but in theory) to add the FOG deploy OS to your hard disk and boot it from there. So when the PC boots up it shows a boot menu where default is to boot the normal OS and the second menu item is deploying a new image to that PC. Of course for the initial setup you’d need to boot all the PCs via USB key once.

george1421

@eadhor I still think we need to understand the work flow here.

FOG requires pxe booting for imaging to work. You can use static IP mapping for the client computers. But you will need to have a dhcp server on this network. The fog server can act as a dhcp server if needed. If the customer is using a static IP addressing schema as a security measure then FOG is not a good fit here.

If you do use static IP and a dhcp server is possible, then we have some options. The target OS will need to have a way to identify the machine and to configure a static IP address for itself since FOG can’t do this for you.

FOG isn’t designed to be a multi-tenant in design. If you are an admin in fog you can see all images installed on the fog server. One option would be to setup multiple fog servers. Depending on your scale of deployment you could use an intel nuc as your FOG server. The FOG server doesn’t require much CPU for imaging. I know of someone creating a docker version of FOG, but its not clear if you can have more than one docker fog container per docker server.

Do each of the sub customers have their own isolated network or do they share the same network and subnet IP range?

eadhor

@george1421
Alle sub-customers use the same subnet IP range.

I have talked to a lot of people the last few hours. It COULD be possible to use the FOG Server as DHCP.

@Sebastian-Roth
The PC’s could be delivered by our supplier with a pre-installed FOG-Client. The problem working with the PC’s is the following. If u want to plug somthin in, you have to jump over a wall, or maybe walk around it, unlock a cage, plug it in, walk or jump back, do what u gotta do, jump over again, unplug it, lock the cage. It’s a high-security area.

Tom Elliott

I have to be honest, if the information handling is meant to be this highly secure, I doubt there’s a single imaging solution that can meet your needs.

That all said, localized FOG Servers could do what you want, but the moment you think about “centrally managing” them, you start to break your own “Highly Secure” layout.

george1421

@eadhor Do you want the sub customers to be able to deploy images or will you manage the process from Germany?

The issue I’m seeing right now is isolation of each sub company’s images. Right now the FOG ACL system is pretty weak in that you are an admin or not an admin. If you are admin you have access to everything.

What we would need for this idea to work is to use the location plugin and then find a way to restrict images and IT admins to specific locations (this was a request of mine for several years now). In that IT admins from location A can only see images that are assigned to location A, location B and so on. Right now that level of control is missing in FOG.

george1421

@Tom-Elliott said in Is FOG able to fit my needs?:

you start to break your own “Highly Secure” layout

High physical security or high ~~ICT~~ computer security not necessarily the same thing.

eadhor

Okay,

just to make it hopefully more clear. ! 0_1500915821660_Untitled Diagram.jpg

Of course it’s not a shopping mall. The Customers offer different services. You can imagine it like a self-service ticket station in a train station.

The network itself is high-security.

eadhor

Hi all,

so now it’s getting serious. We are trying to implent FOG in our System. Therefore i am installing a reference system. The system is running on a ESXi Host. I have installed CentOS, but now i am stuck with the installation.

https://wiki.fogproject.org/wiki/index.php?title=CentOS_7
Here is written:
for service in http https tftp ftp mysql nfs mountd rpc-bind proxy-dhcp samba; do firewall-cmd --permanent --zone=public --add-service=$service;

What does this mean and how do i do it? Because its not a command.
Can i disable firewalld? Because we are behind of a DMZ.

Kind regards
Denny

eadhor

@eadhor
Ok… it’s just bash. Sorry^^

Sebastian Roth

@eadhor Yeah right, it’s bash. Keep going and let us know when you need help. Pay attention to disabling SELinux as that can cause you a major problem if you don’t know how to handle it.

eadhor

I made a stupid mistake.

I have started the installation. Went really well, but when this appeared: * Changing permissions on apache log files…OK

Backing up database…OK
You still need to install/update your database schema.
This can be done by opening a web browser and going to:

http://139.2.247.233/fog/management
Press [Enter] key when database is updated/installed.^C

I wanted to copy the http adress and pressed cmd + c which aborted the installation.

So i thought i could start the installation all over again, but when i reach this point i get an error message:

Changing permissions on apache log files…OK
Backing up database…Failed!

How can i handle this?

Sebastian Roth

@eadhor Try to open that URL http://139.2.247.233/fog/management and I guess you’ll see a error page. Then take a look at the apache error log (see my signature on where to find this). Post what you have in the apache log here.

eadhor

@sebastian-roth
[Fri Dec 08 13:43:36.265102 2017] [core:notice] [pid 29364] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Fri Dec 08 13:43:36.266489 2017] [suexec:notice] [pid 29364] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Dec 08 13:43:36.330261 2017] [auth_digest:notice] [pid 29364] AH01757: generating secret for digest authentication …
[Fri Dec 08 13:43:36.331281 2017] [lbmethod_heartbeat:notice] [pid 29364] AH02282: No slotmem from mod_heartmonitor
[Fri Dec 08 13:43:36.355207 2017] [mpm_prefork:notice] [pid 29364] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.32 configured – resuming normal operations
[Fri Dec 08 13:43:36.355241 2017] [core:notice] [pid 29364] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Fri Dec 08 13:43:43.597688 2017] [:error] [pid 29373] [client 139.2.241.1:59690] PHP Fatal error: Call to a member function lastInsertId() on boolean in /var/www/html/fog/lib/db/pdodb.class.php on line 443
[Fri Dec 08 13:44:04.346207 2017] [:error] [pid 29374] [client 139.2.241.1:59691] PHP Fatal error: Call to a member function lastInsertId() on boolean in /var/www/html/fog/lib/db/pdodb.class.php on line 443
[Fri Dec 08 13:44:09.382076 2017] [:error] [pid 29372] [client 139.2.241.1:59695] PHP Fatal error: Call to a member function lastInsertId() on boolean in /var/www/html/fog/lib/db/pdodb.class.php on line 443

I have made a snapshot before the installation and tried to install it again. Now i am a this point:

Changing permissions on apache log files…OK
Backing up database…OK
You still need to install/update your database schema.
This can be done by opening a web browser and going to:

http://139.2.247.233/fog/management
Press [Enter] key when database is updated/installed.

But i still see nothin on the page. So above is the error.log

Sebastian Roth

@eadhor Have you ever set a password for the database? Try connecting to the DB on the command line:

shell> mysql -u root -p
Enter password:
...
mysql> exit;

See if you can login. If you got the credentials please see if they match with those in /var/www/fog/lib/fog/config.class.php

Is FOG able to fit my needs?

153

12.0k

17.3k

155.2k