New Plugin: Host Status plugin (1.5.6 FOG version)

Hi,
With the 1.5.6 release version is available one new plugin: Host Status.

This plugin say you the state of the computer in the host edit page:

This plugin detects the OS that is running in the computer:

• Windows
• Linux
• FOS (Fog Operative System): a FOG task is running in the PC
• Unknown: the FOG server can not comunicate with the PC: the PC is shutdown or the firewall is closed (you must open the 445 TCP port in the computer)

The state is detected on fly and only in the host edit page.

NOTE: when you search one host or hosts, in the result list appears the state of the computers too, but this state is read from the database and this entry in the database is updated by FOGHostPing daemon. The daemon need time to iterate with all computers and update his state. If you have a lot of PC in your FOG server, the daemon takes one second per PC to update his state, there may be discrepancies between the two states (host status plugin and FOGHostPing daemon)

Hello,

Some news about this problem. We made some changes in our server and his configuration and, actually, the server is not so drowned as before. The conclusion is: the default configuration of apache, php-fpm and mysql is not optimal for large scenarios. If you have a great number of client, you need to tune the server.

I will tell our previous situation and the actual situation to share our experience.

Initial Scenario:

• FOG version 1.5.2
• Virtual server with 8 vCores and 16 GB RAM
• OS: RHEL 7
• Active clients: 7000
• One fog server and only the default node.

In July we migrated from our old FOG version (0.32) under RHEL 5 to the new one (1.5.2) under RHEL 7. Without any additional configuration.

In August we observed that the server consumed a lot of CPU and RAM and we began to have performance troubles (and the course had not started). Panic Mode ON!!

The first thing that you think is … more resources are neccesary (more wood is the war). ERROR. The System Operation Center (SOC) guys say NO. We can not give you more resources.

First thing: Update
we updated the server OS and some packages. For example: php and mariaDB. We had php 5.6 version and we updated to php 7, the performance of php increased a lot of.

We updated the FOG version from 1.5.2 to 1.5.4

Second thing: Optimize the virtual machine resources

Our virtual server is hosted in a VMWARE server with two socket and each one with 6 cores (is an old server). Problem: our virtual server was 8 vcores, 6 vCores in one socket and the other 2 in the other one. The server had time access problems.
We removed two vCores from the server, in this way all vCores were in the same socket and the time acccess was more quicky. PROBLEM: less resource, more server load. In September the clients began to wake up and the php and mysql queries increased, then more resources were neccesary. To minimize it we increased the checkout time of the client to 900 seconds, with this we decreased the php and mysql queries, but the comsumption was still high (mysqld proccess 300%). The problem was the access time to the cores of the server, we had 6 vCores in a socket with 6 cores and also with more virtual server in the same socket. The more time the vCores were waiting to access to the sockets cores. The vCores were always at 100% of CPU usage.

To solve this we enabled the NUMA in the server:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_tuning_and_optimization_guide/sect-virtualization_tuning_optimization_guide-numa-numa_and_libvirt

With this we distributed the vCores between the two socket: vCPUs 0,1,2 + 8GB RAM in NUMA 0 y 3,4,5, + 8GB in NUMA 1. This is configurated in the VMWARE server. In addition, we install the numad package in our virtual server, this daemon distributed the proccess betwween the two NUMAs. The access to the RAM and CPU was faster.

For example:

# ./numa-maps-summary.pl < /proc/1787/numa_maps
N0        :          100 (  0.00 GB)
N1        :       648226 (  2.47 GB)
active    :       435228 (  1.66 GB)
anon      :       645582 (  2.46 GB)
dirty     :       647118 (  2.47 GB)
kernelpagesize_kB:         1012 (  0.00 GB)
mapmax    :          332 (  0.00 GB)
mapped    :         1248 (  0.00 GB)

we can see with this python script that the mysql is using the resources of the NUMA1 Node.
Now we have, again, 8 vCores distribuited between the two NUMA nodes.
Now, the vCores are at 80%-90%

Third thing: tunning php, php.fpm and mysql

We don’t have a lot idea about php, php-fpm and mysql, then we had to read a lot of articles in the web about them.

