RE: Cloud FOG Imaging with iPXE boot using USB

@george1421 I know this isn’t expected and is super insecure. I can secure things later as needed (or just security by obscurity…possibly even turning it off when not in use) but we’ll worry about that if it works as expected.

I believe I’m ahead of you.

I can ping OVH, get to fogserver url and management pages.

Instead of installing tftp in windows I used a linux box - in both my network, and the OVH network.

OVH worked, however my network did not. I then (for shits and giggles) created a storage node in my own network, pointing it to the OVH fogserver, and pointed my DHCP from the 167.x OVH IP, to my storage node. Changed storage node to 0 clients.

This gave me success, in all forms.

So for whatever reason, the tftp connection won’t open between behind my pfsense box and the OVH server. I can see the ports going through the logs - but I get single:no_traffic as the status.

I guess what I’d love to try to do is this:

Create a USB device that houses the ipxe kernel, and information for undionly.kpxe/ipxe.efi to point to that server out in the wild. Put all the TFTP boot files on this drive.

I did image from/to the OVH server. Just couldn’t boot to it.

@george1421 correct -
i have cloud hosting platform, open to the internet (OVH) ((fogserver on debian 10 on an esxi VM with a public IP))

i have a home network, that i had my own personal fogserver running. pfsense is my home routing platform. i changed the IP address in DHCP to go from my internal IP, to the 167.x OVH IP.

i created a VM inside my home network, on an esxi box. i booted PXE, and got nothing.

i then went to OVH Server number 2. it’s running proxmox. i opened a tftp connection between OVH2 and OVH and was able to transfer undionly.kpxe.

if i go to a box inside my pfsense home network, and try to open the same tftp connection, i get a timeout.

so for now, it might be a routing thing, or where tftp doesn’t like the goofy network configuration that OVH requires me to have.

@george1421 OVH is just a cloud hosting provider.

I have no connection whatsoever to this env. Just wide open, dedicated server at the moment.

I was hoping to do this without modifying the client network in any way.

I just started testing.

With a server in the same datacenter, TFTP works as expected (I’m not able to mess with pxe settings at the moment but probably can in the future)

With a server at my home, I cannot chainload an image from the OVH server. TFTP times out. I’ve tried to manually open the connection and transfer, but it fails.

I’ve read through the past comments and posts regarding this topic, but the one I saw that meant the most for me didn’t help much.

I have a server on an OVH platform that is hosting FOG. It doesn’t seem that my pfsense router/goofy network setup on the OVH server is allowing pxe to boot.

This is a proof of concept because my work had 3 servers with 1000/1000 bandwidth for the remainder of the month I can play with.

What I’d LOVE to do is boot to the cloud server like normal - pfsense is handing out the address correctly, but i get TFTP timeout.

I do not wish to create a storage node at the location. The idea will be used in an MSP model if I can get it to work.

If I have to, I wouldn’t mind creating a flash drive that would boot the correct stuff, to point to the cloud fogserver. It’d be a lot easier to bring a flash drive to a random client location than a fog storage node.

What steps should I take to make this happen?

For years I’ve been doing my reference image in ESXi, on a 30GB VHD, installed, audit mode, ran scripts, sysprep, captured with fog.
I’ve always used “Multiple Partition Image - Not Resizable” because I had issues with FOG trying to resize in the past - I handled this by using the <extendospartition>true flag in my unattend.xml.

I never noticed, but apparently my recovery partition always began the disk.

1. recovery
2. efi
3. msr
4. OS
   But now, with 2004 and trying to create a reference image, it creates the recovery at the end of the drive, which causes nothing to happen with the extendOSpartition flag. I always end up with a 29.3 GB partition on any machine I deploy to.

Any chance anyone knows how to force windows 10 to install the recovery partition at the beginning of the drive again? I’m not even sure how I did it in the first place - I’m realizing and testing that I can use single disk resizable in FOG, but would like to ‘fix’ it how it was used before if possible.

@Sebastian-Roth i apologize for the assumptions.

after further reviewing, and testing - it seems that for whatever reason, my scripts are not running at boot.

it is trying to find the old server, and the new installation never happens - just the enabling of the service - hence the errors i’ve been seeing.

not sure why, but win10 1909 is causing it for some reason. might be the computers and their speed but i don’t think so. i’m testing more.

bottom line - it is not a fog issue.
thanks for your assistance however.

i have many - one at most of the sites i support.

the one at the site i created the original image ( home ) is 1.5.6, most of my sites are 1.5.6. i have not changed them any time recently.
in fact, the one where i noticed this was a brand new install that day of 1.5.7.

could it be that pre-image, when i installed fog, it has some sort of file in a local directory that doesn’t get replaced when fog gets reinstalled?
i’d thought this be possible but typically reinstalling the client fixes the issue anyways. since my first run script does that, i’ve been confused.

for whatever reason - when i have been deploying 1909 the following appears in the log:
RSA FOG Server CA cert found
RSA ERROR Certificate validation failed
RSA ERROR Trust Chain did not complete to the known authority anchor. Errors: The signature of the certificate cannot be verified. NotSignatureValid
Authentication ERROR Could not authenticate
Authentication ERROR Certificate is not from FOG CA

This could be something I messed up as I haven’t prepped my images since 1903 over the summer. Workflow is as follows:
Created base 1909 in ESXi, installed scripts and such.
Ran FOG installation, set service to disabled, injected firstlogin script to run installation again, with all quiet batch strings.
Sysprep.
Capture image, then deploy to new machine.
Machine boots, script runs and installs fog successfully. Starts service. Error above appears.

This hasn’t happened on my previous images.

