Difference between revisions of "User:Jester"

From SME Server
Jump to navigationJump to search
(Blanked the page)
 
Line 1: Line 1:
{{Languages|Opsi}}
 
{{Level|Advanced}}
 
  
=== Description ===
 
[http://www.opsi.org Opsi] (open pc server integration) is an open source Client Management System for Windows clients.
 
 
Key features:
 
* Automatic OS installation (unattended or image based)
 
* Automatic software distribution and patch management
 
* Hardware and software inventories
 
* License management
 
 
=== Install ===
 
{{Warning box|This howto is for SME8 only!}}
 
{{Note box|<tt></tt>
 
* Before you start installing, be sure to have set your workgroup, domain name and dns-servers properly!
 
* Also, you cannot have the [[Tftp_server | tftp server]] or [[Atftp_server | atftp server]] contrib installed (or manual install of either) on the same machine.}}
 
 
===== Creating necessary repositories =====
 
First we need to create the opsi repository:
 
/sbin/e-smith/db yum_repositories set opsi4 repository \
 
Name 'CentOS $releasever - $basearch - opsi4.0' \
 
BaseURL 'http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/CentOS_CentOS-5/' \
 
EnableGroups no \
 
GPGCheck no \
 
GPGKey http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/CentOS_CentOS-5/repodata/repomd.xml.key \
 
Visible no \
 
status disabled
 
 
We also want to add the DAG repository for the needed python-rrdtool package (and sadly also a LOAD of other dependencies that come with python-rrdtool):
 
/sbin/e-smith/db yum_repositories set dag repository \
 
Name 'Dag - EL5' \
 
BaseURL 'http://apt.sw.be/redhat/el5/en/$basearch/dag' \
 
EnableGroups no \
 
GPGCheck yes \
 
GPGKey http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt \
 
Visible no \
 
Exclude freetype,htop,iptraf,rsync,syslinux \
 
status disabled
 
 
Then to activate the newly added repositories:
 
signal-event yum-modify
 
yum makecache
 
 
===== Installing the packages =====
 
Installing the necessary Opsi packages.
 
yum install opsi-depotserver opsi-configed --enablerepo=opsi4,dag
 
/etc/init.d/opsiconfd restart
 
/etc/init.d/opsipxeconfd restart
 
yum install p7zip p7zip-plugins cabextract --enablerepo=opsi4
 
yum update --enablerepo=opsi4
 
 
===== Manual code change =====
 
An manual adjustment to the code needs to be made for Opsi to work on SME.
 
nano /usr/lib/python2.4/site-packages/OPSI/Backend/BackendManager.py
 
Search for the following line:
 
elif (DISTRIBUTOR.lower().find('redhat') != -1) or (DISTRIBUTOR.lower().find('centos') != -1) or (DISTRIBUTOR.lower().find('scientificsl') != -1):
 
 
And replace it with:
 
elif (DISTRIBUTOR.lower().find('redhat') != -1) or (DISTRIBUTOR.lower().find('centos') != -1) or (DISTRIBUTOR.lower().find('scientificsl') != -1) or (DISTRIBUTOR.lower().find('sme') != -1):
 
 
===== Opsi init =====
 
Some initialization for Opsi.
 
opsi-setup --init-current-config
 
opsi-setup --set-rights
 
/etc/init.d/opsiconfd restart
 
/etc/init.d/opsipxeconfd restart
 
 
===== Set pcpatch password =====
 
Make a note of the password you are setting, you might need it later.
 
opsi-admin -d task setPcpatchPassword
 
 
===== Java config =====
 
Add a symbolic link for the installed java runtime environment:
 
ln -s /usr/lib/jvm/java-1.6.0-sun-1.6.0/jre/bin/java /usr/bin/java
 
 
Check the java version, this sould now return a result
 
java -version
 
 
===== User config =====
 
Opsi normally uses separately created users for administration, but for SME we use the default admin account. Add the admin account to the opsiadmin group so it can use the Opsi administration commands.
 
usermod -a -G opsiadmin admin
 
 
It is not neccesary to add the root account to the pcpatch group, root is allowed to do anything. If you want a separate user to be able to build opsi packages (opsi-makeproductfile), install packages (opsi-packagemanager) or manually edit configuration files, it would have to be added to the 'pcpatch' group.
 
#usermod -a -G pcpatch <some_user>
 
 
===== Opsi-atftpd config =====
 
Add a sysconfig file for atftpd.
 
nano /etc/sysconfig/atftpd
 
Add the following content to this file:
 
ATFTPD_OPTIONS="--daemon --user atftp --group atftp --logfile /var/log/atftp/atftp.log /tftpboot"
 
 
 
Create an atftpd startscript:
 
nano /etc/rc.d/init.d/atftpd
 
Add the following content to this file:
 
 
#!/bin/sh
 
#
 
# atftp Advanced Trivial File Transfer Protocol
 
#
 
# chkconfig:  - 90 20
 
# description: atftp stands for Advanced Trivial File \
 
#    Transfer Protocol. atftp is intended for serving boot files to \
 
#    large clusters. It is multi-threaded and support multicast \
 
#    (RFC2090 and PXE), allowing faster boot of hundreds of machine simultaneously.
 
 
 
