FOGUserGuide

From FOGProject Wiki
Jump to: navigation, search

A guide to deployment, management, And concept overview For FOG.

Based on a document by: Thomas J. Munn CISSP

Contents

Introduction

Preface

This document is intended to be modified by FOG users, in fact it is based on a document created by a FOG user. If you feel something could be said better or put more clearly, it is encouraged that you make changes to this document. We just ask that you keep it constructive and in good taste. In order to edit the wiki you are now required to create an account, as spamming of the forum has gotten pretty bad recently.


  • What is FOG?
    FOG is a Linux-based, free and open source computer imaging solution for Windows XP, Windows Vista, Windows 7, Windows 8, and Linux (limited) that ties together a few open-source tools with a php-based web interface. FOG doesn't use any boot disks, or CDs; everything is done via TFTP and PXE. Your PC boots via PXE and automatically downloads a small Linux client. From there you can select many activities on the PC, including imaging the hard drive. Also with FOG many network drivers are built into the Linux client's kernel, so you don't really need to worry about nic drivers (unless there isn't kernel support for it yet). FOG also supports putting an image that came from a computer with a 80GB partition onto a machine with a 40GB hard drive as long as the data is less than 40GB. FOG supports multi-casting, meaning that you can image many PCs from the same stream. So it should be as fast whether you are imaging 1 PC or 20 PCs.

  • How should FOG be implemented?
    FOG is best implemented on a dedicated server, any spare machine you have. We recommend that you have sufficient hard drive space as each image you make is usually between 5 and 10 GB. Using a RAID array allows imaging multiple computers simultaneously without much performance degradation. A gigabit NIC is recommended. For faster image compression and decompression, provide as much processor and RAM as you can make available.

  • What features are included with FOG?
    FOG is more than just an imaging solution, FOG has grown into an imaging/cloning and network management solution. FOG now performs tasks like installing and managing printers, tracking user access to computers, installing applications remotely via snap-ins, automatic user log offs and computer shutdown on idle timeouts. If a computer is badly infected with a virus or malware, you can boot FOG in AV mode and have it remove the viruses. You can wipe your disks, destroying all information that was on them, restore deleted files, or scan the disk for bad blocks.

  • How much does FOG cost?
    FOG is an Open Source project and licensed under the GPL which means that you are free to use FOG on as many computers as you like for free. This also means that if you want to make any changes to the source code you are free to do so. The creators of FOG make no profits from this project with the exception of donations. FOG comes with absolutely NO WARRANTY and the creators of FOG are in NO WAY RESPONSIBLE FOR ANY DAMAGE OR LOSS CAUSED BY FOG! Please see the license file included with the FOG release for more information. With that being said we attempt to do a very good job of supporting our users, in fact it is one of the goals of FOG to have better support than most commercial products. All support requests should be placed through the FOG's forum which is located at: http://fogproject.org/forum/ Thanks for supporting open source software and enjoy!

Background on FOG

  • Why FOG?
    Working in an educational environment our organization's techs very often re-imaged computers in their day to day activities. For a long time we used a commercial product that in many ways didn't meet our needs. It wasn't web based, and you needed to create driver disks, floppys or USB drives. Other things were very difficult, such as searching for a host by MAC address and the product was expensive, even with an educational discount. So we started to investigate ways in which we could do things better, and as our organization struggled to make a commercial product work better by trying to pxe boot dos, and testing it in Windows PE, we, the FOG Team started to build linux based solution on our own time. We finally got a working version and decided to release it as open source since we use many other open source products, and figured we should give back to the community.

Fundamental Concepts

This section provides some basic concepts that the FOG Project uses.

Unicast

  • Accessible from Host Management --> Select Host --> Basic Tasks
  • Accessible from Group Management --> Select Group --> Basic Tasks
  • Accessible from Fog iPXE Menu
  • This occurs when scheduling a "Download" task, "Quick Image", or during "Full Registration" the user selects image after registration. The server (or storage node) will directly send packets (the image) to that Host's MAC address.(aka. TCP) This is excellent for directing network traffic. This can be performed under Groups running multiple unicasts to multiple hosts. However, all the hosts will not finish at exactly the same time.
  • Since unicast does not rely or communicate with others in a group it is unaffected by "hung up" host

Multicast

  • Accessible from Group Management --> Select Group --> Basic Tasks
  • Accessible Image Management --> Multicast Image
  • This occurs when scheduling a "Multi-Cast" task from Groups. The server (or storage node) will wait for all Host computers to be network booted. Once all hosts have registered for the task the packets will be sent out out to the entire network.(aka. UDP) Packets are sent and received exactly the same. Image may not complete exactly the same time
  • Down side to this is if one host gets hung up then the entire process is stopped till that host catches up
  • Multicasting

