opsi Linux Support
Supported as opsi-client: Linux
As of 23.08.2023
Distribution |
OS-Installation |
netboot products |
client-agent |
opsiclientd |
Debian 11 Bullseye |
debian, debian11 |
|||
Debian 10 Buster |
debian, debian10 |
|||
Debian 9 Stretch |
debian, debian9 |
|||
Debian 8 Jessie |
debian, debian8 |
|||
Ubuntu Bionic 22.04 LTS |
ubuntu, ubuntu22-04 |
|||
Ubuntu Bionic 20.04 LTS |
ubuntu, ubuntu20-04 |
|||
Ubuntu Bionic 18.04 LTS |
ubuntu, ubuntu18-04 |
|||
Ubuntu Xenial 16.04 LTS |
ubuntu, ubuntu16-04 |
|||
Ubuntu Trusty 14.04 LTS |
ubuntu, ubuntu14-04 |
|||
Linux Mint 21-1 |
mint21-1 |
|||
Linux Mint 21 |
mint21 |
|||
Linux Mint 20-3 |
mint20-3 |
|||
Linux Mint 20-2 |
mint20-2 |
|||
Linux mint 20-1 |
mint20-1 |
|||
RHEL 9 |
rhel9 |
|||
RHEL 8 |
rhel8 |
|||
RHEL 7 |
rhel70 |
|||
RHEL 6 |
||||
Alma Linux 9 |
alma8 |
|||
Alma Linux 8 |
alma8 |
|||
Rocky Linux 9 |
rocky8 |
|||
Rocky Linux 8 |
rocky8 |
|||
CentOS 8 |
centos8 |
|||
CentOS 7 |
centos70 |
|||
CentOS 6 |
||||
SLES 15 SP4 |
sles15sp4 |
|||
SLES 15 SP3 |
sles15sp3 |
|||
SLES 15 SP2 |
sles15sp2 |
|||
SLES 15 SP1 |
sles15sp1 |
|||
SLES 12 SP5 |
sles12sp5 |
|||
SLES 12 SP4 |
sles12sp4 |
|||
SLES 12 SP3 |
sles12sp3 |
|||
SLES 12 SP2 |
sles12sp2 |
|||
SLES 12 SP1 |
sles12sp1 |
|||
SLES 12 |
sles12 |
|||
openSuse Leap 15.4 |
opensusel15-3 |
|||
openSuse Leap 15.3 |
opensusel15-3 |
|||
openSuse Leap 15.2 |
opensusel15-2 |
|||
openSuse Leap 15.1 |
opensusel15-1 |
|||
openSuse Leap 15.0 |
opensusel15 |
|||
openSuse Leap 42.3 |
opensusel42-2 |
|||
openSuse Leap 42.2 |
opensusel42-2 |
|||
openSuse Leap 42.1 |
opensusel42-1 |
|||
UCS 5.0 |
ucs50 |
|||
UCS 4.4 |
ucs44 |
|||
UCS 4.3 |
ucs43 |
: Supported : Discontinued
As of 23.08.2023
Netbootproduct |
Installer |
State |
Remark |
debian |
opsi |
stretch - bullseye |
|
debian11 |
distribution |
||
debian10 |
distribution |
||
debian9 |
distribution |
||
debian8 |
distribution |
||
debian8 |
distribution |
||
debian7 |
distribution |
||
ubuntu |
opsi |
trusty - jammy |
|
ubuntu22-04 |
distribution |
||
ubuntu20-04 |
distribution |
||
ubuntu18-04 |
distribution |
||
ubuntu16-04 |
distribution |
||
ubuntu14-04 |
distribution |
||
mint21 |
distribution |
||
mint20-3 |
distribution |
||
mint20-2 |
distribution |
||
mint20-1 |
distribution |
||
centos8 |
distribution |
||
centos70 |
distribution |
||
redhat9 |
distribution |
||
redhat8 |
distribution |
||
redhat70 |
distribution |
||
alma9 |
distribution |
||
alma8 |
distribution |
||
rocky9 |
distribution |
||
rocky8 |
distribution |
||
sles15sp3 |
distribution |
||
sles15sp2 |
distribution |
||
sles15sp1 |
distribution |
||
sles12sp4 |
distribution |
||
sles12sp3 |
distribution |
||
sles12sp2 |
distribution |
||
sles12sp1 |
distribution |
||
sles12 |
distribution |
||
opensusel15-4 |
distribution |
||
opensusel15-3 |
distribution |
||
opensusel15-2 |
distribution |
||
opensusel15-1 |
distribution |
||
opensusel15 |
distribution |
||
opensusel42-3 |
distribution |
||
opensusel42-2 |
distribution |
||
opensusel42-1 |
distribution |
||
ucs50 |
distribution |
||
ucs44 |
distribution |
||
ucs43 |
distribution |
Preconditions for using the opsi Linux Support
Technical precondition is opsi 4.0.5 with following packet versions:
opsi packet | version |
---|---|
opsi-linux-bootimage |
>= 20140805-1 |
The opsi support for Linux is based on a free Open Source component (the netboot products) and a co-funded component (the client-agent).
The opsi-linux-client-agent is a
co-funded opsi extension module.
In order to use the opsi Linux extension module, an activation file is required, this file can be acquired by buying the extension module. To obtain a temporary activation file for evaluation, please email us at info@uib.de.
