Installing FreeGhost under Debian
For those sysadmin's like myself condemed to installing dire and crappy software, these instructions are for you. FreeGhost is some ghastly PHP spaghetti-logic-driven abortion thing that attempts to do everything and anything...none of it well. I had two options, support FreeGhost or Norton Ghost, alas eating my own feces was not given as a third option, so I lumped for FreeGhost. After some other projects are out the way, I will put something together that will solve this opensource mess of imaging solutions and give us all something usable.
The instructions here are effectively complete, however some more ACL work needs to be done at some stage, if I can be bothered. The effort, in my honest opinion, would be better spent on actually putting together a good imaging solution.
As a sysadmin fighting the good fight, there are a few things you need to be aware of that you might have not picked up which makes FreeGhost particularly 'fruity' to live with:
- multiple imagings at once are multicasted on the same group address but just using different port numbers
the idea that it has to be your master TFTP server and is keen to be your DHCP server raises eyebrows, fortunately this can be tammed
- there is no 'authentication' for imaging a PC...anyone can come along and install one of your VLKM Windows images on any kit...great!
- NFS being globally writable makes it interesting so that people could upload dubious images
- a mysql database, to connect to as root eh...any ACL's in there at all, you guessed it...no
so, a seperate NFS, TFTP and FTP services? TFTP is obviously justifiable, however yes the FreeGhost team did it again and pointless added FTP and NFS to the mix, when they could have just used udpcast, or hell even tftp. "All hail FreeGhost and their wisdom..."
- they reinvented cron :-/
- [insert here countless other "dear god no" moments as I come across them]
So, on with the 'fun'...if you dare.
Dependencies
- apache2-mpm-worker
- libapache2-mod-fcgid
- mysql-server
- tftpd-hpa
udpcast - from the udpcast website though, not the regular Debian one as it's too old
- vsftpd
- nfs-kernel-server
- wakeonlan
- php5-cgi
- php5-cli
- php5-mysql
- php5-curl
- php5-gd
- cronolog
- acl
- htmldoc
PXE Booting
We assume you have a central DHCP server and also are keen on PXE booting generally for other purposes, so the whole FreeGhost approach probably disgusts you. Fortunately we have worked out how to do things far more neatly.
Assuming you are using ISC DHCPd, you will need something like the following in your configuration. The IP 10.0.0.1, obviously amend to your needs, points to your master PXE booting server and not your FreeGhost box:
class "pxe" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
default-lease-time 300;
max-lease-time 600;
next-server 10.0.0.1;
filename "pxelinux.0";
}We use pxelinux here at SOAS 1 and you can configure pxelinux to only fire up a menu if the 'Alt' key is pressed; I like to think 'Alt' for 'Alternative'. So you can have it default to booting to the FreeGhost TFTP server, using pxechain.cbt (see later), however if you use the alternative boot approach, you get your interactive menu. Win!
# give us a prompt (if zero only when Shift, Alt, CapsLock or ScrollLock is pressed) PROMPT 0 # prompt lives for centiseconds TIMEOUT 1 TOTALTIMEOUT 1 ONTIMEOUT menu # no user tweaking of the boot options ALLOWOPTIONS 0 NOESCAPE 0 # Default boot option to use DEFAULT fog # Menus LABEL local LOCALBOOT 0 # 1.2.3.4 is the IP of the FreeGhost box LABEL fog COMBOOT /pxelinux.cfg/pxechain.com APPEND 1.2.3.4::pxelinux.0 LABEL menu CONFIG /pxelinux.cfg/default-menu
As you probably have worked out, default-menu is your interactive PXE menu setup. Enjoy.
pxechain.com
This used to involve a patch however fortunately it is now in the main syslinux source tree.
Something on our TODO list is to add failure support to the COM module so that if it fails to chain boot to the next PXE server it will automagically boot straight off the localhost's harddisk. If you want to do the work, then please do and let us have the changes.