Torrent-Cast

  • Currently not working.
  • Accessible from Host Management --> Select Host --> Basic Tasks --> Advanced
  • Accessible from Group Management --> Select Group --> Basic Tasks --> Advanced
  • The image is broken down into chunks and indexed to create a torrent file.
  • The server (or storage node) beings creates the torrent and starts seeding. The hosts request the torrent and start downloading chunks for the torrent. Once a chunk is received then the hosts will seed that chunk to other hosts. Once torrent is done downloading it will start imaging. Then the partition is rewritten to accomidate the size needed to download the files originally.
  • If one host gets "hung up" the other host are not affected, but marginal time and speed are lost.
  • PXE Network Bootstrap loading
    What is iPXE and the difference between the files? Check out the iPXE page.</li></UL>

    Installing FOG

    FOG is a typical LAMP software bundle, so the main server is a Linux box. The rest of the components: Apache, MySQL, PHP, and several other services, are automatically downloaded and installed by the FOG installation script.

    Requirements

    This listing is for informational purposes only, as the required components will be automatically downloaded and installed by the FOG installation script.

    • PHP 5.3.0+
    • MySql 5+
    • Apache 2+

    The LAMP setup can also be easily adjusted for a "WAMP (Windows Apache MySQL PHP) system" though will require a bit more knowledge of what packages to use and how to integrate with the FOG system.

    Installation on different distributions of Linux

    Click below for step-by-step guides written for your favorite flavor of Linux:

    Network Integration

    Basic Network Setup

    The FOG setup script asks several questions which might not be obvious. These sections describe only the most generic settings.

    • Isolated Network
      The easiest method to image machines and get started using FOG is on a small, isolated network. The FOG setup program will configure all the necessary services for you completely automatically. This section covers only those basic steps.
      See FOG on an Isolated Network

    • Integrating FOG Server with Existing Network Systems
      Slightly more complicated is the task of integrating FOG into your existing network infrastructure. This section attempts to describe the steps to link FOG with a fairly generic enterprise system.
      See Integrating FOG into an Existing Network

    Advanced Network Setup

    Integrating FOG Server with Existing Network Systems in non intrusive mode using MAC filtration

    This methods allows to use Fog in existing network without the need of controlling existing DHCP server. Requires you to input the MAC address of FOG clients. See Integrating FOG into an Existing Network in non intrusive mode

    Integrating FOG server into an existing network in non intrusive mode using ProxyDHCP

    This methods allows to use Fog in existing network without the need of controlling existing DHCP server. Does NOT required you to input the MAC addresses of FOG clients. See Setting up ProxyDHCP.

    Wake On Lan (WOL)

    Multicast/UDPCast

    Full Listing of Ports used by FOG server and client

    FTP – tcp 20,21
    SSH – tcp 22
    TFTP – udp 69
    HTTP(s) – tcp 80,443
    Portmap – tcp/udp 111
    NFS – tcp/udp 2049
    Transfer ports – tcp/udp 1024 – 65535
    As found at: http://fogproject.org/forum/threads/firewall-config.27/

    Getting Started

    Quick Start - Basic Tasks

    So you have a FOG server installed and setup, now what do you do? Below are a few common "Getting Started" items.

    1. Booting into FOG and Uploading your first Image
    2. Deploying your Image a single client
    3. Deploying your Image a group of clients

    Tips

    1. FOG requires that all hosts be entered in the FOG Database for imaging. The most important part is getting the MAC address of the host right. FOG uses the MAC for targeting image installs and acquires. Using the wrong MAC could result in unpredictable results, including the complete erasure of the wrong pc! The IP address isn’t that important, and the ‘name’ field is more for the user. Mac address format is 00:12:3F:C4:57:0C . Using dashes, spaces, or no items at all will result in the GUI not accepting the host.
    2. After hosts are entered, it is wise to group them together by function, hardware, or common image. The image will be shared among all members of a particular group. This occurs within the ‘hosts’ screen, and NOT on the groups screen. This is a little confusing, so it helps to think of the ‘groups’ screen as a task generator, rather than controlling group memberships.
    3. For importing hosts in a .csv file follow the format below: 1 line per host:
      "00:c0:4f:18:62:63","Hostname","1.1.1.1","Your description","XP/Vista","Image filename to use"
    4. Hosts are then configured to boot via PXE boot by going into the BIOS. Make sure PXE boot is the FIRST option, NOT the hard disk, or things won’t work.
    5. Configure your ‘master’ pc for the first image. Probably a good idea to run ‘sysprep’ prior to imaging, but not necessary. Sysprep will make your imaging life easier, if hardware is different, etc. See Microsoft.com for more details on using sysprep.