### BEGIN INIT INFO
 
# Provides: tftp
 
# Required-Start: $network
 
# Required-Stop: $network
 
# Should-Start: 2 3 4 5
 
# Should-Stop: 0 1 6
 
# Default-Start:
 
# Default-Stop:
 
# Short-Description: Advanced Trivial File Transfer Protocol
 
# Description:  atftp stands for Advanced Trivial File
 
# Transfer Protocol. atftp is intended for serving boot files to
 
# large clusters. It is multi-threaded and support multicast
 
# (RFC2090 and PXE), allowing faster boot of hundreds of machine
 
# simultaneously.
 
### END INIT INFO
 
 
# Source function library.
 
. /etc/rc.d/init.d/functions
 
 
exec="/usr/sbin/atftpd"
 
prog="atftpd"
 
 
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
 
 
lockfile=/var/lock/subsys/$prog
 
 
start() {
 
[ -x $exec ] || exit 5
 
echo -n $"Starting $prog: "
 
# if not running, start it up here, usually something like "daemon $exec"
 
daemon $exec $ATFTPD_OPTIONS
 
retval=$?
 
echo
 
[ $retval -eq 0 ] && touch $lockfile
 
return $retval
 
}
 
 
stop() {
 
echo -n $"Stopping $prog: "
 
killproc $prog
 
retval=$?
 
echo
 
[ $retval -eq 0 ] && rm -f $lockfile
 
return $retval
 
}
 
 
restart() {
 
stop
 
start
 
}
 
 
reload() {
 
restart
 
}
 
 
force_reload() {
 
restart
 
}
 
 
rh_status() {
 
status $prog
 
}
 
 
rh_status_q() {
 
rh_status >/dev/null 2>&1
 
}
 
 
 
case "$1" in
 
start)
 
rh_status_q && exit 0
 
$1
 
;;
 
stop)
 
rh_status_q || exit 0
 
$1
 
;;
 
restart)
 
$1
 
;;
 
reload)
 
rh_status_q || exit 7
 
$1
 
;;
 
force-reload)
 
force_reload
 
;;
 
status)
 
rh_status
 
;;
 
condrestart|try-restart)
 
rh_status_q || exit 0
 
restart
 
;;
 
*)
 
echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
 
exit 2
 
esac
 
exit $?
 
 
Set the proper rights for this script.
 
chmod 755 /etc/rc.d/init.d/atftpd
 
Start atftpd
 
/etc/rc.d/init.d/atftpd start
 
 
===== Automatic startup at boot =====
 
Configure automatic opsiconfd startup at boot:
 
chmod 755 /etc/rc.d/init.d/opsiconfd
 
ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc7.d/S98opsiconfd
 
ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc6.d/K02opsiconfd
 
ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc2.d/K02opsiconfd
 
ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc1.d/K02opsiconfd
 
ln -s /etc/rc.d/init.d/opsiconfd /etc/rc.d/rc0.d/K02opsiconfd
 
 
Configure automatic opsipxeconfd startup at boot:
 
chmod 755 /etc/rc.d/init.d/opsipxeconfd
 
ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc7.d/S98opsipxeconfd
 
ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc6.d/K02opsipxeconfd
 
ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc2.d/K02opsipxeconfd
 
ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc1.d/K02opsipxeconfd
 
ln -s /etc/rc.d/init.d/opsipxeconfd /etc/rc.d/rc0.d/K02opsipxeconfd
 
 
Configure automatic atftpd startup at boot:
 
ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc7.d/S98opsi-atftpd
 
ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc6.d/K02opsi-atftpd
 
ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc2.d/K02opsi-atftpd
 
ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc1.d/K02opsi-atftpd
 
ln -s /etc/rc.d/init.d/atftpd /etc/rc.d/rc0.d/K02opsi-atftpd
 
 
===== Configure samba shares =====
 
Add a template fragment for the opsi samba network shares:
 
mkdir -p /etc/e-smith/templates-custom/etc/smb.conf
 
nano /etc/e-smith/templates-custom/etc/smb.conf/51opsi_shares
 
Add the following content to this file:
 
 
[opt_pcbin]
 
        available = yes
 
        comment = opsi depot share
 
        path = /opt/pcbin
 
        oplocks = no
 
        level2 oplocks = no
 
        writeable = yes
 
        invalid users = root
 
 
[opsi_config]
 
        available = yes
 
        comment = opsi config share
 
        path = /var/lib/opsi/config
 
        writeable = yes
 
        invalid users = root
 
 
[opsi_workbench]
 
        available = yes
 
        comment = opsi workbench
 
        path = /home/opsiproducts
 
        writeable = yes
 
        invalid users = root
 
        create mask = 0660
 
        directory mask = 0770
 
 
Expand the template:
 
expand-template /etc/samba/smb.conf
 
 
Restart samba services:
 
/etc/rc7.d/S91smb restart
 
 
 
=== Notes ===
 
 
===== Internal Error on agent deploy =====
 
When you get an 'internal error' on trying to install an agent on a workstation from the commandline with the <tt>opsi-deploy-client-agent</tt> command, you probably have the bad version of winexe, so you'll need to get the newer version from UIB:
 
cd /opt/pcbin/install/opsi-client-agent/
 
mv winexe winexe.OLD
 
wget http://download.uib.de/opsi3.4/winexe
 
chmod --reference ./winexe.OLD winexe
 
chown --reference ./winexe.OLD winexe
 
 
===== Windows firewall exceptions =====
 
On windows machines you need to enable the "File and printer sharing" exception for the windows firewall. On occasion it could also be necessary (after some Windows update) to re-add the 'opsiclientd-control-port' TCP-port: 4441 or add the opsiclientd (usually in: <tt>C:\Program Files\opsi.org\opsi-client-agent\opsiclientd.exe</tt>) to the Windows Firewall exceptions for "On Demand" installations to work.
 
 
 
=== Uninstall ===
 

Latest revision as of 16:09, 19 February 2013