N.B. I have been clobbering FOG for a while and come to the conclusion it really is wandering now a path of self destruction. Adding new functionality is horrible, forwards and backwards compatibility is going to be a nightmare and the whole system, relies on manually configuring huge chunks of it that could be cleanly automatically detected. Even simple things like partition tables have been completely fscked up and handled badly. A shame, FOG has so much to offer. I need to continue my work on LanWarden but maybe I will return to opensource imaging and start a project anew; meanwhile the instructions below are enough to get FOG running sanely and vaguely safely on a Debian box
This just contains some rough Work-In-Progress notes for installing FreeGhost (aka FOG) under Debian. I'll tidy this up once everything is stable, hell maybe I'll even roll a Debian package :)
These instructions also fix a number of flaws in FOG. Patches to apply can be found in my website at http://www.digriz.org.uk/files/fog/patches/.
Accurate for version 0.15...
runs tftpd service as root
AJAX security clash so 'disk space free' box might not work
uses an external application for WoL; worse still it needlessly runs it as root ignoring that you do not need to be root to send UDP broadcast packets
the wake-on-lan functionality only will send to a single destination (usually the local broadcast address) so WoL across subnets is nasty
the TFTP system is rather limiting and for organisations that already have a PXE booting environment
too much hardcoded IP bits scatered about (IP's for DNS/web servers in the TFTP booting for example)
the FOG maintainers know nothing about how multicast works so if you multicast image you have a fixed 'maximum speed'. For example if you image a single session at 10MB/s and you fire up a second one, both streams will drop to 5MB/s. This is because all receiving hosts receive both streams as only the port number changes. This would be noticable if you have a faster link speed on your FOG box than the clients do (for example your FOG server is on a bonded 2x1Gbps link whilst your clients are on 100Mbps links)
strange relationship (is it needed?) between (TFTP|WEB|STORAGE)_HOST. You would expect they were either all the same machine, and if not the WEB_HOST would have NFS exports of the others. I have decided that my 'fork' will rely on this as it simplifies the codebase and makes the security element of the access to the images and whatnot an OS problem and not something within the control of FOG. This is going to take time to do so it will take place at some stage. It is bizarre that the FOG authors use NFS but then ignore it completely and choose FTP to bring the storage and TFTP together. One of my patches removes all the FTP nonsense
NFS is really not needed for unicast and should be disposed of (udpcast has a unicast mode)
unsure what the authors were smoking but the multicast manager needs a rewrite to deal with scheduled imaging and make use of cron/atd to do the hard step
the initrd file needs re-doing, unsure why half an OS is in there when we live in a world where RIP exists and is far better for the job. By redoing this it can be made smaller (using cpio saves us the hassle of using ext3, wtf?, and makes the initrd as small as possible) and also make everything more dynamically configurable without the need to hard code things. The kitchen kernel could be replaced with a Debian stock kernel I feel too
the cookie based authentication is nasty, why people reinvent the wheel I do not know. Move to using Apache for authentication, then we can use HTTP Digest based auth and speak to LDAP backends and what not; saves you having to SSL everything
it's insane how FOG tells clients what to do when they boot (via a large number of kernel parameters) so I plan to kill this all off and replace it with a system where the workstation re-downloads the TFTP PXE boot file it uses and store a commented out script of instructions the workstation is to execute at the other end. This gives us few forwards and backwards compatibility without adding a whole complicated mish-mash of kernel parameters that are unmaintainable
Aptitude will handle the dependencies so do not worry about the 'extras' like mysql-client and such.
( apache2-mpm-prefork & php5-cgi & libapache2-mod-fcgid ) | ( libapache2-mod-php5 & apache2-prefork )
tftpd-hpa
udpcast
php5-mysql
mysql-server
php5-curl
php5-gd
iproute (for my patches)
nfs-kernel-server (to be phased out)
vsftpd (to be phased out)
crond (to be phased in)
atd (to be phased in)
syslinux (if you are not running on x86 architechture copy the 'pxelinux.0' file over)
All this static IP's being hardcoded all over the place give me the shakes so by using the IPAPPEND functionality (although not recommended, in our case I think it is justified as the machine is being nuked) we can auto-detect the location of the FOG webserver without the need for DNS.
Tweak the 'usr/local/fog/lib/funcs.sh' in the standard init.gz file so that the 'setupDNS()' function is just:
# engage lazilator, saves us tweaking code everywhere for now
# TODO: stop being lazy and do this properly
function setupDNS()
{
bootip=`grep bootserver /proc/net/pnp`
bootip=${bootip:11}
web=$bootip/fog/
ftp=$bootip
storageip=$bootip
storage=$storageip:/images
if [ "$type" = "up" ]; then
storage=${storage}/dev
fi
}
Then in the initrd mounted directory type:
ln -s /sbin/init init find . | cpio --quiet -H newc -o | gzip -9 -n > ../initrd.img
This will give you a more automagical initrd.img file. Of course you could just use my initrd.img and bzImage (I re-rolled the kernel as there was guff in there that was not needed, my kitchen sink .config is also available).
