opsi Management GUI: opsi-configed

By default, the 'opsi-configed' uses its log level 4 "Warning". The level can be changed to levels between 1 and 9.

To change the log level the command line option --loglevel [LEVEL] can be used. The log level should only be set to 7 or higher at the start if the configed start already causes problems. Otherwise the log file will be extremely large and it will be difficult to get loaded and shown. When the 'opsi-configed' is running and a potential error situation is expected the log level can be raised via the menu entry Help/ConfigEditor log level.

Level 6 can be helpful since then service calls are logged. Level 7 offers a more detailled view of actions.

Since version 4.1 the logfiles are deposed by default in the user home directory. In Windows the folder

c:\Users\[User name]\AppData\Roaming\opsi.org\log

In Linux the default logfiles folder is the (hidden) subfolder ".configed" in the user home directory.

The current logfile is named configed.log, the up to 3 preceding versions are configed_0.log, configed_1.log, configed_2.log.

The logging directory can be changed via the command line option "-d".

The current logfile path is displayed at the Help menu, entry "Current logfile". The filename can there be retrieved in order to use it in an open file dialog of a viewer program or can be directly opened by the default application for .log files.

The 'opsi-configed' tries to use the language following the OS defined locale. If the matching translation file is missing English is used as default language. If terms in translations file are missing the expressions of the Englisch translation are used as default.

When calling the 'opsi-configed' you can set a locale via the command line option

-l resp. --locale

On principle, the locale has the format language_region, each component with two characters, eg. en_US of de_DE. It suffices to give the two character language code since there no region specific variants prepared.

In a running 'opsi-configed' the language can be switched via the menu item File/International. A change triggers a re-initialization of the program with a (nearly complete) rebuilding of the visual components in the new language.

Finally the call parameter

--localizationfile

can be used for directly prescribing a localiziation file. The additional parameter

--localizationstrings

has the effect that the display of the localized expressions is combined with displaying the terms for which expressions should be given. This can be used for producing and testing a localization file.

By default, the 'opsi-configed' uses its log level 3 "Info". The level can be raised to 4 "check" or 5 "debug".

To change the log level the command line option --loglevel [LEVEL] can be used. It is not recommended to set level 5 if not already the start process has problems since, with level 5, the produced log file is very large; it is difficult to view. When the 'opsi-configed' is running and a potential error situation is expected the log level can be raised via the menu entry Help/ConfigEditor log level.

Level 4 can be helpful since with it, the service calls are logged. Level 5 often offers a detailled view of actions.

By default the logfiles are deposed in the user home directory in the subfolder ".configed". The current logfile is named configed.log, the up to 3 preceding versions are configed_0.log, configed_1.log, configed_2.log.

In newer versions of windows the user home directory is interpreted as

c:\users\[USERNAME]\appdata\local

Observe that the Windows Explorer shows a localized version of "users" and does not give "AppData" in the listing of "c:\users\[USERNAME]". But the AppData folder contents appear, when "appdata" is supplemented to its superfolder name.

The logging directory can be changed via the command line option "-d". The opsi product opsi-configed uses this option to set the logging directory to

c:\opsi.org\log

But only local administrators can write to this location. If other users start the 'opsi-configed' the location

c:\users\[USERNAME]\appdata\local

will therefore again be used.

The clients list has per default the columns 'client name', 'description', 'on', 'IP address' and 'last seen'.

Some columns are deactivated by default:

You may activate these columns using the context menu. The configuration of the columns being displayed may be changed using the entry 'configed.host_displayfields' in the server configuration.

Adding the column 'session infos' enables the button "request session infos from all clients" in the button panel.

When this button is clicked the 'opsiconfd' tries to connect to all clients and to retrieve data of the active user sessions. From the result, the account names are shown in the column 'session infos'. Instead of using the button you may start the request only for the selected clients via the context menu or the main menu entry 'OpsiClient'. By doing this, network timeouts are avoided.

Since the search function for the client list works (if not configured otherwise) on all displayed columns you may now find out which is the client belonging to a logged in user (with known account name).

To sort the clients by a certain column click on the top header of that column.

You can select one or multiple clients to work with. The client view can be restricted to the selected clients by clicking the funnel icon or from the menu by 'Grouping / Show only selected clients'.

A selected client group can be saved with the icon 'Save grouping' or from the menu by 'Grouping / save group' with a free selectable name.

You can use the mouse to add the selected clients to an existing group (by dragging them to an existing group which is displayed in the tree view).

In the client selection dialog (as called via menu 'Selection / Define search') clients can be selected using a variety of criteria based on their configurations.

E.g., it is possible to search for opsi installed products as well as software found by the opsi software audit. You may as well search for PCs satisfying certain hardware conditions. Criteria may be combined by logical 'AND' or 'OR' operations and may be negated by a 'NOT' (which is produced by a click on the Not-Field before the property field). Search strings can be given as fixed strings combined with asterisks '*' as wildcard symbols.

Search definitions can be saved and then again used via the menu item 'Selection/Use saved search definition'.

It is also possible to run a saved search from the command line when the opsi-configed editor is started. By including the flag "-qs" and the name of the saved search, the configuration editor will start with the saved search results. If the name is omitted, then a list of available searches will be displayed.

To detect failed installations, the menu item Selection offers Failures with product and Failures occurred (today, since yesterday, …​), since version 4.0.5 .
Choose the first setting to get a list of all products. If you select a single product, all clients will be shown, where the installation of this product failed.
When choosing for instance Failures occured - today, all the clients will be marked, where an product installation failed today.

The tree view control has three base nodes 'groups', 'directory' and 'client list'. Alls clients of the selected depots are displayed in the group 'client list'.

The nodes 'groups' and 'directory' are different in so far as each client can have any number of locations in the 'groups' subtree but has a unique location in the 'directory' subtree; as long as there was no other assignment to subgroup of 'directory' a client is automatically placed into the group 'NOT_ASSIGNED'.

If you select a client, all groups to which the client belongs will get color marked icons.

By a click one a node (or a group) all clients beyond this node will be shown in the 'Clients' tab, but none of these clients is selected for processing.

By a click one a client, this client will be shown in the 'Clients' tab and selected for processing. You may also use this way to change the selected client while you are in a other tab like product configuration without coming back to the clients tab.

You may use Ctrl-click and Shift-click to select multiple clients. This tree view control show the groups which are created according the chapter

You may also create groups by using the context menu above 'ALL' or any existing group.

You will be asked for the new groups name.

A group can be populated with clients using Drag&Drop by

A group can

The context menu of a group item can be used

Several client standard configurations can be applied directly in the client information panel which is located on the right side of the clients page. Please observe that UEFI support and WAN configuration both are currently based on non free extension modules. If these modules are not active the corresponding buttons are disabled.

This configuration is no longer hard coded since version 4.0.7.6.5, but is read from the server host parameters configed.meta_config.wan_mode_off* and is also interpreted as a negation. If you have kept the automatically set Meta_Config.wan_mode* parameters, the one described in Recommended configuration when using the WAN/VPN extension module, can be taken as an example or recommendation for a standard WAN configuration given by uib gmbh.

Choosing this menu entry, you will send the selected clients a WakeOnLan signal.

Since version 4.0.7 you can choose

If a client is assigned to a depot server which is not the configserver then the Wake On Lan signal is not directly sent to the client, but the 'opsi-configed' tries to establish a HTTPS connection to the 'opsiconfd' of the depot server which in turn sends the Wake On Lan package to the client inside its network segment.

It should be observed that it is the 'opsi-configed' which triggers the actions, therefore the program must not be shut down in the meantime.

This menu entry is used to send to the 'opsi-client-agent' on the selected clients a command to fire the event which is selected in the submenu. If a Client is not reachable or currently processing another non-cancelable event, the 'opsi-configed' shows an error text.

The standard event is "on demand" which means the demanded action is started at once. Be aware that this may have the effect that the client is rebooting without any warning.

To incorporate additional events (which should be configured in the opsiclientd.conf) into the submenu you have to edit the config configed.opsiclientd_events via the tab (server) host parameters.

All messages will be shown on the active desktop. If the client isn’t reachable, you will get a message.

What happens exactly if you fire the event 'on_demand' can be configured in the event 'on_demand' configuration.

Choosing the menu entry 'Show popup message' you will get a small edit window where you can type in your message.

