RE: VMWare Esxi and iPxe boot problems

@george1421 We have tried with e1000, e1000e and vmxnet3 interfaces, but nothing

Hi!

In our normal environment we usually use physic machines but now we want to use virtual machines to manage our gold images. In our institution we have some VMware ESXI servers to storage virtual machines and we want to use one of them to manage and upload the gold image.

Environment:
FOG server: 1.5.0 (we are using 1.5.0.7)
VMware ESXI server version: 5.5 and 6.5
Virtual machine config:

• VM hardware profile 10
• Windows 10 64-bit guest operative system
• EFI boot mode
• Network interfaces switched between E1000, E1000E and VMXNET3

When we try to boot from iPXE and UEFI, the virtual machine can not boot. We saw the network traffic betwaeen the FOG server and the virtuaol machine and the wireshark file shows the conversation and the FOG servers send the ipxe.efi file but seems that the virtual machine can load the ipxe kernel.

Curiously, if we config the virtual machine to boot from BIOS, the virtual machine can boot perfectly. Using undionly.kpxe.

Has anyone an ESXI environment? Which can be the problem? the virtual machine config file or the kernel of iPXE?

More info about the LDAP Plugin and FOG 1.5.0:

How to setup Microsoft AD LDAP for FOG 1.5.0~
https://forums.fogproject.org/topic/11531/how-to-setup-microsoft-ad-ldap-for-fog-1-5-0

I can try to explain to you how works the plugin

In FOG exists the users table. This tables saves the information of the local users. You can create as users as you need (username, password, …) but these users are “local”, only exists in fog Database. To these users you can asign one of the two roles: Administrator or mobile. If is administrator, then the uType value is 0 (see the fog user entry in the table). If the user is mobile, then the uType is 1.

Well, when you install the LDAP plugin, the script creates a table in the database, LDAPServers. This table has all info of the Authentication Servers (AD servers or LDAP servers). This plugin doesn’t update the users table.

How works the plugin?
Once you have setup the LDAP servers and you logon on the WEBUI, the plugin checks the username and the password in the authentication servers (AD or LDAP) if the credentials are OK, then the plugin creates an entry in the database with the name, password (encrypted) and uType. If the user belongs to Admin Group, then the uType is 990 (take note that the local admin users are 0) and if the user belongs to mobile group, then the uType is 991 (the mobile local users are 1).

When you close the session in the WEBUI, the plugin erases the user entry from the users table. Only the entries with uType = 990, 991 are erased, not the local users.

@steuve68 said in LDAP Plugins on FOG 1.5.0:

The LDAP Plugins can’t read and update automatically (on real time) the “users” table on SQL ?
I found that to remove AD users from the database you have to uninstall and reinstall the LDAP plugins.

When you uninstall the plugin, you delete only the LDAPServer table (I am not very sure but the unistall script doesn’t delete the 990 and 991 users form the users table). When you reinstall the plugin, you only create the LDAPServes table.
The plugin makes a “pasive” sync with the authentication server. If you add an user to admin group in the AD, when the user logs on, the uType will be 990 (admin). If, now, you delete the user from the admin group in the AD, the user can not access to FOG.
If you dont close the session of FOG correctly(from the logoff button, and not close the windows from the X), then the users is not delete from the database.

@tom-elliott Oh la la!! works very verry fine

@tom-elliott I can understand that the proccess takes a bit 10 seconds or 15 seconds, but in my producction environment takes 2 minutes and in the physical server 40 seconds.

Repeat, I can send you the import hosts file to do test and see in-situ the problem.

To don’t lose the thread.

Hi again!

I follow with this issue Toisolate the problem I have do a fresh install:

Enviroment:
FOG version: 1.5.0
Computer: HP 800 G2 with 8 GB RAM and SSD
OS: Centos 7 64 bits

I have imported 7000 new hosts to the database from webUI, later I have created a new group with one computer. If I try to list the membership of this new group, the browser needs 40 second to show me the computer.

If anybody wants to reply the issu, I can send the hosts import file.

Can you describe more the issue?

Yes. But actually is not officially supported.

