RE: Snapin Questions

@LJedi Hi there, snapins will make your life a lot easier. Once you get the hang of them (and they’re really not that hard) you’ll wonder how you managed without them. The pure joy to be had from deploying a new application to a group of 10’s or 100’s of machines in a couple of clicks and then just getting on with your day is pretty awesome

I tend to forget things so I’ve created myself an idiots guide to most things I come across in FOG-land, snapins being no exception. I’ll outline the bits and pieces I’ve picked up, some of which you may already know.Jbobs answer was pretty succinct. I’m just going to dumb it down a little.

While Jbobs description of snapins as files which get executed remotely is spot on, the real benefit of using snapins is in conjunction with silent switches so the installation happens without your users seeing anything going on. This avoids them having to call the Helpdesk because “some weird screen just popped up on my 'puter!”

First off default FOG installation has a limit set on the size of snapins which can be uploaded to the server. This is configured in the php config file which in CentOS can be found at /etc/php.ini. You want to edit this file and locate these 3 sections and amend from 128M or 100M to 1900M

memory_limit = 1900M
post_max_size=1900M 
upload_max_filesize=1900M

Save the file and restart httpd service to have the changes kick in

service httpd restart

As far as actually creating snapins - the 2 biggest gotchas I found are:

• snapin names can’t have spaces
• uploaded files must be unique

When naming the snapin in the UI either use CamelCase or throw in an underscore to split words up.

The actual executable eg setup.exe is uploaded to FOG server in /opt/fog/snapins directory, not the name you give it in the web UI. The server won’t permit files of the same name in one directory. So if you have multiple versions of an installer for instance or need to create an uninstall snapin, make sure to rename the executable or MSI file so it’s unique. I add a version number or append _install, _uninstall depending on the situation.

I have had greatest success with MSI files. To create a snapin from an MSI file you need to add in the following details.

Snapin name - No spaces
Snapin run with - c:\windows\system32\msiexec.exe
Snapin run with argument use either /i or /x
/i = install
/x = uninstall
Snapin file - upload in .MSI format. If doing an uninstaller as well, amend the file name prior to upload so its different on server.
Snapin arguments - /qn - this is the the “no UI” switch for the MSI installer

Some EXE files which come with well documented silent install switches also work well but you sometimes have to hunt high and low to find the switches or use a bit of trial and error,

We use screenpresso screen capture tool at work and that has decently documented switches. Screenshot of this here. Note that screenpresso downloads always show as just screenpresso.exe - due to dupe file name mentioned earlier I rename this based on version before uploading to FOG.

I’ve never had much joy with deploying .bat or .cmd files via FOG snapin but will be giving that a go again shortly based on Jbobs comment earlier. What I’ve used instead is create the .bat as normal then use BatToExe converter to convert to exe then just add a name and upload the .exe to FOG - all silent switches go in the .bat file so nothing needs added to FOG.

TeraTerm is one such application I’ve deployed in this manner using this code. We have preconfigured keyboard, window and font settings using the keyboard.cnf and teraterm.ini files.

@echo off

:: script to copy teraterm.exe and config files to temp folder and install from there
:: the /y switch tells xcopy to overwrite file at destination if it already exists.

xcopy /y "\\server-share\TeraTerm\teraterm-4.89.exe" %TEMP%
xcopy /y "\\server-share\TeraTerm\KEYBOARD.CNF" %TEMP%
xcopy /y "\\server-share\TeraTerm\TERATERM.ini" %TEMP%

:: install teraterm using the keyboard.cnf and teraterm.ini files specified
%TEMP%\teraterm-4.89.exe /VERYSILENT

:: lastly move the copied teraterm.ini and keyboard.cnf files into program files directory
xcopy /y %TEMP%\KEYBOARD.CNF "C:\Program Files (x86)\TeraTerm\"
xcopy /y %TEMP%\TERATERM.ini "C:\Program Files (x86)\TeraTerm\"

Save as a bat file, run through BatToExe to output as .exe and upload to FOG and bam - done. Though you may not even need to save as a .exe. I shall test that myself tomorrow.

Give it a go on a test machine and see how you get on - any questions feel free to ask.

