• Developer

    [SIZE=15px][FONT=Arial][COLOR=#000000]Hello everyone, [/COLOR][/FONT][/SIZE]
    [COLOR=#000000][FONT=Arial][SIZE=15px]So it has been a while since we have released anything any FOG updates and many of your are wondering what’s going on, so I thought an update was in order. [/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]Like many of you, my time has become constrained so the amount of time I have been able to dedicate to version 0.33 has been less than it should be. Peter Gilchrist did an awesome job filling in and helping out with getting the UI closer to where it should be. What we have been stuck on for a little while has been EFI/GPT support, which is important with Windows 8 and modern PCs. Much of this has been an issue with a lack of hardware to effectively test on. There is a little bit more UI work that needs to be done before we can release 0.33, but the biggest issue has been EFI, so if anyone is knowledgeable in this area and would like to help us out we would be grateful! Once we tackle EFI, we should be able to release soon afterwards. [/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]FOG has a couple issues that have been ignored and not really addressed. I am talking about the issues with security, feature bloat, coupling of systems, and an aging code-base. [/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]In terms of security, there are a number of issues that need to be addressed. One obvious issue is the fact that anyone can mount the NFS volumes, as they don’t use authentication. There are numerous other issues as well including the “service” scripts not using any authentication either which is problematic. [/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]FOG initially grew quickly in terms of features to it own detriment. I believe we have a number of features that should not be included in the core release of FOG as they are becoming difficult to maintain. A few of these that come to mind include ClamAV and many of the advanced tasks like file recovery, testdisk, and password reset. Many of the features within the Windows service are no longer functional with Windows 7 and up, but I will discuss the Windows service in more detail later. [/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]FOG relies on many operating system specific features, which I believe it no longer has to. FOG is tightly coupled with tftpd, nfs, and to a lesser degree isc dhcp server. This makes it difficult for FOG to run on other operating systems like Windows or even other Linux distributions. It also makes FOG fragile to changes in the underlying systems, often when a new Ubuntu LTS is released something breaks with FOG. [/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]Lastly, the thing that has been bothering me for a while is the aging code-base. The code was poorly written in the first place and we have just kept adding to it. Peter has helped clean up the code, but in my opinion we are still putting lipstick on a pig. [/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]So here is what I would like to see. First off, I would like to get some community help with EFI/GPT, and get 0.33 out the door. No surprises here.[/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]Then I would like to change things up a bit. I would like to form two or three teams, one that would maintain the UI, and at minimum another to maintain the Linux init image and kernel. I would like to then either discontinue the Windows service (since we can change the hostname via the init image now) or move it to another team.[/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]After this I would like to throw away the currently version of FOG and do a rewrite, it is about that time. As part of the rewrite here are my goals:[/SIZE][/FONT][/COLOR]
    [][COLOR=#000000][FONT=Arial][SIZE=15px][COLOR=#000000][FONT=Arial][SIZE=15px]Write a custom tftp server into the server. This will allow for improved security, less dependence on the underlying OS, and potential for scaling out more easily. [/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR]
    ][COLOR=#000000][FONT=Arial][SIZE=15px][COLOR=#000000][FONT=Arial][SIZE=15px]Drop NFS and replace it with HTTP. This will improve security and cut the dependence on the underlying OS. [/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR]
    [][COLOR=#000000][FONT=Arial][SIZE=15px][COLOR=#000000][FONT=Arial][SIZE=15px]Make FOG run on any OS. [/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR]
    ][COLOR=#000000][FONT=Arial][SIZE=15px][COLOR=#000000][FONT=Arial][SIZE=15px]Move services like ImageReplicationService and Multicast service into the core context. This also helps reduce the dependence on the underlying OS. [/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR]
    [][COLOR=#000000][FONT=Arial][SIZE=15px][COLOR=#000000][FONT=Arial][SIZE=15px]Improve security in general, https out of the box, only serve images that have active tasks, etc. [/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR]
    ][COLOR=#000000][FONT=Arial][SIZE=15px][COLOR=#000000][FONT=Arial][SIZE=15px]Pair down the feature set to something more manageable. [/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR]
    [*][COLOR=#000000][FONT=Arial][SIZE=15px][COLOR=#000000][FONT=Arial][SIZE=15px](Here comes the controversial change, get ready…) Move away from PHP. I don’t do much work in PHP any longer, I don’t want to start a flame war, but there are somethings I love about PHP (ie: it’s a psuedo functional language and FP is good.) but there are also things that I really don’t like about PHP, and those I won’t go into here. I would prefer to rewrite the FOG front-end is a statically typed language like Scala with Play2 potential or even Java (I know I said a bad word). [/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR]
    [COLOR=#000000][FONT=Arial][SIZE=15px]With all this being said, the next thing that needs to get done is support for EFI/GPT as Windows 8 and current PCs pretty much make this a requirement. If we can figure out EFI, I think we can get things back on track. So my questions to the community are do you think we can build the teams I described? Do you know anyone that would be interested in working on the init/kernel side of things? Any other general thoughts, suggestions? [/SIZE][/FONT][/COLOR]

  • Developer

    Nope it’s still heavily in the beta phase, I bet when we do have an idea we will post it on the forums or on the main site letting everyone know we are close. There is a thread you are more than welcome to monitor it can be located here ->[url]http://fogproject.org/forum/threads/latest-fog-0-33b.6476/[/url]

  • Any idea when 0.33 will be in final release? ❤

  • NFS doesn’t do any auth by itself, it can use kerberos, but doesn’t have a concept of “logging in”. Hence the use of FTP in the first place to “move” the image. NFS can restrict the IPs connecting to/accessing it though, but that’s all you get. And I wouldn’t use kerberos just for FOG 🙂

  • I wasn’t really understanding what the issue was myself. Now that you’ve outlined a solution I can see the problem. My question is if you restrict the nfs export to a single user where do you put the user info for the pxe boot upload or download connection? the pexlinux.cfg/default is just for the pxe menu (debug, registration ect) right?

