RE: Snapin Questions

@LJedi Hi there, snapins will make your life a lot easier. Once you get the hang of them (and they’re really not that hard) you’ll wonder how you managed without them. The pure joy to be had from deploying a new application to a group of 10’s or 100’s of machines in a couple of clicks and then just getting on with your day is pretty awesome

I tend to forget things so I’ve created myself an idiots guide to most things I come across in FOG-land, snapins being no exception. I’ll outline the bits and pieces I’ve picked up, some of which you may already know.Jbobs answer was pretty succinct. I’m just going to dumb it down a little.

While Jbobs description of snapins as files which get executed remotely is spot on, the real benefit of using snapins is in conjunction with silent switches so the installation happens without your users seeing anything going on. This avoids them having to call the Helpdesk because “some weird screen just popped up on my 'puter!”

First off default FOG installation has a limit set on the size of snapins which can be uploaded to the server. This is configured in the php config file which in CentOS can be found at /etc/php.ini. You want to edit this file and locate these 3 sections and amend from 128M or 100M to 1900M

memory_limit = 1900M
post_max_size=1900M 
upload_max_filesize=1900M

Save the file and restart httpd service to have the changes kick in

service httpd restart

As far as actually creating snapins - the 2 biggest gotchas I found are:

• snapin names can’t have spaces
• uploaded files must be unique

When naming the snapin in the UI either use CamelCase or throw in an underscore to split words up.

The actual executable eg setup.exe is uploaded to FOG server in /opt/fog/snapins directory, not the name you give it in the web UI. The server won’t permit files of the same name in one directory. So if you have multiple versions of an installer for instance or need to create an uninstall snapin, make sure to rename the executable or MSI file so it’s unique. I add a version number or append _install, _uninstall depending on the situation.

I have had greatest success with MSI files. To create a snapin from an MSI file you need to add in the following details.

Snapin name - No spaces
Snapin run with - c:\windows\system32\msiexec.exe
Snapin run with argument use either /i or /x
/i = install
/x = uninstall
Snapin file - upload in .MSI format. If doing an uninstaller as well, amend the file name prior to upload so its different on server.
Snapin arguments - /qn - this is the the “no UI” switch for the MSI installer

Some EXE files which come with well documented silent install switches also work well but you sometimes have to hunt high and low to find the switches or use a bit of trial and error,

We use screenpresso screen capture tool at work and that has decently documented switches. Screenshot of this here. Note that screenpresso downloads always show as just screenpresso.exe - due to dupe file name mentioned earlier I rename this based on version before uploading to FOG.

I’ve never had much joy with deploying .bat or .cmd files via FOG snapin but will be giving that a go again shortly based on Jbobs comment earlier. What I’ve used instead is create the .bat as normal then use BatToExe converter to convert to exe then just add a name and upload the .exe to FOG - all silent switches go in the .bat file so nothing needs added to FOG.

TeraTerm is one such application I’ve deployed in this manner using this code. We have preconfigured keyboard, window and font settings using the keyboard.cnf and teraterm.ini files.

@echo off

:: script to copy teraterm.exe and config files to temp folder and install from there
:: the /y switch tells xcopy to overwrite file at destination if it already exists.

xcopy /y "\\server-share\TeraTerm\teraterm-4.89.exe" %TEMP%
xcopy /y "\\server-share\TeraTerm\KEYBOARD.CNF" %TEMP%
xcopy /y "\\server-share\TeraTerm\TERATERM.ini" %TEMP%

:: install teraterm using the keyboard.cnf and teraterm.ini files specified
%TEMP%\teraterm-4.89.exe /VERYSILENT

:: lastly move the copied teraterm.ini and keyboard.cnf files into program files directory
xcopy /y %TEMP%\KEYBOARD.CNF "C:\Program Files (x86)\TeraTerm\"
xcopy /y %TEMP%\TERATERM.ini "C:\Program Files (x86)\TeraTerm\"

Save as a bat file, run through BatToExe to output as .exe and upload to FOG and bam - done. Though you may not even need to save as a .exe. I shall test that myself tomorrow.

Give it a go on a test machine and see how you get on - any questions feel free to ask.

