Rolling FOG out to US Site
-
@Tom-Elliott Indeed, that all does make sense. Many thanks for your help! I can see the replication is going across perfectly fine.
One thing to note: I had to use the local account and the password for the ftp access, instead of the username and password listed in /opt/fog/.fogsettings (which is what it says in step 12 of https://wiki.fogproject.org/wiki/index.php?title=Managing_FOG#Storage_Management). -
@RobTitian16 The management user and password are the local linux account on the Storage nodes. If those aren’t matching something else is wrong.
The user is typically “fog” and the password is a randomly generated one during the installation which is stored in the “password” item of the .fogsettings file.
-
Given that @RobTitian16 is new to this, I’m going to say the issue is something simple.
Rob, if you aren’t using the exact password that is inside of
/opt/fog/.fogsettings
for all the “storage nodes” you have listed in the “real” main server, the very next time you update fog, replication will break. Why? Because the FOG installer manages the local fog account, meaning the FOG installer will make sure the password for the local fog account is exactly as written in the .fogsettings file. And because you’re using a multi-master setup, you don’t have available the built-in safe-guards that the Storage Node portion of the FOG installer has in it, which already have measures to prevent this type of breakage.You should not be using the local fog account for anything, it’s very bad practice to do so. It should be reserved exclusively and only for FOG’s use. Create some other account for yourself to use.
-
@Wayne-Workman Thanks for explaining
Everything seems to be working as expected now so hopefully I’ll be seeing the new image on the US server shortly -
@george1421 Very interesting - thanks for posting! It definitely helps to see it like that.
-
@Wayne-Workman Just one final thing on this: would the replicated images on the US server show that they’ve been updated at all?
For example, if I’ve updated an image here in the UK, then see the replication has finished comparing and matching the files, should it say anything when looking at the image in the web gui (i.e. last updated) on the US server? Or do you just purely go by the replication log? -
@RobTitian16 Because the two servers each have their own DB, one DB knows about the new upload, the other doesn’t.
-
I wonder if anyone can help me with a further question I have about the US FOG server and the FOG client.
As it stands, I need the US images to have the FOG client installed which then connect to the US FOG server. However, because replication is occurring between the UK (which is the main server) and the US, it’s replicating the images with the FOG client which are configured to connect to the UK server.
I don’t want to turn replication off, but I need the FOG client on the US images to connect to the US FOG client. Is this possible at all? i.e. perhaps through a script or is there a way that FOG can install the client on a newly imaged system that’s configured for the server it pulled the image from? How do others work around this issue? -
@RobTitian16 You’re likely to run into two different issues.
You can fix one of them relatively easily, the other not so much (until you sync the UK to the US – I’ll explain).
First the clients store their information in “C:\Program Files (x86)\FOG\settings.json”
So you can write a postdownloadscript on the US server to have it change the location it’s communicating with. This should correct the point of connection.
However, you will still run into issues with how the client “trusts” the server. This is because FOG creates certificates and those certificates are used by the client to ensure the server is indeed trusted by the server.
To fix this you will need to replicate the UK side’s ssl folder to the US side’s ssl folder. If you do that, you should be good. Ultimately you only need to sync the UK side’s CA information as the signature is validated against this (this way the main US cert is identifiably different from the UK cert.)
-
@Tom-Elliott Along the same lines as Tom mentioned, use post install scripts to modify how the clients are being installed.
The idea is to NOT install the FOG client in the reference image, but have it installed by the setupcomplete.cmd script. This also avoids the early triggering of the FOG client during OOBE (since the fog client is not installed until after OOBE has completed).
The idea with the fog post install script is to have the post install script (which executes on the target computer) determine where the client is by the IP address and then append the proper msi install line to the end of the setupcomplete.cmd file. There was just a thread about this… somewhere. ref: https://forums.fogproject.org/topic/8877/changing-from-legacy-to-new-client/5
<edit>
This tutorial discusses some of what you need in your post install script. https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script/6 -
Tom’s posts are exactly correct, and George’s post is too.