    Preparing a HOST for Cloning

    • Key Term: Host --> The computer that will be registered to FOG and imaged(upload/download). Client usually refers to the Client service later described in this guide.

    FOG's strength can be better harnessed if some time and work is put into preparing a master image that fits the needs of your environment.
    This section covers Host preparation steps that will save you time and headaches like:

    Setting a Default User Profile
    Installing Windows Updates
    Pre-Installing the FOG service, etc.

    It also covers more advanced ideas that are guaranteed to cause headaches, like:

    Sysprep, Hardware-Independent Images (HAL), and Driver integration.

    Read more about Host Setup

    FOG Benchmarks

    Internal Benchmarks

    Managing FOG

    The FOG web interface is your primary management console. It is very well-documented in the pages linked below:

    The Main Managing FOG Document

    The link above opens the Main Managing FOG document and has a Table of Contents of its own.
    Subcategories within the Managing Fog section include the following sections:

    FOG Tasks

    This is a major section of FOG Management because all day-to-day client management is initiated within the FOG Tasks section.
    The Overview Section provides a quick list of tasks available within FOG.
    General Tasks - Basic Imaging Tasks:

    Uploading an image (includes video tutorial)
    Deploying an image
    Multicasting

    Advanced Tasks - Describes tasks other than imaging:

    Debug
    Upload - Unicast (Debug)
    Send - Unicast (Debug)
    Send - Unicast (Without Snapins)
    Deploy All Snapins
    Deploy Single Snapin
    Memory Test
    Wake Up
    Fast Wipe
    Normal Wipe
    Full Wipe
    Disk Surface Test
    File Recovery
    Virus Scan
    Hardware Inventory
    Donate
    Torrent-Cast

    Delayed Tasks, or Scheduling Tasks in the future

    Describes advanced settings available for scheduling tasks including Shutdown after Execution, Single Task scheduling, and setting a CRON-Style Task.

    Adding Printers to FOG

    How to add printers to FOG. This allows the FOG Service to manage printers on FOG Clients

    The FOG Client Service

    A service that runs on client computers allowing FOG to better manage them. Provides AD Integration, the ability to change a Hostname, Green Power management, Snap-in installation, User tracking, Printer Management, and more. See the Overview for a more complete list.
    The FOG client can be partially or fully-enabled by modifying the ini file.

    Installing the FOG Client

    A typical client installation, Silent installation, and a video tutorial.

    Advanced Description of FOG Services

    More detail on:

    Auto Log Out
    Hostname Changer
    Host Register
    Task Reboot
    Directory Cleaner
    Display Manager
    Green FOG
    Snapin Client
    User Tracker
    User Cleanup
    Printer Manager
    Client Updater

    Firewall Exceptions

    • Run these in Administrative Command Prompt(cmd) on the host to allow communication between the FOG Client Service installed on the Host and the FOG Server
    • Past setups suggested disabling the firewall and is less secure
        netsh advfirewall firewall add rule name="Fog Client" dir=in action=allow program="C:\Program Files\FOG\FOGService.exe"
        netsh advfirewall firewall add rule name="Fog Service" dir=in action=allow program="C:\Program Files\FOG\FOGServiceConfig.exe"
        netsh advfirewall firewall add rule name="Fog Tray" dir=in action=allow program="C:\Program Files\FOG\FOGTray.exe"
    

    Updating the FOG Client

    How to update the FOG client.

    The FOG Tray

    Describes the Windows application that runs in the taskbar

    Troubleshooting the FOG Client

    Log file location

    Snap-ins

    A FOG Snap-in is anything that can be run on a Windows client. This can be just about anything, including: installing applications like Firefox or Microsoft Office, adding an icon or shortcut to the desktop, or tweaking a registry key. This section covers Creating a Snap-in, adjusting the FOG server to handle snap-ins larger than 2MB, Uploading the Snap-in into the FOG system, and Linking the Snap-in to hosts.

    FOG Plugins

    Plugins enhance FOG's functionality. See Plugins to activate and manage plugins.