When you use the LDAP plugin, this one creates temporal users; in this way, when an user logs on, the plugin will authenticate it vs your LDAP server or AD and insert the username in the DB with uType 900/901. When the user logs off then the user is erased from the DB. Working in this way you can not associate a rule of AccessControl to one or more user because the users are temporals.

I spoke with @Tom-Elliott about this problem and how solve. I have solved it with a temporal solution (in Spanish ñapa, chapuza, parche o solucion provisional con visos de definitiva) to this little problem. I have developed a little plugin that converts the temporal users in “eternal” users. This plugin is not official and we need to update the AccessControl to do this work and not create a new one.

If you want this unofficial plugin, I can send you by email.

I have config the mysql to log the queries and seems that some queries are fool.

180228 16:38:32	  364 Connect	root@localhost as anonymous on fog
		  364 Query	USE `fog`
		  364 Query	SET SESSION sql_mode=''
		  365 Connect	root@localhost as anonymous on fog
		  365 Query	USE `fog`
		  364 Quit	
		  365 Query	SET SESSION sql_mode=''
		  366 Connect	root@localhost as anonymous on fog
		  366 Query	USE `fog`
		  365 Quit	
		  366 Query	SET SESSION sql_mode=''
		  366 Query	SELECT `vValue` FROM `fog`.`schemaVersion`
		  366 Query	SELECT `pName` FROM `plugins`   WHERE `plugins`.`pInstalled`='1' AND `plugins`.`pState`='1'   ORDER BY LOWER(`plugins`.`pName`) ASC
		  366 Query	SELECT `settingValue` FROM `globalSettings`   WHERE `globalSettings`.`settingKey` IN ('FOG_DEFAULT_LOCALE','FOG_HOST_LOOKUP','FOG_MEMORY_LIMIT','FOG_REAUTH_ON_DELETE','FOG_REAUTH_ON_EXPORT','FOG_TZ_INFO','FOG_VIEW_DEFAULT_SCREEN')   ORDER BY LOWER(`globalSettings`.`settingKey`) ASC
		  366 Query	SELECT COUNT(`hosts`.`hostID`) AS `total` FROM `hosts` WHERE `hostPending` = '1' LIMIT 1
		  366 Query	SELECT COUNT(`COLUMN_NAME`)AS`total`FROM`information_schema`.`COLUMNS`WHERE`TABLE_SCHEMA`='fog'AND`TABLE_NAME`='hostMAC'AND`COLUMN_NAME`='hmMAC'
		  366 Query	SELECT COUNT(`hostMAC`.`hmID`) AS `total` FROM `hostMAC` WHERE `hmPending` = '1' LIMIT 1
		  366 Query	SELECT `settingValue` FROM `globalSettings`   WHERE `globalSettings`.`settingKey` IN ('FOG_URL_AVAILABLE_TIMEOUT','FOG_URL_BASE_CONNECT_TIMEOUT','FOG_URL_BASE_TIMEOUT')   ORDER BY LOWER(`globalSettings`.`settingKey`) ASC
		  366 Query	SELECT `globalSettings`.* FROM `globalSettings`  WHERE `settingKey`='FOG_QUICKREG_PENDING_MAC_FILTER'
		  366 Query	SELECT COUNT(`hostMAC`.`hmID`) AS `total` FROM `hostMAC` WHERE `hmMAC` IN ('40:b0:34:39:57:ac') AND `hmPending` IN ('0','') LIMIT 1
		  366 Query	SELECT `hmMAC` FROM `hostMAC`   WHERE `hostMAC`.`hmMAC` IN ('40:b0:34:39:57:ac') AND `hostMAC`.`hmPending` IN ('0','')   ORDER BY `hostMAC`.`hmID` ASC
		  366 Query	SELECT `hmMAC` FROM `hostMAC`   WHERE `hostMAC`.`hmMAC` IN ('40:b0:34:39:57:ac') AND `hostMAC`.`hmIgnoreImaging`='1'   ORDER BY `hostMAC`.`hmID` ASC
