Changes

Jump to navigation Jump to search

Talk:OCS Inventory Tools (view source)

Revision as of 21:49, 7 November 2007

2,521 bytes removed ,  21:49, 7 November 2007
New RPM -5
Line 25: Line 25:  
Cool34000
 
Cool34000
 
----
 
----
===deployment howto===
+
===deployment===
Draft steps for deployment, it works !!
+
new doc added - Enjoy!
 +
in => Package activation
   −
SSL Certificates
+
when you delete a package, ocs complains, but it deletes the files anyway, document later
Installed a SSL certificate eg. http://wiki.contribs.org/Custom_CA_Certificate
  −
  −
below fixes the ssl errors as per http://alufis35.uv.es/OCS-Inventory-Package-Deployment.html
  −
this is common, it could be automated, but should we be trusted, probably not ?
  −
 
  −
wget http://www.cacert.org/certs/root.crt
  −
cp root.crt /home/e-smith/ssl.crt/cacert.pem
  −
add fragment to httpd.conf
  −
{
  −
    #/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCACertificateFile
  −
    if (-f '/home/e-smith/ssl.crt/cacert.pem')
  −
    { $OUT = "SSLCACertificateFile /home/e-smith/ssl.crt/cacert.pem"; }
  −
}
  −
 
  −
copy cacert.pem to the client ocs folder
  −
 
  −
deploying => Activate => activate package
  −
complains that the directory and info files don't exist,
  −
Just ignore the activate error, the files are visible from clients
  −
 
  −
deployed a file, optional, run a client update, it should show as notified in ocs
  −
 
  −
in => Package activation
  −
when you delete a package, ocs complains, but it deletes the files anyway, document later
  −
 
  −
 
  −
links
  −
http://alufis35.uv.es/OCS-Deployment-Tips-and-tricks.html
  −
 
  −
stephen
  −
----
  −
Thank you so much for your help Stefen.
  −
 
  −
I'm so happy that deployment works!!! That's really great news!
  −
 
  −
 
  −
A solution was also given on the forum: http://forums.contribs.org/index.php?topic=37359.msg178135#msg178135
  −
 
  −
It looks easier (no need of CACert). What do you think of the other solution?
  −
 
  −
 
  −
Cool34
  −
----
  −
 
  −
copying the existing .crt didn't work for me, try both ways and find out what works for you,
  −
using the existing cert would be simpler, the windows ocs update command produces a good log file in the ocs directory showing any SSL errors
  −
 
  −
setting up a CA Certificate doesn't take long and is 'a good idea'
  −
 
  −
stephen
  −
----
  −
 
  −
I'm just looking for the better way to integrate it to the new RPM. So I want to integrate it as far as I can... But not too much!
  −
 
  −
Yes, using existing cert would be easier, but maybe having a seperate cert could be better. Should we let this choice to the end-user? I guess yes...
  −
 
  −
=> Add your proposed ''35SSL10SSLCACertificateFile'' in the RPM
  −
 
  −
=> Add to OCS' deployment section that cacert.pem must be created and propose both methods if they both work.
  −
 
  −
=> Add detailled documentation for deployment
  −
 
  −
=> Maybe add a script to create the cacert automatically, so that the end-user can create it in one shot after the RPM install...
  −
 
  −
Do you agree?
  −
 
  −
 
  −
Cool34000
  −
----
      
===ParserDetails.ini===
 
===ParserDetails.ini===
Line 105: Line 37:     
===Next RPM version===
 
===Next RPM version===
Quick sumarry of what will change on the next release... This is just suggestions, let's discuss about it!
+
Quick sumarry of what will change on the next release...
 
====New Apache template====
 
====New Apache template====
 
As suggested by Stefen:
 
As suggested by Stefen:
Line 120: Line 52:  
   
 
   
 
====Specification File====
 
====Specification File====
I suggest adding following code in the '''''.spec''''' file in the '''%post''' section
+
I've added following code in the '''''.spec''''' file in the '''%post''' section
 
  if [ ! -e /home/e-smith/ssl.crt/cacert.pem ]; then
 
  if [ ! -e /home/e-smith/ssl.crt/cacert.pem ]; then
 
   cp /home/e-smith/ssl.crt/$SRVNAME.$DOMAIN.crt /home/e-smith/ssl.crt/cacert.pem
 
   cp /home/e-smith/ssl.crt/$SRVNAME.$DOMAIN.crt /home/e-smith/ssl.crt/cacert.pem
Line 127: Line 59:  
  DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
 
  DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
 
  SRVNAME=$(/sbin/e-smith/db configuration get SystemName)
 
  SRVNAME=$(/sbin/e-smith/db configuration get SystemName)
  −
This way, if the certificate doesn't exist, it's "generated" by the RPM install and uses SME's one. This method should be safe...
  −
  −
Users can try using this one, and if it don't work, they can follow up your instructions with Shad's CACERT howto and replace the existing file!
      
By the way, I had some problem using the certificate untill I fixed DNS issues (I use NO-IP and this free service don't allow wildcards!)
 
By the way, I had some problem using the certificate untill I fixed DNS issues (I use NO-IP and this free service don't allow wildcards!)
Line 141: Line 69:  
  signal-event domain-modify
 
  signal-event domain-modify
 
  signal-event email-update
 
  signal-event email-update
 +
 +
 +
{{Note box|I have some problem uploading the new release (1-5) at contribs.org right now but the RPM is ready...}}
       
Cool34000
 
Cool34000
 
----
 
----
Cool34000
498

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/6066"

Navigation menu