https://wiki.fogproject.org/wiki/api.php?action=feedcontributions&user=SebastianRoth&feedformat=atomFOG Project - User contributions [en]2024-03-29T10:51:01ZUser contributionsMediaWiki 1.30.0https://wiki.fogproject.org/wiki/index.php?title=FOG_Client&diff=12669FOG Client2023-10-21T14:01:16Z<p>SebastianRoth: /* Installing - Linux */</p>
<hr />
<div>This article applies to the new FOG Client, version 0.10+<br />
<br />
== The Different Installers ==<br />
<br />
The different installers are located in your FOG server's web interface. The link is always at the very bottom of every page, even if you're not logged into the fog server.<br />
<br />
[[File:Fog client link.png]]<br />
<br />
[[File:New FOGClient download link.png]]<br />
<br />
'''FOGService.msi''' - Windows only, and is ideal for network deployment.<br />
<br />
'''SmartInstaller.exe''' - This is the new default installer. It will work on all platforms.<br />
<br />
'''Debugger.exe''' - This is not listed in the web interface but is available from github [https://github.com/FOGProject/fog-client/releases here]. Only use this when the above two are not working. This build has more detailed logs that you can use for troubleshooting or a bug report.<br />
<br />
== Installing - Windows ==<br />
<br />
'''Prerequisites'''<br />
* .NET Framework version 4.0+ (Note: .NET 4 client profile will NOT work)<br />
You can download the framework from here: <br />
<br />
[https://www.microsoft.com/en-us/download/details.aspx?id=40779 Microsoft .NET Framework 4.5.1 (Offline Installer) for Windows Vista SP2, Windows 7 SP1, Windows 8, Windows Server 2008 SP2 Windows Server 2008 R2 SP1 and Windows Server 2012]<br />
<br />
Windows 10 comes with a version of .Net that will work.<br />
<br />
'''Installation'''<br />
* May use SmartInstaller or msi. Simply download either one of them and run.<br />
* Reboot to complete installation.<br />
<br />
'''Windows Limitations'''<br />
* CUPS printers are not yet supported<br />
<br />
== Installing - Linux ==<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
* xprintidle - This dependency is optional. If not installed AutoLogOut will not run. xprintidle basically just returns the idle time of an x window, therefore on a system without a GUI it is not needed and should not be installed. It should be available in standard package managers. E.G. apt-get, yum, or dnf<br />
<br />
=== Installing Mono ===<br />
<br />
Many distributions come with an out of date version of mono in their package manager. Therefore, do not attempt to install via your package manager without the below modifications or take a look at the instructions found on their website: https://www.mono-project.com/download/stable/#download-lin-centos<br />
<br />
'''Debian:'''<br />
<pre><br />
sudo apt install apt-transport-https dirmngr gnupg ca-certificates<br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb https://download.mono-project.com/repo/debian stable-buster main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list<br />
sudo apt update<br />
sudo apt install mono-complete<br />
</pre><br />
<br />
'''Ubuntu pre 22.04:'''<br />
<pre><br />
sudo apt install gnupg ca-certificates<br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list<br />
sudo apt update<br />
sudo apt install mono-complete<br />
</pre><br />
<br />
'''Ubuntu 22.04 and later:'''<br />
<pre><br />
sudo apt update<br />
sudo apt install nuget<br />
sudo apt install mono-complete<br />
sudo apt install apt-transport-https<br />
</pre><br />
<br />
'''CentOS'''<br />
<pre><br />
rpmkeys --import "http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef"<br />
su -c 'curl https://download.mono-project.com/repo/centos8-stable.repo | tee /etc/yum.repos.d/mono-centos8-stable.repo'<br />
yum install mono-complete<br />
</pre><br />
<br />
'''openSUSE and SLES'''<br />
<br />
You can install mono using SUSE One-Click files: [http://download.mono-project.com/repo/mono-complete.ymp http://download.mono-project.com/repo/mono-complete.ymp]<br />
<br />
'''others'''<br />
<br />
The FOG Client can be installed on any platform that can run the latest stable build of mono. To install:<br />
<br />
* Check your package manager for <font color="red">mono-complete</font>. After installing it run <font color="red">mono --version</font>. Ensure the version is at least 4.2._ . If it not, remove the package.<br />
* If your package manager had an old version of mono, see [http://www.mono-project.com/docs/compiling-mono/linux/ here] for how to compile mono<br />
<br />
If your system either has systemd or initd the client will be automatically configured to run on startup. If your system does not have either, you will need to configure your system to run the manual start command below on startup.<br />
<br />
To manually start and stop the service:<br />
<br />
<pre><br />
sudo /opt/fog-service/control.sh start<br />
</pre><br />
<pre><br />
sudo /opt/fog-service/control.sh stop<br />
</pre><br />
<br />
<br />
=== Installing fog-client SmartInstaller ===<br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo systemctl start FOGService<br />
</pre><br />
<pre><br />
sudo systemctl stop FOGService<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo systemctl stop FOGService<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
<br />
=== Linux Limitations ===<br />
* The FOG Tray is currently incompatible on linux systems. Regardless of what you set during installation, it will not run.<br />
* The following modules / features are not yet supported<br />
** Active Directory joining<br />
** PrinterManager<br />
<br />
== Installing - OSX ==<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
<br />
'''Installing Mono'''<br />
* If you are running El Capitan, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono Universal Installer</font> <br />
* Otherwise, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono 32-bit</font> <br />
<br />
'''Installation'''<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
* Reboot the system to complete the installation.<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo launchctl load -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
'''OSX Limitations'''<br />
* The follow modules / features are not yet supported<br />
** PrinterManager<br />
<br />
'''Logging'''<br />
<br />
You can find the client log file in /opt/fog-service/fog.log<br />
<br />
== Additional Details ==<br />
<br />
=== Features overview ===<br />
<br />
<br />
The purpose of the FOG Client is multi-fold.<br />
<br />
The client allows the host to automatically:<br />
* Auto logout -- Enables auto logout of users if inactive for specified period of time. 5 minute's is the minimum time as all others are way too soon, sometimes people may just be on a phone, or had to step out for a bathroom break.<br />
<br />
* Client Updater -- (Only on legacy clients) Allows the client to update it's modules if you had to customize things, or found a more recent build was needed for your environment.<br />
<br />
* Directory Cleaner -- (Only on legacy clients -- Only worked with Windows XP) Enables the client to remove directories on the host automatically. It lost operation after Windows XP due to UAC controls and better security mechanisms especially needed. Removed completely from the New client.<br />
<br />
* Display Manager -- Enables the client to adjust the resolution of the system on a per system basis, or global basis.<br />
<br />
* Power Management -- Allows you to specify a shutdown, WOL, or restart on a per-host basis. Format for the scheduling is CRON, and can be done on an individual host or through groups. There is no limit to the number of scheduled power tasks.<br />
<br />
* Host Registration -- Registers additional mac addresses to a pre-existing host if registered. The New client will also register the host under a pending status if the host is not already registered.<br />
<br />
* Hostname Changer -- Changes the hostname and joins the domain automatically.<br />
<br />
* Printer Manager -- Manages Printers for the host. Legacy client only added printer or added/removed printers. The No management for both new and legacy simply does nothing. Will remove all printers under Add/Remove type and only add back the printers as needed (Only Assigned Printers). Under Add Only (now FOG Managed Printers) only manages printers that are listed under the printer's GUI and those that are assigned to that host. In legacy client, it only added printers and never removed. Under the new client, it will ONLY manage printers assigned meaning if you remove a printer from a host, the new client will remove that printer.<br />
<br />
* Snapins -- Allows you to install programs or run scripts on the host similar to GPO or PDQDeploy.<br />
<br />
* Task Reboot -- This will just check if the client is in a tasking (other than a snapin tasking). If it is in a tasking, and the module is enabled, the host will be told to reboot. There is a third portion though in that if the user is logged in, and enforce is not enabled nothing will happen.<br />
<br />
* User Cleanup -- (Legacy clients only and again only on Windows XP). Works similar to Directory Cleanup but the entries you make are "safe" user profiles. If the user is not under this listing, it will be deleted. Will not work with the new client, and even legacy clients will not work on anything beyond Windows XP due to UAC and Interactive Service utilities.<br />
<br />
* User Tracker -- Just tracks who logs in/out of a client.<br />
<br />
=== Polling Behavior ===<br />
<br />
The new FOG Client found in FOG 1.3.0 and the Legacy FOG Client both rely on polling to get instructions. This means the FOG Client will regularly check with the specified FOG Server for settings and tasks. The New FOG Client's polling frequency can be adjusted in the FOG Web interface, by going to <font color="red">FOG Configuration -> FOG Settings -> FOG Client -> FOG_CLIENT_CHECKIN_TIME</font>. The minimum value is 30 seconds, anything specified lower than this will result in the FOG Client using 30 second polling intervals.<br />
<br />
The checkin-time is not rigid. There is an automatic and random staggering that is added to the checkin time. This prevents a large number of FOG Clients checking in at once in the event that all computers are started at the same time via WOL tasks.<br />
<br />
The frequency of the checkin-time determines how quickly the FOG Client will receive instructions from the FOG Server. If an image deployment is scheduled for a computer that is turned on, with a checkin-time of 60 seconds, means the FOG Client may begin initiating the task anywhere from 0 to 60 seconds + the random staggering time that is added. This same concept would apply to immediate power management tasks, snapin tasks, capture tasks, and so on. Scheduled tasks are not affected by this behavior, and if the target system is on when the scheduled task is to be ran, this will happen on time.<br />
<br />
=== Security Design ===<br />
<br />
Communications between the FOG Client (0.9.9+) and the FOG Server (1.3.0+) are secured using public key infrastructure.<br />
<br />
A Certificate Authority and private key is generated on the FOG server during first installation in this location:<br />
<br />
<pre>/opt/fog/snapins/ssl</pre><br />
<br />
The public certificate is generally located here:<br />
<pre>/var/www/html/fog/management/other/ssl</pre><br />
<br />
The client installs your servers’ certificate and the FOG Project certificate.<br />
<br />
The “FOG Project” CA (made by the FOG Project) serves two purposes:<br />
<br />
*SYSTEM level services need to be digitally signed otherwise windows will throw security errors. This can also be used to ensure no tampering was done with the client files<br />
<br />
*That certificate is used to “verify” upgrades. Lets say we release a patch for the client, the client will download the MSI from your server and check if it was signed by us. If the MSI was somehow tampered, the digital signature would no longer be valid.<br />
<br />
Using HTTP over HTTPS has no security benefit to the client. Why? Because all traffic is already encrypted. Here’s a very basic overview of how the new client communicates<br />
<br />
*Each client has a security token. This is used to prove to the server that the client is the actual host and not an impersonator. This token gets cycled constantly. When the client first makes contact, it encrypts its token and a proposed AES 256 key using RSA 4096 using your server’s public key. This public key is verified against the pinned server CA certificate by checking the x509 chain and fingerprints.<br />
<br />
*If the server accepts the security token and the new AES key, all traffic from that point on is AES 256 encrypted using that securely transmitted key.<br />
<br />
The whole point of our security model is to allow for secure communication over insecure medians.<br />
Even then, the client installation has an HTTPS option, but it serves no real security benefit.<br />
<br />
References: <br />
<br />
[https://forums.fogproject.org/topic/6325/invalid-security-token-without-any-security-tokens-being-set-also-ca-ssl-security-concerns/6 CA SSL security concerns]<br />
<br />
[https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Certificate and Public Key Pinning]<br />
<br />
[https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Certificate_and_Public_Key_Pinning Transport_Layer_Protection_Cheat_Sheet]<br />
<br />
==== Reset encryption data ====<br />
<br />
This pertains to the new fog client available in FOG 1.3.0 and above, and does not apply to the legacy fog client that was available in 1.2.0 and below.<br />
<br />
The "Reset encryption data" button can be found in an individual host's "General" area. You may also find this button in Groups "General" area. The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host or group of hosts.<br />
<br />
Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).<br />
<br />
In order to have encrypted traffic, the handshake must occur. During the handshake the server proves its identity to the client, and the client proves its identity to the server (using the security token). If the handshake fails (due to a bad security token), encryption cannot occur.<br />
<br />
The most common scenario where the security tokens for a client will be incorrect is if you manually uninstall a client, and then install it.<br />
<br />
If your Web interface is functional, you may place all computers into a group, and use the group to reset encryption on all hosts by simply clicking the "Reset encryption" button on the group's basic page. If you're web interface isn't working correctly and you need to manually reset the encryption for all hosts, you may follow the below steps.<br />
<br />
<pre><br />
mysql<br />
use fog<br />
UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";<br />
</pre><br />
<br />
<br />
=== Maintain Control Of Hosts When Building New Server ===<br />
<br />
Related Article: [[Migrate FOG]]<br />
<br />
This section only applies if your hosts have the new FOG client installed. The new FOG Client has been available in FOG since FOG 1.3.0.<br />
<br />
Because of the security model of FOG 1.3.0 and the new client, without the proper CA and ssl certificates present on a new fog server, any currently deployed hosts with the new fog client installed will ignore the new server and not accept commands from it. This is by design.<br />
<br />
In order to maintain control of existing hosts with existing new fog client deployments, you must copy this directory from the old server to the new server:<br />
<br />
* <font color="red">/opt/fog/snapins/ssl</font><br />
<br />
Copy the directory to a temporary location first. I would suggest <font color="red">/root</font><br />
<br />
<pre>cp -R /opt/fog/snapins/ssl /root</pre><br />
<br />
Then you can use scp to copy the directory (or some other method) to your new fog server. Run the below command from the '''old''' server, Where x.x.x.x is the new fog server's address:<br />
<br />
<pre>scp -rp /opt/fog/snapins/ssl root@x.x.x.x:/root</pre><br />
<br />
Or, the reverse. Run the below command from the '''new''' server, where x.x.x.x is the old fog server's address.<br />
<br />
<pre>scp -rp root@x.x.x.x:/opt/fog/snapins/ssl /root</pre><br />
<br />
Next, install fog. After the installation is complete, delete the ssl folder the installer made, and place your old ssl (from /root that you copied) in there. The ownership should be fogproject:apache on Red-Hat variants, should be fogproject:www-data on Debian variants. <font color="red">IMPORTANT:</font> Then '''re-run the installer.''' Instructions for the folder manipulation are below, assuming you followed the above instructions. On the '''new''' server:<br />
<br />
<pre><br />
rm -rf /opt/fog/snapins/ssl<br />
cp -R /root/ssl /opt/fog/snapins/ssl<br />
chown -R fogproject:apache /opt/fog/snapins/ssl #or fogproject:www-data for ubuntu and debian<br />
</pre><br />
<br />
If you do not care about maintaining control of existing hosts with existing new fog client deployments (because there is only 1 or 2), you can recreate your CA with the -C argument during installation: <br />
<br />
<pre>./installfog.sh -C</pre><br />
<br />
<font color="red">Note:</font> Recreating the CA (<font color="red">--recreate-CA</font> or <font color="red"> -C</font>) is '''very strongly advised against''' if you have many clients deployed already, because it resets the identity of the FOG Server. This causes all fog clients to distrust the server, and will require total reinstallation of all fog clients in an environment. However, you may recreate the keys (<font color="red">--recreate-keys</font>) safely and be able to still control the fog clients.<br />
<br />
=== FOG Client 0.10.0+ Installation Options ===<br />
<br />
==== Smart Installer ====<br />
<br />
SmartInstaller Switches<br />
<br />
All switches with <font color="red">--{OPTION}</font> can also be used as <font color="red">/{OPTION}</font><br />
<br />
* <font color="red">--server=</font> Specify the server address. Default is fogserver<br />
* <font color="red">--webroot=</font> Specify the webroot. Default is /fog<br />
* <font color="red">-h</font> or <font color="red">-https</font> Use https for server communication<br />
* <font color="red">-r</font> or <font color="red">-rootlog</font> Put fog.log in the root of the filesystem<br />
* <font color="red">-s</font> or <font color="red">--start</font> Automatically start the service after installation. Linux only<br />
* <font color="red">-t</font> or <font color="red">--tray</font> Enabled the FOG Tray and notifications - Windows and OSX only.<br />
* <font color="red">-u</font> or <font color="red">--uninstall</font> Uninstall the client<br />
* <font color="red">--upgrade</font> Upgrade the client<br />
* <font color="red">-l=</font> or <font color="red">--log=</font> Specify where to put the SmartInstaller log<br />
<br />
Reference: [https://news.fogproject.org/fog-client-v0-11-0-released-2/ https://news.fogproject.org/fog-client-v0-11-0-released-2/]<br />
<br />
==== MSI Switches ====<br />
<br />
<font color="red">msiexec /i FOGService.msi /quiet USETRAY="0" HTTPS="0" WEBADDRESS="192.168.1.X" WEBROOT="/fog" ROOTLOG="0"</font><br />
<br />
Firstly, all options are optional. Here’s what they all do:<br />
<br />
* <font color="red">USETRAY=</font> defaults to <font color="red">"1"</font>, if <font color="red">"0"</font> the tray will be hidden<br />
<br />
* <font color="red">HTTPS=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the client will use HTTPS (not recommended)<br />
<br />
* <font color="red">WEBADDRESS=</font> defaults to <font color="red">"fogserver"</font>, this is the ip/dns name of your server<br />
<br />
* <font color="red">WEBROOT=</font> defaults to <font color="red">"/fog"</font><br />
<br />
* <font color="red">ROOTLOG=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the fog.log will be at C:\fog.log, otherwise %PROGRAMFILES%\FOG\fog.log<br />
<br />
Reference: [https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2 https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2]<br />
<br />
=== FOG Client with Sysprep ===<br />
<br />
If you plan to use Sysprep before image capture and are also planning to use the FOG Client, You '''must''' disable the <font color="red">FOGService</font> service from running at boot before you Sysprep to take your image, and then re-enable it within your <font color="red">SetupComplete.cmd</font> file so that it is re-enabled '''after''' the image deployment is complete.<br />
<br />
Failing to do so will break the Sysprep post-deployment process with an error message that says "Windows Setup could not configure Windows to run on this computer’s hardware.”<br />
<br />
* Disable FOGService: <font color="red">Windows Control Pannel -> View by Small Icons -> Administrative Tools -> Services -> Right click FOGService -> Properties -> Startup Type -> Disabled</font><br />
<br />
* Re-enable FOGService post-imaging:<br />
<br />
Create the below file.<br />
<br />
<font color="red">C:\Windows\Setup\scripts\SetupComplete.cmd</font><br />
<br />
Place these lines within the file, and then save.<br />
<br />
<pre>sc config FOGService start= delayed-auto<br />
shutdown -t 0 -r</pre><br />
<br />
As the filename indicates, the script is called by windows after an image is deployed and post-sysprep operations are complete. It will re-enable the FOGService and then reboot the computer gracefully. After the computer reboots, the FOGService will start automatically and rename the computer if necessary, reboot if necessary, join the domain and reboot if necessary, and then perform any associated snapins.<br />
<br />
<font color="red">Note:</font> SetupComplete.cmd will not automatically run on OEM versions of windows, but will automatically run on Non-OEM versions of Windows. If you're using an OEM copy, you can use firstlogoncommands in unattend.xml to call SetupComplete.cmd<br />
<br />
<br />
An example of the firstlogincommands might be:<br />
<pre><component name=“Microsoft-Windows-Shell-Setup” processorArchitecture=“amd64” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” xmlns:wcm=“http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”><br />
<FirstLogonCommands><br />
<SynchronousCommand wcm:action=“add”><br />
<Description>SetupComplete</Description><br />
<Order>1</Order><br />
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine><br />
<RequiresUserInput>false</RequiresUserInput><br />
</SynchronousCommand><br />
</FirstLogonCommands></pre><br />
<br />
=== More Information ===<br />
<br />
More information about the fog client can be found here: [https://github.com/FOGProject/fog-client https://github.com/FOGProject/fog-client]</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Managing_FOG&diff=12662Managing FOG2022-11-02T16:50:45Z<p>SebastianRoth: /* Dashboard */</p>
<hr />
<div>== Managing FOG ==<br />
<br />
=== Dashboard ===<br />
Moved to https://docs.fogproject.org/en/latest/management/dashboard.html<br />
<br />
----<br />
<br />
=== Hosts ===<br />
Moved to https://docs.fogproject.org/en/latest/management/host-management.html<br />
<br />
----<br />
<br />
=== Groups ===<br />
Moved to https://docs.fogproject.org/en/latest/management/group-management.html<br />
<br />
----<br />
<br />
=== Images ===<br />
<br />
Moved to https://docs.fogproject.org/en/latest/management/image-management.html<br />
<br />
----<br />
<br />
=== Storage Management ===<br />
<br />
*The Storage Manager introduces the concept of '''Storage Groups.''' Basically, a storage group is a group of NFS servers that share images and share the load of computers being imaged. Any member of a storage group is referred to as a '''Storage Node.''' You may have as many storage groups as you wish and as many storage nodes within those groups as you wish. In each storage group, there is one storage node which is designated as the '''Master''' of that group. Basically, this '''Master''' node is the node where all image captures go, this node handles multicasting tasks for the group, and is the image replicator the for the group. This means that whatever images are stored on this node are what gets distributed to the entire group. <br />
<br />
*What this new system of storage management gives us is a distributed model for FOG which allows for more unicast transfers at a single time. We also gain data redundancy. We also take stress off of the main FOG server.<br />
<br />
*Below is a brief overview of Storage Groups<br />
<br />
[[Image:Nfsgroup.jpg]]<br />
<br />
*This image shows a single Storage Group and the flow of data within the group. The queue size of the system is the sum of the queue size of all the storage nodes within the system. So if you have 4 nodes each with a queue size of 10, then the queue size of the system is 40, which means 40 clients can be imaged (unicast) at one time. <br />
<br />
[[Image:StorageGroups.jpg]]<br />
<br />
*This image shows that it is possible to have multiple storage groups on your network, which are isolated from each other. This image also demonstrates, that captures always go to the master node and multicast session always send data from the master node. Images are pushed out from the master node of the group to all other members of the group.<br />
<br />
*'''Key Benefits'''<br />
*#Increased throughput<br />
*#Redundant Storage<br />
*#Scalability<br />
<br />
*Also see [[Knowledge_Base#Storage_Nodes | Storage Nodes]] for tutorials.<br />
<br />
==== Adding a Storage Node ====<br />
<br />
*Definition: Storage Nodes provide extra [http://www.fogproject.org/wiki/index.php?title=InstallationModes NFS/FTP storage space] which increases available throughput and redundancy within a network. They do not provide PXE, TFTP, or DHCP services at secondary sites. To enable additional PXE and TFTP services at secondary sites see this section: [[#Including_multiple_PXE_.2F_TFTP_servers|#Including multiple PXE / TFTP servers]]<br />
<br />
*Video Tutorial: http://www.youtube.com/watch?v=X72WthDGwsw&fmt=18 (old video but still valid infomation)<br />
<br />
*To add an additional storage node to the network, the computer should be prepared in the same way the main FOG server would be prepared (disable firewall, SELinux, etc). You can also safely mix operating systems for the nodes of you storage group, some nodes can be running fedora, and some can be running Ubuntu. It is important to update your storage nodes when you upgrade to a new version of FOG. Installation of a storage node is done with the same installer for a normal FOG server. Installation can be started by running the installer script, the steps are detailed below.<br />
<br />
*Surprisingly enough some users have actually gotten a Windows Storage node to work properly. See [[Windows_Storage_Node]] for more information on this.<br />
===== Installing the Node =====<br />
*To Install a node:<br />
*#Run the installation script, ./installfog.sh<br />
*#Select your operating system.<br />
*#When prompted for Server Installation Mode, select '''S''', for storage node.<br />
*#Enter the IP address of the storage node.<br />
*#Confirm you interface<br />
*#Then you will need to enter the IP address or host name of the node running the FOG database<br />
*#Then you will be prompted for a username (typically fogstorage)<br />
*#and a password that is located on the FOG server, that will allow the storage node to access the main FOG server's database. This information is located in the FOG management portal for convenience (on the main for server). It can be accessed via '''Other Information''' -> '''FOG settings''' -> section '''FOG Storage Nodes'''.<br />
*#You will then be prompted to confirm your installation settings, if they are correct press '''Y''' end hit '''Enter'''.<br />
*#When installation completes, the install will produce a username and password that will be needed to add the storage node to the FOG management portal. Username is "fog", password is in /opt/fog/.fogsettings<br />
<br />
===== Adding the Node to the Management Portal =====<br />
*To Add a Node<br />
*#Log into the FOG Management Portal<br />
*#Navigate to the '''Storage Management''' section.<br />
*#Click on '''Add Storage Nodes'''.<br />
*#For the '''Storage Node Name''', enter any alpha numeric string to represent the storage node. <br />
*#Enter any description you wish<br />
*#Enter the IP address of the storage node you are adding. This must be the IP address of the node, DO NOT use a hostname here or the node will not function correctly. <br />
*#Enter the maximum number of unicast clients you would like this node to handle at one time. The value that we recommend is 10. <br />
*#Is Master Node is a very dangerous settings, but for right now leave it unchecked, for more details please see: [[#Master Node Status]].<br />
*#Next, select the storage group you would like this member to be a part of, in our example we will pick '''Default'''<br />
*#Next, specify the image location on the storage node, typically '''/images/''', your image location should always end with a '''/'''.<br />
*#Next, you will want to check the box, to enable the node.<br />
*#The last two fields take the username and password that are generated during the installation of the storage node. username is "fog", password is in /opt/fog/.fogsettings<br />
*#Then click '''Add''' to have the node join the storage group.<br />
<br />
==== Monitoring The Master Node ====<br />
<br />
*On all storage nodes there is a new service (as of version 0.24) called FOGImageReplicator which is a very basic script which, if the node is the master, copies all of its images to all other nodes in the storage group. The coping is done every ten minutes by default, which means your images are NOT instantly duplicated to all nodes. <br />
<br />
*If you would like to view the status of the image replication, you can do so on the storage node by switching to tty3, by typing ctl + alt + f3. Output is also logged to a file in the '''/opt/fog/log''' directory.<br />
<br />
*FOGImageReplicator logs are also located in [[File:Config.png]] '''Fog Configuration''' --> '''Log Viewer''' --> '''FILE: [Select Image Replicator]'''<br />
<br />
==== Master Node Status ====<br />
<br />
*The '''Master Node''' (could be the server or a particular node) in a storage group is the node that distributes images files to all other nodes in the storage group.<br />
<br />
*If you have all your images distributed across 3 nodes in a storage group, '''if you add a new storage node that has no images stored on it, making that node master will cause it to take over and push it's image store of nothing to all other nodes, wiping out all of your images'''. So it is important to be very careful and backup your images when you change a node's master status.<br />
<br />
*Notes - You '''can''' have many storage nodes in a storage group. You '''can''' have one master storage node in a storage group. You '''can not''' have more than one master storage node in a storage group. You '''must have''' one master storage node for replication to take place to other nodes in the group. '''If''' a master storage node is set, all captures '''first''' go to the master storage node of the storage group the image is assigned to; and are '''then''' replicated to other storage nodes.<br />
<br />
==== Including multiple PXE / TFTP servers ====<br />
<br />
*A traditional Master Storage Node, [[#Adding_a_Storage_Node|as described above]] only provides File Storage redundancy. While this can help increase multicast throughput on a single network, all the machines under FOG management must be within the same subnet/VLAN so that DHCP broadcast requests can be directed to the Main server. (see note below)<br />
<br />
*<pre>'''Note:''' depending on the network, it may be possible to configure [http://en.wikipedia.org/wiki/UDP_Helper_Address iphelper] to forward packets to the Main FOG server</pre><br />
<br />
*The following instructions are intended to help configure additional Storage Nodes to operate independently on separate networks, while still syncing with and taking commands from a single Main FOG server.<br />
<br />
*Click here for instructions on setting up [[Multiple_TFTP_servers|multiple PXE / TFTP servers]]<br />
<br />
=== Users ===<br />
<br />
==== Overview ====<br />
<br />
*FOG has only two levels of users, '''regular''' users and '''mobile''' users. Regular users have access to the mobile portal and the full management portal. Mobile users have access to only the mobile management portal and Quick Image functions.<br />
<br />
==== Creating Accounts ====<br />
<br />
*All accounts are created under the "Users" section of the FOG portal. To create a new account click on the "New User" button on the left hand side of the page. All accounts must have a unique username, and a password. After filling in the required information click on the "Create User" button.<br />
<br />
==== Modifying Users ====<br />
<br />
*FOG accounts can be modified from within the users section. First you must locate the account you wish to modify by clicking on the "List all Users" button on the left hand side of the page. When a user is located, click on the edit button on the right hand side of the table.<br />
<br />
=== Tasks ===<br />
<br />
==== Overview ====<br />
<br />
*Tasks are all the actions that you can take on a computer, and in FOG there a numerous tasks that can be done including:<br />
<br />
*Deploy (Unicast)<br />
*Capture (Unicast) <br />
*Deploy - Multicast <br />
*Debug<br />
*Memory Test<br />
*Test Disk<br />
*Disk Surface Test<br />
*Recover (File Recovery)<br />
*Hardware Inventory<br />
*Password Reset<br />
*Deploy All Snapins<br />
*Deploy Single Snapin<br />
*Wake-Up<br />
*Deploy - Debug (Unicast)<br />
*Capture - Debug (Unicast)<br />
*Deploy - Without Snapins (Unicast)<br />
*Fast Wipe<br />
*Normal Wipe<br />
*Full Wipe<br />
*Virus Scan<br />
*Virus Scan - Quarantine<br />
*Donate<br />
*Torrent-Cast<br />
<br />
<br />
In the tasks section of FOG you can perform tasks on single hosts or groups of hosts. This section also allows you to monitor selective tasks, and stop/cancel tasks.<br />
<br />
==== General Tasks ====<br />
<br />
The general/common Tasks in FOG include unicast image capture, and unicast image send, as well as a multicast image send. In FOG, sending an image to the server is considered an image capture, and deploying an image to the client is called a send. Both of these tasks can be started directly from the search, list all hosts, and list all groups pages. <br />
<br />
To perform a simple image capture, click on the upward facing arrow next to the host. Captures are only possible on a host, not a group. Capturing an image will also overwrite any image file that may already exist for that host without any notification or confirmation.<br />
<br />
Please note that capturing images of Windows Vista and Windows 7 requires special command to be run on the clients prior to image capture. Please see [[What do I have to do to an image before capturing?]] for more details.<br />
<br />
For a video demonstration of an image capture, please see: http://www.youtube.com/watch?v=jPPZr0abVfg&fmt=18<br />
<br />
To perform a simple image send, click on the downward facing arrow next to the host. An image send can be done on a host or a group. When sending an image to multiple computers FOG works in queue mode, which means that it will only send to 10 (by default) computers at one time. This is done to keep the server from being overworked. As soon as the a machine finishes, another from the queue joins.<br />
<br />
To perform a multicast image send you must search for a group of hosts on the "Task Management" page. Multicast tasks can only be performed on a group of hosts. Multicast tasks will send to all the computers in the group at once, and the task will not start sending until all members of the group have connected with the server. After starting a multicast task, status can be view by clicking on [ctl]+[alt]+f2. A log is also kept for multicast transfers which is stored at /opt/fog/log.<br />
<br />
==== Advanced Tasks ====<br />
<br />
The advanced Tasks in FOG include everything that is not a simple capture, simple deploy or mutlicast deploy. <br />
<br />
=====Debug=====<br />
<br />
Debug mode boots the linux image to a bash prompt and allows the user to issue all commands by hand. <br />
<br />
=====Capture - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to capture the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to send the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Without Snapins)=====<br />
<br />
This task does a normal send task with the exception that if any snapins are associated with the host, they are not deployed to the host. <br />
<br />
=====Deploy All Snapins=====<br />
<br />
This task will send all the snapins associated with a host to the host without imaging it.<br />
<br />
=====Deploy Single Snapin=====<br />
<br />
This task will send a single snapin that is associated with the host to the host without imaging it. (Note: The snapin must be associated with the host already)<br />
<br />
=====Memory Test=====<br />
<br />
Boots to Memtest86, a memory testing tool. This a task will not exit with out user intervention at the client side. The task must also be manually stopped via the management front end.<br />
<br />
=====Wake Up=====<br />
<br />
Wakes up host or group of hosts using Wake-on-Lan. <br />
<br />
=====Fast Wipe=====<br />
<br />
This task does a quick and dirty wipe of the drive. This task writes zeros to the first ~40MB of the disk. This task should NOT be used if you don't want your data to be recoverable. <br />
<br />
=====Normal Wipe=====<br />
<br />
This tasks writes random data to the entire surface area of the disk. <br />
<br />
=====Full Wipe=====<br />
<br />
This tasks writes random data, multiple times to the entire surface of the disk. <br />
<br />
=====Disk Surface Test=====<br />
<br />
This task will look for bad blocks on the hard disk and report them back to the client console. <br />
<br />
=====File Recovery=====<br />
<br />
This task will load an application that can be used to recover lost files from the hard disk. <br />
<br />
=====Virus Scan=====<br />
<br />
This task will update and load ClamAV and scan the partition for viruses. It will either scan and report or scan and quarantine files, it will also report back to the management portal with the results of the scan.<br />
<br />
=====Hardware Inventory=====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/InventoryUpdate.swf.html Video Tutorial]<br />
<br />
The hardware inventory task will execute the same task as the fog.reginput client side task. Since the host is already registered, all it will do is update the computers inventory and restart. It is visioned that this task could be run on a regular interval on a group of all computers in your network, or some sub group of computers in your network. Then on the next reboot of those computers an inventory would be performed.<br />
<br />
==== Scheduling ==== <br />
<br />
As of version 0.27 of FOG, select tasks can be scheduled using a static date/time combination or using a cron style repetitive task scheduling. Task scheduling can be performed on either single hosts, or on groups of computers. One thing to note about task scheduling that isn't intuitive is that it '''requires an image to be associated with the host, even for non-image based tasks!''' The reason for this is because tasks are only run on the master storage node associated with that host, and the only way to tie a storage node to a host is via an image. We did this to prevent multiple storage nodes to try running the same task for a specific host. <br />
<br />
===== Single Execution Scheduling =====<br />
<br />
Single task execution will run a task at a single date and time, then the task will be discarded. To scheduled a single execution task, you would go to the tasks section of fog, then select the host or group you would like to schedule the task, then select the task you would like to schedule. You will then be presented with the screen show below.<br />
<br />
[[Image:Sched.png]]<br />
<br />
To schedule a single execution task, click on white text box below "Schedule Single Task Execution?" and a pop up calendar will load and allow you to select your date and time for the task. Click on the date to close the calendar, then start you task. <br />
<br />
===== Cron Style Task Scheduling =====<br />
<br />
Cron style task execution allows you to do complex repetitive task scheduling. After a cron task executes, it is not removed, as single executions tasks are. Cron style tasks, as the name suggests are similar to the Linux cron task scheduler format. Cron style tasks are created as single execution tasks are, except when presented with scheduling options, select the option "Schedule Cron Style Task Execution". Below that check box are a series of text boxes including:<br />
<br />
min -> Minute [00-59]<br />
hour -> Hour [00-23]<br />
dom -> Day of Month [01-31]<br />
month -> Month [01-12]<br />
dow -> Day of Week [01-07] (Sunday ==> 0, Saturday ==> 6)<br />
<br />
To give an example of how this works, if you wanted a capture task to run at '''10:00pm everyday''' you would enter the following:<br />
<br />
0 22 * * *<br />
<br />
This basically says run the task a '''0''' minutes into the hour, on the '''22nd hour (10:00pm)''', on '''every day of the month''', on '''every month of the year''', on '''every day of the week'''.<br />
<br />
To take this example further, lets say you only wanted to capture the image '''every other day''', we could do this by adding:<br />
<br />
0 22 */2 * *<br />
<br />
The '''*/2''' now tells the scheduler to only run on '''even days of the month'''. <br />
<br />
We could even ask the scheduler to only do a backup on '''even weekdays''' by adding:<br />
<br />
0 22 */2 * 1-5<br />
<br />
The 1-5 we just added says only run on days 1 through 5, which relate to Monday - Friday.<br />
<br />
Now we will ask the scheduler to only backup in the month of February.<br />
<br />
0 22 */2 2 1-5<br />
<br />
Another basic example could be if you wanted to run an inventory update on the first of every month you could use:<br />
<br />
30 1 1 * *<br />
<br />
This task would then run at '''1:30''' on the '''1st of every month'''.<br />
<br />
<br />
The FOG scheduler doesn't support 100% of the operations that cron supports, below are the operations that are supported:<br />
<br />
4 - Listing a static number<br />
4,5,6,7 - Listing a group of numbers<br />
4-7 - ranges of numbers <br />
4-7,10 - ranges and lists<br />
*/5 - * divided by a number<br />
* - Wildcard<br />
<br />
For more information on cron please see http://en.wikipedia.org/wiki/Cron<br />
<br />
=== Setting up Printers With Fog Printer Management ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher.<br />
<br />
==== Known Issues ====<br />
<br />
Setting of the default printer will only work if the fog tray icon is running.<br />
<br />
==== Overview ====<br />
<br />
The printers section of FOG allows you to create printer definitions that you can later associate with hosts. The FOG service looks at these associations and during service it will attempt to install any printers listed. This service has three settings which define how the printers are managed, printer management can be set to:<br />
<br />
<ul><br />
<li>No Printer Management</li><br />
<li>Add Only</li><br />
<li>Add and Remove</li><br />
</ul><br />
<br />
All hosts default to '''No Printer Management''' which means that the FOG service does nothing to the hosts printers. '''Add Only''' does as the name implies, and will only add printers to the host machine, it will not remove any existing printers that may be installed. '''Add and Remove''' will take full control of the hosts printing system and only allow for the printers that are specified by the FOG management console to exist on the host. <br />
<br />
==== Adding New Printers ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf Video Tutorial]<br />
<br />
In order for the printer to be added to the host computer, the printer drivers must be stored in a public area, or included on the host computer. This public area can be a Novell Network share where public has read-only access, a Windows share that is public read-only to everyone, or a Samba share (possibly residing on the FOG server) that is public read-only to everyone. This share must be accessible via a UNC path as the service may attempt to install the printers before drive mapping occurs. In this share the printer drives and .inf file must exist. FOG supports install IP based (Jet-Direct) printers, public access NDS printers, Local printers, windows share based printers, (and we think, but could use a confirmation as it hasn't been tested) AD based printers. <br />
<br />
If you wish to see what printers are included with Windows XP, navigate to c:\windows\inf\ntprint.inf. Open this file with a text editor and you will be able to install all the printers listed using the ntprint.inf file. <br />
<br />
To create a new printer definition click on the Printer icon on the system menu bar. Then on the left hand menu, click on '''Add New Printer'''. The form you are presented with will require you to enter:<br />
<br />
<ul><br />
<li>'''Printer Model''' - This must match the name in the INF file.</li><br />
<li>'''Printer Alias''' - This can be anything you wish and it is what the end user will see.</li><br />
<li>'''Printer Port''' - This is something like '''LPT1:''', or '''IP_1.1.1.2'''.</li><br />
<li>'''Printer INF File''' - This is the path to the INF file for the printer driver.</li><br />
<li>'''Printer IP''' - (optional) This is ip address of an IP based printers only, this can take the form of '''1.2.3.4:9100''' or '''1.2.4.5'''. If the port doesn't exist already, it will create one named ''' IP_x.x.x.x''', where x.x.x.x is the ip address. That is what should be entered in the port field.</li><br />
</ul><br />
<br />
After all the required information is entered, click on the '''Add Printer''' button.<br />
<br />
==== Linking Printers to Hosts ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf.html Video Tutorial]<br />
<br />
Linking printers to hosts can be done from either the hosts section or the groups section. In the hosts section find the host you would like to add a printer to, click on the edit button associated with that host. In the host menu, click on the '''Printers''' button. First select how you would like the host to be managemed, either '''No Printer Management''', '''Add Only''', or '''Add and Remove'''. Then in the section below, select the printer you would like to install from the drop down list and click on the '''Update''' button.<br />
<br />
==== Creating a Samba Based Printer Store on FOG ====<br />
<br />
If you do not have a public sever where you can store your printer drivers for the FOG Printer Manager, then it is very easy to set one up on the FOG server using Samba, so all your Windows Clients will be able to connect.<br />
<br />
[[Creating a Samba Based Printer Store on FOG]]<br />
<br />
=== The FOG Client Service ===<br />
<br />
<font color="red">Note:</font> Most of the things here about the FOG Client service apply to the legacy FOG client that came with FOG versions 1.2.0 and older. FOG 1.3.0 now comes with a new FOG Client. Details on this can be found here: [[FOG Client]]<br />
<br />
==== Overview ====<br />
<br />
The FOG Client Service is a Windows Service that is intended to be installed on the client computers during the image creation process. The FOG service communicates with the FOG server to provide certain service to the client computers including:<br />
<br />
<br />
*Auto Log Off (0.16)<br />
*Hostname Changes<br />
*Active Directory Integration<br />
*Directory Cleaner (0.16)<br />
*Display Manager (0.16)<br />
*Green FOG (0.16)<br />
*Host registration<br />
*Task Restarting<br />
*Snapin Installation<br />
*User Tracker<br />
*Printer Manager<br />
*User Cleanup (0.16)<br />
*Client Updater<br />
*User Tracker<br />
<br />
==== Module specific configuration settings ====<br />
<br />
The FOG Client Service is very modular in nature, which means you can install portions of the services provided, and leave off others. This also means that it is very easy to create new sub services if you know a little C#. All configuration data is held in a local INI file. Which is typically stored in <br />
<br />
c:\program files\fog\etc\config.ini<br />
<br />
This file holds, in the general section:<br />
<br />
<ul><br />
<li>FOG Server IP address</li><br />
<li>FOG Service installation root</li><br />
<li>FOG Service working directory</li><br />
<li>FOG Log file path</li><br />
<li>Flag indicating if GUI messages should be displayed</li><br />
<li>The max log file size</li><br />
</ul><br />
<br />
==== Installation ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/FogServiceInstall.swf.html Video Tutorial]<br />
<br />
The FOG service should be installed on the computer to be imaged before capturing the image to the FOG Server. <br />
<br />
The FOG service is located in the '''FOG Service/bin''' directory or if the FOG server is already installed it can be downloaded from:<br />
<br />
http://[serverip]/fog/client/<br />
<br />
Double-click on the '''setup.exe''' to start the installation wizard. At the end of the wizard you will need to enter the IP address or hostname of your FOG server.<br />
<br />
[[Image:fogservice.jpg]]<br />
<br />
Then restart the computer, if you don't restart the computer you will have issues with the service GUI appearing correctly.<br />
<br />
===== Quiet Installation =====<br />
<br />
As of version 0.29 and higher, the FOG client now supports a quiet installation mode. This can help automate deployments, by allowing the command to be run without user interaction from batch files. To do this the setup.exe file must be run from the command line with the arguments '''fog-defaults=true /qb'''.<br />
<br />
So the full command would be:<br />
<br />
setup.exe fog-defaults=true /qb<br />
<br />
==== Functions and Operation ====<br />
<br />
=====Auto Log Out=====<br />
<br />
Added in Version 0.16<br />
<br />
This module of the FOG Service will log a user off of a client pc after X minutes of inactivity. This module will display a screen saver-like GUI after 3/4 of the inactive time is up. So if the time out value is 40 minutes, the GUI will be displayed at 30 minutes of inactivity. When the time is up, the client computer will reboot. This service module can be configured via the management portal via:<br />
<br />
FOG Service Configuration -> Auto Log Out<br />
<br />
To enable the module globally, place a check in the box next to '''Auto Log Out Enabled?'''. The time to auto log off can changed globally via '''Default log out time:''' The minimum recommended value for this setting is 4 minutes. <br />
<br />
The background image for the auto log off module can be modified via:<br />
<br />
Other Information -> FOG Settings<br />
<br />
The settings can be changed by modifying the value for '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE'''. This settings will accept a jpg file that is local to the client computer like: <br />
<br />
c:\images\image.jpg<br />
<br />
This setting will also accept files located on a web server such as:<br />
<br />
http://www.somedomain.com/image.jpg<br />
<br />
Provided with FOG is a simple php script that will display a random images that is located on the FOG server. To use this option set '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE''' to <br />
<br />
http://x.x.x.x/fog/public/randomimage.php<br />
<br />
Then simply put the images you would like to use in the following directory on the fog server:<br />
<br />
/var/www/html/fog/public/imagepool<br />
<br />
Images used for the auto log off module must be in jpg format, and must be 300px by 300px.<br />
<br />
=====Hostname Changer=====<br />
<br />
This module of the FOG Service is used to change the hostname of the client computer and to allow the client to (optionally) join a Active Directory Domain after imaging. This process only runs shortly after service startup, which means typically only when you start your computer. The service communicates with the FOG server over port 80 and determines the hostname that is present in the FOG database for the host. The hosts are matched to the FOG database by their MAC addresses. If the hostnames are found to be different, the client changes the computers hostname and restart the computer.<br />
<br />
The config.ini file contains configuration options for this module. <br />
<br />
netdompath=<br />
<br />
Allows you to set the path to the netdom.exe file. In some cases the file does not exist on the system. It can be downloaded from: [http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=de Microsoft Download Center]<br />
<br />
=====Host Register=====<br />
<br />
As of version 0.29, this module will only add additional mac address to a host that is already registered, and add them to the pending mac address table, where they need to be approved in the FOG UI.<br />
<br />
=====Task Reboot=====<br />
<br />
This module periodically checks in with the FOG server to see if the client has an imaging task assigned to it. If a task is found AND no one is logged into the workstation, then the client will restart and join the task.<br />
<br />
The config.ini file contains configuration options for this module. As of version 0.13 of FOG you can change:<br />
<br />
forcerestart=0<br />
<br />
to<br />
<br />
forcerestart=1<br />
<br />
This will make the computer restart if a task is found, regardless of whether a user is logged into the computer.<br />
<br />
You can change how often the service will check in with the server by changing:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins.<br />
<br />
=====Directory Cleaner=====<br />
<br />
Added in version 0.16<br />
<br />
This module will clean out (delete) the contents of a directory on user log off. This useful when you don't want any settings cached between users. This module will only delete the contents of a directory and not the root directory itself, so if you specify '''c:\trash''', the service will remove all files and folders located within c:\trash but leave the folder c:\trash.<br />
<br />
=====Display Manager=====<br />
<br />
Added in version 0.16<br />
<br />
This module is used to restore screen resolution between clients. This will restore a fixed resolution and refresh rate when a user logs into a computer.<br />
<br />
=====Green FOG=====<br />
<br />
Added in version 0.16<br />
<br />
This module will simply shutdown/restart the client computer at a fixed schedule if no user is logged in. The schedule can be defined via the management portal. <br />
<br />
=====Snapin Client=====<br />
<br />
This module periodically checks in with the FOG server to see is the client has an snapin set to be deployed to it. If a snapin is found AND no imaging task is associated with the client, then the client will download the snapin and install it in the background.<br />
<br />
The configuration file contains settings for this module including:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins. It is important to note that currently the fog client will wait 5 minutes when first connected / established before it starts checking and installing any snapins from the server.<br />
<br />
=====User Tracker=====<br />
<br />
This module attempts to track user access to the host computer by the Windows user name. It attempts to track logins and logoffs as well as well as the state of the computer at service startup. The service will even attempt to track users when they are not on the network by writing all entries to a journal file, then replying the journal the next time the client is on the network.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====User Cleanup=====<br />
<br />
This module will remove all users not white listed in management portal on log off. This module is useful when using services like dynamic local user. All entries in the management white list are treated as prefixes to usernames, which means that they will white list all users that start with whatever was entered in the management front end. For example, if you enter '''admin''' in the management white list, then users '''admin''', and '''administrator''' will NOT be removed from the computer.<br />
<br />
=====Printer Manager=====<br />
<br />
This module checks on service startup to see what printers should be installed/removed from the client PC.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====Client Updater=====<br />
<br />
This module waits (randomly) between 60 and 500 seconds after service startup to check the local fog server for client updates, and if any are found the service will download and install them. Updates will NOT take effect until after the service is restarted.<br />
<br />
There are no configuration settings for this module.<br />
<br />
==== Keeping Clients up to date ====<br />
<br />
===== Overview =====<br />
<br />
As of version 0.12 of FOG, we have included a client updater module. This module is no different from any of the other sub service modules. This service waits anywhere between 60 and 500 seconds after the FOG service starts up, and then attempts to check with the server for newer FOG service modules. If new modules are found the client will download them, and they will be active on the NEXT service startup. These modules are controlled from the FOG Management Console. <br />
<br />
Only certain modules can be updated, only those that are a sub class of AbstractFOGService. This means you should '''NEVER''' attempt to update the FOGService executable (FOGService.exe file), or the AbstractFOGService.dll file. It is recommended that you not update the ClientUpdater.dll, because if the ClientUpdater.dll file becomes corrupt or not functional, your clients will not be able to update from that point on. Below are a list of the .dll files that can be updated.<br />
<br />
<ul><br />
<li>UserTracker.dll</li><br />
<li>TaskReboot.dll</li><br />
<li>SnapinClient.dll</li><br />
<li>PrinterManager.dll</li><br />
<li>HostRegister.dll</li><br />
<li>HostnameChange.dll</li><br />
<li>GUIWatcher.dll</li><br />
<li>ClientUpdater.dll</li><br />
<li>config.ini</li><br />
</ul><br />
<br />
Care must also be taken when updating the config.ini file, if the IP address is incorrect or the syntax of the file is incorrect, it could leave the FOG service crippled on the client computers.<br />
<br />
===== Posting Updates =====<br />
<br />
To add new modules that can be pushed down to clients, first install a client with the new service or new module and confirm that it works as you would like. Log into the FOG management console, then go to the Infomation/Misc section (the little "i" icon). Click on '''Client Updater''' on the left-hand menu. Now click on the browse button to select the module (.dll) file you would like to post, then click on the capture button. After capturing the file should appear in the table above. If you are adding a new module, you will probably want to capture a new config.ini file to include new configuration settings required by that new module.<br />
<br />
==== FOG Tray ====<br />
<br />
The FOG Tray is a Windows application that runs on user login that docks in the system tray. The FOG Tray, like the FOG service, is very modular in nature. New modules can be dropped in the FOG tray directory and on next load they will be loaded. This tray icon has the ability to communicate with the FOG service, this allows FOG more interactivity with the end-user. <br />
<br />
What happens is that when the FOG service's printer manager module gets a request to set a default printer, the service attempts to contact the FOG Tray. If communication is established, then the service will ask the tray to set the default printer. On the other hand the end user can right click on the "F" icon in the system tray, then select printers, then update my printers. What this will do is attempt to send a request from the FOG Tray to the FOG Service and have the service check for printer updates (new printers or printers to be removed). If one is found the service will install any new printers assigned in the FOG Management portal.<br />
<br />
This application is in its very early stages and currently doesn't have a lot of functionality. It is currently only used to allow end users to update their printers and to allow the setting of default printers (from the FOG service). Our vision for the FOG Tray is to add modules that would allow users to install printers that are published as public (via the management portal) without the printer being directly assigned to their host. We would also like to do the same thing for snapins where some of your snapins could be defined as public where anyone could install them on their computer.<br />
<br />
==== Troubleshooting ====<br />
<br />
If you have problems with the FOG Service, please refer to the log file that is located at:<br />
<br />
c:\fog.log<br />
<br />
If the PXE boot does not work<br />
<br />
If booting from the fog server through pxe comes up with an error file not found, edit /etc/default/tftpd-hpa<br />
<br />
Change TFTP_DIRECTORY to<br />
<br />
TFTP_DIRECTORY="/tftpboot"<br />
Then<br />
<br />
/etc/init.d/tftpd-hpa restart<br />
<br />
=== Snap-ins ===<br />
<br />
==== Overview ====<br />
<br />
*The FOG Service has the ability to install snapins to the clients. Snapins can be anything from whole applications like Microsoft Office to registry keys or desktop icons. Snapins can even be used to uninstall applications or remove unwanted files. For the end use's point of view, they will not even noticed that a snapin is being installed until it is complete. At this point a message will notify them that a new application has been installed on their computer. Snapins can be in MSI (0.17) or EXE formats, and can be created with any snapin creation tool like InstallRite or already packaged MSI files (0.17). You can also push commands to the computer that include .vbs scripts / .cmd (commands) and .bat (batch scripts).<br />
<br />
*Snapin return codes are specified by the program that's being installed.<br />
<br />
<br />
==== Creating a Snapin / Overview ====<br />
<br />
FOG doesn't provide a tool to create snapins, but instead allows you to push files and execute them on the remote computers. It is highly recommended that you push the actual installer to the computer instead of using a program such as InstallRite. <br />
<br />
If you have never silently installed software to a computer, or created an answer file for a program please look at the website Appdeploy [http://www.appdeploy.com/articles/ Link] This website has an trove of information on how to push software to a computer remotely.<br />
<br />
===== Creating a Snapin for larger applications with SFX Maker =====<br />
<br />
Some larger applications such as Microsoft Office and Adobe Products (Acrobat / Creative Suite) require multiple files to install properly. If you have an application that is not a single .exe please use SFX Maker. This tool is free for non commercial use, and most programs fall under the GPL. [http://www.isoft-online.com/ SFX Maker's Website]<br />
<br />
For instructions on how to use this software please see the youtube videos below.<br />
<br />
[http://www.youtube.com/watch?v=ZSMJLnRjn94 Office 2003 Install]<br />
[http://www.youtube.com/watch?v=Qzc1Q9NW_cE Office 2007 Install]<br />
<br />
SFX Maker takes an entire folder and encapsulates it or "folds" it into a single .exe which then "unfolds" to its original state and launches a file or command.<br />
<br />
===== Creating a Snapin with InstallRite =====<br />
<br />
If for some reason you do wish to use Installrite please be aware it comes with issues and limitations (not compatible on all windows operating systems / can cause issues with the computer it is pushed to). Below is an example of how to build a package with that software<br />
<br />
In this example we will use Epsilon Squared's InstallRite which can be downloaded from http://www.epsilonsquared.com/installrite.htm. This application will package up your snapin as an exe file which will be uploaded to the FOG server. <br />
<br />
<ol><br />
<li>To run InstallRite navigate to c:\program files\Epsilon Squared\InstallRite\InstallRite.exe</li><br />
<li>Click on "Install new software and create an InstallKit"</li><br />
<li>On the Configure screen, click Next.</li><br />
<li>On the Snapshot screen click next to create a new system snapshot.</li><br />
<li>On the next screen,click the browse button to select the application you wish to install, then click next.</li><br />
<li>When installation is complete InstallRite will come into focus, click the next button. InstallRite will scan your system again.</li><br />
<li>Enter a name for your snapin.</li><br />
<li>Click "Build Install Kit"</li><br />
<li>Select "Quiet Installation Mode", Never reboot, even if needed, and "Never prompt the user and only overwrite older files"</li><br />
<li>Click OK and it will build your snapin.</li><br />
</ol><br />
<br />
==== Preparing the FOG Server ====<br />
<br />
If your snapin is larger than 2MB you will need to make two changes to the FOG server to allow uploads of larger than 2MB.<br />
<br />
See also: [[Troubleshoot Web Interface]]<br />
<br />
===== Fedora =====<br />
<br />
<br />
#On the FOG Server click on Applications -> Accessories -> Text Editor.<br />
#Select Open and navigate to "/etc/php.ini"<br />
#Change UPLOAD_MAX_FILESIZE to 1900MB (On a 32Bit OS don't set this value above 2GB)<br />
#Change POST_MAX_SIZE to the same value.<br />
#Save and close the text editor.<br />
#Click on Applications ->System Tools -> Terminal and type "service httpd restart"<br />
<br />
===== Ubuntu =====<br />
<br />
#sudo gedit /etc/php5/apache2/php.ini<br />
#Change <br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
#Save Changes<br />
#sudo /etc/init.d/apache2 restart<br />
<br />
<br />
===== VMWare =====<br />
<br />
#sudo vim /etc/php5/apache2/php.ini<br />
#Edit the following lines in the document (read below for assistance with working in VIM)<br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
<br />
<br />
*To edit content in vim you will need to press the '''"I"''' key on your keyboard to enter input mode.<br />
*Hitting the '''Escape''' key will bring you out of input mode.<br />
*Once out of input mode type ''':w''' and then '''enter''' to save the file<br />
*Restart FOG once the file has been saved<br />
<br />
==== Uploading the Snapin ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/CreateSnapin.swf.html Video Tutorial]<br />
<br />
<ol><br />
<li>In the FOG Management Portal click on the Snapin Icon (Puzzle Pieces).</li><br />
<li>On the left-hand menu click on the New Snapin Button.</li><br />
<li>Enter a Snapin Name and Description.</li><br />
<li>Browse to the snapin file you wish to upload.</li><br />
<li>If you want the computer to restart after the snapin is installed click on the "Reboot after install"</li><br />
<li>Click "Add"</li><br />
</ol><br />
<br />
<br />
<br />
As of version 0.17, fog supports using typical msi files as snapin files.<br />
<br />
If the snapin file is a msi file you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of msiexec.exe (ie: c:\windows\system32\msiexec.exe)</li><br />
<li>Set '''Snapin Run With Arguments:''' to '''/i'''</li><br />
<li>Set '''Snapin Arguments:''' to '''/qn'''</li><br />
</ol><br />
<br />
If the snapin file is a .vb script you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of cscript.exe (ie: c:\windows\system32\cscript.exe)</li><br />
</ol><br />
<br />
<br />
<br />
'''Documentation on list of support snapin's and command line arguments''' [[http://www.fogproject.org/wiki/index.php?title=Supported_Snapin%27s_and_Command_Line_Switches]] There are MANY more supported applications that can be installed via command line arguments. You might have better luck installing them directly via .EXE / .MSI / or scripting them via .VBS . For more info on this consult the forums --[[User:Ssx4life|Ssx4life]] 09:04, 8 October 2009 (MST)<br />
<br />
==== Linking the Snapin to Hosts ====<br />
<br />
In order for a snapin to be deployed it must be linked with a host. To do this perform the following:<br />
<br />
<ol><br />
<li>In the FOG Management Portal, click on the Hosts Icon.</li><br />
<li>Search for and select a host and click on the edit button.</li><br />
<li>Scroll down to the snapin section.</li><br />
<li>Select the snapin you just created from the drop-down box and click the "Add Snapin" button.</li><br />
</ol><br />
<br />
The next time you image the computer the FOG Service will attempt to install that snapin. If you have problems, please see the fog log file located at c:\fog.log on the client PC.<br />
<br />
=== Client Side Tasks ===<br />
<br />
==== FOG Version ====<br />
<br />
Applies to version 0.12 or higher.<br />
<br />
==== Overview ====<br />
<br />
FOG attempts to keep management centralized, but in an attempt to make deploying machines as easy as possible FOG has added a few basic client side tasks. These tasks can be run from the client computer during the PXE boot process. When the client boots and the FOG banner is displayed the pxe client will display a prompt like '''boot:''' or something similar. At this point you have 3 seconds to start typing one of the following commands. <br />
<br />
<ul><br />
<li>fog.memtest</li><br />
<li>fog.reg</li><br />
<li>fog.reginput</li><br />
</ul><br />
<br />
==== fog.memtest ====<br />
<br />
This command will run the memtest86+ on the client computer. <br />
<br />
==== fog.reg ====<br />
<br />
This command will run the basic host registration and inventory process without any user input. It will register any new/unregistered hosts with the FOG server and pull a basic hardware inventory from them. The hostname of the computer will be the same as the MAC address without the ":".<br />
<br />
If a host is already registered, then only an inventory will be performed.<br />
<br />
==== fog.reginput ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/RegImage.swf.html View Host Registration Video]<br />
<br />
This command will run the full host registration process with user input, inventory and give the option to push down an image, all at the same time. During this process the user registering the host will be prompted for the computer host name, ip address, operating system ID, image ID, Primary User of the computer, asset tag 1, and asset tag 2. <br />
<br />
If a valid hostname, os id, and image id are given and the option is selected to image the workstation after registration, the host will reboot and an imaging send will began. <br />
<br />
If a host is already registered, then only an inventory will be performed, this prevents end-users from re-registering a machine with a different hostname, etc.<br />
<br />
This tasks was designed for institutions that may get shipments of hundreds of computers that need to be deployed very quickly. They can be unboxed, inventoried, imported into FOG and imaged very quickly. <br />
<br />
===== Operating System ID =====<br />
<br />
As of Version 0.17 of fog, you can now enter '''?''' at the Operating System ID prompt to get a listing of the valid operating system id values. <br />
<br />
The following are valid values for operating system IDs:<br />
<br />
<ul><br />
<li><b>1</b> - Windows 2000 / Windows XP</li><br />
<li><b>2</b> - Windows Vista</li><br />
<li><b>3</b> - Windows 98</li><br />
<li><b>4</b> - Windows (Other)</li><br />
<li><b>5</b> - Windows 7</li><br />
<li><b>50</b> - Linux</li><br />
<li><b>99</b> - Other</li><br />
</ul><br />
<br />
===== Image ID =====<br />
<br />
Image IDs can be found in the management console, in the Images section. Search for the image, and click on the edit button associated with the image, <br />
the image id will be in the Address/url bar in the format of <b>&imageid=xx</b>.<br />
<br />
As of version 0.17, you can enter '''?''' at the Image ID prompt to get a listing of all your images and their ID numbers.<br />
<br />
=== Active Directory Integration ===<br />
<br />
==== Setup ====<br />
<br />
===== Overview =====<br />
<br />
FOG has the ability to register a host with Active Directory, in a limited sense. Versions of FOG up to and including 0.28 rely on the netdom.exe executable that is provided as part the support tools on the Windows installation media. In order for Active Directory integration to function, your image will need to have the FOG service installed, along with the Windows Support Tools.<br />
<br />
Versions of FOG from (and including) 0.29 have this functionality built in and do NOT require netdom.exe or the support tools to be installed.<br />
<br />
It is also very important that before capturing your image that the computer is NOT a member of any domain.<br />
<br />
===== Security =====<br />
<br />
<font color="red">Note: The below statement applies to older FOG versions (1.2.0 and below). When using FOG 1.3.0 and above in conjunction with the NEW fog client, this step is not needed. See [https://wiki.fogproject.org/wiki/index.php?title=FOG_Client here] for more information.</font><br />
<br />
<br />
'''Important - Please read!'''<br />
<br />
In order to add a computer to a domain, FOG requires a username and password of an account that has rights to the OU where the computer objects are stored in the domain tree. This user account should have rights to join computers to the Domain, as well as sufficient rights to create/manage computer objects. FOG attempts to keep your password secure by encrypting it, but since FOG is open source, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and only need to be done one time. Please see the documentation below.<br />
<br />
===== Preparing the Image =====<br />
<br />
Before capturing an image to FOG that you would like to use with Active Directory, please ensure that the image:<br />
<br />
<ul><br />
<li>is NOT a member of the domain, change the computer membership to workgroup instead.</li><br />
<li>has support tools installed (Not required for FOG versions from 0.29).</li><br />
<li>has the FOG service installed.</li><br />
</ul><br />
<br />
===== FOG Setup =====<br />
<br />
To setup a host to use AD, navigate to the hosts section of the FOG management portal. <br />
<br />
<ol><br />
<li>Search for, and select a host. </li><br />
<li>Click on the Edit button</li><br />
<li>Scroll down to the Active Directory section.</li><br />
<li>Check the box next to Join Domain after image task</li><br />
<li>Enter the domain NETBIOS name (i.e. MYDOMAIN, not mydomain.com).</li><br />
<li>Enter the Organizational Unit where you would like to have the computer stored in AD. Leave if blank for the default. (Must be in LDAP format).</li><br />
<li>Enter the user name that has access to the computer objects. Do not include the domain name if you are running version 1.2 (your mileage may vary with earlier versions). Development version of FOG will accept a name with or without domain ('''username ''OR'' mydomain/username''').</li><br />
<li>Enter the encrypted password. This password must be encrypted with the [[FOGCrypt]] utility. This utility is located in the FOGCrypt folder of the FOG download package. It is a Windows (.NET) command line application.</li><br />
<li>Click Update.</li><br />
</ol><br />
<br />
The next time you image that computer the service will attempt to register the host with the domain information provided. If you have problems please refer to the FOG Service log file located in c:\fog.log<br />
<br />
===== Making AD Integration Easier =====<br />
<br />
As of version 0.20 of FOG, we have made it a bit easier to manage AD settings in FOG, by allowing for default settings for AD. This will allow the easy population of the domain, OU, username, and password. To set this feature up perform the following:<br />
<br />
# Go to '''Other Information''' -> '''FOG Settings'''<br />
# Set your default values for the following:<br />
## FOG_AD_DEFAULT_DOMAINNAME<br />
## FOG_AD_DEFAULT_OU<br />
## FOG_AD_DEFAULT_USER<br />
## FOG_AD_DEFAULT_PASSWORD (MUST BE ENCRYPTED!)<br />
<br />
To test everything out, go to a host that doesn't have anything setup for AD, and click on the edit button for that host. Go to the host menu, and select Active Directory. Click on the '''Join Domain after image task:''' button and all your default values should be populated.<br />
<br />
==== Securing Active Directory Integration ====<br />
<br />
===== Overview =====<br />
<br />
In order to add a computer to a domain, FOG requires a username and password that has rights to the OU where the computer objects are stored in the domain tree. FOG attempts to keep your password secure by encrypting it, but since FOG is open source and the methods used to encrypt the password are open for all to see, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and it only needs to be done one time. <br />
<br />
===== The Development Environment =====<br />
<br />
The hostname change module is written in c#, so in order to recompile it you will need to download Microsoft's Visual Studio Express Edition for C#. This can be downloaded from: <br />
<br />
http://www.microsoft.com/express/vcsharp/<br />
<br />
Install Visual Studio with the standard options.<br />
<br />
===== Getting the Source =====<br />
<br />
After Visual Studio Express is installed now we need to get the source code for the hostname change module. This is part of FOG download/installation package. This package can be downloaded from:<br />
<br />
http://sourceforge.net/project/showfiles.php?group_id=201099 <br />
<br />
Extract this package, then navigate to "FOG Service\src\FOG_HostNameChanger\"<br />
<br />
Double-click on HostNameChange.sln to open the project. <br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > hostnamechanger properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Once the project has opened, on the right-hand panel, in the "Solution Explorer", double-click on MOD_HostNameChanger.cs.<br />
<br />
After do so, you should get the source code to display in the main panel, scroll down to the line:<br />
<br />
private const String PASSKEY = "FOG-OpenSource-Imaging"; <br />
<br />
Change '''FOG-OpenSource-Imaging''' to anything you like, just remember what you change it to, as you will need it later.<br />
<br />
Then click File -> Save All.<br />
<br />
Then click Build -> Build Solution.<br />
<br />
This will recompile the hostname change module with your unique key.<br />
<br />
Now navigate to "FOG Service\src\FOG_HostNameChanger\bin\Release"<br />
<br />
Copy only the file HostnameChange.dll to "FOG Service\src\FOG Service\bin\Release" (overwrite existing file).<br />
<br />
Navigate to "FOG Service\src\FOG Service\"<br />
<br />
Open the solution by double-clicking "FogService.sln"<br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > FOGService properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Change the build configuration from debug to release<br />
<br />
Right click on "FOG Service Install" and click "Build"<br />
<br />
Navigate to "FOG Service\src\FOG Service Installer\Release"<br />
<br />
Select the 2 files, right-click -> Send To -> Compressed Folder<br />
<br />
Copy the .zip file to your FOG Server "/var/www/html/fog/client". Overwrite the existing file.<br />
<br />
===== Encrypting Your Password =====<br />
<br />
Now that we have changed the passkey, we need you update the FOGCrypt ini file to use this new passkey. <br />
<br />
Navigate to the FOGCrypt\etc directory from the FOG download package.<br />
<br />
Open the config.ini file and change the passkey value to your new passkey, then save the file.<br />
<br />
Now open a command window and navigate using the cd command to the FOGCrypt directory.<br />
<br />
Type:<br />
<br />
FOGCrypt [password]<br />
<br />
Where [password] is the AD user's password that has rights to the Computers section of the AD tree.<br />
<br />
The output from this command is what you will enter in the FOG management portal.<br />
<br />
<br />
=== FOG Reports ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher. <br />
<br />
==== Overview ====<br />
<br />
FOG Reports allow you to export data from FOG in two major formats including CSV, and PDF.<br />
<br />
#'''Snapin Log''' - This report will report on snapin installation history. <br />
#'''Imaging Log''' - This report will report on images deployed to hosts.<br />
#'''Virus History''' - This report lists any viruses that were found on locate computers. <br />
#'''Inventory''' - This report will report on the inventory information collect for network clients. <br />
#'''Equipment Loan''' - This report can be used for equipment loaned to staff members. <br />
#'''User Login History''' - This report contains information about user logins.<br />
<br />
==== Running Reports ====<br />
<br />
Running a report can be done from the Reports section of FOG, then by picking a report from the left-hand menu.<br />
<br />
==== Importing User Created Reports ====<br />
<br />
The reporting section of FOG allows for the end user to create and upload custom reports into FOG. A FOG report is a simple php script that is processed by the server. To import a report simply click on the '''Upload a Report''' button in the reports section, select the report then click on the upload button. The report will then show up on the left-hand menu. <br />
<br />
Please be cautious when uploading reports from an unknown source as the writer of the report has full access to the FOG system and database! Make sure your sources are trustworthy before importing a report!<br />
<br />
==== Creating Custom Report ====<br />
<br />
Custom reports are simple php scripts in FOG. Custom reports can be created based on the following template:<br />
<br />
[http://freeghost.sf.net/other/ReportTemplate.tar.gz Report Template]<br />
<br />
<br />
<br />
=== Plugins ===<br />
*[[Plugins]] give FOG extra functionality wanted for some users but not all.<br />
<br />
=== Other Settings ===<br />
<br />
==== [[Boot Image Key Map]] ====<br />
<br />
==== FOG Client Kernel ====<br />
<br />
===== Overview =====<br />
<br />
In FOG, there aren't really drivers you need to find and download for your clients to work, this is because we ship a Linux kernel that has the majority of hardware device built into it. What this means is if you have a device that doesn't work with FOG you need to either build a new kernel yourself or try a newer kernel that has been released via our kernel updater.<br />
<br />
<br />
===== Kernel Types =====<br />
<br />
We currently build two "lines" of kernels, one called KS or KitchenSink. This kernel tries to include drivers for as many devices as possible, sometimes as the cost of performance, and this is the kernel that we ship with FOG by default. The other "line" is the PS kernel or the Peter Sykes kernel, which is a based on a config submitted by a user. This kernel line tries to be faster, but may not include as many drivers as the KS kernel. <br />
<br />
===== Updating the Kernel =====<br />
<br />
It is possible to update your client kernel from within the UI of FOG. To do this perform the following steps:<br />
<br />
#Log into the FOG Management UI.<br />
#Go to '''Other Information'''<br />
#Select '''Kernel Updates'''<br />
#Select the Kernel you would like to download, typically the newest kernels are on the top of the list.<br />
#Click the download icon<br />
#Select a file name for your kernel, to make it the default kernel leave the name as '''bzImage'''<br />
#Click the '''Next''' Button<br />
<br />
=== Mobile Management Interface ===<br />
<br />
==== Overview ====<br />
<br />
The FOG Mobile web interface is a very basic, stripped down interface for FOG. It is designed to be given to lower level technicians using low powered, mobile devices such as iPod touches, iPhone, PDAs, and internet tablets. The idea behind this interface is to make it easy for techs to re-image a computer while making the rounds at a site.<br />
<br />
==== Using the mobile Interface ====<br />
<br />
The mobile interface can be access via:<br />
<br />
http://x.x.x.x/fog/mobile<br />
<br />
The portal requires a valid user name in password, which can be created via the FOG portal. <br />
<br />
[[Image:Ipod login.JPG]]<br />
<br />
Once logged into the portal, users can search for hosts and image them, and view/cancel active tasks. <br />
<br />
[[Image:Ipod results.JPG]]<br />
<br />
[[Image:Ipod active.JPG]]<br />
<br />
They can not change image associations, nor modify any properties of a host.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Managing_FOG&diff=12661Managing FOG2022-11-02T16:49:16Z<p>SebastianRoth: /* Groups */</p>
<hr />
<div>== Managing FOG ==<br />
<br />
=== Dashboard ===<br />
<br />
==== Overview ====<br />
<br />
[[File:Dashboard.png]]<br />
<br />
*The FOG dashboard is the first page you are presented with after login. This page just gives you an overview of what is happening on your FOG server.<br />
<br />
==== System Overview ====<br />
<br />
*The system overview box is the the top left hand box on this page. The information presented in this box is the current user, the server IP addresse or hostnames for your web server, tftp server and storage server (which can all be different). This section also gives you the system uptime or how long the system has been running without restart, the number of users logged into the Linux box, and lastly the system load.<br />
<br />
==== System Activity ====<br />
*The system activity box is in the top row, the middle box. This section shows the unicast queue, or the number of unicast deploys that are currently in progress. The queue size can change and is based on the the Storage Group(s). Each storage node has a setting ''Max Clients'' making this the maximum number of hosts that this node can image to. If there are 2 nodes with a max of 10 each then your maximum queue amount is 20. However, remember the more you increase the ''Max Clients'' the slower each particular host will be to deploy the image.<br />
*This means that after 20 hosts are receiving images (at once) the 21st will wait for one of the hosts in progress to complete before starting. The reason this was created was so that you could queue up 100 machines with different images (all unicast) and still keep the system functional. We have heard of this queue being used to re-image an entire building of computers ( ~ 1000+ ) overnight. This section updates in real time.<br />
*It will display all the queued, running, etc... tasks and updates at the same interval as the Bandwidth graph. Also, SVN installations (and later future releases) are able to edit which type of tasks get counted towards the "queue". <br />
*This edit can be performed by going to '''FOG Configuration'''[[file:Config.png]]--> '''FOG Settings'''--> '''General Settings''' --> '''FOG_USED_TASKS'''. <br />
*The text field is numeric values (so you'll need to know which task id's are which type. This text field is a CSV setup. If you type (1,2,3,4,5) it will display all tasks of Deploy, Capture, Debug, Memtest, and Testdisk as queued/active depending on their current state. The exception to this rule, is Task Type ID 8 (multicast) in which case it takes the Jobs, not each individual host task, as a queued slot.<br />
<br />
==== Disk Information ====<br />
<br />
*The disk information box is the top, right hand section of the dashboard page. This is a semi-realtime display of the storage remaining on the storage server.<br />
*There is also a drop-down box that can be changed to your storage nodes to monitor their Disk Information.<br />
*If you get an error in this box, please see [[Dashboard Error: Permission denied...]]<br />
<br />
==== 30 Day Imaging History ====<br />
<br />
*This image shows your imaging trends for the past 30 days<br />
<br />
==== Menu Bar ====<br />
<br />
[[Image:FogMenu.jpeg]]<br />
<br />
This menu appears at the top of every page on Fog's web UI. The icons are, from left to right:<br />
<br />
[[Image:Home.png]]'''Home/Dashboard''' - This is the home screen of the FOG management portal.<br />
<br />
[[Image:Users.png]]'''[[Managing_FOG#Users | User Management]]''' - Individual administrators of the FOG resources.<br />
<br />
[[Image:Hosts.png]]'''[[Managing_FOG#Hosts | Host Management]]''' - This section houses the hosts, which are the pcs to be imaged or to extract images from.<br />
<br />
[[Image:Groups.png]]'''[[Managing_FOG#Groups | Group Management]]''' - This section houses groups, which are similar PCS’ that need tasks done en-masse.<br />
<br />
[[Image:Images.png]]'''[[Managing_FOG#Images | Image Management]]''' - This section allows you to manage the image files stored on the FOG server.<br />
<br />
[[Image:Storage.png]]'''[[Managing_FOG#Storage_Management | Storage Management]]''' - This section allows you to add/remove storage nodes from the FOG system.<br />
<br />
[[Image:snapins.png]]'''[[Managing_FOG#Snap-ins | Snap-in Management]]''' - This section provides ways to automate various post-imaging tasks, not covered in this document<br />
<br />
[[Image:Printers.png]]'''[[Managing_FOG#Printers | Printer Management]]'''' - This section allows for management of printers, allowing you create printer objects that can later be assigned to hosts or groups.<br />
<br />
[[Image:Services.png]]'''Service Configuration'''' - This section allows you to control how the ''client'' service functions.<br />
<br />
[[Image:Tasks.png]]'''[[Managing_FOG#Tasks | Task Management]]''' - This section allow you to perform imaging tasks such as acquiring or deploying images.<br />
<br />
[[Image:Reports.png]]'''[[Managing_FOG#FOG_Reports | Report Management]]''' - Reports let you pull information from the FOG database either as HTML, pdf, or csv.<br />
<br />
[[Image:config.png]]'''Fog Configuration''' - The section has the rest of the settings that don't fit anywhere else like the kernel updater, client service updater, iPXE edits, MAC address list, Log viewer, '''FOG Settings'''.<br />
<br />
[[Image:Plugins.png]]'''[[Managing_FOG#Plugins | Plugins]]''' - Plugins add more functionality to FOG. Must be enabled in ''Fog Configuration''<br />
<br />
[[Image:Logoff.png]]'''Logoff''' - Click this to log off of the Fog web UI.<br />
<br />
<br />
----<br />
<br />
=== Hosts ===<br />
Moved to https://docs.fogproject.org/en/latest/management/host-management.html<br />
<br />
----<br />
<br />
=== Groups ===<br />
Moved to https://docs.fogproject.org/en/latest/management/group-management.html<br />
<br />
----<br />
<br />
=== Images ===<br />
<br />
Moved to https://docs.fogproject.org/en/latest/management/image-management.html<br />
<br />
----<br />
<br />
=== Storage Management ===<br />
<br />
*The Storage Manager introduces the concept of '''Storage Groups.''' Basically, a storage group is a group of NFS servers that share images and share the load of computers being imaged. Any member of a storage group is referred to as a '''Storage Node.''' You may have as many storage groups as you wish and as many storage nodes within those groups as you wish. In each storage group, there is one storage node which is designated as the '''Master''' of that group. Basically, this '''Master''' node is the node where all image captures go, this node handles multicasting tasks for the group, and is the image replicator the for the group. This means that whatever images are stored on this node are what gets distributed to the entire group. <br />
<br />
*What this new system of storage management gives us is a distributed model for FOG which allows for more unicast transfers at a single time. We also gain data redundancy. We also take stress off of the main FOG server.<br />
<br />
*Below is a brief overview of Storage Groups<br />
<br />
[[Image:Nfsgroup.jpg]]<br />
<br />
*This image shows a single Storage Group and the flow of data within the group. The queue size of the system is the sum of the queue size of all the storage nodes within the system. So if you have 4 nodes each with a queue size of 10, then the queue size of the system is 40, which means 40 clients can be imaged (unicast) at one time. <br />
<br />
[[Image:StorageGroups.jpg]]<br />
<br />
*This image shows that it is possible to have multiple storage groups on your network, which are isolated from each other. This image also demonstrates, that captures always go to the master node and multicast session always send data from the master node. Images are pushed out from the master node of the group to all other members of the group.<br />
<br />
*'''Key Benefits'''<br />
*#Increased throughput<br />
*#Redundant Storage<br />
*#Scalability<br />
<br />
*Also see [[Knowledge_Base#Storage_Nodes | Storage Nodes]] for tutorials.<br />
<br />
==== Adding a Storage Node ====<br />
<br />
*Definition: Storage Nodes provide extra [http://www.fogproject.org/wiki/index.php?title=InstallationModes NFS/FTP storage space] which increases available throughput and redundancy within a network. They do not provide PXE, TFTP, or DHCP services at secondary sites. To enable additional PXE and TFTP services at secondary sites see this section: [[#Including_multiple_PXE_.2F_TFTP_servers|#Including multiple PXE / TFTP servers]]<br />
<br />
*Video Tutorial: http://www.youtube.com/watch?v=X72WthDGwsw&fmt=18 (old video but still valid infomation)<br />
<br />
*To add an additional storage node to the network, the computer should be prepared in the same way the main FOG server would be prepared (disable firewall, SELinux, etc). You can also safely mix operating systems for the nodes of you storage group, some nodes can be running fedora, and some can be running Ubuntu. It is important to update your storage nodes when you upgrade to a new version of FOG. Installation of a storage node is done with the same installer for a normal FOG server. Installation can be started by running the installer script, the steps are detailed below.<br />
<br />
*Surprisingly enough some users have actually gotten a Windows Storage node to work properly. See [[Windows_Storage_Node]] for more information on this.<br />
===== Installing the Node =====<br />
*To Install a node:<br />
*#Run the installation script, ./installfog.sh<br />
*#Select your operating system.<br />
*#When prompted for Server Installation Mode, select '''S''', for storage node.<br />
*#Enter the IP address of the storage node.<br />
*#Confirm you interface<br />
*#Then you will need to enter the IP address or host name of the node running the FOG database<br />
*#Then you will be prompted for a username (typically fogstorage)<br />
*#and a password that is located on the FOG server, that will allow the storage node to access the main FOG server's database. This information is located in the FOG management portal for convenience (on the main for server). It can be accessed via '''Other Information''' -> '''FOG settings''' -> section '''FOG Storage Nodes'''.<br />
*#You will then be prompted to confirm your installation settings, if they are correct press '''Y''' end hit '''Enter'''.<br />
*#When installation completes, the install will produce a username and password that will be needed to add the storage node to the FOG management portal. Username is "fog", password is in /opt/fog/.fogsettings<br />
<br />
===== Adding the Node to the Management Portal =====<br />
*To Add a Node<br />
*#Log into the FOG Management Portal<br />
*#Navigate to the '''Storage Management''' section.<br />
*#Click on '''Add Storage Nodes'''.<br />
*#For the '''Storage Node Name''', enter any alpha numeric string to represent the storage node. <br />
*#Enter any description you wish<br />
*#Enter the IP address of the storage node you are adding. This must be the IP address of the node, DO NOT use a hostname here or the node will not function correctly. <br />
*#Enter the maximum number of unicast clients you would like this node to handle at one time. The value that we recommend is 10. <br />
*#Is Master Node is a very dangerous settings, but for right now leave it unchecked, for more details please see: [[#Master Node Status]].<br />
*#Next, select the storage group you would like this member to be a part of, in our example we will pick '''Default'''<br />
*#Next, specify the image location on the storage node, typically '''/images/''', your image location should always end with a '''/'''.<br />
*#Next, you will want to check the box, to enable the node.<br />
*#The last two fields take the username and password that are generated during the installation of the storage node. username is "fog", password is in /opt/fog/.fogsettings<br />
*#Then click '''Add''' to have the node join the storage group.<br />
<br />
==== Monitoring The Master Node ====<br />
<br />
*On all storage nodes there is a new service (as of version 0.24) called FOGImageReplicator which is a very basic script which, if the node is the master, copies all of its images to all other nodes in the storage group. The coping is done every ten minutes by default, which means your images are NOT instantly duplicated to all nodes. <br />
<br />
*If you would like to view the status of the image replication, you can do so on the storage node by switching to tty3, by typing ctl + alt + f3. Output is also logged to a file in the '''/opt/fog/log''' directory.<br />
<br />
*FOGImageReplicator logs are also located in [[File:Config.png]] '''Fog Configuration''' --> '''Log Viewer''' --> '''FILE: [Select Image Replicator]'''<br />
<br />
==== Master Node Status ====<br />
<br />
*The '''Master Node''' (could be the server or a particular node) in a storage group is the node that distributes images files to all other nodes in the storage group.<br />
<br />
*If you have all your images distributed across 3 nodes in a storage group, '''if you add a new storage node that has no images stored on it, making that node master will cause it to take over and push it's image store of nothing to all other nodes, wiping out all of your images'''. So it is important to be very careful and backup your images when you change a node's master status.<br />
<br />
*Notes - You '''can''' have many storage nodes in a storage group. You '''can''' have one master storage node in a storage group. You '''can not''' have more than one master storage node in a storage group. You '''must have''' one master storage node for replication to take place to other nodes in the group. '''If''' a master storage node is set, all captures '''first''' go to the master storage node of the storage group the image is assigned to; and are '''then''' replicated to other storage nodes.<br />
<br />
==== Including multiple PXE / TFTP servers ====<br />
<br />
*A traditional Master Storage Node, [[#Adding_a_Storage_Node|as described above]] only provides File Storage redundancy. While this can help increase multicast throughput on a single network, all the machines under FOG management must be within the same subnet/VLAN so that DHCP broadcast requests can be directed to the Main server. (see note below)<br />
<br />
*<pre>'''Note:''' depending on the network, it may be possible to configure [http://en.wikipedia.org/wiki/UDP_Helper_Address iphelper] to forward packets to the Main FOG server</pre><br />
<br />
*The following instructions are intended to help configure additional Storage Nodes to operate independently on separate networks, while still syncing with and taking commands from a single Main FOG server.<br />
<br />
*Click here for instructions on setting up [[Multiple_TFTP_servers|multiple PXE / TFTP servers]]<br />
<br />
=== Users ===<br />
<br />
==== Overview ====<br />
<br />
*FOG has only two levels of users, '''regular''' users and '''mobile''' users. Regular users have access to the mobile portal and the full management portal. Mobile users have access to only the mobile management portal and Quick Image functions.<br />
<br />
==== Creating Accounts ====<br />
<br />
*All accounts are created under the "Users" section of the FOG portal. To create a new account click on the "New User" button on the left hand side of the page. All accounts must have a unique username, and a password. After filling in the required information click on the "Create User" button.<br />
<br />
==== Modifying Users ====<br />
<br />
*FOG accounts can be modified from within the users section. First you must locate the account you wish to modify by clicking on the "List all Users" button on the left hand side of the page. When a user is located, click on the edit button on the right hand side of the table.<br />
<br />
=== Tasks ===<br />
<br />
==== Overview ====<br />
<br />
*Tasks are all the actions that you can take on a computer, and in FOG there a numerous tasks that can be done including:<br />
<br />
*Deploy (Unicast)<br />
*Capture (Unicast) <br />
*Deploy - Multicast <br />
*Debug<br />
*Memory Test<br />
*Test Disk<br />
*Disk Surface Test<br />
*Recover (File Recovery)<br />
*Hardware Inventory<br />
*Password Reset<br />
*Deploy All Snapins<br />
*Deploy Single Snapin<br />
*Wake-Up<br />
*Deploy - Debug (Unicast)<br />
*Capture - Debug (Unicast)<br />
*Deploy - Without Snapins (Unicast)<br />
*Fast Wipe<br />
*Normal Wipe<br />
*Full Wipe<br />
*Virus Scan<br />
*Virus Scan - Quarantine<br />
*Donate<br />
*Torrent-Cast<br />
<br />
<br />
In the tasks section of FOG you can perform tasks on single hosts or groups of hosts. This section also allows you to monitor selective tasks, and stop/cancel tasks.<br />
<br />
==== General Tasks ====<br />
<br />
The general/common Tasks in FOG include unicast image capture, and unicast image send, as well as a multicast image send. In FOG, sending an image to the server is considered an image capture, and deploying an image to the client is called a send. Both of these tasks can be started directly from the search, list all hosts, and list all groups pages. <br />
<br />
To perform a simple image capture, click on the upward facing arrow next to the host. Captures are only possible on a host, not a group. Capturing an image will also overwrite any image file that may already exist for that host without any notification or confirmation.<br />
<br />
Please note that capturing images of Windows Vista and Windows 7 requires special command to be run on the clients prior to image capture. Please see [[What do I have to do to an image before capturing?]] for more details.<br />
<br />
For a video demonstration of an image capture, please see: http://www.youtube.com/watch?v=jPPZr0abVfg&fmt=18<br />
<br />
To perform a simple image send, click on the downward facing arrow next to the host. An image send can be done on a host or a group. When sending an image to multiple computers FOG works in queue mode, which means that it will only send to 10 (by default) computers at one time. This is done to keep the server from being overworked. As soon as the a machine finishes, another from the queue joins.<br />
<br />
To perform a multicast image send you must search for a group of hosts on the "Task Management" page. Multicast tasks can only be performed on a group of hosts. Multicast tasks will send to all the computers in the group at once, and the task will not start sending until all members of the group have connected with the server. After starting a multicast task, status can be view by clicking on [ctl]+[alt]+f2. A log is also kept for multicast transfers which is stored at /opt/fog/log.<br />
<br />
==== Advanced Tasks ====<br />
<br />
The advanced Tasks in FOG include everything that is not a simple capture, simple deploy or mutlicast deploy. <br />
<br />
=====Debug=====<br />
<br />
Debug mode boots the linux image to a bash prompt and allows the user to issue all commands by hand. <br />
<br />
=====Capture - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to capture the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to send the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Without Snapins)=====<br />
<br />
This task does a normal send task with the exception that if any snapins are associated with the host, they are not deployed to the host. <br />
<br />
=====Deploy All Snapins=====<br />
<br />
This task will send all the snapins associated with a host to the host without imaging it.<br />
<br />
=====Deploy Single Snapin=====<br />
<br />
This task will send a single snapin that is associated with the host to the host without imaging it. (Note: The snapin must be associated with the host already)<br />
<br />
=====Memory Test=====<br />
<br />
Boots to Memtest86, a memory testing tool. This a task will not exit with out user intervention at the client side. The task must also be manually stopped via the management front end.<br />
<br />
=====Wake Up=====<br />
<br />
Wakes up host or group of hosts using Wake-on-Lan. <br />
<br />
=====Fast Wipe=====<br />
<br />
This task does a quick and dirty wipe of the drive. This task writes zeros to the first ~40MB of the disk. This task should NOT be used if you don't want your data to be recoverable. <br />
<br />
=====Normal Wipe=====<br />
<br />
This tasks writes random data to the entire surface area of the disk. <br />
<br />
=====Full Wipe=====<br />
<br />
This tasks writes random data, multiple times to the entire surface of the disk. <br />
<br />
=====Disk Surface Test=====<br />
<br />
This task will look for bad blocks on the hard disk and report them back to the client console. <br />
<br />
=====File Recovery=====<br />
<br />
This task will load an application that can be used to recover lost files from the hard disk. <br />
<br />
=====Virus Scan=====<br />
<br />
This task will update and load ClamAV and scan the partition for viruses. It will either scan and report or scan and quarantine files, it will also report back to the management portal with the results of the scan.<br />
<br />
=====Hardware Inventory=====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/InventoryUpdate.swf.html Video Tutorial]<br />
<br />
The hardware inventory task will execute the same task as the fog.reginput client side task. Since the host is already registered, all it will do is update the computers inventory and restart. It is visioned that this task could be run on a regular interval on a group of all computers in your network, or some sub group of computers in your network. Then on the next reboot of those computers an inventory would be performed.<br />
<br />
==== Scheduling ==== <br />
<br />
As of version 0.27 of FOG, select tasks can be scheduled using a static date/time combination or using a cron style repetitive task scheduling. Task scheduling can be performed on either single hosts, or on groups of computers. One thing to note about task scheduling that isn't intuitive is that it '''requires an image to be associated with the host, even for non-image based tasks!''' The reason for this is because tasks are only run on the master storage node associated with that host, and the only way to tie a storage node to a host is via an image. We did this to prevent multiple storage nodes to try running the same task for a specific host. <br />
<br />
===== Single Execution Scheduling =====<br />
<br />
Single task execution will run a task at a single date and time, then the task will be discarded. To scheduled a single execution task, you would go to the tasks section of fog, then select the host or group you would like to schedule the task, then select the task you would like to schedule. You will then be presented with the screen show below.<br />
<br />
[[Image:Sched.png]]<br />
<br />
To schedule a single execution task, click on white text box below "Schedule Single Task Execution?" and a pop up calendar will load and allow you to select your date and time for the task. Click on the date to close the calendar, then start you task. <br />
<br />
===== Cron Style Task Scheduling =====<br />
<br />
Cron style task execution allows you to do complex repetitive task scheduling. After a cron task executes, it is not removed, as single executions tasks are. Cron style tasks, as the name suggests are similar to the Linux cron task scheduler format. Cron style tasks are created as single execution tasks are, except when presented with scheduling options, select the option "Schedule Cron Style Task Execution". Below that check box are a series of text boxes including:<br />
<br />
min -> Minute [00-59]<br />
hour -> Hour [00-23]<br />
dom -> Day of Month [01-31]<br />
month -> Month [01-12]<br />
dow -> Day of Week [01-07] (Sunday ==> 0, Saturday ==> 6)<br />
<br />
To give an example of how this works, if you wanted a capture task to run at '''10:00pm everyday''' you would enter the following:<br />
<br />
0 22 * * *<br />
<br />
This basically says run the task a '''0''' minutes into the hour, on the '''22nd hour (10:00pm)''', on '''every day of the month''', on '''every month of the year''', on '''every day of the week'''.<br />
<br />
To take this example further, lets say you only wanted to capture the image '''every other day''', we could do this by adding:<br />
<br />
0 22 */2 * *<br />
<br />
The '''*/2''' now tells the scheduler to only run on '''even days of the month'''. <br />
<br />
We could even ask the scheduler to only do a backup on '''even weekdays''' by adding:<br />
<br />
0 22 */2 * 1-5<br />
<br />
The 1-5 we just added says only run on days 1 through 5, which relate to Monday - Friday.<br />
<br />
Now we will ask the scheduler to only backup in the month of February.<br />
<br />
0 22 */2 2 1-5<br />
<br />
Another basic example could be if you wanted to run an inventory update on the first of every month you could use:<br />
<br />
30 1 1 * *<br />
<br />
This task would then run at '''1:30''' on the '''1st of every month'''.<br />
<br />
<br />
The FOG scheduler doesn't support 100% of the operations that cron supports, below are the operations that are supported:<br />
<br />
4 - Listing a static number<br />
4,5,6,7 - Listing a group of numbers<br />
4-7 - ranges of numbers <br />
4-7,10 - ranges and lists<br />
*/5 - * divided by a number<br />
* - Wildcard<br />
<br />
For more information on cron please see http://en.wikipedia.org/wiki/Cron<br />
<br />
=== Setting up Printers With Fog Printer Management ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher.<br />
<br />
==== Known Issues ====<br />
<br />
Setting of the default printer will only work if the fog tray icon is running.<br />
<br />
==== Overview ====<br />
<br />
The printers section of FOG allows you to create printer definitions that you can later associate with hosts. The FOG service looks at these associations and during service it will attempt to install any printers listed. This service has three settings which define how the printers are managed, printer management can be set to:<br />
<br />
<ul><br />
<li>No Printer Management</li><br />
<li>Add Only</li><br />
<li>Add and Remove</li><br />
</ul><br />
<br />
All hosts default to '''No Printer Management''' which means that the FOG service does nothing to the hosts printers. '''Add Only''' does as the name implies, and will only add printers to the host machine, it will not remove any existing printers that may be installed. '''Add and Remove''' will take full control of the hosts printing system and only allow for the printers that are specified by the FOG management console to exist on the host. <br />
<br />
==== Adding New Printers ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf Video Tutorial]<br />
<br />
In order for the printer to be added to the host computer, the printer drivers must be stored in a public area, or included on the host computer. This public area can be a Novell Network share where public has read-only access, a Windows share that is public read-only to everyone, or a Samba share (possibly residing on the FOG server) that is public read-only to everyone. This share must be accessible via a UNC path as the service may attempt to install the printers before drive mapping occurs. In this share the printer drives and .inf file must exist. FOG supports install IP based (Jet-Direct) printers, public access NDS printers, Local printers, windows share based printers, (and we think, but could use a confirmation as it hasn't been tested) AD based printers. <br />
<br />
If you wish to see what printers are included with Windows XP, navigate to c:\windows\inf\ntprint.inf. Open this file with a text editor and you will be able to install all the printers listed using the ntprint.inf file. <br />
<br />
To create a new printer definition click on the Printer icon on the system menu bar. Then on the left hand menu, click on '''Add New Printer'''. The form you are presented with will require you to enter:<br />
<br />
<ul><br />
<li>'''Printer Model''' - This must match the name in the INF file.</li><br />
<li>'''Printer Alias''' - This can be anything you wish and it is what the end user will see.</li><br />
<li>'''Printer Port''' - This is something like '''LPT1:''', or '''IP_1.1.1.2'''.</li><br />
<li>'''Printer INF File''' - This is the path to the INF file for the printer driver.</li><br />
<li>'''Printer IP''' - (optional) This is ip address of an IP based printers only, this can take the form of '''1.2.3.4:9100''' or '''1.2.4.5'''. If the port doesn't exist already, it will create one named ''' IP_x.x.x.x''', where x.x.x.x is the ip address. That is what should be entered in the port field.</li><br />
</ul><br />
<br />
After all the required information is entered, click on the '''Add Printer''' button.<br />
<br />
==== Linking Printers to Hosts ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf.html Video Tutorial]<br />
<br />
Linking printers to hosts can be done from either the hosts section or the groups section. In the hosts section find the host you would like to add a printer to, click on the edit button associated with that host. In the host menu, click on the '''Printers''' button. First select how you would like the host to be managemed, either '''No Printer Management''', '''Add Only''', or '''Add and Remove'''. Then in the section below, select the printer you would like to install from the drop down list and click on the '''Update''' button.<br />
<br />
==== Creating a Samba Based Printer Store on FOG ====<br />
<br />
If you do not have a public sever where you can store your printer drivers for the FOG Printer Manager, then it is very easy to set one up on the FOG server using Samba, so all your Windows Clients will be able to connect.<br />
<br />
[[Creating a Samba Based Printer Store on FOG]]<br />
<br />
=== The FOG Client Service ===<br />
<br />
<font color="red">Note:</font> Most of the things here about the FOG Client service apply to the legacy FOG client that came with FOG versions 1.2.0 and older. FOG 1.3.0 now comes with a new FOG Client. Details on this can be found here: [[FOG Client]]<br />
<br />
==== Overview ====<br />
<br />
The FOG Client Service is a Windows Service that is intended to be installed on the client computers during the image creation process. The FOG service communicates with the FOG server to provide certain service to the client computers including:<br />
<br />
<br />
*Auto Log Off (0.16)<br />
*Hostname Changes<br />
*Active Directory Integration<br />
*Directory Cleaner (0.16)<br />
*Display Manager (0.16)<br />
*Green FOG (0.16)<br />
*Host registration<br />
*Task Restarting<br />
*Snapin Installation<br />
*User Tracker<br />
*Printer Manager<br />
*User Cleanup (0.16)<br />
*Client Updater<br />
*User Tracker<br />
<br />
==== Module specific configuration settings ====<br />
<br />
The FOG Client Service is very modular in nature, which means you can install portions of the services provided, and leave off others. This also means that it is very easy to create new sub services if you know a little C#. All configuration data is held in a local INI file. Which is typically stored in <br />
<br />
c:\program files\fog\etc\config.ini<br />
<br />
This file holds, in the general section:<br />
<br />
<ul><br />
<li>FOG Server IP address</li><br />
<li>FOG Service installation root</li><br />
<li>FOG Service working directory</li><br />
<li>FOG Log file path</li><br />
<li>Flag indicating if GUI messages should be displayed</li><br />
<li>The max log file size</li><br />
</ul><br />
<br />
==== Installation ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/FogServiceInstall.swf.html Video Tutorial]<br />
<br />
The FOG service should be installed on the computer to be imaged before capturing the image to the FOG Server. <br />
<br />
The FOG service is located in the '''FOG Service/bin''' directory or if the FOG server is already installed it can be downloaded from:<br />
<br />
http://[serverip]/fog/client/<br />
<br />
Double-click on the '''setup.exe''' to start the installation wizard. At the end of the wizard you will need to enter the IP address or hostname of your FOG server.<br />
<br />
[[Image:fogservice.jpg]]<br />
<br />
Then restart the computer, if you don't restart the computer you will have issues with the service GUI appearing correctly.<br />
<br />
===== Quiet Installation =====<br />
<br />
As of version 0.29 and higher, the FOG client now supports a quiet installation mode. This can help automate deployments, by allowing the command to be run without user interaction from batch files. To do this the setup.exe file must be run from the command line with the arguments '''fog-defaults=true /qb'''.<br />
<br />
So the full command would be:<br />
<br />
setup.exe fog-defaults=true /qb<br />
<br />
==== Functions and Operation ====<br />
<br />
=====Auto Log Out=====<br />
<br />
Added in Version 0.16<br />
<br />
This module of the FOG Service will log a user off of a client pc after X minutes of inactivity. This module will display a screen saver-like GUI after 3/4 of the inactive time is up. So if the time out value is 40 minutes, the GUI will be displayed at 30 minutes of inactivity. When the time is up, the client computer will reboot. This service module can be configured via the management portal via:<br />
<br />
FOG Service Configuration -> Auto Log Out<br />
<br />
To enable the module globally, place a check in the box next to '''Auto Log Out Enabled?'''. The time to auto log off can changed globally via '''Default log out time:''' The minimum recommended value for this setting is 4 minutes. <br />
<br />
The background image for the auto log off module can be modified via:<br />
<br />
Other Information -> FOG Settings<br />
<br />
The settings can be changed by modifying the value for '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE'''. This settings will accept a jpg file that is local to the client computer like: <br />
<br />
c:\images\image.jpg<br />
<br />
This setting will also accept files located on a web server such as:<br />
<br />
http://www.somedomain.com/image.jpg<br />
<br />
Provided with FOG is a simple php script that will display a random images that is located on the FOG server. To use this option set '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE''' to <br />
<br />
http://x.x.x.x/fog/public/randomimage.php<br />
<br />
Then simply put the images you would like to use in the following directory on the fog server:<br />
<br />
/var/www/html/fog/public/imagepool<br />
<br />
Images used for the auto log off module must be in jpg format, and must be 300px by 300px.<br />
<br />
=====Hostname Changer=====<br />
<br />
This module of the FOG Service is used to change the hostname of the client computer and to allow the client to (optionally) join a Active Directory Domain after imaging. This process only runs shortly after service startup, which means typically only when you start your computer. The service communicates with the FOG server over port 80 and determines the hostname that is present in the FOG database for the host. The hosts are matched to the FOG database by their MAC addresses. If the hostnames are found to be different, the client changes the computers hostname and restart the computer.<br />
<br />
The config.ini file contains configuration options for this module. <br />
<br />
netdompath=<br />
<br />
Allows you to set the path to the netdom.exe file. In some cases the file does not exist on the system. It can be downloaded from: [http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=de Microsoft Download Center]<br />
<br />
=====Host Register=====<br />
<br />
As of version 0.29, this module will only add additional mac address to a host that is already registered, and add them to the pending mac address table, where they need to be approved in the FOG UI.<br />
<br />
=====Task Reboot=====<br />
<br />
This module periodically checks in with the FOG server to see if the client has an imaging task assigned to it. If a task is found AND no one is logged into the workstation, then the client will restart and join the task.<br />
<br />
The config.ini file contains configuration options for this module. As of version 0.13 of FOG you can change:<br />
<br />
forcerestart=0<br />
<br />
to<br />
<br />
forcerestart=1<br />
<br />
This will make the computer restart if a task is found, regardless of whether a user is logged into the computer.<br />
<br />
You can change how often the service will check in with the server by changing:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins.<br />
<br />
=====Directory Cleaner=====<br />
<br />
Added in version 0.16<br />
<br />
This module will clean out (delete) the contents of a directory on user log off. This useful when you don't want any settings cached between users. This module will only delete the contents of a directory and not the root directory itself, so if you specify '''c:\trash''', the service will remove all files and folders located within c:\trash but leave the folder c:\trash.<br />
<br />
=====Display Manager=====<br />
<br />
Added in version 0.16<br />
<br />
This module is used to restore screen resolution between clients. This will restore a fixed resolution and refresh rate when a user logs into a computer.<br />
<br />
=====Green FOG=====<br />
<br />
Added in version 0.16<br />
<br />
This module will simply shutdown/restart the client computer at a fixed schedule if no user is logged in. The schedule can be defined via the management portal. <br />
<br />
=====Snapin Client=====<br />
<br />
This module periodically checks in with the FOG server to see is the client has an snapin set to be deployed to it. If a snapin is found AND no imaging task is associated with the client, then the client will download the snapin and install it in the background.<br />
<br />
The configuration file contains settings for this module including:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins. It is important to note that currently the fog client will wait 5 minutes when first connected / established before it starts checking and installing any snapins from the server.<br />
<br />
=====User Tracker=====<br />
<br />
This module attempts to track user access to the host computer by the Windows user name. It attempts to track logins and logoffs as well as well as the state of the computer at service startup. The service will even attempt to track users when they are not on the network by writing all entries to a journal file, then replying the journal the next time the client is on the network.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====User Cleanup=====<br />
<br />
This module will remove all users not white listed in management portal on log off. This module is useful when using services like dynamic local user. All entries in the management white list are treated as prefixes to usernames, which means that they will white list all users that start with whatever was entered in the management front end. For example, if you enter '''admin''' in the management white list, then users '''admin''', and '''administrator''' will NOT be removed from the computer.<br />
<br />
=====Printer Manager=====<br />
<br />
This module checks on service startup to see what printers should be installed/removed from the client PC.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====Client Updater=====<br />
<br />
This module waits (randomly) between 60 and 500 seconds after service startup to check the local fog server for client updates, and if any are found the service will download and install them. Updates will NOT take effect until after the service is restarted.<br />
<br />
There are no configuration settings for this module.<br />
<br />
==== Keeping Clients up to date ====<br />
<br />
===== Overview =====<br />
<br />
As of version 0.12 of FOG, we have included a client updater module. This module is no different from any of the other sub service modules. This service waits anywhere between 60 and 500 seconds after the FOG service starts up, and then attempts to check with the server for newer FOG service modules. If new modules are found the client will download them, and they will be active on the NEXT service startup. These modules are controlled from the FOG Management Console. <br />
<br />
Only certain modules can be updated, only those that are a sub class of AbstractFOGService. This means you should '''NEVER''' attempt to update the FOGService executable (FOGService.exe file), or the AbstractFOGService.dll file. It is recommended that you not update the ClientUpdater.dll, because if the ClientUpdater.dll file becomes corrupt or not functional, your clients will not be able to update from that point on. Below are a list of the .dll files that can be updated.<br />
<br />
<ul><br />
<li>UserTracker.dll</li><br />
<li>TaskReboot.dll</li><br />
<li>SnapinClient.dll</li><br />
<li>PrinterManager.dll</li><br />
<li>HostRegister.dll</li><br />
<li>HostnameChange.dll</li><br />
<li>GUIWatcher.dll</li><br />
<li>ClientUpdater.dll</li><br />
<li>config.ini</li><br />
</ul><br />
<br />
Care must also be taken when updating the config.ini file, if the IP address is incorrect or the syntax of the file is incorrect, it could leave the FOG service crippled on the client computers.<br />
<br />
===== Posting Updates =====<br />
<br />
