A guide to deployment, management, And concept overview For FOG.
Based on a document by: Thomas J. Munn CISSP
This document is intended to be modified by FOG users, in fact it is based on a document created by a FOG user. If you feel something could be said better or put more clearly, it is encouraged that you make changes to this document. We just ask that you keep it constructive and in good taste. In order to edit the wiki you are now required to create an account, as spamming of the forum has gotten pretty bad recently.
- What is FOG?
FOG is a Linux-based, free and open source computer imaging solution for Windows XP, Windows Vista, Windows 7, Windows 8, and Linux (limited) that ties together a few open-source tools with a php-based web interface. FOG doesn't use any boot disks, or CDs; everything is done via TFTP and PXE. Your PC boots via PXE and automatically downloads a small Linux client. From there you can select many activities on the PC, including imaging the hard drive. Also with FOG many network drivers are built into the Linux client's kernel, so you don't really need to worry about nic drivers (unless there isn't kernel support for it yet). FOG also supports putting an image that came from a computer with a 80GB partition onto a machine with a 40GB hard drive as long as the data is less than 40GB. FOG supports multi-casting, meaning that you can image many PCs from the same stream. So it should be as fast whether you are imaging 1 PC or 20 PCs.
- How should FOG be implemented?
FOG is best implemented on a dedicated server, any spare machine you have. We recommend that you have sufficient hard drive space as each image you make is usually between 5 and 10 GB. Using a RAID array allows imaging multiple computers simultaneously without much performance degradation. A gigabit NIC is recommended. For faster image compression and decompression, provide as much processor and RAM as you can make available.
- What features are included with FOG?
FOG is more than just an imaging solution, FOG has grown into an imaging/cloning and network management solution. FOG now performs tasks like installing and managing printers, tracking user access to computers, installing applications remotely via snap-ins, automatic user log offs and computer shutdown on idle timeouts. If a computer is badly infected with a virus or malware, you can boot FOG in AV mode and have it remove the viruses. You can wipe your disks, destroying all information that was on them, restore deleted files, or scan the disk for bad blocks.
- How much does FOG cost?
FOG is an Open Source project and licensed under the GPL which means that you are free to use FOG on as many computers as you like for free. This also means that if you want to make any changes to the source code you are free to do so. The creators of FOG make no profits from this project with the exception of donations. FOG comes with absolutely NO WARRANTY and the creators of FOG are in NO WAY RESPONSIBLE FOR ANY DAMAGE OR LOSS CAUSED BY FOG! Please see the license file included with the FOG release for more information. With that being said we attempt to do a very good job of supporting our users, in fact it is one of the goals of FOG to have better support than most commercial products. All support requests should be placed through the FOG's forum which is located at: http://fogproject.org/forum/ Thanks for supporting open source software and enjoy!
Background on FOG
- Why FOG?
Working in an educational environment our organization's techs very often re-imaged computers in their day to day activities. For a long time we used a commercial product that in many ways didn't meet our needs. It wasn't web based, and you needed to create driver disks, floppys or USB drives. Other things were very difficult, such as searching for a host by MAC address and the product was expensive, even with an educational discount. So we started to investigate ways in which we could do things better, and as our organization struggled to make a commercial product work better by trying to pxe boot dos, and testing it in Windows PE, we, the FOG Team started to build linux based solution on our own time. We finally got a working version and decided to release it as open source since we use many other open source products, and figured we should give back to the community.
This section provides some basic concepts that the FOG Project uses.
- Accessible from Host Management --> Select Host --> Basic Tasks
- Accessible from Group Management --> Select Group --> Basic Tasks
- Accessible from Fog iPXE Menu
- This occurs when scheduling a "Download" task, "Quick Image", or during "Full Registration" the user selects image after registration. The server (or storage node) will directly send packets (the image) to that Host's MAC address.(aka. TCP) This is excellent for directing network traffic. This can be performed under Groups running multiple unicasts to multiple hosts. However, all the hosts will not finish at exactly the same time.
- Since unicast does not rely or communicate with others in a group it is unaffected by "hung up" host
- Accessible from Group Management --> Select Group --> Basic Tasks
- Accessible Image Management --> Multicast Image
- This occurs when scheduling a "Multi-Cast" task from Groups. The server (or storage node) will wait for all Host computers to be network booted. Once all hosts have registered for the task the packets will be sent out out to the entire network.(aka. UDP) Packets are sent and received exactly the same. Image may not complete exactly the same time
- Down side to this is if one host gets hung up then the entire process is stopped till that host catches up
- Currently not working.