By clicking on the red tick you will send the message to the selected clients.

At the selected clients a message window will appear.

The selected clients get the signal to communicte their session information. The data is shown in the session info column (if visible).

On WAN clients there are occasional problems with the package cache synchronization. This function resets the cache.

The option 'Remote Control Software call' in the client context menu as well as the client main menu (since 'opsi-configed' version 4.0.1.11) is very powerful. It can be used to use any command that the operating system offers, parametrized e.g. by the client name.

As an example there are configurations automatically generated which can be used to send a ping to the selected client: one ping command that works in Windows environment and one command that requires a Linux X environment. Please observe: 'opsi-configed' calls obviously the command in its environment, i.e., we need the Linux command when the 'opsi-configed' is running in Linux.

The selection window has three parts. The upper part lists the names of the existing commands. It follows a line, which shows the selected command and offers the chance to edit it (if this is allowed). Additionally, the line contains the buttons to execute or abandon the action. The third text area of the window captures any messages that are returned by the operating system when calling the command.

These calls offer a quasi infinite range of opportunities. For example, a command can be configured to open a Remote Desktop connection to the selected client (if it allows such connections). On a Windows system, such a command is

cmd.exe /c start mstsc /v:%host%

In a Linux environment the following command can be used:

rdesktop -a 16 %host%

In these examples serves %host% as a variable, which 'opsi-configed' automatically replaces by the value for the selected host. Other variables that can be analogously used in the commands are:

If the command is marked by the additional server configuration entry 'editable' as true, then the command line allows ad hoc editing. For example, you may supply a requested password or vary the command as needed.

If more than one client is selected the command will be executed in a own thread for each client.

The list of remote control commands is editable via server configuration entries (cf. Host parameters in client and server configuration).

To define a command example, at minimum an entry configed.remote_control.example (or configed.remote_control.example.command) must be generated. The value of property has to be the command (in which the variables %host%, %ipaddress% etc. can be used). Additionally, an entry configed.remote_control.example.description can be defined. The value of this entry will be shown as tooltip (if not existing, the command itself will serve as tooltip content). Furthermore, a Boolean entry configed.remote_control.example.editable can be added. If its value is set to false the command cannot be edited in the selection window.

You may send the selected clients a shutdown or reboot signal. You have to confirm this command at the opsi-configed.

You may delete the selected clients from the 'opsi-server'.

If you choose to create a client, an input mask opens. There you enter or confirm the required data – client name without domain specification, domain name, depot server name. You may add a textual description for this client and notes on this client.

The mask also contains fields for an optional declaration of the IP-number and the ethernet (MAC) address of a client. If the backend is activated for the configuration of a local dhcp-server (which is not the default setting), this information will be used to make the new client known to the dhcp-server. Otherwise the MAC address will be saved in the backend and the IP-number will be discarded.

When creating clients you can directly for the new client specify to which group it should belong, as well as which netboot product should be directly set on setup. In addition, you can activate directly the Install by shutdown, UEFI Boot and the (standard) WAN configuration from the beginning. These settings can easily be made in the Hosts-List. These configurations are only available since the version 4.0.5.8.1 .

Since opsi 4.0.4 it is possible to disable the options for creation and deletion of an opsi client. This is used if the client creation should be managed by a different service, eg. the UCS service.

For the configuration of these options, a host parameter (config) is provided. It is named configed.host_actions_disabled and offers the list values

(multiple selection allowed). The default is the empty selection meaning that no option is disabled.

The default setting can be changed so that adding and removing clients from the 'opsi-configed' is disabled:

There is now the possibility to create several clients at once. For that you may click in template in the dialog frame to create a CSV-template. That can be edited with a text editor or programs like Microsoft Excel and LibreOffice Calc to list as many clients including their properties as you want. If you click on File and select the CSV-document, all clients from that list will be created automatically.

You may rename a selected client, you will be asked for the new name.

Moving a client to a different depot-server. If clicked the following windows appears with a list of existing depot-servers

You can delete all information of all products of the selected clients. This can be useful for example to reset a testclient to a defined state.