		  366 Query	SELECT `hostMAC`.* FROM `hostMAC`  WHERE `hmMAC`='40:b0:34:39:57:ac'
		  366 Query	SELECT `hmHostID` FROM `hostMAC`   WHERE `hostMAC`.`hmPending` IN ('0','') AND `hostMAC`.`hmMAC` IN ('40:b0:34:39:57:ac')   ORDER BY `hostMAC`.`hmID` ASC
		  366 Query	SELECT `hosts`.*,`hostMAC`.*,`images`.*,`os`.*,`imagePartitionTypes`.*,`imageTypes`.*,`hostScreenSettings`.*,`hostAutoLogOut`.*,`inventory`.* FROM `hosts`  LEFT OUTER JOIN `hostMAC` ON `hostMAC`.`hmHostID`=`hosts`.`hostID`  LEFT OUTER JOIN `images` ON `images`.`imageID`=`hosts`.`hostImage`  LEFT OUTER JOIN `os` ON `os`.`osID`=`images`.`imageOSID`  LEFT OUTER JOIN `imagePartitionTypes` ON `imagePartitionTypes`.`imagePartitionTypeID`=`images`.`imagePartitionTypeID`  LEFT OUTER JOIN `imageTypes` ON `imageTypes`.`imageTypeID`=`images`.`imageTypeID`  LEFT OUTER JOIN `hostScreenSettings` ON `hostScreenSettings`.`hssHostID`=`hosts`.`hostID`  LEFT OUTER JOIN `hostAutoLogOut` ON `hostAutoLogOut`.`haloHostID`=`hosts`.`hostID`  LEFT OUTER JOIN `inventory` ON `inventory`.`iHostID`=`hosts`.`hostID`  WHERE `hostID`='7502'  AND `hostMAC`.`hmPrimary` = '1'
		  366 Query	SELECT COUNT(`hookEvents`.`heName`) AS `total` FROM `hookEvents` WHERE `hookEvents`.`heName`='QUEUED_STATES' AND `hookEvents`.`heName` <> '0'
		  366 Query	SELECT COUNT(`hookEvents`.`heName`) AS `total` FROM `hookEvents` WHERE `hookEvents`.`heName`='PROGRESS_STATE' AND `hookEvents`.`heName` <> '0'
		  366 Query	SELECT `taskID` FROM `tasks`  LEFT OUTER JOIN `images` ON `images`.`imageID`=`tasks`.`taskImageID`  LEFT OUTER JOIN `os` ON `os`.`osID`=`images`.`imageOSID`  LEFT OUTER JOIN `imagePartitionTypes` ON `imagePartitionTypes`.`imagePartitionTypeID`=`images`.`imagePartitionTypeID`  LEFT OUTER JOIN `imageTypes` ON `imageTypes`.`imageTypeID`=`images`.`imageTypeID`  LEFT OUTER JOIN `hosts` ON `hosts`.`hostID`=`tasks`.`taskHostID`  LEFT OUTER JOIN `hostMAC` ON `hostMAC`.`hmHostID`=`hosts`.`hostID`  LEFT OUTER JOIN `hostScreenSettings` ON `hostScreenSettings`.`hssHostID`=`hosts`.`hostID`  LEFT OUTER JOIN `hostAutoLogOut` ON `hostAutoLogOut`.`haloHostID`=`hosts`.`hostID`  LEFT OUTER JOIN `inventory` ON `inventory`.`iHostID`=`hosts`.`hostID`  LEFT OUTER JOIN `taskTypes` ON `taskTypes`.`ttID`=`tasks`.`taskTypeID`  LEFT OUTER JOIN `taskStates` ON `taskStates`.`tsID`=`tasks`.`taskStateID`  LEFT OUTER JOIN `nfsGroupMembers` ON `nfsGroupMembers`.`ngmID`=`tasks`.`taskNFSMemberID`  LEFT OUTER JOIN `nfsGroups` ON `nfsGroups`.`ngID`=`nfsGroupMembers`.`ngmGroupID`   WHERE `tasks`.`taskHostID`='7502' AND `tasks`.`taskStateID` IN ('0','1','2','3') AND `hostMAC`.`hmPrimary` = '1'  ORDER BY LOWER(`tasks`.`taskName`) ASC
		  366 Query	SELECT `hostMAC`.* FROM `hostMAC`  WHERE `hmMAC`='40:b0:34:39:57:ac'
		  366 Quit	

In one second queries

The activity of mysql server is huge. I have restarted the server and in seven minutes:

