Rolling FOG out to US Site
-
I wonder if anyone can help me with a further question I have about the US FOG server and the FOG client.
As it stands, I need the US images to have the FOG client installed which then connect to the US FOG server. However, because replication is occurring between the UK (which is the main server) and the US, it’s replicating the images with the FOG client which are configured to connect to the UK server.
I don’t want to turn replication off, but I need the FOG client on the US images to connect to the US FOG client. Is this possible at all? i.e. perhaps through a script or is there a way that FOG can install the client on a newly imaged system that’s configured for the server it pulled the image from? How do others work around this issue? -
@RobTitian16 You’re likely to run into two different issues.
You can fix one of them relatively easily, the other not so much (until you sync the UK to the US – I’ll explain).
First the clients store their information in “C:\Program Files (x86)\FOG\settings.json”
So you can write a postdownloadscript on the US server to have it change the location it’s communicating with. This should correct the point of connection.
However, you will still run into issues with how the client “trusts” the server. This is because FOG creates certificates and those certificates are used by the client to ensure the server is indeed trusted by the server.
To fix this you will need to replicate the UK side’s ssl folder to the US side’s ssl folder. If you do that, you should be good. Ultimately you only need to sync the UK side’s CA information as the signature is validated against this (this way the main US cert is identifiably different from the UK cert.)
-
@Tom-Elliott Along the same lines as Tom mentioned, use post install scripts to modify how the clients are being installed.
The idea is to NOT install the FOG client in the reference image, but have it installed by the setupcomplete.cmd script. This also avoids the early triggering of the FOG client during OOBE (since the fog client is not installed until after OOBE has completed).
The idea with the fog post install script is to have the post install script (which executes on the target computer) determine where the client is by the IP address and then append the proper msi install line to the end of the setupcomplete.cmd file. There was just a thread about this… somewhere. ref: https://forums.fogproject.org/topic/8877/changing-from-legacy-to-new-client/5
<edit>
This tutorial discusses some of what you need in your post install script. https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script/6 -
Tom’s posts are exactly correct, and George’s post is too.
I guess we should remember this in the future when explaining multi-master setups.
-
@george1421 Thanks for the suggestion and links - much appreciated!
So, I’ve set the variables depending on IP address in the post-installation script (I can post it if it helps to see what I’m doing).
Now, how do I go about editing the setupcomplete.cmd script? Is this hidden away in FOS somewhere? I just need to add the line you mention in the other thread:msiexec.exe /i FOGService.msi /quiet USETRAY="0" WEBADDRESS="${FOGIP}"
(I wonder if the variable would work like that? It’s my first time doing this).
-
@RobTitian16 The setupcomplete.cmd file is a windows “thing”. We use that to run last minute windows tweaks after OOBE finishes and the login prompt is first presented to the user at the first log in of the workstation.
The post install script will mount the windows drive (but remember we are running linux for FOS) and then you can interact with the files on the drive.
The setup complete file would be located in /ntfs/Windows/Setup/Scripts/SetupComplete.cmd
You could do something like this in the post install script to add the fog install action to the end of that file.
echo "msiexec.exe /i FOGService.msi /quiet USETRAY=\"0\" WEBADDRESS=\"${FOGIP}\" " >> /ntfs/Windows/Setup/Scripts/SetupComplete.cmd
If you posted your full post install script here we could take a look at it and give you some pointers.
-
@george1421 Thanks, George.
Sorry, I should have looked at the wiki first as that explained where it was/what it was.So far, I have the following:
#!/bin/bash . /usr/share/fog/lib/funcs.sh # Windows 10 osdiskpart="/dev/sda2"; mkdir /ntfs 2>/dev/null mount.ntfs-3g "${osdiskpart}" /ntfs 2>/tmp/mntfail # This last section checks to see if the mntfail file exists and if it does then it means the mount failed # so there is no need to continue on with the script. mntRet="$?"; if [ ! "mntRet" = "0" ]; then echo "Failed to mount C:"; # Display what happened. cat /tmp/mntfail; # Give the reader a chance to see what the error was sleep 12; # Terminate the post install script exit 1; fi # This next section determines the IP of the host system, cuts the last two octects and sets the FOGIP variable to # the correct IP address of the FOG server depending on the location (as the subnets are designed by location - i.e. # 10.1 is for the UK, 10.2 is for the US, etc.) myip='ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2'; case "${myip}" in 10.1) sitecode="UK"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" ;; 10.2) sitecode="US"; timezone="Eastern Standard Time"; FOGIP="10.2.1.103" ;; *) # Default code for the unknowns - we set the FOGIP to the development server in the UK. sitecode="CompanyName"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" ;; esac # Check if the file SetupComplete.cmd exists in the source folder and then copy it to the destination on # the C: drive. if [ -f "/images/drivers/Common/SetupComplete.cmd" ]; then cp /images/drivers/Common/SetupComplete.cmd /ntfs/Windows/Setup/Scripts/SetupComplete.cmd; fi
I’ve made the two necessary directories in: /images/drivers/Common and have created the SetupComplete.cmd there with the following:
msiexec.exe /i FOGService.msi /quiet USETRAY="0" WEBADDRESS="${FOGIP}"
I guess my only question is how would the system then run SetupComplete.cmd? Do I need to add an extra line in the post install script to get it going?
