No success installing FOG on a CentOS 7 server
I tried to install latest svn on a freshly installed CentOS 7 server. I have to admit this was so confusing I gave up in the end and switched to CentOS 6.7.
The installer failed several times during the installation of packages. I found a reference in the wiki about CentOS 7 and I did all what was explained there.
I could not figure out how to get the database up and running, and I gave up after a couple of ours hard work.
Have anyone really succeeded getting this combination to work? Anyway, it is no straight forward running the install.sh
@george1421 , I already have a firewall configuration that has been tested for awhile now and works (the hardest part was nfs as it was using random ports, but that is easily limited). As for SELinux I already have a policy made, I just need more people to test it and see if I missed anything (after I package it up nicely).
Actually I share the same concerns about disabling selinux and the firewall. But this seems to be the standard practice for installing FOG so I didn’t want to push a different agenda. I also consider that FOG appears to be targeting the smaller SMB realm from a security stance and most have FOG installed inside a properly protected network so that does mitigate some of the risks.
Just thinking out loud, if we have a list of all services used for FOG then constructing firwall rules shouldn’t be difficult at all. The application of the rules may be difficult since each linux distro handles the iptables rules a bit differently.
The selinux part will be a bit harder since FOG is writing to files all over the place. We would have to get the selinux tagging just right (we could get there if we used the permissive setting then scanned the log for the required rights. Its been a while since I did that type of activity). But from a security standpoint I like where you are going with this.
Wayne Workman last edited by
@Jbob Do share all of that stuff, please.
Avoid disabling SELinux. If you ever want to re-enable it, you would need to relabel your entire filesystem. Instead set it to permissive. (This is essentially an ‘audit’ mode which records violations but doesn’t prevent them).
To do so:
setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
This approach will NOT require a reboot either.
I have an SELinux policy that I’ve been working on that makes FOG work with SELinux enabled if anyone would be interested. I am also a huge proponent of NOT disabling your firewall for FOG, it is a terribly insecure idea and one of my biggest complaints about our recommended installation. I would take the time to configure the firewall by opening the appropriate ports. Or at the very least make a zone of your internal IPs and set it to open (not the best solution, but it will work). I also have firewalld configurations that will work with FOG, which I’ll publish soon.
@Wayne-Workman I tied to find your monster command but didn’t have much luck. I did see when you posted it the other day.
Just for clarity this is what I keyed in to setup the trunk.
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config systemctl disable firewalld reboot yum install -y wget subversion mkdir /opt/fog_trunk cd /opt/fog_trunk svn co https://svn.code.sf.net/p/freeghost/code/trunk
Its pretty much what you keyed in. But you have to do a reboot after changing the selinux stuff or it won’t be in active and the install will fail. But great job on the monster command.
As long as you are up and running on 6.7 stay there for a bit and working on getting your system just the way you need it. 6.7 won’t go EOS until 2020. By then other factors will force you to upgrade.
Hi! I did turn off selinux and the firewall which is no longer iptables. I’m not behind a proxy and my internet connection is OK. I ran yum update and installed the repositories mentioned in the fog wiki. What came to my mind now is I could have forgot to turn these repositories on before I ran the install.sh. It really failed installing the database, mariadb?
Anyway, If others have succeeded I guess install script is OK and the problem is because I just gave up the new features in centOS 7. I’lll probably give it another try later. My Centos 6.7 is up and running now (I hope, have not yet tested upload/deploy). I had to make myself a new server as the old Centos 5 could not cope with latest FOG svn. Probably some php stuff.
Wayne Workman last edited by
@Rusty No. After helping here so much and learning so much about fog and linux, I don’t even follow instructions anymore. I just wing it. Like you would wing installing a new program on Windows.
lets see, I think I can fit the entire installation into one single line…
Execute this as root.
yum update -y;yum install subversion -y;setenforce 0;systemctl stop firewalld;cd ~;mkdir svn;cd svn;svn co https://svn.code.sf.net/p/freeghost/code/trunk;cd trunk/bin;./installfog.sh
of course that just stops SELinux and Firewall, it doesn’t disable them. I think that article needs re-written, it was last modified in February 2015. A lot has changed since then.
And it looks like it gives you directions to install fog 0.32. Fog stable is 1.2.0, and Fog Trunk can install on CentOS 7 without any modifications besides selinux and firewall.
If you want something more comprehensive and up-to-date, the Fedora 21 server article works on CentOS 7, there are notes on the one line that need altered or discarded for CentOS 7 and Fedora 22 server.
I understand that a bit, but I come from the redhat world so it is not as foreign to me than when I use ubuntu (fwiw: I use zorin on my home computer which is ubuntu based). The ifconfig vs ip … does throw me every time I use ubuntu also.
While the worlds are a bit different FOG did install ok on Centos 7. I can say I used this wiki page [https://wiki.fogproject.org/wiki/index.php/Installation_on_CentOS_7] for the syntax to turn off selinux and to disable the firewall. All other things install the same between 6.7 and 7.
You didn’t mention if your fog server is behind a proxy server or does it have direct internet access? If it has direct internet access then there should be nothing else you need to do to make it work.
It sounds like you gave up on it because it was too different more than FOG flat didn’t work on Centos 7. We just want to ensure that there isn’t a problem with FOG running on Centos 7, because then the devs will need to dig into why.
Thanks for testing! One more reason I gave up is the fact CentOS 7 has several changes compared to all other distros I have experience with. A lot of terminal/bash commands have changed/disappeared/been replaced and I spent a lot of time setting up the network. Ifconfig is replaced with ip addr, network cards no longer have names like eth0. system-config-network no longer exists etc etc etc I have to say I was disappointed.
OK, I was able to install FOG SVN 4344/Git 5235 on a newly created centos 7 server. I did forget to disable selinux at first, but I disabled it, rebooted and reran the install.sh script again. The install script completed without issue. As far as I can tell the server is up and running. I haven’t captured an image yet with it, but all of the menus and plugins respond as I expect (the authorization plugin is still broken, but that is a topic of another thread).
Where did the install fail for you?
Is your cento 7 box behind a proxy server, because there are some tweaks that need to be done first? (but same tweaks are needed for centos 6.7)
No promises, but I’m spinning up a centos 7 server right now for FOG. I’ve been meaning to do this anyway. My preferred server is Centos 6.7, because it just works well with FOG.
I’ll let you know how it goes.