For further details on handling extension modules please refer to the opsi manual.
opsi-linux-client-agent: 15 Free starts
The opsi-linux-client-agent includes 15 free starts by which the agent can be used without any activation
In detail: After the initial Install from the opsi-linux-client-agent the opsi-script can be started 15 times in service context without the need of activation.
This gives you the possibility to set a Linux computer with the corresponding opsi-products for the configuration needed.
For example, after the installation of the system you could use the product l-opsi-server
to make of the newly installed computer an opsi-server.
For a long lasting maintenance of the installed Linux computers after the 15 free starts, it is recommended the activation of the feature, in order to continue taking advantage of its benefits.
Installation of the packages
The Linux-related packages can be loaded over the opsi-package-updater
.
By default it already has the repository for the linux packages activated.
You can use the following command to install the packages:
opsi-package-updater -v --repo uib_linux install
Introduction
A single management tool for Windows and Linux
The objective of the opsi Linux extension module is to provide an homogenous management system for heterogenous environments. The focus is on integrating both worlds into the same management processes and tools
This means, that a Linux installation is triggered the same way as a Windows installation. The Linux opsi-client-agent is based on the same source code as the Windows client and provides (when applicable) the same opsiscript instruction sets.
Independent from Linux distribution
The opsi Linux Support is designed to be independent from any special Linux distribution.
The following distributions are supported:
-
Debian
-
Ubuntu
-
Linux Mint
-
OpenSuse / SLES (Suse Linux Enterprise Server)
-
RHEL (RedHat Enterprise Linux)
-
Alma Linux 8
-
Rocky Linux 8
-
CentOS
-
UCS
Please keep in mind that you need at least 4GB of RAM in the machine or VM if you want to install Linux Mint.
Installation of a new Linux PC via opsi (OS-Installation)
opsi Linux netboot products based on the distibution installer
-
Like with the unattended Windows installation, the Linux installer is equipped with an answer file to configure the unattended installation.
-
The installer of a distribution is not like with Windows an executable program, but is a combination of the distribution kernel and initrd implementation.
-
The system installation including partitioning, LVM, and all the basic software, are performed by the installers and not by the bootimage anymore.
-
For the Suse and RedHat like distributions, the installation sources have to be provided by you by introducing the DVD as an ISO-file on the depot share. This is comparable to the Windows installation, with the difference that the Windows installation files are stored in a different place and stored as the content of the DVD and not as an ISO file.
-
The installation of Linux Mint uses the content of the official installation media provided via an NFS share.
-
For the Debian like distributions, the installation sources are taken from the internet. Just the netboot versions of the distribution kernel with the associated initrd are placed on the depot share. These files are small, so they are included in the opsi package.
Since opsi 4.0.7 it is also possible to provide for some netboot products a local http repository. -
For further maintenance of the installation the opsi-linux-client-agent can be installed with the basic installation.
Description of the automated installation process:
-
The opsi-linux-bootimage boots, deletes the partition table and creates a small temporary partition.
-
The opsi-linux-bootimage fetches the initrd for the distribution and unpacks it on the temporary partition.
-
The opsi-linux-bootimage fetches the generic answer file, patches it (personalisation) and moves it to the initrd directory.
-
The opsi-linux-bootimage creates some helper scripts and configuration files (e.g. for installing the opsi-linux-client-agent) and moves them to the initrd directory.
-
The opsi-linux-bootimage packs the patched initrd directory
-
The opsi-linux-bootimage boots the distribution kernel with the patched initrd per kexec.
-
The distribution kernel with the patched initrd performs the unattended installation of the target system and finally installs the opsi-linux-client-agent.
Advantages:
-
The installation is done as specified by the distributor, which is of special importance for providing support in the business context.
-
The opsi integration of new releases is easier and faster available.
-
For Suse, RedHat, Linux Mint like distributions and Ubuntu 22-04, the installation is done from the sources on the opsi-server, and therefore is faster and more stable than installing from the internet repositories.
Providing the installation media on the server via NFS
This affects SUSE like product prior to version 4.2.0.2-1, Redhat like distributions prior to version 4.2.0.3-1 and Linux Mint packages prior to version 4.2.0.2-1. Later on the new variant is explained.
For Suse. RedHat and Linux Mint like distributions, the installation media is provided by an additional nfs-share: opsi_nfs_share
.
To configure this share, there must be a NFS server installed and configured on the opsi-server:
Since opsi v4.0.6 stable this is done by the special package opsi-linux-support
. This package is not installed by default and must be installed manually once, e.g.
apt install opsi-linux-support
If a firewall is running on your system you need to configure it to accept TCP connections at port 80. Please consult the appropriate manual on how to do this.
The opsi-linux-support
package performs the following tasks:
-
Installation of the applicable nfs-server package on the opsi-server. For Debian, Ubuntu, Suse this is the package: nfs-kernel-server. For Centos, Redhat it is the package nfs-utils.
-
The share
opsi_nfs_share
is created and exported:-
Create directory:
mkdir -p /var/lib/opsi/depot/opsi_nfs_share
-
Add the share entry to /etc/exports:
/var/lib/opsi/depot/opsi_nfs_share *(ro,no_root_squash,insecure,async,subtree_check)
-
Activate the export:
exportfs -r
-
Check the successful export:
showmount -e localhost
The output should be:
Export list for localhost:
/var/lib/opsi/depot/opsi_nfs_share *
-
-
The share
opsi_nfs_share
has the following directory structure:
opsi_nfs_share/<productId>/<arch>/<dvd>.iso
example:
opsi_nfs_share/opensuse15-2/64/openSUSE-15.2-DVD-x86_64.iso
The installation file must have an extension.iso
, the name of the file does not matter. If there are several.iso
files in the same directory, it is not specified which one to use.