MySQL on localhost (5.5.56-MariaDB)     up 0+00:07:00 [16:13:04]
 Queries: 38.1k  qps:   93 Slow:     0.0         Se/In/Up/De(%):    94/00/00/00 
             qps now:  102 Slow qps: 0.0  Threads:    5 (   1/   0) 85/01/00/00 
 Key Efficiency: 100.0%  Bps in/out: 13.5k/43.9k   Now in/out: 41.3k/190.2k

      Id      User         Host/IP         DB      Time    Cmd Query or State                                                       
       --      ----         -------         --      ----    --- ----------                                                           
      664      root       localhost       test         0  Query show full processlist                                                
      782      root       localhost        fog         4  Sleep                                                                      
      768      root       localhost        fog        10  Sleep                                                                      
      746      root       localhost        fog        19  Sleep                                                                      
       10      root       localhost        fog       414  Sleep

38k queries??

I have restarted the mysql server and the usage has downed

8895 mysql     20   0 1300380  93492   9236 S   7,0  0,8   0:05.37 mysqld

I have config the check_time to 900 seconds

@george1421 We are talking about the same check time This check time, what means?

I am worry about the mysql performance and the huge use of RAM, 1,3GB.

 2073 mysql     20   0 3770600 1,372g   3920 S   6,0 11,8   3452:06 mysqld

And when I want to see the membership of one group, the apache use the 100% vCPU and I spend two minutes to see the list of them.

The swap use, is normal? circa 100%

top command:

top - 18:41:55 up 48 days,  4:49,  2 users,  load average: 0,19, 0,23, 0,29
Tasks: 282 total,   1 running, 278 sleeping,   0 stopped,   3 zombie
%Cpu(s):  8,2 us,  2,2 sy,  0,0 ni, 89,6 id,  0,0 wa,  0,0 hi,  0,0 si,  0,0 st
KiB Mem : 12138956 total,   177100 free,  2809672 used,  9152184 buff/cache
KiB Swap:  1023996 total,   199544 free,   824452 used.  8521144 avail Mem 

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                          
26061 apache    20   0  543340  45800   6768 S  11,3  0,4   6:29.34 httpd                                                            
13607 apache    20   0  700016  47256   8016 S   9,0  0,4  14:19.99 httpd                                                            
16160 apache    20   0  678892  27200   9160 S   7,3  0,2   1:32.28 httpd                                                            
 2073 mysql     20   0 3770600 1,372g   3920 S   6,0 11,8   3452:06 mysqld

atop command:

PRC | sys    0.13s  | user   0.20s  | #proc    285  | #trun	 3  | #tslpi   328  | #tslpu     0  | #zombie    3  | #exit      7  |
CPU | sys       3%  | user      4%  | irq	0%  | idle    593%  | wait	0%  | guest     0%  | curf 2.67GHz  | curscal   ?%  |
cpu | sys	1%  | user      0%  | irq	0%  | idle     99%  | cpu003 w  0%  | guest     0%  | curf 2.67GHz  | curscal   ?%  |
cpu | sys	1%  | user      2%  | irq	0%  | idle     98%  | cpu005 w  0%  | guest     0%  | curf 2.67GHz  | curscal   ?%  |
cpu | sys	1%  | user	1%  | irq	0%  | idle     99%  | cpu004 w  0%  | guest     0%  | curf 2.67GHz  | curscal   ?%  |
cpu | sys	1%  | user	0%  | irq	0%  | idle     99%  | cpu000 w  0%  | guest     0%  | curf 2.67GHz  | curscal   ?%  |
cpu | sys	0%  | user	1%  | irq	0%  | idle     99%  | cpu001 w  0%  | guest     0%  | curf 2.67GHz  | curscal   ?%  |
cpu | sys	0%  | user	0%  | irq	0%  | idle    100%  | cpu002 w  0%  | guest     0%  | curf 2.67GHz  | curscal   ?%  |
CPL | avg1    0.08  | avg5    0.19  | avg15   0.27  |               | csw     5925  | intr    5744  |               | numcpu     6  |
MEM | tot    11.6G  | free  147.2M  | cache   8.5G  | buff    0.1M  | slab  221.8M  | shmem 428.8M  | vmbal   0.0M  | hptot   0.0M  |
SWP | tot     1.0G  | free  194.9M  |               |               |               |               | vmcom   2.9G  | vmlim   6.8G  |
LVM |   Datos-root  | busy	1%  | read	 5  | write	 4  | KiB/w	 8  | MBr/s   0.19  | MBw/s   0.01  | avio 4.56 ms  |
LVM |    Datos-tmp  | busy	0%  | read	 0  | write	 1  | KiB/w	 4  | MBr/s   0.00  | MBw/s   0.00  | avio 1.00 ms  |
DSK |          sda  | busy      1%  | read       5  | write      5  | KiB/w      7  | MBr/s   0.19  | MBw/s   0.01  | avio 4.20 ms  |
NET | transport     | tcpi	10  | tcpo	12  | udpi    1924  | udpo    1920  | tcpao      2  | tcppo      2  | tcprs      3  |
NET | network       | ipi     2102  | ipo     2088  | ipfrw      0  | deliv   2102  |               | icmpi      0  | icmpo      0  |
NET | ens192  ----  | pcki    2108  | pcko    2088  | si  220 Kbps  | so 1754 Kbps  | erri       0  | erro       0  | drpo       0  |
NET | ens224  ----  | pcki       1  | pcko       1  | si    0 Kbps  | so    0 Kbps  | erri	 0  | erro	 0  | drpo	 0  |

