Difference between revisions of "Talk:OCS Inventory Tools"

From SME Server
Jump to navigationJump to search
m
(New RPM -5)
Line 25: Line 25:
 
Cool34000
 
Cool34000
 
----
 
----
===deployment howto===
+
===deployment===
Draft steps for deployment, it works !!
+
new doc added - Enjoy!
 +
in => Package activation
  
SSL Certificates
+
when you delete a package, ocs complains, but it deletes the files anyway, document later
Installed a SSL certificate eg. http://wiki.contribs.org/Custom_CA_Certificate
 
 
below fixes the ssl errors as per http://alufis35.uv.es/OCS-Inventory-Package-Deployment.html
 
this is common, it could be automated, but should we be trusted, probably not ?
 
 
 
wget http://www.cacert.org/certs/root.crt
 
cp root.crt /home/e-smith/ssl.crt/cacert.pem
 
add fragment to httpd.conf
 
{
 
    #/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCACertificateFile
 
    if (-f '/home/e-smith/ssl.crt/cacert.pem')
 
    { $OUT = "SSLCACertificateFile /home/e-smith/ssl.crt/cacert.pem"; }
 
}
 
 
 
copy cacert.pem to the client ocs folder
 
 
 
deploying => Activate => activate package
 
complains that the directory and info files don't exist,
 
Just ignore the activate error, the files are visible from clients
 
 
 
deployed a file, optional, run a client update, it should show as notified in ocs
 
 
 
in => Package activation
 
when you delete a package, ocs complains, but it deletes the files anyway, document later
 
 
 
 
 
links
 
http://alufis35.uv.es/OCS-Deployment-Tips-and-tricks.html
 
 
 
stephen
 
----
 
Thank you so much for your help Stefen.
 
 
 
I'm so happy that deployment works!!! That's really great news!
 
 
 
 
 
A solution was also given on the forum: http://forums.contribs.org/index.php?topic=37359.msg178135#msg178135
 
 
 
It looks easier (no need of CACert). What do you think of the other solution?
 
 
 
 
 
Cool34
 
----
 
 
 
copying the existing .crt didn't work for me, try both ways and find out what works for you,
 
using the existing cert would be simpler, the windows ocs update command produces a good log file in the ocs directory showing any SSL errors
 
 
 
setting up a CA Certificate doesn't take long and is 'a good idea'
 
 
 
stephen
 
----
 
 
 
I'm just looking for the better way to integrate it to the new RPM. So I want to integrate it as far as I can... But not too much!
 
 
 
Yes, using existing cert would be easier, but maybe having a seperate cert could be better. Should we let this choice to the end-user? I guess yes...
 
 
 
=> Add your proposed ''35SSL10SSLCACertificateFile'' in the RPM
 
 
 
=> Add to OCS' deployment section that cacert.pem must be created and propose both methods if they both work.
 
 
 
=> Add detailled documentation for deployment
 
 
 
=> Maybe add a script to create the cacert automatically, so that the end-user can create it in one shot after the RPM install...
 
 
 
Do you agree?
 
 
 
 
 
Cool34000
 
----
 
  
 
===ParserDetails.ini===
 
===ParserDetails.ini===
Line 105: Line 37:
  
 
===Next RPM version===
 
===Next RPM version===
Quick sumarry of what will change on the next release... This is just suggestions, let's discuss about it!
+
Quick sumarry of what will change on the next release...
 
====New Apache template====
 
====New Apache template====
 
As suggested by Stefen:
 
As suggested by Stefen:
Line 120: Line 52:
 
   
 
   
 
====Specification File====
 
====Specification File====
I suggest adding following code in the '''''.spec''''' file in the '''%post''' section
+
I've added following code in the '''''.spec''''' file in the '''%post''' section
 
  if [ ! -e /home/e-smith/ssl.crt/cacert.pem ]; then
 
  if [ ! -e /home/e-smith/ssl.crt/cacert.pem ]; then
 
   cp /home/e-smith/ssl.crt/$SRVNAME.$DOMAIN.crt /home/e-smith/ssl.crt/cacert.pem
 
   cp /home/e-smith/ssl.crt/$SRVNAME.$DOMAIN.crt /home/e-smith/ssl.crt/cacert.pem
Line 127: Line 59:
 
  DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
 
  DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
 
  SRVNAME=$(/sbin/e-smith/db configuration get SystemName)
 
  SRVNAME=$(/sbin/e-smith/db configuration get SystemName)
 
This way, if the certificate doesn't exist, it's "generated" by the RPM install and uses SME's one. This method should be safe...
 