Tunning MySQL: to do it we have used the mysqltunner script, http://mysqltuner.com . This script gives you an idea about the performance of the database and how tunne it to increase the performance.

SET GLOBAL query_cache_size = 4000000; (4MB)
SET GLOBAL tmp_table_size = 20000000; (20MB)
SET GLOBAL query_cache_limit = 2000000; (2MB)
SET GLOBAL max_heap_table_size = 20000000; (20MB)
SET GLOBAL thread_cache_size = 4;
SET GLOBAL table_open_cache = 450; 

In the MariaDB web page recommends edcrease the swappiness value (https://mariadb.com/kb/en/library/configuring-swappiness/)

#sysctl -w vm.swappiness=10

Tunning php-fpm and php: There is some articles about it in this forum.
PHP-FPM:

pm = ondemand

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 50

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 5

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 50

; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;

Normaly the people have pm=dynamic but we use pm=ondemand because we saw that the performance is better.

Is possible that these parameters will be changed, but now the server runs well, but is October and the download activity has decreased a lot of.

To see the activity of php you can enable the apache server status in the php.ini and there is a tool “goaccess” too to see the php calls and the number in the terminal:

#yum install goaccess
#tail -f /var/log/httpd/access_log | goaccess -

Hi!!!

I am developing a new plugin, after AccessControl plugin, now Site plugin
With AccessControl Plugin we can control the access to the items of the webUI using roles. Now, with the Site Plugin we can control the access to the hosts by user using his physical location.

Site is not Location

With Location plugin we can manage the storage nodes from the hosts will download the images, snapins, … With Site plugin we can have more granularity, we can define as Sites as we need (IT room, labs, …) and associate the host to these sites. We can associate one user to one or more sites, in this way, the user only will see the hosts which are in his sites and not the others.

Hi Tom,

Finally works fine under ubuntu 14.04

sudo rm /etc/apt/sources.list.d/mono-xamarin.list
sudo apt-get autoremove
sudo apt-get update
sudo apt-get install mono-complete
Install the client

With these instructions the client woks fine. Thanks!!

Hi @kAs1m ,
I know what is happen here. The problem is the array of element of the top menu.

I will try to explain how works the plugin: the elements of the top menu are saved in one array, the AccessControl plugin erases the elements of the menu but, frecuently, the AccessControl can not erase the element because the order in the array have been changed. This occurs, normaly, when you try to apply some rules at time.

In conclusion, the plugin doesn´t work as fine as we want. As solution try to add rules one by one and see the result, for example I have a configuration as yours usong these rules:

• MAIN_MENU-about about main
• MAIN_MENU-plugin plugin main
• MAIN_MENU-service service main
• MAIN_MENU-site site main
• MAIN_MENU-storage storage main
• MAIN_MENU-user user main

In the future 1.6 version the pages will be loaded in other way that takes in account this problem.

I didn’t see this post. My two cents.

es-ES [Spanish (Spain)]

### SHUTDOWN PROMPT ###
{company} necesita realizar el mantenimiento en este equipo.
{company} needs to perform maintenance on this computer.

Por favor, guarde su trabajo y cierre todos los programas.
Please save any work and close all programs.

Cancelar
Cancel

Ocultar
Hide

Posponer
Postpone

Reiniciar Ahora
Restart Now

Apagar Ahora
Shutdown Now

Posponer durante 
Postpone for

X hora(s) Y minuto(s) Z segundo(s)
X hour(s) Y minute(s) Z second(s)

### NOTIFICATIONS ###

Apagado Cancelado
Shutdown Aborted

El apagado ha sido cancelado
Shutdown has been aborted

Apagado Retrasado
Shutdown Delayed

El apagado ha sido retrasado {time}
Shutdown has been delayed for {time}

El apagado se producirá en {time}
Shutdown will occur in {time}

Está a punto de ser desconectado
You are about to be logged off

Será desconectado si permanece inactivo
You will be logged off if you remain inactive

