OCS Inventory Tools

From SME Server
Revision as of 18:15, 23 April 2008 by Cool34000 (talk | contribs) (→‎Old RPMs version: new repo fix)
Jump to navigationJump to search


Maintainer

Sylvain Gomez
mailto:sylvaingomez@free.fr

Special thanks to Rémi Collet who provided a working OCS Unified Agent Linux (and so much more!)

Big thanks to Didier Liroulet and OCS team for this full documentated software (See /opt/inventory/ocs/ocsreports/files/guide.pdf)

And last but not least, thanks to Stefen Noble for testings, time spent and help provided!

Inventory tools for SME 7.x

OCS Inventory NG Description

Open Computer and Software Inventory Next Generation is an application designed to help a network or system administrator keep track of the computers configuration and software that are installed on the network.

It is also able to detect all active devices on your network, such as switch, router, network printer and unattended devices. For each one, it stores MAC and IP addresses and allows you to classify them.

Last, but not least, OCS Inventory NG includes package deployment feature on client computers. From the central management server, you can upload packages (software setup, commands or only files to store on client computers) which will be downloaded through HTTP/HTTPS and launched by agent on client computer.

Used with a IT and Asset Management Software such as open source tool GLPI, you will have a powerfull inventory and asset management software with automatic updates of computer configuration, license management, help desk and more.

For more information see http://www.ocsinventory-ng.org/.

GLPI Description

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology.

For more information see http://www.glpi-project.org/.

Server Installation

Download

You will need a few dependencies. If you want to save it directly on your SME Server, you can give these commands at the prompt:

wget http://mirror.contribs.org/smeserver/contribs/sgomez/contribs/inventory/dependencies/ocs_perl_deps.tar.gz

Install

First, you need to install the dependencies.

According to your SME Server version, (SME 7.1.? and older), you may need to install mod_perl or update perl-Compress-Zlib

yum install mod_perl
yum update perl-Compress-Zlib

Other Perl dependencies have been packaged in one file for easy downloading. Simply uncompress the tarball and install RPMs using yum:

tar -xzf ./ocs_perl_deps.tar.gz
yum localinstall ./ocs_perl_deps/*.rpm

Finally, you can install OCS Reports and GLPI with the following command:

 yum install smeserver-inventory-tools --enablerepo=smecontribs

You can ignore the yum-comments signal event post-upgrade and signal-event reboot.

To save some bandwidth, the help file was split from 1-6+ RPM versions. Please download this file separately and copy it in /opt/inventory/ocs/ocsreports/files/. Until you put this file in the right place, the help icon in ocs interface will not work. (we may merge the help file back into the rpm later)

cd /opt/inventory/ocs/ocsreports/files/
wget http://mirror.contribs.org/smeserver/contribs/sgomez/contribs/inventory/guide.pdf

Update

Old RPMs version

Update from old RPMs (smeserver-ocs_inventory_ng and smeserver-glpi) is not possible.

You must uninstall both RPMs first!

If you want to keep your data, you need to uninstall old versions with following commnands:

rpm -e smeserver-glpi --noscripts
rpm -e smeserver-ocs_inventory_ng --noscripts

There are 3 new dependencies, so you need to install them. These RPMs can be found in the Tarball.

tar -xzf ./ocs_perl_deps.tar.gz
yum localinstall ./ocs_perl_deps/*remi*.rpm

And then install the new version with

yum install smeserver-inventory-tools --enablerepo=smecontribs

New RPM version

Update from new RPM (smeserver-inventory-tools) is possible.