However the Linux Mint installation requires the installation media content, including hodden directories, to be copied into the specificopsi_nfs_share
subdirectory. -
Copy the installation DVD to the
opsi_nfs_share
and execute:
opsi-set-rights /var/lib/opsi/depot/opsi_nfs_share
IMPORTANT: use the standard installation DVDs of the distribution. Modified installation DVDs might have a different structure and therefore cannot be used in this context. -
If for any reasons the directory
/var/lib/opsi/depot/opsi_nfs_share
cannot be exported by the opsi-server per NFS (for instance because the depot share is already a NAS NFS share), so the NFS share to be used can be specified by a server config. Likeclientconfig.opsi_nfs_share=172.16.166.1:/var/lib/opsi/depot/opsi_nfs_share
-
The product
ubuntu22-04
a .iso file has to be placed in theiso
directory within the package directory in the depot.
Providing the installation media on the server via opsiconfd WebDAV
This affects SUSE like product after to version 4.2.0.2-1, Redhat like distributions after to version 4.2.0.3-1 and Linux Mint packages after to version 4.2.0.2-1.
RedHat and SUSE like distributions along with Linux Mint and Ubunut 22-04 in the above mentioned versions do not use the NFS method anymore. Instead the opsiconfd WebDAV server is used to distribute the installation media. For this case each of those netboot packages contains a iso
or isocontent
subdirectory.
The iso
subdirectory shall contain an ISO image of the specific distribution. On the other hand the isocontent
directory shall contain the contents of an ISO image, including files starting with a dot.
Here is an example how to fill the isocontent
directory.
mount SLE-15-SP3-Full-x86_64-GM-Media1.iso /mnt
cp -r /mnt/* /var/lib/opsi/depot/sles15-3/isocontent/
cp /mnt/.treeinfo /var/lib/opsi/depot/sles15-3/isocontent/
cp /mnt/.discinfo /var/lib/opsi/depot/sles15-3/isocontent/
umount /mnt
Please note: the file .discinfo
is not present on all distribution installation media and might be missing.
Common properties of the Linux netboot products based on the distibution installer
The following properties are available with all v406 netboot products to configure the Linux installation:
-
askbeforeinst
:
Starting an installation has to be confirmed from the client console? (Default='true') -
architecture
:
architecture selection, which affects the selection of bootimages and the installation architecture. (Default='64bit') -
language
orlocale
:
Which language / locale is to be installed. (Default=distribution dependent / 'de') -
console_keymap
: (not present in ubuntu22-04!)
keyboard layout to be installed. (Default=distribution dependent / 'de') -
timezone
:
Timezone to be installed?. (Default='Europe/Berlin') -
root_password
:
root password. (Default='linux123') -
user_password
:
user password. (Default='linux123') -
proxy
:
Proxystring (if required) as: 'http://<ip>:<port'
(Default='') -
install_opsi-client-agent
:
Install the Linux opsi-client-agent (co-funded project: a module file is required for activation. (Default='true') -
setup_after_install
:
Which opsi products should be installed after the installation of the operating system (opsi products set to setup). (Default='')
The products debian10, debian11 and ubuntu18-04, ubuntu20-04, ubuntu22-04 and mint20-1, mint20-2, mint20-3, mint21
The basic OS installation files are taken from the distribution repositories.
This product has the productive state.
This product has the following additional properties, some are not present in the netboot package ubuntu22-04
:
-
online_repository
:
distribution repository for the installation. (only for the Debian/Ubuntu family) (Default=distribution dependent) -
encrypt_password
: (not present in ubuntu22-04!)
Password for disk encryption (only if encrypt_logical_volumes=true)
Example:linux123
Default:linux123
-
partition_disk
: (not present in ubuntu22-04!)
Disk to use.:first
or complete device path Examples: "first", "/dev/sda", "/dev/sdb"
Default:first
-
partition_method
:
The method use for partitioning of the disk:
regular
: use the usual partition types for your architecture (direct
in ubuntu22-04) /lvm
: use LVM to partition the disk /crypto
: use LVM within an encrypted partition (not present in ubuntu22-04!)
Possible: "regular" or "direct", "lvm", "crypto"
Default:lvm
-
partition_recipe
: (not present in ubuntu22-04!)
The kind of partitions that will be used:
atomic
: all files in one partition /home
: separate /home partition /multi
: separate /home, /usr, /var, and /tmp partitions
Possible: "atomic", "home", "multi"
Default:atomic
-
desktop_package
:
Desktop package to install (standard = no desktop) (only for the Debian/Ubuntu family) Possible: "standard", "ubuntu-desktop", "kubuntu-desktop", "lubuntu-desktop", "xubuntu-desktop", "ubuntu-gnome-desktop"
Default:standard
-
language_packs
:
Possible: "ar", "bg", "by", "cf", "de", "dk", "en", "es", "et", "fa", "fi", "fr", "gr", "il", "it", "kg", "kk", "lt", "mk", "nl", "no", "pl", "ro", "ru", "sg","sr", "ua", "uk", "us", "wo"
Default:de
-
installation_method
:
Offers a possibility to bypass the kexec in case it fails. The alternate method installs a minimal installation on the local disk and reboot from it. This property currently works withdebian10
,ubuntu18-04
andubuntu20-04
in UEFI. Possible: "kexec", "reboot"
Default:kexec
The basic OS installation files are taken from the the official UCS repositories.