- Accessible from Host Management --> Select Host --> Basic Tasks --> Advanced
- Accessible from Group Management --> Select Group --> Basic Tasks --> Advanced
- The image is broken down into chunks and indexed to create a torrent file.
- The server (or storage node) beings creates the torrent and starts seeding. The hosts request the torrent and start downloading chunks for the torrent. Once a chunk is received then the hosts will seed that chunk to other hosts. Once torrent is done downloading it will start imaging. Then the partition is rewritten to accomidate the size needed to download the files originally.
- If one host gets "hung up" the other host are not affected, but marginal time and speed are lost.
What is iPXE and the difference between the files? Check out the iPXE page.</li></UL>
FOG is a typical LAMP software bundle, so the main server is a Linux box. The rest of the components: Apache, MySQL, PHP, and several other services, are automatically downloaded and installed by the FOG installation script.
This listing is for informational purposes only, as the required components will be automatically downloaded and installed by the FOG installation script.
- PHP 5.3.0+
- MySql 5+
- Apache 2+
The LAMP setup can also be easily adjusted for a "WAMP (Windows Apache MySQL PHP) system" though will require a bit more knowledge of what packages to use and how to integrate with the FOG system.
Installation on different distributions of Linux
Click below for step-by-step guides written for your favorite flavor of Linux:
- Red Hat
- Red Hat Enterprise Linux (RHEL) - 5.3
Basic Network Setup
The FOG setup script asks several questions which might not be obvious. These sections describe only the most generic settings.
- Isolated Network
The easiest method to image machines and get started using FOG is on a small, isolated network. The FOG setup program will configure all the necessary services for you completely automatically. This section covers only those basic steps.
See FOG on an Isolated Network
- Integrating FOG Server with Existing Network Systems
Slightly more complicated is the task of integrating FOG into your existing network infrastructure. This section attempts to describe the steps to link FOG with a fairly generic enterprise system.
See Integrating FOG into an Existing Network
Advanced Network Setup
Integrating FOG Server with Existing Network Systems in non intrusive mode using MAC filtration
This methods allows to use Fog in existing network without the need of controlling existing DHCP server. Requires you to input the MAC address of FOG clients. See Integrating FOG into an Existing Network in non intrusive mode
Integrating FOG server into an existing network in non intrusive mode using ProxyDHCP
This methods allows to use Fog in existing network without the need of controlling existing DHCP server. Does NOT required you to input the MAC addresses of FOG clients. See Setting up ProxyDHCP.
Wake On Lan (WOL)
Full Listing of Ports used by FOG server and client
FTP – tcp 20,21
SSH – tcp 22
TFTP – udp 69
HTTP(s) – tcp 80,443
Portmap – tcp/udp 111
NFS – tcp/udp 2049
Transfer ports – tcp/udp 1024 – 65535
As found at: http://fogproject.org/forum/threads/firewall-config.27/
Quick Start - Basic Tasks
So you have a FOG server installed and setup, now what do you do? Below are a few common "Getting Started" items.
- Booting into FOG and Uploading your first Image
- Deploying your Image a single client
- Deploying your Image a group of clients
- FOG requires that all hosts be entered in the FOG Database for imaging. The most important part is getting the MAC address of the host right. FOG uses the MAC for targeting image installs and acquires. Using the wrong MAC could result in unpredictable results, including the complete erasure of the wrong pc! The IP address isn’t that important, and the ‘name’ field is more for the user. Mac address format is 00:12:3F:C4:57:0C . Using dashes, spaces, or no items at all will result in the GUI not accepting the host.
- After hosts are entered, it is wise to group them together by function, hardware, or common image. The image will be shared among all members of a particular group. This occurs within the ‘hosts’ screen, and NOT on the groups screen. This is a little confusing, so it helps to think of the ‘groups’ screen as a task generator, rather than controlling group memberships.
- For importing hosts in a .csv file follow the format below: 1 line per host:
"00:c0:4f:18:62:63","Hostname","22.214.171.124","Your description","XP/Vista","Image filename to use"
- Hosts are then configured to boot via PXE boot by going into the BIOS. Make sure PXE boot is the FIRST option, NOT the hard disk, or things won’t work.
