|
|
Line 1: |
Line 1: |
− | {{Languages|Opsi}}
| |
− | {{Level|Advanced}}
| |
| | | |
− | === Description ===
| |
− | [http://www.opsi.org Opsi] (open pc server integration) is an open source Client Management System for Windows clients.
| |
− |
| |
− | Key features:
| |
− | * Automatic OS installation (unattended or image based)
| |
− | * Automatic software distribution and patch management
| |
− | * Hardware and software inventories
| |
− | * License management
| |
− |
| |
− | === Install ===
| |
− | {{Warning box|This howto is for SME8 only!}}
| |
− | {{Note box|<tt></tt>
| |
− | * Before you start installing, be sure to have set your workgroup, domain name and dns-servers properly!
| |
− | * Also, you cannot have the [[Tftp_server | tftp server]] or [[Atftp_server | atftp server]] contrib installed (or manual install of either) on the same machine.}}
| |
− |
| |
− | ===== Creating necessary repositories =====
| |
− | First we need to create the opsi repository:
| |
− | /sbin/e-smith/db yum_repositories set opsi4 repository \
| |
− | Name 'CentOS $releasever - $basearch - opsi4.0' \
| |
− | BaseURL 'http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/CentOS_CentOS-5/' \
| |
− | EnableGroups no \
| |
− | GPGCheck no \
| |
− | GPGKey http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/CentOS_CentOS-5/repodata/repomd.xml.key \
| |
− | Visible no \
| |
− | status disabled
| |
− |
| |
− | We also want to add the DAG repository for the needed python-rrdtool package (and sadly also a LOAD of other dependencies that come with python-rrdtool):
| |
− | /sbin/e-smith/db yum_repositories set dag repository \
| |
− | Name 'Dag - EL5' \
| |
− | BaseURL 'http://apt.sw.be/redhat/el5/en/$basearch/dag' \
| |
− | EnableGroups no \
| |
− | GPGCheck yes \
| |
− | GPGKey http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt \
| |
− | Visible no \
| |
− | Exclude freetype,htop,iptraf,rsync,syslinux \
| |
− | status disabled
| |
− |
| |
− | Then to activate the newly added repositories:
| |
− | signal-event yum-modify
| |
− | yum makecache
| |
− |
| |
− | ===== Installing the packages =====
| |
− | Installing the necessary Opsi packages.
| |
− | yum install opsi-depotserver opsi-configed --enablerepo=opsi4,dag
| |
− | /etc/init.d/opsiconfd restart
| |
− | /etc/init.d/opsipxeconfd restart
| |
− | yum install p7zip p7zip-plugins cabextract --enablerepo=opsi4
| |
− | yum update --enablerepo=opsi4
| |
− |
| |
− | ===== Manual code change =====
| |
− | An manual adjustment to the code needs to be made for Opsi to work on SME.
| |
− | nano /usr/lib/python2.4/site-packages/OPSI/Backend/BackendManager.py
| |
− | Search for the following line:
| |
− | elif (DISTRIBUTOR.lower().find('redhat') != -1) or (DISTRIBUTOR.lower().find('centos') != -1) or (DISTRIBUTOR.lower().find('scientificsl') != -1):
| |
− |
| |
− | And replace it with:
| |
− | elif (DISTRIBUTOR.lower().find('redhat') != -1) or (DISTRIBUTOR.lower().find('centos') != -1) or (DISTRIBUTOR.lower().find('scientificsl') != -1) or (DISTRIBUTOR.lower().find('sme') != -1):
| |
− |
| |
− | ===== Opsi init =====
| |
− | Some initialization for Opsi.
| |
− | opsi-setup --init-current-config
| |
− | opsi-setup --set-rights
| |
− | /etc/init.d/opsiconfd restart
| |
− | /etc/init.d/opsipxeconfd restart
| |
− |
| |
− | ===== Set pcpatch password =====
| |
− | Make a note of the password you are setting, you might need it later.
| |
− | opsi-admin -d task setPcpatchPassword
| |
− |
| |
− | ===== Java config =====
| |
− | Add a symbolic link for the installed java runtime environment:
| |
− | ln -s /usr/lib/jvm/java-1.6.0-sun-1.6.0/jre/bin/java /usr/bin/java
| |
− |
| |
− | Check the java version, this sould now return a result
| |
− | java -version
| |
− |
| |
− | ===== User config =====
| |
− | Opsi normally uses separately created users for administration, but for SME we use the default admin account. Add the admin account to the opsiadmin group so it can use the Opsi administration commands.
