This is the documentation of an old opsi version. The documentation for the current version 4.3 can be found here.

Integration of existing macOS clients into opsi.

To include existing macOS clients in opsi, the opsi-client-agent must be installed on them. This can be performed in several ways. After you have installed the opsi-client-agent, as described below, the client will also appear in the client list of the opsi-configed, in the case you had not already added it there previously.

Basically, is possible to run on the client or from the server to trigger the installation of the agent.

Running the installation directly on the client is appropriate for individual machines. For a mass deployment of the agent, the opsi-deploy-client-agent is generally more suitable. If the necessary unlocks are available on the macOS clients.

If there is already another way to deploy software, it’s also possible to deploy the opsi-client-agent and run the silent_setup.sh script included in the package.

Once the agent is installed, existing opsi products can be installed on these clients.

Using opsi-client-agent-installer on macOS

  1. Logon to the client.

  2. Download the installer from your configserver. It is located at https://<fqdn_or_ip_of_the_configserver>:4447/public/opsi-client-agent/ and has the file name:
    Windows: opsi-client-agent-installer.exe
    Linux: opsi-linux-client-agent-installer.run
    macOS: opsi-mac-client-agent-installer.command

oca_installer_download

  1. Execute the installer (for linux and macos this must be done with root-rights, on windows a UAC-Request may be displayed)

  2. The installer will extract itself into a temporary local directory and start the oca-installation-helper.

oca_installer_start

This shows a user interface with input fields for Client-ID, Opsi Service URL, Username and Password. The fields are pre-filled (if possible e.g. if a old opsicliend.conf is found), but you may need to add or change some of the data.

  • Client-Id should be the fqdn of the Client.

  • Opsi Service url should have the format https://<fqdn_or_ip_of_the_configserver>:4447.

  • Username and Password should correspond to a user of the group opsiadmin in case of a first installation. For reinstallation it is also possible to use Client-Id and pckey for authentication.

After starting the Installer by clicking the button Install the installer connects to the server to register the client at the server. Afterwards the installer calls the included opsi-script to execute the setup.opsiscript of the opsi-[linux-|mac-]client-agent.

oca_installer_run

If the installation is finished the installer terminates.

Further information around the opsi-client-agent Installer and the command line parameters and other possibilities to install the opsi-client-agent you will find at the opsi-manual in the chapter Subsequent installation of the opsi-client-agents
https://download.uib.de/4.2/documentation/html/en/opsi-manual-v4.2/opsi-manual-v4.2.html#opsi-manual-clientagent-subsequent-installation

Using service_setup.sh on macOS

The method described over here is only for backward compatibility to opsi 4.1 and the corresponding opsi-client-agent versions 4.1. Please use as possible the opsi-client-agent Installer.

Using service_setup.sh on macOS (initial installation).

Due to macOS security restrictions, the ability to run scripts from mounted shares is limited. Trying to do the following with a share mounted via Finder to /Volumes (or similar) will therefore fail (depending on the macOS version).

  • Log in to the client.

  • Start the terminal program

  • For the following commands you need to replace the following placeholders:

    • <username> with your login name.

    • <mnt> with a directory name that does not exist yet e.g. 'mnt'.

    • <serviceuser> with a username that is known on the opsi-server.

    • <servicepass> with the password of the <serviceuser>. You can also omit :<servicepass> together with the mount option -N, then you will be prompt to input the password

    • <opsi-server> the name or IP number of the opsi-server.

sudo su
cd /Users/<username>
mkdir <mnt>
mount_smbfs //<serviceuser>@<opsi-server>/opsi_depot /Users/<username>/<mnt>
cd /Users/<username>/<mnt>/opsi-mac-client-agent
./service_setup.sh
cd
umount /Users/<username>/<mnt>

without password query

sudo su
cd /Users/<username>
mkdir <mnt>
mount_smbfs -N //<serviceuser>:<servicepass>@<opsi-server>/opsi_depot /Users/<username>/<mnt>
cd /Users/<username>/<mnt>/opsi-mac-client-agent
./service_setup.sh
cd
umount /Users/<username>/<mnt>

Example:

sudo su
cd /Users/uib
mkdir mnt
mount_smbfs  //adminuser@sepia/opsi_depot /Users/uib/mnt
cd /Users/uib/mnt/opsi-mac-client-agent
./service_setup.sh
cd
umount /Users/uib/mnt

  1. Start from the mounted share the script opsi-mac-client-agent\service_setup.sh
    Confirm with 2 x Enter

  2. The script copies the necessary files into a temporary local directory and then starts opsi-script for the actual installation.

  3. The script contacts the server via opsi webservice to create the client on the server side and to find out the pckey. This is done first with the user/password combination entered in config.ini. If this fails, a login window appears with service URL (opsi-configserver), user name and password. Here a user is needed which is a member of the group 'opsiadmin'. It is possible to also operate with a user which is only allowed to execute the method host_createOpsiClient.

The client reboots after the installation.

Using service_setup.sh on macOS (repair installation).