- Configure your ‘master’ pc for the first image. Probably a good idea to run ‘sysprep’ prior to imaging, but not necessary. Sysprep will make your imaging life easier, if hardware is different, etc. See Microsoft.com for more details on using sysprep.
Preparing a HOST for Cloning
- Key Term: Host --> The computer that will be registered to FOG and imaged(upload/download). Client usually refers to the Client service later described in this guide.
FOG's strength can be better harnessed if some time and work is put into preparing a master image that fits the needs of your environment.
This section covers Host preparation steps that will save you time and headaches like:
It also covers more advanced ideas that are guaranteed to cause headaches, like:
- Sysprep, Hardware-Independent Images (HAL), and Driver integration.
- Sysprep, Hardware-Independent Images (HAL), and Driver integration.
Read more about Host Setup
The FOG web interface is your primary management console. It is very well-documented in the pages linked below:
The Main Managing FOG Document
The link above opens the Main Managing FOG document and has a Table of Contents of its own.
Subcategories within the Managing Fog section include the following sections:
- Understanding the FOG Dashboard
Provides an overview of the GUI and explains the symbols used on the Menu Bar.
- Managing Hosts
This section covers management tasks such as: Adding a new host, Managing Hosts, Host Status, and Creating Host Groups.
- Managing Groups of Hosts
This section provides an Overview of sorting hosts into useful Groups, and provides instruction on Managing Groups.
- Defining and Managing Images
Defines types of images: Single Partition | Multiple Partition - Single Disk | Multiple Partition - All Disks | Raw Image
Also describes Creating, Modifying Image Objects, and Adding Images to Existing Objects.
- Storage Management - adding additional Storage Nodes
This section introduces the concept of Storage Nodes, which provide scalability to FOG with the ability to "share the load of computers being imaged."
Also covered are Adding Storage Nodes, Monitoring Image Replication between nodes, and Understanding the role of the "Master Node" in a group.
In addition, this section details the necessary steps to include PXE and TFTP Services for a node located on a remote network segment.
- Defining types of Administrative FOG Users
The difference between a regular FOG user and a Mobile user
Also covered are Creating and Modifying FOG user accounts
This is a major section of FOG Management because all day-to-day client management is initiated within the FOG Tasks section.
The Overview Section provides a quick list of tasks available within FOG.
General Tasks - Basic Imaging Tasks:
- Uploading an image (includes video tutorial)
Deploying an image
- Uploading an image (includes video tutorial)
Advanced Tasks - Describes tasks other than imaging:
Upload - Unicast (Debug)
Send - Unicast (Debug)
Send - Unicast (Without Snapins)
Deploy All Snapins
Deploy Single Snapin
Disk Surface Test
Delayed Tasks, or Scheduling Tasks in the future
Adding Printers to FOG
How to add printers to FOG. This allows the FOG Service to manage printers on FOG Clients
A service that runs on client computers allowing FOG to better manage them. Provides AD Integration, the ability to change a Hostname, Green Power management, Snap-in installation, User tracking, Printer Management, and more. See the Overview for a more complete list.
The FOG client can be partially or fully-enabled by modifying the ini file.
Installing the FOG Client
A typical client installation, Silent installation, and a video tutorial.
Advanced Description of FOG Services
More detail on:
- Auto Log Out
- Auto Log Out
- Run these in Administrative Command Prompt(cmd) on the host to allow communication between the FOG Client Service installed on the Host and the FOG Server
- Past setups suggested disabling the firewall and is less secure
netsh advfirewall firewall add rule name="Fog Client" dir=in action=allow program="C:\Program Files\FOG\FOGService.exe" netsh advfirewall firewall add rule name="Fog Service" dir=in action=allow program="C:\Program Files\FOG\FOGServiceConfig.exe" netsh advfirewall firewall add rule name="Fog Tray" dir=in action=allow program="C:\Program Files\FOG\FOGTray.exe"
Updating the FOG Client
How to update the FOG client.
The FOG Tray
Describes the Windows application that runs in the taskbar
Troubleshooting the FOG Client
Log file location
A FOG Snap-in is anything that can be run on a Windows client. This can be just about anything, including: installing applications like Firefox or Microsoft Office, adding an icon or shortcut to the desktop, or tweaking a registry key. This section covers Creating a Snap-in, adjusting the FOG server to handle snap-ins larger than 2MB, Uploading the Snap-in into the FOG system, and Linking the Snap-in to hosts.