To simplify and automate the drivers of special clients and to upload them on the opsi-depot-server, since version 4.0.5, the option to select the paths from the hardware information is possible, thus the opsi-configed via the Share delivers the above mentioned. The two offered byAudit driver paths are composed of the manufacturer and the product or the model, which are respectively read from the computer and the mainboard. By clicking the right button to upload a driver, a new window will be displayed to add more settings.

If you open the 'opsi-configed' on a Linux system, it is not directly possible to carry out a driver upload because the connection is carried out via a Share. This needs to be made manually. However, the methods or directory structures are an essential aspect of the drivers integration for linux users as well as for windows users.

Without further settings, the driver upload of a Windows computer, works only if the connection to the Share is enabled.

Among other things, information must be given in a new window, like to which Windows product should the driver be prepared, which drivers are to be uploaded and with which method or the directory in which the driver integration takes place. The target directory is accordingly changed with the selection of another method. The previously selected byAudit driver path can be found again by default in the selected method 'byAudit', that specifically integrates the selected driver for the type of machine.

Following methods and directories are possible:

Some manufacturers use model names that are very delicate to this method, since some special characters such as / are not allowed to be used in files or directory names. An example for a model name could be: "5000/6000/7000". A directory with this name is not allowed because of the special characters. Since the third Service Release from opsi 4.0.3 the following special characters: < > ? " : | \ / * were replaced internally with an underscore "_" character. With this change can the above example be replaced with: "5000_6000_7000" the directory will automatically be shown, even though the directory structure information in the hardware inventory is not visually the same.

Starting with version 4.0.7.5 the 'opsi-configed' includes the user roles function.

In the interface, in the overview of the server host parameters, the category user shows the availability of the function (not necessarily active). The user branch of the properties tree starts with a boolean entry

with default value false.

The other entries at this location represent the default values for the user-specific configurations of the server console (cf. Server-Console).

To activate the user role extension you need to:

When the user-role extension is activated, an entry is created in the properties tree for the logged-in user. The default settings used for the administration of rights are like the "classic" requirements for an administrator, that means, that this user has no restriction whatsoever. E.g., for a user named admindepot1 the following entries are generated:

These four items mean:

In the case that the access of admindepot1 is to be restricted to the computers in the depot server depot1, the following should be set:

After a complete data reload, clients from other depots are not more visible to admindepot1 (and also only the depot settings for depot1 are accessible).

In order to complete the restriction, it therefore is required to set

If not otherwise configured, it is tried to build a SSH connection with the same user/server pair for which to configed login was done.

Should this not be the case the connection can be also started via a SSH key (possibly with a password) when the configed starts. In this case, the following start parameters can be used:

The settings can be changed or adjust under the menu entry "Connection Information".

The visibility of menu items in the server console menu is controlled by a series of server host parameters in the user section. If the user roles feature is used (cf. Managing User Rights and Roles) the configs are specifically set for each user (the default values for a newly created user entry are taken from the top user level).

In order to be able to use different functions, the appropriate server settings must be activated.

With the Terminal, Linux commands can be run from the connected SSH-Server.
In addition to the possibility to replace the input with asterisks (*), which is strongly recommended for the input of passwords, a process can also be canceled by clicking the "End process / connection" button or by pressing "Ctrl + C".
Just like in the Terminal, the "TAB" can be used to complete commands. Warning: Paths will not be completed - only Linux system commands.
Besides it is also possible to specify data sources, that before the execution can be replaced by concrete data. More about this functionality: Define commands - Item: Datasources)

Under the menu group "opsi" a few commands are available independently of the self-defined commands with their own input interface. These simplify the handling of various scripts.

You can find more about opsi-package-manager under Tool: opsi-package-manager: (un-)install opsi-packages

TIP: Some user interfaces include a selection component for paths in the directory structure. If the button "Find Subdirectories" is activated, all directories or files that are contained in the specified path will be listed. To visualize further sections, you can press the button several times. This functionality is, among others, in the "Set Opsi rights" or the "Package installation" interface.

In addition to the predefined server console commands, you can create or remove your own commands, which can be accessed via menu items. It should be noted that different Linux systems may not be able to execute the same commands. Thus, the administrator must be sure that the commands can be executed on the addressed Linux system.

Following data must be or rather could be (marked with a "*") for a command: