RE: Latest FOG 0.33b

Hi Tom,

are you using efibootmgr in FOG?

I was testing using partclone manually restoring an image and it wouldn’t boot. I was able to boot a linux live cd, and using efibootmgr repair the boot menu manually.

As far as I am aware, the only way to fix non bootable UEFI from windows tools is BCEDIT, however seeing as you boot a linux kernel to apply the image using partclone, maye you can script efibootmgr afterwards to repair the UEFI on the system and make it bootable.

Or is it a different issue entirely with FOG?

efibootmgr should be scriptable

usage: efibootmgr [options]
-a | --active sets bootnum active
-A | --inactive sets bootnum inactive
-b | --bootnum XXXX modify BootXXXX (hex)
-B | --delete-bootnum delete bootnum (hex)
-c | --create create new variable bootnum and add to bootorder
-d | --disk disk (defaults to /dev/sda) containing loader
-e | --edd [1|3|-1] force EDD 1.0 or 3.0 creation variables, or guess
-E | --device num EDD 1.0 device number (defaults to 0x80)
-g | --gpt force disk w/ invalid PMBR to be treated as GPT
-H | --acpi_hid XXXX set the ACPI HID (used with -i)
-i | --iface name create a netboot entry for the named interface
-l | --loader name (defaults to \elilo.efi)
-L | --label label Boot manager display label (defaults to “Linux”)
-n | --bootnext XXXX set BootNext to XXXX (hex)
-N | --delete-bootnext delete BootNext
-o | --bootorder XXXX,YYYY,ZZZZ,… explicitly set BootOrder (hex)
-O | --delete-bootorder delete BootOrder
-p | --part part (defaults to 1) containing loader
-q | --quiet be quiet
–test filename don’t write to NVRAM, write to filename
-t | --timeout seconds Boot manager timeout
-T | --delete-timeout delete Timeout value
-u | --unicode | --UCS-2 pass extra args as UCS-2 (default is ASCII)
-U | --acpi_uid XXXX set the ACPI UID (used with -i)
-v | --verbose print additional information
-V | --version return version and exit
-w | --write-signature write unique sig to MBR if needed

Typical usage:

1. Root can use it to display the current Boot Manager settings.
   [root@localhost ~]# efibootmgr
   BootCurrent: 0004
   BootNext: 0003
   BootOrder: 0004,0000,0001,0002,0003
   Timeout: 30 seconds
   Boot0000* Diskette Drive(device:0)
   Boot0001* CD-ROM Drive(device:FF)
   Boot0002* Hard Drive(Device:80)/HD(Part1,Sig00112233)
   Boot0003* PXE Boot: MAC(00D0B7C15D91)
   Boot0004* Linux

This shows:
BootCurrent - the boot entry used to start the currently running
system.

BootOrder - the boot order as would appear in the boot manager. The
boot manager tries to boot the first active entry on this list. If
unsuccessful, it tries the next entry, and so on.

BootNext - the boot entry which is scheduled to be run on next boot.
This superceeds BootOrder for one boot only, and is deleted by the
boot manager after first use. This allows you to change the next boot
behavior without changing BootOrder.

Timeout - the time in seconds between when the boot manager appears
on the screen until when it automatically chooses the startup value
from BootNext or BootOrder.

Five boot entries (0000 - 0004), the active/inactive flag (* means
active), and the name displayed on the screen.

2. An OS installer would call ‘efibootmgr -c’. This assumes that
   /boot/efi is your EFI System Partition, and is mounted at /dev/sda1.
   This creates a new boot option, called “Linux”, and puts it at the top
   of the boot order list. Options may be passed to modify the
   default behavior. The default OS Loader is elilo.efi.

3. A system administrator wants to change the boot order. She would
   call ‘efibootmgr -o 3,4’ to specify PXE boot first, then Linux
   boot.

4. A system administrator wants to change the boot order for the next
   boot only. She would call ‘efibootmgr -n 4’ to specify that the
   Linux entry be taken on next boot.

5. A system administrator wants to delete the Linux boot option from
   the menu. ‘efibootmgr -b 4 -B’ deletes entry 4 and removes it
   from BootOrder.