  • I guess I’m not fully understanding what’s wrong here.

    NFS is a security, simply because we’ve assumed chmod 777 to the directory and, in the exports file, given rw to the /images/dev file. This issue could be easily fixed with adding/changing nfs permissions to a user on the FOG server authicated within the pxelinux.cfg/default (or generated pxe) file. Just add the username and password during the creation of the file that is then added to the fog script to “authenticate” the user to the nfs. Then, the permissions could be rw for the entire /images directory. Create the file in /images/dev as per usual, and after, move (mv) the file down to the /images directory.

    This will remove the need for ftp, unless that’s how you still want image replication between storagenodes.

    I’m doing the best with what I’ve got right now, but I haven’t the time to figure all of this out quite yet.

  • [quote=“Muppet, post: 20820, member: 20418”]couldn’t you place all images in a holding directory outside of “/images” and once a task been created move the image file for imaging and back again after finishing?[/quote]

    Why not just create a symbolic link? Just add and remove it when necessary?

  • love using fog used ghost years and years ago but love fog!!! Liked reading the comments so far - lots of different opinions - I first started using FOG about 4 years ago have 12 nodes, 300 machines out there - longest one up has been 800+ days running ubuntu 11.04 - still going (no updates, no power blackouts there, touch wood… no ups as the sites are for public use only so no need to fret if it all falls in a heap [B]but it never has[/B]) still does what i need it to do after all this time… ain’t broke, don’t fix…

    • love the idea of a FOG VM Image / distro as most places these days run esx within their corporate environment anyways but you could always make your own vm template (centos minimal or any other distro, whatever flies your kite… few config file changes and you’re away)
      NFS - agree with security concerns
      [QUOTE][COLOR=#000000][FONT=Arial][SIZE=15px][COLOR=#000000][FONT=Arial][SIZE=15px]Improve security in general, https out of the box, only serve images that have active tasks, etc. [/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/QUOTE]

    couldn’t you place all images in a holding directory outside of “/images” and once a task been created move the image file for imaging and back again after finishing?

    just trying to point out that instead of reinventing the wheel, just give it a wheel alignment - it might be putting more lipstick on a pig but in my humble opinion it’s the best damn pig at the show

  • updog: I agree, but that approach would be Linux centric… Though it’s a not so ugly way to think of snap-ins for linux hosts 🙂

  • This may not be the place to discuss this, however I’m going to throw it out there.
    Any interest in building in config management abilities?
    For example, Puppet? I know Razor is out there for baremetal, but I feel that FOG still has a place in terms of usability for helpdesk etc. My dream FOG setup would be such that a manifest in fog could configure the install (correct subnet + desired services). Rsync the images/kernals, and perhaps other bits and pieces. I have always strayed away from the node setup, as with multiple sites things get messy (all computers in one db).

    I am probably missing something, but I think that would be pretty sweet.

  • Developer

    I was misunderstanding you… there currently isn’t a “Fog Distro” of linux, it’s in talks, really I feel it is counter productive to limit people to a singe distro, I think the current installation process of FOG is simple and doesn’t need the added headache of building a distro. BUT TO EACH HIS OWN!!!

    As long as I can still install FOG on my choice of Liunx flavor, I will remain happy.

    BUT if you are looking for the installation files of the current 0.33 beta

    direct traball download, must be decomperssed

    or check out the svn
    svn co https://svn.code.sf.net/p/freeghost/code/trunk fog_0.33b[/code]

  • I’m not creating the distro, so maybe communicate with Kevin directly, if he’s so willing he can give you the link.

  • can you link me to the distro?

  • That’s right 🙂

  • Developer

    There’s a beta already available 🙂

    Tom has been working really hard to keep up with all the bugs we can throw at him too.

  • any news on when a beta for the fog distro will be available

  • Hi guys i know its a little late in the game to be offering help, but i have access to lots off brand new systems from oem complete builds to 3rd party efi mobos (asus, intel,msi) i would be willing to test out what ever you would to on these systems if it can help out.

  • Banned

    This post is deleted!
  • Moderator

    Fog distro would be really nice… to be able to quickly spawn a storage node without all the trouble of WGET and APT etc…

    Also to be able to show up with an ISO or disk and quickly have a working server would be nice.

    But… wouldn’t having an APT based install (and equivalent for other types of Linux) be less work?
    Additionally, if you use Debian/Ubuntu, someone will probably moan that you didn’t use CentOS or OpenSUSE, and if you use one of those someone will probably moan that you didn’t use Ubuntu/Debain…

  • [quote=“andyroo54, post: 18229, member: 267”]
    I love this idea, and agree with all of your points.

    I love the idea of a Fog distro.[/quote]

    Just wanted to chime in, this is actually in the works. I’ve recently moved and had to put this on the back burner for a bit, but i’m getting ready to pick it back up and get moving forward with a distro. Though, it will start as a virtual appliance first (which I have the first one completed), more of a proof of concept, before a live distro is made.

    There are still some challenges with an appliance and distro that i’m working through, like being able to change the OS IP address after FOG has been configured. I’m slowly making progress through that. It’s just taking a lot of tweaking and lots more testing.