FOG – Serveur CentOS

L’article suivant présente l’installation d’un serveur FOG 1.5.4 sur distribution CentOS 7.5, pour le clonage, le déploiement et la gestion d’un parc informatique.
 

Installation des pré-requis

Avant l’installation de la distribution CentOS, il est préférable de créer les partitions suivantes (partitionnement manuel) : /boot de 1 GB, / (root) de plus de 30 GB, swap de la taille de la RAM et enfin /images de 50GB, cette dernière pour le stockage des images capturée à déployer.
 



Valider Cliquer ici pour les créer automatiquement, puis ajuster la taille des partitions et créer la partition /images.
 

Certains paquets installés, comme terminator, sont ici à titre optionnel.

# yum update -y
# yum install -y sudo tree terminator dhcp ntp git

 

Paramétrage réseau de la VM sous VirtualBox

# nano /etc/hosts

127.0.0.1	localhost
192.168.1.10	fogserver.opensharing.priv	fogserver

# nano /etc/host.conf

order hosts, bind
multi on

# nano /etc/sysconfig/network-scripts/ifcfg-enp0s3 

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="enp0s3"
UUID="0a24367c-c4cd-4ab8-adba-5ad0711aa3cd"
DEVICE="enp0s3"
ONBOOT="yes"
IPADDR=192.168.1.10
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DOMAIN=opensharing.priv
DNS1=8.8.8.8
DNS2=8.8.4.4

# systemctl restart network

 

Service DHCP basique

# cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.orig
# nano /etc/dhcp/dhcpd.conf

authoritative;
update-static-leases off;
ignore client-updates;
default-lease-time 600;
max-lease-time 7200;
db-time-format local;
log-facility local7;

subnet 192.168.1.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        option routers 192.168.1.1;
        option domain-name-servers 8.8.8.8, 8.8.4.4;
        pool {
                range 192.168.1.100 192.168.1.199;
                allow unknown-clients;
        }
	host win7-client1 {
		hardware ethernet 08:00:27:86:cc:b1;
		fixed-address 192.168.1.200;
	}
}

next-server 192.168.1.10;
filename "undionly.kpxe";

# systemctl restart dhcpd
# systemctl enable dhcpd

 

Paramétrage du service NTP

# nano /etc/ntp.conf

Vérifier que :

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

Et ajouter en fin de fichier :

restrict 192.168.1.0 netmask 255.255.255.0 nomodify notrap
server 127.127.0.1
fudge 127.127.0.1 stratum 10

Optionnel (cas d’un fuseau horaire mal défini) :

# rm -f /etc/localtime
# ln -s /usr/share/zoneinfo/Europe/London /etc/localtime

# systemctl restart ntpd
# systemctl enable ntpd

Vérification du bon fonctionnement du service NTP :

# timedatectl
[...]
 Network time on: yes
NTP synchronized: yes
[...]

# ntpstat
synchronised to NTP server (85.199.214.100) at stratum 2 
   time correct to within 214 ms
   polling server every 64 s

# ntpq -pn

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 1.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 2.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 3.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
+213.251.53.217  193.0.0.229      2 u   47   64    3   26.459  -44.130  25.273
+195.195.221.100 .GPS.            1 u   45   64    3   42.107  -44.116  27.831
#206.108.0.132   .PPS.            1 u   43   64    3   98.158  -46.388  29.277
+85.199.214.98   .GPS.            1 u   43   64    3   20.811  -47.295  31.447
*85.199.214.100  .GPS.            1 u   43   64    3   23.190  -46.144  29.599
+139.59.199.215  82.69.223.180    2 u   44   64    3   22.395  -45.591  29.877
-95.215.175.2    192.146.137.13   3 u   41   64    3   28.765  -42.120  29.293
-134.0.16.1      195.66.241.3     2 u   41   64    3   18.889  -46.715  31.105
-178.79.152.182  87.242.168.84    2 u   40   64    3   20.219  -48.064  29.557
-109.74.206.120  140.203.204.77   2 u   38   64    3   29.336  -47.921  31.323
-213.171.220.65  82.110.47.117    2 u   39   64    3   27.762  -35.820  29.345
 80.177.149.123  .GPS.            1 u   33   64    1   55.299  -50.126   4.119