The checking time, what checks? The computer state? 15 minutes is a lot of for us. Take note that if you send a multicast tasks, the computers will shutdown in very differents moments and some ones will be out of the tasks (if you have a multicast timeout of 5 minutes)

@george1421

How many vCPUs does your FOG server have?
6 vCPU and 12 GB RAM
Do you use the fog client? If so what is your check in interval?
Yes, but is not installed in all of them. Actually the client is installed in 600 computers. CLIENT CHECKIN TIME = 90
How many network adapters do you have in this fog server?
Two adapters. One for clients and one for the storage.
Is this fog server virtual or physical?
Is virtual
What kind of disk subsystem do you have? (raid, single disk, ssd,??)
I dont know But is not bad, we use the Production environment of the university. I can do download tasks at 13 GB/min, then I suppose that the disks are not the problem

OS: RHEL 7 64 bits

Hi FOGers!

I need help to customize the setting of my FOG server to increase the performance.

Environment:

7000 host in the IT rooms
300 IT rooms
9TB of images (increasing)
60 technicians
1 FOG server and 1 storage node

Actually we use an old FOG version (0.30) and works fine … very fine. But we need to migrate the FOG version to the last version.
To do this step I installed two FOG servers with the 1.5 RC x version (dev and preproduction environments) but I have performance problems.

1. The web UI goes fine until you send a multicast tasks or you want to see the membership of one group [more info here]
2. I don’t know if is normal but the mysqld process uses 1,3G of RAM

PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
2073 mysql     20   0 3770600 1,372g   3920 S   0,3 11,8   3448:19 mysqld

I use mytop tool to see the mysql performance

MySQL on localhost (5.5.56-MariaDB)     up 48+03:43:38 [17:36:15]
 Queries: 397.4M  qps:  100 Slow:   953.0         Se/In/Up/De(%):    87/01/01/00 
             qps now:   84 Slow qps: 0.0  Threads:    8 (   1/   0) 86/00/00/00 
 Key Efficiency: 100.0%  Bps in/out: 31.1k/109.1k   Now in/out: 16.5k/144.6k

84 queries per second, are not a lot of?
3) FOGImageReplicator and FOGSnapinReplicator. If I have only one node, these two daemons, are neccessaries?
4) Can I enable the php-fdm to increase the performance [https://forums.fogproject.org/topic/10717/can-php-fpm-make-fog-web-gui-fast]?

Solved!

How I said in before posts, the problem was the different states of the network card. After working hardly with the network guys and talking with @Sebastian-Roth, we solved the problem using the undionly.kpxe file that is in the folder 10seconddelay.

This file adds a little delay in the DHCP request after power on the network card.

I know that this thread is old, but until now I could make tests with Network team (NOC).