Other much more learned and savvy folks will no doubt chime in with even better suggestions or pointers should you need them.

cheers, Kiweegie.

@Wayne-Workman Success!

ok the latest snapin has worked as expected. Root cause I think was the locations and how I had set them up. Each host has a Location entry and each location points to a storage group.

I’d set the host I was testing this on to the only location I’d set up for head office and this was pointing to the wrong storage group.

I’ll do some further testing this week but hopefully others with same issue can at least learn from my mistakes…

Wayne, really appreciate the time and effort you put in to help me out with this one, greatly appreciated.

cheers, Kiweegie.

Hi @stuhad

I have this working on 1.5.7 dev branch on Ubuntu 18.04 so can walk you through what I’ve done in case that helps? Also check out this post by @m144 which got me started in the right direction.

Need to install the php plugin and restart apache first off

sudo apt-get install php-ldap
sudo systemctl restart apache2

One important note which doesn’t seem to be documented anywhere - the AD Bind password does not like special characters. I’ve not had time to test which ones are ok and which are not so just went with an alphanumeric password to get up and running.

Assuming your domain is example.com and you have 2 domain controllers:

dc01.example.com
dc02.example.com

Create a security group to house the users you want to log in over LDAP here we will use group fogserver admins in the OU=security groups. And a service account which has been delegated the rights to add and delete computer objects on your domain or in a pinch added as member of the Domain Admins group.

In the FOG ui click on the LDAP icon and then create new LDAP link on the left and fill in details as follows

LDAP connection name: dc01.example.com (each connection name must be unique)
LDAP Server Address: dc01.example.com
LDAP Server Port: 389
Search Base DN: dc=example,dc=com
Group Search DN: dc=example,dc=com
Admin group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
Mobile group: cn=fogserver_admins,ou=security groups,dc=example,dc=com
User Name Attribute: sAMAccountName
Group Member Attribute: member
Search Scope: Subtree and below
Bind DN: cn=service fogserver,ou=service_accounts,dc=example,dc=com
Bind password: <password for service account - add in plain text)

You can (and should) add multiple entries here with your other DCs for redundancy, just fill in another LDAP entry with unique connection name.

You should then be able to login to the FOG web portal with a domain username e.g. foguser (no need to add as example\foguser)

If a user who is not a member of your fogserver admins group tries to login it will fail on the UI with error

fogserver_admins))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=cn=fogserver_admins)(name=ou=security groups)(name=dc=example)(name=dc=com))(member=CN=Jake Fake,OU=Users,OU=Sales,DC=example,DC=com)); Result: 0\nPHP message: Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!\n', referer: http://fogserver/fog/management/index.php?node=home

Try that and if you’re still having issues let us know what OS you’re running and what entries you’re using in the LDAP setup - feel free to edit the entries for privacy reasons.

regards Tom

Hey mtmuch and welcome from a fellow FOG aficionado and recent sysadmin. Been using FOG off and on since the 0.29 release and particularly in the lastest 1.2.0 and upwards dev releases, FOG rocks… The team behind it are awesome too and very responsive.

Another thing to watch out for with newer FOG versions is depending on how old your environment is to ensure portfast is enabled on your switches - we’re still waiting on one of our larger sites to have this turned on.

I’ve had success with snapins created using .msi files and several with .exe where the installer silent switches are well documented. Others have been a bit hit and miss but the snapin system itself works very well.

You’'ll need to visit each desktop I’d imagine to set them to boot from nic for PXE booting unless they are set that way already. If they are and you have some sort of inventory system (we use Lansweeper) you might be able to upload all the hosts and mac addresses via a csv file rather than having to manually register them.

I’m also a fan of the new plugin system which has been integrated. We have remote sites and the location plugin solves an issue of replicating between main server and remote storage nodes. Also liking the pushbullet plugin for alerts sent to your phone.

There is a bit of work involved in getting it setup in the beginning, but once you have it configured and clients talking, it will save you so much time. Zero-touch is the buzzword you want to mention to your senior team members.

Enjoy!

@Tom-Elliott sigh… yes you’re quite right Tom. That has indeed solved the “problem”

please mark as resolved, i’m away for a cup of tea and a lie down in a darkened room…

regards Kiweegie

@stuhad

We are running on the dev version here 1.5.7.109 and can confirm that LDAP plugin works on this version.