I guess we should remember this in the future when explaining multi-master setups.
-
@george1421 Thanks for the suggestion and links - much appreciated!
So, I’ve set the variables depending on IP address in the post-installation script (I can post it if it helps to see what I’m doing).
Now, how do I go about editing the setupcomplete.cmd script? Is this hidden away in FOS somewhere? I just need to add the line you mention in the other thread:msiexec.exe /i FOGService.msi /quiet USETRAY="0" WEBADDRESS="${FOGIP}"
(I wonder if the variable would work like that? It’s my first time doing this).
-
@RobTitian16 The setupcomplete.cmd file is a windows “thing”. We use that to run last minute windows tweaks after OOBE finishes and the login prompt is first presented to the user at the first log in of the workstation.
The post install script will mount the windows drive (but remember we are running linux for FOS) and then you can interact with the files on the drive.
The setup complete file would be located in /ntfs/Windows/Setup/Scripts/SetupComplete.cmd
You could do something like this in the post install script to add the fog install action to the end of that file.
echo "msiexec.exe /i FOGService.msi /quiet USETRAY=\"0\" WEBADDRESS=\"${FOGIP}\" " >> /ntfs/Windows/Setup/Scripts/SetupComplete.cmd
If you posted your full post install script here we could take a look at it and give you some pointers.
-
@george1421 Thanks, George.
Sorry, I should have looked at the wiki first as that explained where it was/what it was.So far, I have the following:
#!/bin/bash . /usr/share/fog/lib/funcs.sh # Windows 10 osdiskpart="/dev/sda2"; mkdir /ntfs 2>/dev/null mount.ntfs-3g "${osdiskpart}" /ntfs 2>/tmp/mntfail # This last section checks to see if the mntfail file exists and if it does then it means the mount failed # so there is no need to continue on with the script. mntRet="$?"; if [ ! "mntRet" = "0" ]; then echo "Failed to mount C:"; # Display what happened. cat /tmp/mntfail; # Give the reader a chance to see what the error was sleep 12; # Terminate the post install script exit 1; fi # This next section determines the IP of the host system, cuts the last two octects and sets the FOGIP variable to # the correct IP address of the FOG server depending on the location (as the subnets are designed by location - i.e. # 10.1 is for the UK, 10.2 is for the US, etc.) myip='ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2'; case "${myip}" in 10.1) sitecode="UK"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" ;; 10.2) sitecode="US"; timezone="Eastern Standard Time"; FOGIP="10.2.1.103" ;; *) # Default code for the unknowns - we set the FOGIP to the development server in the UK. sitecode="CompanyName"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" ;; esac # Check if the file SetupComplete.cmd exists in the source folder and then copy it to the destination on # the C: drive. if [ -f "/images/drivers/Common/SetupComplete.cmd" ]; then cp /images/drivers/Common/SetupComplete.cmd /ntfs/Windows/Setup/Scripts/SetupComplete.cmd; fi
I’ve made the two necessary directories in: /images/drivers/Common and have created the SetupComplete.cmd there with the following:
msiexec.exe /i FOGService.msi /quiet USETRAY="0" WEBADDRESS="${FOGIP}"
I guess my only question is how would the system then run SetupComplete.cmd? Do I need to add an extra line in the post install script to get it going?
-
@george1421 Also, I seem to be running into an issue with the part (with the error: failed to mount C):
# windows 7 osdiskpart="/dev/sda2";
Edit:
Here’s a screenshot (it does say that the Windows partition is on /dev/sda2 so I’m not entirely sure why it can’t mount it. -
@george1421 said in Rolling FOG out to US Site:
The post install script will mount the windows drive (but remember we are running linux for FOS) and then you can interact with the files on the drive.
An important thing to note here is that the postinstall scripts will mount the last processed partition. This may not necessarily be the drive. You can of course mount the correct drive. There was some discussion before about improving this but I don’t think it went anywhere besides helping one person.
