Is FOG able to fit my needs?

george1421

@eadhor Do you want the sub customers to be able to deploy images or will you manage the process from Germany?

The issue I’m seeing right now is isolation of each sub company’s images. Right now the FOG ACL system is pretty weak in that you are an admin or not an admin. If you are admin you have access to everything.

What we would need for this idea to work is to use the location plugin and then find a way to restrict images and IT admins to specific locations (this was a request of mine for several years now). In that IT admins from location A can only see images that are assigned to location A, location B and so on. Right now that level of control is missing in FOG.

george1421

@Tom-Elliott said in Is FOG able to fit my needs?:

you start to break your own “Highly Secure” layout

High physical security or high ICT computer security not necessarily the same thing.

eadhor

Okay,

just to make it hopefully more clear. ! 0_1500915821660_Untitled Diagram.jpg

Of course it’s not a shopping mall. The Customers offer different services. You can imagine it like a self-service ticket station in a train station.

The network itself is high-security.

eadhor

Hi all,

so now it’s getting serious. We are trying to implent FOG in our System. Therefore i am installing a reference system. The system is running on a ESXi Host. I have installed CentOS, but now i am stuck with the installation.

https://wiki.fogproject.org/wiki/index.php?title=CentOS_7
Here is written:
for service in http https tftp ftp mysql nfs mountd rpc-bind proxy-dhcp samba; do firewall-cmd --permanent --zone=public --add-service=$service;

What does this mean and how do i do it? Because its not a command.
Can i disable firewalld? Because we are behind of a DMZ.

Kind regards
Denny

eadhor

@eadhor
Ok… it’s just bash. Sorry^^

Sebastian Roth

@eadhor Yeah right, it’s bash. Keep going and let us know when you need help. Pay attention to disabling SELinux as that can cause you a major problem if you don’t know how to handle it.

eadhor

I made a stupid mistake.

I have started the installation. Went really well, but when this appeared: * Changing permissions on apache log files…OK

• Backing up database…OK

• You still need to install/update your database schema.

• This can be done by opening a web browser and going to:

  http://139.2.247.233/fog/management

• Press [Enter] key when database is updated/installed.^C

I wanted to copy the http adress and pressed cmd + c which aborted the installation.

So i thought i could start the installation all over again, but when i reach this point i get an error message:

• Changing permissions on apache log files…OK
• Backing up database…Failed!

How can i handle this?

Sebastian Roth

@eadhor Try to open that URL http://139.2.247.233/fog/management and I guess you’ll see a error page. Then take a look at the apache error log (see my signature on where to find this). Post what you have in the apache log here.

eadhor

@sebastian-roth
[Fri Dec 08 13:43:36.265102 2017] [core:notice] [pid 29364] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Fri Dec 08 13:43:36.266489 2017] [suexec:notice] [pid 29364] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Dec 08 13:43:36.330261 2017] [auth_digest:notice] [pid 29364] AH01757: generating secret for digest authentication …
[Fri Dec 08 13:43:36.331281 2017] [lbmethod_heartbeat:notice] [pid 29364] AH02282: No slotmem from mod_heartmonitor
[Fri Dec 08 13:43:36.355207 2017] [mpm_prefork:notice] [pid 29364] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.32 configured – resuming normal operations
[Fri Dec 08 13:43:36.355241 2017] [core:notice] [pid 29364] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Fri Dec 08 13:43:43.597688 2017] [:error] [pid 29373] [client 139.2.241.1:59690] PHP Fatal error: Call to a member function lastInsertId() on boolean in /var/www/html/fog/lib/db/pdodb.class.php on line 443
[Fri Dec 08 13:44:04.346207 2017] [:error] [pid 29374] [client 139.2.241.1:59691] PHP Fatal error: Call to a member function lastInsertId() on boolean in /var/www/html/fog/lib/db/pdodb.class.php on line 443
[Fri Dec 08 13:44:09.382076 2017] [:error] [pid 29372] [client 139.2.241.1:59695] PHP Fatal error: Call to a member function lastInsertId() on boolean in /var/www/html/fog/lib/db/pdodb.class.php on line 443

I have made a snapshot before the installation and tried to install it again. Now i am a this point:

• Changing permissions on apache log files…OK

• Backing up database…OK

• You still need to install/update your database schema.

• This can be done by opening a web browser and going to:

  http://139.2.247.233/fog/management

• Press [Enter] key when database is updated/installed.

But i still see nothin on the page. So above is the error.log

Sebastian Roth

@eadhor Have you ever set a password for the database? Try connecting to the DB on the command line:

shell> mysql -u root -p
Enter password:
...
mysql> exit;

See if you can login. If you got the credentials please see if they match with those in /var/www/fog/lib/fog/config.class.php

eadhor

@sebastian-roth said in Is FOG able to fit my needs?:

/var/www/fog/lib/fog/config.class.php

Oh i think thats the Problem. I thaught i have to give an initial passwort during the installation. When i try to use mysql like this: mysql -u root -> i can log in
when i use the password which is in

define(‘DATABASE_PASSWORD’, “XXXXX”);

i have no access.
How shout it look without a password?

define(‘DATABASE_PASSWORD’, “”);

Kind regards
Denny

Wayne Workman

@eadhor Be sure to set the database username and password inside of /opt/fog/.fogsettings or you’re bound to break stuff later on when you upgrade (promise).

Change settings for fog inside of the fogsettings file, then re-run the installer for those settings to take effect. Here’s documentation about the file:
https://wiki.fogproject.org/wiki/index.php?title=.fogsettings

The settings you need to change are these:

snmysqluser=''
snmysqlpass=''

Put the correct values into them, save, then re-run the installer.

eadhor

@wayne-workman
Hey,
i have changed /opt/fog/.fogsettings

snmysqluser='root'
snmysqlpass='' 

and re-run the installer. But i got the error again.

 * Changing permissions on apache log files....................OK
 * Backing up database.........................................Failed!

Server is up and running so far, but i get the problem with the updates Like i have said, there is no database password.

Wayne Workman

@eadhor Check your free space with df -h look for partitions that are 100% or 99% full.

Also, inside of /opt/fog/.fogsettings set snmysqlhost to these two things, one at a time: localhost and 127.0.0.1 Running the installer after each to see if the setting works.

eadhor

And here ist my next question.

We have an existing DHCP-Server. What informations do i have to provide to the sysadmin? He wants to add a DHCP-Group for the two Clients.

Can i take an image of an existing Virtual Machine? If so. How?

Kind regards
Denny

EDIT:
As far as i know, he needs the following information:
next-serve (FOG-Server IP?)
filename??

eadhor

@wayne-workman

[root@qa-fog-server bin]# df -h
Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf
/dev/mapper/centos-root 20G 3,2G 17G 16% /
devtmpfs 3,9G 0 3,9G 0% /dev
tmpfs 3,9G 0 3,9G 0% /dev/shm
tmpfs 3,9G 8,6M 3,9G 1% /run
tmpfs 3,9G 0 3,9G 0% /sys/fs/cgroup
/dev/sda1 1014M 180M 835M 18% /boot
/dev/mapper/centos-images 271G 33M 271G 1% /images
tmpfs 783M 0 783M 0% /run/user/0

Ive tried localhost and 127.0.0.1. Both failed

Wayne Workman

@eadhor Wherever you keep your fogproject directory, go there, then go into bin and do a -ls -laht you should see a new directory in there for errors and such. In there, there will be an output file from the fog installer. We need the last 20 or so lines from that output file, that should tell us what’s going wrong.

eadhor

@wayne-workman

* Setting up fog user.........................................Already setup
 * Setting up fog password.....................................OK
 * Stopping FOGMulticastManager.service Service................OK
 * Stopping FOGImageReplicator.service Service.................OK
 * Stopping FOGSnapinReplicator.service Service................OK
 * Stopping FOGScheduler.service Service.......................OK
 * Stopping FOGPingHosts.service Service.......................OK
 * Stopping FOGSnapinHash.service Service......................OK
 * Stopping FOGImageSize.service Service.......................OK
 * Setting up and starting MySQL...............................OK
 * Backing up user reports.....................................Done
 * Stopping web service........................................OK
 * Removing vhost file.........................................OK
 * Stopping FOGMulticastManager.service Service................OK
 * Stopping FOGImageReplicator.service Service.................OK
 * Stopping FOGSnapinReplicator.service Service................OK
 * Stopping FOGScheduler.service Service.......................OK
 * Stopping FOGPingHosts.service Service.......................OK
 * Stopping FOGSnapinHash.service Service......................OK
 * Stopping FOGImageSize.service Service.......................OK
 * Setting up and starting MySQL...............................OK
 * Setting up Apache and PHP files.............................OK
 * Testing and removing symbolic links if found................OK
 * Backing up old data.........................................OK
 * Copying new files to web folder.............................OK
 * Creating config file........................................OK
 * Unzipping the binaries......................................Done
 * Copying binaries where needed...............................Done
 * Enabling apache and fpm services on boot....................OK
 * Creating SSL Certificate....................................OK
 * Creating auth pub key and cert..............................OK
 * Resetting SSL Permissions...................................OK
 * Setting up SSL FOG Server...................................OK
 * Starting and checking status of web services................OK
 * Changing permissions on apache log files....................OK
 * Backing up database.........................................Failed!

Geben Sie ein neues Passwort ein: Geben Sie das neue Passwort erneut ein: Ändern Passwort für Benutzer fog.
passwd: alle Authentifizierungs-Merkmale erfolgreich aktualisiert.
Failed to execute operation: Invalid argument
Failed to stop mysql.service: Unit mysql.service not loaded.
Failed to start mysql.service: Unit not found.
Unit mysql.service could not be found.
Failed to execute operation: Invalid argument
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since Mo 2017-12-11 17:03:09 CET; 2s ago
  Process: 1407 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 1376 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 1406 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─1406 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─1569 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/v
ar/lib/mysql/mysql.sock