6. A system administrator wants to create a boot option to network
   boot (PXE). Unfortunately, this requires knowing a little more
   information about your system than can be easily found by
   efibootmgr, so you’ve got to pass additional information - the ACPI
   HID and UID values. These can generally be found by using the EFI
   Boot Manager (in the EFI environment) to create a network boot
   entry, then using efibootmgr to print it verbosely. Here’s one example:

   Boot003* Acpi(PNP0A03,0)/PCI(5|0)/Mac(00D0B7F9F510)
   ACPI(a0341d0,0)PCI(0,5)MAC(00d0b7f9f510,0)

   In this case, the ACPI HID is “0A0341d0” and the UID is “0”.
   For the zx2000 gigE, the HID is “222F” and the UID is “500”.
   For the rx2000 gigE, the HID is “0002” and the UID is “100”.
   You create the boot entry with:
   ‘efibootmgr -c -i eth0 -H 222F -U 500 -L netboot’

Hi there,

from what I understand from your post you want FOG to be able to get the MAC address of the IPMI interface and add it to the inventory.

From what I know about the supermicro IPMI would not be possible without integrating some form of IPMI driver into the linux kernel FOG boots to gather this inventory.

The actual machine doesn’t see the IPMI as a network card as such, only a device in device manager (if it was windows)

When the kernel boots and gathers its inventory you might be able to get some information from dmidecode once said driver is installed but I imagine it would be limited information as its meant to go the other way ie get information about the system while logged in via IPMI interface, not the other way which could also be a security risk.

let us know how you get on as I have thought about this same issue with HP iLO before and could be handy to have a link to the IPMI/iLO from inside FOG inventory

Great news Tom, appreciate the hard work!

time for testing windows 8 64bit

Great work Tom, iPXE is certainly the way to go for future.

Only one thing I would ask and this relates to the previous way of doing it.

I use the old 01-XX-XX-XX-XX-XX-XX method and manually create some of those files for use by Thin Clients (that boot across the network and are diskless) and ESXi AutoDeploy hosts

Would it be possible using iPXE to still achieve this?

I imagine it would be a feature request, however it would require the ability to create a permanent task for a specific MAC address or group of MAC addresses with custom parameters.

Completely agree with you on the AD part, that’s the best drawcard to the Windows Agent!

However,

Since the computer naming component is no longer done via the Windows Agent in 0.33b as far as I know its done during the init image process.

Joining the domain could then be done as part of sysprep (as the name would already be right by this stage) thus making that part a moot point.

The only issue from then on, in order to rename the PC, a re-image would be required in FOG, unlike the windows agent which would just rename it, although then a domain re-join is required. How often does this scenario happen though? just re-image it!

Pretty sure OCS/FusionInventory has no such capabilities, it’s just for detailed inventory and software deployment

I was referring to someone making a TurnKey Linux Patch

Fair enough but, I agree on a .deb / .rpm but would also require package maintainers.

Maybe the current approach of install via script is still the correct path for now and allows maximum flexibility.

On a slightly different topic, what are you guys thoughts on the Windows Agent?

What if, FOG server was made to be compatible with the Fusion Inventory Agent instead, and change the entire SFX deployment over to the Fusion/OCS deployment method.

Pros are you already have people developing this agent seperately, once the initial headache of making FOG compatible is over then the devs can focus on other areas and not the Agent.

The biggest benefit is the improved inventory capabilities, rather then with the current FOG where you are required to boot linux to gather inventory, fusion/ocs will be collecting updated inventory all the time.

The downsides are from what I can tell fusion doesn’t install printers like FOG does (does anyone actually use this and not GPO?)

all other portions of the FOG agent can then be replaced with fusion inventory.

/ot Anyone know if Fusion Inventory can display toast notifications in windows 8?

thoughts?

I wasn’t referring to starting from scratch and creating an entire OS eg Ubuntu or over complicating in that manner.

Using something like TKL or others as a base would ease compatibility and includes both deployment options (ISO and VM Appliance), rather than having to test and get FOG to work on SUSE, Ubuntu, CentOS etc

standardize on one base, and ship it as a complete ISO or VM app

or take the approach from other embedded distro’s like FreeNAS or pfSense choose one underlying rock solid base (FreeBSD) and allow easy upgrades including the entire OS via the web UI. This option would also make it easier for commercial support, as its one OS under the hood to support.

My 2 cents.

