Checksum kernel failed
Re: [Trunk install](getting checksum files for kernels a…failed!)
I see that when installing, fog will connect to internet to get kernel
but I install fog on a private server which dont have permission to access internet. What will I do to install Fog successfully?
The installer has an option to not exit if something fails. It’ll likely be a disaster in most cases to use, and it’s been a pretty flaky option in the past, but the argument is:
This - if it works - should not exit when the kernels/inits/client fail to download, and then you can place the files later.
Get a full description from the installer’s help menu:
./installfog.sh --help Usage: ./installfog.sh [-h?dEUuHSCKYXT] [-f <filename>] [-D </directory/to/document/root/>] [-c <sslPath>] [-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>] [-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>] -h -? --help Display this info -d --no-defaults Don't guess defaults -U --no-upgrade Don't attempt to upgrade -H --no-htmldoc No htmldoc, means no PDFs -S --force-https Force HTTPS redirect -C --recreate-CA Recreate the CA Keys -K --recreate-keys Recreate the SSL Keys -Y -y --autoaccept Auto accept defaults and install -f --file Use different update file -c --ssl-file Specify the ssl path defaults to /opt/fog/snapins/ssl -D --docroot Specify the Apache Docroot for fog defaults to OS DocumentRoot -W --webroot Specify the web root url want fog to use (E.G. http://127.0.0.1/fog, http://127.0.0.1/) Defaults to /fog/ -B --backuppath Specify the backup path --uninstall Uninstall FOG -s --startrange DHCP Start range -e --endrange DHCP End range -b --bootfile DHCP Boot file -E --no-exportbuild Skip building nfs file -X --exitFail Do not exit if item fails -T --no-tftpbuild Do not rebuild the tftpd config file -P --no-pxedefault Do not overwrite pxe default file
@welcomyou I think that is your best solution. This internet access is only required during the install process. Once that is done the connection should be disabled and removed. That way you can maintain your security rules.
I started to reply this (early AM for me) and discarded what I had once I saw the mountain of work ahead of you.
As for the yum repository stuff, you can follow these instructions to mount the centos dvd as a local repository: https://access.redhat.com/solutions/1355683
As Sebastian said, if you create a local web server to mimic the fogproject.org web site then you can maybe install FOG.
You will need these files in this local path
The unknown is if the fog installer adds in any additional repos that you will need to install.
 crud I just found that the fog installer is accessing files from the remi repo too. The mountain just got a bit higher. [/ edit]
@welcomyou If you want to do it the ‘hackish’ way there is always an option to do so. Add this to your
/etc/hostsfile on the FOG server and replace
x.x.x.xwith an IP pointing to a local webserver within your private network:
Assuming you have all the packages for your distribution properly installed beforehand, plus put checksums, kernels and initrds on your local webserver, you should be able to run the FOG installer script.
I am not saying this is easy but definitely doable…
@Wayne-Workman Thank for your opinion. With FOG, VM, Linux distribution, security patch … I usually download them to USB and update manually.
@welcomyou There is a pre-made VM that someone here has made, I think it’s for VMWare but could be wrong. Search the forums for it.
How are you even communicating with our site? How do you even plan to download a VM without internet access? How do you plan to get a copy of FOG without internet access, or a copy of a modern Linux distribution for that matter? How are you going to keep Linux secure without updates? A system is less secure without updates. People think that Linux is impenetrable - this isn’t true. Linux is better than most, but it has it’s flaws - flaws that are fixed when found, in the form of updates, with new versions of packages. Disallowing internet disallows the latest patches, which essentially disallows a secure environment.
It’s estimated that over 90% of all security breaches happen from within an organization - so your no-internet access network you may have is not secure. It would be quite vulnerable. In fact, an isolated network often has lax security because of perceived security from not having a line in or out, making it easier to compromise.
If the thought behind disallowing the internet is to somehow protect your company from malicious stuff - well, keep in mind you’re wanting to run an open source operating system that thousands of people contribute to every day, and running a solution (fog) that is open source and developed by volunteers - a solution that DOES stuff to your image. Modern imaging is not copy/paste. By the act of even using FOG, there is mandatory trust of the FOG developers, and of Linux developers in general.
@Tom-Elliott So, there’s no way for me to install FOG without internet access? :’(
@george1421 I could download other packages on other computer, copy to USB and install on that internal server. I have done this for php_fpm package, not sure any other package need to be download manually. For kernel, I dont know where to download and what path to put it in when FOG installing
I use CentOS 7 and its full packages DVD
The reason? Because we have to ensure all packages are available. The only real way to do that is to run package management checks which will require internet.
You only need internet for the initial installation, after that you can isolate it.
@welcomyou Not at this time, the installer must connect to the internet to download the kernel, inits, fog client…
You have a bigger issue, the installer script also installs any needed system packages too. Its a bit more complete than copying all of the bits and then just running the installer and pointing it at a cache directory (something I discussed last week). If certain php modules are not installed the fog installer will reach out to your distribution’s package servers and download them.
What host OS are you installing FOG on?
@Developers can you think of any way to install FOG on a system that absolutely doesn’t have internet access?
Unfortunately, this server couldn’t. This is company policy :(
I see this link https://wiki.fogproject.org/wiki/index.php?title=Kernel_Update, there’s a manual kernel update.
Is there any way for me to manually download and copy the kernel to the right place at FOG installing process?
@welcomyou Is there any chance to have the FOG server connect to the internet so that you can install it on a temporary basis?
FWIW: FOG can operating in a proxy server environment if needed.