L’article suivant présente l’installation d’un serveur FOG 1.5.4 sur distribution CentOS 7.5, pour le clonage, le déploiement et la gestion d’un parc informatique.
Installation des pré-requis
Avant l’installation de la distribution CentOS, il est préférable de créer les partitions suivantes (partitionnement manuel) : /boot de 1 GB, / (root) de plus de 30 GB, swap de la taille de la RAM et enfin /images de 50GB, cette dernière pour le stockage des images capturée à déployer.
Valider Cliquer ici pour les créer automatiquement, puis ajuster la taille des partitions et créer la partition /images.
Certains paquets installés, comme terminator, sont ici à titre optionnel.
# yum update -y # yum install -y sudo tree terminator dhcp ntp git
Paramétrage réseau de la VM sous VirtualBox
# nano /etc/hosts
127.0.0.1 localhost 192.168.1.10 fogserver.opensharing.priv fogserver
# nano /etc/host.conf
order hosts, bind multi on
# nano /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="enp0s3" UUID="0a24367c-c4cd-4ab8-adba-5ad0711aa3cd" DEVICE="enp0s3" ONBOOT="yes" IPADDR=192.168.1.10 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DOMAIN=opensharing.priv DNS1=8.8.8.8 DNS2=8.8.4.4
# systemctl restart network
Service DHCP basique
# cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.orig # nano /etc/dhcp/dhcpd.conf
authoritative; update-static-leases off; ignore client-updates; default-lease-time 600; max-lease-time 7200; db-time-format local; log-facility local7; subnet 192.168.1.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option routers 192.168.1.1; option domain-name-servers 8.8.8.8, 8.8.4.4; pool { range 192.168.1.100 192.168.1.199; allow unknown-clients; } host win7-client1 { hardware ethernet 08:00:27:86:cc:b1; fixed-address 192.168.1.200; } } next-server 192.168.1.10; filename "undionly.kpxe";
# systemctl restart dhcpd # systemctl enable dhcpd
Paramétrage du service NTP
# nano /etc/ntp.conf
Vérifier que :
server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst
Et ajouter en fin de fichier :
restrict 192.168.1.0 netmask 255.255.255.0 nomodify notrap server 127.127.0.1 fudge 127.127.0.1 stratum 10
Optionnel (cas d’un fuseau horaire mal défini) :
# rm -f /etc/localtime # ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
# systemctl restart ntpd # systemctl enable ntpd
Vérification du bon fonctionnement du service NTP :
# timedatectl
[...]
Network time on: yes
NTP synchronized: yes
[...]
# ntpstat
synchronised to NTP server (85.199.214.100) at stratum 2
time correct to within 214 ms
polling server every 64 s
# ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
0.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
1.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
2.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
3.debian.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
+213.251.53.217 193.0.0.229 2 u 47 64 3 26.459 -44.130 25.273
+195.195.221.100 .GPS. 1 u 45 64 3 42.107 -44.116 27.831
#206.108.0.132 .PPS. 1 u 43 64 3 98.158 -46.388 29.277
+85.199.214.98 .GPS. 1 u 43 64 3 20.811 -47.295 31.447
*85.199.214.100 .GPS. 1 u 43 64 3 23.190 -46.144 29.599
+139.59.199.215 82.69.223.180 2 u 44 64 3 22.395 -45.591 29.877
-95.215.175.2 192.146.137.13 3 u 41 64 3 28.765 -42.120 29.293
-134.0.16.1 195.66.241.3 2 u 41 64 3 18.889 -46.715 31.105
-178.79.152.182 87.242.168.84 2 u 40 64 3 20.219 -48.064 29.557
-109.74.206.120 140.203.204.77 2 u 38 64 3 29.336 -47.921 31.323
-213.171.220.65 82.110.47.117 2 u 39 64 3 27.762 -35.820 29.345
80.177.149.123 .GPS. 1 u 33 64 1 55.299 -50.126 4.119
Installation du serveur FOG proprement dit
# mkdir git # cd git # git clone https://github.com/FOGProject/fogproject.git # cd fogproject/bin # ./installfog.sh +------------------------------------------+ | ..#######:. ..,#,.. .::##::. | |.:###### .:;####:......;#;.. | |...##... ...##;,;##::::.##... | | ,# ...##.....##:::## ..:: | | ## .::###,,##. . ##.::#.:######::.| |...##:::###::....#. .. .#...#. #...#:::. | |..:####:.. ..##......##::## .. # | | # . ...##:,;##;:::#: ... ##.. | | .# . .:;####;::::.##:::;#:.. | | # ..:;###.. | | | +------------------------------------------+ | Free Computer Imaging Solution | +------------------------------------------+ | Credits: http://fogproject.org/Credits | | http://fogproject.org/Credits | | Released under GPL Version 3 | +------------------------------------------+ What version of Linux would you like to run the installation for? Choice: [1] 1 ( 1: Redhat Based Linux (Redhat, CentOS, Mageia ) What type of installation would you like to do? [N/s (Normal/Storage)] N Normal Server: (Choice N) This is the typical installation type and will install all FOG components for you on this machine. Pick this option if you are unsure what to pick. What is the IP address to be used by this FOG Server? [192.168.1.10] Enter Would you like to change the default network interface from enp0s3? If you are not sure, select No. [y/N] N Would you like to setup a router address for the DHCP server? [Y/n] Y What is the IP address to be used for the router on the DHCP server? [192.168.1.1] Enter Would you like DHCP to handle DNS? [Y/n] Y What DNS address should DHCP allow? [8.8.8.8] Would you like to use the FOG server for DHCP service? [y/N] N This version of FOG has internationalization support, would you like to install the additional language packs? [y/N] y
Résumé des informations fournies :
* Here are the settings FOG will use: * Base Linux: RedHat * Detected Linux Distribution: CentOS Linux * Server IP Address: 192.168.1.10 * Server Subnet Mask: 255.255.255.0 * Interface: enp0s3 * Installation Type: Normal Server * Internationalization: 1 * Image Storage Location: /images * Using FOG DHCP: No * DHCP will NOT be setup but you must setup your | current DHCP server to use FOG for PXE services. * On a Linux DHCP server you must set: next-server and filename
Installation des paquets suivants :
bc | curl | gcc | gcc-c++ |
genisoimage | gettext | gzip | httpd |
lftp | m4 | make | mod_ssl |
mtools | mysql | mysql-server | net-tools |
nfs-utils | php | php-bcmath | php-cli |
php-common | php-fpm | php-gd | php-ldap |
php-mbstring | php-mcrypt | php-mysqlnd | php-process |
syslinux | tar | tftp-server | unzip |
vsftpd | wget | xinetd | xz-devel |
Is the MySQL password blank? (Y/n) Y
Puis le schema de la base de données va être installé.
