Export/import ssl directory

I think the ability to export/import the ssl directory through the web gui would be beneficial. This would help people who use fog 1.3+ and also use the fog client. It’d help them when they want to build a new server. Right now, I have written instructions for this here and here but it’s all manual work.

I think that ‘Configuration Save’ is appropriately named if it really does save all configuration including the ssl directory. Right now, ‘Configuration Save’ only imports/exports the database. If that stays the same, a more appropriate name would be ‘Database Save’, and perhaps we add another item called ‘SSL Save’ ? Lots of ways to do this. I’d like to see ‘Configuration Save’ remain the same so that all the threads/posts about it are still accurate, and just have the SSL exporting/importing added to it.

Please note that the SVN version number and the Trunk version number do not match. If your fog cloud said 3671, then svn 3671 is NOT what you want. The FOG Trunk version number is a fair bit ahead of the svn version number.

Also note - if your DB is from 8405 - Importing it into 3671 is definitely not going to work.

My advice to you would be - instead of going to a very old version of fog - work with the @Senior-Developers to get printer management working again.

svn co -r 3671 https://svn.code.sf.net/p/freeghost/code/trunk
https://wiki.fogproject.org/wiki/index.php?title=Upgrade_to_Revision

Yeah, this script was a life saver for me. It accomplishes SO much stuff that I’d otherwise have to set a TON of bloated Microsoft group policy for. I’m not scared of group policy at all, in fact I’m really good at it. But I’ve learned through experience that overall, less group policy is better group policy. So now I always always always try to find alternatives to it before using it. This script being a great example, fog snapins and printer management being another great example. Hell even startup scripts or login scripts are more safe than a pile of bloated group policy. Group Policy usually works, but it slows things down. I’ve ran extensive tests on this, recording times for different things, recording environment setups, making tables of results, and replicating results from scratch to confirm, for months on end (Scientific Method). Group Policy is always my last choice now.

As I sit here working on making the daily fog installation tests more reliable, I wondered to myself when I should remove the older OSs (centos7, rhel7, etc). I thought it’d be nice to know how often what OS is being used to install FOG on. So I propose the following.

I can create a publicly available API that simply accepts a “string” being submitted. Using this, I can put together a popularity contest type thing that will allow us to see what people are installing FOG on. I can build the API (I have scaffolding that I can use to get this done pretty fast) and run it, and make the results publicly viewable.

Within the FOG Installer scripts, I can add a question about participating in the popularity contest. I think this should default to “Yes”. If “Yes” is chosen, a simple curl call is executed sending the output of lsb_release --all to the API.

Thoughts on this? I’m willing to put it all together and submit the pull requests for it. Though wanted feedback before I went after it.

I worked on this most of yesterday and today so far. The project is done and 100% working, but of course could be improved on.

https://github.com/wayneworkman/ssh-pki-setup

This will help you setup certificate based authentication and aliases for your servers (your fog storage nodes).

For FOG, I would recommend running this on the fog web server. Define all your storage nodes appropriately within hosts.csv, and run. This way, once you’re inside the main, you can then use aliases very easily to go to all the storage nodes to run updates.

I’ll be using this tomorrow at work to, very quickly, setup cert based authentication for the 15-server fog system we have (which has been quite brutal to update because each server has a different and strong password).

Thanks @Tom-Elliott for helping out, too.

@Gary-Kulovics There was a problem on 0.11.2 that caused the client to crash in certain situations concerning JIT, read here for more information: https://news.fogproject.org/fog-client-v0-11-3-released/

I’m not saying that’s your issue, but it could be possible. To get the latest version, all you need to do is update fog to the latest, all clients will automatically update.

Additionally - we need a fog.log from an affected host. It’s here: C:\fog.log
Please deploy one of the affected hosts and let it do it’s thing, and grab the log afterwards and upload here.
Also, what OS are you deploying?

I created a free an open source solution called Jane that does exactly what you need.

It takes info from SIS, and then produces powershell on a per-domain, per group, per settings-set basis to create and update AD users across multiple domains. It’s 100% automated and incredibly secure. With intense user controls, unlike fog (no offense Tom).