To add new modules that can be pushed down to clients, first install a client with the new service or new module and confirm that it works as you would like. Log into the FOG management console, then go to the Infomation/Misc section (the little "i" icon). Click on '''Client Updater''' on the left-hand menu. Now click on the browse button to select the module (.dll) file you would like to post, then click on the capture button. After capturing the file should appear in the table above. If you are adding a new module, you will probably want to capture a new config.ini file to include new configuration settings required by that new module.<br />
<br />
==== FOG Tray ====<br />
<br />
The FOG Tray is a Windows application that runs on user login that docks in the system tray. The FOG Tray, like the FOG service, is very modular in nature. New modules can be dropped in the FOG tray directory and on next load they will be loaded. This tray icon has the ability to communicate with the FOG service, this allows FOG more interactivity with the end-user. <br />
<br />
What happens is that when the FOG service's printer manager module gets a request to set a default printer, the service attempts to contact the FOG Tray. If communication is established, then the service will ask the tray to set the default printer. On the other hand the end user can right click on the "F" icon in the system tray, then select printers, then update my printers. What this will do is attempt to send a request from the FOG Tray to the FOG Service and have the service check for printer updates (new printers or printers to be removed). If one is found the service will install any new printers assigned in the FOG Management portal.<br />
<br />
This application is in its very early stages and currently doesn't have a lot of functionality. It is currently only used to allow end users to update their printers and to allow the setting of default printers (from the FOG service). Our vision for the FOG Tray is to add modules that would allow users to install printers that are published as public (via the management portal) without the printer being directly assigned to their host. We would also like to do the same thing for snapins where some of your snapins could be defined as public where anyone could install them on their computer.<br />
<br />
==== Troubleshooting ====<br />
<br />
If you have problems with the FOG Service, please refer to the log file that is located at:<br />
<br />
c:\fog.log<br />
<br />
If the PXE boot does not work<br />
<br />
If booting from the fog server through pxe comes up with an error file not found, edit /etc/default/tftpd-hpa<br />
<br />
Change TFTP_DIRECTORY to<br />
<br />
TFTP_DIRECTORY="/tftpboot"<br />
Then<br />
<br />
/etc/init.d/tftpd-hpa restart<br />
<br />
=== Snap-ins ===<br />
<br />
==== Overview ====<br />
<br />
*The FOG Service has the ability to install snapins to the clients. Snapins can be anything from whole applications like Microsoft Office to registry keys or desktop icons. Snapins can even be used to uninstall applications or remove unwanted files. For the end use's point of view, they will not even noticed that a snapin is being installed until it is complete. At this point a message will notify them that a new application has been installed on their computer. Snapins can be in MSI (0.17) or EXE formats, and can be created with any snapin creation tool like InstallRite or already packaged MSI files (0.17). You can also push commands to the computer that include .vbs scripts / .cmd (commands) and .bat (batch scripts).<br />
<br />
*Snapin return codes are specified by the program that's being installed.<br />
<br />
<br />
==== Creating a Snapin / Overview ====<br />
<br />
FOG doesn't provide a tool to create snapins, but instead allows you to push files and execute them on the remote computers. It is highly recommended that you push the actual installer to the computer instead of using a program such as InstallRite. <br />
<br />
If you have never silently installed software to a computer, or created an answer file for a program please look at the website Appdeploy [http://www.appdeploy.com/articles/ Link] This website has an trove of information on how to push software to a computer remotely.<br />
<br />
===== Creating a Snapin for larger applications with SFX Maker =====<br />
<br />
Some larger applications such as Microsoft Office and Adobe Products (Acrobat / Creative Suite) require multiple files to install properly. If you have an application that is not a single .exe please use SFX Maker. This tool is free for non commercial use, and most programs fall under the GPL. [http://www.isoft-online.com/ SFX Maker's Website]<br />
<br />
For instructions on how to use this software please see the youtube videos below.<br />
<br />
[http://www.youtube.com/watch?v=ZSMJLnRjn94 Office 2003 Install]<br />
[http://www.youtube.com/watch?v=Qzc1Q9NW_cE Office 2007 Install]<br />
<br />
SFX Maker takes an entire folder and encapsulates it or "folds" it into a single .exe which then "unfolds" to its original state and launches a file or command.<br />
<br />
===== Creating a Snapin with InstallRite =====<br />
<br />
If for some reason you do wish to use Installrite please be aware it comes with issues and limitations (not compatible on all windows operating systems / can cause issues with the computer it is pushed to). Below is an example of how to build a package with that software<br />
<br />
In this example we will use Epsilon Squared's InstallRite which can be downloaded from http://www.epsilonsquared.com/installrite.htm. This application will package up your snapin as an exe file which will be uploaded to the FOG server. <br />
<br />
<ol><br />
<li>To run InstallRite navigate to c:\program files\Epsilon Squared\InstallRite\InstallRite.exe</li><br />
<li>Click on "Install new software and create an InstallKit"</li><br />
<li>On the Configure screen, click Next.</li><br />
<li>On the Snapshot screen click next to create a new system snapshot.</li><br />
<li>On the next screen,click the browse button to select the application you wish to install, then click next.</li><br />
<li>When installation is complete InstallRite will come into focus, click the next button. InstallRite will scan your system again.</li><br />
<li>Enter a name for your snapin.</li><br />
<li>Click "Build Install Kit"</li><br />
<li>Select "Quiet Installation Mode", Never reboot, even if needed, and "Never prompt the user and only overwrite older files"</li><br />
<li>Click OK and it will build your snapin.</li><br />
</ol><br />
<br />
==== Preparing the FOG Server ====<br />
<br />
If your snapin is larger than 2MB you will need to make two changes to the FOG server to allow uploads of larger than 2MB.<br />
<br />
See also: [[Troubleshoot Web Interface]]<br />
<br />
===== Fedora =====<br />
<br />
<br />
#On the FOG Server click on Applications -> Accessories -> Text Editor.<br />
#Select Open and navigate to "/etc/php.ini"<br />
#Change UPLOAD_MAX_FILESIZE to 1900MB (On a 32Bit OS don't set this value above 2GB)<br />
#Change POST_MAX_SIZE to the same value.<br />
#Save and close the text editor.<br />
#Click on Applications ->System Tools -> Terminal and type "service httpd restart"<br />
<br />
===== Ubuntu =====<br />
<br />
#sudo gedit /etc/php5/apache2/php.ini<br />
#Change <br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
#Save Changes<br />
#sudo /etc/init.d/apache2 restart<br />
<br />
<br />
===== VMWare =====<br />
<br />
#sudo vim /etc/php5/apache2/php.ini<br />
#Edit the following lines in the document (read below for assistance with working in VIM)<br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
<br />
<br />
*To edit content in vim you will need to press the '''"I"''' key on your keyboard to enter input mode.<br />
*Hitting the '''Escape''' key will bring you out of input mode.<br />
*Once out of input mode type ''':w''' and then '''enter''' to save the file<br />
*Restart FOG once the file has been saved<br />
<br />
==== Uploading the Snapin ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/CreateSnapin.swf.html Video Tutorial]<br />
<br />
<ol><br />
<li>In the FOG Management Portal click on the Snapin Icon (Puzzle Pieces).</li><br />
<li>On the left-hand menu click on the New Snapin Button.</li><br />
<li>Enter a Snapin Name and Description.</li><br />
<li>Browse to the snapin file you wish to upload.</li><br />
<li>If you want the computer to restart after the snapin is installed click on the "Reboot after install"</li><br />
<li>Click "Add"</li><br />
</ol><br />
<br />
<br />
<br />
As of version 0.17, fog supports using typical msi files as snapin files.<br />
<br />
If the snapin file is a msi file you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of msiexec.exe (ie: c:\windows\system32\msiexec.exe)</li><br />
<li>Set '''Snapin Run With Arguments:''' to '''/i'''</li><br />
<li>Set '''Snapin Arguments:''' to '''/qn'''</li><br />
</ol><br />
<br />
If the snapin file is a .vb script you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of cscript.exe (ie: c:\windows\system32\cscript.exe)</li><br />
</ol><br />
<br />
<br />
<br />
'''Documentation on list of support snapin's and command line arguments''' [[http://www.fogproject.org/wiki/index.php?title=Supported_Snapin%27s_and_Command_Line_Switches]] There are MANY more supported applications that can be installed via command line arguments. You might have better luck installing them directly via .EXE / .MSI / or scripting them via .VBS . For more info on this consult the forums --[[User:Ssx4life|Ssx4life]] 09:04, 8 October 2009 (MST)<br />
<br />
==== Linking the Snapin to Hosts ====<br />
<br />
In order for a snapin to be deployed it must be linked with a host. To do this perform the following:<br />
<br />
<ol><br />
<li>In the FOG Management Portal, click on the Hosts Icon.</li><br />
<li>Search for and select a host and click on the edit button.</li><br />
<li>Scroll down to the snapin section.</li><br />
<li>Select the snapin you just created from the drop-down box and click the "Add Snapin" button.</li><br />
</ol><br />
<br />
The next time you image the computer the FOG Service will attempt to install that snapin. If you have problems, please see the fog log file located at c:\fog.log on the client PC.<br />
<br />
=== Client Side Tasks ===<br />
<br />
==== FOG Version ====<br />
<br />
Applies to version 0.12 or higher.<br />
<br />
==== Overview ====<br />
<br />
FOG attempts to keep management centralized, but in an attempt to make deploying machines as easy as possible FOG has added a few basic client side tasks. These tasks can be run from the client computer during the PXE boot process. When the client boots and the FOG banner is displayed the pxe client will display a prompt like '''boot:''' or something similar. At this point you have 3 seconds to start typing one of the following commands. <br />
<br />
<ul><br />
<li>fog.memtest</li><br />
<li>fog.reg</li><br />
<li>fog.reginput</li><br />
</ul><br />
<br />
==== fog.memtest ====<br />
<br />
This command will run the memtest86+ on the client computer. <br />
<br />
==== fog.reg ====<br />
<br />
This command will run the basic host registration and inventory process without any user input. It will register any new/unregistered hosts with the FOG server and pull a basic hardware inventory from them. The hostname of the computer will be the same as the MAC address without the ":".<br />
<br />
If a host is already registered, then only an inventory will be performed.<br />
<br />
==== fog.reginput ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/RegImage.swf.html View Host Registration Video]<br />
<br />
This command will run the full host registration process with user input, inventory and give the option to push down an image, all at the same time. During this process the user registering the host will be prompted for the computer host name, ip address, operating system ID, image ID, Primary User of the computer, asset tag 1, and asset tag 2. <br />
<br />
If a valid hostname, os id, and image id are given and the option is selected to image the workstation after registration, the host will reboot and an imaging send will began. <br />
<br />
If a host is already registered, then only an inventory will be performed, this prevents end-users from re-registering a machine with a different hostname, etc.<br />
<br />
This tasks was designed for institutions that may get shipments of hundreds of computers that need to be deployed very quickly. They can be unboxed, inventoried, imported into FOG and imaged very quickly. <br />
<br />
===== Operating System ID =====<br />
<br />
As of Version 0.17 of fog, you can now enter '''?''' at the Operating System ID prompt to get a listing of the valid operating system id values. <br />
<br />
The following are valid values for operating system IDs:<br />
<br />
<ul><br />
<li><b>1</b> - Windows 2000 / Windows XP</li><br />
<li><b>2</b> - Windows Vista</li><br />
<li><b>3</b> - Windows 98</li><br />
<li><b>4</b> - Windows (Other)</li><br />
<li><b>5</b> - Windows 7</li><br />
<li><b>50</b> - Linux</li><br />
<li><b>99</b> - Other</li><br />
</ul><br />
<br />
===== Image ID =====<br />
<br />
Image IDs can be found in the management console, in the Images section. Search for the image, and click on the edit button associated with the image, <br />
the image id will be in the Address/url bar in the format of <b>&imageid=xx</b>.<br />
<br />
As of version 0.17, you can enter '''?''' at the Image ID prompt to get a listing of all your images and their ID numbers.<br />
<br />
=== Active Directory Integration ===<br />
<br />
==== Setup ====<br />
<br />
===== Overview =====<br />
<br />
FOG has the ability to register a host with Active Directory, in a limited sense. Versions of FOG up to and including 0.28 rely on the netdom.exe executable that is provided as part the support tools on the Windows installation media. In order for Active Directory integration to function, your image will need to have the FOG service installed, along with the Windows Support Tools.<br />
<br />
Versions of FOG from (and including) 0.29 have this functionality built in and do NOT require netdom.exe or the support tools to be installed.<br />
<br />
It is also very important that before capturing your image that the computer is NOT a member of any domain.<br />
<br />
===== Security =====<br />
<br />
<font color="red">Note: The below statement applies to older FOG versions (1.2.0 and below). When using FOG 1.3.0 and above in conjunction with the NEW fog client, this step is not needed. See [https://wiki.fogproject.org/wiki/index.php?title=FOG_Client here] for more information.</font><br />
<br />
<br />
'''Important - Please read!'''<br />
<br />
In order to add a computer to a domain, FOG requires a username and password of an account that has rights to the OU where the computer objects are stored in the domain tree. This user account should have rights to join computers to the Domain, as well as sufficient rights to create/manage computer objects. FOG attempts to keep your password secure by encrypting it, but since FOG is open source, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and only need to be done one time. Please see the documentation below.<br />
<br />
===== Preparing the Image =====<br />
<br />
Before capturing an image to FOG that you would like to use with Active Directory, please ensure that the image:<br />
<br />
<ul><br />
<li>is NOT a member of the domain, change the computer membership to workgroup instead.</li><br />
<li>has support tools installed (Not required for FOG versions from 0.29).</li><br />
<li>has the FOG service installed.</li><br />
</ul><br />
<br />
===== FOG Setup =====<br />
<br />
To setup a host to use AD, navigate to the hosts section of the FOG management portal. <br />
<br />
<ol><br />
<li>Search for, and select a host. </li><br />
<li>Click on the Edit button</li><br />
<li>Scroll down to the Active Directory section.</li><br />
<li>Check the box next to Join Domain after image task</li><br />
<li>Enter the domain NETBIOS name (i.e. MYDOMAIN, not mydomain.com).</li><br />
<li>Enter the Organizational Unit where you would like to have the computer stored in AD. Leave if blank for the default. (Must be in LDAP format).</li><br />
<li>Enter the user name that has access to the computer objects. Do not include the domain name if you are running version 1.2 (your mileage may vary with earlier versions). Development version of FOG will accept a name with or without domain ('''username ''OR'' mydomain/username''').</li><br />
<li>Enter the encrypted password. This password must be encrypted with the [[FOGCrypt]] utility. This utility is located in the FOGCrypt folder of the FOG download package. It is a Windows (.NET) command line application.</li><br />
<li>Click Update.</li><br />
</ol><br />
<br />
The next time you image that computer the service will attempt to register the host with the domain information provided. If you have problems please refer to the FOG Service log file located in c:\fog.log<br />
<br />
===== Making AD Integration Easier =====<br />
<br />
As of version 0.20 of FOG, we have made it a bit easier to manage AD settings in FOG, by allowing for default settings for AD. This will allow the easy population of the domain, OU, username, and password. To set this feature up perform the following:<br />
<br />
# Go to '''Other Information''' -> '''FOG Settings'''<br />
# Set your default values for the following:<br />
## FOG_AD_DEFAULT_DOMAINNAME<br />
## FOG_AD_DEFAULT_OU<br />
## FOG_AD_DEFAULT_USER<br />
## FOG_AD_DEFAULT_PASSWORD (MUST BE ENCRYPTED!)<br />
<br />
To test everything out, go to a host that doesn't have anything setup for AD, and click on the edit button for that host. Go to the host menu, and select Active Directory. Click on the '''Join Domain after image task:''' button and all your default values should be populated.<br />
<br />
==== Securing Active Directory Integration ====<br />
<br />
===== Overview =====<br />
<br />
In order to add a computer to a domain, FOG requires a username and password that has rights to the OU where the computer objects are stored in the domain tree. FOG attempts to keep your password secure by encrypting it, but since FOG is open source and the methods used to encrypt the password are open for all to see, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and it only needs to be done one time. <br />
<br />
===== The Development Environment =====<br />
<br />
The hostname change module is written in c#, so in order to recompile it you will need to download Microsoft's Visual Studio Express Edition for C#. This can be downloaded from: <br />
<br />
http://www.microsoft.com/express/vcsharp/<br />
<br />
Install Visual Studio with the standard options.<br />
<br />
===== Getting the Source =====<br />
<br />
After Visual Studio Express is installed now we need to get the source code for the hostname change module. This is part of FOG download/installation package. This package can be downloaded from:<br />
<br />
http://sourceforge.net/project/showfiles.php?group_id=201099 <br />
<br />
Extract this package, then navigate to "FOG Service\src\FOG_HostNameChanger\"<br />
<br />
Double-click on HostNameChange.sln to open the project. <br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > hostnamechanger properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Once the project has opened, on the right-hand panel, in the "Solution Explorer", double-click on MOD_HostNameChanger.cs.<br />
<br />
After do so, you should get the source code to display in the main panel, scroll down to the line:<br />
<br />
private const String PASSKEY = "FOG-OpenSource-Imaging"; <br />
<br />
Change '''FOG-OpenSource-Imaging''' to anything you like, just remember what you change it to, as you will need it later.<br />
<br />
Then click File -> Save All.<br />
<br />
Then click Build -> Build Solution.<br />
<br />
This will recompile the hostname change module with your unique key.<br />
<br />
Now navigate to "FOG Service\src\FOG_HostNameChanger\bin\Release"<br />
<br />
Copy only the file HostnameChange.dll to "FOG Service\src\FOG Service\bin\Release" (overwrite existing file).<br />
<br />
Navigate to "FOG Service\src\FOG Service\"<br />
<br />
Open the solution by double-clicking "FogService.sln"<br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > FOGService properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Change the build configuration from debug to release<br />
<br />
Right click on "FOG Service Install" and click "Build"<br />
<br />
Navigate to "FOG Service\src\FOG Service Installer\Release"<br />
<br />
Select the 2 files, right-click -> Send To -> Compressed Folder<br />
<br />
Copy the .zip file to your FOG Server "/var/www/html/fog/client". Overwrite the existing file.<br />
<br />
===== Encrypting Your Password =====<br />
<br />
Now that we have changed the passkey, we need you update the FOGCrypt ini file to use this new passkey. <br />
<br />
Navigate to the FOGCrypt\etc directory from the FOG download package.<br />
<br />
Open the config.ini file and change the passkey value to your new passkey, then save the file.<br />
<br />
Now open a command window and navigate using the cd command to the FOGCrypt directory.<br />
<br />
Type:<br />
<br />
FOGCrypt [password]<br />
<br />
Where [password] is the AD user's password that has rights to the Computers section of the AD tree.<br />
<br />
The output from this command is what you will enter in the FOG management portal.<br />
<br />
<br />
=== FOG Reports ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher. <br />
<br />
==== Overview ====<br />
<br />
FOG Reports allow you to export data from FOG in two major formats including CSV, and PDF.<br />
<br />
#'''Snapin Log''' - This report will report on snapin installation history. <br />
#'''Imaging Log''' - This report will report on images deployed to hosts.<br />
#'''Virus History''' - This report lists any viruses that were found on locate computers. <br />
#'''Inventory''' - This report will report on the inventory information collect for network clients. <br />
#'''Equipment Loan''' - This report can be used for equipment loaned to staff members. <br />
#'''User Login History''' - This report contains information about user logins.<br />
<br />
==== Running Reports ====<br />
<br />
Running a report can be done from the Reports section of FOG, then by picking a report from the left-hand menu.<br />
<br />
==== Importing User Created Reports ====<br />
<br />
The reporting section of FOG allows for the end user to create and upload custom reports into FOG. A FOG report is a simple php script that is processed by the server. To import a report simply click on the '''Upload a Report''' button in the reports section, select the report then click on the upload button. The report will then show up on the left-hand menu. <br />
<br />
Please be cautious when uploading reports from an unknown source as the writer of the report has full access to the FOG system and database! Make sure your sources are trustworthy before importing a report!<br />
<br />
==== Creating Custom Report ====<br />
<br />
Custom reports are simple php scripts in FOG. Custom reports can be created based on the following template:<br />
<br />
[http://freeghost.sf.net/other/ReportTemplate.tar.gz Report Template]<br />
<br />
<br />
<br />
=== Plugins ===<br />
*[[Plugins]] give FOG extra functionality wanted for some users but not all.<br />
<br />
=== Other Settings ===<br />
<br />
==== [[Boot Image Key Map]] ====<br />
<br />
==== FOG Client Kernel ====<br />
<br />
===== Overview =====<br />
<br />
In FOG, there aren't really drivers you need to find and download for your clients to work, this is because we ship a Linux kernel that has the majority of hardware device built into it. What this means is if you have a device that doesn't work with FOG you need to either build a new kernel yourself or try a newer kernel that has been released via our kernel updater.<br />
<br />
<br />
===== Kernel Types =====<br />
<br />
We currently build two "lines" of kernels, one called KS or KitchenSink. This kernel tries to include drivers for as many devices as possible, sometimes as the cost of performance, and this is the kernel that we ship with FOG by default. The other "line" is the PS kernel or the Peter Sykes kernel, which is a based on a config submitted by a user. This kernel line tries to be faster, but may not include as many drivers as the KS kernel. <br />
<br />
===== Updating the Kernel =====<br />
<br />
It is possible to update your client kernel from within the UI of FOG. To do this perform the following steps:<br />
<br />
#Log into the FOG Management UI.<br />
#Go to '''Other Information'''<br />
#Select '''Kernel Updates'''<br />
#Select the Kernel you would like to download, typically the newest kernels are on the top of the list.<br />
#Click the download icon<br />
#Select a file name for your kernel, to make it the default kernel leave the name as '''bzImage'''<br />
#Click the '''Next''' Button<br />
<br />
=== Mobile Management Interface ===<br />
<br />
==== Overview ====<br />
<br />
The FOG Mobile web interface is a very basic, stripped down interface for FOG. It is designed to be given to lower level technicians using low powered, mobile devices such as iPod touches, iPhone, PDAs, and internet tablets. The idea behind this interface is to make it easy for techs to re-image a computer while making the rounds at a site.<br />
<br />
==== Using the mobile Interface ====<br />
<br />
The mobile interface can be access via:<br />
<br />
http://x.x.x.x/fog/mobile<br />
<br />
The portal requires a valid user name in password, which can be created via the FOG portal. <br />
<br />
[[Image:Ipod login.JPG]]<br />
<br />
Once logged into the portal, users can search for hosts and image them, and view/cancel active tasks. <br />
<br />
[[Image:Ipod results.JPG]]<br />
<br />
[[Image:Ipod active.JPG]]<br />
<br />
They can not change image associations, nor modify any properties of a host.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Managing_FOG&diff=12660Managing FOG2022-11-02T16:48:23Z<p>SebastianRoth: /* Hosts */</p>
<hr />
<div>== Managing FOG ==<br />
<br />
=== Dashboard ===<br />
<br />
==== Overview ====<br />
<br />
[[File:Dashboard.png]]<br />
<br />
*The FOG dashboard is the first page you are presented with after login. This page just gives you an overview of what is happening on your FOG server.<br />
<br />
==== System Overview ====<br />
<br />
*The system overview box is the the top left hand box on this page. The information presented in this box is the current user, the server IP addresse or hostnames for your web server, tftp server and storage server (which can all be different). This section also gives you the system uptime or how long the system has been running without restart, the number of users logged into the Linux box, and lastly the system load.<br />
<br />
==== System Activity ====<br />
*The system activity box is in the top row, the middle box. This section shows the unicast queue, or the number of unicast deploys that are currently in progress. The queue size can change and is based on the the Storage Group(s). Each storage node has a setting ''Max Clients'' making this the maximum number of hosts that this node can image to. If there are 2 nodes with a max of 10 each then your maximum queue amount is 20. However, remember the more you increase the ''Max Clients'' the slower each particular host will be to deploy the image.<br />
*This means that after 20 hosts are receiving images (at once) the 21st will wait for one of the hosts in progress to complete before starting. The reason this was created was so that you could queue up 100 machines with different images (all unicast) and still keep the system functional. We have heard of this queue being used to re-image an entire building of computers ( ~ 1000+ ) overnight. This section updates in real time.<br />
*It will display all the queued, running, etc... tasks and updates at the same interval as the Bandwidth graph. Also, SVN installations (and later future releases) are able to edit which type of tasks get counted towards the "queue". <br />
*This edit can be performed by going to '''FOG Configuration'''[[file:Config.png]]--> '''FOG Settings'''--> '''General Settings''' --> '''FOG_USED_TASKS'''. <br />
*The text field is numeric values (so you'll need to know which task id's are which type. This text field is a CSV setup. If you type (1,2,3,4,5) it will display all tasks of Deploy, Capture, Debug, Memtest, and Testdisk as queued/active depending on their current state. The exception to this rule, is Task Type ID 8 (multicast) in which case it takes the Jobs, not each individual host task, as a queued slot.<br />
<br />
==== Disk Information ====<br />
<br />
*The disk information box is the top, right hand section of the dashboard page. This is a semi-realtime display of the storage remaining on the storage server.<br />
*There is also a drop-down box that can be changed to your storage nodes to monitor their Disk Information.<br />
*If you get an error in this box, please see [[Dashboard Error: Permission denied...]]<br />
<br />
==== 30 Day Imaging History ====<br />
<br />
*This image shows your imaging trends for the past 30 days<br />
<br />
==== Menu Bar ====<br />
<br />
[[Image:FogMenu.jpeg]]<br />
<br />
This menu appears at the top of every page on Fog's web UI. The icons are, from left to right:<br />
<br />
[[Image:Home.png]]'''Home/Dashboard''' - This is the home screen of the FOG management portal.<br />
<br />
[[Image:Users.png]]'''[[Managing_FOG#Users | User Management]]''' - Individual administrators of the FOG resources.<br />
<br />
[[Image:Hosts.png]]'''[[Managing_FOG#Hosts | Host Management]]''' - This section houses the hosts, which are the pcs to be imaged or to extract images from.<br />
<br />
[[Image:Groups.png]]'''[[Managing_FOG#Groups | Group Management]]''' - This section houses groups, which are similar PCS’ that need tasks done en-masse.<br />
<br />
[[Image:Images.png]]'''[[Managing_FOG#Images | Image Management]]''' - This section allows you to manage the image files stored on the FOG server.<br />
<br />
[[Image:Storage.png]]'''[[Managing_FOG#Storage_Management | Storage Management]]''' - This section allows you to add/remove storage nodes from the FOG system.<br />
<br />
[[Image:snapins.png]]'''[[Managing_FOG#Snap-ins | Snap-in Management]]''' - This section provides ways to automate various post-imaging tasks, not covered in this document<br />
<br />
[[Image:Printers.png]]'''[[Managing_FOG#Printers | Printer Management]]'''' - This section allows for management of printers, allowing you create printer objects that can later be assigned to hosts or groups.<br />
<br />
[[Image:Services.png]]'''Service Configuration'''' - This section allows you to control how the ''client'' service functions.<br />
<br />
[[Image:Tasks.png]]'''[[Managing_FOG#Tasks | Task Management]]''' - This section allow you to perform imaging tasks such as acquiring or deploying images.<br />
<br />
[[Image:Reports.png]]'''[[Managing_FOG#FOG_Reports | Report Management]]''' - Reports let you pull information from the FOG database either as HTML, pdf, or csv.<br />
<br />
[[Image:config.png]]'''Fog Configuration''' - The section has the rest of the settings that don't fit anywhere else like the kernel updater, client service updater, iPXE edits, MAC address list, Log viewer, '''FOG Settings'''.<br />
<br />
[[Image:Plugins.png]]'''[[Managing_FOG#Plugins | Plugins]]''' - Plugins add more functionality to FOG. Must be enabled in ''Fog Configuration''<br />
<br />
[[Image:Logoff.png]]'''Logoff''' - Click this to log off of the Fog web UI.<br />
<br />
<br />
----<br />
<br />
=== Hosts ===<br />
Moved to https://docs.fogproject.org/en/latest/management/host-management.html<br />
<br />
----<br />
<br />
=== Groups ===<br />
*Groups in FOG are used to organize your hosts into real world logical clusters. This is intended to ease management of the computers. A single host can be a member of infinitely many groups, so if a computer happens to be a member of the group called "Third Floor", it could also be a member of "Math Department", or "Dell PCs." Groups make using FOG possible for organizations with a very large number of PC's.<br />
<br />
==== Creating Groups ====<br />
*Groups are created in two sections:<br />
*#'''Group Management'''[[file:groups.png]] --> '''Create New Group'''<br />
*#Hosts section of FOG based on searches, for information on how to create groups, please see [[Managing_FOG#Creating_Host_Groups | Creating Host Groups.]]<br />
<br />
==== Managing Groups ====<br />
<br />
*After a group has been created, it can be managed from the groups section of FOG. Locating groups is very similar to locating hosts, you can either list all groups or you can search for groups. When searching for groups your search criteria is matched against the group name or the group description. Once a group is located it can be modified by clicking on the "Edit" button on the right hand side of the table or the Title of the group itself.<br />
<br />
*Under the section "Modify Group [Groupname]" there are options to change the group name, group description, group product key, or to delete the group. If you wish to update the group name or the group description make your change then click on the "Update" button within that section. If you would like to remove the group then simply click on the "Delete" button within this section.<br />
<br />
*As a reminder, when saving or updating settings for hosts Fog uses the last to save option. If you set all the hosts in this group to have ''Image A'' and then change ''Host A'' in that group to be ''Image B''. The group settings will not override the settings for ''Host A'', unless you go back to the group and set all hosts back to ''Image A''.<br />
<br />
===== Group Basic Tasks =====<br />
<br />
*This section will allow you to start a task on this group of hosts. From this section you can start any task to all hosts within the group. Multi-Cast is also available from here. Please review [[FOGUserGuide#Fundamental_Concepts | Fundamental Concepts]] to determine the required deploy task.<br />
<br />
===== Group Membership Setup =====<br />
<br />
*This page allows you to view/add/delete membership of the group. This section will list all of the members of the group and give you the option to remove members from the group.<br />
<br />
===== Group Image Associations =====<br />
<br />
*The groups page also allows you to update the image association for all the members of the group. This can be done in the "Image Association for [groupname]" section. Select the image association from the drop-down box and select "Update Images" and then all your host objects for that group will be modified.<br />
<br />
===== Group Snapins =====<br />
<br />
*You can add or remove snapins to all hosts in a group, but because the nature of groups, it is not possible to see what snapins are currently associated with a group. This is because the snapins are not directly associated with the group, the are associated with the host and it is possible for all members of the groups to have different snapins linked with each host. What fog does allow you to do is batch add a snapin to all the hosts within a group. At the same time you can batch remove a snapin from all the hosts within a group. This functions can be done via the '''Add Snapins''' and '''Remove Snapins''' button in the Group Menu.<br />
<br />
===== Group Service Settings =====<br />
<br />
*The '''Service Settings''' page allows you to enable or disable certain service modules on all hosts in the group, as well as change some service settings for group such as screen resolution, and auto log off settings.<br />
<br />
===== Group Active Directory Setup =====<br />
<br />
*Active Directory integration settings can also be distributed to all members of a group via this page. The section "Modify AD information for [groupname]" allows you to do so. This section provides the same options as the host screen but allows you to mass update all of your hosts.<br />
<br />
===== Group Printers =====<br />
<br />
*The '''Printers''' page allows you to add or remove printer associations to all hosts within the group. This page also allows you to set the management level all hosts within the group.<br />
<br />
===== Group Membership Information =====<br />
<br />
*The most important thing to remember about groups in FOG is that they do not contain their own properties. When you make changes to a group, you are really make changes to every host object within the group. For example, if you change the OS association for a group, then go back to the one of the host objects that is a member of that group, it will have the new OS association on that object.<br />
<br />
<br />
----<br />
<br />
=== Images ===<br />
<br />
Moved to https://docs.fogproject.org/en/latest/management/image-management.html<br />
<br />
----<br />
<br />
=== Storage Management ===<br />
<br />
*The Storage Manager introduces the concept of '''Storage Groups.''' Basically, a storage group is a group of NFS servers that share images and share the load of computers being imaged. Any member of a storage group is referred to as a '''Storage Node.''' You may have as many storage groups as you wish and as many storage nodes within those groups as you wish. In each storage group, there is one storage node which is designated as the '''Master''' of that group. Basically, this '''Master''' node is the node where all image captures go, this node handles multicasting tasks for the group, and is the image replicator the for the group. This means that whatever images are stored on this node are what gets distributed to the entire group. <br />
<br />
*What this new system of storage management gives us is a distributed model for FOG which allows for more unicast transfers at a single time. We also gain data redundancy. We also take stress off of the main FOG server.<br />
<br />
*Below is a brief overview of Storage Groups<br />
<br />
[[Image:Nfsgroup.jpg]]<br />
<br />
*This image shows a single Storage Group and the flow of data within the group. The queue size of the system is the sum of the queue size of all the storage nodes within the system. So if you have 4 nodes each with a queue size of 10, then the queue size of the system is 40, which means 40 clients can be imaged (unicast) at one time. <br />
<br />
[[Image:StorageGroups.jpg]]<br />
<br />
*This image shows that it is possible to have multiple storage groups on your network, which are isolated from each other. This image also demonstrates, that captures always go to the master node and multicast session always send data from the master node. Images are pushed out from the master node of the group to all other members of the group.<br />
<br />
*'''Key Benefits'''<br />
*#Increased throughput<br />
*#Redundant Storage<br />
*#Scalability<br />
<br />
*Also see [[Knowledge_Base#Storage_Nodes | Storage Nodes]] for tutorials.<br />
<br />
==== Adding a Storage Node ====<br />
<br />
*Definition: Storage Nodes provide extra [http://www.fogproject.org/wiki/index.php?title=InstallationModes NFS/FTP storage space] which increases available throughput and redundancy within a network. They do not provide PXE, TFTP, or DHCP services at secondary sites. To enable additional PXE and TFTP services at secondary sites see this section: [[#Including_multiple_PXE_.2F_TFTP_servers|#Including multiple PXE / TFTP servers]]<br />
<br />
*Video Tutorial: http://www.youtube.com/watch?v=X72WthDGwsw&fmt=18 (old video but still valid infomation)<br />
<br />
*To add an additional storage node to the network, the computer should be prepared in the same way the main FOG server would be prepared (disable firewall, SELinux, etc). You can also safely mix operating systems for the nodes of you storage group, some nodes can be running fedora, and some can be running Ubuntu. It is important to update your storage nodes when you upgrade to a new version of FOG. Installation of a storage node is done with the same installer for a normal FOG server. Installation can be started by running the installer script, the steps are detailed below.<br />
<br />
*Surprisingly enough some users have actually gotten a Windows Storage node to work properly. See [[Windows_Storage_Node]] for more information on this.<br />
===== Installing the Node =====<br />
*To Install a node:<br />
*#Run the installation script, ./installfog.sh<br />
*#Select your operating system.<br />
*#When prompted for Server Installation Mode, select '''S''', for storage node.<br />
*#Enter the IP address of the storage node.<br />
*#Confirm you interface<br />
*#Then you will need to enter the IP address or host name of the node running the FOG database<br />
*#Then you will be prompted for a username (typically fogstorage)<br />
*#and a password that is located on the FOG server, that will allow the storage node to access the main FOG server's database. This information is located in the FOG management portal for convenience (on the main for server). It can be accessed via '''Other Information''' -> '''FOG settings''' -> section '''FOG Storage Nodes'''.<br />
*#You will then be prompted to confirm your installation settings, if they are correct press '''Y''' end hit '''Enter'''.<br />
*#When installation completes, the install will produce a username and password that will be needed to add the storage node to the FOG management portal. Username is "fog", password is in /opt/fog/.fogsettings<br />
<br />
===== Adding the Node to the Management Portal =====<br />
*To Add a Node<br />
*#Log into the FOG Management Portal<br />
*#Navigate to the '''Storage Management''' section.<br />
*#Click on '''Add Storage Nodes'''.<br />
*#For the '''Storage Node Name''', enter any alpha numeric string to represent the storage node. <br />
*#Enter any description you wish<br />
*#Enter the IP address of the storage node you are adding. This must be the IP address of the node, DO NOT use a hostname here or the node will not function correctly. <br />
*#Enter the maximum number of unicast clients you would like this node to handle at one time. The value that we recommend is 10. <br />
*#Is Master Node is a very dangerous settings, but for right now leave it unchecked, for more details please see: [[#Master Node Status]].<br />
*#Next, select the storage group you would like this member to be a part of, in our example we will pick '''Default'''<br />
*#Next, specify the image location on the storage node, typically '''/images/''', your image location should always end with a '''/'''.<br />
*#Next, you will want to check the box, to enable the node.<br />
*#The last two fields take the username and password that are generated during the installation of the storage node. username is "fog", password is in /opt/fog/.fogsettings<br />
*#Then click '''Add''' to have the node join the storage group.<br />
<br />
==== Monitoring The Master Node ====<br />
<br />
*On all storage nodes there is a new service (as of version 0.24) called FOGImageReplicator which is a very basic script which, if the node is the master, copies all of its images to all other nodes in the storage group. The coping is done every ten minutes by default, which means your images are NOT instantly duplicated to all nodes. <br />
<br />
*If you would like to view the status of the image replication, you can do so on the storage node by switching to tty3, by typing ctl + alt + f3. Output is also logged to a file in the '''/opt/fog/log''' directory.<br />
<br />
*FOGImageReplicator logs are also located in [[File:Config.png]] '''Fog Configuration''' --> '''Log Viewer''' --> '''FILE: [Select Image Replicator]'''<br />
<br />
==== Master Node Status ====<br />
<br />
*The '''Master Node''' (could be the server or a particular node) in a storage group is the node that distributes images files to all other nodes in the storage group.<br />
<br />
*If you have all your images distributed across 3 nodes in a storage group, '''if you add a new storage node that has no images stored on it, making that node master will cause it to take over and push it's image store of nothing to all other nodes, wiping out all of your images'''. So it is important to be very careful and backup your images when you change a node's master status.<br />
<br />
*Notes - You '''can''' have many storage nodes in a storage group. You '''can''' have one master storage node in a storage group. You '''can not''' have more than one master storage node in a storage group. You '''must have''' one master storage node for replication to take place to other nodes in the group. '''If''' a master storage node is set, all captures '''first''' go to the master storage node of the storage group the image is assigned to; and are '''then''' replicated to other storage nodes.<br />
<br />
==== Including multiple PXE / TFTP servers ====<br />
<br />
*A traditional Master Storage Node, [[#Adding_a_Storage_Node|as described above]] only provides File Storage redundancy. While this can help increase multicast throughput on a single network, all the machines under FOG management must be within the same subnet/VLAN so that DHCP broadcast requests can be directed to the Main server. (see note below)<br />
<br />
*<pre>'''Note:''' depending on the network, it may be possible to configure [http://en.wikipedia.org/wiki/UDP_Helper_Address iphelper] to forward packets to the Main FOG server</pre><br />
<br />
*The following instructions are intended to help configure additional Storage Nodes to operate independently on separate networks, while still syncing with and taking commands from a single Main FOG server.<br />
<br />
*Click here for instructions on setting up [[Multiple_TFTP_servers|multiple PXE / TFTP servers]]<br />
<br />
=== Users ===<br />
<br />
==== Overview ====<br />
<br />
*FOG has only two levels of users, '''regular''' users and '''mobile''' users. Regular users have access to the mobile portal and the full management portal. Mobile users have access to only the mobile management portal and Quick Image functions.<br />
<br />
==== Creating Accounts ====<br />
<br />
*All accounts are created under the "Users" section of the FOG portal. To create a new account click on the "New User" button on the left hand side of the page. All accounts must have a unique username, and a password. After filling in the required information click on the "Create User" button.<br />
<br />
==== Modifying Users ====<br />
<br />
*FOG accounts can be modified from within the users section. First you must locate the account you wish to modify by clicking on the "List all Users" button on the left hand side of the page. When a user is located, click on the edit button on the right hand side of the table.<br />
<br />
=== Tasks ===<br />
<br />
==== Overview ====<br />
<br />
*Tasks are all the actions that you can take on a computer, and in FOG there a numerous tasks that can be done including:<br />
<br />
*Deploy (Unicast)<br />
*Capture (Unicast) <br />
*Deploy - Multicast <br />
*Debug<br />
*Memory Test<br />
*Test Disk<br />
*Disk Surface Test<br />
*Recover (File Recovery)<br />
*Hardware Inventory<br />
*Password Reset<br />
*Deploy All Snapins<br />
*Deploy Single Snapin<br />
*Wake-Up<br />
*Deploy - Debug (Unicast)<br />
*Capture - Debug (Unicast)<br />
*Deploy - Without Snapins (Unicast)<br />
*Fast Wipe<br />
*Normal Wipe<br />
*Full Wipe<br />
*Virus Scan<br />
*Virus Scan - Quarantine<br />
*Donate<br />
*Torrent-Cast<br />
<br />
<br />
In the tasks section of FOG you can perform tasks on single hosts or groups of hosts. This section also allows you to monitor selective tasks, and stop/cancel tasks.<br />
<br />
==== General Tasks ====<br />
<br />
The general/common Tasks in FOG include unicast image capture, and unicast image send, as well as a multicast image send. In FOG, sending an image to the server is considered an image capture, and deploying an image to the client is called a send. Both of these tasks can be started directly from the search, list all hosts, and list all groups pages. <br />
<br />
To perform a simple image capture, click on the upward facing arrow next to the host. Captures are only possible on a host, not a group. Capturing an image will also overwrite any image file that may already exist for that host without any notification or confirmation.<br />
<br />
Please note that capturing images of Windows Vista and Windows 7 requires special command to be run on the clients prior to image capture. Please see [[What do I have to do to an image before capturing?]] for more details.<br />
<br />
For a video demonstration of an image capture, please see: http://www.youtube.com/watch?v=jPPZr0abVfg&fmt=18<br />
<br />
To perform a simple image send, click on the downward facing arrow next to the host. An image send can be done on a host or a group. When sending an image to multiple computers FOG works in queue mode, which means that it will only send to 10 (by default) computers at one time. This is done to keep the server from being overworked. As soon as the a machine finishes, another from the queue joins.<br />
<br />
To perform a multicast image send you must search for a group of hosts on the "Task Management" page. Multicast tasks can only be performed on a group of hosts. Multicast tasks will send to all the computers in the group at once, and the task will not start sending until all members of the group have connected with the server. After starting a multicast task, status can be view by clicking on [ctl]+[alt]+f2. A log is also kept for multicast transfers which is stored at /opt/fog/log.<br />
<br />
==== Advanced Tasks ====<br />
<br />
The advanced Tasks in FOG include everything that is not a simple capture, simple deploy or mutlicast deploy. <br />
<br />
=====Debug=====<br />
<br />
Debug mode boots the linux image to a bash prompt and allows the user to issue all commands by hand. <br />
<br />
=====Capture - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to capture the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to send the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Without Snapins)=====<br />
<br />
This task does a normal send task with the exception that if any snapins are associated with the host, they are not deployed to the host. <br />
<br />
=====Deploy All Snapins=====<br />
<br />
This task will send all the snapins associated with a host to the host without imaging it.<br />
<br />
=====Deploy Single Snapin=====<br />
<br />
This task will send a single snapin that is associated with the host to the host without imaging it. (Note: The snapin must be associated with the host already)<br />
<br />
=====Memory Test=====<br />
<br />
Boots to Memtest86, a memory testing tool. This a task will not exit with out user intervention at the client side. The task must also be manually stopped via the management front end.<br />
<br />
=====Wake Up=====<br />
<br />
Wakes up host or group of hosts using Wake-on-Lan. <br />
<br />
=====Fast Wipe=====<br />
<br />
This task does a quick and dirty wipe of the drive. This task writes zeros to the first ~40MB of the disk. This task should NOT be used if you don't want your data to be recoverable. <br />
<br />
=====Normal Wipe=====<br />
<br />
This tasks writes random data to the entire surface area of the disk. <br />
<br />
=====Full Wipe=====<br />
<br />
This tasks writes random data, multiple times to the entire surface of the disk. <br />
<br />
=====Disk Surface Test=====<br />
<br />
This task will look for bad blocks on the hard disk and report them back to the client console. <br />
<br />
=====File Recovery=====<br />
<br />
This task will load an application that can be used to recover lost files from the hard disk. <br />
<br />
=====Virus Scan=====<br />
<br />
This task will update and load ClamAV and scan the partition for viruses. It will either scan and report or scan and quarantine files, it will also report back to the management portal with the results of the scan.<br />
<br />
=====Hardware Inventory=====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/InventoryUpdate.swf.html Video Tutorial]<br />
<br />
The hardware inventory task will execute the same task as the fog.reginput client side task. Since the host is already registered, all it will do is update the computers inventory and restart. It is visioned that this task could be run on a regular interval on a group of all computers in your network, or some sub group of computers in your network. Then on the next reboot of those computers an inventory would be performed.<br />
<br />
==== Scheduling ==== <br />
<br />
As of version 0.27 of FOG, select tasks can be scheduled using a static date/time combination or using a cron style repetitive task scheduling. Task scheduling can be performed on either single hosts, or on groups of computers. One thing to note about task scheduling that isn't intuitive is that it '''requires an image to be associated with the host, even for non-image based tasks!''' The reason for this is because tasks are only run on the master storage node associated with that host, and the only way to tie a storage node to a host is via an image. We did this to prevent multiple storage nodes to try running the same task for a specific host. <br />
<br />
===== Single Execution Scheduling =====<br />
<br />
Single task execution will run a task at a single date and time, then the task will be discarded. To scheduled a single execution task, you would go to the tasks section of fog, then select the host or group you would like to schedule the task, then select the task you would like to schedule. You will then be presented with the screen show below.<br />
<br />
[[Image:Sched.png]]<br />
<br />
To schedule a single execution task, click on white text box below "Schedule Single Task Execution?" and a pop up calendar will load and allow you to select your date and time for the task. Click on the date to close the calendar, then start you task. <br />
<br />
===== Cron Style Task Scheduling =====<br />
<br />
Cron style task execution allows you to do complex repetitive task scheduling. After a cron task executes, it is not removed, as single executions tasks are. Cron style tasks, as the name suggests are similar to the Linux cron task scheduler format. Cron style tasks are created as single execution tasks are, except when presented with scheduling options, select the option "Schedule Cron Style Task Execution". Below that check box are a series of text boxes including:<br />
<br />
min -> Minute [00-59]<br />
hour -> Hour [00-23]<br />
dom -> Day of Month [01-31]<br />
month -> Month [01-12]<br />
dow -> Day of Week [01-07] (Sunday ==> 0, Saturday ==> 6)<br />
<br />
To give an example of how this works, if you wanted a capture task to run at '''10:00pm everyday''' you would enter the following:<br />
<br />
0 22 * * *<br />
<br />
This basically says run the task a '''0''' minutes into the hour, on the '''22nd hour (10:00pm)''', on '''every day of the month''', on '''every month of the year''', on '''every day of the week'''.<br />
<br />
To take this example further, lets say you only wanted to capture the image '''every other day''', we could do this by adding:<br />
<br />
0 22 */2 * *<br />
<br />
The '''*/2''' now tells the scheduler to only run on '''even days of the month'''. <br />
<br />
We could even ask the scheduler to only do a backup on '''even weekdays''' by adding:<br />
<br />
0 22 */2 * 1-5<br />
<br />
The 1-5 we just added says only run on days 1 through 5, which relate to Monday - Friday.<br />
<br />
Now we will ask the scheduler to only backup in the month of February.<br />
<br />
0 22 */2 2 1-5<br />
<br />
Another basic example could be if you wanted to run an inventory update on the first of every month you could use:<br />
<br />
30 1 1 * *<br />
<br />
This task would then run at '''1:30''' on the '''1st of every month'''.<br />
<br />
<br />
The FOG scheduler doesn't support 100% of the operations that cron supports, below are the operations that are supported:<br />
<br />
4 - Listing a static number<br />
4,5,6,7 - Listing a group of numbers<br />
4-7 - ranges of numbers <br />
4-7,10 - ranges and lists<br />
*/5 - * divided by a number<br />
* - Wildcard<br />
<br />
For more information on cron please see http://en.wikipedia.org/wiki/Cron<br />
<br />
=== Setting up Printers With Fog Printer Management ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher.<br />
<br />
==== Known Issues ====<br />
<br />
Setting of the default printer will only work if the fog tray icon is running.<br />
<br />
==== Overview ====<br />
<br />
The printers section of FOG allows you to create printer definitions that you can later associate with hosts. The FOG service looks at these associations and during service it will attempt to install any printers listed. This service has three settings which define how the printers are managed, printer management can be set to:<br />
<br />
<ul><br />
<li>No Printer Management</li><br />
<li>Add Only</li><br />
<li>Add and Remove</li><br />
</ul><br />
<br />
All hosts default to '''No Printer Management''' which means that the FOG service does nothing to the hosts printers. '''Add Only''' does as the name implies, and will only add printers to the host machine, it will not remove any existing printers that may be installed. '''Add and Remove''' will take full control of the hosts printing system and only allow for the printers that are specified by the FOG management console to exist on the host. <br />
<br />
==== Adding New Printers ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf Video Tutorial]<br />
<br />
In order for the printer to be added to the host computer, the printer drivers must be stored in a public area, or included on the host computer. This public area can be a Novell Network share where public has read-only access, a Windows share that is public read-only to everyone, or a Samba share (possibly residing on the FOG server) that is public read-only to everyone. This share must be accessible via a UNC path as the service may attempt to install the printers before drive mapping occurs. In this share the printer drives and .inf file must exist. FOG supports install IP based (Jet-Direct) printers, public access NDS printers, Local printers, windows share based printers, (and we think, but could use a confirmation as it hasn't been tested) AD based printers. <br />
<br />
If you wish to see what printers are included with Windows XP, navigate to c:\windows\inf\ntprint.inf. Open this file with a text editor and you will be able to install all the printers listed using the ntprint.inf file. <br />
<br />
To create a new printer definition click on the Printer icon on the system menu bar. Then on the left hand menu, click on '''Add New Printer'''. The form you are presented with will require you to enter:<br />
<br />
<ul><br />
<li>'''Printer Model''' - This must match the name in the INF file.</li><br />
<li>'''Printer Alias''' - This can be anything you wish and it is what the end user will see.</li><br />
<li>'''Printer Port''' - This is something like '''LPT1:''', or '''IP_1.1.1.2'''.</li><br />
<li>'''Printer INF File''' - This is the path to the INF file for the printer driver.</li><br />
<li>'''Printer IP''' - (optional) This is ip address of an IP based printers only, this can take the form of '''1.2.3.4:9100''' or '''1.2.4.5'''. If the port doesn't exist already, it will create one named ''' IP_x.x.x.x''', where x.x.x.x is the ip address. That is what should be entered in the port field.</li><br />
</ul><br />
<br />
After all the required information is entered, click on the '''Add Printer''' button.<br />
<br />
==== Linking Printers to Hosts ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf.html Video Tutorial]<br />
<br />
Linking printers to hosts can be done from either the hosts section or the groups section. In the hosts section find the host you would like to add a printer to, click on the edit button associated with that host. In the host menu, click on the '''Printers''' button. First select how you would like the host to be managemed, either '''No Printer Management''', '''Add Only''', or '''Add and Remove'''. Then in the section below, select the printer you would like to install from the drop down list and click on the '''Update''' button.<br />
<br />
==== Creating a Samba Based Printer Store on FOG ====<br />
<br />
If you do not have a public sever where you can store your printer drivers for the FOG Printer Manager, then it is very easy to set one up on the FOG server using Samba, so all your Windows Clients will be able to connect.<br />
<br />
[[Creating a Samba Based Printer Store on FOG]]<br />
<br />
=== The FOG Client Service ===<br />
<br />
<font color="red">Note:</font> Most of the things here about the FOG Client service apply to the legacy FOG client that came with FOG versions 1.2.0 and older. FOG 1.3.0 now comes with a new FOG Client. Details on this can be found here: [[FOG Client]]<br />
<br />
==== Overview ====<br />
<br />
The FOG Client Service is a Windows Service that is intended to be installed on the client computers during the image creation process. The FOG service communicates with the FOG server to provide certain service to the client computers including:<br />
<br />
<br />
*Auto Log Off (0.16)<br />
*Hostname Changes<br />
*Active Directory Integration<br />
*Directory Cleaner (0.16)<br />
*Display Manager (0.16)<br />
*Green FOG (0.16)<br />
*Host registration<br />
*Task Restarting<br />
*Snapin Installation<br />
*User Tracker<br />
*Printer Manager<br />
*User Cleanup (0.16)<br />
*Client Updater<br />
*User Tracker<br />
<br />
==== Module specific configuration settings ====<br />
<br />
The FOG Client Service is very modular in nature, which means you can install portions of the services provided, and leave off others. This also means that it is very easy to create new sub services if you know a little C#. All configuration data is held in a local INI file. Which is typically stored in <br />
<br />
c:\program files\fog\etc\config.ini<br />
<br />
This file holds, in the general section:<br />
<br />
<ul><br />
<li>FOG Server IP address</li><br />
<li>FOG Service installation root</li><br />
<li>FOG Service working directory</li><br />
<li>FOG Log file path</li><br />
<li>Flag indicating if GUI messages should be displayed</li><br />
<li>The max log file size</li><br />
</ul><br />
<br />
==== Installation ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/FogServiceInstall.swf.html Video Tutorial]<br />
<br />
The FOG service should be installed on the computer to be imaged before capturing the image to the FOG Server. <br />
<br />
The FOG service is located in the '''FOG Service/bin''' directory or if the FOG server is already installed it can be downloaded from:<br />
<br />
http://[serverip]/fog/client/<br />
<br />
Double-click on the '''setup.exe''' to start the installation wizard. At the end of the wizard you will need to enter the IP address or hostname of your FOG server.<br />
<br />
[[Image:fogservice.jpg]]<br />
<br />
Then restart the computer, if you don't restart the computer you will have issues with the service GUI appearing correctly.<br />
<br />
===== Quiet Installation =====<br />
<br />
As of version 0.29 and higher, the FOG client now supports a quiet installation mode. This can help automate deployments, by allowing the command to be run without user interaction from batch files. To do this the setup.exe file must be run from the command line with the arguments '''fog-defaults=true /qb'''.<br />
<br />
So the full command would be:<br />
<br />
setup.exe fog-defaults=true /qb<br />
<br />
==== Functions and Operation ====<br />
<br />
=====Auto Log Out=====<br />
<br />
Added in Version 0.16<br />
<br />
This module of the FOG Service will log a user off of a client pc after X minutes of inactivity. This module will display a screen saver-like GUI after 3/4 of the inactive time is up. So if the time out value is 40 minutes, the GUI will be displayed at 30 minutes of inactivity. When the time is up, the client computer will reboot. This service module can be configured via the management portal via:<br />
<br />
FOG Service Configuration -> Auto Log Out<br />
<br />
To enable the module globally, place a check in the box next to '''Auto Log Out Enabled?'''. The time to auto log off can changed globally via '''Default log out time:''' The minimum recommended value for this setting is 4 minutes. <br />
<br />
The background image for the auto log off module can be modified via:<br />
<br />
Other Information -> FOG Settings<br />
<br />
The settings can be changed by modifying the value for '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE'''. This settings will accept a jpg file that is local to the client computer like: <br />
<br />
c:\images\image.jpg<br />
<br />
This setting will also accept files located on a web server such as:<br />
<br />
http://www.somedomain.com/image.jpg<br />
<br />
Provided with FOG is a simple php script that will display a random images that is located on the FOG server. To use this option set '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE''' to <br />
<br />
http://x.x.x.x/fog/public/randomimage.php<br />
<br />
Then simply put the images you would like to use in the following directory on the fog server:<br />
<br />
/var/www/html/fog/public/imagepool<br />
<br />
Images used for the auto log off module must be in jpg format, and must be 300px by 300px.<br />
<br />
=====Hostname Changer=====<br />
<br />
This module of the FOG Service is used to change the hostname of the client computer and to allow the client to (optionally) join a Active Directory Domain after imaging. This process only runs shortly after service startup, which means typically only when you start your computer. The service communicates with the FOG server over port 80 and determines the hostname that is present in the FOG database for the host. The hosts are matched to the FOG database by their MAC addresses. If the hostnames are found to be different, the client changes the computers hostname and restart the computer.<br />
<br />
The config.ini file contains configuration options for this module. <br />
<br />
netdompath=<br />
<br />
Allows you to set the path to the netdom.exe file. In some cases the file does not exist on the system. It can be downloaded from: [http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=de Microsoft Download Center]<br />
<br />
=====Host Register=====<br />
<br />
As of version 0.29, this module will only add additional mac address to a host that is already registered, and add them to the pending mac address table, where they need to be approved in the FOG UI.<br />
<br />
=====Task Reboot=====<br />
<br />
This module periodically checks in with the FOG server to see if the client has an imaging task assigned to it. If a task is found AND no one is logged into the workstation, then the client will restart and join the task.<br />
<br />
The config.ini file contains configuration options for this module. As of version 0.13 of FOG you can change:<br />
<br />
forcerestart=0<br />
<br />
to<br />
<br />
forcerestart=1<br />
<br />
This will make the computer restart if a task is found, regardless of whether a user is logged into the computer.<br />
<br />
You can change how often the service will check in with the server by changing:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins.<br />
<br />
=====Directory Cleaner=====<br />
<br />
Added in version 0.16<br />
<br />
This module will clean out (delete) the contents of a directory on user log off. This useful when you don't want any settings cached between users. This module will only delete the contents of a directory and not the root directory itself, so if you specify '''c:\trash''', the service will remove all files and folders located within c:\trash but leave the folder c:\trash.<br />
<br />
=====Display Manager=====<br />
<br />
Added in version 0.16<br />
<br />
This module is used to restore screen resolution between clients. This will restore a fixed resolution and refresh rate when a user logs into a computer.<br />
<br />
=====Green FOG=====<br />
<br />
Added in version 0.16<br />
<br />
This module will simply shutdown/restart the client computer at a fixed schedule if no user is logged in. The schedule can be defined via the management portal. <br />
<br />
=====Snapin Client=====<br />
<br />
This module periodically checks in with the FOG server to see is the client has an snapin set to be deployed to it. If a snapin is found AND no imaging task is associated with the client, then the client will download the snapin and install it in the background.<br />
<br />
The configuration file contains settings for this module including:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins. It is important to note that currently the fog client will wait 5 minutes when first connected / established before it starts checking and installing any snapins from the server.<br />
<br />
=====User Tracker=====<br />
<br />
This module attempts to track user access to the host computer by the Windows user name. It attempts to track logins and logoffs as well as well as the state of the computer at service startup. The service will even attempt to track users when they are not on the network by writing all entries to a journal file, then replying the journal the next time the client is on the network.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====User Cleanup=====<br />
<br />
This module will remove all users not white listed in management portal on log off. This module is useful when using services like dynamic local user. All entries in the management white list are treated as prefixes to usernames, which means that they will white list all users that start with whatever was entered in the management front end. For example, if you enter '''admin''' in the management white list, then users '''admin''', and '''administrator''' will NOT be removed from the computer.<br />
<br />
=====Printer Manager=====<br />
<br />
This module checks on service startup to see what printers should be installed/removed from the client PC.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====Client Updater=====<br />
<br />
This module waits (randomly) between 60 and 500 seconds after service startup to check the local fog server for client updates, and if any are found the service will download and install them. Updates will NOT take effect until after the service is restarted.<br />
<br />
There are no configuration settings for this module.<br />
<br />
==== Keeping Clients up to date ====<br />
<br />
===== Overview =====<br />
<br />
As of version 0.12 of FOG, we have included a client updater module. This module is no different from any of the other sub service modules. This service waits anywhere between 60 and 500 seconds after the FOG service starts up, and then attempts to check with the server for newer FOG service modules. If new modules are found the client will download them, and they will be active on the NEXT service startup. These modules are controlled from the FOG Management Console. <br />
<br />
Only certain modules can be updated, only those that are a sub class of AbstractFOGService. This means you should '''NEVER''' attempt to update the FOGService executable (FOGService.exe file), or the AbstractFOGService.dll file. It is recommended that you not update the ClientUpdater.dll, because if the ClientUpdater.dll file becomes corrupt or not functional, your clients will not be able to update from that point on. Below are a list of the .dll files that can be updated.<br />
<br />
<ul><br />
<li>UserTracker.dll</li><br />
<li>TaskReboot.dll</li><br />
<li>SnapinClient.dll</li><br />
<li>PrinterManager.dll</li><br />
<li>HostRegister.dll</li><br />
<li>HostnameChange.dll</li><br />
<li>GUIWatcher.dll</li><br />
<li>ClientUpdater.dll</li><br />
<li>config.ini</li><br />
</ul><br />
<br />
Care must also be taken when updating the config.ini file, if the IP address is incorrect or the syntax of the file is incorrect, it could leave the FOG service crippled on the client computers.<br />
<br />
===== Posting Updates =====<br />
<br />
To add new modules that can be pushed down to clients, first install a client with the new service or new module and confirm that it works as you would like. Log into the FOG management console, then go to the Infomation/Misc section (the little "i" icon). Click on '''Client Updater''' on the left-hand menu. Now click on the browse button to select the module (.dll) file you would like to post, then click on the capture button. After capturing the file should appear in the table above. If you are adding a new module, you will probably want to capture a new config.ini file to include new configuration settings required by that new module.<br />
<br />
==== FOG Tray ====<br />
<br />
The FOG Tray is a Windows application that runs on user login that docks in the system tray. The FOG Tray, like the FOG service, is very modular in nature. New modules can be dropped in the FOG tray directory and on next load they will be loaded. This tray icon has the ability to communicate with the FOG service, this allows FOG more interactivity with the end-user. <br />
<br />
What happens is that when the FOG service's printer manager module gets a request to set a default printer, the service attempts to contact the FOG Tray. If communication is established, then the service will ask the tray to set the default printer. On the other hand the end user can right click on the "F" icon in the system tray, then select printers, then update my printers. What this will do is attempt to send a request from the FOG Tray to the FOG Service and have the service check for printer updates (new printers or printers to be removed). If one is found the service will install any new printers assigned in the FOG Management portal.<br />
<br />
This application is in its very early stages and currently doesn't have a lot of functionality. It is currently only used to allow end users to update their printers and to allow the setting of default printers (from the FOG service). Our vision for the FOG Tray is to add modules that would allow users to install printers that are published as public (via the management portal) without the printer being directly assigned to their host. We would also like to do the same thing for snapins where some of your snapins could be defined as public where anyone could install them on their computer.<br />
<br />
==== Troubleshooting ====<br />
<br />
If you have problems with the FOG Service, please refer to the log file that is located at:<br />
<br />
c:\fog.log<br />
<br />
If the PXE boot does not work<br />
<br />
If booting from the fog server through pxe comes up with an error file not found, edit /etc/default/tftpd-hpa<br />
<br />
Change TFTP_DIRECTORY to<br />
<br />
TFTP_DIRECTORY="/tftpboot"<br />
Then<br />
<br />
/etc/init.d/tftpd-hpa restart<br />
<br />
=== Snap-ins ===<br />
<br />
==== Overview ====<br />
<br />
*The FOG Service has the ability to install snapins to the clients. Snapins can be anything from whole applications like Microsoft Office to registry keys or desktop icons. Snapins can even be used to uninstall applications or remove unwanted files. For the end use's point of view, they will not even noticed that a snapin is being installed until it is complete. At this point a message will notify them that a new application has been installed on their computer. Snapins can be in MSI (0.17) or EXE formats, and can be created with any snapin creation tool like InstallRite or already packaged MSI files (0.17). You can also push commands to the computer that include .vbs scripts / .cmd (commands) and .bat (batch scripts).<br />
<br />
*Snapin return codes are specified by the program that's being installed.<br />
<br />
<br />
==== Creating a Snapin / Overview ====<br />
<br />
FOG doesn't provide a tool to create snapins, but instead allows you to push files and execute them on the remote computers. It is highly recommended that you push the actual installer to the computer instead of using a program such as InstallRite. <br />
<br />
If you have never silently installed software to a computer, or created an answer file for a program please look at the website Appdeploy [http://www.appdeploy.com/articles/ Link] This website has an trove of information on how to push software to a computer remotely.<br />
<br />
===== Creating a Snapin for larger applications with SFX Maker =====<br />
<br />
Some larger applications such as Microsoft Office and Adobe Products (Acrobat / Creative Suite) require multiple files to install properly. If you have an application that is not a single .exe please use SFX Maker. This tool is free for non commercial use, and most programs fall under the GPL. [http://www.isoft-online.com/ SFX Maker's Website]<br />
<br />
For instructions on how to use this software please see the youtube videos below.<br />
<br />
[http://www.youtube.com/watch?v=ZSMJLnRjn94 Office 2003 Install]<br />
[http://www.youtube.com/watch?v=Qzc1Q9NW_cE Office 2007 Install]<br />
<br />
SFX Maker takes an entire folder and encapsulates it or "folds" it into a single .exe which then "unfolds" to its original state and launches a file or command.<br />
<br />
===== Creating a Snapin with InstallRite =====<br />
<br />
If for some reason you do wish to use Installrite please be aware it comes with issues and limitations (not compatible on all windows operating systems / can cause issues with the computer it is pushed to). Below is an example of how to build a package with that software<br />
<br />
In this example we will use Epsilon Squared's InstallRite which can be downloaded from http://www.epsilonsquared.com/installrite.htm. This application will package up your snapin as an exe file which will be uploaded to the FOG server. <br />
<br />
<ol><br />
<li>To run InstallRite navigate to c:\program files\Epsilon Squared\InstallRite\InstallRite.exe</li><br />
<li>Click on "Install new software and create an InstallKit"</li><br />
<li>On the Configure screen, click Next.</li><br />
<li>On the Snapshot screen click next to create a new system snapshot.</li><br />
<li>On the next screen,click the browse button to select the application you wish to install, then click next.</li><br />
<li>When installation is complete InstallRite will come into focus, click the next button. InstallRite will scan your system again.</li><br />
<li>Enter a name for your snapin.</li><br />
<li>Click "Build Install Kit"</li><br />
<li>Select "Quiet Installation Mode", Never reboot, even if needed, and "Never prompt the user and only overwrite older files"</li><br />
<li>Click OK and it will build your snapin.</li><br />
</ol><br />
<br />
==== Preparing the FOG Server ====<br />
<br />
If your snapin is larger than 2MB you will need to make two changes to the FOG server to allow uploads of larger than 2MB.<br />
<br />
See also: [[Troubleshoot Web Interface]]<br />
<br />
===== Fedora =====<br />
<br />
<br />
#On the FOG Server click on Applications -> Accessories -> Text Editor.<br />
#Select Open and navigate to "/etc/php.ini"<br />
#Change UPLOAD_MAX_FILESIZE to 1900MB (On a 32Bit OS don't set this value above 2GB)<br />
#Change POST_MAX_SIZE to the same value.<br />
#Save and close the text editor.<br />
#Click on Applications ->System Tools -> Terminal and type "service httpd restart"<br />
<br />
===== Ubuntu =====<br />
<br />
#sudo gedit /etc/php5/apache2/php.ini<br />
#Change <br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
#Save Changes<br />
#sudo /etc/init.d/apache2 restart<br />
<br />
<br />
===== VMWare =====<br />
<br />
#sudo vim /etc/php5/apache2/php.ini<br />
#Edit the following lines in the document (read below for assistance with working in VIM)<br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
<br />
<br />
*To edit content in vim you will need to press the '''"I"''' key on your keyboard to enter input mode.<br />
*Hitting the '''Escape''' key will bring you out of input mode.<br />
*Once out of input mode type ''':w''' and then '''enter''' to save the file<br />
*Restart FOG once the file has been saved<br />
<br />
==== Uploading the Snapin ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/CreateSnapin.swf.html Video Tutorial]<br />
<br />
<ol><br />
<li>In the FOG Management Portal click on the Snapin Icon (Puzzle Pieces).</li><br />
<li>On the left-hand menu click on the New Snapin Button.</li><br />
<li>Enter a Snapin Name and Description.</li><br />
<li>Browse to the snapin file you wish to upload.</li><br />
<li>If you want the computer to restart after the snapin is installed click on the "Reboot after install"</li><br />
<li>Click "Add"</li><br />
</ol><br />
<br />
<br />
<br />
As of version 0.17, fog supports using typical msi files as snapin files.<br />
<br />
If the snapin file is a msi file you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of msiexec.exe (ie: c:\windows\system32\msiexec.exe)</li><br />
<li>Set '''Snapin Run With Arguments:''' to '''/i'''</li><br />
<li>Set '''Snapin Arguments:''' to '''/qn'''</li><br />
</ol><br />
<br />
If the snapin file is a .vb script you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of cscript.exe (ie: c:\windows\system32\cscript.exe)</li><br />
</ol><br />
<br />
<br />
<br />
'''Documentation on list of support snapin's and command line arguments''' [[http://www.fogproject.org/wiki/index.php?title=Supported_Snapin%27s_and_Command_Line_Switches]] There are MANY more supported applications that can be installed via command line arguments. You might have better luck installing them directly via .EXE / .MSI / or scripting them via .VBS . For more info on this consult the forums --[[User:Ssx4life|Ssx4life]] 09:04, 8 October 2009 (MST)<br />
<br />
==== Linking the Snapin to Hosts ====<br />
<br />
In order for a snapin to be deployed it must be linked with a host. To do this perform the following:<br />
<br />
<ol><br />
<li>In the FOG Management Portal, click on the Hosts Icon.</li><br />
<li>Search for and select a host and click on the edit button.</li><br />
<li>Scroll down to the snapin section.</li><br />
<li>Select the snapin you just created from the drop-down box and click the "Add Snapin" button.</li><br />
</ol><br />
<br />
The next time you image the computer the FOG Service will attempt to install that snapin. If you have problems, please see the fog log file located at c:\fog.log on the client PC.<br />
<br />
=== Client Side Tasks ===<br />
<br />
==== FOG Version ====<br />
<br />
Applies to version 0.12 or higher.<br />
<br />
==== Overview ====<br />
<br />
FOG attempts to keep management centralized, but in an attempt to make deploying machines as easy as possible FOG has added a few basic client side tasks. These tasks can be run from the client computer during the PXE boot process. When the client boots and the FOG banner is displayed the pxe client will display a prompt like '''boot:''' or something similar. At this point you have 3 seconds to start typing one of the following commands. <br />
<br />
<ul><br />
<li>fog.memtest</li><br />
<li>fog.reg</li><br />
<li>fog.reginput</li><br />
</ul><br />
<br />
==== fog.memtest ====<br />
<br />
This command will run the memtest86+ on the client computer. <br />
<br />
==== fog.reg ====<br />
<br />
This command will run the basic host registration and inventory process without any user input. It will register any new/unregistered hosts with the FOG server and pull a basic hardware inventory from them. The hostname of the computer will be the same as the MAC address without the ":".<br />
<br />
If a host is already registered, then only an inventory will be performed.<br />
<br />
==== fog.reginput ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/RegImage.swf.html View Host Registration Video]<br />
<br />
This command will run the full host registration process with user input, inventory and give the option to push down an image, all at the same time. During this process the user registering the host will be prompted for the computer host name, ip address, operating system ID, image ID, Primary User of the computer, asset tag 1, and asset tag 2. <br />
<br />
If a valid hostname, os id, and image id are given and the option is selected to image the workstation after registration, the host will reboot and an imaging send will began. <br />
<br />
If a host is already registered, then only an inventory will be performed, this prevents end-users from re-registering a machine with a different hostname, etc.<br />
<br />
This tasks was designed for institutions that may get shipments of hundreds of computers that need to be deployed very quickly. They can be unboxed, inventoried, imported into FOG and imaged very quickly. <br />
<br />
===== Operating System ID =====<br />
<br />
As of Version 0.17 of fog, you can now enter '''?''' at the Operating System ID prompt to get a listing of the valid operating system id values. <br />
<br />
The following are valid values for operating system IDs:<br />
<br />
<ul><br />
<li><b>1</b> - Windows 2000 / Windows XP</li><br />
<li><b>2</b> - Windows Vista</li><br />
<li><b>3</b> - Windows 98</li><br />
<li><b>4</b> - Windows (Other)</li><br />
<li><b>5</b> - Windows 7</li><br />
<li><b>50</b> - Linux</li><br />
<li><b>99</b> - Other</li><br />
</ul><br />
<br />
===== Image ID =====<br />
<br />
Image IDs can be found in the management console, in the Images section. Search for the image, and click on the edit button associated with the image, <br />
the image id will be in the Address/url bar in the format of <b>&imageid=xx</b>.<br />
<br />
As of version 0.17, you can enter '''?''' at the Image ID prompt to get a listing of all your images and their ID numbers.<br />
<br />
=== Active Directory Integration ===<br />
<br />
==== Setup ====<br />
<br />
===== Overview =====<br />
<br />
FOG has the ability to register a host with Active Directory, in a limited sense. Versions of FOG up to and including 0.28 rely on the netdom.exe executable that is provided as part the support tools on the Windows installation media. In order for Active Directory integration to function, your image will need to have the FOG service installed, along with the Windows Support Tools.<br />
<br />
Versions of FOG from (and including) 0.29 have this functionality built in and do NOT require netdom.exe or the support tools to be installed.<br />
<br />
It is also very important that before capturing your image that the computer is NOT a member of any domain.<br />
<br />
===== Security =====<br />
<br />
<font color="red">Note: The below statement applies to older FOG versions (1.2.0 and below). When using FOG 1.3.0 and above in conjunction with the NEW fog client, this step is not needed. See [https://wiki.fogproject.org/wiki/index.php?title=FOG_Client here] for more information.</font><br />
<br />
<br />
'''Important - Please read!'''<br />
<br />
In order to add a computer to a domain, FOG requires a username and password of an account that has rights to the OU where the computer objects are stored in the domain tree. This user account should have rights to join computers to the Domain, as well as sufficient rights to create/manage computer objects. FOG attempts to keep your password secure by encrypting it, but since FOG is open source, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and only need to be done one time. Please see the documentation below.<br />
<br />
===== Preparing the Image =====<br />
<br />
Before capturing an image to FOG that you would like to use with Active Directory, please ensure that the image:<br />
<br />
<ul><br />
<li>is NOT a member of the domain, change the computer membership to workgroup instead.</li><br />
<li>has support tools installed (Not required for FOG versions from 0.29).</li><br />
<li>has the FOG service installed.</li><br />
</ul><br />
<br />
===== FOG Setup =====<br />
<br />
To setup a host to use AD, navigate to the hosts section of the FOG management portal. <br />
<br />
<ol><br />
<li>Search for, and select a host. </li><br />
<li>Click on the Edit button</li><br />
<li>Scroll down to the Active Directory section.</li><br />
<li>Check the box next to Join Domain after image task</li><br />
<li>Enter the domain NETBIOS name (i.e. MYDOMAIN, not mydomain.com).</li><br />
<li>Enter the Organizational Unit where you would like to have the computer stored in AD. Leave if blank for the default. (Must be in LDAP format).</li><br />
<li>Enter the user name that has access to the computer objects. Do not include the domain name if you are running version 1.2 (your mileage may vary with earlier versions). Development version of FOG will accept a name with or without domain ('''username ''OR'' mydomain/username''').</li><br />
<li>Enter the encrypted password. This password must be encrypted with the [[FOGCrypt]] utility. This utility is located in the FOGCrypt folder of the FOG download package. It is a Windows (.NET) command line application.</li><br />
<li>Click Update.</li><br />
</ol><br />
<br />
The next time you image that computer the service will attempt to register the host with the domain information provided. If you have problems please refer to the FOG Service log file located in c:\fog.log<br />
<br />
===== Making AD Integration Easier =====<br />
<br />
As of version 0.20 of FOG, we have made it a bit easier to manage AD settings in FOG, by allowing for default settings for AD. This will allow the easy population of the domain, OU, username, and password. To set this feature up perform the following:<br />
<br />
# Go to '''Other Information''' -> '''FOG Settings'''<br />
# Set your default values for the following:<br />
## FOG_AD_DEFAULT_DOMAINNAME<br />
## FOG_AD_DEFAULT_OU<br />
## FOG_AD_DEFAULT_USER<br />
## FOG_AD_DEFAULT_PASSWORD (MUST BE ENCRYPTED!)<br />
<br />
To test everything out, go to a host that doesn't have anything setup for AD, and click on the edit button for that host. Go to the host menu, and select Active Directory. Click on the '''Join Domain after image task:''' button and all your default values should be populated.<br />
<br />
==== Securing Active Directory Integration ====<br />
<br />
===== Overview =====<br />
<br />
In order to add a computer to a domain, FOG requires a username and password that has rights to the OU where the computer objects are stored in the domain tree. FOG attempts to keep your password secure by encrypting it, but since FOG is open source and the methods used to encrypt the password are open for all to see, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and it only needs to be done one time. <br />
<br />
===== The Development Environment =====<br />
<br />
The hostname change module is written in c#, so in order to recompile it you will need to download Microsoft's Visual Studio Express Edition for C#. This can be downloaded from: <br />
<br />
http://www.microsoft.com/express/vcsharp/<br />
<br />
Install Visual Studio with the standard options.<br />
<br />
===== Getting the Source =====<br />
<br />
After Visual Studio Express is installed now we need to get the source code for the hostname change module. This is part of FOG download/installation package. This package can be downloaded from:<br />
<br />
http://sourceforge.net/project/showfiles.php?group_id=201099 <br />
<br />
Extract this package, then navigate to "FOG Service\src\FOG_HostNameChanger\"<br />
<br />
Double-click on HostNameChange.sln to open the project. <br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > hostnamechanger properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Once the project has opened, on the right-hand panel, in the "Solution Explorer", double-click on MOD_HostNameChanger.cs.<br />
<br />
After do so, you should get the source code to display in the main panel, scroll down to the line:<br />
<br />
private const String PASSKEY = "FOG-OpenSource-Imaging"; <br />
<br />
Change '''FOG-OpenSource-Imaging''' to anything you like, just remember what you change it to, as you will need it later.<br />
<br />
Then click File -> Save All.<br />
<br />
Then click Build -> Build Solution.<br />
<br />
This will recompile the hostname change module with your unique key.<br />
<br />
Now navigate to "FOG Service\src\FOG_HostNameChanger\bin\Release"<br />
<br />
Copy only the file HostnameChange.dll to "FOG Service\src\FOG Service\bin\Release" (overwrite existing file).<br />
<br />
Navigate to "FOG Service\src\FOG Service\"<br />
<br />
Open the solution by double-clicking "FogService.sln"<br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > FOGService properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Change the build configuration from debug to release<br />
<br />
Right click on "FOG Service Install" and click "Build"<br />
<br />
Navigate to "FOG Service\src\FOG Service Installer\Release"<br />
<br />
Select the 2 files, right-click -> Send To -> Compressed Folder<br />
<br />
Copy the .zip file to your FOG Server "/var/www/html/fog/client". Overwrite the existing file.<br />
<br />
===== Encrypting Your Password =====<br />
<br />
Now that we have changed the passkey, we need you update the FOGCrypt ini file to use this new passkey. <br />
<br />
Navigate to the FOGCrypt\etc directory from the FOG download package.<br />
<br />
Open the config.ini file and change the passkey value to your new passkey, then save the file.<br />
<br />
Now open a command window and navigate using the cd command to the FOGCrypt directory.<br />
<br />
Type:<br />
<br />
FOGCrypt [password]<br />
<br />
Where [password] is the AD user's password that has rights to the Computers section of the AD tree.<br />
<br />
The output from this command is what you will enter in the FOG management portal.<br />
<br />
<br />
=== FOG Reports ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher. <br />
<br />
==== Overview ====<br />
<br />
FOG Reports allow you to export data from FOG in two major formats including CSV, and PDF.<br />
<br />
#'''Snapin Log''' - This report will report on snapin installation history. <br />
#'''Imaging Log''' - This report will report on images deployed to hosts.<br />
#'''Virus History''' - This report lists any viruses that were found on locate computers. <br />
#'''Inventory''' - This report will report on the inventory information collect for network clients. <br />
#'''Equipment Loan''' - This report can be used for equipment loaned to staff members. <br />
#'''User Login History''' - This report contains information about user logins.<br />
<br />
==== Running Reports ====<br />
<br />
Running a report can be done from the Reports section of FOG, then by picking a report from the left-hand menu.<br />
<br />
==== Importing User Created Reports ====<br />
<br />
The reporting section of FOG allows for the end user to create and upload custom reports into FOG. A FOG report is a simple php script that is processed by the server. To import a report simply click on the '''Upload a Report''' button in the reports section, select the report then click on the upload button. The report will then show up on the left-hand menu. <br />
<br />
Please be cautious when uploading reports from an unknown source as the writer of the report has full access to the FOG system and database! Make sure your sources are trustworthy before importing a report!<br />
<br />
==== Creating Custom Report ====<br />
<br />
Custom reports are simple php scripts in FOG. Custom reports can be created based on the following template:<br />
<br />
[http://freeghost.sf.net/other/ReportTemplate.tar.gz Report Template]<br />
<br />
<br />
<br />
=== Plugins ===<br />
*[[Plugins]] give FOG extra functionality wanted for some users but not all.<br />
<br />
=== Other Settings ===<br />
<br />
==== [[Boot Image Key Map]] ====<br />
<br />
==== FOG Client Kernel ====<br />
<br />
===== Overview =====<br />
<br />
In FOG, there aren't really drivers you need to find and download for your clients to work, this is because we ship a Linux kernel that has the majority of hardware device built into it. What this means is if you have a device that doesn't work with FOG you need to either build a new kernel yourself or try a newer kernel that has been released via our kernel updater.<br />
<br />
<br />
===== Kernel Types =====<br />
<br />
We currently build two "lines" of kernels, one called KS or KitchenSink. This kernel tries to include drivers for as many devices as possible, sometimes as the cost of performance, and this is the kernel that we ship with FOG by default. The other "line" is the PS kernel or the Peter Sykes kernel, which is a based on a config submitted by a user. This kernel line tries to be faster, but may not include as many drivers as the KS kernel. <br />
<br />
===== Updating the Kernel =====<br />
<br />
It is possible to update your client kernel from within the UI of FOG. To do this perform the following steps:<br />
<br />
#Log into the FOG Management UI.<br />
#Go to '''Other Information'''<br />
#Select '''Kernel Updates'''<br />
#Select the Kernel you would like to download, typically the newest kernels are on the top of the list.<br />
#Click the download icon<br />
#Select a file name for your kernel, to make it the default kernel leave the name as '''bzImage'''<br />
#Click the '''Next''' Button<br />
<br />
=== Mobile Management Interface ===<br />
<br />
==== Overview ====<br />
<br />
The FOG Mobile web interface is a very basic, stripped down interface for FOG. It is designed to be given to lower level technicians using low powered, mobile devices such as iPod touches, iPhone, PDAs, and internet tablets. The idea behind this interface is to make it easy for techs to re-image a computer while making the rounds at a site.<br />
<br />
==== Using the mobile Interface ====<br />
<br />
The mobile interface can be access via:<br />
<br />
http://x.x.x.x/fog/mobile<br />
<br />
The portal requires a valid user name in password, which can be created via the FOG portal. <br />
<br />
[[Image:Ipod login.JPG]]<br />
<br />
Once logged into the portal, users can search for hosts and image them, and view/cancel active tasks. <br />
<br />
[[Image:Ipod results.JPG]]<br />
<br />
[[Image:Ipod active.JPG]]<br />
<br />
They can not change image associations, nor modify any properties of a host.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Managing_FOG&diff=12659Managing FOG2022-11-02T14:30:05Z<p>SebastianRoth: /* Images */</p>
<hr />
<div>== Managing FOG ==<br />
<br />
=== Dashboard ===<br />
<br />
==== Overview ====<br />
<br />
[[File:Dashboard.png]]<br />
<br />
*The FOG dashboard is the first page you are presented with after login. This page just gives you an overview of what is happening on your FOG server.<br />
<br />
==== System Overview ====<br />
<br />
*The system overview box is the the top left hand box on this page. The information presented in this box is the current user, the server IP addresse or hostnames for your web server, tftp server and storage server (which can all be different). This section also gives you the system uptime or how long the system has been running without restart, the number of users logged into the Linux box, and lastly the system load.<br />
<br />
==== System Activity ====<br />
*The system activity box is in the top row, the middle box. This section shows the unicast queue, or the number of unicast deploys that are currently in progress. The queue size can change and is based on the the Storage Group(s). Each storage node has a setting ''Max Clients'' making this the maximum number of hosts that this node can image to. If there are 2 nodes with a max of 10 each then your maximum queue amount is 20. However, remember the more you increase the ''Max Clients'' the slower each particular host will be to deploy the image.<br />
*This means that after 20 hosts are receiving images (at once) the 21st will wait for one of the hosts in progress to complete before starting. The reason this was created was so that you could queue up 100 machines with different images (all unicast) and still keep the system functional. We have heard of this queue being used to re-image an entire building of computers ( ~ 1000+ ) overnight. This section updates in real time.<br />
*It will display all the queued, running, etc... tasks and updates at the same interval as the Bandwidth graph. Also, SVN installations (and later future releases) are able to edit which type of tasks get counted towards the "queue". <br />
*This edit can be performed by going to '''FOG Configuration'''[[file:Config.png]]--> '''FOG Settings'''--> '''General Settings''' --> '''FOG_USED_TASKS'''. <br />
*The text field is numeric values (so you'll need to know which task id's are which type. This text field is a CSV setup. If you type (1,2,3,4,5) it will display all tasks of Deploy, Capture, Debug, Memtest, and Testdisk as queued/active depending on their current state. The exception to this rule, is Task Type ID 8 (multicast) in which case it takes the Jobs, not each individual host task, as a queued slot.<br />
<br />
==== Disk Information ====<br />
<br />
*The disk information box is the top, right hand section of the dashboard page. This is a semi-realtime display of the storage remaining on the storage server.<br />
*There is also a drop-down box that can be changed to your storage nodes to monitor their Disk Information.<br />
*If you get an error in this box, please see [[Dashboard Error: Permission denied...]]<br />
<br />
==== 30 Day Imaging History ====<br />
<br />
*This image shows your imaging trends for the past 30 days<br />
<br />
==== Menu Bar ====<br />
<br />
[[Image:FogMenu.jpeg]]<br />
<br />
This menu appears at the top of every page on Fog's web UI. The icons are, from left to right:<br />
<br />
[[Image:Home.png]]'''Home/Dashboard''' - This is the home screen of the FOG management portal.<br />
<br />
[[Image:Users.png]]'''[[Managing_FOG#Users | User Management]]''' - Individual administrators of the FOG resources.<br />
<br />
[[Image:Hosts.png]]'''[[Managing_FOG#Hosts | Host Management]]''' - This section houses the hosts, which are the pcs to be imaged or to extract images from.<br />
<br />
[[Image:Groups.png]]'''[[Managing_FOG#Groups | Group Management]]''' - This section houses groups, which are similar PCS’ that need tasks done en-masse.<br />
<br />
[[Image:Images.png]]'''[[Managing_FOG#Images | Image Management]]''' - This section allows you to manage the image files stored on the FOG server.<br />
<br />
[[Image:Storage.png]]'''[[Managing_FOG#Storage_Management | Storage Management]]''' - This section allows you to add/remove storage nodes from the FOG system.<br />
<br />
[[Image:snapins.png]]'''[[Managing_FOG#Snap-ins | Snap-in Management]]''' - This section provides ways to automate various post-imaging tasks, not covered in this document<br />
<br />
[[Image:Printers.png]]'''[[Managing_FOG#Printers | Printer Management]]'''' - This section allows for management of printers, allowing you create printer objects that can later be assigned to hosts or groups.<br />
<br />
[[Image:Services.png]]'''Service Configuration'''' - This section allows you to control how the ''client'' service functions.<br />
<br />
[[Image:Tasks.png]]'''[[Managing_FOG#Tasks | Task Management]]''' - This section allow you to perform imaging tasks such as acquiring or deploying images.<br />
<br />
[[Image:Reports.png]]'''[[Managing_FOG#FOG_Reports | Report Management]]''' - Reports let you pull information from the FOG database either as HTML, pdf, or csv.<br />
<br />
[[Image:config.png]]'''Fog Configuration''' - The section has the rest of the settings that don't fit anywhere else like the kernel updater, client service updater, iPXE edits, MAC address list, Log viewer, '''FOG Settings'''.<br />
<br />
[[Image:Plugins.png]]'''[[Managing_FOG#Plugins | Plugins]]''' - Plugins add more functionality to FOG. Must be enabled in ''Fog Configuration''<br />
<br />
[[Image:Logoff.png]]'''Logoff''' - Click this to log off of the Fog web UI.<br />
<br />
<br />
----<br />
<br />
=== Hosts ===<br />
[[File:All_Hosts.png]]<br />
*[http://freeghost.sourceforge.net/videotutorials/hostinfo.html Video Tutorial] (old version but valid instructions)<br />
*A host in FOG is typically a computer, but it can be any network device. Hosts are used to identify a computer on the network and are used to manage the device.<br />
<br />
==== Adding a new host ====<br />
<br />
===== Method 1: Adding a new host via Full Registration =====<br />
<br />
*This is the preferred method, and maybe the easiest method for getting a host into the FOG database, but it requires you to visit the host. When at the client computer, during the boot up process when you see the PXE/iPXE boot menu select '''Perform Full Host Registration and Inventory'''. During this phase you will be prompted for information about the host like hostname, operation system, image, groups, Product Key, and other information. If you enter a valid operating system and image id, you will be asked to Image Now. If desired, you can set the task and it will deploy the image on the next network boot. <br />
*After the requested information is entered, FOG will pull a quick hardware inventory the client.<br />
*This method of registration will register the mac address(primary wired only), serial number(if available in BIOS), Make/Model, and other Hardware information with the FOG server.<br />
*For more information on these commands please see: [[FOGUserGuide#FOG_Tasks | Client Side Tasks]]<br />
<br />
===== Method 2: Adding a new host via Quick Registration =====<br />
<br />
*Quick registration is very much like the Full host registration, with the exception that it will not prompt you for any input, nor give you the option to image the computer directly from the registration screen. When the host is added to the FOG server, it will be named with the hosts primary mac address. This method is great for adding a lab of 30 computers to FOG quickly and easily.<br />
*This feature is disabled by default, to enable this feature:<br />
#Go to '''FOG Configuration'''[[image:config.png]]<br />
#Select '''FOG Settings'''<br />
#Find section '''FOG Quick Registration'''<br />
#Tick ON '''FOG_QUICKREG_AUTOPOP''' to &#10004;<br />
#Set '''FOG_QUICKREG_IMG_ID''' to the image ID you would like to use for all newly created hosts.<br />
#'''FOG_QUICKREG_OS_ID''' will be auto populated when "Save Changes" is selected. (OS is now associated within the image so no need to select an OS)<br />
#Change '''FOG_QUICKREG_SYS_NAME''' to what you would like to name you new machines, where * will be replaced by a number. If you would like to zero pad numbers you can use '''LAB300-**''' which would result with '''LAB300-03''' or '''LAB300-09'''.<br />
#Set '''FOG_QUICKREG_SYS_NUMBER''' to the first number you would like to use.<br />
*After each registration the computer will automatically image and the '''FOG_QUICKREG_SYS_NUMBER''' will incremented by 1.<br />
<br />
===== Method 3: Manually Adding =====<br />
<br />
*[http://freeghost.sourceforge.net/videotutorials/addimghost.html Video Tutorial]<br />
*Adding a new host can be done in the hosts section of FOG.[[Image:Hosts.png]] Then by clicking on the "Add New Host" button on the left hand menu. At least a hostname and a MAC address must be entered in order to add the host to the FOG database. <br />
<br />
*A host consists of the <span style="color:RED">'''required*'''</span> fields: <br />
<br />
#'''Hostname*''' - A string used for the Windows Hostname of client, this must be less than 15 characters long. <br />
#'''MAC address*''' - This field is used in for for a unique identifier for the host. The string must be separated by : (colon), in the format of 00:11:22:33:44:55. <br />
<br />
*Hosts can also include, but are not required:<br />
<br />
#'''IP address''' - Just your typical IP address, in the typical formation of X.X.X.X or 192.168.1.1.<br />
#'''Description''' - Information for your own reference.<br />
#'''Image Association''' - This field is a drop down box that will allow you select an image object created in the '''Images''' section. <br />
#'''Operating System''' - Drop down box that allow you to select the primary type of operating system running on this host.<br />
#'''Kernel''' - This is only used if you want to overwrite the default kernel used for FOG. Needs to be specified as fog/kernel/mybzImage<br />
#'''Kernel Arguments''' - This allow you to add additional kernel arguments for booting the host (ie: vga=6, or irqpoll). <br />
#'''Primary Disk''' - This option allows you to force a device to use during imaging if fog fails to detect the correct device node.<br />
*This page also allows for configuration of Active Directory integration, but this topic will be covered later. When all settings are added, click on the "Add" button.<br />
<br />
===== Method 4: Importing Host Information =====<br />
<br />
*When getting started with FOG, you need to enter the host information for the devices on your network. We understand this can be a long difficult process, so in order to make this process easier we created a page that allows you to import most of the host information from a CSV file. <br />
*The CSV file that is imported to FOG must be in the following format, and the file should not have a header row. <br />
<pre>MAC Address,Host name,IP Address,Description,OSID,ImageID</pre><br />
*The '''MAC Address''' (<span style="color:RED">'''required*'''</span>) is the NIC's MAC address seperated by ''':''' (colon).<br />
*The '''Host name''' (<span style="color:RED">'''required*'''</span>) is the computer's Host name (must be less than 15 characters, should not include underscores, according to [http://tools.ietf.org/html/rfc952 | Network Working Group ]).<br />
*The '''IP Address''' (<span style="color:Orange">'''Can be left as blank'''</span>)is the computer's IP address (format x.x.x.x). <span style="background-color:Yellow;">''This field is '''NOT''' currently used by FOG''</span><br />
*The ''''Description''' (<span style="color:Orange">'''Can be left as blank'''</span>)is any text description you would like associated with the computer.<br />
*The '''OSID''' (<span style="color:RED">'''required*'''</span>)is the number representing the operating system. It can be found in the table "supportedOS" in the field osID.<br />
*The '''ImageID'''(<span style="color:RED">'''required*'''</span>) is the number representing the images file linked to this image. The image definition must already exist and this number can be found in the table "images" in the field imageID.<br />
*<span style="background-color:Red; color:white;">The file must be saved as a CSV '''without''' a header row.</span><br />
*Sample:<br />
<pre><br />
00:00:02:AF:00:E0:01:0F,adminoff1,10.0.1.150,Main admin office computer,5,14<br />
00:00:02:AF:00:E0:01:04,adminoff2,,admin office 2 computer,5,13<br />
00:00:02:AF:00:E0:01:02,adminoff3,,,5,12<br />
</pre><br />
<br />
====== Importing the File ======<br />
#After the file is prepared and saved, you will need to log into the FOG Management Portal.<br />
#Then click on the Hosts icon [[Image:Hosts.png]].<br />
#On the left-hand menu, click on '''Import Hosts'''.<br />
#Browse for your file, then click "'''Upload CSV'''".<br />
<br />
==== Managing Hosts ====<br />
<br />
===== General =====<br />
<br />
*Once hosts have been added to the FOG database you can modify or delete them. Finding a host which you wish to edit can be done in two ways, the first is by listing all the hosts that exist. This is done by clicking on the "List All Hosts" button. The second way to locate a host is to use the search function. To search for hosts click on the "New Search" button, if you would like to search for all hosts you can enter a "*" or "%". The search function will search in the host's name, description, IP and MAC address. <br />
*Once a host is located, it can be edited by clicking on the edit button or on the Host Name itself. Clicking on the edit button will display all the properties that were shown during host creation with the addition of snapin, printers, active directory, service settings, hardware, virus history, and login information. <br />
*The entire host object can be removed from the FOG system by clicking on the delete option at the bottom of the Host Menu.<br />
<br />
===== Multiple MAC Address Support =====<br />
*When FOG first registers your HOST computer it uses the first connected Ethernet cable and defaults it to the Primary MAC Address. Once the FOG Client is installed and reporting data back to the FOG server it may register other additional MAC addresses, such as wireless and other wired connections. Also, an additional MAC can also be added directly under the Host definition.<br />
*These new MAC Addresses will need to be approved before FOG will take advantage of them.<br />
*#'''Host Management''' [[File:Hosts.png]]--> '''[Selected Host]''' -->''Additional MAC''<br />
*#'''Fog Configuration'''[[File:Config.png]]--> '''MAC Address List''' -->''Approve Pending Addresses''<br />
*'''Fog Configuration'''[[File:Config.png]]--> '''MAC Address List''' At this location you can also ''"Update Current Listings"'' giving updated information on the MAC Addresses and their manufactures, listing it under the Host.<br />
<br />
===== Host Status =====<br />
<br />
*Host Status displays an indicator icon next to the host within the FOG UI showing the status of the machine. This function executes a ping based on the host's name. So in order for this to work you must have an internal DNS server that is tied in with your DHCP server, so that when a DHCP address is given out, the DNS server is notified with the new IP. If that is setup correctly, you must make sure your FOG server is able to ping a host from the command line using:<br />
ping somehostname<br />
*If the server isn't able to ping the client, then the status of the host in the UI with always show as unreachable. If you can ping the client using the FQDN, like<br />
#Replace forproject.org with your domain suffix<br />
ping somehostname.fogproject.org <br />
*Then you will need to adjust the DNS '''Search domains:''' setting on your sever. After making this change you will need to restart the apache server for it to take affect.<br />
*If after this, you still can't ping your clients, the problem may be due to a firewall issue with the clients. In this case, client specific configuration changes might be needed.<br />
*With an increase in Hosts(250+) this "ping" will delay the loading of the List ''All Hosts'' page. Disabling this feature will help in loading this page.<br />
*# '''Fog Configuration''' [[File:Config.png]] --> '''Fog Settings''' --> '''General Settings''' --> Untick ''FOG_HOST_LOOKUP''<br />
<br />
===== Creating Host Groups =====<br />
<br />
*FOG allows you to create groups of hosts which then allows you to take action on a whole grouping of hosts. Hosts can be created either on the "List All Hosts" section or by doing a search for hosts. To create a group select the computer you would like to be member of the group by placing a check in the box next to the hostname, or by clicking the check all button in the title row. After the hosts are selected scroll to the bottom of the screen and then enter a name in the create to group box or select a group to add the hosts to. Then click on the "Process Group Changes" button.<br />
<br />
<br />
----<br />
<br />
=== Groups ===<br />
*Groups in FOG are used to organize your hosts into real world logical clusters. This is intended to ease management of the computers. A single host can be a member of infinitely many groups, so if a computer happens to be a member of the group called "Third Floor", it could also be a member of "Math Department", or "Dell PCs." Groups make using FOG possible for organizations with a very large number of PC's.<br />
<br />
==== Creating Groups ====<br />
*Groups are created in two sections:<br />
*#'''Group Management'''[[file:groups.png]] --> '''Create New Group'''<br />
*#Hosts section of FOG based on searches, for information on how to create groups, please see [[Managing_FOG#Creating_Host_Groups | Creating Host Groups.]]<br />
<br />
==== Managing Groups ====<br />
<br />
*After a group has been created, it can be managed from the groups section of FOG. Locating groups is very similar to locating hosts, you can either list all groups or you can search for groups. When searching for groups your search criteria is matched against the group name or the group description. Once a group is located it can be modified by clicking on the "Edit" button on the right hand side of the table or the Title of the group itself.<br />
<br />
*Under the section "Modify Group [Groupname]" there are options to change the group name, group description, group product key, or to delete the group. If you wish to update the group name or the group description make your change then click on the "Update" button within that section. If you would like to remove the group then simply click on the "Delete" button within this section.<br />
<br />
*As a reminder, when saving or updating settings for hosts Fog uses the last to save option. If you set all the hosts in this group to have ''Image A'' and then change ''Host A'' in that group to be ''Image B''. The group settings will not override the settings for ''Host A'', unless you go back to the group and set all hosts back to ''Image A''.<br />
<br />
===== Group Basic Tasks =====<br />
<br />
*This section will allow you to start a task on this group of hosts. From this section you can start any task to all hosts within the group. Multi-Cast is also available from here. Please review [[FOGUserGuide#Fundamental_Concepts | Fundamental Concepts]] to determine the required deploy task.<br />
<br />
===== Group Membership Setup =====<br />
<br />
*This page allows you to view/add/delete membership of the group. This section will list all of the members of the group and give you the option to remove members from the group.<br />
<br />
===== Group Image Associations =====<br />
<br />
*The groups page also allows you to update the image association for all the members of the group. This can be done in the "Image Association for [groupname]" section. Select the image association from the drop-down box and select "Update Images" and then all your host objects for that group will be modified.<br />
<br />
===== Group Snapins =====<br />
<br />
*You can add or remove snapins to all hosts in a group, but because the nature of groups, it is not possible to see what snapins are currently associated with a group. This is because the snapins are not directly associated with the group, the are associated with the host and it is possible for all members of the groups to have different snapins linked with each host. What fog does allow you to do is batch add a snapin to all the hosts within a group. At the same time you can batch remove a snapin from all the hosts within a group. This functions can be done via the '''Add Snapins''' and '''Remove Snapins''' button in the Group Menu.<br />
<br />
===== Group Service Settings =====<br />
<br />
*The '''Service Settings''' page allows you to enable or disable certain service modules on all hosts in the group, as well as change some service settings for group such as screen resolution, and auto log off settings.<br />
<br />
===== Group Active Directory Setup =====<br />
<br />
*Active Directory integration settings can also be distributed to all members of a group via this page. The section "Modify AD information for [groupname]" allows you to do so. This section provides the same options as the host screen but allows you to mass update all of your hosts.<br />
<br />
===== Group Printers =====<br />
<br />
*The '''Printers''' page allows you to add or remove printer associations to all hosts within the group. This page also allows you to set the management level all hosts within the group.<br />
<br />
===== Group Membership Information =====<br />
<br />
*The most important thing to remember about groups in FOG is that they do not contain their own properties. When you make changes to a group, you are really make changes to every host object within the group. For example, if you change the OS association for a group, then go back to the one of the host objects that is a member of that group, it will have the new OS association on that object.<br />
<br />
<br />
----<br />
<br />
=== Images ===<br />
<br />
Moved to https://docs.fogproject.org/en/latest/management/image-management.html<br />
<br />
----<br />
<br />
=== Storage Management ===<br />
<br />
*The Storage Manager introduces the concept of '''Storage Groups.''' Basically, a storage group is a group of NFS servers that share images and share the load of computers being imaged. Any member of a storage group is referred to as a '''Storage Node.''' You may have as many storage groups as you wish and as many storage nodes within those groups as you wish. In each storage group, there is one storage node which is designated as the '''Master''' of that group. Basically, this '''Master''' node is the node where all image captures go, this node handles multicasting tasks for the group, and is the image replicator the for the group. This means that whatever images are stored on this node are what gets distributed to the entire group. <br />
<br />
*What this new system of storage management gives us is a distributed model for FOG which allows for more unicast transfers at a single time. We also gain data redundancy. We also take stress off of the main FOG server.<br />
<br />
*Below is a brief overview of Storage Groups<br />
<br />
[[Image:Nfsgroup.jpg]]<br />
<br />
*This image shows a single Storage Group and the flow of data within the group. The queue size of the system is the sum of the queue size of all the storage nodes within the system. So if you have 4 nodes each with a queue size of 10, then the queue size of the system is 40, which means 40 clients can be imaged (unicast) at one time. <br />
<br />
[[Image:StorageGroups.jpg]]<br />
<br />
*This image shows that it is possible to have multiple storage groups on your network, which are isolated from each other. This image also demonstrates, that captures always go to the master node and multicast session always send data from the master node. Images are pushed out from the master node of the group to all other members of the group.<br />
<br />
*'''Key Benefits'''<br />
*#Increased throughput<br />
*#Redundant Storage<br />
*#Scalability<br />
<br />
*Also see [[Knowledge_Base#Storage_Nodes | Storage Nodes]] for tutorials.<br />
<br />
==== Adding a Storage Node ====<br />
<br />
*Definition: Storage Nodes provide extra [http://www.fogproject.org/wiki/index.php?title=InstallationModes NFS/FTP storage space] which increases available throughput and redundancy within a network. They do not provide PXE, TFTP, or DHCP services at secondary sites. To enable additional PXE and TFTP services at secondary sites see this section: [[#Including_multiple_PXE_.2F_TFTP_servers|#Including multiple PXE / TFTP servers]]<br />
<br />
*Video Tutorial: http://www.youtube.com/watch?v=X72WthDGwsw&fmt=18 (old video but still valid infomation)<br />
<br />
*To add an additional storage node to the network, the computer should be prepared in the same way the main FOG server would be prepared (disable firewall, SELinux, etc). You can also safely mix operating systems for the nodes of you storage group, some nodes can be running fedora, and some can be running Ubuntu. It is important to update your storage nodes when you upgrade to a new version of FOG. Installation of a storage node is done with the same installer for a normal FOG server. Installation can be started by running the installer script, the steps are detailed below.<br />
<br />
*Surprisingly enough some users have actually gotten a Windows Storage node to work properly. See [[Windows_Storage_Node]] for more information on this.<br />
===== Installing the Node =====<br />
*To Install a node:<br />
*#Run the installation script, ./installfog.sh<br />
*#Select your operating system.<br />
*#When prompted for Server Installation Mode, select '''S''', for storage node.<br />
*#Enter the IP address of the storage node.<br />
*#Confirm you interface<br />
*#Then you will need to enter the IP address or host name of the node running the FOG database<br />
*#Then you will be prompted for a username (typically fogstorage)<br />
*#and a password that is located on the FOG server, that will allow the storage node to access the main FOG server's database. This information is located in the FOG management portal for convenience (on the main for server). It can be accessed via '''Other Information''' -> '''FOG settings''' -> section '''FOG Storage Nodes'''.<br />
*#You will then be prompted to confirm your installation settings, if they are correct press '''Y''' end hit '''Enter'''.<br />
*#When installation completes, the install will produce a username and password that will be needed to add the storage node to the FOG management portal. Username is "fog", password is in /opt/fog/.fogsettings<br />
<br />
===== Adding the Node to the Management Portal =====<br />
*To Add a Node<br />
*#Log into the FOG Management Portal<br />
*#Navigate to the '''Storage Management''' section.<br />
*#Click on '''Add Storage Nodes'''.<br />
*#For the '''Storage Node Name''', enter any alpha numeric string to represent the storage node. <br />
*#Enter any description you wish<br />
*#Enter the IP address of the storage node you are adding. This must be the IP address of the node, DO NOT use a hostname here or the node will not function correctly. <br />
*#Enter the maximum number of unicast clients you would like this node to handle at one time. The value that we recommend is 10. <br />
*#Is Master Node is a very dangerous settings, but for right now leave it unchecked, for more details please see: [[#Master Node Status]].<br />
*#Next, select the storage group you would like this member to be a part of, in our example we will pick '''Default'''<br />
*#Next, specify the image location on the storage node, typically '''/images/''', your image location should always end with a '''/'''.<br />
*#Next, you will want to check the box, to enable the node.<br />
*#The last two fields take the username and password that are generated during the installation of the storage node. username is "fog", password is in /opt/fog/.fogsettings<br />
*#Then click '''Add''' to have the node join the storage group.<br />
<br />
==== Monitoring The Master Node ====<br />
<br />