    LDAP Plugin

    • Allows you to link with a LDAP server to add an user validation
    • You can add mulitple LDAP servers
    • You can config the DN base and the port of the LDAP Server
    • If FOG can not connect with the LDAP Server, FOG tries to do a local validation
    • If the user does not exist, FOG create one with the mobile profile

    Location Plugin

    • Allows you to direct hosts at separate locations and manage through a centralized server
    • Hosts will be imaged from their location setup, rather than trying to pull from a random node/server across, potentially, WAN links
    • Same works for "Tftp" in that it will direct the host to get it's kernel and init from it's related location
    • Can also be used to direct the host to download it's snapins from the relevant location

    Access Control Plugin

    • NOT Currently ready
    • To give a layer of security and control over the task and imaging processes as well as limit the GUI items from "designated" controls
    • For Example: IT vs. Regular User

    Capone Plugin

    • Ideally for retail markets and computer shops
    • The Capone plugin allows FOG to recognize similar hardware platforms and push your specified image to them with minimal (or no) interaction
    • In FOG terms a "Quick Image" without any registration
    • Obsolete As of FOG v1.3.0-r2651 the fog user can now add Quick Image to the Fog iPXE Menu(For All Hosts) and then select the exact image desired without having to do any registration. BUT intervention is still required to start imaging.

    WOL Broadcast Plugin

    • Allowing the Fog user to specify different broadcast address on your network
    • WOL will use those set values to send the WOL Packets to the broadcast addresses, rather than staying only on layer 2
    • WOL packets operate at the layer 2 of a network meaning that it can only reach it's "Subnet"
    • WOL Broadcast directly tells a packet to send to other broadcast addresses so that it network passes on the traffic

    Example Plugin

    • If you would like to create your own plugins here is a template to follow.

    FOG Server Maintenance

    Advanced Installations

    Separate TFTP and DHCP Server

    In this setup, the TFTP server and the DHCP server are hosted on a separate server. The TFTP server holds the PXE boot files including the Linux Kernel, boot file system image, and pxe config files. The DHCP server is the server that assigns the clients with IP addresses and network connection information.

    Click here for detailed steps:
    Separate TFTP and DHCP Server

    Additional TFTP / DHCP Server on separate subnet

    This setup allows FOG to manage systems at a remote network location by installing the necessary services to allow clients to PXE boot to a Storage Node:
    Including multiple PXE / TFTP servers

    This extends the work done in the above article, Including multiple PXE / TFTP servers, and extends it a bit to allow for FOG nodes to be used in various locations that pull from a central server.
    Using remote FOG nodes for distributed deployment

    Separate NFS Server

    Edit the storage node definition with the IP address of your NFS server and set the image location to the path on the nfs server. Make sure it has a file called .mntcheck in the root of the share, a directory called dev and a .mntcheck file in the dev folder.

    if you want to mount it on the fog server too, follow these steps:-

    • mv /images /imagesold
    • mkdir /images
    • edit /etc/fstab

    For example if your server name is mynfsserver and the share on it is called fogimages

    mynfsserver:/fogimages /images nfs defaults 0 0 

    then type

    mount -a


    KNOWN ISSUE You will get an error "Ftp connection to storage server has failed" at the end of uploading images though. You will have to manually rename and move the file from the dev directory to the directory below.

    If your NFS server supports ftp as well, enable ftp on it too with the username and password specified in the storage server settings and this message will go away.

    Hopefully someone will re-write POST_Stage2.php to change this at some point as if you already have the NFS share mounted why do we do this bit with ftp?

    You may also get an infinite loop of the following message:-

    "Unable to find a valid task ID based on the clients mac address of: <mac address>".

    if you add an @ sign before the ftp commands it appears to have fixed the issue.

    so line 133 of /var/www/fog/service/Post_Stage2.php would look like this

     if (@ftp_rename ( $ftp, $src, $dest ) || @ftp_rename ( $ftp, $srcdd, $dest ))

    Change NFS location

    This is not about a seperate NFS server in general, but about how to change the local storage directory and export it correctly.

    See Change NFS location for more.

    Upgrading to Trunk

    • Trunk installs are almost always buggy. This is bleeding edge and if you wish to update to trunk be prepared to update at least once a week or even once a day. At all times developers are making changes to correct problems
    • Upgrade_to_trunk

    Other Advanced Topics

    Troubleshooting

    This section is intended to bring together the most common issues from the forums.