Installing
Base Install
$ cd /usr/src $ wget http://.../fog_0.25.tar.gz $ tar zxf fog_0.25.tar.gz # lvcreate -L 10G -n fog lvm-hostname # mkfs.xfs -L fog /dev/lvm-hostname/fog # echo "LABEL=fog /var/lib/fog xfs noatime,nosuid,nodev,noexec 0 10" >> /etc/fstab # mkdir /var/lib/fog # mount /var/lib/fog # useradd -s /bin/false -d /var/lib/fog fog # cp -a /usr/src/fog_0.25/packages/tftp /var/lib/fog # mkdir -p /var/lib/fog/images/dev # ln -s /var/lib/fog/images /images # chown fog:fog -R /var/lib/fog/ # chmod g+s /var/lib/fog/images # setfacl -R -m u:ftp:rwx /var/lib/fog/tftp/fog /var/lib/fog/tftp/pxelinux.cfg # setfacl -m u:ftp:wx images # chmod 777 /var/lib/fog/images/dev # touch /var/lib/fog/images/.mntcheck # touch /var/lib/fog/images/dev/.mntcheck # mkdir /var/lib/fog/log # chown -R www-data:staff /var/lib/fog/log # mkdir /usr/local/share/fog # cp -a /usr/src/fog_0.25/packages/web /usr/local/share/fog/ # cp -a /usr/src/fog_0.25/packages/service /usr/local/share/fog/ # chown -R root:staff /usr/local/share/fog
Now apply the patches:
You will also need to amend /var/lib/fog/tftp/pxelinux.cfg/default to point to the correct DNS server, so replace 1.1.1.38 with whatever your primary DNS server is. You should also amend 1.1.1.100 to the DNS name 'fog.example.com' too.
Web Service
$ cat /etc/apache2/sites-available/fog
<VirtualHost 1.2.3.4:80>
ServerName fog.example.com
ServerAdmin sysadmin@example.com
DocumentRoot /usr/local/share/fog/web/
DirectoryIndex index.html index.php
# removes the ajax and other pointless guff from the logs
# N.B. only works from inside a <Virtualhost/> element
<IfModule mod_setenvif.c>
SetEnvIf Request_URI "/status/(bandwidth|freespace)\.php$" dontlog
SetEnvIf Request_URI "/management/phpimages/bandwidth\.(update|phpgraph)\.php$" dontlog
SetEnvIf Request_URI "/management/phpimages/30day\.phpgraph\.php$" dontlog
SetEnvIf Request_URI "/management/ajax/bandwidth\.update\.php$" dontlog
CustomLog "|/usr/bin/cronolog -S /var/lib/fog/log/access.log /var/lib/fog/log/access-%Y%U.log" common env=!dontlog
</IfModule>
<IfModule !mod_setenvif.c>
CustomLog "|/usr/bin/cronolog -S /var/lib/fog/log/access.log /var/lib/fog/log/access-%Y%U.log" common
</IfModule>
ErrorLog "|/usr/bin/cronolog -S /var/lib/fog/log/error.log /var/lib/fog/log/error-%Y%U.log"
# muppets cannot live without hardcoding '/fog/' everywhere :-/
Alias /fog/ /usr/local/share/fog/web/
<Directory /usr/local/share/fog/web/>
Options -All
<IfModule mod_fcgid.c>
<Files *.php>
Options +ExecCGI
SetHandler fcgid-script
FCGIWrapper /usr/bin/php-cgi .php
</Files>
</IfModule>
</Directory>
</VirtualHost>cat /usr/local/share/fog/web/commons/config.php
[snipped]
// if you want a proxy use the following
//define( "FOG_HTTPPROXY", 'http://proxy.example.com:3128' );
// real wol support, send the packets to 1.2.3.255 and 1.2.4.255, for example
//define( "FOG_WOL_ADDRESSES", serialize(array('1.2.3.255', '1.2.4.255')) );
define( "MYSQL_HOST", "localhost" );
define( "MYSQL_DATABASE", "fog" );
define( "MYSQL_USERNAME", "root" );
define( "MYSQL_PASSWORD", "whatever here is your password" );
[snipped]Now go to http://fog.example.com/ and login (user: fog, pass: password) and go straight to the 'FOG Settings' section under the information section of the managment panel; lurking under the info 'i' button, second from the far right hand side. Change the settings so that the hostnames are all 'fog.example.com' and keep an eye on FOG_SERVICE_AUTOLOGOFF_BGIMAGE as it keeps adding \'s all the time. You might want to also amend your network interface to 'bond0' if you are being cunning and using link aggregation to get better performance.
