Installing FreeGhost under Debian

For those sysadmin's like myself condemed to installing dire and crappy software, these instructions are for you. FreeGhost is some ghastly PHP spaghetti-logic-driven abortion thing that attempts to do everything and anything...none of it well. I had two options, support FreeGhost or Norton Ghost, alas eating my own feces was not given as a third option, so I lumped for FreeGhost. After some other projects are out the way, I will put something together that will solve this opensource mess of imaging solutions and give us all something usable.

The instructions here are effectively complete, however some more ACL work needs to be done at some stage, if I can be bothered. The effort, in my honest opinion, would be better spent on actually putting together a good imaging solution.

As a sysadmin fighting the good fight, there are a few things you need to be aware of that you might have not picked up which makes FreeGhost particularly 'fruity' to live with:

So, on with the 'fun'...if you dare.

Dependencies

PXE Booting

We assume you have a central DHCP server and also are keen on PXE booting generally for other purposes, so the whole FreeGhost approach probably disgusts you. Fortunately we have worked out how to do things far more neatly.

Assuming you are using ISC DHCPd, you will need something like the following in your configuration. The IP 10.0.0.1, obviously amend to your needs, points to your master PXE booting server and not your FreeGhost box: 

class "pxe" {
  match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";

  default-lease-time 300;
  max-lease-time 600;

  next-server 10.0.0.1;
  filename "pxelinux.0";
}

We use pxelinux here at SOAS 1 and you can configure pxelinux to only fire up a menu if the 'Alt' key is pressed; I like to think 'Alt' for 'Alternative'. So you can have it default to booting to the FreeGhost TFTP server, using pxechain.cbt (see later), however if you use the alternative boot approach, you get your interactive menu. Win! 

# give us a prompt (if zero only when Shift, Alt, CapsLock or ScrollLock is pressed)
PROMPT       0

# prompt lives for centiseconds
TIMEOUT      1
TOTALTIMEOUT 1
ONTIMEOUT    menu

# no user tweaking of the boot options
ALLOWOPTIONS 0
NOESCAPE     0

# Default boot option to use
DEFAULT      fog

# Menus
LABEL local
  LOCALBOOT 0

# 1.2.3.4 is the IP of the FreeGhost box
LABEL fog
  COMBOOT /pxelinux.cfg/pxechain.com
  APPEND 1.2.3.4::pxelinux.0

LABEL menu
  CONFIG /pxelinux.cfg/default-menu

As you probably have worked out, default-menu is your interactive PXE menu setup. Enjoy.

pxechain.com

This used to involve a patch however fortunately it is now in the main syslinux source tree.

Something on our TODO list is to add failure support to the COM module so that if it fails to chain boot to the next PXE server it will automagically boot straight off the localhost's harddisk. If you want to do the work, then please do and let us have the changes.

Installing

Base Install

$ cd /usr/src
$ wget http://.../fog_0.25.tar.gz
$ tar zxf fog_0.25.tar.gz
# lvcreate -L 10G -n fog lvm-hostname
# mkfs.xfs -L fog /dev/lvm-hostname/fog
# echo "LABEL=fog /var/lib/fog xfs noatime,nosuid,nodev,noexec 0 10" >> /etc/fstab
# mkdir /var/lib/fog
# mount /var/lib/fog
# useradd -s /bin/false -d /var/lib/fog fog
# cp -a /usr/src/fog_0.25/packages/tftp /var/lib/fog
# mkdir -p /var/lib/fog/images/dev
# ln -s /var/lib/fog/images /images
# chown fog:fog -R /var/lib/fog/
# chmod g+s /var/lib/fog/images
# setfacl -R -m u:ftp:rwx /var/lib/fog/tftp/fog /var/lib/fog/tftp/pxelinux.cfg
# setfacl -m u:ftp:wx images
# chmod 777 /var/lib/fog/images/dev
# touch /var/lib/fog/images/.mntcheck
# touch /var/lib/fog/images/dev/.mntcheck
# mkdir /var/lib/fog/log
# chown -R www-data:staff /var/lib/fog/log
# mkdir /usr/local/share/fog
# cp -a /usr/src/fog_0.25/packages/web     /usr/local/share/fog/
# cp -a /usr/src/fog_0.25/packages/service /usr/local/share/fog/
# chown -R root:staff /usr/local/share/fog

Now apply the patches:

You will also need to amend /var/lib/fog/tftp/pxelinux.cfg/default to point to the correct DNS server, so replace 1.1.1.38 with whatever your primary DNS server is. You should also amend 1.1.1.100 to the DNS name 'fog.example.com' too.

Web Service

$ cat /etc/apache2/sites-available/fog
<VirtualHost 1.2.3.4:80>
  ServerName fog.example.com

  ServerAdmin sysadmin@example.com

  DocumentRoot /usr/local/share/fog/web/

  DirectoryIndex index.html index.php

  # removes the ajax and other pointless guff from the logs
  # N.B. only works from inside a <Virtualhost/> element
  <IfModule mod_setenvif.c>
    SetEnvIf Request_URI "/status/(bandwidth|freespace)\.php$" dontlog
    SetEnvIf Request_URI "/management/phpimages/bandwidth\.(update|phpgraph)\.php$" dontlog
    SetEnvIf Request_URI "/management/phpimages/30day\.phpgraph\.php$" dontlog
    SetEnvIf Request_URI "/management/ajax/bandwidth\.update\.php$" dontlog