This product has a productive state. With this product one can install a master, slave, backup and even a memberserver. It is recommended to use the l-opsi-server localboot product to make an opsi server out of the UCS machine. Memberserver are supported when an opsi server is installed through l-opsi-server. This localboot products makes special adjustments to the server, so it can deploy clients like other UCS roles.
This product has the same properties as described above for debianX
or ubuntuX
and the following additional ucs specific properties:
-
dns_domain
:
The DNS domain name: Example:example.com
Default:ucs.test
-
ldap_base
:
The ldap base. Example:dc=example,dc=com
Default:dc=ucs,dc=test
-
ucs_code_name
:
The code name of the ucs version that is provided in the repository.
Example:ucs414
Default:ucs414
-
organisation
:
The name of the organisation that will be used for the ucs installation.
Example:uib gmbh
Default:uib gmbh
-
windomain
:
The name of the Samba/Windows domain.
Example:MYDOMAIN
Default:MYDOMAIN
-
external_nameserver
:
Which nameserver is included to the ucs installation ?
Example:10.11.12.13
Default:auto
= the name server given by dhcp -
ucs_master_ip
:
What is the IP Number of the UCS Domain Controller (needed for other roles to join) ?
Example:10.10.10.10
Default:10.10.10.10
-
ucs_master_admin_password
:
What is the password of the user Administrator of the UCS Domain Controller (needed for other roles to join) ?
Example:linux123
Default:linux123
-
ucs_role
:
Which UCS role should be installed ?
Possible: "domaincontroller_master", "domaincontroller_backup", "domaincontroller_slave", "memberserver", "base"
Default:domaincontroller_master
The products sles12sp3, sles12sp4, sles12sp5, sles15-1, sles15-2, sles15-3, sles15-4
This product has the following additional properties:
name: productkey multivalue: False editable: True description: email:regcode-sles for suse_register. Is only used if the host parameter `license-management.use` is set to false . If it set to True the license key will be get from the license management module. / La clé de licence pour l'installation. Est utilisée uniquement si dans "Réseau et paramètres supplémentaires" `license-management.use` est défini à false (faux) . Si c'est réglé sur True (vrai) la clé de licence sera obtenue du module de gestion des licences. values: ["", "myemail@example.com:xxxxxxxxxxxxxx"] default: [""] name: suse_register description: set to false, if you don't want to register your system online, if you set this to false you have to give local repositories default: True name: local_repositories multivalue: True editable: True description: list of local repositories to use. Syntax: "repository description", example entry: "http://sles.example.com/suse/repo NameForRepo" values: [""] default: [""] name: install_unattended description: If false then do interactive installation default: True
To download the installation DVD you need an account on SUSE.
Prior to version 4.2.0.2-1:
Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/sles15-3/64/
After version 4.2.0.2-1
Copy the ISO image content to /var/lib/opsi/depot/sles15-3/isocontent/
Please don’t forget to execute opsi-set-rights
.
The following video shows an installation.
It is made with one frame per second and because of that, the installation that you see it is much more faster than a normal installation.
The products redhat8, redhat9 and alma8, alma9 and rocky8, rocky9
This product has the following additional properties:
name: install_unattended description: If false then do interactive installation default: True name: selinux_mode multivalue: False editable: False description: In which mode should SELinux run ? values: ["enforcing", "permissive", "disabled"] default: ["permissive"] name: partition_method multivalue: False editable: False description: plain: Regular partitions with no LVM or Btrfs. / lvm: The LVM partitioning scheme. / btrfs: The Btrfs partitioning scheme. / thinp: The LVM Thin Provisioning partitioning scheme. values: ["plain", "lvm", "btrfs", "thinp"] default: ["lvm"] name: productkey multivalue: False editable: True description: email:regcode for subscription_register. Is only used if the host parameter `license-management.use` is set to false . If it set to True the license key will be get from the license management module. / La clé de licence pour l'installation. Est utilisée uniquement si dans "Réseau et paramètres supplémentaires" `license-management.use` est défini à false (faux) . Si c'est réglé sur True (vrai) la clé de licence sera obtenue du module de gestion des licences. values: ["", "myemail@example.com:xxxxxxxxxxxxxx"] default: [""] name: subscription_register description: set to false, if you don't want to register your system online, you need to set this to false and you have to introduce your local repository default: True
Download the installation DVD here, e.g. from here.
Prior to version 4.2.0.3-1
Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/alma8/64/
After version 4.2.0.3-1
Copy the ISO image content to /var/lib/opsi/depot/alma8/isocontent/
Please don’t forget to execute opsi-set-rights
.
To download the installation DVD you need an account on RedHat.
Prior to version 4.2.0.3-1
Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/redhat8/64/
After version 4.2.0.3-1
Copy the ISO image content to /var/lib/opsi/depot/redhat8/isocontent/
Please don’t forget to execute opsi-set-rights
.
Download the installation DVD here, e.g. from here.
Prior to version 4.2.0.3-1
Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/rocky8/64/
After version 4.2.0.3-1
Copy the ISO image content to /var/lib/opsi/depot/rocky8/isocontent/
Please don’t forget to execute opsi-set-rights
.
The following video shows an installation.
