Using Fog across two networks



  • Server
    • FOG Version: 1.44, 6077
    • OS: CentOS7
    Client
    • Service Version: Smart Installer, 0.11.12
    • OS: Windows 10
    Description

    Hi all,

    I have set up our FOG server across two separate networks, one for Staff (10.0.0.X) and one for Students (192.168.102.X) using a CentOS Virtual Machine. I set it up first on the Staff network and have successfully been able to do everything I would be able to do with FOG (it’s great!).

    I then added a network card to the FOG server VM and configured it for the Student network. I installed the FOG client on one of the Student PCs, rebooted and set the PC to PXE boot. However, when booting, the Student PC starts the PXE boot and successfully completes the ‘tftp://192.168.102.50/default.ipxe… ok’ step but in the next step it looks for the FOG server IP that’s on the other network ‘http://10.0.0.15/fog/service/ipxe/boot.php…Connection timed out’ and thus fails.

    The clients can see the FOG server on the Student network but not the Staff network. Is there any setting to make the Student PCs look on the Student network or make FOG listen on the Student network rather than the Staff network for the http process?

    Thanks in advance.


  • Moderator

    @aziraphale I have to ask you do you use the linux user account fog for system maintenance AND you change the password on that account? If so that linux user account is an internal system account used and managed by FOG. We find that sometimes people will change the password on this account and then capture fails. There is a process to fix this condition if that is what happened.



  • @george1421 Thanks very much for the information. I’ve set up the A records on both DNS servers and everything seems to be working okay in that I can ping ‘fogserver’ from both networks.

    I started capturing an image from the Student network but got an error that seems to suggest that a password is wrong somewhere (ftp_login():Login incorrect) so I need to fault find this one. I’ve found a fair bit of info on it so I just need to find the time to sort it out.

    Thanks again to every one for the help, it’s much appreciated. I’ll report back once I have a chance to get back to it.


  • Moderator

    @aziraphale OK then we might have a path forward. Understand I haven’t had to do this before so there may be something that will go sideways on us.

    But the concept with split horizon dns is to create an A record entry in each dns server. On the dns server on the staff network you will create an A record fogserver.domain.com (or whatever name you choose) that points to the nic on the staff network. You will do the same for the students network. That A record for fogserver.domain.com will point to the nic on the students network. That way a client on either network will always resolve to an interface on the right network.

    Once that is setup now you need to get in and tweak the FOG configuraiton. Anywhere in the FOG Settings that refer to an IP address you need to replace it with fogserver.domain.com. Also in the storage node configuration for your FOG server, replace the fog server IP address with its fqdn name.

    Now there is one other place you will need to edit by hand. In /tftpboot/default.ipxe exchange the fog server IP address with the fqdn name.

    Understand this setup is not supported by the FOG Project and the next time you upgrade your fog installation, the installer may overwrite certain configurations for you. Most will stay the way you put them.

    Now the only gotcha here is that there are some pxe boot roms that that are pretty dumb and will not translate the fqdn name to an ip address because they ignore DNS resolution. You are going to have to try it to see how well this setup works for you. It may be just as easy to setup a second fog server on the students network so you don’t have to deal with this complexity.



  • @george1421 Hi George. Yes, each network has it’s own DNS server. There’s no routing between the staff and student networks (that I’m aware of).


  • Moderator

    Since you have isolation between your staff network and your student network, then you can configure something called a split horizon DNS.

    Now for the questions:

    1. Can we confirm that each network has its own DNS server?
    2. Is there any type of routing between the staff network and the student’s network?

  • Moderator

    @aziraphale Yes, you can specify dns names - and then you’d need two DNS servers per network. One DNS server would point to the one IP, the other would point to the other IP.

    You’d modify this file: /tftpboot/default.ipxe and replace the bottom line’s IP address with a DNS name:

    0_1504802906004_Screenshot from 2017-09-07 11-46-05.png

    Then get another DNS server stood up - you could use dnsmasq in a VM for this - and specify on the masq server an entry in /etc/hosts for the other IP of the fog server. Then in DHCP, specify that scope to use the masq box for DNS. You can configure the masq server to forward all requests to the other existing DNS server (probably one of your domain controllers) but to handle requests to that one particular address itself.

    I have some example masq configs below, this uses example.com and forwards all requests to one of example.com’s addresses - except for the fogserver.example.com name.

    /bin/yum -y install dnsmasq
    file=/etc/dnsmasq.d/example
    echo 'server=/example.com/10.0.1.2' >> $file
    echo 'dns-forward-max=10000' >> $file
    echo 'max-cache-ttl=60' >> $file
    echo 'cache-size=1000' >> $file
    echo 'neg-ttl=3600' >> $file
    echo 'no-poll' >> $file
    file=/etc/NetworkManager/NetworkManager.conf
    echo '[main]' > $file
    echo 'plugins=ifcfg-rh' >> $file
    echo 'dns=none' >> $file
    echo '[logging]' >> $file
    systemctl restart NetworkManager
    echo 'search example.com' > /etc/resolv.conf
    echo 'nameserver 10.0.1.2' >> /etc/resolv.conf
    echo '192.168.1.2 fogserver.example.com' >> /etc/hosts
    systemctl enable dnsmasq
    systemctl start dnsmasq
    

    Does that make any sense?


Log in to reply
 

377
Online

38976
Users

10712
Topics

101675
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.