Re your FOG install showing 1.55 but earlier not I think you’re seeing the issue that @Tom-Elliott referred to below and has fixed.

As to why the LDAP plugin is not working it will be down to something in the LDAP config I suspect rather than anything linked to the FOG version. I’ve had LDAP plugin working on both 1.55 and 1.57.

Do you have anything in the following log file at all in reference to LDAP users?

/var/log/apaches/error.log

Looking through your LDAP config and comments from previous post

LDAP connection name: dc1
(fine as long as each connection name is unique)
LDAP Server Address: IP Address (is an IP ok?)
IP address OK, thats what I’ve used
LDAP Server Port: 389
OK
Use Group Matching: ticked
OK
Search Base DN: ou=fog users,dc=company,dc=com,dc=au
I’ve set my search base here to the root of the domain so try just dc=company,dc=com,dc=au
Group Search DN: ou=fog users,dc=company,dc=com,dc=au
Should be fine - spaces in OU names also OK.
Admin group: cn=fog admins,ou=fog users,dc=company,dc=com,dc=au
Try just using the group name here “fog admins” don’t need the cn entry. Also try removing space. Should be ok but something to rule out
Mobile group: cn=fog admins,ou=fog users,dc=company,dc=com,dc=au
As above
User Name Attribute: sAMAccountName
OK
Group Member Attribute: member
OK
Search Scope: Subtree and below
OK
Bind DN: cn=ldapadmin,ou=services,dc=company,dc=com,dc=au
This user should have delegated rights to add and delete computer objects. If unsure try adding as member of Domain Admins group to test
Bind password: added in plaintext
OK

Ninja Edit: With the password remember to ensure no special characters!!

Give the above a whirl and let us know how you get on.

regards Tom

Just a heads up re some visual/browser issues in the plugins section of latest release.

I’m updated to latest release 4340 as at Friday 13th Nov 15 to get around an issue with snapin removal and a small bug with the location plugin which Tom Elliot kindly resolved.

Clean reinstall of FOG and am in process of adding in plugins. I can enable the plugins system but as soon as I try and activate one of the plugins - I’m interested in the Locations, WOL and Pushbullet specifically - the browser just flashes.

Example GIF can be seen here:

I’ve found it is possible to click on the plugin and have it activate but takes a few tries to get right. This is happening on Chrome and Firefox. I tried looking at it in IE too (ugh) and in there IE12 on Win 8.1 the front page of FOG web GUI is blank with just a series of bullet points down left hand side. Moving cursor over the page does highlight clickable content (cursor changes to hand icon and the URL shows in popup at bottom of page).

regards Kiweegie.

Ninja-Edit:

Some issues on the WOL plugin also

I can add new entries but cannot display the entries once added. Also the menu (see URL below) for “List all broadcasts” reads as “List all s”

http://FOG_Server_IP/fog/management/index.php?node=wolbroadcast&sub=list

@Wayne-Workman Hi Wayne, I could get past the issue and have the plugins installed now but it may throw off new users hence reason I flagged up.

Additionally the pushbullet plugin does not seem to be accepting tokens. Not a deal breaker for me but again just pointing it out to add to the snagging list.

Cheers, Kiweegie.

@Tom-Elliott Hi Tom, not an issue and had noticed the Nginx reference. Was more a heads up than anything else.

cheers. Kiweegie.

@Sebastian-Roth @george1421

Hi both, thanks for the pointer to log, that showed me issue. Had reinstalled from trunk and while fog password was ok per my records in the below locations I had like a complete rookie forgotten to reset password on the server itseld post upgrade… d’oh!

Storage Management > All Storage Nodes > Default Member > Management Password
Fog Configuration > Fog Settings > TFTP Server > FOG_TFTP_FTP_PASSWORD

cheers all
Kiweegie.

@Wayne-Workman HI Wayne, must have been having a senior moment. Here’s what you’re after.