Run the following commands:
$ cd /usr/src $ wget http://fog.website/fog-latest.tar.gz $ tar -zxf fog-latest.tar.gz $ mkdir fog-patches $ cd fog-patches $ wget http://www.digriz.org.uk/files/fog/<various-patches> # mkdir -p /var/lib/fog/tftpboot /var/lib/fog/pxelinux.cfg # cp /usr/src/fog-latest/packages/tftp/boot.txt /var/lib/fog/tftpboot # cp -r /usr/src/fog-latest/packages/tftp/fog/images /var/lib/fog/tftpboot # cp -r /usr/src/fog-latest/packages/tftp/fog/kernel /var/lib/fog/tftpboot # ln -s /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot/ # ln -s /var/lib/fog/tftpboot /var/lib/tftpboot/fog # ln -s /var/lib/fog/pxelinux.cfg /var/lib/tftpboot/ # mkdir -p /var/lib/fog/images/dev # chown -R www-root /var/lib/fog/images # chmod 777 /var/lib/fog/images/dev # touch /var/lib/fog/images/.mntcheck /var/lib/fog/images/dev/.mntcheck # ln -s /var/lib/fog/images /images # mkdir -p /usr/share/fog/ # cp -r /usr/src/fog-latest/packages/web /usr/share/fog/ # cp -r /usr/src/fog-latest/packages/service /usr/share/fog/ # cp /usr/src/fog_0.15/packages/init.d/ubuntu/FOGMulticastManager /etc/init.d # ln -s /etc/init.d/FOGMulticastManager /etc/rc2.d/S99FOGMulticastManager # ln -s /usr/share/fog/web /var/www/fog # ln -s /etc/apache2/sites-available/fog /etc/apache2/sites-enabled/fog # cd /usr/share/fog/web/ # patch -p1 < /usr/src/fog-patches/*
Edit '/usr/share/fog/service/etc/config.php' so that:
define( "UPDSENDERPATH", "/usr/bin/udp-sender"); define( "MULTICASTLOGPATH", "/var/log/fog-multicast.log" ); define( "MULTICASTDEVICEOUTPUT", "/dev/null" );
Now create the file '/var/lib/fog/pxelinux.cfg/default':
DISPLAY fog/boot.txt
PROMPT 1
TIMEOUT 30
DEFAULT fog.local
LABEL fog.local
localboot 0
# okay, using IPAPPEND could be considered Evil(tm) however as
# hopefully our imaging time is less than our lease time we
# should be on safe ground...right?
LABEL fog.reg
kernel fog/bzImage
append initrd=fog/initrd.img mode=autoreg quiet
IPAPPEND 1
LABEL fog.reginput
kernel fog/bzImage
append initrd=fog/initrd.img mode=manreg quiet
IPAPPEND 1
LABEL fog.debug
kernel fog/bzImage
append initrd=fog/initrd.img mode=onlydebug quiet
IPAPPEND 1
Type:
# chown www-data:root /var/lib/fog/pxelinux.cfg # chmod 755 /var/lib/fog/pxelinux.cfg # chown root:root /var/lib/fog/pxelinux.cfg/default # chmod 444 /var/lib/fog/pxelinux.cfg/default
Change '/etc/default/tftpd-hpa' to say:
#Defaults for tftpd-hpa RUN_DAEMON="yes" OPTIONS="-l -v -m /var/lib/fog/tftp-remap /var/lib/tftpboot /var/lib/fog/tftpboot /usr/lib/syslinux /var/lib/fog/pxelinux.cfg"
Create the file '/var/lib/fog/tftp-remap' that contains:
re \/\(.*\) /var/lib/tftpboot\1 re .* /var/lib/tftpboot/\0
Edit the file '/etc/exports' and make it contain the following:
/images *(ro,sync,no_wdelay,insecure_locks,no_root_squash,insecure,no_subtree_check) /images/dev *(rw,sync,no_wdelay,no_root_squash,insecure,no_subtree_check)
And now run:
# /etc/init.d/FOGMulticastManager start # /etc/init.d/nfs-kernel-server restart # /etc/init.d/tftpd-hpa start
Dribbling Deadrat/Ubuntu/Gentoo lusers will probably think libapache2-mod-php5 is the way forward...ho ho, they'll learn one day and the hard way. For the rest of us that know better mod_fcgid is the way forward.
Create the file '/etc/apache2/sites-available/fog' and make it contain the following:
# removes the ajax guff from the logs
# N.B. only works from inside a <Virtualhost/> element
# otherwise you make this global (should be harmless though)
<IfModule mod_setenvif.c>
SetEnvIf Request_URI "/bandwidth\.(update|phpgraph)\.php$" dontlog
#CustomLog /var/log/apache2/access_log common env=!dontlog
</IfModule>
<Directory /usr/share/fog/web/>
Options -All
<IfModule mod_fcgid.c>
<Files *.php>
Options +ExecCGI
SetHandler fcgid-script
FCGIWrapper /usr/bin/php-cgi .php
</Files>
</IfModule>
</Directory>
As FOG development is a fast moving target (and unfortunately it's design has been a bit head-in-the-sand to the rest of the world about it) making it the centre of your TFTP/PXE world is probably a bad idea. You probably want to have the option to install OS's from your menu, run memdisk, run RIP, run memtest86+ all from a cute menu. FOG does not do this :-/
The solution is to continue running your master one but to have FOG as the default entry with a low timeout.
How do we do this, well you use pxelinux with a COM module that allows you to use an alternative TFTP server. The COM module is 'cooked' with:
nasm -f bin -l pxechain.lst -o pxechain.cbt pxechain.asm
Then to use it with pxelinux you have a menu entry like:
LABEL fog MENU LABEL FOG COMBOOT /pxelinux.cfg/pxechain.cbt APPEND 10.123.21.4::pxelinux.0