Instalando {snapin name}
Installing {snapin name}

Por favor, no apague hasta que no haya finalizado
Please do not shutdown until this is completed

{snapin name} ha sido instalado
{snapin name} installed

La instalación ha finalizado y está listo para ser usado
Installation has finished and is now ready for use

Short version:

### SHUTDOWN PROMPT ###
{company} necesita realizar el mantenimiento en este equipo.
Por favor, guarde su trabajo y cierre todos los programas.
Cancelar
Ocultar
Posponer
Reiniciar Ahora
Apagar Ahora
Posponer durante 
X hora(s) Y minuto(s) Z segundo(s)

### NOTIFICATIONS ###
Apagado Cancelado
El apagado ha sido cancelado
Apagado Retrasado
El apagado ha sido retrasado {time}
El apagado se producirá en {time}
Está a punto de ser desconectado
Será desconectado si permanece inactivo
Instalando {snapin name}
Por favor, no apague hasta que no haya finalizado
{snapin name} ha sido instalado
La instalación ha finalizado y está listo para ser usado```

Hi @Sebastian-Roth and @EduardoTSeoane ,

I tested the changes in my dev environment and the suggestions work fine. I think we can push the changes in the repository.

I don´t use the location plugin but Ithink that the problem is the same. Maybe, @Tom-Elliott can say us want think about them XD and the reason it does not wok correctly

Hi FOGers!!
I need to develop a control access plugin and, although I have more or less the things clear in my head, I would like share my minds with you. I accept suggestions, corrections, …

Feature:

• Control the access to the icons, menus and submenus in the the webUI by rol.
• Limit the searches and access to the resources (snapin, hosts, groups, tasks and images) of one or more locations.

Necessities:

• Create a new rol: restricted user

This plugin has two levels of control:

• Visual: Limit the access to the menus and submenus by rol user. The admin rol can access to all menus and submenus of the webUI and the restricted user only can access to the some menus and submenus (for example: Home, Hosts, Groups, Images, snapin, printer, tasks and logoff)
• Searches: Limit the range of the search to the resources of one or more locations. The restricted user only can see the hosts, groups, images that are link or associated to his/her location/locations.

This last level have a dependency with Location plugin.

Dependencies:

• Location plugin

Well, hereinafter I accept suggestions, ideas …

Christmas List:

• Imaging techs assigned to Location A, may not touch or deploy any target host at Location B. Possibly read only access to Location B’s host records might be interesting.
• Create different roles
• Create different access rules

It’s a little barter XD
He added a field in the database and I developed the access control plugin. Personally I think I’m losing

Hi FOGers!!

I attach some captures of this new plugin

When we list all users, appears the role that they have linked.

We can link a role to one user from user edit page.

In the accesscontrol page we can list, edit and add new roles

And create, list and edit rules

Editing a rule …

Hi FOGers!!

We have some strange issues when we upload images to the server and we don´t have find the reason of this behaivour.

The issue appears when the server try to move the image from /images/dev/abcdefg12345 directory to the destiny, the FTP can´t move the file or the directory and the destiny directory appears empty.

In the vsftpd log appears the error:

Tue Oct 31 14:00:26 2023 [pid 2855049] [fogproject] FTP command: Client "10.0.15.8", "LIST -a images"
Tue Oct 31 14:00:26 2023 [pid 2855049] [fogproject] FTP response: Client "10.0.15.8", "150 Here comes the directory listing."
Tue Oct 31 14:00:26 2023 [pid 2855049] [fogproject] FTP response: Client "10.0.15.8", "226 Directory send OK."
Tue Oct 31 14:00:26 2023 [pid 2855049] [fogproject] FTP command: Client "10.0.15.8", "RNFR /images/dev/8cec4b6xxxxx"
Tue Oct 31 14:00:26 2023 [pid 2855049] [fogproject] FTP response: Client "10.0.15.8", "550 RNFR command failed."
Tue Oct 31 14:00:26 2023 [pid 2855049] [fogproject] FAIL RENAME: Client "10.0.15.8", "/images/dev/8cec4b6xxxxx"
Tue Oct 31 14:00:26 2023 [pid 2855049] [fogproject] FTP command: Client "10.0.15.8", "QUIT"
Tue Oct 31 14:00:26 2023 [pid 2855049] [fogproject] FTP response: Client "10.0.15.8", "221 Goodbye."