*On all storage nodes there is a new service (as of version 0.24) called FOGImageReplicator which is a very basic script which, if the node is the master, copies all of its images to all other nodes in the storage group. The coping is done every ten minutes by default, which means your images are NOT instantly duplicated to all nodes. <br />
<br />
*If you would like to view the status of the image replication, you can do so on the storage node by switching to tty3, by typing ctl + alt + f3. Output is also logged to a file in the '''/opt/fog/log''' directory.<br />
<br />
*FOGImageReplicator logs are also located in [[File:Config.png]] '''Fog Configuration''' --> '''Log Viewer''' --> '''FILE: [Select Image Replicator]'''<br />
<br />
==== Master Node Status ====<br />
<br />
*The '''Master Node''' (could be the server or a particular node) in a storage group is the node that distributes images files to all other nodes in the storage group.<br />
<br />
*If you have all your images distributed across 3 nodes in a storage group, '''if you add a new storage node that has no images stored on it, making that node master will cause it to take over and push it's image store of nothing to all other nodes, wiping out all of your images'''. So it is important to be very careful and backup your images when you change a node's master status.<br />
<br />
*Notes - You '''can''' have many storage nodes in a storage group. You '''can''' have one master storage node in a storage group. You '''can not''' have more than one master storage node in a storage group. You '''must have''' one master storage node for replication to take place to other nodes in the group. '''If''' a master storage node is set, all captures '''first''' go to the master storage node of the storage group the image is assigned to; and are '''then''' replicated to other storage nodes.<br />
<br />
==== Including multiple PXE / TFTP servers ====<br />
<br />
*A traditional Master Storage Node, [[#Adding_a_Storage_Node|as described above]] only provides File Storage redundancy. While this can help increase multicast throughput on a single network, all the machines under FOG management must be within the same subnet/VLAN so that DHCP broadcast requests can be directed to the Main server. (see note below)<br />
<br />
*<pre>'''Note:''' depending on the network, it may be possible to configure [http://en.wikipedia.org/wiki/UDP_Helper_Address iphelper] to forward packets to the Main FOG server</pre><br />
<br />
*The following instructions are intended to help configure additional Storage Nodes to operate independently on separate networks, while still syncing with and taking commands from a single Main FOG server.<br />
<br />
*Click here for instructions on setting up [[Multiple_TFTP_servers|multiple PXE / TFTP servers]]<br />
<br />
=== Users ===<br />
<br />
==== Overview ====<br />
<br />
*FOG has only two levels of users, '''regular''' users and '''mobile''' users. Regular users have access to the mobile portal and the full management portal. Mobile users have access to only the mobile management portal and Quick Image functions.<br />
<br />
==== Creating Accounts ====<br />
<br />
*All accounts are created under the "Users" section of the FOG portal. To create a new account click on the "New User" button on the left hand side of the page. All accounts must have a unique username, and a password. After filling in the required information click on the "Create User" button.<br />
<br />
==== Modifying Users ====<br />
<br />
*FOG accounts can be modified from within the users section. First you must locate the account you wish to modify by clicking on the "List all Users" button on the left hand side of the page. When a user is located, click on the edit button on the right hand side of the table.<br />
<br />
=== Tasks ===<br />
<br />
==== Overview ====<br />
<br />
*Tasks are all the actions that you can take on a computer, and in FOG there a numerous tasks that can be done including:<br />
<br />
*Deploy (Unicast)<br />
*Capture (Unicast) <br />
*Deploy - Multicast <br />
*Debug<br />
*Memory Test<br />
*Test Disk<br />
*Disk Surface Test<br />
*Recover (File Recovery)<br />
*Hardware Inventory<br />
*Password Reset<br />
*Deploy All Snapins<br />
*Deploy Single Snapin<br />
*Wake-Up<br />
*Deploy - Debug (Unicast)<br />
*Capture - Debug (Unicast)<br />
*Deploy - Without Snapins (Unicast)<br />
*Fast Wipe<br />
*Normal Wipe<br />
*Full Wipe<br />
*Virus Scan<br />
*Virus Scan - Quarantine<br />
*Donate<br />
*Torrent-Cast<br />
<br />
<br />
In the tasks section of FOG you can perform tasks on single hosts or groups of hosts. This section also allows you to monitor selective tasks, and stop/cancel tasks.<br />
<br />
==== General Tasks ====<br />
<br />
The general/common Tasks in FOG include unicast image capture, and unicast image send, as well as a multicast image send. In FOG, sending an image to the server is considered an image capture, and deploying an image to the client is called a send. Both of these tasks can be started directly from the search, list all hosts, and list all groups pages. <br />
<br />
To perform a simple image capture, click on the upward facing arrow next to the host. Captures are only possible on a host, not a group. Capturing an image will also overwrite any image file that may already exist for that host without any notification or confirmation.<br />
<br />
Please note that capturing images of Windows Vista and Windows 7 requires special command to be run on the clients prior to image capture. Please see [[What do I have to do to an image before capturing?]] for more details.<br />
<br />
For a video demonstration of an image capture, please see: http://www.youtube.com/watch?v=jPPZr0abVfg&fmt=18<br />
<br />
To perform a simple image send, click on the downward facing arrow next to the host. An image send can be done on a host or a group. When sending an image to multiple computers FOG works in queue mode, which means that it will only send to 10 (by default) computers at one time. This is done to keep the server from being overworked. As soon as the a machine finishes, another from the queue joins.<br />
<br />
To perform a multicast image send you must search for a group of hosts on the "Task Management" page. Multicast tasks can only be performed on a group of hosts. Multicast tasks will send to all the computers in the group at once, and the task will not start sending until all members of the group have connected with the server. After starting a multicast task, status can be view by clicking on [ctl]+[alt]+f2. A log is also kept for multicast transfers which is stored at /opt/fog/log.<br />
<br />
==== Advanced Tasks ====<br />
<br />
The advanced Tasks in FOG include everything that is not a simple capture, simple deploy or mutlicast deploy. <br />
<br />
=====Debug=====<br />
<br />
Debug mode boots the linux image to a bash prompt and allows the user to issue all commands by hand. <br />
<br />
=====Capture - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to capture the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to send the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Without Snapins)=====<br />
<br />
This task does a normal send task with the exception that if any snapins are associated with the host, they are not deployed to the host. <br />
<br />
=====Deploy All Snapins=====<br />
<br />
This task will send all the snapins associated with a host to the host without imaging it.<br />
<br />
=====Deploy Single Snapin=====<br />
<br />
This task will send a single snapin that is associated with the host to the host without imaging it. (Note: The snapin must be associated with the host already)<br />
<br />
=====Memory Test=====<br />
<br />
Boots to Memtest86, a memory testing tool. This a task will not exit with out user intervention at the client side. The task must also be manually stopped via the management front end.<br />
<br />
=====Wake Up=====<br />
<br />
Wakes up host or group of hosts using Wake-on-Lan. <br />
<br />
=====Fast Wipe=====<br />
<br />
This task does a quick and dirty wipe of the drive. This task writes zeros to the first ~40MB of the disk. This task should NOT be used if you don't want your data to be recoverable. <br />
<br />
=====Normal Wipe=====<br />
<br />
This tasks writes random data to the entire surface area of the disk. <br />
<br />
=====Full Wipe=====<br />
<br />
This tasks writes random data, multiple times to the entire surface of the disk. <br />
<br />
=====Disk Surface Test=====<br />
<br />
This task will look for bad blocks on the hard disk and report them back to the client console. <br />
<br />
=====File Recovery=====<br />
<br />
This task will load an application that can be used to recover lost files from the hard disk. <br />
<br />
=====Virus Scan=====<br />
<br />
This task will update and load ClamAV and scan the partition for viruses. It will either scan and report or scan and quarantine files, it will also report back to the management portal with the results of the scan.<br />
<br />
=====Hardware Inventory=====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/InventoryUpdate.swf.html Video Tutorial]<br />
<br />
The hardware inventory task will execute the same task as the fog.reginput client side task. Since the host is already registered, all it will do is update the computers inventory and restart. It is visioned that this task could be run on a regular interval on a group of all computers in your network, or some sub group of computers in your network. Then on the next reboot of those computers an inventory would be performed.<br />
<br />
==== Scheduling ==== <br />
<br />
As of version 0.27 of FOG, select tasks can be scheduled using a static date/time combination or using a cron style repetitive task scheduling. Task scheduling can be performed on either single hosts, or on groups of computers. One thing to note about task scheduling that isn't intuitive is that it '''requires an image to be associated with the host, even for non-image based tasks!''' The reason for this is because tasks are only run on the master storage node associated with that host, and the only way to tie a storage node to a host is via an image. We did this to prevent multiple storage nodes to try running the same task for a specific host. <br />
<br />
===== Single Execution Scheduling =====<br />
<br />
Single task execution will run a task at a single date and time, then the task will be discarded. To scheduled a single execution task, you would go to the tasks section of fog, then select the host or group you would like to schedule the task, then select the task you would like to schedule. You will then be presented with the screen show below.<br />
<br />
[[Image:Sched.png]]<br />
<br />
To schedule a single execution task, click on white text box below "Schedule Single Task Execution?" and a pop up calendar will load and allow you to select your date and time for the task. Click on the date to close the calendar, then start you task. <br />
<br />
===== Cron Style Task Scheduling =====<br />
<br />
Cron style task execution allows you to do complex repetitive task scheduling. After a cron task executes, it is not removed, as single executions tasks are. Cron style tasks, as the name suggests are similar to the Linux cron task scheduler format. Cron style tasks are created as single execution tasks are, except when presented with scheduling options, select the option "Schedule Cron Style Task Execution". Below that check box are a series of text boxes including:<br />
<br />
min -> Minute [00-59]<br />
hour -> Hour [00-23]<br />
dom -> Day of Month [01-31]<br />
month -> Month [01-12]<br />
dow -> Day of Week [01-07] (Sunday ==> 0, Saturday ==> 6)<br />
<br />
To give an example of how this works, if you wanted a capture task to run at '''10:00pm everyday''' you would enter the following:<br />
<br />
0 22 * * *<br />
<br />
This basically says run the task a '''0''' minutes into the hour, on the '''22nd hour (10:00pm)''', on '''every day of the month''', on '''every month of the year''', on '''every day of the week'''.<br />
<br />
To take this example further, lets say you only wanted to capture the image '''every other day''', we could do this by adding:<br />
<br />
0 22 */2 * *<br />
<br />
The '''*/2''' now tells the scheduler to only run on '''even days of the month'''. <br />
<br />
We could even ask the scheduler to only do a backup on '''even weekdays''' by adding:<br />
<br />
0 22 */2 * 1-5<br />
<br />
The 1-5 we just added says only run on days 1 through 5, which relate to Monday - Friday.<br />
<br />
Now we will ask the scheduler to only backup in the month of February.<br />
<br />
0 22 */2 2 1-5<br />
<br />
Another basic example could be if you wanted to run an inventory update on the first of every month you could use:<br />
<br />
30 1 1 * *<br />
<br />
This task would then run at '''1:30''' on the '''1st of every month'''.<br />
<br />
<br />
The FOG scheduler doesn't support 100% of the operations that cron supports, below are the operations that are supported:<br />
<br />
4 - Listing a static number<br />
4,5,6,7 - Listing a group of numbers<br />
4-7 - ranges of numbers <br />
4-7,10 - ranges and lists<br />
*/5 - * divided by a number<br />
* - Wildcard<br />
<br />
For more information on cron please see http://en.wikipedia.org/wiki/Cron<br />
<br />
=== Setting up Printers With Fog Printer Management ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher.<br />
<br />
==== Known Issues ====<br />
<br />
Setting of the default printer will only work if the fog tray icon is running.<br />
<br />
==== Overview ====<br />
<br />
The printers section of FOG allows you to create printer definitions that you can later associate with hosts. The FOG service looks at these associations and during service it will attempt to install any printers listed. This service has three settings which define how the printers are managed, printer management can be set to:<br />
<br />
<ul><br />
<li>No Printer Management</li><br />
<li>Add Only</li><br />
<li>Add and Remove</li><br />
</ul><br />
<br />
All hosts default to '''No Printer Management''' which means that the FOG service does nothing to the hosts printers. '''Add Only''' does as the name implies, and will only add printers to the host machine, it will not remove any existing printers that may be installed. '''Add and Remove''' will take full control of the hosts printing system and only allow for the printers that are specified by the FOG management console to exist on the host. <br />
<br />
==== Adding New Printers ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf Video Tutorial]<br />
<br />
In order for the printer to be added to the host computer, the printer drivers must be stored in a public area, or included on the host computer. This public area can be a Novell Network share where public has read-only access, a Windows share that is public read-only to everyone, or a Samba share (possibly residing on the FOG server) that is public read-only to everyone. This share must be accessible via a UNC path as the service may attempt to install the printers before drive mapping occurs. In this share the printer drives and .inf file must exist. FOG supports install IP based (Jet-Direct) printers, public access NDS printers, Local printers, windows share based printers, (and we think, but could use a confirmation as it hasn't been tested) AD based printers. <br />
<br />
If you wish to see what printers are included with Windows XP, navigate to c:\windows\inf\ntprint.inf. Open this file with a text editor and you will be able to install all the printers listed using the ntprint.inf file. <br />
<br />
To create a new printer definition click on the Printer icon on the system menu bar. Then on the left hand menu, click on '''Add New Printer'''. The form you are presented with will require you to enter:<br />
<br />
<ul><br />
<li>'''Printer Model''' - This must match the name in the INF file.</li><br />
<li>'''Printer Alias''' - This can be anything you wish and it is what the end user will see.</li><br />
<li>'''Printer Port''' - This is something like '''LPT1:''', or '''IP_1.1.1.2'''.</li><br />
<li>'''Printer INF File''' - This is the path to the INF file for the printer driver.</li><br />
<li>'''Printer IP''' - (optional) This is ip address of an IP based printers only, this can take the form of '''1.2.3.4:9100''' or '''1.2.4.5'''. If the port doesn't exist already, it will create one named ''' IP_x.x.x.x''', where x.x.x.x is the ip address. That is what should be entered in the port field.</li><br />
</ul><br />
<br />
After all the required information is entered, click on the '''Add Printer''' button.<br />
<br />
==== Linking Printers to Hosts ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf.html Video Tutorial]<br />
<br />
Linking printers to hosts can be done from either the hosts section or the groups section. In the hosts section find the host you would like to add a printer to, click on the edit button associated with that host. In the host menu, click on the '''Printers''' button. First select how you would like the host to be managemed, either '''No Printer Management''', '''Add Only''', or '''Add and Remove'''. Then in the section below, select the printer you would like to install from the drop down list and click on the '''Update''' button.<br />
<br />
==== Creating a Samba Based Printer Store on FOG ====<br />
<br />
If you do not have a public sever where you can store your printer drivers for the FOG Printer Manager, then it is very easy to set one up on the FOG server using Samba, so all your Windows Clients will be able to connect.<br />
<br />
[[Creating a Samba Based Printer Store on FOG]]<br />
<br />
=== The FOG Client Service ===<br />
<br />
<font color="red">Note:</font> Most of the things here about the FOG Client service apply to the legacy FOG client that came with FOG versions 1.2.0 and older. FOG 1.3.0 now comes with a new FOG Client. Details on this can be found here: [[FOG Client]]<br />
<br />
==== Overview ====<br />
<br />
The FOG Client Service is a Windows Service that is intended to be installed on the client computers during the image creation process. The FOG service communicates with the FOG server to provide certain service to the client computers including:<br />
<br />
<br />
*Auto Log Off (0.16)<br />
*Hostname Changes<br />
*Active Directory Integration<br />
*Directory Cleaner (0.16)<br />
*Display Manager (0.16)<br />
*Green FOG (0.16)<br />
*Host registration<br />
*Task Restarting<br />
*Snapin Installation<br />
*User Tracker<br />
*Printer Manager<br />
*User Cleanup (0.16)<br />
*Client Updater<br />
*User Tracker<br />
<br />
==== Module specific configuration settings ====<br />
<br />
The FOG Client Service is very modular in nature, which means you can install portions of the services provided, and leave off others. This also means that it is very easy to create new sub services if you know a little C#. All configuration data is held in a local INI file. Which is typically stored in <br />
<br />
c:\program files\fog\etc\config.ini<br />
<br />
This file holds, in the general section:<br />
<br />
<ul><br />
<li>FOG Server IP address</li><br />
<li>FOG Service installation root</li><br />
<li>FOG Service working directory</li><br />
<li>FOG Log file path</li><br />
<li>Flag indicating if GUI messages should be displayed</li><br />
<li>The max log file size</li><br />
</ul><br />
<br />
==== Installation ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/FogServiceInstall.swf.html Video Tutorial]<br />
<br />
The FOG service should be installed on the computer to be imaged before capturing the image to the FOG Server. <br />
<br />
The FOG service is located in the '''FOG Service/bin''' directory or if the FOG server is already installed it can be downloaded from:<br />
<br />
http://[serverip]/fog/client/<br />
<br />
Double-click on the '''setup.exe''' to start the installation wizard. At the end of the wizard you will need to enter the IP address or hostname of your FOG server.<br />
<br />
[[Image:fogservice.jpg]]<br />
<br />
Then restart the computer, if you don't restart the computer you will have issues with the service GUI appearing correctly.<br />
<br />
===== Quiet Installation =====<br />
<br />
As of version 0.29 and higher, the FOG client now supports a quiet installation mode. This can help automate deployments, by allowing the command to be run without user interaction from batch files. To do this the setup.exe file must be run from the command line with the arguments '''fog-defaults=true /qb'''.<br />
<br />
So the full command would be:<br />
<br />
setup.exe fog-defaults=true /qb<br />
<br />
==== Functions and Operation ====<br />
<br />
=====Auto Log Out=====<br />
<br />
Added in Version 0.16<br />
<br />
This module of the FOG Service will log a user off of a client pc after X minutes of inactivity. This module will display a screen saver-like GUI after 3/4 of the inactive time is up. So if the time out value is 40 minutes, the GUI will be displayed at 30 minutes of inactivity. When the time is up, the client computer will reboot. This service module can be configured via the management portal via:<br />
<br />
FOG Service Configuration -> Auto Log Out<br />
<br />
To enable the module globally, place a check in the box next to '''Auto Log Out Enabled?'''. The time to auto log off can changed globally via '''Default log out time:''' The minimum recommended value for this setting is 4 minutes. <br />
<br />
The background image for the auto log off module can be modified via:<br />
<br />
Other Information -> FOG Settings<br />
<br />
The settings can be changed by modifying the value for '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE'''. This settings will accept a jpg file that is local to the client computer like: <br />
<br />
c:\images\image.jpg<br />
<br />
This setting will also accept files located on a web server such as:<br />
<br />
http://www.somedomain.com/image.jpg<br />
<br />
Provided with FOG is a simple php script that will display a random images that is located on the FOG server. To use this option set '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE''' to <br />
<br />
http://x.x.x.x/fog/public/randomimage.php<br />
<br />
Then simply put the images you would like to use in the following directory on the fog server:<br />
<br />
/var/www/html/fog/public/imagepool<br />
<br />
Images used for the auto log off module must be in jpg format, and must be 300px by 300px.<br />
<br />
=====Hostname Changer=====<br />
<br />
This module of the FOG Service is used to change the hostname of the client computer and to allow the client to (optionally) join a Active Directory Domain after imaging. This process only runs shortly after service startup, which means typically only when you start your computer. The service communicates with the FOG server over port 80 and determines the hostname that is present in the FOG database for the host. The hosts are matched to the FOG database by their MAC addresses. If the hostnames are found to be different, the client changes the computers hostname and restart the computer.<br />
<br />
The config.ini file contains configuration options for this module. <br />
<br />
netdompath=<br />
<br />
Allows you to set the path to the netdom.exe file. In some cases the file does not exist on the system. It can be downloaded from: [http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=de Microsoft Download Center]<br />
<br />
=====Host Register=====<br />
<br />
As of version 0.29, this module will only add additional mac address to a host that is already registered, and add them to the pending mac address table, where they need to be approved in the FOG UI.<br />
<br />
=====Task Reboot=====<br />
<br />
This module periodically checks in with the FOG server to see if the client has an imaging task assigned to it. If a task is found AND no one is logged into the workstation, then the client will restart and join the task.<br />
<br />
The config.ini file contains configuration options for this module. As of version 0.13 of FOG you can change:<br />
<br />
forcerestart=0<br />
<br />
to<br />
<br />
forcerestart=1<br />
<br />
This will make the computer restart if a task is found, regardless of whether a user is logged into the computer.<br />
<br />
You can change how often the service will check in with the server by changing:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins.<br />
<br />
=====Directory Cleaner=====<br />
<br />
Added in version 0.16<br />
<br />
This module will clean out (delete) the contents of a directory on user log off. This useful when you don't want any settings cached between users. This module will only delete the contents of a directory and not the root directory itself, so if you specify '''c:\trash''', the service will remove all files and folders located within c:\trash but leave the folder c:\trash.<br />
<br />
=====Display Manager=====<br />
<br />
Added in version 0.16<br />
<br />
This module is used to restore screen resolution between clients. This will restore a fixed resolution and refresh rate when a user logs into a computer.<br />
<br />
=====Green FOG=====<br />
<br />
Added in version 0.16<br />
<br />
This module will simply shutdown/restart the client computer at a fixed schedule if no user is logged in. The schedule can be defined via the management portal. <br />
<br />
=====Snapin Client=====<br />
<br />
This module periodically checks in with the FOG server to see is the client has an snapin set to be deployed to it. If a snapin is found AND no imaging task is associated with the client, then the client will download the snapin and install it in the background.<br />
<br />
The configuration file contains settings for this module including:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins. It is important to note that currently the fog client will wait 5 minutes when first connected / established before it starts checking and installing any snapins from the server.<br />
<br />
=====User Tracker=====<br />
<br />
This module attempts to track user access to the host computer by the Windows user name. It attempts to track logins and logoffs as well as well as the state of the computer at service startup. The service will even attempt to track users when they are not on the network by writing all entries to a journal file, then replying the journal the next time the client is on the network.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====User Cleanup=====<br />
<br />
This module will remove all users not white listed in management portal on log off. This module is useful when using services like dynamic local user. All entries in the management white list are treated as prefixes to usernames, which means that they will white list all users that start with whatever was entered in the management front end. For example, if you enter '''admin''' in the management white list, then users '''admin''', and '''administrator''' will NOT be removed from the computer.<br />
<br />
=====Printer Manager=====<br />
<br />
This module checks on service startup to see what printers should be installed/removed from the client PC.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====Client Updater=====<br />
<br />
This module waits (randomly) between 60 and 500 seconds after service startup to check the local fog server for client updates, and if any are found the service will download and install them. Updates will NOT take effect until after the service is restarted.<br />
<br />
There are no configuration settings for this module.<br />
<br />
==== Keeping Clients up to date ====<br />
<br />
===== Overview =====<br />
<br />
As of version 0.12 of FOG, we have included a client updater module. This module is no different from any of the other sub service modules. This service waits anywhere between 60 and 500 seconds after the FOG service starts up, and then attempts to check with the server for newer FOG service modules. If new modules are found the client will download them, and they will be active on the NEXT service startup. These modules are controlled from the FOG Management Console. <br />
<br />
Only certain modules can be updated, only those that are a sub class of AbstractFOGService. This means you should '''NEVER''' attempt to update the FOGService executable (FOGService.exe file), or the AbstractFOGService.dll file. It is recommended that you not update the ClientUpdater.dll, because if the ClientUpdater.dll file becomes corrupt or not functional, your clients will not be able to update from that point on. Below are a list of the .dll files that can be updated.<br />
<br />
<ul><br />
<li>UserTracker.dll</li><br />
<li>TaskReboot.dll</li><br />
<li>SnapinClient.dll</li><br />
<li>PrinterManager.dll</li><br />
<li>HostRegister.dll</li><br />
<li>HostnameChange.dll</li><br />
<li>GUIWatcher.dll</li><br />
<li>ClientUpdater.dll</li><br />
<li>config.ini</li><br />
</ul><br />
<br />
Care must also be taken when updating the config.ini file, if the IP address is incorrect or the syntax of the file is incorrect, it could leave the FOG service crippled on the client computers.<br />
<br />
===== Posting Updates =====<br />
<br />
To add new modules that can be pushed down to clients, first install a client with the new service or new module and confirm that it works as you would like. Log into the FOG management console, then go to the Infomation/Misc section (the little "i" icon). Click on '''Client Updater''' on the left-hand menu. Now click on the browse button to select the module (.dll) file you would like to post, then click on the capture button. After capturing the file should appear in the table above. If you are adding a new module, you will probably want to capture a new config.ini file to include new configuration settings required by that new module.<br />
<br />
==== FOG Tray ====<br />
<br />
The FOG Tray is a Windows application that runs on user login that docks in the system tray. The FOG Tray, like the FOG service, is very modular in nature. New modules can be dropped in the FOG tray directory and on next load they will be loaded. This tray icon has the ability to communicate with the FOG service, this allows FOG more interactivity with the end-user. <br />
<br />
What happens is that when the FOG service's printer manager module gets a request to set a default printer, the service attempts to contact the FOG Tray. If communication is established, then the service will ask the tray to set the default printer. On the other hand the end user can right click on the "F" icon in the system tray, then select printers, then update my printers. What this will do is attempt to send a request from the FOG Tray to the FOG Service and have the service check for printer updates (new printers or printers to be removed). If one is found the service will install any new printers assigned in the FOG Management portal.<br />
<br />
This application is in its very early stages and currently doesn't have a lot of functionality. It is currently only used to allow end users to update their printers and to allow the setting of default printers (from the FOG service). Our vision for the FOG Tray is to add modules that would allow users to install printers that are published as public (via the management portal) without the printer being directly assigned to their host. We would also like to do the same thing for snapins where some of your snapins could be defined as public where anyone could install them on their computer.<br />
<br />
==== Troubleshooting ====<br />
<br />
If you have problems with the FOG Service, please refer to the log file that is located at:<br />
<br />
c:\fog.log<br />
<br />
If the PXE boot does not work<br />
<br />
If booting from the fog server through pxe comes up with an error file not found, edit /etc/default/tftpd-hpa<br />
<br />
Change TFTP_DIRECTORY to<br />
<br />
TFTP_DIRECTORY="/tftpboot"<br />
Then<br />
<br />
/etc/init.d/tftpd-hpa restart<br />
<br />
=== Snap-ins ===<br />
<br />
==== Overview ====<br />
<br />
*The FOG Service has the ability to install snapins to the clients. Snapins can be anything from whole applications like Microsoft Office to registry keys or desktop icons. Snapins can even be used to uninstall applications or remove unwanted files. For the end use's point of view, they will not even noticed that a snapin is being installed until it is complete. At this point a message will notify them that a new application has been installed on their computer. Snapins can be in MSI (0.17) or EXE formats, and can be created with any snapin creation tool like InstallRite or already packaged MSI files (0.17). You can also push commands to the computer that include .vbs scripts / .cmd (commands) and .bat (batch scripts).<br />
<br />
*Snapin return codes are specified by the program that's being installed.<br />
<br />
<br />
==== Creating a Snapin / Overview ====<br />
<br />
FOG doesn't provide a tool to create snapins, but instead allows you to push files and execute them on the remote computers. It is highly recommended that you push the actual installer to the computer instead of using a program such as InstallRite. <br />
<br />
If you have never silently installed software to a computer, or created an answer file for a program please look at the website Appdeploy [http://www.appdeploy.com/articles/ Link] This website has an trove of information on how to push software to a computer remotely.<br />
<br />
===== Creating a Snapin for larger applications with SFX Maker =====<br />
<br />
Some larger applications such as Microsoft Office and Adobe Products (Acrobat / Creative Suite) require multiple files to install properly. If you have an application that is not a single .exe please use SFX Maker. This tool is free for non commercial use, and most programs fall under the GPL. [http://www.isoft-online.com/ SFX Maker's Website]<br />
<br />
For instructions on how to use this software please see the youtube videos below.<br />
<br />
[http://www.youtube.com/watch?v=ZSMJLnRjn94 Office 2003 Install]<br />
[http://www.youtube.com/watch?v=Qzc1Q9NW_cE Office 2007 Install]<br />
<br />
SFX Maker takes an entire folder and encapsulates it or "folds" it into a single .exe which then "unfolds" to its original state and launches a file or command.<br />
<br />
===== Creating a Snapin with InstallRite =====<br />
<br />
If for some reason you do wish to use Installrite please be aware it comes with issues and limitations (not compatible on all windows operating systems / can cause issues with the computer it is pushed to). Below is an example of how to build a package with that software<br />
<br />
In this example we will use Epsilon Squared's InstallRite which can be downloaded from http://www.epsilonsquared.com/installrite.htm. This application will package up your snapin as an exe file which will be uploaded to the FOG server. <br />
<br />
<ol><br />
<li>To run InstallRite navigate to c:\program files\Epsilon Squared\InstallRite\InstallRite.exe</li><br />
<li>Click on "Install new software and create an InstallKit"</li><br />
<li>On the Configure screen, click Next.</li><br />
<li>On the Snapshot screen click next to create a new system snapshot.</li><br />
<li>On the next screen,click the browse button to select the application you wish to install, then click next.</li><br />
<li>When installation is complete InstallRite will come into focus, click the next button. InstallRite will scan your system again.</li><br />
<li>Enter a name for your snapin.</li><br />
<li>Click "Build Install Kit"</li><br />
<li>Select "Quiet Installation Mode", Never reboot, even if needed, and "Never prompt the user and only overwrite older files"</li><br />
<li>Click OK and it will build your snapin.</li><br />
</ol><br />
<br />
==== Preparing the FOG Server ====<br />
<br />
If your snapin is larger than 2MB you will need to make two changes to the FOG server to allow uploads of larger than 2MB.<br />
<br />
See also: [[Troubleshoot Web Interface]]<br />
<br />
===== Fedora =====<br />
<br />
<br />
#On the FOG Server click on Applications -> Accessories -> Text Editor.<br />
#Select Open and navigate to "/etc/php.ini"<br />
#Change UPLOAD_MAX_FILESIZE to 1900MB (On a 32Bit OS don't set this value above 2GB)<br />
#Change POST_MAX_SIZE to the same value.<br />
#Save and close the text editor.<br />
#Click on Applications ->System Tools -> Terminal and type "service httpd restart"<br />
<br />
===== Ubuntu =====<br />
<br />
#sudo gedit /etc/php5/apache2/php.ini<br />
#Change <br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
#Save Changes<br />
#sudo /etc/init.d/apache2 restart<br />
<br />
<br />
===== VMWare =====<br />
<br />
#sudo vim /etc/php5/apache2/php.ini<br />
#Edit the following lines in the document (read below for assistance with working in VIM)<br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
<br />
<br />
*To edit content in vim you will need to press the '''"I"''' key on your keyboard to enter input mode.<br />
*Hitting the '''Escape''' key will bring you out of input mode.<br />
*Once out of input mode type ''':w''' and then '''enter''' to save the file<br />
*Restart FOG once the file has been saved<br />
<br />
==== Uploading the Snapin ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/CreateSnapin.swf.html Video Tutorial]<br />
<br />
<ol><br />
<li>In the FOG Management Portal click on the Snapin Icon (Puzzle Pieces).</li><br />
<li>On the left-hand menu click on the New Snapin Button.</li><br />
<li>Enter a Snapin Name and Description.</li><br />
<li>Browse to the snapin file you wish to upload.</li><br />
<li>If you want the computer to restart after the snapin is installed click on the "Reboot after install"</li><br />
<li>Click "Add"</li><br />
</ol><br />
<br />
<br />
<br />
As of version 0.17, fog supports using typical msi files as snapin files.<br />
<br />
If the snapin file is a msi file you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of msiexec.exe (ie: c:\windows\system32\msiexec.exe)</li><br />
<li>Set '''Snapin Run With Arguments:''' to '''/i'''</li><br />
<li>Set '''Snapin Arguments:''' to '''/qn'''</li><br />
</ol><br />
<br />
If the snapin file is a .vb script you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of cscript.exe (ie: c:\windows\system32\cscript.exe)</li><br />
</ol><br />
<br />
<br />
<br />
'''Documentation on list of support snapin's and command line arguments''' [[http://www.fogproject.org/wiki/index.php?title=Supported_Snapin%27s_and_Command_Line_Switches]] There are MANY more supported applications that can be installed via command line arguments. You might have better luck installing them directly via .EXE / .MSI / or scripting them via .VBS . For more info on this consult the forums --[[User:Ssx4life|Ssx4life]] 09:04, 8 October 2009 (MST)<br />
<br />
==== Linking the Snapin to Hosts ====<br />
<br />
In order for a snapin to be deployed it must be linked with a host. To do this perform the following:<br />
<br />
<ol><br />
<li>In the FOG Management Portal, click on the Hosts Icon.</li><br />
<li>Search for and select a host and click on the edit button.</li><br />
<li>Scroll down to the snapin section.</li><br />
<li>Select the snapin you just created from the drop-down box and click the "Add Snapin" button.</li><br />
</ol><br />
<br />
The next time you image the computer the FOG Service will attempt to install that snapin. If you have problems, please see the fog log file located at c:\fog.log on the client PC.<br />
<br />
=== Client Side Tasks ===<br />
<br />
==== FOG Version ====<br />
<br />
Applies to version 0.12 or higher.<br />
<br />
==== Overview ====<br />
<br />
FOG attempts to keep management centralized, but in an attempt to make deploying machines as easy as possible FOG has added a few basic client side tasks. These tasks can be run from the client computer during the PXE boot process. When the client boots and the FOG banner is displayed the pxe client will display a prompt like '''boot:''' or something similar. At this point you have 3 seconds to start typing one of the following commands. <br />
<br />
<ul><br />
<li>fog.memtest</li><br />
<li>fog.reg</li><br />
<li>fog.reginput</li><br />
</ul><br />
<br />
==== fog.memtest ====<br />
<br />
This command will run the memtest86+ on the client computer. <br />
<br />
==== fog.reg ====<br />
<br />
This command will run the basic host registration and inventory process without any user input. It will register any new/unregistered hosts with the FOG server and pull a basic hardware inventory from them. The hostname of the computer will be the same as the MAC address without the ":".<br />
<br />
If a host is already registered, then only an inventory will be performed.<br />
<br />
==== fog.reginput ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/RegImage.swf.html View Host Registration Video]<br />
<br />
This command will run the full host registration process with user input, inventory and give the option to push down an image, all at the same time. During this process the user registering the host will be prompted for the computer host name, ip address, operating system ID, image ID, Primary User of the computer, asset tag 1, and asset tag 2. <br />
<br />
If a valid hostname, os id, and image id are given and the option is selected to image the workstation after registration, the host will reboot and an imaging send will began. <br />
<br />
If a host is already registered, then only an inventory will be performed, this prevents end-users from re-registering a machine with a different hostname, etc.<br />
<br />
This tasks was designed for institutions that may get shipments of hundreds of computers that need to be deployed very quickly. They can be unboxed, inventoried, imported into FOG and imaged very quickly. <br />
<br />
===== Operating System ID =====<br />
<br />
As of Version 0.17 of fog, you can now enter '''?''' at the Operating System ID prompt to get a listing of the valid operating system id values. <br />
<br />
The following are valid values for operating system IDs:<br />
<br />
<ul><br />
<li><b>1</b> - Windows 2000 / Windows XP</li><br />
<li><b>2</b> - Windows Vista</li><br />
<li><b>3</b> - Windows 98</li><br />
<li><b>4</b> - Windows (Other)</li><br />
<li><b>5</b> - Windows 7</li><br />
<li><b>50</b> - Linux</li><br />
<li><b>99</b> - Other</li><br />
</ul><br />
<br />
===== Image ID =====<br />
<br />
Image IDs can be found in the management console, in the Images section. Search for the image, and click on the edit button associated with the image, <br />
the image id will be in the Address/url bar in the format of <b>&imageid=xx</b>.<br />
<br />
As of version 0.17, you can enter '''?''' at the Image ID prompt to get a listing of all your images and their ID numbers.<br />
<br />
=== Active Directory Integration ===<br />
<br />
==== Setup ====<br />
<br />
===== Overview =====<br />
<br />
FOG has the ability to register a host with Active Directory, in a limited sense. Versions of FOG up to and including 0.28 rely on the netdom.exe executable that is provided as part the support tools on the Windows installation media. In order for Active Directory integration to function, your image will need to have the FOG service installed, along with the Windows Support Tools.<br />
<br />
Versions of FOG from (and including) 0.29 have this functionality built in and do NOT require netdom.exe or the support tools to be installed.<br />
<br />
It is also very important that before capturing your image that the computer is NOT a member of any domain.<br />
<br />
===== Security =====<br />
<br />
<font color="red">Note: The below statement applies to older FOG versions (1.2.0 and below). When using FOG 1.3.0 and above in conjunction with the NEW fog client, this step is not needed. See [https://wiki.fogproject.org/wiki/index.php?title=FOG_Client here] for more information.</font><br />
<br />
<br />
'''Important - Please read!'''<br />
<br />
In order to add a computer to a domain, FOG requires a username and password of an account that has rights to the OU where the computer objects are stored in the domain tree. This user account should have rights to join computers to the Domain, as well as sufficient rights to create/manage computer objects. FOG attempts to keep your password secure by encrypting it, but since FOG is open source, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and only need to be done one time. Please see the documentation below.<br />
<br />
===== Preparing the Image =====<br />
<br />
Before capturing an image to FOG that you would like to use with Active Directory, please ensure that the image:<br />
<br />
<ul><br />
<li>is NOT a member of the domain, change the computer membership to workgroup instead.</li><br />
<li>has support tools installed (Not required for FOG versions from 0.29).</li><br />
<li>has the FOG service installed.</li><br />
</ul><br />
<br />
===== FOG Setup =====<br />
<br />
To setup a host to use AD, navigate to the hosts section of the FOG management portal. <br />
<br />
<ol><br />
<li>Search for, and select a host. </li><br />
<li>Click on the Edit button</li><br />
<li>Scroll down to the Active Directory section.</li><br />
<li>Check the box next to Join Domain after image task</li><br />
<li>Enter the domain NETBIOS name (i.e. MYDOMAIN, not mydomain.com).</li><br />
<li>Enter the Organizational Unit where you would like to have the computer stored in AD. Leave if blank for the default. (Must be in LDAP format).</li><br />
<li>Enter the user name that has access to the computer objects. Do not include the domain name if you are running version 1.2 (your mileage may vary with earlier versions). Development version of FOG will accept a name with or without domain ('''username ''OR'' mydomain/username''').</li><br />
<li>Enter the encrypted password. This password must be encrypted with the [[FOGCrypt]] utility. This utility is located in the FOGCrypt folder of the FOG download package. It is a Windows (.NET) command line application.</li><br />
<li>Click Update.</li><br />
</ol><br />
<br />
The next time you image that computer the service will attempt to register the host with the domain information provided. If you have problems please refer to the FOG Service log file located in c:\fog.log<br />
<br />
===== Making AD Integration Easier =====<br />
<br />
As of version 0.20 of FOG, we have made it a bit easier to manage AD settings in FOG, by allowing for default settings for AD. This will allow the easy population of the domain, OU, username, and password. To set this feature up perform the following:<br />
<br />
# Go to '''Other Information''' -> '''FOG Settings'''<br />
# Set your default values for the following:<br />
## FOG_AD_DEFAULT_DOMAINNAME<br />
## FOG_AD_DEFAULT_OU<br />
## FOG_AD_DEFAULT_USER<br />
## FOG_AD_DEFAULT_PASSWORD (MUST BE ENCRYPTED!)<br />
<br />
To test everything out, go to a host that doesn't have anything setup for AD, and click on the edit button for that host. Go to the host menu, and select Active Directory. Click on the '''Join Domain after image task:''' button and all your default values should be populated.<br />
<br />
==== Securing Active Directory Integration ====<br />
<br />
===== Overview =====<br />
<br />
In order to add a computer to a domain, FOG requires a username and password that has rights to the OU where the computer objects are stored in the domain tree. FOG attempts to keep your password secure by encrypting it, but since FOG is open source and the methods used to encrypt the password are open for all to see, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and it only needs to be done one time. <br />
<br />
===== The Development Environment =====<br />
<br />
The hostname change module is written in c#, so in order to recompile it you will need to download Microsoft's Visual Studio Express Edition for C#. This can be downloaded from: <br />
<br />
http://www.microsoft.com/express/vcsharp/<br />
<br />
Install Visual Studio with the standard options.<br />
<br />
===== Getting the Source =====<br />
<br />
After Visual Studio Express is installed now we need to get the source code for the hostname change module. This is part of FOG download/installation package. This package can be downloaded from:<br />
<br />
http://sourceforge.net/project/showfiles.php?group_id=201099 <br />
<br />
Extract this package, then navigate to "FOG Service\src\FOG_HostNameChanger\"<br />
<br />
Double-click on HostNameChange.sln to open the project. <br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > hostnamechanger properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Once the project has opened, on the right-hand panel, in the "Solution Explorer", double-click on MOD_HostNameChanger.cs.<br />
<br />
After do so, you should get the source code to display in the main panel, scroll down to the line:<br />
<br />
private const String PASSKEY = "FOG-OpenSource-Imaging"; <br />
<br />
Change '''FOG-OpenSource-Imaging''' to anything you like, just remember what you change it to, as you will need it later.<br />
<br />
Then click File -> Save All.<br />
<br />
Then click Build -> Build Solution.<br />
<br />
This will recompile the hostname change module with your unique key.<br />
<br />
Now navigate to "FOG Service\src\FOG_HostNameChanger\bin\Release"<br />
<br />
Copy only the file HostnameChange.dll to "FOG Service\src\FOG Service\bin\Release" (overwrite existing file).<br />
<br />
Navigate to "FOG Service\src\FOG Service\"<br />
<br />
Open the solution by double-clicking "FogService.sln"<br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > FOGService properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Change the build configuration from debug to release<br />
<br />
Right click on "FOG Service Install" and click "Build"<br />
<br />
Navigate to "FOG Service\src\FOG Service Installer\Release"<br />
<br />
Select the 2 files, right-click -> Send To -> Compressed Folder<br />
<br />
Copy the .zip file to your FOG Server "/var/www/html/fog/client". Overwrite the existing file.<br />
<br />
===== Encrypting Your Password =====<br />
<br />
Now that we have changed the passkey, we need you update the FOGCrypt ini file to use this new passkey. <br />
<br />
Navigate to the FOGCrypt\etc directory from the FOG download package.<br />
<br />
Open the config.ini file and change the passkey value to your new passkey, then save the file.<br />
<br />
Now open a command window and navigate using the cd command to the FOGCrypt directory.<br />
<br />
Type:<br />
<br />
FOGCrypt [password]<br />
<br />
Where [password] is the AD user's password that has rights to the Computers section of the AD tree.<br />
<br />
The output from this command is what you will enter in the FOG management portal.<br />
<br />
<br />
=== FOG Reports ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher. <br />
<br />
==== Overview ====<br />
<br />
FOG Reports allow you to export data from FOG in two major formats including CSV, and PDF.<br />
<br />
#'''Snapin Log''' - This report will report on snapin installation history. <br />
#'''Imaging Log''' - This report will report on images deployed to hosts.<br />
#'''Virus History''' - This report lists any viruses that were found on locate computers. <br />
#'''Inventory''' - This report will report on the inventory information collect for network clients. <br />
#'''Equipment Loan''' - This report can be used for equipment loaned to staff members. <br />
#'''User Login History''' - This report contains information about user logins.<br />
<br />
==== Running Reports ====<br />
<br />
Running a report can be done from the Reports section of FOG, then by picking a report from the left-hand menu.<br />
<br />
==== Importing User Created Reports ====<br />
<br />
The reporting section of FOG allows for the end user to create and upload custom reports into FOG. A FOG report is a simple php script that is processed by the server. To import a report simply click on the '''Upload a Report''' button in the reports section, select the report then click on the upload button. The report will then show up on the left-hand menu. <br />
<br />
Please be cautious when uploading reports from an unknown source as the writer of the report has full access to the FOG system and database! Make sure your sources are trustworthy before importing a report!<br />
<br />
==== Creating Custom Report ====<br />
<br />
Custom reports are simple php scripts in FOG. Custom reports can be created based on the following template:<br />
<br />
[http://freeghost.sf.net/other/ReportTemplate.tar.gz Report Template]<br />
<br />
<br />
<br />
=== Plugins ===<br />
*[[Plugins]] give FOG extra functionality wanted for some users but not all.<br />
<br />
=== Other Settings ===<br />
<br />
==== [[Boot Image Key Map]] ====<br />
<br />
==== FOG Client Kernel ====<br />
<br />
===== Overview =====<br />
<br />
In FOG, there aren't really drivers you need to find and download for your clients to work, this is because we ship a Linux kernel that has the majority of hardware device built into it. What this means is if you have a device that doesn't work with FOG you need to either build a new kernel yourself or try a newer kernel that has been released via our kernel updater.<br />
<br />
<br />
===== Kernel Types =====<br />
<br />
We currently build two "lines" of kernels, one called KS or KitchenSink. This kernel tries to include drivers for as many devices as possible, sometimes as the cost of performance, and this is the kernel that we ship with FOG by default. The other "line" is the PS kernel or the Peter Sykes kernel, which is a based on a config submitted by a user. This kernel line tries to be faster, but may not include as many drivers as the KS kernel. <br />
<br />
===== Updating the Kernel =====<br />
<br />
It is possible to update your client kernel from within the UI of FOG. To do this perform the following steps:<br />
<br />
#Log into the FOG Management UI.<br />
#Go to '''Other Information'''<br />
#Select '''Kernel Updates'''<br />
#Select the Kernel you would like to download, typically the newest kernels are on the top of the list.<br />
#Click the download icon<br />
#Select a file name for your kernel, to make it the default kernel leave the name as '''bzImage'''<br />
#Click the '''Next''' Button<br />
<br />
=== Mobile Management Interface ===<br />
<br />
==== Overview ====<br />
<br />
The FOG Mobile web interface is a very basic, stripped down interface for FOG. It is designed to be given to lower level technicians using low powered, mobile devices such as iPod touches, iPhone, PDAs, and internet tablets. The idea behind this interface is to make it easy for techs to re-image a computer while making the rounds at a site.<br />
<br />
==== Using the mobile Interface ====<br />
<br />
The mobile interface can be access via:<br />
<br />
http://x.x.x.x/fog/mobile<br />
<br />
The portal requires a valid user name in password, which can be created via the FOG portal. <br />
<br />
[[Image:Ipod login.JPG]]<br />
<br />
Once logged into the portal, users can search for hosts and image them, and view/cancel active tasks. <br />
<br />
[[Image:Ipod results.JPG]]<br />
<br />
[[Image:Ipod active.JPG]]<br />
<br />
They can not change image associations, nor modify any properties of a host.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Plugins&diff=12658Plugins2022-10-27T04:40:47Z<p>SebastianRoth: /* Enabling Plugins */</p>
<hr />
<div>Plugins add more functionality to FOG. <br />
== Enabling Plugins ==<br />
<br />
See: https://docs.fogproject.org/en/latest/management/plugins/plugin-management.html<br />
<br />
==LDAP Plugin==<br />
* FOG v1.3.0+<br />
* Allows you to link with a LDAP server to add an user validation<br />
* You can add mulitple LDAP servers<br />
* You can config the DN base and the port of the LDAP Server<br />
* If FOG can not connect with the LDAP Server, FOG tries to do a local validation<br />
* If the user does not exist, FOG create one with the mobile profile<br />
<br />
*[[File:Add_new_LDAP-Server.jpeg]]<br />
*[[File:ListAllLDAP_Servers.jpeg]]<br />
*[[File:LDAP_Plugin_HomePage.jpeg]]<br />
<br />
==Location Plugin==<br />
* Allows you to direct hosts at separate locations and manage through a centralized server<br />
* Hosts will be imaged from their location setup, rather than trying to pull from a random node/server across, potentially, WAN links<br />
* Same works for "Tftp" in that it will direct the host to get it's kernel and init from it's related location<br />
* Can also be used to direct the host to download it's snapins from the relevant location<br />
* See also [[Location Plugin]]<br />
<br />
==Access Control Plugin==<br />
NOTE: While initially implemented, this plugin has been deprecated and removed from the core plugins list due to many complexities in implementation.<br />
<br />
<br />
* <span style="background-color:RED; padding: 1px"> '''NOT Currently ready''' </span><br />
* To give a layer of security and control over the task and imaging processes as well as limit the GUI items from "designated" controls<br />
* For Example: IT vs. Regular User<br />
<br />
==Capone Plugin==<br />
*Capone is a plugin for FOG that allows you to image a computer based on DMI/Hardware information without having to register it with the FOG server. This module was originally written for a HP computer warranty service center in the UK. They wanted to be able to restore a computer's image just by plugging it into the network and PXE booting the machine, without any user intervention. This module is great for repair shops and places where you don't need FOG to manage the computer after it is imaged. This is our attempt at pushing FOG into the service/repair sector. <br />
* In FOG terms a "Quick Image" without any registration<br />
* <span style="background-color:YELLOW; padding: 1px"> '''Obsolete''' </span> As of FOG v1.3.0-r2651 the fog user can now add Quick Image to the Fog iPXE Menu(For All Hosts) and then select the exact image desired without having to do any registration. BUT intervention is still required to start imaging.<br />
*[[Plugins: Capone]]<br />
<br />
==WOL Broadcast Plugin==<br />
* Allowing the Fog user to specify different broadcast address on your network<br />
* WOL will use those set values to send the WOL Packets to the broadcast addresses, rather than staying only on layer 2<br />
<br />
==Example Plugin==<br />
* If you would like to create your own plugins here is a template to follow.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Build_TomElliott_Kernel&diff=12654Build TomElliott Kernel2021-12-12T22:11:31Z<p>SebastianRoth: Replaced content with "Moved to the official docs, see here: https://docs.fogproject.org/en/latest/reference/compile_fos_kernel.html"</p>
<hr />
<div>Moved to the official docs, see here: https://docs.fogproject.org/en/latest/reference/compile_fos_kernel.html</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=IPXE&diff=12652IPXE2021-11-14T21:46:38Z<p>SebastianRoth: /* Compile */</p>
<hr />
<div><br />
== What is PXE? ==<br />
=== Abbreviation Means ===<br />
Preboot Execution Environment (PXE)<br />
=== Alternate Resources ===<br />
A good resource to use to gain a great understand of exactly what PXE is would be to click [http://docs.oracle.com/cd/E24628_01/em.121/e27046/appdx_pxeboot.htm Understanding PXE Booting]<br />
=== Summary ===<br />
The PXE protocol is, approximately, a combination of DHCP and TFTP working together to provide a boot environment over networking means. Subtle modifications to both DHCP and TFTP during the PXE Boot environment are made. DHCP is used to locate the appropriate boot server. TFTP is used to download the initial bootstrap program and/or additional files as needed.<br />
<br />
To initiate a PXE bootstrap session the PXE firmware broadcasts a DHCPDISCOVER packet extended with PXE-specific options (extended DHCPDISCOVER) to port 67/UDP (DHCP server port). The PXE options identify the firmware as capable of PXE, but they will be ignored by standard DHCP servers. If the firmware receives DHCPOFFERs from such servers, it may configure itself by requesting one of the offered configurations.<br />
<br />
These are normally portrayed with:<br />
==== Linux DHCP (ISC|DHCP|DHCP3) ====<br />
===== Server Location =====<br />
<pre>next-server</pre><br />
===== File to Download =====<br />
<pre>filename "<FILENAME TO RECIEVE>"</pre><br />
==== Windows DHCP/AD ====<br />
===== Server Location =====<br />
<pre>Option 66</pre><br />
===== File to Download =====<br />
<pre>Option 67</pre><br />
==== DNSMasq/proxyDHCP ====<br />
Item's in reference are bolded to help standout. The 3 fields are not needed, just used here to represent typical usage. You can set dhcp-boot with only one field (the boot filename) or two (bootfilename and server).<br />
===== Server Location =====<br />
dhcp-boot=pxelinux.0,'''fogserver''','''10.0.0.10'''<br />
<br />
===== File to Download =====<br />
dhcp-boot='''pxelinux.0''',fogserver,10.0.0.10<br />
<br />
== What is iPXE? ==<br />
Formerly gPXE project, iPXE is an open source PXE implementation and bootloader. It can be used to enable computers without built-in PXE support to boot from the network, or to extend an existing PXE implementation with support for additional protocols. While traditional PXE clients use TFTP to transfer data, iPXE adds the ability to retrieve data through other protocols like HTTP, iSCSI, ATA over Ethernet (AoE), and Fibre Channel over Ethernet (FCoE), and can work with Wi-Fi rather than requiring a wired connection.<br />
<br />
<ul><li>YES, (technically) wireless imaging is supported but largely untested due to the absence in most BIOS setups.</ul><br />
<br />
== What are the differences between the different PXE files? ==<br />
=== Filenames ===<br />
* ipxe has drivers native to the ipxe project. Those drivers are handled from the iPXE developers.<br />
* undionly uses the "undi" stack made by the manufacturer of the NIC. <br />
Universal Network Device Interface (UNDI) is an application programming interface (API) for network interface cards (NIC) used by the Preboot Execution Environment (PXE) protocol.<br />
<br />
When chainloading iPXE from PXE, iPXE can use this API (instead of loading a hardware driver). This way, you're getting support for network controllers that are not natively supported by iPXE. Some network controllers have improved performance when using the UNDI driver over the vendor specific iPXE driver.<br />
<br />
To use the UNDI driver, select the UNDI driver (undionly) when generating the iPXE ROM. (e.g. make bin/undionly.kpxe EMBED=embedscriptname)<br />
[http://etherboot.org/wiki/pxechaining Reference without edits here.]<br />
=== Extensions ===<br />
More info can be referenced here: [http://etherboot.org/wiki/gpxe_imagetypes]<br />
# .pxe is an image designed to be chain loaded, unloading both the underlying PXE and UNDI code sections. This is ultimately the goal, but there's not enough information to allow this to actually work flawlessly every time. It uses, purely, the drivers from the iPXE information. One of the benefits is the codebase for the drivers are handled by the iPXE developers. So, in theory and given enough time, all NICs could potentially be supported.<br />
#* .pxe is an image designed to be chain loaded, unloading both the underlying PXE and UNDI code sections. [http://etherboot.org/wiki/gpxe_imagetypes etherboot.org]<br />
# .kpxe unloads just the pxe stack and is the normal file we want in use as it seems to be the best between pxe/chaining I can find without flashing roms.<br />
#* .kpxe is a PXE image that keeps UNDI loaded and unloads PXE [http://etherboot.org/wiki/gpxe_imagetypes etherboot.org]<br />
# .kkpxe keeps both undi and pxe stacks in place. kkpxe works best for buggy hardware. Only recommended if you're having weird issues with the undionly.kpxe<br />
#* .kkpxe is a PXE image that keeps PXE+UNDI loaded and return to PXE (instead of int 18h). From [http://www.etherboot.org/wiki/soc/2008/stefanha/journal/week8 here] [http://etherboot.org/wiki/gpxe_imagetypes etherboot.org]<br />
# .kkkpxe is only used to generate the ipxelinux.0 file. This is only used in conjunction with the syslinux project. When gpxe was the developed software of this type the file was called gpxelinux.0 which can usually be built with modern syslinux.<br />
<br />
More information on this can be found on the ipxe forum thread located [http://forum.ipxe.org/showthread.php?tid=6989 here.]<br />
<br />
== Undi and iPXE Stack ==<br />
More information on differences and when to use are located [http://forum.ipxe.org/showthread.php?tid=6989 here.]<br />
The UNDI driver is a generic driver that works on network cards that have a vendor UNDI ROM. The ROM contains driver code that is supposed to conform to the PXE/UNDI specification. iPXE can load the UNDI driver and use it instead of a native driver.<br />
<br />
Depending on the iPXE image type, UNDI support works as follows:<br />
<br />
* undionly.kpxe is loaded from a vendor PXE stack and uses UNDI on the network card that it was booted from.<br />
<br />
* All-driver (ipxe) or undi images can load the UNDI for PCI network cards. The network boot ROM must be enabled in the BIOS in order for the UNDI ROM to be visible to iPXE. Note that only the first network card is supported with UNDI since multiple instances of UNDI is unreliable and cannot be supported.<br />
<br />
==== Why write native drivers if UNDI works with every network card? ====<br />
* iPXE is an open source PXE stack and provides UNDI services. iPXE cannot be used as an option ROM without a native driver.<br />
<br />
* UNDI is slow because iPXE must switch CPU modes when calling it.<br />
<br />
* UNDI ROMs can be buggy or violate the PXE specification. Native drivers are known to work with iPXE and can be fixed if there is a bug since they are part of the iPXE codebase.<br />
<br />
* Enabling the network boot ROM in the BIOS is not always possible or desirable.<br />
----<br />
<br />
<br />
== STP/Portfast/RSTP/MSTP To Enable or Disable? ==<br />
<br />
===STP=== <br />
*What is STP? <br />
**The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.<br />
<br />
===Port Fast===<br />
*What is Portfast?<br />
**The time Spanning Tree Protocol (STP) takes to transition ports over to the Forwarding state can cause problems. PortFast is a Cisco network function which can be configured to resolve this problem. This factor of time is not an issue for many people, but it can cause problems for some. (i.e. Fog imaging) You may see this issue is with Pre-Boot Execution (PXE) devices, such as Windows Deployment Services. PortFast is the solution to this problem of delays when client computers are connecting to switches. PortFast is not enabled by default. With PortFast enabled on a port, you effectively take the port and tell spanning tree not to implement STP on that port.<br />
<br />
===RSTP===<br />
*What is Rapid STP(RSTP)?<br />
**The 802.1D Spanning Tree Protocol (STP) standard was designed at a time when the recovery of connectivity after an outage within a minute or so was considered adequate performance. With the advent of Layer 3 switching in LAN environments, bridging now competes with routed solutions where protocols, such as Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP), are able to provide an alternate path in less time. Cisco enhanced the original 802.1D specification with features such as Uplink Fast, Backbone Fast, and Port Fast to speed up the convergence time of a bridged network. The drawback is that these mechanisms are proprietary and need additional configuration. Rapid Spanning Tree Protocol (RSTP; IEEE 802.1w) can be seen as an evolution of the 802.1D standard more than a revolution. The 802.1D terminology remains primarily the same. Most parameters have been left unchanged so users familiar with 802.1D can rapidly configure the new protocol comfortably. In most cases, RSTP performs better than proprietary extensions of Cisco without any additional configuration. 802.1w can also revert back to 802.1D in order to interoperate with legacy bridges on a per-port basis. This drops the benefits it introduces.<br />
<br />
===MSTP===<br />
*What is Multiple STP (MSTP)?<br />
** The Multiple Spanning Tree Protocol (MSTP), originally defined in IEEE 802.1s and later merged into IEEE 802.1Q-2005, defines an extension to RSTP to further develop the usefulness of virtual LANs (VLANs). This Multiple Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each Spanning Tree. If there is only one Virtual LAN (VLAN) in the network, single (traditional) STP works appropriately. If the network contains more than one VLAN, the logical network configured by single STP would work, but it is possible to make better use of the alternate paths available by using an alternate spanning tree for different VLANs or groups of VLANs.<br />
<br />
===What do I enable and disable?===<br />
*If you don't need STP all these options should be disabled already and nothing should need to be done. ('''DISABLE ALL''')<br />
*If you have to use STP, to get (ipxe/dhcp) Fog (v1.x.x) working correctly you will need to ''ENABLE PORTFAST'' '''OR''' ''ENABLE RSTP''.<br />
*Currently MSTP is untested with Fog but may be useful for networks with multiple VLANS.<br />
<br />
===More information on Spanning Tree Protocol===<br />
http://en.wikipedia.org/wiki/Spanning_Tree_Protocol#Multiple_Spanning_Tree_Protocol<br />
<br />
<br />
<br />
==Compile==<br />
Moved to the official docs, see here: https://docs.fogproject.org/en/latest/reference/compile_ipxe_binaries.html<br />
<br />
== rom-o-matic.eu ==<br />
Instead of compiling iPXE on your own machine you can use the online service at https://rom-o-matic.eu/ if you don't want to be bothered with installing compiler toolchain.<br />
<br />
Click "Advanced, for experienced users" to get the full options! Then choose an output format (undionly.kpxe would be "PXE bootstrap loader image [keep PXE stack method 1] (.kpxe)" plus NIC type "undionly". See the following listing for options we have included in the official FOG iPXE binaries.<br />
<br />
As well you might want to add our embedded script. The most current version you can find in the git ([https://github.com/FOGProject/fogproject/blob/dev-branch/src/ipxe/src/ipxescript BIOS]/[https://github.com/FOGProject/fogproject/blob/dev-branch/src/ipxe/src-efi/ipxescript UEFI]) or svn ([https://sourceforge.net/p/freeghost/code/HEAD/tree/trunk/src/ipxe/src/ipxescript BIOS]/[https://sourceforge.net/p/freeghost/code/HEAD/tree/trunk/src/ipxe/src-efi/ipxescript UEFI]) repository.<br />
<br />
=== BIOS ===<br />
* ISA options (no change)<br />
* VMware options<br />
** VMWARE_SETTINGS = YES<br />
* PCIAPI options (no change)<br />
* Serial options (no change)<br />
* Timer configuration (no change)<br />
* Network protocols (no change)<br />
* PXE support<br />
** PXE_STACK = YES<br />
* Download protocols<br />
** DOWNLOAD_PROTO_HTTPS = YES<br />
** DOWNLOAD_PROTO_FTP = YES<br />
** DOWNLOAD_PROTO_NFS = YES<br />
* SAN boot protocols (no change)<br />
* HTTP extensions (no change)<br />
* Wireless Interface Options (no change)<br />
* Name resolution modules (no change)<br />
* Image types<br />
** IMAGE_PXE = YES<br />
** IMAGE_SCRIPT = YES<br />
** IMAGE_BZIMAGE = YES<br />
** IMAGE_PNM = YES<br />
** IMAGE_PNG = YES<br />
* Command-line commands to include<br />
** IWMGMT_CMD = NO<br />
** NSLOOKUP_CMD = YES<br />
** TIME_CMD = YES<br />
** DIGEST_CMD = YES<br />
** LOTEST_CMD = YES<br />
** VLAN_CMD = YES<br />
** PXE_CMD = YES<br />
** REBOOT_CMD = YES<br />
** POWEROFF_CMD = YES<br />
** IMAGE_TRUST_CMD = YES<br />
** PCI_CMD = YES<br />
** PARAM_CMD = YES<br />
** NEIGHBOUR_CMD = YES<br />
** PING_CMD = YES<br />
** CONSOLE_CMD = YES<br />
** IPSTAT_CMD = YES<br />
* ROM-specific options (no change)<br />
* Virtual network devices (no change)<br />
* Error message tables to include (no change)<br />
* Debugger options (no change)<br />
* USB configuration (no change)<br />
* Console options<br />
** CONSOLE_FRAMEBUFFER = YES<br />
* Branding options (no change)<br />
* DHCP timeout parameters (no change)<br />
* PXE Boot Server timeout parameters (no change)<br />
<br />
=== UEFI ===<br />
* ISA options (no change)<br />
* VMware options<br />
** VMWARE_SETTINGS = YES<br />
* PCIAPI options (no change)<br />
* Serial options (no change)<br />
* Timer configuration (no change)<br />
* Network protocols (no change)<br />
* PXE support ('''no change - important!''')<br />
* Download protocols<br />
** DOWNLOAD_PROTO_HTTPS = YES<br />
** DOWNLOAD_PROTO_FTP = YES<br />
** DOWNLOAD_PROTO_NFS = YES<br />
* SAN boot protocols (no change)<br />
* HTTP extensions (no change)<br />
* Wireless Interface Options (no change)<br />
* Name resolution modules (no change)<br />
* Image types<br />
** IMAGE_PNG = YES<br />
* Command-line commands to include<br />
** IWMGMT_CMD = NO<br />
** NSLOOKUP_CMD = YES<br />
** TIME_CMD = YES<br />
** DIGEST_CMD = YES<br />
** LOTEST_CMD = YES<br />
** VLAN_CMD = YES<br />
** PXE_CMD = '''NO'''<br />
** REBOOT_CMD = YES<br />
** POWEROFF_CMD = YES<br />
** IMAGE_TRUST_CMD = YES<br />
** PCI_CMD = YES<br />
** PARAM_CMD = YES<br />
** NEIGHBOUR_CMD = YES<br />
** PING_CMD = YES<br />
** CONSOLE_CMD = YES<br />
** IPSTAT_CMD = YES<br />
* ROM-specific options (no change)<br />
* Virtual network devices (no change)<br />
* Error message tables to include (no change)<br />
* Debugger options (no change)<br />
* USB configuration (no change)<br />
* Console options<br />
** CONSOLE_FRAMEBUFFER = YES<br />
* Branding options (no change)<br />
* DHCP timeout parameters (no change)<br />
* PXE Boot Server timeout parameters (no change)<br />
<br />
If you find those settings are causing trouble for you or don't match what you have online then please let us know in the forums!</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Installation&diff=12647Installation2021-05-19T12:23:29Z<p>SebastianRoth: /* LXC */</p>
<hr />
<div>== Requirements ==<br />
Before diving right into the installation of FOG you need to decide which server OS you are going to use. FOG is made to install on RedHat based distro CentOS, Fedora, RHEL amongst others as well as Debian, Ubuntu and Arch Linux. Choose whichever you like most and have knowledge about! FOG is known to work with any of the above noted systems. Many [[Installation#Installation_manuals|installation manuals]] are available.<br />
<br />
This listing is for informational purposes only, as the required components will be automatically downloaded and installed by the FOG installation script: PHP 5/7, MySql 5+/MariaDB 10+, Apache 2+, DHCP (pretty much any!), TFTP, FTP, NFS<br />
<br />
The LAMP setup can also be easily adjusted for a "WAMP (Windows Apache MySQL PHP) system" though will require a bit more knowledge of what packages to use and how to integrate with the FOG system.<br />
<br />
Please choose the distribution you have the most knowledge about, but the below list has the best support in FOG 1.3.0 right now. This list is by no means an absolute list to follow, though.<br />
<br />
* Ubuntu 16 or higher<br />
<br />
* Debian 8 or higher<br />
<br />
* CentOS 7 or higher<br />
<br />
* Red Hat 6 or higher<br />
<br />
* Fedora 22 or higher<br />
<br />
* Any version of Arch.<br />
<br />
== Download FOG ==<br />
Please see: [[Getting_FOG]]<br />
<br />
== Installer ==<br />
The FOG installer comes as a complex shell script that will handle all the package installs and configuring the services for you. It must be run as root (sudo works as well) to be able to set things up properly. Running the installer on a new system for the first time it will ask you a couple of questions regarding your network configuration and services you want to install.<br />
<br />
=== Modes ===<br />
FOG can be installed in two different modes. First is the normal FOG server which does all of the work. Choose this option if you only want have a single FOG server in your network. The second option is to install a FOG storage node which will serve as a second place to store images on and serve images to more clients (when doing unicast). [[InstallationModes|Here]] you can find some more information about the two modes.<br />
<br />
FOG Server installation modes:<br />
* Normal Server: (Choice N) <br />
This is the typical installation type and<br />
will install all FOG components for you on this<br />
machine. Pick this option if you are unsure what to pick.<br />
<br />
* Storage Node: (Choice S)<br />
This install mode will only install the software required<br />
to make this server act as a node in a storage group<br />
<br />
=== Command line options ===<br />
The FOG installer has quite a few command line options. See the output below. You might want force FOG to setup the web interface via HTTPS, change the default PXE boot file or web root directory.<br />
<br />
./installfog.sh --help<br />
Usage: ./installfog.sh [-h?dEUuHSCKYXTFA] [-f <filename>] [-N <databasename>]<br />
[-D </directory/to/document/root/>] [-c <ssl-path>]<br />
[-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>]<br />
[-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>]<br />
-h -? --help Display this info<br />
-o --oldcopy Copy back old data<br />
-d --no-defaults Don't guess defaults<br />
-U --no-upgrade Don't attempt to upgrade<br />
-H --no-htmldoc No htmldoc, means no PDFs<br />
-S --force-https Force HTTPS for all comunication<br />
-C --recreate-CA Recreate the CA Keys<br />
-K --recreate-keys Recreate the SSL Keys<br />
-Y -y --autoaccept Auto accept defaults and install<br />
-f --file Use different update file<br />
-c --ssl-path Specify the ssl path<br />
defaults to /opt/fog/snapins/ssl<br />
-D --docroot Specify the Apache Docroot for fog<br />
defaults to OS DocumentRoot<br />
-W --webroot Specify the web root url want fog to use<br />
(E.G. http://127.0.0.1/fog,<br />
http://127.0.0.1/)<br />
Defaults to /fog/<br />
-B --backuppath Specify the backup path<br />
--uninstall Uninstall FOG<br />
-s --startrange DHCP Start range<br />
-e --endrange DHCP End range<br />
-b --bootfile DHCP Boot file<br />
-E --no-exportbuild Skip building nfs file<br />
-X --exitFail Do not exit if item fails<br />
-T --no-tftpbuild Do not rebuild the tftpd config file<br />
-F --no-vhost Do not overwrite vhost file<br />
-A --arm-support Install kernel and initrd for ARM platforms<br />
<br />
=== .fogsettings ===<br />
<br />
Full article on the .fogsettings file can be found here: [[.fogsettings]]<br />
<br />
=== Backups ===<br />
TBD<br />
<br />
=== Errorlog ===<br />
TBD<br />
<br />
== Installation manuals ==<br />
=== CentOS ===<br />
[[CentOS 7| CentOS 7]], <br />
[[Installation on CentOS 6.4|CentOS 6.4]] (CentOS 6.5 also works), <br />
[[Installation on CentOS 5.3|CentOS 5.3]] (CentOS 5.4 & 5.5 also covered)<br />
<br />
<br />
=== Debian ===<br />
[[Debian 8]],<br />
[[Installation on Debian Lenny|Debian Wheezy]], <br />
[[Installation on Debian Lenny|Debian Squeeze]], <br />
[[Installation on Debian Lenny|Debian Lenny]]<br />
<br />
=== Fedora ===<br />
[[Fedora 25 Server]],<br />
[[Fedora 24 Server]],<br />
[[Fedora 23 Server]], <br />
[[Fedora_21_Server|Fedora 21 Server]], <br />
[[Installation on Fedora 13|Fedora 13]], <br />
[[Installation on Fedora 8| Fedora 8]],<br />
<br />
=== RHEL ===<br />
TBA<br />
<br />
<br />
=== Ubuntu ===<br />
[[Ubuntu 16.04]]<br />
(<font color="red">obsolete, just for the archive:</font> [[Ubuntu 14.04]], <br />
[[Ubuntu 12.04|Ubuntu 13.10]], <br />
[[Ubuntu 12.04|Ubuntu 13.04]], <br />
[[Ubuntu 12.04|Ubuntu 12.10]], <br />
[[Ubuntu 12.04]], <br />
[[Ubuntu 11.04]], <br />
[[Ubuntu 10.10]], <br />
[[Ubuntu 10.04|Ubuntu 10.04]], <br />
[[Ubuntu 9.04|Ubuntu 9.04]], <br />
Ubuntu 8.10, <br />
Ubuntu 8.04, <br />
[[Installation on 7.10|Ubuntu 7.10]])<br />
<br />
== Virtualization ==<br />
FOG can be used on bare metal as well as in most virtual server and client setups. Some of the virtualization techniques are really great when used with FOG, e.g. snapshots. Some people use virtualization to prepare and capture their "golden (master / reference) images" all on one central location/server. Again like with the server OS we don't prefer any of the following or others that are out there. This is only a collection of hints and tricks plus maybe issues we know about.<br />
<br />
=== Hyper-V ===<br />
<br />
'''Using the New VM Wizard:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Create VM Wizard > Installation Options: Select "Install an operating system from network-based installation server"<br />
<br />
<br />
'''Existing VM:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Right click VM > Settings > BIOS<br />
<br />
Move "Network Adapter" (sometimes labeled "Legacy Network Adapter") to the top of the boot order.<br />
<br />
<br />
'''UEFI:'''<br />
<br />
UEFI/Secure Boot is an option with Hyper-V on Server 2012 on Generation 2 VMs. It is enabled by default, and can be disabled in VM Settings -> Firmware: Uncheck secure boot.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== KVM/QEMU ===<br />
Can be used as kind of a lightweight desktop virtual environment to test FOG and master your images.<br />
Using this on the laptop as local test environment. Search forums and wiki but there is no valuable information about anyone using FOG on a KVM server. Asked user mxc as he seams to use it. Otherwise this will be a brief description on how to use this as I do it.<br />
<br />
# setup network tap device as kind of a local software switch to connect it all<br />
sudo tunctl -t tap0 -u <username><br />
sudo ifconfig tap0 x.x.x.x netmask 255.255.255.0 up<br />
<br />
# generate disk image file<br />
qemu-img create -f qcow2 hd.qcow2 10G<br />
<br />
# start VM using QEMU emulator (BIOS mode)<br />
qemu -m 512 -boot n -net nic,vlan=1 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM using real KVM virtualization (BIOS mode)<br />
kvm -m 512 -boot n -net nic,vlan=1,macaddr=00:00:00:00:00:05 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM as UEFI machine - as well using the more modern '-netdev' parameter<br />
kvm -m 512 -boot n -bios /usr/share/ovmf/OVMF.fd -device virtio-net-pci,netdev=hn0 -netdev tap,id=hn0,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
=== OpenVZ ===<br />
OpenVZ (possibly within Proxmox) is mostly used to run the FOG server in a light weight kind of virtual environment. As OpenVZ is in nature similar to a chrooted environment you cannot actually PXE boot such a container. To install FOG as a server in OpenVZ you need to have NFS support on the host machine first and then add it to the container as well:<br />
<br />
$ lsmod | grep nfsd<br />
nfsd 312315 14<br />
$ grep nfsd /proc/filesystems<br />
nodev nfsd<br />
<br />
If you don't see the kernel module ''nfsd'' loaded you might need to install the nfs-kernel-server package and load the module (usually done by the nfs-kernel-server init script). As mentioned before you need to enable access to ''nfsd'' from within the container you want to install FOG to:<br />
<br />
$ vzctl stop $CONTAINER_ID<br />
$ vzctl set $CONTAINER_ID --feature nfsd:on --save<br />
$ vzctl start $CONTAINER_ID<br />
<br />
After that the installer should run through like it would installing on bare metal or any other virtual environment!<br />
<br />
'''Wake on LAN:'''<br />
<br />
To be able to send WOL and multicast packages the container needs a proper MAC address. This is only the case if you configure the container to use a network bridge (veth instead of venet!).<br />
<br />
=== LXC ===<br />
One of the main things is to get NFS to work within LXC containers. While it used to be easy in Proxmox newer versions make it more complicated.<br />
<br />
Proxmox 6.x: https://forums.fogproject.org/topic/15176/fog-server-in-lxc-container-under-proxmox-6<br />
<br />
Proxmox 5.x: An update (around 23th of October 2018) broke NFS in LXC containers. Find a fix here: https://forum.proxmox.com/threads/mounting-nfs-in-lxc-not-working-since-latest-update.47815/<br />
<br />
Proxmox 4.x: https://forums.fogproject.org/topic/7978/fog-in-lxc-container-how-to-configure-nfs-server<br />
<br />
=== VirtualBox ===<br />
Bridged network or host only.<br />
<br />
Most versions seem to suffer from a bug where iPXE would only be able to get an IP from the DHCP if started cold (vs. reboot).<br />
<br />
This can be fixed by changing the iPXE binary from <code>undionly.kkpxe</code> to <code>ipxe.pxe</code> in the DHCP server config.<br />
<br />
=== VMWare ESXi ===<br />
Running a FOG client within an ESXi server is pretty close to what you would do on a bare metal machine:<br />
<br />
* Create VM as normal.<br />
* Choose network adapter other than VMX3 (e.g. e1000) as we have seen [https://forums.fogproject.org/topic/7108/fog-bzimage-failing-to-load-after-pxe-boot loading issues] with those virtual adapters.<br />
* Open VM Console, start up the VM. Press F2 on Boot Logo to enter BIOS.<br />
* Scroll over to boot tab, use + key to move Network boot to the top of the boot order.<br />
<br />
You can also do an on-demand network boot by hitting F9 on startup, if you don’t want to change the boot order permanently.<br />
<br />
'''UEFI:'''<br />
<br />
UEFI is disabled by default for VMs in ESXI 6.0+. To enable it for a VM, go to VM Settings > Options Tab > Advanced: Boot Options and change the boot firmware from BIOS to EFI.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== VMWare Player ===<br />
Is this still in use?? Don't care if there is nothing about it in wiki or forums!<br />
<br />
=== Xen/XenServer ===<br />
See forums<br />
<br />
* [[Running pre-built virtual machines in Virtualbox|FOG 0.30 VM - Virtualbox]]<br />
* [[Installation on VMWare 0.27|FOG 0.27 VM - VMWare]]<br />
<br />
== Security ==<br />
<br />
[[FOG security]]<br />
<br />
== Troubleshooting ==<br />
IMPORTANT, what to do when the installer fails? Where are the logs?<br />
<br />
{{:Troubleshoot FOG}}</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=WorkingDevices&diff=12646WorkingDevices2021-05-12T08:22:38Z<p>SebastianRoth: /* USB Ethernet Adapters */</p>
<hr />
<div>== Devices that are known/tested to work with FOG Imaging solution. ==<br />
<br />
<br />
<span style="background-color:RED; color:white;">If you have a device that is known to work with FOG, please post it [https://forums.fogproject.org/topic/2987/hardware-currently-working-with-fog-v1-x-x <span style="color:pink">HERE</span>].</span><br />
<br />
<br />
We would like to thank for following manufacturers for sending devices to us to verify their devices will function with FOG:<br />
<br />
* [http://www.bytespeed.com ByteSpeed Computers]<br />
<br />
There have been '''many''' modifications to Fog since Fog v0.32. On ''rare'' occasions there have been a report of machines not working with Fog v1.x.x but work perfectly with Fog 0.32. If you see a &#10004; in the column for Fog 1.x.x+ it means this Make/Model computer has been tested and confirmed working for Fog v1.x.x. If a &#10006; is in the column for "Fog 1.x.x+", this means this Make/Model computer has been tested but fails although it may work in ''Fog 0.32-'' (rare) . Also, a second column has been added to include the iPXE file used to boot to the Fog Menu. This iPXE is the same file for Option 67 for your DHCP server. <br />
<br />
What is iPXE and the difference between the files? Check out the [[iPXE]] page.<br />
<br />
=== Devices ===<br />
<br />
{| class="wikitable sortable" border="1" cellspacing="0" cellpadding="3"<br />
|-<br />
! Manufacturer !! Model !! Fog 1.x.x+ !! Kernel Version !! iPXE!! Date !! Notes<br />
|-<br />
| Acer || Aspire One D150-1920 || -- || -- || -- || -- || <br />
|-<br />
| Acer || AspireOne AOA150 || -- || -- || -- || -- || <br />
|-<br />
| Acer || Aspire One D250 || -- || -- || -- || -- || Must use Multiple Partition Image - Single Disk (Not resizable)<br />
|-<br />
| Acer || Aspire 1520 || -- || Kernel 2.6.24-ks || -- || -- || Requires kernel argument vga=6 to have a working display<br />
|-<br />
| Acer || Aspire 5310 || -- || -- || -- || -- || <br />
|-<br />
| Acer || Aspire 5315 || -- || -- || -- || -- || <br />
|-<br />
| Acer || Aspire 5670 Series || -- || -- || -- || -- || <br />
|-<br />
| Acer || Aspire 5735 || -- || -- || -- || -- || <br />
|-<br />
| Acer || Aspire 5920 || -- || -- || -- || -- || <br />
|-<br />
| Acer || Aspire 5920G || -- || -- || -- || -- || <br />
|-<br />
| Acer || Aspire 6930G || -- || -- || -- || -- || <br />
|-<br />
| Acer || Iconia Tab W500 || &#10006; || -- || -- || 2014-10-29 || Does not work at this point in time. This is a "Tablet PC" (Screen is detachable from keyboard) Fog does not support Tablet "like" devices at this point. [http://www.cnet.com/products/acer-w500-bz467/ cNet Review]<br />
|-<br />
| Acer || L460 Series || -- || -- || -- || -- || <br />
|-<br />
| Acer || TravelMate 270 Series || -- || -- || -- || -- || <br />
|-<br />
| Acer || TravelMate 290 Series || -- || -- || -- || -- || <br />
|-<br />
| Acer || TravelMate 530 Series || -- || -- || -- || -- || <br />
|-<br />
| Acer || TravelMate 6592 || -- || -- || -- || -- || <br />
|-<br />
| Acer || TravelMate 6410 || -- || -- || -- || -- || <br />
|-<br />
| Acer || TravelMate 7530 || -- || 0.28 || -- || 2009-11-17 || South bridge ATI/AMD SB700. Cannot access SATA hard drive with kernel 0.27 and probably older ones. Use kernel 0.28<br />
|-<br />
| Acer || Veriton L410 || -- || -- || -- || -- || <br />
|-<br />
| Acer || Veriton L6610G || -- || -- || -- || 2011-08-03 || Enable LAN Boot in BIOS: Advanced > Integrated Peripherals > Onboard LAN Option Rom<br />
|-<br />
| Acer || Veriton M410 || -- || -- || -- || -- || Requires kernel args: acpi=force or acpi=off See the following forum post [https://sourceforge.net/projects/freeghost/forums/forum/716419/topic/3441761]<br />
|-<br />
| Acer || Veriton M480G|| -- || Kernel 2.6.35.3-PS || -- || 2011-03-23 || <br />
|-<br />
| Acer || Veriton X680B || -- || -- || -- || -- || Works with: Kernel-2.6.35.7<br />
|-<br />
| Aopen || MP57-D || -- || FOG 0.32 || -- || 2012-02-29 || Enable PXE in BIOS<br />
|-<br />
| Aopen || DE57-HA || -- || FOG 0.32 || -- || 2012-02-29 || Enable PXE in BIOS<br />
|-<br />
| Asus || L3800 || -- || -- || -- || -- || <br />
|-<br />
| Asus || L4R (Ergo Ensis L4500R) || -- || -- || -- || -- || Buggy PXE - will boot roughly 1 out of 5 tries. gPXE works fine. tested with FOG 0.28<br />
|-<br />
| Asus || EEE Top ET1601 || -- || -- || -- || -- || Requires PS Kernel<br />
|-<br />
| Asus || EEE Box B202 || -- || -- || -- || -- || <br />
|-<br />
| Asus || EEE Box EB1007 || -- || FOG 0.29 || -- || 2012-05-01 || Change BIOS, AHCI -> IDE<br />
|-<br />
| Asus || EEE Box EB1012P || -- || FOG 0.29 || -- || 2012-05-22 || Change BIOS, AHCI -> IDE, Crucial SSD<br />
|-<br />
| Asus || EEE Box EB1033 || -- || FOG 0.29 || -- || 2013-03-11 || Change BIOS, AHCI -> IDE, Crucial SSD<br />
|-<br />
| Asus || EeePC 701 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Asus || EeePC 901 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Asus || EeePC 1000HE || -- || FOG 0.29 || -- || -- || <br />
|-<br />
| Asus || EeePC 1005PE || -- || FOG 0.29 || -- || -- || <br />
|-<br />
| Asus || EeePC 1016PT || -- || FOG 0.29 || -- || -- || <br />
|-<br />
| Asus || G1S || -- || FOG 0.29 || -- || -- || <br />
|-<br />
| Asus || Z91E (Ergo Ensis S Z9100E) || -- || -- || -- || -- || Works fine with FOG 0.28<br />
|-<br />
| Boxx || 7500 series || -- || FOG 0.29 || -- || 2011-03-03 || works with FOG 0.29, both Tyan and SuperMicro mobo versions<br />
|-<br />
| ByteSpeed || 10" N450 || -- || Core (2.6.36.1) || -- || -- || Works with 'Core' Kernel<br />
|-<br />
| Compaq || Armada 1700 || -- || FOG 0.29 || -- || 2010-11-08 || Using PCMCIA Cardbus NICs under Ubuntu 10.x. See "Known issues" under Ubuntu.<br />
|-<br />
| Compaq || Armada 1750 || -- || FOG 0.29 || -- || 2010-11-08 || Using PCMCIA Cardbus NICs under Ubuntu 10.x. See "Known issues" under Ubuntu.<br />
|-<br />
| Compaq || iPAQ 777 || -- || -- || -- || -- || BIOS sees max 10GB disk.<br />
|-<br />
| Compaq || Presario SR1607FR || -- || FOG 0.32 || -- || 2012-06-06 || kernel 2-6-35-7-ks<br />
|-<br />
| Data Limited || DLI 8300 || -- || -- || -- || 2009-11-1 || Rugged<br />
|-<br />
| Dell || Dimension E510 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Dimension 2400 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Dimension 3000 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Dimension 4100 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Dimension 4600 || -- || -- || -- || -- || <br />
<br />
|-<br />
| Dell || Inspiron 1464 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Inspiron 1525 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Inspiron 1545 || -- || FOG 0.29 || -- || 2011-03-14 ||<br />
|-<br />
| Dell || Inspiron 1546 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Inspiron 3800 || -- || FOG 0.29 || -- || 2010-11-08 || Using PCMCIA Cardbus NICs under Ubuntu 10.x. See "Known issues" under Ubuntu.<br />
|-<br />
| Dell || Inspiron 4100 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Inspiron 8600 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Latitude 131L || -- || -- || -- || -- || <br />
|-<br />
| Dell || Latitude 2100 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-31 ||<br />
|-<br />
| Dell || Latitude 2110 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Latitude 2120 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Latitude 3330 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Dell || Latitude 3540 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Latitude D400 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D410 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D420 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D430 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D500 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D505 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Dell || Latitude D510 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D520 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D530 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D531 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Dell || Latitude D600 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D610 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D620 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude D630 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 ||<br />
|-<br />
| Dell || Latitude D631 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Dell || Latitude D810 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Latitude D820 || -- || 2.6.35.7 KS || -- || 2011-02-24 || <br />
|- <br />
| Dell || Latitude D830 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Dell || Latitude E3350 || &#10004; || Kernel 4.5.0 || undionly.kpxe || 2016-04-01 || Host Kernel Arguments <font color="red">pci=noacpi</font><br />
|-<br />
| Dell || Latitude E3540 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Latitude E4300 || -- || FOG 0.32 || -- || 2014-10-23 ||<br />
|-<br />
| Dell || Latitude E5330 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Latitude E5400 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Latitude E5410 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 || <br />
|-<br />
| Dell || Latitude E5420 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-16 || <br />
|-<br />
| Dell || Latitude E5430 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Latitude E5450 || &#10004; || r4384 || ipxe.efi || 2016-01-05 || <br />
|-<br />
| Dell || Latitude E5500 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Latitude E5530 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-16 || <br />
|-<br />
| Dell || Latitude E5540 || &#10004; || Default bzImage || undionly.kpxe || 2014-07-16 || <br />
|-<br />
| Dell || Latitude E6320 || -- || -- || -- || 2011-05-31 || No issues, used .39 kernel and a few below it<br />
|-<br />
| Dell || Latitude E6400 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| Dell || Latitude E6410 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| Dell || Latitude E6420 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Dell || Latitude E6430 || -- || 3.6.9 FOG.32 || -- || 1/29/2013 || Works with factory SSD (Samsung).<br />
|-<br />
| Dell || Latitude E6500 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Latitude E6510 || -- || 2.6.35.7 KS || -- || 2011-02-24 || <br />
|-<br />
| Dell || Latitude E6530 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Latitude E7420 || &#10004; || r6215 || snponly.efi for UEFI, undionly.kpxe for BIOS || 2016-02-08 || [https://forums.fogproject.org/topic/6611/kernel-for-ubuntu-64-bit/46 Reference]<br />
|-<br />
| Dell || Latitude E7440 || &#10004; || r6215 || snponly.efi for UEFI, undionly.kpxe for BIOS || 2016-02-08 || [https://forums.fogproject.org/topic/6611/kernel-for-ubuntu-64-bit/46 Reference]<br />
|-<br />
| Dell || Latitude XT || -- || -- || -- || -- || -- PC<br />
|-<br />
| Dell || Latitude XT 2 || -- || -- || -- || -- || -- PC<br />
|-<br />
| Dell || Optiplex 160 || -- || 3.2.4.core|| -- || 2012-02-15 || 0.32 works well<br />
|- <br />
| Dell || Optiplex 170L || -- || -- || -- || -- || <br />
|-<br />
| Dell || Optiplex 210L || -- || -- || -- || -- || <br />
|-<br />
| Dell || Optiplex 320 || -- || -- || -- || -- || kernel args: acpi=force irqpoll - Use Dell Bios 1.1.12<br />
|-<br />
| Dell || Optiplex 330 || -- || -- || -- || -- || <br />
|- <br />
| Dell || Optiplex 360 || -- || -- || -- || 2012-04-03 || Ubuntu 10.x w/ FOG .32<br />
|- <br />
| Dell || Optiplex 380 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 || <br />
|-<br />
| Dell || Optiplex 390 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Dell || [[Optiplex 740]] || -- || PS (2.6.28.7) || -- || -- || Problematic http://sourceforge.net/forum/forum.php?thread_id=2335674&forum_id=716419<br />
Works with 740 Enhanced with bios version 2.1.8 and 2.2.2<br />
|-<br />
| Dell || Optiplex 745 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Dell || Optiplex 755 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-16 || Update BIOS to BIOS A-22. Try using Official Kernel 3.0.1 if having trouble.<br />
|-<br />
| Dell || Optiplex 760 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-16 || If having issues with the Default Kernel please try using Official Kernel 3.0.1<br />
|-<br />
| Dell || Optiplex 780 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-16 || If having issues with the Default Kernel please try using Official Kernel 3.0.1<br />
|-<br />
| Dell || Optiplex 790 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-16 || <br />
|-<br />
| Dell || Optiplex 960 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Dell || Optiplex 980 || -- || FOG 0.28 || -- || 05/26/2011 ||Does not work with .30 We are using .30 and changed these hosts to use the .28 kernel<br />
|-<br />
| Dell || Optiplex 990 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Dell || Optiplex 3010 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-26 || <br />
|-<br />
| Dell || Optiplex 3020 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 || <br />
|-<br />
| Dell || Optiplex 7010 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Dell || Optiplex 7020 || &#10004; || Default bzImage || undionly.kpxe || 2014-12-02 ||<br />
|-<br />
| Dell || Optiplex 9020 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Dell || Optiplex GX150 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Optiplex GX200 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Optiplex GX240 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Optiplex GX260 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Optiplex GX270 || -- || Kitchen Sink (ALL) || -- || 2012-09-20 || DOES NOT work with Kernel 3.3.3.core or Kernel 3.2.4.core. DOES work with FOG 0.32 default Kernel.<br />
|-<br />
| Dell || Optiplex GX280 || -- || Kitchen Sink (ALL) || -- || 2009-01-23 || <br />
|-<br />
| Dell || Optiplex GX520 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Optiplex GX620 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || Change exit type to 'EXIT'. Otherwise, the machine with sit on a flashing cursor.<br />
|-<br />
| Dell || Optiplex SX280 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Precision 340 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Precision 350 || -- || FOG 0.29 || -- || 2011-03-14 ||<br />
|-<br />
| Dell || Precision 370 || -- || FOG 0.30 || -- || 2011-03-24 || Fog message says doesn't recognize system. Did quick inventory to get system registered. Had to reboot twice when initial capture image task didn't work. Second try went through ok. Haven't tested restore.<br />
|-<br />
| Dell || Precision 390 || -- || -- || -- || 2009-05-21 || <br />
|-<br />
| Dell || Precision 490 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Precision 650 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 ||<br />
|-<br />
| Dell || Precision T3400 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Precision T3500 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 || Multicasting has issues. Try setting up the task then unplugging the power cord and the ethernet cable. Then plug back in and boot. [http://fogproject.org/forum/threads/i-am-getting-dchp-bootp-reply-not-for-us-or-pxe-e51-no-dhcp-or-proxydhcp-offers-were-recieved.10635/#post-42294 Forum Post]<br />
|-<br />
| Dell || Precision T5400 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Precision T5500 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Dell || Precision T7500 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Dell || Precision M60 || -- || FOG 0.32 || -- || 2012-05-07 ||<br />
|-<br />
| Dell || Precision M4400 || -- || -- || -- || -- || <br />
|-<br />
| Dell || PowerEdge SC1425 || -- || 2.6.29 || -- || 2009-07-07 ||<br />
|-<br />
| Dell || PowerEdge SC1435 || -- || 2.6.29 || -- || 2009-07-07 ||<br />
|-<br />
| Dell || [[PowerEdge R200]] || -- || 2.6.28 || -- || 2009-07-07 || ** Had to roll back to FOG Kernel-2.6.28.7.PS - Kernel-2.6.29 would not load tg3 module (see possible Linux bug discussion [http://lkml.indiana.edu/hypermail/linux/kernel/0903.3/00186.html here]).<br />Also had to add "-m" option to Partimage... see [[Dell PowerEdge R200|here]] for details<br />
|-<br />
| Dell || Studio 1557/1558 (PP39L) || -- || FOG 0.32 || -- || -- || default kernel<br />
|-<br />
| Dell || Venu 8 Pro || 1.3.0 || 4.2.0-x32 || ipxe.efi 32-bit || 9-20-2015 || "Host Primary Disk" must be set to '''/dev/mmcblk0''' USB adapter used: '''USB-0301 v4''' made by LevelOne. It has a Realtek chip. [http://global.level1.com/Network-Card/USB-0301/p-3285.htm Vendor_Site]. the "Host Kernel Arguments" must have '''has_usb_nic=1''' set in it. Thread where this info comes from: [https://forums.fogproject.org/topic/5732/dell-venue-8-pro-imaging-emmc dell-venue-8-pro-imaging-emmc]<br />
|-<br />
| Dell || Vostro 200 || -- || -- || -- || -- || I needed change the SATA mode to ATA in the BIOS<br />
|-<br />
| Dell || Vostro 220 || -- || -- || -- || -- || Works with latest FOG "PS" kernel, with either BIOS setting ATA or AHCI setting<br />
|-<br />
| Dell || Vostro 220 || -- || 2.6.39.1.core || -- || 2012-02-15 || 0.32 works well<br />
|-<br />
| Dell || Vostro 230 || -- || 2.6.39.1.core || -- || 2012-02-15 || 0.32 works well<br />
|-<br />
| Dell || Vostro 260 || -- || 2.6.39.1.core || -- || 2012-02-15 || 0.32 works well<br />
|-<br />
| Dell || Vostro 320 || -- -- || -- || -- || 2010-01-31 || Sata set to Compatible in BIOS.<br />
|-<br />
| Dell || Vostro 410 || -- || 2.6.35.7 KS || -- || 2012-12-18 || "irqpoll" in kernel arguemnts<br />
|-<br />
| Dell || Vostro 460 || -- || 2.6.35.7-KS || -- || 2011-05-27 || <br />
|-<br />
| Dell || Vostro 1220 || -- || 2.6.31.1 || -- || 2009-12-06 ||<br />
|-<br />
| Dell || Vostro 1520 || -- || -- || -- || -- || Gives error "'''ide1: Unexpected interrupt, status=0xff, count=n'''" during imaging, but works anyway.<br />
|-<br />
| Dell || Vostro 1700 || -- || -- || -- || -- || <br />
|-<br />
| Dell || Vostro 1700 || -- || Kernel FOG 0.30 || -- || 2011-05-06 || Must specify /dev/sdb un web interface cause /dev/sda seems to be something else<br />
|-<br />
| Dell || Vostro 3500 || -- || -- || -- || -- || Works with this kernel Kernel - 2.6.39 Core FOG ID: 1045 Date: May 27, 2011 Version: 2.6.39 FOG Type: Core<br />
|-<br />
| Dell || Vostro v131 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Dell || XPS M1330 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Dell || XPS M1530 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Dell || XPS ONE 2710 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-17 ||<br />
|-<br />
| Dell || XPS ONE 2720 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-17 ||<br />
|-<br />
| eMachines || E520 || -- || -- || -- || -- ||<br />
|-<br />
| Fujitsu || ST5112 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Fujitsu || ST6012 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Fujitsu || T902 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Fujitsu || T4010 || -- || -- || -- || -- || <br />
|-<br />
| Fujitsu || T4215 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Fujitsu || T4220 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-03 ||<br />
|-<br />
| Fujitsu || T4410 || &#10004; || Default bzImage || undionly.kpxe || 2014-07-16 ||<br />
|-<br />
| Fujitsu || T730 || &#10004; || Default bzImage || undionly.kpxe || 2014-07-16 ||<br />
|-<br />
| Fujitsu || S710 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Fujitsu-Siemens || Esprimo Mobile U9200 || -- || -- || -- || -- || sata set to compatible in the bios<br />
|-<br />
| Fujitsu-Siemens || Esprimo Mobile V5505 || -- || -- || -- || 2009-03-13 || <br />
|-<br />
| Fujitsu-Siemens || Esprimo Mobile V5515 || -- || -- || -- || 2010-12-14 || Needs [http://www.fogproject.org/wiki/index.php?title=SiS-191_based_NIC SiS-191 NIC workaround to image]<br />
|-<br />
| Fujitsu-Siemens || Esprimo E5600 || -- || -- || -- || 2009-10-01 || <br />
|-<br />
| Fujitsu-Siemens || Esprimo P5700 || -- || -- || -- || -- || <br />
|-<br />
| Fujitsu-Siemens || Esprimo P2510 || X || -- || -- || 2014-10-29 || Does not work at this point in time<br />
|-<br />
| Fujitsu-Siemens || Esprimo P2520 || X || -- || -- || 2014-10-29 || Does not work at this point in time<br />
|-<br />
| Fujitsu-Siemens || Esprimo P2530 || -- || -- || -- || 2009-03-18 || sata set to enhanced in the bios<br />
|-<br />
| Fujitsu-Siemens || Esprimo P2560 || -- || FOG 0.32 || -- || 2012-02-29 || <br />
|-<br />
| Fujitsu-Siemens || Esprimo P3510 || -- || FOG 0.32 || -- || 2012-02-29 || <br />
|-<br />
| Fujitsu-Siemens || Scenic Edition X 102 || -- || -- || -- || -- || <br />
|-<br />
| Fujitsu-Siemens || Scenic P300 sis661|| -- || FOG 0.32 || -- || 2012-06-12 || Default kernel, model with sis based mainboard<br />
|-<br />
| Fujitsu-Siemens || Scenic P320 || -- || FOG 0.32 || -- || 2012-02-29 ||<br />
|-<br />
| Fujitsu-Siemens || Scenic C610 || -- || -- || -- || -- || <br />
|-<br />
| Gateway || E-4100 || -- || ALT || -- || -- || Requires ALT kernel with Gateway BIOS<br />
|-<br />
| Gateway || E-4300 || -- || ALT || -- || -- || Using ALT for E4100 but should work without.<br />
|-<br />
| Gateway || E-4500S || -- || Default || -- || 2011-07-05 || Had to enable Legacy mode for the Sata/IDE controller in Bios<br />
|-<br />
| Gateway || E-4610S || -- || -- || -- || -- || <br />
|-<br />
| Gateway || E295C || -- || -- || -- || -- || <br />
|-<br />
| Gateway || E155C || -- || -- || -- || -- || <br />
|-<br />
| Gateway || E265M || -- || -- || -- || -- || <br />
|-<br />
| Gateway || E275M || -- || ALT || -- || -- || Using ALT for E4100 but should work without.<br />
|-<br />
| Gateway || E460M || -- || ALT || -- || -- || Using ALT for E4100 but should work without. Requires kernel argument acpi=off <br />
|-<br />
| Gateway || E475M || -- || -- || -- || -- || <br />
|-<br />
| Gateway || MX3417 || -- || -- || -- || -- || <br />
|-<br />
| Gateway || MX6931 || -- || -- || -- || -- || <br />
|-<br />
| Gateway || MX6448 || -- || -- || -- || -- || <br />
|-<br />
| Gateway || Profile 3 || -- || -- || -- || -- || <br />
|-<br />
| Gateway || Profile 4 || -- || -- || -- || -- || Using ALT, otherwise display was scrambled for this model's GEForce MX400. Screen will take time to wake, it can make you think PXE not loading.<br />
|-<br />
| Gateway || Profile 6 || -- || -- || -- || -- || <br />
|-<br />
| HiGrade || ?L100 || -- || -- || -- || -- || <br />
|-<br />
| HP || Mini 2102 || &#10004; || Default bzImage || '''undionly.kkpxe''' || 2015-05-07 || <br />
|-<br />
| HP || Mini 2140 || -- || -- || -- || -- || <br />
|-<br />
| HP || 215 || &#10004; || Default bzImage || '''undionly.kkpxe''' || 2015-07-15 || <br />
|-<br />
| HP || 2710p || -- || Kitchen Sink (ALL) || -- || 2009-01-23 || <br />
|-<br />
| HP || 2730P || -- || Peter Sykes (ALL) || -- || 2009-01-23 || <br />
|-<br />
| HP || 3125 || -- || -- || -- || 2013-06-25 || Not compatible with Kernel 3.8.8.core<br />
|-<br />
| HP || 8510p || -- || -- || -- || -- || not tested yet with sata native enabled in bios<br />
|-<br />
| HP || Compaq 6000 Pro || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || Compaq 6005 Small || -- || 0.31 || -- || 2011-06-22 || <br />
|-<br />
| HP || Compaq 6200 Pro || -- || 0.32 || -- || 2011-08-04 || <br />
|-<br />
| HP || Compaq 6710b || &#10004; || Default bzImage || undionly.kpxe|| 2014-06-13 ||<br />
|-<br />
| HP || Compaq 6715s || -- || -- || -- || -- || <br />
|-<br />
| HP || Compaq 6715b || -- || -- || -- || -- || <br />
|-<br />
| HP || Compaq 6720s || -- || -- || -- || -- || <br />
|-<br />
| HP || Compaq 6730b || -- || -- || -- || 2009-06-10 ||<br />
|-<br />
| HP || Compaq 6735b || &#10004; || Default bzImage || undionly.kpxe|| 2014-06-13 ||<br />
|-<br />
| HP || [[HP Compaq 6910p|Compaq 6910p]] || -- || -- || -- || --||<br />
|-<br />
| HP || Compaq 8100 S || &#10004; || Default bzImage || undionly.kpxe|| 2015-04-20 ||<br />
|-<br />
| HP || Compaq 8100 V || &#10004; || Default bzImage || undionly.kpxe|| 2015-04-20 ||<br />
|-<br />
| HP || Compaq D610 || -- || 3.2.4.core || -- || 2012-02-15 || 0.32 works well<br />
|-<br />
| HP || Compaq Elite 8200 || &#10004; || Default bzImage || undionly.kpxe|| 2014-06-13 ||<br />
|-<br />
| HP || Compaq Elite 8300 || &#10004; || Default bzImage || undionly.kpxe|| 2014-06-13 ||<br />
|-<br />
| HP || Compaq Pro 6300 SFF || &#10004; || Default bzImage || undionly.kpxe|| 2015-04-20 ||<br />
|-<br />
| HP || Compaq n610c || -- || -- || -- || -- || Working with Alt or KS kernel<br />
|-<br />
| HP || Compaq NX6325 || -- || -- || -- || -- || <br />
|-<br />
| HP || Compaq NC6210 || &#10004; || Default bzImage || undionly.kpxe|| 2014-10-29 ||<br />
|-<br />
| HP || Compaq NC6220 || &#10004; || Default bzImage || undionly.kpxe|| 2014-10-29 ||<br />
|-<br />
| HP || Compaq nc6320 || -- || -- || -- || -- || <br />
|-<br />
| HP || Compaq nc6400 || -- || FOG 0.32 || -- || 2012-05-07 ||<br />
|-<br />
| HP || Compaq NC8430 || &#10004; || Default bzImage || undionly.kpxe|| 2014-10-29 ||<br />
|-<br />
| HP || Compaq nx6100 || -- || FOG 0.32 || -- || 2012-05-07 ||<br />
|-<br />
| HP || Compaq ProOne 600 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-05 || <br />
|-<br />
| HP || 550 || -- || -- || -- || -- || <br />
|-<br />
| HP || D530 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 || <br />
|-<br />
| HP || DC5100 || -- || -- || -- || -- || <br />
|-<br />
| HP || DV9620US || -- || -- || -- || 2010-05-04 || <br />
|-<br />
| HP || [[HP DC5700|DC5700]] || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || DC5750 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-17 || <br />
|-<br />
| HP || DC5800 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || DC5850 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || DC6005 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || DC7100 || -- || -- || -- || -- || <br />
|-<br />
| HP || DC7600 || -- || Kitchen Sink (ALL) || -- || 2009-01-23 || <br />
|-<br />
| HP || DC7700 || &#10004; || Default bzImage || undionly.kpxe || 2019-09-17 || <br />
|-<br />
| HP || DC7800 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || DC7900 || X || Default bzImage || undionly.kpxe || 2014-06-16 || Issues with "Loading boot sector... Booting...". Try Updating the BIOS and changing the Exit Type some have reported this to help.<br />
|-<br />
| HP || DC8200 || -- || 0.33 Beta with core 3.8.8 and 3.2.4 || -- || 2013-08-20 || Got an ioctl error but working without problems.<br />
|-<br />
| HP || 620 || -- || 3.2.4.core || -- || 2012-02-15 || 0.32 works well<br />
|-<br />
| HP || 4530s || &#10004; || Default bzImage || undionly.kpxe || 2014-06-05 || <br />
|-<br />
| HP || 4710s || &#10004; || Default bzImage || undionly.kpxe || 2014-06-05 || <br />
|-<br />
| HP || 6530b || &#10004; || Default bzImage || undionly.kpxe || 2014-06-05 || <br />
|-<br />
| HP || 8440p || &#10004; || Default bzImage || undionly.kpxe || 2014-06-05 || <br />
|-<br />
| HP || 8510p || &#10004; || Default bzImage || undionly.kpxe || 2014-06-05 || <br />
|-<br />
| HP || 8530w || &#10004; || Default bzImage || undionly.kpxe || 2014-06-05 || <br />
|-<br />
| HP || 8540w || &#10004; || Default bzImage || undionly.kpxe || 2014-06-05 || <br />
|-<br />
| HP || 6000 Pro || -- || -- || -- || 2009-12-15 || <br />
|-<br />
| HP || 6005 Pro || -- || 0.28 || -- || 15-02-2010 || Only seems to with "Multiple Partition Image - Single Disk"<br />
|-<br />
| HP || 8000 Elite || -- || -- || -- || 2010-05-17 || 0.29 Kernel - 2.6.35.7 PS, with "acpi=off irqpoll hpet=disable" kernel arguments (may work without them). Kernel 2.6.37-core panics.<br />
|-<br />
| HP || 8100 Elite || -- || -- || -- || 2010-01-18 || 0.29 Kernel - 2.6.35.7 PS otherwise poor performance.<br />
|-<br />
| HP || Compaq 8200 Elite || -- || 3.2.4.core || -- || 2012-02-15 || 0.32 works well<br />
|-<br />
| HP || DX2200MT || -- || -- || -- || 2011-07-13 || <br />
|-<br />
| HP || DX2000MT || -- || -- || -- || -- || Requires kernel args: acpi=force irqpoll, acpi=off also works. <br />
|-<br />
| HP || DX6100MT || -- || -- || -- || -- || Requires Translation Mode to be set to LBA Assisted for HDD in BIOS<br />
|-<br />
| HP || [[HP DX2250|DX2250]] || -- || -- || -- || -- || <br />
|-<br />
| HP || [[HP DX2300|DX2300]] || -- || -- || -- || -- || <br />
|-<br />
| HP || DX2400 || -- || -- || -- || -- || <br />
|-<br />
| HP || DX5150 CMT || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 || <br />
|-<br />
| HP || DX7500 || -- || -- || -- || 2010-01-04 ||<br />
|-<br />
| HP || DX7300 || -- || 0.26 || -- || 2011-06-16 || <br />
|-<br />
| HP || DX7400 || -- || 0.26 || -- || 2011-06-16 || <br />
|-<br />
| HP || Elite 7300 MT || &#10004; || Default bzImage || undionly.kpxe || 2015-2-23 ||<br />
|-<br />
| HP || EliteBook 2540p || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || EliteBook 2760p || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 ||<br />
|-<br />
| HP || EliteBook 6530b || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || EliteBook 6550b || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || EliteBook 6930p || -- || -- || -- || -- ||<br />
|-<br />
| HP || EliteBook 8440p || &#10004; || Default bzImage || undionly.kpxe || 2014-06-05 || <br />
|-<br />
| HP || EliteBook 8510p || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || EliteBook 8530w || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || EliteBook 8540p || -- || KS from Aug 10 2010 || -- || 2010-03-30 || Did not recognize NIC until Kernel was updated to Kitchen Sink build from Aug 10 2010<br />
|-<br />
| HP || EliteBook 8540w || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || EliteBook 8710w || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || EliteBook Revolve 810 G2 || &#10004; || Default bzImage || undionly.kpxe || 2015-1-8 || Secure Boot = off, Boot Mode = Legacy, IPv4 PXE<br />
|-<br />
| HP || [[HP EliteDesk 800 G1 |EliteDesk 800 G1]] || &#10004; || Default bzImage || undionly.kpxe || 2014-12-17 || Check page link [[HP EliteDesk 800 G1]]<br />
|-<br />
| HP || HP Touch Smart 9100 Business PC || -- || -- || -- || 2010-07-16 || 0.29<br />
|-<br />
| HP || Pavilion dm1-3010nr || -- || Kernel-2.6.35.7.kitchensink || -- || 9/14/2011 || Works with Kernel-2.6.35.7.kitchensink and kernel arugements acpi=off noirq pci=use_crs<br />
|-<br />
| HP || Pavilion dv4000 || -- || -- || -- || 2010-08-18 || 0.29 <br />
|-<br />
| HP || Pavilion dv7-3125ef || -- || default Kernel 0.30 || -- || 2011-05-27 || <br />
|-<br />
| HP || [[HP Pavilion 734n|Pavilion 734n]] || -- || -- || -- || -- || <br />
|-<br />
| HP || NX7400 || -- || -- || -- || -- ||<br />
|-<br />
| HP || NX7300 || -- || -- || -- || -- ||<br />
|-<br />
| HP || Pavilion ze2000 || -- || -- || -- || -- ||<br />
|-<br />
| HP || Mini 1101 || -- || -- || -- || -- ||<br />
|-<br />
| HP || Mini Note || -- || -- || -- || -- ||<br />
|-<br />
| HP || Mini 5102 || -- || 0.29 || -- || 2010-07-09 || Very poor performance on imaging until acpi=force irqpoll was used as a Host Kernel Argument<br />
|-<br />
| HP || Mini 5103 || -- || -- || -- || 2012-01-19 || Disabling audio in BIOS will circumvent extremely slow imaging issue<br />
|-<br />
| HP || Mini Note 110 || -- || -- || -- || -- ||<br />
|-<br />
| HP || Mini 311-1037NR || -- || PS 2.6.28 || -- || 2010-12-06 || FOG .29 with kernel arg acpi=off noirq pci=use_crs Win 7<br />
|-<br />
| HP || ML110g5 || -- || 0.26 || -- || 2011-06-16 || <br />
|-<br />
| HP || ML150g6 || -- || 0.26 || -- || 2011-06-16 || <br />
|-<br />
| HP || NC8430 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || Pro 3000 MT || -- || 2.6.35.3 PS || -- || 2011-02-02 ||<br />
|-<br />
| HP || Pro 3400 MT || -- || 2.6.28.7 PS || -- || 2012-02-21 || Works well<br />
|-<br />
| HP || Pro 3015 MT || -- || 2.6.35.3 PS || -- || 2010-08-25 || Requires kernel argument hpet=disable (if not disabled you will get ehci/ohci interrupt errors, very slow boot, and the ethernet device will no longer work while kernel initializes himself).<br />
|-<br />
| HP || ProBook 430 G2 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-25 ||<br />
|-<br />
| HP || ProBook 440 G2 || &#10004; || Default bzImage || '''undionly.kkpxe''' || 2015-05-07 ||<br />
|-<br />
| HP || ProBook 450 G1 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || ProBook 450 G2 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || ProBook 455 G2 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || ProBook 470 G2 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || ProBook 4510s || &#10004; || Default bzImage || undionly.kpxe|| 2015-1-15 || <br />
|-<br />
| HP || ProBook 4515s || -- || FOG 0.28 || -- || 2010-06-28 || May have a Blinking cursor after graphical FOG PXE menu and hard disk set to AHCI mode and using Windows XP. <br />
|-<br />
| HP || ProBook 4520s || &#10004; || Default bzImage || '''undionly.kkpxe''' || 2015-1-15 || http://fogproject.org/forum/threads/ipxe-boot-issue-with-realtek-rtl8153.10507/page-2#post-40836<br />
|-<br />
| HP || ProBook 4525s || -- || FOG 0.29 || -- || 2011-05-03 || May have a Blinking cursor after graphical FOG PXE menu (Bios F.08). Upon changing to bios F.09, no changes in behavior. <br />
|-<br />
| HP || ProBook 4530s || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || ProBook 4540s || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| HP || ProBook 4710s || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| HP || ProBook 6440b || -- || -- || -- || -- ||<br />
|-<br />
| HP || ProBook 6450b || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || Probook 645 || &#10004; || Default bzImage || '''undionly.kkpxe''' || 2014-06-13 || Disable UEFI-Bootdodus in BIOS. undionly.kkpxe is not a typo you need to use this file to boot properly.<br />
|-<br />
| HP || Probook 645 G1 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || ProBook 6460b || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || ProBook 6470b || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || ProBook 6530b || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || ProBook 6540b || -- || -- || -- || -- ||<br />
|-<br />
| HP || ProBook 6550 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| HP || ProBook 6550b || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| HP || ProBook 6570b || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| HP || ProDesktop 400 G1 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || ProDesktop 400 G2 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || ProDesktop 600 G1 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || ProDesktop 800 G1 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || Stream 11 Pro || SVN 5293 and up || 4.2.3 (4.3.0 wasn’t working at the time for this specific problem) || ipxe.efi || 2014-11-20 || Kernel arguments: has_usb_nic=1 Host disk: /dev/mmcblk0 USB to Ethernet adapter has chipset ASIX AX88772B See [https://forums.fogproject.org/topic/6036/hp-stream-11-pro/34 this thread] for details.<br />
|-<br />
| HP || T510 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || T5730 || -- || -- || -- || 2010-05-03 || 0.29<br />
|-<br />
| HP || T5730w 2GF/1GR || -- || -- || -- || 2010-06-16 || 0.29<br />
|-<br />
| HP || XW4400 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || XW4600 || -- || -- || -- || 2011-08-03 ||<br />
|-<br />
| HP || XW6600 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || xw9400 || -- || -- || -- || 2011-03-03 || Works fine with FOG 0.29, Windows 7<br />
|-<br />
| HP || X2 210 || -- || Fog Trunk || ipxe.efi || 2-8-2016 || Used '''ASIX AX88772C''' usb to ethernet adapter. Thread: [https://forums.fogproject.org/topic/6525/pxe-boot-hp-x2-210-hybrid-tablet-windows-10-pro]<br />
|-<br />
| HP || Z400 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || <br />
|-<br />
| HP || Z600 || -- || -- || -- || 2011-03-03 || Works fine with FOG 0.29, Windows 7<br />
|-<br />
| HP || Z800 || -- || -- || -- || 2011-03-03 || Works fine with FOG 0.29, Windows 7<br />
|-<br />
| HP || Zbook Z15 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| HP || Zbook Z17 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-20 ||<br />
|-<br />
| IBM || ThinkCentre S50 || -- || FOG 0.32 || -- || 2012-05-07 || <br />
|-<br />
| Intel || NUC D54250WYB || &#10004; || Default bzImage || undionly.kpxe || 2014-12-12 || Set to Legacy Boot - Disabled UEFI / Secure boot<br />
|-<br />
| Intel || NUC D54250WYK || &#10004; || Default bzImage || undionly.kpxe || 2015-04-03 || Boot from LiveCD and shutdown properly or PXE boot might not work properly! Set to Legacy Boot - Disabled UEFI / Secure boot<br />
|-<br />
| Intel || NUC DN2820FYKH || &#10004; || Default bzImage || undionly.kpxe || 2014-12-12 || Set to Legacy Boot - Disabled UEFI / Secure boot<br />
|-<br />
| Intel || NUC DC53427HYE || -- || 5325 trunk bzImage || '''ipxe.efi''' || 2015-11-13 || UEFI Boot (!) but Secure boot disabled<br />
|-<br />
| Intel || NUC NUC5i5RYH || &#10004; || Default bzImage || undionly.kpxe || 2014-12-12 || Set to Legacy Boot - Disabled UEFI / Secure boot<br />
|-<br />
| Intel || NUC NUC6AYS || &#10004; || Default bzImage || undionly.kpxe || 2018-02-14 || Set to Legacy Boot - Disabled UEFI / Secure boot<br />
|-<br />
| MSI || Hetis 900 || -- || 2.6.39.1.core || -- || 2012-02-15 || 0.32 works well<br />
|-<br />
| Motion Computing || J3400 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| Motion Computing || J3500 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-26 ||<br />
|-<br />
| MPC || TXTBook || -- || -- || -- || -- || ATOM Based<br />
|-<br />
| MPC || ClientPro 365 || -- || -- || -- || -- ||<br />
|-<br />
| MSI || Wind U100 || -- || -- || -- || 2009-05-15 ||<br />
|-<br />
| MSI || MegaBook S270 (Model MS-6855B) || -- || Fog 0.29 || -- || 2011-01-06 || <br />
|-<br />
| NEC || Powermate ML-7 || -- || Fog 0.28 || -- || 2010-02-01 ||<br />
|-<br />
| NEC || Powermate ML-250 || -- || FOG 0.28 || -- || 2010-02-01 || Mainboard Asus P5S800, BIOS Ver 160 updated to 216: cannot connect to TFTP -- if IP differs from DHCP --. Use GPXE as a workaround.<br />
|-<br />
| NEC || Powermate VL-350 || -- || -- || -- || 2009-06-25 || Requires kernel argument acpi=off irqpoll<br />
|-<br />
| NEC || Powermate VL-370 || -- || 2.6.30.1 KS || -- || 2009-11-11 || Requires kernel argument acpi=off . If you don't set this argument, the BIOS will freeze on next boot. You will need to clear CMOS.<br />
|-<br />
| NEC || Versa One || -- || 2.6.35.3 PS || -- || 2010-10-12 || Only worked with kernel 2.6.35.3 PS<br />
|-<br />
| Panasonic || Toughbook CF-W7 || -- || -- || -- || -- ||<br />
|-<br />
| Panasonic || Toughbook FZ-G1 || &#10004; || Default bzImage || undionly.kpxe || 2014-12-02 || Disable Secureboot/UEFI and Enable CSM in BIOS<br />
|-<br />
| Omni Tech || OTC-3200D01850 || -- || -- || -- || -- ||<br />
|-<br />
| Omni Tech || OTC-H3111D00 || -- || -- || -- || -- ||<br />
|-<br />
| Omni Tech || OTC-H3243D00 || -- || -- || -- || -- ||<br />
|-<br />
| Lenovo || B50-45 20388 || -- || 1.2.0 || undionly.kpxe || 07-9-2015 ||<br />
|-<br />
| Lenovo || A55 || -- || -- || -- || -- ||<br />
|-<br />
| Lenovo || M51 || -- || -- || -- || -- ||<br />
|-<br />
| Lenovo || M55 || -- || -- || -- || -- ||<br />
|-<br />
| Lenovo || M55P || -- || 0.31/32 || -- || 07-20-2011 ||<br />
|-<br />
| Lenovo || M57 || -- || -- || -- || -- ||<br />
|-<br />
| Lenovo || M58 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-17 ||<br />
|-<br />
| Lenovo || MT-M 5048 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Lenovo || MT-M 5049 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Lenovo || MT-M 7033 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-20 ||<br />
|-<br />
| Lenovo || MT-M 6073 || &#10004; || Kernel 4.0.2 - r3451 || undionly.kkpxe || 2015-05-21 ||<br />
|-<br />
| Lenovo || S9 || -- || -- || -- || -- || Fails at within 30seconds of image uptake using (took image by placing hard disk in another Lenovo R500), Image loading works okay with v 0.28<br />
|-<br />
| Lenovo || S10e || -- || -- || -- || -- ||<br />
|-<br />
| Lenovo || S10-2 || -- || -- || -- || -- ||<br />
|-<br />
| Lenovo ||MT-M 9964-A1U || -- || r3277 || '''undionly.kkpxe''' || 4-20-2015 ||<br />
|-<br />
| Lenovo || ThinkCenter A70z || -- || 0.29 || -- || 08/2010 || needs Kernel-2.6.35.3PS, BIOS 98KT13AUS<br />
|-<br />
| Lenovo || ThinkCenter E31 || -- || 0.32 || -- || 09/2012 || needs kernel 3.3.3.core<br />
|-<br />
| Lenovo || ThinkCentre E73 || &#10004; || Default bzImage || undionly.kpxe || 2015-04-23 ||<br />
|-<br />
| Lenovo || ThinkCentre Edge71 || -- || 0.32 || -- || 11-06-2012 || Works with default 0.32 kernel<br />
|-<br />
| Lenovo || ThinkCentre M900z || -- || 1.3.5 || -- || 05/2017 || Temporarily turn off Secure boot by enabling '''CSM'''. Boot to the FOG menu once. Then go back and disable '''CSM'''. After that, you're free to put your network interfaces first in the boot order.<br />
|-<br />
| Lenovo || ThinkCentre M90z || -- || 0.29 || -- || 08/2010 || works out of the box, BIOS 9BKT28AUS and 9BKT31AUS<br />
|-<br />
| Lenovo || ThinkCentre M72z || &#10004; || Default bzImage || undionly.kpxe || 2014-11-17 ||<br />
|-<br />
| Lenovo || ThinkCentre M73z || &#10004; || Default bzImage || undionly.kpxe || 2014-11-17 ||<br />
|-<br />
| Lenovo || ThinkCentre M75e || -- || 0.32 / 2.6.35.3 PS || -- || 07/2011 ||<br />
|-<br />
| Lenovo || ThinkCenter T510 || -- || 0.29 || -- || 08/2010 || works with Kernel-2.6.35.3PS<br />
|-<br />
| Lenovo || ThinkCenter X61 || -- || 0.29 || -- || 08/2010 || works with Kernel-2.6.35.3PS<br />
|-<br />
| Lenovo || Thinkpad E430 || &#10004; || Default bzImage || undionly.kpxe || 2015-06-24 ||<br />
|-<br />
| Lenovo || ThinkPad E520 || -- || 0.32 || -- || 02-10-2012 ||<br />
|-<br />
| Lenovo || ThinkPad R50 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || ThinkPad R51 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 || Change SATA settings from ACPI to Compatibility<br />
|-<br />
| Lenovo || ThinkPad R61 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || Change SATA settings from ACPI to Compatibility<br />
|-<br />
| Lenovo || Thinkpad R400 || -- || -- || -- || -- ||<br />
|-<br />
| Lenovo || Thinkpad SL500 || -- || -- || -- || -- || Requires kernel argument irqpoll<br />
|-<br />
| Lenovo || Thinkpad SL410 || -- || 0.28 || -- || -- ||<br />
|-<br />
| Lenovo || Thinkpad Edge 13|| -- || 0.28 || -- || -- ||<br />
|-<br />
| Lenovo || Thinkpad Edge 15|| -- || 0.32 || -- || -- || Requires PXE Bzimage upgrade to 3.012<br />
|-<br />
| Lenovo || Thinkpad L440 || &#10004; || Default bzImage || undionly.kpxe || 2015-06-24 ||<br />
|-<br />
| Lenovo || Thinkpad L530|| &#10004; || r2922 || undionly.kpxe || 2015-1-28 ||<br />
|-<br />
| Lenovo || Thinkpad L412|| &#10004; || r3451 - Kernel 4.0.2 || undionly.kkpxe || 2015-5-21 ||<br />
|-<br />
| Lenovo || Thinkpad T42 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad T43 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad T60 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad T61 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad T400 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad T410 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad T410s || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad T420 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Lenovo || Thinkpad T430 || &#10004; || Default bzImage || undionly.kpxe || 2015-06-24 ||<br />
|-<br />
| Lenovo || Thinkpad T440p || &#10004; || Default bzImage || undionly.kpxe || 2015-06-24 ||<br />
|-<br />
| Lenovo || Thinkpad T500 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad W510 || -- || 0.32 || -- || 08-23-2013 || kernel 2.6.35-4 <br />
|-<br />
| Lenovo || Thinkpad x100e || -- || 0.29 || -- || -- ||<br />
|-<br />
| Lenovo || Thinkpad X200 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad X201 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Lenovo || Thinkpad x300 || -- || -- || -- || -- || (regular and Solid State Disk)<br />
|-<br />
| Lenovo || Thinkpad x301 || -- || -- || -- || -- || (regular and Solid State Disk)<br />
|-<br />
| Lenovo || Thinkpad x41 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Lenovo || Thinkpad x60 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Lenovo || Thinkpad x61 || -- || -- || -- || -- ||<br />
|-<br />
| Lenovo || ThinkStation S20 || -- || 0.29 || -- || 08/2010 || works with Kernel-2.6.35.3PS<br />
|-<br />
| Lenovo || ThinkStation D20 || -- || 0.29 || -- || 08/2010 || works with Kernel-2.6.35.3PS<br />
|-<br />
| Lenovo || Z60 || -- || -- || -- || -- ||<br />
|-<br />
| IBM || 300 PL || -- || -- || -- || -- ||<br />
|-<br />
| IBM || Thinkcenter || -- || -- || -- || -- ||<br />
|-<br />
| IBM || Netvista || -- || -- || -- || -- ||<br />
|- <br />
| RM || WV949(SGR) || -- || -- || -- || -- ||<br />
|-<br />
| Samsung || NC10 || -- || -- || -- || -- ||<br />
|-<br />
| Samsung || R20 (F00)|| -- || -- || -- || -- ||<br />
|-<br />
| Samsung || R510|| -- || -- || -- || -- || Requires kernel argument irqpoll<br />
|-<br />
| Samsung || R60 || -- || -- || -- || -- ||<br />
|-<br />
| Samsung || R60Plus || -- || -- || -- || -- ||<br />
|-<br />
| Shuttle || SA76G2 || -- || PS (2.6.28.7) || -- || -- || With Marvel Yukon Gigabit Ethernet Controller<br />
|-<br />
| Sony || VAIO PCG-K23 || -- || -- || -- || -- ||<br />
|-<br />
| Sony || VAIO VGN-AR71M || -- || -- || -- || -- ||<br />
|-<br />
| Sony || VAIO VGN-BZ31VT || -- || 0.28 (2.6.31) || -- || 2010-04-07 ||<br />
|-<br />
| Sony || VAIO VGN-V2S || -- || -- || -- || -- ||<br />
|-<br />
| Sun || xVM Virtualbox || -- || -- || -- || 2009-05-12 ||<br />
|-<br />
| Tangent || Pendant 2465LPB || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Tangent || Pendant 5131LP || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Tangent || Pendant 5131LPB || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Tangent || Pendant 5141LPB || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Tangent || Pendant 5161LPB || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Tangent || Pendant 5181LPB || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Toshiba || Protege M400 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Protege M600 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Protege M650 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Protege M700 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Protege M750 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Protege M780 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Protege R30-A || &#10004; || Default bzImage || undionly.kpxe || 2014-11-18 ||<br />
|-<br />
| Toshiba || Protege R100 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Protege R200 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Protege R500 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Protege R600 || -- || -- || -- || -- || BIOS 1.60 or newer<br />
|-<br />
| Toshiba || Protege R830 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-18 ||<br />
|-<br />
| Toshiba || Protege R930 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-18 ||<br />
|-<br />
| Toshiba || Protege Z30-A || &#10004; || Default bzImage || undionly.kpxe || 2014-11-18 ||<br />
|-<br />
| Toshiba || Protege Z30t-A || &#10004; || Default bzImage || undionly.kpxe || 2015-1-8 || Boot Mode - CSM Boot<br />
|-<br />
| Toshiba || Protege 930 || &#10004; || Default bzImage || undionly.kpxe || 2014-11-18 ||<br />
|-<br />
| Toshiba || Satellite A10-S127 || -- || default || -- || 2009-04-28 || <br />
|-<br />
| Toshiba || Satellite L300 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Satellite L350 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Satellite L670 || -- || 2.6.35 KS || -- || 2011-04-06 || <br />
|-<br />
| Toshiba || Satellite Pro S300-EZ1513 || -- || Default || -- || 28JUL09 || <br />
|-<br />
| Toshiba || Tecra A3X || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Tecra A7-S254 || -- || -- || -- || -- || Imaged using the latest fog -- (0.27)<br />
|-<br />
| Toshiba || Tecra A8-EZ8512 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-30 ||<br />
|-<br />
| Toshiba || Tecra A9 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Tecra A10 || &#10004; || Default bzImage || undionly.kpxe || 2014-06-14 ||<br />
|-<br />
| Toshiba || Tecra A11 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Toshiba || Tecra M10 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Tecra M11 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Toshiba || Tecra R700 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-29 ||<br />
|-<br />
| Toshiba || Tecra RA950 || &#10004; || Default bzImage || undionly.kpxe || 2014-10-30 ||<br />
|-<br />
| Toshiba || Tecra S1 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Tecra S2 || -- || -- || -- || -- ||<br />
|- <br />
| Toshiba || Tecra S3 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Tecra S4 || -- || -- || -- || -- ||<br />
|-<br />
| Toshiba || Tecra S11 || -- || -- || -- || -- || use FOG 0.28 is very slow, FOG 0.29 NOT working ! ( BIOS 2.20 )<br />
|-<br />
| Toshiba || Tecra S11-140 PTSE3E || -- || 0.29 || -- || 2010-09-17 || Default kernel doesn't support ethernet interface. You must use the kernel 2.6.35.3 PS (KS doesn't work)<br />
|}<br />
<br />
=== Hardware ===<br />
<br />
====Controllers====<br />
*LSI SAS 1068<br />
<br />
====Motherboards====<br />
<br />
{| class="wikitable sortable" border="1" cellspacing="0" cellpadding="3"<br />
|-<br />
! Manufacturer !! Model !! BIOS Version !! Onboard NIC !! Kernel Version !! Date !! Notes<br />
|-<br />
|Asus || M4N78-AM V2 || 1102 || Nvidia NForce || Fog 0.29 || 2011-02-12 || capture test !<br />
|-<br />
|Asus || M5A88-M || 0505 || Realtek 8111E || 3.3.3 Core || 2013-01-13 || FOG 0.32, wouldn't boot with default kernel, but later discovered was another issue (not kernel related)<br />
|-<br />
|Asus || M4A89GTD-PRO/USB3 rev 1.x|| 2001 || Realtek 8111E || 3.3.3 Core || 2013-01-11 || FOG 0.32, also worked with default kernel<br />
|-<br />
|Asus || M4A78LT-M-LE || 0407 || Atheros AR8131 || 3.3.3 Core || 2013-01-10 || FOG 0.32, also worked with default kernel<br />
|-<br />
|ASRock || M3A785GXH/128M || 1.1 || Realtek RTL8111DL || .28 || 1.1.2010 || Works Great!<br />
|-<br />
|Gigabyte || GA-MA770-DS3 rev 1.0 || F6 || Realtek 8111B || 2.6.28.7 Peter Sykes || 2009-04-28 || FOG 0.26, required different kernel than default<br />
|-<br />
|Gigabyte || GA-78LMT-S2P rev ? || FB || Atheros AR8151 || 3.3.3 Core || 2013-01-14 || FOG 0.32, also worked with default kernel<br />
|-<br />
|Intel || DG31GL || -- || -- || -- || -- || --<br />
|-<br />
|Intel || D845BG || -- || Intel Pro100VE || -- || -- || Problematic Intel Boot ROM version 4.0.19 (D845BGL)<br />
|-<br />
|Intel || DG35EC || -- || --|| -- || -- || --<br />
|-<br />
|Intel || D945GCZ || -- || --|| -- || -- || --<br />
|-<br />
|Intel || DQ965JO || -- || --|| -- || -- || --<br />
|-<br />
|Intel || DP55WB || -- || --|| -- || -- || --<br />
|-<br />
|Intel || DQ45CB || -- || --|| -- || -- || --<br />
|-<br />
|Intel || DG35EC || -- || --|| -- || -- || --<br />
|-<br />
|Jetway || NF93R-LF || -- || 2 x Realtek RTL8111C || 2.6.30.1 ks || 2012-08-19 || kernel arguments (maybe not necessary) acpi=off irqpoll vga=6<br />
|-<br />
|Sapphire|| Pure Black X58 || -- || 1 x Marvell Yukon || FOG 0.32 || 2013-12-14 || kernel arguments (maybe not necessary) acpi=off irqpoll vga=6<br />
|}<br />
<br />
====USB Ethernet Adapters====<br />
There are hundreds of USB NICs supported by the [http://cateee.net/lkddb/web-lkddb/USB_NET_DRIVERS.html linux kernel] alone. We will never be able to document all of those here. So this is just the gist of what we have heard about in the forums or tested on our own.<br />
'''So far you'd have to add 'has_usb_nic=1' as kernel parameter...'''<br />
{| class="wikitable sortable" border="1" cellspacing="0" cellpadding="3"<br />
|-<br />
! Manufacturer !! Model !! USB !! Speed !! Kernel Version !! Date !! Notes<br />
|-<br />
| ADMtek || Pegasus AN986 || ? || ? || [http://cateee.net/lkddb/web-lkddb/USB_PEGASUS.html check PCI ID] || - || '''just listing it here, not confirmed working''', devices using the same chip: ADMtek ADM8511 Pegasus II, D-Link DSB-650TX<br />
|-<br />
| ASIX || AX88179 || 3.0/2.0 || 1GiB || [http://cateee.net/lkddb/web-lkddb/USB_NET_AX88179_178A.html check PCI ID] || - || [https://forums.fogproject.org/post/142990 confirmed working] '''using ncm–ecm–axge.efi''', devices using the same chip: D-Link DUB-1312, [https://forums.fogproject.org/topic/6510/boot-dell-xps-12-to-usb-to-network-card/27 Sabrent USB-G1000], Sitcomm LN-032, Startech USB31000SPTB, USB31000S and USB32000S (and US1GC30?), ThinkPad OneLink dock<br />
|-<br />
| ASIX || AX88772A/B || 2.0 || 100MiB || [http://cateee.net/lkddb/web-lkddb/USB_NET_AX8817X.html check PCI ID] || 2015-01-15 || [https://forums.fogproject.org/topic/2666/fog-pxe-boot-with-usb-to-ethernet-adapter/43 confirmed] [https://forums.fogproject.org/topic/6036/hp-stream-11-pro working] (with undionly.kkpxe), devices using the same chip: Ableconn USB2E100B, Aten UC210T, Billionton Systems USB2AR and GUSB2AM-1G-B, Buffalo LUA-U2-KTX, Corega FEther USB2-TX, D-Link DUB-E100, Hawking UF200, Linksys USB200M, Netgear FA120, Sitecom LN-029, Sitecom LN-028, Intellinet USB 2.0 Ethernet, ST Lab USB 2.0 Ethernet, TrendNet TU2-ET100<br />
|-<br />
| ASIX || AX88772C || 2.0 || 100MiB || [http://cateee.net/lkddb/web-lkddb/USB_NET_AX8817X.html check PCI ID] || 2016-02-08 || [https://forums.fogproject.org/topic/6525/pxe-boot-hp-x2-210-hybrid-tablet-windows-10-pro/126 confirmed] [https://forums.fogproject.org/topic/6829/legacy-boot-hp-stream-11-not-working/19 working] (with ipxe.efi)<br />
|-<br />
| Microchip || LAN78XX || 2.0/3.0 || 1GiB || [http://cateee.net/lkddb/web-lkddb/USB_LAN78XX.html check PCI ID] || - || '''just listing it here, not confirmed working'''<br />
|-<br />
| Realtek || RLT8150 || 1.1 || 10MiB (???) || [http://cateee.net/lkddb/web-lkddb/USB_RTL8150.html check PCI ID] || - || '''just listing it here, not confirmed working''', devices using the same chip: Zaurus SL-5000D<br />
|-<br />
| Realtek || RLT8152 || 2.0 || 100MiB || [http://cateee.net/lkddb/web-lkddb/USB_RTL8152.html check PCI ID] || 2016-01-13 || [https://forums.fogproject.org/topic/6227/surface-3-fails-to-image/41 confirmed] [https://www.youtube.com/watch?v=UFYNan98lmw working], devices using the same chip: Microsoft 1552 ([http://svn.exactcode.de/t2/trunk/package/base/linux/surface-dock-eth.patch needs kernel patch])<br />
|-<br />
| Realtek || RLT8153 || 3.0 || 1GiB || [http://cateee.net/lkddb/web-lkddb/USB_RTL8152.html check PCI ID] || 2015-07-09 || [https://forums.fogproject.org/topic/6319/m-2-pcie-ssd-not-recognised-in-fog confirmed] [https://forums.fogproject.org/topic/2620/realtek-8153-usb-network-adapter/29 working] (using undionly.kkpxe), devices using the same chip: Dell USB-C Network Adapter 470-ABND, Lenovo USB 3.0 Ethernet 4X90E51405, Microsoft 1663 ([http://svn.exactcode.de/t2/trunk/package/base/linux/surface-dock-eth.patch needs kernel patch]), TP-Link UE300<br />
|-<br />
| SMSC || LAN7500 || 2.0 || 1GiB || [http://cateee.net/lkddb/web-lkddb/USB_NET_SMSC75XX.html check PCI ID] || 2016-02-02 || [http://www.johnwillis.com/2014/03/pxe-booting-using-usb-to-ethernet-dongle.html confirmed] [https://forums.fogproject.org/topic/6510/boot-dell-xps-12-to-usb-to-network-card/67 working], devices using the same chip: Startech USB21000S2<br />
|-<br />
| SMSC || LAN9512/LAN9514 || 2.0 || 100MiB || [http://cateee.net/lkddb/web-lkddb/USB_NET_SMSC95XX.html check PCI ID] || - || '''[http://fogproject.org/forum/threads/elitepad-1000.12596/ not confirmed yet]''', devices using the same chip: USB 2.0 to Ethernet 10/100 Adapter within HSTNN-C75X dock<br />
|}<br />
<br />
=== Virtual Machines for building images ===<br />
<br />
{| class="wikitable sortable" border="1" cellspacing="0" cellpadding="3"<br />
|-<br />
! Manufacturer !! Model !! BIOS Version !! Onboard NIC !! Fog 1.x.x !!Kernel Version !! IPXE !! Date !! Notes<br />
|-<br />
|Proxmox VE 3.1|| KVM virtual machine || Seabios 1.7.4 || Intel E1000 || -- || FOG 0.32 || -- || 2014-01-04 || VM CPU=Nehalem (not working with CPU=Host), kernel arguments (maybe not necessary) acpi=off irqpoll vga=6<br />
|-<br />
| Oracle || xVM Virtualbox || -- || Intel E1000 || &#10004; || Default bzImage || ipxe.pxe || 2014-06-13 || Works best with E1000 NIC. Set physical connection to be bridged<br />
|-<br />
| Sun || VMware WorkStation || 9.0.1 build-894247 || --|| &#10004; || Default bzImage || undionly.kpxe || 2014-06-13 || Set physical connection to be bridged<br />
|-<br />
| Microsoft || Hyper-V || 2012 || --|| &#10004; || Default bzImage || undionly.kpxe || 2014-11-18 || Set physical connection to be bridged<br />
|}<br />
<br />
===NAS Devices ===<br />
*Note full setup may not be listed. Please contact the reporting user.<br />
<br />
{| class="wikitable sortable" border="1" cellspacing="0" cellpadding="3"<br />
|-<br />
! Manufacturer !! Model !! Firmware Version !! Software !! Fog 1.x.x !! Date !! User !!Notes<br />
|-<br />
|Western Digital|| MyBookLive || 02.43.09-038 || WD ||&#10004; || 2015-04-20 || wolfbane8653 ||Can be used as storage node or as Fog server.<br />
<br />
|}</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=.fogsettings&diff=12645.fogsettings2021-02-22T18:11:42Z<p>SebastianRoth: Replaced content with "This article moved to the new documentation platform. https://docs.fogproject.org/en/latest/reference/install_fogsettings.html"</p>
<hr />
<div>This article moved to the new documentation platform.<br />
<br />
https://docs.fogproject.org/en/latest/reference/install_fogsettings.html</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Change_FOG_Server_IP_Address&diff=12644Change FOG Server IP Address2021-02-22T18:05:38Z<p>SebastianRoth: Replaced content with "This article moved to the new documentation platform. https://docs.fogproject.org/en/latest/reference/change_fog_server_ip_address.html"</p>
<hr />
<div>This article moved to the new documentation platform.<br />
<br />
https://docs.fogproject.org/en/latest/reference/change_fog_server_ip_address.html</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Change_FOG_Server_IP_Address&diff=12643Change FOG Server IP Address2021-02-22T18:02:38Z<p>SebastianRoth: Remove really old stuff first</p>
<hr />
<div>= Change FOG server static IP address =<br />
<br />
Related article: [[Migrate FOG]]<br />
<br />
== FOG 1.3.0 ==<br />
<br />
=== Procedural Steps ===<br />
<br />
* Follow appropriate steps for your Linux distribution to change the OS's IP address.<br />
* Update the <font color="red">ipaddress=</font> field (and other fields if necessary) inside the <font color="red">/opt/fog/.fogsettings</font> file.<br />
* Rerun the installer<br />
* Update the IP address for the storage node on the FOG system where you changed the IP address <font color="red">Web Interface -> Storage Management</font><br />
* Update the IP address on a any master storage node that may reference this FOG server <font color="red">Web Interface -> Storage Management</font><br />
* (For master server) Update the FOG_WEB_HOST value <font color="red">Web Interface -> FOG Configuration -> FOG Settings -> Web Server -> FOG_WEB_HOST</font><br />
* (For master server) Update the FOG_TFTP_HOST value <font color="red">Web Interface -> FOG Configuration -> FOG Settings -> TFTP Server -> FOG_TFTP_HOST</font><br />
<br />
=== FOG Settings File ===<br />
<br />
Update the /opt/fog/.fogsettings file:<br />
<br />
<pre>vi /opt/fog/.fogsettings</pre><br />
<br />
Instructions on using Vi: [[Vi]]<br />
<br />
There are several settings in here that may need updated depending on if you're running DHCP on the fog server or not. But the one setitng that must be updated is the ipaddress=x.x.x.x setting. Update this with the correct IP. Save your changes and quit, and then re-run the fog installer.<br />
<br />
Additional information about the <font color="red">/opt/fog/.fogsettings</font> file can be found here: [[.fogsettings]]</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Build_TomElliott_Kernel&diff=12642Build TomElliott Kernel2021-02-02T12:21:58Z<p>SebastianRoth: /* To Build 64 bit Kernel */</p>
<hr />
<div>'''PRE BUILD ENVIRONMENT IS ASSUMED ALREADY INSTALLED ON THE SYSTEM YOU'RE BUILDING'''<br />
NOTE: It is assumed you have root access to the system you're building this on. It also assumes you know your CWD (Current Working Directory).<br />
= Build TomElliott Kernel for FOG 0.32 and earlier=<br />
The below instructions are to build the TomElliott kernel. There is an extra step involved compared to the normal kernel build as there are firmware's built directly into the kernels now.<br />
== Download the Kernel ==<br />
As of the time of this writing kernel 3.13 is the latest. You can use previous, or future kernels as well though.<br />
<pre>wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.13.tar.xz</pre><br />
<br />
== Uncompress the kernel ==<br />
<pre>tar -xf linux-3.13.tar.xz</pre><br />
<br />
== Go into uncompressed linux kernel directory ==<br />
<pre>cd linux-3.13</pre><br />
<br />
== Get the config file ==<br />
<pre>wget https://svn.code.sf.net/p/freeghost/code/trunk/kernel/TomElliott.config.32 -O .config</pre><br />
<br />
== Download the prerequisite package '''(THE EXTRA STEP IS HERE)''' ==<br />
<pre>git clone git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git</pre><br />
<br />
== Prepare the build ==<br />
<pre>make ARCH=i386 menuconfig</pre><br />
Add any choices, or don't but when you exit, it will ask you to save the config, '''NEEDED'''.<br />
<br />
After you've saved the config.<br />
<br />
== Build the bzImage ==<br />
<pre>make ARCH=i386 bzImage</pre><br />
<br />
This will take a while. Once successful, it will say bzImage created.<br />
<br />
== Copy the built kernel to your FOG Server's kernel directory. ==<br />
NOTE: In my example, the FOG Server is the same as my build system.<br />
NOTE: Recommend to make a backup of the original /tftpboot/fog/kernel/bzImage before continuing just in case.<br />
<pre>cp arch/x86/boot/bzImage /tftpboot/fog/kernel/bzImage</pre><br />
= Build TomElliott Kernel for FOG 0.33b and newer=<br />
The below instructions are to build the TomElliott kernel. There is an extra step involved compared to the normal kernel build as there are firmware's built directly into the kernels now.<br />
== Download the Kernel ==<br />
As of the time of this writing kernel 4.17 is the latest. You can use previous, or future kernels as well though.<br />
<pre>wget https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.17.tar.xz</pre><br />
<br />
== Uncompress the kernel ==<br />
<pre>tar -xf linux-4.17.tar.xz</pre><br />
<br />
== Go into uncompressed linux kernel directory ==<br />
<pre>cd linux-4.17</pre><br />
<br />
== Get the config file ==<br />
===To Build 32 bit Kernel===<br />
<pre>wget -O .config https://github.com/FOGProject/fos/raw/master/configs/kernelx86.config</pre><br />
===To Build 64 bit Kernel===<br />
<pre>wget -O .config https://github.com/FOGProject/fos/raw/master/configs/kernelx64.config</pre><br />
== Download the prerequisite package '''(THE EXTRA STEP IS HERE)''' ==<br />
<pre>git clone git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git</pre><br />
<br />
== Prepare the build ==<br />
===To Build 32 bit Kernel===<br />
<pre>make ARCH=i386 oldconfig</pre><br />
===To Build 64 bit Kernel===<br />
'''NOTE: MUST BE ON A 64 BIT OS'''<br />
<pre>make oldconfig</pre><br />
<br />
In case you want to make changes to the config run:<br />
<pre>make menuconfig</pre><br />
or<br />
<pre>make oldconfig</pre><br />
<br />
Make sure to save when exiting the menuconfig.<br />
<br />
== Build the bzImage ==<br />
===To Build 32 bit Kernel===<br />
<pre>make ARCH=i386 bzImage</pre><br />
===To Build 64 bit Kernel===<br />
<pre>make bzImage</pre><br />
<br />
This will take a while. Once successful, it will say bzImage created.<br />
<br />
== Copy the built kernel to your FOG Server's kernel directory. ==<br />
NOTE: In my example, the FOG Server is the same as my build system.<br />
NOTE: Recommend to make a backup of the original /var/www/html/fog/service/ipxe/bzImage before continuing just in case.<br />
<pre>cp arch/x86/boot/bzImage /var/www/html/fog/service/ipxe/bzImage</pre><br />
or<br />
<pre>cp arch/x86/boot/bzImage /var/www/html/fog/service/ipxe/bzImage32</pre><br />
<br />
= Additional Patches =<br />
Edit the files within the linux decompressed folder:<br />
== drivers/net/usb/r8152.c ==<br />
https://forums.fogproject.org/topic/12465/microsoft-surface-go-usb-c-to-ethernet-adapter-compatibility<br />
Search for <pre>REALTEK_USB_DEVICE(VENDOR_ID_REALTEK</pre> and add this line:<br />
<pre><br />
{REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x0927)}<br />
</pre><br />
<br />
== drivers/scsi/storvsc_drv.c ==<br />
This is an important patch to help prevent from major performance issues in HyperV: https://forums.fogproject.org/topic/6695/performance-decrease-using-hyper-v-win10-clients<br />
<br />
Search for <pre>blk_queue_virt_boundary</pre><br />
<br />
Delete the line and add:<br />
<pre><br />
if (PAGE_SIZE - 1 < 4096) {<br />
blk_queue_virt_boundary(sdevice->request_queue, 4096);<br />
} else {<br />
blk_queue_virt_boundary(sdevice->request_queue, PAGE_SIZE - 1);<br />
}<br />
</pre></div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Modifying_the_Init_Image&diff=12637Modifying the Init Image2020-12-18T10:45:05Z<p>SebastianRoth: </p>
<hr />
<div>==Modifying the Boot Image==<br />
If you wish to modify the way that the pxe/tftp works init files can be edited - run '''as root''' to be able to loop mount:<br />
<br />
<pre><br />
cd ~<br />
cp /var/www/html/fog/service/ipxe/init.xz .<br />
xz -d init.xz<br />
mkdir -p initmountdir<br />
mount -o loop init initmountdir<br />
</pre><br />
<br />
Now you find the uncompressed content of the initrd in <tt>~/initmountdir</tt> and can make adjustments as needed. After you're done making changes, you have to unmount, re-compress and copy back the init image:<br />
<br />
<pre><br />
cd ~<br />
umount initmountdir<br />
xz -C crc32 -9 init<br />
cp init.xz /var/www/html/fog/service/ipxe/<br />
</pre><br />
<br />
You want to apply the same changes to the 32-bit init file as well! Follow the same steps outlined above but using the filename <tt>init_32.xz</tt> instead.<br />
<br />
==Examples==<br />
===Adding sfdisk to the /sbin directory===<br />
This will add the <tt>sfdisk</tt> program into the boot environment:<br />
<pre>cd /tftpboot/fog/images<br />
gunzip init.gz<br />
mkdir initmountdir<br />
mount -o loop init initmountdir</pre><br />
init is now ready for modification. Make your changes:<pre><br />
cp /sbin/sfdisk /tftpboot/fog/images/initmountdir/sbin</pre><br />
Modifications Complete. Unmount and re-gzip it:<pre><br />
umount initmountdir<br />
rmdir initmountdir<br />
gzip init</pre>Now you can use the sfdisk program from the PXE environment.<br />
===Remove Authentication from Quick Image===<br />
This example will show how to automatically authenticate users when they select Quick Image. If you are happy to allow anybody to deploy an image to a hardrive this is for you.<br />
<pre>cd /tftpboot/fog/images<br />
gunzip init.gz<br />
mkdir initmountdir<br />
mount -o loop init initmountdir<br />
cd /tftpboot/fog/images/initmountdir/bin/</pre><br />
Edit fog.quickimage<br><br />
Comment out the followig lines by putting a # in front<br />
<pre> #echo " Enter a valid FOG username and password.";<br />
#echo "";<br />
#echo -n " Username: ";<br />
#read username;<br />
#echo ""<br />
#echo -n " Password: ";<br />
#stty -echo<br />
#read password;<br />
#stty echo;<br />
#echo "";<br />
#echo ""</pre><br />
<br />
Replace with:<br />
<pre> username="a valid username"<br />
password="a valid password";</pre><br />
Save the modification<pre><br />
cd ../..<br />
umount initmountdir/<br />
rmdir initmountdir<br />
gzip init</pre><br />
<br />
You are done and now users can image without the need for a username and a password.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Multicasting&diff=12634Multicasting2020-04-06T15:45:23Z<p>SebastianRoth: /* Something else to try */</p>
<hr />
<div>Multicasting in FOG uses UDPcast to send a single image to multiple computers using only slightly more bandwidth than sending the image to a single computer or unicast. Multicasting in FOG may require special switch configuration. A multicast will not begin until all members are ready to begin by default.<br />
<br />
See also: [[Troubleshoot Downloading - Multicast]]<br />
<br />
== Queuing ==<br />
<br />
*FOG uses a simple queuing system to prevent its storage servers from being overworked. If you have a single FOG storage node in FOG with a queue size of 10, then this means that if you unicast an image to 30 computers, only the first 10 computers will be imaged. The other 20 computers will be waiting "in queue" for an open slot. What will be seen on the client side is the following:<br />
<br />
*[[File:Queue.jpg]]<br />
<br />
*This queue system allows for the IT staff to start tasks for hundreds or thousands of computers and let FOG manage the clients so the servers don't get overwhelmed with client requests.<br />
<br />
== Test Multicasting ==<br />
*Environment:<br />
**FOG server<br />
**Two or more <u>identical</u> computers<br />
**Ethernet hub or FastEthernet switch in same VLAN.<br />
<br />
*View Multicast status on server use tty2 or /opt/fog/log/multicast.log<br />
<br />
*Overall image time will be slower than unicast on same hardware and same image because unicast is gunzip(unzip) at client level, multicast in gunzip at server level. <br />
<br />
*If errors persist in test environment post log in forum.<br />
<br />
== Device Configurations ==<br />
*[[Cisco_Multi_Cast|Cisco Multicast - Layer 3]]<br />
*[[HPMulticast|HP Multicast - Layer 2&3]]<br />
*<span style="background-color:Yellow; color:Black;">Check your network settings, as of Fog v1.0.0, Fog is now using [[iPXE]] which is a different animal.</span> (includes 1.x.x)<br />
<br />
== Fog Settings ==<br />
* Fog has a few features built directly for multicasting. (r2903)<br />
*[[File:config.png]] '''Fog Configuration''' --> '''Fog Settings''' --> '''Multicast Settings'''<br />
**FOG_UDPCAST_INTERFACE -- Network connection for multicast broadcasting ['''Default: eth0''']<br />
**FOG_UDPCAST_STARTINGPORT -- PORT for multicast broadcasting ['''Default: 63100''']<br />
**FOG_MULTICAST_MAX_SESSIONS -- Max number of sessions ['''Default: 64''']<br />
**FOG_UDPCAST_MAXWAIT -- Max wait time(minutes) to wait for clients until starting (If client does not start it will be "left behind") ['''Default: 10''']<br />
**FOG_MULTICAST_ADDRESS -- Sets an alternate IP address if required (Proper format: XXX.XXX.XXX.XXX) ['''Default: 0''']<br />
**FOG_MULTICAST_PORT_OVERRIDE -- Sets a Port override if required ['''Default: 0''']<br />
**FOG_MULTICAST_DUPLEX -- Sets the desired duplex mode for your network ['''Default: Full Duplex''']<br />
<br />
== Troubleshooting == <br />
===General Troubleshooting===<br />
=== Upgrade FOG ===<br />
* As a general rule, Fog is constantly in development and constantly growing. The least you can do to help fix your Multi-Cast issues is to upgrade FOG to the latest release.<br />
* At times the developers will ask a user to upgrade to the '''"trunk"''' release and run a test. If you are one of these people you must keep in line with the upgrades and keep upgrading until the next release is issued.<br />
**'''"trunk"''' updates come at least once a day and quite possible a dozen a day.<br />
** To upgrade to trunk please see [[Upgrade_to_trunk]]<br />
<br />
===Stop Multicasting===<br />
* Stop all multitasks currently running<br />
#On your server open up terminal and kill any running udpcasts by typing<br />
#*<pre>sudo killall udp-sender</pre><br />
<br />
===Test Small Groups===<br />
*Break it down to 1 or 2 clients to help limit the possible issues that you are experiencing<br />
*It is usually found that issues stem from network switch settings and rogue DHCP servers. (i.e. '''Environmental Issues''')<br />
==== Testing 1 Client====<br />
#Now start a multicasting session using theses arguments. This will dump the logs into this file and allow a 1 minute start time for the session<br />
#*<pre>sudo udp-sender --file /opt/fog/.fogsettings --log /opt/fog/log/multicast.log --ttl 1 --nopointopoint</pre><br />
#Looking at the output you should see:<br />
#*Udp-sender xxxxxxxx<br />
#*Using [full duplex mode]<br />
#Your server is now waiting for your clients to boot<br />
#*If you receive a '''"Extra argument "/opt/fog/log/multicast.log" ignored"''' you missed a dash or something is miss spelled.<br />
#* Do a ctrl+c to stop and double check your command for syntax errors<br />
#* See [[https://www.udpcast.linux.lu/cmd.html UDPCast]] for other arguments available<br />
#Now boot up 1 client go to your ''FOG Menu'' and select debug mode.<br />
#*If debug is '''not''' located on your ''FOG Menu'' then you will need to add it. See [[FOG Menu]] (v1.3.0)<br />
#*You can also accomplish this by creating a Debug task in the Fog Web GUI and then network boot the client<br />
#*Do this on the same subnet if possible. <br />
#Type in to the client running multicast debug:<br />
#*<pre>udp-receiver</pre><br />
#On your server you should see that 1 client connected<br />
#* Then you can press any key on the client (Start client first)<br />
#On your client you should see the contents of your .fogsettings file scrolling by the screen.<br />
#* You may also see the output log in your FOG GUI under '''Log Viewer'''<br />
#Results:<br />
#*'''Success:''' Continue to section [[Multicasting#Testing_2_Clients| Testing 2 Clients]]<br />
#*'''Failed''' If it doesn't work then you need to check your switch/router/firewall settings. See [[IPXE]] and the settings suggested there.<br />
<br />
====Testing 2 Clients====<br />
*Hopefully you succeeded in testing [[Multicasting#Testing_1_Client| 1 client]] above. Now we need to test '''2 clients'''. <br />
# Start another multicast session again but this time run<br />
#*<pre>sudo udp-sender --file /opt/fog/.fogsettings --log /opt/fog/log/multicast.log --ttl 32 --nopointopoint</pre><br />
#Boot both clients in debug mode and run<br />
#*<pre>udp-receiver</pre><br />
#On your server you should see now that both clients are connected<br />
#* Then you can press any key on the client(s) (Start client(s) first)<br />
#* Then press any key on the server to start the transfer (Start server last)<br />
#Results:<br />
#*'''Success:''' If the clients display the contents of your .fogsettings file then your network and multicast settings are correct. The problem may lie within FOG configuration/settings<br />
#*'''Failed''' If it doesn't work then you need to check your switch/router/firewall settings. See [[IPXE]] and the settings suggested there.<br />
<br />
====Something else to try====<br />
OK so you should have tried testing [[Troubleshooting_a_multicast#Testing_1_Client | 1 client]] and [[Troubleshooting_a_multicast#Testing_2_Clients | 2 clients]] above <u>'''BUT'''</u> multicasting still doesn't work. Lets try one more thing.<br />
On your server run this:<br />
<pre>gunzip -S ".img" -c "/images/anyimagename/file" | udp-sender --min-receivers 2 --portbase 9000 \<br />
--interface $interface --half-duplex --ttl 32</pre><br />
Now boot up 2 clients in debug mode and type into the clients<br />
<br />
'''If your image is partimage'''<br />
<pre>udp-receiver --portbase 9000 --mcast-rdv-address $fogserverip | partimage -f3 -b restore /dev/sda stdin</pre><br />
<br />
'''If your image is partclone'''<br />
<pre>udp-receiver --nokbd --portbase 9000 --ttl 32 --mcast-rdv-address $fogserverip | \<br />
partclone.restore --ignore_crc -O /dev/sda<filenumber> -N -f 1</pre><br />
<br />
Hint: You might need to change /dev/sda to your correct harddrive if it's different use fdisk -l to find out.<br />
<br />
Results:<br><br />
'''Success:''' If the clients start imaging then your network and multicast settings an are correct. The problem may lie within FOG configuration/settings.<br><br />
'''Failed''' If it doesn't work then you need to check your switch/router/firewall settings. See [[IPXE]] and the settings suggested there.<br />
<br />
===Power cycle and Ethernet===<br />
*Setup task as normal.<br />
*Shutdown the hosts.<br />
*Unplug '''both''' power and ethernet cables for 10 seconds.<br />
*Plug them back in.<br />
*Boot.<br />
*Multicast starts running.<br />
<br />
*At times on particular hardware, multicast will not work due to network card not initializing properly. It's previous state will not completely clear on shutdown, but removing power forces it to clear.<br />
*Proof [http://fogproject.org/forum/threads/i-am-getting-dchp-bootp-reply-not-for-us-or-pxe-e51-no-dhcp-or-proxydhcp-offers-were-recieved.10635/#post-42294 Forum Post]<br />
<br />
===Please Wait===<br />
*Hang at the "Please Wait" screen:<br />
*Verify the host name (without DNS suffix) is listed in the /etc/hosts file to the actual IP address (not 127.0.0.1) - example: "192.168.0.77 myfogserver"<br />
*Check the MySQL details in "/opt/fog/service/etc/config.php" are correct.<br />
*If not, correct them (they should be the same as in /var/www/fog/commons/config.php) and restart the service <br />
<pre>sudo /etc/init.d/FOGMulticastManager restart</pre><br />
<br />
===Kill Multitasking===<br />
*If you wish to force kill all the multicasting sessions please do '''BOTH''' the following<br />
<br />
<br />
*Remove any sessions running in the sql database<br />
<pre><br />
mysql -u root <-p password> fog<br />
truncate table multicastSessions;<br />
truncate table multicastSessionsAssoc;<br />
exit;<br />
</pre><br />
*Stop any udp senders that may be running on the server<br />
<pre><br />
sudo service FOGMulticastManager stop<br />
sudo killall udp-sender<br />
sudo killall udp-sender<br />
sudo killall udp-sender<br />
sudo service FOGMulticastManager start<br />
</pre><br />
<br />
==STP/Portfast/RSTP/MSTP==<br />
* Sometimes unicast will work and multicast fails. You may need to check your managed switch settings.<br />
{{:STP/Portfast/RSTP/FMSTP}}<br />
<br />
===External Site Info===<br />
[[http://www.gravitycomputing.co.nz/fog-multicast-server-032/| Gravity Computing]] (0.32 only)<br />
<br />
[[http://www.digriz.org.uk/debian/freeghost| digriz]] (0.32 only)</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Multicasting&diff=12633Multicasting2020-04-06T15:44:23Z<p>SebastianRoth: /* Testing 2 Clients */</p>
<hr />
<div>Multicasting in FOG uses UDPcast to send a single image to multiple computers using only slightly more bandwidth than sending the image to a single computer or unicast. Multicasting in FOG may require special switch configuration. A multicast will not begin until all members are ready to begin by default.<br />
<br />
See also: [[Troubleshoot Downloading - Multicast]]<br />
<br />
== Queuing ==<br />
<br />
*FOG uses a simple queuing system to prevent its storage servers from being overworked. If you have a single FOG storage node in FOG with a queue size of 10, then this means that if you unicast an image to 30 computers, only the first 10 computers will be imaged. The other 20 computers will be waiting "in queue" for an open slot. What will be seen on the client side is the following:<br />
<br />
*[[File:Queue.jpg]]<br />
<br />
*This queue system allows for the IT staff to start tasks for hundreds or thousands of computers and let FOG manage the clients so the servers don't get overwhelmed with client requests.<br />
<br />
== Test Multicasting ==<br />
*Environment:<br />
**FOG server<br />
**Two or more <u>identical</u> computers<br />
**Ethernet hub or FastEthernet switch in same VLAN.<br />
<br />
*View Multicast status on server use tty2 or /opt/fog/log/multicast.log<br />
<br />
*Overall image time will be slower than unicast on same hardware and same image because unicast is gunzip(unzip) at client level, multicast in gunzip at server level. <br />
<br />
*If errors persist in test environment post log in forum.<br />
<br />
== Device Configurations ==<br />
*[[Cisco_Multi_Cast|Cisco Multicast - Layer 3]]<br />
*[[HPMulticast|HP Multicast - Layer 2&3]]<br />
*<span style="background-color:Yellow; color:Black;">Check your network settings, as of Fog v1.0.0, Fog is now using [[iPXE]] which is a different animal.</span> (includes 1.x.x)<br />
<br />
== Fog Settings ==<br />
* Fog has a few features built directly for multicasting. (r2903)<br />
*[[File:config.png]] '''Fog Configuration''' --> '''Fog Settings''' --> '''Multicast Settings'''<br />
**FOG_UDPCAST_INTERFACE -- Network connection for multicast broadcasting ['''Default: eth0''']<br />
**FOG_UDPCAST_STARTINGPORT -- PORT for multicast broadcasting ['''Default: 63100''']<br />
**FOG_MULTICAST_MAX_SESSIONS -- Max number of sessions ['''Default: 64''']<br />
**FOG_UDPCAST_MAXWAIT -- Max wait time(minutes) to wait for clients until starting (If client does not start it will be "left behind") ['''Default: 10''']<br />
**FOG_MULTICAST_ADDRESS -- Sets an alternate IP address if required (Proper format: XXX.XXX.XXX.XXX) ['''Default: 0''']<br />
**FOG_MULTICAST_PORT_OVERRIDE -- Sets a Port override if required ['''Default: 0''']<br />
**FOG_MULTICAST_DUPLEX -- Sets the desired duplex mode for your network ['''Default: Full Duplex''']<br />
<br />
== Troubleshooting == <br />
===General Troubleshooting===<br />
=== Upgrade FOG ===<br />
* As a general rule, Fog is constantly in development and constantly growing. The least you can do to help fix your Multi-Cast issues is to upgrade FOG to the latest release.<br />
* At times the developers will ask a user to upgrade to the '''"trunk"''' release and run a test. If you are one of these people you must keep in line with the upgrades and keep upgrading until the next release is issued.<br />
**'''"trunk"''' updates come at least once a day and quite possible a dozen a day.<br />
** To upgrade to trunk please see [[Upgrade_to_trunk]]<br />
<br />
===Stop Multicasting===<br />
* Stop all multitasks currently running<br />
#On your server open up terminal and kill any running udpcasts by typing<br />
#*<pre>sudo killall udp-sender</pre><br />
<br />
===Test Small Groups===<br />
*Break it down to 1 or 2 clients to help limit the possible issues that you are experiencing<br />
*It is usually found that issues stem from network switch settings and rogue DHCP servers. (i.e. '''Environmental Issues''')<br />
==== Testing 1 Client====<br />
#Now start a multicasting session using theses arguments. This will dump the logs into this file and allow a 1 minute start time for the session<br />
#*<pre>sudo udp-sender --file /opt/fog/.fogsettings --log /opt/fog/log/multicast.log --ttl 1 --nopointopoint</pre><br />
#Looking at the output you should see:<br />
#*Udp-sender xxxxxxxx<br />
#*Using [full duplex mode]<br />
#Your server is now waiting for your clients to boot<br />
#*If you receive a '''"Extra argument "/opt/fog/log/multicast.log" ignored"''' you missed a dash or something is miss spelled.<br />
#* Do a ctrl+c to stop and double check your command for syntax errors<br />
#* See [[https://www.udpcast.linux.lu/cmd.html UDPCast]] for other arguments available<br />
#Now boot up 1 client go to your ''FOG Menu'' and select debug mode.<br />
#*If debug is '''not''' located on your ''FOG Menu'' then you will need to add it. See [[FOG Menu]] (v1.3.0)<br />
#*You can also accomplish this by creating a Debug task in the Fog Web GUI and then network boot the client<br />
#*Do this on the same subnet if possible. <br />
#Type in to the client running multicast debug:<br />
#*<pre>udp-receiver</pre><br />
#On your server you should see that 1 client connected<br />
#* Then you can press any key on the client (Start client first)<br />
#On your client you should see the contents of your .fogsettings file scrolling by the screen.<br />
#* You may also see the output log in your FOG GUI under '''Log Viewer'''<br />
#Results:<br />
#*'''Success:''' Continue to section [[Multicasting#Testing_2_Clients| Testing 2 Clients]]<br />
#*'''Failed''' If it doesn't work then you need to check your switch/router/firewall settings. See [[IPXE]] and the settings suggested there.<br />
<br />
====Testing 2 Clients====<br />
*Hopefully you succeeded in testing [[Multicasting#Testing_1_Client| 1 client]] above. Now we need to test '''2 clients'''. <br />
# Start another multicast session again but this time run<br />
#*<pre>sudo udp-sender --file /opt/fog/.fogsettings --log /opt/fog/log/multicast.log --ttl 32 --nopointopoint</pre><br />
#Boot both clients in debug mode and run<br />
#*<pre>udp-receiver</pre><br />
#On your server you should see now that both clients are connected<br />
#* Then you can press any key on the client(s) (Start client(s) first)<br />
#* Then press any key on the server to start the transfer (Start server last)<br />
#Results:<br />
#*'''Success:''' If the clients display the contents of your .fogsettings file then your network and multicast settings are correct. The problem may lie within FOG configuration/settings<br />
#*'''Failed''' If it doesn't work then you need to check your switch/router/firewall settings. See [[IPXE]] and the settings suggested there.<br />
<br />
====Something else to try====<br />
OK so you should have tried testing [[Troubleshooting_a_multicast#Testing_1_Client | 1 client]] and [[Troubleshooting_a_multicast#Testing_2_Clients | 2 clients]] above <u>'''BUT'''</u> multicasting still doesn't work. Lets try one more thing.<br />
On your server run this:<br />
<pre>gunzip -c "/images/anyimagename/file" | udp-sender --min-receivers 2 --portbase 9000 \<br />
--interface $interface --half-duplex --ttl 32</pre><br />
Now boot up 2 clients in debug mode and type into the clients<br />
<br />
'''If your image is partimage'''<br />
<pre>udp-receiver --portbase 9000 --mcast-rdv-address $fogserverip | partimage -f3 -b restore /dev/sda stdin</pre><br />
<br />
'''If your image is partclone'''<br />
<pre>udp-receiver --nokbd --portbase 9000 --ttl 32 --mcast-rdv-address $fogserverip | \<br />
partclone.restore --ignore_crc -O /dev/sda<filenumber> -N -f 1</pre><br />
<br />
Hint: You might need to change /dev/sda to your correct harddrive if it's different use fdisk -l to find out.<br />
<br />
Results:<br><br />
'''Success:''' If the clients start imaging then your network and multicast settings an are correct. The problem may lie within FOG configuration/settings.<br><br />
'''Failed''' If it doesn't work then you need to check your switch/router/firewall settings. See [[IPXE]] and the settings suggested there.<br />
<br />
===Power cycle and Ethernet===<br />
*Setup task as normal.<br />
*Shutdown the hosts.<br />
*Unplug '''both''' power and ethernet cables for 10 seconds.<br />
*Plug them back in.<br />
*Boot.<br />
*Multicast starts running.<br />
<br />
*At times on particular hardware, multicast will not work due to network card not initializing properly. It's previous state will not completely clear on shutdown, but removing power forces it to clear.<br />
*Proof [http://fogproject.org/forum/threads/i-am-getting-dchp-bootp-reply-not-for-us-or-pxe-e51-no-dhcp-or-proxydhcp-offers-were-recieved.10635/#post-42294 Forum Post]<br />
<br />
===Please Wait===<br />
*Hang at the "Please Wait" screen:<br />
*Verify the host name (without DNS suffix) is listed in the /etc/hosts file to the actual IP address (not 127.0.0.1) - example: "192.168.0.77 myfogserver"<br />
*Check the MySQL details in "/opt/fog/service/etc/config.php" are correct.<br />
*If not, correct them (they should be the same as in /var/www/fog/commons/config.php) and restart the service <br />
<pre>sudo /etc/init.d/FOGMulticastManager restart</pre><br />
<br />
===Kill Multitasking===<br />
*If you wish to force kill all the multicasting sessions please do '''BOTH''' the following<br />
<br />
<br />
*Remove any sessions running in the sql database<br />
<pre><br />
mysql -u root <-p password> fog<br />
truncate table multicastSessions;<br />
truncate table multicastSessionsAssoc;<br />
exit;<br />
</pre><br />
*Stop any udp senders that may be running on the server<br />
<pre><br />
sudo service FOGMulticastManager stop<br />
sudo killall udp-sender<br />
sudo killall udp-sender<br />
sudo killall udp-sender<br />
sudo service FOGMulticastManager start<br />
</pre><br />
<br />
==STP/Portfast/RSTP/MSTP==<br />
* Sometimes unicast will work and multicast fails. You may need to check your managed switch settings.<br />
{{:STP/Portfast/RSTP/FMSTP}}<br />
<br />
===External Site Info===<br />
[[http://www.gravitycomputing.co.nz/fog-multicast-server-032/| Gravity Computing]] (0.32 only)<br />
<br />
[[http://www.digriz.org.uk/debian/freeghost| digriz]] (0.32 only)</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Multicasting&diff=12632Multicasting2020-04-06T15:37:19Z<p>SebastianRoth: </p>
<hr />
<div>Multicasting in FOG uses UDPcast to send a single image to multiple computers using only slightly more bandwidth than sending the image to a single computer or unicast. Multicasting in FOG may require special switch configuration. A multicast will not begin until all members are ready to begin by default.<br />
<br />
See also: [[Troubleshoot Downloading - Multicast]]<br />
<br />
== Queuing ==<br />
<br />
*FOG uses a simple queuing system to prevent its storage servers from being overworked. If you have a single FOG storage node in FOG with a queue size of 10, then this means that if you unicast an image to 30 computers, only the first 10 computers will be imaged. The other 20 computers will be waiting "in queue" for an open slot. What will be seen on the client side is the following:<br />
<br />
*[[File:Queue.jpg]]<br />
<br />
*This queue system allows for the IT staff to start tasks for hundreds or thousands of computers and let FOG manage the clients so the servers don't get overwhelmed with client requests.<br />
<br />
== Test Multicasting ==<br />
*Environment:<br />
**FOG server<br />
**Two or more <u>identical</u> computers<br />
**Ethernet hub or FastEthernet switch in same VLAN.<br />
<br />
*View Multicast status on server use tty2 or /opt/fog/log/multicast.log<br />
<br />
*Overall image time will be slower than unicast on same hardware and same image because unicast is gunzip(unzip) at client level, multicast in gunzip at server level. <br />
<br />
*If errors persist in test environment post log in forum.<br />
<br />
== Device Configurations ==<br />
*[[Cisco_Multi_Cast|Cisco Multicast - Layer 3]]<br />
*[[HPMulticast|HP Multicast - Layer 2&3]]<br />
*<span style="background-color:Yellow; color:Black;">Check your network settings, as of Fog v1.0.0, Fog is now using [[iPXE]] which is a different animal.</span> (includes 1.x.x)<br />
<br />
== Fog Settings ==<br />
* Fog has a few features built directly for multicasting. (r2903)<br />
*[[File:config.png]] '''Fog Configuration''' --> '''Fog Settings''' --> '''Multicast Settings'''<br />
**FOG_UDPCAST_INTERFACE -- Network connection for multicast broadcasting ['''Default: eth0''']<br />
**FOG_UDPCAST_STARTINGPORT -- PORT for multicast broadcasting ['''Default: 63100''']<br />
**FOG_MULTICAST_MAX_SESSIONS -- Max number of sessions ['''Default: 64''']<br />
**FOG_UDPCAST_MAXWAIT -- Max wait time(minutes) to wait for clients until starting (If client does not start it will be "left behind") ['''Default: 10''']<br />
**FOG_MULTICAST_ADDRESS -- Sets an alternate IP address if required (Proper format: XXX.XXX.XXX.XXX) ['''Default: 0''']<br />
**FOG_MULTICAST_PORT_OVERRIDE -- Sets a Port override if required ['''Default: 0''']<br />
**FOG_MULTICAST_DUPLEX -- Sets the desired duplex mode for your network ['''Default: Full Duplex''']<br />
<br />
== Troubleshooting == <br />
===General Troubleshooting===<br />
=== Upgrade FOG ===<br />
* As a general rule, Fog is constantly in development and constantly growing. The least you can do to help fix your Multi-Cast issues is to upgrade FOG to the latest release.<br />
* At times the developers will ask a user to upgrade to the '''"trunk"''' release and run a test. If you are one of these people you must keep in line with the upgrades and keep upgrading until the next release is issued.<br />
**'''"trunk"''' updates come at least once a day and quite possible a dozen a day.<br />
** To upgrade to trunk please see [[Upgrade_to_trunk]]<br />
<br />
===Stop Multicasting===<br />
* Stop all multitasks currently running<br />
#On your server open up terminal and kill any running udpcasts by typing<br />
#*<pre>sudo killall udp-sender</pre><br />
<br />
===Test Small Groups===<br />
*Break it down to 1 or 2 clients to help limit the possible issues that you are experiencing<br />
*It is usually found that issues stem from network switch settings and rogue DHCP servers. (i.e. '''Environmental Issues''')<br />
==== Testing 1 Client====<br />
#Now start a multicasting session using theses arguments. This will dump the logs into this file and allow a 1 minute start time for the session<br />
#*<pre>sudo udp-sender --file /opt/fog/.fogsettings --log /opt/fog/log/multicast.log --ttl 1 --nopointopoint</pre><br />
#Looking at the output you should see:<br />
#*Udp-sender xxxxxxxx<br />
#*Using [full duplex mode]<br />
#Your server is now waiting for your clients to boot<br />
#*If you receive a '''"Extra argument "/opt/fog/log/multicast.log" ignored"''' you missed a dash or something is miss spelled.<br />
#* Do a ctrl+c to stop and double check your command for syntax errors<br />
#* See [[https://www.udpcast.linux.lu/cmd.html UDPCast]] for other arguments available<br />
#Now boot up 1 client go to your ''FOG Menu'' and select debug mode.<br />
#*If debug is '''not''' located on your ''FOG Menu'' then you will need to add it. See [[FOG Menu]] (v1.3.0)<br />
#*You can also accomplish this by creating a Debug task in the Fog Web GUI and then network boot the client<br />
#*Do this on the same subnet if possible. <br />
#Type in to the client running multicast debug:<br />
#*<pre>udp-receiver</pre><br />
#On your server you should see that 1 client connected<br />
#* Then you can press any key on the client (Start client first)<br />
#On your client you should see the contents of your .fogsettings file scrolling by the screen.<br />
#* You may also see the output log in your FOG GUI under '''Log Viewer'''<br />
#Results:<br />
#*'''Success:''' Continue to section [[Multicasting#Testing_2_Clients| Testing 2 Clients]]<br />
#*'''Failed''' If it doesn't work then you need to check your switch/router/firewall settings. See [[IPXE]] and the settings suggested there.<br />
<br />
====Testing 2 Clients====<br />
*Hopefully you succeeded in testing [[Multicasting#Testing_1_Client| 1 client]] above. Now we need to test '''2 clients'''. <br />
# Start another multicast session again but this time run<br />
#*<pre>sudo udp-sender --file /opt/fog/.fogsettings --log /opt/fog/log/multicast.log --ttl 32 --nopointopoint</pre><br />
#Boot both clients in debug mode and run<br />
#*<pre>udp-receiver</pre><br />
#On your server you should see now that both clients are connected<br />
#* Then you can press any key on the client(s) (Start client(s) first)<br />
#* Then press any key on the server to start the transfer (Start server last)<br />
#Results:<br />
#*'''Success:''' If the clients start imaging then your network and multicast settings an are correct. The problem may lie within FOG configuration/settings<br />
#*'''Failed''' If it doesn't work then you need to check your switch/router/firewall settings. See [[IPXE]] and the settings suggested there.<br />
<br />
====Something else to try====<br />
OK so you should have tried testing [[Troubleshooting_a_multicast#Testing_1_Client | 1 client]] and [[Troubleshooting_a_multicast#Testing_2_Clients | 2 clients]] above <u>'''BUT'''</u> multicasting still doesn't work. Lets try one more thing.<br />
On your server run this:<br />
<pre>gunzip -c "/images/anyimagename/file" | udp-sender --min-receivers 2 --portbase 9000 \<br />
--interface $interface --half-duplex --ttl 32</pre><br />
Now boot up 2 clients in debug mode and type into the clients<br />
<br />
'''If your image is partimage'''<br />
<pre>udp-receiver --portbase 9000 --mcast-rdv-address $fogserverip | partimage -f3 -b restore /dev/sda stdin</pre><br />
<br />
'''If your image is partclone'''<br />
<pre>udp-receiver --nokbd --portbase 9000 --ttl 32 --mcast-rdv-address $fogserverip | \<br />
partclone.restore --ignore_crc -O /dev/sda<filenumber> -N -f 1</pre><br />
<br />
Hint: You might need to change /dev/sda to your correct harddrive if it's different use fdisk -l to find out.<br />
<br />
Results:<br><br />
'''Success:''' If the clients start imaging then your network and multicast settings an are correct. The problem may lie within FOG configuration/settings.<br><br />
'''Failed''' If it doesn't work then you need to check your switch/router/firewall settings. See [[IPXE]] and the settings suggested there.<br />
<br />
===Power cycle and Ethernet===<br />
*Setup task as normal.<br />
*Shutdown the hosts.<br />
*Unplug '''both''' power and ethernet cables for 10 seconds.<br />
*Plug them back in.<br />
*Boot.<br />
*Multicast starts running.<br />
<br />
*At times on particular hardware, multicast will not work due to network card not initializing properly. It's previous state will not completely clear on shutdown, but removing power forces it to clear.<br />
*Proof [http://fogproject.org/forum/threads/i-am-getting-dchp-bootp-reply-not-for-us-or-pxe-e51-no-dhcp-or-proxydhcp-offers-were-recieved.10635/#post-42294 Forum Post]<br />
<br />
===Please Wait===<br />
*Hang at the "Please Wait" screen:<br />
*Verify the host name (without DNS suffix) is listed in the /etc/hosts file to the actual IP address (not 127.0.0.1) - example: "192.168.0.77 myfogserver"<br />
*Check the MySQL details in "/opt/fog/service/etc/config.php" are correct.<br />
*If not, correct them (they should be the same as in /var/www/fog/commons/config.php) and restart the service <br />
<pre>sudo /etc/init.d/FOGMulticastManager restart</pre><br />
<br />
===Kill Multitasking===<br />
*If you wish to force kill all the multicasting sessions please do '''BOTH''' the following<br />
<br />
<br />
*Remove any sessions running in the sql database<br />
<pre><br />
mysql -u root <-p password> fog<br />
truncate table multicastSessions;<br />
truncate table multicastSessionsAssoc;<br />
exit;<br />
</pre><br />
*Stop any udp senders that may be running on the server<br />
<pre><br />
sudo service FOGMulticastManager stop<br />
sudo killall udp-sender<br />
sudo killall udp-sender<br />
sudo killall udp-sender<br />
sudo service FOGMulticastManager start<br />
</pre><br />
<br />
==STP/Portfast/RSTP/MSTP==<br />
* Sometimes unicast will work and multicast fails. You may need to check your managed switch settings.<br />
{{:STP/Portfast/RSTP/FMSTP}}<br />
<br />
===External Site Info===<br />
[[http://www.gravitycomputing.co.nz/fog-multicast-server-032/| Gravity Computing]] (0.32 only)<br />
<br />
[[http://www.digriz.org.uk/debian/freeghost| digriz]] (0.32 only)</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=FOG_Client&diff=12631FOG Client2020-03-06T11:31:04Z<p>SebastianRoth: /* Installing - Linux */</p>
<hr />
<div>This article applies to the new FOG Client, version 0.10+<br />
<br />
== The Different Installers ==<br />
<br />
The different installers are located in your FOG server's web interface. The link is always at the very bottom of every page, even if you're not logged into the fog server.<br />
<br />
[[File:Fog client link.png]]<br />
<br />
[[File:New FOGClient download link.png]]<br />
<br />
'''FOGService.msi''' - Windows only, and is ideal for network deployment.<br />
<br />
'''SmartInstaller.exe''' - This is the new default installer. It will work on all platforms.<br />
<br />
'''Debugger.exe''' - This is not listed in the web interface but is available from github [https://github.com/FOGProject/fog-client/releases here]. Only use this when the above two are not working. This build has more detailed logs that you can use for troubleshooting or a bug report.<br />
<br />
== Installing - Windows ==<br />
<br />
'''Prerequisites'''<br />
* .NET Framework version 4.0+ (Note: .NET 4 client profile will NOT work)<br />
You can download the framework from here: <br />
<br />
[https://www.microsoft.com/en-us/download/details.aspx?id=40779 Microsoft .NET Framework 4.5.1 (Offline Installer) for Windows Vista SP2, Windows 7 SP1, Windows 8, Windows Server 2008 SP2 Windows Server 2008 R2 SP1 and Windows Server 2012]<br />
<br />
Windows 10 comes with a version of .Net that will work.<br />
<br />
'''Installation'''<br />
* May use SmartInstaller or msi. Simply download either one of them and run.<br />
* Reboot to complete installation.<br />
<br />
'''Limitations'''<br />
* CUPS printers are not yet supported<br />
<br />
== Installing - Linux ==<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
* xprintidle - This dependency is optional. If not installed AutoLogOut will not run. xprintidle basically just returns the idle time of an x window, therefore on a system without a GUI it is not needed and should not be installed. It should be available in standard package managers. E.G. apt-get, yum, or dnf<br />
<br />
=== Installing Mono ===<br />
<br />
Many distributions come with an out of date version of mono in their package manager. Therefore, do not attempt to install via your package manager without the below modifications or take a look at the instructions found on their website: https://www.mono-project.com/download/stable/#download-lin-centos<br />
<br />
'''Debian:'''<br />
<pre><br />
sudo apt install apt-transport-https dirmngr gnupg ca-certificates<br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb https://download.mono-project.com/repo/debian stable-buster main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list<br />
sudo apt update<br />
sudo apt install mono-complete<br />
</pre><br />
<br />
'''Ubuntu:'''<br />
<pre><br />
sudo apt install gnupg ca-certificates<br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list<br />
sudo apt update<br />
sudo apt install mono-complete<br />
</pre><br />
<br />
'''CentOS'''<br />
<pre><br />
rpmkeys --import "http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef"<br />
su -c 'curl https://download.mono-project.com/repo/centos8-stable.repo | tee /etc/yum.repos.d/mono-centos8-stable.repo'<br />
yum install mono-complete<br />
</pre><br />
<br />
'''openSUSE and SLES'''<br />
<br />
You can install mono using SUSE One-Click files: [http://download.mono-project.com/repo/mono-complete.ymp http://download.mono-project.com/repo/mono-complete.ymp]<br />
<br />
'''others'''<br />
<br />
The FOG Client can be installed on any platform that can run the latest stable build of mono. To install:<br />
<br />
* Check your package manager for <font color="red">mono-complete</font>. After installing it run <font color="red">mono --version</font>. Ensure the version is at least 4.2._ . If it not, remove the package.<br />
* If your package manager had an old version of mono, see [http://www.mono-project.com/docs/compiling-mono/linux/ here] for how to compile mono<br />
<br />
If your system either has systemd or initd the client will be automatically configured to run on startup. If your system does not have either, you will need to configure your system to run the manual start command below on startup.<br />
<br />
To manually start and stop the service:<br />
<br />
<pre><br />
sudo /opt/fog-service/control.sh start<br />
</pre><br />
<pre><br />
sudo /opt/fog-service/control.sh stop<br />
</pre><br />
<br />
<br />
=== Installing fog-client SmartInstaller ===<br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo systemctl start FOGService<br />
</pre><br />
<pre><br />
sudo systemctl stop FOGService<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo systemctl stop FOGService<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
<br />
=== Limitations ===<br />
* The FOG Tray is currently incompatible on linux systems. Regardless of what you set during installation, it will not run.<br />
* The following modules / features are not yet supported<br />
** Active Directory joining<br />
** PrinterManager<br />
<br />
== Installing - OSX ==<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
<br />
'''Installing Mono'''<br />
* If you are running El Capitan, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono Universal Installer</font> <br />
* Otherwise, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono 32-bit</font> <br />
<br />
'''Installation'''<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
* Reboot the system to complete the installation.<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo launchctl load -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
'''Limitations'''<br />
* The follow modules / features are not yet supported<br />
** PrinterManager<br />
<br />
'''Logging'''<br />
<br />
You can find the client log file in /opt/fog-service/fog.log<br />
<br />
== Additional Details ==<br />
<br />
=== Features overview ===<br />
<br />
<br />
The purpose of the FOG Client is multi-fold.<br />
<br />
The client allows the host to automatically:<br />
* Auto logout -- Enables auto logout of users if inactive for specified period of time. 5 minute's is the minimum time as all others are way too soon, sometimes people may just be on a phone, or had to step out for a bathroom break.<br />
<br />
* Client Updater -- (Only on legacy clients) Allows the client to update it's modules if you had to customize things, or found a more recent build was needed for your environment.<br />
<br />
* Directory Cleaner -- (Only on legacy clients -- Only worked with Windows XP) Enables the client to remove directories on the host automatically. It lost operation after Windows XP due to UAC controls and better security mechanisms especially needed. Removed completely from the New client.<br />
<br />
* Display Manager -- Enables the client to adjust the resolution of the system on a per system basis, or global basis.<br />
<br />
* Power Management -- Allows you to specify a shutdown, WOL, or restart on a per-host basis. Format for the scheduling is CRON, and can be done on an individual host or through groups. There is no limit to the number of scheduled power tasks.<br />
<br />
* Host Registration -- Registers additional mac addresses to a pre-existing host if registered. The New client will also register the host under a pending status if the host is not already registered.<br />
<br />
* Hostname Changer -- Changes the hostname and joins the domain automatically.<br />
<br />
* Printer Manager -- Manages Printers for the host. Legacy client only added printer or added/removed printers. The No management for both new and legacy simply does nothing. Will remove all printers under Add/Remove type and only add back the printers as needed (Only Assigned Printers). Under Add Only (now FOG Managed Printers) only manages printers that are listed under the printer's GUI and those that are assigned to that host. In legacy client, it only added printers and never removed. Under the new client, it will ONLY manage printers assigned meaning if you remove a printer from a host, the new client will remove that printer.<br />
<br />
* Snapins -- Allows you to install programs or run scripts on the host similar to GPO or PDQDeploy.<br />
<br />
* Task Reboot -- This will just check if the client is in a tasking (other than a snapin tasking). If it is in a tasking, and the module is enabled, the host will be told to reboot. There is a third portion though in that if the user is logged in, and enforce is not enabled nothing will happen.<br />
<br />
* User Cleanup -- (Legacy clients only and again only on Windows XP). Works similar to Directory Cleanup but the entries you make are "safe" user profiles. If the user is not under this listing, it will be deleted. Will not work with the new client, and even legacy clients will not work on anything beyond Windows XP due to UAC and Interactive Service utilities.<br />
<br />
* User Tracker -- Just tracks who logs in/out of a client.<br />
<br />
=== Polling Behavior ===<br />
<br />
The new FOG Client found in FOG 1.3.0 and the Legacy FOG Client both rely on polling to get instructions. This means the FOG Client will regularly check with the specified FOG Server for settings and tasks. The New FOG Client's polling frequency can be adjusted in the FOG Web interface, by going to <font color="red">FOG Configuration -> FOG Settings -> FOG Client -> FOG_CLIENT_CHECKIN_TIME</font>. The minimum value is 30 seconds, anything specified lower than this will result in the FOG Client using 30 second polling intervals.<br />
<br />
The checkin-time is not rigid. There is an automatic and random staggering that is added to the checkin time. This prevents a large number of FOG Clients checking in at once in the event that all computers are started at the same time via WOL tasks.<br />
<br />
The frequency of the checkin-time determines how quickly the FOG Client will receive instructions from the FOG Server. If an image deployment is scheduled for a computer that is turned on, with a checkin-time of 60 seconds, means the FOG Client may begin initiating the task anywhere from 0 to 60 seconds + the random staggering time that is added. This same concept would apply to immediate power management tasks, snapin tasks, capture tasks, and so on. Scheduled tasks are not affected by this behavior, and if the target system is on when the scheduled task is to be ran, this will happen on time.<br />
<br />
=== Security Design ===<br />
<br />
Communications between the FOG Client (0.9.9+) and the FOG Server (1.3.0+) are secured using public key infrastructure.<br />
<br />
A Certificate Authority and private key is generated on the FOG server during first installation in this location:<br />
<br />
<pre>/opt/fog/snapins/ssl</pre><br />
<br />
The public certificate is generally located here:<br />
<pre>/var/www/html/fog/management/other/ssl</pre><br />
<br />
The client installs your servers’ certificate and the FOG Project certificate.<br />
<br />
The “FOG Project” CA (made by the FOG Project) serves two purposes:<br />
<br />
*SYSTEM level services need to be digitally signed otherwise windows will throw security errors. This can also be used to ensure no tampering was done with the client files<br />
<br />
*That certificate is used to “verify” upgrades. Lets say we release a patch for the client, the client will download the MSI from your server and check if it was signed by us. If the MSI was somehow tampered, the digital signature would no longer be valid.<br />
<br />
Using HTTP over HTTPS has no security benefit to the client. Why? Because all traffic is already encrypted. Here’s a very basic overview of how the new client communicates<br />
<br />
*Each client has a security token. This is used to prove to the server that the client is the actual host and not an impersonator. This token gets cycled constantly. When the client first makes contact, it encrypts its token and a proposed AES 256 key using RSA 4096 using your server’s public key. This public key is verified against the pinned server CA certificate by checking the x509 chain and fingerprints.<br />
<br />
*If the server accepts the security token and the new AES key, all traffic from that point on is AES 256 encrypted using that securely transmitted key.<br />
<br />
The whole point of our security model is to allow for secure communication over insecure medians.<br />
Even then, the client installation has an HTTPS option, but it serves no real security benefit.<br />
<br />
References: <br />
<br />
[https://forums.fogproject.org/topic/6325/invalid-security-token-without-any-security-tokens-being-set-also-ca-ssl-security-concerns/6 CA SSL security concerns]<br />
<br />
[https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Certificate and Public Key Pinning]<br />
<br />
[https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Certificate_and_Public_Key_Pinning Transport_Layer_Protection_Cheat_Sheet]<br />
<br />
==== Reset encryption data ====<br />
<br />
This pertains to the new fog client available in FOG 1.3.0 and above, and does not apply to the legacy fog client that was available in 1.2.0 and below.<br />
<br />
The "Reset encryption data" button can be found in an individual host's "General" area. You may also find this button in Groups "General" area. The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host or group of hosts.<br />
<br />
Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).<br />
<br />
In order to have encrypted traffic, the handshake must occur. During the handshake the server proves its identity to the client, and the client proves its identity to the server (using the security token). If the handshake fails (due to a bad security token), encryption cannot occur.<br />
<br />
The most common scenario where the security tokens for a client will be incorrect is if you manually uninstall a client, and then install it.<br />
<br />
If your Web interface is functional, you may place all computers into a group, and use the group to reset encryption on all hosts by simply clicking the "Reset encryption" button on the group's basic page. If you're web interface isn't working correctly and you need to manually reset the encryption for all hosts, you may follow the below steps.<br />
<br />
<pre><br />
mysql<br />
use fog<br />
UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";<br />
</pre><br />
<br />
<br />
=== Maintain Control Of Hosts When Building New Server ===<br />
<br />
Related Article: [[Migrate FOG]]<br />
<br />
This section only applies if your hosts have the new FOG client installed. The new FOG Client has been available in FOG since FOG 1.3.0.<br />
<br />
Because of the security model of FOG 1.3.0 and the new client, without the proper CA and ssl certificates present on a new fog server, any currently deployed hosts with the new fog client installed will ignore the new server and not accept commands from it. This is by design.<br />
<br />
In order to maintain control of existing hosts with existing new fog client deployments, you must copy this directory from the old server to the new server:<br />
<br />
* <font color="red">/opt/fog/snapins/ssl</font><br />
<br />
Copy the directory to a temporary location first. I would suggest <font color="red">/root</font><br />
<br />
<pre>cp -R /opt/fog/snapins/ssl /root</pre><br />
<br />
Then you can use scp to copy the directory (or some other method) to your new fog server. Run the below command from the '''old''' server, Where x.x.x.x is the new fog server's address:<br />
<br />
<pre>scp -rp /opt/fog/snapins/ssl root@x.x.x.x:/root</pre><br />
<br />
Or, the reverse. Run the below command from the '''new''' server, where x.x.x.x is the old fog server's address.<br />
<br />
<pre>scp -rp root@x.x.x.x:/opt/fog/snapins/ssl /root</pre><br />
<br />
Next, install fog. After the installation is complete, delete the ssl folder the installer made, and place your old ssl (from /root that you copied) in there. The ownership should be fogproject:apache on Red-Hat variants, should be fogproject:www-data on Debian variants. <font color="red">IMPORTANT:</font> Then '''re-run the installer.''' Instructions for the folder manipulation are below, assuming you followed the above instructions. On the '''new''' server:<br />
<br />
<pre><br />
rm -rf /opt/fog/snapins/ssl<br />
cp -R /root/ssl /opt/fog/snapins/ssl<br />
chown -R fogproject:apache /opt/fog/snapins/ssl #or fogproject:www-data for ubuntu and debian<br />
</pre><br />
<br />
If you do not care about maintaining control of existing hosts with existing new fog client deployments (because there is only 1 or 2), you can recreate your CA with the -C argument during installation: <br />
<br />
<pre>./installfog.sh -C</pre><br />
<br />
<font color="red">Note:</font> Recreating the CA (<font color="red">--recreate-CA</font> or <font color="red"> -C</font>) is '''very strongly advised against''' if you have many clients deployed already, because it resets the identity of the FOG Server. This causes all fog clients to distrust the server, and will require total reinstallation of all fog clients in an environment. However, you may recreate the keys (<font color="red">--recreate-keys</font>) safely and be able to still control the fog clients.<br />
<br />
=== FOG Client 0.10.0+ Installation Options ===<br />
<br />
==== Smart Installer ====<br />
<br />
SmartInstaller Switches<br />
<br />
All switches with <font color="red">--{OPTION}</font> can also be used as <font color="red">/{OPTION}</font><br />
<br />
* <font color="red">--server=</font> Specify the server address. Default is fogserver<br />
* <font color="red">--webroot=</font> Specify the webroot. Default is /fog<br />
* <font color="red">-h</font> or <font color="red">-https</font> Use https for server communication<br />
* <font color="red">-r</font> or <font color="red">-rootlog</font> Put fog.log in the root of the filesystem<br />
* <font color="red">-s</font> or <font color="red">--start</font> Automatically start the service after installation. Linux only<br />
* <font color="red">-t</font> or <font color="red">--tray</font> Enabled the FOG Tray and notifications - Windows and OSX only.<br />
* <font color="red">-u</font> or <font color="red">--uninstall</font> Uninstall the client<br />
* <font color="red">--upgrade</font> Upgrade the client<br />
* <font color="red">-l=</font> or <font color="red">--log=</font> Specify where to put the SmartInstaller log<br />
<br />
Reference: [https://news.fogproject.org/fog-client-v0-11-0-released-2/ https://news.fogproject.org/fog-client-v0-11-0-released-2/]<br />
<br />
==== MSI Switches ====<br />
<br />
<font color="red">msiexec /i FOGService.msi /quiet USETRAY="0" HTTPS="0" WEBADDRESS="192.168.1.X" WEBROOT="/fog" ROOTLOG="0"</font><br />
<br />
Firstly, all options are optional. Here’s what they all do:<br />
<br />
* <font color="red">USETRAY=</font> defaults to <font color="red">"1"</font>, if <font color="red">"0"</font> the tray will be hidden<br />
<br />
* <font color="red">HTTPS=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the client will use HTTPS (not recommended)<br />
<br />
* <font color="red">WEBADDRESS=</font> defaults to <font color="red">"fogserver"</font>, this is the ip/dns name of your server<br />
<br />
* <font color="red">WEBROOT=</font> defaults to <font color="red">"/fog"</font><br />
<br />
* <font color="red">ROOTLOG=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the fog.log will be at C:\fog.log, otherwise %PROGRAMFILES%\FOG\fog.log<br />
<br />
Reference: [https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2 https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2]<br />
<br />
=== FOG Client with Sysprep ===<br />
<br />
If you plan to use Sysprep before image capture and are also planning to use the FOG Client, You '''must''' disable the <font color="red">FOGService</font> service from running at boot before you Sysprep to take your image, and then re-enable it within your <font color="red">SetupComplete.cmd</font> file so that it is re-enabled '''after''' the image deployment is complete.<br />
<br />
Failing to do so will break the Sysprep post-deployment process with an error message that says "Windows Setup could not configure Windows to run on this computer’s hardware.”<br />
<br />
* Disable FOGService: <font color="red">Windows Control Pannel -> View by Small Icons -> Administrative Tools -> Services -> Right click FOGService -> Properties -> Startup Type -> Disabled</font><br />
<br />
* Re-enable FOGService post-imaging:<br />
<br />
Create the below file.<br />
<br />
<font color="red">C:\Windows\Setup\scripts\SetupComplete.cmd</font><br />
<br />
Place these lines within the file, and then save.<br />
<br />
<pre>sc config FOGService start= delayed-auto<br />
shutdown -t 0 -r</pre><br />
<br />
As the filename indicates, the script is called by windows after an image is deployed and post-sysprep operations are complete. It will re-enable the FOGService and then reboot the computer gracefully. After the computer reboots, the FOGService will start automatically and rename the computer if necessary, reboot if necessary, join the domain and reboot if necessary, and then perform any associated snapins.<br />
<br />
<font color="red">Note:</font> SetupComplete.cmd will not automatically run on OEM versions of windows, but will automatically run on Non-OEM versions of Windows. If you're using an OEM copy, you can use firstlogoncommands in unattend.xml to call SetupComplete.cmd<br />
<br />
<br />
An example of the firstlogincommands might be:<br />
<pre><component name=“Microsoft-Windows-Shell-Setup” processorArchitecture=“amd64” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” xmlns:wcm=“http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”><br />
<FirstLogonCommands><br />
<SynchronousCommand wcm:action=“add”><br />
<Description>SetupComplete</Description><br />
<Order>1</Order><br />
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine><br />
<RequiresUserInput>false</RequiresUserInput><br />
</SynchronousCommand><br />
</FirstLogonCommands></pre><br />
<br />
=== More Information ===<br />
<br />
More information about the fog client can be found here: [https://github.com/FOGProject/fog-client https://github.com/FOGProject/fog-client]</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=FOG_Client&diff=12630FOG Client2020-03-06T11:21:44Z<p>SebastianRoth: /* CentOS 7, Fedora 19+, and derivatives */</p>
<hr />
<div>This article applies to the new FOG Client, version 0.10+<br />
<br />
== The Different Installers ==<br />
<br />
The different installers are located in your FOG server's web interface. The link is always at the very bottom of every page, even if you're not logged into the fog server.<br />
<br />
[[File:Fog client link.png]]<br />
<br />
[[File:New FOGClient download link.png]]<br />
<br />
'''FOGService.msi''' - Windows only, and is ideal for network deployment.<br />
<br />
'''SmartInstaller.exe''' - This is the new default installer. It will work on all platforms.<br />
<br />
'''Debugger.exe''' - This is not listed in the web interface but is available from github [https://github.com/FOGProject/fog-client/releases here]. Only use this when the above two are not working. This build has more detailed logs that you can use for troubleshooting or a bug report.<br />
<br />
== Installing - Windows ==<br />
<br />
'''Prerequisites'''<br />
* .NET Framework version 4.0+ (Note: .NET 4 client profile will NOT work)<br />
You can download the framework from here: <br />
<br />
[https://www.microsoft.com/en-us/download/details.aspx?id=40779 Microsoft .NET Framework 4.5.1 (Offline Installer) for Windows Vista SP2, Windows 7 SP1, Windows 8, Windows Server 2008 SP2 Windows Server 2008 R2 SP1 and Windows Server 2012]<br />
<br />
Windows 10 comes with a version of .Net that will work.<br />
<br />
'''Installation'''<br />
* May use SmartInstaller or msi. Simply download either one of them and run.<br />
* Reboot to complete installation.<br />
<br />
'''Limitations'''<br />
* CUPS printers are not yet supported<br />
<br />
== Installing - Linux ==<br />
<br />
Installation instructions derived from [http://www.mono-project.com/docs/getting-started/install/linux/ http://www.mono-project.com/docs/getting-started/install/linux/]<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
* xprintidle - This dependency is optional. If not installed AutoLogOut will not run. xprintidle basically just returns the idle time of an x window, therefore on a system without a GUI it is not needed and should not be installed. It should be available in standard package managers. E.G. apt-get, yum, or dnf<br />
<br />
'''Installing Mono'''<br />
Many distributions come with an out of date version of mono in their package manager. Therefore, do not attempt to install via your package manager without the below modifications<br />
<br />
=== Debian 8+, Ubuntu 13.10+, and derivatives ===<br />
<br />
To install:<br />
<br />
<pre><br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list<br />
sudo apt-get update<br />
sudo apt-get install mono-complete<br />
sudo apt-get install xprintidle<br />
</pre><br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo service FOGService start<br />
</pre><br />
<pre><br />
sudo service FOGService stop<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo service FOGService stop<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== CentOS 7, Fedora 19+, and derivatives ===<br />
<br />
* To install Mono repo follow the instructions found on their website: https://www.mono-project.com/download/stable/#download-lin-centos<br />
CentOS 8 (for 7 just change the number in the URL):<br />
<pre><br />
rpmkeys --import "http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef"<br />
su -c 'curl https://download.mono-project.com/repo/centos8-stable.repo | tee /etc/yum.repos.d/mono-centos8-stable.repo'<br />
yum install mono-complete<br />
</pre><br />
Debian 10:<br />
<pre><br />
sudo apt install apt-transport-https dirmngr gnupg ca-certificates<br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb https://download.mono-project.com/repo/debian stable-buster main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list<br />
sudo apt update<br />
sudo apt install mono-complete<br />
</pre><br />
Ubuntu 18.04:<br />
<pre><br />
sudo apt install gnupg ca-certificates<br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list<br />
sudo apt update<br />
sudo apt install mono-complete<br />
</pre><br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo systemctl start FOGService<br />
</pre><br />
<pre><br />
sudo systemctl stop FOGService<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo systemctl stop FOGService<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== openSUSE and SLES ===<br />
<br />
You can install mono using SUSE One-Click files: [http://download.mono-project.com/repo/mono-complete.ymp http://download.mono-project.com/repo/mono-complete.ymp]<br />
<br />
=== Other ===<br />
<br />
The FOG Client can be installed on any platform that can run the latest stable build of mono.<br />
<br />
To install:<br />
<br />
* Check your package manager for <font color="red">mono-complete</font>. After installing it run <font color="red">mono --version</font>. Ensure the version is at least 4.2._ . If it not, remove the package.<br />
* If your package manager had an old version of mono, see [http://www.mono-project.com/docs/compiling-mono/linux/ here] for how to compile mono<br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
If your system either has systemd or initd the client will be automatically configured to run on startup. If your system does not have either, you will need to configure your system to run the manual start command below on startup.<br />
<br />
To manually start and stop the service:<br />
<br />
<pre><br />
sudo /opt/fog-service/control.sh start<br />
</pre><br />
<pre><br />
sudo /opt/fog-service/control.sh stop<br />
</pre><br />
<br />
===Limitations===<br />
* The FOG Tray is currently incompatible on linux systems. Regardless of what you set during installation, it will not run.<br />
* The following modules / features are not yet supported<br />
** Active Directory joining<br />
** PrinterManager<br />
<br />
== Installing - OSX ==<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
<br />
'''Installing Mono'''<br />
* If you are running El Capitan, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono Universal Installer</font> <br />
* Otherwise, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono 32-bit</font> <br />
<br />
'''Installation'''<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
* Reboot the system to complete the installation.<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo launchctl load -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
'''Limitations'''<br />
* The follow modules / features are not yet supported<br />
** PrinterManager<br />
<br />
'''Logging'''<br />
<br />
You can find the client log file in /opt/fog-service/fog.log<br />
<br />
== Additional Details ==<br />
<br />
=== Features overview ===<br />
<br />
<br />
The purpose of the FOG Client is multi-fold.<br />
<br />
The client allows the host to automatically:<br />
* Auto logout -- Enables auto logout of users if inactive for specified period of time. 5 minute's is the minimum time as all others are way too soon, sometimes people may just be on a phone, or had to step out for a bathroom break.<br />
<br />
* Client Updater -- (Only on legacy clients) Allows the client to update it's modules if you had to customize things, or found a more recent build was needed for your environment.<br />
<br />
* Directory Cleaner -- (Only on legacy clients -- Only worked with Windows XP) Enables the client to remove directories on the host automatically. It lost operation after Windows XP due to UAC controls and better security mechanisms especially needed. Removed completely from the New client.<br />
<br />
* Display Manager -- Enables the client to adjust the resolution of the system on a per system basis, or global basis.<br />
<br />
* Power Management -- Allows you to specify a shutdown, WOL, or restart on a per-host basis. Format for the scheduling is CRON, and can be done on an individual host or through groups. There is no limit to the number of scheduled power tasks.<br />
<br />
* Host Registration -- Registers additional mac addresses to a pre-existing host if registered. The New client will also register the host under a pending status if the host is not already registered.<br />
<br />
* Hostname Changer -- Changes the hostname and joins the domain automatically.<br />
<br />
* Printer Manager -- Manages Printers for the host. Legacy client only added printer or added/removed printers. The No management for both new and legacy simply does nothing. Will remove all printers under Add/Remove type and only add back the printers as needed (Only Assigned Printers). Under Add Only (now FOG Managed Printers) only manages printers that are listed under the printer's GUI and those that are assigned to that host. In legacy client, it only added printers and never removed. Under the new client, it will ONLY manage printers assigned meaning if you remove a printer from a host, the new client will remove that printer.<br />
<br />
* Snapins -- Allows you to install programs or run scripts on the host similar to GPO or PDQDeploy.<br />
<br />
* Task Reboot -- This will just check if the client is in a tasking (other than a snapin tasking). If it is in a tasking, and the module is enabled, the host will be told to reboot. There is a third portion though in that if the user is logged in, and enforce is not enabled nothing will happen.<br />
<br />
* User Cleanup -- (Legacy clients only and again only on Windows XP). Works similar to Directory Cleanup but the entries you make are "safe" user profiles. If the user is not under this listing, it will be deleted. Will not work with the new client, and even legacy clients will not work on anything beyond Windows XP due to UAC and Interactive Service utilities.<br />
<br />
* User Tracker -- Just tracks who logs in/out of a client.<br />
<br />
=== Polling Behavior ===<br />
<br />
The new FOG Client found in FOG 1.3.0 and the Legacy FOG Client both rely on polling to get instructions. This means the FOG Client will regularly check with the specified FOG Server for settings and tasks. The New FOG Client's polling frequency can be adjusted in the FOG Web interface, by going to <font color="red">FOG Configuration -> FOG Settings -> FOG Client -> FOG_CLIENT_CHECKIN_TIME</font>. The minimum value is 30 seconds, anything specified lower than this will result in the FOG Client using 30 second polling intervals.<br />
<br />
The checkin-time is not rigid. There is an automatic and random staggering that is added to the checkin time. This prevents a large number of FOG Clients checking in at once in the event that all computers are started at the same time via WOL tasks.<br />
<br />
The frequency of the checkin-time determines how quickly the FOG Client will receive instructions from the FOG Server. If an image deployment is scheduled for a computer that is turned on, with a checkin-time of 60 seconds, means the FOG Client may begin initiating the task anywhere from 0 to 60 seconds + the random staggering time that is added. This same concept would apply to immediate power management tasks, snapin tasks, capture tasks, and so on. Scheduled tasks are not affected by this behavior, and if the target system is on when the scheduled task is to be ran, this will happen on time.<br />
<br />
=== Security Design ===<br />
<br />
Communications between the FOG Client (0.9.9+) and the FOG Server (1.3.0+) are secured using public key infrastructure.<br />
<br />
A Certificate Authority and private key is generated on the FOG server during first installation in this location:<br />
<br />
<pre>/opt/fog/snapins/ssl</pre><br />
<br />
The public certificate is generally located here:<br />
<pre>/var/www/html/fog/management/other/ssl</pre><br />
<br />
The client installs your servers’ certificate and the FOG Project certificate.<br />
<br />
The “FOG Project” CA (made by the FOG Project) serves two purposes:<br />
<br />
*SYSTEM level services need to be digitally signed otherwise windows will throw security errors. This can also be used to ensure no tampering was done with the client files<br />
<br />
*That certificate is used to “verify” upgrades. Lets say we release a patch for the client, the client will download the MSI from your server and check if it was signed by us. If the MSI was somehow tampered, the digital signature would no longer be valid.<br />
<br />
Using HTTP over HTTPS has no security benefit to the client. Why? Because all traffic is already encrypted. Here’s a very basic overview of how the new client communicates<br />
<br />
*Each client has a security token. This is used to prove to the server that the client is the actual host and not an impersonator. This token gets cycled constantly. When the client first makes contact, it encrypts its token and a proposed AES 256 key using RSA 4096 using your server’s public key. This public key is verified against the pinned server CA certificate by checking the x509 chain and fingerprints.<br />
<br />
*If the server accepts the security token and the new AES key, all traffic from that point on is AES 256 encrypted using that securely transmitted key.<br />
<br />
The whole point of our security model is to allow for secure communication over insecure medians.<br />
Even then, the client installation has an HTTPS option, but it serves no real security benefit.<br />
<br />
References: <br />
<br />
[https://forums.fogproject.org/topic/6325/invalid-security-token-without-any-security-tokens-being-set-also-ca-ssl-security-concerns/6 CA SSL security concerns]<br />
<br />
[https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Certificate and Public Key Pinning]<br />
<br />
[https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Certificate_and_Public_Key_Pinning Transport_Layer_Protection_Cheat_Sheet]<br />
<br />
==== Reset encryption data ====<br />
<br />
This pertains to the new fog client available in FOG 1.3.0 and above, and does not apply to the legacy fog client that was available in 1.2.0 and below.<br />
<br />
The "Reset encryption data" button can be found in an individual host's "General" area. You may also find this button in Groups "General" area. The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host or group of hosts.<br />
<br />
Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).<br />
<br />
In order to have encrypted traffic, the handshake must occur. During the handshake the server proves its identity to the client, and the client proves its identity to the server (using the security token). If the handshake fails (due to a bad security token), encryption cannot occur.<br />
<br />
The most common scenario where the security tokens for a client will be incorrect is if you manually uninstall a client, and then install it.<br />
<br />
If your Web interface is functional, you may place all computers into a group, and use the group to reset encryption on all hosts by simply clicking the "Reset encryption" button on the group's basic page. If you're web interface isn't working correctly and you need to manually reset the encryption for all hosts, you may follow the below steps.<br />
<br />
<pre><br />
mysql<br />
use fog<br />
UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";<br />
</pre><br />
<br />
<br />
=== Maintain Control Of Hosts When Building New Server ===<br />
<br />
Related Article: [[Migrate FOG]]<br />
<br />
This section only applies if your hosts have the new FOG client installed. The new FOG Client has been available in FOG since FOG 1.3.0.<br />
<br />
Because of the security model of FOG 1.3.0 and the new client, without the proper CA and ssl certificates present on a new fog server, any currently deployed hosts with the new fog client installed will ignore the new server and not accept commands from it. This is by design.<br />
<br />
In order to maintain control of existing hosts with existing new fog client deployments, you must copy this directory from the old server to the new server:<br />
<br />
* <font color="red">/opt/fog/snapins/ssl</font><br />
<br />
Copy the directory to a temporary location first. I would suggest <font color="red">/root</font><br />
<br />
<pre>cp -R /opt/fog/snapins/ssl /root</pre><br />
<br />
Then you can use scp to copy the directory (or some other method) to your new fog server. Run the below command from the '''old''' server, Where x.x.x.x is the new fog server's address:<br />
<br />
<pre>scp -rp /opt/fog/snapins/ssl root@x.x.x.x:/root</pre><br />
<br />
Or, the reverse. Run the below command from the '''new''' server, where x.x.x.x is the old fog server's address.<br />
<br />
<pre>scp -rp root@x.x.x.x:/opt/fog/snapins/ssl /root</pre><br />
<br />
Next, install fog. After the installation is complete, delete the ssl folder the installer made, and place your old ssl (from /root that you copied) in there. The ownership should be fogproject:apache on Red-Hat variants, should be fogproject:www-data on Debian variants. <font color="red">IMPORTANT:</font> Then '''re-run the installer.''' Instructions for the folder manipulation are below, assuming you followed the above instructions. On the '''new''' server:<br />
<br />
<pre><br />
rm -rf /opt/fog/snapins/ssl<br />
cp -R /root/ssl /opt/fog/snapins/ssl<br />
chown -R fogproject:apache /opt/fog/snapins/ssl #or fogproject:www-data for ubuntu and debian<br />
</pre><br />
<br />
If you do not care about maintaining control of existing hosts with existing new fog client deployments (because there is only 1 or 2), you can recreate your CA with the -C argument during installation: <br />
<br />
<pre>./installfog.sh -C</pre><br />
<br />
<font color="red">Note:</font> Recreating the CA (<font color="red">--recreate-CA</font> or <font color="red"> -C</font>) is '''very strongly advised against''' if you have many clients deployed already, because it resets the identity of the FOG Server. This causes all fog clients to distrust the server, and will require total reinstallation of all fog clients in an environment. However, you may recreate the keys (<font color="red">--recreate-keys</font>) safely and be able to still control the fog clients.<br />
<br />
=== FOG Client 0.10.0+ Installation Options ===<br />
<br />
==== Smart Installer ====<br />
<br />
SmartInstaller Switches<br />
<br />
All switches with <font color="red">--{OPTION}</font> can also be used as <font color="red">/{OPTION}</font><br />
<br />
* <font color="red">--server=</font> Specify the server address. Default is fogserver<br />
* <font color="red">--webroot=</font> Specify the webroot. Default is /fog<br />
* <font color="red">-h</font> or <font color="red">-https</font> Use https for server communication<br />
* <font color="red">-r</font> or <font color="red">-rootlog</font> Put fog.log in the root of the filesystem<br />
* <font color="red">-s</font> or <font color="red">--start</font> Automatically start the service after installation. Linux only<br />
* <font color="red">-t</font> or <font color="red">--tray</font> Enabled the FOG Tray and notifications - Windows and OSX only.<br />
* <font color="red">-u</font> or <font color="red">--uninstall</font> Uninstall the client<br />
* <font color="red">--upgrade</font> Upgrade the client<br />
* <font color="red">-l=</font> or <font color="red">--log=</font> Specify where to put the SmartInstaller log<br />
<br />
Reference: [https://news.fogproject.org/fog-client-v0-11-0-released-2/ https://news.fogproject.org/fog-client-v0-11-0-released-2/]<br />
<br />
==== MSI Switches ====<br />
<br />
<font color="red">msiexec /i FOGService.msi /quiet USETRAY="0" HTTPS="0" WEBADDRESS="192.168.1.X" WEBROOT="/fog" ROOTLOG="0"</font><br />
<br />
Firstly, all options are optional. Here’s what they all do:<br />
<br />
* <font color="red">USETRAY=</font> defaults to <font color="red">"1"</font>, if <font color="red">"0"</font> the tray will be hidden<br />
<br />
* <font color="red">HTTPS=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the client will use HTTPS (not recommended)<br />
<br />
* <font color="red">WEBADDRESS=</font> defaults to <font color="red">"fogserver"</font>, this is the ip/dns name of your server<br />
<br />
* <font color="red">WEBROOT=</font> defaults to <font color="red">"/fog"</font><br />
<br />
* <font color="red">ROOTLOG=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the fog.log will be at C:\fog.log, otherwise %PROGRAMFILES%\FOG\fog.log<br />
<br />
Reference: [https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2 https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2]<br />
<br />
=== FOG Client with Sysprep ===<br />
<br />
If you plan to use Sysprep before image capture and are also planning to use the FOG Client, You '''must''' disable the <font color="red">FOGService</font> service from running at boot before you Sysprep to take your image, and then re-enable it within your <font color="red">SetupComplete.cmd</font> file so that it is re-enabled '''after''' the image deployment is complete.<br />
<br />
Failing to do so will break the Sysprep post-deployment process with an error message that says "Windows Setup could not configure Windows to run on this computer’s hardware.”<br />
<br />
* Disable FOGService: <font color="red">Windows Control Pannel -> View by Small Icons -> Administrative Tools -> Services -> Right click FOGService -> Properties -> Startup Type -> Disabled</font><br />
<br />
* Re-enable FOGService post-imaging:<br />
<br />
Create the below file.<br />
<br />
<font color="red">C:\Windows\Setup\scripts\SetupComplete.cmd</font><br />
<br />
Place these lines within the file, and then save.<br />
<br />
<pre>sc config FOGService start= delayed-auto<br />
shutdown -t 0 -r</pre><br />
<br />
As the filename indicates, the script is called by windows after an image is deployed and post-sysprep operations are complete. It will re-enable the FOGService and then reboot the computer gracefully. After the computer reboots, the FOGService will start automatically and rename the computer if necessary, reboot if necessary, join the domain and reboot if necessary, and then perform any associated snapins.<br />
<br />
<font color="red">Note:</font> SetupComplete.cmd will not automatically run on OEM versions of windows, but will automatically run on Non-OEM versions of Windows. If you're using an OEM copy, you can use firstlogoncommands in unattend.xml to call SetupComplete.cmd<br />
<br />
<br />
An example of the firstlogincommands might be:<br />
<pre><component name=“Microsoft-Windows-Shell-Setup” processorArchitecture=“amd64” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” xmlns:wcm=“http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”><br />
<FirstLogonCommands><br />
<SynchronousCommand wcm:action=“add”><br />
<Description>SetupComplete</Description><br />
<Order>1</Order><br />
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine><br />
<RequiresUserInput>false</RequiresUserInput><br />
</SynchronousCommand><br />
</FirstLogonCommands></pre><br />
<br />
=== More Information ===<br />
<br />
More information about the fog client can be found here: [https://github.com/FOGProject/fog-client https://github.com/FOGProject/fog-client]</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=FOG_Client&diff=12629FOG Client2020-03-06T11:16:32Z<p>SebastianRoth: /* CentOS 7, Fedora 19+, and derivatives */</p>
<hr />
<div>This article applies to the new FOG Client, version 0.10+<br />
<br />
== The Different Installers ==<br />
<br />
The different installers are located in your FOG server's web interface. The link is always at the very bottom of every page, even if you're not logged into the fog server.<br />
<br />
[[File:Fog client link.png]]<br />
<br />
[[File:New FOGClient download link.png]]<br />
<br />
'''FOGService.msi''' - Windows only, and is ideal for network deployment.<br />
<br />
'''SmartInstaller.exe''' - This is the new default installer. It will work on all platforms.<br />
<br />
'''Debugger.exe''' - This is not listed in the web interface but is available from github [https://github.com/FOGProject/fog-client/releases here]. Only use this when the above two are not working. This build has more detailed logs that you can use for troubleshooting or a bug report.<br />
<br />
== Installing - Windows ==<br />
<br />
'''Prerequisites'''<br />
* .NET Framework version 4.0+ (Note: .NET 4 client profile will NOT work)<br />
You can download the framework from here: <br />
<br />
[https://www.microsoft.com/en-us/download/details.aspx?id=40779 Microsoft .NET Framework 4.5.1 (Offline Installer) for Windows Vista SP2, Windows 7 SP1, Windows 8, Windows Server 2008 SP2 Windows Server 2008 R2 SP1 and Windows Server 2012]<br />
<br />
Windows 10 comes with a version of .Net that will work.<br />
<br />
'''Installation'''<br />
* May use SmartInstaller or msi. Simply download either one of them and run.<br />
* Reboot to complete installation.<br />
<br />
'''Limitations'''<br />
* CUPS printers are not yet supported<br />
<br />
== Installing - Linux ==<br />
<br />
Installation instructions derived from [http://www.mono-project.com/docs/getting-started/install/linux/ http://www.mono-project.com/docs/getting-started/install/linux/]<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
* xprintidle - This dependency is optional. If not installed AutoLogOut will not run. xprintidle basically just returns the idle time of an x window, therefore on a system without a GUI it is not needed and should not be installed. It should be available in standard package managers. E.G. apt-get, yum, or dnf<br />
<br />
'''Installing Mono'''<br />
Many distributions come with an out of date version of mono in their package manager. Therefore, do not attempt to install via your package manager without the below modifications<br />
<br />
=== Debian 8+, Ubuntu 13.10+, and derivatives ===<br />
<br />
To install:<br />
<br />
<pre><br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list<br />
sudo apt-get update<br />
sudo apt-get install mono-complete<br />
sudo apt-get install xprintidle<br />
</pre><br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo service FOGService start<br />
</pre><br />
<pre><br />
sudo service FOGService stop<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo service FOGService stop<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== CentOS 7, Fedora 19+, and derivatives ===<br />
<br />
* To install Mono follow the instructions found on their website: https://www.mono-project.com/download/stable/#download-lin-centos<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo systemctl start FOGService<br />
</pre><br />
<pre><br />
sudo systemctl stop FOGService<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo systemctl stop FOGService<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== openSUSE and SLES ===<br />
<br />
You can install mono using SUSE One-Click files: [http://download.mono-project.com/repo/mono-complete.ymp http://download.mono-project.com/repo/mono-complete.ymp]<br />
<br />
=== Other ===<br />
<br />
The FOG Client can be installed on any platform that can run the latest stable build of mono.<br />
<br />
To install:<br />
<br />
* Check your package manager for <font color="red">mono-complete</font>. After installing it run <font color="red">mono --version</font>. Ensure the version is at least 4.2._ . If it not, remove the package.<br />
* If your package manager had an old version of mono, see [http://www.mono-project.com/docs/compiling-mono/linux/ here] for how to compile mono<br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
If your system either has systemd or initd the client will be automatically configured to run on startup. If your system does not have either, you will need to configure your system to run the manual start command below on startup.<br />
<br />
To manually start and stop the service:<br />
<br />
<pre><br />
sudo /opt/fog-service/control.sh start<br />
</pre><br />
<pre><br />
sudo /opt/fog-service/control.sh stop<br />
</pre><br />
<br />
===Limitations===<br />
* The FOG Tray is currently incompatible on linux systems. Regardless of what you set during installation, it will not run.<br />
* The following modules / features are not yet supported<br />
** Active Directory joining<br />
** PrinterManager<br />
<br />
== Installing - OSX ==<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
<br />
'''Installing Mono'''<br />
* If you are running El Capitan, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono Universal Installer</font> <br />
* Otherwise, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono 32-bit</font> <br />
<br />
'''Installation'''<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
* Reboot the system to complete the installation.<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo launchctl load -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
'''Limitations'''<br />
* The follow modules / features are not yet supported<br />
** PrinterManager<br />
<br />
'''Logging'''<br />
<br />
You can find the client log file in /opt/fog-service/fog.log<br />
<br />
== Additional Details ==<br />
<br />
=== Features overview ===<br />
<br />
<br />
The purpose of the FOG Client is multi-fold.<br />
<br />
The client allows the host to automatically:<br />
* Auto logout -- Enables auto logout of users if inactive for specified period of time. 5 minute's is the minimum time as all others are way too soon, sometimes people may just be on a phone, or had to step out for a bathroom break.<br />
<br />
* Client Updater -- (Only on legacy clients) Allows the client to update it's modules if you had to customize things, or found a more recent build was needed for your environment.<br />
<br />
* Directory Cleaner -- (Only on legacy clients -- Only worked with Windows XP) Enables the client to remove directories on the host automatically. It lost operation after Windows XP due to UAC controls and better security mechanisms especially needed. Removed completely from the New client.<br />
<br />
* Display Manager -- Enables the client to adjust the resolution of the system on a per system basis, or global basis.<br />
<br />
* Power Management -- Allows you to specify a shutdown, WOL, or restart on a per-host basis. Format for the scheduling is CRON, and can be done on an individual host or through groups. There is no limit to the number of scheduled power tasks.<br />
<br />
* Host Registration -- Registers additional mac addresses to a pre-existing host if registered. The New client will also register the host under a pending status if the host is not already registered.<br />
<br />
* Hostname Changer -- Changes the hostname and joins the domain automatically.<br />
<br />
* Printer Manager -- Manages Printers for the host. Legacy client only added printer or added/removed printers. The No management for both new and legacy simply does nothing. Will remove all printers under Add/Remove type and only add back the printers as needed (Only Assigned Printers). Under Add Only (now FOG Managed Printers) only manages printers that are listed under the printer's GUI and those that are assigned to that host. In legacy client, it only added printers and never removed. Under the new client, it will ONLY manage printers assigned meaning if you remove a printer from a host, the new client will remove that printer.<br />
<br />
* Snapins -- Allows you to install programs or run scripts on the host similar to GPO or PDQDeploy.<br />
<br />
* Task Reboot -- This will just check if the client is in a tasking (other than a snapin tasking). If it is in a tasking, and the module is enabled, the host will be told to reboot. There is a third portion though in that if the user is logged in, and enforce is not enabled nothing will happen.<br />
<br />
* User Cleanup -- (Legacy clients only and again only on Windows XP). Works similar to Directory Cleanup but the entries you make are "safe" user profiles. If the user is not under this listing, it will be deleted. Will not work with the new client, and even legacy clients will not work on anything beyond Windows XP due to UAC and Interactive Service utilities.<br />
<br />
* User Tracker -- Just tracks who logs in/out of a client.<br />
<br />
=== Polling Behavior ===<br />
<br />
The new FOG Client found in FOG 1.3.0 and the Legacy FOG Client both rely on polling to get instructions. This means the FOG Client will regularly check with the specified FOG Server for settings and tasks. The New FOG Client's polling frequency can be adjusted in the FOG Web interface, by going to <font color="red">FOG Configuration -> FOG Settings -> FOG Client -> FOG_CLIENT_CHECKIN_TIME</font>. The minimum value is 30 seconds, anything specified lower than this will result in the FOG Client using 30 second polling intervals.<br />
<br />
The checkin-time is not rigid. There is an automatic and random staggering that is added to the checkin time. This prevents a large number of FOG Clients checking in at once in the event that all computers are started at the same time via WOL tasks.<br />
<br />
The frequency of the checkin-time determines how quickly the FOG Client will receive instructions from the FOG Server. If an image deployment is scheduled for a computer that is turned on, with a checkin-time of 60 seconds, means the FOG Client may begin initiating the task anywhere from 0 to 60 seconds + the random staggering time that is added. This same concept would apply to immediate power management tasks, snapin tasks, capture tasks, and so on. Scheduled tasks are not affected by this behavior, and if the target system is on when the scheduled task is to be ran, this will happen on time.<br />
<br />
=== Security Design ===<br />
<br />
Communications between the FOG Client (0.9.9+) and the FOG Server (1.3.0+) are secured using public key infrastructure.<br />
<br />
A Certificate Authority and private key is generated on the FOG server during first installation in this location:<br />
<br />
<pre>/opt/fog/snapins/ssl</pre><br />
<br />
The public certificate is generally located here:<br />
<pre>/var/www/html/fog/management/other/ssl</pre><br />
<br />
The client installs your servers’ certificate and the FOG Project certificate.<br />
<br />
The “FOG Project” CA (made by the FOG Project) serves two purposes:<br />
<br />
*SYSTEM level services need to be digitally signed otherwise windows will throw security errors. This can also be used to ensure no tampering was done with the client files<br />
<br />
*That certificate is used to “verify” upgrades. Lets say we release a patch for the client, the client will download the MSI from your server and check if it was signed by us. If the MSI was somehow tampered, the digital signature would no longer be valid.<br />
<br />
Using HTTP over HTTPS has no security benefit to the client. Why? Because all traffic is already encrypted. Here’s a very basic overview of how the new client communicates<br />
<br />
*Each client has a security token. This is used to prove to the server that the client is the actual host and not an impersonator. This token gets cycled constantly. When the client first makes contact, it encrypts its token and a proposed AES 256 key using RSA 4096 using your server’s public key. This public key is verified against the pinned server CA certificate by checking the x509 chain and fingerprints.<br />
<br />
*If the server accepts the security token and the new AES key, all traffic from that point on is AES 256 encrypted using that securely transmitted key.<br />
<br />
The whole point of our security model is to allow for secure communication over insecure medians.<br />
Even then, the client installation has an HTTPS option, but it serves no real security benefit.<br />
<br />
References: <br />
<br />
[https://forums.fogproject.org/topic/6325/invalid-security-token-without-any-security-tokens-being-set-also-ca-ssl-security-concerns/6 CA SSL security concerns]<br />
<br />
[https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Certificate and Public Key Pinning]<br />
<br />
[https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Certificate_and_Public_Key_Pinning Transport_Layer_Protection_Cheat_Sheet]<br />
<br />
==== Reset encryption data ====<br />
<br />
This pertains to the new fog client available in FOG 1.3.0 and above, and does not apply to the legacy fog client that was available in 1.2.0 and below.<br />
<br />
The "Reset encryption data" button can be found in an individual host's "General" area. You may also find this button in Groups "General" area. The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host or group of hosts.<br />
<br />
Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).<br />
<br />
In order to have encrypted traffic, the handshake must occur. During the handshake the server proves its identity to the client, and the client proves its identity to the server (using the security token). If the handshake fails (due to a bad security token), encryption cannot occur.<br />
<br />
The most common scenario where the security tokens for a client will be incorrect is if you manually uninstall a client, and then install it.<br />
<br />
If your Web interface is functional, you may place all computers into a group, and use the group to reset encryption on all hosts by simply clicking the "Reset encryption" button on the group's basic page. If you're web interface isn't working correctly and you need to manually reset the encryption for all hosts, you may follow the below steps.<br />
<br />
<pre><br />
mysql<br />
use fog<br />
UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";<br />
</pre><br />
<br />
<br />
=== Maintain Control Of Hosts When Building New Server ===<br />
<br />
Related Article: [[Migrate FOG]]<br />
<br />
This section only applies if your hosts have the new FOG client installed. The new FOG Client has been available in FOG since FOG 1.3.0.<br />
<br />
Because of the security model of FOG 1.3.0 and the new client, without the proper CA and ssl certificates present on a new fog server, any currently deployed hosts with the new fog client installed will ignore the new server and not accept commands from it. This is by design.<br />
<br />
In order to maintain control of existing hosts with existing new fog client deployments, you must copy this directory from the old server to the new server:<br />
<br />
* <font color="red">/opt/fog/snapins/ssl</font><br />
<br />
Copy the directory to a temporary location first. I would suggest <font color="red">/root</font><br />
<br />
<pre>cp -R /opt/fog/snapins/ssl /root</pre><br />
<br />
Then you can use scp to copy the directory (or some other method) to your new fog server. Run the below command from the '''old''' server, Where x.x.x.x is the new fog server's address:<br />
<br />
<pre>scp -rp /opt/fog/snapins/ssl root@x.x.x.x:/root</pre><br />
<br />
Or, the reverse. Run the below command from the '''new''' server, where x.x.x.x is the old fog server's address.<br />
<br />
<pre>scp -rp root@x.x.x.x:/opt/fog/snapins/ssl /root</pre><br />
<br />
Next, install fog. After the installation is complete, delete the ssl folder the installer made, and place your old ssl (from /root that you copied) in there. The ownership should be fogproject:apache on Red-Hat variants, should be fogproject:www-data on Debian variants. <font color="red">IMPORTANT:</font> Then '''re-run the installer.''' Instructions for the folder manipulation are below, assuming you followed the above instructions. On the '''new''' server:<br />
<br />
<pre><br />
rm -rf /opt/fog/snapins/ssl<br />
cp -R /root/ssl /opt/fog/snapins/ssl<br />
chown -R fogproject:apache /opt/fog/snapins/ssl #or fogproject:www-data for ubuntu and debian<br />
</pre><br />
<br />
If you do not care about maintaining control of existing hosts with existing new fog client deployments (because there is only 1 or 2), you can recreate your CA with the -C argument during installation: <br />
<br />
<pre>./installfog.sh -C</pre><br />
<br />
<font color="red">Note:</font> Recreating the CA (<font color="red">--recreate-CA</font> or <font color="red"> -C</font>) is '''very strongly advised against''' if you have many clients deployed already, because it resets the identity of the FOG Server. This causes all fog clients to distrust the server, and will require total reinstallation of all fog clients in an environment. However, you may recreate the keys (<font color="red">--recreate-keys</font>) safely and be able to still control the fog clients.<br />
<br />
=== FOG Client 0.10.0+ Installation Options ===<br />
<br />
==== Smart Installer ====<br />
<br />
SmartInstaller Switches<br />
<br />
All switches with <font color="red">--{OPTION}</font> can also be used as <font color="red">/{OPTION}</font><br />
<br />
* <font color="red">--server=</font> Specify the server address. Default is fogserver<br />
* <font color="red">--webroot=</font> Specify the webroot. Default is /fog<br />
* <font color="red">-h</font> or <font color="red">-https</font> Use https for server communication<br />
* <font color="red">-r</font> or <font color="red">-rootlog</font> Put fog.log in the root of the filesystem<br />
* <font color="red">-s</font> or <font color="red">--start</font> Automatically start the service after installation. Linux only<br />
* <font color="red">-t</font> or <font color="red">--tray</font> Enabled the FOG Tray and notifications - Windows and OSX only.<br />
* <font color="red">-u</font> or <font color="red">--uninstall</font> Uninstall the client<br />
* <font color="red">--upgrade</font> Upgrade the client<br />
* <font color="red">-l=</font> or <font color="red">--log=</font> Specify where to put the SmartInstaller log<br />
<br />
Reference: [https://news.fogproject.org/fog-client-v0-11-0-released-2/ https://news.fogproject.org/fog-client-v0-11-0-released-2/]<br />
<br />
==== MSI Switches ====<br />
<br />
<font color="red">msiexec /i FOGService.msi /quiet USETRAY="0" HTTPS="0" WEBADDRESS="192.168.1.X" WEBROOT="/fog" ROOTLOG="0"</font><br />
<br />
Firstly, all options are optional. Here’s what they all do:<br />
<br />
* <font color="red">USETRAY=</font> defaults to <font color="red">"1"</font>, if <font color="red">"0"</font> the tray will be hidden<br />
<br />
* <font color="red">HTTPS=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the client will use HTTPS (not recommended)<br />
<br />
* <font color="red">WEBADDRESS=</font> defaults to <font color="red">"fogserver"</font>, this is the ip/dns name of your server<br />
<br />
* <font color="red">WEBROOT=</font> defaults to <font color="red">"/fog"</font><br />
<br />
* <font color="red">ROOTLOG=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the fog.log will be at C:\fog.log, otherwise %PROGRAMFILES%\FOG\fog.log<br />
<br />
Reference: [https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2 https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2]<br />
<br />
=== FOG Client with Sysprep ===<br />
<br />
If you plan to use Sysprep before image capture and are also planning to use the FOG Client, You '''must''' disable the <font color="red">FOGService</font> service from running at boot before you Sysprep to take your image, and then re-enable it within your <font color="red">SetupComplete.cmd</font> file so that it is re-enabled '''after''' the image deployment is complete.<br />
<br />
Failing to do so will break the Sysprep post-deployment process with an error message that says "Windows Setup could not configure Windows to run on this computer’s hardware.”<br />
<br />
* Disable FOGService: <font color="red">Windows Control Pannel -> View by Small Icons -> Administrative Tools -> Services -> Right click FOGService -> Properties -> Startup Type -> Disabled</font><br />
<br />
* Re-enable FOGService post-imaging:<br />
<br />
Create the below file.<br />
<br />
<font color="red">C:\Windows\Setup\scripts\SetupComplete.cmd</font><br />
<br />
Place these lines within the file, and then save.<br />
<br />
<pre>sc config FOGService start= delayed-auto<br />
shutdown -t 0 -r</pre><br />
<br />
As the filename indicates, the script is called by windows after an image is deployed and post-sysprep operations are complete. It will re-enable the FOGService and then reboot the computer gracefully. After the computer reboots, the FOGService will start automatically and rename the computer if necessary, reboot if necessary, join the domain and reboot if necessary, and then perform any associated snapins.<br />
<br />
<font color="red">Note:</font> SetupComplete.cmd will not automatically run on OEM versions of windows, but will automatically run on Non-OEM versions of Windows. If you're using an OEM copy, you can use firstlogoncommands in unattend.xml to call SetupComplete.cmd<br />
<br />
<br />
An example of the firstlogincommands might be:<br />
<pre><component name=“Microsoft-Windows-Shell-Setup” processorArchitecture=“amd64” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” xmlns:wcm=“http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”><br />
<FirstLogonCommands><br />
<SynchronousCommand wcm:action=“add”><br />
<Description>SetupComplete</Description><br />
<Order>1</Order><br />
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine><br />
<RequiresUserInput>false</RequiresUserInput><br />
</SynchronousCommand><br />
</FirstLogonCommands></pre><br />
<br />
=== More Information ===<br />
<br />
More information about the fog client can be found here: [https://github.com/FOGProject/fog-client https://github.com/FOGProject/fog-client]</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Managing_FOG&diff=12628Managing FOG2020-02-27T10:06:58Z<p>SebastianRoth: /* Images */</p>
<hr />
<div>== Managing FOG ==<br />
<br />
=== Dashboard ===<br />
<br />
==== Overview ====<br />
<br />
[[File:Dashboard.png]]<br />
<br />
*The FOG dashboard is the first page you are presented with after login. This page just gives you an overview of what is happening on your FOG server.<br />
<br />
==== System Overview ====<br />
<br />
*The system overview box is the the top left hand box on this page. The information presented in this box is the current user, the server IP addresse or hostnames for your web server, tftp server and storage server (which can all be different). This section also gives you the system uptime or how long the system has been running without restart, the number of users logged into the Linux box, and lastly the system load.<br />
<br />
==== System Activity ====<br />
*The system activity box is in the top row, the middle box. This section shows the unicast queue, or the number of unicast deploys that are currently in progress. The queue size can change and is based on the the Storage Group(s). Each storage node has a setting ''Max Clients'' making this the maximum number of hosts that this node can image to. If there are 2 nodes with a max of 10 each then your maximum queue amount is 20. However, remember the more you increase the ''Max Clients'' the slower each particular host will be to deploy the image.<br />
*This means that after 20 hosts are receiving images (at once) the 21st will wait for one of the hosts in progress to complete before starting. The reason this was created was so that you could queue up 100 machines with different images (all unicast) and still keep the system functional. We have heard of this queue being used to re-image an entire building of computers ( ~ 1000+ ) overnight. This section updates in real time.<br />
*It will display all the queued, running, etc... tasks and updates at the same interval as the Bandwidth graph. Also, SVN installations (and later future releases) are able to edit which type of tasks get counted towards the "queue". <br />
*This edit can be performed by going to '''FOG Configuration'''[[file:Config.png]]--> '''FOG Settings'''--> '''General Settings''' --> '''FOG_USED_TASKS'''. <br />
*The text field is numeric values (so you'll need to know which task id's are which type. This text field is a CSV setup. If you type (1,2,3,4,5) it will display all tasks of Deploy, Capture, Debug, Memtest, and Testdisk as queued/active depending on their current state. The exception to this rule, is Task Type ID 8 (multicast) in which case it takes the Jobs, not each individual host task, as a queued slot.<br />
<br />
==== Disk Information ====<br />
<br />
*The disk information box is the top, right hand section of the dashboard page. This is a semi-realtime display of the storage remaining on the storage server.<br />
*There is also a drop-down box that can be changed to your storage nodes to monitor their Disk Information.<br />
*If you get an error in this box, please see [[Dashboard Error: Permission denied...]]<br />
<br />
==== 30 Day Imaging History ====<br />
<br />
*This image shows your imaging trends for the past 30 days<br />
<br />
==== Menu Bar ====<br />
<br />
[[Image:FogMenu.jpeg]]<br />
<br />
This menu appears at the top of every page on Fog's web UI. The icons are, from left to right:<br />
<br />
[[Image:Home.png]]'''Home/Dashboard''' - This is the home screen of the FOG management portal.<br />
<br />
[[Image:Users.png]]'''[[Managing_FOG#Users | User Management]]''' - Individual administrators of the FOG resources.<br />
<br />
[[Image:Hosts.png]]'''[[Managing_FOG#Hosts | Host Management]]''' - This section houses the hosts, which are the pcs to be imaged or to extract images from.<br />
<br />
[[Image:Groups.png]]'''[[Managing_FOG#Groups | Group Management]]''' - This section houses groups, which are similar PCS’ that need tasks done en-masse.<br />
<br />
[[Image:Images.png]]'''[[Managing_FOG#Images | Image Management]]''' - This section allows you to manage the image files stored on the FOG server.<br />
<br />
[[Image:Storage.png]]'''[[Managing_FOG#Storage_Management | Storage Management]]''' - This section allows you to add/remove storage nodes from the FOG system.<br />
<br />
[[Image:snapins.png]]'''[[Managing_FOG#Snap-ins | Snap-in Management]]''' - This section provides ways to automate various post-imaging tasks, not covered in this document<br />
<br />
[[Image:Printers.png]]'''[[Managing_FOG#Printers | Printer Management]]'''' - This section allows for management of printers, allowing you create printer objects that can later be assigned to hosts or groups.<br />
<br />
[[Image:Services.png]]'''Service Configuration'''' - This section allows you to control how the ''client'' service functions.<br />
<br />
[[Image:Tasks.png]]'''[[Managing_FOG#Tasks | Task Management]]''' - This section allow you to perform imaging tasks such as acquiring or deploying images.<br />
<br />
[[Image:Reports.png]]'''[[Managing_FOG#FOG_Reports | Report Management]]''' - Reports let you pull information from the FOG database either as HTML, pdf, or csv.<br />
<br />
[[Image:config.png]]'''Fog Configuration''' - The section has the rest of the settings that don't fit anywhere else like the kernel updater, client service updater, iPXE edits, MAC address list, Log viewer, '''FOG Settings'''.<br />
<br />
[[Image:Plugins.png]]'''[[Managing_FOG#Plugins | Plugins]]''' - Plugins add more functionality to FOG. Must be enabled in ''Fog Configuration''<br />
<br />
[[Image:Logoff.png]]'''Logoff''' - Click this to log off of the Fog web UI.<br />
<br />
<br />
----<br />
<br />
=== Hosts ===<br />
[[File:All_Hosts.png]]<br />
*[http://freeghost.sourceforge.net/videotutorials/hostinfo.html Video Tutorial] (old version but valid instructions)<br />
*A host in FOG is typically a computer, but it can be any network device. Hosts are used to identify a computer on the network and are used to manage the device.<br />
<br />
==== Adding a new host ====<br />
<br />
===== Method 1: Adding a new host via Full Registration =====<br />
<br />
*This is the preferred method, and maybe the easiest method for getting a host into the FOG database, but it requires you to visit the host. When at the client computer, during the boot up process when you see the PXE/iPXE boot menu select '''Perform Full Host Registration and Inventory'''. During this phase you will be prompted for information about the host like hostname, operation system, image, groups, Product Key, and other information. If you enter a valid operating system and image id, you will be asked to Image Now. If desired, you can set the task and it will deploy the image on the next network boot. <br />
*After the requested information is entered, FOG will pull a quick hardware inventory the client.<br />
*This method of registration will register the mac address(primary wired only), serial number(if available in BIOS), Make/Model, and other Hardware information with the FOG server.<br />
*For more information on these commands please see: [[FOGUserGuide#FOG_Tasks | Client Side Tasks]]<br />
<br />
===== Method 2: Adding a new host via Quick Registration =====<br />
<br />
*Quick registration is very much like the Full host registration, with the exception that it will not prompt you for any input, nor give you the option to image the computer directly from the registration screen. When the host is added to the FOG server, it will be named with the hosts primary mac address. This method is great for adding a lab of 30 computers to FOG quickly and easily.<br />
*This feature is disabled by default, to enable this feature:<br />
#Go to '''FOG Configuration'''[[image:config.png]]<br />
#Select '''FOG Settings'''<br />
#Find section '''FOG Quick Registration'''<br />
#Tick ON '''FOG_QUICKREG_AUTOPOP''' to &#10004;<br />
#Set '''FOG_QUICKREG_IMG_ID''' to the image ID you would like to use for all newly created hosts.<br />
#'''FOG_QUICKREG_OS_ID''' will be auto populated when "Save Changes" is selected. (OS is now associated within the image so no need to select an OS)<br />
#Change '''FOG_QUICKREG_SYS_NAME''' to what you would like to name you new machines, where * will be replaced by a number. If you would like to zero pad numbers you can use '''LAB300-**''' which would result with '''LAB300-03''' or '''LAB300-09'''.<br />
#Set '''FOG_QUICKREG_SYS_NUMBER''' to the first number you would like to use.<br />
*After each registration the computer will automatically image and the '''FOG_QUICKREG_SYS_NUMBER''' will incremented by 1.<br />
<br />
===== Method 3: Manually Adding =====<br />
<br />
*[http://freeghost.sourceforge.net/videotutorials/addimghost.html Video Tutorial]<br />
*Adding a new host can be done in the hosts section of FOG.[[Image:Hosts.png]] Then by clicking on the "Add New Host" button on the left hand menu. At least a hostname and a MAC address must be entered in order to add the host to the FOG database. <br />
<br />
*A host consists of the <span style="color:RED">'''required*'''</span> fields: <br />
<br />
#'''Hostname*''' - A string used for the Windows Hostname of client, this must be less than 15 characters long. <br />
#'''MAC address*''' - This field is used in for for a unique identifier for the host. The string must be separated by : (colon), in the format of 00:11:22:33:44:55. <br />
<br />
*Hosts can also include, but are not required:<br />
<br />
#'''IP address''' - Just your typical IP address, in the typical formation of X.X.X.X or 192.168.1.1.<br />
#'''Description''' - Information for your own reference.<br />
#'''Image Association''' - This field is a drop down box that will allow you select an image object created in the '''Images''' section. <br />
#'''Operating System''' - Drop down box that allow you to select the primary type of operating system running on this host.<br />
#'''Kernel''' - This is only used if you want to overwrite the default kernel used for FOG. Needs to be specified as fog/kernel/mybzImage<br />
#'''Kernel Arguments''' - This allow you to add additional kernel arguments for booting the host (ie: vga=6, or irqpoll). <br />
#'''Primary Disk''' - This option allows you to force a device to use during imaging if fog fails to detect the correct device node.<br />
*This page also allows for configuration of Active Directory integration, but this topic will be covered later. When all settings are added, click on the "Add" button.<br />
<br />
===== Method 4: Importing Host Information =====<br />
<br />
*When getting started with FOG, you need to enter the host information for the devices on your network. We understand this can be a long difficult process, so in order to make this process easier we created a page that allows you to import most of the host information from a CSV file. <br />
*The CSV file that is imported to FOG must be in the following format, and the file should not have a header row. <br />
<pre>MAC Address,Host name,IP Address,Description,OSID,ImageID</pre><br />
*The '''MAC Address''' (<span style="color:RED">'''required*'''</span>) is the NIC's MAC address seperated by ''':''' (colon).<br />
*The '''Host name''' (<span style="color:RED">'''required*'''</span>) is the computer's Host name (must be less than 15 characters, should not include underscores, according to [http://tools.ietf.org/html/rfc952 | Network Working Group ]).<br />
*The '''IP Address''' (<span style="color:Orange">'''Can be left as blank'''</span>)is the computer's IP address (format x.x.x.x). <span style="background-color:Yellow;">''This field is '''NOT''' currently used by FOG''</span><br />
*The ''''Description''' (<span style="color:Orange">'''Can be left as blank'''</span>)is any text description you would like associated with the computer.<br />
*The '''OSID''' (<span style="color:RED">'''required*'''</span>)is the number representing the operating system. It can be found in the table "supportedOS" in the field osID.<br />
*The '''ImageID'''(<span style="color:RED">'''required*'''</span>) is the number representing the images file linked to this image. The image definition must already exist and this number can be found in the table "images" in the field imageID.<br />
*<span style="background-color:Red; color:white;">The file must be saved as a CSV '''without''' a header row.</span><br />
*Sample:<br />
<pre><br />
00:00:02:AF:00:E0:01:0F,adminoff1,10.0.1.150,Main admin office computer,5,14<br />
00:00:02:AF:00:E0:01:04,adminoff2,,admin office 2 computer,5,13<br />
00:00:02:AF:00:E0:01:02,adminoff3,,,5,12<br />
</pre><br />
<br />
====== Importing the File ======<br />
#After the file is prepared and saved, you will need to log into the FOG Management Portal.<br />
#Then click on the Hosts icon [[Image:Hosts.png]].<br />
#On the left-hand menu, click on '''Import Hosts'''.<br />
#Browse for your file, then click "'''Upload CSV'''".<br />
<br />
==== Managing Hosts ====<br />
<br />
===== General =====<br />
<br />
*Once hosts have been added to the FOG database you can modify or delete them. Finding a host which you wish to edit can be done in two ways, the first is by listing all the hosts that exist. This is done by clicking on the "List All Hosts" button. The second way to locate a host is to use the search function. To search for hosts click on the "New Search" button, if you would like to search for all hosts you can enter a "*" or "%". The search function will search in the host's name, description, IP and MAC address. <br />
*Once a host is located, it can be edited by clicking on the edit button or on the Host Name itself. Clicking on the edit button will display all the properties that were shown during host creation with the addition of snapin, printers, active directory, service settings, hardware, virus history, and login information. <br />
*The entire host object can be removed from the FOG system by clicking on the delete option at the bottom of the Host Menu.<br />
<br />
===== Multiple MAC Address Support =====<br />
*When FOG first registers your HOST computer it uses the first connected Ethernet cable and defaults it to the Primary MAC Address. Once the FOG Client is installed and reporting data back to the FOG server it may register other additional MAC addresses, such as wireless and other wired connections. Also, an additional MAC can also be added directly under the Host definition.<br />
*These new MAC Addresses will need to be approved before FOG will take advantage of them.<br />
*#'''Host Management''' [[File:Hosts.png]]--> '''[Selected Host]''' -->''Additional MAC''<br />
*#'''Fog Configuration'''[[File:Config.png]]--> '''MAC Address List''' -->''Approve Pending Addresses''<br />
*'''Fog Configuration'''[[File:Config.png]]--> '''MAC Address List''' At this location you can also ''"Update Current Listings"'' giving updated information on the MAC Addresses and their manufactures, listing it under the Host.<br />
<br />
===== Host Status =====<br />
<br />
*Host Status displays an indicator icon next to the host within the FOG UI showing the status of the machine. This function executes a ping based on the host's name. So in order for this to work you must have an internal DNS server that is tied in with your DHCP server, so that when a DHCP address is given out, the DNS server is notified with the new IP. If that is setup correctly, you must make sure your FOG server is able to ping a host from the command line using:<br />
ping somehostname<br />
*If the server isn't able to ping the client, then the status of the host in the UI with always show as unreachable. If you can ping the client using the FQDN, like<br />
#Replace forproject.org with your domain suffix<br />
ping somehostname.fogproject.org <br />
*Then you will need to adjust the DNS '''Search domains:''' setting on your sever. After making this change you will need to restart the apache server for it to take affect.<br />
*If after this, you still can't ping your clients, the problem may be due to a firewall issue with the clients. In this case, client specific configuration changes might be needed.<br />
*With an increase in Hosts(250+) this "ping" will delay the loading of the List ''All Hosts'' page. Disabling this feature will help in loading this page.<br />
*# '''Fog Configuration''' [[File:Config.png]] --> '''Fog Settings''' --> '''General Settings''' --> Untick ''FOG_HOST_LOOKUP''<br />
<br />
===== Creating Host Groups =====<br />
<br />
*FOG allows you to create groups of hosts which then allows you to take action on a whole grouping of hosts. Hosts can be created either on the "List All Hosts" section or by doing a search for hosts. To create a group select the computer you would like to be member of the group by placing a check in the box next to the hostname, or by clicking the check all button in the title row. After the hosts are selected scroll to the bottom of the screen and then enter a name in the create to group box or select a group to add the hosts to. Then click on the "Process Group Changes" button.<br />
<br />
<br />
----<br />
<br />
=== Groups ===<br />
*Groups in FOG are used to organize your hosts into real world logical clusters. This is intended to ease management of the computers. A single host can be a member of infinitely many groups, so if a computer happens to be a member of the group called "Third Floor", it could also be a member of "Math Department", or "Dell PCs." Groups make using FOG possible for organizations with a very large number of PC's.<br />
<br />
==== Creating Groups ====<br />
*Groups are created in two sections:<br />
*#'''Group Management'''[[file:groups.png]] --> '''Create New Group'''<br />
*#Hosts section of FOG based on searches, for information on how to create groups, please see [[Managing_FOG#Creating_Host_Groups | Creating Host Groups.]]<br />
<br />
==== Managing Groups ====<br />
<br />
*After a group has been created, it can be managed from the groups section of FOG. Locating groups is very similar to locating hosts, you can either list all groups or you can search for groups. When searching for groups your search criteria is matched against the group name or the group description. Once a group is located it can be modified by clicking on the "Edit" button on the right hand side of the table or the Title of the group itself.<br />
<br />
*Under the section "Modify Group [Groupname]" there are options to change the group name, group description, group product key, or to delete the group. If you wish to update the group name or the group description make your change then click on the "Update" button within that section. If you would like to remove the group then simply click on the "Delete" button within this section.<br />
<br />
*As a reminder, when saving or updating settings for hosts Fog uses the last to save option. If you set all the hosts in this group to have ''Image A'' and then change ''Host A'' in that group to be ''Image B''. The group settings will not override the settings for ''Host A'', unless you go back to the group and set all hosts back to ''Image A''.<br />
<br />
===== Group Basic Tasks =====<br />
<br />
*This section will allow you to start a task on this group of hosts. From this section you can start any task to all hosts within the group. Multi-Cast is also available from here. Please review [[FOGUserGuide#Fundamental_Concepts | Fundamental Concepts]] to determine the required deploy task.<br />
<br />
===== Group Membership Setup =====<br />
<br />
*This page allows you to view/add/delete membership of the group. This section will list all of the members of the group and give you the option to remove members from the group.<br />
<br />
===== Group Image Associations =====<br />
<br />
*The groups page also allows you to update the image association for all the members of the group. This can be done in the "Image Association for [groupname]" section. Select the image association from the drop-down box and select "Update Images" and then all your host objects for that group will be modified.<br />
<br />
===== Group Snapins =====<br />
<br />
*You can add or remove snapins to all hosts in a group, but because the nature of groups, it is not possible to see what snapins are currently associated with a group. This is because the snapins are not directly associated with the group, the are associated with the host and it is possible for all members of the groups to have different snapins linked with each host. What fog does allow you to do is batch add a snapin to all the hosts within a group. At the same time you can batch remove a snapin from all the hosts within a group. This functions can be done via the '''Add Snapins''' and '''Remove Snapins''' button in the Group Menu.<br />
<br />
===== Group Service Settings =====<br />
<br />
*The '''Service Settings''' page allows you to enable or disable certain service modules on all hosts in the group, as well as change some service settings for group such as screen resolution, and auto log off settings.<br />
<br />
===== Group Active Directory Setup =====<br />
<br />
*Active Directory integration settings can also be distributed to all members of a group via this page. The section "Modify AD information for [groupname]" allows you to do so. This section provides the same options as the host screen but allows you to mass update all of your hosts.<br />
<br />
===== Group Printers =====<br />
<br />
*The '''Printers''' page allows you to add or remove printer associations to all hosts within the group. This page also allows you to set the management level all hosts within the group.<br />
<br />
===== Group Membership Information =====<br />
<br />
*The most important thing to remember about groups in FOG is that they do not contain their own properties. When you make changes to a group, you are really make changes to every host object within the group. For example, if you change the OS association for a group, then go back to the one of the host objects that is a member of that group, it will have the new OS association on that object.<br />
<br />
<br />
----<br />
<br />
=== Images ===<br />
<br />
*Image objects in FOG are the representation of the physical files that contain the disk or partition images that are saved on the FOG server.<br />
<br />
==== Creating Images Objects ====<br />
<br />
*Image objects in FOG are created in the Images section of the FOG management portal. To create a new image click on the "New Image" button on the left hand menu. An image object requires a name and a image file path. <br />
<br />
*When creating images you have a few choices in how you want that image to 'act'. The possible partition types include:<br />
Single Disk - Resizable<br />
Multiple Partition Image - Single Disk (Not Resizable)<br />
Multiple Partition Image - All Disks (Not Resizable)<br />
Raw Image (Sector By Sector, DD, Slow)<br />
<br />
*'''Single Disk - Resizable'''<br />
<br />
This is the detault choice used by FOG as it works in most cases and allows for deployment to smaller size disks as well. It takes a copy of every partition on the disk, and resizes partitions that has excessive free space to a smaller size where possible. Each resizable partition will go through a "Resizing filesystem" process for each partition that is to be resized. This process can take some time depending on how severe disk fragmentation is. The partitions that are shrank will be shrunk down to only 2GB of free space on their partition. This allows an image taken from a 6TB drive with only 20GB of used space to be deployable to a drive with a total capacity of 25GB roughly. When the partitions are laid onto the destination drive, all resized partitions are intelligently expanded to utilize the entire drive.<br />
<br />
*'''Multiple Partition Image - Single Disk (Not Resizable)'''<br />
<br />
If you don't need to deploy to a smaller size disk you might consider using this image type as it's less likely to cause an issue and image size on the server is still as small as with resizable image type. Single Disk will back up all the supported partitions on the first disk drive detected by FOG, but the partitions are NOT resized by FOG. This means that the image must be restored to a disk of the same or larger capacity. It is possible to backup NTFS drives with vendor specific 'restore' partitions with this type of image. As well it is possible to capture Linux systems with this type of image given the following criteria:<br />
1.) There is a Grub boot loader present.<br />
2.) LVM is not used.<br />
3.) The partitions include '''ext2''', '''ext3''', '''reiserfs''', and/or '''swap'''.<br />
4.) The swap partition should be moved out of the extended partition<br />
<br />
*'''Multiple Partition Image - All Disks (Not Resizable)'''<br />
<br />
This is what you should pick when you want all partitions from multiple disks to be captured. The partitions are NOT resizable by FOG. If you only wanted a particular partition captured or drive captured in a multi-drive system, you can define the disk or partition you want within a "Single Disk - Resizable" or "Multiple Partition Image - Single Disk (Not Resizable)" type image. This is done through the host's "General" area, in the "Host Primary Disk" field.<br />
<br />
*'''Raw Image (Sector By Sector, DD, Slow)'''<br />
<br />
This should always be the last resort. This takes an absolute exact copy of an entire disk and does not compress the data. If you take an image from a 6TB disk, the resultant image will be 6TB in size. This image type also takes a '''significant''' amount of time to capture and deploy.<br />
<br />
'''All of these images can be deployed using multi-cast or unicast to clients.'''<br />
<br />
==== Adding Existing Image Objects ====<br />
<br />
*To restore an image to the FOG database:<br />
*# Create a new Image definition through the management browser<br />
*# Specify image name (SampleXPImage)<br />
*# Specify storage group (default)<br />
*# Specify image file path (SampleXPImage)<br />
*# Specify image type<br />
*# Log into the box hosting FOG, and move/rename your image to match browser input<br />
*# Create hierarchy if necessary. FOG, by default, puts images in /images/, so for the above example, you would need to create a folder structure like so: /images/SampleXPImage<br />
*# Drop your image file into the folder (be sure it's named the same as image name above)<br />
<br />
----<br />
<br />
=== Storage Management ===<br />
<br />
*The Storage Manager introduces the concept of '''Storage Groups.''' Basically, a storage group is a group of NFS servers that share images and share the load of computers being imaged. Any member of a storage group is referred to as a '''Storage Node.''' You may have as many storage groups as you wish and as many storage nodes within those groups as you wish. In each storage group, there is one storage node which is designated as the '''Master''' of that group. Basically, this '''Master''' node is the node where all image captures go, this node handles multicasting tasks for the group, and is the image replicator the for the group. This means that whatever images are stored on this node are what gets distributed to the entire group. <br />
<br />
*What this new system of storage management gives us is a distributed model for FOG which allows for more unicast transfers at a single time. We also gain data redundancy. We also take stress off of the main FOG server.<br />
<br />
*Below is a brief overview of Storage Groups<br />
<br />
[[Image:Nfsgroup.jpg]]<br />
<br />
*This image shows a single Storage Group and the flow of data within the group. The queue size of the system is the sum of the queue size of all the storage nodes within the system. So if you have 4 nodes each with a queue size of 10, then the queue size of the system is 40, which means 40 clients can be imaged (unicast) at one time. <br />
<br />
[[Image:StorageGroups.jpg]]<br />
<br />
*This image shows that it is possible to have multiple storage groups on your network, which are isolated from each other. This image also demonstrates, that captures always go to the master node and multicast session always send data from the master node. Images are pushed out from the master node of the group to all other members of the group.<br />
<br />
*'''Key Benefits'''<br />
*#Increased throughput<br />
*#Redundant Storage<br />
*#Scalability<br />
<br />
*Also see [[Knowledge_Base#Storage_Nodes | Storage Nodes]] for tutorials.<br />
<br />
==== Adding a Storage Node ====<br />
<br />
*Definition: Storage Nodes provide extra [http://www.fogproject.org/wiki/index.php?title=InstallationModes NFS/FTP storage space] which increases available throughput and redundancy within a network. They do not provide PXE, TFTP, or DHCP services at secondary sites. To enable additional PXE and TFTP services at secondary sites see this section: [[#Including_multiple_PXE_.2F_TFTP_servers|#Including multiple PXE / TFTP servers]]<br />
<br />
*Video Tutorial: http://www.youtube.com/watch?v=X72WthDGwsw&fmt=18 (old video but still valid infomation)<br />
<br />
*To add an additional storage node to the network, the computer should be prepared in the same way the main FOG server would be prepared (disable firewall, SELinux, etc). You can also safely mix operating systems for the nodes of you storage group, some nodes can be running fedora, and some can be running Ubuntu. It is important to update your storage nodes when you upgrade to a new version of FOG. Installation of a storage node is done with the same installer for a normal FOG server. Installation can be started by running the installer script, the steps are detailed below.<br />
<br />
*Surprisingly enough some users have actually gotten a Windows Storage node to work properly. See [[Windows_Storage_Node]] for more information on this.<br />
===== Installing the Node =====<br />
*To Install a node:<br />
*#Run the installation script, ./installfog.sh<br />
*#Select your operating system.<br />
*#When prompted for Server Installation Mode, select '''S''', for storage node.<br />
*#Enter the IP address of the storage node.<br />
*#Confirm you interface<br />
*#Then you will need to enter the IP address or host name of the node running the FOG database<br />
*#Then you will be prompted for a username (typically fogstorage)<br />
*#and a password that is located on the FOG server, that will allow the storage node to access the main FOG server's database. This information is located in the FOG management portal for convenience (on the main for server). It can be accessed via '''Other Information''' -> '''FOG settings''' -> section '''FOG Storage Nodes'''.<br />
*#You will then be prompted to confirm your installation settings, if they are correct press '''Y''' end hit '''Enter'''.<br />
*#When installation completes, the install will produce a username and password that will be needed to add the storage node to the FOG management portal. Username is "fog", password is in /opt/fog/.fogsettings<br />
<br />
===== Adding the Node to the Management Portal =====<br />
*To Add a Node<br />
*#Log into the FOG Management Portal<br />
*#Navigate to the '''Storage Management''' section.<br />
*#Click on '''Add Storage Nodes'''.<br />
*#For the '''Storage Node Name''', enter any alpha numeric string to represent the storage node. <br />
*#Enter any description you wish<br />
*#Enter the IP address of the storage node you are adding. This must be the IP address of the node, DO NOT use a hostname here or the node will not function correctly. <br />
*#Enter the maximum number of unicast clients you would like this node to handle at one time. The value that we recommend is 10. <br />
*#Is Master Node is a very dangerous settings, but for right now leave it unchecked, for more details please see: [[#Master Node Status]].<br />
*#Next, select the storage group you would like this member to be a part of, in our example we will pick '''Default'''<br />
*#Next, specify the image location on the storage node, typically '''/images/''', your image location should always end with a '''/'''.<br />
*#Next, you will want to check the box, to enable the node.<br />
*#The last two fields take the username and password that are generated during the installation of the storage node. username is "fog", password is in /opt/fog/.fogsettings<br />
*#Then click '''Add''' to have the node join the storage group.<br />
<br />
==== Monitoring The Master Node ====<br />
<br />
*On all storage nodes there is a new service (as of version 0.24) called FOGImageReplicator which is a very basic script which, if the node is the master, copies all of its images to all other nodes in the storage group. The coping is done every ten minutes by default, which means your images are NOT instantly duplicated to all nodes. <br />
<br />
*If you would like to view the status of the image replication, you can do so on the storage node by switching to tty3, by typing ctl + alt + f3. Output is also logged to a file in the '''/opt/fog/log''' directory.<br />
<br />
*FOGImageReplicator logs are also located in [[File:Config.png]] '''Fog Configuration''' --> '''Log Viewer''' --> '''FILE: [Select Image Replicator]'''<br />
<br />
==== Master Node Status ====<br />
<br />
*The '''Master Node''' (could be the server or a particular node) in a storage group is the node that distributes images files to all other nodes in the storage group.<br />
<br />
*If you have all your images distributed across 3 nodes in a storage group, '''if you add a new storage node that has no images stored on it, making that node master will cause it to take over and push it's image store of nothing to all other nodes, wiping out all of your images'''. So it is important to be very careful and backup your images when you change a node's master status.<br />
<br />
*Notes - You '''can''' have many storage nodes in a storage group. You '''can''' have one master storage node in a storage group. You '''can not''' have more than one master storage node in a storage group. You '''must have''' one master storage node for replication to take place to other nodes in the group. '''If''' a master storage node is set, all captures '''first''' go to the master storage node of the storage group the image is assigned to; and are '''then''' replicated to other storage nodes.<br />
<br />
==== Including multiple PXE / TFTP servers ====<br />
<br />
*A traditional Master Storage Node, [[#Adding_a_Storage_Node|as described above]] only provides File Storage redundancy. While this can help increase multicast throughput on a single network, all the machines under FOG management must be within the same subnet/VLAN so that DHCP broadcast requests can be directed to the Main server. (see note below)<br />
<br />
*<pre>'''Note:''' depending on the network, it may be possible to configure [http://en.wikipedia.org/wiki/UDP_Helper_Address iphelper] to forward packets to the Main FOG server</pre><br />
<br />
*The following instructions are intended to help configure additional Storage Nodes to operate independently on separate networks, while still syncing with and taking commands from a single Main FOG server.<br />
<br />
*Click here for instructions on setting up [[Multiple_TFTP_servers|multiple PXE / TFTP servers]]<br />
<br />
=== Users ===<br />
<br />
==== Overview ====<br />
<br />
*FOG has only two levels of users, '''regular''' users and '''mobile''' users. Regular users have access to the mobile portal and the full management portal. Mobile users have access to only the mobile management portal and Quick Image functions.<br />
<br />
==== Creating Accounts ====<br />
<br />
*All accounts are created under the "Users" section of the FOG portal. To create a new account click on the "New User" button on the left hand side of the page. All accounts must have a unique username, and a password. After filling in the required information click on the "Create User" button.<br />
<br />
==== Modifying Users ====<br />
<br />
*FOG accounts can be modified from within the users section. First you must locate the account you wish to modify by clicking on the "List all Users" button on the left hand side of the page. When a user is located, click on the edit button on the right hand side of the table.<br />
<br />
=== Tasks ===<br />
<br />
==== Overview ====<br />
<br />
*Tasks are all the actions that you can take on a computer, and in FOG there a numerous tasks that can be done including:<br />
<br />
*Deploy (Unicast)<br />
*Capture (Unicast) <br />
*Deploy - Multicast <br />
*Debug<br />
*Memory Test<br />
*Test Disk<br />
*Disk Surface Test<br />
*Recover (File Recovery)<br />
*Hardware Inventory<br />
*Password Reset<br />
*Deploy All Snapins<br />
*Deploy Single Snapin<br />
*Wake-Up<br />
*Deploy - Debug (Unicast)<br />
*Capture - Debug (Unicast)<br />
*Deploy - Without Snapins (Unicast)<br />
*Fast Wipe<br />
*Normal Wipe<br />
*Full Wipe<br />
*Virus Scan<br />
*Virus Scan - Quarantine<br />
*Donate<br />
*Torrent-Cast<br />
<br />
<br />
In the tasks section of FOG you can perform tasks on single hosts or groups of hosts. This section also allows you to monitor selective tasks, and stop/cancel tasks.<br />
<br />
==== General Tasks ====<br />
<br />
The general/common Tasks in FOG include unicast image capture, and unicast image send, as well as a multicast image send. In FOG, sending an image to the server is considered an image capture, and deploying an image to the client is called a send. Both of these tasks can be started directly from the search, list all hosts, and list all groups pages. <br />
<br />
To perform a simple image capture, click on the upward facing arrow next to the host. Captures are only possible on a host, not a group. Capturing an image will also overwrite any image file that may already exist for that host without any notification or confirmation.<br />
<br />
Please note that capturing images of Windows Vista and Windows 7 requires special command to be run on the clients prior to image capture. Please see [[What do I have to do to an image before capturing?]] for more details.<br />
<br />
For a video demonstration of an image capture, please see: http://www.youtube.com/watch?v=jPPZr0abVfg&fmt=18<br />
<br />
To perform a simple image send, click on the downward facing arrow next to the host. An image send can be done on a host or a group. When sending an image to multiple computers FOG works in queue mode, which means that it will only send to 10 (by default) computers at one time. This is done to keep the server from being overworked. As soon as the a machine finishes, another from the queue joins.<br />
<br />
To perform a multicast image send you must search for a group of hosts on the "Task Management" page. Multicast tasks can only be performed on a group of hosts. Multicast tasks will send to all the computers in the group at once, and the task will not start sending until all members of the group have connected with the server. After starting a multicast task, status can be view by clicking on [ctl]+[alt]+f2. A log is also kept for multicast transfers which is stored at /opt/fog/log.<br />
<br />
==== Advanced Tasks ====<br />
<br />
The advanced Tasks in FOG include everything that is not a simple capture, simple deploy or mutlicast deploy. <br />
<br />
=====Debug=====<br />
<br />
Debug mode boots the linux image to a bash prompt and allows the user to issue all commands by hand. <br />
<br />
=====Capture - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to capture the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to send the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Without Snapins)=====<br />
<br />
This task does a normal send task with the exception that if any snapins are associated with the host, they are not deployed to the host. <br />
<br />
=====Deploy All Snapins=====<br />
<br />
This task will send all the snapins associated with a host to the host without imaging it.<br />
<br />
=====Deploy Single Snapin=====<br />
<br />
This task will send a single snapin that is associated with the host to the host without imaging it. (Note: The snapin must be associated with the host already)<br />
<br />
=====Memory Test=====<br />
<br />
Boots to Memtest86, a memory testing tool. This a task will not exit with out user intervention at the client side. The task must also be manually stopped via the management front end.<br />
<br />
=====Wake Up=====<br />
<br />
Wakes up host or group of hosts using Wake-on-Lan. <br />
<br />
=====Fast Wipe=====<br />
<br />
This task does a quick and dirty wipe of the drive. This task writes zeros to the first ~40MB of the disk. This task should NOT be used if you don't want your data to be recoverable. <br />
<br />
=====Normal Wipe=====<br />
<br />
This tasks writes random data to the entire surface area of the disk. <br />
<br />
=====Full Wipe=====<br />
<br />
This tasks writes random data, multiple times to the entire surface of the disk. <br />
<br />
=====Disk Surface Test=====<br />
<br />
This task will look for bad blocks on the hard disk and report them back to the client console. <br />
<br />
=====File Recovery=====<br />
<br />
This task will load an application that can be used to recover lost files from the hard disk. <br />
<br />
=====Virus Scan=====<br />
<br />
This task will update and load ClamAV and scan the partition for viruses. It will either scan and report or scan and quarantine files, it will also report back to the management portal with the results of the scan.<br />
<br />
=====Hardware Inventory=====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/InventoryUpdate.swf.html Video Tutorial]<br />
<br />
The hardware inventory task will execute the same task as the fog.reginput client side task. Since the host is already registered, all it will do is update the computers inventory and restart. It is visioned that this task could be run on a regular interval on a group of all computers in your network, or some sub group of computers in your network. Then on the next reboot of those computers an inventory would be performed.<br />
<br />
==== Scheduling ==== <br />
<br />
As of version 0.27 of FOG, select tasks can be scheduled using a static date/time combination or using a cron style repetitive task scheduling. Task scheduling can be performed on either single hosts, or on groups of computers. One thing to note about task scheduling that isn't intuitive is that it '''requires an image to be associated with the host, even for non-image based tasks!''' The reason for this is because tasks are only run on the master storage node associated with that host, and the only way to tie a storage node to a host is via an image. We did this to prevent multiple storage nodes to try running the same task for a specific host. <br />
<br />
===== Single Execution Scheduling =====<br />
<br />
Single task execution will run a task at a single date and time, then the task will be discarded. To scheduled a single execution task, you would go to the tasks section of fog, then select the host or group you would like to schedule the task, then select the task you would like to schedule. You will then be presented with the screen show below.<br />
<br />
[[Image:Sched.png]]<br />
<br />
To schedule a single execution task, click on white text box below "Schedule Single Task Execution?" and a pop up calendar will load and allow you to select your date and time for the task. Click on the date to close the calendar, then start you task. <br />
<br />
===== Cron Style Task Scheduling =====<br />
<br />
Cron style task execution allows you to do complex repetitive task scheduling. After a cron task executes, it is not removed, as single executions tasks are. Cron style tasks, as the name suggests are similar to the Linux cron task scheduler format. Cron style tasks are created as single execution tasks are, except when presented with scheduling options, select the option "Schedule Cron Style Task Execution". Below that check box are a series of text boxes including:<br />
<br />
min -> Minute [00-59]<br />
hour -> Hour [00-23]<br />
dom -> Day of Month [01-31]<br />
month -> Month [01-12]<br />
dow -> Day of Week [01-07] (Sunday ==> 0, Saturday ==> 6)<br />
<br />
To give an example of how this works, if you wanted a capture task to run at '''10:00pm everyday''' you would enter the following:<br />
<br />
0 22 * * *<br />
<br />
This basically says run the task a '''0''' minutes into the hour, on the '''22nd hour (10:00pm)''', on '''every day of the month''', on '''every month of the year''', on '''every day of the week'''.<br />
<br />
To take this example further, lets say you only wanted to capture the image '''every other day''', we could do this by adding:<br />
<br />
0 22 */2 * *<br />
<br />
The '''*/2''' now tells the scheduler to only run on '''even days of the month'''. <br />
<br />
We could even ask the scheduler to only do a backup on '''even weekdays''' by adding:<br />
<br />
0 22 */2 * 1-5<br />
<br />
The 1-5 we just added says only run on days 1 through 5, which relate to Monday - Friday.<br />
<br />
Now we will ask the scheduler to only backup in the month of February.<br />
<br />
0 22 */2 2 1-5<br />
<br />
Another basic example could be if you wanted to run an inventory update on the first of every month you could use:<br />
<br />
30 1 1 * *<br />
<br />
This task would then run at '''1:30''' on the '''1st of every month'''.<br />
<br />
<br />
The FOG scheduler doesn't support 100% of the operations that cron supports, below are the operations that are supported:<br />
<br />
4 - Listing a static number<br />
4,5,6,7 - Listing a group of numbers<br />
4-7 - ranges of numbers <br />
4-7,10 - ranges and lists<br />
*/5 - * divided by a number<br />
* - Wildcard<br />
<br />
For more information on cron please see http://en.wikipedia.org/wiki/Cron<br />
<br />
=== Printers ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher.<br />
<br />
==== Known Issues ====<br />
<br />
Setting of the default printer will only work if the fog tray icon is running.<br />
<br />
==== Overview ====<br />
<br />
The printers section of FOG allows you to create printer definitions that you can later associate with hosts. The FOG service looks at these associations and during service it will attempt to install any printers listed. This service has three settings which define how the printers are managed, printer management can be set to:<br />
<br />
<ul><br />
<li>No Printer Management</li><br />
<li>Add Only</li><br />
<li>Add and Remove</li><br />
</ul><br />
<br />
All hosts default to '''No Printer Management''' which means that the FOG service does nothing to the hosts printers. '''Add Only''' does as the name implies, and will only add printers to the host machine, it will not remove any existing printers that may be installed. '''Add and Remove''' will take full control of the hosts printing system and only allow for the printers that are specified by the FOG management console to exist on the host. <br />
<br />
==== Adding New Printers ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf Video Tutorial]<br />
<br />
In order for the printer to be added to the host computer, the printer drivers must be stored in a public area, or included on the host computer. This public area can be a Novell Network share where public has read-only access, a Windows share that is public read-only to everyone, or a Samba share (possibly residing on the FOG server) that is public read-only to everyone. This share must be accessible via a UNC path as the service may attempt to install the printers before drive mapping occurs. In this share the printer drives and .inf file must exist. FOG supports install IP based (Jet-Direct) printers, public access NDS printers, Local printers, windows share based printers, (and we think, but could use a confirmation as it hasn't been tested) AD based printers. <br />
<br />
If you wish to see what printers are included with Windows XP, navigate to c:\windows\inf\ntprint.inf. Open this file with a text editor and you will be able to install all the printers listed using the ntprint.inf file. <br />
<br />
To create a new printer definition click on the Printer icon on the system menu bar. Then on the left hand menu, click on '''Add New Printer'''. The form you are presented with will require you to enter:<br />
<br />
<ul><br />
<li>'''Printer Model''' - This must match the name in the INF file.</li><br />
<li>'''Printer Alias''' - This can be anything you wish and it is what the end user will see.</li><br />
<li>'''Printer Port''' - This is something like '''LPT1:''', or '''IP_1.1.1.2'''.</li><br />
<li>'''Printer INF File''' - This is the path to the INF file for the printer driver.</li><br />
<li>'''Printer IP''' - (optional) This is ip address of an IP based printers only, this can take the form of '''1.2.3.4:9100''' or '''1.2.4.5'''. If the port doesn't exist already, it will create one named ''' IP_x.x.x.x''', where x.x.x.x is the ip address. That is what should be entered in the port field.</li><br />
</ul><br />
<br />
After all the required information is entered, click on the '''Add Printer''' button.<br />
<br />
==== Linking Printers to Hosts ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf.html Video Tutorial]<br />
<br />
Linking printers to hosts can be done from either the hosts section or the groups section. In the hosts section find the host you would like to add a printer to, click on the edit button associated with that host. In the host menu, click on the '''Printers''' button. First select how you would like the host to be managemed, either '''No Printer Management''', '''Add Only''', or '''Add and Remove'''. Then in the section below, select the printer you would like to install from the drop down list and click on the '''Update''' button.<br />
<br />
==== Creating a Samba Based Printer Store on FOG ====<br />
<br />
If you do not have a public sever where you can store your printer drivers for the FOG Printer Manager, then it is very easy to set one up on the FOG server using Samba, so all your Windows Clients will be able to connect.<br />
<br />
[[Creating a Samba Based Printer Store on FOG]]<br />
<br />
=== The FOG Client Service ===<br />
<br />
<font color="red">Note:</font> Most of the things here about the FOG Client service apply to the legacy FOG client that came with FOG versions 1.2.0 and older. FOG 1.3.0 now comes with a new FOG Client. Details on this can be found here: [[FOG Client]]<br />
<br />
==== Overview ====<br />
<br />
The FOG Client Service is a Windows Service that is intended to be installed on the client computers during the image creation process. The FOG service communicates with the FOG server to provide certain service to the client computers including:<br />
<br />
<br />
*Auto Log Off (0.16)<br />
*Hostname Changes<br />
*Active Directory Integration<br />
*Directory Cleaner (0.16)<br />
*Display Manager (0.16)<br />
*Green FOG (0.16)<br />
*Host registration<br />
*Task Restarting<br />
*Snapin Installation<br />
*User Tracker<br />
*Printer Manager<br />
*User Cleanup (0.16)<br />
*Client Updater<br />
*User Tracker<br />
<br />
==== Module specific configuration settings ====<br />
<br />
The FOG Client Service is very modular in nature, which means you can install portions of the services provided, and leave off others. This also means that it is very easy to create new sub services if you know a little C#. All configuration data is held in a local INI file. Which is typically stored in <br />
<br />
c:\program files\fog\etc\config.ini<br />
<br />
This file holds, in the general section:<br />
<br />
<ul><br />
<li>FOG Server IP address</li><br />
<li>FOG Service installation root</li><br />
<li>FOG Service working directory</li><br />
<li>FOG Log file path</li><br />
<li>Flag indicating if GUI messages should be displayed</li><br />
<li>The max log file size</li><br />
</ul><br />
<br />
==== Installation ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/FogServiceInstall.swf.html Video Tutorial]<br />
<br />
The FOG service should be installed on the computer to be imaged before capturing the image to the FOG Server. <br />
<br />
The FOG service is located in the '''FOG Service/bin''' directory or if the FOG server is already installed it can be downloaded from:<br />
<br />
http://[serverip]/fog/client/<br />
<br />
Double-click on the '''setup.exe''' to start the installation wizard. At the end of the wizard you will need to enter the IP address or hostname of your FOG server.<br />
<br />
[[Image:fogservice.jpg]]<br />
<br />
Then restart the computer, if you don't restart the computer you will have issues with the service GUI appearing correctly.<br />
<br />
===== Quiet Installation =====<br />
<br />
As of version 0.29 and higher, the FOG client now supports a quiet installation mode. This can help automate deployments, by allowing the command to be run without user interaction from batch files. To do this the setup.exe file must be run from the command line with the arguments '''fog-defaults=true /qb'''.<br />
<br />
So the full command would be:<br />
<br />
setup.exe fog-defaults=true /qb<br />
<br />
==== Functions and Operation ====<br />
<br />
=====Auto Log Out=====<br />
<br />
Added in Version 0.16<br />
<br />
This module of the FOG Service will log a user off of a client pc after X minutes of inactivity. This module will display a screen saver-like GUI after 3/4 of the inactive time is up. So if the time out value is 40 minutes, the GUI will be displayed at 30 minutes of inactivity. When the time is up, the client computer will reboot. This service module can be configured via the management portal via:<br />
<br />
FOG Service Configuration -> Auto Log Out<br />
<br />
To enable the module globally, place a check in the box next to '''Auto Log Out Enabled?'''. The time to auto log off can changed globally via '''Default log out time:''' The minimum recommended value for this setting is 4 minutes. <br />
<br />
The background image for the auto log off module can be modified via:<br />
<br />
Other Information -> FOG Settings<br />
<br />
The settings can be changed by modifying the value for '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE'''. This settings will accept a jpg file that is local to the client computer like: <br />
<br />
c:\images\image.jpg<br />
<br />
This setting will also accept files located on a web server such as:<br />
<br />
http://www.somedomain.com/image.jpg<br />
<br />
Provided with FOG is a simple php script that will display a random images that is located on the FOG server. To use this option set '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE''' to <br />
<br />
http://x.x.x.x/fog/public/randomimage.php<br />
<br />
Then simply put the images you would like to use in the following directory on the fog server:<br />
<br />
/var/www/html/fog/public/imagepool<br />
<br />
Images used for the auto log off module must be in jpg format, and must be 300px by 300px.<br />
<br />
=====Hostname Changer=====<br />
<br />
This module of the FOG Service is used to change the hostname of the client computer and to allow the client to (optionally) join a Active Directory Domain after imaging. This process only runs shortly after service startup, which means typically only when you start your computer. The service communicates with the FOG server over port 80 and determines the hostname that is present in the FOG database for the host. The hosts are matched to the FOG database by their MAC addresses. If the hostnames are found to be different, the client changes the computers hostname and restart the computer.<br />
<br />
The config.ini file contains configuration options for this module. <br />
<br />
netdompath=<br />
<br />
Allows you to set the path to the netdom.exe file. In some cases the file does not exist on the system. It can be downloaded from: [http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=de Microsoft Download Center]<br />
<br />
=====Host Register=====<br />
<br />
As of version 0.29, this module will only add additional mac address to a host that is already registered, and add them to the pending mac address table, where they need to be approved in the FOG UI.<br />
<br />
=====Task Reboot=====<br />
<br />
This module periodically checks in with the FOG server to see if the client has an imaging task assigned to it. If a task is found AND no one is logged into the workstation, then the client will restart and join the task.<br />
<br />
The config.ini file contains configuration options for this module. As of version 0.13 of FOG you can change:<br />
<br />
forcerestart=0<br />
<br />
to<br />
<br />
forcerestart=1<br />
<br />
This will make the computer restart if a task is found, regardless of whether a user is logged into the computer.<br />
<br />
You can change how often the service will check in with the server by changing:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins.<br />
<br />
=====Directory Cleaner=====<br />
<br />
Added in version 0.16<br />
<br />
This module will clean out (delete) the contents of a directory on user log off. This useful when you don't want any settings cached between users. This module will only delete the contents of a directory and not the root directory itself, so if you specify '''c:\trash''', the service will remove all files and folders located within c:\trash but leave the folder c:\trash.<br />
<br />
=====Display Manager=====<br />
<br />
Added in version 0.16<br />
<br />
This module is used to restore screen resolution between clients. This will restore a fixed resolution and refresh rate when a user logs into a computer.<br />
<br />
=====Green FOG=====<br />
<br />
Added in version 0.16<br />
<br />
This module will simply shutdown/restart the client computer at a fixed schedule if no user is logged in. The schedule can be defined via the management portal. <br />
<br />
=====Snapin Client=====<br />
<br />
This module periodically checks in with the FOG server to see is the client has an snapin set to be deployed to it. If a snapin is found AND no imaging task is associated with the client, then the client will download the snapin and install it in the background.<br />
<br />
The configuration file contains settings for this module including:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins. It is important to note that currently the fog client will wait 5 minutes when first connected / established before it starts checking and installing any snapins from the server.<br />
<br />
=====User Tracker=====<br />
<br />
This module attempts to track user access to the host computer by the Windows user name. It attempts to track logins and logoffs as well as well as the state of the computer at service startup. The service will even attempt to track users when they are not on the network by writing all entries to a journal file, then replying the journal the next time the client is on the network.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====User Cleanup=====<br />
<br />
This module will remove all users not white listed in management portal on log off. This module is useful when using services like dynamic local user. All entries in the management white list are treated as prefixes to usernames, which means that they will white list all users that start with whatever was entered in the management front end. For example, if you enter '''admin''' in the management white list, then users '''admin''', and '''administrator''' will NOT be removed from the computer.<br />
<br />
=====Printer Manager=====<br />
<br />
This module checks on service startup to see what printers should be installed/removed from the client PC.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====Client Updater=====<br />
<br />
This module waits (randomly) between 60 and 500 seconds after service startup to check the local fog server for client updates, and if any are found the service will download and install them. Updates will NOT take effect until after the service is restarted.<br />
<br />
There are no configuration settings for this module.<br />
<br />
==== Keeping Clients up to date ====<br />
<br />
===== Overview =====<br />
<br />
As of version 0.12 of FOG, we have included a client updater module. This module is no different from any of the other sub service modules. This service waits anywhere between 60 and 500 seconds after the FOG service starts up, and then attempts to check with the server for newer FOG service modules. If new modules are found the client will download them, and they will be active on the NEXT service startup. These modules are controlled from the FOG Management Console. <br />
<br />
Only certain modules can be updated, only those that are a sub class of AbstractFOGService. This means you should '''NEVER''' attempt to update the FOGService executable (FOGService.exe file), or the AbstractFOGService.dll file. It is recommended that you not update the ClientUpdater.dll, because if the ClientUpdater.dll file becomes corrupt or not functional, your clients will not be able to update from that point on. Below are a list of the .dll files that can be updated.<br />
<br />
<ul><br />
<li>UserTracker.dll</li><br />
<li>TaskReboot.dll</li><br />
<li>SnapinClient.dll</li><br />
<li>PrinterManager.dll</li><br />
<li>HostRegister.dll</li><br />
<li>HostnameChange.dll</li><br />
<li>GUIWatcher.dll</li><br />
<li>ClientUpdater.dll</li><br />
<li>config.ini</li><br />
</ul><br />
<br />
Care must also be taken when updating the config.ini file, if the IP address is incorrect or the syntax of the file is incorrect, it could leave the FOG service crippled on the client computers.<br />
<br />
===== Posting Updates =====<br />
<br />
To add new modules that can be pushed down to clients, first install a client with the new service or new module and confirm that it works as you would like. Log into the FOG management console, then go to the Infomation/Misc section (the little "i" icon). Click on '''Client Updater''' on the left-hand menu. Now click on the browse button to select the module (.dll) file you would like to post, then click on the capture button. After capturing the file should appear in the table above. If you are adding a new module, you will probably want to capture a new config.ini file to include new configuration settings required by that new module.<br />
<br />
==== FOG Tray ====<br />
<br />
The FOG Tray is a Windows application that runs on user login that docks in the system tray. The FOG Tray, like the FOG service, is very modular in nature. New modules can be dropped in the FOG tray directory and on next load they will be loaded. This tray icon has the ability to communicate with the FOG service, this allows FOG more interactivity with the end-user. <br />
<br />
What happens is that when the FOG service's printer manager module gets a request to set a default printer, the service attempts to contact the FOG Tray. If communication is established, then the service will ask the tray to set the default printer. On the other hand the end user can right click on the "F" icon in the system tray, then select printers, then update my printers. What this will do is attempt to send a request from the FOG Tray to the FOG Service and have the service check for printer updates (new printers or printers to be removed). If one is found the service will install any new printers assigned in the FOG Management portal.<br />
<br />
This application is in its very early stages and currently doesn't have a lot of functionality. It is currently only used to allow end users to update their printers and to allow the setting of default printers (from the FOG service). Our vision for the FOG Tray is to add modules that would allow users to install printers that are published as public (via the management portal) without the printer being directly assigned to their host. We would also like to do the same thing for snapins where some of your snapins could be defined as public where anyone could install them on their computer.<br />
<br />
==== Troubleshooting ====<br />
<br />
If you have problems with the FOG Service, please refer to the log file that is located at:<br />
<br />
c:\fog.log<br />
<br />
If the PXE boot does not work<br />
<br />
If booting from the fog server through pxe comes up with an error file not found, edit /etc/default/tftpd-hpa<br />
<br />
Change TFTP_DIRECTORY to<br />
<br />
TFTP_DIRECTORY="/tftpboot"<br />
Then<br />
<br />
/etc/init.d/tftpd-hpa restart<br />
<br />
=== Snap-ins ===<br />
<br />
==== Overview ====<br />
<br />
*The FOG Service has the ability to install snapins to the clients. Snapins can be anything from whole applications like Microsoft Office to registry keys or desktop icons. Snapins can even be used to uninstall applications or remove unwanted files. For the end use's point of view, they will not even noticed that a snapin is being installed until it is complete. At this point a message will notify them that a new application has been installed on their computer. Snapins can be in MSI (0.17) or EXE formats, and can be created with any snapin creation tool like InstallRite or already packaged MSI files (0.17). You can also push commands to the computer that include .vbs scripts / .cmd (commands) and .bat (batch scripts).<br />
<br />
*Snapin return codes are specified by the program that's being installed.<br />
<br />
<br />
==== Creating a Snapin / Overview ====<br />
<br />
FOG doesn't provide a tool to create snapins, but instead allows you to push files and execute them on the remote computers. It is highly recommended that you push the actual installer to the computer instead of using a program such as InstallRite. <br />
<br />
If you have never silently installed software to a computer, or created an answer file for a program please look at the website Appdeploy [http://www.appdeploy.com/articles/ Link] This website has an trove of information on how to push software to a computer remotely.<br />
<br />
===== Creating a Snapin for larger applications with SFX Maker =====<br />
<br />
Some larger applications such as Microsoft Office and Adobe Products (Acrobat / Creative Suite) require multiple files to install properly. If you have an application that is not a single .exe please use SFX Maker. This tool is free for non commercial use, and most programs fall under the GPL. [http://www.isoft-online.com/ SFX Maker's Website]<br />
<br />
For instructions on how to use this software please see the youtube videos below.<br />
<br />
[http://www.youtube.com/watch?v=ZSMJLnRjn94 Office 2003 Install]<br />
[http://www.youtube.com/watch?v=Qzc1Q9NW_cE Office 2007 Install]<br />
<br />
SFX Maker takes an entire folder and encapsulates it or "folds" it into a single .exe which then "unfolds" to its original state and launches a file or command.<br />
<br />
===== Creating a Snapin with InstallRite =====<br />
<br />
If for some reason you do wish to use Installrite please be aware it comes with issues and limitations (not compatible on all windows operating systems / can cause issues with the computer it is pushed to). Below is an example of how to build a package with that software<br />
<br />
In this example we will use Epsilon Squared's InstallRite which can be downloaded from http://www.epsilonsquared.com/installrite.htm. This application will package up your snapin as an exe file which will be uploaded to the FOG server. <br />
<br />
<ol><br />
<li>To run InstallRite navigate to c:\program files\Epsilon Squared\InstallRite\InstallRite.exe</li><br />
<li>Click on "Install new software and create an InstallKit"</li><br />
<li>On the Configure screen, click Next.</li><br />
<li>On the Snapshot screen click next to create a new system snapshot.</li><br />
<li>On the next screen,click the browse button to select the application you wish to install, then click next.</li><br />
<li>When installation is complete InstallRite will come into focus, click the next button. InstallRite will scan your system again.</li><br />
<li>Enter a name for your snapin.</li><br />
<li>Click "Build Install Kit"</li><br />
<li>Select "Quiet Installation Mode", Never reboot, even if needed, and "Never prompt the user and only overwrite older files"</li><br />
<li>Click OK and it will build your snapin.</li><br />
</ol><br />
<br />
==== Preparing the FOG Server ====<br />
<br />
If your snapin is larger than 2MB you will need to make two changes to the FOG server to allow uploads of larger than 2MB.<br />
<br />
See also: [[Troubleshoot Web Interface]]<br />
<br />
===== Fedora =====<br />
<br />
<br />
#On the FOG Server click on Applications -> Accessories -> Text Editor.<br />
#Select Open and navigate to "/etc/php.ini"<br />
#Change UPLOAD_MAX_FILESIZE to 1900MB (On a 32Bit OS don't set this value above 2GB)<br />
#Change POST_MAX_SIZE to the same value.<br />
#Save and close the text editor.<br />
#Click on Applications ->System Tools -> Terminal and type "service httpd restart"<br />
<br />
===== Ubuntu =====<br />
<br />
#sudo gedit /etc/php5/apache2/php.ini<br />
#Change <br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
#Save Changes<br />
#sudo /etc/init.d/apache2 restart<br />
<br />
<br />
===== VMWare =====<br />
<br />
#sudo vim /etc/php5/apache2/php.ini<br />
#Edit the following lines in the document (read below for assistance with working in VIM)<br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
<br />
<br />
*To edit content in vim you will need to press the '''"I"''' key on your keyboard to enter input mode.<br />
*Hitting the '''Escape''' key will bring you out of input mode.<br />
*Once out of input mode type ''':w''' and then '''enter''' to save the file<br />
*Restart FOG once the file has been saved<br />
<br />
==== Uploading the Snapin ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/CreateSnapin.swf.html Video Tutorial]<br />
<br />
<ol><br />
<li>In the FOG Management Portal click on the Snapin Icon (Puzzle Pieces).</li><br />
<li>On the left-hand menu click on the New Snapin Button.</li><br />
<li>Enter a Snapin Name and Description.</li><br />
<li>Browse to the snapin file you wish to upload.</li><br />
<li>If you want the computer to restart after the snapin is installed click on the "Reboot after install"</li><br />
<li>Click "Add"</li><br />
</ol><br />
<br />
<br />
<br />
As of version 0.17, fog supports using typical msi files as snapin files.<br />
<br />
If the snapin file is a msi file you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of msiexec.exe (ie: c:\windows\system32\msiexec.exe)</li><br />
<li>Set '''Snapin Run With Arguments:''' to '''/i'''</li><br />
<li>Set '''Snapin Arguments:''' to '''/qn'''</li><br />
</ol><br />
<br />
If the snapin file is a .vb script you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of cscript.exe (ie: c:\windows\system32\cscript.exe)</li><br />
</ol><br />
<br />
<br />
<br />
'''Documentation on list of support snapin's and command line arguments''' [[http://www.fogproject.org/wiki/index.php?title=Supported_Snapin%27s_and_Command_Line_Switches]] There are MANY more supported applications that can be installed via command line arguments. You might have better luck installing them directly via .EXE / .MSI / or scripting them via .VBS . For more info on this consult the forums --[[User:Ssx4life|Ssx4life]] 09:04, 8 October 2009 (MST)<br />
<br />
==== Linking the Snapin to Hosts ====<br />
<br />
In order for a snapin to be deployed it must be linked with a host. To do this perform the following:<br />
<br />
<ol><br />
<li>In the FOG Management Portal, click on the Hosts Icon.</li><br />
<li>Search for and select a host and click on the edit button.</li><br />
<li>Scroll down to the snapin section.</li><br />
<li>Select the snapin you just created from the drop-down box and click the "Add Snapin" button.</li><br />
</ol><br />
<br />
The next time you image the computer the FOG Service will attempt to install that snapin. If you have problems, please see the fog log file located at c:\fog.log on the client PC.<br />
<br />
=== Client Side Tasks ===<br />
<br />
==== FOG Version ====<br />
<br />
Applies to version 0.12 or higher.<br />
<br />
==== Overview ====<br />
<br />
FOG attempts to keep management centralized, but in an attempt to make deploying machines as easy as possible FOG has added a few basic client side tasks. These tasks can be run from the client computer during the PXE boot process. When the client boots and the FOG banner is displayed the pxe client will display a prompt like '''boot:''' or something similar. At this point you have 3 seconds to start typing one of the following commands. <br />
<br />
<ul><br />
<li>fog.memtest</li><br />
<li>fog.reg</li><br />
<li>fog.reginput</li><br />
</ul><br />
<br />
==== fog.memtest ====<br />
<br />
This command will run the memtest86+ on the client computer. <br />
<br />
==== fog.reg ====<br />
<br />
This command will run the basic host registration and inventory process without any user input. It will register any new/unregistered hosts with the FOG server and pull a basic hardware inventory from them. The hostname of the computer will be the same as the MAC address without the ":".<br />
<br />
If a host is already registered, then only an inventory will be performed.<br />
<br />
==== fog.reginput ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/RegImage.swf.html View Host Registration Video]<br />
<br />
This command will run the full host registration process with user input, inventory and give the option to push down an image, all at the same time. During this process the user registering the host will be prompted for the computer host name, ip address, operating system ID, image ID, Primary User of the computer, asset tag 1, and asset tag 2. <br />
<br />
If a valid hostname, os id, and image id are given and the option is selected to image the workstation after registration, the host will reboot and an imaging send will began. <br />
<br />
If a host is already registered, then only an inventory will be performed, this prevents end-users from re-registering a machine with a different hostname, etc.<br />
<br />
This tasks was designed for institutions that may get shipments of hundreds of computers that need to be deployed very quickly. They can be unboxed, inventoried, imported into FOG and imaged very quickly. <br />
<br />
===== Operating System ID =====<br />
<br />
As of Version 0.17 of fog, you can now enter '''?''' at the Operating System ID prompt to get a listing of the valid operating system id values. <br />
<br />
The following are valid values for operating system IDs:<br />
<br />
<ul><br />
<li><b>1</b> - Windows 2000 / Windows XP</li><br />
<li><b>2</b> - Windows Vista</li><br />
<li><b>3</b> - Windows 98</li><br />
<li><b>4</b> - Windows (Other)</li><br />
<li><b>5</b> - Windows 7</li><br />
<li><b>50</b> - Linux</li><br />
<li><b>99</b> - Other</li><br />
</ul><br />
<br />
===== Image ID =====<br />
<br />
Image IDs can be found in the management console, in the Images section. Search for the image, and click on the edit button associated with the image, <br />
the image id will be in the Address/url bar in the format of <b>&imageid=xx</b>.<br />
<br />
As of version 0.17, you can enter '''?''' at the Image ID prompt to get a listing of all your images and their ID numbers.<br />
<br />
=== Active Directory Integration ===<br />
<br />
==== Setup ====<br />
<br />
===== Overview =====<br />
<br />
FOG has the ability to register a host with Active Directory, in a limited sense. Versions of FOG up to and including 0.28 rely on the netdom.exe executable that is provided as part the support tools on the Windows installation media. In order for Active Directory integration to function, your image will need to have the FOG service installed, along with the Windows Support Tools.<br />
<br />
Versions of FOG from (and including) 0.29 have this functionality built in and do NOT require netdom.exe or the support tools to be installed.<br />
<br />
It is also very important that before capturing your image that the computer is NOT a member of any domain.<br />
<br />
===== Security =====<br />
<br />
<font color="red">Note: The below statement applies to older FOG versions (1.2.0 and below). When using FOG 1.3.0 and above in conjunction with the NEW fog client, this step is not needed. See [https://wiki.fogproject.org/wiki/index.php?title=FOG_Client here] for more information.</font><br />
<br />
<br />
'''Important - Please read!'''<br />
<br />
In order to add a computer to a domain, FOG requires a username and password of an account that has rights to the OU where the computer objects are stored in the domain tree. This user account should have rights to join computers to the Domain, as well as sufficient rights to create/manage computer objects. FOG attempts to keep your password secure by encrypting it, but since FOG is open source, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and only need to be done one time. Please see the documentation below.<br />
<br />
===== Preparing the Image =====<br />
<br />
Before capturing an image to FOG that you would like to use with Active Directory, please ensure that the image:<br />
<br />
<ul><br />
<li>is NOT a member of the domain, change the computer membership to workgroup instead.</li><br />
<li>has support tools installed (Not required for FOG versions from 0.29).</li><br />
<li>has the FOG service installed.</li><br />
</ul><br />
<br />
===== FOG Setup =====<br />
<br />
To setup a host to use AD, navigate to the hosts section of the FOG management portal. <br />
<br />
<ol><br />
<li>Search for, and select a host. </li><br />
<li>Click on the Edit button</li><br />
<li>Scroll down to the Active Directory section.</li><br />
<li>Check the box next to Join Domain after image task</li><br />
<li>Enter the domain NETBIOS name (i.e. MYDOMAIN, not mydomain.com).</li><br />
<li>Enter the Organizational Unit where you would like to have the computer stored in AD. Leave if blank for the default. (Must be in LDAP format).</li><br />
<li>Enter the user name that has access to the computer objects. Do not include the domain name if you are running version 1.2 (your mileage may vary with earlier versions). Development version of FOG will accept a name with or without domain ('''username ''OR'' mydomain/username''').</li><br />
<li>Enter the encrypted password. This password must be encrypted with the [[FOGCrypt]] utility. This utility is located in the FOGCrypt folder of the FOG download package. It is a Windows (.NET) command line application.</li><br />
<li>Click Update.</li><br />
</ol><br />
<br />
The next time you image that computer the service will attempt to register the host with the domain information provided. If you have problems please refer to the FOG Service log file located in c:\fog.log<br />
<br />
===== Making AD Integration Easier =====<br />
<br />
As of version 0.20 of FOG, we have made it a bit easier to manage AD settings in FOG, by allowing for default settings for AD. This will allow the easy population of the domain, OU, username, and password. To set this feature up perform the following:<br />
<br />
# Go to '''Other Information''' -> '''FOG Settings'''<br />
# Set your default values for the following:<br />
## FOG_AD_DEFAULT_DOMAINNAME<br />
## FOG_AD_DEFAULT_OU<br />
## FOG_AD_DEFAULT_USER<br />
## FOG_AD_DEFAULT_PASSWORD (MUST BE ENCRYPTED!)<br />
<br />
To test everything out, go to a host that doesn't have anything setup for AD, and click on the edit button for that host. Go to the host menu, and select Active Directory. Click on the '''Join Domain after image task:''' button and all your default values should be populated.<br />
<br />
==== Securing Active Directory Integration ====<br />
<br />
===== Overview =====<br />
<br />
In order to add a computer to a domain, FOG requires a username and password that has rights to the OU where the computer objects are stored in the domain tree. FOG attempts to keep your password secure by encrypting it, but since FOG is open source and the methods used to encrypt the password are open for all to see, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and it only needs to be done one time. <br />
<br />
===== The Development Environment =====<br />
<br />
The hostname change module is written in c#, so in order to recompile it you will need to download Microsoft's Visual Studio Express Edition for C#. This can be downloaded from: <br />
<br />
http://www.microsoft.com/express/vcsharp/<br />
<br />
Install Visual Studio with the standard options.<br />
<br />
===== Getting the Source =====<br />
<br />
After Visual Studio Express is installed now we need to get the source code for the hostname change module. This is part of FOG download/installation package. This package can be downloaded from:<br />
<br />
http://sourceforge.net/project/showfiles.php?group_id=201099 <br />
<br />
Extract this package, then navigate to "FOG Service\src\FOG_HostNameChanger\"<br />
<br />
Double-click on HostNameChange.sln to open the project. <br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > hostnamechanger properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Once the project has opened, on the right-hand panel, in the "Solution Explorer", double-click on MOD_HostNameChanger.cs.<br />
<br />
After do so, you should get the source code to display in the main panel, scroll down to the line:<br />
<br />
private const String PASSKEY = "FOG-OpenSource-Imaging"; <br />
<br />
Change '''FOG-OpenSource-Imaging''' to anything you like, just remember what you change it to, as you will need it later.<br />
<br />
Then click File -> Save All.<br />
<br />
Then click Build -> Build Solution.<br />
<br />
This will recompile the hostname change module with your unique key.<br />
<br />
Now navigate to "FOG Service\src\FOG_HostNameChanger\bin\Release"<br />
<br />
Copy only the file HostnameChange.dll to "FOG Service\src\FOG Service\bin\Release" (overwrite existing file).<br />
<br />
Navigate to "FOG Service\src\FOG Service\"<br />
<br />
Open the solution by double-clicking "FogService.sln"<br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > FOGService properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Change the build configuration from debug to release<br />
<br />
Right click on "FOG Service Install" and click "Build"<br />
<br />
Navigate to "FOG Service\src\FOG Service Installer\Release"<br />
<br />
Select the 2 files, right-click -> Send To -> Compressed Folder<br />
<br />
Copy the .zip file to your FOG Server "/var/www/html/fog/client". Overwrite the existing file.<br />
<br />
===== Encrypting Your Password =====<br />
<br />
Now that we have changed the passkey, we need you update the FOGCrypt ini file to use this new passkey. <br />
<br />
Navigate to the FOGCrypt\etc directory from the FOG download package.<br />
<br />
Open the config.ini file and change the passkey value to your new passkey, then save the file.<br />
<br />
Now open a command window and navigate using the cd command to the FOGCrypt directory.<br />
<br />
Type:<br />
<br />
FOGCrypt [password]<br />
<br />
Where [password] is the AD user's password that has rights to the Computers section of the AD tree.<br />
<br />
The output from this command is what you will enter in the FOG management portal.<br />
<br />
<br />
=== FOG Reports ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher. <br />
<br />
==== Overview ====<br />
<br />
FOG Reports allow you to export data from FOG in two major formats including CSV, and PDF.<br />
<br />
#'''Snapin Log''' - This report will report on snapin installation history. <br />
#'''Imaging Log''' - This report will report on images deployed to hosts.<br />
#'''Virus History''' - This report lists any viruses that were found on locate computers. <br />
#'''Inventory''' - This report will report on the inventory information collect for network clients. <br />
#'''Equipment Loan''' - This report can be used for equipment loaned to staff members. <br />
#'''User Login History''' - This report contains information about user logins.<br />
<br />
==== Running Reports ====<br />
<br />
Running a report can be done from the Reports section of FOG, then by picking a report from the left-hand menu.<br />
<br />
==== Importing User Created Reports ====<br />
<br />
The reporting section of FOG allows for the end user to create and upload custom reports into FOG. A FOG report is a simple php script that is processed by the server. To import a report simply click on the '''Upload a Report''' button in the reports section, select the report then click on the upload button. The report will then show up on the left-hand menu. <br />
<br />
Please be cautious when uploading reports from an unknown source as the writer of the report has full access to the FOG system and database! Make sure your sources are trustworthy before importing a report!<br />
<br />
==== Creating Custom Report ====<br />
<br />
Custom reports are simple php scripts in FOG. Custom reports can be created based on the following template:<br />
<br />
[http://freeghost.sf.net/other/ReportTemplate.tar.gz Report Template]<br />
<br />
<br />
<br />
=== Plugins ===<br />
*[[Plugins]] give FOG extra functionality wanted for some users but not all.<br />
<br />
=== Other Settings ===<br />
<br />
==== [[Boot Image Key Map]] ====<br />
<br />
==== FOG Client Kernel ====<br />
<br />
===== Overview =====<br />
<br />
In FOG, there aren't really drivers you need to find and download for your clients to work, this is because we ship a Linux kernel that has the majority of hardware device built into it. What this means is if you have a device that doesn't work with FOG you need to either build a new kernel yourself or try a newer kernel that has been released via our kernel updater.<br />
<br />
<br />
===== Kernel Types =====<br />
<br />
We currently build two "lines" of kernels, one called KS or KitchenSink. This kernel tries to include drivers for as many devices as possible, sometimes as the cost of performance, and this is the kernel that we ship with FOG by default. The other "line" is the PS kernel or the Peter Sykes kernel, which is a based on a config submitted by a user. This kernel line tries to be faster, but may not include as many drivers as the KS kernel. <br />
<br />
===== Updating the Kernel =====<br />
<br />
It is possible to update your client kernel from within the UI of FOG. To do this perform the following steps:<br />
<br />
#Log into the FOG Management UI.<br />
#Go to '''Other Information'''<br />
#Select '''Kernel Updates'''<br />
#Select the Kernel you would like to download, typically the newest kernels are on the top of the list.<br />
#Click the download icon<br />
#Select a file name for your kernel, to make it the default kernel leave the name as '''bzImage'''<br />
#Click the '''Next''' Button<br />
<br />
=== Mobile Management Interface ===<br />
<br />
==== Overview ====<br />
<br />
The FOG Mobile web interface is a very basic, stripped down interface for FOG. It is designed to be given to lower level technicians using low powered, mobile devices such as iPod touches, iPhone, PDAs, and internet tablets. The idea behind this interface is to make it easy for techs to re-image a computer while making the rounds at a site.<br />
<br />
==== Using the mobile Interface ====<br />
<br />
The mobile interface can be access via:<br />
<br />
http://x.x.x.x/fog/mobile<br />
<br />
The portal requires a valid user name in password, which can be created via the FOG portal. <br />
<br />
[[Image:Ipod login.JPG]]<br />
<br />
Once logged into the portal, users can search for hosts and image them, and view/cancel active tasks. <br />
<br />
[[Image:Ipod results.JPG]]<br />
<br />
[[Image:Ipod active.JPG]]<br />
<br />
They can not change image associations, nor modify any properties of a host.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Managing_FOG&diff=12627Managing FOG2020-02-27T10:06:14Z<p>SebastianRoth: /* Images */</p>
<hr />
<div>== Managing FOG ==<br />
<br />
=== Dashboard ===<br />
<br />
==== Overview ====<br />
<br />
[[File:Dashboard.png]]<br />
<br />
*The FOG dashboard is the first page you are presented with after login. This page just gives you an overview of what is happening on your FOG server.<br />
<br />
==== System Overview ====<br />
<br />
*The system overview box is the the top left hand box on this page. The information presented in this box is the current user, the server IP addresse or hostnames for your web server, tftp server and storage server (which can all be different). This section also gives you the system uptime or how long the system has been running without restart, the number of users logged into the Linux box, and lastly the system load.<br />
<br />
==== System Activity ====<br />
*The system activity box is in the top row, the middle box. This section shows the unicast queue, or the number of unicast deploys that are currently in progress. The queue size can change and is based on the the Storage Group(s). Each storage node has a setting ''Max Clients'' making this the maximum number of hosts that this node can image to. If there are 2 nodes with a max of 10 each then your maximum queue amount is 20. However, remember the more you increase the ''Max Clients'' the slower each particular host will be to deploy the image.<br />
*This means that after 20 hosts are receiving images (at once) the 21st will wait for one of the hosts in progress to complete before starting. The reason this was created was so that you could queue up 100 machines with different images (all unicast) and still keep the system functional. We have heard of this queue being used to re-image an entire building of computers ( ~ 1000+ ) overnight. This section updates in real time.<br />
*It will display all the queued, running, etc... tasks and updates at the same interval as the Bandwidth graph. Also, SVN installations (and later future releases) are able to edit which type of tasks get counted towards the "queue". <br />
*This edit can be performed by going to '''FOG Configuration'''[[file:Config.png]]--> '''FOG Settings'''--> '''General Settings''' --> '''FOG_USED_TASKS'''. <br />
*The text field is numeric values (so you'll need to know which task id's are which type. This text field is a CSV setup. If you type (1,2,3,4,5) it will display all tasks of Deploy, Capture, Debug, Memtest, and Testdisk as queued/active depending on their current state. The exception to this rule, is Task Type ID 8 (multicast) in which case it takes the Jobs, not each individual host task, as a queued slot.<br />
<br />
==== Disk Information ====<br />
<br />
*The disk information box is the top, right hand section of the dashboard page. This is a semi-realtime display of the storage remaining on the storage server.<br />
*There is also a drop-down box that can be changed to your storage nodes to monitor their Disk Information.<br />
*If you get an error in this box, please see [[Dashboard Error: Permission denied...]]<br />
<br />
==== 30 Day Imaging History ====<br />
<br />
*This image shows your imaging trends for the past 30 days<br />
<br />
==== Menu Bar ====<br />
<br />
[[Image:FogMenu.jpeg]]<br />
<br />
This menu appears at the top of every page on Fog's web UI. The icons are, from left to right:<br />
<br />
[[Image:Home.png]]'''Home/Dashboard''' - This is the home screen of the FOG management portal.<br />
<br />
[[Image:Users.png]]'''[[Managing_FOG#Users | User Management]]''' - Individual administrators of the FOG resources.<br />
<br />
[[Image:Hosts.png]]'''[[Managing_FOG#Hosts | Host Management]]''' - This section houses the hosts, which are the pcs to be imaged or to extract images from.<br />
<br />
[[Image:Groups.png]]'''[[Managing_FOG#Groups | Group Management]]''' - This section houses groups, which are similar PCS’ that need tasks done en-masse.<br />
<br />
[[Image:Images.png]]'''[[Managing_FOG#Images | Image Management]]''' - This section allows you to manage the image files stored on the FOG server.<br />
<br />
[[Image:Storage.png]]'''[[Managing_FOG#Storage_Management | Storage Management]]''' - This section allows you to add/remove storage nodes from the FOG system.<br />
<br />
[[Image:snapins.png]]'''[[Managing_FOG#Snap-ins | Snap-in Management]]''' - This section provides ways to automate various post-imaging tasks, not covered in this document<br />
<br />
[[Image:Printers.png]]'''[[Managing_FOG#Printers | Printer Management]]'''' - This section allows for management of printers, allowing you create printer objects that can later be assigned to hosts or groups.<br />
<br />
[[Image:Services.png]]'''Service Configuration'''' - This section allows you to control how the ''client'' service functions.<br />
<br />
[[Image:Tasks.png]]'''[[Managing_FOG#Tasks | Task Management]]''' - This section allow you to perform imaging tasks such as acquiring or deploying images.<br />
<br />
[[Image:Reports.png]]'''[[Managing_FOG#FOG_Reports | Report Management]]''' - Reports let you pull information from the FOG database either as HTML, pdf, or csv.<br />
<br />
[[Image:config.png]]'''Fog Configuration''' - The section has the rest of the settings that don't fit anywhere else like the kernel updater, client service updater, iPXE edits, MAC address list, Log viewer, '''FOG Settings'''.<br />
<br />
[[Image:Plugins.png]]'''[[Managing_FOG#Plugins | Plugins]]''' - Plugins add more functionality to FOG. Must be enabled in ''Fog Configuration''<br />
<br />
[[Image:Logoff.png]]'''Logoff''' - Click this to log off of the Fog web UI.<br />
<br />
<br />
----<br />
<br />
=== Hosts ===<br />
[[File:All_Hosts.png]]<br />
*[http://freeghost.sourceforge.net/videotutorials/hostinfo.html Video Tutorial] (old version but valid instructions)<br />
*A host in FOG is typically a computer, but it can be any network device. Hosts are used to identify a computer on the network and are used to manage the device.<br />
<br />
==== Adding a new host ====<br />
<br />
===== Method 1: Adding a new host via Full Registration =====<br />
<br />
*This is the preferred method, and maybe the easiest method for getting a host into the FOG database, but it requires you to visit the host. When at the client computer, during the boot up process when you see the PXE/iPXE boot menu select '''Perform Full Host Registration and Inventory'''. During this phase you will be prompted for information about the host like hostname, operation system, image, groups, Product Key, and other information. If you enter a valid operating system and image id, you will be asked to Image Now. If desired, you can set the task and it will deploy the image on the next network boot. <br />
*After the requested information is entered, FOG will pull a quick hardware inventory the client.<br />
*This method of registration will register the mac address(primary wired only), serial number(if available in BIOS), Make/Model, and other Hardware information with the FOG server.<br />
*For more information on these commands please see: [[FOGUserGuide#FOG_Tasks | Client Side Tasks]]<br />
<br />
===== Method 2: Adding a new host via Quick Registration =====<br />
<br />
*Quick registration is very much like the Full host registration, with the exception that it will not prompt you for any input, nor give you the option to image the computer directly from the registration screen. When the host is added to the FOG server, it will be named with the hosts primary mac address. This method is great for adding a lab of 30 computers to FOG quickly and easily.<br />
*This feature is disabled by default, to enable this feature:<br />
#Go to '''FOG Configuration'''[[image:config.png]]<br />
#Select '''FOG Settings'''<br />
#Find section '''FOG Quick Registration'''<br />
#Tick ON '''FOG_QUICKREG_AUTOPOP''' to &#10004;<br />
#Set '''FOG_QUICKREG_IMG_ID''' to the image ID you would like to use for all newly created hosts.<br />
#'''FOG_QUICKREG_OS_ID''' will be auto populated when "Save Changes" is selected. (OS is now associated within the image so no need to select an OS)<br />
#Change '''FOG_QUICKREG_SYS_NAME''' to what you would like to name you new machines, where * will be replaced by a number. If you would like to zero pad numbers you can use '''LAB300-**''' which would result with '''LAB300-03''' or '''LAB300-09'''.<br />
#Set '''FOG_QUICKREG_SYS_NUMBER''' to the first number you would like to use.<br />
*After each registration the computer will automatically image and the '''FOG_QUICKREG_SYS_NUMBER''' will incremented by 1.<br />
<br />
===== Method 3: Manually Adding =====<br />
<br />
*[http://freeghost.sourceforge.net/videotutorials/addimghost.html Video Tutorial]<br />
*Adding a new host can be done in the hosts section of FOG.[[Image:Hosts.png]] Then by clicking on the "Add New Host" button on the left hand menu. At least a hostname and a MAC address must be entered in order to add the host to the FOG database. <br />
<br />
*A host consists of the <span style="color:RED">'''required*'''</span> fields: <br />
<br />
#'''Hostname*''' - A string used for the Windows Hostname of client, this must be less than 15 characters long. <br />
#'''MAC address*''' - This field is used in for for a unique identifier for the host. The string must be separated by : (colon), in the format of 00:11:22:33:44:55. <br />
<br />
*Hosts can also include, but are not required:<br />
<br />
#'''IP address''' - Just your typical IP address, in the typical formation of X.X.X.X or 192.168.1.1.<br />
#'''Description''' - Information for your own reference.<br />
#'''Image Association''' - This field is a drop down box that will allow you select an image object created in the '''Images''' section. <br />
#'''Operating System''' - Drop down box that allow you to select the primary type of operating system running on this host.<br />
#'''Kernel''' - This is only used if you want to overwrite the default kernel used for FOG. Needs to be specified as fog/kernel/mybzImage<br />
#'''Kernel Arguments''' - This allow you to add additional kernel arguments for booting the host (ie: vga=6, or irqpoll). <br />
#'''Primary Disk''' - This option allows you to force a device to use during imaging if fog fails to detect the correct device node.<br />
*This page also allows for configuration of Active Directory integration, but this topic will be covered later. When all settings are added, click on the "Add" button.<br />
<br />
===== Method 4: Importing Host Information =====<br />
<br />
*When getting started with FOG, you need to enter the host information for the devices on your network. We understand this can be a long difficult process, so in order to make this process easier we created a page that allows you to import most of the host information from a CSV file. <br />
*The CSV file that is imported to FOG must be in the following format, and the file should not have a header row. <br />
<pre>MAC Address,Host name,IP Address,Description,OSID,ImageID</pre><br />
*The '''MAC Address''' (<span style="color:RED">'''required*'''</span>) is the NIC's MAC address seperated by ''':''' (colon).<br />
*The '''Host name''' (<span style="color:RED">'''required*'''</span>) is the computer's Host name (must be less than 15 characters, should not include underscores, according to [http://tools.ietf.org/html/rfc952 | Network Working Group ]).<br />
*The '''IP Address''' (<span style="color:Orange">'''Can be left as blank'''</span>)is the computer's IP address (format x.x.x.x). <span style="background-color:Yellow;">''This field is '''NOT''' currently used by FOG''</span><br />
*The ''''Description''' (<span style="color:Orange">'''Can be left as blank'''</span>)is any text description you would like associated with the computer.<br />
*The '''OSID''' (<span style="color:RED">'''required*'''</span>)is the number representing the operating system. It can be found in the table "supportedOS" in the field osID.<br />
*The '''ImageID'''(<span style="color:RED">'''required*'''</span>) is the number representing the images file linked to this image. The image definition must already exist and this number can be found in the table "images" in the field imageID.<br />
*<span style="background-color:Red; color:white;">The file must be saved as a CSV '''without''' a header row.</span><br />
*Sample:<br />
<pre><br />
00:00:02:AF:00:E0:01:0F,adminoff1,10.0.1.150,Main admin office computer,5,14<br />
00:00:02:AF:00:E0:01:04,adminoff2,,admin office 2 computer,5,13<br />
00:00:02:AF:00:E0:01:02,adminoff3,,,5,12<br />
</pre><br />
<br />
====== Importing the File ======<br />
#After the file is prepared and saved, you will need to log into the FOG Management Portal.<br />
#Then click on the Hosts icon [[Image:Hosts.png]].<br />
#On the left-hand menu, click on '''Import Hosts'''.<br />
#Browse for your file, then click "'''Upload CSV'''".<br />
<br />
==== Managing Hosts ====<br />
<br />
===== General =====<br />
<br />
*Once hosts have been added to the FOG database you can modify or delete them. Finding a host which you wish to edit can be done in two ways, the first is by listing all the hosts that exist. This is done by clicking on the "List All Hosts" button. The second way to locate a host is to use the search function. To search for hosts click on the "New Search" button, if you would like to search for all hosts you can enter a "*" or "%". The search function will search in the host's name, description, IP and MAC address. <br />
*Once a host is located, it can be edited by clicking on the edit button or on the Host Name itself. Clicking on the edit button will display all the properties that were shown during host creation with the addition of snapin, printers, active directory, service settings, hardware, virus history, and login information. <br />
*The entire host object can be removed from the FOG system by clicking on the delete option at the bottom of the Host Menu.<br />
<br />
===== Multiple MAC Address Support =====<br />
*When FOG first registers your HOST computer it uses the first connected Ethernet cable and defaults it to the Primary MAC Address. Once the FOG Client is installed and reporting data back to the FOG server it may register other additional MAC addresses, such as wireless and other wired connections. Also, an additional MAC can also be added directly under the Host definition.<br />
*These new MAC Addresses will need to be approved before FOG will take advantage of them.<br />
*#'''Host Management''' [[File:Hosts.png]]--> '''[Selected Host]''' -->''Additional MAC''<br />
*#'''Fog Configuration'''[[File:Config.png]]--> '''MAC Address List''' -->''Approve Pending Addresses''<br />
*'''Fog Configuration'''[[File:Config.png]]--> '''MAC Address List''' At this location you can also ''"Update Current Listings"'' giving updated information on the MAC Addresses and their manufactures, listing it under the Host.<br />
<br />
===== Host Status =====<br />
<br />
*Host Status displays an indicator icon next to the host within the FOG UI showing the status of the machine. This function executes a ping based on the host's name. So in order for this to work you must have an internal DNS server that is tied in with your DHCP server, so that when a DHCP address is given out, the DNS server is notified with the new IP. If that is setup correctly, you must make sure your FOG server is able to ping a host from the command line using:<br />
ping somehostname<br />
*If the server isn't able to ping the client, then the status of the host in the UI with always show as unreachable. If you can ping the client using the FQDN, like<br />
#Replace forproject.org with your domain suffix<br />
ping somehostname.fogproject.org <br />
*Then you will need to adjust the DNS '''Search domains:''' setting on your sever. After making this change you will need to restart the apache server for it to take affect.<br />
*If after this, you still can't ping your clients, the problem may be due to a firewall issue with the clients. In this case, client specific configuration changes might be needed.<br />
*With an increase in Hosts(250+) this "ping" will delay the loading of the List ''All Hosts'' page. Disabling this feature will help in loading this page.<br />
*# '''Fog Configuration''' [[File:Config.png]] --> '''Fog Settings''' --> '''General Settings''' --> Untick ''FOG_HOST_LOOKUP''<br />
<br />
===== Creating Host Groups =====<br />
<br />
*FOG allows you to create groups of hosts which then allows you to take action on a whole grouping of hosts. Hosts can be created either on the "List All Hosts" section or by doing a search for hosts. To create a group select the computer you would like to be member of the group by placing a check in the box next to the hostname, or by clicking the check all button in the title row. After the hosts are selected scroll to the bottom of the screen and then enter a name in the create to group box or select a group to add the hosts to. Then click on the "Process Group Changes" button.<br />
<br />
<br />
----<br />
<br />
=== Groups ===<br />
*Groups in FOG are used to organize your hosts into real world logical clusters. This is intended to ease management of the computers. A single host can be a member of infinitely many groups, so if a computer happens to be a member of the group called "Third Floor", it could also be a member of "Math Department", or "Dell PCs." Groups make using FOG possible for organizations with a very large number of PC's.<br />
<br />
==== Creating Groups ====<br />
*Groups are created in two sections:<br />
*#'''Group Management'''[[file:groups.png]] --> '''Create New Group'''<br />
*#Hosts section of FOG based on searches, for information on how to create groups, please see [[Managing_FOG#Creating_Host_Groups | Creating Host Groups.]]<br />
<br />
==== Managing Groups ====<br />
<br />
*After a group has been created, it can be managed from the groups section of FOG. Locating groups is very similar to locating hosts, you can either list all groups or you can search for groups. When searching for groups your search criteria is matched against the group name or the group description. Once a group is located it can be modified by clicking on the "Edit" button on the right hand side of the table or the Title of the group itself.<br />
<br />
*Under the section "Modify Group [Groupname]" there are options to change the group name, group description, group product key, or to delete the group. If you wish to update the group name or the group description make your change then click on the "Update" button within that section. If you would like to remove the group then simply click on the "Delete" button within this section.<br />
<br />
*As a reminder, when saving or updating settings for hosts Fog uses the last to save option. If you set all the hosts in this group to have ''Image A'' and then change ''Host A'' in that group to be ''Image B''. The group settings will not override the settings for ''Host A'', unless you go back to the group and set all hosts back to ''Image A''.<br />
<br />
===== Group Basic Tasks =====<br />
<br />
*This section will allow you to start a task on this group of hosts. From this section you can start any task to all hosts within the group. Multi-Cast is also available from here. Please review [[FOGUserGuide#Fundamental_Concepts | Fundamental Concepts]] to determine the required deploy task.<br />
<br />
===== Group Membership Setup =====<br />
<br />
*This page allows you to view/add/delete membership of the group. This section will list all of the members of the group and give you the option to remove members from the group.<br />
<br />
===== Group Image Associations =====<br />
<br />
*The groups page also allows you to update the image association for all the members of the group. This can be done in the "Image Association for [groupname]" section. Select the image association from the drop-down box and select "Update Images" and then all your host objects for that group will be modified.<br />
<br />
===== Group Snapins =====<br />
<br />
*You can add or remove snapins to all hosts in a group, but because the nature of groups, it is not possible to see what snapins are currently associated with a group. This is because the snapins are not directly associated with the group, the are associated with the host and it is possible for all members of the groups to have different snapins linked with each host. What fog does allow you to do is batch add a snapin to all the hosts within a group. At the same time you can batch remove a snapin from all the hosts within a group. This functions can be done via the '''Add Snapins''' and '''Remove Snapins''' button in the Group Menu.<br />
<br />
===== Group Service Settings =====<br />
<br />
*The '''Service Settings''' page allows you to enable or disable certain service modules on all hosts in the group, as well as change some service settings for group such as screen resolution, and auto log off settings.<br />
<br />
===== Group Active Directory Setup =====<br />
<br />
*Active Directory integration settings can also be distributed to all members of a group via this page. The section "Modify AD information for [groupname]" allows you to do so. This section provides the same options as the host screen but allows you to mass update all of your hosts.<br />
<br />
===== Group Printers =====<br />
<br />
*The '''Printers''' page allows you to add or remove printer associations to all hosts within the group. This page also allows you to set the management level all hosts within the group.<br />
<br />
===== Group Membership Information =====<br />
<br />
*The most important thing to remember about groups in FOG is that they do not contain their own properties. When you make changes to a group, you are really make changes to every host object within the group. For example, if you change the OS association for a group, then go back to the one of the host objects that is a member of that group, it will have the new OS association on that object.<br />
<br />
<br />
----<br />
<br />
=== Images ===<br />
<br />
*Image objects in FOG are the representation of the physical files that contain the disk or partition images that are saved on the FOG server.<br />
<br />
==== Creating Images Objects ====<br />
<br />
*Image objects in FOG are created in the Images section of the FOG management portal. To create a new image click on the "New Image" button on the left hand menu. An image object requires a name and a image file path. <br />
<br />
*When creating images you have a few choices in how you want that image to 'act'. The possible partition types include:<br />
Single Disk - Resizable<br />
Multiple Partition Image - Single Disk (Not Resizable)<br />
Multiple Partition Image - All Disks (Not Resizable)<br />
Raw Image (Sector By Sector, DD, Slow)<br />
<br />
*'''Single Disk - Resizable'''<br />
<br />
This is the detault choice used by FOG as it works in most cases and allows for deployment to smaller size disks as well. It takes a copy of every partition on the disk, and resizes partitions that has excessive free space to a smaller size where possible. Each resizable partition will go through a "Resizing filesystem" process for each partition that is to be resized. This process can take some time depending on how severe disk fragmentation is. The partitions that are shrank will be shrunk down to only 2GB of free space on their partition. This allows an image taken from a 6TB drive with only 20GB of used space to be deployable to a drive with a total capacity of 25GB roughly. When the partitions are laid onto the destination drive, all resized partitions are intelligently expanded to utilize the entire drive.<br />
<br />
*'''Multiple Partition Image - Single Disk (Not Resizable)'''<br />
<br />
If you don't need to deploy to a smaller size disk you might consider using this image type as it's less likely to cause an issue and image size on the server is still as small as with resizable image type. Single Disk will back up all the supported partitions on the first disk drive detected by FOG, but the partitions are NOT resized by FOG. This means that the image must be restored to a disk of the same or larger capacity. It is possible to backup NTFS drives with vendor specific 'restore' partitions with this type of image. As well it is possible to capture Linux systems with this type of image given the following criteria:<br />
1.) There is a Grub boot loader present.<br />
2.) LVM is not used.<br />
3.) The partitions include '''ext2''', '''ext3''', '''reiserfs''', and/or '''swap'''.<br />
4.) The swap partition should be moved out of the extended partition<br />
<br />
*'''Multiple Partition Image - All Disks (Not Resizable)'''<br />
<br />
This is what you should pick when you want all partitions from multiple disks to be captured. The partitions are NOT resizable by FOG. If you only wanted a particular partition captured or drive captured in a multi-drive system, you can define the disk or partition you want within a "Single Disk - Resizable" or "Multiple Partition Image - Single Disk (Not Resizable)" type image. This is done through the host's "General" area, in the "Host Primary Disk" field.<br />
<br />
*'''Raw Image (Sector By Sector, DD, Slow)'''<br />
<br />
This should always be the last resort. This takes an absolute exact copy of an entire disk and does not compress the data. If you take an image from a 6TB disk, the resultant image will be 6TB in size. This image type also takes a '''significant''' amount of time to capture and deploy.<br />
<br />
'''All of these images can be deployed using multi-cast or unicast to clients.'''<br />
<br />
==== Modifying Image Objects ====<br />
<br />
*Image object can be located either by a search or by listing all image objects.<br />
<br />
==== Adding Existing Image Objects ====<br />
<br />
*To restore an image to the FOG database:<br />
*# Create a new Image definition through the management browser<br />
*# Specify image name (SampleXPImage)<br />
*# Specify storage group (default)<br />
*# Specify image file path (SampleXPImage)<br />
*# Specify image type<br />
*# Log into the box hosting FOG, and move/rename your image to match browser input<br />
*# Create hierarchy if necessary. FOG, by default, puts images in /images/, so for the above example, you would need to create a folder structure like so: /images/SampleXPImage<br />
*# Drop your image file into the folder (be sure it's named the same as image name above)<br />
<br />
----<br />
<br />
=== Storage Management ===<br />
<br />
*The Storage Manager introduces the concept of '''Storage Groups.''' Basically, a storage group is a group of NFS servers that share images and share the load of computers being imaged. Any member of a storage group is referred to as a '''Storage Node.''' You may have as many storage groups as you wish and as many storage nodes within those groups as you wish. In each storage group, there is one storage node which is designated as the '''Master''' of that group. Basically, this '''Master''' node is the node where all image captures go, this node handles multicasting tasks for the group, and is the image replicator the for the group. This means that whatever images are stored on this node are what gets distributed to the entire group. <br />
<br />
*What this new system of storage management gives us is a distributed model for FOG which allows for more unicast transfers at a single time. We also gain data redundancy. We also take stress off of the main FOG server.<br />
<br />
*Below is a brief overview of Storage Groups<br />
<br />
[[Image:Nfsgroup.jpg]]<br />
<br />
*This image shows a single Storage Group and the flow of data within the group. The queue size of the system is the sum of the queue size of all the storage nodes within the system. So if you have 4 nodes each with a queue size of 10, then the queue size of the system is 40, which means 40 clients can be imaged (unicast) at one time. <br />
<br />
[[Image:StorageGroups.jpg]]<br />
<br />
*This image shows that it is possible to have multiple storage groups on your network, which are isolated from each other. This image also demonstrates, that captures always go to the master node and multicast session always send data from the master node. Images are pushed out from the master node of the group to all other members of the group.<br />
<br />
*'''Key Benefits'''<br />
*#Increased throughput<br />
*#Redundant Storage<br />
*#Scalability<br />
<br />
*Also see [[Knowledge_Base#Storage_Nodes | Storage Nodes]] for tutorials.<br />
<br />
==== Adding a Storage Node ====<br />
<br />
*Definition: Storage Nodes provide extra [http://www.fogproject.org/wiki/index.php?title=InstallationModes NFS/FTP storage space] which increases available throughput and redundancy within a network. They do not provide PXE, TFTP, or DHCP services at secondary sites. To enable additional PXE and TFTP services at secondary sites see this section: [[#Including_multiple_PXE_.2F_TFTP_servers|#Including multiple PXE / TFTP servers]]<br />
<br />
*Video Tutorial: http://www.youtube.com/watch?v=X72WthDGwsw&fmt=18 (old video but still valid infomation)<br />
<br />
*To add an additional storage node to the network, the computer should be prepared in the same way the main FOG server would be prepared (disable firewall, SELinux, etc). You can also safely mix operating systems for the nodes of you storage group, some nodes can be running fedora, and some can be running Ubuntu. It is important to update your storage nodes when you upgrade to a new version of FOG. Installation of a storage node is done with the same installer for a normal FOG server. Installation can be started by running the installer script, the steps are detailed below.<br />
<br />
*Surprisingly enough some users have actually gotten a Windows Storage node to work properly. See [[Windows_Storage_Node]] for more information on this.<br />
===== Installing the Node =====<br />
*To Install a node:<br />
*#Run the installation script, ./installfog.sh<br />
*#Select your operating system.<br />
*#When prompted for Server Installation Mode, select '''S''', for storage node.<br />
*#Enter the IP address of the storage node.<br />
*#Confirm you interface<br />
*#Then you will need to enter the IP address or host name of the node running the FOG database<br />
*#Then you will be prompted for a username (typically fogstorage)<br />
*#and a password that is located on the FOG server, that will allow the storage node to access the main FOG server's database. This information is located in the FOG management portal for convenience (on the main for server). It can be accessed via '''Other Information''' -> '''FOG settings''' -> section '''FOG Storage Nodes'''.<br />
*#You will then be prompted to confirm your installation settings, if they are correct press '''Y''' end hit '''Enter'''.<br />
*#When installation completes, the install will produce a username and password that will be needed to add the storage node to the FOG management portal. Username is "fog", password is in /opt/fog/.fogsettings<br />
<br />
===== Adding the Node to the Management Portal =====<br />
*To Add a Node<br />
*#Log into the FOG Management Portal<br />
*#Navigate to the '''Storage Management''' section.<br />
*#Click on '''Add Storage Nodes'''.<br />
*#For the '''Storage Node Name''', enter any alpha numeric string to represent the storage node. <br />
*#Enter any description you wish<br />
*#Enter the IP address of the storage node you are adding. This must be the IP address of the node, DO NOT use a hostname here or the node will not function correctly. <br />
*#Enter the maximum number of unicast clients you would like this node to handle at one time. The value that we recommend is 10. <br />
*#Is Master Node is a very dangerous settings, but for right now leave it unchecked, for more details please see: [[#Master Node Status]].<br />
*#Next, select the storage group you would like this member to be a part of, in our example we will pick '''Default'''<br />
*#Next, specify the image location on the storage node, typically '''/images/''', your image location should always end with a '''/'''.<br />
*#Next, you will want to check the box, to enable the node.<br />
*#The last two fields take the username and password that are generated during the installation of the storage node. username is "fog", password is in /opt/fog/.fogsettings<br />
*#Then click '''Add''' to have the node join the storage group.<br />
<br />
==== Monitoring The Master Node ====<br />
<br />
*On all storage nodes there is a new service (as of version 0.24) called FOGImageReplicator which is a very basic script which, if the node is the master, copies all of its images to all other nodes in the storage group. The coping is done every ten minutes by default, which means your images are NOT instantly duplicated to all nodes. <br />
<br />
*If you would like to view the status of the image replication, you can do so on the storage node by switching to tty3, by typing ctl + alt + f3. Output is also logged to a file in the '''/opt/fog/log''' directory.<br />
<br />
*FOGImageReplicator logs are also located in [[File:Config.png]] '''Fog Configuration''' --> '''Log Viewer''' --> '''FILE: [Select Image Replicator]'''<br />
<br />
==== Master Node Status ====<br />
<br />
*The '''Master Node''' (could be the server or a particular node) in a storage group is the node that distributes images files to all other nodes in the storage group.<br />
<br />
*If you have all your images distributed across 3 nodes in a storage group, '''if you add a new storage node that has no images stored on it, making that node master will cause it to take over and push it's image store of nothing to all other nodes, wiping out all of your images'''. So it is important to be very careful and backup your images when you change a node's master status.<br />
<br />
*Notes - You '''can''' have many storage nodes in a storage group. You '''can''' have one master storage node in a storage group. You '''can not''' have more than one master storage node in a storage group. You '''must have''' one master storage node for replication to take place to other nodes in the group. '''If''' a master storage node is set, all captures '''first''' go to the master storage node of the storage group the image is assigned to; and are '''then''' replicated to other storage nodes.<br />
<br />
==== Including multiple PXE / TFTP servers ====<br />
<br />
*A traditional Master Storage Node, [[#Adding_a_Storage_Node|as described above]] only provides File Storage redundancy. While this can help increase multicast throughput on a single network, all the machines under FOG management must be within the same subnet/VLAN so that DHCP broadcast requests can be directed to the Main server. (see note below)<br />
<br />
*<pre>'''Note:''' depending on the network, it may be possible to configure [http://en.wikipedia.org/wiki/UDP_Helper_Address iphelper] to forward packets to the Main FOG server</pre><br />
<br />
*The following instructions are intended to help configure additional Storage Nodes to operate independently on separate networks, while still syncing with and taking commands from a single Main FOG server.<br />
<br />
*Click here for instructions on setting up [[Multiple_TFTP_servers|multiple PXE / TFTP servers]]<br />
<br />
=== Users ===<br />
<br />
==== Overview ====<br />
<br />
*FOG has only two levels of users, '''regular''' users and '''mobile''' users. Regular users have access to the mobile portal and the full management portal. Mobile users have access to only the mobile management portal and Quick Image functions.<br />
<br />
==== Creating Accounts ====<br />
<br />
*All accounts are created under the "Users" section of the FOG portal. To create a new account click on the "New User" button on the left hand side of the page. All accounts must have a unique username, and a password. After filling in the required information click on the "Create User" button.<br />
<br />
==== Modifying Users ====<br />
<br />
*FOG accounts can be modified from within the users section. First you must locate the account you wish to modify by clicking on the "List all Users" button on the left hand side of the page. When a user is located, click on the edit button on the right hand side of the table.<br />
<br />
=== Tasks ===<br />
<br />
==== Overview ====<br />
<br />
*Tasks are all the actions that you can take on a computer, and in FOG there a numerous tasks that can be done including:<br />
<br />
*Deploy (Unicast)<br />
*Capture (Unicast) <br />
*Deploy - Multicast <br />
*Debug<br />
*Memory Test<br />
*Test Disk<br />
*Disk Surface Test<br />
*Recover (File Recovery)<br />
*Hardware Inventory<br />
*Password Reset<br />
*Deploy All Snapins<br />
*Deploy Single Snapin<br />
*Wake-Up<br />
*Deploy - Debug (Unicast)<br />
*Capture - Debug (Unicast)<br />
*Deploy - Without Snapins (Unicast)<br />
*Fast Wipe<br />
*Normal Wipe<br />
*Full Wipe<br />
*Virus Scan<br />
*Virus Scan - Quarantine<br />
*Donate<br />
*Torrent-Cast<br />
<br />
<br />
In the tasks section of FOG you can perform tasks on single hosts or groups of hosts. This section also allows you to monitor selective tasks, and stop/cancel tasks.<br />
<br />
==== General Tasks ====<br />
<br />
The general/common Tasks in FOG include unicast image capture, and unicast image send, as well as a multicast image send. In FOG, sending an image to the server is considered an image capture, and deploying an image to the client is called a send. Both of these tasks can be started directly from the search, list all hosts, and list all groups pages. <br />
<br />
To perform a simple image capture, click on the upward facing arrow next to the host. Captures are only possible on a host, not a group. Capturing an image will also overwrite any image file that may already exist for that host without any notification or confirmation.<br />
<br />
Please note that capturing images of Windows Vista and Windows 7 requires special command to be run on the clients prior to image capture. Please see [[What do I have to do to an image before capturing?]] for more details.<br />
<br />
For a video demonstration of an image capture, please see: http://www.youtube.com/watch?v=jPPZr0abVfg&fmt=18<br />
<br />
To perform a simple image send, click on the downward facing arrow next to the host. An image send can be done on a host or a group. When sending an image to multiple computers FOG works in queue mode, which means that it will only send to 10 (by default) computers at one time. This is done to keep the server from being overworked. As soon as the a machine finishes, another from the queue joins.<br />
<br />
To perform a multicast image send you must search for a group of hosts on the "Task Management" page. Multicast tasks can only be performed on a group of hosts. Multicast tasks will send to all the computers in the group at once, and the task will not start sending until all members of the group have connected with the server. After starting a multicast task, status can be view by clicking on [ctl]+[alt]+f2. A log is also kept for multicast transfers which is stored at /opt/fog/log.<br />
<br />
==== Advanced Tasks ====<br />
<br />
The advanced Tasks in FOG include everything that is not a simple capture, simple deploy or mutlicast deploy. <br />
<br />
=====Debug=====<br />
<br />
Debug mode boots the linux image to a bash prompt and allows the user to issue all commands by hand. <br />
<br />
=====Capture - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to capture the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to send the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Without Snapins)=====<br />
<br />
This task does a normal send task with the exception that if any snapins are associated with the host, they are not deployed to the host. <br />
<br />
=====Deploy All Snapins=====<br />
<br />
This task will send all the snapins associated with a host to the host without imaging it.<br />
<br />
=====Deploy Single Snapin=====<br />
<br />
This task will send a single snapin that is associated with the host to the host without imaging it. (Note: The snapin must be associated with the host already)<br />
<br />
=====Memory Test=====<br />
<br />
Boots to Memtest86, a memory testing tool. This a task will not exit with out user intervention at the client side. The task must also be manually stopped via the management front end.<br />
<br />
=====Wake Up=====<br />
<br />
Wakes up host or group of hosts using Wake-on-Lan. <br />
<br />
=====Fast Wipe=====<br />
<br />
This task does a quick and dirty wipe of the drive. This task writes zeros to the first ~40MB of the disk. This task should NOT be used if you don't want your data to be recoverable. <br />
<br />
=====Normal Wipe=====<br />
<br />
This tasks writes random data to the entire surface area of the disk. <br />
<br />
=====Full Wipe=====<br />
<br />
This tasks writes random data, multiple times to the entire surface of the disk. <br />
<br />
=====Disk Surface Test=====<br />
<br />
This task will look for bad blocks on the hard disk and report them back to the client console. <br />
<br />
=====File Recovery=====<br />
<br />
This task will load an application that can be used to recover lost files from the hard disk. <br />
<br />
=====Virus Scan=====<br />
<br />
This task will update and load ClamAV and scan the partition for viruses. It will either scan and report or scan and quarantine files, it will also report back to the management portal with the results of the scan.<br />
<br />
=====Hardware Inventory=====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/InventoryUpdate.swf.html Video Tutorial]<br />
<br />
The hardware inventory task will execute the same task as the fog.reginput client side task. Since the host is already registered, all it will do is update the computers inventory and restart. It is visioned that this task could be run on a regular interval on a group of all computers in your network, or some sub group of computers in your network. Then on the next reboot of those computers an inventory would be performed.<br />
<br />
==== Scheduling ==== <br />
<br />
As of version 0.27 of FOG, select tasks can be scheduled using a static date/time combination or using a cron style repetitive task scheduling. Task scheduling can be performed on either single hosts, or on groups of computers. One thing to note about task scheduling that isn't intuitive is that it '''requires an image to be associated with the host, even for non-image based tasks!''' The reason for this is because tasks are only run on the master storage node associated with that host, and the only way to tie a storage node to a host is via an image. We did this to prevent multiple storage nodes to try running the same task for a specific host. <br />
<br />
===== Single Execution Scheduling =====<br />
<br />
Single task execution will run a task at a single date and time, then the task will be discarded. To scheduled a single execution task, you would go to the tasks section of fog, then select the host or group you would like to schedule the task, then select the task you would like to schedule. You will then be presented with the screen show below.<br />
<br />
[[Image:Sched.png]]<br />
<br />
To schedule a single execution task, click on white text box below "Schedule Single Task Execution?" and a pop up calendar will load and allow you to select your date and time for the task. Click on the date to close the calendar, then start you task. <br />
<br />
===== Cron Style Task Scheduling =====<br />
<br />
Cron style task execution allows you to do complex repetitive task scheduling. After a cron task executes, it is not removed, as single executions tasks are. Cron style tasks, as the name suggests are similar to the Linux cron task scheduler format. Cron style tasks are created as single execution tasks are, except when presented with scheduling options, select the option "Schedule Cron Style Task Execution". Below that check box are a series of text boxes including:<br />
<br />
min -> Minute [00-59]<br />
hour -> Hour [00-23]<br />
dom -> Day of Month [01-31]<br />
month -> Month [01-12]<br />
dow -> Day of Week [01-07] (Sunday ==> 0, Saturday ==> 6)<br />
<br />
To give an example of how this works, if you wanted a capture task to run at '''10:00pm everyday''' you would enter the following:<br />
<br />
0 22 * * *<br />
<br />
This basically says run the task a '''0''' minutes into the hour, on the '''22nd hour (10:00pm)''', on '''every day of the month''', on '''every month of the year''', on '''every day of the week'''.<br />
<br />
To take this example further, lets say you only wanted to capture the image '''every other day''', we could do this by adding:<br />
<br />
0 22 */2 * *<br />
<br />
The '''*/2''' now tells the scheduler to only run on '''even days of the month'''. <br />
<br />
We could even ask the scheduler to only do a backup on '''even weekdays''' by adding:<br />
<br />
0 22 */2 * 1-5<br />
<br />
The 1-5 we just added says only run on days 1 through 5, which relate to Monday - Friday.<br />
<br />
Now we will ask the scheduler to only backup in the month of February.<br />
<br />
0 22 */2 2 1-5<br />
<br />
Another basic example could be if you wanted to run an inventory update on the first of every month you could use:<br />
<br />
30 1 1 * *<br />
<br />
This task would then run at '''1:30''' on the '''1st of every month'''.<br />
<br />
<br />
The FOG scheduler doesn't support 100% of the operations that cron supports, below are the operations that are supported:<br />
<br />
4 - Listing a static number<br />
4,5,6,7 - Listing a group of numbers<br />
4-7 - ranges of numbers <br />
4-7,10 - ranges and lists<br />
*/5 - * divided by a number<br />
* - Wildcard<br />
<br />
For more information on cron please see http://en.wikipedia.org/wiki/Cron<br />
<br />
=== Printers ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher.<br />
<br />
==== Known Issues ====<br />
<br />
Setting of the default printer will only work if the fog tray icon is running.<br />
<br />
==== Overview ====<br />
<br />
The printers section of FOG allows you to create printer definitions that you can later associate with hosts. The FOG service looks at these associations and during service it will attempt to install any printers listed. This service has three settings which define how the printers are managed, printer management can be set to:<br />
<br />
<ul><br />
<li>No Printer Management</li><br />
<li>Add Only</li><br />
<li>Add and Remove</li><br />
</ul><br />
<br />
All hosts default to '''No Printer Management''' which means that the FOG service does nothing to the hosts printers. '''Add Only''' does as the name implies, and will only add printers to the host machine, it will not remove any existing printers that may be installed. '''Add and Remove''' will take full control of the hosts printing system and only allow for the printers that are specified by the FOG management console to exist on the host. <br />
<br />
==== Adding New Printers ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf Video Tutorial]<br />
<br />
In order for the printer to be added to the host computer, the printer drivers must be stored in a public area, or included on the host computer. This public area can be a Novell Network share where public has read-only access, a Windows share that is public read-only to everyone, or a Samba share (possibly residing on the FOG server) that is public read-only to everyone. This share must be accessible via a UNC path as the service may attempt to install the printers before drive mapping occurs. In this share the printer drives and .inf file must exist. FOG supports install IP based (Jet-Direct) printers, public access NDS printers, Local printers, windows share based printers, (and we think, but could use a confirmation as it hasn't been tested) AD based printers. <br />
<br />
If you wish to see what printers are included with Windows XP, navigate to c:\windows\inf\ntprint.inf. Open this file with a text editor and you will be able to install all the printers listed using the ntprint.inf file. <br />
<br />
To create a new printer definition click on the Printer icon on the system menu bar. Then on the left hand menu, click on '''Add New Printer'''. The form you are presented with will require you to enter:<br />
<br />
<ul><br />
<li>'''Printer Model''' - This must match the name in the INF file.</li><br />
<li>'''Printer Alias''' - This can be anything you wish and it is what the end user will see.</li><br />
<li>'''Printer Port''' - This is something like '''LPT1:''', or '''IP_1.1.1.2'''.</li><br />
<li>'''Printer INF File''' - This is the path to the INF file for the printer driver.</li><br />
<li>'''Printer IP''' - (optional) This is ip address of an IP based printers only, this can take the form of '''1.2.3.4:9100''' or '''1.2.4.5'''. If the port doesn't exist already, it will create one named ''' IP_x.x.x.x''', where x.x.x.x is the ip address. That is what should be entered in the port field.</li><br />
</ul><br />
<br />
After all the required information is entered, click on the '''Add Printer''' button.<br />
<br />
==== Linking Printers to Hosts ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf.html Video Tutorial]<br />
<br />
Linking printers to hosts can be done from either the hosts section or the groups section. In the hosts section find the host you would like to add a printer to, click on the edit button associated with that host. In the host menu, click on the '''Printers''' button. First select how you would like the host to be managemed, either '''No Printer Management''', '''Add Only''', or '''Add and Remove'''. Then in the section below, select the printer you would like to install from the drop down list and click on the '''Update''' button.<br />
<br />
==== Creating a Samba Based Printer Store on FOG ====<br />
<br />
If you do not have a public sever where you can store your printer drivers for the FOG Printer Manager, then it is very easy to set one up on the FOG server using Samba, so all your Windows Clients will be able to connect.<br />
<br />
[[Creating a Samba Based Printer Store on FOG]]<br />
<br />
=== The FOG Client Service ===<br />
<br />
<font color="red">Note:</font> Most of the things here about the FOG Client service apply to the legacy FOG client that came with FOG versions 1.2.0 and older. FOG 1.3.0 now comes with a new FOG Client. Details on this can be found here: [[FOG Client]]<br />
<br />
==== Overview ====<br />
<br />
The FOG Client Service is a Windows Service that is intended to be installed on the client computers during the image creation process. The FOG service communicates with the FOG server to provide certain service to the client computers including:<br />
<br />
<br />
*Auto Log Off (0.16)<br />
*Hostname Changes<br />
*Active Directory Integration<br />
*Directory Cleaner (0.16)<br />
*Display Manager (0.16)<br />
*Green FOG (0.16)<br />
*Host registration<br />
*Task Restarting<br />
*Snapin Installation<br />
*User Tracker<br />
*Printer Manager<br />
*User Cleanup (0.16)<br />
*Client Updater<br />
*User Tracker<br />
<br />
==== Module specific configuration settings ====<br />
<br />
The FOG Client Service is very modular in nature, which means you can install portions of the services provided, and leave off others. This also means that it is very easy to create new sub services if you know a little C#. All configuration data is held in a local INI file. Which is typically stored in <br />
<br />
c:\program files\fog\etc\config.ini<br />
<br />
This file holds, in the general section:<br />
<br />
<ul><br />
<li>FOG Server IP address</li><br />
<li>FOG Service installation root</li><br />
<li>FOG Service working directory</li><br />
<li>FOG Log file path</li><br />
<li>Flag indicating if GUI messages should be displayed</li><br />
<li>The max log file size</li><br />
</ul><br />
<br />
==== Installation ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/FogServiceInstall.swf.html Video Tutorial]<br />
<br />
The FOG service should be installed on the computer to be imaged before capturing the image to the FOG Server. <br />
<br />
The FOG service is located in the '''FOG Service/bin''' directory or if the FOG server is already installed it can be downloaded from:<br />
<br />
http://[serverip]/fog/client/<br />
<br />
Double-click on the '''setup.exe''' to start the installation wizard. At the end of the wizard you will need to enter the IP address or hostname of your FOG server.<br />
<br />
[[Image:fogservice.jpg]]<br />
<br />
Then restart the computer, if you don't restart the computer you will have issues with the service GUI appearing correctly.<br />
<br />
===== Quiet Installation =====<br />
<br />
As of version 0.29 and higher, the FOG client now supports a quiet installation mode. This can help automate deployments, by allowing the command to be run without user interaction from batch files. To do this the setup.exe file must be run from the command line with the arguments '''fog-defaults=true /qb'''.<br />
<br />
So the full command would be:<br />
<br />
setup.exe fog-defaults=true /qb<br />
<br />
==== Functions and Operation ====<br />
<br />
=====Auto Log Out=====<br />
<br />
Added in Version 0.16<br />
<br />
This module of the FOG Service will log a user off of a client pc after X minutes of inactivity. This module will display a screen saver-like GUI after 3/4 of the inactive time is up. So if the time out value is 40 minutes, the GUI will be displayed at 30 minutes of inactivity. When the time is up, the client computer will reboot. This service module can be configured via the management portal via:<br />
<br />
FOG Service Configuration -> Auto Log Out<br />
<br />
To enable the module globally, place a check in the box next to '''Auto Log Out Enabled?'''. The time to auto log off can changed globally via '''Default log out time:''' The minimum recommended value for this setting is 4 minutes. <br />
<br />
The background image for the auto log off module can be modified via:<br />
<br />
Other Information -> FOG Settings<br />
<br />
The settings can be changed by modifying the value for '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE'''. This settings will accept a jpg file that is local to the client computer like: <br />
<br />
c:\images\image.jpg<br />
<br />
This setting will also accept files located on a web server such as:<br />
<br />
http://www.somedomain.com/image.jpg<br />
<br />
Provided with FOG is a simple php script that will display a random images that is located on the FOG server. To use this option set '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE''' to <br />
<br />
http://x.x.x.x/fog/public/randomimage.php<br />
<br />
Then simply put the images you would like to use in the following directory on the fog server:<br />
<br />
/var/www/html/fog/public/imagepool<br />
<br />
Images used for the auto log off module must be in jpg format, and must be 300px by 300px.<br />
<br />
=====Hostname Changer=====<br />
<br />
This module of the FOG Service is used to change the hostname of the client computer and to allow the client to (optionally) join a Active Directory Domain after imaging. This process only runs shortly after service startup, which means typically only when you start your computer. The service communicates with the FOG server over port 80 and determines the hostname that is present in the FOG database for the host. The hosts are matched to the FOG database by their MAC addresses. If the hostnames are found to be different, the client changes the computers hostname and restart the computer.<br />
<br />
The config.ini file contains configuration options for this module. <br />
<br />
netdompath=<br />
<br />
Allows you to set the path to the netdom.exe file. In some cases the file does not exist on the system. It can be downloaded from: [http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=de Microsoft Download Center]<br />
<br />
=====Host Register=====<br />
<br />
As of version 0.29, this module will only add additional mac address to a host that is already registered, and add them to the pending mac address table, where they need to be approved in the FOG UI.<br />
<br />
=====Task Reboot=====<br />
<br />
This module periodically checks in with the FOG server to see if the client has an imaging task assigned to it. If a task is found AND no one is logged into the workstation, then the client will restart and join the task.<br />
<br />
The config.ini file contains configuration options for this module. As of version 0.13 of FOG you can change:<br />
<br />
forcerestart=0<br />
<br />
to<br />
<br />
forcerestart=1<br />
<br />
This will make the computer restart if a task is found, regardless of whether a user is logged into the computer.<br />
<br />
You can change how often the service will check in with the server by changing:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins.<br />
<br />
=====Directory Cleaner=====<br />
<br />
Added in version 0.16<br />
<br />
This module will clean out (delete) the contents of a directory on user log off. This useful when you don't want any settings cached between users. This module will only delete the contents of a directory and not the root directory itself, so if you specify '''c:\trash''', the service will remove all files and folders located within c:\trash but leave the folder c:\trash.<br />
<br />
=====Display Manager=====<br />
<br />
Added in version 0.16<br />
<br />
This module is used to restore screen resolution between clients. This will restore a fixed resolution and refresh rate when a user logs into a computer.<br />
<br />
=====Green FOG=====<br />
<br />
Added in version 0.16<br />
<br />
This module will simply shutdown/restart the client computer at a fixed schedule if no user is logged in. The schedule can be defined via the management portal. <br />
<br />
=====Snapin Client=====<br />
<br />
This module periodically checks in with the FOG server to see is the client has an snapin set to be deployed to it. If a snapin is found AND no imaging task is associated with the client, then the client will download the snapin and install it in the background.<br />
<br />
The configuration file contains settings for this module including:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins. It is important to note that currently the fog client will wait 5 minutes when first connected / established before it starts checking and installing any snapins from the server.<br />
<br />
=====User Tracker=====<br />
<br />
This module attempts to track user access to the host computer by the Windows user name. It attempts to track logins and logoffs as well as well as the state of the computer at service startup. The service will even attempt to track users when they are not on the network by writing all entries to a journal file, then replying the journal the next time the client is on the network.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====User Cleanup=====<br />
<br />
This module will remove all users not white listed in management portal on log off. This module is useful when using services like dynamic local user. All entries in the management white list are treated as prefixes to usernames, which means that they will white list all users that start with whatever was entered in the management front end. For example, if you enter '''admin''' in the management white list, then users '''admin''', and '''administrator''' will NOT be removed from the computer.<br />
<br />
=====Printer Manager=====<br />
<br />
This module checks on service startup to see what printers should be installed/removed from the client PC.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====Client Updater=====<br />
<br />
This module waits (randomly) between 60 and 500 seconds after service startup to check the local fog server for client updates, and if any are found the service will download and install them. Updates will NOT take effect until after the service is restarted.<br />
<br />
There are no configuration settings for this module.<br />
<br />
==== Keeping Clients up to date ====<br />
<br />
===== Overview =====<br />
<br />
As of version 0.12 of FOG, we have included a client updater module. This module is no different from any of the other sub service modules. This service waits anywhere between 60 and 500 seconds after the FOG service starts up, and then attempts to check with the server for newer FOG service modules. If new modules are found the client will download them, and they will be active on the NEXT service startup. These modules are controlled from the FOG Management Console. <br />
<br />
Only certain modules can be updated, only those that are a sub class of AbstractFOGService. This means you should '''NEVER''' attempt to update the FOGService executable (FOGService.exe file), or the AbstractFOGService.dll file. It is recommended that you not update the ClientUpdater.dll, because if the ClientUpdater.dll file becomes corrupt or not functional, your clients will not be able to update from that point on. Below are a list of the .dll files that can be updated.<br />
<br />
<ul><br />
<li>UserTracker.dll</li><br />
<li>TaskReboot.dll</li><br />
<li>SnapinClient.dll</li><br />
<li>PrinterManager.dll</li><br />
<li>HostRegister.dll</li><br />
<li>HostnameChange.dll</li><br />
<li>GUIWatcher.dll</li><br />
<li>ClientUpdater.dll</li><br />
<li>config.ini</li><br />
</ul><br />
<br />
Care must also be taken when updating the config.ini file, if the IP address is incorrect or the syntax of the file is incorrect, it could leave the FOG service crippled on the client computers.<br />
<br />
===== Posting Updates =====<br />
<br />
To add new modules that can be pushed down to clients, first install a client with the new service or new module and confirm that it works as you would like. Log into the FOG management console, then go to the Infomation/Misc section (the little "i" icon). Click on '''Client Updater''' on the left-hand menu. Now click on the browse button to select the module (.dll) file you would like to post, then click on the capture button. After capturing the file should appear in the table above. If you are adding a new module, you will probably want to capture a new config.ini file to include new configuration settings required by that new module.<br />
<br />
==== FOG Tray ====<br />
<br />
The FOG Tray is a Windows application that runs on user login that docks in the system tray. The FOG Tray, like the FOG service, is very modular in nature. New modules can be dropped in the FOG tray directory and on next load they will be loaded. This tray icon has the ability to communicate with the FOG service, this allows FOG more interactivity with the end-user. <br />
<br />
What happens is that when the FOG service's printer manager module gets a request to set a default printer, the service attempts to contact the FOG Tray. If communication is established, then the service will ask the tray to set the default printer. On the other hand the end user can right click on the "F" icon in the system tray, then select printers, then update my printers. What this will do is attempt to send a request from the FOG Tray to the FOG Service and have the service check for printer updates (new printers or printers to be removed). If one is found the service will install any new printers assigned in the FOG Management portal.<br />
<br />
This application is in its very early stages and currently doesn't have a lot of functionality. It is currently only used to allow end users to update their printers and to allow the setting of default printers (from the FOG service). Our vision for the FOG Tray is to add modules that would allow users to install printers that are published as public (via the management portal) without the printer being directly assigned to their host. We would also like to do the same thing for snapins where some of your snapins could be defined as public where anyone could install them on their computer.<br />
<br />
==== Troubleshooting ====<br />
<br />
If you have problems with the FOG Service, please refer to the log file that is located at:<br />
<br />
c:\fog.log<br />
<br />
If the PXE boot does not work<br />
<br />
If booting from the fog server through pxe comes up with an error file not found, edit /etc/default/tftpd-hpa<br />
<br />
Change TFTP_DIRECTORY to<br />
<br />
TFTP_DIRECTORY="/tftpboot"<br />
Then<br />
<br />
/etc/init.d/tftpd-hpa restart<br />
<br />
=== Snap-ins ===<br />
<br />
==== Overview ====<br />
<br />
*The FOG Service has the ability to install snapins to the clients. Snapins can be anything from whole applications like Microsoft Office to registry keys or desktop icons. Snapins can even be used to uninstall applications or remove unwanted files. For the end use's point of view, they will not even noticed that a snapin is being installed until it is complete. At this point a message will notify them that a new application has been installed on their computer. Snapins can be in MSI (0.17) or EXE formats, and can be created with any snapin creation tool like InstallRite or already packaged MSI files (0.17). You can also push commands to the computer that include .vbs scripts / .cmd (commands) and .bat (batch scripts).<br />
<br />
*Snapin return codes are specified by the program that's being installed.<br />
<br />
<br />
==== Creating a Snapin / Overview ====<br />
<br />
FOG doesn't provide a tool to create snapins, but instead allows you to push files and execute them on the remote computers. It is highly recommended that you push the actual installer to the computer instead of using a program such as InstallRite. <br />
<br />
If you have never silently installed software to a computer, or created an answer file for a program please look at the website Appdeploy [http://www.appdeploy.com/articles/ Link] This website has an trove of information on how to push software to a computer remotely.<br />
<br />
===== Creating a Snapin for larger applications with SFX Maker =====<br />
<br />
Some larger applications such as Microsoft Office and Adobe Products (Acrobat / Creative Suite) require multiple files to install properly. If you have an application that is not a single .exe please use SFX Maker. This tool is free for non commercial use, and most programs fall under the GPL. [http://www.isoft-online.com/ SFX Maker's Website]<br />
<br />
For instructions on how to use this software please see the youtube videos below.<br />
<br />
[http://www.youtube.com/watch?v=ZSMJLnRjn94 Office 2003 Install]<br />
[http://www.youtube.com/watch?v=Qzc1Q9NW_cE Office 2007 Install]<br />
<br />
SFX Maker takes an entire folder and encapsulates it or "folds" it into a single .exe which then "unfolds" to its original state and launches a file or command.<br />
<br />
===== Creating a Snapin with InstallRite =====<br />
<br />
If for some reason you do wish to use Installrite please be aware it comes with issues and limitations (not compatible on all windows operating systems / can cause issues with the computer it is pushed to). Below is an example of how to build a package with that software<br />
<br />
In this example we will use Epsilon Squared's InstallRite which can be downloaded from http://www.epsilonsquared.com/installrite.htm. This application will package up your snapin as an exe file which will be uploaded to the FOG server. <br />
<br />
<ol><br />
<li>To run InstallRite navigate to c:\program files\Epsilon Squared\InstallRite\InstallRite.exe</li><br />
<li>Click on "Install new software and create an InstallKit"</li><br />
<li>On the Configure screen, click Next.</li><br />
<li>On the Snapshot screen click next to create a new system snapshot.</li><br />
<li>On the next screen,click the browse button to select the application you wish to install, then click next.</li><br />
<li>When installation is complete InstallRite will come into focus, click the next button. InstallRite will scan your system again.</li><br />
<li>Enter a name for your snapin.</li><br />
<li>Click "Build Install Kit"</li><br />
<li>Select "Quiet Installation Mode", Never reboot, even if needed, and "Never prompt the user and only overwrite older files"</li><br />
<li>Click OK and it will build your snapin.</li><br />
</ol><br />
<br />
==== Preparing the FOG Server ====<br />
<br />
If your snapin is larger than 2MB you will need to make two changes to the FOG server to allow uploads of larger than 2MB.<br />
<br />
See also: [[Troubleshoot Web Interface]]<br />
<br />
===== Fedora =====<br />
<br />
<br />
#On the FOG Server click on Applications -> Accessories -> Text Editor.<br />
#Select Open and navigate to "/etc/php.ini"<br />
#Change UPLOAD_MAX_FILESIZE to 1900MB (On a 32Bit OS don't set this value above 2GB)<br />
#Change POST_MAX_SIZE to the same value.<br />
#Save and close the text editor.<br />
#Click on Applications ->System Tools -> Terminal and type "service httpd restart"<br />
<br />
===== Ubuntu =====<br />
<br />
#sudo gedit /etc/php5/apache2/php.ini<br />
#Change <br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
#Save Changes<br />
#sudo /etc/init.d/apache2 restart<br />
<br />
<br />
===== VMWare =====<br />
<br />
#sudo vim /etc/php5/apache2/php.ini<br />
#Edit the following lines in the document (read below for assistance with working in VIM)<br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
<br />
<br />
*To edit content in vim you will need to press the '''"I"''' key on your keyboard to enter input mode.<br />
*Hitting the '''Escape''' key will bring you out of input mode.<br />
*Once out of input mode type ''':w''' and then '''enter''' to save the file<br />
*Restart FOG once the file has been saved<br />
<br />
==== Uploading the Snapin ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/CreateSnapin.swf.html Video Tutorial]<br />
<br />
<ol><br />
<li>In the FOG Management Portal click on the Snapin Icon (Puzzle Pieces).</li><br />
<li>On the left-hand menu click on the New Snapin Button.</li><br />
<li>Enter a Snapin Name and Description.</li><br />
<li>Browse to the snapin file you wish to upload.</li><br />
<li>If you want the computer to restart after the snapin is installed click on the "Reboot after install"</li><br />
<li>Click "Add"</li><br />
</ol><br />
<br />
<br />
<br />
As of version 0.17, fog supports using typical msi files as snapin files.<br />
<br />
If the snapin file is a msi file you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of msiexec.exe (ie: c:\windows\system32\msiexec.exe)</li><br />
<li>Set '''Snapin Run With Arguments:''' to '''/i'''</li><br />
<li>Set '''Snapin Arguments:''' to '''/qn'''</li><br />
</ol><br />
<br />
If the snapin file is a .vb script you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of cscript.exe (ie: c:\windows\system32\cscript.exe)</li><br />
</ol><br />
<br />
<br />
<br />
'''Documentation on list of support snapin's and command line arguments''' [[http://www.fogproject.org/wiki/index.php?title=Supported_Snapin%27s_and_Command_Line_Switches]] There are MANY more supported applications that can be installed via command line arguments. You might have better luck installing them directly via .EXE / .MSI / or scripting them via .VBS . For more info on this consult the forums --[[User:Ssx4life|Ssx4life]] 09:04, 8 October 2009 (MST)<br />
<br />
==== Linking the Snapin to Hosts ====<br />
<br />
In order for a snapin to be deployed it must be linked with a host. To do this perform the following:<br />
<br />
<ol><br />
<li>In the FOG Management Portal, click on the Hosts Icon.</li><br />
<li>Search for and select a host and click on the edit button.</li><br />
<li>Scroll down to the snapin section.</li><br />
<li>Select the snapin you just created from the drop-down box and click the "Add Snapin" button.</li><br />
</ol><br />
<br />
The next time you image the computer the FOG Service will attempt to install that snapin. If you have problems, please see the fog log file located at c:\fog.log on the client PC.<br />
<br />
=== Client Side Tasks ===<br />
<br />
==== FOG Version ====<br />
<br />
Applies to version 0.12 or higher.<br />
<br />
==== Overview ====<br />
<br />
FOG attempts to keep management centralized, but in an attempt to make deploying machines as easy as possible FOG has added a few basic client side tasks. These tasks can be run from the client computer during the PXE boot process. When the client boots and the FOG banner is displayed the pxe client will display a prompt like '''boot:''' or something similar. At this point you have 3 seconds to start typing one of the following commands. <br />
<br />
<ul><br />
<li>fog.memtest</li><br />
<li>fog.reg</li><br />
<li>fog.reginput</li><br />
</ul><br />
<br />
==== fog.memtest ====<br />
<br />
This command will run the memtest86+ on the client computer. <br />
<br />
==== fog.reg ====<br />
<br />
This command will run the basic host registration and inventory process without any user input. It will register any new/unregistered hosts with the FOG server and pull a basic hardware inventory from them. The hostname of the computer will be the same as the MAC address without the ":".<br />
<br />
If a host is already registered, then only an inventory will be performed.<br />
<br />
==== fog.reginput ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/RegImage.swf.html View Host Registration Video]<br />
<br />
This command will run the full host registration process with user input, inventory and give the option to push down an image, all at the same time. During this process the user registering the host will be prompted for the computer host name, ip address, operating system ID, image ID, Primary User of the computer, asset tag 1, and asset tag 2. <br />
<br />
If a valid hostname, os id, and image id are given and the option is selected to image the workstation after registration, the host will reboot and an imaging send will began. <br />
<br />
If a host is already registered, then only an inventory will be performed, this prevents end-users from re-registering a machine with a different hostname, etc.<br />
<br />
This tasks was designed for institutions that may get shipments of hundreds of computers that need to be deployed very quickly. They can be unboxed, inventoried, imported into FOG and imaged very quickly. <br />
<br />
===== Operating System ID =====<br />
<br />
As of Version 0.17 of fog, you can now enter '''?''' at the Operating System ID prompt to get a listing of the valid operating system id values. <br />
<br />
The following are valid values for operating system IDs:<br />
<br />
<ul><br />
<li><b>1</b> - Windows 2000 / Windows XP</li><br />
<li><b>2</b> - Windows Vista</li><br />
<li><b>3</b> - Windows 98</li><br />
<li><b>4</b> - Windows (Other)</li><br />
<li><b>5</b> - Windows 7</li><br />
<li><b>50</b> - Linux</li><br />
<li><b>99</b> - Other</li><br />
</ul><br />
<br />
===== Image ID =====<br />
<br />
Image IDs can be found in the management console, in the Images section. Search for the image, and click on the edit button associated with the image, <br />
the image id will be in the Address/url bar in the format of <b>&imageid=xx</b>.<br />
<br />
As of version 0.17, you can enter '''?''' at the Image ID prompt to get a listing of all your images and their ID numbers.<br />
<br />
=== Active Directory Integration ===<br />
<br />
==== Setup ====<br />
<br />
===== Overview =====<br />
<br />
FOG has the ability to register a host with Active Directory, in a limited sense. Versions of FOG up to and including 0.28 rely on the netdom.exe executable that is provided as part the support tools on the Windows installation media. In order for Active Directory integration to function, your image will need to have the FOG service installed, along with the Windows Support Tools.<br />
<br />
Versions of FOG from (and including) 0.29 have this functionality built in and do NOT require netdom.exe or the support tools to be installed.<br />
<br />
It is also very important that before capturing your image that the computer is NOT a member of any domain.<br />
<br />
===== Security =====<br />
<br />
<font color="red">Note: The below statement applies to older FOG versions (1.2.0 and below). When using FOG 1.3.0 and above in conjunction with the NEW fog client, this step is not needed. See [https://wiki.fogproject.org/wiki/index.php?title=FOG_Client here] for more information.</font><br />
<br />
<br />
'''Important - Please read!'''<br />
<br />
In order to add a computer to a domain, FOG requires a username and password of an account that has rights to the OU where the computer objects are stored in the domain tree. This user account should have rights to join computers to the Domain, as well as sufficient rights to create/manage computer objects. FOG attempts to keep your password secure by encrypting it, but since FOG is open source, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and only need to be done one time. Please see the documentation below.<br />
<br />
===== Preparing the Image =====<br />
<br />
Before capturing an image to FOG that you would like to use with Active Directory, please ensure that the image:<br />
<br />
<ul><br />
<li>is NOT a member of the domain, change the computer membership to workgroup instead.</li><br />
<li>has support tools installed (Not required for FOG versions from 0.29).</li><br />
<li>has the FOG service installed.</li><br />
</ul><br />
<br />
===== FOG Setup =====<br />
<br />
To setup a host to use AD, navigate to the hosts section of the FOG management portal. <br />
<br />
<ol><br />
<li>Search for, and select a host. </li><br />
<li>Click on the Edit button</li><br />
<li>Scroll down to the Active Directory section.</li><br />
<li>Check the box next to Join Domain after image task</li><br />
<li>Enter the domain NETBIOS name (i.e. MYDOMAIN, not mydomain.com).</li><br />
<li>Enter the Organizational Unit where you would like to have the computer stored in AD. Leave if blank for the default. (Must be in LDAP format).</li><br />
<li>Enter the user name that has access to the computer objects. Do not include the domain name if you are running version 1.2 (your mileage may vary with earlier versions). Development version of FOG will accept a name with or without domain ('''username ''OR'' mydomain/username''').</li><br />
<li>Enter the encrypted password. This password must be encrypted with the [[FOGCrypt]] utility. This utility is located in the FOGCrypt folder of the FOG download package. It is a Windows (.NET) command line application.</li><br />
<li>Click Update.</li><br />
</ol><br />
<br />
The next time you image that computer the service will attempt to register the host with the domain information provided. If you have problems please refer to the FOG Service log file located in c:\fog.log<br />
<br />
===== Making AD Integration Easier =====<br />
<br />
As of version 0.20 of FOG, we have made it a bit easier to manage AD settings in FOG, by allowing for default settings for AD. This will allow the easy population of the domain, OU, username, and password. To set this feature up perform the following:<br />
<br />
# Go to '''Other Information''' -> '''FOG Settings'''<br />
# Set your default values for the following:<br />
## FOG_AD_DEFAULT_DOMAINNAME<br />
## FOG_AD_DEFAULT_OU<br />
## FOG_AD_DEFAULT_USER<br />
## FOG_AD_DEFAULT_PASSWORD (MUST BE ENCRYPTED!)<br />
<br />
To test everything out, go to a host that doesn't have anything setup for AD, and click on the edit button for that host. Go to the host menu, and select Active Directory. Click on the '''Join Domain after image task:''' button and all your default values should be populated.<br />
<br />
==== Securing Active Directory Integration ====<br />
<br />
===== Overview =====<br />
<br />
In order to add a computer to a domain, FOG requires a username and password that has rights to the OU where the computer objects are stored in the domain tree. FOG attempts to keep your password secure by encrypting it, but since FOG is open source and the methods used to encrypt the password are open for all to see, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and it only needs to be done one time. <br />
<br />
===== The Development Environment =====<br />
<br />
The hostname change module is written in c#, so in order to recompile it you will need to download Microsoft's Visual Studio Express Edition for C#. This can be downloaded from: <br />
<br />
http://www.microsoft.com/express/vcsharp/<br />
<br />
Install Visual Studio with the standard options.<br />
<br />
===== Getting the Source =====<br />
<br />
After Visual Studio Express is installed now we need to get the source code for the hostname change module. This is part of FOG download/installation package. This package can be downloaded from:<br />
<br />
http://sourceforge.net/project/showfiles.php?group_id=201099 <br />
<br />
Extract this package, then navigate to "FOG Service\src\FOG_HostNameChanger\"<br />
<br />
Double-click on HostNameChange.sln to open the project. <br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > hostnamechanger properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Once the project has opened, on the right-hand panel, in the "Solution Explorer", double-click on MOD_HostNameChanger.cs.<br />
<br />
After do so, you should get the source code to display in the main panel, scroll down to the line:<br />
<br />
private const String PASSKEY = "FOG-OpenSource-Imaging"; <br />
<br />
Change '''FOG-OpenSource-Imaging''' to anything you like, just remember what you change it to, as you will need it later.<br />
<br />
Then click File -> Save All.<br />
<br />
Then click Build -> Build Solution.<br />
<br />
This will recompile the hostname change module with your unique key.<br />
<br />
Now navigate to "FOG Service\src\FOG_HostNameChanger\bin\Release"<br />
<br />
Copy only the file HostnameChange.dll to "FOG Service\src\FOG Service\bin\Release" (overwrite existing file).<br />
<br />
Navigate to "FOG Service\src\FOG Service\"<br />
<br />
Open the solution by double-clicking "FogService.sln"<br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > FOGService properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Change the build configuration from debug to release<br />
<br />
Right click on "FOG Service Install" and click "Build"<br />
<br />
Navigate to "FOG Service\src\FOG Service Installer\Release"<br />
<br />
Select the 2 files, right-click -> Send To -> Compressed Folder<br />
<br />
Copy the .zip file to your FOG Server "/var/www/html/fog/client". Overwrite the existing file.<br />
<br />
===== Encrypting Your Password =====<br />
<br />
Now that we have changed the passkey, we need you update the FOGCrypt ini file to use this new passkey. <br />
<br />
Navigate to the FOGCrypt\etc directory from the FOG download package.<br />
<br />
Open the config.ini file and change the passkey value to your new passkey, then save the file.<br />
<br />
Now open a command window and navigate using the cd command to the FOGCrypt directory.<br />
<br />
Type:<br />
<br />
FOGCrypt [password]<br />
<br />
Where [password] is the AD user's password that has rights to the Computers section of the AD tree.<br />
<br />
The output from this command is what you will enter in the FOG management portal.<br />
<br />
<br />
=== FOG Reports ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher. <br />
<br />
==== Overview ====<br />
<br />
FOG Reports allow you to export data from FOG in two major formats including CSV, and PDF.<br />
<br />
#'''Snapin Log''' - This report will report on snapin installation history. <br />
#'''Imaging Log''' - This report will report on images deployed to hosts.<br />
#'''Virus History''' - This report lists any viruses that were found on locate computers. <br />
#'''Inventory''' - This report will report on the inventory information collect for network clients. <br />
#'''Equipment Loan''' - This report can be used for equipment loaned to staff members. <br />
#'''User Login History''' - This report contains information about user logins.<br />
<br />
==== Running Reports ====<br />
<br />
Running a report can be done from the Reports section of FOG, then by picking a report from the left-hand menu.<br />
<br />
==== Importing User Created Reports ====<br />
<br />
The reporting section of FOG allows for the end user to create and upload custom reports into FOG. A FOG report is a simple php script that is processed by the server. To import a report simply click on the '''Upload a Report''' button in the reports section, select the report then click on the upload button. The report will then show up on the left-hand menu. <br />
<br />
Please be cautious when uploading reports from an unknown source as the writer of the report has full access to the FOG system and database! Make sure your sources are trustworthy before importing a report!<br />
<br />
==== Creating Custom Report ====<br />
<br />
Custom reports are simple php scripts in FOG. Custom reports can be created based on the following template:<br />
<br />
[http://freeghost.sf.net/other/ReportTemplate.tar.gz Report Template]<br />
<br />
<br />
<br />
=== Plugins ===<br />
*[[Plugins]] give FOG extra functionality wanted for some users but not all.<br />
<br />
=== Other Settings ===<br />
<br />
==== [[Boot Image Key Map]] ====<br />
<br />
==== FOG Client Kernel ====<br />
<br />
===== Overview =====<br />
<br />
In FOG, there aren't really drivers you need to find and download for your clients to work, this is because we ship a Linux kernel that has the majority of hardware device built into it. What this means is if you have a device that doesn't work with FOG you need to either build a new kernel yourself or try a newer kernel that has been released via our kernel updater.<br />
<br />
<br />
===== Kernel Types =====<br />
<br />
We currently build two "lines" of kernels, one called KS or KitchenSink. This kernel tries to include drivers for as many devices as possible, sometimes as the cost of performance, and this is the kernel that we ship with FOG by default. The other "line" is the PS kernel or the Peter Sykes kernel, which is a based on a config submitted by a user. This kernel line tries to be faster, but may not include as many drivers as the KS kernel. <br />
<br />
===== Updating the Kernel =====<br />
<br />
It is possible to update your client kernel from within the UI of FOG. To do this perform the following steps:<br />
<br />
#Log into the FOG Management UI.<br />
#Go to '''Other Information'''<br />
#Select '''Kernel Updates'''<br />
#Select the Kernel you would like to download, typically the newest kernels are on the top of the list.<br />
#Click the download icon<br />
#Select a file name for your kernel, to make it the default kernel leave the name as '''bzImage'''<br />
#Click the '''Next''' Button<br />
<br />
=== Mobile Management Interface ===<br />
<br />
==== Overview ====<br />
<br />
The FOG Mobile web interface is a very basic, stripped down interface for FOG. It is designed to be given to lower level technicians using low powered, mobile devices such as iPod touches, iPhone, PDAs, and internet tablets. The idea behind this interface is to make it easy for techs to re-image a computer while making the rounds at a site.<br />
<br />
==== Using the mobile Interface ====<br />
<br />
The mobile interface can be access via:<br />
<br />
http://x.x.x.x/fog/mobile<br />
<br />
The portal requires a valid user name in password, which can be created via the FOG portal. <br />
<br />
[[Image:Ipod login.JPG]]<br />
<br />
Once logged into the portal, users can search for hosts and image them, and view/cancel active tasks. <br />
<br />
[[Image:Ipod results.JPG]]<br />
<br />
[[Image:Ipod active.JPG]]<br />
<br />
They can not change image associations, nor modify any properties of a host.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Managing_FOG&diff=12626Managing FOG2020-02-27T10:05:35Z<p>SebastianRoth: /* Images */</p>
<hr />
<div>== Managing FOG ==<br />
<br />
=== Dashboard ===<br />
<br />
==== Overview ====<br />
<br />
[[File:Dashboard.png]]<br />
<br />
*The FOG dashboard is the first page you are presented with after login. This page just gives you an overview of what is happening on your FOG server.<br />
<br />
==== System Overview ====<br />
<br />
*The system overview box is the the top left hand box on this page. The information presented in this box is the current user, the server IP addresse or hostnames for your web server, tftp server and storage server (which can all be different). This section also gives you the system uptime or how long the system has been running without restart, the number of users logged into the Linux box, and lastly the system load.<br />
<br />
==== System Activity ====<br />
*The system activity box is in the top row, the middle box. This section shows the unicast queue, or the number of unicast deploys that are currently in progress. The queue size can change and is based on the the Storage Group(s). Each storage node has a setting ''Max Clients'' making this the maximum number of hosts that this node can image to. If there are 2 nodes with a max of 10 each then your maximum queue amount is 20. However, remember the more you increase the ''Max Clients'' the slower each particular host will be to deploy the image.<br />
*This means that after 20 hosts are receiving images (at once) the 21st will wait for one of the hosts in progress to complete before starting. The reason this was created was so that you could queue up 100 machines with different images (all unicast) and still keep the system functional. We have heard of this queue being used to re-image an entire building of computers ( ~ 1000+ ) overnight. This section updates in real time.<br />
*It will display all the queued, running, etc... tasks and updates at the same interval as the Bandwidth graph. Also, SVN installations (and later future releases) are able to edit which type of tasks get counted towards the "queue". <br />
*This edit can be performed by going to '''FOG Configuration'''[[file:Config.png]]--> '''FOG Settings'''--> '''General Settings''' --> '''FOG_USED_TASKS'''. <br />
*The text field is numeric values (so you'll need to know which task id's are which type. This text field is a CSV setup. If you type (1,2,3,4,5) it will display all tasks of Deploy, Capture, Debug, Memtest, and Testdisk as queued/active depending on their current state. The exception to this rule, is Task Type ID 8 (multicast) in which case it takes the Jobs, not each individual host task, as a queued slot.<br />
<br />
==== Disk Information ====<br />
<br />
*The disk information box is the top, right hand section of the dashboard page. This is a semi-realtime display of the storage remaining on the storage server.<br />
*There is also a drop-down box that can be changed to your storage nodes to monitor their Disk Information.<br />
*If you get an error in this box, please see [[Dashboard Error: Permission denied...]]<br />
<br />
==== 30 Day Imaging History ====<br />
<br />
*This image shows your imaging trends for the past 30 days<br />
<br />
==== Menu Bar ====<br />
<br />
[[Image:FogMenu.jpeg]]<br />
<br />
This menu appears at the top of every page on Fog's web UI. The icons are, from left to right:<br />
<br />
[[Image:Home.png]]'''Home/Dashboard''' - This is the home screen of the FOG management portal.<br />
<br />
[[Image:Users.png]]'''[[Managing_FOG#Users | User Management]]''' - Individual administrators of the FOG resources.<br />
<br />
[[Image:Hosts.png]]'''[[Managing_FOG#Hosts | Host Management]]''' - This section houses the hosts, which are the pcs to be imaged or to extract images from.<br />
<br />
[[Image:Groups.png]]'''[[Managing_FOG#Groups | Group Management]]''' - This section houses groups, which are similar PCS’ that need tasks done en-masse.<br />
<br />
[[Image:Images.png]]'''[[Managing_FOG#Images | Image Management]]''' - This section allows you to manage the image files stored on the FOG server.<br />
<br />
[[Image:Storage.png]]'''[[Managing_FOG#Storage_Management | Storage Management]]''' - This section allows you to add/remove storage nodes from the FOG system.<br />
<br />
[[Image:snapins.png]]'''[[Managing_FOG#Snap-ins | Snap-in Management]]''' - This section provides ways to automate various post-imaging tasks, not covered in this document<br />
<br />
[[Image:Printers.png]]'''[[Managing_FOG#Printers | Printer Management]]'''' - This section allows for management of printers, allowing you create printer objects that can later be assigned to hosts or groups.<br />
<br />
[[Image:Services.png]]'''Service Configuration'''' - This section allows you to control how the ''client'' service functions.<br />
<br />
[[Image:Tasks.png]]'''[[Managing_FOG#Tasks | Task Management]]''' - This section allow you to perform imaging tasks such as acquiring or deploying images.<br />
<br />
[[Image:Reports.png]]'''[[Managing_FOG#FOG_Reports | Report Management]]''' - Reports let you pull information from the FOG database either as HTML, pdf, or csv.<br />
<br />
[[Image:config.png]]'''Fog Configuration''' - The section has the rest of the settings that don't fit anywhere else like the kernel updater, client service updater, iPXE edits, MAC address list, Log viewer, '''FOG Settings'''.<br />
<br />
[[Image:Plugins.png]]'''[[Managing_FOG#Plugins | Plugins]]''' - Plugins add more functionality to FOG. Must be enabled in ''Fog Configuration''<br />
<br />
[[Image:Logoff.png]]'''Logoff''' - Click this to log off of the Fog web UI.<br />
<br />
<br />
----<br />
<br />
=== Hosts ===<br />
[[File:All_Hosts.png]]<br />
*[http://freeghost.sourceforge.net/videotutorials/hostinfo.html Video Tutorial] (old version but valid instructions)<br />
*A host in FOG is typically a computer, but it can be any network device. Hosts are used to identify a computer on the network and are used to manage the device.<br />
<br />
==== Adding a new host ====<br />
<br />
===== Method 1: Adding a new host via Full Registration =====<br />
<br />
*This is the preferred method, and maybe the easiest method for getting a host into the FOG database, but it requires you to visit the host. When at the client computer, during the boot up process when you see the PXE/iPXE boot menu select '''Perform Full Host Registration and Inventory'''. During this phase you will be prompted for information about the host like hostname, operation system, image, groups, Product Key, and other information. If you enter a valid operating system and image id, you will be asked to Image Now. If desired, you can set the task and it will deploy the image on the next network boot. <br />
*After the requested information is entered, FOG will pull a quick hardware inventory the client.<br />
*This method of registration will register the mac address(primary wired only), serial number(if available in BIOS), Make/Model, and other Hardware information with the FOG server.<br />
*For more information on these commands please see: [[FOGUserGuide#FOG_Tasks | Client Side Tasks]]<br />
<br />
===== Method 2: Adding a new host via Quick Registration =====<br />
<br />
*Quick registration is very much like the Full host registration, with the exception that it will not prompt you for any input, nor give you the option to image the computer directly from the registration screen. When the host is added to the FOG server, it will be named with the hosts primary mac address. This method is great for adding a lab of 30 computers to FOG quickly and easily.<br />
*This feature is disabled by default, to enable this feature:<br />
#Go to '''FOG Configuration'''[[image:config.png]]<br />
#Select '''FOG Settings'''<br />
#Find section '''FOG Quick Registration'''<br />
#Tick ON '''FOG_QUICKREG_AUTOPOP''' to &#10004;<br />
#Set '''FOG_QUICKREG_IMG_ID''' to the image ID you would like to use for all newly created hosts.<br />
#'''FOG_QUICKREG_OS_ID''' will be auto populated when "Save Changes" is selected. (OS is now associated within the image so no need to select an OS)<br />
#Change '''FOG_QUICKREG_SYS_NAME''' to what you would like to name you new machines, where * will be replaced by a number. If you would like to zero pad numbers you can use '''LAB300-**''' which would result with '''LAB300-03''' or '''LAB300-09'''.<br />
#Set '''FOG_QUICKREG_SYS_NUMBER''' to the first number you would like to use.<br />
*After each registration the computer will automatically image and the '''FOG_QUICKREG_SYS_NUMBER''' will incremented by 1.<br />
<br />
===== Method 3: Manually Adding =====<br />
<br />
*[http://freeghost.sourceforge.net/videotutorials/addimghost.html Video Tutorial]<br />
*Adding a new host can be done in the hosts section of FOG.[[Image:Hosts.png]] Then by clicking on the "Add New Host" button on the left hand menu. At least a hostname and a MAC address must be entered in order to add the host to the FOG database. <br />
<br />
*A host consists of the <span style="color:RED">'''required*'''</span> fields: <br />
<br />
#'''Hostname*''' - A string used for the Windows Hostname of client, this must be less than 15 characters long. <br />
#'''MAC address*''' - This field is used in for for a unique identifier for the host. The string must be separated by : (colon), in the format of 00:11:22:33:44:55. <br />
<br />
*Hosts can also include, but are not required:<br />
<br />
#'''IP address''' - Just your typical IP address, in the typical formation of X.X.X.X or 192.168.1.1.<br />
#'''Description''' - Information for your own reference.<br />
#'''Image Association''' - This field is a drop down box that will allow you select an image object created in the '''Images''' section. <br />
#'''Operating System''' - Drop down box that allow you to select the primary type of operating system running on this host.<br />
#'''Kernel''' - This is only used if you want to overwrite the default kernel used for FOG. Needs to be specified as fog/kernel/mybzImage<br />
#'''Kernel Arguments''' - This allow you to add additional kernel arguments for booting the host (ie: vga=6, or irqpoll). <br />
#'''Primary Disk''' - This option allows you to force a device to use during imaging if fog fails to detect the correct device node.<br />
*This page also allows for configuration of Active Directory integration, but this topic will be covered later. When all settings are added, click on the "Add" button.<br />
<br />
===== Method 4: Importing Host Information =====<br />
<br />
*When getting started with FOG, you need to enter the host information for the devices on your network. We understand this can be a long difficult process, so in order to make this process easier we created a page that allows you to import most of the host information from a CSV file. <br />
*The CSV file that is imported to FOG must be in the following format, and the file should not have a header row. <br />
<pre>MAC Address,Host name,IP Address,Description,OSID,ImageID</pre><br />
*The '''MAC Address''' (<span style="color:RED">'''required*'''</span>) is the NIC's MAC address seperated by ''':''' (colon).<br />
*The '''Host name''' (<span style="color:RED">'''required*'''</span>) is the computer's Host name (must be less than 15 characters, should not include underscores, according to [http://tools.ietf.org/html/rfc952 | Network Working Group ]).<br />
*The '''IP Address''' (<span style="color:Orange">'''Can be left as blank'''</span>)is the computer's IP address (format x.x.x.x). <span style="background-color:Yellow;">''This field is '''NOT''' currently used by FOG''</span><br />
*The ''''Description''' (<span style="color:Orange">'''Can be left as blank'''</span>)is any text description you would like associated with the computer.<br />
*The '''OSID''' (<span style="color:RED">'''required*'''</span>)is the number representing the operating system. It can be found in the table "supportedOS" in the field osID.<br />
*The '''ImageID'''(<span style="color:RED">'''required*'''</span>) is the number representing the images file linked to this image. The image definition must already exist and this number can be found in the table "images" in the field imageID.<br />
*<span style="background-color:Red; color:white;">The file must be saved as a CSV '''without''' a header row.</span><br />
*Sample:<br />
<pre><br />
00:00:02:AF:00:E0:01:0F,adminoff1,10.0.1.150,Main admin office computer,5,14<br />
00:00:02:AF:00:E0:01:04,adminoff2,,admin office 2 computer,5,13<br />
00:00:02:AF:00:E0:01:02,adminoff3,,,5,12<br />
</pre><br />
<br />
====== Importing the File ======<br />
#After the file is prepared and saved, you will need to log into the FOG Management Portal.<br />
#Then click on the Hosts icon [[Image:Hosts.png]].<br />
#On the left-hand menu, click on '''Import Hosts'''.<br />
#Browse for your file, then click "'''Upload CSV'''".<br />
<br />
==== Managing Hosts ====<br />
<br />
===== General =====<br />
<br />
*Once hosts have been added to the FOG database you can modify or delete them. Finding a host which you wish to edit can be done in two ways, the first is by listing all the hosts that exist. This is done by clicking on the "List All Hosts" button. The second way to locate a host is to use the search function. To search for hosts click on the "New Search" button, if you would like to search for all hosts you can enter a "*" or "%". The search function will search in the host's name, description, IP and MAC address. <br />
*Once a host is located, it can be edited by clicking on the edit button or on the Host Name itself. Clicking on the edit button will display all the properties that were shown during host creation with the addition of snapin, printers, active directory, service settings, hardware, virus history, and login information. <br />
*The entire host object can be removed from the FOG system by clicking on the delete option at the bottom of the Host Menu.<br />
<br />
===== Multiple MAC Address Support =====<br />
*When FOG first registers your HOST computer it uses the first connected Ethernet cable and defaults it to the Primary MAC Address. Once the FOG Client is installed and reporting data back to the FOG server it may register other additional MAC addresses, such as wireless and other wired connections. Also, an additional MAC can also be added directly under the Host definition.<br />
*These new MAC Addresses will need to be approved before FOG will take advantage of them.<br />
*#'''Host Management''' [[File:Hosts.png]]--> '''[Selected Host]''' -->''Additional MAC''<br />
*#'''Fog Configuration'''[[File:Config.png]]--> '''MAC Address List''' -->''Approve Pending Addresses''<br />
*'''Fog Configuration'''[[File:Config.png]]--> '''MAC Address List''' At this location you can also ''"Update Current Listings"'' giving updated information on the MAC Addresses and their manufactures, listing it under the Host.<br />
<br />
===== Host Status =====<br />
<br />
*Host Status displays an indicator icon next to the host within the FOG UI showing the status of the machine. This function executes a ping based on the host's name. So in order for this to work you must have an internal DNS server that is tied in with your DHCP server, so that when a DHCP address is given out, the DNS server is notified with the new IP. If that is setup correctly, you must make sure your FOG server is able to ping a host from the command line using:<br />
ping somehostname<br />
*If the server isn't able to ping the client, then the status of the host in the UI with always show as unreachable. If you can ping the client using the FQDN, like<br />
#Replace forproject.org with your domain suffix<br />
ping somehostname.fogproject.org <br />
*Then you will need to adjust the DNS '''Search domains:''' setting on your sever. After making this change you will need to restart the apache server for it to take affect.<br />
*If after this, you still can't ping your clients, the problem may be due to a firewall issue with the clients. In this case, client specific configuration changes might be needed.<br />
*With an increase in Hosts(250+) this "ping" will delay the loading of the List ''All Hosts'' page. Disabling this feature will help in loading this page.<br />
*# '''Fog Configuration''' [[File:Config.png]] --> '''Fog Settings''' --> '''General Settings''' --> Untick ''FOG_HOST_LOOKUP''<br />
<br />
===== Creating Host Groups =====<br />
<br />
*FOG allows you to create groups of hosts which then allows you to take action on a whole grouping of hosts. Hosts can be created either on the "List All Hosts" section or by doing a search for hosts. To create a group select the computer you would like to be member of the group by placing a check in the box next to the hostname, or by clicking the check all button in the title row. After the hosts are selected scroll to the bottom of the screen and then enter a name in the create to group box or select a group to add the hosts to. Then click on the "Process Group Changes" button.<br />
<br />
<br />
----<br />
<br />
=== Groups ===<br />
*Groups in FOG are used to organize your hosts into real world logical clusters. This is intended to ease management of the computers. A single host can be a member of infinitely many groups, so if a computer happens to be a member of the group called "Third Floor", it could also be a member of "Math Department", or "Dell PCs." Groups make using FOG possible for organizations with a very large number of PC's.<br />
<br />
==== Creating Groups ====<br />
*Groups are created in two sections:<br />
*#'''Group Management'''[[file:groups.png]] --> '''Create New Group'''<br />
*#Hosts section of FOG based on searches, for information on how to create groups, please see [[Managing_FOG#Creating_Host_Groups | Creating Host Groups.]]<br />
<br />
==== Managing Groups ====<br />
<br />
*After a group has been created, it can be managed from the groups section of FOG. Locating groups is very similar to locating hosts, you can either list all groups or you can search for groups. When searching for groups your search criteria is matched against the group name or the group description. Once a group is located it can be modified by clicking on the "Edit" button on the right hand side of the table or the Title of the group itself.<br />
<br />
*Under the section "Modify Group [Groupname]" there are options to change the group name, group description, group product key, or to delete the group. If you wish to update the group name or the group description make your change then click on the "Update" button within that section. If you would like to remove the group then simply click on the "Delete" button within this section.<br />
<br />
*As a reminder, when saving or updating settings for hosts Fog uses the last to save option. If you set all the hosts in this group to have ''Image A'' and then change ''Host A'' in that group to be ''Image B''. The group settings will not override the settings for ''Host A'', unless you go back to the group and set all hosts back to ''Image A''.<br />
<br />
===== Group Basic Tasks =====<br />
<br />
*This section will allow you to start a task on this group of hosts. From this section you can start any task to all hosts within the group. Multi-Cast is also available from here. Please review [[FOGUserGuide#Fundamental_Concepts | Fundamental Concepts]] to determine the required deploy task.<br />
<br />
===== Group Membership Setup =====<br />
<br />
*This page allows you to view/add/delete membership of the group. This section will list all of the members of the group and give you the option to remove members from the group.<br />
<br />
===== Group Image Associations =====<br />
<br />
*The groups page also allows you to update the image association for all the members of the group. This can be done in the "Image Association for [groupname]" section. Select the image association from the drop-down box and select "Update Images" and then all your host objects for that group will be modified.<br />
<br />
===== Group Snapins =====<br />
<br />
*You can add or remove snapins to all hosts in a group, but because the nature of groups, it is not possible to see what snapins are currently associated with a group. This is because the snapins are not directly associated with the group, the are associated with the host and it is possible for all members of the groups to have different snapins linked with each host. What fog does allow you to do is batch add a snapin to all the hosts within a group. At the same time you can batch remove a snapin from all the hosts within a group. This functions can be done via the '''Add Snapins''' and '''Remove Snapins''' button in the Group Menu.<br />
<br />
===== Group Service Settings =====<br />
<br />
*The '''Service Settings''' page allows you to enable or disable certain service modules on all hosts in the group, as well as change some service settings for group such as screen resolution, and auto log off settings.<br />
<br />
===== Group Active Directory Setup =====<br />
<br />
*Active Directory integration settings can also be distributed to all members of a group via this page. The section "Modify AD information for [groupname]" allows you to do so. This section provides the same options as the host screen but allows you to mass update all of your hosts.<br />
<br />
===== Group Printers =====<br />
<br />
*The '''Printers''' page allows you to add or remove printer associations to all hosts within the group. This page also allows you to set the management level all hosts within the group.<br />
<br />
===== Group Membership Information =====<br />
<br />
*The most important thing to remember about groups in FOG is that they do not contain their own properties. When you make changes to a group, you are really make changes to every host object within the group. For example, if you change the OS association for a group, then go back to the one of the host objects that is a member of that group, it will have the new OS association on that object.<br />
<br />
<br />
----<br />
<br />
=== Images ===<br />
<br />
*Image objects in FOG are the representation of the physical files that contain the disk or partition images that are saved on the FOG server.<br />
<br />
==== Creating Images Objects ====<br />
<br />
*Image objects in FOG are created in the Images section of the FOG management portal. To create a new image click on the "New Image" button on the left hand menu. An image object requires a name and a image file path. <br />
<br />
*When creating images you have a few choices in how you want that image to 'act'. The possible partition types include:<br />
Single Disk - Resizable<br />
Multiple Partition Image - Single Disk (Not Resizable)<br />
Multiple Partition Image - All Disks (Not Resizable)<br />
Raw Image (Sector By Sector, DD, Slow)<br />
<br />
*'''Single Disk - Resizable'''<br />
<br />
This is the detault choice used by FOG as it works in most cases and allows for deployment to smaller size disks as well. It takes a copy of every partition on the disk, and resizes partitions that has excessive free space to a smaller size where possible. Each resizable partition will go through a "Resizing filesystem" process for each partition that is to be resized. This process can take some time depending on how severe disk fragmentation is. The partitions that are shrank will be shrunk down to only 2GB of free space on their partition. This allows an image taken from a 6TB drive with only 20GB of used space to be deployable to a drive with a total capacity of 25GB roughly. When the partitions are laid onto the destination drive, all resized partitions are intelligently expanded to utilize the entire drive.<br />
<br />
*'''Multiple Partition Image - Single Disk (Not Resizable)'''<br />
<br />
If you don't need to deploy to a smaller size disk you might consider using this image type as it's less likely to cause an issue and image size on the server is still as small as with resizable image type. Single Disk will back up all the supported partitions on the first disk drive detected by FOG, but the partitions are NOT resized by FOG. This means that the image must be restored to a disk of the same or larger capacity. It is possible to backup NTFS drives with vendor specific 'restore' partitions with this type of image. As well it is possible to capture Linux systems with this type of image given the following criteria:<br />
1.) There is a Grub boot loader present.<br />
2.) LVM is not used.<br />
3.) The partitions include '''ext2''', '''ext3''', '''reiserfs''', and/or '''swap'''.<br />
4.) The swap partition should be moved out of the extended partition<br />
<br />
*'''Multiple Partition Image - All Disks (Not Resizable)'''<br />
<br />
This is what you should pick when you want all partitions from multiple disks to be captured. The partitions are NOT resizable by FOG. If you only wanted a particular partition captured or drive captured in a multi-drive system, you can define the disk or partition you want within a "Single Disk - Resizable" or "Multiple Partition Image - Single Disk (Not Resizable)" type image. This is done through the host's "General" area, in the "Host Primary Disk" field.<br />
<br />
*'''Raw Image (Sector By Sector, DD, Slow)'''<br />
<br />
This should always be the last resort. This takes an absolute exact copy of an entire disk and does not compress the data. If you take an image from a 6TB disk, the resultant image will be 6TB in size. This image type also takes a '''significant''' amount of time to capture and deploy.<br />
<br />
*All of these images can be deployed using multi-cast or unicast to clients.<br />
<br />
==== Modifying Image Objects ====<br />
<br />
*Image object can be located either by a search or by listing all image objects.<br />
<br />
==== Adding Existing Image Objects ====<br />
<br />
*To restore an image to the FOG database:<br />
*# Create a new Image definition through the management browser<br />
*# Specify image name (SampleXPImage)<br />
*# Specify storage group (default)<br />
*# Specify image file path (SampleXPImage)<br />
*# Specify image type<br />
*# Log into the box hosting FOG, and move/rename your image to match browser input<br />
*# Create hierarchy if necessary. FOG, by default, puts images in /images/, so for the above example, you would need to create a folder structure like so: /images/SampleXPImage<br />
*# Drop your image file into the folder (be sure it's named the same as image name above)<br />
<br />
----<br />
<br />
=== Storage Management ===<br />
<br />
*The Storage Manager introduces the concept of '''Storage Groups.''' Basically, a storage group is a group of NFS servers that share images and share the load of computers being imaged. Any member of a storage group is referred to as a '''Storage Node.''' You may have as many storage groups as you wish and as many storage nodes within those groups as you wish. In each storage group, there is one storage node which is designated as the '''Master''' of that group. Basically, this '''Master''' node is the node where all image captures go, this node handles multicasting tasks for the group, and is the image replicator the for the group. This means that whatever images are stored on this node are what gets distributed to the entire group. <br />
<br />
*What this new system of storage management gives us is a distributed model for FOG which allows for more unicast transfers at a single time. We also gain data redundancy. We also take stress off of the main FOG server.<br />
<br />
*Below is a brief overview of Storage Groups<br />
<br />
[[Image:Nfsgroup.jpg]]<br />
<br />
*This image shows a single Storage Group and the flow of data within the group. The queue size of the system is the sum of the queue size of all the storage nodes within the system. So if you have 4 nodes each with a queue size of 10, then the queue size of the system is 40, which means 40 clients can be imaged (unicast) at one time. <br />
<br />
[[Image:StorageGroups.jpg]]<br />
<br />
*This image shows that it is possible to have multiple storage groups on your network, which are isolated from each other. This image also demonstrates, that captures always go to the master node and multicast session always send data from the master node. Images are pushed out from the master node of the group to all other members of the group.<br />
<br />
*'''Key Benefits'''<br />
*#Increased throughput<br />
*#Redundant Storage<br />
*#Scalability<br />
<br />
*Also see [[Knowledge_Base#Storage_Nodes | Storage Nodes]] for tutorials.<br />
<br />
==== Adding a Storage Node ====<br />
<br />
*Definition: Storage Nodes provide extra [http://www.fogproject.org/wiki/index.php?title=InstallationModes NFS/FTP storage space] which increases available throughput and redundancy within a network. They do not provide PXE, TFTP, or DHCP services at secondary sites. To enable additional PXE and TFTP services at secondary sites see this section: [[#Including_multiple_PXE_.2F_TFTP_servers|#Including multiple PXE / TFTP servers]]<br />
<br />
*Video Tutorial: http://www.youtube.com/watch?v=X72WthDGwsw&fmt=18 (old video but still valid infomation)<br />
<br />
*To add an additional storage node to the network, the computer should be prepared in the same way the main FOG server would be prepared (disable firewall, SELinux, etc). You can also safely mix operating systems for the nodes of you storage group, some nodes can be running fedora, and some can be running Ubuntu. It is important to update your storage nodes when you upgrade to a new version of FOG. Installation of a storage node is done with the same installer for a normal FOG server. Installation can be started by running the installer script, the steps are detailed below.<br />
<br />
*Surprisingly enough some users have actually gotten a Windows Storage node to work properly. See [[Windows_Storage_Node]] for more information on this.<br />
===== Installing the Node =====<br />
*To Install a node:<br />
*#Run the installation script, ./installfog.sh<br />
*#Select your operating system.<br />
*#When prompted for Server Installation Mode, select '''S''', for storage node.<br />
*#Enter the IP address of the storage node.<br />
*#Confirm you interface<br />
*#Then you will need to enter the IP address or host name of the node running the FOG database<br />
*#Then you will be prompted for a username (typically fogstorage)<br />
*#and a password that is located on the FOG server, that will allow the storage node to access the main FOG server's database. This information is located in the FOG management portal for convenience (on the main for server). It can be accessed via '''Other Information''' -> '''FOG settings''' -> section '''FOG Storage Nodes'''.<br />
*#You will then be prompted to confirm your installation settings, if they are correct press '''Y''' end hit '''Enter'''.<br />
*#When installation completes, the install will produce a username and password that will be needed to add the storage node to the FOG management portal. Username is "fog", password is in /opt/fog/.fogsettings<br />
<br />
===== Adding the Node to the Management Portal =====<br />
*To Add a Node<br />
*#Log into the FOG Management Portal<br />
*#Navigate to the '''Storage Management''' section.<br />
*#Click on '''Add Storage Nodes'''.<br />
*#For the '''Storage Node Name''', enter any alpha numeric string to represent the storage node. <br />
*#Enter any description you wish<br />
*#Enter the IP address of the storage node you are adding. This must be the IP address of the node, DO NOT use a hostname here or the node will not function correctly. <br />
*#Enter the maximum number of unicast clients you would like this node to handle at one time. The value that we recommend is 10. <br />
*#Is Master Node is a very dangerous settings, but for right now leave it unchecked, for more details please see: [[#Master Node Status]].<br />
*#Next, select the storage group you would like this member to be a part of, in our example we will pick '''Default'''<br />
*#Next, specify the image location on the storage node, typically '''/images/''', your image location should always end with a '''/'''.<br />
*#Next, you will want to check the box, to enable the node.<br />
*#The last two fields take the username and password that are generated during the installation of the storage node. username is "fog", password is in /opt/fog/.fogsettings<br />
*#Then click '''Add''' to have the node join the storage group.<br />
<br />
==== Monitoring The Master Node ====<br />
<br />
*On all storage nodes there is a new service (as of version 0.24) called FOGImageReplicator which is a very basic script which, if the node is the master, copies all of its images to all other nodes in the storage group. The coping is done every ten minutes by default, which means your images are NOT instantly duplicated to all nodes. <br />
<br />
*If you would like to view the status of the image replication, you can do so on the storage node by switching to tty3, by typing ctl + alt + f3. Output is also logged to a file in the '''/opt/fog/log''' directory.<br />
<br />
*FOGImageReplicator logs are also located in [[File:Config.png]] '''Fog Configuration''' --> '''Log Viewer''' --> '''FILE: [Select Image Replicator]'''<br />
<br />
==== Master Node Status ====<br />
<br />
*The '''Master Node''' (could be the server or a particular node) in a storage group is the node that distributes images files to all other nodes in the storage group.<br />
<br />
*If you have all your images distributed across 3 nodes in a storage group, '''if you add a new storage node that has no images stored on it, making that node master will cause it to take over and push it's image store of nothing to all other nodes, wiping out all of your images'''. So it is important to be very careful and backup your images when you change a node's master status.<br />
<br />
*Notes - You '''can''' have many storage nodes in a storage group. You '''can''' have one master storage node in a storage group. You '''can not''' have more than one master storage node in a storage group. You '''must have''' one master storage node for replication to take place to other nodes in the group. '''If''' a master storage node is set, all captures '''first''' go to the master storage node of the storage group the image is assigned to; and are '''then''' replicated to other storage nodes.<br />
<br />
==== Including multiple PXE / TFTP servers ====<br />
<br />
*A traditional Master Storage Node, [[#Adding_a_Storage_Node|as described above]] only provides File Storage redundancy. While this can help increase multicast throughput on a single network, all the machines under FOG management must be within the same subnet/VLAN so that DHCP broadcast requests can be directed to the Main server. (see note below)<br />
<br />
*<pre>'''Note:''' depending on the network, it may be possible to configure [http://en.wikipedia.org/wiki/UDP_Helper_Address iphelper] to forward packets to the Main FOG server</pre><br />
<br />
*The following instructions are intended to help configure additional Storage Nodes to operate independently on separate networks, while still syncing with and taking commands from a single Main FOG server.<br />
<br />
*Click here for instructions on setting up [[Multiple_TFTP_servers|multiple PXE / TFTP servers]]<br />
<br />
=== Users ===<br />
<br />
==== Overview ====<br />
<br />
*FOG has only two levels of users, '''regular''' users and '''mobile''' users. Regular users have access to the mobile portal and the full management portal. Mobile users have access to only the mobile management portal and Quick Image functions.<br />
<br />
==== Creating Accounts ====<br />
<br />
*All accounts are created under the "Users" section of the FOG portal. To create a new account click on the "New User" button on the left hand side of the page. All accounts must have a unique username, and a password. After filling in the required information click on the "Create User" button.<br />
<br />
==== Modifying Users ====<br />
<br />
*FOG accounts can be modified from within the users section. First you must locate the account you wish to modify by clicking on the "List all Users" button on the left hand side of the page. When a user is located, click on the edit button on the right hand side of the table.<br />
<br />
=== Tasks ===<br />
<br />
==== Overview ====<br />
<br />
*Tasks are all the actions that you can take on a computer, and in FOG there a numerous tasks that can be done including:<br />
<br />
*Deploy (Unicast)<br />
*Capture (Unicast) <br />
*Deploy - Multicast <br />
*Debug<br />
*Memory Test<br />
*Test Disk<br />
*Disk Surface Test<br />
*Recover (File Recovery)<br />
*Hardware Inventory<br />
*Password Reset<br />
*Deploy All Snapins<br />
*Deploy Single Snapin<br />
*Wake-Up<br />
*Deploy - Debug (Unicast)<br />
*Capture - Debug (Unicast)<br />
*Deploy - Without Snapins (Unicast)<br />
*Fast Wipe<br />
*Normal Wipe<br />
*Full Wipe<br />
*Virus Scan<br />
*Virus Scan - Quarantine<br />
*Donate<br />
*Torrent-Cast<br />
<br />
<br />
In the tasks section of FOG you can perform tasks on single hosts or groups of hosts. This section also allows you to monitor selective tasks, and stop/cancel tasks.<br />
<br />
==== General Tasks ====<br />
<br />
The general/common Tasks in FOG include unicast image capture, and unicast image send, as well as a multicast image send. In FOG, sending an image to the server is considered an image capture, and deploying an image to the client is called a send. Both of these tasks can be started directly from the search, list all hosts, and list all groups pages. <br />
<br />
To perform a simple image capture, click on the upward facing arrow next to the host. Captures are only possible on a host, not a group. Capturing an image will also overwrite any image file that may already exist for that host without any notification or confirmation.<br />
<br />
Please note that capturing images of Windows Vista and Windows 7 requires special command to be run on the clients prior to image capture. Please see [[What do I have to do to an image before capturing?]] for more details.<br />
<br />
For a video demonstration of an image capture, please see: http://www.youtube.com/watch?v=jPPZr0abVfg&fmt=18<br />
<br />
To perform a simple image send, click on the downward facing arrow next to the host. An image send can be done on a host or a group. When sending an image to multiple computers FOG works in queue mode, which means that it will only send to 10 (by default) computers at one time. This is done to keep the server from being overworked. As soon as the a machine finishes, another from the queue joins.<br />
<br />
To perform a multicast image send you must search for a group of hosts on the "Task Management" page. Multicast tasks can only be performed on a group of hosts. Multicast tasks will send to all the computers in the group at once, and the task will not start sending until all members of the group have connected with the server. After starting a multicast task, status can be view by clicking on [ctl]+[alt]+f2. A log is also kept for multicast transfers which is stored at /opt/fog/log.<br />
<br />
==== Advanced Tasks ====<br />
<br />
The advanced Tasks in FOG include everything that is not a simple capture, simple deploy or mutlicast deploy. <br />
<br />
=====Debug=====<br />
<br />
Debug mode boots the linux image to a bash prompt and allows the user to issue all commands by hand. <br />
<br />
=====Capture - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to capture the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Debug)=====<br />
<br />
Does the same thing that debug mode does, with the exception that the environment is setup to send the image. To start the imaging process just type:<br />
<br />
fog<br />
<br />
=====Send - Unicast (Without Snapins)=====<br />
<br />
This task does a normal send task with the exception that if any snapins are associated with the host, they are not deployed to the host. <br />
<br />
=====Deploy All Snapins=====<br />
<br />
This task will send all the snapins associated with a host to the host without imaging it.<br />
<br />
=====Deploy Single Snapin=====<br />
<br />
This task will send a single snapin that is associated with the host to the host without imaging it. (Note: The snapin must be associated with the host already)<br />
<br />
=====Memory Test=====<br />
<br />
Boots to Memtest86, a memory testing tool. This a task will not exit with out user intervention at the client side. The task must also be manually stopped via the management front end.<br />
<br />
=====Wake Up=====<br />
<br />
Wakes up host or group of hosts using Wake-on-Lan. <br />
<br />
=====Fast Wipe=====<br />
<br />
This task does a quick and dirty wipe of the drive. This task writes zeros to the first ~40MB of the disk. This task should NOT be used if you don't want your data to be recoverable. <br />
<br />
=====Normal Wipe=====<br />
<br />
This tasks writes random data to the entire surface area of the disk. <br />
<br />
=====Full Wipe=====<br />
<br />
This tasks writes random data, multiple times to the entire surface of the disk. <br />
<br />
=====Disk Surface Test=====<br />
<br />
This task will look for bad blocks on the hard disk and report them back to the client console. <br />
<br />
=====File Recovery=====<br />
<br />
This task will load an application that can be used to recover lost files from the hard disk. <br />
<br />
=====Virus Scan=====<br />
<br />
This task will update and load ClamAV and scan the partition for viruses. It will either scan and report or scan and quarantine files, it will also report back to the management portal with the results of the scan.<br />
<br />
=====Hardware Inventory=====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/InventoryUpdate.swf.html Video Tutorial]<br />
<br />
The hardware inventory task will execute the same task as the fog.reginput client side task. Since the host is already registered, all it will do is update the computers inventory and restart. It is visioned that this task could be run on a regular interval on a group of all computers in your network, or some sub group of computers in your network. Then on the next reboot of those computers an inventory would be performed.<br />
<br />
==== Scheduling ==== <br />
<br />
As of version 0.27 of FOG, select tasks can be scheduled using a static date/time combination or using a cron style repetitive task scheduling. Task scheduling can be performed on either single hosts, or on groups of computers. One thing to note about task scheduling that isn't intuitive is that it '''requires an image to be associated with the host, even for non-image based tasks!''' The reason for this is because tasks are only run on the master storage node associated with that host, and the only way to tie a storage node to a host is via an image. We did this to prevent multiple storage nodes to try running the same task for a specific host. <br />
<br />
===== Single Execution Scheduling =====<br />
<br />
Single task execution will run a task at a single date and time, then the task will be discarded. To scheduled a single execution task, you would go to the tasks section of fog, then select the host or group you would like to schedule the task, then select the task you would like to schedule. You will then be presented with the screen show below.<br />
<br />
[[Image:Sched.png]]<br />
<br />
To schedule a single execution task, click on white text box below "Schedule Single Task Execution?" and a pop up calendar will load and allow you to select your date and time for the task. Click on the date to close the calendar, then start you task. <br />
<br />
===== Cron Style Task Scheduling =====<br />
<br />
Cron style task execution allows you to do complex repetitive task scheduling. After a cron task executes, it is not removed, as single executions tasks are. Cron style tasks, as the name suggests are similar to the Linux cron task scheduler format. Cron style tasks are created as single execution tasks are, except when presented with scheduling options, select the option "Schedule Cron Style Task Execution". Below that check box are a series of text boxes including:<br />
<br />
min -> Minute [00-59]<br />
hour -> Hour [00-23]<br />
dom -> Day of Month [01-31]<br />
month -> Month [01-12]<br />
dow -> Day of Week [01-07] (Sunday ==> 0, Saturday ==> 6)<br />
<br />
To give an example of how this works, if you wanted a capture task to run at '''10:00pm everyday''' you would enter the following:<br />
<br />
0 22 * * *<br />
<br />
This basically says run the task a '''0''' minutes into the hour, on the '''22nd hour (10:00pm)''', on '''every day of the month''', on '''every month of the year''', on '''every day of the week'''.<br />
<br />
To take this example further, lets say you only wanted to capture the image '''every other day''', we could do this by adding:<br />
<br />
0 22 */2 * *<br />
<br />
The '''*/2''' now tells the scheduler to only run on '''even days of the month'''. <br />
<br />
We could even ask the scheduler to only do a backup on '''even weekdays''' by adding:<br />
<br />
0 22 */2 * 1-5<br />
<br />
The 1-5 we just added says only run on days 1 through 5, which relate to Monday - Friday.<br />
<br />
Now we will ask the scheduler to only backup in the month of February.<br />
<br />
0 22 */2 2 1-5<br />
<br />
Another basic example could be if you wanted to run an inventory update on the first of every month you could use:<br />
<br />
30 1 1 * *<br />
<br />
This task would then run at '''1:30''' on the '''1st of every month'''.<br />
<br />
<br />
The FOG scheduler doesn't support 100% of the operations that cron supports, below are the operations that are supported:<br />
<br />
4 - Listing a static number<br />
4,5,6,7 - Listing a group of numbers<br />
4-7 - ranges of numbers <br />
4-7,10 - ranges and lists<br />
*/5 - * divided by a number<br />
* - Wildcard<br />
<br />
For more information on cron please see http://en.wikipedia.org/wiki/Cron<br />
<br />
=== Printers ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher.<br />
<br />
==== Known Issues ====<br />
<br />
Setting of the default printer will only work if the fog tray icon is running.<br />
<br />
==== Overview ====<br />
<br />
The printers section of FOG allows you to create printer definitions that you can later associate with hosts. The FOG service looks at these associations and during service it will attempt to install any printers listed. This service has three settings which define how the printers are managed, printer management can be set to:<br />
<br />
<ul><br />
<li>No Printer Management</li><br />
<li>Add Only</li><br />
<li>Add and Remove</li><br />
</ul><br />
<br />
All hosts default to '''No Printer Management''' which means that the FOG service does nothing to the hosts printers. '''Add Only''' does as the name implies, and will only add printers to the host machine, it will not remove any existing printers that may be installed. '''Add and Remove''' will take full control of the hosts printing system and only allow for the printers that are specified by the FOG management console to exist on the host. <br />
<br />
==== Adding New Printers ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf Video Tutorial]<br />
<br />
In order for the printer to be added to the host computer, the printer drivers must be stored in a public area, or included on the host computer. This public area can be a Novell Network share where public has read-only access, a Windows share that is public read-only to everyone, or a Samba share (possibly residing on the FOG server) that is public read-only to everyone. This share must be accessible via a UNC path as the service may attempt to install the printers before drive mapping occurs. In this share the printer drives and .inf file must exist. FOG supports install IP based (Jet-Direct) printers, public access NDS printers, Local printers, windows share based printers, (and we think, but could use a confirmation as it hasn't been tested) AD based printers. <br />
<br />
If you wish to see what printers are included with Windows XP, navigate to c:\windows\inf\ntprint.inf. Open this file with a text editor and you will be able to install all the printers listed using the ntprint.inf file. <br />
<br />
To create a new printer definition click on the Printer icon on the system menu bar. Then on the left hand menu, click on '''Add New Printer'''. The form you are presented with will require you to enter:<br />
<br />
<ul><br />
<li>'''Printer Model''' - This must match the name in the INF file.</li><br />
<li>'''Printer Alias''' - This can be anything you wish and it is what the end user will see.</li><br />
<li>'''Printer Port''' - This is something like '''LPT1:''', or '''IP_1.1.1.2'''.</li><br />
<li>'''Printer INF File''' - This is the path to the INF file for the printer driver.</li><br />
<li>'''Printer IP''' - (optional) This is ip address of an IP based printers only, this can take the form of '''1.2.3.4:9100''' or '''1.2.4.5'''. If the port doesn't exist already, it will create one named ''' IP_x.x.x.x''', where x.x.x.x is the ip address. That is what should be entered in the port field.</li><br />
</ul><br />
<br />
After all the required information is entered, click on the '''Add Printer''' button.<br />
<br />
==== Linking Printers to Hosts ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/printer.swf.html Video Tutorial]<br />
<br />
Linking printers to hosts can be done from either the hosts section or the groups section. In the hosts section find the host you would like to add a printer to, click on the edit button associated with that host. In the host menu, click on the '''Printers''' button. First select how you would like the host to be managemed, either '''No Printer Management''', '''Add Only''', or '''Add and Remove'''. Then in the section below, select the printer you would like to install from the drop down list and click on the '''Update''' button.<br />
<br />
==== Creating a Samba Based Printer Store on FOG ====<br />
<br />
If you do not have a public sever where you can store your printer drivers for the FOG Printer Manager, then it is very easy to set one up on the FOG server using Samba, so all your Windows Clients will be able to connect.<br />
<br />
[[Creating a Samba Based Printer Store on FOG]]<br />
<br />
=== The FOG Client Service ===<br />
<br />
<font color="red">Note:</font> Most of the things here about the FOG Client service apply to the legacy FOG client that came with FOG versions 1.2.0 and older. FOG 1.3.0 now comes with a new FOG Client. Details on this can be found here: [[FOG Client]]<br />
<br />
==== Overview ====<br />
<br />
The FOG Client Service is a Windows Service that is intended to be installed on the client computers during the image creation process. The FOG service communicates with the FOG server to provide certain service to the client computers including:<br />
<br />
<br />
*Auto Log Off (0.16)<br />
*Hostname Changes<br />
*Active Directory Integration<br />
*Directory Cleaner (0.16)<br />
*Display Manager (0.16)<br />
*Green FOG (0.16)<br />
*Host registration<br />
*Task Restarting<br />
*Snapin Installation<br />
*User Tracker<br />
*Printer Manager<br />
*User Cleanup (0.16)<br />
*Client Updater<br />
*User Tracker<br />
<br />
==== Module specific configuration settings ====<br />
<br />
The FOG Client Service is very modular in nature, which means you can install portions of the services provided, and leave off others. This also means that it is very easy to create new sub services if you know a little C#. All configuration data is held in a local INI file. Which is typically stored in <br />
<br />
c:\program files\fog\etc\config.ini<br />
<br />
This file holds, in the general section:<br />
<br />
<ul><br />
<li>FOG Server IP address</li><br />
<li>FOG Service installation root</li><br />
<li>FOG Service working directory</li><br />
<li>FOG Log file path</li><br />
<li>Flag indicating if GUI messages should be displayed</li><br />
<li>The max log file size</li><br />
</ul><br />
<br />
==== Installation ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/FogServiceInstall.swf.html Video Tutorial]<br />
<br />
The FOG service should be installed on the computer to be imaged before capturing the image to the FOG Server. <br />
<br />
The FOG service is located in the '''FOG Service/bin''' directory or if the FOG server is already installed it can be downloaded from:<br />
<br />
http://[serverip]/fog/client/<br />
<br />
Double-click on the '''setup.exe''' to start the installation wizard. At the end of the wizard you will need to enter the IP address or hostname of your FOG server.<br />
<br />
[[Image:fogservice.jpg]]<br />
<br />
Then restart the computer, if you don't restart the computer you will have issues with the service GUI appearing correctly.<br />
<br />
===== Quiet Installation =====<br />
<br />
As of version 0.29 and higher, the FOG client now supports a quiet installation mode. This can help automate deployments, by allowing the command to be run without user interaction from batch files. To do this the setup.exe file must be run from the command line with the arguments '''fog-defaults=true /qb'''.<br />
<br />
So the full command would be:<br />
<br />
setup.exe fog-defaults=true /qb<br />
<br />
==== Functions and Operation ====<br />
<br />
=====Auto Log Out=====<br />
<br />
Added in Version 0.16<br />
<br />
This module of the FOG Service will log a user off of a client pc after X minutes of inactivity. This module will display a screen saver-like GUI after 3/4 of the inactive time is up. So if the time out value is 40 minutes, the GUI will be displayed at 30 minutes of inactivity. When the time is up, the client computer will reboot. This service module can be configured via the management portal via:<br />
<br />
FOG Service Configuration -> Auto Log Out<br />
<br />
To enable the module globally, place a check in the box next to '''Auto Log Out Enabled?'''. The time to auto log off can changed globally via '''Default log out time:''' The minimum recommended value for this setting is 4 minutes. <br />
<br />
The background image for the auto log off module can be modified via:<br />
<br />
Other Information -> FOG Settings<br />
<br />
The settings can be changed by modifying the value for '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE'''. This settings will accept a jpg file that is local to the client computer like: <br />
<br />
c:\images\image.jpg<br />
<br />
This setting will also accept files located on a web server such as:<br />
<br />
http://www.somedomain.com/image.jpg<br />
<br />
Provided with FOG is a simple php script that will display a random images that is located on the FOG server. To use this option set '''FOG_SERVICE_AUTOLOGOFF_BGIMAGE''' to <br />
<br />
http://x.x.x.x/fog/public/randomimage.php<br />
<br />
Then simply put the images you would like to use in the following directory on the fog server:<br />
<br />
/var/www/html/fog/public/imagepool<br />
<br />
Images used for the auto log off module must be in jpg format, and must be 300px by 300px.<br />
<br />
=====Hostname Changer=====<br />
<br />
This module of the FOG Service is used to change the hostname of the client computer and to allow the client to (optionally) join a Active Directory Domain after imaging. This process only runs shortly after service startup, which means typically only when you start your computer. The service communicates with the FOG server over port 80 and determines the hostname that is present in the FOG database for the host. The hosts are matched to the FOG database by their MAC addresses. If the hostnames are found to be different, the client changes the computers hostname and restart the computer.<br />
<br />
The config.ini file contains configuration options for this module. <br />
<br />
netdompath=<br />
<br />
Allows you to set the path to the netdom.exe file. In some cases the file does not exist on the system. It can be downloaded from: [http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=de Microsoft Download Center]<br />
<br />
=====Host Register=====<br />
<br />
As of version 0.29, this module will only add additional mac address to a host that is already registered, and add them to the pending mac address table, where they need to be approved in the FOG UI.<br />
<br />
=====Task Reboot=====<br />
<br />
This module periodically checks in with the FOG server to see if the client has an imaging task assigned to it. If a task is found AND no one is logged into the workstation, then the client will restart and join the task.<br />
<br />
The config.ini file contains configuration options for this module. As of version 0.13 of FOG you can change:<br />
<br />
forcerestart=0<br />
<br />
to<br />
<br />
forcerestart=1<br />
<br />
This will make the computer restart if a task is found, regardless of whether a user is logged into the computer.<br />
<br />
You can change how often the service will check in with the server by changing:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins.<br />
<br />
=====Directory Cleaner=====<br />
<br />
Added in version 0.16<br />
<br />
This module will clean out (delete) the contents of a directory on user log off. This useful when you don't want any settings cached between users. This module will only delete the contents of a directory and not the root directory itself, so if you specify '''c:\trash''', the service will remove all files and folders located within c:\trash but leave the folder c:\trash.<br />
<br />
=====Display Manager=====<br />
<br />
Added in version 0.16<br />
<br />
This module is used to restore screen resolution between clients. This will restore a fixed resolution and refresh rate when a user logs into a computer.<br />
<br />
=====Green FOG=====<br />
<br />
Added in version 0.16<br />
<br />
This module will simply shutdown/restart the client computer at a fixed schedule if no user is logged in. The schedule can be defined via the management portal. <br />
<br />
=====Snapin Client=====<br />
<br />
This module periodically checks in with the FOG server to see is the client has an snapin set to be deployed to it. If a snapin is found AND no imaging task is associated with the client, then the client will download the snapin and install it in the background.<br />
<br />
The configuration file contains settings for this module including:<br />
<br />
checkintime=xxx<br />
<br />
where xxx is the number of seconds the service will wait between check-ins. It is important to note that currently the fog client will wait 5 minutes when first connected / established before it starts checking and installing any snapins from the server.<br />
<br />
=====User Tracker=====<br />
<br />
This module attempts to track user access to the host computer by the Windows user name. It attempts to track logins and logoffs as well as well as the state of the computer at service startup. The service will even attempt to track users when they are not on the network by writing all entries to a journal file, then replying the journal the next time the client is on the network.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====User Cleanup=====<br />
<br />
This module will remove all users not white listed in management portal on log off. This module is useful when using services like dynamic local user. All entries in the management white list are treated as prefixes to usernames, which means that they will white list all users that start with whatever was entered in the management front end. For example, if you enter '''admin''' in the management white list, then users '''admin''', and '''administrator''' will NOT be removed from the computer.<br />
<br />
=====Printer Manager=====<br />
<br />
This module checks on service startup to see what printers should be installed/removed from the client PC.<br />
<br />
There are no configuration settings for this module.<br />
<br />
=====Client Updater=====<br />
<br />
This module waits (randomly) between 60 and 500 seconds after service startup to check the local fog server for client updates, and if any are found the service will download and install them. Updates will NOT take effect until after the service is restarted.<br />
<br />
There are no configuration settings for this module.<br />
<br />
==== Keeping Clients up to date ====<br />
<br />
===== Overview =====<br />
<br />
As of version 0.12 of FOG, we have included a client updater module. This module is no different from any of the other sub service modules. This service waits anywhere between 60 and 500 seconds after the FOG service starts up, and then attempts to check with the server for newer FOG service modules. If new modules are found the client will download them, and they will be active on the NEXT service startup. These modules are controlled from the FOG Management Console. <br />
<br />
Only certain modules can be updated, only those that are a sub class of AbstractFOGService. This means you should '''NEVER''' attempt to update the FOGService executable (FOGService.exe file), or the AbstractFOGService.dll file. It is recommended that you not update the ClientUpdater.dll, because if the ClientUpdater.dll file becomes corrupt or not functional, your clients will not be able to update from that point on. Below are a list of the .dll files that can be updated.<br />
<br />
<ul><br />
<li>UserTracker.dll</li><br />
<li>TaskReboot.dll</li><br />
<li>SnapinClient.dll</li><br />
<li>PrinterManager.dll</li><br />
<li>HostRegister.dll</li><br />
<li>HostnameChange.dll</li><br />
<li>GUIWatcher.dll</li><br />
<li>ClientUpdater.dll</li><br />
<li>config.ini</li><br />
</ul><br />
<br />
Care must also be taken when updating the config.ini file, if the IP address is incorrect or the syntax of the file is incorrect, it could leave the FOG service crippled on the client computers.<br />
<br />
===== Posting Updates =====<br />
<br />
To add new modules that can be pushed down to clients, first install a client with the new service or new module and confirm that it works as you would like. Log into the FOG management console, then go to the Infomation/Misc section (the little "i" icon). Click on '''Client Updater''' on the left-hand menu. Now click on the browse button to select the module (.dll) file you would like to post, then click on the capture button. After capturing the file should appear in the table above. If you are adding a new module, you will probably want to capture a new config.ini file to include new configuration settings required by that new module.<br />
<br />
==== FOG Tray ====<br />
<br />
The FOG Tray is a Windows application that runs on user login that docks in the system tray. The FOG Tray, like the FOG service, is very modular in nature. New modules can be dropped in the FOG tray directory and on next load they will be loaded. This tray icon has the ability to communicate with the FOG service, this allows FOG more interactivity with the end-user. <br />
<br />
What happens is that when the FOG service's printer manager module gets a request to set a default printer, the service attempts to contact the FOG Tray. If communication is established, then the service will ask the tray to set the default printer. On the other hand the end user can right click on the "F" icon in the system tray, then select printers, then update my printers. What this will do is attempt to send a request from the FOG Tray to the FOG Service and have the service check for printer updates (new printers or printers to be removed). If one is found the service will install any new printers assigned in the FOG Management portal.<br />
<br />
This application is in its very early stages and currently doesn't have a lot of functionality. It is currently only used to allow end users to update their printers and to allow the setting of default printers (from the FOG service). Our vision for the FOG Tray is to add modules that would allow users to install printers that are published as public (via the management portal) without the printer being directly assigned to their host. We would also like to do the same thing for snapins where some of your snapins could be defined as public where anyone could install them on their computer.<br />
<br />
==== Troubleshooting ====<br />
<br />
If you have problems with the FOG Service, please refer to the log file that is located at:<br />
<br />
c:\fog.log<br />
<br />
If the PXE boot does not work<br />
<br />
If booting from the fog server through pxe comes up with an error file not found, edit /etc/default/tftpd-hpa<br />
<br />
Change TFTP_DIRECTORY to<br />
<br />
TFTP_DIRECTORY="/tftpboot"<br />
Then<br />
<br />
/etc/init.d/tftpd-hpa restart<br />
<br />
=== Snap-ins ===<br />
<br />
==== Overview ====<br />
<br />
*The FOG Service has the ability to install snapins to the clients. Snapins can be anything from whole applications like Microsoft Office to registry keys or desktop icons. Snapins can even be used to uninstall applications or remove unwanted files. For the end use's point of view, they will not even noticed that a snapin is being installed until it is complete. At this point a message will notify them that a new application has been installed on their computer. Snapins can be in MSI (0.17) or EXE formats, and can be created with any snapin creation tool like InstallRite or already packaged MSI files (0.17). You can also push commands to the computer that include .vbs scripts / .cmd (commands) and .bat (batch scripts).<br />
<br />
*Snapin return codes are specified by the program that's being installed.<br />
<br />
<br />
==== Creating a Snapin / Overview ====<br />
<br />
FOG doesn't provide a tool to create snapins, but instead allows you to push files and execute them on the remote computers. It is highly recommended that you push the actual installer to the computer instead of using a program such as InstallRite. <br />
<br />
If you have never silently installed software to a computer, or created an answer file for a program please look at the website Appdeploy [http://www.appdeploy.com/articles/ Link] This website has an trove of information on how to push software to a computer remotely.<br />
<br />
===== Creating a Snapin for larger applications with SFX Maker =====<br />
<br />
Some larger applications such as Microsoft Office and Adobe Products (Acrobat / Creative Suite) require multiple files to install properly. If you have an application that is not a single .exe please use SFX Maker. This tool is free for non commercial use, and most programs fall under the GPL. [http://www.isoft-online.com/ SFX Maker's Website]<br />
<br />
For instructions on how to use this software please see the youtube videos below.<br />
<br />
[http://www.youtube.com/watch?v=ZSMJLnRjn94 Office 2003 Install]<br />
[http://www.youtube.com/watch?v=Qzc1Q9NW_cE Office 2007 Install]<br />
<br />
SFX Maker takes an entire folder and encapsulates it or "folds" it into a single .exe which then "unfolds" to its original state and launches a file or command.<br />
<br />
===== Creating a Snapin with InstallRite =====<br />
<br />
If for some reason you do wish to use Installrite please be aware it comes with issues and limitations (not compatible on all windows operating systems / can cause issues with the computer it is pushed to). Below is an example of how to build a package with that software<br />
<br />
In this example we will use Epsilon Squared's InstallRite which can be downloaded from http://www.epsilonsquared.com/installrite.htm. This application will package up your snapin as an exe file which will be uploaded to the FOG server. <br />
<br />
<ol><br />
<li>To run InstallRite navigate to c:\program files\Epsilon Squared\InstallRite\InstallRite.exe</li><br />
<li>Click on "Install new software and create an InstallKit"</li><br />
<li>On the Configure screen, click Next.</li><br />
<li>On the Snapshot screen click next to create a new system snapshot.</li><br />
<li>On the next screen,click the browse button to select the application you wish to install, then click next.</li><br />
<li>When installation is complete InstallRite will come into focus, click the next button. InstallRite will scan your system again.</li><br />
<li>Enter a name for your snapin.</li><br />
<li>Click "Build Install Kit"</li><br />
<li>Select "Quiet Installation Mode", Never reboot, even if needed, and "Never prompt the user and only overwrite older files"</li><br />
<li>Click OK and it will build your snapin.</li><br />
</ol><br />
<br />
==== Preparing the FOG Server ====<br />
<br />
If your snapin is larger than 2MB you will need to make two changes to the FOG server to allow uploads of larger than 2MB.<br />
<br />
See also: [[Troubleshoot Web Interface]]<br />
<br />
===== Fedora =====<br />
<br />
<br />
#On the FOG Server click on Applications -> Accessories -> Text Editor.<br />
#Select Open and navigate to "/etc/php.ini"<br />
#Change UPLOAD_MAX_FILESIZE to 1900MB (On a 32Bit OS don't set this value above 2GB)<br />
#Change POST_MAX_SIZE to the same value.<br />
#Save and close the text editor.<br />
#Click on Applications ->System Tools -> Terminal and type "service httpd restart"<br />
<br />
===== Ubuntu =====<br />
<br />
#sudo gedit /etc/php5/apache2/php.ini<br />
#Change <br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
#Save Changes<br />
#sudo /etc/init.d/apache2 restart<br />
<br />
<br />
===== VMWare =====<br />
<br />
#sudo vim /etc/php5/apache2/php.ini<br />
#Edit the following lines in the document (read below for assistance with working in VIM)<br />
##memory_limit = 1900M<br />
##post_max_size=1900M <br />
##upload_max_filesize=1900M <br />
<br />
<br />
*To edit content in vim you will need to press the '''"I"''' key on your keyboard to enter input mode.<br />
*Hitting the '''Escape''' key will bring you out of input mode.<br />
*Once out of input mode type ''':w''' and then '''enter''' to save the file<br />
*Restart FOG once the file has been saved<br />
<br />
==== Uploading the Snapin ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/CreateSnapin.swf.html Video Tutorial]<br />
<br />
<ol><br />
<li>In the FOG Management Portal click on the Snapin Icon (Puzzle Pieces).</li><br />
<li>On the left-hand menu click on the New Snapin Button.</li><br />
<li>Enter a Snapin Name and Description.</li><br />
<li>Browse to the snapin file you wish to upload.</li><br />
<li>If you want the computer to restart after the snapin is installed click on the "Reboot after install"</li><br />
<li>Click "Add"</li><br />
</ol><br />
<br />
<br />
<br />
As of version 0.17, fog supports using typical msi files as snapin files.<br />
<br />
If the snapin file is a msi file you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of msiexec.exe (ie: c:\windows\system32\msiexec.exe)</li><br />
<li>Set '''Snapin Run With Arguments:''' to '''/i'''</li><br />
<li>Set '''Snapin Arguments:''' to '''/qn'''</li><br />
</ol><br />
<br />
If the snapin file is a .vb script you must perform these additional steps:<br />
<br />
<ol><br />
<li>Set '''Snapin Run With:''' to the path of cscript.exe (ie: c:\windows\system32\cscript.exe)</li><br />
</ol><br />
<br />
<br />
<br />
'''Documentation on list of support snapin's and command line arguments''' [[http://www.fogproject.org/wiki/index.php?title=Supported_Snapin%27s_and_Command_Line_Switches]] There are MANY more supported applications that can be installed via command line arguments. You might have better luck installing them directly via .EXE / .MSI / or scripting them via .VBS . For more info on this consult the forums --[[User:Ssx4life|Ssx4life]] 09:04, 8 October 2009 (MST)<br />
<br />
==== Linking the Snapin to Hosts ====<br />
<br />
In order for a snapin to be deployed it must be linked with a host. To do this perform the following:<br />
<br />
<ol><br />
<li>In the FOG Management Portal, click on the Hosts Icon.</li><br />
<li>Search for and select a host and click on the edit button.</li><br />
<li>Scroll down to the snapin section.</li><br />
<li>Select the snapin you just created from the drop-down box and click the "Add Snapin" button.</li><br />
</ol><br />
<br />
The next time you image the computer the FOG Service will attempt to install that snapin. If you have problems, please see the fog log file located at c:\fog.log on the client PC.<br />
<br />
=== Client Side Tasks ===<br />
<br />
==== FOG Version ====<br />
<br />
Applies to version 0.12 or higher.<br />
<br />
==== Overview ====<br />
<br />
FOG attempts to keep management centralized, but in an attempt to make deploying machines as easy as possible FOG has added a few basic client side tasks. These tasks can be run from the client computer during the PXE boot process. When the client boots and the FOG banner is displayed the pxe client will display a prompt like '''boot:''' or something similar. At this point you have 3 seconds to start typing one of the following commands. <br />
<br />
<ul><br />
<li>fog.memtest</li><br />
<li>fog.reg</li><br />
<li>fog.reginput</li><br />
</ul><br />
<br />
==== fog.memtest ====<br />
<br />
This command will run the memtest86+ on the client computer. <br />
<br />
==== fog.reg ====<br />
<br />
This command will run the basic host registration and inventory process without any user input. It will register any new/unregistered hosts with the FOG server and pull a basic hardware inventory from them. The hostname of the computer will be the same as the MAC address without the ":".<br />
<br />
If a host is already registered, then only an inventory will be performed.<br />
<br />
==== fog.reginput ====<br />
<br />
[http://freeghost.sourceforge.net/videotutorials/RegImage.swf.html View Host Registration Video]<br />
<br />
This command will run the full host registration process with user input, inventory and give the option to push down an image, all at the same time. During this process the user registering the host will be prompted for the computer host name, ip address, operating system ID, image ID, Primary User of the computer, asset tag 1, and asset tag 2. <br />
<br />
If a valid hostname, os id, and image id are given and the option is selected to image the workstation after registration, the host will reboot and an imaging send will began. <br />
<br />
If a host is already registered, then only an inventory will be performed, this prevents end-users from re-registering a machine with a different hostname, etc.<br />
<br />
This tasks was designed for institutions that may get shipments of hundreds of computers that need to be deployed very quickly. They can be unboxed, inventoried, imported into FOG and imaged very quickly. <br />
<br />
===== Operating System ID =====<br />
<br />
As of Version 0.17 of fog, you can now enter '''?''' at the Operating System ID prompt to get a listing of the valid operating system id values. <br />
<br />
The following are valid values for operating system IDs:<br />
<br />
<ul><br />
<li><b>1</b> - Windows 2000 / Windows XP</li><br />
<li><b>2</b> - Windows Vista</li><br />
<li><b>3</b> - Windows 98</li><br />
<li><b>4</b> - Windows (Other)</li><br />
<li><b>5</b> - Windows 7</li><br />
<li><b>50</b> - Linux</li><br />
<li><b>99</b> - Other</li><br />
</ul><br />
<br />
===== Image ID =====<br />
<br />
Image IDs can be found in the management console, in the Images section. Search for the image, and click on the edit button associated with the image, <br />
the image id will be in the Address/url bar in the format of <b>&imageid=xx</b>.<br />
<br />
As of version 0.17, you can enter '''?''' at the Image ID prompt to get a listing of all your images and their ID numbers.<br />
<br />
=== Active Directory Integration ===<br />
<br />
==== Setup ====<br />
<br />
===== Overview =====<br />
<br />
FOG has the ability to register a host with Active Directory, in a limited sense. Versions of FOG up to and including 0.28 rely on the netdom.exe executable that is provided as part the support tools on the Windows installation media. In order for Active Directory integration to function, your image will need to have the FOG service installed, along with the Windows Support Tools.<br />
<br />
Versions of FOG from (and including) 0.29 have this functionality built in and do NOT require netdom.exe or the support tools to be installed.<br />
<br />
It is also very important that before capturing your image that the computer is NOT a member of any domain.<br />
<br />
===== Security =====<br />
<br />
<font color="red">Note: The below statement applies to older FOG versions (1.2.0 and below). When using FOG 1.3.0 and above in conjunction with the NEW fog client, this step is not needed. See [https://wiki.fogproject.org/wiki/index.php?title=FOG_Client here] for more information.</font><br />
<br />
<br />
'''Important - Please read!'''<br />
<br />
In order to add a computer to a domain, FOG requires a username and password of an account that has rights to the OU where the computer objects are stored in the domain tree. This user account should have rights to join computers to the Domain, as well as sufficient rights to create/manage computer objects. FOG attempts to keep your password secure by encrypting it, but since FOG is open source, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and only need to be done one time. Please see the documentation below.<br />
<br />
===== Preparing the Image =====<br />
<br />
Before capturing an image to FOG that you would like to use with Active Directory, please ensure that the image:<br />
<br />
<ul><br />
<li>is NOT a member of the domain, change the computer membership to workgroup instead.</li><br />
<li>has support tools installed (Not required for FOG versions from 0.29).</li><br />
<li>has the FOG service installed.</li><br />
</ul><br />
<br />
===== FOG Setup =====<br />
<br />
To setup a host to use AD, navigate to the hosts section of the FOG management portal. <br />
<br />
<ol><br />
<li>Search for, and select a host. </li><br />
<li>Click on the Edit button</li><br />
<li>Scroll down to the Active Directory section.</li><br />
<li>Check the box next to Join Domain after image task</li><br />
<li>Enter the domain NETBIOS name (i.e. MYDOMAIN, not mydomain.com).</li><br />
<li>Enter the Organizational Unit where you would like to have the computer stored in AD. Leave if blank for the default. (Must be in LDAP format).</li><br />
<li>Enter the user name that has access to the computer objects. Do not include the domain name if you are running version 1.2 (your mileage may vary with earlier versions). Development version of FOG will accept a name with or without domain ('''username ''OR'' mydomain/username''').</li><br />
<li>Enter the encrypted password. This password must be encrypted with the [[FOGCrypt]] utility. This utility is located in the FOGCrypt folder of the FOG download package. It is a Windows (.NET) command line application.</li><br />
<li>Click Update.</li><br />
</ol><br />
<br />
The next time you image that computer the service will attempt to register the host with the domain information provided. If you have problems please refer to the FOG Service log file located in c:\fog.log<br />
<br />
===== Making AD Integration Easier =====<br />
<br />
As of version 0.20 of FOG, we have made it a bit easier to manage AD settings in FOG, by allowing for default settings for AD. This will allow the easy population of the domain, OU, username, and password. To set this feature up perform the following:<br />
<br />
# Go to '''Other Information''' -> '''FOG Settings'''<br />
# Set your default values for the following:<br />
## FOG_AD_DEFAULT_DOMAINNAME<br />
## FOG_AD_DEFAULT_OU<br />
## FOG_AD_DEFAULT_USER<br />
## FOG_AD_DEFAULT_PASSWORD (MUST BE ENCRYPTED!)<br />
<br />
To test everything out, go to a host that doesn't have anything setup for AD, and click on the edit button for that host. Go to the host menu, and select Active Directory. Click on the '''Join Domain after image task:''' button and all your default values should be populated.<br />
<br />
==== Securing Active Directory Integration ====<br />
<br />
===== Overview =====<br />
<br />
In order to add a computer to a domain, FOG requires a username and password that has rights to the OU where the computer objects are stored in the domain tree. FOG attempts to keep your password secure by encrypting it, but since FOG is open source and the methods used to encrypt the password are open for all to see, it is possible for someone to decrypt your password if you don't change the FOG "Passkey." It is highly recommended that you change this Passkey before implementing the AD integration in a production environment. Changing the Passkey requires you to recompile the FOG Service's Hostname change module, but don't panic this isn't hard and it only needs to be done one time. <br />
<br />
===== The Development Environment =====<br />
<br />
The hostname change module is written in c#, so in order to recompile it you will need to download Microsoft's Visual Studio Express Edition for C#. This can be downloaded from: <br />
<br />
http://www.microsoft.com/express/vcsharp/<br />
<br />
Install Visual Studio with the standard options.<br />
<br />
===== Getting the Source =====<br />
<br />
After Visual Studio Express is installed now we need to get the source code for the hostname change module. This is part of FOG download/installation package. This package can be downloaded from:<br />
<br />
http://sourceforge.net/project/showfiles.php?group_id=201099 <br />
<br />
Extract this package, then navigate to "FOG Service\src\FOG_HostNameChanger\"<br />
<br />
Double-click on HostNameChange.sln to open the project. <br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > hostnamechanger properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Once the project has opened, on the right-hand panel, in the "Solution Explorer", double-click on MOD_HostNameChanger.cs.<br />
<br />
After do so, you should get the source code to display in the main panel, scroll down to the line:<br />
<br />
private const String PASSKEY = "FOG-OpenSource-Imaging"; <br />
<br />
Change '''FOG-OpenSource-Imaging''' to anything you like, just remember what you change it to, as you will need it later.<br />
<br />
Then click File -> Save All.<br />
<br />
Then click Build -> Build Solution.<br />
<br />
This will recompile the hostname change module with your unique key.<br />
<br />
Now navigate to "FOG Service\src\FOG_HostNameChanger\bin\Release"<br />
<br />
Copy only the file HostnameChange.dll to "FOG Service\src\FOG Service\bin\Release" (overwrite existing file).<br />
<br />
Navigate to "FOG Service\src\FOG Service\"<br />
<br />
Open the solution by double-clicking "FogService.sln"<br />
<br />
If you are asked to convert the project to the latest version, click the Finish button.<br />
<br />
If you are using Visual Studion 2010, you need to change the target .NET framework to .NET 2.0. Do this by going to Project > FOGService properties. On the Application tab, change the Target Framework to .NET 2.0 <br />
<br />
Change the build configuration from debug to release<br />
<br />
Right click on "FOG Service Install" and click "Build"<br />
<br />
Navigate to "FOG Service\src\FOG Service Installer\Release"<br />
<br />
Select the 2 files, right-click -> Send To -> Compressed Folder<br />
<br />
Copy the .zip file to your FOG Server "/var/www/html/fog/client". Overwrite the existing file.<br />
<br />
===== Encrypting Your Password =====<br />
<br />
Now that we have changed the passkey, we need you update the FOGCrypt ini file to use this new passkey. <br />
<br />
Navigate to the FOGCrypt\etc directory from the FOG download package.<br />
<br />
Open the config.ini file and change the passkey value to your new passkey, then save the file.<br />
<br />
Now open a command window and navigate using the cd command to the FOGCrypt directory.<br />
<br />
Type:<br />
<br />
FOGCrypt [password]<br />
<br />
Where [password] is the AD user's password that has rights to the Computers section of the AD tree.<br />
<br />
The output from this command is what you will enter in the FOG management portal.<br />
<br />
<br />
=== FOG Reports ===<br />
<br />
==== FOG Version ====<br />
<br />
Relates to FOG Version 0.12 or higher. <br />
<br />
==== Overview ====<br />
<br />
FOG Reports allow you to export data from FOG in two major formats including CSV, and PDF.<br />
<br />
#'''Snapin Log''' - This report will report on snapin installation history. <br />
#'''Imaging Log''' - This report will report on images deployed to hosts.<br />
#'''Virus History''' - This report lists any viruses that were found on locate computers. <br />
#'''Inventory''' - This report will report on the inventory information collect for network clients. <br />
#'''Equipment Loan''' - This report can be used for equipment loaned to staff members. <br />
#'''User Login History''' - This report contains information about user logins.<br />
<br />
==== Running Reports ====<br />
<br />
Running a report can be done from the Reports section of FOG, then by picking a report from the left-hand menu.<br />
<br />
==== Importing User Created Reports ====<br />
<br />
The reporting section of FOG allows for the end user to create and upload custom reports into FOG. A FOG report is a simple php script that is processed by the server. To import a report simply click on the '''Upload a Report''' button in the reports section, select the report then click on the upload button. The report will then show up on the left-hand menu. <br />
<br />
Please be cautious when uploading reports from an unknown source as the writer of the report has full access to the FOG system and database! Make sure your sources are trustworthy before importing a report!<br />
<br />
==== Creating Custom Report ====<br />
<br />
Custom reports are simple php scripts in FOG. Custom reports can be created based on the following template:<br />
<br />
[http://freeghost.sf.net/other/ReportTemplate.tar.gz Report Template]<br />
<br />
<br />
<br />
=== Plugins ===<br />
*[[Plugins]] give FOG extra functionality wanted for some users but not all.<br />
<br />
=== Other Settings ===<br />
<br />
==== [[Boot Image Key Map]] ====<br />
<br />
==== FOG Client Kernel ====<br />
<br />
===== Overview =====<br />
<br />
In FOG, there aren't really drivers you need to find and download for your clients to work, this is because we ship a Linux kernel that has the majority of hardware device built into it. What this means is if you have a device that doesn't work with FOG you need to either build a new kernel yourself or try a newer kernel that has been released via our kernel updater.<br />
<br />
<br />
===== Kernel Types =====<br />
<br />
We currently build two "lines" of kernels, one called KS or KitchenSink. This kernel tries to include drivers for as many devices as possible, sometimes as the cost of performance, and this is the kernel that we ship with FOG by default. The other "line" is the PS kernel or the Peter Sykes kernel, which is a based on a config submitted by a user. This kernel line tries to be faster, but may not include as many drivers as the KS kernel. <br />
<br />
===== Updating the Kernel =====<br />
<br />
It is possible to update your client kernel from within the UI of FOG. To do this perform the following steps:<br />
<br />
#Log into the FOG Management UI.<br />
#Go to '''Other Information'''<br />
#Select '''Kernel Updates'''<br />
#Select the Kernel you would like to download, typically the newest kernels are on the top of the list.<br />
#Click the download icon<br />
#Select a file name for your kernel, to make it the default kernel leave the name as '''bzImage'''<br />
#Click the '''Next''' Button<br />
<br />
=== Mobile Management Interface ===<br />
<br />
==== Overview ====<br />
<br />
The FOG Mobile web interface is a very basic, stripped down interface for FOG. It is designed to be given to lower level technicians using low powered, mobile devices such as iPod touches, iPhone, PDAs, and internet tablets. The idea behind this interface is to make it easy for techs to re-image a computer while making the rounds at a site.<br />
<br />
==== Using the mobile Interface ====<br />
<br />
The mobile interface can be access via:<br />
<br />
http://x.x.x.x/fog/mobile<br />
<br />
The portal requires a valid user name in password, which can be created via the FOG portal. <br />
<br />
[[Image:Ipod login.JPG]]<br />
<br />
Once logged into the portal, users can search for hosts and image them, and view/cancel active tasks. <br />
<br />
[[Image:Ipod results.JPG]]<br />
<br />
[[Image:Ipod active.JPG]]<br />
<br />
They can not change image associations, nor modify any properties of a host.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12625HTTPS2020-02-25T19:32:18Z<p>SebastianRoth: </p>
<hr />
<div>Secure connections like HTTPS have become state of the art all over the web over the years. While FOG did use secure encryption (not HTTPS but a custom secure channel) for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
== Installation ==<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 the installer will ask you if it should be enabled or not. Both ways you will end up with FOG run in HTTPS mode.<br />
<br />
The installer will generate a different Apache configuration to enable HTTPS and redirect all requests from HTTP to HTTPS (minor exceptions exist). While this might sound simple there is really a lot more to it in the FOG world. Read on to learn about this in detail.<br />
<br />
== FOG web UI ==<br />
The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old URL to HTTPS.<br />
<br />
All fine but now I get warnings in my web browser saying this connection is not secure. Yes, this is because we can't offer certificates signed by an official certificate authority (which your web browser would trust). We use self generated CA and certificates which are not known to your browser. You can either ignore the warning or grab <code>/opt/fog/snapins/ssl/CA/.fogCA.pem</code> from your FOG server (e.g. using WinSCP or scp) and import that to your (browser) certificate store.<br />
<br />
* Firefox: Preferences -> Privacy & Security -> Certificates -> View Certificates -> Your Certificates -> Import...<br />
* Chrome: Settings -> Show advanced settings -> HTTPS/SSL -> Manage certificates -> Your Certificates -> Import...<br />
* Opera: Browser settings -> Advanced -> Privacy & security -> Manage certificates -> Your Certificates -> Import<br />
* IE/Edge: cmd: <code>certutil -addstore -f -user "Root" path\to\.fogCA.pem</code><br />
<br />
== PXE boot ==<br />
When enabling HTTPS the installer compiles custom iPXE binaries for you including your personal FOG server CA certificate to be able to communicate with your secure FOG webserver. Manual adjustments should not be needed for this to work but it's quite likely this is causing trouble for some of you. If you see the error message <code>https://x.x.x.x/fog/service/ipxe/boot.php... Permission denied ...</code> on PXE booting you will be dropped to the iPXE command shell. Running the command <code>certstat</code> will show you the certificates known to iPXE at this stage:<br />
<blockquote><pre>iPXE> certstat<br />
FOG Server CA: ... [PERMANENT]<br />
x.x.x.x: ...</pre></blockquote><br />
The output might differ from what you see. In this example we see that the FOG Server CA cert is embedded into the binary (permanent) and the following line shows the certificate iPXE received when contacting the webserver ''but'' it's unable to validate this cert. If it would be able to check the certificates both lines would be marked as <code>[VALIDATED]</code>. So in this case the CA cert compiled into the binary doesn't match the one which the web server certificate was signed with. More often you might just see no line starting with <code>FOG Server CA</code>. The binary was compiled with no embedded CA cert and iPXE is not to verify the cert received from the webserver.<br />
<br />
Either way you need to check your CA and certificate files on your FOG server and take a look at the installer log files in <code>fogproject/bin/error_logs/</code> to see why it didn't succeed compiling the right certificate into the iPXE binaries.<br />
<br />
Wrong system time can cause an issue as iPXE also checks if the embedded root CA certificate is valid based on the time. iPXE receives the current time from the BIOS / UEFI firmware and fails with <code>... Permission denied ...</code> on the HTTPS connection if it can't validate the root CA cert due to it not being valid with the wrong time set on the machine.<br />
<br />
If you can't find what's causing this you might consider re-running the FOG installer using command line options to re-generate the SSL keys and certs. '''<font style=color:red>But be aware this will break communication with all your fog-clients talking to this FOG server!</font>''' We do NOT recommend using this unless you really know what you are doing. Enough warning, here you go: <code>./installfog.sh --recreate-ca</code><br />
<br />
== fog-client ==<br />
When the new fog-client came to life a few years back it was intended to enable secure communication between client and FOG server without forcing the webserver to HTTPS because the implications with PXE booting seemed too complex to force all users straight away. Therefore an encrypted communication channel was implemented that can be delivered over simple HTTP protocol without changing the webserver configuration.<br />
<br />
Now if you enable HTTPS on your FOG server you will need to update your fog-client settings as well. Edit <code>C:\Program Files (x86)\FOG\settings.json</code> and set HTTPS to 1. Save and restart the client.<br />
<br />
== Custom CA and certificates ==<br />
In many environments certificates from an internal CA are used. While you can switch over to use your custom cert with FOG you need to be aware of possible culprits. Using a custom CA was given enough thought when HTTPS support was added to FOG and so we need to kind of build around what we currently have - FOG 1.5.8 as of writing this in Feb 2020.<br />
<br />
As described above the fog-client software uses internal encryption which is not the same as HTTPS. While switching to HTTPS with a custom CA does work with the fog-client by adjusting the <code>settings.json</code> you need to choose one of two ways for making the internal encryption work as well:<br />
* Re-compile fog-client software to trust your custom CA:<br />
*: Replace the strings <code>FOG Server CA</code> and <code>CN=FOG Server CA</code> in [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Data/RSA.cs#L131 RSA.ca] and [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Middleware/Communication.cs#L302 Communication.cs] to match your custom CA common name. Then re-compile your own custom fog-client installer binaries. I won't go into any more details for now as I don't think many people will choose this path, it has other drawbacks (talking about auto upgrading) and we'll probably re-think and change this some time in the future anyway.<br />
* Use your custom CA for Apache configuration only but stick to FOG CA for fog-client internal encryption. While it might seem complicated at first I still think this is currently the easiest way to make it work:<br />
** Install FOG as usual but enable HTTPS (command line parameter or answer yes to the installer question on HTTPS). This will generate the FOG Server CA cert needed for the fog-client internal encryption.<br />
** Grab your custom CA certificate (1), web server certificate (2) & key (3) file and put those in the following paths (overwriting the original files generated by FOG installer):<br />
**# CA certificate: <code>/var/www/html/fog/management/other/ca.cert.pem</code> (use PEM format and '''<font color="red">do not</font> touch the ca.cert.der file in that same folder''' as this is used by fog-client's internal encryption)<br />
**# web server certificate: <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> (as well PEM format)<br />
**# web server key file: <code>/opt/fog/snapins/ssl/.srvprivate.key</code><br />
** Make sure you have your custom CA certificate imported into the Windows cert store on your client machines and adjusted <code>settings.json</code> to use HTTPS as well.<br />
** Restart Apache webserver<br />
** Re-build iPXE binaries using your custom CA '''and test PXE booting''':<br />
<blockquote><pre>sudo -i<br />
cd path/to/fogproject-source/utils/FOGiPXE/<br />
./buildipxe.sh /var/www/html/fog/management/other/ca.cert.pem<br />
cd ../../packages/tftp/<br />
find -type f -exec cp -Rfv {} /tftpboot/{} \;</pre></blockquote><br />
<blockquote><font color="red">Notice:</font> Be aware that whenever you re-run the FOG installer (update or for whatever other reason) it will overwrite your custom <code>/var/www/html/fog/management/other/ca.cert.pem</code> and <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> file. So you will need to put those two files back in place and restart Apache. Re-compile of iPXE binaries should not be needed. Don't see this as bad intention as it's simply how the installer was created to make sure things were "correct" on every run. We will consider changing this behavior as more people will use custom CAs.</blockquote><br />
<br />
== Known issues ==<br />
# We have seen issues with PXE booting when certificates from a certain vendor were used. Find details here:<br />
#: https://forums.fogproject.org/topic/12768/not-able-to-tftp-boot-invalid-argument-error<br />
#: http://forum.ipxe.org/showthread.php?tid=16998<br />
# When changing or re-creating (be careful!) the CA you need to make sure the rootcert part of iPXE is being rebuild.<br />
#: Either upgrade to the latest (dev) version or update your build script manually according to the [https://github.com/FOGProject/fogproject/commit/dc5b877b2604c117f235ad5f099ec55bf85c2fe0 fix you find on github].</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12624HTTPS2020-02-25T19:31:46Z<p>SebastianRoth: /* PXE boot */</p>
<hr />
<div>Secure connections like HTTPS have become state of the art all over the web over the years. While FOG did use secure encryption (not HTTPS but a custom secure channel) for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
== Installation ==<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 the installer will ask you if it should be enabled or not. Both ways you will end up with FOG run in HTTPS mode.<br />
<br />
The installer will generate a different Apache configuration to enable HTTPS and redirect all requests from HTTP to HTTPS (minor exceptions exist). While this might sound simple there is really a lot more to it in the FOG world. Read on to learn about this in detail.<br />
<br />
== FOG web UI ==<br />
The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old URL to HTTPS.<br />
<br />
All fine but now I get warnings in my web browser saying this connection is not secure. Yes, this is because we can't offer certificates signed by an official certificate authority (which your web browser would trust). We use self generated CA and certificates which are not known to your browser. You can either ignore the warning or grab <code>/opt/fog/snapins/ssl/CA/.fogCA.pem</code> from your FOG server (e.g. using WinSCP or scp) and import that to your (browser) certificate store.<br />
<br />
* Firefox: Preferences -> Privacy & Security -> Certificates -> View Certificates -> Your Certificates -> Import...<br />
* Chrome: Settings -> Show advanced settings -> HTTPS/SSL -> Manage certificates -> Your Certificates -> Import...<br />
* Opera: Browser settings -> Advanced -> Privacy & security -> Manage certificates -> Your Certificates -> Import<br />
* IE/Edge: cmd: <code>certutil -addstore -f -user "Root" path\to\.fogCA.pem</code><br />
<br />
== PXE boot ==<br />
When enabling HTTPS the installer compiles custom iPXE binaries for you including your personal FOG server CA certificate to be able to communicate with your secure FOG webserver. Manual adjustments should not be needed for this to work but it's quite likely this is causing trouble for some of you. If you see the error message <code>https://x.x.x.x/fog/service/ipxe/boot.php... Permission denied ...</code> on PXE booting you will be dropped to the iPXE command shell. Running the command <code>certstat</code> will show you the certificates known to iPXE at this stage:<br />
<blockquote><pre>iPXE> certstat<br />
FOG Server CA: ... [PERMANENT]<br />
x.x.x.x: ...</pre></blockquote><br />
The output might differ from what you see. In this example we see that the FOG Server CA cert is embedded into the binary (permanent) and the following line shows the certificate iPXE received when contacting the webserver ''but'' it's unable to validate this cert. If it would be able to check the certificates both lines would be marked as <code>[VALIDATED]</code>. So in this case the CA cert compiled into the binary doesn't match the one which the web server certificate was signed with. More often you might just see no line starting with <code>FOG Server CA</code>. The binary was compiled with no embedded CA cert and iPXE is not to verify the cert received from the webserver.<br />
<br />
Either way you need to check your CA and certificate files on your FOG server and take a look at the installer log files in <code>fogproject/bin/error_logs/</code> to see why it didn't succeed compiling the right certificate into the iPXE binaries.<br />
<br />
Wrong system time can cause an issue as iPXE also checks if the embedded root CA certificate is valid based on the time. iPXE receives the current time from the BIOS / UEFI firmware and fails with <code>... Permission denied ...</code> on the HTTPS connection if it can't validate the root CA cert due to it not being valid with the wrong time set on the machine.<br />
<br />
If you can't find what's causing this you might consider re-running the FOG installer using command line options to re-generate the SSL keys and certs. '''<font style=color:red>But be aware this will break communication with all your fog-clients talking to this FOG server!</font>''' We do NOT recommend using this unless you really know what you are doing. Enough warning, here you go: <code>./installfog.sh --recreate-ca</code><br />
<br />
== fog-client ==<br />
When the new fog-client came to life a few years back it was intended to enable secure communication between client and FOG server without forcing the webserver to HTTPS because the implications with PXE booting seemed too complex to force all users straight away. Therefore an encrypted communication channel was implemented that can be delivered over simple HTTP protocol without changing the webserver configuration.<br />
<br />
Now if you enable HTTPS on your FOG server you will need to update your fog-client settings as well. Edit <code>C:\Program Files (x86)\FOG\settings.json</code> and set HTTPS to 1. Save and restart the client.<br />
<br />
== Custom CA and certificates ==<br />
In many environments certificates from an internal CA are used. While you can switch over to use your custom cert with FOG you need to be aware of possible culprits. Using a custom CA was given enough thought when HTTPS support was added to FOG and so we need to kind of build around what we currently have - FOG 1.5.8 as of writing this in Feb 2020.<br />
<br />
As described above the fog-client software uses internal encryption which is not the same as HTTPS. While switching to HTTPS with a custom CA does work with the fog-client by adjusting the <code>settings.json</code> you need to choose one of two ways for making the internal encryption work as well:<br />
* Re-compile fog-client software to trust your custom CA:<br />
*: Replace the strings <code>FOG Server CA</code> and <code>CN=FOG Server CA</code> in [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Data/RSA.cs#L131 RSA.ca] and [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Middleware/Communication.cs#L302 Communication.cs] to match your custom CA common name. Then re-compile your own custom fog-client installer binaries. I won't go into any more details for now as I don't think many people will choose this path, it has other drawbacks (talking about auto upgrading) and we'll probably re-think and change this some time in the future anyway.<br />
* Use your custom CA for Apache configuration only but stick to FOG CA for fog-client internal encryption. While it might seem complicated at first I still think this is currently the easiest way to make it work:<br />
** Install FOG as usual but enable HTTPS (command line parameter or answer yes to the installer question on HTTPS). This will generate the FOG Server CA cert needed for the fog-client internal encryption.<br />
** Grab your custom CA certificate (1), web server certificate (2) & key (3) file and put those in the following paths (overwriting the original files generated by FOG installer):<br />
**# CA certificate: <code>/var/www/html/fog/management/other/ca.cert.pem</code> (use PEM format and '''<font color="red">do not</font> touch the ca.cert.der file in that same folder''' as this is used by fog-client's internal encryption)<br />
**# web server certificate: <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> (as well PEM format)<br />
**# web server key file: <code>/opt/fog/snapins/ssl/.srvprivate.key</code><br />
** Make sure you have your custom CA certificate imported into the Windows cert store on your client machines and adjusted <code>settings.json</code> to use HTTPS as well.<br />
** Restart Apache webserver<br />
** Re-build iPXE binaries using your custom CA '''and test PXE booting''':<br />
<blockquote><pre>sudo -i<br />
cd path/to/fogproject-source/utils/FOGiPXE/<br />
./buildipxe.sh /var/www/html/fog/management/other/ca.cert.pem<br />
cd ../../packages/tftp/<br />
find -type f -exec cp -Rfv {} /tftpboot/{} \;</pre></blockquote><br />
<blockquote><font color="red">Notice:</font> Be aware that whenever you re-run the FOG installer (update or for whatever other reason) it will overwrite your custom <code>/var/www/html/fog/management/other/ca.cert.pem</code> and <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> file. So you will need to put those two files back in place and restart Apache. Re-compile of iPXE binaries should not be needed. Don't see this as bad intention as it's simply how the installer was created to make sure things were "correct" on every run. We will consider changing this behavior as more people will use custom CAs.</blockquote><br />
<br />
== Storage node setups ==<br />
TBD<br />
<br />
== Known issues ==<br />
# We have seen issues with PXE booting when certificates from a certain vendor were used. Find details here:<br />
#: https://forums.fogproject.org/topic/12768/not-able-to-tftp-boot-invalid-argument-error<br />
#: http://forum.ipxe.org/showthread.php?tid=16998<br />
# When changing or re-creating (be careful!) the CA you need to make sure the rootcert part of iPXE is being rebuild.<br />
#: Either upgrade to the latest (dev) version or update your build script manually according to the [https://github.com/FOGProject/fogproject/commit/dc5b877b2604c117f235ad5f099ec55bf85c2fe0 fix you find on github].</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12623HTTPS2020-02-25T19:29:42Z<p>SebastianRoth: /* Known issues */</p>
<hr />
<div>Secure connections like HTTPS have become state of the art all over the web over the years. While FOG did use secure encryption (not HTTPS but a custom secure channel) for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
== Installation ==<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 the installer will ask you if it should be enabled or not. Both ways you will end up with FOG run in HTTPS mode.<br />
<br />
The installer will generate a different Apache configuration to enable HTTPS and redirect all requests from HTTP to HTTPS (minor exceptions exist). While this might sound simple there is really a lot more to it in the FOG world. Read on to learn about this in detail.<br />
<br />
== FOG web UI ==<br />
The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old URL to HTTPS.<br />
<br />
All fine but now I get warnings in my web browser saying this connection is not secure. Yes, this is because we can't offer certificates signed by an official certificate authority (which your web browser would trust). We use self generated CA and certificates which are not known to your browser. You can either ignore the warning or grab <code>/opt/fog/snapins/ssl/CA/.fogCA.pem</code> from your FOG server (e.g. using WinSCP or scp) and import that to your (browser) certificate store.<br />
<br />
* Firefox: Preferences -> Privacy & Security -> Certificates -> View Certificates -> Your Certificates -> Import...<br />
* Chrome: Settings -> Show advanced settings -> HTTPS/SSL -> Manage certificates -> Your Certificates -> Import...<br />
* Opera: Browser settings -> Advanced -> Privacy & security -> Manage certificates -> Your Certificates -> Import<br />
* IE/Edge: cmd: <code>certutil -addstore -f -user "Root" path\to\.fogCA.pem</code><br />
<br />
== PXE boot ==<br />
When enabling HTTPS the installer compiles custom iPXE binaries for you including your personal FOG server CA certificate to be able to communicate with your secure FOG webserver. Manual adjustments should not be needed for this to work but it's quite likely this is causing trouble for some of you. If you see the error message <code>https://x.x.x.x/fog/service/ipxe/boot.php... Permission denied ...</code> on PXE booting you will be dropped to the iPXE command shell. Running the command <code>certstat</code> will show you the certificates known to iPXE at this stage:<br />
<blockquote>iPXE> certstat<br />
FOG Server CA: ... [PERMANENT]<br />
x.x.x.x: ...</blockquote><br />
The output might differ from what you see. In this example we see that the FOG Server CA cert is embedded into the binary (permanent) and the following line shows the certificate iPXE received when contacting the webserver ''but'' it's unable to validate this cert. If it would be able to check the certificates both lines would be marked as <code>[VALIDATED]</code>. So in this case the CA cert compiled into the binary doesn't match the one which the web server certificate was signed with. More often you might just see no line starting with <code>FOG Server CA</code>. The binary was compiled with no embedded CA cert and iPXE is not to verify the cert received from the webserver.<br />
<br />
Either way you need to check your CA and certificate files on your FOG server and take a look at the installer log files in <code>fogproject/bin/error_logs/</code> to see why it didn't succeed compiling the right certificate into the iPXE binaries.<br />
<br />
Wrong system time can cause an issue as iPXE also checks if the embedded root CA certificate is valid based on the time. iPXE receives the current time from the BIOS / UEFI firmware and fails with <code>... Permission denied ...</code> on the HTTPS connection if it can't validate the root CA cert due to it not being valid with the wrong time set on the machine.<br />
<br />
If you can't find what's causing this you might consider re-running the FOG installer using command line options to re-generate the SSL keys and certs. '''<font style=color:red>But be aware this will break communication with all your fog-clients talking to this FOG server!</font>''' We do NOT recommend using this unless you really know what you are doing. Enough warning, here you go: <code>./installfog.sh --recreate-ca</code><br />
<br />
== fog-client ==<br />
When the new fog-client came to life a few years back it was intended to enable secure communication between client and FOG server without forcing the webserver to HTTPS because the implications with PXE booting seemed too complex to force all users straight away. Therefore an encrypted communication channel was implemented that can be delivered over simple HTTP protocol without changing the webserver configuration.<br />
<br />
Now if you enable HTTPS on your FOG server you will need to update your fog-client settings as well. Edit <code>C:\Program Files (x86)\FOG\settings.json</code> and set HTTPS to 1. Save and restart the client.<br />
<br />
== Custom CA and certificates ==<br />
In many environments certificates from an internal CA are used. While you can switch over to use your custom cert with FOG you need to be aware of possible culprits. Using a custom CA was given enough thought when HTTPS support was added to FOG and so we need to kind of build around what we currently have - FOG 1.5.8 as of writing this in Feb 2020.<br />
<br />
As described above the fog-client software uses internal encryption which is not the same as HTTPS. While switching to HTTPS with a custom CA does work with the fog-client by adjusting the <code>settings.json</code> you need to choose one of two ways for making the internal encryption work as well:<br />
* Re-compile fog-client software to trust your custom CA:<br />
*: Replace the strings <code>FOG Server CA</code> and <code>CN=FOG Server CA</code> in [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Data/RSA.cs#L131 RSA.ca] and [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Middleware/Communication.cs#L302 Communication.cs] to match your custom CA common name. Then re-compile your own custom fog-client installer binaries. I won't go into any more details for now as I don't think many people will choose this path, it has other drawbacks (talking about auto upgrading) and we'll probably re-think and change this some time in the future anyway.<br />
* Use your custom CA for Apache configuration only but stick to FOG CA for fog-client internal encryption. While it might seem complicated at first I still think this is currently the easiest way to make it work:<br />
** Install FOG as usual but enable HTTPS (command line parameter or answer yes to the installer question on HTTPS). This will generate the FOG Server CA cert needed for the fog-client internal encryption.<br />
** Grab your custom CA certificate (1), web server certificate (2) & key (3) file and put those in the following paths (overwriting the original files generated by FOG installer):<br />
**# CA certificate: <code>/var/www/html/fog/management/other/ca.cert.pem</code> (use PEM format and '''<font color="red">do not</font> touch the ca.cert.der file in that same folder''' as this is used by fog-client's internal encryption)<br />
**# web server certificate: <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> (as well PEM format)<br />
**# web server key file: <code>/opt/fog/snapins/ssl/.srvprivate.key</code><br />
** Make sure you have your custom CA certificate imported into the Windows cert store on your client machines and adjusted <code>settings.json</code> to use HTTPS as well.<br />
** Restart Apache webserver<br />
** Re-build iPXE binaries using your custom CA '''and test PXE booting''':<br />
<blockquote><pre>sudo -i<br />
cd path/to/fogproject-source/utils/FOGiPXE/<br />
./buildipxe.sh /var/www/html/fog/management/other/ca.cert.pem<br />
cd ../../packages/tftp/<br />
find -type f -exec cp -Rfv {} /tftpboot/{} \;</pre></blockquote><br />
<blockquote><font color="red">Notice:</font> Be aware that whenever you re-run the FOG installer (update or for whatever other reason) it will overwrite your custom <code>/var/www/html/fog/management/other/ca.cert.pem</code> and <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> file. So you will need to put those two files back in place and restart Apache. Re-compile of iPXE binaries should not be needed. Don't see this as bad intention as it's simply how the installer was created to make sure things were "correct" on every run. We will consider changing this behavior as more people will use custom CAs.</blockquote><br />
<br />
== Storage node setups ==<br />
TBD<br />
<br />
== Known issues ==<br />
# We have seen issues with PXE booting when certificates from a certain vendor were used. Find details here:<br />
#: https://forums.fogproject.org/topic/12768/not-able-to-tftp-boot-invalid-argument-error<br />
#: http://forum.ipxe.org/showthread.php?tid=16998<br />
# When changing or re-creating (be careful!) the CA you need to make sure the rootcert part of iPXE is being rebuild.<br />
#: Either upgrade to the latest (dev) version or update your build script manually according to the [https://github.com/FOGProject/fogproject/commit/dc5b877b2604c117f235ad5f099ec55bf85c2fe0 fix you find on github].</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12622HTTPS2020-02-25T19:26:34Z<p>SebastianRoth: </p>
<hr />
<div>Secure connections like HTTPS have become state of the art all over the web over the years. While FOG did use secure encryption (not HTTPS but a custom secure channel) for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
== Installation ==<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 the installer will ask you if it should be enabled or not. Both ways you will end up with FOG run in HTTPS mode.<br />
<br />
The installer will generate a different Apache configuration to enable HTTPS and redirect all requests from HTTP to HTTPS (minor exceptions exist). While this might sound simple there is really a lot more to it in the FOG world. Read on to learn about this in detail.<br />
<br />
== FOG web UI ==<br />
The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old URL to HTTPS.<br />
<br />
All fine but now I get warnings in my web browser saying this connection is not secure. Yes, this is because we can't offer certificates signed by an official certificate authority (which your web browser would trust). We use self generated CA and certificates which are not known to your browser. You can either ignore the warning or grab <code>/opt/fog/snapins/ssl/CA/.fogCA.pem</code> from your FOG server (e.g. using WinSCP or scp) and import that to your (browser) certificate store.<br />
<br />
* Firefox: Preferences -> Privacy & Security -> Certificates -> View Certificates -> Your Certificates -> Import...<br />
* Chrome: Settings -> Show advanced settings -> HTTPS/SSL -> Manage certificates -> Your Certificates -> Import...<br />
* Opera: Browser settings -> Advanced -> Privacy & security -> Manage certificates -> Your Certificates -> Import<br />
* IE/Edge: cmd: <code>certutil -addstore -f -user "Root" path\to\.fogCA.pem</code><br />
<br />
== PXE boot ==<br />
When enabling HTTPS the installer compiles custom iPXE binaries for you including your personal FOG server CA certificate to be able to communicate with your secure FOG webserver. Manual adjustments should not be needed for this to work but it's quite likely this is causing trouble for some of you. If you see the error message <code>https://x.x.x.x/fog/service/ipxe/boot.php... Permission denied ...</code> on PXE booting you will be dropped to the iPXE command shell. Running the command <code>certstat</code> will show you the certificates known to iPXE at this stage:<br />
<blockquote>iPXE> certstat<br />
FOG Server CA: ... [PERMANENT]<br />
x.x.x.x: ...</blockquote><br />
The output might differ from what you see. In this example we see that the FOG Server CA cert is embedded into the binary (permanent) and the following line shows the certificate iPXE received when contacting the webserver ''but'' it's unable to validate this cert. If it would be able to check the certificates both lines would be marked as <code>[VALIDATED]</code>. So in this case the CA cert compiled into the binary doesn't match the one which the web server certificate was signed with. More often you might just see no line starting with <code>FOG Server CA</code>. The binary was compiled with no embedded CA cert and iPXE is not to verify the cert received from the webserver.<br />
<br />
Either way you need to check your CA and certificate files on your FOG server and take a look at the installer log files in <code>fogproject/bin/error_logs/</code> to see why it didn't succeed compiling the right certificate into the iPXE binaries.<br />
<br />
Wrong system time can cause an issue as iPXE also checks if the embedded root CA certificate is valid based on the time. iPXE receives the current time from the BIOS / UEFI firmware and fails with <code>... Permission denied ...</code> on the HTTPS connection if it can't validate the root CA cert due to it not being valid with the wrong time set on the machine.<br />
<br />
If you can't find what's causing this you might consider re-running the FOG installer using command line options to re-generate the SSL keys and certs. '''<font style=color:red>But be aware this will break communication with all your fog-clients talking to this FOG server!</font>''' We do NOT recommend using this unless you really know what you are doing. Enough warning, here you go: <code>./installfog.sh --recreate-ca</code><br />
<br />
== fog-client ==<br />
When the new fog-client came to life a few years back it was intended to enable secure communication between client and FOG server without forcing the webserver to HTTPS because the implications with PXE booting seemed too complex to force all users straight away. Therefore an encrypted communication channel was implemented that can be delivered over simple HTTP protocol without changing the webserver configuration.<br />
<br />
Now if you enable HTTPS on your FOG server you will need to update your fog-client settings as well. Edit <code>C:\Program Files (x86)\FOG\settings.json</code> and set HTTPS to 1. Save and restart the client.<br />
<br />
== Custom CA and certificates ==<br />
In many environments certificates from an internal CA are used. While you can switch over to use your custom cert with FOG you need to be aware of possible culprits. Using a custom CA was given enough thought when HTTPS support was added to FOG and so we need to kind of build around what we currently have - FOG 1.5.8 as of writing this in Feb 2020.<br />
<br />
As described above the fog-client software uses internal encryption which is not the same as HTTPS. While switching to HTTPS with a custom CA does work with the fog-client by adjusting the <code>settings.json</code> you need to choose one of two ways for making the internal encryption work as well:<br />
* Re-compile fog-client software to trust your custom CA:<br />
*: Replace the strings <code>FOG Server CA</code> and <code>CN=FOG Server CA</code> in [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Data/RSA.cs#L131 RSA.ca] and [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Middleware/Communication.cs#L302 Communication.cs] to match your custom CA common name. Then re-compile your own custom fog-client installer binaries. I won't go into any more details for now as I don't think many people will choose this path, it has other drawbacks (talking about auto upgrading) and we'll probably re-think and change this some time in the future anyway.<br />
* Use your custom CA for Apache configuration only but stick to FOG CA for fog-client internal encryption. While it might seem complicated at first I still think this is currently the easiest way to make it work:<br />
** Install FOG as usual but enable HTTPS (command line parameter or answer yes to the installer question on HTTPS). This will generate the FOG Server CA cert needed for the fog-client internal encryption.<br />
** Grab your custom CA certificate (1), web server certificate (2) & key (3) file and put those in the following paths (overwriting the original files generated by FOG installer):<br />
**# CA certificate: <code>/var/www/html/fog/management/other/ca.cert.pem</code> (use PEM format and '''<font color="red">do not</font> touch the ca.cert.der file in that same folder''' as this is used by fog-client's internal encryption)<br />
**# web server certificate: <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> (as well PEM format)<br />
**# web server key file: <code>/opt/fog/snapins/ssl/.srvprivate.key</code><br />
** Make sure you have your custom CA certificate imported into the Windows cert store on your client machines and adjusted <code>settings.json</code> to use HTTPS as well.<br />
** Restart Apache webserver<br />
** Re-build iPXE binaries using your custom CA '''and test PXE booting''':<br />
<blockquote><pre>sudo -i<br />
cd path/to/fogproject-source/utils/FOGiPXE/<br />
./buildipxe.sh /var/www/html/fog/management/other/ca.cert.pem<br />
cd ../../packages/tftp/<br />
find -type f -exec cp -Rfv {} /tftpboot/{} \;</pre></blockquote><br />
<blockquote><font color="red">Notice:</font> Be aware that whenever you re-run the FOG installer (update or for whatever other reason) it will overwrite your custom <code>/var/www/html/fog/management/other/ca.cert.pem</code> and <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> file. So you will need to put those two files back in place and restart Apache. Re-compile of iPXE binaries should not be needed. Don't see this as bad intention as it's simply how the installer was created to make sure things were "correct" on every run. We will consider changing this behavior as more people will use custom CAs.</blockquote><br />
<br />
== Storage node setups ==<br />
TBD<br />
<br />
== Known issues ==<br />
# We have seen issues with PXE booting when certificates from a certain vendor were used. Find details here:<br />
#: https://forums.fogproject.org/topic/12768/not-able-to-tftp-boot-invalid-argument-error<br />
#: http://forum.ipxe.org/showthread.php?tid=16998</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12621HTTPS2020-02-23T12:10:58Z<p>SebastianRoth: /* Custom CA and certificates */</p>
<hr />
<div>Secure connections like HTTPS have become state of the art all over the web over the years. While FOG did use secure encryption (not HTTPS but a custom secure channel) for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
== Installation ==<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 the installer will ask you if it should be enabled or not. Both ways you will end up with FOG run in HTTPS mode.<br />
<br />
The installer will generate a different Apache configuration to enable HTTPS and redirect all requests from HTTP to HTTPS (minor exceptions exist). While this might sound simple there is really a lot more to it in the FOG world. Read on to learn about this in detail.<br />
<br />
== FOG web UI ==<br />
The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old URL to HTTPS.<br />
<br />
All fine but now I get warnings in my web browser saying this connection is not secure. Yes, this is because we can't offer certificates signed by an official certificate authority (which your web browser would trust). We use self generated CA and certificates which are not known to your browser. You can either ignore the warning or grab <code>/opt/fog/snapins/ssl/CA/.fogCA.pem</code> from your FOG server (e.g. using WinSCP or scp) and import that to your (browser) certificate store.<br />
<br />
* Firefox: Preferences -> Privacy & Security -> Certificates -> View Certificates -> Your Certificates -> Import...<br />
* Chrome: Settings -> Show advanced settings -> HTTPS/SSL -> Manage certificates -> Your Certificates -> Import...<br />
* Opera: Browser settings -> Advanced -> Privacy & security -> Manage certificates -> Your Certificates -> Import<br />
* IE/Edge: cmd: <code>certutil -addstore -f -user "Root" path\to\.fogCA.pem</code><br />
<br />
== PXE boot ==<br />
When enabling HTTPS the installer compiles custom iPXE binaries for you including your personal FOG server CA certificate to be able to communicate with your secure FOG webserver. Manual adjustments should not be needed for this to work but it's quite likely this is causing trouble for some of you. If you see the error message <code>https://x.x.x.x/fog/service/ipxe/boot.php... Permission denied ...</code> on PXE booting you will be dropped to the iPXE command shell. Running the command <code>certstat</code> will show you the certificates known to iPXE at this stage:<br />
<blockquote>iPXE> certstat<br />
FOG Server CA: ... [PERMANENT]<br />
x.x.x.x: ...</blockquote><br />
The output might differ from what you see. In this example we see that the FOG Server CA cert is embedded into the binary (permanent) and the following line shows the certificate iPXE received when contacting the webserver ''but'' it's unable to validate this cert. If it would be able to check the certificates both lines would be marked as <code>[VALIDATED]</code>. So in this case the CA cert compiled into the binary doesn't match the one which the web server certificate was signed with. More often you might just see no line starting with <code>FOG Server CA</code>. The binary was compiled with no embedded CA cert and iPXE is not to verify the cert received from the webserver.<br />
<br />
Either way you need to check your CA and certificate files on your FOG server and take a look at the installer log files in <code>fogproject/bin/error_logs/</code> to see why it didn't succeed compiling the right certificate into the iPXE binaries.<br />
<br />
Wrong system time can cause an issue as iPXE also checks if the embedded root CA certificate is valid based on the time. iPXE receives the current time from the BIOS / UEFI firmware and fails with <code>... Permission denied ...</code> on the HTTPS connection if it can't validate the root CA cert due to it not being valid with the wrong time set on the machine.<br />
<br />
If you can't find what's causing this you might consider re-running the FOG installer using command line options to re-generate the SSL keys and certs. '''<font style=color:red>But be aware this will break communication with all your fog-clients talking to this FOG server!</font>''' We do NOT recommend using this unless you really know what you are doing. Enough warning, here you go: <code>./installfog.sh --recreate-ca</code><br />
<br />
== fog-client ==<br />
When the new fog-client came to life a few years back it was intended to enable secure communication between client and FOG server without forcing the webserver to HTTPS because the implications with PXE booting seemed too complex to force all users straight away. Therefore an encrypted communication channel was implemented that can be delivered over simple HTTP protocol without changing the webserver configuration.<br />
<br />
Now if you enable HTTPS on your FOG server you will need to update your fog-client settings as well. Edit <code>C:\Program Files (x86)\FOG\settings.json</code> and set HTTPS to 1. Save and restart the client.<br />
<br />
== Custom CA and certificates ==<br />
In many environments certificates from an internal CA are used. While you can switch over to use your custom cert with FOG you need to be aware of possible culprits. Using a custom CA was given enough thought when HTTPS support was added to FOG and so we need to kind of build around what we currently have - FOG 1.5.8 as of writing this in Feb 2020.<br />
<br />
As described above the fog-client software uses internal encryption which is not the same as HTTPS. While switching to HTTPS with a custom CA does work with the fog-client by adjusting the <code>settings.json</code> you need to choose one of two ways for making the internal encryption work as well:<br />
* Re-compile fog-client software to trust your custom CA:<br />
*: Replace the strings <code>FOG Server CA</code> and <code>CN=FOG Server CA</code> in [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Data/RSA.cs#L131 RSA.ca] and [https://github.com/FOGProject/zazzles/blob/master/Zazzles/Middleware/Communication.cs#L302 Communication.cs] to match your custom CA common name. Then re-compile your own custom fog-client installer binaries. I won't go into any more details for now as I don't think many people will choose this path, it has other drawbacks (talking about auto upgrading) and we'll probably re-think and change this some time in the future anyway.<br />
* Use your custom CA for Apache configuration only but stick to FOG CA for fog-client internal encryption. While it might seem complicated at first I still think this is currently the easiest way to make it work:<br />
** Install FOG as usual but enable HTTPS (command line parameter or answer yes to the installer question on HTTPS). This will generate the FOG Server CA cert needed for the fog-client internal encryption.<br />
** Grab your custom CA certificate (1), web server certificate (2) & key (3) file and put those in the following paths (overwriting the original files generated by FOG installer):<br />
**# CA certificate: <code>/var/www/html/fog/management/other/ca.cert.pem</code> (use PEM format and '''<font color="red">do not</font> touch the ca.cert.der file in that same folder''' as this is used by fog-client's internal encryption)<br />
**# web server certificate: <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> (as well PEM format)<br />
**# web server key file: <code>/opt/fog/snapins/ssl/.srvprivate.key</code><br />
** Make sure you have your custom CA certificate imported into the Windows cert store on your client machines and adjusted <code>settings.json</code> to use HTTPS as well.<br />
** Restart Apache webserver<br />
** Re-build iPXE binaries using your custom CA '''and test PXE booting''':<br />
<blockquote><pre>sudo -i<br />
cd path/to/fogproject-source/utils/FOGiPXE/<br />
./buildipxe.sh /var/www/html/fog/management/other/ca.cert.pem<br />
cd ../../packages/tftp/<br />
find -type f -exec cp -Rfv {} /tftpboot/{} \;</pre></blockquote><br />
<blockquote><font color="red">Notice:</font> Be aware that whenever you re-run the FOG installer (update or for whatever other reason) it will overwrite your custom <code>/var/www/html/fog/management/other/ca.cert.pem</code> and <code>/var/www/html/fog/management/other/ssl/srvpublic.crt</code> file. So you will need to put those two files back in place and restart Apache. Re-compile of iPXE binaries should not be needed. Don't see this as bad intention as it's simply how the installer was created to make sure things were "correct" on every run. We will consider changing this behavior as more people will use custom CAs.</blockquote><br />
<br />
== Storage node setups ==<br />
TBD</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12620HTTPS2020-02-23T08:26:19Z<p>SebastianRoth: /* Custom CA and certificates */</p>
<hr />
<div>Secure connections like HTTPS have become state of the art all over the web over the years. While FOG did use secure encryption (not HTTPS but a custom secure channel) for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
== Installation ==<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 the installer will ask you if it should be enabled or not. Both ways you will end up with FOG run in HTTPS mode.<br />
<br />
The installer will generate a different Apache configuration to enable HTTPS and redirect all requests from HTTP to HTTPS (minor exceptions exist). While this might sound simple there is really a lot more to it in the FOG world. Read on to learn about this in detail.<br />
<br />
== FOG web UI ==<br />
The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old URL to HTTPS.<br />
<br />
All fine but now I get warnings in my web browser saying this connection is not secure. Yes, this is because we can't offer certificates signed by an official certificate authority (which your web browser would trust). We use self generated CA and certificates which are not known to your browser. You can either ignore the warning or grab <code>/opt/fog/snapins/ssl/CA/.fogCA.pem</code> from your FOG server (e.g. using WinSCP or scp) and import that to your (browser) certificate store.<br />
<br />
* Firefox: Preferences -> Privacy & Security -> Certificates -> View Certificates -> Your Certificates -> Import...<br />
* Chrome: Settings -> Show advanced settings -> HTTPS/SSL -> Manage certificates -> Your Certificates -> Import...<br />
* Opera: Browser settings -> Advanced -> Privacy & security -> Manage certificates -> Your Certificates -> Import<br />
* IE/Edge: cmd: <code>certutil -addstore -f -user "Root" path\to\.fogCA.pem</code><br />
<br />
== PXE boot ==<br />
When enabling HTTPS the installer compiles custom iPXE binaries for you including your personal FOG server CA certificate to be able to communicate with your secure FOG webserver. Manual adjustments should not be needed for this to work but it's quite likely this is causing trouble for some of you. If you see the error message <code>https://x.x.x.x/fog/service/ipxe/boot.php... Permission denied ...</code> on PXE booting you will be dropped to the iPXE command shell. Running the command <code>certstat</code> will show you the certificates known to iPXE at this stage:<br />
<blockquote>iPXE> certstat<br />
FOG Server CA: ... [PERMANENT]<br />
x.x.x.x: ...</blockquote><br />
The output might differ from what you see. In this example we see that the FOG Server CA cert is embedded into the binary (permanent) and the following line shows the certificate iPXE received when contacting the webserver ''but'' it's unable to validate this cert. If it would be able to check the certificates both lines would be marked as <code>[VALIDATED]</code>. So in this case the CA cert compiled into the binary doesn't match the one which the web server certificate was signed with. More often you might just see no line starting with <code>FOG Server CA</code>. The binary was compiled with no embedded CA cert and iPXE is not to verify the cert received from the webserver.<br />
<br />
Either way you need to check your CA and certificate files on your FOG server and take a look at the installer log files in <code>fogproject/bin/error_logs/</code> to see why it didn't succeed compiling the right certificate into the iPXE binaries.<br />
<br />
Wrong system time can cause an issue as iPXE also checks if the embedded root CA certificate is valid based on the time. iPXE receives the current time from the BIOS / UEFI firmware and fails with <code>... Permission denied ...</code> on the HTTPS connection if it can't validate the root CA cert due to it not being valid with the wrong time set on the machine.<br />
<br />
If you can't find what's causing this you might consider re-running the FOG installer using command line options to re-generate the SSL keys and certs. '''<font style=color:red>But be aware this will break communication with all your fog-clients talking to this FOG server!</font>''' We do NOT recommend using this unless you really know what you are doing. Enough warning, here you go: <code>./installfog.sh --recreate-ca</code><br />
<br />
== fog-client ==<br />
When the new fog-client came to life a few years back it was intended to enable secure communication between client and FOG server without forcing the webserver to HTTPS because the implications with PXE booting seemed too complex to force all users straight away. Therefore an encrypted communication channel was implemented that can be delivered over simple HTTP protocol without changing the webserver configuration.<br />
<br />
Now if you enable HTTPS on your FOG server you will need to update your fog-client settings as well. Edit <code>C:\Program Files (x86)\FOG\settings.json</code> and set HTTPS to 1. Save and restart the client.<br />
<br />
== Custom CA and certificates ==<br />
In many environments certificates from an internal CA are used. While you can switch over to use your custom cert with FOG you need to be aware of possible culprits:<br />
<br />
<br />
TBD<br />
Using those with FOG will work if you follow a few hints. Considering the things mentioned above<br />
<br />
== Storage node setups ==<br />
TBD</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12619HTTPS2020-02-23T07:58:32Z<p>SebastianRoth: /* PXE boot */</p>
<hr />
<div>Secure connections like HTTPS have become state of the art all over the web over the years. While FOG did use secure encryption (not HTTPS but a custom secure channel) for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
== Installation ==<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 the installer will ask you if it should be enabled or not. Both ways you will end up with FOG run in HTTPS mode.<br />
<br />
The installer will generate a different Apache configuration to enable HTTPS and redirect all requests from HTTP to HTTPS (minor exceptions exist). While this might sound simple there is really a lot more to it in the FOG world. Read on to learn about this in detail.<br />
<br />
== FOG web UI ==<br />
The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old URL to HTTPS.<br />
<br />
All fine but now I get warnings in my web browser saying this connection is not secure. Yes, this is because we can't offer certificates signed by an official certificate authority (which your web browser would trust). We use self generated CA and certificates which are not known to your browser. You can either ignore the warning or grab <code>/opt/fog/snapins/ssl/CA/.fogCA.pem</code> from your FOG server (e.g. using WinSCP or scp) and import that to your (browser) certificate store.<br />
<br />
* Firefox: Preferences -> Privacy & Security -> Certificates -> View Certificates -> Your Certificates -> Import...<br />
* Chrome: Settings -> Show advanced settings -> HTTPS/SSL -> Manage certificates -> Your Certificates -> Import...<br />
* Opera: Browser settings -> Advanced -> Privacy & security -> Manage certificates -> Your Certificates -> Import<br />
* IE/Edge: cmd: <code>certutil -addstore -f -user "Root" path\to\.fogCA.pem</code><br />
<br />
== PXE boot ==<br />
When enabling HTTPS the installer compiles custom iPXE binaries for you including your personal FOG server CA certificate to be able to communicate with your secure FOG webserver. Manual adjustments should not be needed for this to work but it's quite likely this is causing trouble for some of you. If you see the error message <code>https://x.x.x.x/fog/service/ipxe/boot.php... Permission denied ...</code> on PXE booting you will be dropped to the iPXE command shell. Running the command <code>certstat</code> will show you the certificates known to iPXE at this stage:<br />
<blockquote>iPXE> certstat<br />
FOG Server CA: ... [PERMANENT]<br />
x.x.x.x: ...</blockquote><br />
The output might differ from what you see. In this example we see that the FOG Server CA cert is embedded into the binary (permanent) and the following line shows the certificate iPXE received when contacting the webserver ''but'' it's unable to validate this cert. If it would be able to check the certificates both lines would be marked as <code>[VALIDATED]</code>. So in this case the CA cert compiled into the binary doesn't match the one which the web server certificate was signed with. More often you might just see no line starting with <code>FOG Server CA</code>. The binary was compiled with no embedded CA cert and iPXE is not to verify the cert received from the webserver.<br />
<br />
Either way you need to check your CA and certificate files on your FOG server and take a look at the installer log files in <code>fogproject/bin/error_logs/</code> to see why it didn't succeed compiling the right certificate into the iPXE binaries.<br />
<br />
Wrong system time can cause an issue as iPXE also checks if the embedded root CA certificate is valid based on the time. iPXE receives the current time from the BIOS / UEFI firmware and fails with <code>... Permission denied ...</code> on the HTTPS connection if it can't validate the root CA cert due to it not being valid with the wrong time set on the machine.<br />
<br />
If you can't find what's causing this you might consider re-running the FOG installer using command line options to re-generate the SSL keys and certs. '''<font style=color:red>But be aware this will break communication with all your fog-clients talking to this FOG server!</font>''' We do NOT recommend using this unless you really know what you are doing. Enough warning, here you go: <code>./installfog.sh --recreate-ca</code><br />
<br />
== fog-client ==<br />
When the new fog-client came to life a few years back it was intended to enable secure communication between client and FOG server without forcing the webserver to HTTPS because the implications with PXE booting seemed too complex to force all users straight away. Therefore an encrypted communication channel was implemented that can be delivered over simple HTTP protocol without changing the webserver configuration.<br />
<br />
Now if you enable HTTPS on your FOG server you will need to update your fog-client settings as well. Edit <code>C:\Program Files (x86)\FOG\settings.json</code> and set HTTPS to 1. Save and restart the client.<br />
<br />
== Custom CA and certificates ==<br />
In many environments certificates from an internal CA are used. While you can switch over to use your custom cert with FOG you need to one of three options if you intend to use the fog-client software:<br />
<br />
TBD<br />
Using those with FOG will work if you follow a few hints. Considering the things mentioned above<br />
<br />
<br />
== Storage node setups ==<br />
TBD</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12618HTTPS2020-02-23T07:58:08Z<p>SebastianRoth: /* PXE boot */</p>
<hr />
<div>Secure connections like HTTPS have become state of the art all over the web over the years. While FOG did use secure encryption (not HTTPS but a custom secure channel) for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
== Installation ==<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 the installer will ask you if it should be enabled or not. Both ways you will end up with FOG run in HTTPS mode.<br />
<br />
The installer will generate a different Apache configuration to enable HTTPS and redirect all requests from HTTP to HTTPS (minor exceptions exist). While this might sound simple there is really a lot more to it in the FOG world. Read on to learn about this in detail.<br />
<br />
== FOG web UI ==<br />
The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old URL to HTTPS.<br />
<br />
All fine but now I get warnings in my web browser saying this connection is not secure. Yes, this is because we can't offer certificates signed by an official certificate authority (which your web browser would trust). We use self generated CA and certificates which are not known to your browser. You can either ignore the warning or grab <code>/opt/fog/snapins/ssl/CA/.fogCA.pem</code> from your FOG server (e.g. using WinSCP or scp) and import that to your (browser) certificate store.<br />
<br />
* Firefox: Preferences -> Privacy & Security -> Certificates -> View Certificates -> Your Certificates -> Import...<br />
* Chrome: Settings -> Show advanced settings -> HTTPS/SSL -> Manage certificates -> Your Certificates -> Import...<br />
* Opera: Browser settings -> Advanced -> Privacy & security -> Manage certificates -> Your Certificates -> Import<br />
* IE/Edge: cmd: <code>certutil -addstore -f -user "Root" path\to\.fogCA.pem</code><br />
<br />
== PXE boot ==<br />
When enabling HTTPS the installer compiles custom iPXE binaries for you including your personal FOG server CA certificate to be able to communicate with your secure FOG webserver. Manual adjustments should not be needed for this to work but it's quite likely this is causing trouble for some of you. If you see the error message <code>https://x.x.x.x/fog/service/ipxe/boot.php... Permission denied ...</code> on PXE booting you will be dropped to the iPXE command shell. Running the command <code>certstat</code> will show you the certificates known to iPXE at this stage:<br />
<blockquote>iPXE> certstat<br />
FOG Server CA: ... [PERMANENT]<br />
x.x.x.x: ...</blockquote><br />
The output might differ from what you see. In this example we see that the FOG Server CA cert is embedded into the binary (permanent) and the following line shows the certificate iPXE received when contacting the webserver ''but'' it's unable to validate this cert. If it would be able to check the certificates both lines would be marked as <code>[VALIDATED]</code>! So in this case the CA cert compiled into the binary doesn't match the one which the web server certificate was signed with. More often you might just see no line starting with <code>FOG Server CA</code>. The binary was compiled with no embedded CA cert and iPXE is not to verify the cert received from the webserver.<br />
<br />
Either way you need to check your CA and certificate files on your FOG server and take a look at the installer log files in <code>fogproject/bin/error_logs/</code> to see why it didn't succeed compiling the right certificate into the iPXE binaries.<br />
<br />
Wrong system time can cause an issue as iPXE also checks if the embedded root CA certificate is valid based on the time. iPXE receives the current time from the BIOS / UEFI firmware and fails with <code>... Permission denied ...</code> on the HTTPS connection if it can't validate the root CA cert due to it not being valid with the wrong time set on the machine.<br />
<br />
If you can't find what's causing this you might consider re-running the FOG installer using command line options to re-generate the SSL keys and certs. '''<font style=color:red>But be aware this will break communication with all your fog-clients talking to this FOG server!</font>''' We do NOT recommend using this unless you really know what you are doing. Enough warning, here you go: <code>./installfog.sh --recreate-ca</code><br />
<br />
== fog-client ==<br />
When the new fog-client came to life a few years back it was intended to enable secure communication between client and FOG server without forcing the webserver to HTTPS because the implications with PXE booting seemed too complex to force all users straight away. Therefore an encrypted communication channel was implemented that can be delivered over simple HTTP protocol without changing the webserver configuration.<br />
<br />
Now if you enable HTTPS on your FOG server you will need to update your fog-client settings as well. Edit <code>C:\Program Files (x86)\FOG\settings.json</code> and set HTTPS to 1. Save and restart the client.<br />
<br />
== Custom CA and certificates ==<br />
In many environments certificates from an internal CA are used. While you can switch over to use your custom cert with FOG you need to one of three options if you intend to use the fog-client software:<br />
<br />
TBD<br />
Using those with FOG will work if you follow a few hints. Considering the things mentioned above<br />
<br />
<br />
== Storage node setups ==<br />
TBD</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Installation&diff=12617Installation2020-02-22T09:49:31Z<p>SebastianRoth: /* VirtualBox */</p>
<hr />
<div>== Requirements ==<br />
Before diving right into the installation of FOG you need to decide which server OS you are going to use. FOG is made to install on RedHat based distro CentOS, Fedora, RHEL amongst others as well as Debian, Ubuntu and Arch Linux. Choose whichever you like most and have knowledge about! FOG is known to work with any of the above noted systems. Many [[Installation#Installation_manuals|installation manuals]] are available.<br />
<br />
This listing is for informational purposes only, as the required components will be automatically downloaded and installed by the FOG installation script: PHP 5/7, MySql 5+/MariaDB 10+, Apache 2+, DHCP (pretty much any!), TFTP, FTP, NFS<br />
<br />
The LAMP setup can also be easily adjusted for a "WAMP (Windows Apache MySQL PHP) system" though will require a bit more knowledge of what packages to use and how to integrate with the FOG system.<br />
<br />
Please choose the distribution you have the most knowledge about, but the below list has the best support in FOG 1.3.0 right now. This list is by no means an absolute list to follow, though.<br />
<br />
* Ubuntu 16 or higher<br />
<br />
* Debian 8 or higher<br />
<br />
* CentOS 7 or higher<br />
<br />
* Red Hat 6 or higher<br />
<br />
* Fedora 22 or higher<br />
<br />
* Any version of Arch.<br />
<br />
== Download FOG ==<br />
Please see: [[Getting_FOG]]<br />
<br />
== Installer ==<br />
The FOG installer comes as a complex shell script that will handle all the package installs and configuring the services for you. It must be run as root (sudo works as well) to be able to set things up properly. Running the installer on a new system for the first time it will ask you a couple of questions regarding your network configuration and services you want to install.<br />
<br />
=== Modes ===<br />
FOG can be installed in two different modes. First is the normal FOG server which does all of the work. Choose this option if you only want have a single FOG server in your network. The second option is to install a FOG storage node which will serve as a second place to store images on and serve images to more clients (when doing unicast). [[InstallationModes|Here]] you can find some more information about the two modes.<br />
<br />
FOG Server installation modes:<br />
* Normal Server: (Choice N) <br />
This is the typical installation type and<br />
will install all FOG components for you on this<br />
machine. Pick this option if you are unsure what to pick.<br />
<br />
* Storage Node: (Choice S)<br />
This install mode will only install the software required<br />
to make this server act as a node in a storage group<br />
<br />
=== Command line options ===<br />
The FOG installer has quite a few command line options. See the output below. You might want force FOG to setup the web interface via HTTPS, change the default PXE boot file or web root directory.<br />
<br />
./installfog.sh --help<br />
Usage: ./installfog.sh [-h?dEUuHSCKYXTFA] [-f <filename>] [-N <databasename>]<br />
[-D </directory/to/document/root/>] [-c <ssl-path>]<br />
[-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>]<br />
[-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>]<br />
-h -? --help Display this info<br />
-o --oldcopy Copy back old data<br />
-d --no-defaults Don't guess defaults<br />
-U --no-upgrade Don't attempt to upgrade<br />
-H --no-htmldoc No htmldoc, means no PDFs<br />
-S --force-https Force HTTPS for all comunication<br />
-C --recreate-CA Recreate the CA Keys<br />
-K --recreate-keys Recreate the SSL Keys<br />
-Y -y --autoaccept Auto accept defaults and install<br />
-f --file Use different update file<br />
-c --ssl-path Specify the ssl path<br />
defaults to /opt/fog/snapins/ssl<br />
-D --docroot Specify the Apache Docroot for fog<br />
defaults to OS DocumentRoot<br />
-W --webroot Specify the web root url want fog to use<br />
(E.G. http://127.0.0.1/fog,<br />
http://127.0.0.1/)<br />
Defaults to /fog/<br />
-B --backuppath Specify the backup path<br />
--uninstall Uninstall FOG<br />
-s --startrange DHCP Start range<br />
-e --endrange DHCP End range<br />
-b --bootfile DHCP Boot file<br />
-E --no-exportbuild Skip building nfs file<br />
-X --exitFail Do not exit if item fails<br />
-T --no-tftpbuild Do not rebuild the tftpd config file<br />
-F --no-vhost Do not overwrite vhost file<br />
-A --arm-support Install kernel and initrd for ARM platforms<br />
<br />
=== .fogsettings ===<br />
<br />
Full article on the .fogsettings file can be found here: [[.fogsettings]]<br />
<br />
=== Backups ===<br />
TBD<br />
<br />
=== Errorlog ===<br />
TBD<br />
<br />
== Installation manuals ==<br />
=== CentOS ===<br />
[[CentOS 7| CentOS 7]], <br />
[[Installation on CentOS 6.4|CentOS 6.4]] (CentOS 6.5 also works), <br />
[[Installation on CentOS 5.3|CentOS 5.3]] (CentOS 5.4 & 5.5 also covered)<br />
<br />
<br />
=== Debian ===<br />
[[Debian 8]],<br />
[[Installation on Debian Lenny|Debian Wheezy]], <br />
[[Installation on Debian Lenny|Debian Squeeze]], <br />
[[Installation on Debian Lenny|Debian Lenny]]<br />
<br />
=== Fedora ===<br />
[[Fedora 25 Server]],<br />
[[Fedora 24 Server]],<br />
[[Fedora 23 Server]], <br />
[[Fedora_21_Server|Fedora 21 Server]], <br />
[[Installation on Fedora 13|Fedora 13]], <br />
[[Installation on Fedora 8| Fedora 8]],<br />
<br />
=== RHEL ===<br />
TBA<br />
<br />
<br />
=== Ubuntu ===<br />
[[Ubuntu 16.04]]<br />
(<font color="red">obsolete, just for the archive:</font> [[Ubuntu 14.04]], <br />
[[Ubuntu 12.04|Ubuntu 13.10]], <br />
[[Ubuntu 12.04|Ubuntu 13.04]], <br />
[[Ubuntu 12.04|Ubuntu 12.10]], <br />
[[Ubuntu 12.04]], <br />
[[Ubuntu 11.04]], <br />
[[Ubuntu 10.10]], <br />
[[Ubuntu 10.04|Ubuntu 10.04]], <br />
[[Ubuntu 9.04|Ubuntu 9.04]], <br />
Ubuntu 8.10, <br />
Ubuntu 8.04, <br />
[[Installation on 7.10|Ubuntu 7.10]])<br />
<br />
== Virtualization ==<br />
FOG can be used on bare metal as well as in most virtual server and client setups. Some of the virtualization techniques are really great when used with FOG, e.g. snapshots. Some people use virtualization to prepare and capture their "golden (master / reference) images" all on one central location/server. Again like with the server OS we don't prefer any of the following or others that are out there. This is only a collection of hints and tricks plus maybe issues we know about.<br />
<br />
=== Hyper-V ===<br />
<br />
'''Using the New VM Wizard:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Create VM Wizard > Installation Options: Select "Install an operating system from network-based installation server"<br />
<br />
<br />
'''Existing VM:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Right click VM > Settings > BIOS<br />
<br />
Move "Network Adapter" (sometimes labeled "Legacy Network Adapter") to the top of the boot order.<br />
<br />
<br />
'''UEFI:'''<br />
<br />
UEFI/Secure Boot is an option with Hyper-V on Server 2012 on Generation 2 VMs. It is enabled by default, and can be disabled in VM Settings -> Firmware: Uncheck secure boot.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== KVM/QEMU ===<br />
Can be used as kind of a lightweight desktop virtual environment to test FOG and master your images.<br />
Using this on the laptop as local test environment. Search forums and wiki but there is no valuable information about anyone using FOG on a KVM server. Asked user mxc as he seams to use it. Otherwise this will be a brief description on how to use this as I do it.<br />
<br />
# setup network tap device as kind of a local software switch to connect it all<br />
sudo tunctl -t tap0 -u <username><br />
sudo ifconfig tap0 x.x.x.x netmask 255.255.255.0 up<br />
<br />
# generate disk image file<br />
qemu-img create -f qcow2 hd.qcow2 10G<br />
<br />
# start VM using QEMU emulator (BIOS mode)<br />
qemu -m 512 -boot n -net nic,vlan=1 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM using real KVM virtualization (BIOS mode)<br />
kvm -m 512 -boot n -net nic,vlan=1,macaddr=00:00:00:00:00:05 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM as UEFI machine - as well using the more modern '-netdev' parameter<br />
kvm -m 512 -boot n -bios /usr/share/ovmf/OVMF.fd -device virtio-net-pci,netdev=hn0 -netdev tap,id=hn0,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
=== OpenVZ ===<br />
OpenVZ (possibly within Proxmox) is mostly used to run the FOG server in a light weight kind of virtual environment. As OpenVZ is in nature similar to a chrooted environment you cannot actually PXE boot such a container. To install FOG as a server in OpenVZ you need to have NFS support on the host machine first and then add it to the container as well:<br />
<br />
$ lsmod | grep nfsd<br />
nfsd 312315 14<br />
$ grep nfsd /proc/filesystems<br />
nodev nfsd<br />
<br />
If you don't see the kernel module ''nfsd'' loaded you might need to install the nfs-kernel-server package and load the module (usually done by the nfs-kernel-server init script). As mentioned before you need to enable access to ''nfsd'' from within the container you want to install FOG to:<br />
<br />
$ vzctl stop $CONTAINER_ID<br />
$ vzctl set $CONTAINER_ID --feature nfsd:on --save<br />
$ vzctl start $CONTAINER_ID<br />
<br />
After that the installer should run through like it would installing on bare metal or any other virtual environment!<br />
<br />
'''Wake on LAN:'''<br />
<br />
To be able to send WOL and multicast packages the container needs a proper MAC address. This is only the case if you configure the container to use a network bridge (veth instead of venet!).<br />
<br />
=== LXC ===<br />
LXC (used in Proxmox for example) does need some manual configuration tweek - [https://forums.fogproject.org/topic/7978/fog-in-lxc-container-how-to-configure-nfs-server reference]: <br />
* Option 1 - Disable Apparmor:<br />
** Edit the container configuration file and add the line lxc.aa_profile: unconfined.<br />
** On Proxmox the configuration file is located at /etc/pve/lxc/CTID.conf, where CTID is the ID number of the container.<br />
* Option 2 - Edit Apparmor profile to allows NFS:<br />
** Open /etc/apparmor.d/lxc/lxc-default-cgns and add the nfs/rpc lines:<br />
<pre><br />
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which<br />
# will source all profiles under /etc/apparmor.d/lxc<br />
<br />
profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {<br />
#include <abstractions/lxc/container-base><br />
<br />
# the container may never be allowed to mount devpts. If it does, it<br />
# will remount the host's devpts. We could allow it to do it with<br />
# the newinstance option (but, right now, we don't).<br />
deny mount fstype=devpts,<br />
mount fstype=cgroup -> /sys/fs/cgroup/**,<br />
mount fstype=nfs*,<br />
mount fstype=rpc_pipefs,<br />
}<br />
</pre><br />
<br />
* Reload Apparmor: <pre>apparmor_parser -r /etc/apparmor.d/lxc-containers</pre><br />
<br />
'''Important:''' The latest Proxmox update (around 23th of October 2018) broke NFS in LXC containers. Find a fix here: https://forum.proxmox.com/threads/mounting-nfs-in-lxc-not-working-since-latest-update.47815/<br />
<br />
=== VirtualBox ===<br />
Bridged network or host only.<br />
<br />
Most versions seem to suffer from a bug where iPXE would only be able to get an IP from the DHCP if started cold (vs. reboot).<br />
<br />
This can be fixed by changing the iPXE binary from <code>undionly.kkpxe</code> to <code>ipxe.pxe</code> in the DHCP server config.<br />
<br />
=== VMWare ESXi ===<br />
Running a FOG client within an ESXi server is pretty close to what you would do on a bare metal machine:<br />
<br />
* Create VM as normal.<br />
* Choose network adapter other than VMX3 (e.g. e1000) as we have seen [https://forums.fogproject.org/topic/7108/fog-bzimage-failing-to-load-after-pxe-boot loading issues] with those virtual adapters.<br />
* Open VM Console, start up the VM. Press F2 on Boot Logo to enter BIOS.<br />
* Scroll over to boot tab, use + key to move Network boot to the top of the boot order.<br />
<br />
You can also do an on-demand network boot by hitting F9 on startup, if you don’t want to change the boot order permanently.<br />
<br />
'''UEFI:'''<br />
<br />
UEFI is disabled by default for VMs in ESXI 6.0+. To enable it for a VM, go to VM Settings > Options Tab > Advanced: Boot Options and change the boot firmware from BIOS to EFI.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== VMWare Player ===<br />
Is this still in use?? Don't care if there is nothing about it in wiki or forums!<br />
<br />
=== Xen/XenServer ===<br />
See forums<br />
<br />
* [[Running pre-built virtual machines in Virtualbox|FOG 0.30 VM - Virtualbox]]<br />
* [[Installation on VMWare 0.27|FOG 0.27 VM - VMWare]]<br />
<br />
== Security ==<br />
<br />
[[FOG security]]<br />
<br />
== Troubleshooting ==<br />
IMPORTANT, what to do when the installer fails? Where are the logs?<br />
<br />
{{:Troubleshoot FOG}}</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Installation&diff=12616Installation2020-02-22T09:46:14Z<p>SebastianRoth: /* Command line options */</p>
<hr />
<div>== Requirements ==<br />
Before diving right into the installation of FOG you need to decide which server OS you are going to use. FOG is made to install on RedHat based distro CentOS, Fedora, RHEL amongst others as well as Debian, Ubuntu and Arch Linux. Choose whichever you like most and have knowledge about! FOG is known to work with any of the above noted systems. Many [[Installation#Installation_manuals|installation manuals]] are available.<br />
<br />
This listing is for informational purposes only, as the required components will be automatically downloaded and installed by the FOG installation script: PHP 5/7, MySql 5+/MariaDB 10+, Apache 2+, DHCP (pretty much any!), TFTP, FTP, NFS<br />
<br />
The LAMP setup can also be easily adjusted for a "WAMP (Windows Apache MySQL PHP) system" though will require a bit more knowledge of what packages to use and how to integrate with the FOG system.<br />
<br />
Please choose the distribution you have the most knowledge about, but the below list has the best support in FOG 1.3.0 right now. This list is by no means an absolute list to follow, though.<br />
<br />
* Ubuntu 16 or higher<br />
<br />
* Debian 8 or higher<br />
<br />
* CentOS 7 or higher<br />
<br />
* Red Hat 6 or higher<br />
<br />
* Fedora 22 or higher<br />
<br />
* Any version of Arch.<br />
<br />
== Download FOG ==<br />
Please see: [[Getting_FOG]]<br />
<br />
== Installer ==<br />
The FOG installer comes as a complex shell script that will handle all the package installs and configuring the services for you. It must be run as root (sudo works as well) to be able to set things up properly. Running the installer on a new system for the first time it will ask you a couple of questions regarding your network configuration and services you want to install.<br />
<br />
=== Modes ===<br />
FOG can be installed in two different modes. First is the normal FOG server which does all of the work. Choose this option if you only want have a single FOG server in your network. The second option is to install a FOG storage node which will serve as a second place to store images on and serve images to more clients (when doing unicast). [[InstallationModes|Here]] you can find some more information about the two modes.<br />
<br />
FOG Server installation modes:<br />
* Normal Server: (Choice N) <br />
This is the typical installation type and<br />
will install all FOG components for you on this<br />
machine. Pick this option if you are unsure what to pick.<br />
<br />
* Storage Node: (Choice S)<br />
This install mode will only install the software required<br />
to make this server act as a node in a storage group<br />
<br />
=== Command line options ===<br />
The FOG installer has quite a few command line options. See the output below. You might want force FOG to setup the web interface via HTTPS, change the default PXE boot file or web root directory.<br />
<br />
./installfog.sh --help<br />
Usage: ./installfog.sh [-h?dEUuHSCKYXTFA] [-f <filename>] [-N <databasename>]<br />
[-D </directory/to/document/root/>] [-c <ssl-path>]<br />
[-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>]<br />
[-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>]<br />
-h -? --help Display this info<br />
-o --oldcopy Copy back old data<br />
-d --no-defaults Don't guess defaults<br />
-U --no-upgrade Don't attempt to upgrade<br />
-H --no-htmldoc No htmldoc, means no PDFs<br />
-S --force-https Force HTTPS for all comunication<br />
-C --recreate-CA Recreate the CA Keys<br />
-K --recreate-keys Recreate the SSL Keys<br />
-Y -y --autoaccept Auto accept defaults and install<br />
-f --file Use different update file<br />
-c --ssl-path Specify the ssl path<br />
defaults to /opt/fog/snapins/ssl<br />
-D --docroot Specify the Apache Docroot for fog<br />
defaults to OS DocumentRoot<br />
-W --webroot Specify the web root url want fog to use<br />
(E.G. http://127.0.0.1/fog,<br />
http://127.0.0.1/)<br />
Defaults to /fog/<br />
-B --backuppath Specify the backup path<br />
--uninstall Uninstall FOG<br />
-s --startrange DHCP Start range<br />
-e --endrange DHCP End range<br />
-b --bootfile DHCP Boot file<br />
-E --no-exportbuild Skip building nfs file<br />
-X --exitFail Do not exit if item fails<br />
-T --no-tftpbuild Do not rebuild the tftpd config file<br />
-F --no-vhost Do not overwrite vhost file<br />
-A --arm-support Install kernel and initrd for ARM platforms<br />
<br />
=== .fogsettings ===<br />
<br />
Full article on the .fogsettings file can be found here: [[.fogsettings]]<br />
<br />
=== Backups ===<br />
TBD<br />
<br />
=== Errorlog ===<br />
TBD<br />
<br />
== Installation manuals ==<br />
=== CentOS ===<br />
[[CentOS 7| CentOS 7]], <br />
[[Installation on CentOS 6.4|CentOS 6.4]] (CentOS 6.5 also works), <br />
[[Installation on CentOS 5.3|CentOS 5.3]] (CentOS 5.4 & 5.5 also covered)<br />
<br />
<br />
=== Debian ===<br />
[[Debian 8]],<br />
[[Installation on Debian Lenny|Debian Wheezy]], <br />
[[Installation on Debian Lenny|Debian Squeeze]], <br />
[[Installation on Debian Lenny|Debian Lenny]]<br />
<br />
=== Fedora ===<br />
[[Fedora 25 Server]],<br />
[[Fedora 24 Server]],<br />
[[Fedora 23 Server]], <br />
[[Fedora_21_Server|Fedora 21 Server]], <br />
[[Installation on Fedora 13|Fedora 13]], <br />
[[Installation on Fedora 8| Fedora 8]],<br />
<br />
=== RHEL ===<br />
TBA<br />
<br />
<br />
=== Ubuntu ===<br />
[[Ubuntu 16.04]]<br />
(<font color="red">obsolete, just for the archive:</font> [[Ubuntu 14.04]], <br />
[[Ubuntu 12.04|Ubuntu 13.10]], <br />
[[Ubuntu 12.04|Ubuntu 13.04]], <br />
[[Ubuntu 12.04|Ubuntu 12.10]], <br />
[[Ubuntu 12.04]], <br />
[[Ubuntu 11.04]], <br />
[[Ubuntu 10.10]], <br />
[[Ubuntu 10.04|Ubuntu 10.04]], <br />
[[Ubuntu 9.04|Ubuntu 9.04]], <br />
Ubuntu 8.10, <br />
Ubuntu 8.04, <br />
[[Installation on 7.10|Ubuntu 7.10]])<br />
<br />
== Virtualization ==<br />
FOG can be used on bare metal as well as in most virtual server and client setups. Some of the virtualization techniques are really great when used with FOG, e.g. snapshots. Some people use virtualization to prepare and capture their "golden (master / reference) images" all on one central location/server. Again like with the server OS we don't prefer any of the following or others that are out there. This is only a collection of hints and tricks plus maybe issues we know about.<br />
<br />
=== Hyper-V ===<br />
<br />
'''Using the New VM Wizard:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Create VM Wizard > Installation Options: Select "Install an operating system from network-based installation server"<br />
<br />
<br />
'''Existing VM:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Right click VM > Settings > BIOS<br />
<br />
Move "Network Adapter" (sometimes labeled "Legacy Network Adapter") to the top of the boot order.<br />
<br />
<br />
'''UEFI:'''<br />
<br />
UEFI/Secure Boot is an option with Hyper-V on Server 2012 on Generation 2 VMs. It is enabled by default, and can be disabled in VM Settings -> Firmware: Uncheck secure boot.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== KVM/QEMU ===<br />
Can be used as kind of a lightweight desktop virtual environment to test FOG and master your images.<br />
Using this on the laptop as local test environment. Search forums and wiki but there is no valuable information about anyone using FOG on a KVM server. Asked user mxc as he seams to use it. Otherwise this will be a brief description on how to use this as I do it.<br />
<br />
# setup network tap device as kind of a local software switch to connect it all<br />
sudo tunctl -t tap0 -u <username><br />
sudo ifconfig tap0 x.x.x.x netmask 255.255.255.0 up<br />
<br />
# generate disk image file<br />
qemu-img create -f qcow2 hd.qcow2 10G<br />
<br />
# start VM using QEMU emulator (BIOS mode)<br />
qemu -m 512 -boot n -net nic,vlan=1 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM using real KVM virtualization (BIOS mode)<br />
kvm -m 512 -boot n -net nic,vlan=1,macaddr=00:00:00:00:00:05 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM as UEFI machine - as well using the more modern '-netdev' parameter<br />
kvm -m 512 -boot n -bios /usr/share/ovmf/OVMF.fd -device virtio-net-pci,netdev=hn0 -netdev tap,id=hn0,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
=== OpenVZ ===<br />
OpenVZ (possibly within Proxmox) is mostly used to run the FOG server in a light weight kind of virtual environment. As OpenVZ is in nature similar to a chrooted environment you cannot actually PXE boot such a container. To install FOG as a server in OpenVZ you need to have NFS support on the host machine first and then add it to the container as well:<br />
<br />
$ lsmod | grep nfsd<br />
nfsd 312315 14<br />
$ grep nfsd /proc/filesystems<br />
nodev nfsd<br />
<br />
If you don't see the kernel module ''nfsd'' loaded you might need to install the nfs-kernel-server package and load the module (usually done by the nfs-kernel-server init script). As mentioned before you need to enable access to ''nfsd'' from within the container you want to install FOG to:<br />
<br />
$ vzctl stop $CONTAINER_ID<br />
$ vzctl set $CONTAINER_ID --feature nfsd:on --save<br />
$ vzctl start $CONTAINER_ID<br />
<br />
After that the installer should run through like it would installing on bare metal or any other virtual environment!<br />
<br />
'''Wake on LAN:'''<br />
<br />
To be able to send WOL and multicast packages the container needs a proper MAC address. This is only the case if you configure the container to use a network bridge (veth instead of venet!).<br />
<br />
=== LXC ===<br />
LXC (used in Proxmox for example) does need some manual configuration tweek - [https://forums.fogproject.org/topic/7978/fog-in-lxc-container-how-to-configure-nfs-server reference]: <br />
* Option 1 - Disable Apparmor:<br />
** Edit the container configuration file and add the line lxc.aa_profile: unconfined.<br />
** On Proxmox the configuration file is located at /etc/pve/lxc/CTID.conf, where CTID is the ID number of the container.<br />
* Option 2 - Edit Apparmor profile to allows NFS:<br />
** Open /etc/apparmor.d/lxc/lxc-default-cgns and add the nfs/rpc lines:<br />
<pre><br />
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which<br />
# will source all profiles under /etc/apparmor.d/lxc<br />
<br />
profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {<br />
#include <abstractions/lxc/container-base><br />
<br />
# the container may never be allowed to mount devpts. If it does, it<br />
# will remount the host's devpts. We could allow it to do it with<br />
# the newinstance option (but, right now, we don't).<br />
deny mount fstype=devpts,<br />
mount fstype=cgroup -> /sys/fs/cgroup/**,<br />
mount fstype=nfs*,<br />
mount fstype=rpc_pipefs,<br />
}<br />
</pre><br />
<br />
* Reload Apparmor: <pre>apparmor_parser -r /etc/apparmor.d/lxc-containers</pre><br />
<br />
'''Important:''' The latest Proxmox update (around 23th of October 2018) broke NFS in LXC containers. Find a fix here: https://forum.proxmox.com/threads/mounting-nfs-in-lxc-not-working-since-latest-update.47815/<br />
<br />
=== VirtualBox ===<br />
Bridged network, host only. Older versions have (PXE?) bug - Tom knows about that.<br />
<br />
Have we seen this issue in the FOG forums yet? http://forum.ipxe.org/showthread.php?tid=7864<br />
<br />
=== VMWare ESXi ===<br />
Running a FOG client within an ESXi server is pretty close to what you would do on a bare metal machine:<br />
<br />
* Create VM as normal.<br />
* Choose network adapter other than VMX3 (e.g. e1000) as we have seen [https://forums.fogproject.org/topic/7108/fog-bzimage-failing-to-load-after-pxe-boot loading issues] with those virtual adapters.<br />
* Open VM Console, start up the VM. Press F2 on Boot Logo to enter BIOS.<br />
* Scroll over to boot tab, use + key to move Network boot to the top of the boot order.<br />
<br />
You can also do an on-demand network boot by hitting F9 on startup, if you don’t want to change the boot order permanently.<br />
<br />
'''UEFI:'''<br />
<br />
UEFI is disabled by default for VMs in ESXI 6.0+. To enable it for a VM, go to VM Settings > Options Tab > Advanced: Boot Options and change the boot firmware from BIOS to EFI.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== VMWare Player ===<br />
Is this still in use?? Don't care if there is nothing about it in wiki or forums!<br />
<br />
=== Xen/XenServer ===<br />
See forums<br />
<br />
* [[Running pre-built virtual machines in Virtualbox|FOG 0.30 VM - Virtualbox]]<br />
* [[Installation on VMWare 0.27|FOG 0.27 VM - VMWare]]<br />
<br />
== Security ==<br />
<br />
[[FOG security]]<br />
<br />
== Troubleshooting ==<br />
IMPORTANT, what to do when the installer fails? Where are the logs?<br />
<br />
{{:Troubleshoot FOG}}</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Installation&diff=12615Installation2020-02-22T09:39:11Z<p>SebastianRoth: /* Ubuntu */</p>
<hr />
<div>== Requirements ==<br />
Before diving right into the installation of FOG you need to decide which server OS you are going to use. FOG is made to install on RedHat based distro CentOS, Fedora, RHEL amongst others as well as Debian, Ubuntu and Arch Linux. Choose whichever you like most and have knowledge about! FOG is known to work with any of the above noted systems. Many [[Installation#Installation_manuals|installation manuals]] are available.<br />
<br />
This listing is for informational purposes only, as the required components will be automatically downloaded and installed by the FOG installation script: PHP 5/7, MySql 5+/MariaDB 10+, Apache 2+, DHCP (pretty much any!), TFTP, FTP, NFS<br />
<br />
The LAMP setup can also be easily adjusted for a "WAMP (Windows Apache MySQL PHP) system" though will require a bit more knowledge of what packages to use and how to integrate with the FOG system.<br />
<br />
Please choose the distribution you have the most knowledge about, but the below list has the best support in FOG 1.3.0 right now. This list is by no means an absolute list to follow, though.<br />
<br />
* Ubuntu 16 or higher<br />
<br />
* Debian 8 or higher<br />
<br />
* CentOS 7 or higher<br />
<br />
* Red Hat 6 or higher<br />
<br />
* Fedora 22 or higher<br />
<br />
* Any version of Arch.<br />
<br />
== Download FOG ==<br />
Please see: [[Getting_FOG]]<br />
<br />
== Installer ==<br />
The FOG installer comes as a complex shell script that will handle all the package installs and configuring the services for you. It must be run as root (sudo works as well) to be able to set things up properly. Running the installer on a new system for the first time it will ask you a couple of questions regarding your network configuration and services you want to install.<br />
<br />
=== Modes ===<br />
FOG can be installed in two different modes. First is the normal FOG server which does all of the work. Choose this option if you only want have a single FOG server in your network. The second option is to install a FOG storage node which will serve as a second place to store images on and serve images to more clients (when doing unicast). [[InstallationModes|Here]] you can find some more information about the two modes.<br />
<br />
FOG Server installation modes:<br />
* Normal Server: (Choice N) <br />
This is the typical installation type and<br />
will install all FOG components for you on this<br />
machine. Pick this option if you are unsure what to pick.<br />
<br />
* Storage Node: (Choice S)<br />
This install mode will only install the software required<br />
to make this server act as a node in a storage group<br />
<br />
=== Command line options ===<br />
The FOG installer has quite a few command line options. See the output below. You might want force FOG to setup the web interface via HTTPS, change the default PXE boot file or web root directory.<br />
<br />
./installfog.sh --help<br />
...<br />
* Found FOG Settings from previous install at: /opt/fog/.fogsettings<br />
* Performing upgrade using these settings<br />
<br />
<br />
Starting Debian based Installation<br />
<br />
<br />
Usage: ./installfog.sh [-h?dEUuHSCKYXT] [-f <filename>]<br />
[-D </directory/to/document/root/>] [-c <sslPath>]<br />
[-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>]<br />
[-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>]<br />
-h -? --help Display this info<br />
-d --no-defaults Don't guess defaults<br />
-U --no-upgrade Don't attempt to upgrade<br />
-H --no-htmldoc No htmldoc, means no PDFs<br />
-S --force-https Force HTTPS redirect<br />
-C --recreate-CA Recreate the CA Keys<br />
-K --recreate-keys Recreate the SSL Keys<br />
-Y -y --autoaccept Auto accept defaults and install<br />
-f --file Use different update file<br />
-c --ssl-file Specify the ssl path<br />
defaults to /opt/fog/snapins/ssl<br />
-D --docroot Specify the Apache Docroot for fog<br />
defaults to OS DocumentRoot<br />
-W --webroot Specify the web root url want fog to use<br />
(E.G. http://127.0.0.1/fog,<br />
http://127.0.0.1/)<br />
Defaults to /fog/<br />
-B --backuppath Specify the backup path<br />
--uninstall Uninstall FOG<br />
-s --startrange DHCP Start range<br />
-e --endrange DHCP End range<br />
-b --bootfile DHCP Boot file<br />
-E --no-exportbuild Skip building nfs file<br />
-X --exitFail Do not exit if item fails<br />
-T --no-tftpbuild Do not rebuild the tftpd config file<br />
-P --no-pxedefault Do not overwrite pxe default file<br />
<br />
<br />
<br />
=== .fogsettings ===<br />
<br />
Full article on the .fogsettings file can be found here: [[.fogsettings]]<br />
<br />
=== Backups ===<br />
TBD<br />
<br />
=== Errorlog ===<br />
TBD<br />
<br />
== Installation manuals ==<br />
=== CentOS ===<br />
[[CentOS 7| CentOS 7]], <br />
[[Installation on CentOS 6.4|CentOS 6.4]] (CentOS 6.5 also works), <br />
[[Installation on CentOS 5.3|CentOS 5.3]] (CentOS 5.4 & 5.5 also covered)<br />
<br />
<br />
=== Debian ===<br />
[[Debian 8]],<br />
[[Installation on Debian Lenny|Debian Wheezy]], <br />
[[Installation on Debian Lenny|Debian Squeeze]], <br />
[[Installation on Debian Lenny|Debian Lenny]]<br />
<br />
=== Fedora ===<br />
[[Fedora 25 Server]],<br />
[[Fedora 24 Server]],<br />
[[Fedora 23 Server]], <br />
[[Fedora_21_Server|Fedora 21 Server]], <br />
[[Installation on Fedora 13|Fedora 13]], <br />
[[Installation on Fedora 8| Fedora 8]],<br />
<br />
=== RHEL ===<br />
TBA<br />
<br />
<br />
=== Ubuntu ===<br />
[[Ubuntu 16.04]]<br />
(<font color="red">obsolete, just for the archive:</font> [[Ubuntu 14.04]], <br />
[[Ubuntu 12.04|Ubuntu 13.10]], <br />
[[Ubuntu 12.04|Ubuntu 13.04]], <br />
[[Ubuntu 12.04|Ubuntu 12.10]], <br />
[[Ubuntu 12.04]], <br />
[[Ubuntu 11.04]], <br />
[[Ubuntu 10.10]], <br />
[[Ubuntu 10.04|Ubuntu 10.04]], <br />
[[Ubuntu 9.04|Ubuntu 9.04]], <br />
Ubuntu 8.10, <br />
Ubuntu 8.04, <br />
[[Installation on 7.10|Ubuntu 7.10]])<br />
<br />
== Virtualization ==<br />
FOG can be used on bare metal as well as in most virtual server and client setups. Some of the virtualization techniques are really great when used with FOG, e.g. snapshots. Some people use virtualization to prepare and capture their "golden (master / reference) images" all on one central location/server. Again like with the server OS we don't prefer any of the following or others that are out there. This is only a collection of hints and tricks plus maybe issues we know about.<br />
<br />
=== Hyper-V ===<br />
<br />
'''Using the New VM Wizard:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Create VM Wizard > Installation Options: Select "Install an operating system from network-based installation server"<br />
<br />
<br />
'''Existing VM:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Right click VM > Settings > BIOS<br />
<br />
Move "Network Adapter" (sometimes labeled "Legacy Network Adapter") to the top of the boot order.<br />
<br />
<br />
'''UEFI:'''<br />
<br />
UEFI/Secure Boot is an option with Hyper-V on Server 2012 on Generation 2 VMs. It is enabled by default, and can be disabled in VM Settings -> Firmware: Uncheck secure boot.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== KVM/QEMU ===<br />
Can be used as kind of a lightweight desktop virtual environment to test FOG and master your images.<br />
Using this on the laptop as local test environment. Search forums and wiki but there is no valuable information about anyone using FOG on a KVM server. Asked user mxc as he seams to use it. Otherwise this will be a brief description on how to use this as I do it.<br />
<br />
# setup network tap device as kind of a local software switch to connect it all<br />
sudo tunctl -t tap0 -u <username><br />
sudo ifconfig tap0 x.x.x.x netmask 255.255.255.0 up<br />
<br />
# generate disk image file<br />
qemu-img create -f qcow2 hd.qcow2 10G<br />
<br />
# start VM using QEMU emulator (BIOS mode)<br />
qemu -m 512 -boot n -net nic,vlan=1 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM using real KVM virtualization (BIOS mode)<br />
kvm -m 512 -boot n -net nic,vlan=1,macaddr=00:00:00:00:00:05 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM as UEFI machine - as well using the more modern '-netdev' parameter<br />
kvm -m 512 -boot n -bios /usr/share/ovmf/OVMF.fd -device virtio-net-pci,netdev=hn0 -netdev tap,id=hn0,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
=== OpenVZ ===<br />
OpenVZ (possibly within Proxmox) is mostly used to run the FOG server in a light weight kind of virtual environment. As OpenVZ is in nature similar to a chrooted environment you cannot actually PXE boot such a container. To install FOG as a server in OpenVZ you need to have NFS support on the host machine first and then add it to the container as well:<br />
<br />
$ lsmod | grep nfsd<br />
nfsd 312315 14<br />
$ grep nfsd /proc/filesystems<br />
nodev nfsd<br />
<br />
If you don't see the kernel module ''nfsd'' loaded you might need to install the nfs-kernel-server package and load the module (usually done by the nfs-kernel-server init script). As mentioned before you need to enable access to ''nfsd'' from within the container you want to install FOG to:<br />
<br />
$ vzctl stop $CONTAINER_ID<br />
$ vzctl set $CONTAINER_ID --feature nfsd:on --save<br />
$ vzctl start $CONTAINER_ID<br />
<br />
After that the installer should run through like it would installing on bare metal or any other virtual environment!<br />
<br />
'''Wake on LAN:'''<br />
<br />
To be able to send WOL and multicast packages the container needs a proper MAC address. This is only the case if you configure the container to use a network bridge (veth instead of venet!).<br />
<br />
=== LXC ===<br />
LXC (used in Proxmox for example) does need some manual configuration tweek - [https://forums.fogproject.org/topic/7978/fog-in-lxc-container-how-to-configure-nfs-server reference]: <br />
* Option 1 - Disable Apparmor:<br />
** Edit the container configuration file and add the line lxc.aa_profile: unconfined.<br />
** On Proxmox the configuration file is located at /etc/pve/lxc/CTID.conf, where CTID is the ID number of the container.<br />
* Option 2 - Edit Apparmor profile to allows NFS:<br />
** Open /etc/apparmor.d/lxc/lxc-default-cgns and add the nfs/rpc lines:<br />
<pre><br />
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which<br />
# will source all profiles under /etc/apparmor.d/lxc<br />
<br />
profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {<br />
#include <abstractions/lxc/container-base><br />
<br />
# the container may never be allowed to mount devpts. If it does, it<br />
# will remount the host's devpts. We could allow it to do it with<br />
# the newinstance option (but, right now, we don't).<br />
deny mount fstype=devpts,<br />
mount fstype=cgroup -> /sys/fs/cgroup/**,<br />
mount fstype=nfs*,<br />
mount fstype=rpc_pipefs,<br />
}<br />
</pre><br />
<br />
* Reload Apparmor: <pre>apparmor_parser -r /etc/apparmor.d/lxc-containers</pre><br />
<br />
'''Important:''' The latest Proxmox update (around 23th of October 2018) broke NFS in LXC containers. Find a fix here: https://forum.proxmox.com/threads/mounting-nfs-in-lxc-not-working-since-latest-update.47815/<br />
<br />
=== VirtualBox ===<br />
Bridged network, host only. Older versions have (PXE?) bug - Tom knows about that.<br />
<br />
Have we seen this issue in the FOG forums yet? http://forum.ipxe.org/showthread.php?tid=7864<br />
<br />
=== VMWare ESXi ===<br />
Running a FOG client within an ESXi server is pretty close to what you would do on a bare metal machine:<br />
<br />
* Create VM as normal.<br />
* Choose network adapter other than VMX3 (e.g. e1000) as we have seen [https://forums.fogproject.org/topic/7108/fog-bzimage-failing-to-load-after-pxe-boot loading issues] with those virtual adapters.<br />
* Open VM Console, start up the VM. Press F2 on Boot Logo to enter BIOS.<br />
* Scroll over to boot tab, use + key to move Network boot to the top of the boot order.<br />
<br />
You can also do an on-demand network boot by hitting F9 on startup, if you don’t want to change the boot order permanently.<br />
<br />
'''UEFI:'''<br />
<br />
UEFI is disabled by default for VMs in ESXI 6.0+. To enable it for a VM, go to VM Settings > Options Tab > Advanced: Boot Options and change the boot firmware from BIOS to EFI.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== VMWare Player ===<br />
Is this still in use?? Don't care if there is nothing about it in wiki or forums!<br />
<br />
=== Xen/XenServer ===<br />
See forums<br />
<br />
* [[Running pre-built virtual machines in Virtualbox|FOG 0.30 VM - Virtualbox]]<br />
* [[Installation on VMWare 0.27|FOG 0.27 VM - VMWare]]<br />
<br />
== Security ==<br />
<br />
[[FOG security]]<br />
<br />
== Troubleshooting ==<br />
IMPORTANT, what to do when the installer fails? Where are the logs?<br />
<br />
{{:Troubleshoot FOG}}</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Installation&diff=12614Installation2020-02-22T09:37:47Z<p>SebastianRoth: /* Ubuntu */</p>
<hr />
<div>== Requirements ==<br />
Before diving right into the installation of FOG you need to decide which server OS you are going to use. FOG is made to install on RedHat based distro CentOS, Fedora, RHEL amongst others as well as Debian, Ubuntu and Arch Linux. Choose whichever you like most and have knowledge about! FOG is known to work with any of the above noted systems. Many [[Installation#Installation_manuals|installation manuals]] are available.<br />
<br />
This listing is for informational purposes only, as the required components will be automatically downloaded and installed by the FOG installation script: PHP 5/7, MySql 5+/MariaDB 10+, Apache 2+, DHCP (pretty much any!), TFTP, FTP, NFS<br />
<br />
The LAMP setup can also be easily adjusted for a "WAMP (Windows Apache MySQL PHP) system" though will require a bit more knowledge of what packages to use and how to integrate with the FOG system.<br />
<br />
Please choose the distribution you have the most knowledge about, but the below list has the best support in FOG 1.3.0 right now. This list is by no means an absolute list to follow, though.<br />
<br />
* Ubuntu 16 or higher<br />
<br />
* Debian 8 or higher<br />
<br />
* CentOS 7 or higher<br />
<br />
* Red Hat 6 or higher<br />
<br />
* Fedora 22 or higher<br />
<br />
* Any version of Arch.<br />
<br />
== Download FOG ==<br />
Please see: [[Getting_FOG]]<br />
<br />
== Installer ==<br />
The FOG installer comes as a complex shell script that will handle all the package installs and configuring the services for you. It must be run as root (sudo works as well) to be able to set things up properly. Running the installer on a new system for the first time it will ask you a couple of questions regarding your network configuration and services you want to install.<br />
<br />
=== Modes ===<br />
FOG can be installed in two different modes. First is the normal FOG server which does all of the work. Choose this option if you only want have a single FOG server in your network. The second option is to install a FOG storage node which will serve as a second place to store images on and serve images to more clients (when doing unicast). [[InstallationModes|Here]] you can find some more information about the two modes.<br />
<br />
FOG Server installation modes:<br />
* Normal Server: (Choice N) <br />
This is the typical installation type and<br />
will install all FOG components for you on this<br />
machine. Pick this option if you are unsure what to pick.<br />
<br />
* Storage Node: (Choice S)<br />
This install mode will only install the software required<br />
to make this server act as a node in a storage group<br />
<br />
=== Command line options ===<br />
The FOG installer has quite a few command line options. See the output below. You might want force FOG to setup the web interface via HTTPS, change the default PXE boot file or web root directory.<br />
<br />
./installfog.sh --help<br />
...<br />
* Found FOG Settings from previous install at: /opt/fog/.fogsettings<br />
* Performing upgrade using these settings<br />
<br />
<br />
Starting Debian based Installation<br />
<br />
<br />
Usage: ./installfog.sh [-h?dEUuHSCKYXT] [-f <filename>]<br />
[-D </directory/to/document/root/>] [-c <sslPath>]<br />
[-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>]<br />
[-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>]<br />
-h -? --help Display this info<br />
-d --no-defaults Don't guess defaults<br />
-U --no-upgrade Don't attempt to upgrade<br />
-H --no-htmldoc No htmldoc, means no PDFs<br />
-S --force-https Force HTTPS redirect<br />
-C --recreate-CA Recreate the CA Keys<br />
-K --recreate-keys Recreate the SSL Keys<br />
-Y -y --autoaccept Auto accept defaults and install<br />
-f --file Use different update file<br />
-c --ssl-file Specify the ssl path<br />
defaults to /opt/fog/snapins/ssl<br />
-D --docroot Specify the Apache Docroot for fog<br />
defaults to OS DocumentRoot<br />
-W --webroot Specify the web root url want fog to use<br />
(E.G. http://127.0.0.1/fog,<br />
http://127.0.0.1/)<br />
Defaults to /fog/<br />
-B --backuppath Specify the backup path<br />
--uninstall Uninstall FOG<br />
-s --startrange DHCP Start range<br />
-e --endrange DHCP End range<br />
-b --bootfile DHCP Boot file<br />
-E --no-exportbuild Skip building nfs file<br />
-X --exitFail Do not exit if item fails<br />
-T --no-tftpbuild Do not rebuild the tftpd config file<br />
-P --no-pxedefault Do not overwrite pxe default file<br />
<br />
<br />
<br />
=== .fogsettings ===<br />
<br />
Full article on the .fogsettings file can be found here: [[.fogsettings]]<br />
<br />
=== Backups ===<br />
TBD<br />
<br />
=== Errorlog ===<br />
TBD<br />
<br />
== Installation manuals ==<br />
=== CentOS ===<br />
[[CentOS 7| CentOS 7]], <br />
[[Installation on CentOS 6.4|CentOS 6.4]] (CentOS 6.5 also works), <br />
[[Installation on CentOS 5.3|CentOS 5.3]] (CentOS 5.4 & 5.5 also covered)<br />
<br />
<br />
=== Debian ===<br />
[[Debian 8]],<br />
[[Installation on Debian Lenny|Debian Wheezy]], <br />
[[Installation on Debian Lenny|Debian Squeeze]], <br />
[[Installation on Debian Lenny|Debian Lenny]]<br />
<br />
=== Fedora ===<br />
[[Fedora 25 Server]],<br />
[[Fedora 24 Server]],<br />
[[Fedora 23 Server]], <br />
[[Fedora_21_Server|Fedora 21 Server]], <br />
[[Installation on Fedora 13|Fedora 13]], <br />
[[Installation on Fedora 8| Fedora 8]],<br />
<br />
=== RHEL ===<br />
TBA<br />
<br />
<br />
=== Ubuntu ===<br />
[[Ubuntu 16.04]]<br />
[[Ubuntu 14.04]], <br />
[[Ubuntu 12.04|Ubuntu 13.10]], <br />
[[Ubuntu 12.04|Ubuntu 13.04]], <br />
[[Ubuntu 12.04|Ubuntu 12.10]], <br />
[[Ubuntu 12.04]], <br />
[[Ubuntu 11.04]], <br />
[[Ubuntu 10.10]], <br />
[[Ubuntu 10.04|Ubuntu 10.04]], <br />
[[Ubuntu 9.04|Ubuntu 9.04]], <br />
Ubuntu 8.10, <br />
Ubuntu 8.04, <br />
[[Installation on 7.10|Ubuntu 7.10]]<br />
<br />
== Virtualization ==<br />
FOG can be used on bare metal as well as in most virtual server and client setups. Some of the virtualization techniques are really great when used with FOG, e.g. snapshots. Some people use virtualization to prepare and capture their "golden (master / reference) images" all on one central location/server. Again like with the server OS we don't prefer any of the following or others that are out there. This is only a collection of hints and tricks plus maybe issues we know about.<br />
<br />
=== Hyper-V ===<br />
<br />
'''Using the New VM Wizard:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Create VM Wizard > Installation Options: Select "Install an operating system from network-based installation server"<br />
<br />
<br />
'''Existing VM:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Right click VM > Settings > BIOS<br />
<br />
Move "Network Adapter" (sometimes labeled "Legacy Network Adapter") to the top of the boot order.<br />
<br />
<br />
'''UEFI:'''<br />
<br />
UEFI/Secure Boot is an option with Hyper-V on Server 2012 on Generation 2 VMs. It is enabled by default, and can be disabled in VM Settings -> Firmware: Uncheck secure boot.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== KVM/QEMU ===<br />
Can be used as kind of a lightweight desktop virtual environment to test FOG and master your images.<br />
Using this on the laptop as local test environment. Search forums and wiki but there is no valuable information about anyone using FOG on a KVM server. Asked user mxc as he seams to use it. Otherwise this will be a brief description on how to use this as I do it.<br />
<br />
# setup network tap device as kind of a local software switch to connect it all<br />
sudo tunctl -t tap0 -u <username><br />
sudo ifconfig tap0 x.x.x.x netmask 255.255.255.0 up<br />
<br />
# generate disk image file<br />
qemu-img create -f qcow2 hd.qcow2 10G<br />
<br />
# start VM using QEMU emulator (BIOS mode)<br />
qemu -m 512 -boot n -net nic,vlan=1 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM using real KVM virtualization (BIOS mode)<br />
kvm -m 512 -boot n -net nic,vlan=1,macaddr=00:00:00:00:00:05 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM as UEFI machine - as well using the more modern '-netdev' parameter<br />
kvm -m 512 -boot n -bios /usr/share/ovmf/OVMF.fd -device virtio-net-pci,netdev=hn0 -netdev tap,id=hn0,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
=== OpenVZ ===<br />
OpenVZ (possibly within Proxmox) is mostly used to run the FOG server in a light weight kind of virtual environment. As OpenVZ is in nature similar to a chrooted environment you cannot actually PXE boot such a container. To install FOG as a server in OpenVZ you need to have NFS support on the host machine first and then add it to the container as well:<br />
<br />
$ lsmod | grep nfsd<br />
nfsd 312315 14<br />
$ grep nfsd /proc/filesystems<br />
nodev nfsd<br />
<br />
If you don't see the kernel module ''nfsd'' loaded you might need to install the nfs-kernel-server package and load the module (usually done by the nfs-kernel-server init script). As mentioned before you need to enable access to ''nfsd'' from within the container you want to install FOG to:<br />
<br />
$ vzctl stop $CONTAINER_ID<br />
$ vzctl set $CONTAINER_ID --feature nfsd:on --save<br />
$ vzctl start $CONTAINER_ID<br />
<br />
After that the installer should run through like it would installing on bare metal or any other virtual environment!<br />
<br />
'''Wake on LAN:'''<br />
<br />
To be able to send WOL and multicast packages the container needs a proper MAC address. This is only the case if you configure the container to use a network bridge (veth instead of venet!).<br />
<br />
=== LXC ===<br />
LXC (used in Proxmox for example) does need some manual configuration tweek - [https://forums.fogproject.org/topic/7978/fog-in-lxc-container-how-to-configure-nfs-server reference]: <br />
* Option 1 - Disable Apparmor:<br />
** Edit the container configuration file and add the line lxc.aa_profile: unconfined.<br />
** On Proxmox the configuration file is located at /etc/pve/lxc/CTID.conf, where CTID is the ID number of the container.<br />
* Option 2 - Edit Apparmor profile to allows NFS:<br />
** Open /etc/apparmor.d/lxc/lxc-default-cgns and add the nfs/rpc lines:<br />
<pre><br />
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which<br />
# will source all profiles under /etc/apparmor.d/lxc<br />
<br />
profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {<br />
#include <abstractions/lxc/container-base><br />
<br />
# the container may never be allowed to mount devpts. If it does, it<br />
# will remount the host's devpts. We could allow it to do it with<br />
# the newinstance option (but, right now, we don't).<br />
deny mount fstype=devpts,<br />
mount fstype=cgroup -> /sys/fs/cgroup/**,<br />
mount fstype=nfs*,<br />
mount fstype=rpc_pipefs,<br />
}<br />
</pre><br />
<br />
* Reload Apparmor: <pre>apparmor_parser -r /etc/apparmor.d/lxc-containers</pre><br />
<br />
'''Important:''' The latest Proxmox update (around 23th of October 2018) broke NFS in LXC containers. Find a fix here: https://forum.proxmox.com/threads/mounting-nfs-in-lxc-not-working-since-latest-update.47815/<br />
<br />
=== VirtualBox ===<br />
Bridged network, host only. Older versions have (PXE?) bug - Tom knows about that.<br />
<br />
Have we seen this issue in the FOG forums yet? http://forum.ipxe.org/showthread.php?tid=7864<br />
<br />
=== VMWare ESXi ===<br />
Running a FOG client within an ESXi server is pretty close to what you would do on a bare metal machine:<br />
<br />
* Create VM as normal.<br />
* Choose network adapter other than VMX3 (e.g. e1000) as we have seen [https://forums.fogproject.org/topic/7108/fog-bzimage-failing-to-load-after-pxe-boot loading issues] with those virtual adapters.<br />
* Open VM Console, start up the VM. Press F2 on Boot Logo to enter BIOS.<br />
* Scroll over to boot tab, use + key to move Network boot to the top of the boot order.<br />
<br />
You can also do an on-demand network boot by hitting F9 on startup, if you don’t want to change the boot order permanently.<br />
<br />
'''UEFI:'''<br />
<br />
UEFI is disabled by default for VMs in ESXI 6.0+. To enable it for a VM, go to VM Settings > Options Tab > Advanced: Boot Options and change the boot firmware from BIOS to EFI.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== VMWare Player ===<br />
Is this still in use?? Don't care if there is nothing about it in wiki or forums!<br />
<br />
=== Xen/XenServer ===<br />
See forums<br />
<br />
* [[Running pre-built virtual machines in Virtualbox|FOG 0.30 VM - Virtualbox]]<br />
* [[Installation on VMWare 0.27|FOG 0.27 VM - VMWare]]<br />
<br />
== Security ==<br />
<br />
[[FOG security]]<br />
<br />
== Troubleshooting ==<br />
IMPORTANT, what to do when the installer fails? Where are the logs?<br />
<br />
{{:Troubleshoot FOG}}</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Ubuntu_14.04&diff=12613Ubuntu 14.042020-02-22T09:36:54Z<p>SebastianRoth: </p>
<hr />
<div><font color="red">Note:</font> Ubuntu 14.x is end of life. We don't recommend using it anymore. Current FOG 1.5.8 doesn't install properly.<br />
<br />
<font color="red">Note:</font> The below instructions are written for fog 0.32 which is '''very obsolete'''. It's recommended to use fog 1.3.0 and up for Ubuntu 14+. Currently (January 2016), 1.3.0 is in development but is just about ready for release. The developmental version of FOG Trunk will install on Ubuntu 14.04 out-of-the-box and without issue. You can find instructions on getting it here: [[Upgrade to trunk]]<br />
<br />
<br />
<br />
== Setup & Installation ==<br />
<br />
# Insert your Ubuntu installation disc and reboot the computer. Boot from the disc, Ubuntu will launch in it’s live form for you to get a feel for the OS or install. You will be presented with two options, install Ubuntu or run a Live instance. Click the “Install Ubuntu” Option when it is presented to you at the Welcome screen.<br />
# Proceed with a normal install of Ubuntu. It is recommended to make the choice to Download the Latest updates while installing by Ticking the checkbox. Ubuntu will now examine hardware and alert you of any previously existing operating systems. Recommended that you remove all information unless you have other OS's you want to keep on the system. During the install Ubuntu will ask you to set your timezone, Layout, and some user information such as a user name and password. Set this information to your liking. In the latest flavors of Ubuntu the Root user account is disabled, after installation this guide will show you how to enable it. Ubuntu will copy files and begin the installation.<br />
# After installation is complete, reboot. Remove the installation disc and press enter, your computer will reboot and boot up in it’s new operating system that is much faster and more durable than it’s squishy, virus prone, partners. Log in with the Password and the User you specified during installation.<br />
<br />
Your system should now be installed and ready to go.<br />
<br />
== Enabling Root on Ubuntu ==<br />
*THIS IS OPTIONAL NOT REQUIRED<br />
# Please open up a terminal or console and log in as the user you created.<br />
# To gain access, enter the following command and re-type the user password.<br />
#*<pre>sudo su -</pre><br />
#Then type the following command:<br />
#*<pre>passwd root</pre><br />
#*It will ask you to enter the new password. You will not see anything being entered, but it is typing. Once complete Press Enter.<br />
#*It will ask you to confirm the password. You will not see anything being entered, but it is typing. Once complete Press Enter.<br />
#*The terminal will return with <code>Password updated successfully!</code><br />
#Type or copy the following code into the terminal and press enter.<br />
#*Ubuntu 14.04:<br />
#**<pre>echo "greeter-show-manual-login=true" >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf</pre><br />
#*Ubuntu 14.10:<br />
#**<pre>echo "greeter-show-manual-login=true" >> /etc/lightdm/lightdm.conf</pre><br />
#Please restart the machine with the command:<br />
#*<pre>shutdown -r now</pre><br />
#Once the system returns, you can now login as the root user even from the GUI. Just type the username: <code>root</code> in the Password field, you'll type the password you set in the passwd root command above.<br />
<br />
== Setting static IP ==<br />
# Click the “Dash Home” icon again, in the text box at the top type “Network” and select the first icon in the list displayed as “Network”. Select Wired and click Options. Select the “IPV4 Settings” tab and change the method from Automatic to Manual, Add, and supply the server with a proper IP address and information. Click Save. Your connection will reconnect.<br />
# Next click on FireFox and in the browser navigate to the webpage http://www.fogproject.org and follow the download links to download the latest version of FOG, at the time of writing it is 0.32. Right mouse click and select show in folder and close your browser and all other open windows. Move the file to your desktop if you haven’t already. Right mouse click and select “Extract Here”.<br />
# Now open a terminal and issue the following commands<br />
#<pre>sudo nano /etc/resolvconf/resolv.conf.d/head</pre><br />
# Add the following line where x.x.x.x is the ip address of your DNS. If you need to supply multiple DNS entries, separate entries with a space (i.e. nameserver x.x.x.x y.y.y.y z.z.z.z)<br />
#<pre>nameserver x.x.x.x</pre><br />
<br />
''' NOTE: GIVEN THE DATE OF THE FOG 0.32 REVISION SOME PACKAGES ARE NO LONGER SUPPORTED AND MUST BE UPDATED WE WILL DO THIS FIRST!!! '''<br />
<br />
== Update and Install Packages ==<br />
*You will find the latest "Stable" release of FOG here '''[http://sourceforge.net/projects/freeghost/files/latest/download?source=files sourceforge]'''<br />
*You can also update to the latest "Beta". Please see [[Upgrade_to_trunk]]<br />
'''FOR EXAMPLE: '''<br />
*Click on the “Dash Home” Icon again, type “Terminal” into the search box and select the first Icon. Now we are going to install FOG and configure it. We will do the installation through the Terminal with a number of commands, please follow them and remember to press enter after each line. Note the Capital and lower case letters, linux is VERY picky, “A” is not the same as “a”.<br />
**Run the folowing in the terminal<br />
<pre>cd Desktop/<br />
cd fog_0.32/<br />
cd packages<br />
wget https://svn.code.sf.net/p/freeghost/code/trunk/packages/udpcast-20120424.tar.gz<br />
rm -f udpcast-20071228.tar.gz<br />
sed -i 's:udpcastout="udpcast-20071228":udpcastout="udpcast-20120424":' ../lib/common/config.sh<br />
sed -i 's:udpcastsrc="../packages/udpcast-20071228.tar.gz":udpcastsrc="../packages/udpcast-20120424.tar.gz":' ../lib/common/config.sh<br />
cd ../bin/<br />
sudo ./installfog.sh</pre><br />
# The following commands are for the installfog.sh installer information. '''Change the relevant values for your particular system.'''<br />
#* Type 2 and press Enter for Ubuntu installation.<br />
#* Type N and press Enter for Normal installation<br />
#* Supply IP Address, it SHOULD be the static IP address you set up earlier, if it is not please revert to step 5 and try again.<br />
#* Type Y and press Enter setup DHCP Server.<br />
#* Enter the IP Address associated with your DHCP Server<br />
#* Type Y and press Enter to set up DNS.<br />
#* Enter the DNS Server address and press Enter.<br />
#* Type N and press Enter to leave the default Network Card the same.<br />
#* Type N to disable DHCP Service.<br />
#* '''NOTE: It tells you that in order to use your PXE server you have to run a few commands on your DHCP server, this is not entirely true, but it definitely helps, this will point your clients to your server, or you can disconnect your server from the outside world while you image.'''<br />
#* Type N to not install Additional Languages.<br />
#* Type Y and press Enter.<br />
# Next it will verify the settings, make sure everything has been entered correctly.<br />
#* '''NOTE: I set up Fog with default passwords for MYSQL and users, you can supply information if you like, just make notes.'''<br />
#* Type a password for the “root” user in MySQL and press enter.<br />
#* Type the Password again and press enter.<br />
#* Type the Password again and press enter.<br />
#* Type Y to send your install information to the Project, and it will take some time to complete.<br />
<br />
== New Web Layout ==<br />
'''Ubuntu 14.04 moved from the /var/www document root to /var/www/html document root layout. Because of this, we have to either move the /var/www/fog directory to /var/www/html or simply create a link.'''<br />
=== Open a terminal and sudo up to root. ===<br />
* <pre>sudo su -</pre><br />
'''Move fog folder so it's accessible.'''<br />
* <pre>mv /var/www/fog /var/www/html/</pre><br />
'''Link the folder instead of move.'''<br />
* <pre>ln -s /var/www/fog /var/www/html/fog</pre><br />
<br />
== Complete the configuration ==<br />
# Now we need to set up the web GUI for FOG. Open your browser and navigate to http://(serveripaddress)/fog/management. Or click the link in the Terminal window.<br />
# The web GUI will alert you to back up your database for MYSQL Server and install the upgrades, do so and follow the upgrade instructions.<br />
# Next log in, default user name is FOG and the password is password.<br />
# Click “User Management” the Second Icon from the Left. Click “New User” on the left and set up a new user. Supply the name, password, and check the “Mobile/Quick Access only” box and press create user. In the PXE menu when doing a Quick Image, you will need to provide the username and password specified here to complete the image process.<br />
# Image Management will allow you to create images, '''NOTE: MUST BE DONE PRIOR TO IMPORTING A HOST TO YOUR FOG SERVER''', otherwise you will have to create one and select it later. Click “New Image” on the left. Give the image a name, a description, select “Default” for Storage, and give the file a name, no spaces. Select Multiple Partition image – Single Disk (Not resizeable) or Multiple Partition image – All Disks (Not resizeable) I have never had a problem using these settings. However Single Partition (NTFS, Only Re-sizable) will work as well. DO NOT use the RAW format, it takes a long time to capture and does so sector by sector. This would be a recommendation if you are backing up a Linux partition. Click Add.<br />
# Host Management will allow you to manually add or manage a host, I recommend using the PXE menu to register your hosts, but if you need to change information or the image type you can do it here.<br />
# Your FOG server is configured and setup, register a host via the PXE menu.<br />
# On your FOG Server in the WEB GUI, click on Task Management. On the left hand side, select “List all hosts” click on the “Capture” arrow for the host you just added. Select when you want the task to run, I set it a few minutes in the future. FOG has the ability to reboot your machine into the PXE menu to begin it’s process, but I simply reboot the computer, fog will find it and begin the image process<br />
# CONGRATULATIONS you now have a working FOG Server and a host image ready to deploy. In order to deploy an Image, boot into the PXE menu and register the host, next select “Quick Image” and begin the image process, or select the host from the “Task Management” screen and select “Deploy” and reboot the workstation after supplying a time to begin the task, the workstation will begin its image process.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Installation&diff=12612Installation2020-02-22T09:34:29Z<p>SebastianRoth: /* Requirements */</p>
<hr />
<div>== Requirements ==<br />
Before diving right into the installation of FOG you need to decide which server OS you are going to use. FOG is made to install on RedHat based distro CentOS, Fedora, RHEL amongst others as well as Debian, Ubuntu and Arch Linux. Choose whichever you like most and have knowledge about! FOG is known to work with any of the above noted systems. Many [[Installation#Installation_manuals|installation manuals]] are available.<br />
<br />
This listing is for informational purposes only, as the required components will be automatically downloaded and installed by the FOG installation script: PHP 5/7, MySql 5+/MariaDB 10+, Apache 2+, DHCP (pretty much any!), TFTP, FTP, NFS<br />
<br />
The LAMP setup can also be easily adjusted for a "WAMP (Windows Apache MySQL PHP) system" though will require a bit more knowledge of what packages to use and how to integrate with the FOG system.<br />
<br />
Please choose the distribution you have the most knowledge about, but the below list has the best support in FOG 1.3.0 right now. This list is by no means an absolute list to follow, though.<br />
<br />
* Ubuntu 16 or higher<br />
<br />
* Debian 8 or higher<br />
<br />
* CentOS 7 or higher<br />
<br />
* Red Hat 6 or higher<br />
<br />
* Fedora 22 or higher<br />
<br />
* Any version of Arch.<br />
<br />
== Download FOG ==<br />
Please see: [[Getting_FOG]]<br />
<br />
== Installer ==<br />
The FOG installer comes as a complex shell script that will handle all the package installs and configuring the services for you. It must be run as root (sudo works as well) to be able to set things up properly. Running the installer on a new system for the first time it will ask you a couple of questions regarding your network configuration and services you want to install.<br />
<br />
=== Modes ===<br />
FOG can be installed in two different modes. First is the normal FOG server which does all of the work. Choose this option if you only want have a single FOG server in your network. The second option is to install a FOG storage node which will serve as a second place to store images on and serve images to more clients (when doing unicast). [[InstallationModes|Here]] you can find some more information about the two modes.<br />
<br />
FOG Server installation modes:<br />
* Normal Server: (Choice N) <br />
This is the typical installation type and<br />
will install all FOG components for you on this<br />
machine. Pick this option if you are unsure what to pick.<br />
<br />
* Storage Node: (Choice S)<br />
This install mode will only install the software required<br />
to make this server act as a node in a storage group<br />
<br />
=== Command line options ===<br />
The FOG installer has quite a few command line options. See the output below. You might want force FOG to setup the web interface via HTTPS, change the default PXE boot file or web root directory.<br />
<br />
./installfog.sh --help<br />
...<br />
* Found FOG Settings from previous install at: /opt/fog/.fogsettings<br />
* Performing upgrade using these settings<br />
<br />
<br />
Starting Debian based Installation<br />
<br />
<br />
Usage: ./installfog.sh [-h?dEUuHSCKYXT] [-f <filename>]<br />
[-D </directory/to/document/root/>] [-c <sslPath>]<br />
[-W <webroot/to/fog/after/docroot/>] [-B </backup/path/>]<br />
[-s <192.168.1.10>] [-e <192.168.1.254>] [-b <undionly.kpxe>]<br />
-h -? --help Display this info<br />
-d --no-defaults Don't guess defaults<br />
-U --no-upgrade Don't attempt to upgrade<br />
-H --no-htmldoc No htmldoc, means no PDFs<br />
-S --force-https Force HTTPS redirect<br />
-C --recreate-CA Recreate the CA Keys<br />
-K --recreate-keys Recreate the SSL Keys<br />
-Y -y --autoaccept Auto accept defaults and install<br />
-f --file Use different update file<br />
-c --ssl-file Specify the ssl path<br />
defaults to /opt/fog/snapins/ssl<br />
-D --docroot Specify the Apache Docroot for fog<br />
defaults to OS DocumentRoot<br />
-W --webroot Specify the web root url want fog to use<br />
(E.G. http://127.0.0.1/fog,<br />
http://127.0.0.1/)<br />
Defaults to /fog/<br />
-B --backuppath Specify the backup path<br />
--uninstall Uninstall FOG<br />
-s --startrange DHCP Start range<br />
-e --endrange DHCP End range<br />
-b --bootfile DHCP Boot file<br />
-E --no-exportbuild Skip building nfs file<br />
-X --exitFail Do not exit if item fails<br />
-T --no-tftpbuild Do not rebuild the tftpd config file<br />
-P --no-pxedefault Do not overwrite pxe default file<br />
<br />
<br />
<br />
=== .fogsettings ===<br />
<br />
Full article on the .fogsettings file can be found here: [[.fogsettings]]<br />
<br />
=== Backups ===<br />
TBD<br />
<br />
=== Errorlog ===<br />
TBD<br />
<br />
== Installation manuals ==<br />
=== CentOS ===<br />
[[CentOS 7| CentOS 7]], <br />
[[Installation on CentOS 6.4|CentOS 6.4]] (CentOS 6.5 also works), <br />
[[Installation on CentOS 5.3|CentOS 5.3]] (CentOS 5.4 & 5.5 also covered)<br />
<br />
<br />
=== Debian ===<br />
[[Debian 8]],<br />
[[Installation on Debian Lenny|Debian Wheezy]], <br />
[[Installation on Debian Lenny|Debian Squeeze]], <br />
[[Installation on Debian Lenny|Debian Lenny]]<br />
<br />
=== Fedora ===<br />
[[Fedora 25 Server]],<br />
[[Fedora 24 Server]],<br />
[[Fedora 23 Server]], <br />
[[Fedora_21_Server|Fedora 21 Server]], <br />
[[Installation on Fedora 13|Fedora 13]], <br />
[[Installation on Fedora 8| Fedora 8]],<br />
<br />
=== RHEL ===<br />
TBA<br />
<br />
<br />
=== Ubuntu ===<br />
[[Ubuntu 16.04]]<br />
[[Ubuntu 14.04|Ubuntu 14.10]] <span style="background-color:Yellow;"><span style="color:Black">(Buggy)</span></span>, <br />
[[Ubuntu 14.04]], <br />
[[Ubuntu 12.04|Ubuntu 13.10]], <br />
[[Ubuntu 12.04|Ubuntu 13.04]], <br />
[[Ubuntu 12.04|Ubuntu 12.10]], <br />
[[Ubuntu 12.04]], <br />
[[Ubuntu 11.04]], <br />
[[Ubuntu 10.10]], <br />
[[Ubuntu 10.04|Ubuntu 10.04]], <br />
[[Ubuntu 9.04|Ubuntu 9.04]], <br />
Ubuntu 8.10, <br />
Ubuntu 8.04, <br />
[[Installation on 7.10|Ubuntu 7.10]]<br />
<br />
== Virtualization ==<br />
FOG can be used on bare metal as well as in most virtual server and client setups. Some of the virtualization techniques are really great when used with FOG, e.g. snapshots. Some people use virtualization to prepare and capture their "golden (master / reference) images" all on one central location/server. Again like with the server OS we don't prefer any of the following or others that are out there. This is only a collection of hints and tricks plus maybe issues we know about.<br />
<br />
=== Hyper-V ===<br />
<br />
'''Using the New VM Wizard:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Create VM Wizard > Installation Options: Select "Install an operating system from network-based installation server"<br />
<br />
<br />
'''Existing VM:'''<br />
<br />
Ensure the virtual switch your VM is connected to has a route to FOG!<br />
<br />
Right click VM > Settings > BIOS<br />
<br />
Move "Network Adapter" (sometimes labeled "Legacy Network Adapter") to the top of the boot order.<br />
<br />
<br />
'''UEFI:'''<br />
<br />
UEFI/Secure Boot is an option with Hyper-V on Server 2012 on Generation 2 VMs. It is enabled by default, and can be disabled in VM Settings -> Firmware: Uncheck secure boot.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== KVM/QEMU ===<br />
Can be used as kind of a lightweight desktop virtual environment to test FOG and master your images.<br />
Using this on the laptop as local test environment. Search forums and wiki but there is no valuable information about anyone using FOG on a KVM server. Asked user mxc as he seams to use it. Otherwise this will be a brief description on how to use this as I do it.<br />
<br />
# setup network tap device as kind of a local software switch to connect it all<br />
sudo tunctl -t tap0 -u <username><br />
sudo ifconfig tap0 x.x.x.x netmask 255.255.255.0 up<br />
<br />
# generate disk image file<br />
qemu-img create -f qcow2 hd.qcow2 10G<br />
<br />
# start VM using QEMU emulator (BIOS mode)<br />
qemu -m 512 -boot n -net nic,vlan=1 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM using real KVM virtualization (BIOS mode)<br />
kvm -m 512 -boot n -net nic,vlan=1,macaddr=00:00:00:00:00:05 -net tap,vlan=1,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
# start VM as UEFI machine - as well using the more modern '-netdev' parameter<br />
kvm -m 512 -boot n -bios /usr/share/ovmf/OVMF.fd -device virtio-net-pci,netdev=hn0 -netdev tap,id=hn0,ifname=tap0,script=/bin/true -hda hd.qcow2<br />
<br />
=== OpenVZ ===<br />
OpenVZ (possibly within Proxmox) is mostly used to run the FOG server in a light weight kind of virtual environment. As OpenVZ is in nature similar to a chrooted environment you cannot actually PXE boot such a container. To install FOG as a server in OpenVZ you need to have NFS support on the host machine first and then add it to the container as well:<br />
<br />
$ lsmod | grep nfsd<br />
nfsd 312315 14<br />
$ grep nfsd /proc/filesystems<br />
nodev nfsd<br />
<br />
If you don't see the kernel module ''nfsd'' loaded you might need to install the nfs-kernel-server package and load the module (usually done by the nfs-kernel-server init script). As mentioned before you need to enable access to ''nfsd'' from within the container you want to install FOG to:<br />
<br />
$ vzctl stop $CONTAINER_ID<br />
$ vzctl set $CONTAINER_ID --feature nfsd:on --save<br />
$ vzctl start $CONTAINER_ID<br />
<br />
After that the installer should run through like it would installing on bare metal or any other virtual environment!<br />
<br />
'''Wake on LAN:'''<br />
<br />
To be able to send WOL and multicast packages the container needs a proper MAC address. This is only the case if you configure the container to use a network bridge (veth instead of venet!).<br />
<br />
=== LXC ===<br />
LXC (used in Proxmox for example) does need some manual configuration tweek - [https://forums.fogproject.org/topic/7978/fog-in-lxc-container-how-to-configure-nfs-server reference]: <br />
* Option 1 - Disable Apparmor:<br />
** Edit the container configuration file and add the line lxc.aa_profile: unconfined.<br />
** On Proxmox the configuration file is located at /etc/pve/lxc/CTID.conf, where CTID is the ID number of the container.<br />
* Option 2 - Edit Apparmor profile to allows NFS:<br />
** Open /etc/apparmor.d/lxc/lxc-default-cgns and add the nfs/rpc lines:<br />
<pre><br />
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which<br />
# will source all profiles under /etc/apparmor.d/lxc<br />
<br />
profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {<br />
#include <abstractions/lxc/container-base><br />
<br />
# the container may never be allowed to mount devpts. If it does, it<br />
# will remount the host's devpts. We could allow it to do it with<br />
# the newinstance option (but, right now, we don't).<br />
deny mount fstype=devpts,<br />
mount fstype=cgroup -> /sys/fs/cgroup/**,<br />
mount fstype=nfs*,<br />
mount fstype=rpc_pipefs,<br />
}<br />
</pre><br />
<br />
* Reload Apparmor: <pre>apparmor_parser -r /etc/apparmor.d/lxc-containers</pre><br />
<br />
'''Important:''' The latest Proxmox update (around 23th of October 2018) broke NFS in LXC containers. Find a fix here: https://forum.proxmox.com/threads/mounting-nfs-in-lxc-not-working-since-latest-update.47815/<br />
<br />
=== VirtualBox ===<br />
Bridged network, host only. Older versions have (PXE?) bug - Tom knows about that.<br />
<br />
Have we seen this issue in the FOG forums yet? http://forum.ipxe.org/showthread.php?tid=7864<br />
<br />
=== VMWare ESXi ===<br />
Running a FOG client within an ESXi server is pretty close to what you would do on a bare metal machine:<br />
<br />
* Create VM as normal.<br />
* Choose network adapter other than VMX3 (e.g. e1000) as we have seen [https://forums.fogproject.org/topic/7108/fog-bzimage-failing-to-load-after-pxe-boot loading issues] with those virtual adapters.<br />
* Open VM Console, start up the VM. Press F2 on Boot Logo to enter BIOS.<br />
* Scroll over to boot tab, use + key to move Network boot to the top of the boot order.<br />
<br />
You can also do an on-demand network boot by hitting F9 on startup, if you don’t want to change the boot order permanently.<br />
<br />
'''UEFI:'''<br />
<br />
UEFI is disabled by default for VMs in ESXI 6.0+. To enable it for a VM, go to VM Settings > Options Tab > Advanced: Boot Options and change the boot firmware from BIOS to EFI.<br />
<br />
Thanks to [https://forums.fogproject.org/user/moses moses]<br />
<br />
=== VMWare Player ===<br />
Is this still in use?? Don't care if there is nothing about it in wiki or forums!<br />
<br />
=== Xen/XenServer ===<br />
See forums<br />
<br />
* [[Running pre-built virtual machines in Virtualbox|FOG 0.30 VM - Virtualbox]]<br />
* [[Installation on VMWare 0.27|FOG 0.27 VM - VMWare]]<br />
<br />
== Security ==<br />
<br />
[[FOG security]]<br />
<br />
== Troubleshooting ==<br />
IMPORTANT, what to do when the installer fails? Where are the logs?<br />
<br />
{{:Troubleshoot FOG}}</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12611HTTPS2020-02-21T18:22:57Z<p>SebastianRoth: </p>
<hr />
<div>Secure connections like HTTPS have become state of the art all over the web over the years. While FOG did use secure encryption (not HTTPS but a custom secure channel) for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
== Installation ==<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 the installer will ask you if it should be enabled or not. Both ways you will end up with FOG run in HTTPS mode.<br />
<br />
The installer will generate a different Apache configuration to enable HTTPS and redirect all requests from HTTP to HTTPS (minor exceptions exist). While this might sound simple there is really a lot more to it in the FOG world. Read on to learn about this in detail.<br />
<br />
== FOG web UI ==<br />
The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old URL to HTTPS.<br />
<br />
All fine but now I get warnings in my web browser saying this connection is not secure. Yes, this is because we can't offer certificates signed by an official certificate authority (which your web browser would trust). We use self generated CA and certificates which are not known to your browser. You can either ignore the warning or grab <code>/opt/fog/snapins/ssl/CA/.fogCA.pem</code> from your FOG server (e.g. using WinSCP or scp) and import that to your (browser) certificate store.<br />
<br />
* Firefox: Preferences -> Privacy & Security -> Certificates -> View Certificates -> Your Certificates -> Import...<br />
* Chrome: Settings -> Show advanced settings -> HTTPS/SSL -> Manage certificates -> Your Certificates -> Import...<br />
* Opera: Browser settings -> Advanced -> Privacy & security -> Manage certificates -> Your Certificates -> Import<br />
* IE/Edge: cmd: <code>certutil -addstore -f -user "Root" path\to\.fogCA.pem</code><br />
<br />
== PXE boot ==<br />
When enabling HTTPS the installer compiles custom iPXE binaries for you including your personal FOG server CA certificate to be able to communicate with your secure FOG webserver. Manual adjustments should not be needed for this to work but it's quite likely this is causing trouble for some of you. If you see the error message <code>https://x.x.x.x/fog/service/ipxe/boot.php... Permission denied ...</code> on PXE booting you will be dropped to the iPXE command shell. Running the command <code>certstat</code> will show you the certificates known to iPXE at this stage:<br />
<blockquote>iPXE> certstat<br />
FOG Server CA: ... [PERMANENT]<br />
x.x.x.x: ...</blockquote><br />
The output might differ from what you see. In this example we see that the FOG Server CA cert is embedded into the binary (permanent) and the following line shows the certificate iPXE received when contacting the webserver ''but'' it's unable to validate this cert. If it would be able to check the certificate the line would look like this: <code>x.x.x.x: ... [VALID]</code>. So in this case the CA cert compiled into the binary doesn't match the one which the web server certificate was signed with. More often you might just see no line starting with <code>FOG Server CA</code>. The binary was compiled with no embedded CA cert and iPXE is not to verify the cert received from the webserver.<br />
<br />
Either way you need to check your CA and certificate files on your FOG server and take a look at the installer log files in <code>fogproject/bin/error_logs/</code> to see why it didn't succeed compiling the right certificate into the iPXE binaries.<br />
<br />
If you can't find what's causing this you might consider re-running the FOG installer using command line options to re-generate the SSL keys and certs. '''<font style=color:red>But be aware this will break communication with all your fog-clients talking to this FOG server!</font>''' We do NOT recommend using this unless you really know what you are doing. Enough warning, here you go: <code>./installfog.sh --recreate-ca</code> <br />
<br />
== fog-client ==<br />
When the new fog-client came to life a few years back it was intended to enable secure communication between client and FOG server without forcing the webserver to HTTPS because the implications with PXE booting seemed too complex to force all users straight away. Therefore an encrypted communication channel was implemented that can be delivered over simple HTTP protocol without changing the webserver configuration.<br />
<br />
Now if you enable HTTPS on your FOG server you will need to update your fog-client settings as well. Edit <code>C:\Program Files (x86)\FOG\settings.json</code> and set HTTPS to 1. Save and restart the client.<br />
<br />
== Custom CA and certificates ==<br />
In many environments certificates from an internal CA are used. While you can switch over to use your custom cert with FOG you need to one of three options if you intend to use the fog-client software:<br />
<br />
TBD<br />
Using those with FOG will work if you follow a few hints. Considering the things mentioned above<br />
<br />
<br />
== Storage node setups ==<br />
TBD</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=FOG_Client&diff=12609FOG Client2020-02-05T21:29:41Z<p>SebastianRoth: /* Maintain Control Of Hosts When Building New Server */</p>
<hr />
<div>This article applies to the new FOG Client, version 0.10+<br />
<br />
== The Different Installers ==<br />
<br />
The different installers are located in your FOG server's web interface. The link is always at the very bottom of every page, even if you're not logged into the fog server.<br />
<br />
[[File:Fog client link.png]]<br />
<br />
[[File:New FOGClient download link.png]]<br />
<br />
'''FOGService.msi''' - Windows only, and is ideal for network deployment.<br />
<br />
'''SmartInstaller.exe''' - This is the new default installer. It will work on all platforms.<br />
<br />
'''Debugger.exe''' - This is not listed in the web interface but is available from github [https://github.com/FOGProject/fog-client/releases here]. Only use this when the above two are not working. This build has more detailed logs that you can use for troubleshooting or a bug report.<br />
<br />
== Installing - Windows ==<br />
<br />
'''Prerequisites'''<br />
* .NET Framework version 4.0+ (Note: .NET 4 client profile will NOT work)<br />
You can download the framework from here: <br />
<br />
[https://www.microsoft.com/en-us/download/details.aspx?id=40779 Microsoft .NET Framework 4.5.1 (Offline Installer) for Windows Vista SP2, Windows 7 SP1, Windows 8, Windows Server 2008 SP2 Windows Server 2008 R2 SP1 and Windows Server 2012]<br />
<br />
Windows 10 comes with a version of .Net that will work.<br />
<br />
'''Installation'''<br />
* May use SmartInstaller or msi. Simply download either one of them and run.<br />
* Reboot to complete installation.<br />
<br />
'''Limitations'''<br />
* CUPS printers are not yet supported<br />
<br />
== Installing - Linux ==<br />
<br />
Installation instructions derived from [http://www.mono-project.com/docs/getting-started/install/linux/ http://www.mono-project.com/docs/getting-started/install/linux/]<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
* xprintidle - This dependency is optional. If not installed AutoLogOut will not run. xprintidle basically just returns the idle time of an x window, therefore on a system without a GUI it is not needed and should not be installed. It should be available in standard package managers. E.G. apt-get, yum, or dnf<br />
<br />
'''Installing Mono'''<br />
Many distributions come with an out of date version of mono in their package manager. Therefore, do not attempt to install via your package manager without the below modifications<br />
<br />
=== Debian 8+, Ubuntu 13.10+, and derivatives ===<br />
<br />
To install:<br />
<br />
<pre><br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list<br />
sudo apt-get update<br />
sudo apt-get install mono-complete<br />
sudo apt-get install xprintidle<br />
</pre><br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo service FOGService start<br />
</pre><br />
<pre><br />
sudo service FOGService stop<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo service FOGService stop<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== CentOS 7, Fedora 19+, and derivatives ===<br />
<br />
To install:<br />
<br />
<pre><br />
yum install yum-utils<br />
rpm --import "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF"<br />
yum-config-manager --add-repo http://download.mono-project.com/repo/centos/<br />
yum install mono-complete<br />
yum install xprintidle<br />
</pre><br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo systemctl start FOGService<br />
</pre><br />
<pre><br />
sudo systemctl stop FOGService<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo systemctl stop FOGService<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== openSUSE and SLES ===<br />
<br />
You can install mono using SUSE One-Click files: [http://download.mono-project.com/repo/mono-complete.ymp http://download.mono-project.com/repo/mono-complete.ymp]<br />
<br />
=== Other ===<br />
<br />
The FOG Client can be installed on any platform that can run the latest stable build of mono.<br />
<br />
To install:<br />
<br />
* Check your package manager for <font color="red">mono-complete</font>. After installing it run <font color="red">mono --version</font>. Ensure the version is at least 4.2._ . If it not, remove the package.<br />
* If your package manager had an old version of mono, see [http://www.mono-project.com/docs/compiling-mono/linux/ here] for how to compile mono<br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
If your system either has systemd or initd the client will be automatically configured to run on startup. If your system does not have either, you will need to configure your system to run the manual start command below on startup.<br />
<br />
To manually start and stop the service:<br />
<br />
<pre><br />
sudo /opt/fog-service/control.sh start<br />
</pre><br />
<pre><br />
sudo /opt/fog-service/control.sh stop<br />
</pre><br />
<br />
===Limitations===<br />
* The FOG Tray is currently incompatible on linux systems. Regardless of what you set during installation, it will not run.<br />
* The following modules / features are not yet supported<br />
** Active Directory joining<br />
** PrinterManager<br />
<br />
== Installing - OSX ==<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
<br />
'''Installing Mono'''<br />
* If you are running El Capitan, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono Universal Installer</font> <br />
* Otherwise, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono 32-bit</font> <br />
<br />
'''Installation'''<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
* Reboot the system to complete the installation.<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo launchctl load -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
'''Limitations'''<br />
* The follow modules / features are not yet supported<br />
** PrinterManager<br />
<br />
'''Logging'''<br />
<br />
You can find the client log file in /opt/fog-service/fog.log<br />
<br />
== Additional Details ==<br />
<br />
=== Features overview ===<br />
<br />
<br />
The purpose of the FOG Client is multi-fold.<br />
<br />
The client allows the host to automatically:<br />
* Auto logout -- Enables auto logout of users if inactive for specified period of time. 5 minute's is the minimum time as all others are way too soon, sometimes people may just be on a phone, or had to step out for a bathroom break.<br />
<br />
* Client Updater -- (Only on legacy clients) Allows the client to update it's modules if you had to customize things, or found a more recent build was needed for your environment.<br />
<br />
* Directory Cleaner -- (Only on legacy clients -- Only worked with Windows XP) Enables the client to remove directories on the host automatically. It lost operation after Windows XP due to UAC controls and better security mechanisms especially needed. Removed completely from the New client.<br />
<br />
* Display Manager -- Enables the client to adjust the resolution of the system on a per system basis, or global basis.<br />
<br />
* Power Management -- Allows you to specify a shutdown, WOL, or restart on a per-host basis. Format for the scheduling is CRON, and can be done on an individual host or through groups. There is no limit to the number of scheduled power tasks.<br />
<br />
* Host Registration -- Registers additional mac addresses to a pre-existing host if registered. The New client will also register the host under a pending status if the host is not already registered.<br />
<br />
* Hostname Changer -- Changes the hostname and joins the domain automatically.<br />
<br />
* Printer Manager -- Manages Printers for the host. Legacy client only added printer or added/removed printers. The No management for both new and legacy simply does nothing. Will remove all printers under Add/Remove type and only add back the printers as needed (Only Assigned Printers). Under Add Only (now FOG Managed Printers) only manages printers that are listed under the printer's GUI and those that are assigned to that host. In legacy client, it only added printers and never removed. Under the new client, it will ONLY manage printers assigned meaning if you remove a printer from a host, the new client will remove that printer.<br />
<br />
* Snapins -- Allows you to install programs or run scripts on the host similar to GPO or PDQDeploy.<br />
<br />
* Task Reboot -- This will just check if the client is in a tasking (other than a snapin tasking). If it is in a tasking, and the module is enabled, the host will be told to reboot. There is a third portion though in that if the user is logged in, and enforce is not enabled nothing will happen.<br />
<br />
* User Cleanup -- (Legacy clients only and again only on Windows XP). Works similar to Directory Cleanup but the entries you make are "safe" user profiles. If the user is not under this listing, it will be deleted. Will not work with the new client, and even legacy clients will not work on anything beyond Windows XP due to UAC and Interactive Service utilities.<br />
<br />
* User Tracker -- Just tracks who logs in/out of a client.<br />
<br />
=== Polling Behavior ===<br />
<br />
The new FOG Client found in FOG 1.3.0 and the Legacy FOG Client both rely on polling to get instructions. This means the FOG Client will regularly check with the specified FOG Server for settings and tasks. The New FOG Client's polling frequency can be adjusted in the FOG Web interface, by going to <font color="red">FOG Configuration -> FOG Settings -> FOG Client -> FOG_CLIENT_CHECKIN_TIME</font>. The minimum value is 30 seconds, anything specified lower than this will result in the FOG Client using 30 second polling intervals.<br />
<br />
The checkin-time is not rigid. There is an automatic and random staggering that is added to the checkin time. This prevents a large number of FOG Clients checking in at once in the event that all computers are started at the same time via WOL tasks.<br />
<br />
The frequency of the checkin-time determines how quickly the FOG Client will receive instructions from the FOG Server. If an image deployment is scheduled for a computer that is turned on, with a checkin-time of 60 seconds, means the FOG Client may begin initiating the task anywhere from 0 to 60 seconds + the random staggering time that is added. This same concept would apply to immediate power management tasks, snapin tasks, capture tasks, and so on. Scheduled tasks are not affected by this behavior, and if the target system is on when the scheduled task is to be ran, this will happen on time.<br />
<br />
=== Security Design ===<br />
<br />
Communications between the FOG Client (0.9.9+) and the FOG Server (1.3.0+) are secured using public key infrastructure.<br />
<br />
A Certificate Authority and private key is generated on the FOG server during first installation in this location:<br />
<br />
<pre>/opt/fog/snapins/ssl</pre><br />
<br />
The public certificate is generally located here:<br />
<pre>/var/www/html/fog/management/other/ssl</pre><br />
<br />
The client installs your servers’ certificate and the FOG Project certificate.<br />
<br />
The “FOG Project” CA (made by the FOG Project) serves two purposes:<br />
<br />
*SYSTEM level services need to be digitally signed otherwise windows will throw security errors. This can also be used to ensure no tampering was done with the client files<br />
<br />
*That certificate is used to “verify” upgrades. Lets say we release a patch for the client, the client will download the MSI from your server and check if it was signed by us. If the MSI was somehow tampered, the digital signature would no longer be valid.<br />
<br />
Using HTTP over HTTPS has no security benefit to the client. Why? Because all traffic is already encrypted. Here’s a very basic overview of how the new client communicates<br />
<br />
*Each client has a security token. This is used to prove to the server that the client is the actual host and not an impersonator. This token gets cycled constantly. When the client first makes contact, it encrypts its token and a proposed AES 256 key using RSA 4096 using your server’s public key. This public key is verified against the pinned server CA certificate by checking the x509 chain and fingerprints.<br />
<br />
*If the server accepts the security token and the new AES key, all traffic from that point on is AES 256 encrypted using that securely transmitted key.<br />
<br />
The whole point of our security model is to allow for secure communication over insecure medians.<br />
Even then, the client installation has an HTTPS option, but it serves no real security benefit.<br />
<br />
References: <br />
<br />
[https://forums.fogproject.org/topic/6325/invalid-security-token-without-any-security-tokens-being-set-also-ca-ssl-security-concerns/6 CA SSL security concerns]<br />
<br />
[https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Certificate and Public Key Pinning]<br />
<br />
[https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Certificate_and_Public_Key_Pinning Transport_Layer_Protection_Cheat_Sheet]<br />
<br />
==== Reset encryption data ====<br />
<br />
This pertains to the new fog client available in FOG 1.3.0 and above, and does not apply to the legacy fog client that was available in 1.2.0 and below.<br />
<br />
The "Reset encryption data" button can be found in an individual host's "General" area. You may also find this button in Groups "General" area. The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host or group of hosts.<br />
<br />
Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).<br />
<br />
In order to have encrypted traffic, the handshake must occur. During the handshake the server proves its identity to the client, and the client proves its identity to the server (using the security token). If the handshake fails (due to a bad security token), encryption cannot occur.<br />
<br />
The most common scenario where the security tokens for a client will be incorrect is if you manually uninstall a client, and then install it.<br />
<br />
If your Web interface is functional, you may place all computers into a group, and use the group to reset encryption on all hosts by simply clicking the "Reset encryption" button on the group's basic page. If you're web interface isn't working correctly and you need to manually reset the encryption for all hosts, you may follow the below steps.<br />
<br />
<pre><br />
mysql<br />
use fog<br />
UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";<br />
</pre><br />
<br />
<br />
=== Maintain Control Of Hosts When Building New Server ===<br />
<br />
Related Article: [[Migrate FOG]]<br />
<br />
This section only applies if your hosts have the new FOG client installed. The new FOG Client has been available in FOG since FOG 1.3.0.<br />
<br />
Because of the security model of FOG 1.3.0 and the new client, without the proper CA and ssl certificates present on a new fog server, any currently deployed hosts with the new fog client installed will ignore the new server and not accept commands from it. This is by design.<br />
<br />
In order to maintain control of existing hosts with existing new fog client deployments, you must copy this directory from the old server to the new server:<br />
<br />
* <font color="red">/opt/fog/snapins/ssl</font><br />
<br />
Copy the directory to a temporary location first. I would suggest <font color="red">/root</font><br />
<br />
<pre>cp -R /opt/fog/snapins/ssl /root</pre><br />
<br />
Then you can use scp to copy the directory (or some other method) to your new fog server. Run the below command from the '''old''' server, Where x.x.x.x is the new fog server's address:<br />
<br />
<pre>scp -rp /opt/fog/snapins/ssl root@x.x.x.x:/root</pre><br />
<br />
Or, the reverse. Run the below command from the '''new''' server, where x.x.x.x is the old fog server's address.<br />
<br />
<pre>scp -rp root@x.x.x.x:/opt/fog/snapins/ssl /root</pre><br />
<br />
Next, install fog. After the installation is complete, delete the ssl folder the installer made, and place your old ssl (from /root that you copied) in there. The ownership should be fogproject:apache on Red-Hat variants, should be fogproject:www-data on Debian variants. <font color="red">IMPORTANT:</font> Then '''re-run the installer.''' Instructions for the folder manipulation are below, assuming you followed the above instructions. On the '''new''' server:<br />
<br />
<pre><br />
rm -rf /opt/fog/snapins/ssl<br />
cp -R /root/ssl /opt/fog/snapins/ssl<br />
chown -R fogproject:apache /opt/fog/snapins/ssl #or fogproject:www-data for ubuntu and debian<br />
</pre><br />
<br />
If you do not care about maintaining control of existing hosts with existing new fog client deployments (because there is only 1 or 2), you can recreate your CA with the -C argument during installation: <br />
<br />
<pre>./installfog.sh -C</pre><br />
<br />
<font color="red">Note:</font> Recreating the CA (<font color="red">--recreate-CA</font> or <font color="red"> -C</font>) is '''very strongly advised against''' if you have many clients deployed already, because it resets the identity of the FOG Server. This causes all fog clients to distrust the server, and will require total reinstallation of all fog clients in an environment. However, you may recreate the keys (<font color="red">--recreate-keys</font>) safely and be able to still control the fog clients.<br />
<br />
=== FOG Client 0.10.0+ Installation Options ===<br />
<br />
==== Smart Installer ====<br />
<br />
SmartInstaller Switches<br />
<br />
All switches with <font color="red">--{OPTION}</font> can also be used as <font color="red">/{OPTION}</font><br />
<br />
* <font color="red">--server=</font> Specify the server address. Default is fogserver<br />
* <font color="red">--webroot=</font> Specify the webroot. Default is /fog<br />
* <font color="red">-h</font> or <font color="red">-https</font> Use https for server communication<br />
* <font color="red">-r</font> or <font color="red">-rootlog</font> Put fog.log in the root of the filesystem<br />
* <font color="red">-s</font> or <font color="red">--start</font> Automatically start the service after installation. Linux only<br />
* <font color="red">-t</font> or <font color="red">--tray</font> Enabled the FOG Tray and notifications - Windows and OSX only.<br />
* <font color="red">-u</font> or <font color="red">--uninstall</font> Uninstall the client<br />
* <font color="red">--upgrade</font> Upgrade the client<br />
* <font color="red">-l=</font> or <font color="red">--log=</font> Specify where to put the SmartInstaller log<br />
<br />
Reference: [https://news.fogproject.org/fog-client-v0-11-0-released-2/ https://news.fogproject.org/fog-client-v0-11-0-released-2/]<br />
<br />
==== MSI Switches ====<br />
<br />
<font color="red">msiexec /i FOGService.msi /quiet USETRAY="0" HTTPS="0" WEBADDRESS="192.168.1.X" WEBROOT="/fog" ROOTLOG="0"</font><br />
<br />
Firstly, all options are optional. Here’s what they all do:<br />
<br />
* <font color="red">USETRAY=</font> defaults to <font color="red">"1"</font>, if <font color="red">"0"</font> the tray will be hidden<br />
<br />
* <font color="red">HTTPS=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the client will use HTTPS (not recommended)<br />
<br />
* <font color="red">WEBADDRESS=</font> defaults to <font color="red">"fogserver"</font>, this is the ip/dns name of your server<br />
<br />
* <font color="red">WEBROOT=</font> defaults to <font color="red">"/fog"</font><br />
<br />
* <font color="red">ROOTLOG=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the fog.log will be at C:\fog.log, otherwise %PROGRAMFILES%\FOG\fog.log<br />
<br />
Reference: [https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2 https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2]<br />
<br />
=== FOG Client with Sysprep ===<br />
<br />
If you plan to use Sysprep before image capture and are also planning to use the FOG Client, You '''must''' disable the <font color="red">FOGService</font> service from running at boot before you Sysprep to take your image, and then re-enable it within your <font color="red">SetupComplete.cmd</font> file so that it is re-enabled '''after''' the image deployment is complete.<br />
<br />
Failing to do so will break the Sysprep post-deployment process with an error message that says "Windows Setup could not configure Windows to run on this computer’s hardware.”<br />
<br />
* Disable FOGService: <font color="red">Windows Control Pannel -> View by Small Icons -> Administrative Tools -> Services -> Right click FOGService -> Properties -> Startup Type -> Disabled</font><br />
<br />
* Re-enable FOGService post-imaging:<br />
<br />
Create the below file.<br />
<br />
<font color="red">C:\Windows\Setup\scripts\SetupComplete.cmd</font><br />
<br />
Place these lines within the file, and then save.<br />
<br />
<pre>sc config FOGService start= delayed-auto<br />
shutdown -t 0 -r</pre><br />
<br />
As the filename indicates, the script is called by windows after an image is deployed and post-sysprep operations are complete. It will re-enable the FOGService and then reboot the computer gracefully. After the computer reboots, the FOGService will start automatically and rename the computer if necessary, reboot if necessary, join the domain and reboot if necessary, and then perform any associated snapins.<br />
<br />
<font color="red">Note:</font> SetupComplete.cmd will not automatically run on OEM versions of windows, but will automatically run on Non-OEM versions of Windows. If you're using an OEM copy, you can use firstlogoncommands in unattend.xml to call SetupComplete.cmd<br />
<br />
<br />
An example of the firstlogincommands might be:<br />
<pre><component name=“Microsoft-Windows-Shell-Setup” processorArchitecture=“amd64” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” xmlns:wcm=“http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”><br />
<FirstLogonCommands><br />
<SynchronousCommand wcm:action=“add”><br />
<Description>SetupComplete</Description><br />
<Order>1</Order><br />
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine><br />
<RequiresUserInput>false</RequiresUserInput><br />
</SynchronousCommand><br />
</FirstLogonCommands></pre><br />
<br />
=== More Information ===<br />
<br />
More information about the fog client can be found here: [https://github.com/FOGProject/fog-client https://github.com/FOGProject/fog-client]</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=FOG_Client&diff=12608FOG Client2020-02-05T21:29:16Z<p>SebastianRoth: /* Maintain Control Of Hosts When Building New Server */</p>
<hr />
<div>This article applies to the new FOG Client, version 0.10+<br />
<br />
== The Different Installers ==<br />
<br />
The different installers are located in your FOG server's web interface. The link is always at the very bottom of every page, even if you're not logged into the fog server.<br />
<br />
[[File:Fog client link.png]]<br />
<br />
[[File:New FOGClient download link.png]]<br />
<br />
'''FOGService.msi''' - Windows only, and is ideal for network deployment.<br />
<br />
'''SmartInstaller.exe''' - This is the new default installer. It will work on all platforms.<br />
<br />
'''Debugger.exe''' - This is not listed in the web interface but is available from github [https://github.com/FOGProject/fog-client/releases here]. Only use this when the above two are not working. This build has more detailed logs that you can use for troubleshooting or a bug report.<br />
<br />
== Installing - Windows ==<br />
<br />
'''Prerequisites'''<br />
* .NET Framework version 4.0+ (Note: .NET 4 client profile will NOT work)<br />
You can download the framework from here: <br />
<br />
[https://www.microsoft.com/en-us/download/details.aspx?id=40779 Microsoft .NET Framework 4.5.1 (Offline Installer) for Windows Vista SP2, Windows 7 SP1, Windows 8, Windows Server 2008 SP2 Windows Server 2008 R2 SP1 and Windows Server 2012]<br />
<br />
Windows 10 comes with a version of .Net that will work.<br />
<br />
'''Installation'''<br />
* May use SmartInstaller or msi. Simply download either one of them and run.<br />
* Reboot to complete installation.<br />
<br />
'''Limitations'''<br />
* CUPS printers are not yet supported<br />
<br />
== Installing - Linux ==<br />
<br />
Installation instructions derived from [http://www.mono-project.com/docs/getting-started/install/linux/ http://www.mono-project.com/docs/getting-started/install/linux/]<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
* xprintidle - This dependency is optional. If not installed AutoLogOut will not run. xprintidle basically just returns the idle time of an x window, therefore on a system without a GUI it is not needed and should not be installed. It should be available in standard package managers. E.G. apt-get, yum, or dnf<br />
<br />
'''Installing Mono'''<br />
Many distributions come with an out of date version of mono in their package manager. Therefore, do not attempt to install via your package manager without the below modifications<br />
<br />
=== Debian 8+, Ubuntu 13.10+, and derivatives ===<br />
<br />
To install:<br />
<br />
<pre><br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list<br />
sudo apt-get update<br />
sudo apt-get install mono-complete<br />
sudo apt-get install xprintidle<br />
</pre><br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo service FOGService start<br />
</pre><br />
<pre><br />
sudo service FOGService stop<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo service FOGService stop<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== CentOS 7, Fedora 19+, and derivatives ===<br />
<br />
To install:<br />
<br />
<pre><br />
yum install yum-utils<br />
rpm --import "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF"<br />
yum-config-manager --add-repo http://download.mono-project.com/repo/centos/<br />
yum install mono-complete<br />
yum install xprintidle<br />
</pre><br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo systemctl start FOGService<br />
</pre><br />
<pre><br />
sudo systemctl stop FOGService<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo systemctl stop FOGService<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== openSUSE and SLES ===<br />
<br />
You can install mono using SUSE One-Click files: [http://download.mono-project.com/repo/mono-complete.ymp http://download.mono-project.com/repo/mono-complete.ymp]<br />
<br />
=== Other ===<br />
<br />
The FOG Client can be installed on any platform that can run the latest stable build of mono.<br />
<br />
To install:<br />
<br />
* Check your package manager for <font color="red">mono-complete</font>. After installing it run <font color="red">mono --version</font>. Ensure the version is at least 4.2._ . If it not, remove the package.<br />
* If your package manager had an old version of mono, see [http://www.mono-project.com/docs/compiling-mono/linux/ here] for how to compile mono<br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
If your system either has systemd or initd the client will be automatically configured to run on startup. If your system does not have either, you will need to configure your system to run the manual start command below on startup.<br />
<br />
To manually start and stop the service:<br />
<br />
<pre><br />
sudo /opt/fog-service/control.sh start<br />
</pre><br />
<pre><br />
sudo /opt/fog-service/control.sh stop<br />
</pre><br />
<br />
===Limitations===<br />
* The FOG Tray is currently incompatible on linux systems. Regardless of what you set during installation, it will not run.<br />
* The following modules / features are not yet supported<br />
** Active Directory joining<br />
** PrinterManager<br />
<br />
== Installing - OSX ==<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
<br />
'''Installing Mono'''<br />
* If you are running El Capitan, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono Universal Installer</font> <br />
* Otherwise, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono 32-bit</font> <br />
<br />
'''Installation'''<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
* Reboot the system to complete the installation.<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo launchctl load -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
'''Limitations'''<br />
* The follow modules / features are not yet supported<br />
** PrinterManager<br />
<br />
'''Logging'''<br />
<br />
You can find the client log file in /opt/fog-service/fog.log<br />
<br />
== Additional Details ==<br />
<br />
=== Features overview ===<br />
<br />
<br />
The purpose of the FOG Client is multi-fold.<br />
<br />
The client allows the host to automatically:<br />
* Auto logout -- Enables auto logout of users if inactive for specified period of time. 5 minute's is the minimum time as all others are way too soon, sometimes people may just be on a phone, or had to step out for a bathroom break.<br />
<br />
* Client Updater -- (Only on legacy clients) Allows the client to update it's modules if you had to customize things, or found a more recent build was needed for your environment.<br />
<br />
* Directory Cleaner -- (Only on legacy clients -- Only worked with Windows XP) Enables the client to remove directories on the host automatically. It lost operation after Windows XP due to UAC controls and better security mechanisms especially needed. Removed completely from the New client.<br />
<br />
* Display Manager -- Enables the client to adjust the resolution of the system on a per system basis, or global basis.<br />
<br />
* Power Management -- Allows you to specify a shutdown, WOL, or restart on a per-host basis. Format for the scheduling is CRON, and can be done on an individual host or through groups. There is no limit to the number of scheduled power tasks.<br />
<br />
* Host Registration -- Registers additional mac addresses to a pre-existing host if registered. The New client will also register the host under a pending status if the host is not already registered.<br />
<br />
* Hostname Changer -- Changes the hostname and joins the domain automatically.<br />
<br />
* Printer Manager -- Manages Printers for the host. Legacy client only added printer or added/removed printers. The No management for both new and legacy simply does nothing. Will remove all printers under Add/Remove type and only add back the printers as needed (Only Assigned Printers). Under Add Only (now FOG Managed Printers) only manages printers that are listed under the printer's GUI and those that are assigned to that host. In legacy client, it only added printers and never removed. Under the new client, it will ONLY manage printers assigned meaning if you remove a printer from a host, the new client will remove that printer.<br />
<br />
* Snapins -- Allows you to install programs or run scripts on the host similar to GPO or PDQDeploy.<br />
<br />
* Task Reboot -- This will just check if the client is in a tasking (other than a snapin tasking). If it is in a tasking, and the module is enabled, the host will be told to reboot. There is a third portion though in that if the user is logged in, and enforce is not enabled nothing will happen.<br />
<br />
* User Cleanup -- (Legacy clients only and again only on Windows XP). Works similar to Directory Cleanup but the entries you make are "safe" user profiles. If the user is not under this listing, it will be deleted. Will not work with the new client, and even legacy clients will not work on anything beyond Windows XP due to UAC and Interactive Service utilities.<br />
<br />
* User Tracker -- Just tracks who logs in/out of a client.<br />
<br />
=== Polling Behavior ===<br />
<br />
The new FOG Client found in FOG 1.3.0 and the Legacy FOG Client both rely on polling to get instructions. This means the FOG Client will regularly check with the specified FOG Server for settings and tasks. The New FOG Client's polling frequency can be adjusted in the FOG Web interface, by going to <font color="red">FOG Configuration -> FOG Settings -> FOG Client -> FOG_CLIENT_CHECKIN_TIME</font>. The minimum value is 30 seconds, anything specified lower than this will result in the FOG Client using 30 second polling intervals.<br />
<br />
The checkin-time is not rigid. There is an automatic and random staggering that is added to the checkin time. This prevents a large number of FOG Clients checking in at once in the event that all computers are started at the same time via WOL tasks.<br />
<br />
The frequency of the checkin-time determines how quickly the FOG Client will receive instructions from the FOG Server. If an image deployment is scheduled for a computer that is turned on, with a checkin-time of 60 seconds, means the FOG Client may begin initiating the task anywhere from 0 to 60 seconds + the random staggering time that is added. This same concept would apply to immediate power management tasks, snapin tasks, capture tasks, and so on. Scheduled tasks are not affected by this behavior, and if the target system is on when the scheduled task is to be ran, this will happen on time.<br />
<br />
=== Security Design ===<br />
<br />
Communications between the FOG Client (0.9.9+) and the FOG Server (1.3.0+) are secured using public key infrastructure.<br />
<br />
A Certificate Authority and private key is generated on the FOG server during first installation in this location:<br />
<br />
<pre>/opt/fog/snapins/ssl</pre><br />
<br />
The public certificate is generally located here:<br />
<pre>/var/www/html/fog/management/other/ssl</pre><br />
<br />
The client installs your servers’ certificate and the FOG Project certificate.<br />
<br />
The “FOG Project” CA (made by the FOG Project) serves two purposes:<br />
<br />
*SYSTEM level services need to be digitally signed otherwise windows will throw security errors. This can also be used to ensure no tampering was done with the client files<br />
<br />
*That certificate is used to “verify” upgrades. Lets say we release a patch for the client, the client will download the MSI from your server and check if it was signed by us. If the MSI was somehow tampered, the digital signature would no longer be valid.<br />
<br />
Using HTTP over HTTPS has no security benefit to the client. Why? Because all traffic is already encrypted. Here’s a very basic overview of how the new client communicates<br />
<br />
*Each client has a security token. This is used to prove to the server that the client is the actual host and not an impersonator. This token gets cycled constantly. When the client first makes contact, it encrypts its token and a proposed AES 256 key using RSA 4096 using your server’s public key. This public key is verified against the pinned server CA certificate by checking the x509 chain and fingerprints.<br />
<br />
*If the server accepts the security token and the new AES key, all traffic from that point on is AES 256 encrypted using that securely transmitted key.<br />
<br />
The whole point of our security model is to allow for secure communication over insecure medians.<br />
Even then, the client installation has an HTTPS option, but it serves no real security benefit.<br />
<br />
References: <br />
<br />
[https://forums.fogproject.org/topic/6325/invalid-security-token-without-any-security-tokens-being-set-also-ca-ssl-security-concerns/6 CA SSL security concerns]<br />
<br />
[https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Certificate and Public Key Pinning]<br />
<br />
[https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Certificate_and_Public_Key_Pinning Transport_Layer_Protection_Cheat_Sheet]<br />
<br />
==== Reset encryption data ====<br />
<br />
This pertains to the new fog client available in FOG 1.3.0 and above, and does not apply to the legacy fog client that was available in 1.2.0 and below.<br />
<br />
The "Reset encryption data" button can be found in an individual host's "General" area. You may also find this button in Groups "General" area. The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host or group of hosts.<br />
<br />
Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).<br />
<br />
In order to have encrypted traffic, the handshake must occur. During the handshake the server proves its identity to the client, and the client proves its identity to the server (using the security token). If the handshake fails (due to a bad security token), encryption cannot occur.<br />
<br />
The most common scenario where the security tokens for a client will be incorrect is if you manually uninstall a client, and then install it.<br />
<br />
If your Web interface is functional, you may place all computers into a group, and use the group to reset encryption on all hosts by simply clicking the "Reset encryption" button on the group's basic page. If you're web interface isn't working correctly and you need to manually reset the encryption for all hosts, you may follow the below steps.<br />
<br />
<pre><br />
mysql<br />
use fog<br />
UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";<br />
</pre><br />
<br />
<br />
=== Maintain Control Of Hosts When Building New Server ===<br />
<br />
Related Article: [[Migrate FOG]]<br />
<br />
This section only applies if your hosts have the new FOG client installed. The new FOG Client has been available in FOG since FOG 1.3.0.<br />
<br />
Because of the security model of FOG 1.3.0 and the new client, without the proper CA and ssl certificates present on a new fog server, any currently deployed hosts with the new fog client installed will ignore the new server and not accept commands from it. This is by design.<br />
<br />
In order to maintain control of existing hosts with existing new fog client deployments, you must copy this directory from the old server to the new server:<br />
<br />
* <font color="red">/opt/fog/snapins/ssl</font><br />
<br />
Copy the directory to a temporary location first. I would suggest <font color="red">/root</font><br />
<br />
<pre>cp -R /opt/fog/snapins/ssl /root</pre><br />
<br />
Then you can use scp to copy the directory (or some other method) to your new fog server. Run the below command from the '''old''' server, Where x.x.x.x is the new fog server's address:<br />
<br />
<pre>scp -rp /opt/fog/snapins/ssl root@x.x.x.x:/root</pre><br />
<br />
Or, the reverse. Run the below command from the '''new''' server, where x.x.x.x is the old fog server's address.<br />
<br />
<pre>scp -rp root@x.x.x.x:/opt/fog/snapins/ssl /root</pre><br />
<br />
Next, install fog. After the installation is complete, delete the ssl folder the installer made, and place your old ssl (from /root that you copied) in there. The ownership should be fogproject:apache on Red-Hat variants, should be fogproject:www-data on Debian variants. <font color="red">IMPORTANT:</font> Then '''re-run the installer.''' Instructions for the folder manipulation are below, assuming you followed the above instructions. On the '''new''' server:<br />
<br />
<pre><br />
rm -rf /opt/fog/snapins/ssl<br />
cp -R /root/ssl /opt/fog/snapins/ssl<br />
chown -R fogproject:apache /opt/fog/snapins/ssl #or fog:www-data for ubuntu and debian<br />
</pre><br />
<br />
If you do not care about maintaining control of existing hosts with existing new fog client deployments (because there is only 1 or 2), you can recreate your CA with the -C argument during installation: <br />
<br />
<pre>./installfog.sh -C</pre><br />
<br />
<font color="red">Note:</font> Recreating the CA (<font color="red">--recreate-CA</font> or <font color="red"> -C</font>) is '''very strongly advised against''' if you have many clients deployed already, because it resets the identity of the FOG Server. This causes all fog clients to distrust the server, and will require total reinstallation of all fog clients in an environment. However, you may recreate the keys (<font color="red">--recreate-keys</font>) safely and be able to still control the fog clients.<br />
<br />
=== FOG Client 0.10.0+ Installation Options ===<br />
<br />
==== Smart Installer ====<br />
<br />
SmartInstaller Switches<br />
<br />
All switches with <font color="red">--{OPTION}</font> can also be used as <font color="red">/{OPTION}</font><br />
<br />
* <font color="red">--server=</font> Specify the server address. Default is fogserver<br />
* <font color="red">--webroot=</font> Specify the webroot. Default is /fog<br />
* <font color="red">-h</font> or <font color="red">-https</font> Use https for server communication<br />
* <font color="red">-r</font> or <font color="red">-rootlog</font> Put fog.log in the root of the filesystem<br />
* <font color="red">-s</font> or <font color="red">--start</font> Automatically start the service after installation. Linux only<br />
* <font color="red">-t</font> or <font color="red">--tray</font> Enabled the FOG Tray and notifications - Windows and OSX only.<br />
* <font color="red">-u</font> or <font color="red">--uninstall</font> Uninstall the client<br />
* <font color="red">--upgrade</font> Upgrade the client<br />
* <font color="red">-l=</font> or <font color="red">--log=</font> Specify where to put the SmartInstaller log<br />
<br />
Reference: [https://news.fogproject.org/fog-client-v0-11-0-released-2/ https://news.fogproject.org/fog-client-v0-11-0-released-2/]<br />
<br />
==== MSI Switches ====<br />
<br />
<font color="red">msiexec /i FOGService.msi /quiet USETRAY="0" HTTPS="0" WEBADDRESS="192.168.1.X" WEBROOT="/fog" ROOTLOG="0"</font><br />
<br />
Firstly, all options are optional. Here’s what they all do:<br />
<br />
* <font color="red">USETRAY=</font> defaults to <font color="red">"1"</font>, if <font color="red">"0"</font> the tray will be hidden<br />
<br />
* <font color="red">HTTPS=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the client will use HTTPS (not recommended)<br />
<br />
* <font color="red">WEBADDRESS=</font> defaults to <font color="red">"fogserver"</font>, this is the ip/dns name of your server<br />
<br />
* <font color="red">WEBROOT=</font> defaults to <font color="red">"/fog"</font><br />
<br />
* <font color="red">ROOTLOG=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the fog.log will be at C:\fog.log, otherwise %PROGRAMFILES%\FOG\fog.log<br />
<br />
Reference: [https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2 https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2]<br />
<br />
=== FOG Client with Sysprep ===<br />
<br />
If you plan to use Sysprep before image capture and are also planning to use the FOG Client, You '''must''' disable the <font color="red">FOGService</font> service from running at boot before you Sysprep to take your image, and then re-enable it within your <font color="red">SetupComplete.cmd</font> file so that it is re-enabled '''after''' the image deployment is complete.<br />
<br />
Failing to do so will break the Sysprep post-deployment process with an error message that says "Windows Setup could not configure Windows to run on this computer’s hardware.”<br />
<br />
* Disable FOGService: <font color="red">Windows Control Pannel -> View by Small Icons -> Administrative Tools -> Services -> Right click FOGService -> Properties -> Startup Type -> Disabled</font><br />
<br />
* Re-enable FOGService post-imaging:<br />
<br />
Create the below file.<br />
<br />
<font color="red">C:\Windows\Setup\scripts\SetupComplete.cmd</font><br />
<br />
Place these lines within the file, and then save.<br />
<br />
<pre>sc config FOGService start= delayed-auto<br />
shutdown -t 0 -r</pre><br />
<br />
As the filename indicates, the script is called by windows after an image is deployed and post-sysprep operations are complete. It will re-enable the FOGService and then reboot the computer gracefully. After the computer reboots, the FOGService will start automatically and rename the computer if necessary, reboot if necessary, join the domain and reboot if necessary, and then perform any associated snapins.<br />
<br />
<font color="red">Note:</font> SetupComplete.cmd will not automatically run on OEM versions of windows, but will automatically run on Non-OEM versions of Windows. If you're using an OEM copy, you can use firstlogoncommands in unattend.xml to call SetupComplete.cmd<br />
<br />
<br />
An example of the firstlogincommands might be:<br />
<pre><component name=“Microsoft-Windows-Shell-Setup” processorArchitecture=“amd64” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” xmlns:wcm=“http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”><br />
<FirstLogonCommands><br />
<SynchronousCommand wcm:action=“add”><br />
<Description>SetupComplete</Description><br />
<Order>1</Order><br />
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine><br />
<RequiresUserInput>false</RequiresUserInput><br />
</SynchronousCommand><br />
</FirstLogonCommands></pre><br />
<br />
=== More Information ===<br />
<br />
More information about the fog client can be found here: [https://github.com/FOGProject/fog-client https://github.com/FOGProject/fog-client]</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12607HTTPS2020-02-03T20:27:51Z<p>SebastianRoth: </p>
<hr />
<div>Secure connections like HTTPS become state of the art all over the web over the years. While FOG did use secure encryption for the fog-client communication since 2016 already the FOG web UI was still using plain HTTP. Using secure HTTPS is not as easy as generating a certificate and setting Apache to use it because PXE boot also relies on HTTP(S) communication with the FOG server.<br />
<br />
We try to make setting up a fully HTTPS-enabled FOG server more convenient and encourage people to use it but still don't consider it wise to make it the default yet because it's a complex topic (FOG server, PXE boot, fog-client). Up until now you had to use the command line switch "--force-https" to enable HTTPS but with FOG 1.5.8 this will be a question asked by the installer. Both will make FOG run in HTTPS mode:<br />
<br />
* The Web UI will be accessible through the new URL https://fogserver/fog/ but will also redirect requests going to the old HTTP URL.<br />
* The installer generates a different Apache configuration to enable HTTPS as well as redirect all requests from HTTP to HTTPS (minor exceptions exist).<br />
* The installer compiles custom iPXE binaries for you including your personal FOG server CA certificate for sending information via HTTPS<br />
<br />
The last point seems trivial but really is not. On PXE booting there are situation where password and username are being sent over the wire and we wanted to make this as secure as the rest. This means the iPXE binary booting on the client needs to trust your FOG webserver and we build that trust chain by embedding the CA certificate into the iPXE binary.<br />
<br />
<br />
All fine, I have enabled HTTPS but now I have this ugly warning in my web browser saying this connection is not secure at all. Yes, this is because we can't offer certificates from an official certificate authority. Therefore we use self generated CA and certificates which are not known to your browser.<br />
<br />
* How to get rid of the warning in my browser? -> Download https://fogserver/fog/management/other/ca.cert.pem and import to your browser (FF, Chrome, Opera) or Windows certificate management (for IE, Edge)<br />
* ...</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12606HTTPS2020-02-03T07:06:33Z<p>SebastianRoth: </p>
<hr />
<div>To enable HTTPS within FOG you choose yes when asked by the installer or use the command line switch "--force-https". The installer will generate a different Apache configuration to enable HTTPS as well as redirect all requests from HTTP to HTTPS (minor exceptions exist). Now this will make the Web UI to be accessable through the new URL https://fogserver/fog/ but will also redirect requests going to the old HTTP URL.<br />
<br />
<br />
* What does this exactly do? -> enables URL https://fogserver/fog/ and forces redirect from http://fogserver/fog/ to https://fogserver/fog/<br />
* Implications: PXE boot and fog-client also need to use HTTPS! Details...<br />
* How to get rid of the warning in my browser? -> Download https://fogserver/fog/management/other/ca.cert.pem and import to your browser (FF, Chrome, Opera) or Windows certificate management (for IE, Edge)<br />
* ...</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12601HTTPS2020-01-11T10:50:32Z<p>SebastianRoth: </p>
<hr />
<div>TBD<br />
<br />
* What does this exactly do? -> enables URL https://fogserver/fog/ and forces redirect from http://fogserver/fog/ to https://fogserver/fog/<br />
* Implications: PXE boot and fog-client also need to use HTTPS! Details...<br />
* How to get rid of the warning in my browser? -> Download https://fogserver/fog/management/other/ca.cert.pem and import to your browser (FF, Chrome, Opera) or Windows certificate management (for IE, Edge)<br />
* ...</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=HTTPS&diff=12600HTTPS2020-01-11T10:11:00Z<p>SebastianRoth: Created page with "TBD"</p>
<hr />
<div>TBD</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=FOG_Client&diff=12599FOG Client2019-12-19T10:32:58Z<p>SebastianRoth: /* FOG Client with Sysprep */</p>
<hr />
<div>This article applies to the new FOG Client, version 0.10+<br />
<br />
== The Different Installers ==<br />
<br />
The different installers are located in your FOG server's web interface. The link is always at the very bottom of every page, even if you're not logged into the fog server.<br />
<br />
[[File:Fog client link.png]]<br />
<br />
[[File:New FOGClient download link.png]]<br />
<br />
'''FOGService.msi''' - Windows only, and is ideal for network deployment.<br />
<br />
'''SmartInstaller.exe''' - This is the new default installer. It will work on all platforms.<br />
<br />
'''Debugger.exe''' - This is not listed in the web interface but is available from github [https://github.com/FOGProject/fog-client/releases here]. Only use this when the above two are not working. This build has more detailed logs that you can use for troubleshooting or a bug report.<br />
<br />
== Installing - Windows ==<br />
<br />
'''Prerequisites'''<br />
* .NET Framework version 4.0+ (Note: .NET 4 client profile will NOT work)<br />
You can download the framework from here: <br />
<br />
[https://www.microsoft.com/en-us/download/details.aspx?id=40779 Microsoft .NET Framework 4.5.1 (Offline Installer) for Windows Vista SP2, Windows 7 SP1, Windows 8, Windows Server 2008 SP2 Windows Server 2008 R2 SP1 and Windows Server 2012]<br />
<br />
Windows 10 comes with a version of .Net that will work.<br />
<br />
'''Installation'''<br />
* May use SmartInstaller or msi. Simply download either one of them and run.<br />
* Reboot to complete installation.<br />
<br />
'''Limitations'''<br />
* CUPS printers are not yet supported<br />
<br />
== Installing - Linux ==<br />
<br />
Installation instructions derived from [http://www.mono-project.com/docs/getting-started/install/linux/ http://www.mono-project.com/docs/getting-started/install/linux/]<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
* xprintidle - This dependency is optional. If not installed AutoLogOut will not run. xprintidle basically just returns the idle time of an x window, therefore on a system without a GUI it is not needed and should not be installed. It should be available in standard package managers. E.G. apt-get, yum, or dnf<br />
<br />
'''Installing Mono'''<br />
Many distributions come with an out of date version of mono in their package manager. Therefore, do not attempt to install via your package manager without the below modifications<br />
<br />
=== Debian 8+, Ubuntu 13.10+, and derivatives ===<br />
<br />
To install:<br />
<br />
<pre><br />
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF<br />
echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list<br />
sudo apt-get update<br />
sudo apt-get install mono-complete<br />
sudo apt-get install xprintidle<br />
</pre><br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo service FOGService start<br />
</pre><br />
<pre><br />
sudo service FOGService stop<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo service FOGService stop<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== CentOS 7, Fedora 19+, and derivatives ===<br />
<br />
To install:<br />
<br />
<pre><br />
yum install yum-utils<br />
rpm --import "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF"<br />
yum-config-manager --add-repo http://download.mono-project.com/repo/centos/<br />
yum install mono-complete<br />
yum install xprintidle<br />
</pre><br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo systemctl start FOGService<br />
</pre><br />
<pre><br />
sudo systemctl stop FOGService<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo systemctl stop FOGService<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
=== openSUSE and SLES ===<br />
<br />
You can install mono using SUSE One-Click files: [http://download.mono-project.com/repo/mono-complete.ymp http://download.mono-project.com/repo/mono-complete.ymp]<br />
<br />
=== Other ===<br />
<br />
The FOG Client can be installed on any platform that can run the latest stable build of mono.<br />
<br />
To install:<br />
<br />
* Check your package manager for <font color="red">mono-complete</font>. After installing it run <font color="red">mono --version</font>. Ensure the version is at least 4.2._ . If it not, remove the package.<br />
* If your package manager had an old version of mono, see [http://www.mono-project.com/docs/compiling-mono/linux/ here] for how to compile mono<br />
<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
<br />
If your system either has systemd or initd the client will be automatically configured to run on startup. If your system does not have either, you will need to configure your system to run the manual start command below on startup.<br />
<br />
To manually start and stop the service:<br />
<br />
<pre><br />
sudo /opt/fog-service/control.sh start<br />
</pre><br />
<pre><br />
sudo /opt/fog-service/control.sh stop<br />
</pre><br />
<br />
===Limitations===<br />
* The FOG Tray is currently incompatible on linux systems. Regardless of what you set during installation, it will not run.<br />
* The following modules / features are not yet supported<br />
** Active Directory joining<br />
** PrinterManager<br />
<br />
== Installing - OSX ==<br />
<br />
'''Prerequisites'''<br />
* Mono (latest stable build)<br />
<br />
'''Installing Mono'''<br />
* If you are running El Capitan, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono Universal Installer</font> <br />
* Otherwise, navigate to [http://www.mono-project.com/download/#download-mac http://www.mono-project.com/download/#download-mac] and download <font color=”red”>Mono 32-bit</font> <br />
<br />
'''Installation'''<br />
* Download SmartInstaller.exe from your FOG server and run the installer with mono.<br />
** <font color="red">sudo mono SmartInstaller.exe</font><br />
* The client will install to /opt/fog-service , and fog.log will be located at /opt/fog-service/fog.log<br />
* Reboot the system to complete the installation.<br />
<br />
The service is automatically configured to run on startup. To manually start and stop the service:<br />
<br />
<pre><br />
sudo launchctl load -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
</pre><br />
<br />
To uninstall:<br />
<br />
<pre><br />
sudo launchctl unload -w /Library/LaunchDaemons/org.freeghost.daemon.plist<br />
sudo mono SmartInstaller.exe uninstall<br />
</pre><br />
<br />
'''Limitations'''<br />
* The follow modules / features are not yet supported<br />
** PrinterManager<br />
<br />
'''Logging'''<br />
<br />
You can find the client log file in /opt/fog-service/fog.log<br />
<br />
== Additional Details ==<br />
<br />
=== Features overview ===<br />
<br />
<br />
The purpose of the FOG Client is multi-fold.<br />
<br />
The client allows the host to automatically:<br />
* Auto logout -- Enables auto logout of users if inactive for specified period of time. 5 minute's is the minimum time as all others are way too soon, sometimes people may just be on a phone, or had to step out for a bathroom break.<br />
<br />
* Client Updater -- (Only on legacy clients) Allows the client to update it's modules if you had to customize things, or found a more recent build was needed for your environment.<br />
<br />
* Directory Cleaner -- (Only on legacy clients -- Only worked with Windows XP) Enables the client to remove directories on the host automatically. It lost operation after Windows XP due to UAC controls and better security mechanisms especially needed. Removed completely from the New client.<br />
<br />
* Display Manager -- Enables the client to adjust the resolution of the system on a per system basis, or global basis.<br />
<br />
* Power Management -- Allows you to specify a shutdown, WOL, or restart on a per-host basis. Format for the scheduling is CRON, and can be done on an individual host or through groups. There is no limit to the number of scheduled power tasks.<br />
<br />
* Host Registration -- Registers additional mac addresses to a pre-existing host if registered. The New client will also register the host under a pending status if the host is not already registered.<br />
<br />
* Hostname Changer -- Changes the hostname and joins the domain automatically.<br />
<br />
* Printer Manager -- Manages Printers for the host. Legacy client only added printer or added/removed printers. The No management for both new and legacy simply does nothing. Will remove all printers under Add/Remove type and only add back the printers as needed (Only Assigned Printers). Under Add Only (now FOG Managed Printers) only manages printers that are listed under the printer's GUI and those that are assigned to that host. In legacy client, it only added printers and never removed. Under the new client, it will ONLY manage printers assigned meaning if you remove a printer from a host, the new client will remove that printer.<br />
<br />
* Snapins -- Allows you to install programs or run scripts on the host similar to GPO or PDQDeploy.<br />
<br />
* Task Reboot -- This will just check if the client is in a tasking (other than a snapin tasking). If it is in a tasking, and the module is enabled, the host will be told to reboot. There is a third portion though in that if the user is logged in, and enforce is not enabled nothing will happen.<br />
<br />
* User Cleanup -- (Legacy clients only and again only on Windows XP). Works similar to Directory Cleanup but the entries you make are "safe" user profiles. If the user is not under this listing, it will be deleted. Will not work with the new client, and even legacy clients will not work on anything beyond Windows XP due to UAC and Interactive Service utilities.<br />
<br />
* User Tracker -- Just tracks who logs in/out of a client.<br />
<br />
=== Polling Behavior ===<br />
<br />
The new FOG Client found in FOG 1.3.0 and the Legacy FOG Client both rely on polling to get instructions. This means the FOG Client will regularly check with the specified FOG Server for settings and tasks. The New FOG Client's polling frequency can be adjusted in the FOG Web interface, by going to <font color="red">FOG Configuration -> FOG Settings -> FOG Client -> FOG_CLIENT_CHECKIN_TIME</font>. The minimum value is 30 seconds, anything specified lower than this will result in the FOG Client using 30 second polling intervals.<br />
<br />
The checkin-time is not rigid. There is an automatic and random staggering that is added to the checkin time. This prevents a large number of FOG Clients checking in at once in the event that all computers are started at the same time via WOL tasks.<br />
<br />
The frequency of the checkin-time determines how quickly the FOG Client will receive instructions from the FOG Server. If an image deployment is scheduled for a computer that is turned on, with a checkin-time of 60 seconds, means the FOG Client may begin initiating the task anywhere from 0 to 60 seconds + the random staggering time that is added. This same concept would apply to immediate power management tasks, snapin tasks, capture tasks, and so on. Scheduled tasks are not affected by this behavior, and if the target system is on when the scheduled task is to be ran, this will happen on time.<br />
<br />
=== Security Design ===<br />
<br />
Communications between the FOG Client (0.9.9+) and the FOG Server (1.3.0+) are secured using public key infrastructure.<br />
<br />
A Certificate Authority and private key is generated on the FOG server during first installation in this location:<br />
<br />
<pre>/opt/fog/snapins/ssl</pre><br />
<br />
The public certificate is generally located here:<br />
<pre>/var/www/html/fog/management/other/ssl</pre><br />
<br />
The client installs your servers’ certificate and the FOG Project certificate.<br />
<br />
The “FOG Project” CA (made by the FOG Project) serves two purposes:<br />
<br />
*SYSTEM level services need to be digitally signed otherwise windows will throw security errors. This can also be used to ensure no tampering was done with the client files<br />
<br />
*That certificate is used to “verify” upgrades. Lets say we release a patch for the client, the client will download the MSI from your server and check if it was signed by us. If the MSI was somehow tampered, the digital signature would no longer be valid.<br />
<br />
Using HTTP over HTTPS has no security benefit to the client. Why? Because all traffic is already encrypted. Here’s a very basic overview of how the new client communicates<br />
<br />
*Each client has a security token. This is used to prove to the server that the client is the actual host and not an impersonator. This token gets cycled constantly. When the client first makes contact, it encrypts its token and a proposed AES 256 key using RSA 4096 using your server’s public key. This public key is verified against the pinned server CA certificate by checking the x509 chain and fingerprints.<br />
<br />
*If the server accepts the security token and the new AES key, all traffic from that point on is AES 256 encrypted using that securely transmitted key.<br />
<br />
The whole point of our security model is to allow for secure communication over insecure medians.<br />
Even then, the client installation has an HTTPS option, but it serves no real security benefit.<br />
<br />
References: <br />
<br />
[https://forums.fogproject.org/topic/6325/invalid-security-token-without-any-security-tokens-being-set-also-ca-ssl-security-concerns/6 CA SSL security concerns]<br />
<br />
[https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Certificate and Public Key Pinning]<br />
<br />
[https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Certificate_and_Public_Key_Pinning Transport_Layer_Protection_Cheat_Sheet]<br />
<br />
==== Reset encryption data ====<br />
<br />
This pertains to the new fog client available in FOG 1.3.0 and above, and does not apply to the legacy fog client that was available in 1.2.0 and below.<br />
<br />
The "Reset encryption data" button can be found in an individual host's "General" area. You may also find this button in Groups "General" area. The “Reset encryption data” is mainly doing one thing: Clearing the security token for a host or group of hosts.<br />
<br />
Each host has a security token used by the client. This token is private; only the client knows it and is protected. It is used to prove the identity of the host, ensuring no one ‘fakes’ being a certain host. So when you 'Reset Encryption Data", you are essentially telling the server that the first host to say that they are the host in question gets ‘locked’ in (pinned is the technical term).<br />
<br />
In order to have encrypted traffic, the handshake must occur. During the handshake the server proves its identity to the client, and the client proves its identity to the server (using the security token). If the handshake fails (due to a bad security token), encryption cannot occur.<br />
<br />
The most common scenario where the security tokens for a client will be incorrect is if you manually uninstall a client, and then install it.<br />
<br />
If your Web interface is functional, you may place all computers into a group, and use the group to reset encryption on all hosts by simply clicking the "Reset encryption" button on the group's basic page. If you're web interface isn't working correctly and you need to manually reset the encryption for all hosts, you may follow the below steps.<br />
<br />
<pre><br />
mysql<br />
use fog<br />
UPDATE hosts SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00";<br />
</pre><br />
<br />
<br />
=== Maintain Control Of Hosts When Building New Server ===<br />
<br />
Related Article: [[Migrate FOG]]<br />
<br />
This section only applies if your hosts have the new FOG client installed. The new FOG Client has been available in FOG since FOG 1.3.0.<br />
<br />
Because of the security model of FOG 1.3.0 and the new client, without the proper CA and ssl certificates present on a new fog server, any currently deployed hosts with the new fog client installed will ignore the new server and not accept commands from it. This is by design.<br />
<br />
In order to maintain control of existing hosts with existing new fog client deployments, you must copy this directory from the old server to the new server:<br />
<br />
* <font color="red">/opt/fog/snapins/ssl</font><br />
<br />
Copy the directory to a temporary location first. I would suggest <font color="red">/root</font><br />
<br />
<pre>cp -R /opt/fog/snapins/ssl /root</pre><br />
<br />
Then you can use scp to copy the directory (or some other method) to your new fog server. Run the below command from the '''old''' server, Where x.x.x.x is the new fog server's address:<br />
<br />
<pre>scp -rp /opt/fog/snapins/ssl root@x.x.x.x:/root</pre><br />
<br />
Or, the reverse. Run the below command from the '''new''' server, where x.x.x.x is the old fog server's address.<br />
<br />
<pre>scp -rp root@x.x.x.x:/opt/fog/snapins/ssl /root</pre><br />
<br />
Next, install fog. After the installation is complete, delete the ssl folder the installer made, and place your old ssl (from /root that you copied) in there. The ownership should be fog:apache on Red-Hat variants, should be fog:www-data on Debian variants. <font color="red">IMPORTANT:</font> Then '''re-run the installer.''' Instructions for the folder manipulation are below, assuming you followed the above instructions. On the '''new''' server:<br />
<br />
<pre><br />
rm -rf /opt/fog/snapins/ssl<br />
cp -R /root/ssl /opt/fog/snapins/ssl<br />
chown -R fog:apache /opt/fog/snapins/ssl #or fog:www-data for ubuntu and debian<br />
</pre><br />
<br />
If you do not care about maintaining control of existing hosts with existing new fog client deployments (because there is only 1 or 2), you can recreate your CA with the -C argument during installation: <br />
<br />
<pre>./installfog.sh -C</pre><br />
<br />
<font color="red">Note:</font> Recreating the CA (<font color="red">--recreate-CA</font> or <font color="red"> -C</font>) is '''very strongly advised against''' if you have many clients deployed already, because it resets the identity of the FOG Server. This causes all fog clients to distrust the server, and will require total reinstallation of all fog clients in an environment. However, you may recreate the keys (<font color="red">--recreate-keys</font>) safely and be able to still control the fog clients.<br />
<br />
=== FOG Client 0.10.0+ Installation Options ===<br />
<br />
==== Smart Installer ====<br />
<br />
SmartInstaller Switches<br />
<br />
All switches with <font color="red">--{OPTION}</font> can also be used as <font color="red">/{OPTION}</font><br />
<br />
* <font color="red">--server=</font> Specify the server address. Default is fogserver<br />
* <font color="red">--webroot=</font> Specify the webroot. Default is /fog<br />
* <font color="red">-h</font> or <font color="red">-https</font> Use https for server communication<br />
* <font color="red">-r</font> or <font color="red">-rootlog</font> Put fog.log in the root of the filesystem<br />
* <font color="red">-s</font> or <font color="red">--start</font> Automatically start the service after installation. Linux only<br />
* <font color="red">-t</font> or <font color="red">--tray</font> Enabled the FOG Tray and notifications - Windows and OSX only.<br />
* <font color="red">-u</font> or <font color="red">--uninstall</font> Uninstall the client<br />
* <font color="red">--upgrade</font> Upgrade the client<br />
* <font color="red">-l=</font> or <font color="red">--log=</font> Specify where to put the SmartInstaller log<br />
<br />
Reference: [https://news.fogproject.org/fog-client-v0-11-0-released-2/ https://news.fogproject.org/fog-client-v0-11-0-released-2/]<br />
<br />
==== MSI Switches ====<br />
<br />
<font color="red">msiexec /i FOGService.msi /quiet USETRAY="0" HTTPS="0" WEBADDRESS="192.168.1.X" WEBROOT="/fog" ROOTLOG="0"</font><br />
<br />
Firstly, all options are optional. Here’s what they all do:<br />
<br />
* <font color="red">USETRAY=</font> defaults to <font color="red">"1"</font>, if <font color="red">"0"</font> the tray will be hidden<br />
<br />
* <font color="red">HTTPS=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the client will use HTTPS (not recommended)<br />
<br />
* <font color="red">WEBADDRESS=</font> defaults to <font color="red">"fogserver"</font>, this is the ip/dns name of your server<br />
<br />
* <font color="red">WEBROOT=</font> defaults to <font color="red">"/fog"</font><br />
<br />
* <font color="red">ROOTLOG=</font> defaults to <font color="red">"0"</font>, if <font color="red">"1"</font> the fog.log will be at C:\fog.log, otherwise %PROGRAMFILES%\FOG\fog.log<br />
<br />
Reference: [https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2 https://forums.fogproject.org/topic/6222/msi-silent-install-without-tray-icon/2]<br />
<br />
=== FOG Client with Sysprep ===<br />
<br />
If you plan to use Sysprep before image capture and are also planning to use the FOG Client, You '''must''' disable the <font color="red">FOGService</font> service from running at boot before you Sysprep to take your image, and then re-enable it within your <font color="red">SetupComplete.cmd</font> file so that it is re-enabled '''after''' the image deployment is complete.<br />
<br />
Failing to do so will break the Sysprep post-deployment process with an error message that says "Windows Setup could not configure Windows to run on this computer’s hardware.”<br />
<br />
* Disable FOGService: <font color="red">Windows Control Pannel -> View by Small Icons -> Administrative Tools -> Services -> Right click FOGService -> Properties -> Startup Type -> Disabled</font><br />
<br />
* Re-enable FOGService post-imaging:<br />
<br />
Create the below file.<br />
<br />
<font color="red">C:\Windows\Setup\scripts\SetupComplete.cmd</font><br />
<br />
Place these lines within the file, and then save.<br />
<br />
<pre>sc config FOGService start= delayed-auto<br />
shutdown -t 0 -r</pre><br />
<br />
As the filename indicates, the script is called by windows after an image is deployed and post-sysprep operations are complete. It will re-enable the FOGService and then reboot the computer gracefully. After the computer reboots, the FOGService will start automatically and rename the computer if necessary, reboot if necessary, join the domain and reboot if necessary, and then perform any associated snapins.<br />
<br />
<font color="red">Note:</font> SetupComplete.cmd will not automatically run on OEM versions of windows, but will automatically run on Non-OEM versions of Windows. If you're using an OEM copy, you can use firstlogoncommands in unattend.xml to call SetupComplete.cmd<br />
<br />
<br />
An example of the firstlogincommands might be:<br />
<pre><component name=“Microsoft-Windows-Shell-Setup” processorArchitecture=“amd64” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” xmlns:wcm=“http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”><br />
<FirstLogonCommands><br />
<SynchronousCommand wcm:action=“add”><br />
<Description>SetupComplete</Description><br />
<Order>1</Order><br />
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine><br />
<RequiresUserInput>false</RequiresUserInput><br />
</SynchronousCommand><br />
</FirstLogonCommands></pre><br />
<br />
=== More Information ===<br />
<br />
More information about the fog client can be found here: [https://github.com/FOGProject/fog-client https://github.com/FOGProject/fog-client]</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Using_FOG_with_an_unmodifiable_DHCP_server/_Using_FOG_with_no_DHCP_server&diff=12595Using FOG with an unmodifiable DHCP server/ Using FOG with no DHCP server2019-07-29T20:07:22Z<p>SebastianRoth: </p>
<hr />
<div><font color="red" size="10">Note:</font><br />
<br />
<b>This article is quality and may be followed, however a new article is written at the below link that includes UEFI support.</b><br />
<br />
<b>New article: [[ProxyDHCP with dnsmasq]]</b><br />
<br />
=Overview=<br />
This combines FOG with a proxyDHCP server. What a proxyDHCP service does is listen to DHCP requests and respond to clients identifying themselves as PXE Clients. It leaves the role of assigning IP addresses to the other DHCP servers, but provides the necessary information so the client can PXE boot. ProxyDHCP is a solution for those of you who are working with an unmodifiable DHCP server or wish to avoid the hassle of editing the already existing DHCP server, or even as a portable imaging solution.<br />
<br />
=How ProxyDHCP works=<br />
<ol><li>When a PXE client boots up, it sends a DHCP Discover broadcast on the network, which includes a list of information the client would like from the DHCP server, and some information identifying itself as a PXE capable device.</li><br />
<li>A regular DHCP server responds with a DHCP Offer, which contains possible values for network settings requested by the client.Usually a possible IP address, subnet mask, router (gateway) address, dns domain name, etc.</li><br />
<li>Because the client identified itself as a PXEClient, the proxyDHCP server also responds with a DHCP Offer with additional information, but not IP address info. It leaves the IP address assigning to the regular DHCP server. The proxyDHCP server provides the next-server-name and boot file name values, which is used by the client during the upcoming TFTP transaction.</li><br />
<li>The PXE Client responds to the DHCP Offer with a DHCP Request, where it officially requests the IP configuration information from the regular DHCP server.</li><br />
<li>The regular DHCP server responds back with an ACK (acknowledgement), letting the client know it can use the IP configuration information it requested.</li><br />
<li>The client now has its IP configuration information, TFTP Server name, and boot file name and it initiate a TFTP transaction to download the boot file.</li><br />
</ol><br />
<br />
=Environment=<br />
Tested working with:<br />
{| class="wikitable"<br />
|-<br />
! OS Version<br />
! FOG Version<br />
|-<br />
| Ubuntu 10.04 LTS x64<br />
| Fog 0.29<br />
|-<br />
| Ubuntu 10.04 LTS x32,x64<br />
| Fog 0.32, Fog 1.0.1, Fog 1.1.0<br />
|-<br />
| Ubuntu 11.04 x32, x64<br />
| Fog 0.32, Fog 1.0.1, Fog 1.1.0<br />
|-<br />
| Ubuntu 12.04, 12.10 LTS x32, x64<br />
| Fog 0.32, Fog 1.0.1, Fog 1.1.0, Fog 1.2.0<br />
|-<br />
| (k)Ubuntu 13.04, 13.10 x32, x64<br />
| Fog 0.32, Fog 1.0.1, Fog 1.1.0, Fog 1.2.0<br />
|-<br />
| (k)Ubuntu 14.04, 14.10 x32, x64<br />
| Fog 1.1.0, Fog 1.2.0<br />
|}<br />
<br />
* dnsmasq<br />
* LTSP Server, further documentation at [https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP Ubuntu LTSP/ProxyDHCP].<br />
<br />
=Setup and Configuration=<br />
<ol><br />
<li>First get your desired linux flavor installed</li><br />
<br />
<li>Install FOG (use instructions on wiki user manual)</li><br />
<br />
<li>Make sure you do a normal server installation, don't setup a DHCP router address or a DNS server address, also don't use FOG as a DHCP server.</li><br />
<br />
<li>If you set a MySQL password make sure you change it in /var/www/fog/commons/config.php and also in /opt/fog/service/etc/config.php</li><br />
<br />
<li>Edit /etc/exports to look like this:<br />
<br />
<pre><br />
/images *(ro,async,no_wdelay,insecure_locks,no_root_squash,insecure)<br />
/images/dev *(rw,async,no_wdelay,no_root_squash,insecure)<br />
</pre></li><br />
<br />
<li>Install dnsmasq using: <pre>sudo apt-get install dnsmasq</pre></li><br />
<br />
<li>Create /etc/dnsmasq.d/ltsp.conf using the following settings, modify as needed:<br />
<pre><br />
# Sample configuration for dnsmasq to function as a proxyDHCP server,<br />
# enabling LTSP clients to boot when an external, unmodifiable DHCP<br />
# server is present.<br />
# The main dnsmasq configuration is in /etc/dnsmasq.conf;<br />
# the contents of this script are added to the main configuration.<br />
# You may modify the file to suit your needs.<br />
<br />
# Don't function as a DNS server:<br />
port=0<br />
<br />
# Log lots of extra information about DHCP transactions.<br />
log-dhcp<br />
<br />
# Dnsmasq can also function as a TFTP server. You may uninstall<br />
# tftpd-hpa if you like, and uncomment the next line:<br />
# enable-tftp<br />
<br />
# Set the root directory for files available via FTP.<br />
tftp-root=/tftpboot<br />
<br />
# The boot filename.<br />
dhcp-boot=pxelinux.0<br />
<br />
# rootpath option, for NFS<br />
dhcp-option=17,/images<br />
<br />
# kill multicast<br />
dhcp-option=vendor:PXEClient,6,2b<br />
<br />
# Disable re-use of the DHCP servername and filename fields as extra<br />
# option space. That's to avoid confusing some old or broken DHCP clients.<br />
dhcp-no-override<br />
<br />
# PXE menu. The first part is the text displayed to the user. The second is the timeout, in seconds.<br />
pxe-prompt="Press F8 for boot menu", 3<br />
<br />
# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,<br />
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI<br />
# This option is first and will be the default if there is no input from the user.<br />
pxe-service=X86PC, "Boot from network", pxelinux<br />
<br />
# A boot service type of 0 is special, and will abort the<br />
# net boot procedure and continue booting from local media.<br />
pxe-service=X86PC, "Boot from local hard disk", 0<br />
<br />
# If an integer boot service type, rather than a basename is given, then the<br />
# PXE client will search for a suitable boot service for that type on the<br />
# network. This search may be done by multicast or broadcast, or direct to a<br />
# server if its IP address is provided.<br />
# pxe-service=x86PC, "Install windows from RIS server", 1<br />
<br />
# This range(s) is for the public interface, where dnsmasq functions<br />
# as a proxy DHCP server providing boot information but no IP leases.<br />
# Any ip in the subnet will do, so you may just put your server NIC ip here.<br />
# Since dnsmasq is not providing true DHCP services, you do not want it<br />
# handing out IP addresses. Just put your servers IP address for the interface<br />
# that is connected to the network on which the FOG clients exist.<br />
# If this setting is incorrect, the dnsmasq may not start, rendering<br />
# your proxyDHCP ineffective.<br />
dhcp-range=192.168.1.10,proxy<br />
<br />
# This range(s) is for the private network on 2-NIC servers,<br />
# where dnsmasq functions as a normal DHCP server, providing IP leases.<br />
# dhcp-range=192.168.0.20,192.168.0.250,8h<br />
<br />
# For static client IPs, and only for the private subnets,<br />
# you may put entries like this:<br />
# dhcp-host=00:20:e0:3b:13:af,10.160.31.111,client111,infinite</pre></li><br />
<br />
<li>Restart dnsmasq with <pre>sudo service dnsmasq restart</pre></li></ol><br />
<br />
'''Note:''' After getting everything working, you can change the timeout to 0 on the line: <pre>pxe-prompt="Press F8 for boot menu", 3</pre><br />
<br />
=DNSMASQ settings for iPXE=<br />
This information pertains to FOG 0.33 and the new iPXE boot method.<br />
<br />
In order to continue to use dnsmasq to dole out ip addresses and to help find the boot file, some changes need to be made to force the boot file to load the iPXE boot file.<br />
<br />
'''***FIRST*** Update the schema by navigating to your fog management page and install the update.'''<br />
<br />
Make the following changes to your ltsp.conf file<br />
<br />
<pre><br />
# Don't function as a DNS server:<br />
port=0<br />
<br />
# Log lots of extra information about DHCP transactions.<br />
log-dhcp<br />
<br />
# Dnsmasq can also function as a TFTP server. You may uninstall<br />
# tftpd-hpa if you like, and uncomment the next line:<br />
# enable-tftp<br />
<br />
# Set the root directory for files available via FTP.<br />
tftp-root=/tftpboot<br />
<br />
# The boot filename, Server name, Server Ip Address<br />
dhcp-boot=undionly.kpxe,,x.x.x.x<br />
<br />
# rootpath option, for NFS<br />
#dhcp-option=17,/images<br />
<br />
# kill multicast<br />
#dhcp-option=vendor:PXEClient,6,2b<br />
<br />
# Disable re-use of the DHCP servername and filename fields as extra<br />
# option space. That's to avoid confusing some old or broken DHCP clients.<br />
dhcp-no-override<br />
<br />
# PXE menu. The first part is the text displayed to the user. The second is the timeout, in seconds.<br />
pxe-prompt="Press F8 for boot menu", 3<br />
<br />
# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,<br />
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI<br />
# This option is first and will be the default if there is no input from the user.<br />
pxe-service=X86PC, "Boot from network", undionly<br />
<br />
# A boot service type of 0 is special, and will abort the<br />
# net boot procedure and continue booting from local media.<br />
#pxe-service=X86PC, "Boot from local hard disk", 0<br />
<br />
# If an integer boot service type, rather than a basename is given, then the<br />
# PXE client will search for a suitable boot service for that type on the<br />
# network. This search may be done by multicast or broadcast, or direct to a<br />
# server if its IP address is provided.<br />
# pxe-service=x86PC, "Install windows from RIS server", 1<br />
<br />
# This range(s) is for the public interface, where dnsmasq functions<br />
# as a proxy DHCP server providing boot information but no IP leases.<br />
# Any ip in the subnet will do, so you may just put your server NIC ip here.<br />
# Since dnsmasq is not providing true DHCP services, you do not want it<br />
# handing out IP addresses. Just put your servers IP address for the interface<br />
# that is connected to the network on which the FOG clients exist.<br />
# If this setting is incorrect, the dnsmasq may not start, rendering<br />
# your proxyDHCP ineffective.<br />
dhcp-range=10.0.0.10,proxy<br />
<br />
# This range(s) is for the private network on 2-NIC servers,<br />
# where dnsmasq functions as a normal DHCP server, providing IP leases.<br />
# dhcp-range=192.168.0.20,192.168.0.250,8h<br />
<br />
# For static client IPs, and only for the private subnets,<br />
# you may put entries like this:<br />
# dhcp-host=00:20:e0:3b:13:af,10.160.31.111,client111,infinite<br />
</pre><br />
<br />
Save your file and restart your dnsmasq service with the following command:<br />
<pre><br />
sudo service dnsmasq restart</pre><br />
<br />
Make a symlink for the undionly.kpxe file so dnsmasq can find it.<br />
<pre><br />
cd /tftpboot<br />
sudo ln -s undionly.kpxe undionly.0</pre><br />
<br />
OR<br />
<br />
<pre>cd /tftpboot<br />
cp undionly.kpxe undionly.0</pre><br />
<br />
=Additional Steps for 12.04.4, 12.04.5, 14.04, 14.10=<br />
In Specific, when starting DNSMASQ you receive the following error:<br />
<pre>dnsmasq: failed to create listening socket for port 53: Address already in use failed!</pre><br />
If you are using Ubuntu version 12.04.4, 12.04.5, 14.04, 14.10, dnsmasq-base is already installed on your system and in use by the network-manager.<br />
<br />
Attempting to start the dnsmasq service after installation will lead to an error, the error mentioned above. To fix this error:<br />
<br />
<ol><br />
<li>Open terminal and issue the following command:<br />
<pre>sudo nano /etc/NetworkManager/NetworkManager.conf</pre><br />
</li><br />
<li><br />
Remove the line<br />
<pre>dns=dnsmasq</pre><br />
</li><br />
<li><br />
Now we need to restart the network service<br />
<pre>sudo service network-manager restart</pre><br />
</li><br />
<li><br />
This should resolve issues with getting dnsmasq to start.<br />
</li><br />
<li><br />
Issue the following command:<br />
<pre>sudo service dnsmasq restart</pre><br />
</li><br />
<br />
</ol><br />
=Serving ProxyDHCP to multiple subnets=<br />
If you are serving ProxyDHCP to multiple subnets some changes must be made to your switches/routers and your server config.<br />
<br />
<ol><br />
<li>Modify your /etc/dnsmasq.d/ltsp.conf file by adding the subnet mask option to line: <pre>dhcp-range=192.168.1.10,proxy</pre> to make it <pre>dhcp-range=192.168.1.10,proxy,255.255.0.0</pre> which will serve all 192.168.x.x subnets. If you are using 10.x.x.x addressing, use subnet mask "255.0.0.0" (8-bit) and if you are using 172.16.x.x, use subnet mask "255.240.0.0" (12 bit). Basically set the subnet mask so that all subnets on which ProxyDHCP should answer are covered.<br />
<br />
If you don't do this, the ProxyDHCP server will not respond to DHCP requests for hosts outside of it's own subnet.</li><br />
<li>Add an IP Helper/DHCP Relay record to your router or switch so the DHCP broadcasts are sent to your normal DHCP server AND the Fog server.</li><br />
</ol><br />
<br />
=References=<br />
I gathered a lot of my ideas from peoples' questions on the FOG forums and the Ubuntu documentation on the [https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP LTSP proxyDHCP] server, so thanks to them.<br />
Junkhacker - for help with iPXE chainloading<br />
jbsclm - for his work on figuring out how to chainload 0.33b with 0.32 pxelinux.0<br />
http://forum.ipxe.org/showthread.php?tid=6077 - documentation on chainloading with dnsmasq<br />
<br />
<br />
<br />
<br />
=Troubleshooting=<br />
<br />
<br />
As ProxyDHCP intercepts DHCP requests, it starts its own internal checks.<br />
If it can't find the boot-file that is supposed to be assigned, it tells the requesting system there is nothing to find.<br />
<br />
If it finds the file, it will send out the info as normal.<br />
<br />
<br />
{{:TCPDump}}<br />
<br />
<br />
Using the above method and filter, this is what a '''BROKEN''' dnsmasq (ProxyDHCP) conversation looks like:<br />
<br />
[[File:Broken dnsmasq.png]]<br />
<br />
In this case, dnsmasq boot file name is not configured correctly, the boot file does not exist, or TFTP is not configured properly.<br />
<br />
=Additional Info=<br />
A ProxyDHCP server can also help deal with PXE Clients that do not work with seperate DHCP and TFTP servers using option 66 &amp;67 (Windows), or next-server and filename (Linux). This can resolve situations where the clients are getting the tftp server IP address and filename, but are having issues with the TFTP Transaction, such as: PXE-T01: File not found, and other errors.<br />
<br />
This has successfully resolved issues with:<br />
{| class="wikitable"<br />
|-<br />
! Device !! NIC<br />
|-<br />
| Acer Iconia Tab w500p || Asix AX88772B USB to Fast Ethernet adapter<br />
|-<br />
|Compal JHL91 || Realtek RTL8139<br />
|}<br />
<br />
<br />
[[Category:Customization]][[Category:Dhcp]][[Category:Pxe]]</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Backing_up_FOG&diff=12594Backing up FOG2019-07-01T20:00:04Z<p>SebastianRoth: </p>
<hr />
<div>=== Overview ===<br />
<br />
Backing up FOG is pretty simple, there are a few directories that need to be backed up, plus the mysql database. The following sections give you an overview of how to backup your FOG system. The following should include everything you should backup/save in order to be able to restore FOG. When backing up the directories below it is recommended that you use '''cp -a''' to ensure that all the rights are maintained. <br />
<br />
As of version 0.14 a script is provided with FOG to make backups easier (not present in 0.32). The script is located at:<br />
<br />
utils/FOGBackup/FOGBackup.sh<br />
<br />
To use this script run:<br />
<br />
./FOGBackup.sh -b [directory]<br />
<br />
With this script you must pass an directory that exists to the script as an argument. This directory is where your backups will be stored. This script can be run as a cron job to make daily backups of your FOG data.<br />
<br />
=== Original Installation Tar File ===<br />
<br />
You should save a copy of the original tar.gz file that was downloaded from FOG/sourceforge. <br />
<br />
=== Web Directory ===<br />
<br />
The web directory is the directory that contains all the php pages for the FOG management portal. The only reason this directory really should be backed up is because it contains the '''reports''' directory which may contain custom reports. We recommend that you save the entire web directory because in the future we may add new sections that may have custom, or user data. <br />
<br />
=== OPT Directory ===<br />
<br />
The /opt/fog directory contains the directory that holds snapins, The /opt/fog directory should be backed up along with all its sub directories. <br />
<br />
=== Images Directory ===<br />
<br />
This is the tough one, the images directory located at '''/images'''. This holds the partition images and it could be '''VERY''' large.<br />
<br />
=== MySQL Database ===<br />
<br />
MySql holds all the data for FOG, like all your host, image, printer, snapin and inventory information. You can backup your mysql data with the following command:<br />
<br />
mysqldump --allow-keywords -x -v fog > fogbackup.sql</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Migrate_images_manually&diff=12593Migrate images manually2019-04-26T18:33:24Z<p>SebastianRoth: /* Image files */</p>
<hr />
<div>This describes how to manually migrate all images to a new server.<br />
<br />
Related article: [[Migrate FOG]]<br />
<br />
= Image directory =<br />
<br />
Make sure your image directory on the destination server has the hidden marker files:<br />
<br />
<pre>touch /images/.mntcheck /images/dev/.mntcheck</pre><br />
<br />
= Image files =<br />
<br />
Below are many options for migrating all images. This article assumes you have FOG installed already on the new server, because the installer would setup FTP and NFS for you. Fog doesn't setup Samba but an example of how to use a Samba share is included. Where you see x.x.x.x, this is the old storage node's IP address. These commands are written to be run on the new storage node, however they can be altered to run on the old storage node.<br />
<br />
== using lftp ==<br />
<br />
<pre>lftp -c 'open x.x.x.x; user UserGoesHere PasswordHere; mirror -e /images/TheImagePath /images/TheImagePath; quit'</pre><br />
<br />
Example:<br />
<br />
<pre><br />
lftp -c 'open 10.0.0.4; user fog MyAwesomePassword; mirror -e /images /images; quit'<br />
</pre><br />
<br />
<br />
== using NFS ==<br />
<br />
<pre><br />
mount x.x.x.x:/<remote source> <local mount point><br />
cp -R /<local mount point>/* /<local destination><br />
umount <local mount point><br />
</pre><br />
<br />
Example:<br />
<br />
<pre><br />
mkdir /tempMount<br />
mount 10.0.0.4:/images /tempMount<br />
cp -R /tempMount/* /images<br />
umount /tempMount<br />
</pre><br />
<br />
== Using Samba ==<br />
<br />
<pre><br />
mkdir /LocalMountPointHere<br />
mount -t cifs //x.x.x.x/ShareNameGoesHere /LocalMountPointHere -o username=YourUsernameGoesHere -o password=YourPasswordGoesHere,noexec<br />
cp -r /LocalMountPointHere/* /DestinationHere<br />
umount /LocalMountPointHere<br />
</pre><br />
<br />
Example:<br />
<br />
<pre><br />
mkdir /tempMount<br />
mount -t cifs //10.0.0.4/images /tempMount -o username=root -o password=MyAwesomePassword,noexec<br />
cp -r /tempMount/* /images<br />
umount /tempMount<br />
</pre><br />
<br />
== Using SCP ==<br />
<br />
<pre>scp -r root@x.x.x.x:/images/* /images</pre><br />
<br />
Example:<br />
<br />
<pre><br />
scp -r root@10.0.0.4:/images/* /images<br />
</pre><br />
<br />
=== Enabling ssh root access on Ubuntu/Debian ===<br />
<br />
Install ssh<br />
<pre><br />
apt-get install openssh-server -y<br />
</pre><br />
<br />
Then adjust the ssh config file to allow root to log in. The configuration file is located at <font color="red">/etc/ssh/sshd_config</font> Change the line "<font color="red">PermitRootLogin</font>" to be yes instead of whatever the default is.<br />
The line should look like this when you're done: <font color="red">PermitRootLogin yes</font><br />
Use the text editor of your choice to do it. I like to use Vi.<br />
<br />
<pre><br />
vi /etc/ssh/sshd_config<br />
</pre><br />
<br />
Instructions on using VI: [[Vi]]<br />
<br />
Then you should enable and restart sshd, follow steps below.<br />
<br />
<pre><br />
systemctl enable sshd<br />
systemctl restart sshd<br />
</pre><br />
<br />
You should now be able to ssh and SCP to and from your Ubuntu/Debian box.<br />
<br />
== Using rsync ==<br />
<br />
<pre><br />
rsync -a root@x.x.x.x:/images/* /images<br />
</pre><br />
<br />
Example:<br />
<br />
<pre><br />
rsync -a root@10.0.0.4:/images* /images<br />
</pre><br />
<br />
= Image Definitions =<br />
<br />
Image definitions are what's stored in the database, and what is displayed in the web interface. There are DB entries for each image. Image definitions do not automatically appear just because the image files are present on the storage node, this is a common misconception.<br />
<br />
You may recreate these manually, but you '''must''' recreate them exactly as they were on the old server. The image path '''must''' be exact and is '''case sensitive''', the image OS and image type '''must''' be set exactly as in the old server as well. <br />
<br />
The easiest option is to use FOG's export/import feature inside of Image Management.</div>SebastianRothhttps://wiki.fogproject.org/wiki/index.php?title=Build_TomElliott_Kernel&diff=12592Build TomElliott Kernel2018-12-16T12:19:14Z<p>SebastianRoth: /* Additional Patches */</p>
<hr />
<div>'''PRE BUILD ENVIRONMENT IS ASSUMED ALREADY INSTALLED ON THE SYSTEM YOU'RE BUILDING'''<br />
NOTE: It is assumed you have root access to the system you're building this on. It also assumes you know your CWD (Current Working Directory).<br />
= Build TomElliott Kernel for FOG 0.32 and earlier=<br />
The below instructions are to build the TomElliott kernel. There is an extra step involved compared to the normal kernel build as there are firmware's built directly into the kernels now.<br />
== Download the Kernel ==<br />
As of the time of this writing kernel 3.13 is the latest. You can use previous, or future kernels as well though.<br />
<pre>wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.13.tar.xz</pre><br />
<br />
== Uncompress the kernel ==<br />
<pre>tar -xf linux-3.13.tar.xz</pre><br />
<br />
== Go into uncompressed linux kernel directory ==<br />
<pre>cd linux-3.13</pre><br />
<br />
== Get the config file ==<br />
<pre>wget https://svn.code.sf.net/p/freeghost/code/trunk/kernel/TomElliott.config.32 -O .config</pre><br />
<br />
== Download the prerequisite package '''(THE EXTRA STEP IS HERE)''' ==<br />
<pre>git clone git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git</pre><br />
<br />
== Prepare the build ==<br />
<pre>make ARCH=i386 menuconfig</pre><br />
Add any choices, or don't but when you exit, it will ask you to save the config, '''NEEDED'''.<br />
<br />
After you've saved the config.<br />
<br />
== Build the bzImage ==<br />
<pre>make ARCH=i386 bzImage</pre><br />
<br />
This will take a while. Once successful, it will say bzImage created.<br />
<br />
== Copy the built kernel to your FOG Server's kernel directory. ==<br />
NOTE: In my example, the FOG Server is the same as my build system.<br />
NOTE: Recommend to make a backup of the original /tftpboot/fog/kernel/bzImage before continuing just in case.<br />
<pre>cp arch/x86/boot/bzImage /tftpboot/fog/kernel/bzImage</pre><br />
= Build TomElliott Kernel for FOG 0.33b and newer=<br />
The below instructions are to build the TomElliott kernel. There is an extra step involved compared to the normal kernel build as there are firmware's built directly into the kernels now.<br />
== Download the Kernel ==<br />
As of the time of this writing kernel 4.17 is the latest. You can use previous, or future kernels as well though.<br />
<pre>wget https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.17.tar.xz</pre><br />
<br />
== Uncompress the kernel ==<br />
<pre>tar -xf linux-4.17.tar.xz</pre><br />
<br />
== Go into uncompressed linux kernel directory ==<br />
<pre>cd linux-4.17</pre><br />
<br />
== Get the config file ==<br />
===To Build 32 bit Kernel===<br />
<pre>wget -O .config https://github.com/FOGProject/fos/raw/master/configs/kernelx86.config</pre><br />
===To Build 64 bit Kernel===<br />
<pre>wget -O .config https://github.com/FOGProject/fos/raw/master/configs/kernelx64.config</pre><br />
== Download the prerequisite package '''(THE EXTRA STEP IS HERE)''' ==<br />
<pre>git clone git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git</pre><br />
<br />
== Prepare the build ==<br />
===To Build 32 bit Kernel===<br />
<pre>make ARCH=i386 oldconfig</pre><br />
===To Build 64 bit Kernel===<br />
'''NOTE: MUST BE ON A 64 BIT OS'''<br />
<pre>make oldconfig</pre><br />
<br />
In case you want to make changes to the config run:<br />
<pre>make ARCH=i386 menuconfig</pre><br />
or<br />
<pre>make oldconfig</pre><br />
<br />
Make sure to save when exiting the menuconfig.<br />
<br />
== Build the bzImage ==<br />
===To Build 32 bit Kernel===<br />
<pre>make ARCH=i386 bzImage</pre><br />
===To Build 64 bit Kernel===<br />
<pre>make bzImage</pre><br />
<br />
This will take a while. Once successful, it will say bzImage created.<br />
<br />
== Copy the built kernel to your FOG Server's kernel directory. ==<br />
NOTE: In my example, the FOG Server is the same as my build system.<br />
NOTE: Recommend to make a backup of the original /var/www/html/fog/service/ipxe/bzImage before continuing just in case.<br />
<pre>cp arch/x86/boot/bzImage /var/www/html/fog/service/ipxe/bzImage</pre><br />
or<br />
<pre>cp arch/x86/boot/bzImage /var/www/html/fog/service/ipxe/bzImage32</pre><br />
<br />
= Additional Patches =<br />
Edit the files within the linux decompressed folder:<br />
== drivers/net/usb/r8152.c ==<br />
https://forums.fogproject.org/topic/12465/microsoft-surface-go-usb-c-to-ethernet-adapter-compatibility<br />
Search for <pre>REALTEK_USB_DEVICE(VENDOR_ID_REALTEK</pre> and add this line:<br />
<pre><br />
{REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x0927)}<br />
</pre><br />
<br />
== drivers/scsi/storvsc_drv.c ==<br />
This is an important patch to help prevent from major performance issues in HyperV: https://forums.fogproject.org/topic/6695/performance-decrease-using-hyper-v-win10-clients<br />
<br />
Search for <pre>blk_queue_virt_boundary</pre><br />
<br />
Delete the line and add:<br />
<pre><br />
if (PAGE_SIZE - 1 < 4096) {<br />
blk_queue_virt_boundary(sdevice->request_queue, 4096);<br />
} else {<br />
blk_queue_virt_boundary(sdevice->request_queue, PAGE_SIZE - 1);<br />
}<br />
</pre></div>SebastianRoth