    Troubleshooting Installation and Configuration Issues

    Appendix C: Alternative Resources

    For Microsoft sysprep information, see this page: http://vernalex.com/guides/sysprep/video.shtml

    FOG install HOWTO: http://www.howtoforge.com/installing-fog-computer-imaging-solution-on-fedora8

    FOG sourceforge page: http://freeghost.sf.net/

    Deployment Forum at Edugeek contains many Fog related threads http://www.edugeek.net/forums/o-s-deployment/

    About the Developers and other influences

    FOG Project Leads (Creators and Developers too)

    Chuck Syperski

    Chuck Syperski is the lead developer for FOG computer imaging solution. He is a software developer and network integration specialist for a public school district outside of Chicago, IL. Chuck Syperski has a Bachelor of Science in Computer Science from the University of Illinois and is half way done with his master's degree :). He specializes in Java, jsp, jsf, objective C, C, C++, C#, perl and php. You can contact Chuck Syperski directly via sourceforge as the following link:

    http://sourceforge.net/users/microleaks/

    Chuck Syperski releases other software titles through his company CWS Software LLC

    His username on the FOG forums is Chuck Syperski

    Jian Zhang

    No Content

    His username on the FOG forums is Jian Zhang

    Community Managers

    Chad-bsid

    No Content

    falko

    No Content

    andyroo54

    No Content

    BryceZ

    No Content

    Kevin

    No Content

    FOG Developers

    Jaymes Driver

    • Jaymes "loves dnsmasq" Driver

    Jaymes is an aspiring software engineer and Ubuntu nut. He began working on his degree at University of Advancing Technology in Tempe, AZ but currently works as a Technology Support Specialist for Seymour Community School Corporation out of Seymour, IN. Jaymes spends his time breaking what isn't broken, and working on private projects that deal in html, php, and mysql. You can contact Jaymes by using the FOG forums.

    His username on the FOG forums is Jaymes Driver

    Tom Elliott

    • Senior Developer

    Tom Elliott is the Senior Developer for FOG computer imaging solution. He is a technical support specialist for Burlington School District in Burlington, VT. Tom Elliott has a Bachelor of Science in Information Technology (BSIT) Information Systems Security from the University of Phoenix. Currently looking at Master's programs. He also served 8 years active duty service with the United States Army as a Signal Support Systems Specialist. You can contact him directly via email at tommygunsster@gmail.com, thomas@mastacontrola.com, or on the FOG Forums.

    His username on the FOG forums is Tom Elliott

    Fernando Gietz

    • LDAP Plugin Creator

    No Content

    His username on the FOG forums is Fernando Geitz

    Peter Gilchrist

    No Content

    Greg Grammon

    Greg Grammon a PC Support Technician for Fort Hays State University in Hays, KS. Greg Grammon has a Bachelor of Science in Information Networking and Telecommunications from Fort Hays State University.

    His username on the FOG forums is Junkhacker.

    Curtis Larsen

    No Content

    His username on the FOG forums is fractal13

    Gilles Pietri

    Gilles helps developping FOG (Web UI, and linux client code) and provides insights on how to drive the project. He is specialized in IT administration and virtualization, and provides training and consulting for FOG through a training center in France (in Paris, Nantes, Lille, Lyon, Toulouse...). You can find DAWAN's training offer here: http://www.dawan.fr/formations/reseaux/deploiement/fog--deploiement-d-images-initiation-approfondissement

    His username on the FOG forums is Gilou

    Lee Rowlett

    Location Patch Creator

    Lee currently works for the NHS Ambulance Service as a Senior IT Engineer. Most of his contributions to the FOG project are related to new feature developments and help drive modular style imaging.

    His username on the FOG forums is Lee Rowlett

    Joseph Schmitt

    • Lead developer of the Client.

    Joseph Schmitt is currently working towards a degree in Computer Engineering. You can contact him directly via email at contact@jbob.io or on the forums.

    His username on the FOG forums is Jbob

    John Shaw

    No Content

    His username on the FOG forums is jbsclm

    Travis Vlaminck

    Travis works for a public school district as a computer support specialist. Most of his contributions to the FOG project are related to feature integration and coding on the web UI.

    His username on the FOG forums is BPSTravis

    Notorious Beta Testers

    Andy Abplanalp

    No Content

    His name on the FOG forums is Andy Abplanalp

    Ian Allison

    No Content

    His username on the FOG forums is ianabc

    Lane Garland

    No Content

    His username on the FOG forums is need2

    Greg Plamondon

    No Content

    His username on the FOG forums is Greg Plamondon

    Dan Younkin

    Dan works for a public school district in Rockwood, PA, USA as a Technology Assistant. His titles include too many to count and if he takes a day off there are mass panics. Most of his contributions are testing new features, mass troubleshooting and confirming bugs, wiki updates, and suggesting more a simpler streamline FOG. It is his hope FOG will expand and compete with other streamline imaging software and systems.


    His username on the FOG forums is Wolfbane8653

  • Personal tools
    FAQs / Troubleshooting