Other much more learned and savvy folks will no doubt chime in with even better suggestions or pointers should you need them.

cheers, Kiweegie.

@Wayne-Workman Success!

ok the latest snapin has worked as expected. Root cause I think was the locations and how I had set them up. Each host has a Location entry and each location points to a storage group.

I’d set the host I was testing this on to the only location I’d set up for head office and this was pointing to the wrong storage group.

I’ll do some further testing this week but hopefully others with same issue can at least learn from my mistakes…

Wayne, really appreciate the time and effort you put in to help me out with this one, greatly appreciated.

cheers, Kiweegie.

Hi @stuhad

I have this working on 1.5.7 dev branch on Ubuntu 18.04 so can walk you through what I’ve done in case that helps? Also check out this post by @m144 which got me started in the right direction.

Need to install the php plugin and restart apache first off

sudo apt-get install php-ldap
sudo systemctl restart apache2

One important note which doesn’t seem to be documented anywhere - the AD Bind password does not like special characters. I’ve not had time to test which ones are ok and which are not so just went with an alphanumeric password to get up and running.

Assuming your domain is example.com and you have 2 domain controllers:

dc01.example.com
dc02.example.com

Create a security group to house the users you want to log in over LDAP here we will use group fogserver admins in the OU=security groups. And a service account which has been delegated the rights to add and delete computer objects on your domain or in a pinch added as member of the Domain Admins group.

In the FOG ui click on the LDAP icon and then create new LDAP link on the left and fill in details as follows

LDAP connection name: dc01.example.com (each connection name must be unique)
LDAP Server Address: dc01.example.com
LDAP Server Port: 389
Search Base DN: dc=example,dc=com
Group Search DN: dc=example,dc=com
Admin group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
Mobile group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
User Name Attribute: sAMAccountName
Group Member Attribute: member
Search Scope: Subtree and below
Bind DN: cn=service fogserver,ou=service_accounts,dc=example,dc=com
Bind password: <password for service account - add in plain text)

You can (and should) add multiple entries here with your other DCs for redundancy, just fill in another LDAP entry with unique connection name.

You should then be able to login to the FOG web portal with a domain username e.g. foguser (no need to add as example\foguser)

If a user who is not a member of your fogserver admins group tries to login it will fail on the UI with error

fogserver_admins))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=cn=fogserver_admins)(name=ou=security groups)(name=dc=example)(name=dc=com))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!\n', referer: http://fogserver/fog/management/index.php?node=home

Try that and if you’re still having issues let us know what OS you’re running and what entries you’re using in the LDAP setup - feel free to edit the entries for privacy reasons.

regards Tom

Hey mtmuch and welcome from a fellow FOG aficionado and recent sysadmin. Been using FOG off and on since the 0.29 release and particularly in the lastest 1.2.0 and upwards dev releases, FOG rocks… The team behind it are awesome too and very responsive.

Another thing to watch out for with newer FOG versions is depending on how old your environment is to ensure portfast is enabled on your switches - we’re still waiting on one of our larger sites to have this turned on.

I’ve had success with snapins created using .msi files and several with .exe where the installer silent switches are well documented. Others have been a bit hit and miss but the snapin system itself works very well.

You’'ll need to visit each desktop I’d imagine to set them to boot from nic for PXE booting unless they are set that way already. If they are and you have some sort of inventory system (we use Lansweeper) you might be able to upload all the hosts and mac addresses via a csv file rather than having to manually register them.

I’m also a fan of the new plugin system which has been integrated. We have remote sites and the location plugin solves an issue of replicating between main server and remote storage nodes. Also liking the pushbullet plugin for alerts sent to your phone.

There is a bit of work involved in getting it setup in the beginning, but once you have it configured and clients talking, it will save you so much time. Zero-touch is the buzzword you want to mention to your senior team members.

Enjoy!

@Tom-Elliott sigh… yes you’re quite right Tom. That has indeed solved the “problem”

please mark as resolved, i’m away for a cup of tea and a lie down in a darkened room…

regards Kiweegie

@stuhad

We are running on the dev version here 1.5.7.109 and can confirm that LDAP plugin works on this version.