-
@Wayne-Workman Thanks for that.
I thought it would connect to the C drive though as osdiskpart is set to /dev/sda2, which, when looking at the partitions through Parted Magic, shows that is the C drive. -
@RobTitian16
I see a potential typo. Try this?#!/bin/bash . /usr/share/fog/lib/funcs.sh # Windows 10 osdiskpart="/dev/sda2"; mkdir /ntfs 2>/dev/null ntfs-3g -o rw,force "${osdiskpart}" /ntfs 2>/tmp/mntfail # This last section checks to see if the mntfail file exists and if it does then it means the mount failed # so there is no need to continue on with the script. mntRet="$?"; if [ ! "mntRet" = "0" ]; then echo "Failed to mount C:"; # Display what happened. cat /tmp/mntfail; # Give the reader a chance to see what the error was sleep 12; # Terminate the post install script exit 1; fi # This next section determines the IP of the host system, cuts the last two octects and sets the FOGIP variable to # the correct IP address of the FOG server depending on the location (as the subnets are designed by location - i.e. # 10.1 is for the UK, 10.2 is for the US, etc.) myip='ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2'; case "${myip}" in 10.1) sitecode="UK"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" ;; 10.2) sitecode="US"; timezone="Eastern Standard Time"; FOGIP="10.2.1.103" ;; *) # Default code for the unknowns - we set the FOGIP to the development server in the UK. sitecode="CompanyName"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" ;; esac # Check if the file SetupComplete.cmd exists in the source folder and then copy it to the destination on # the C: drive. if [ -f "/images/drivers/Common/SetupComplete.cmd" ]; then cp /images/drivers/Common/SetupComplete.cmd /ntfs/Windows/Setup/Scripts/SetupComplete.cmd; fi
-
@RobTitian16 Sorry I got side tracked yesterday and had no time to respond.
I might avoid using FOGIP because that variable maybe used already. Since case IS important it may be OK in all upper case.
This logic makes certain assumptions
osdiskpart="/dev/sda2"; ntfs-3g -o rw,force "${osdiskpart}" /ntfs 2>/tmp/mntfail
In that paratition 2 on sda will always be where windows lives. This assumption worked great until we started getting NVMe drives in. For NVMe drives the drive name is not /dev/sda but something else and the script breaks.
Tom came up with a bit of code magic that would compensate for this.
case $osid in 5|6|7|9) clear [[! -d /ntfs]] && mkdir -p /ntfs getHardDisk if [[-z $hd]]; then handleError "Could not find hdd to use" fi getPartitions $hd for part in $parts; do umount /ntfs >/dev/null 2>&1 fsTypeSetting "$part" case $fstype in ntfs) dots "Testing partition $part" ntfs-3g -o force,rw $part /ntfs ntfsstatus="$?" if [[! $ntfsstatus -eq 0]]; then echo "Skipped" continue fi if [[! -d /ntfs/windows && ! -d /ntfs/Windows && ! -d /ntfs/WINDOWS]]; then echo "Not found" umount /ntf >/dev/null 2>&1 continue fi echo "Success" break ;; *) echo " * Partition $part not NTFS filesystem" ;; esac done if [[! $ntfsstatus -eq 0]]; then echo "Failed" debugPause handleError "Failed to mount $part ($0)\n Args: $*" fi <insert remaining code here> ;; *) echo "Non-Windows Deployment" debugPause return ;; esac
This will map the first partition that contains a Windows folder.
Now as for your setup complete. The cp command assumes you have a SetupComplete.cmd file already and you are just copying it over. This is fine but your script doesn’t contain the dynamic content. If you currently are not using a setup complete file you can create one on the fly using the echo / append commands I posted before.
Since you created your own IP, let me tweak it a bit.
