Rolling FOG out to US Site

RobTitian16

@george1421 The US server is a full FOG server, but it’s listed as a storage node on the UK server. The only storage nodes on the US server are its own.

Tom Elliott

@RobTitian16 Are they associated to groups? If they are, is there another group they can belong to?

Replication only happens on nodes from a master->subordinate system. This is only with per group.

If an image belongs to multiple groups, though, the “primary” group will be the master and it will only distribute to other master nodes (as the master nodes will distribute to their group’s subordinates).

RobTitian16

@Tom-Elliott Yes, on the UK server the images I want to replicate belong to the primary storage group called UK, and a secondary storage group called US.
The US server is listed as a storage node on the UK server, although I’ve just noticed it isn’t listed as a master node. The UK server is in its own storage group, as is the US server, so I assume all I need to do is enable the US server as a master node and it should then work?
P.S. sorry if it seems like a dumb question… I just don’t want replication to occur the wrong way/have the images wiped.

Tom Elliott

@RobTitian16 Replication will only go Primary Master->Master between groups.

Replication will only go Master -> Subordinate within their respective groups.

I don’t know how else to make it clear.

Every group MUST have at least one “master” node. If one is not defined but there’s only one node in the group that node will “be” the master for that group (as it’s the only one available anyway).
If one is not defined and there’s multiple nodes in the group, the “Oldest” created node of that group will be assumed as the master until otherwise stated.

Replication doesn’t work “up the tree” if you will.

RobTitian16

@Tom-Elliott Ahh okay, thanks. I’ve changed it to the master node now for that group, so I shall wait and see what happens in that case.

Tom Elliott

@RobTitian16 I feel I should add some caveats to this.

The replication process is self monitored. If a replication task was started, but has not completed, the next cycle will be aware of this and will not try to replicate the file over. If replication has completed between two points and both sides have the same files the images will not be touched.

Only items (Snapins and Images) that are defined as “to Replicate” will be replicated.

Any extra data within a storage location (snapins or images) will not be removed unless that data is defined within the main system and told to do so.

For example, let’s say you decided to create a backup of image1 and you locally backed it up on a node that is not a “master”. You locally backup image1 with the name of image1_backUp within the Images storage location. image1_backUp will be untouched.

If you made a backup in the same fashion, but on a master node, that data will not be replicated to other nodes.

Only defined items will be replicated. Data loss is limited due to this implementation. At one point, FOG did used to replicate it’s images folder implicitly. This meant anything that was not a part of the “master’s” data record on another node would be removed and only the data within the master would be available on any node. This, essentially, meant that you could not maintain backup’s of things from other nodes without having to have another location available on that system. This also meant you had no granular control over what can/cannot be replicated. This is where the “Master Node” warning came from. I have not updated it because I think it’s better to be “cautious” in the case something weird does happen.

Essentially, the methods to replicate images and snapins are now much better controlled (I think) with less potential of data loss.

george1421

While its probably not necessairy to post this image, this is from my initial request for a multi master storage node setup. The intent was to show the relationship between the master node and the remote fog servers.

ref: https://forums.fogproject.org/topic/6014/create-the-concept-of-a-foreignmasterstorage-deployment-node

RobTitian16

@Tom-Elliott Indeed, that all does make sense. Many thanks for your help! I can see the replication is going across perfectly fine.
One thing to note: I had to use the local account and the password for the ftp access, instead of the username and password listed in /opt/fog/.fogsettings (which is what it says in step 12 of https://wiki.fogproject.org/wiki/index.php?title=Managing_FOG#Storage_Management).

Tom Elliott

@RobTitian16 The management user and password are the local linux account on the Storage nodes. If those aren’t matching something else is wrong.

The user is typically “fog” and the password is a randomly generated one during the installation which is stored in the “password” item of the .fogsettings file.

Wayne Workman

Given that @RobTitian16 is new to this, I’m going to say the issue is something simple.

Rob, if you aren’t using the exact password that is inside of /opt/fog/.fogsettings for all the “storage nodes” you have listed in the “real” main server, the very next time you update fog, replication will break. Why? Because the FOG installer manages the local fog account, meaning the FOG installer will make sure the password for the local fog account is exactly as written in the .fogsettings file. And because you’re using a multi-master setup, you don’t have available the built-in safe-guards that the Storage Node portion of the FOG installer has in it, which already have measures to prevent this type of breakage.