[LIST]
[]Could FOG become its own distribution? Maybe even a TurnKey Linux patch or similar to ease packaging
[LIST]
[]Could ease compatibility, as everything is tested together before shipped as an ISO or VM image
[]being based on a modern Ubuntu LTS means better hardware compatibility for Bare metal install’s (who does this nowadays?)
[]Don’t think installing on windows is a good idea at all personally, I have always treated FOG like an appliance, it just works!
[/LIST]
[/LIST]
[LIST]
[]Without starting a programming language flame war
[LIST]
[]As for changing over from PHP I personally agree with this, although there are a lot of PHP dev’s out there, I would choose a more popular language though. I find Python (Django) really easy to work with and might make for quicker dev time
[/LIST]
[/LIST]
[LIST]
[]UEFI
[LIST]
[]I know its tricky, particular to get secure boot working, unfortunately I can’t help with this one
[/LIST]
[/LIST]
[LIST]
[]As for all the extras like password reset etc
[LIST]
[]Get rid of them. Because FOG includes a PXE server its very easy to use Memdisk to boot any ISO you want, so no need to Integrate that extra work into the FOG kernel, let 3rd party apps do it, I have a PXE menu of over 100 ISO tools atm
[/LIST]
[/LIST]
[LIST]
[]I would love to see improvements in FOG’s scale ability
[LIST]
[]Multi-Site improvements and site replication built in with no mods
[]Make it modular in Roles, when you do the install you choose what you want on that server, small sites deploy one single server all roles, large sites scale as they see fit
[]Option to Split Snap-In deployment separate from Image deployment in the roles
[]some form of load balancing / HA , like DNS SRV or Round Robin - easier than clustering
[/LIST]
[/LIST]
[LIST]
[]KISS approach
[LIST]
[]let FOG focus on what its great at, Image and Snap-In deployment leave the rest for 3rd party tools
[/LIST]
[/LIST]
[LIST]
[]Commercial Support
[LIST]
[*]might be dreaming, but I know that we rely on FOG so much that having support would be great, and ease managements mind on how much we rely on this thing. haven’t installed windows manually for years!
[/LIST]
[/LIST]

Just to add to the Windows 8 support, if the FOG Agent could use the toast notifications, that would be neat.

Ideally if you could customise the colour, background of the notifications somehow from within the FOG web interface would be really swell

perhaps, you pick your settings, FOG web interface drops a configuration file and each agent syncs this file from the server similar to how you update the dll’s

[url]http://code.msdn.microsoft.com/windowsapps/Toast-notifications-sample-52eeba29/sourcecode?fileId=51008&pathId=2114880492[/url]

interested yes, could you add the following to the desktop client

1. Deploy a single snapin to a single PCs
2. Deploy a single snapin to a group of PCs
3. Deploy all snapins linked to a single PCs
4. deploy all snapins linked to a group of PCs
5. FOG Tray client that works better with Windows 7/8 and displays messages
6. FOG Tray client which you can send messages to to popup eg during an SFX is I want to display a message rather then use vbscript etc popup a nice message using the same FOG Tray balloon the agent uses.

not trying to start a flame war, and I know its a long shot and may not ever happen but, I would like to see FOG run on some different backend / frontend components.

NGINX instead of Apache

PostgreSQL instead of MYSQL

why? mostly just because.

In my limited experience, NGINX performs alot better than Apache and is dead simple to administer.

Regarding the database, I’m no DB expert but Postgre has also been quicker for me, although I’m yet to find a tool as good as phpmyadmin for postgreSQL.

[LEFT]The future of MySQL is also little more unknown ever since the Oracle acquisition of SUN hopefully it never goes the way of OpenOffice.[/LEFT]
[LEFT]Has anyone experimented with FOG and NGINX or PostgreSQL?[/LEFT]

[LEFT]anyone have any other thoughts or longer term goals to see out of the FOG backend?[/LEFT]

Sounds good except would mean more time in development for an already small (and most likely short on time) development team

Alternatively, something like using Turnkey Linux would be a good solution, a prebuilt Ubuntu VM which can be installed from ISO.

so who is going to make a Turnkey Patch for FOG?

how have you disabled the Primary server as a storage node so nothing is deployed from it?

wouldn’t option 3 be as easy as having a hardcoded “fogstoragenode” DNS A record entry for primary deployment and that’s your multi site done

as in primary site has the “fogserver” which is what the agents talk to to look for queued jobs, send back their login info etc. but when it comes to actual deployment of either image or snap-in they automatically look to the “fogstoragenode” dns entry instead of the “fogserver” dns entry

each branch site has a “fogstoragenode” dns A record so the agents on that site talk to the correct one

just thinking of ways to make it easier for any roaming users, so they always download from the “local” storagenode for Images and Snap-Ins

we have a lot of roaming users, so would be good to ignore what site they are at and make the whole process automatic.