Use YUM to update:

yum localinstall smeserver-inventory-tools-1-x.i386.rpm

Where "x" is the new version number

Special commands

To view OCS and GLPI's configuration, you can type the following at the prompt:

config show ocs
config show glpi

You can change a few parameters:

   DB parameter   |    Options   | Default | Explanation
# HTTPS           | on/off       | off     | Enable/Disable forced https mode of web interfaces
# PublicAccess    | local/global | local   | Accessibility of web interfaces
# MaxUpload       | xM           | 100M    | Max uploadable file size
# InventoryAccess | local/global | global  | Accessibility of OCS Server (to receive inventories)
# InventoryDelay  | >1           | 600     | Time to wait (sec) to avoid server overload (Agent cron)
# URL             | new alias    |         | Optionnal aliases for ocs and glpi web interfaces

After any change to OCS or GLPI configuration, you should apply modifications by typing the following at the prompt:

signal-event domain-modify

It will expand and restart needed templates and services in one command!

example:

config setprop ocs  HTTPS on PublicAccess global
config setprop glpi HTTPS on PublicAccess global
signal-event domain-modify

Uninstallation

To uninstall OCS Reports and GLPI, just hit the following command:

yum remove smeserver-inventory-tools

You can ignore the yum-comments signal event post-upgrade and signal-event reboot.

To completly remove OCS Reports and GLPI (installation files ; MySQL user+database ; OCS Agent) you will need the following command:

sh /root/OCS_GLPI-Full-Uninstall.sh

You should also uninstall all dependencies if you don't need them anymore...

Client Installation

The client side is available on all platforms. Download the latest client version according to your OS.

After installing the Agent, you should launch it manually to upload your first inventory (as it's updated once per day by default)

While you are installing the agent, copy the cacert.pem file, see the SSL section below.

OCS Agent for SME Server

With smeserver-inventory-tools

The client-side of OCS will already be installed if you install smeserver-inventory-tools.

You should see an inventory of your SME Server in OCS web interface after the RPM install.

If you updated from old RPMs, issue the following command to create your first inventory:

ocsinventory-agent -s localhost

Do not modify /etc/ocsinventory-agent/ocsinv.conf as this file uses SME templates system in the full install.

Without smeserver-inventory-tools

If you want to inventory other SME Servers (without installing the server-side and web interfaces), you only need following packages in the dependencies tarball:

  • monitor-edid-1.11-1.el4.remi.i386.rpm
  • ocsinventory-agent-0.0.6-1.el4.remi.noarch.rpm
  • ocsinventory-ipdiscover-1.01-2.el4.remi.i386.rpm

Then edit /etc/ocsinventory-agent/ocsinv.conf and modify following lines:

OCSSERVER=yourdomain.com
OCSTAG=your_tag

And finally launch the first inventory manually:

ocsinventory-agent -s yourdomain.com -t your_tag

OCS Agent for Windows

There are 2 differents ways of sending inventories on Windows. Download the latest client software, OCSNG_WIN32_AGENT_1.xx_repack.zip from ocs website. This archive contains 3 executables.

See Section 4.1 in the internal OCS help file.

Service use

Using OCS as a service is what you will probably need.

Launch the install of OcsAgentSetup.exe and provide default settings of the service. OCS-winagent-setup.png


Then launch the first inventory by typing the following in the 'execute box':

"C:\Program Files\OCS Inventory Agent\OCSInventory.exe" /server:yourdomain.com /np /debug /tag:your_tag

Wait a few seconds and go to http://your-server/ocs, you should see your computer's inventory.

By default, Agent will contact the Server once a day.

You can override this default behaviour in ocs web interface options. Your changes will be applied next time the Agent contacts the Server.


For troubleshooting, look at the log file in C:\Program Files\OCS Inventory Agent\COMPUTER_NAME.log

Standalone use

You can also make inventories on Windows without installing the service.

OCS standalone client is cut into 2 executables:

  • ocsagent.exe - This file contains all needed files for the launcher
  • OcsLogon.exe - This file is the standalone executable (launcher)

Of course, ocsagent.exe must be uncompressed before launching the standalone executable.

This can be done by executing directly ocsagent.exe: files will uncompress in c:\ocs-ng.

You can also import this file into ocs' MySQL database so that the standalone executable can download it if needed. This is documented in section MySQL importation.

The command line is the same as for the service:

"C:\Path_to_file\OcsLogon.exe" /server:yourdomain.com /np /debug /tag:your_tag

For easier and faster inventorying, you can also rename this standalone executable to your domain name (don't forget .exe):

"C:\Path_to_file\yourdomain.com.exe" /np /debug /tag:your_tag

For troubleshooting, look at the log file in C:\ocs-ng\COMPUTER_NAME.log


Importing ocsagent.exe in MySQL

The main advantage of this method is that you can send the standalone executable by Internet very quickly or even put the standalone executable on a floppy disk as it's only 65KB! How powerful looks your old floppy disk drive now?

