Boot menu configuration document

lebrun78

Server

• FOG Version: 1.3
• OS: centos 7

Client

• Service Version:
• OS: win7 win 10

Description

I 'm looking for a document that explain the way to configure correctly the boot menu.
Does it exist ?

Arnaud

george1421

Can you explain what you are trying to do?

Wayne Workman

The boot menu is made from iPXE script - most of it can be changed through the FOG Web interface. Here: Web Interface -> FOG Configuration -> iPXE Boot Menu and iPXE Menu Configuration and iPXE New Menu Entry

lebrun78

So I have two problems,

First,
I have this code set in the Fog Configuration> Fog Settings > Fog Boot Setting > FOG_PXE_ADVANCED

I’ m asking if it is in the right place for it ?

I want that a login-password asked to access this menu ?

Second,
On 0.32 fog version we have edited the fog.quickimage to let a teacher deploy the machine for his room. So machine called a24* did not required a authentication to deploy an image.
How should I process in 1.3.3 ?

lebrun78

For my first question, I use this good tutorial https://forums.fogproject.org/topic/6284/booting-mdt-2013-litetouch-with-fog
But I just like to add an authentication

Wayne Workman

@lebrun78 said in Boot menu configuration document:

On 0.32 fog version we have edited the fog.quickimage to let a teacher deploy the machine for his room. So machine called a24* did not required a authentication to deploy an image.
How should I process in 1.3.3 ?

I would create the teacher an account in FOG, and make them a “restricted” or “mobile” user. This allows them quick imaging permission but not much other permissions.

With this access, they will also have access to the web interface’s FOG Mobile area, but I don’t see that being a problem really.

lebrun78

But we want to limit this operation to only one particularly room

Wayne Workman

@lebrun78 FOG doesn’t have the ability to do that granular a level of access control. You would have to change the codebase to do that.

My advice would be to make the teacher accountable, have them sign an agreement to only use FOG in their room - and limit them as just a “mobile” user.

Another option is to give them no access at all, make them put in a ticket to have things imaged.

lebrun78

Which account can pass login password on ipxe.
fog local server accout?
fog web console account ?

other ?

since update I get invalid password
And I can’t find anything in logs

Wayne Workman

@lebrun78 This explains all passwords:
https://wiki.fogproject.org/wiki/index.php?title=Password_Central

Imaging from the web interface and the boot menu both authenticate against web credentials - this is managed in the web interface under User Management. An option in there allows to limit a user to fog mobile permissions.

If you have the LDAP plugin installed you can authenticate against active directory.

lebrun78

I invstigate why there was specificty for this class room.
It’s a room to tech network and system. So students reset machines deployng the image.
So there is a special comportment for this room.
There is an account that is only available for this room.

lebrun78

On 0.32 the file /tftpboot/fog/images/fog.quickimage was modified to get this functionality, this file is not present on 1.3.3 version. Which file replaced it ?

Tom Elliott

@lebrun78 I don’t understand your question.

fog.quickimage is a login option. You can change it right in the GUI to whatever you’re wanting though.

lebrun78

where could I found explanation of it ?

Tom Elliott

@lebrun78 What do you mean?

Tom Elliott

I don’t understand what you’re looking for.

They’re ipxe scripts. Wayne give you the where, and the password information.

You can edit your own menu’s. If you need a special menu for that particular room, your best bet might be to separate the main fog server and create a new one for that room. Menu’s are presented to EVERY system in the same way. While syslinux gave a potential to allow for specific systems, iPXE (in the sense fog uses it) is not. But because you are in control of the menu (You can edit it however you see fit) you could do a vlan test, or maybe mac address test within the ipxe layout.

My suggestion, make that “special room” sit on it’s own network.

Code the fog.quickimage option to detect the system IP Addresses and if they are within that vlan just allow imaging. That’s just my suggestion.

george1421

@lebrun78 If I could offer a different solution for you instead of “adjusting” the FOG programming code.

It is true that 7-8 years have passed since FOG 0.3x generation. So many things have changed (for the better).

I might recommend that you setup a fog server in that class room. That way that room can have full control of imaging to that specific room. Change the dhcp settings to point to the local classroom’s FOG server. This room FOG server then could be configured as you need it without impacting the master FOG server. The last thing you need to do is get the images from the master FOG server to the slave FOG server. That can be done on the Master fog server by defining the slave (classroom) FOG server as a storage node. The master FOG server will then replicate any images that have the replication flag set to the slave FOG server. The last bit you have to do on the slave FOG server is to manually create the image definitions on the slave FOG server so the slave FOG server knows about the images that have been replicated to slave fog server. This is not an officially supported setup, but it does work well without having to adjust the FOG main programming.

Keeping the FOG code unmodified allows you to take advantages of updates to FOG without having to adjust each update for this classroom.

lebrun78

I’m not yet ready to add a new server.
I read the old code.
My predecessor had found a subterfuge, he had modified the file fog.quickimage (on a 0.32), so, if a machine had its name that started with e207, then the login and the foo password were sent.
This login/password foo had the right to deploy machines on all the network.
Could I do that again ?

Wayne Workman

@lebrun78 said in Boot menu configuration document:

I’m not yet ready to add a new server.

It doesn’t take anything special. I’ve ran fog on an old Pentium 4 tower computer before. People these days throw better than that straight into the trash. An old dual-core or core2duo would perform fine for the needs of the classroom.

lebrun78

I agree with you, I could install it on a virtual machine.
But I would like not to have to manage a new server, and I have storage issue for big files.