 
Users can try using this one, and if it don't work, they can follow up your instructions with Shad's CACERT howto and replace the existing file!
 
  
 
By the way, I had some problem using the certificate untill I fixed DNS issues (I use NO-IP and this free service don't allow wildcards!)
 
By the way, I had some problem using the certificate untill I fixed DNS issues (I use NO-IP and this free service don't allow wildcards!)
Line 141: Line 69:
 
  signal-event domain-modify
 
  signal-event domain-modify
 
  signal-event email-update
 
  signal-event email-update
 +
 +
 +
{{Note box|I have some problem uploading the new release (1-5) at contribs.org right now but the RPM is ready...}}
  
  
 
Cool34000
 
Cool34000
 
----
 
----

Revision as of 21:49, 7 November 2007

rename page

to describe the functions provides

Inventory and Deployment ?


ipdiscover bug

We need to confirm that ipdiscover works when the smeserver is the forced client.

I Tried the following: 

ipdiscover eth0 10
Important.png Note:
Usage : ipdiscover [iface name] [latency in ms]


Here's what I got on my server: 

<IPDISCOVER>
<H>192.168.0.100<M>00:xx:xx:xx:xx:xx</M><N>pc-00100.mydomain.com</N></H>
<H>192.168.0.253<M>00:xx:xx:xx:xx:xx</M><N>pc-00253.mydomain.com</N></H>
<H>192.168.0.254<M>00:xx:xx:xx:xx:xx</M><N>pc-00254.mydomain.com</N></H>
</IPDISCOVER>

Sounds like it's working for me... But IpDiscover discovers nothing when launched by SME OCS' Agent. There must be a problem here!

Windows Agent don't have this problem...


Cool34000

deployment

new doc added - Enjoy!

in => Package activation

when you delete a package, ocs complains, but it deletes the files anyway, document later

ParserDetails.ini

http://bugs.contribs.org/show_bug.cgi?id=3525#c2

charlie said just make it (as you now do), so lets close opened bugs

Next RPM version

Quick sumarry of what will change on the next release...

New Apache template

As suggested by Stefen:

Content of /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCACertificateFile 

# OCS Inventory NG Certificate
{
    if (-f '/home/e-smith/ssl.crt/cacert.pem')
      { $OUT = "SSLCACertificateFile /home/e-smith/ssl.crt/cacert.pem"; }
    else
      { $OUT = "# File /home/e-smith/ssl.crt/cacert.pem not present, deployment will not be possible"; }
}

Specification File

I've added following code in the .spec file in the %post section 

if [ ! -e /home/e-smith/ssl.crt/cacert.pem ]; then
  cp /home/e-smith/ssl.crt/$SRVNAME.$DOMAIN.crt /home/e-smith/ssl.crt/cacert.pem
fi

$SRVNAME and $DOMAIN are already gathered with following code in the .spec file: 

DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
SRVNAME=$(/sbin/e-smith/db configuration get SystemName)

By the way, I had some problem using the certificate untill I fixed DNS issues (I use NO-IP and this free service don't allow wildcards!)

This ends with some errors in Apache log file: 

[warn] RSA server certificate CommonName (CN) `servername.mydomain.no-ip.com' does NOT match server name!?

Here's how I fixed my problem: 

config setprop modSSL CommonName mydomain.no-ip.com     # It would be www.mydomain.no-ip.com if NO-IP had allowed wildcards like dyndns services)
expand-template /home/e-smith/ssl.crt/crt 2> /dev/null
signal-event domain-modify
signal-event email-update


Important.png Note:
I have some problem uploading the new release (1-5) at contribs.org right now but the RPM is ready...



Cool34000

Retrieved from "https://wiki.koozali.org/index.php?title=Talk:OCS_Inventory_Tools&oldid=6066"