It is made with one frame per second and because of that, the installation that you see it is much more faster than a normal installation.
Linux netboot products with generic installer
Without distribution installer
Basic OS installation per netboot
To install Linux on a client, at the beginning the standard opsi-linux-bootimage boots per netboot. It is the same image as the one used for the Windows installation.
The bootimage automatically performs the partitioning and formatting of the hard disc (/ and swap). Next the installation of the basic Linux Operating System is performed (including network and ssh, but without X11). The installation process itself is quite different for the individual distributions, but has in common, that the installation is performed directly from the original distribution packages.
The opsi-client-agent for Linux can be installed, which enables the automated installation and configuration of further software packages.
The opsi-client-agent for Linux is available as a co-funded opsi extension module, the required opsi netboot products for Linux installation are available as free Open Source modules.
Because the base installation is done from the Standard opsi-linux-bootimage, there are some distribution dependent differences, that have to be installed and configured after the first reboot of the installed system. This is for example the SELinux installation of the 'RedHat like' or the keyboard configuration of the 'Debian like' systems. These after boot installations and patches are done by the standard localboot
Common properties of Linux netboot products (generic installer)
The following properties for controlling the Linux installation are available with all netboot products:
-
askbeforeinst
:
confirm start of the new installation on the client? (default='true') -
architecture
:
architecture selection - affects the selection of the bootimage and the installation architecture. (default='64bit') -
system_partition_size
:
size of the system partition - the size may be given as percent of the hard disk size or as absolute size (G=Gigabyte). If you choose another value than 100%, the remaining rest will be used as data_partition. (default='100%') -
swap_partition_size
: +size of the swap partition. (default='2000M') -
data_partition_create
:
create a data partition if there is some space left. (true/false) (default='true') -
language
:
language / locale to be installed (default='de') -
timezone
:
time zone to be configured (default='Europe/Berlin') -
root_password
:
root password (default='linux123') -
user_password
:
user password (default='linux123') -
online_repository
:
repository to use for installation - repository of the Linux distribution to be used for installation (not for SLES) (default = distribution dependent) -
proxy
:
proxystring (if required) as: 'http://<ip>:<port>'
(default='') -
additional_packages
:
additional packages to install. Packages names separated by blanks. (default='') -
install_opsi-client-agent
:
install the Linux opsi-client-agent (cofunding project: has to be activated by the /etc/opsi/modules) (default='false') -
release
:
(Debian and Ubuntu only)
which release of the distribution is to be installed? (default = distribution dependent) -
setup_after_install
:
opsi product(s) to be installed after the OS installation is done (opsi products to be set to 'setup') (default='l-os-postinst')
opsi-linux-client-agent
The opsi-client-agent for Linux is part of the cofunding project 'Linux Agent', which is liable to pay costs.
The opsi-client-agent for Windows is based on two components:
-
the service
opsiclientd
-
the action processor
opsi-script / opsi-script-nogui
The opsi-client-agent for Linux is based on the Linux port of the Windows client agent.
The opsiclientd
is not ported to all supported Linux distributions.
Tasks of the opsiclientd
at startup are:
* connect to the opsi-server: check whether actions are to be performed
* mount the depot share
* update the action processor if necessary
* start the action processor
* unmount the depot share
* transfer the logfile to the server
The Linux action processor is named opsi-script and is built from the same sources as for Windows. So on Linux the same scripting syntax is available as on Windows. All common features, that are not Windows specific, are available, as there are e.g.:
-
file handling
-
string and stringlist functions
-
executing external scripts and programs
-
communication with the opsi-Server
-
patching config files
Of course Windows specific features (like patching the Windows registry) are not available on Linux, but there are some additional Linux specific functions like e.g.:
-
getLinuxDistroType
-
getLinuxVersionMap
Logging of the opsi-script ist available (like on Windows).
Linux opsi-script is available as a graphical version for working with X-Windows and a noGUI version for systems without graphical user interface.
opsi-linux-client-agent: Installation: service_setup.sh
This method is the first choice for installations on a single computer. service_setup.sh can also be used for maintenance or repair of a client. For mass roll-out, see the chapter below.
-
login to the Linux client with root privileges
-
mount the shared directory on the opsi server at //<opsiserver>/opsi_depot to any mount point
-
change to directory
opsi-linux-client-agent
at the mountpoint -
start at this place the script
./service_setup.sh
The script connects to the opsi-webservice in order to create the server side client information and to get the pckey. The connection requires the user/password combination which it tries to retrieve from various configuration files. If that fails, a login window pops up (or commandline questions), where the user can fill in a URL, user, and password. The provided user has to be a member of the group 'opsiadmin'.
opsi-linux-client-agent: Installation: opsi-deploy-client-agent
The opsi-deploy-client-agent
installs the opsi-client-agent directly from the opsi-server to the clients.
Requirements for the clients are:
-
ssh access as root or as a user that has the possibility to run sudo
The program creates the client on the server, then copies the installation files and the configuration information including the pckey to the client. After copying the necessary information, opsi-deploy-client-agent
starts the installation on the client.
With opsi-deploy-client-agent
a whole list of clients can be processed.
These can include any number of clients that can be passed as the last parameter, or with the option '-f' by which the clients can be read from a file.
When using a file, on each line a client must be present.
The program can work with IP addresses, host names and FQDNs. It will automatically try to recognize what kind of Address was passed.