  • Log in to the client.

  • Start the terminal program

  • For the following commands you need to replace the following placeholders:

    • <serviceuser> with a username known on the opsi-server.

    • <servicepass> with the password of the <serviceuser>. You can also omit :<servicepass>, then you will be asked for the password

    • <opsi-server> with the name or IP number of the opsi server.

  • During the first installation opsi created a hidden pseudo user named opsisetupadmin, in whose home directory /var/opsisetupadmin is also the mount directory.

sudo su
mount_smbfs -N //<serviceuser>:<servicepass>@<opsi-server>/opsi_depot /var/opsisetupadmin/opsi_depot
cd /var/opsisetupadmin/opsi_depot/opsi-mac-client-agent
./service_setup.sh
cd
umount /var/opsisetupadmin/opsi_depot

Example:

sudo su
mount_smbfs -N //adminuser:linux123@sepia/opsi_depot /var/opsisetupadmin/opsi_depot
cd /var/opsisetupadmin/opsi_depot/opsi-mac-client-agent
./service_setup.sh
cd
umount /var/opsisetupadmin/opsi_depot

  1. Start the script opsi-mac-client-agent\service_setup.sh
    Confirm with 2 x Enter

  2. The script copies the necessary files into a temporary local directory and then starts the opsi-script for the actual installation.

  3. The script contacts the server via opsi webservice to create the client on the server side and to find out the pckey. This is done first with the user/password combination entered in config.ini. If this fails, a login window appears with the corresponding service URL (opsi-configserver), user name and password. Here a user is needed which is a member of the group 'opsiadmin'. It is also possible to utilize a user which is only allowed to execute the method host_createOpsiClient.

The client needs a reboot after the installation to become active.
The reboot is not triggered automatically.

Using opsi-deploy-client-agent for macOS.

The opsi-deploy-client-agent script deploys the opsi-client-agent directly from the opsi-server to the clients. It’s easy to integrate a large number of clients from the server into an opsi environment. As a prerequisite for the clients is needed:

  • an activated ssh access

Unfortunately on macOS the ssh accesses are deactivated by default. To use the opsi-deploy-client-agent command these accesses must be first activated.

This can be performed interactively in the 'System preferences / sharing':

Activating ssh access

On the command line, this can be done as follows:

sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist

A checkup of the current status of the ssh access is possible with the command:

sudo systemsetup -getremotelogin

Disabling ssh access on the command line looks like this:

sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist

The opsi-deploy-client-agent script can be found at /var/lib/opsi/depot/opsi-client-agent
Run the script with 'root' privileges or as a user being part of the "opsifileadmins" group. If the script is not executable, you can fix this problem with the following command:
opsi-set-rights /var/lib/opsi/depot/opsi-client-agent/opsi-deploy-client-agent

The script creates the client on the server side, copies the installation files and configuration information, such as the pckey, to the client and starts the installation there.
The installation runs in the background without any interaction from user and transparently.

The command opsi-deploy-client-agent has several call parameters.
All following examples assume that you have switched to the root directory of the opsi-client-agent product:

cd /var/lib/opsi/depot/opsi-mac-client-agent

Typical calls are:

  • For a single client:

./opsi-deploy-client-agent -v --user=uib uib-mmini1

Results in the following output:

Password is required for deployment.
Password:
[5] [2021-02-04 16:43:43.121] [               ] Starting deployment to host uib-mmini1.uib.local   (posix.py:84)
[5] [2021-02-04 16:43:43.121] [               ] Querying for ip address of host uib-mmini1.uib.local   (common.py:158)
[5] [2021-02-04 16:43:43.122] [               ] Got ip address 192.168.10.70 from syscall   (common.py:167)
[5] [2021-02-04 16:43:43.123] [               ] Pinging host 192.168.10.70 ...   (common.py:183)
[5] [2021-02-04 16:43:44.146] [               ] Host 192.168.10.70 is up   (common.py:194)
[5] [2021-02-04 16:43:44.153] [               ] Patching config.ini   (posix.py:91)
[5] [2021-02-04 16:43:44.157] [               ] Copying installation scripts...   (posix.py:107)
[5] [2021-02-04 16:43:48.316] [               ] Running installation script...   (posix.py:147)
[5] [2021-02-04 16:43:53.382] [               ] opsi-client-agent successfully installed on uib-mmini1.uib.local   (posix.py:176)
[5] [2021-02-04 16:43:53.395] [               ] Restarting opsiclientd service on computer: uib-mmini1   (posix.py:331)
[5] [2021-02-04 16:43:55.620] [               ] 1/1 deployments successfully   (__init__.py:210)

  • For a list of clients:

./opsi-deploy-client-agent -v --user=uib --hosts-from-file HOSTFILE.TXT  --skip-existing-clients

Here HOSTFILE.TXT is a file with one client name (FQDN) per line. As long as the clients are not known to the opsi-server, it tries to install the opsi-mac-client-agent on this machine

  • Display all command line parameters:

./opsi-deploy-client-agent --help