RE: Deployment task never finishes without error

Disable Bitlocker was no alternative. That’s the result of my tests today.

At first I tried to only unlock the bitlocked drive, but this will not withstand a reboot. So my unlocked image gets locked again when I reboot.

When I disable BL that means I have to remove the BL encryption, so that the dd in funcs.sh ( dd if=$part bs=512 count=1 2>&1 | grep -i ‘-FVE-FS-’ ) is not able to find the BL-signature.
But that would mean I have to deploy truly clean images and encrypt EVERY deployed image afterwards. This is a no-go. It costs time in encryption and (even worse) it creates one dedicated key for every new deployed computer.
We need to use one remotely stored key for all deployed computers. That makes best sense in our use-case an I cannot change that decission. TPM will not work for us and would no make sense either as we need to have that mentioned key. Windows update will not hesitate us here … its an embedded W7 for dedicated systems.

Finally I patched funcs.sh (uncommented that bitlocker check) and made a new init.xz of it.

So my remaining question here:

How I have to use the setupcomplete.cmd correctly in terms of:

1. receive the new hostname . Here my first attempt was to wait some time as I observed that snappins take about some minutes until they get delivered … Will that naming take same time?
2. set a static IP which depends from hostname ( I already have prepared a batch file for that …)

Will that all have to go into setupcomplete.cmd?
How and when will that get executed?

Regards

@george1421 :
Now I deployed again and have caught the error:
In the end the FOG console tells:
Found bitlocker signature in /dev/sda2 header. Please disable BITLOCKER before capturing an image ( isBitlockedPartition)

The program is right; its locked. But this is no problem for me.
I see two chances
a) disable Bitlocker before capturing -> so I deliver always unencrypted images to clients. This is not what we intended.
I would have to have a script in the Autostart which automatically encrypts the unencrypted drive when the cloned image starts. This makes more work for + leaves a security hole.

b) find a way to ignore that unneeded error. Is there some way to mask out this checking at FOG-side?

What’s best?

Its a windows-service executable (exe) which I have to call with arg /install to install it.
Normaly I would install this by hand in the mother-image I deploy to all clients. But the development of that service delays, so I have to postpone that installation.
Before the install-call of the executable I have to remove the write-lock of the partition, means I have to call another system-executable in advance. After a successful installation I want to reboot.
The SW is an cmake based development. I have no cmake configs which created a Visual Studio deployment project (msi - even if an msi would be good for doing this … I have my doubts) so I have to create this afterwards in the Visual Studio. That is not a good attempt at all, no other co-worker will accept that sh***. So I am looking for an easy-going way … maybe WiX will get it. I have to read the docs, but if anybody has some better suggestions, please tell me.

At which point do I change the image definition settings?
Finally my cloned images work.

The stuff is more complex then I have told at first; the primary partition I clone is NTFS and contains “win7-embedded” - from here windows boots virtual harddrives (vhd) which build my drive “C:” which is of type “MS Virtual Disk SCSI Device”. That drive I want to slightly adopt/tune with snapins.

The Bitlocker partition is another harddrive which contains protected stuff which gets unlocked later. Unlocking works, content is accessible.

Why my deployment-tasks never finish w/o errors?

I found examples for the msi snapin deployment and some hints for exe-files.
Is there some template code where I can see what I have to do when I want to deploy a windows-service with fog. The executable is huge …

fog 1.5.2 @ubuntu 16.04 LTS

I deploy linux and windows images where my windows images contain NTFS primary and bitlocker encrypted secondary partitions.
At first I cloned the windows images same like my linux images ("Multiple Partition Image - All Disks (not resizable) (3) ").
Once i saw that fog has an issue with that (only some seconds before the cloned target reboots one can see an error) . So I changed for the windows part to “Raw Image, sector by sector DD”. The cloned images work with that, it only takes more time.

BUT: In the end of that cloning the same error still exists. As an result I get EVERY deployment not noticed by the fog server. I have to kill all deployment tasks by hand after the clone target reboots.
That means for every cloned target all attached snapins fall as long as the task still lives and the task is pending.

What is the right solution for that?

Sorry for creating doublets, but could not find the right answer yet…

Fog 1.5.2 @ Ubuntu 16.04 LTS
Snapin size is limited to 8 Mbytes

<https://wiki.fogproject.org/wiki/index.php/Managing_FOG> tells regarding increasing that limit …

sudo gedit /etc/php5/apache2/php.ini
Change
    memory_limit = 1900M
    post_max_size=1900M
    upload_max_filesize=1900M 
Save Changes
sudo /etc/init.d/apache2 restart**

The php I have is 7.1 and I have 3 php.ini files.
./etc/php/7.1/cli/php.ini
./etc/php/7.1/fpm/php.ini
./etc/php/7.1/apache2/php.ini

The 3rd also contains the unlimited sizes but I still get the nasty complains “need a name” when I try to create snapins for binaries>8MB.

What could I do here?