-
@george1421 Also, I seem to be running into an issue with the part (with the error: failed to mount C):
# windows 7 osdiskpart="/dev/sda2";
Edit:
Here’s a screenshot (it does say that the Windows partition is on /dev/sda2 so I’m not entirely sure why it can’t mount it. -
@george1421 said in Rolling FOG out to US Site:
The post install script will mount the windows drive (but remember we are running linux for FOS) and then you can interact with the files on the drive.
An important thing to note here is that the postinstall scripts will mount the last processed partition. This may not necessarily be the drive. You can of course mount the correct drive. There was some discussion before about improving this but I don’t think it went anywhere besides helping one person.
-
@Wayne-Workman Thanks for that.
I thought it would connect to the C drive though as osdiskpart is set to /dev/sda2, which, when looking at the partitions through Parted Magic, shows that is the C drive. -
@RobTitian16
I see a potential typo. Try this?#!/bin/bash . /usr/share/fog/lib/funcs.sh # Windows 10 osdiskpart="/dev/sda2"; mkdir /ntfs 2>/dev/null ntfs-3g -o rw,force "${osdiskpart}" /ntfs 2>/tmp/mntfail # This last section checks to see if the mntfail file exists and if it does then it means the mount failed # so there is no need to continue on with the script. mntRet="$?"; if [ ! "mntRet" = "0" ]; then echo "Failed to mount C:"; # Display what happened. cat /tmp/mntfail; # Give the reader a chance to see what the error was sleep 12; # Terminate the post install script exit 1; fi # This next section determines the IP of the host system, cuts the last two octects and sets the FOGIP variable to # the correct IP address of the FOG server depending on the location (as the subnets are designed by location - i.e. # 10.1 is for the UK, 10.2 is for the US, etc.) myip='ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2'; case "${myip}" in 10.1) sitecode="UK"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" ;; 10.2) sitecode="US"; timezone="Eastern Standard Time"; FOGIP="10.2.1.103" ;; *) # Default code for the unknowns - we set the FOGIP to the development server in the UK. sitecode="CompanyName"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" ;; esac # Check if the file SetupComplete.cmd exists in the source folder and then copy it to the destination on # the C: drive. if [ -f "/images/drivers/Common/SetupComplete.cmd" ]; then cp /images/drivers/Common/SetupComplete.cmd /ntfs/Windows/Setup/Scripts/SetupComplete.cmd; fi
-
@RobTitian16 Sorry I got side tracked yesterday and had no time to respond.
I might avoid using FOGIP because that variable maybe used already. Since case IS important it may be OK in all upper case.
This logic makes certain assumptions
osdiskpart="/dev/sda2"; ntfs-3g -o rw,force "${osdiskpart}" /ntfs 2>/tmp/mntfail
In that paratition 2 on sda will always be where windows lives. This assumption worked great until we started getting NVMe drives in. For NVMe drives the drive name is not /dev/sda but something else and the script breaks.
Tom came up with a bit of code magic that would compensate for this.
case $osid in 5|6|7|9) clear [[! -d /ntfs]] && mkdir -p /ntfs getHardDisk if [[-z $hd]]; then handleError "Could not find hdd to use" fi getPartitions $hd for part in $parts; do umount /ntfs >/dev/null 2>&1 fsTypeSetting "$part" case $fstype in ntfs) dots "Testing partition $part" ntfs-3g -o force,rw $part /ntfs ntfsstatus="$?" if [[! $ntfsstatus -eq 0]]; then echo "Skipped" continue fi if [[! -d /ntfs/windows && ! -d /ntfs/Windows && ! -d /ntfs/WINDOWS]]; then echo "Not found" umount /ntf >/dev/null 2>&1 continue fi echo "Success" break ;; *) echo " * Partition $part not NTFS filesystem" ;; esac done if [[! $ntfsstatus -eq 0]]; then echo "Failed" debugPause handleError "Failed to mount $part ($0)\n Args: $*" fi <insert remaining code here> ;; *) echo "Non-Windows Deployment" debugPause return ;; esac
This will map the first partition that contains a Windows folder.
Now as for your setup complete. The cp command assumes you have a SetupComplete.cmd file already and you are just copying it over. This is fine but your script doesn’t contain the dynamic content. If you currently are not using a setup complete file you can create one on the fly using the echo / append commands I posted before.
Since you created your own IP, let me tweak it a bit.
-
@george1421 well crud I just ran out of time again. I haven’t had a chance to debug this so I don’t know if it actually works. But this at least is the framework of what you need. I’ve attached the actual file since the forum editor sometimes tweaks the posted script.