[I]Who has the most sites here? anyone managed more than 5 FOG Sites? how do you do it?[/I]

How could we make FOG a real Multi Site solution

Would there be a way to implement a sweet Multi Site setup with DNS with site specific A Records

As what happens when a particular Laptop roams between sites, would it not try and connect to an incorrect storage node?

Could something like this work

OPTION (1)

[QUOTE]
SITE 1 (MAIN SITE)

[INDENT=1]FOG-SERVER-1-1[/INDENT]
[INDENT=1]FOG-NODE-1-1[/INDENT]
[INDENT=1]FOG-NODE-1-2[/INDENT]

SITE 2

[INDENT=1]FOG-SERVER-2-1 (PXE Only? or MySQL Replication?)[/INDENT]
[INDENT=1]FOG-NODE-2-1[/INDENT]
[INDENT=1] [/INDENT]
SITE 99

[INDENT=1]FOG-SERVER-99-1 (PXE Only? or MySQL Replication?)[/INDENT]
[INDENT=1]FOG-NODE-99-1[/INDENT]

Then using DNS for each site needs some common A/CNAME records

[INDENT=1]FOGSERVER - Unique for each site[/INDENT]
[INDENT=1]FOGSTORAGENODE-1 - Unique for each site[/INDENT]
[INDENT=1]FOGSTORAGENODE-2 - Unique for each site[/INDENT]
[/QUOTE]

OPTION (2)

[QUOTE]
SITE 1 (MAIN SITE)

[INDENT=1]FOG-SERVER-1-1[/INDENT]
[INDENT=1]FOG-NODE-1-1[/INDENT]
[INDENT=1]FOG-NODE-1-2[/INDENT]

SITE 2

[INDENT=1]FOG-NODE-2-1 (Also has PXE and using RSYNC for tftpboot)[/INDENT]
[INDENT=1] [/INDENT]
SITE 99

[INDENT=1]FOG-NODE-99-1 (Also has PXE and using RSYNC for tftpboot)[/INDENT]

Then using DNS for each site needs some common A/CNAME records

[INDENT=1]FOGSERVER - Main Site[/INDENT]
[INDENT=1]FOGSTORAGENODE-1 - Unique for each site[/INDENT]
[INDENT=1]FOGSTORAGENODE-2 - Unique for each site[/INDENT]
[/QUOTE]

Then no matter which site you are at, you always know it would use the correct Storage Node and Server

ISSUES

Option (1)

[LIST]
[]Has Multiple Databases, how could you keep the databases in sync?
[LIST]
[]having local database would surely improve performance vs slow WAN link
[]Would still operate If link between sites is down (just no sync)
[]Assuming the sites are connected via some form or WAN/LAN/MPLS/VPN etc then some replication is necessary for the Databse
[]MySQL Database Replication? keeping all sites in sync so the agent can contact the server and the relevant jobs are there ready meaning you only need to manage ONE single FOG Web Interface for all sites
[/LIST]
[][INDENT=1]RSYNC (or DFS) can be used for the Storage Images and SNAP-INs, and tftpboot folder[/INDENT]
[/LIST]
Option (2)

[LIST]
[]One single database, administration is easier, less to go wrong with database?
[]slower performance as agents are talking across WAN links to central site?
[LIST]
[]how much data would (1 or 10 or 500) agents use across a WAN link per day chattering?
[]SCCM here bogs down an entire network, what about FOG?
[*]can snap-ins be downloaded from Storage Nodes instead of server
[/LIST]
[/LIST]
Option (3)

[LIST]
[]Re-think the entire approach
[LIST]
[]Use the FOG Server as an SQL Database and Web Interface only no storage
[]Use storage nodes for Images, Snap-Ins, PXE Boot and sync them
[/LIST]
[]This way would mean each brach site has a storage node which performs storage of images, snap-ins, tftpboot folder which all syncs using rsync with other storage nodes (controlled by server?)
[*]the FOG administrator administers one database uploads snapins and images to one and its replicated
[/LIST]

Thoughts?