| |
− | usermod -a -G opsiadmin admin
| |
− |
| |
− | It is not neccesary to add the root account to the pcpatch group, root is allowed to do anything. If you want a separate user to be able to build opsi packages (opsi-makeproductfile), install packages (opsi-packagemanager) or manually edit configuration files, it would have to be added to the 'pcpatch' group.
| |
− | #usermod -a -G pcpatch <some_user>
| |
− |
| |
− | ===== Opsi-atftpd config =====
| |
− | Add a sysconfig file for atftpd.
| |
− | nano /etc/sysconfig/atftpd
| |
− | Add the following content to this file:
| |
− | ATFTPD_OPTIONS="--daemon --user atftp --group atftp --logfile /var/log/atftp/atftp.log /tftpboot"
| |
− |
| |
− |
| |
− | Create an atftpd startscript:
| |
− | nano /etc/rc.d/init.d/atftpd
| |
− | Add the following content to this file:
| |
− |
| |
− | #!/bin/sh
| |
− | #
| |
− | # atftp Advanced Trivial File Transfer Protocol
| |
− | #
| |
− | # chkconfig: - 90 20
| |
− | # description: atftp stands for Advanced Trivial File \
| |
− | # Transfer Protocol. atftp is intended for serving boot files to \
| |
− | # large clusters. It is multi-threaded and support multicast \
| |
− | # (RFC2090 and PXE), allowing faster boot of hundreds of machine simultaneously.
| |
− |
| |
− |
| |
− | ### BEGIN INIT INFO
| |
− | # Provides: tftp
| |
− | # Required-Start: $network
| |
− | # Required-Stop: $network
| |
− | # Should-Start: 2 3 4 5
| |
− | # Should-Stop: 0 1 6
| |
− | # Default-Start:
| |
− | # Default-Stop:
| |
− | # Short-Description: Advanced Trivial File Transfer Protocol
| |
− | # Description: atftp stands for Advanced Trivial File
| |
− | # Transfer Protocol. atftp is intended for serving boot files to
| |
− | # large clusters. It is multi-threaded and support multicast
| |
− | # (RFC2090 and PXE), allowing faster boot of hundreds of machine
| |
− | # simultaneously.
| |
− | ### END INIT INFO
| |
− |
| |
− | # Source function library.
| |
− | . /etc/rc.d/init.d/functions
| |
− |
| |
− | exec="/usr/sbin/atftpd"
| |
− | prog="atftpd"
| |
− |
| |
− | [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
| |
− |
| |
− | lockfile=/var/lock/subsys/$prog
| |
− |
| |
− | start() {
| |
− | [ -x $exec ] || exit 5
| |
− | echo -n $"Starting $prog: "
| |
− | # if not running, start it up here, usually something like "daemon $exec"
| |
− | daemon $exec $ATFTPD_OPTIONS
| |
− | retval=$?
| |
− | echo
| |
− | [ $retval -eq 0 ] && touch $lockfile
| |
− | return $retval
| |
− | }
| |
− |
| |
− | stop() {
| |
− | echo -n $"Stopping $prog: "
| |
− | killproc $prog
| |
− | retval=$?
| |
− | echo
| |
− | [ $retval -eq 0 ] && rm -f $lockfile
| |
− | return $retval
| |
− | }
| |
− |
| |
− | restart() {
| |
− | stop
| |
− | start
| |
− | }
| |
− |
| |
− | reload() {
| |
− | restart
| |
− | }
| |
− |
| |
− | force_reload() {
| |
− | restart
| |
− | }
| |
− |
| |
− | rh_status() {
| |
− | status $prog
| |
− | }
| |
− |
| |
− | rh_status_q() {
| |
− | rh_status >/dev/null 2>&1
| |
− | }
| |
− |
| |
− |
| |
− | case "$1" in
| |
− | start)
| |
− | rh_status_q && exit 0
| |
− | $1
| |
− | ;;
| |
− | stop)
| |
− | rh_status_q || exit 0
| |
− | $1
| |
− | ;;
| |
− | restart)
| |
− | $1
| |
− | ;;
| |
− | reload)
| |
− | rh_status_q || exit 7
| |
− | $1
| |
− | ;;
| |
− | force-reload)
| |
− | force_reload
| |
− | ;;
| |
− | status)
| |
− | rh_status
| |
− | ;;
| |
− | condrestart|try-restart)
| |
− | rh_status_q || exit 0
| |
− | restart
| |
− | ;;
| |
− | *)
| |
− | echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
| |
− | exit 2
| |
− | esac
| |
− | exit $?
| |
− |
| |
− | Set the proper rights for this script.
| |
− | chmod 755 /etc/rc.d/init.d/atftpd
| |
− | Start atftpd
| |
− | /etc/rc.d/init.d/atftpd start
| |
− |
| |
− | ===== Automatic startup at boot =====
| |
− | Configure automatic opsiconfd startup at boot:
| |
− | chmod 755 /etc/rc.d/init.d/opsiconfd
| |
− | ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc7.d/S98opsiconfd
| |
− | ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc6.d/K02opsiconfd
| |
− | ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc2.d/K02opsiconfd
| |
− | ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc1.d/K02opsiconfd
| |
− | ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc0.d/K02opsiconfd
| |
− |
| |
− | Configure automatic opsipxeconfd startup at boot:
| |
− | chmod 755 /etc/rc.d/init.d/opsipxeconfd
| |
− | ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc7.d/S98opsipxeconfd
| |
− | ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc6.d/K02opsipxeconfd
| |
− | ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc2.d/K02opsipxeconfd
| |
− | ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc1.d/K02opsipxeconfd
| |
− | ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc0.d/K02opsipxeconfd
| |
− |
| |
− | Configure automatic atftpd startup at boot:
| |
− | ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc7.d/S98opsi-atftpd
| |
− | ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc6.d/K02opsi-atftpd
| |
− | ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc2.d/K02opsi-atftpd
| |
− | ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc1.d/K02opsi-atftpd
| |
− | ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc0.d/K02opsi-atftpd
| |
− |
| |
− | ===== Configure samba shares =====
| |
− | Add a template fragment for the opsi samba network shares:
| |
− | mkdir -p /etc/e-smith/templates-custom/etc/smb.conf
| |
− | nano /etc/e-smith/templates-custom/etc/smb.conf/51opsi_shares
| |
− | Add the following content to this file:
| |
− |
| |
− | [opt_pcbin]
| |
− | available = yes
| |
− | comment = opsi depot share
| |
− | path = /opt/pcbin
| |
− | oplocks = no
| |
− | level2 oplocks = no
| |
− | writeable = yes
| |
− | invalid users = root
| |
− |
| |
− | [opsi_config]
| |
− | available = yes
| |
− | comment = opsi config share
| |
− | path = /var/lib/opsi/config
| |
− | writeable = yes
| |
− | invalid users = root
| |
− |
| |
− | [opsi_workbench]
| |
− | available = yes
| |
− | comment = opsi workbench
| |
− | path = /home/opsiproducts
| |
− | writeable = yes
| |
− | invalid users = root
| |
− | create mask = 0660
| |
− | directory mask = 0770
| |
− |
| |
− | Expand the template:
| |
− | expand-template /etc/samba/smb.conf
| |
− |
| |
− | Restart samba services:
| |
− | /etc/rc7.d/S91smb restart
| |
− |
| |
− |
| |
− | === Notes ===
| |
− |
| |
− | ===== Internal Error on agent deploy =====
| |
− | When you get an 'internal error' on trying to install an agent on a workstation from the commandline with the <tt>opsi-deploy-client-agent</tt> command, you probably have the bad version of winexe, so you'll need to get the newer version from UIB:
| |
− | cd /opt/pcbin/install/opsi-client-agent/
| |
− | mv winexe winexe.OLD
| |
− | wget http://download.uib.de/opsi3.4/winexe
| |
− | chmod --reference ./winexe.OLD winexe
| |
− | chown --reference ./winexe.OLD winexe
| |
− |
| |
− | ===== Windows firewall exceptions =====
| |
− | On windows machines you need to enable the "File and printer sharing" exception for the windows firewall. On occasion it could also be necessary (after some Windows update) to re-add the 'opsiclientd-control-port' TCP-port: 4441 or add the opsiclientd (usually in: <tt>C:\Program Files\opsi.org\opsi-client-agent\opsiclientd.exe</tt>) to the Windows Firewall exceptions for "On Demand" installations to work.
| |
− |
| |
− |
| |
− | === Uninstall ===
| |