 

Installation du serveur FOG proprement dit

# mkdir git
# cd git
# git clone https://github.com/FOGProject/fogproject.git
# cd fogproject/bin
# ./installfog.sh
   +------------------------------------------+
   |     ..#######:.    ..,#,..     .::##::.  |
   |.:######          .:;####:......;#;..     |
   |...##...        ...##;,;##::::.##...      |
   |   ,#          ...##.....##:::##     ..:: |
   |   ##    .::###,,##.   . ##.::#.:######::.|
   |...##:::###::....#. ..  .#...#. #...#:::. |
   |..:####:..    ..##......##::##  ..  #     |
   |    #  .      ...##:,;##;:::#: ... ##..   |
   |   .#  .       .:;####;::::.##:::;#:..    |
   |    #                     ..:;###..       |
   |                                          |
   +------------------------------------------+
   |      Free Computer Imaging Solution      |
   +------------------------------------------+
   |  Credits: http://fogproject.org/Credits  |
   |       http://fogproject.org/Credits      |
   |       Released under GPL Version 3       |
   +------------------------------------------+

What version of Linux would you like to run the installation for?
Choice: [1] 1 ( 1: Redhat Based Linux (Redhat, CentOS, Mageia )

What type of installation would you like to do? [N/s (Normal/Storage)] N
Normal Server: (Choice N) 
          This is the typical installation type and
          will install all FOG components for you on this
          machine.  Pick this option if you are unsure what to pick.

What is the IP address to be used by this FOG Server? [192.168.1.10] Enter

Would you like to change the default network interface from enp0s3?
If you are not sure, select No. [y/N] N

Would you like to setup a router address for the DHCP server? [Y/n] Y
What is the IP address to be used for the router on the DHCP server? [192.168.1.1] Enter

Would you like DHCP to handle DNS? [Y/n] Y
What DNS address should DHCP allow? [8.8.8.8]

Would you like to use the FOG server for DHCP service? [y/N] N

This version of FOG has internationalization support,
would you like to install the additional language packs? [y/N] y

Résumé des informations fournies :

 * Here are the settings FOG will use:
 * Base Linux: RedHat
 * Detected Linux Distribution: CentOS Linux
 * Server IP Address: 192.168.1.10
 * Server Subnet Mask: 255.255.255.0
 * Interface: enp0s3
 * Installation Type: Normal Server
 * Internationalization: 1
 * Image Storage Location: /images
 * Using FOG DHCP: No
 * DHCP will NOT be setup but you must setup your
 | current DHCP server to use FOG for PXE services.
 * On a Linux DHCP server you must set: next-server and filename

Installation des paquets suivants :

bc	curl	gcc	gcc-c++
genisoimage	gettext	gzip	httpd
lftp	m4	make	mod_ssl
mtools	mysql	mysql-server	net-tools
nfs-utils	php	php-bcmath	php-cli
php-common	php-fpm	php-gd	php-ldap
php-mbstring	php-mcrypt	php-mysqlnd	php-process
syslinux	tar	tftp-server	unzip
vsftpd	wget	xinetd	xz-devel

Is the MySQL password blank? (Y/n) Y

Puis le schema de la base de données va être installé.
Pour cela, lorsque cela est demandé, se connecter à l’adresse suivante :

http://fogserver/fog/management

Valider avec Install/Update Now pour lancer l’installation du schema de la base de données.
 

