• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login
    1. Home
    2. Fernando Gietz
    3. Best
    F
    • Profile
    • Following 0
    • Followers 8
    • Topics 67
    • Posts 554
    • Best 52
    • Controversial 0
    • Groups 1

    Best posts made by Fernando Gietz

    • New Plugin: Host Status plugin (1.5.6 FOG version)

      Hi,
      With the 1.5.6 release version is available one new plugin: Host Status.

      This plugin say you the state of the computer in the host edit page:

      Host_Edit_Page.png

      This plugin detects the OS that is running in the computer:

      • Windows windows_icon.png
      • Linux linux_icon.png
      • FOS (Fog Operative System): a FOG task is running in the PC FOS_icon.png
      • Unknown: the FOG server can not comunicate with the PC: the PC is shutdown or the firewall is closed (you must open the 445 TCP port in the computer) unknown_icon.png

      The state is detected on fly and only in the host edit page.

      NOTE: when you search one host or hosts, in the result list appears the state of the computers too, but this state is read from the database and this entry in the database is updated by FOGHostPing daemon. The daemon need time to iterate with all computers and update his state. If you have a lot of PC in your FOG server, the daemon takes one second per PC to update his state, there may be discrepancies between the two states (host status plugin and FOGHostPing daemon)

      posted in General
      F
      Fernando Gietz
    • RE: FOG Server High CPU

      Hello,

      Some news about this problem. We made some changes in our server and his configuration and, actually, the server is not so drowned as before. The conclusion is: the default configuration of apache, php-fpm and mysql is not optimal for large scenarios. If you have a great number of client, you need to tune the server.

      I will tell our previous situation and the actual situation to share our experience.

      Initial Scenario:

      • FOG version 1.5.2
      • Virtual server with 8 vCores and 16 GB RAM
      • OS: RHEL 7
      • Active clients: 7000
      • One fog server and only the default node.

      In July we migrated from our old FOG version (0.32) under RHEL 5 to the new one (1.5.2) under RHEL 7. Without any additional configuration.

      In August we observed that the server consumed a lot of CPU and RAM and we began to have performance troubles (and the course had not started). Panic Mode ON!!

      The first thing that you think is … more resources are neccesary (more wood is the war). ERROR. The System Operation Center (SOC) guys say NO. We can not give you more resources.

      First thing: Update
      we updated the server OS and some packages. For example: php and mariaDB. We had php 5.6 version and we updated to php 7, the performance of php increased a lot of.

      We updated the FOG version from 1.5.2 to 1.5.4

      Second thing: Optimize the virtual machine resources

      Our virtual server is hosted in a VMWARE server with two socket and each one with 6 cores (is an old server). Problem: our virtual server was 8 vcores, 6 vCores in one socket and the other 2 in the other one. The server had time access problems.
      We removed two vCores from the server, in this way all vCores were in the same socket and the time acccess was more quicky. PROBLEM: less resource, more server load. In September the clients began to wake up and the php and mysql queries increased, then more resources were neccesary. To minimize it we increased the checkout time of the client to 900 seconds, with this we decreased the php and mysql queries, but the comsumption was still high (mysqld proccess 300%). The problem was the access time to the cores of the server, we had 6 vCores in a socket with 6 cores and also with more virtual server in the same socket. The more time the vCores were waiting to access to the sockets cores. The vCores were always at 100% of CPU usage.

      To solve this we enabled the NUMA in the server:
      https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_tuning_and_optimization_guide/sect-virtualization_tuning_optimization_guide-numa-numa_and_libvirt

      With this we distributed the vCores between the two socket: vCPUs 0,1,2 + 8GB RAM in NUMA 0 y 3,4,5, + 8GB in NUMA 1. This is configurated in the VMWARE server. In addition, we install the numad package in our virtual server, this daemon distributed the proccess betwween the two NUMAs. The access to the RAM and CPU was faster.

      For example:

      # ./numa-maps-summary.pl < /proc/1787/numa_maps
      N0        :          100 (  0.00 GB)
      N1        :       648226 (  2.47 GB)
      active    :       435228 (  1.66 GB)
      anon      :       645582 (  2.46 GB)
      dirty     :       647118 (  2.47 GB)
      kernelpagesize_kB:         1012 (  0.00 GB)
      mapmax    :          332 (  0.00 GB)
      mapped    :         1248 (  0.00 GB)
      

      we can see with this python script that the mysql is using the resources of the NUMA1 Node.
      Now we have, again, 8 vCores distribuited between the two NUMA nodes.
      Now, the vCores are at 80%-90%

      Third thing: tunning php, php.fpm and mysql

      We don’t have a lot idea about php, php-fpm and mysql, then we had to read a lot of articles in the web about them.