Dez 11 17:03:07 qa-fog-server systemd[1]: Starting MariaDB database server...
Dez 11 17:03:07 qa-fog-server mariadb-prepare-db-dir[1376]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Dez 11 17:03:07 qa-fog-server mysqld_safe[1406]: 171211 17:03:07 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Dez 11 17:03:07 qa-fog-server mysqld_safe[1406]: 171211 17:03:07 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Dez 11 17:03:09 qa-fog-server systemd[1]: Started MariaDB database server.
Failed to execute operation: Invalid argument
Failed to stop mysql.service: Unit mysql.service not loaded.
Failed to start mysql.service: Unit not found.
Unit mysql.service could not be found.
Failed to execute operation: Invalid argument
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since Mo 2017-12-11 17:03:41 CET; 2s ago
  Process: 1777 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 1746 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 1776 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─1776 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─1939 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/v
ar/lib/mysql/mysql.sock

Dez 11 17:03:39 qa-fog-server systemd[1]: Starting MariaDB database server...
Dez 11 17:03:39 qa-fog-server mariadb-prepare-db-dir[1746]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Dez 11 17:03:40 qa-fog-server mysqld_safe[1776]: 171211 17:03:40 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Dez 11 17:03:40 qa-fog-server mysqld_safe[1776]: 171211 17:03:40 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Dez 11 17:03:41 qa-fog-server systemd[1]: Started MariaDB database server.
Archive:  binaries1.4.4.zip
  inflating: packages/kernels/bzImage
  inflating: packages/kernels/bzImage32
  inflating: packages/inits/init_32.xz
  inflating: packages/inits/init.xz
 extracting: packages/clientfiles/FOGCrypt.zip
 extracting: packages/clientfiles/FogService.zip
  inflating: packages/clientfiles/SmartInstaller.exe
  inflating: packages/clientfiles/FOGService.msi
  inflating: packages/FOGService.msi
„../packages/clientfiles/FOGCrypt.zip“ -> „/var/www/html/fog//client/FOGCrypt.zip“
„../packages/clientfiles/FOGService.msi“ -> „/var/www/html/fog//client/FOGService.msi“
„../packages/clientfiles/FogService.zip“ -> „/var/www/html/fog//client/FogService.zip“
„../packages/clientfiles/SmartInstaller.exe“ -> „/var/www/html/fog//client/SmartInstaller.exe“
„../packages/kernels/bzImage“ -> „/var/www/html/fog//service/ipxe/bzImage“
„../packages/kernels/bzImage32“ -> „/var/www/html/fog//service/ipxe/bzImage32“
„../packages/inits/init_32.xz“ -> „/var/www/html/fog//service/ipxe/init_32.xz“
„../packages/inits/init.xz“ -> „/var/www/html/fog//service/ipxe/init.xz“
Signature ok
subject=/CN=139.2.247.233
Getting CA Private Key
ln: die symbolische Verknüpfung „/var/www/html/fog/fog“ konnte nicht angelegt werden: Die Datei existiert bereits
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mo 2017-12-11 17:03:47 CET; 2s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 2057 (httpd)
   Status: "Processing requests..."
   CGroup: /system.slice/httpd.service
           ├─2057 /usr/sbin/httpd -DFOREGROUND
           ├─2064 /usr/sbin/httpd -DFOREGROUND
           ├─2065 /usr/sbin/httpd -DFOREGROUND
           ├─2066 /usr/sbin/httpd -DFOREGROUND
           ├─2067 /usr/sbin/httpd -DFOREGROUND
           └─2068 /usr/sbin/httpd -DFOREGROUND

Dez 11 17:03:47 qa-fog-server systemd[1]: Starting The Apache HTTP Server...
Dez 11 17:03:47 qa-fog-server httpd[2057]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/fog.conf:1
Dez 11 17:03:47 qa-fog-server systemd[1]: Started The Apache HTTP Server.

● php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
   Active: active (running) since Mo 2017-12-11 17:03:47 CET; 2s ago
 Main PID: 2058 (php-fpm)
   Status: "Ready to handle connections"
   CGroup: /system.slice/php-fpm.service
           ├─2058 php-fpm: master process (/etc/php-fpm.conf
           ├─2059 php-fpm: pool www
           ├─2060 php-fpm: pool www
           ├─2061 php-fpm: pool www
           ├─2062 php-fpm: pool www
           └─2063 php-fpm: pool www

Dez 11 17:03:47 qa-fog-server systemd[1]: Starting The PHP FastCGI Process Manager...
Dez 11 17:03:47 qa-fog-server systemd[1]: Started The PHP FastCGI Process Manager.
--2017-12-11 17:03:49--  http://139.2.247.233//fog//maintenance/backup_db.php
Auflösen des Hostnamen »proxy.materna.de (proxy.materna.de)«... 139.2.1.3
Verbindungsaufbau zu proxy.materna.de (proxy.materna.de)|139.2.1.3|:8080... verbunden.
Proxy-Anforderung gesendet, warte auf Antwort... 403 Forbidden
2017-12-11 17:03:49 FEHLER 403: Forbidden.

Wayne Workman

@eadhor Looks like proxy issues? I don’t speak whatever that language is, but I do see a 403 Forbidden.

eadhor

@wayne-workman
Yes should be Proxy Issues. It’s german
When “waiting for an answer” i get an 403 error.