We’re using it now. Message me for details.

Jane can do all this you asked.

Process must generate unique student and employee usernames. Employee usernames can never be reissued (even if the employee leaves the district).
• Users must be placed in the appropriate OU according to their associated building in the SIS or EIS.
• Users must be automatically made members of security groups based on data in SIS and EIS: associated building, associated grade level, job status code(employees)
• User object attributes must be automatically populated: First Name, Sur Name, Department, Phone, Description, etc.
• User home directory must be created and NTFS permissions set. If the user moves building their home directory must be moved also and permissions set once again.
• Of course all memberships, object locations, home directory, etc will have to be updated if the user moves buildings, changes name, building, grade level, etc.

@H105 said in Win7 SP1 OOBE Fails Works On Non SP1:

I’m getting the “windows setup could not configure Windows on this hardware… please restart… blah blah” on any system I try to apply my Golden Image to.

Wiki excerpt:

"Windows Setup could not configure Windows to run on this computer’s hardware.” …
https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#FOG_Client_with_Sysprep

@kwetiaw like I said, if you can script it, generally snapins can deploy it. Go ahead and try. Let us know if you have problems.

@george1421 This is also true for Windows 8 and 8.1.

Just quickly copy/pasting some scripts I made for managing 15 storage nodes without killing myself.

I’m going to take all these and other stuff community has made and pile them all up into one big git repo called “Fog Tools” or something.

All of the below scripts in this post are dependent on ssh-pki being setup from the server to all nodes and having aliases created for them all, I have created a tool that helps you do this: https://github.com/wayneworkman/ssh-pki-setup

installPackage.sh

#!/bin/bash
array=( aifog annex bmfog clfog cvfog ckfog dufog fmfog hffog jwfog lhfog prfog rofog wgfog )

#Packages are space delimited if there are multiple ones.
packages="lsof"

for i in "${array[@]}"
do
    printf "Installing $packages at: $i..."
    successCheck=$(ssh $i "yum install $packages -y > /dev/null 2>&1;echo \$?")
    if [[ "$successCheck" -eq 0 ]]; then
        printf "Success!\n"
    else
        printf "Failed!\n"
    fi
    printf "\n"


done

removePackage.sh

#!/bin/bash
array=( aifog annex bmfog clfog cvfog ckfog dufog fmfog hffog jwfog lhfog prfog rofog wgfog )

#Packages are space delimited if there are multiple ones.
packages="mod_evasive"

for i in "${array[@]}"
do
    printf "Removing $packages at: $i..."
    successCheck=$(ssh $i "yum remove $packages -y > /dev/null 2>&1;echo \$?")
    if [[ "$successCheck" -eq 0 ]]; then
        printf "Success!\n"
    else
        printf "Failed!\n"
    fi
    printf "\n"


done

rebootNodes.sh

#!/bin/bash
ssh aifog "reboot"
ssh annex "reboot"
ssh bmfog "reboot"
ssh clfog "reboot"
ssh cvfog "reboot"
ssh ckfog "reboot"
ssh dufog "reboot"
ssh fmfog "reboot"
ssh hffog "reboot"
ssh jwfog "reboot"
ssh lhfog "reboot"
ssh prfog "reboot"
ssh rofog "reboot"
ssh wgfog "reboot"

updateNodesOS.sh

#!/bin/bash
array=( aifog annex bmfog clfog cvfog ckfog dufog fmfog hffog jwfog lhfog prfog rofog wgfog )

clear
echo
echo
echo "Updating defined systems."
echo
for i in "${array[@]}"
do
    printf "Updating installed packages at: $i..."
    successCheck=$( ssh $i "yum update -y > /dev/null 2>&1;echo \$?")
    if [[ "$successCheck" -eq 0 ]]; then
        printf "Success!\n"
    else
        printf "Failed!\n"
    fi
    printf "\n"
done

updateNodesFOG.sh

#!/bin/bash
array=( aifog annex bmfog clfog cvfog ckfog dufog fmfog hffog jwfog lhfog prfog rofog wgfog )