#!/bin/bash . /usr/share/fog/lib/funcs.sh case $osid in 5|6|7|9) clear [[! -d /ntfs ]] && mkdir -p /ntfs getHardDisk if [[ -z $hd ]]; then handleError "Could not find hdd to use" fi getPartitions $hd for part in $parts; do umount /ntfs >/dev/null 2>&1 fsTypeSetting "$part" case $fstype in ntfs) dots "Testing partition $part" ntfs-3g -o force,rw $part /ntfs ntfsstatus="$?" if [[ ! $ntfsstatus -eq 0 ]]; then echo "Skipped" continue fi if [[ ! -d /ntfs/windows && ! -d /ntfs/Windows && ! -d /ntfs/WINDOWS ]]; then echo "Not found" umount /ntf >/dev/null 2>&1 continue fi echo "Success" break ;; *) echo " * Partition $part not NTFS filesystem" ;; esac done if [[! $ntfsstatus -eq 0]]; then echo "Failed" debugPause handleError "Failed to mount $part ($0)\n Args: $*" # Give the reader a chance to see what the error was sleep 12; # Terminate the post install script exit 1; fi # This next section determines the IP of the host system, cuts the last two octects and sets the FOGIP variable to # the correct IP address of the FOG server depending on the location (as the subnets are designed by location - i.e. # 10.1 is for the UK, 10.2 is for the US, etc.) myip='ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2'; case "${myip}" in 10.1) sitecode="UK"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" $sitelocal = "en-GB"; $uilang = "en-US"; ;; 10.2) sitecode="US"; timezone="Eastern Standard Time"; FOGIP="10.2.1.103" $sitelocal = "en-US"; $uilang = "en-US"; ;; *) # Default code for the unknowns - we set the FOGIP to the development server in the UK. sitecode="CompanyName"; timezone="Greenwich Mean Time"; FOGIP="10.1.0.102" $sitelocal = "en-GB"; $uilang = "en-US"; ;; esac # Check if the file SetupComplete.cmd exists in the source folder and then copy it to the destination on # the C: drive. if [ -f "/images/drivers/Common/SetupComplete.cmd" ]; then cp /images/drivers/Common/SetupComplete.cmd /ntfs/Windows/Setup/Scripts/SetupComplete.cmd; # append the msiexec command to the end of the setupComplete.cmd file echo "msiexec.exe /i FOGService.msi /quiet USETRAY=\"0\" WEBADDRESS=\"${FOGIP}\" " >> /ntfs/Windows/Setup/Scripts/SetupComplete.cmd # just in case we edited the setupcomplete.cmd file in unix lets filter it to make it DOS compatible unix2dos /ntfs/Windows/Setup/Scripts/SetupComplete.cmd fi # now lets use the timezone variable and update the unattend.xml file. You may need to edit the variable to # point to where your unattend.xml file exists. Remember case IS important. unattendfile="/ntfs/Windows/Panther/unattend.xml"; sed -i -e "s#<TimeZone>\([^<][^<]*\)</TimeZone>#<TimeZone>$timezone</TimeZone>#gi" $unattendfile # now lets deal with the internationalization stuff in the unattend.xml file sed -i -e "s#<InputLocale>\([^<][^<]*\)</InputLocale>#<InputLocale>$sitelocal</InputLocale>#gi" $unattendfile sed -i -e "s#<SystemLocale>\([^<][^<]*\)</SystemLocale>#<SystemLocale>$sitelocal</SystemLocale>#gi" $unattendfile sed -i -e "s#<UILanguage>\([^<][^<]*\)</UILanguage>#<UILanguage>$uilang</UILanguage>#gi" $unattendfile sed -i -e "s#<UserLocale>\([^<][^<]*\)</UserLocale>#<UserLocale>$sitelocal</UserLocale>#gi" $unattendfile ;; *) echo "Non-Windows Deployment" debugPause return ;; esac
-
@george1421 Thanks for that. I get a couple of errors at the beginning, and it doesn’t copy over the Setup.cmd file (quite possibly because of said errors).
Edit: I’ve noticed the errors I received were because I had copied the file across using Windows, so it couldn’t run the script correctly. I’ll try again now.
-
@RobTitian16 when you get to the point where you “need” to debug your post install script. I have some helpful hints you can use.
-
@george1421 I wonder if the syntax of the {print} command is incorrect. I’m getting the following:
Also, as a note, there were a couple of issues with no spaces in the lines with [[! - one I had added the space (to be like [[ ! ) it was working.
-
@RobTitian16 OK I have a few minutes between meetings this am, let me take a look for the print command and for the copy command its possible that you don’t have the complete path created (especially if you never specifically used the setupcomplete.cmd file).
-
@george1421 p.s. I’m not using the unattend.xml at the moment so those lines can be ignored.
-
@RobTitian16 OK is see what happened. I was being lazy and just grabbed your code (which was wrong) when I consolidated the script.
the correct code is this
myip=`ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2`;
Note right after myip= that is a back tick not a single quote.
-
myip=`ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2`;
I’d recommend as:
myip=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2)