Fog Setup for a complete noob (two network cards)



  • Good Morning guys,

    I am sorry if I have posted in the wrong section please feel free to move my post. I have failed in setting up a clonezilla server on our network.

    I literally had a box with one nic connected to a switch connected to a router completely isolated from our main network. I could never get a DHCP service to work with the bloody thing. Although the router I had plugged in would assign DHCP to nodes on the switch. Anyways was probably something stupid I was doing on the main box ( maybe I had to setup a dhcp scope on the box? who knows)

    Anyways moving on I wish to setup a fog server. I have a few requirements
    My layout will be

    Server connected to 2 nics
    1st nic connect to our main network used for setup and outside connections
    2nd nic connected to a switch where I can hook up nodes and clone / deploy via fog.

    Centos will be my O/S of choice.

    Does anybody have a plain english guide in setting such a layout up? I wan’t to avoid the main network completely aswell already have a DHCP server and a PXE server which is taken up the whole network.

    The main issue I struggle with is DHCP, would I have to setup a router to my switch or just leave the switch plugged in directly to the 2nd nic and setup some DHCP wizardry within centos.

    help appreciated :)



  • @sebastian-roth Thank you for the explanation, I will have to do some digging on the serva box and see how it has been setup.

    Our main DHCP server isn’t actually a router it’s all being handled by a SME Server. I don’t have the authorization to change the dhcpd.conf on the SME box.

    Another way regarding FOG couldn’t you just use one Ethernet card create a static I.P with normal network details and main DHCP server and create a virtual interface on a different subnet?

    Does Fog install it’s own DHCP server? if so could I just change the port number it operates on? then create a custom IPXE disc to make contact with the Fog server.

    Shoot me down if this is wrong.


  • Developer

    @Freak Yeah you are mostly right beside I would use a static IP instead. I just feel that I might add some more explanations to help.

    Do I just configure the Fog server with one nic and setup as usual on or main network?

    Yes, use just one interface and things will be a lot easier (FOG is not made to be used with two and needs a lot of tweaking). As it’s a server I’d recommend assigning a static IP before starting the FOG installer script. Make sure you have only one interface and one IP in that server.

    accept all the default DHCP stuff during setup.

    Carefully read the installer questions. You want a normal node installation not storage node. When being asked Would you like to use the FOG server for DHCP service? say no! The other questions about DNS and router address in DHCP don’t really matter.

    From your previous descriptions it’s not totally clear how PXE booting is done in your main network so far. You say you have a router handling DHCP but also Serva is able to do something called ProxyDHCP. Let me explain:

    • In a simple common PXE environment the main single DHCP server sends out extra information (next-server and filename) within the normal DHCP answers. Clients read those and can do PXE booting.
    • In some networks (like when a hosted router is doing DHCP) you cannot alter the DHCP server and add this extra information. Then you can add a so called ProxyDHCP to your network. This answers DHCP requests just as the main DHCP server does but leaves the IP assignment fields in the packet empty and only sends the extra PXE boot information in the packets. Clients are able to handle both answers and extract IP/netmask/router/DNS from the first packet and PXE boot information from the later. This way you have a proper PXE booting setup without altering the DHCP server itself.

    So back to the practical point. Talk to the guy who setup Serva and take a look at the Serva setup - might look like this:
    alt text

    • If neither DHCP Server nor proxyDHCP is selected you probably are able to add the extra PXE information to your router which handles DHCP in your main network. That would be an easy thing to do. Ask your colleague who setup Serva.
    • If DHCP Server is selected then I suppose you have two running in your network and need to switch off one as soon as possible! As Freak said: “there can only be one (DHCP)”
    • If proxyDHCP is selected as seen in that example picture you need to deselect and setup a ProxyDHCP server called “dnsmasq” on your FOG server by hand. This is needed because from the picture it looks like you cannot change “Next Server” and “Boot File” setting in Serva to point to an external server. I haven’t tried this but to me it looks like it.

    Read through this wiki article! You’ll find instructions on how to install and setup dnsmasq on CentOS 7. To be able to serve PXE boot to legacy BIOS and UEFI machines you need to install/compile dnsmasq version 2.76. Either follow the descriptions in the wiki or simply use this RPM: ftp://ftp.pbone.net/mirror/rnd.rajven.net/centos/7.0.1406/os/x86_64/dnsmasq-2.76-1cnt7.x86_64.rpm

    Use this config as a starter but make sure to put in the FOG server IP where ever you see x.x.x.x:

    # Don't function as a DNS server:
    port=0
    
    # Log lots of extra information about DHCP transactions.
    log-dhcp
    
    # Set the root directory for files available via FTP.
    tftp-root=/tftpboot
    
    # The boot filename, Server name, Server Ip Address
    dhcp-boot=undionly.kpxe,,x.x.x.x
    
    # Disable re-use of the DHCP servername and filename fields as extra
    # option space. That's to avoid confusing some old or broken DHCP clients.
    dhcp-no-override
    
    # inspect the vendor class string and match the text to set the tag
    dhcp-vendorclass=BIOS,PXEClient:Arch:00000
    dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
    dhcp-vendorclass=UEFI,PXEClient:Arch:00007
    dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
    
    # Set the boot file name based on the matching tag from the vendor class (above)
    dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,x.x.x.x
    dhcp-boot=net:UEFI,ipxe.efi,,x.x.x.x
    dhcp-boot=net:UEFI64,ipxe.efi,,x.x.x.x
    
    # PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
    pxe-prompt="Booting FOG Client", 1
    
    # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
    # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
    # This option is first and will be the default if there is no input from the user.
    pxe-service=X86PC, "Boot to FOG", undionly.kpxe
    pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
    pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi
    
    dhcp-range=x.x.x.x,proxy
    

    Clients setup to do PXE boot should not boot into the FOG menu screen. Now you can go to the FOG web GUI and add the Serva menu entry as suggested earlier…



  • @ally_uk
    Just dont install fog with DHCP role.
    Then the Server gets his IP by the usual DHCP in your network.
    You then need to configure the “real” dhcp inside the network that IPXE boot should be the ip of your FOG.
    If I remind correct it was the next-server port 53 setting… depending on your existing dhcp.
    Its like in Highlander - there can only be one (DHCP) ;)



  • @sebastian-roth

    This sounds very interesting, Do I just configure the Fog server with one nic and setup as usual on or main network? accept all the default DHCP stuff during setup.

    i’m just worried that if I set up the box on the main network the box will go live and start clashing with the existing DHCP / PXE.

    Thank you for your help


  • Developer

    @ally_uk said in Fog Setup for a complete noob (two network cards):

    1. In the workshop my colleague recently setup a Serva 32/64 box which is hosting Windows install isos and boot utilities such as memtest, PC check. He has setup it in such a way that if every computer in the building is booted from pxe via nic is capable of touching base with this server.

    You’re using this: https://www.vercot.com/~serva/default.html (right?)
    Well, to me it sounds as if FOG could hook into that (or vice versa). Usually it’s no problem to chainload from one PXE environment to another one. Just add a custom menu to either FOG (FOG web UI -> FOG Configuration -> iPXE New Menu Entry) or Serva (see here). From my point of view it’s wise to chainload from FOG to Serva and not the other way round because if you have FOG tasks scheduled the clients will just boot right into that job without anyone having to sit in front of the machine to navigate through the menu. See it as extending the FOG boot menu to add Serva’s possibility to boot ISOs.

    EDIT: In case you need help with the iPXE menu item…

    • Menu Item: fog.serva
    • Description: Serva
    • Parameters: iseq ${platform} efi && chain tftp://x.x.x.x/bootmgfw.efi || chain tftp://x.x.x.x/pxeserva.0 (put in the IP address of your Serva server)
    • Menu Show with: All Hosts
    • all other settings leave default


    1. Our main network has it’s own DHCP server, which is handled by a router, We do not have Active Directory running in the building everything is handled by a SME server. Which is on a workgroup I think.

    2. Our network is pretty basic just a router connected to a server and cables going to switches in different locations in the building. No exotic setup such as vlans, subnets or Cisco wizardry. All of the network is on 192.168.1 subnet.

    3. In the workshop my colleague recently setup a Serva 32/64 box which is hosting Windows install isos and boot utilities such as memtest, PC check. He has setup it in such a way that if every computer in the building is booted from pxe via nic is capable of touching base with this server.

    4. which leaves me in a situation where I need to isolate so I wouldn’t clash with that Pxe server or cause DHCP conflicts.

    My initial config idea would be

    Server > 2 NICs .> 1 connected to main network to install fog
    2nd nic connect to a switch ( isolated )
    The nodes on the switch would need some way of getting DHCP

    And accessing the Fog Pxe / TFTP wouldn’t I need to use a router?
    I assume nodes on the isolated switch would have to utilize specific port
    Numbers for the TFTP / pxe process.

    Thank you for your patience and helping me understand network concepts better.



  • I have a quiet similar setup.
    finally you just should identify the network card and for example in my debian 9
    the isc-dhcp-server is used so I ensure with

    INTERFACESv4="enp2s0"
    that the dhcp is only working in the enp2s0 nic.

    additional in
    /etc/network/interfaces
    I got this config for example:

    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
    
    source /etc/network/interfaces.d/*
    
    # The loopback network interface
    auto lo
    iface lo inet loopback
    
    
    
    # The primary network interface
    # for the 8port switch and FOG automation
    auto enp2s0
    iface enp2s0 inet static
    address 192.13.37.1
    netmask 255.255.255.0
    
    # additional gb nic which is used for external
    # communication 
    auto enp4s0
    iface enp4s0 inet dhcp
    

    It’s really quiet strange at beginning to find all the tools which are used here in fog but the nice thing is that all
    is somewhere in a usual plain text config.

    but my hosts alo should stay offline in the own network (currently) so I also installed a dnsmasq only for no-resolving and that the hosts can reach each other in the hosts switch network.

    For me it’s ok and FOG helped me a lot and I have to cross verify all the things I might need and if they are really not there or I just missed to find them ;)

    It is more complicated if you need AD from hosts for example like @george1421 already wrote ;)
    I had to change to legecy mode for example due to several issues I had in first with uefi in win10 on a new Asus mainboard… maybe I try this again later :)


  • Moderator

    Well you have quite a few options here as we can probably make the ability for you to image using your current business network or if you insist have an isolated imaging network and then as you mentioned have a second nic connected to your business network. Both setups can be done.

    I would have to ask you a few questions.

    1. Does your target computers need to connect to AD during the imaging process?
    2. Do you have a conflicting dhcp or pxe booting configuration on your business network (i.e. your voip pbx needs pxe booting to configure your voip handsets but fog requires its own pxe settings)?
    3. Do you need an isolated imaging network to avoid overloading your business network during imaging?
    4. Will you use the fog client for post imaging system management?
    5. Do you have a mix of bios (legacy mode) and uefi systems in your environment?

Log in to reply
 

460
Online

38957
Users

10706
Topics

101581
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.