    CustomLog "|/usr/bin/cronolog -S  /var/lib/fog/log/access.log /var/lib/fog/log/access-%Y%U.log" common env=!dontlog
  </IfModule>
  <IfModule !mod_setenvif.c>
    CustomLog "|/usr/bin/cronolog -S  /var/lib/fog/log/access.log /var/lib/fog/log/access-%Y%U.log" common
  </IfModule>
  ErrorLog "|/usr/bin/cronolog -S /var/lib/fog/log/error.log /var/lib/fog/log/error-%Y%U.log"

  # muppets cannot live without hardcoding '/fog/' everywhere :-/
  Alias /fog/ /usr/local/share/fog/web/

  <Directory /usr/local/share/fog/web/>
    Options -All

    <IfModule mod_fcgid.c>
      <Files *.php>
        Options +ExecCGI

        SetHandler fcgid-script
        FCGIWrapper /usr/bin/php-cgi .php
      </Files>
    </IfModule>
  </Directory>
</VirtualHost>

cat /usr/local/share/fog/web/commons/config.php
[snipped]
// if you want a proxy use the following
//define( "FOG_HTTPPROXY", 'http://proxy.example.com:3128' );

// real wol support, send the packets to 1.2.3.255 and 1.2.4.255, for example
//define( "FOG_WOL_ADDRESSES", serialize(array('1.2.3.255', '1.2.4.255')) );

define( "MYSQL_HOST", "localhost" );
define( "MYSQL_DATABASE", "fog" );
define( "MYSQL_USERNAME", "root" );
define( "MYSQL_PASSWORD", "whatever here is your password" );
[snipped]

Now go to http://fog.example.com/ and login (user: fog, pass: password) and go straight to the 'FOG Settings' section under the information section of the managment panel; lurking under the info 'i' button, second from the far right hand side. Change the settings so that the hostnames are all 'fog.example.com' and keep an eye on FOG_SERVICE_AUTOLOGOFF_BGIMAGE as it keeps adding \'s all the time. You might want to also amend your network interface to 'bond0' if you are being cunning and using link aggregation to get better performance.

You also need to amend the FTP/TFTP bits:

FOG_TFTP_HOST:

127.0.0.1

FOG_TFTP_FTP_USERNAME:

anonymous

FOG_TFTP_FTP_PASSWORD:

{empty}

FOG_TFTP_PXE_CONFIG_DIR:

tftp/pxelinux.cfg/

FOG_PXE_IMAGE_DNSADDRESS:

{ip address of primary dns server}

You need to also amend the 'Storage Node' so that the default (and only one):

IP Address:

1.2.3.4 (must be the IP address of the server)

Image Location:

/images/

Management Username:

anonymous

Management Password:

{empty}

Supporting Services

Now edit /usr/local/share/fog/service/etc/config.php to update the following: 

// yes, that's *UPD*.... :-/
define( "UPDSENDERPATH", "/usr/sbin/udp-sender" );

define( "MULTICASTLOGPATH", "/var/lib/fog/log/multicast.log" );

define( "MULTICASTINTERFACE", "bond0" );

define( "MYSQL_PASSWORD", "whatever you plan on using here" );

define( "REPLICATORLOGPATH", "/var/lib/fog/log/fogreplicator.log" );

Now edit your /etc/exports file to show: 

/images         *(ro,no_subtree_check,sync,no_wdelay,no_root_squash,insecure,insecure_locks)
/images/dev     *(rw,no_subtree_check,sync,no_wdelay,no_root_squash,insecure)

# cp /usr/src/fog_0.25/packages/init.d/ubuntu/FOG* /etc/init.d/
# chown root:root /etc/init.d/FOG*
# chmod +x /etc/init.d/FOG*
# update-rc.d FOGMulticastManager defaults
# update-rc.d FOGImageReplicator defaults

Amend /etc/init.d/FOGImageReplicator: 

DAEMON=/usr/local/share/fog/service/FOGImageReplicator/FOGImageReplicator

Amend /etc/init.d/FOGMulticastManager 

DAEMON=/usr/local/share/fog/service/FOGMulticastManager/FOGMulticastManager

Depending on whether you have switches or hubs in your network, you might want to change the two seperate 'udp-sender' calls to not use '--half-duplex' but instead '--full-duplex' in '/usr/local/share/fog/service/common/lib/MulticastTask.class.php' too. Now start both those services.

Now to configure the FTP service: 

# mkdir /home/ftp
# grep -v "^#" /etc/vsftpd.conf
listen=YES
tcp_wrappers=YES
chown_username=fog
anon_upload_enable=YES
anon_umask=022
delete_failed_uploads=YES
anon_other_write_enable=YES
anon_root=/var/lib/fog
anonymous_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem

# echo "vsftpd: ALL" >> /etc/hosts.deny
# echo "vsftpd: localhost 1.2.3.4" >> /etc/hosts.allow

# /etc/init.d/vsftpd restart

Now edit '/etc/default/tftpd-hpa' to be: 

# cat /etc/default/tftpd-hpa 
RUN_DAEMON="yes"
OPTIONS="-l -v -u nobody -p -s /var/lib/fog/tftp/"

# /etc/init.d/tftpd-hpa restart

  1. I really wanted to use Etherboot but time was pressing so maybe another day (1)

www: freeghost (last edited 2009-08-10 11:13:46 by alex)