This also allows to update files archived in ocsagent.exe on your clients (can be service or standalone executable).

A packager is available at ocs website. This will allow you to repackage ocsagent.exe with your own modifications (i.e. an SSL certificate!) OCS-packager.png


1st thing you need is to copy ocsagent.exe (modified or not) in /opt/inventory/ocs/ocsreports/files/.

Installer is locked (install.php), you need to change perms with the following command:

chmod 660 /opt/inventory/ocs/ocsreports/dbconfig.inc.php

Then, you can import this file in the database. Go to http://yourdomain.com/ocs/install.php

Use the pre-configured account 'ocs' for that: OCS-installphp.png


If you get a warning message (cannot alter database), refresh the page and you should see a successful import. OCS-installphp-ocsagent.png


ocsagent.exe is now in the database!

Warning.png Warning:
install.php has reset ocs password to 'ocs'. Re-apply your changes with following command:
signal-event domain-modify

This will also reset chmod to 440 on dbconfig.inc.php


You can now use OcsLogon.exe alone, it will download/update ocsagent.exe if needed!

If you want to remove ocsagent.exe from your database, simply delete the file from the server and redo install.php. This will delete the file from the database.

OCS Agent for Linux

Download the generic linux tar.gz, unpack, read the README, and as root, run the setup script.

You may required additional perl- packages, use you package management tools to search for the missing dependencies based on the README or the error messages. See Section 4.2 in the internal OCS help file.

To run an inventory

ocsinventory-client.pl -server=server.net -tag=network3

Check the time (will the PC be on) and command given in

/etc/cron.d/ocsinventory-client

OCS Inventory NG Usage

Full documentation can be found in the ocs help file, the help icon in ocs interface.

Access

OCS Reports' web interface can be reached at http://your-server/ocs

Before login, please choose your language (flags on the top right corner) OCS login page.png
Login : admin
Password: admin


Warning.png Warning:
For security-reasons, change admin's password after your first login, top right icon next to logout!


Inventories can be done from WAN but the web interface is only available from inside your network for security reasons by default. See Sections 5 & 6 in the internal OCS help file for Reporting and Administration help.

IP discovery

IP discovery feature allow OCS Inventory NG to discover all network connected devices on the network. For this, Communication server asks a number of most “active” computers running OCS Inventory NG agent to scan for MAC addresses in their sub network at each run. See Section 7 in the internal OCS help file.

Modifying default behaviour

You may want to override the default IP Discovery behaviour.

To force a computer to ipdiscover, simply open its inventory. Click on Customization icon and update the ipdiscover behaviour. OCS-ipdiscover-step1.png


Now choose the IP of selected computer and save your changes. OCS-ipdiscover-step2.png


You should now see your modifications.

OCS-ipdiscover-step3.png
At this point, ipdiscover will run next time with the agent!

Manually launch the inventory to force ipdiscover or wait a day for the next inventory.


Adding networks and devices categories

Now click on Security and go to Config OCS-ipdiscover-step4.png


Add you own network/subnet. All fields are mandatory. OCS-ipdiscover-step5.png


We can also add categories. Let's do that! Click on 'Network devices types' OCS-ipdiscover-step6.png


Usage

Go back to Security and click on Network information. Now that your network is created, you should see ipdiscover working...

Click on non-inventoried devices. OCS-ipdiscover-step7.png


Now all you have to do is registering new devices! OCS-ipdiscover-step8.png


OCS-ipdiscover-step9.png


Deploying packages

OCS Inventory NG includes package deployment feature on client computers. From the central management server, you can upload packages which will be downloaded through HTTP/HTTPS and launched by agent on client computer. See Section 8 in the internal OCS help file.

This feature is LAN ONLY

SSL certificate

Deployment feature uses SSL to authenticate Agents.