The program can be found at '/var/lib/opsi/depot/opsi-linux-client-agent'
Run the program with root privileges or as a user being part of the "opsifileadmins" group.
bonifax:/var/lib/opsi/depot/opsi-linux-client-agent# ./opsi-deploy-client-agent --help
usage: opsi-deploy-client-agent [-h] [--version] [--verbose]
[--debug-file DEBUGFILE] [--username USERNAME]
[--password PASSWORD]
[--use-fqdn | --use-hostname | --use-ip-address]
[--ignore-failed-ping]
[--reboot | --shutdown | --start-opsiclientd | --no-start-opsiclientd]
[--hosts-from-file HOSTFILE]
[--skip-existing-clients]
[--threads MAXTHREADS] [--depot DEPOT]
[--group GROUP] [--smbclient | --mount]
[--keep-client-on-failure | --remove-client-on-failure]
[host [host ...]]
Deploy opsi client agent to the specified clients. The c$ and admin$ must be
accessible on every client. Simple File Sharing (Folder Options) should be
disabled on the Windows machine.
positional arguments:
host The hosts to deploy the opsi-client-agent to.
optional arguments:
-h, --help show this help message and exit
--version, -V show program's version number and exit
--verbose, -v increase verbosity (can be used multiple times)
--debug-file DEBUGFILE
Write debug output to given file.
--username USERNAME, -u USERNAME
username for authentication (default:
Administrator).Example for a domain account: -u
<DOMAIN>\\<username>
--password PASSWORD, -p PASSWORD
password for authentication
--use-fqdn, -c Use FQDN to connect to client.
--use-hostname Use hostname to connect to client.
--use-ip-address Use IP address to connect to client.
--ignore-failed-ping, -x
try installation even if ping fails
--reboot, -r reboot computer after installation
--shutdown, -s shutdown computer after installation
--start-opsiclientd, -o
Start opsiclientd service after installation
(default).
--no-start-opsiclientd
Do not start opsiclientd service after installation.
--hosts-from-file HOSTFILE, -f HOSTFILE
File containing addresses of hosts (one per line).If
there is a space followed by text after the address
this will be used as client description for new
clients.
--skip-existing-clients, -S
skip known opsi clients
--threads MAXTHREADS, -t MAXTHREADS
number of concurrent deployment threads
--depot DEPOT Assign new clients to the given depot.
--group GROUP Assign fresh clients to an already existing group.
--smbclient Mount the client's C$-share via smbclient.
--mount Mount the client's C$-share via normal mount on the
server for copying the files. This imitates the
behaviour of the 'old' script.
--keep-client-on-failure
If the client was created in opsi through this script
it will not be removed in case of failure. (DEFAULT)
--remove-client-on-failure
If the client was created in opsi through this script
it will be removed in case of failure.
opsi-linux-client-agent: Installation: Via opsi netboot product
If you install a Linux via opsi netboot product, you only have to switch the property install_opsi-client-agent
to 'true' (which is the default) in order to install the opsi-linux-client-agent.
opsi-linux-client-agent: opsiclientd configuration
The opsiclientd
for Linux is a port of the opsiclientd
for Windows.
So it works withe similar configuration file which is located at:
/etc/opsi-client-agent/opsiclientd.conf
.
A detailed description of this file you will find at the chapter for the opsi-client-agent for Windows: opsi-client configuration
At the moment there are not all of the features and events available on Linux.
Available are:
-
Start at boot time (or via explicit start of the service
opsiclientd
). At Linux is the name of this eventopsiclientd_start
(notgui_startup
) -
event_on_demand
-
The
event_timer
but only with the configuration:super = default
Not available are:
-
Everything that is related to local caching ('WAN-Extension').
-
The
event_net_connection
-
The
event_on_shutdown
-
The
event_silent_install
opsi-linux-client-agent: installation paths
As usual on Linux, the linux-opsi-client-agent is spread to several directories:
The binaries (or symlinks to binaries):
/usr/bin/opsi-script
/usr/bin/opsiclientd
Auxiliary files:
Skin files:
/opt/opsi-script/skin
custom : /usr/share/opsi-script/customskin
opsi-script Library:
/opt/opsi-script/lib
Translation files:
/opt/opsi-script/locale/opsi-script.po
Config files:
/etc/opsi-client-agent/opsiclientd.conf
(configuration of the opsiclientd)
/etc/opsi-script/opsi-script.conf
(configuration of opsi-script)
Logfiles / temporary files:
/var/log/opsi-client-agent
/var/log/opsi-client-agent/opsiclientd
/var/log/opsi-script/
opsi-linux-client-agent: Known Bugs
Copy a bundle of files via Files section from a smb share may fail according to the Samba version This problem was reported from some samba3 Versions but seems to be vanished in samba4.
Workaround: Instead of:
[Files_copy_netboot]
copy -s "%scriptPath%/installfiles/*" "$target$/installfiles/"
you may use:
[ShellScript_opsi_copy_netboot]
set -x
export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
cd "%scriptPath%"
tar cf - installfiles | ( cd "$target$/installfiles/" ; tar xf - )
Script examples
For software deployment on Windows clients there can be said: the installation of software itself is as important as the subsequent configuring of the software.
On Linux most packets are available from the distribution repositories. So the installation part is less, but the configuration part stays the same. Also there are applications, that are not available from the standard repositories.
In this case special repositories or installation sources have to be added to the system. The important feature is, that all installation and configuration settings can be managed and logged on the opsi-server.
Here are some example snippets for an opsi-linux-client-agent opsi-script:
-
exit in case the script detects a non Linux system
-
detecting the distribution type (to use
apt
,zypper
oryum
) -
detecting the Linux version
-
installing a packet
-
adding a repository
Example: exit in case the script detects a non Linux system:
[Actions]
requiredWinstVersion >= "4.11.4.1"
ScriptErrorMessages=off
DefVar $OS$
set $OS$ = GetOS
if not($OS$ = "Linux")
LogError "Wrong OS: Product: " + $ProductId$ + "is only for Linux"
isFatalError "Wrong OS"
endif
Example: detecting the distribution type:
[Actions]
requiredWinstVersion >= "4.11.4.1"
ScriptErrorMessages=off
DefVar $distrotype$
set $distrotype$ = getLinuxDistroType
if $distrotype$ = 'debian'
Message "Try to get Package Lock..."
if waitForPackageLock("60","false")
comment "we got the package lock."
else
LogError "could not get Package Lock"
isFatalError "package lock failed"
endif
ShellScript_Upgrade_deb
else
LogError "Wrong Distro: This Product is for Debian/Ubuntu only"
isFatalError "Wrong distro"
endif
if not("0" = getLastExitCode)
Message "failed ShellScript_Upgrade"
LogError "failed ShellScript_Upgrade"
isFatalError "failed Upgrade"
endif
[ShellScript_Upgrade_deb]
set -x
export DEBIAN_FRONTEND=noninteractive
apt update
apt --yes dist-upgrade
exit $?
Example: detecting the Linux version and installing a packet:
[Actions]
requiredWinstVersion >= "4.11.4.1"
ScriptErrorMessages=off
DefVar $distCodeName$
DefVar $distroName$
DefVar $distRelease$
DefVar $desktop$
DefStringList $linuxInfo$
set $linuxInfo$ = getLinuxVersionMap
set $distCodeName$ = getValue("Codename", $linuxInfo$)
set $distRelease$ = getValue("Release", $linuxInfo$)
set $distroName$ = getValue("Distributor ID", $linuxInfo$)
set $desktop$ = GetProductProperty("desktop", "kde")
if $distrotype$ = 'suse'
if $desktop$ = "unity"
Message " No Unity on SUSE - fallback to KDE ..."
set $desktop$ = "kde"
endif ; unity
Message "Try to get Package Lock..."
if waitForPackageLock("60","false")
comment "we got the package lock."
else
LogError "could not get Package Lock"
isFatalError "package lock failed"
endif
if $desktop$ = "kde"
if ($distroName$ = 'openSUSE project')
ShellScript_kde_suse
endif
if ("SUSE LINUX" = $distroName$) and ($distRelease$ = "11")
ShellScript_kde_sles11
endif
if not("0" = getLastExitCode)
LogError "failed ShellScript"
Message "failed kde"
isFatalError "failed kde"
endif
endif ; kde
endif; suse type
[ShellScript_kde_suse]
set -x
zypper --no-gpg-checks --non-interactive install patterns-openSUSE-kde4 patterns-openSUSE-kde4_basis
zypper --no-gpg-checks --non-interactive install splashy-branding-openSUSE
exit $?
[ShellScript_kde_sles11]
set -x
zypper --no-gpg-checks --non-interactive install --auto-agree-with-licenses -t pattern kde
exit $?
Example: adding a repository:
[Actions]
requiredWinstVersion >= "4.11.4.1"
ScriptErrorMessages=off
DefVar $distCodeName$
DefVar $distroName$
DefVar $distRelease$
DefVar $desktop$
DefStringList $linuxInfo$
set $linuxInfo$ = getLinuxVersionMap
set $distCodeName$ = getValue("Codename", $linuxInfo$)
set $distRelease$ = getValue("Release", $linuxInfo$)
set $distroName$ = getValue("Distributor ID", $linuxInfo$)
set $desktop$ = GetProductProperty("desktop", "kde")
if $distroName$ = 'Ubuntu'
if $desktop$ = "cinnamon"
set $desktopPackage$ = $desktop$
Message "Try to get Package Lock..."
if waitForPackageLock("60","false")
comment "we got the package lock."
else
LogError "could not get Package Lock"
isFatalError "package lock failed"
endif
ShellScript_ubuntu_cinnamon
if not("0" = getLastExitCode)
Message "failed ShellScript_ubuntu_cinnamon"
LogError "failed ShellScript_ubuntu_cinnamon"
isFatalError "failed cinnamon"
endif
endif ; cinnamon
endif; ubuntu
[ShellScript_ubuntu_cinnamon]
set -x
export DEBIAN_FRONTEND=noninteractive
# we need to get the add-apt-repository command
apt --yes install python-software-properties
# the cinnamon repository
add-apt-repository ppa:gwendal-lebihan-dev/cinnamon-stable
apt update
apt --yes install ubuntu-desktop
exit $?
Many of these as well as some other functions are available in the opsi-script standard library uib_lin_install.opsiscript.
Linux localboot products
Here some localboot products that are part of the standard opsi Linux support.
The product l-opsi-server
The product 'l-opsi-server' serves to install on a Linux computer an opsi-server via opsi-linux-client-agent in an automated way. This can serve to install quickly a new opsi-depot-server or e.G. an opsi Test system.