You should not be using the local fog account for anything, it’s very bad practice to do so. It should be reserved exclusively and only for FOG’s use. Create some other account for yourself to use.

RobTitian16

@Wayne-Workman Thanks for explaining
Everything seems to be working as expected now so hopefully I’ll be seeing the new image on the US server shortly

RobTitian16

@george1421 Very interesting - thanks for posting! It definitely helps to see it like that.

RobTitian16

@Wayne-Workman Just one final thing on this: would the replicated images on the US server show that they’ve been updated at all?
For example, if I’ve updated an image here in the UK, then see the replication has finished comparing and matching the files, should it say anything when looking at the image in the web gui (i.e. last updated) on the US server? Or do you just purely go by the replication log?

Wayne Workman

@RobTitian16 Because the two servers each have their own DB, one DB knows about the new upload, the other doesn’t.

RobTitian16

I wonder if anyone can help me with a further question I have about the US FOG server and the FOG client.

As it stands, I need the US images to have the FOG client installed which then connect to the US FOG server. However, because replication is occurring between the UK (which is the main server) and the US, it’s replicating the images with the FOG client which are configured to connect to the UK server.
I don’t want to turn replication off, but I need the FOG client on the US images to connect to the US FOG client. Is this possible at all? i.e. perhaps through a script or is there a way that FOG can install the client on a newly imaged system that’s configured for the server it pulled the image from? How do others work around this issue?

Tom Elliott

@RobTitian16 You’re likely to run into two different issues.

You can fix one of them relatively easily, the other not so much (until you sync the UK to the US – I’ll explain).

First the clients store their information in “C:\Program Files (x86)\FOG\settings.json”

So you can write a postdownloadscript on the US server to have it change the location it’s communicating with. This should correct the point of connection.

However, you will still run into issues with how the client “trusts” the server. This is because FOG creates certificates and those certificates are used by the client to ensure the server is indeed trusted by the server.

To fix this you will need to replicate the UK side’s ssl folder to the US side’s ssl folder. If you do that, you should be good. Ultimately you only need to sync the UK side’s CA information as the signature is validated against this (this way the main US cert is identifiably different from the UK cert.)

george1421

@Tom-Elliott Along the same lines as Tom mentioned, use post install scripts to modify how the clients are being installed.

The idea is to NOT install the FOG client in the reference image, but have it installed by the setupcomplete.cmd script. This also avoids the early triggering of the FOG client during OOBE (since the fog client is not installed until after OOBE has completed).

The idea with the fog post install script is to have the post install script (which executes on the target computer) determine where the client is by the IP address and then append the proper msi install line to the end of the setupcomplete.cmd file. There was just a thread about this… somewhere. ref: https://forums.fogproject.org/topic/8877/changing-from-legacy-to-new-client/5

<edit>
This tutorial discusses some of what you need in your post install script. https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script/6

Wayne Workman

Tom’s posts are exactly correct, and George’s post is too.

I guess we should remember this in the future when explaining multi-master setups.

RobTitian16

@george1421 Thanks for the suggestion and links - much appreciated!

So, I’ve set the variables depending on IP address in the post-installation script (I can post it if it helps to see what I’m doing).
Now, how do I go about editing the setupcomplete.cmd script? Is this hidden away in FOS somewhere? I just need to add the line you mention in the other thread:

msiexec.exe /i FOGService.msi /quiet USETRAY="0" WEBADDRESS="${FOGIP}"

(I wonder if the variable would work like that? It’s my first time doing this).

george1421

@RobTitian16 The setupcomplete.cmd file is a windows “thing”. We use that to run last minute windows tweaks after OOBE finishes and the login prompt is first presented to the user at the first log in of the workstation.

The post install script will mount the windows drive (but remember we are running linux for FOS) and then you can interact with the files on the drive.

The setup complete file would be located in /ntfs/Windows/Setup/Scripts/SetupComplete.cmd

You could do something like this in the post install script to add the fog install action to the end of that file.
echo "msiexec.exe /i FOGService.msi /quiet USETRAY=\"0\" WEBADDRESS=\"${FOGIP}\" " >> /ntfs/Windows/Setup/Scripts/SetupComplete.cmd

If you posted your full post install script here we could take a look at it and give you some pointers.