The permissions in /images is:

drwxrwxrwx  295 fogproject apache 16384 nov  3 09:40 images

We have migrated the old server, fog 1.5.5, to the last one, fog 1.5.10, we made a fresh install but we migrated the storage from the old one to the new one. Then in /images we have a mix of owners XD:

drwxrwxrwx    2 root       root     280 ago 24 10:27 aula-vc-filologia-aulavhm2-alumno3450
drwxrwxrwx    2 fogproject apache   226 jul 26  2022 aula-vc-filologia-aulavhm2-profesor
drwxrwxrwx    2 root       root     280 ago 24 14:52 aula-vc-filologia-aulavhm2-profesor3450
drwxrwxrwx    2 root       root     226 jul 19 12:28 aula-vc-filologia-aulavhmm-docencia
drwxrwxrwx    2 fogproject apache   226 mar  8  2023 aula-vc-filologia-aulavhmm-docencia-LTSC
drwxrwxrwx    2 root       root     226 ago 25 12:36 aula-vc-filologia-aulavht1-cabina
drwxrwxrwx    2 root       root     226 ago 28 09:55 aula-vc-filologia-aulavht1-profesor
drwxrwxrwx    2 fogproject apache   226 abr 29  2021 aula-vc-filologia-aulavht1-roomserver

The question is easy Who is the owner of images directories?

@orborneee When I installed the new server on May, I had problems with the LDAP autentication. I don´t know if your problem is the same but you can test if works.
Edit the /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php file and comment the line 235:

//@$this->unbind();

Hi @Sebastian-Roth,
Yes, I think that the dev-branch solves the problem. I tried to install from master branch and the problem with the xinetd appeared, but with the dev-branch apparently works fine

@Sebastian-Roth Hi Sebastian!
I will try the dev-branch, the new server is the develop server. If the new release version has PHP 8 support then great
The problem with the xinetd is more “special”, only affect to RHEL 9 and higher.

Workaround: Install php 7.4 in RHEL 9
Install PHP 7.4 (https://www.linuxcapable.com/how-to-install-php-on-centos-stream/)

# dnf upgrade –refresh
# dnf config-manager --set-enabled crb
# dnf install \
    https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
    https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm
# dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-9.rpm -y
# dnf module list php
# dnf module enable php:remi-7.4 –y
# dnf install php php-cli php-common php-fpm php-gd php-json php-ldap php-mbstring php-mysqlnd php-process –y

Hi again! I am back
I am installing a new server under RHEL 9, but I am having problems with the install process.

Two big problems:

• PHP version 8: the implode function is deprecated and have changed (https://www.php.net/manual/en/function.implode.php)

 implode(string $separator, array $array): string

Alternative signature (not supported with named arguments):
implode(array $array): string

Legacy signature (deprecated as of PHP 7.4.0, removed as of PHP 8.0.0):
implode(array $array, string $separator): string

Join array elements with a separator string. 

The order of the parameters is different. This affects to all calls of the implode function.

*xinetd package is not available in RHEL 9
From https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/pdf/considerations_in_adopting_rhel_9/red_hat_enterprise_linux-9-considerations_in_adopting_rhel_9-en-us.pdf

The xinetd package is not available in RHEL
9. Its functionality is now provided by
systemd.

@sebastian-roth Yes, I saw it. I am following it XD
it can be the way to do it.

The problem are the dual images: windows + ubuntu or syspreped windows + ubuntu. And other type images too (multidisk, …)

@sebastian-roth I would like to customize the boot sequence , if is possible from the web UI and not custimize a script in the server.

Hi @Sebastian-Roth ,
Then is not any global solution I need to devise one.