Checksum kernel failed



  • Re: [Trunk install](getting checksum files for kernels a…failed!)

    Hi all,
    I see that when installing, fog will connect to internet to get kernel

    https://forums.fogproject.org/topic/6809/trunk-install-getting-checksum-files-for-kernels-a-failed/2

    but I install fog on a private server which dont have permission to access internet. What will I do to install Fog successfully?


  • Moderator

    The installer has an option to not exit if something fails. It’ll likely be a disaster in most cases to use, and it’s been a pretty flaky option in the past, but the argument is:

    ./installfog.sh -X
    

    This - if it works - should not exit when the kernels/inits/client fail to download, and then you can place the files later.

    Get a full description from the installer’s help menu:

    ./installfog.sh --help
    Usage: ./installfog.sh [-h?dEUuHSCKYXT] [-f <filename>]
    		[-D </directory/to/document/root/>] [-c <sslPath>]
    		[-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>]
    		[-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>]
    	-h -? --help			Display this info
    	-d    --no-defaults		Don't guess defaults
    	-U    --no-upgrade		Don't attempt to upgrade
    	-H    --no-htmldoc		No htmldoc, means no PDFs
    	-S    --force-https		Force HTTPS redirect
    	-C    --recreate-CA		Recreate the CA Keys
    	-K    --recreate-keys		Recreate the SSL Keys
    	-Y -y --autoaccept		Auto accept defaults and install
    	-f    --file			Use different update file
    	-c    --ssl-file		Specify the ssl path
    	               				defaults to /opt/fog/snapins/ssl
    	-D    --docroot			Specify the Apache Docroot for fog
    	               				defaults to OS DocumentRoot
    	-W    --webroot			Specify the web root url want fog to use
    	            				(E.G. http://127.0.0.1/fog,
    	            				      http://127.0.0.1/)
    	            				Defaults to /fog/
    	-B    --backuppath		Specify the backup path
    	      --uninstall		Uninstall FOG
    	-s    --startrange		DHCP Start range
    	-e    --endrange		DHCP End range
    	-b    --bootfile		DHCP Boot file
    	-E    --no-exportbuild		Skip building nfs file
    	-X    --exitFail		Do not exit if item fails
    	-T    --no-tftpbuild		Do not rebuild the tftpd config file
    	-P    --no-pxedefault		Do not overwrite pxe default file
    

  • Moderator

    @welcomyou I think that is your best solution. This internet access is only required during the install process. Once that is done the connection should be disabled and removed. That way you can maintain your security rules.



  • @george1421 , @Sebastian-Roth thank so much for your support, I have requested permission to access to internet. Add one more NIC and set up new temporary IP.


  • Moderator

    I started to reply this (early AM for me) and discarded what I had once I saw the mountain of work ahead of you.

    As for the yum repository stuff, you can follow these instructions to mount the centos dvd as a local repository: https://access.redhat.com/solutions/1355683

    As Sebastian said, if you create a local web server to mimic the fogproject.org web site then you can maybe install FOG.

    You will need these files in this local path
    https://fogproject.org/inits/init.xz
    https://fogproject.org/inits/init_32.xz
    https://fogproject.org/inits/index.php
    https://fogproject.org/kernels/bzImage
    https://fogproject.org/kernels/bzImage32
    https://fogproject.org/kernels/index.php

    The unknown is if the fog installer adds in any additional repos that you will need to install.

    [edit] crud I just found that the fog installer is accessing files from the remi repo too. The mountain just got a bit higher. [/ edit]


  • Developer

    @welcomyou If you want to do it the ‘hackish’ way there is always an option to do so. Add this to your /etc/hosts file on the FOG server and replace x.x.x.x with an IP pointing to a local webserver within your private network:

    x.x.x.x fogproject.org
    

    Assuming you have all the packages for your distribution properly installed beforehand, plus put checksums, kernels and initrds on your local webserver, you should be able to run the FOG installer script.

    I am not saying this is easy but definitely doable…



  • @Wayne-Workman Thank for your opinion. With FOG, VM, Linux distribution, security patch … I usually download them to USB and update manually.


  • Moderator

    @welcomyou There is a pre-made VM that someone here has made, I think it’s for VMWare but could be wrong. Search the forums for it.

    How are you even communicating with our site? How do you even plan to download a VM without internet access? How do you plan to get a copy of FOG without internet access, or a copy of a modern Linux distribution for that matter? How are you going to keep Linux secure without updates? A system is less secure without updates. People think that Linux is impenetrable - this isn’t true. Linux is better than most, but it has it’s flaws - flaws that are fixed when found, in the form of updates, with new versions of packages. Disallowing internet disallows the latest patches, which essentially disallows a secure environment.

    It’s estimated that over 90% of all security breaches happen from within an organization - so your no-internet access network you may have is not secure. It would be quite vulnerable. In fact, an isolated network often has lax security because of perceived security from not having a line in or out, making it easier to compromise.

    If the thought behind disallowing the internet is to somehow protect your company from malicious stuff - well, keep in mind you’re wanting to run an open source operating system that thousands of people contribute to every day, and running a solution (fog) that is open source and developed by volunteers - a solution that DOES stuff to your image. Modern imaging is not copy/paste. By the act of even using FOG, there is mandatory trust of the FOG developers, and of Linux developers in general.



  • @Tom-Elliott So, there’s no way for me to install FOG without internet access? :’(



  • @george1421 I could download other packages on other computer, copy to USB and install on that internal server. I have done this for php_fpm package, not sure any other package need to be download manually. For kernel, I dont know where to download and what path to put it in when FOG installing

    I use CentOS 7 and its full packages DVD


  • Senior Developer

    @george1421 No.

    The reason? Because we have to ensure all packages are available. The only real way to do that is to run package management checks which will require internet.

    You only need internet for the initial installation, after that you can isolate it.


  • Moderator

    @welcomyou Not at this time, the installer must connect to the internet to download the kernel, inits, fog client…

    You have a bigger issue, the installer script also installs any needed system packages too. Its a bit more complete than copying all of the bits and then just running the installer and pointing it at a cache directory (something I discussed last week). If certain php modules are not installed the fog installer will reach out to your distribution’s package servers and download them.

    What host OS are you installing FOG on?

    @Developers can you think of any way to install FOG on a system that absolutely doesn’t have internet access?



  • Unfortunately, this server couldn’t. This is company policy :(
    I see this link https://wiki.fogproject.org/wiki/index.php?title=Kernel_Update, there’s a manual kernel update.

    Is there any way for me to manually download and copy the kernel to the right place at FOG installing process?


  • Moderator

    @welcomyou Is there any chance to have the FOG server connect to the internet so that you can install it on a temporary basis?

    FWIW: FOG can operating in a proxy server environment if needed.


Log in to reply
 

337
Online

38726
Users

10554
Topics

99916
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.