Re your FOG install showing 1.55 but earlier not I think you’re seeing the issue that @Tom-Elliott referred to below and has fixed.

As to why the LDAP plugin is not working it will be down to something in the LDAP config I suspect rather than anything linked to the FOG version. I’ve had LDAP plugin working on both 1.55 and 1.57.

Do you have anything in the following log file at all in reference to LDAP users?

/var/log/apaches/error.log

Looking through your LDAP config and comments from previous post

LDAP connection name: dc1
(fine as long as each connection name is unique)
LDAP Server Address: IP Address (is an IP ok?)
IP address OK, thats what I’ve used
LDAP Server Port: 389
OK
Use Group Matching: ticked
OK
Search Base DN: ou=fog users,dc=company,dc=com,dc=au
I’ve set my search base here to the root of the domain so try just dc=company,dc=com,dc=au
Group Search DN: ou=fog users,dc=company,dc=com,dc=au
Should be fine - spaces in OU names also OK.
Admin group: cn=fog admins,ou=fog users,dc=company,dc=com,dc=au
Try just using the group name here “fog admins” don’t need the cn entry. Also try removing space. Should be ok but something to rule out
Mobile group: cn=fog admins,ou=fog users,dc=company,dc=com,dc=au
As above
User Name Attribute: sAMAccountName
OK
Group Member Attribute: member
OK
Search Scope: Subtree and below
OK
Bind DN: cn=ldapadmin,ou=services,dc=company,dc=com,dc=au
This user should have delegated rights to add and delete computer objects. If unsure try adding as member of Domain Admins group to test
Bind password: added in plaintext
OK

Ninja Edit: With the password remember to ensure no special characters!!

Give the above a whirl and let us know how you get on.

regards Tom

Just a heads up re some visual/browser issues in the plugins section of latest release.

I’m updated to latest release 4340 as at Friday 13th Nov 15 to get around an issue with snapin removal and a small bug with the location plugin which Tom Elliot kindly resolved.

Clean reinstall of FOG and am in process of adding in plugins. I can enable the plugins system but as soon as I try and activate one of the plugins - I’m interested in the Locations, WOL and Pushbullet specifically - the browser just flashes.

Example GIF can be seen here:

I’ve found it is possible to click on the plugin and have it activate but takes a few tries to get right. This is happening on Chrome and Firefox. I tried looking at it in IE too (ugh) and in there IE12 on Win 8.1 the front page of FOG web GUI is blank with just a series of bullet points down left hand side. Moving cursor over the page does highlight clickable content (cursor changes to hand icon and the URL shows in popup at bottom of page).

regards Kiweegie.

Ninja-Edit:

Some issues on the WOL plugin also

I can add new entries but cannot display the entries once added. Also the menu (see URL below) for “List all broadcasts” reads as “List all s”

http://FOG_Server_IP/fog/management/index.php?node=wolbroadcast&sub=list

@Wayne-Workman Hi Wayne, I could get past the issue and have the plugins installed now but it may throw off new users hence reason I flagged up.

Additionally the pushbullet plugin does not seem to be accepting tokens. Not a deal breaker for me but again just pointing it out to add to the snagging list.

Cheers, Kiweegie.

@Tom-Elliott Hi Tom, not an issue and had noticed the Nginx reference. Was more a heads up than anything else.

cheers. Kiweegie.

@Sebastian-Roth @george1421

Hi both, thanks for the pointer to log, that showed me issue. Had reinstalled from trunk and while fog password was ok per my records in the below locations I had like a complete rookie forgotten to reset password on the server itseld post upgrade… d’oh!

Storage Management > All Storage Nodes > Default Member > Management Password
Fog Configuration > Fog Settings > TFTP Server > FOG_TFTP_FTP_PASSWORD

cheers all
Kiweegie.

@tom-elliott So to clarify that last point Tom, the SQL should reflect under ngName both the Storage group name AND the Storage node name? DCSTORAGE in this case is the name of the Storage node master server for the Storage Group 3 storage group.

I’ve compared to the other image(s) which are only hosted on (and are being replicated from) the Master node and they only reflect the main storage group under ngName.

I’ve made note of the replicator service restart command, cheers. I went a bit neanderthal and just rebooted all my servers just now to see if that kicked things into life.

Checking the Image Replicator logs under FOG Configuration > Log Viewer it only references DCMASTER and the 2 nodes in its storage group. Does replication from the Storage master of the other storage group show in these logs? Or do we need to check local log files on the server itself?

cheers Tom

@tom-elliott said in Replication oddity after moving Master node:

SELECT imageID,imageName,ngID,ngName
FROM imageGroupAssoc
LEFT OUTER JOIN images ON igaImageID = imageID
LEFT OUTER JOIN nfsGroups ON igaStorageGroupID = ngID
WHERE imageName = ‘nameofimage’;

Thanks for getting in touch Tom.

The whole both storage groups “can” apply to an image was throwing me I confess. I actually added a brand new storage group “Storage Group 3” for the sake of the earlier example and deleted Storage group 2.

I’ve set only Storage Group 3 on the image(s) I want to sync from the DCSTORAGE node and made sure it’s set as master

Output of SQL above is as follows:

Database changed
MariaDB [fog]> SELECT imageID,imageName,ngID,ngName
    -> FROM imageGroupAssoc
    -> LEFT OUTER JOIN images ON igaImageID = imageID
    -> LEFT OUTER JOIN nfsGroups ON igaStorageGroupID = ngID
    -> WHERE imageName = 'My_image';
+---------+------------+------+-----------------+
| imageID | imageName  | ngID | ngName          |
+---------+------------+------+-----------------+
|       9 | My_image   |    4 | Storage Group 3 |
+---------+------------+------+-----------------+
1 row in set (0.01 sec)

On the assumption this is correct (now) do I need to restart any services or servers themselves to have them pick up on this change and start syncing?

regards Tom

@kiweegie said in Replication oddity after moving Master node:

@Tom-Elliott @Sebastian-Roth

Morning gents, just revisting this as I have some more findings. The replication issue seems to be limited to the Master node not replicating images listed for Storage Group 2 for which a DCSTORAGE is the master.

Using the previously sent image of the setup, images capture to DCMASTER and it replicates fine to storage nodes with the same storage group set Storage Group 1

It is not being captured or replicating to DCSTORAGE however which is the master storage node for the second storage group.

I’ve checked the wiki re replication and it states there that:

Images always capture to the primary groups master storage node - so the image which is set as Storage Group 2 should capture to the master node for that storage group DCSTORAGE but is actually capturing to the Master Node DCMASTER.

So it would seem that that image is not seeing that DCSTORAGE is its master storage node even though the image(s) are defined as such.

I’ve confirmed also that DCSTORAGE is set as the Master node for Storage Group 2

Anything else I could me missing here?

regards Tom

Additional note - when image is captured (to Master node) it sets ownership as the local unix user:root not fogproject. Not sure if this has bearing on things?

@Tom-Elliott @Sebastian-Roth

Morning gents, just revisting this as I have some more findings. The replication issue seems to be limited to the Master node not replicating images listed for Storage Group 2 for which a DCSTORAGE is the master.

Using the previously sent image of the setup, images capture to DCMASTER and it replicates fine to storage nodes with the same storage group set Storage Group 1

It is not being captured or replicating to DCSTORAGE however which is the master storage node for the second storage group.

I’ve checked the wiki re replication and it states there that:

Images always capture to the primary groups master storage node - so the image which is set as Storage Group 2 should capture to the master node for that storage group DCSTORAGE but is actually capturing to the Master Node DCMASTER.

So it would seem that that image is not seeing that DCSTORAGE is its master storage node even though the image(s) are defined as such.

I’ve confirmed also that DCSTORAGE is set as the Master node for Storage Group 2

Anything else I could me missing here?

regards Tom

Just wanted to follow up on this for anyone else in same situation. Essentially the VtoV works just fine. As we had changed hostname and IP we only ended up having to reinstall the FOG client on the desktops for them to become in sync with the new FOG Master server. All other things just worked.