Installation terminée :

   http://fogserver/fog/management

   Default User Information
   Username: fog
   Password: password

 

 
L’installation précédente a généré un fichier /opt/fog/.fogsettings du type :

## Start of FOG Settings
## Created by the FOG Installer
## Find more information about this file in the FOG Project wiki:
##     https://wiki.fogproject.org/wiki/index.php?title=.fogsettings
## Version: 1.5.4
## Install time: lun. 05 nov. 2018 23:58:04 GMT
ipaddress='192.168.1.10'
copybackold='0'
interface='enp0s3'
submask='255.255.255.0'
routeraddress='192.168.1.1'
plainrouter='192.168.1.1'
dnsaddress='8.8.8.8'
username='fog'
password='bYhJGvsenUP+OxlU7MzQXj/t3bk8UG4nhtXSCZsXZG0='
osid='1'
osname='Redhat'
dodhcp='N'
bldhcp='0'
dhcpd='dhcpd'
blexports='1'
installtype='N'
snmysqluser='root'
snmysqlpass=''
snmysqlhost='localhost'
installlang='1'
storageLocation='/images'
fogupdateloaded=1
docroot='/var/www/html/'
webroot='/fog/'
caCreated='yes'
httpproto='http'
startrange=''
endrange=''
bootfilename='undionly.kpxe'
packages='bc curl gcc gcc-c++ genisoimage gettext gzip httpd lftp m4 make \
mariadb mariadb-server mod_ssl mtools net-tools nfs-utils php php-bcmath \
php-cli php-common php-fpm php-gd php-ldap php-mbstring php-mcrypt php-mysqlnd \
php-process syslinux tar tftp-server unzip vsftpd wget xinetd xz-devel '
noTftpBuild=''
notpxedefaultfile=''
sslpath='/opt/fog/snapins/ssl/'
backupPath='/home/'
php_ver=''
php_verAdds=''
sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
## End of FOG Settings

Il est possible d’automatiser l’installation à partir du fichier précédent :

./installfog.sh -y

 

(Optionnel) Script lançant les services FOG de manière différée

# systemctl disable FOG{MulticastManager,Scheduler,SnapinReplicator,ImageReplicator}
# systemctl disable nfs-server
# systemctl disable rpcbind

# nano /etc/rc.local

#!/bin/bash

sleep 30
touch /var/lock/subsys/local
systemctl start nfs-server
systemctl start rpcbind
systemctl start FOGMulticastManager
systemctl start FOGScheduler
systemctl start FOGSnapinReplicator
systemctl start FOGImageReplicator
exit 0

# chmod +x /etc/rc.local

# reboot

 

Modifier le mot de passe de connexion à la base de données

# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [mysql]> update user set plugin='mysql_native_password' where user='root';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> quit;
Bye

Il faut maintenant définir un mot de passe pour root et corriger quelques paramètres de sécurité par défaut.

# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Le mot de passe de root doit maintenant être indiqué dans le fichier suivant :

/var/www/html/fog/lib/fog/config.class.php

 

Ajout d’un client existant

A partir d’un client existant, par exemple Windows 7, il est nécessaire d’installer l’agent FOG se trouvant à l’adresse suivante :

http://fogserver/fog/client

Il s’agit de l’exécutable SmartIntaller.exe, nécessitant au préalable l’installation de .NET 4.0.30319.
 
Ensuite nous pouvons créer une image, capturer l’image d’un client, déployer une image sur un nouveau client, etc…
 
Pour un lab de test, il est préférable de mettre les VMs dans un réseau interne et d’avoir un serveur DNS primaire fonctionnel ou que les VMs concernées soient renseignées dans les fichiers /etc/hosts respectifs (y compris les clients sinon le message "Unable to install CA certificate" est observé lors de l’installation de l’agent FOG).
 

Rmq : Il est à noter que dans un environnement virtuel, les spécifications techniques de la machine hôte peuvent provoquer des incompatibilités matérielles bloquantes au démarrage des machines clientes :
 

 

Références

• FOG Project – Homepage
• FOG Project – Getting FOG Project
• FOG Wiki – Installation
• Microsoft .NET Framework 4 (Standalone Installer)