Line 1: |
Line 1: |
− | ===rename page=== | + | =known bugs= |
− | to describe the functions provides | + | There are still some bugs in this RPM... Help us to fix them! |
| + | ==ipdiscover bug== |
| + | ===ipdiscover on SME=== |
| + | IpDiscover is not working on SME. Please use another agent to ipdiscover your networks at the moment. |
| | | |
− | Inventory and Deployment ?
| + | I've opened a [http://forums.ocsinventory-ng.org/viewtopic.php?pid=5684#p5684 thread] on OCS forum. |
| | | |
| + | Let's hope the next version will come out soon! |
| + | ===ipdiscover-util.pl=== |
| + | This script used by the web interface do not seem to work too. |
| | | |
− | ===ipdiscover bug===
| + | First thing to do is to change the password in this file... |
− | We need to confirm that ipdiscover works when the smeserver is the forced client.
| + | ... |
− | | + | my $dbhost = 'localhost'; |
− | I Tried the following:
| + | my $dbuser = 'ocs'; |
− | ipdiscover eth0 10 | + | my $dbpwd = 'ocs'; <== |
− | {{Note box|''Usage : ipdiscover [iface name] [latency in ms]''}}
| + | my $db = 'ocsweb'; |
− | | + | my $dbp = '3306'; |
− | Here's what I got on my server:
| + | The password should be dynamical as this is a perl script. We need to use esmith::ConfigDB or something else to retrieve this value... I was unable to handle that. |
− | <IPDISCOVER> | |
− | <H><I>192.168.0.100</I><M>00:xx:xx:xx:xx:xx</M><N>pc-00100.mydomain.com</N></H> | |
− | <H><I>192.168.0.253</I><M>00:xx:xx:xx:xx:xx</M><N>pc-00253.mydomain.com</N></H>
| |
− | <H><I>192.168.0.254</I><M>00:xx:xx:xx:xx:xx</M><N>pc-00254.mydomain.com</N></H>
| |
− | </IPDISCOVER>
| |
− | Sounds like it's working for me... But IpDiscover discovers nothing when launched by SME OCS' Agent. There must be a problem here!
| |
− | | |
− | Windows Agent don't have this problem...
| |
| | | |
| + | Also a problem, the script cannot be executed. I try to add script handler for .pl but it didn't worked... Not sure about how this is working, if someone can help, please do! |
| | | |
| Cool34000 | | Cool34000 |
| ---- | | ---- |
− | ===deployment howto===
| |
− | Draft steps for deployment, it works !!
| |
| | | |
− | SSL Certificates
| + | ==www/ocs/install.php bugs== |
− | Installed a SSL certificate eg. http://wiki.contribs.org/Custom_CA_Certificate
| + | A problem was found in the default imported database. This ends with some ''alter'' errors. This can be fixed by refreshing the web page. |
− |
| |
− | below fixes the ssl errors as per http://alufis35.uv.es/OCS-Inventory-Package-Deployment.html
| |
− | this is common, it could be automated, but should we be trusted, probably not ?
| |
| | | |
− | wget http://www.cacert.org/certs/root.crt
| + | I took a look on ocsweb database with phpmyadmin before and after using install.php |
− | cp root.crt /home/e-smith/ssl.crt/cacert.pem
| |
− | add fragment to httpd.conf
| |
− | {
| |
− | #/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCACertificateFile
| |
− | if (-f '/home/e-smith/ssl.crt/cacert.pem')
| |
− | { $OUT = "SSLCACertificateFile /home/e-smith/ssl.crt/cacert.pem"; }
| |
− | }
| |
| | | |
− | copy cacert.pem to the client ocs folder
| + | I noticed that a lot of tables' ''engine type'' were ''MyISAM'' and after using install.php their type was ''InnoDB''! |
| | | |
− | deploying => Activate => activate package
| + | So I tried to export a new database (this time with extended parameters), but this new database don't import in ocsweb database: it ends with errors trying to create the 1st table! |
− | complains that the directory and info files don't exist,
| |
− | Just ignore the activate error, the files are visible from clients
| |
− |
| |
− | deployed a file, optional, run a client update, it should show as notified in ocs
| |
| | | |
− | in => Package activation
| + | Help needed! |
− | when you delete a package, ocs complains, but it deletes the files anyway, document later
| |
| | | |
− | | + | Cool34000 |
− | links
| |
− | http://alufis35.uv.es/OCS-Deployment-Tips-and-tricks.html
| |
− | | |
− | stephen
| |
| ---- | | ---- |
− | Thank you so much for your help Stefen.
| |
| | | |
− | I'm so happy that deployment works!!! That's really great news!
| + | =wiki page= |
| | | |
| | | |
− | A solution was also given on the forum: http://forums.contribs.org/index.php?topic=37359.msg178135#msg178135
| |
| | | |
− | It looks easier (no need of CACert). What do you think of the other solution?
| + | ==5.3.2 Deployment menu== |
| | | |
| + | there must be a lot of ways this could be used, |
| + | why make everyone think of them themselves when it could be spelled out |
| | | |
− | Cool34
| + | this could be a new page, [[:Application deployment]] |
− | ----
| |
| | | |
− | copying the existing .crt didn't work for me, try both ways and find out what works for you,
| + | this could include other ways to deploy, eg using netlogon.bat |
− | using the existing cert would be simpler, the windows ocs update command produces a good log file in the ocs directory showing any SSL errors | |
| | | |
− | setting up a CA Certificate doesn't take long and is 'a good idea'
| + | others can work on this cool34000 has done enough |
| | | |
− | stephen
| + | Stefen |
| ---- | | ---- |
| + | Here's the way I've always used OCS... First I import the standard ''ocsagent.exe'' in MySQL. |
| | | |
− | I'm just looking for the better way to integrate it to the new RPM. So I want to integrate it as far as I can... But not too much! | + | I don't like to install a service when it's not needed, so I use the standalone executable. I also don't use OCS deployment feature (I'm using GPOs for that) |
| | | |
− | Yes, using existing cert would be easier, but maybe having a seperate cert could be better. Should we let this choice to the end-user? I guess yes...
| + | It is so fast to use against the need of installing the Agent: put OcsLogon.exe in a share folder and simply launch it with a one command line batch script each time a session is opened. |
| + | @echo off |
| + | \\server\share\mydomain.com.exe /np /debug /tag:my_tag |
| + | That's all! |
| | | |
− | => Add your proposed ''35SSL10SSLCACertificateFile'' in the RPM
| + | Of course, more can be done... |
| | | |
− | => Add to OCS' deployment section that cacert.pem must be created and propose both methods if they both work.
| + | *Install the Agent silently in a script |
− | | + | *Use GPOs (deploy, install, update) |
− | => Add detailled documentation for deployment
| + | *Create your own ''ocsagent.exe'' |
− | | + | People need to read the guide! It's well documented. |
− | => Maybe add a script to create the cacert automatically, so that the end-user can create it in one shot after the RPM install...
| |
− | | |
− | Do you agree?
| |
| | | |
| + | If someone can take some time to document that, it would be nice! |
| | | |
| Cool34000 | | Cool34000 |
| ---- | | ---- |
| | | |
− | ===ParserDetails.ini=== | + | ==glpi== |
− | http://bugs.contribs.org/show_bug.cgi?id=3525#c2
| |
| | | |
− | charlie said just make it ([http://bugs.contribs.org/show_bug.cgi?id=3464 as you now do]), so lets close opened bugs
| + | someone who uses this may like to add some more information on how to use it, some link to more docs at least |
− | | |
− | == Future RPM ==
| |
− | | |
− | ===Next RPM version===
| |
− | Quick sumarry of what will change on the next release... This is just suggestions, let's discuss about it!
| |
− | ====New Apache template====
| |
− | As suggested by Stefen:
| |
− | | |
− | Content of '''''/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCACertificateFile'''''
| |
− | | |
− | # OCS Inventory NG Certificate
| |
− | {
| |
− | if (-f '/home/e-smith/ssl.crt/cacert.pem')
| |
− | { $OUT = "SSLCACertificateFile /home/e-smith/ssl.crt/cacert.pem"; }
| |
− | else
| |
− | { $OUT = "# File /home/e-smith/ssl.crt/cacert.pem not present, deployment will not be possible"; }
| |
− | }
| |
− |
| |
− | ====Specification File====
| |
− | I suggest adding following code in the '''''.spec''''' file in the '''%post''' section
| |
− | if [ ! -e /home/e-smith/ssl.crt/cacert.pem ]; then
| |
− | cp /home/e-smith/ssl.crt/$SRVNAME.$DOMAIN.crt /home/e-smith/ssl.crt/cacert.pem
| |
− | fi
| |
− | ''$SRVNAME'' and ''$DOMAIN'' are already gathered with following code in the '''''.spec''''' file:
| |
− | DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
| |
− | SRVNAME=$(/sbin/e-smith/db configuration get SystemName)
| |
− | | |
− | This way, if the certificate doesn't exist, it's "generated" by the RPM install and uses SME's one. This method should be safe...
| |
− | | |
− | Users can try using this one, and if it don't work, they can follow up your instructions with Shad's CACERT howto and replace the existing file!
| |
− | | |
− | By the way, I had some problem using the certificate untill I fixed DNS issues (I use NO-IP and this free service don't allow wildcards!)
| |
− | | |
− | This ends with some errors in Apache log file:
| |
− | [warn] RSA server certificate CommonName (CN) `servername.mydomain.no-ip.com' does NOT match server name!?
| |
− | Here's how I fixed my problem:
| |
− | config setprop modSSL CommonName mydomain.no-ip.com # It would be www.mydomain.no-ip.com if NO-IP had allowed wildcards like dyndns services)
| |
− | expand-template /home/e-smith/ssl.crt/crt 2> /dev/null
| |
− | signal-event domain-modify
| |
− | signal-event email-update
| |
− | | |
− | | |
− | Cool34000
| |
− | ----
| |