Cheers Tom

So I just added 2 more Storage nodes to the equation. On both replication didn’t kick in til I’d initiated a manual rsync from Master to storage node. After doing that (again for one image only) the other 3 images all synced OK.

Wondering if there needs to be some syncing of SSH keys or similar to pemit the servers to talk to each other and thats not being handled automatically? Just a theory…

regards Tom

After rsyncing one of the images from DCMASTER to DCSTORAGE both are now showing up on the storage node… and in turn seem to be in process of replicating to the other Storage nodes.

I’ll need to double check all of them once replication process finished to see if they have same file sizes etc.

regards Tom

@sebastian-roth You’re quite right, i’ve just re-read that myself and it’s confusing… I was using non-real names for reasons of privacy.

This image should hopefully help show the layout a little more clearly.

DCMASTER is set as Master node for Storage Group 1
DCSTORAGE is set as Master node for Storage Group 2

MAINSTORAGE is a storage node on Storage Group 1
All the SHOPSTORAGE nodes are storage nodes on Storage Group 2

Image capture to DCMASTER is working fine - I can see the mac address of the image machine hitting /mnt/images/dev as the image itself is uploading, that part seems fine.

Images in question have been assigned to both Storage Group 1 and Storage Group 2 with Storage Group 2 set as primary. The goal is to have DCMASTER host all images and sync all of them to all storage nodes via membership to both Storage groups.

2 issues being faced:

MAINSTORAGE is showing the PreSysprep and PostSysprep image folder structure before it’s fully uploaded and showing on DCMASTER

None of the SHOPSTORAGE nodes are getting the images replicated. I can try rsyncing the images over to DCSTORAGE manually so they sync in turn to the other storage nodes but was looking for this to happen automatically.

Am I correct in stating that if MAINSTORAGE is replicating from DCMASTER then the folder names and sizes should be identical? Should the structure show up on MAINSTORAGE before it appears on DCMASTER?

We’re using the location plugin in case that has any impact (plus LDAP, WOLBroadcast plugins).

If you need more information than above let me know

regards Tom

Added to above I’ve just checked DCStorage and all the ShopStorage nodes and that image is NOT replicating to those nodes.

Image has only Storage Group 2 set under Image Management

DCStorage is set as the Master for Storage Group 2. I’m guessing I may need to add that storage group to the image so it has both storage groups assigned?

That would perhaps explain why the replication is not happening to other nodes but I’m still baffled as to why the image is suddenly appearing out of nowhere on MainStorage

regards Tom

Hi all, I logged an issue on this link the other day re imaging failing after migrating our master server to a new location/IP via VMware VtoV.

Imaging is sorted now (thanks to @Sebastian-Roth for the assist on that) but am facing a more peculiar issue.

We have a multi office setup.

Data Center with Master (DCMaster) and Storage (DCStorage) nodes.
DCMaster is set to Storage group 1 to contain all images
DCStorage is set to Storage group 2 to contain only images to be replicated to shops which have less storage capacity.

We have a main office set with storage node (MainStorage) which is set to Storage group 1

And several small shops also with storage nodes (ShopStorage1, ShopStorage2 etc) - these all use Storage group 2

We have an odd issue where replication seems to overwriting existing images somehow. We’ve made changes to an image and captured it (which should go to DCMaster and be replicated out from there). But something is overwriting that image.

To test I’ve removed all reference to a particular pre-sysprep image. Initiated a capture again and can see the mac address for the capture hitting /mnt/images/dev on DCMaster

Before that image has completed capturing however an image with that name appears in /mnt/images on MainStorage…

I’ve double checked that MainStorage is set as a storage node (it is) and it’s set to look to DCMaster as it’s snmysqlhost entry from /opt/fog/,fogsettings

In the fogreplicator.log on MainStorage I’m seeing the following

[03-29-21 9:11:33 am]  *  | This is not the master node
[03-29-21 9:21:33 am]  *  | This is not the master node
[03-29-21 9:31:32 am]  *  * Image replication is globally disabled
[03-29-21 9:32:32 am] FOGService: ImageReplicator - Waiting for mysql to be available
last line repeated....

Is there anywhere else I can check to determine where this image is replicating from???

regards Tom