You also need to amend the FTP/TFTP bits:
FOG_TFTP_HOST: |
127.0.0.1 |
FOG_TFTP_FTP_USERNAME: |
anonymous |
FOG_TFTP_FTP_PASSWORD: |
{empty} |
FOG_TFTP_PXE_CONFIG_DIR: |
tftp/pxelinux.cfg/ |
FOG_PXE_IMAGE_DNSADDRESS: |
{ip address of primary dns server} |
You need to also amend the 'Storage Node' so that the default (and only one):
IP Address: |
1.2.3.4 (must be the IP address of the server) |
Image Location: |
/images/ |
Management Username: |
anonymous |
Management Password: |
{empty} |
Supporting Services
Now edit /usr/local/share/fog/service/etc/config.php to update the following:
// yes, that's *UPD*.... :-/ define( "UPDSENDERPATH", "/usr/sbin/udp-sender" ); define( "MULTICASTLOGPATH", "/var/lib/fog/log/multicast.log" ); define( "MULTICASTINTERFACE", "bond0" ); define( "MYSQL_PASSWORD", "whatever you plan on using here" ); define( "REPLICATORLOGPATH", "/var/lib/fog/log/fogreplicator.log" );
Now edit your /etc/exports file to show:
/images *(ro,no_subtree_check,sync,no_wdelay,no_root_squash,insecure,insecure_locks) /images/dev *(rw,no_subtree_check,sync,no_wdelay,no_root_squash,insecure)
# cp /usr/src/fog_0.25/packages/init.d/ubuntu/FOG* /etc/init.d/ # chown root:root /etc/init.d/FOG* # chmod +x /etc/init.d/FOG* # update-rc.d FOGMulticastManager defaults # update-rc.d FOGImageReplicator defaults
Amend /etc/init.d/FOGImageReplicator:
DAEMON=/usr/local/share/fog/service/FOGImageReplicator/FOGImageReplicator
Amend /etc/init.d/FOGMulticastManager
DAEMON=/usr/local/share/fog/service/FOGMulticastManager/FOGMulticastManager
Depending on whether you have switches or hubs in your network, you might want to change the two seperate 'udp-sender' calls to not use '--half-duplex' but instead '--full-duplex' in '/usr/local/share/fog/service/common/lib/MulticastTask.class.php' too. Now start both those services.
Now to configure the FTP service:
# mkdir /home/ftp # grep -v "^#" /etc/vsftpd.conf listen=YES tcp_wrappers=YES chown_username=fog anon_upload_enable=YES anon_umask=022 delete_failed_uploads=YES anon_other_write_enable=YES anon_root=/var/lib/fog anonymous_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES secure_chroot_dir=/var/run/vsftpd pam_service_name=vsftpd rsa_cert_file=/etc/ssl/certs/vsftpd.pem # echo "vsftpd: ALL" >> /etc/hosts.deny # echo "vsftpd: localhost 1.2.3.4" >> /etc/hosts.allow # /etc/init.d/vsftpd restart
Now edit '/etc/default/tftpd-hpa' to be:
# cat /etc/default/tftpd-hpa RUN_DAEMON="yes" OPTIONS="-l -v -u nobody -p -s /var/lib/fog/tftp/" # /etc/init.d/tftpd-hpa restart