clear
echo
echo
echo "Updating FOG on defined systems."
echo
for i in "${array[@]}"
do
    printf "Updating FOG at: $i..."
    successCheck=$(ssh $i "cd /root/git/fogproject > /dev/null 2>&1;git reset --hard > /dev/null 2>&1;git pull > /dev/null 2>&1;cd bin > /dev/null 2>&1;./installfog.sh -y > /dev/null 2>&1;echo \$?")
    if [[ "$successCheck" -eq 0 ]]; then
        printf "Success!\n"
    else
        printf "Failed!\n"
    fi
    printf "\n"


done

Community members have found that Windows 10 is pretty great with drivers, and that you don’t necessarily need to worry about them like you did in past versions of windows.

Where it will matter is if you have special hardware, like advanced graphics drivers, a RAID card, or something else that’s not in a typical office workstation.

Generally you just sysprep - or run @JJ-Fullmer 's script to generalize Windows 10 without sysprep. Either works, but I lean towards Fullmer’s script because it seems cleaner and can be more controlled and fine tuned - where sysprep is just a closed-source binary blob and who knows what it’s doing under the hood.

@THEMCV It’s not just you.

Also, if you go the sysprep route, you will have to do this:
https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#FOG_Client_with_Sysprep

https://github.com/FOGProject/fog-community-scripts/tree/master/updateIP

So, wrote a script that changes a fog server’s IP address for you - including updating DHCP configurations on the local server too, if it’s marked inside of .fogsettings.

Also - this script supports configuring up to 4 network interfaces, I thought coding for more than 4 would be excessive.

The script also supports multi-homed FOG Servers. Meaning you can have 2 or 3 or 4 NICs all on totally different networks, the script will just ask you which one you want to use, and it’ll configure the server and DHCP appropriately including empty DHCP configurations for the non-chosen networks.

The script fully respects /opt/fog/.fogsettings fields for bldhcp, dodhcp, and bootfilename fully.

It purposely does not respect startrange, endrange,submask,ipaddress,plainrouter,routeraddress,dnsaddress. These values get updated based on the actual configuration of the only/chosen NIC.

How to use

Update your IP address, dns address, router address, and submask according to your distribution’s instructions. Clone the fog-community-scripts repository, navigate to the updateIP directory, then simply run ./updateIP

The legacy client for Win10 isn’t supported - per @Joe-Schmitt - a senior developer. You’ll need to move to FOG Trunk.

@Wayne-Workman said in upgrading fog on a standalone network:

@fredlwal Sounds like you have a proxy or web filter that is doing some sort of wild DNS redirecting or web caching. others have had this issue in the past with the same two errors you just described.

Again, going to say it’s a webfilter / proxy / firewall issue.

Try adding it manually:

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

When this fails, try to curl the hosting site:

curl https://launchpad.net/~ondrej/+archive/ubuntu/php

For future readers - FOG 1.2.0 has poor support for Windows 10, and the legacy fog client that comes with FOG 1.2.0 isn’t supported on Windows 10.

To gain full support for Windows 10, GPT disks, UEFI, newer nvme type disks, SSD disks, and numerous other hardware support to include Surface Pros, and better support for non-standard partition layout, along with incredible performance improvements, new features, and security benefits,

Please install the latest FOG 1.3.0 Release Candidate, and use the new FOG Client that comes with it.

I built my own routing management software: https://github.com/wayneworkman/OpenVPNRouter
Doesn’t have bells and whistles or a pretty web interface yet, but it routes, NATs, does firewall, prevents DNS snooping by forcefully rerouting all DNS queries to my chosen DNS server, sends my whole house’s traffic through a PIA VPN transparently, does DHCP, and emails me my Public IP every time I get a new one, and does port forwarding too, and has automatic “healing” for when the VPN connection goes down.

The project could use a whole lot of love, I could do so much with it. I’m just less interested in making it better now. I’m pursuing other things at the moment.

I’ve been thinking on this for a bit, and have thought of some far more complex ways to do it. I think that George’s below post is the best out of all the things I’ve thought of.

Basically have the post-install scripts write a .bat file on the local hdd with the needed arguments. Then make a snapin that runs a .bat file - and that just execute the local .bat file.