@george1421
yes. so ideally, with the ‘hack’ method with persistent groups - lets say i would go the route i understand.
create template host and template group.
assign template host to template group, assign properties to template host.
add additional hosts to group.

even so, lets say i do full reg. it asks if i want to associate to a group. this is awesome and will effectively get the settings that i need - however, when it asks if i want to deploy the image, and i hit yes, the machine gets imaged. nothing that was ‘set’ is actually ‘deployed’ but rather with the sql hack/trigger, its just a property of the host - but the sql function hasn’t actually ‘pushed’ those settings because maybe it doesn’t know its been changed?

i ran into the issue and as i read through your post for basic persistent groups, other people were having the same issue. so i gave up and scrapped the idea.

i do think code wise it would probably be easy to implement for quick reg.

@george1421
I apologize for ‘hijacking’ this thread, although I believe my request is very similar to @fry_p
Almost as a template would work, which I would expect would almost work similarly in fogserver backend as persistent groups would. I do understand how the persistent groups work, however, as I noticed along with others had mentioned when I’d tried it on that thread, the basic issue we ran into was that the settings weren’t deployed per se to the machines. We’d still have to go deploy those to the machines.

What I was thinking about over the course of the last few months after persistent groups didn’t work for me specifically, was something along the line of a template.

Three methodologies I’d thought of:

1. Quick Register - an option to use a template, similarly setup to how a group would be setup. In QuickReg, you can do quite a few options, but for me the ability to add one more - a template would be awesome. Say for example, if I were to choose template (4) then snapins (x,y,z) / AD OU / prodkey / even numbering scheme would be beneficial. these snapins would be assigned at image, so with zero touch, the settings would auto-deploy.
2. full Registration - Similarly, during the B&W console where you type in your preferred settings for a machine, yet another line (do you want to associate a template with host (y/N/?) - where the template for the remainder of the modifications - group, product key, AD, snapins - would then auto populate.
   these snapins would be assigned at image, so with zero touch, the settings would auto-deploy.
3. template setup very identical to groups. But host agnostic where it isn’t assigned to any one host - quite opposite of groups where templates are literally only used for the initial setup of a machine, not long term management

I’m grateful for the features and uses we have as it is. I just know that as I setup new machines at different sites (my use case is as an MSP working in schools - 27 currently deployed fogservers, most with minimal hosts, but makes initial large deployments a breeze - but for my use case, I could bring a crummy laptop in with fog installed, and re-image a cart full of laptops very quickly. join to domain, install snapins, yadda yadda. the labor intensive part to me is still the ‘adding’ them to fog. my choices are to install the client pre-image, which then associates with fog so i can add as a group - OR the more likely scenario for me, boot, f12, pxe, fullreg, hostname, no group (at this point is almost useless to join to group), assign snapins 1-12, deploy, reboot, f12, pxe, move to next machine.

while i’m already multitudes faster than my cohorts on the Apple side of things (no MDM because of funding oddities with our clients) where they have to carbon copy clone 4 machines at a time with external hard drives - i can reimage a lab in 15 minutes…the only issue because the initial adding, which for summer projects and the like make this tedious.

also/or the ability to add snapins to quickreg. so certain snapins are assigned in quick reg, so that those snapins are auto-deployed when imaging takes place as well. that would work for me too.

@george1421 you are a wizard.

thats fixed!

now onto my next thing. heres to hoping that once i can grab a HDD big enough for my images that can support these ginormously underused HDD’s in these labs…that all is good

Hi All,

so I’ve been reading and reading - I was active in a thread last year ‘new to imaging macs’ where a guy had put together a little ISO for usb booting macbooks. I was able to image MBP’s sporadically whenever I needed to until now.

I’ve ran into every problem I could have so far with imaging iMacs. Finally found the thread about making the USB-FOS image, and putting it on USB. Now I’m having a different issue, and doesn’t seem to be MAC-specific.

This issue is happening on my imacs, and some latitude e6530’s (tried to rule out the imac, pxe boot works fine on the 6530)

I’ve modified the USB script to grab my local fog’s copy of the memtest, memdisk, ipxe.krn and ipxe.efi files. still no luck.

any ideas on what could be causing this? i’ve tried two different flash drives, 5 different machines, and even reimaged the machine to make sure nothing was wrong with its grub installs, so i reinstalled grub and re-ran the script again. same exact issue.

also, I’ve got the whole week in this school to play with these imacs (and the rest of the school year if i really want to…but have to get these imaged this week) so if anyone wants to play around with different ideas.
i’m between 10.12.5 and trying to roll out 10.14 now. nothing is t2. most have bootcamp.

i’m tagging george since its his script. THANKS GEORGE
@george1421

@Joe-Gill i successfully ran through a pallet of these - 27 - and no issues. this was my process:
boot into BIOS setup.
Click enable UEFI network stack, scroll down to AHCI and click it. hit Apply.
on the left, select secure boot. disable using checkbox - it will ask if you’re sure. hit yes, hit apply. hit exit.

it reboots, hit f12, network boot ipv4
it works

if it doesn’t work for you, make sure your ipv4 UEFI boot settings are setup on your dhcp server (ipxe.efi instead of undionly.kpxe)

THANK YOU @Sebastian-Roth

just got a pallet of 67 of these and would hate to go back to pre-fog days…:)

seems that the newest kernel finds no hard drive - these things are brand new, they are fresh off the line from dell.

anything I can do to see if its a hardware compatibility problem or something different?
these don’t have ‘legacy’ boot mode anymore - its all uefi.

@Wayne-Workman perfect chance to ask - will updateip tool, or makefogmobile both work on storage nodes as well?