-
@george1421 well crud I just ran out of time again. I haven’t had a chance to debug this so I don’t know if it actually works. But this at least is the framework of what you need. I’ve attached the actual file since the forum editor sometimes tweaks the posted script.
#!/bin/bash . /usr/share/fog/lib/funcs.sh case $osid in 5|6|7|9) clear [[! -d /ntfs ]] && mkdir -p /ntfs getHardDisk if [[ -z $hd ]]; then handleError "Could not find hdd to use" fi getPartitions $hd for part in $parts; do umount /ntfs >/dev/null 2>&1 fsTypeSetting "$part" case $fstype in ntfs) dots "Testing partition $part" ntfs-3g -o force,rw $part /ntfs ntfsstatus="$?" if [[ ! $ntfsstatus -eq 0 ]]; then echo "Skipped" continue fi if [[ ! -d /ntfs/windows && ! -d /ntfs/Windows && ! -d /ntfs/WINDOWS ]]; then echo "Not found" umount /ntf >/dev/null 2>&1 continue fi echo "Success" break ;; *) echo " * Partition $part not NTFS filesystem" ;; esac done if [[! $ntfsstatus -eq 0]]; then echo "Failed" debugPause handleError "Failed to mount $part ($0)\n Args: $*" # Give the reader a chance to see what the error was sleep 12; # Terminate the post install script exit 1; fi # This next section determines the IP of the host system, cuts the last two octects and sets the FOGIP variable to # the correct IP address of the FOG server depending on the location (as the subnets are designed by location - i.e. # 10.1 is for the UK, 10.2 is for the US, etc.) myip='ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2'; case "${myip}" in 10.1) sitecode="UK"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" $sitelocal = "en-GB"; $uilang = "en-US"; ;; 10.2) sitecode="US"; timezone="Eastern Standard Time"; FOGIP="10.2.1.103" $sitelocal = "en-US"; $uilang = "en-US"; ;; *) # Default code for the unknowns - we set the FOGIP to the development server in the UK. sitecode="CompanyName"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" $sitelocal = "en-GB"; $uilang = "en-US"; ;; esac # Check if the file SetupComplete.cmd exists in the source folder and then copy it to the destination on # the C: drive. if [ -f "/images/drivers/Common/SetupComplete.cmd" ]; then cp /images/drivers/Common/SetupComplete.cmd /ntfs/Windows/Setup/Scripts/SetupComplete.cmd; # append the msiexec command to the end of the setupComplete.cmd file echo "msiexec.exe /i FOGService.msi /quiet USETRAY=\"0\" WEBADDRESS=\"${FOGIP}\" " >> /ntfs/Windows/Setup/Scripts/SetupComplete.cmd # just in case we edited the setupcomplete.cmd file in unix lets filter it to make it DOS compatible unix2dos /ntfs/Windows/Setup/Scripts/SetupComplete.cmd fi # now lets use the timezone variable and update the unattend.xml file. You may need to edit the variable to # point to where your unattend.xml file exists. Remember case IS important. unattendfile="/ntfs/Windows/Panther/unattend.xml"; sed -i -e "s#<TimeZone>\([^<][^<]*\)</TimeZone>#<TimeZone>$timezone</TimeZone>#gi" $unattendfile # now lets deal with the internationalization stuff in the unattend.xml file sed -i -e "s#<InputLocale>\([^<][^<]*\)</InputLocale>#<InputLocale>$sitelocal</InputLocale>#gi" $unattendfile sed -i -e "s#<SystemLocale>\([^<][^<]*\)</SystemLocale>#<SystemLocale>$sitelocal</SystemLocale>#gi" $unattendfile sed -i -e "s#<UILanguage>\([^<][^<]*\)</UILanguage>#<UILanguage>$uilang</UILanguage>#gi" $unattendfile sed -i -e "s#<UserLocale>\([^<][^<]*\)</UserLocale>#<UserLocale>$sitelocal</UserLocale>#gi" $unattendfile ;; *) echo "Non-Windows Deployment" debugPause return ;; esac