Plugins enhance FOG's functionality. See Plugins to activate and manage plugins.
- Allows you to link with a LDAP server to add an user validation
- You can add mulitple LDAP servers
- You can config the DN base and the port of the LDAP Server
- If FOG can not connect with the LDAP Server, FOG tries to do a local validation
- If the user does not exist, FOG create one with the mobile profile
- Allows you to direct hosts at separate locations and manage through a centralized server
- Hosts will be imaged from their location setup, rather than trying to pull from a random node/server across, potentially, WAN links
- Same works for "Tftp" in that it will direct the host to get it's kernel and init from it's related location
- Can also be used to direct the host to download it's snapins from the relevant location
Access Control Plugin
- NOT Currently ready
- To give a layer of security and control over the task and imaging processes as well as limit the GUI items from "designated" controls
- For Example: IT vs. Regular User
- Ideally for retail markets and computer shops
- The Capone plugin allows FOG to recognize similar hardware platforms and push your specified image to them with minimal (or no) interaction
- In FOG terms a "Quick Image" without any registration
- Obsolete As of FOG v1.3.0-r2651 the fog user can now add Quick Image to the Fog iPXE Menu(For All Hosts) and then select the exact image desired without having to do any registration. BUT intervention is still required to start imaging.
WOL Broadcast Plugin
- Allowing the Fog user to specify different broadcast address on your network
- WOL will use those set values to send the WOL Packets to the broadcast addresses, rather than staying only on layer 2
- WOL packets operate at the layer 2 of a network meaning that it can only reach it's "Subnet"
- WOL Broadcast directly tells a packet to send to other broadcast addresses so that it network passes on the traffic
- If you would like to create your own plugins here is a template to follow.
FOG Server Maintenance
Separate TFTP and DHCP Server
In this setup, the TFTP server and the DHCP server are hosted on a separate server. The TFTP server holds the PXE boot files including the Linux Kernel, boot file system image, and pxe config files. The DHCP server is the server that assigns the clients with IP addresses and network connection information.
Click here for detailed steps:
Separate TFTP and DHCP Server
Additional TFTP / DHCP Server on separate subnet
This setup allows FOG to manage systems at a remote network location by installing the necessary services to allow clients to PXE boot to a Storage Node:
Including multiple PXE / TFTP servers
This extends the work done in the above article, Including multiple PXE / TFTP servers, and extends it a bit to allow for FOG nodes to be used in various locations that pull from a central server.
Using remote FOG nodes for distributed deployment
Separate NFS Server
Edit the storage node definition with the IP address of your NFS server and set the image location to the path on the nfs server. Make sure it has a file called .mntcheck in the root of the share, a directory called dev and a .mntcheck file in the dev folder.
if you want to mount it on the fog server too, follow these steps:-
- mv /images /imagesold
- mkdir /images
- edit /etc/fstab
For example if your server name is mynfsserver and the share on it is called fogimages
mynfsserver:/fogimages /images nfs defaults 0 0
KNOWN ISSUE You will get an error "Ftp connection to storage server has failed" at the end of uploading images though. You will have to manually rename and move the file from the dev directory to the directory below.
If your NFS server supports ftp as well, enable ftp on it too with the username and password specified in the storage server settings and this message will go away.
Hopefully someone will re-write POST_Stage2.php to change this at some point as if you already have the NFS share mounted why do we do this bit with ftp?
You may also get an infinite loop of the following message:-
"Unable to find a valid task ID based on the clients mac address of: <mac address>".
if you add an @ sign before the ftp commands it appears to have fixed the issue.
so line 133 of /var/www/fog/service/Post_Stage2.php would look like this
if (@ftp_rename ( $ftp, $src, $dest ) || @ftp_rename ( $ftp, $srcdd, $dest ))
Change NFS location
This is not about a seperate NFS server in general, but about how to change the local storage directory and export it correctly.
See Change NFS location for more.
Upgrading to Trunk
- Trunk installs are almost always buggy. This is bleeding edge and if you wish to update to trunk be prepared to update at least once a week or even once a day. At all times developers are making changes to correct problems
Other Advanced Topics
- Building a Custom Kernel
- Creating Custom FOG Service Modules
- Modifying the Init Image
- Translating FOG
- Fog Tweaks
- Bypass Host Registration
- Building undionly.kpxe
- Chainloading PXE to iPXE using pxelinux.0
- Auto driver Install
This section is intended to bring together the most common issues from the forums.