Pour cela, lorsque cela est demandé, se connecter à l’adresse suivante :
http://fogserver/fog/management
Valider avec Install/Update Now pour lancer l’installation du schema de la base de données.
Installation terminée :
http://fogserver/fog/management Default User Information Username: fog Password: password
L’installation précédente a généré un fichier /opt/fog/.fogsettings du type :
## Start of FOG Settings ## Created by the FOG Installer ## Find more information about this file in the FOG Project wiki: ## https://wiki.fogproject.org/wiki/index.php?title=.fogsettings ## Version: 1.5.4 ## Install time: lun. 05 nov. 2018 23:58:04 GMT ipaddress='192.168.1.10' copybackold='0' interface='enp0s3' submask='255.255.255.0' routeraddress='192.168.1.1' plainrouter='192.168.1.1' dnsaddress='8.8.8.8' username='fog' password='bYhJGvsenUP+OxlU7MzQXj/t3bk8UG4nhtXSCZsXZG0=' osid='1' osname='Redhat' dodhcp='N' bldhcp='0' dhcpd='dhcpd' blexports='1' installtype='N' snmysqluser='root' snmysqlpass='' snmysqlhost='localhost' installlang='1' storageLocation='/images' fogupdateloaded=1 docroot='/var/www/html/' webroot='/fog/' caCreated='yes' httpproto='http' startrange='' endrange='' bootfilename='undionly.kpxe' packages='bc curl gcc gcc-c++ genisoimage gettext gzip httpd lftp m4 make \ mariadb mariadb-server mod_ssl mtools net-tools nfs-utils php php-bcmath \ php-cli php-common php-fpm php-gd php-ldap php-mbstring php-mcrypt php-mysqlnd \ php-process syslinux tar tftp-server unzip vsftpd wget xinetd xz-devel ' noTftpBuild='' notpxedefaultfile='' sslpath='/opt/fog/snapins/ssl/' backupPath='/home/' php_ver='' php_verAdds='' sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key' ## End of FOG Settings
Il est possible d’automatiser l’installation à partir du fichier précédent :
./installfog.sh -y
(Optionnel) Script lançant les services FOG de manière différée
# systemctl disable FOG{MulticastManager,Scheduler,SnapinReplicator,ImageReplicator} # systemctl disable nfs-server # systemctl disable rpcbind
# nano /etc/rc.local
#!/bin/bash sleep 30 touch /var/lock/subsys/local systemctl start nfs-server systemctl start rpcbind systemctl start FOGMulticastManager systemctl start FOGScheduler systemctl start FOGSnapinReplicator systemctl start FOGImageReplicator exit 0
# chmod +x /etc/rc.local
# reboot
Modifier le mot de passe de connexion à la base de données
# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1 Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use mysql; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [mysql]> update user set plugin='mysql_native_password' where user='root'; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 MariaDB [mysql]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [mysql]> quit; Bye
Il faut maintenant définir un mot de passe pour root et corriger quelques paramètres de sécurité par défaut.
# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
Le mot de passe de root doit maintenant être indiqué dans le fichier suivant :
/var/www/html/fog/lib/fog/config.class.php
Ajout d’un client existant
A partir d’un client existant, par exemple Windows 7, il est nécessaire d’installer l’agent FOG se trouvant à l’adresse suivante :
http://fogserver/fog/client
Il s’agit de l’exécutable SmartIntaller.exe, nécessitant au préalable l’installation de .NET 4.0.30319.
Ensuite nous pouvons créer une image, capturer l’image d’un client, déployer une image sur un nouveau client, etc…
Pour un lab de test, il est préférable de mettre les VMs dans un réseau interne et d’avoir un serveur DNS primaire fonctionnel ou que les VMs concernées soient renseignées dans les fichiers /etc/hosts respectifs (y compris les clients sinon le message "Unable to install CA certificate" est observé lors de l’installation de l’agent FOG).
Rmq : Il est à noter que dans un environnement virtuel, les spécifications techniques de la machine hôte peuvent provoquer des incompatibilités matérielles bloquantes au démarrage des machines clientes :