[quote=“Lee Rowlett, post: 1591, member: 28”]i would like to see maybe a progress bar or be able to send detail to the gui like what stage of the script it is installing if it is a multiple software install script… I.e Installing Adobe… Then Installing Java etc. etc…[/quote]

How does the Snap-In system work at the moment? is this about right?
[LIST=1]
[]The FOG Agent periodically polls the server checking for Tasks at offset times to not overload server
[]The FOG Agent sees a list of pending Snap-Ins begins downloading the first one eg SNAP-IN-1
[]Run the Snap-In until it exits
[]FOG Agent pops up Message Box “Installation Complete SNAP-IN-1”
[/LIST]

Why not give us an API into the FOG Agent’s message system (if some way doesn’t already exist???)

so when we are installing something, we can be writing messages to the FOG Agent if required and it pops up the message in the top right hand corner.

Eg We could have a process like this

[LIST=1]
[]The FOG Agent periodically polls the server checking for Tasks at offset times to not overload server
[]The FOG Agent sees a list of pending Snap-Ins begins downloading the first one in the list eg SNAP-IN-1
[]The FOG Agent runs the Snap-In
[]Inside the Snap-In script there is a command/script whatever which send the Fog Agent the message “Installation Starting” this is popped up on screen by the FOG Agent
[]Snap-In continues on … opps there is an error installing … using API, error can be displayed on screen in the agent box
[]If there was no error, return code 0, FOG Agent pops up Message Box “Installation Complete SNAP-IN-1”
[/LIST]

At the moment sometimes I use snap ins to display something eg, a vbsccript messagebox pops up why not give us a way to send those messages to the FOG Agent popup

you used to be able to do this I’m sure, can’t you do it now?

used to have that exact same issue, or similar need to deploy X update to dodgy software to Finance Department and cbf walking around to 40 PC’s - deploy snapin the Finance Group kick back, sip coffee ala win

Hrm interesting, was wondering if a similar thing could be done with the Fusioninventory agent

would require additional fields in the FOG Databse, or maybe a separate MySQL database on the same server, which the FOG GUI can read from, linking FOG hostnames to FusonAudit hostnames

Thus fog could replace the OCS Inventory GUI altogethor

When I get some time I will look into this further

Good stuff.

Look forward to any further details, after your testing.

Hopefully this will scale to multiple sites, so long as each site has a DFS then can’t see why not

Did you every try rsync over slow WAN links, whats it like compared to DFS?

I really think fog FOG 0.34 MultiSite patch needs to be built in!

Would it be possible to improve the information FOG stores regarding each PC to include a Software Inventory?

Could the Agent be used to send periodic updates to maintain a list of software and version numbers in the FOG database.

Alternatively rather that re-invent the wheel, has anyone worked on an OCS plugin/ Fusion Inventory / integration with FOG?

I would love the Snap-In functionality (and overall FOG) to integrate with AD/LDAP/SAMBA

Then apply snapins on a group level.

What I mean is;

In LDAP let’s say you have a structure as follows;

Organisation
[INDENT=1]-Departments[/INDENT]
[INDENT=2]-Finance[/INDENT]
[INDENT=3]-PC1[/INDENT]
[INDENT=3]-PC2[/INDENT]
[INDENT=2]–Engineering[/INDENT]
[INDENT=3]-PC3[/INDENT]
[INDENT=3]-PC4[/INDENT]
[INDENT=3] [/INDENT]
I would love to be able to apply Snap-In’s to the Finance department and all PC’s below automatically get those assigned. Kicker is I want this structure to be read from AD/LDAP so that there is no need to a seperate lot of groups in FOG as well.

Then you can move a PC from OU and it gets the Snap-Ins assigned from that OU

If not on an OU level, even Groups would do for PC’s

e.g

Group1-SnapIn-1
Group2-Snap-In2

Any computers in Group1 get the Snapin 1 deployed etc

Is there a better way of achieving something like this?