I will try to translate to english the NOC’s reasons:

ENVIRONMENT:

In our network, we have a mixed environment:

• Corporate DHCP Servers giving basic IP configuration (although we have option to include additional parameters if required) [controlled by Area of communications]

• DNSMasq in the FOG Server passing additional parameters in the DHCPOFFER messages on demand (only to computers with active FOG tasks) [controlled by Area of classrooms]

PROBLEM:

The new version of FOG that uses iPXE fails in the networked environment where previously worked fine with PXE.
It has been detected that the boot iPXE fails when the configuration of the interface of the switch contains the command “switchport port-security” .

This is a typical configuration for an interface of a switch access:

interface GigabitEthernet3/0/25
description Tests-Fog 
switchport access vlan 65 (this is the test vlan)
switchport mode access
switchport port-security
spanning-tree portfast
end

Start progressing well and the unionly.kpxe is downloaded but when you must load the default.ipxe the boot sequence stops waiting for the introduction by keyboard the IP of the server iPXE.

If you delete the “switchport port-security” configuration, startup iPXE does not fail.

We have observed that the port-security settings slow down the transition from the interface of the switch from OFF to ON state. I mean, it takes time you need the interface to start to switch frames.

With an interface that does not have this setting, there is a difference of about 8 seconds for the same boot iPXE process.

It must keep in mind that you will pass by several shutdowns / starts from the interface of the PC during the complete boot sequence.

This delay is avoided if you sandwich between switch and host an element of level 1 (HUB) or 2 (SWITCH) that force the mouth of the switch to stay UP while the PC is turned off.

QUESTIONS:

Can we avoid the iPXE behavour? Can we config to not shutdown the nertwork card?

I have made a test.

I have download a dual image, in the first boot W10 like we expect, in the second boot appears the grub menu. The UEFI variables are updated by W10.

If you download an image with only Linux, then the computer doesn’t detect any OS and dones’t boor. You need repair the boot or update the UEFI variables to rebirth the computer.

@Wayne-Workman I have truncated the table and nothing.

Srv	PID	Acc	M	CPU 	SS	Req	Conn	Child	Slot	Client	VHost	Request
0-0	4154	0/133/2998	_ 	15.91	0	175	0.0	0.18	3.69 	158.227.129.66	10.0.15.4:80	POST /fog/management/index.php?sub=requestClientInfo&authorize&
1-0	22327	0/633/2833	_ 	101.18	0	88	0.0	0.70	3.34 	158.227.129.66	10.0.15.4:80	GET /fog/service/getversion.php?newService&json HTTP/1.1
2-0	10758	0/3575/3575	_ 	583.44	0	0	0.0	4.46	4.46 	158.227.129.66	10.0.15.4:80	GET /fog/management/other/ssl/srvpublic.crt HTTP/1.1
3-0	11712	0/1096/3380	_ 	174.13	0	210	0.0	1.27	4.11 	158.227.115.42	10.0.15.4:80	GET /fog/management/index.php?node=home&sub=bandwidth&url%5B%5D
4-0	17308	0/3259/3538	W 	531.14	58	0	0.0	3.79	4.26 	158.227.4.135	10.0.15.4:80	POST /fog/status/getservertime.php HTTP/1.1
5-0	22817	0/605/3241	_ 	95.71	1	73	0.0	0.68	5.64 	158.227.138.17	10.0.15.4:80	GET /fog/service/getversion.php?newService&json HTTP/1.1
6-0	13038	0/1037/3469	_ 	166.05	0	74	0.0	1.20	4.01 	158.227.129.66	10.0.15.4:80	GET /fog/service/getversion.php?clientver&newService&json HTTP/
7-0	-	0/0/2866	. 	2.96	167	0	0.0	0.00	3.64 	::1	10.0.15.4:80	OPTIONS * HTTP/1.0
8-0	11826	0/997/3504	W 	165.00	115	0	0.0	1.13	4.20 	158.227.4.135	10.0.15.4:80	GET /fog/management/index.php?node=group&sub=membership&id=334
9-0	3151	0/174/3003	_ 	25.77	0	77	0.0	0.21	3.42 	10.0.15.4	10.0.15.4:80	GET /fog/status/bandwidth.php?dev=ens192 HTTP/1.1
10-0	15893	0/3295/3295	W 	551.38	0	0	0.0	3.74	3.74 	158.227.4.135	10.0.15.4:80	GET /server-status HTTP/1.1```