To allow the Agent to authenticate with the Server, you need to copy the cacert.pem file in your agents' installation directory

This file is located in /home/e-smith/ssl.crt/

Using default cacert.pem

If the file /home/e-smith/ssl.crt/cacert.pem can not be found, the RPM install will create it by copying your original SME certificate into this file. This is a quick and a simple method.

Copy the cacert.pem file in your agents' installation directory. Skip to next section!

Using a custom certificate

If you've followed this howto to create a valid certificate, you can use this certificate with OCS Deployment feature.

Download cacert.org certificate with the following command:

wget http://www.cacert.org/certs/root.crt

And replace the old file with the following command:

cp root.crt /home/e-smith/ssl.crt/cacert.pem

Copy this file into your agents' installation directory.

Deployment menu

Open OCS' web interface and click on Deployment icon. OCS-deployment-menu.png


Building a deployment packages

Deployment packages can be either .zip files (Windows) or tar.gz files (Linux)

Don't try to deploy other file type.

There are many options to deploy packages, for an overview see the ocs website for detail see section 8.3 of the help file, for Tips and tricks see Pablo Iranzo's site OCS-buildpackage.png


After creating the deployment package, you should get this successful screen: OCS-success-build.png


Activating deployment packages

Once a package is added, you need to activate it. OCS-activate-package1.png


Provide paths to download folder. As this feature is LAN ONLY, provide internal name or IP address for both fields.

Be careful, this path will be resolved by the agent (value localhost forbidden here!)

OCS-activate-package2.png


Don't pay attention to the warning messages when activating, Just click Yes. OCS-activate-package3.png


You can also ignore any warning messages when deleting a package, the package is removed.

Activated deployment packages

Here you will be able to see activated packages... OCS-activated-package.png

Deploying your packages

All should be ready to go now!

The final step is to affect the created package to computers...

Here's a quick howto for deploying the package on a single computer.

To learn how to deploy on multiple computers, see section 8.5 of the help file.


Open the desired computer's inventory on click on Config icon and add a new package OCS-deploy-single-pc1.png


You should see all activated packages, affect the one you want and confirm changes OCS-deploy-single-pc2.png


Back at Config page, you should now see affected packages and their states. OCS-deploy-single-pc3.png


Next time the Agent contacts the server, it is notified of the package, and sometime later should be deployed! As usual, you can manually launch the agent to force the update.

See section 8.1 of the help file to understand how download works

GLPI Usage

Access

GLPI's web interface can be reached at http://your-server/glpi

Login : glpi

Password: glpi

Warning.png Warning:
For security-reasons, change admin's password after your first login!


GLPI's web interface is only available from inside your network for security reasons by default.

Basics

GLPI Wiki

What's next?

Incomplete.png Incomplete:
This article or section needs to be expanded. Please help to fill the gaps or discuss the issue on the talk page


External authentication

You can configure GLPI so that your SME users can login. For this, we will use SME integrated IMAP feature.

In GLPI interface, clic on Administration icon and open Setup menu. Then clic on External Authentications.

Settings are on the screenshot: GLPI-imap-auth.png


Apply your changes. SME users can now connect with their existing user+password into GLPI interface!

Logout and login with an existing SME account: GLPI-user-interface.png


Sync GLPI with OCS

You can import OCS inventories into GLPI. Simply clic on OCSNG in Tools menu. GLPI-sync-OCS-1.png


Then Import/Update OCS inventories into GLPI GLPI-sync-OCS-2.png


Advanced

Sync GLPI with LDAP

Related GLPI Wiki article

Incomplete.png Incomplete:
This article or section needs to be expanded. Please help to fill the gaps or discuss the issue on the talk page


Sync GLPI with Active Directory

Related GLPI Wiki article

Incomplete.png Incomplete:
This article or section needs to be expanded. Please help to fill the gaps or discuss the issue on the talk page


Plugins

Related GLPI Wiki article

Incomplete.png Incomplete:
This article or section needs to be expanded. Please help to fill the gaps or discuss the issue on the talk page


Additional information

Initial howtos:


Stefen Noble (Snoble)

Sylvain Gomez (Cool34000)