      Tunning MySQL: to do it we have used the mysqltunner script, http://mysqltuner.com . This script gives you an idea about the performance of the database and how tunne it to increase the performance.

      SET GLOBAL query_cache_size = 4000000; (4MB)
      SET GLOBAL tmp_table_size = 20000000; (20MB)
      SET GLOBAL query_cache_limit = 2000000; (2MB)
      SET GLOBAL max_heap_table_size = 20000000; (20MB)
      SET GLOBAL thread_cache_size = 4;
      SET GLOBAL table_open_cache = 450; 
      

      In the MariaDB web page recommends edcrease the swappiness value (https://mariadb.com/kb/en/library/configuring-swappiness/)

      #sysctl -w vm.swappiness=10
      

      Tunning php-fpm and php: There is some articles about it in this forum.
      PHP-FPM:

      pm = ondemand
      
      ; The number of child processes to be created when pm is set to 'static' and the
      ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
      ; This value sets the limit on the number of simultaneous requests that will be
      ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
      ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
      ; CGI.
      ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
      ; Note: This value is mandatory.
      pm.max_children = 50
      
      ; The number of child processes created on startup.
      ; Note: Used only when pm is set to 'dynamic'
      ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
      pm.start_servers = 5
      
      ; The desired minimum number of idle server processes.
      ; Note: Used only when pm is set to 'dynamic'
      ; Note: Mandatory when pm is set to 'dynamic'
      pm.min_spare_servers = 5
      
      ; The desired maximum number of idle server processes.
      ; Note: Used only when pm is set to 'dynamic'
      ; Note: Mandatory when pm is set to 'dynamic'
      pm.max_spare_servers = 50
      
      ; The number of seconds after which an idle process will be killed.
      ; Note: Used only when pm is set to 'ondemand'
      ; Default Value: 10s
      pm.process_idle_timeout = 10s;
      

      Normaly the people have pm=dynamic but we use pm=ondemand because we saw that the performance is better.

      Is possible that these parameters will be changed, but now the server runs well, but is October and the download activity has decreased a lot of.

      To see the activity of php you can enable the apache server status in the php.ini and there is a tool “goaccess” too to see the php calls and the number in the terminal:

      #yum install goaccess
      #tail -f /var/log/httpd/access_log | goaccess -

      posted in FOG Problems
      F
      Fernando Gietz
    • Site Plugin

      Hi!!!

      I am developing a new plugin, after AccessControl plugin, now Site plugin 🙂
      With AccessControl Plugin we can control the access to the items of the webUI using roles. Now, with the Site Plugin we can control the access to the hosts by user using his physical location.

      Site is not Location 🙂

      With Location plugin we can manage the storage nodes from the hosts will download the images, snapins, … With Site plugin we can have more granularity, we can define as Sites as we need (IT room, labs, …) and associate the host to these sites. We can associate one user to one or more sites, in this way, the user only will see the hosts which are in his sites and not the others.

      4_1491923234514_sitePlugin5.png

      3_1491923234514_sitePlugin4.png

      2_1491923234514_sitePlugin3.png

      1_1491923234514_sitePlugin2.png

      0_1491923234513_sitePlugin1.png

      posted in General
      F
      Fernando Gietz
    • RE: Linux client could not authenticate

      Hi Tom,

      Finally works fine under ubuntu 14.04

      sudo rm /etc/apt/sources.list.d/mono-xamarin.list
      sudo apt-get autoremove
      sudo apt-get update
      sudo apt-get install mono-complete
      Install the client
      

      With these instructions the client woks fine. Thanks!!

      posted in Bug Reports
      F
      Fernando Gietz
    • RE: Access Control Plugin

      Hi @kAs1m ,
      I know what is happen here. The problem is the array of element of the top menu.

      I will try to explain how works the plugin: the elements of the top menu are saved in one array, the AccessControl plugin erases the elements of the menu but, frecuently, the AccessControl can not erase the element because the order in the array have been changed. This occurs, normaly, when you try to apply some rules at time.