Troubleshooting Installation and Configuration Issues
- Knowledge Base
- Password Central
- Troubleshooting an image push to a client
- Troubleshooting an image upload
- Troubleshooting a multicast
- Troubleshooting Driver Issues
- Speeding up the Graphical User Interface
- Bottleneck / Imaging Speed Issues
- Troubleshooting Host Management Showing Hosts as Down
Appendix C: Alternative Resources
For Microsoft sysprep information, see this page: http://vernalex.com/guides/sysprep/video.shtml
FOG sourceforge page: http://freeghost.sf.net/
Deployment Forum at Edugeek contains many Fog related threads http://www.edugeek.net/forums/o-s-deployment/
About the Developers and other influences
FOG Project Leads (Creators and Developers too)
Chuck Syperski is the lead developer for FOG computer imaging solution. He is a software developer and network integration specialist for a public school district outside of Chicago, IL. Chuck Syperski has a Bachelor of Science in Computer Science from the University of Illinois and is half way done with his master's degree :). He specializes in Java, jsp, jsf, objective C, C, C++, C#, perl and php. You can contact Chuck Syperski directly via sourceforge as the following link:
Chuck Syperski releases other software titles through his company CWS Software LLC
His username on the FOG forums is Chuck Syperski
His username on the FOG forums is Jian Zhang
- Jaymes "loves dnsmasq" Driver
Jaymes is an aspiring software engineer and Ubuntu nut. He began working on his degree at University of Advancing Technology in Tempe, AZ but currently works as a Technology Support Specialist for Seymour Community School Corporation out of Seymour, IN. Jaymes spends his time breaking what isn't broken, and working on private projects that deal in html, php, and mysql. You can contact Jaymes by using the FOG forums.
His username on the FOG forums is Jaymes Driver
- Senior Developer
Tom Elliott is the Senior Developer for FOG computer imaging solution. He is a technical support specialist for Burlington School District in Burlington, VT. Tom Elliott has a Bachelor of Science in Information Technology (BSIT) Information Systems Security from the University of Phoenix. Currently looking at Master's programs. He also served 8 years active duty service with the United States Army as a Signal Support Systems Specialist. You can contact him directly via email at firstname.lastname@example.org, email@example.com, or on the FOG Forums.
His username on the FOG forums is Tom Elliott
- LDAP Plugin Creator
His username on the FOG forums is Fernando Geitz
Greg Grammon a PC Support Technician for Fort Hays State University in Hays, KS. Greg Grammon has a Bachelor of Science in Information Networking and Telecommunications from Fort Hays State University.
His username on the FOG forums is Junkhacker.
His username on the FOG forums is fractal13
Gilles helps developping FOG (Web UI, and linux client code) and provides insights on how to drive the project. He is specialized in IT administration and virtualization, and provides training and consulting for FOG through a training center in France (in Paris, Nantes, Lille, Lyon, Toulouse...). You can find DAWAN's training offer here: http://www.dawan.fr/formations/reseaux/deploiement/fog--deploiement-d-images-initiation-approfondissement
His username on the FOG forums is Gilou
Location Patch Creator
Lee currently works for the NHS Ambulance Service as a Senior IT Engineer. Most of his contributions to the FOG project are related to new feature developments and help drive modular style imaging.
His username on the FOG forums is Lee Rowlett
- Lead developer of the Client.
Joseph Schmitt is currently working towards a degree in Computer Engineering. You can contact him directly via email at firstname.lastname@example.org or on the forums.
His username on the FOG forums is Jbob
His username on the FOG forums is jbsclm
Travis works for a public school district as a computer support specialist. Most of his contributions to the FOG project are related to feature integration and coding on the web UI.
His username on the FOG forums is BPSTravis
Notorious Beta Testers
His name on the FOG forums is Andy Abplanalp
His username on the FOG forums is ianabc
His username on the FOG forums is need2
His username on the FOG forums is Greg Plamondon
Dan works for a public school district in Rockwood, PA, USA as a Technology Assistant. His titles include too many to count and if he takes a day off there are mass panics. Most of his contributions are testing new features, mass troubleshooting and confirming bugs, wiki updates, and suggesting more a simpler streamline FOG. It is his hope FOG will expand and compete with other streamline imaging software and systems.
His username on the FOG forums is Wolfbane8653