/usr/bin/lsb_release
grep: /opt/fog/.fogsettings: No such file or directory
../lib/common/functions.sh: line 397: epel-release: command not found
curl: (22) The requested URL returned error: 404 Not Found
error: skipping http://rpms.famillecollet.com/enterprise/remi-release-6.7.rpm - transfer failed
Retrieving http://rpms.famillecollet.com/enterprise/remi-release-6.7.rpm
New password: Retype new password: Changing password for user fog.
passwd: all authentication tokens updated successfully.
Stopping mysqld:  ESC[60G[ESC[0;32m  OK  ESC[0;39m]
Starting mysqld:  ESC[60G[ESC[0;32m  OK  ESC[0;39m]
mysqld (pid  15732) is running...
Stopping httpd: ESC[60G[ESC[0;31mFAILEDESC[0;39m]
php-fpm: unrecognized service

So its falling over at the php-fpm piece again…

I just tried installing php-fpm again manually and then running FOG installer again

That gets a little further but fails here

 * Setting up and starting MySQL...............................OK
 * Backing up user reports.....................................OK
 * Stopping web service........................................OK
 * Is the MySQL password blank? (Y/n)
 * Setting up Apache and PHP files.............................Failed!

Checking log file again I get this

/usr/bin/lsb_release
grep: /opt/fog/.fogsettings: No such file or directory
../lib/common/functions.sh: line 397: epel-release: command not found
curl: (22) The requested URL returned error: 404 Not Found
error: skipping http://rpms.famillecollet.com/enterprise/remi-release-6.7.rpm - transfer failed
Retrieving http://rpms.famillecollet.com/enterprise/remi-release-6.7.rpm
New password: Retype new password: Changing password for user fog.
passwd: all authentication tokens updated successfully.
Stopping mysqld:  ESC[60G[ESC[0;32m  OK  ESC[0;39m]
Starting mysqld:  ESC[60G[ESC[0;32m  OK  ESC[0;39m]
mysqld (pid  16225) is running...
Stopping httpd: ESC[60G[ESC[0;31mFAILEDESC[0;39m]
Stopping php-fpm: ESC[60G[ESC[0;31mFAILEDESC[0;39m]
sed: no input files
sed: no input files

Not sure where to go from there.

cheers Kiweegie.

@Tom-Elliott @Wayne-Workman

Well the server was still hogging a boat-load of bandwidth so I’m in the process of rebuilding it from scratch. Should know in about an hour or so if the bandwidth issue is sorted.

regards Kiweegie.

@Wayne-Workman HI Wayne, we’re all good.

Only steps needed to get this operational above and beyond your suggestions were to run exportfs -a after editing path in etc/exports and then making sure a .mntcheck file existed in each locaton /home/fog/images and /home/fog/images/dev

regards Kiweegie

@Quazz Hi Quazz yes main problem of high cpu usage appears to be much better - main server with most number of hosts is sitting at 5-30% CPU load roughly with no active tasks running. I’m testing now with images running to double check under load.

cheers Kiweegie.

@Wayne-Workman HI Wayne know this is an old call but stumbled upon it when I had the same issue.

You were after a decent photo of the error for the wiki which I’ve not been able to get and adding in a codebox below just screws up but hopefully this workaround of text on a black background in notepad++ will do the trick

Also in my case for anyone else finding this later on I had moved the images directory to /home/fog/images and updated fog everywhere except for the /etc/exports file.

Amending that to read as

/home/fog/images *(ro,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0)
/home/fog/images/dev *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=1)

And then running

exportfs -a

bypassed the error for me,.

cheers kiweegie.

@Sebastian-Roth Hey Sebastian (and all other FOG devs and users out there) hope you and yours are staying safe and sound with whats going on in the world.

I’d forgotten about this post myself I confess - I’ve been busy trying go setup our entire workforce across several sites to work from home.

I know our service desk team would find this feature of great benefit as keeping reliable track of who was given a loaner laptop and when can be difficult without the right tool to do it. Excel sheets or even the ticketing system don’t manage this very well.

But given whats going on just now for everyone its very much on the distant, nice to have when the worlds in a better place list.

Stay safe everyone.

Kiweegie.

After rsyncing one of the images from DCMASTER to DCSTORAGE both are now showing up on the storage node… and in turn seem to be in process of replicating to the other Storage nodes.

I’ll need to double check all of them once replication process finished to see if they have same file sizes etc.

regards Tom