      In conclusion, the plugin doesn´t work as fine as we want. As solution try to add rules one by one and see the result, for example I have a configuration as yours usong these rules:

      • MAIN_MENU-about about main
      • MAIN_MENU-plugin plugin main
      • MAIN_MENU-service service main
      • MAIN_MENU-site site main
      • MAIN_MENU-storage storage main
      • MAIN_MENU-user user main

      In the future 1.6 version the pages will be loaded in other way that takes in account this problem.

      posted in FOG Problems
      F
      Fernando Gietz
    • RE: [HELP WANTED] Client Internationalization

      I didn’t see this post. My two cents.

      es-ES [Spanish (Spain)]

      ### SHUTDOWN PROMPT ###
      {company} necesita realizar el mantenimiento en este equipo.
      {company} needs to perform maintenance on this computer.
      
      Por favor, guarde su trabajo y cierre todos los programas.
      Please save any work and close all programs.
      
      Cancelar
      Cancel
      
      Ocultar
      Hide
      
      Posponer
      Postpone
      
      Reiniciar Ahora
      Restart Now
      
      Apagar Ahora
      Shutdown Now
      
      Posponer durante 
      Postpone for
      
      X hora(s) Y minuto(s) Z segundo(s)
      X hour(s) Y minute(s) Z second(s)
      
      ### NOTIFICATIONS ###
      
      Apagado Cancelado
      Shutdown Aborted
      
      El apagado ha sido cancelado
      Shutdown has been aborted
      
      Apagado Retrasado
      Shutdown Delayed
      
      El apagado ha sido retrasado {time}
      Shutdown has been delayed for {time}
      
      El apagado se producirá en {time}
      Shutdown will occur in {time}
      
      Está a punto de ser desconectado
      You are about to be logged off
      
      Será desconectado si permanece inactivo
      You will be logged off if you remain inactive
      
      Instalando {snapin name}
      Installing {snapin name}
      
      Por favor, no apague hasta que no haya finalizado
      Please do not shutdown until this is completed
      
      {snapin name} ha sido instalado
      {snapin name} installed
      
      La instalación ha finalizado y está listo para ser usado
      Installation has finished and is now ready for use
      

      Short version:

      ### SHUTDOWN PROMPT ###
      {company} necesita realizar el mantenimiento en este equipo.
      Por favor, guarde su trabajo y cierre todos los programas.
      Cancelar
      Ocultar
      Posponer
      Reiniciar Ahora
      Apagar Ahora
      Posponer durante 
      X hora(s) Y minuto(s) Z segundo(s)
      
      ### NOTIFICATIONS ###
      Apagado Cancelado
      El apagado ha sido cancelado
      Apagado Retrasado
      El apagado ha sido retrasado {time}
      El apagado se producirá en {time}
      Está a punto de ser desconectado
      Será desconectado si permanece inactivo
      Instalando {snapin name}
      Por favor, no apague hasta que no haya finalizado
      {snapin name} ha sido instalado
      La instalación ha finalizado y está listo para ser usado```
      posted in General
      F
      Fernando Gietz
    • RE: Centos7. Fog 1.5.5. White-Page on Update Group sites and locations.

      Hi @Sebastian-Roth and @EduardoTSeoane ,

      I tested the changes in my dev environment and the suggestions work fine. I think we can push the changes in the repository.

      I don´t use the location plugin but Ithink that the problem is the same. Maybe, @Tom-Elliott can say us want think about them XD and the reason it does not wok correctly

      posted in Bug Reports
      F
      Fernando Gietz
    • Control Access plugin

      Hi FOGers!!
      I need to develop a control access plugin and, although I have more or less the things clear in my head, I would like share my minds with you. I accept suggestions, corrections, …

      Feature:

      • Control the access to the icons, menus and submenus in the the webUI by rol.
      • Limit the searches and access to the resources (snapin, hosts, groups, tasks and images) of one or more locations.

      Necessities:

      • Create a new rol: restricted user

      This plugin has two levels of control:

      • Visual: Limit the access to the menus and submenus by rol user. The admin rol can access to all menus and submenus of the webUI and the restricted user only can access to the some menus and submenus (for example: Home, Hosts, Groups, Images, snapin, printer, tasks and logoff)
      • Searches: Limit the range of the search to the resources of one or more locations. The restricted user only can see the hosts, groups, images that are link or associated to his/her location/locations.

      This last level have a dependency with Location plugin.

      Dependencies:

      • Location plugin

      Well, hereinafter I accept suggestions, ideas …

      Christmas List:

      • Imaging techs assigned to Location A, may not touch or deploy any target host at Location B. Possibly read only access to Location B’s host records might be interesting.
      • Create different roles
      • Create different access rules
      posted in General
      F
      Fernando Gietz
    • RE: Add the name field in Users table

      It’s a little barter XD
      He added a field in the database and I developed the access control plugin. Personally I think I’m losing 😉

      posted in Feature Request
      F
      Fernando Gietz
    • RE: Control Access plugin

      Hi FOGers!!

      I attach some captures of this new plugin

      0_1489590921379_accesscontrolplugin_allusers_2.png
      When we list all users, appears the role that they have linked.

      We can link a role to one user from user edit page.

      0_1489591033848_accesscontrolplugin_user_edit_page2.png

      In the accesscontrol page we can list, edit and add new roles
      0_1489591119361_accesscontrolplugin_ACpage_2.png

      And create, list and edit rules

      0_1489591200071_accesscontrolplugin_page_rulelist_2.png

      Editing a rule …

      0_1489591252858_accesscontrolplugin_editrule_2.png

      posted in General
      F
      Fernando Gietz
    • RE: Site Plugin

      Hi @ragnurenson ,
      Actually I don’t use the site plugin, then I don’t know that it fails. I will try to see what happens with it, and fix the bug 🙂

      posted in General
      F
      Fernando Gietz
    • RE: Dual Images windows 10 and Ubuntu 16 with UEFI

      I test the changes that @george1421 says and works fine.
      The first boot goes direct to W10 but in the next one appears grub menu .

      posted in Linux Problems
      F
      Fernando Gietz
    • LDAP plugin and nesting groups of AD

      Hi,
      I use the LDAP plugin to valid the access of the users in the FOG server. We use the Active Directory as validation server but I have problems with some user because they are in a nested group of the admin group that I define in the plugin.

      FOG version: 1.5.2
      OS: RHEL 7

      More info in https://forums.fogproject.org/topic/11970/ldap-plugin-and-nesting-groups-of-ad/2

      posted in Feature Request
      F
      Fernando Gietz
    • RE: Access Control Plugin

      @wayne-workman said in Access Control Plugin:

      @fernando-gietz said in Access Control Plugin:

      To create LDAP plugin rule, in the same way only change Rule Value= ldap

      Is there somewhere where all these are listed?

      The rule value is easy to know. We use the url to restrict the access, for example:

      URL: http://fog_server_name/fog/management/index.php?node=ldap

      The node value of the URL is the Rule Value of the rule.

      posted in FOG Problems
      F
      Fernando Gietz
    • RE: Control Access plugin

      Good news!!!
      I finished the beta version of Access Control Plugin.

      When you install the plugin, the installation will create two default roles: Administrator and Technician.

      0_1490348414613_ACP_CreatingDefaultRoles.png

      The installation process will create a big number of default rules (38).

      0_1490348501249_ACP_listDefaultRules.png

      Actually the rules have two types: MAIN_MENU and SUB_MENULINK. The first ones are the top tool bar icons, and the second ones are the lateral menus. In the second case, sub_menulink, if you don’t define the node value, the rule will apply to all pages (nodes). If you define the node, the rule will apply only to this node.

      From this page you can link a multiple rules to one role.
      And, finally, the installation process will associate the Administrator role to fog user.

      0_1490349004493_ACP_fogUserRole.png

      From the principal Access Control plugin page you can see the role list, add new role, list all rule and add new rule. In the role menu you can edit it, delete it, see the membership and see the rule that are associated to this role.

      Membership page:

      0_1490349290065_ACP_roleMembership.png

      Rule association:

      0_1490349316684_ACP_ruleAssociation.png

      In these last images we can see that the “user5” has the Technician role and this role have 7 rule associated (5 main menu and 2 sub_menulink)

      In this screenshot you can see the rules that are being applied for “user5”:

      0_1490349547911_ACP_mainRulesActive.png

      And in this one you can see that the sub_menulink rules (in the image page doesn’t appear the multicast and the list option) in action:

      0_1490349649707_ACP_subMenuRuleActive.png

      posted in General
      F
      Fernando Gietz
    • RE: Dual Images windows 10 and Ubuntu 16 with UEFI

      @george1421 I have recaptured the image.

      • Install W10
      • Install Ubuntu 16
      • Boot under W10 and run the bcdedit command
      • Capture the image
      posted in Linux Problems
      F
      Fernando Gietz
    • RE: Create users who can only use the function WOL

      That is very strange!!

      Let’s go to begin again. We will to reset all 🙂

      1. Unistall the plugin
      2. Verify that the tables roleRuleAssoc, roleUserAssoc, roles and rules are being erased from the database by the uninstall process.
      3. Reinstall the plugin
      4. To test if the plugin works fine, we will not create a new role, we use the roles that the install process create. For example, administrator role.
      5. After install the plugin, go to users page -> List all Users. Does appear a new column named “Role”?
      6. Go to AccessControl Page -> List all Roles. Select Administrator role.
      7. Go to Rules tab -> Check the checkbox to see the rules that can be assign.
      8. Select MAIN_MENU-about, MAIN_MENU-printer adn MAIN_MENU-storage.
      9. Go to Members tab -> Check the checkbox to see the users that can be added.
      10. Select fog user (for example, you can select profs users if you want). Does appear the fog user in the list of members?
      11. Go to User Page -> list all users. Does appear in the role column the name of the role in fog row?
      12. Any error log in the apache log?
      posted in Feature Request
      F
      Fernando Gietz
    • RE: Please enter the TFTP issues with Cisco WS-C2960X-48TS-L

      Solved!

      How I said in before posts, the problem was the different states of the network card. After working hardly with the network guys and talking with @Sebastian-Roth, we solved the problem using the undionly.kpxe file that is in the folder 10seconddelay.

      This file adds a little delay in the DHCP request after power on the network card.

      posted in FOG Problems
      F
      Fernando Gietz
    • RE: Control Access plugin

      It is easy 🙂
      AccessControl Plugin -> add new rule

      Rule Type: MAIN_MENU
      Parent: main
      Node: (empty)
      Rule Value: pushbullet

      After do this, you need associate this rule to the role.

      posted in General
      F
      Fernando Gietz
    • RE: Dual Images windows 10 and Ubuntu 16 with UEFI

      @sebastian-roth I have deployed the dual image to a different machine and … surprise! You are right, the machine boot directly under W10, in the next appears the grub and the posibility to boot under Ubuntu.

      I have found a link about NVRAM, I suppose that will be a lot of them but was the first entry in google 🙂 :

      Understanding UEFI variables: http://en.community.dell.com/techcenter/os-applications/f/4457/t/19589262

      1- What all information is stored in UEFI VARIABLES?
      
      All configuration setup, vendor information, language information, input/output console, error console, and boot order setting all these information are stored in these variables
      
       
      
      2- How to get NVRAM variables
      
      You can use UEFI bootable USB to boot the server. You need to have supported files which can give you UEFI shell once server boot from USB. Once you got the UEFI shell you can run UEFI command "dmpstore" to see the variable available in NVRAM. For more options or help just type “? dmpstore”.  If you have Linux installed before in same server in UEFI mode. You can access the EFI partition. Give this command in UEFI shell "FS0:" Now your “/boot/efi “partition is mounted. You can see the content of this volume using ls/dir command. "dmpstore -all > myvariables"  will collect all NVRAM variable to EFI partition. When you reboot your Linux box you will see this file in your /boot/efi location.
      
       
      
      3- Analysis of variables
      
      You will see lot of entries in the dump file. Variable name, access, data and many more. We will use this example:
      
      Variable NV+RT+BS 'Efi:ConOut' DataSize = 36
      
      This tells that Variable name is Console output which data size is 0X36 in HEX
      
      . This variable is available at runtime (RT) and boot time (BS).
      
      Runtime variable which are available after OS booted and boot time which are available before
      
      OS boot.
      
      4- Mapping of UEFI variables from BIOS to Linux OS.
      
      You can see all these variables are mapped from Linux OS.UEFI variables are mapped through sys entry. Just see to this location /sys/firmware/efi/efivars . It will have all variables which was available in dump file.
      
      All these variables depend on efivarfs kernel modules. If this module is not available you cannot access the variables. It is mounted as  efivarfs file system on /sys/firmware/efi/efivars.
      
       
      
       
      
      Parmeshwr_Prasad
      
      Linux Engineer
      
      Dell Inc (Bangalore)```
      posted in Linux Problems
      F
      Fernando Gietz
    • 1 / 1