Currently for a opsi-config server an other maschine can’t be a opsi-linux-client and a opsi-depot-server at the same time. To work around this limitation, you have two possibilities: 1. Using one opsi-config-server: After the installation of opsi via 'l-opsi-server' and before you register this maschine as opsi-depot-server, you have to delete it as client in the configed. 2. Using two opsi-config-servers: Setup a second independent opsi-config-server, which is only used to administrate (install and mantain) your opsi-servers. So this second opsi-config-server knows the other opsi-servers only as linux-clients. Your other (first) opsi-config-server know theses other opsi-servers as depots. In a UCS environment method 2 is recommended and the second opsi-config server must not be a UCS Server. |
The product 'l-opsi-server' has the following Properties:
-
opsi_online_repository
:
(Base-) Repository for opsi-server installation.
(Default="https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/")
see also 'repo_kind' -
opsi_noproxy_online_repository
:
(Base-) Repository for opsi-server installation (without any cache proxy).
(Default="https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/")
Should you require onopsi_online_repository
to introduce a Proxy or deb-cacher (e.G. 'http://mydeb-cacher:9999/download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/"), than introduce the URL without Proxy. Otherwise introduce the same asopsi_noproxy_online_repository
. -
repo_kind
:
Which kind of repository ["experimental", "stable", "testing"] should be installed ?. (Default='stable')
With the Client OS, 'opsi_online_repository' and 'repo_kind' the URL will be built and the client will be added to an opsi repository. -
backend
:
Which backend should be installed ? (mysql needs a valid activation file). (Default='file')
A modules file with the require Activations can be stored in the custom directory of the product. If a modules file is found there, then will this one used. -
opsi_admin_user_name
:
The name of the opsi_admin_user to create (empty= nothing created). (Default='adminuser')
If a user is introduced here, it will applied, also it will be added to the group 'opsiadmin', 'pcpatch'/'opsifileadmin' and become as unix and samba password the valueopsi_admin_user_password
-
opsi_admin_user_password
:
What is the password of the opsi_admin_user to create (empty= not allowed). (Default='linux123')
seeopsi_admin_user_name
-
setup_after_install
:
Which opsi product(s) should we switch to setup after l-opsi-server installation is done ?. (Default="") -
allow_reboot
:
May the server reboot if script is finished ?. (Default='true') -
install_and_configure_dhcp
:
Should we run the dhcp server on this machine ?. (Default='False')
If this property is 'false' then the following properties: 'netmask', 'network', 'dnsdomain','nameserver' and 'gateway' are meaningless because they are only used for dhcp configuration. -
myipname
:
Set a different IP name (FQDN) ('auto'= use standard) (Default='auto')
Meaningless if 'install_and_configure_dhcp=false' -
myipnumber
:
Set a different IP number ('auto'= use standard) (Default='auto')
Meaningless if 'install_and_configure_dhcp=false' -
netmask
:
Netmask (for dhcp). (Default="255.255.0.0")
Meaningless if 'install_and_configure_dhcp=false' -
network
:
network address (for dhcp). (Default="192.168.0.0")
Meaningless if 'install_and_configure_dhcp=false' -
dnsdomain
:
DNS domain (for dhcp). (Default="uib.local")
Meaningless if 'install_and_configure_dhcp=false' -
nameserver
:
Primary nameserver (for dhcp). (Default="192.168.1.245")
Meaningless if 'install_and_configure_dhcp=false' -
gateway
:
gateway (option routers for dhcp). (Default="192.168.1.245")
Meaningless if 'install_and_configure_dhcp=false' -
ucs_master_admin_password
:
Only needed for opsi installation on UCS Server with other Roles than Role 'Master'. (Default='linux123') -
update_test
:
Do not use: Internal Debugging. (Default='False') -
ucs_master_admin_password
:
On a UCS machine the roles Slave, Backup and Member have to be joined correctly with the Mas ter. This property takes the password to perform the join.
The product has 'setup required before' dependency to the product 'l-system-update'. That means when you set 'l-opsi-server' on 'setup' it will also automatically set 'l-system-update' also on setup and installed before.
In the directory custom
of the product l-opsi-server
the activated file (modules
) is stored, which is used in the Installation of the product l-opsi-server
and will be preserved in the case of a new version of the product.
l-os-postinst
This product installs and configures those parts of the base installation, that cannot be done from the bootimage in a proper way.
This is for the different distributions:
-
CentOS:
-
installation of SELinux
-
This product has a dependency to the product 'l-system-update' which is executed before running 'l-os-postinst'.
This product has a high priority, so it is executed before common products.
l-desktop
The product l-desktop installs a desktop packet on the computer.
The property desktop
selects the desktop to be installed. Not all of the desktops are available for every distribution. For instance 'Unity' is available for Ubuntu only. If the selected desktop is not available, the distribution specific default desktop will be installed. Furthermore the scope of the desktop packets differs according to the distribution and the selected desktop. It can be just the actual desktop software, or might also contain some base products like libreoffice, firefox, PDF Reader etc.
The property desktop
can have the following values:
-
Gnome
Default for Debian, CentOS, RHEL.
Available for all distributions. -
KDE
Default für SLES, OpenSuse. Available for all distributions. -
Unity
Available for Ubuntu only. -
Cinnamon
Available for Ubuntu only. -
xfce4
Available for Ubuntu, Debian. -
lxde
Available for Ubuntu, Debian.
Inventory
To create an inventory, the data are collected on the client and sent to the server. The hardware inventory is based on the methods implemented in the bootimage.
The software inventory is based on the data from the packet management of the deployed Linux distribution.