OPSI DokuWiki

User Tools

Site Tools

Trace:
userspace:centos_6.3

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
userspace:centos_6.3 [2013/02/06 20:11]
SisterOfMercy 		userspace:centos_6.3 [2021/08/23 08:37] (current)
Line 12: Line 12:
 //dhcp-boot=linux/pxelinux.0,opsi.anarchy.lan,10.0.0.97//\\ //dhcp-boot=linux/pxelinux.0,opsi.anarchy.lan,10.0.0.97//\\
 With a different DHCP server you will have to look for the correct commands.\\ With a different DHCP server you will have to look for the correct commands.\\
-(insert opsi1.jpg blah)\\+The static lease looks a bit like this (with DD-WRT):\\ 
 +{{http://www.gcecad-service.nl/images/opsi1.JPG}}\\ 
 I use [[http://www.spacewalkproject.org/|Spacewalk]] to manage my CentOS servers, so installation of packages and updates is done via Spacewalk. That is why the yum commands may be incorrect, I did not use them myself, and am making them up. In the [[http://download.uib.de/opsi_stable/doc/opsi-getting-started-stable-en.pdf|getting started documentation]] is mentioned how to add the OPSI repository.\\ I use [[http://www.spacewalkproject.org/|Spacewalk]] to manage my CentOS servers, so installation of packages and updates is done via Spacewalk. That is why the yum commands may be incorrect, I did not use them myself, and am making them up. In the [[http://download.uib.de/opsi_stable/doc/opsi-getting-started-stable-en.pdf|getting started documentation]] is mentioned how to add the OPSI repository.\\
  
Line 51: Line 53:
 </code> </code>
  
-===== iptables configuration =====+===== Iptables configuration =====
  
-To make OPSI work correctly we have to open some ports on the firewall. I can never remember the iptables commands, and with Spacewalk I deployed the following to: /etc/sysconfig/network/iptables:\\+To make OPSI work correctly we have to open some ports on the firewall. I can never remember the iptables commands, and with Spacewalk I deployed the following to: /etc/sysconfig/network/iptables: 
 + 
 +//(In my case, after clean installation of Centos 6.3 the path of the file is not the same. On my machine the file is located at: /etc/sysconf/iptables)//\\
 <code winst> <code winst>
 # Firewall configuration written by system-config-firewall # Firewall configuration written by system-config-firewall
Line 82: Line 86:
 TCP ports 4441 and 4447 are of course used by OPSI.\\ TCP ports 4441 and 4447 are of course used by OPSI.\\
  
-===== opsi configuration =====+===== OPSI configuration =====
 Now we are going to edit the opsi configuration files:\\ Now we are going to edit the opsi configuration files:\\
 This is /etc/opsi/backendManager/dispatch.conf:\\ This is /etc/opsi/backendManager/dispatch.conf:\\
Line 150: Line 154:
 /etc/init.d/opsipxeconfd restart /etc/init.d/opsipxeconfd restart
 </code> </code>
- 
-We also have to install a Java runtime:\\ 
-<code winst> 
-yum install java-1.7.0-openjdk 
-update-alternatives --config java 
-</code> 
- 
-I did not have any problems with this OpenJDK runtime. However, if you wish, you could install the Sun Java Runtime. If you download the rpm from the [[http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html|obstacle website]] and install it, you could use this runtime. I downloaded the rpm file, installed it on my own webserver and then used wget to transfer it to the OPSI server.\\ 
-After installation I think the alternatives can be installed with these commands (perhaps you have to change the version number. No warranty, I just nicked this off some website I found):\\ 
-<code winst> 
-alternatives --install /usr/bin/java java /usr/java/jre1.7.0_13/bin/java 20000 
-alternatives --install /usr/bin/javaws javaws /usr/java/jre1.7.0_13/bin/javaws 20000 
-</code 
-Of course, don't use these commands when you think the OpenJDK runtime will work for you!\\ 
  
 To set the password of the pcpatch user, we use this command:\\ To set the password of the pcpatch user, we use this command:\\
Line 245: Line 235:
 allow tftpd_t usr_t:file { read getattr open }; allow tftpd_t usr_t:file { read getattr open };
 </code> </code>
 +If you copy this to your OPSI server, you would only have to use the above commands from 'checkmodule'.\\
 +
 +The setsebool command to fix the samba shares was whining about userIds or something. So I changed the UID of the opsiconfd and pcpatch account. Most distributions have no problems with system accounts with an UID below 1000, but with CentOS this is still limited to 500. This is not really necessary, but I'm trying to fix any strange messages I recieve. This thing is supposed to go into production.\\
 +<code winst>
 +usermod -u 450 opsiconfd
 +usermod -u 451 pcpatch
 +groupmod -g 450 pcpatch
 +groupmod -g 451 opsiadmin
 +</code>
 +
 +===== Troubleshooting OPSI =====
 +
 +When OPSI is having problems you could read the logfiles, but before you do, use these commands:\\
 +<code winst>
 +opsi-setup --init-current-config
 +opsi-setup --auto-configure-samba
 +opsi-setup --set-rights
 +/etc/init.d/opsiconfd restart
 +/etc/init.d/opsipxeconfd restart
 +</code>
 +Most problems can be fixed this way. If this fails, then read the logfiles and try to find the problem.\\
 +When copying files from other systems, be sure to run //opsi-setup --set-rights//!\\
 +
 +===== Conclusion =====
 +
 +If I have transcribed my notes correctly you now have a working OPSI server!\\
 +If not, it isn't my fault! ;-)\\
 +\\
 +I was talking with the nice people at uib.de, and it seems the mysql backend can be used for hardware and software audit purposes, without a license. When I find the time I will expand this entry to include the mysql configuration.
 +
 +==== Change to mysql for inventory ====
 +
 +
 +That's right and we recommend to use the mysql-Database for inventory-functions. To change from file-backend to mysql for the inventory data, you must at first install the mysql-server. If you don't have done before, you can use the following commands:
 +
 +<code bash>
 +yum install mysql-server 
 +/etc/init.d/mysqld start
 +mysql_secure_installation
 +chkconfig mysqld on
 +</code>
 +
 +No you can run opsi-setup to configure your mysql-database (create a opsi database, create opsi user, set privileges and patch backend-configuration file from opsi.) For the next step you need the root password, that you have set with the command: mysql_secure_installation:
 +
 +<code bash>
 +opsi-setup --configure-mysql
 +</code>
 +
 +Now you must configure the opsi-Dispatcher to use mysql for Hard- and Software Inventory (You should set the licensemanagement to mysql-server too. If you don't use opsi-licensemanagement, this entries doing nothing. For this modification edit the file:
 +
 +<file>
 +/etc/opsi/backendManager/dispatch.conf
 +</file>
 +
 +The important entries are the following:
 +
 +
 +backend_.*         : file, **mysql**, opsipxeconfd\\
 +...\\
 +license.*          : **mysql**\\
 +softwareLicense.*  : **mysql**\\
 +audit.*            : **mysql**\\
 +...\\
 +
 +After a new init-current-config and a webservice-restart your Inventory-data should be written in mysql:
 +
 +<code bash>
 +opsi-setup --init-current-config
 +/etc/init.d/opsiconfd restart
 +/etc/init.d/opsipxeconfd restart
 +</code>
 +
 +**Finally your right, to use mysql for the Inventorydata, you don't need a valid license.**
 +
 +
userspace/centos_6.3.1360181473.txt.gz · Last modified: 2021/08/23 08:37 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki