opsi Linux Support

Supported as opsi-client: Linux

As of 23.08.2023

Table 1. Supported Linux OS as Client in opsi 4.2

Distribution

OS-Installation

netboot products

client-agent

opsiclientd

Debian 11 Bullseye

supported

debian, debian11

supported

supported

Debian 10 Buster

supported

debian, debian10

supported

supported

Debian 9 Stretch

discontinued

debian, debian9

discontinued

discontinued

Debian 8 Jessie

discontinued

debian, debian8

discontinued

discontinued

Ubuntu Bionic 22.04 LTS

supported

ubuntu, ubuntu22-04

supported

supported

Ubuntu Bionic 20.04 LTS

supported

ubuntu, ubuntu20-04

supported

supported

Ubuntu Bionic 18.04 LTS

supported

ubuntu, ubuntu18-04

supported

supported

Ubuntu Xenial 16.04 LTS

discontinued

ubuntu, ubuntu16-04

discontinued

discontinued

Ubuntu Trusty 14.04 LTS

discontinued

ubuntu, ubuntu14-04

discontinued

discontinued

Linux Mint 21-1

supported

mint21-1

supported

supported

Linux Mint 21

supported

mint21

supported

supported

Linux Mint 20-3

supported

mint20-3

supported

supported

Linux Mint 20-2

supported

mint20-2

supported

supported

Linux mint 20-1

supported

mint20-1

supported

supported

RHEL 9

supported

rhel9

supported

supported

RHEL 8

supported

rhel8

supported

supported

RHEL 7

discontinued

rhel70

discontinued

discontinued

RHEL 6

discontinued

Alma Linux 9

supported

alma8

supported

supported

Alma Linux 8

supported

alma8

supported

supported

Rocky Linux 9

supported

rocky8

supported

supported

Rocky Linux 8

supported

rocky8

supported

supported

CentOS 8

discontinued

centos8

discontinued

discontinued

CentOS 7

discontinued

centos70

discontinued

discontinued

CentOS 6

discontinued

SLES 15 SP4

supported

sles15sp4

supported

supported

SLES 15 SP3

supported

sles15sp3

supported

supported

SLES 15 SP2

supported

sles15sp2

supported

supported

SLES 15 SP1

supported

sles15sp1

supported

supported

SLES 12 SP5

supported

sles12sp5

supported

supported

SLES 12 SP4

supported

sles12sp4

supported

supported

SLES 12 SP3

supported

sles12sp3

supported

supported

SLES 12 SP2

discontinued

sles12sp2

discontinued

discontinued

SLES 12 SP1

discontinued

sles12sp1

discontinued

discontinued

SLES 12

discontinued

sles12

discontinued

discontinued

openSuse Leap 15.4

supported

opensusel15-3

supported

supported

openSuse Leap 15.3

discontinued

opensusel15-3

discontinued

discontinued

openSuse Leap 15.2

discontinued

opensusel15-2

discontinued

discontinued

openSuse Leap 15.1

discontinued

opensusel15-1

supported

supported

openSuse Leap 15.0

discontinued

opensusel15

discontinued

discontinued

openSuse Leap 42.3

discontinued

opensusel42-2

discontinued

discontinued

openSuse Leap 42.2

discontinued

opensusel42-2

discontinued

discontinued

openSuse Leap 42.1

discontinued

opensusel42-1

discontinued

discontinued

UCS 5.0

supported

ucs50

supported

supported

UCS 4.4

supported

ucs44

supported

supported

UCS 4.3

discontinued

ucs43

supported

supported

supported: Supported unsupported: Unsupported develop: Under Development discontinued: Discontinued

As of 23.08.2023

Table 2. Linux netboot products and the used installer type in opsi 4.2

Netbootproduct

Installer

State

Remark

debian

opsi

supported

stretch - bullseye

debian11

distribution

supported

debian10

distribution

supported

debian9

distribution

discontinued

debian8

distribution

discontinued

debian8

distribution

discontinued

debian7

distribution

discontinued

ubuntu

opsi

supported

trusty - jammy

ubuntu22-04

distribution

supported

ubuntu20-04

distribution

supported

ubuntu18-04

distribution

supported

ubuntu16-04

distribution

discontinued

ubuntu14-04

distribution

discontinued

mint21

distribution

supported

mint20-3

distribution

supported

mint20-2

distribution

supported

mint20-1

distribution

supported

centos8

distribution

discontinued

centos70

distribution

unsupported

redhat9

distribution

supported

redhat8

distribution

supported

redhat70

distribution

unsupported

alma9

distribution

supported

alma8

distribution

supported

rocky9

distribution

supported

rocky8

distribution

supported

sles15sp3

distribution

supported

sles15sp2

distribution

supported

sles15sp1

distribution

supported

sles12sp4

distribution

supported

sles12sp3

distribution

supported

sles12sp2

distribution

discontinued

sles12sp1

distribution

discontinued

sles12

distribution

discontinued

opensusel15-4

distribution

supported

opensusel15-3

distribution

supported

opensusel15-2

distribution

discontinued

opensusel15-1

distribution

discontinued

opensusel15

distribution

discontinued

opensusel42-3

distribution

discontinued

opensusel42-2

distribution

discontinued

opensusel42-1

distribution

discontinued

ucs50

distribution

supported

ucs44

distribution

supported

ucs43

distribution

discontinued

Preconditions for using the opsi Linux Support

Technical precondition is opsi 4.0.5 with following packet versions:

Table 3. Required packets
opsi packet version

opsi-linux-bootimage

>= 20140805-1

The opsi support for Linux is based on a free Open Source component (the netboot products) and a co-funded component (the client-agent).

The opsi-linux-client-agent is a co-funded opsi extension module.
In order to use the opsi Linux extension module, an activation file is required, this file can be acquired by buying the extension module. To obtain a temporary activation file for evaluation, please email us at info@uib.de.
For further details on handling extension modules please refer to the opsi manual.

opsi-linux-client-agent: 15 Free starts

The opsi-linux-client-agent includes 15 free starts by which the agent can be used without any activation

In detail: After the initial Install from the opsi-linux-client-agent the opsi-script can be started 15 times in service context without the need of activation.
This gives you the possibility to set a Linux computer with the corresponding opsi-products for the configuration needed. For example, after the installation of the system you could use the product l-opsi-server to make of the newly installed computer an opsi-server.

For a long lasting maintenance of the installed Linux computers after the 15 free starts, it is recommended the activation of the feature, in order to continue taking advantage of its benefits.

Installation of the packages

The Linux-related packages can be loaded over the opsi-package-updater. By default it already has the repository for the linux packages activated.

You can use the following command to install the packages:

opsi-package-updater -v --repo uib_linux install

Introduction

A single management tool for Windows and Linux

The objective of the opsi Linux extension module is to provide an homogenous management system for heterogenous environments. The focus is on integrating both worlds into the same management processes and tools

This means, that a Linux installation is triggered the same way as a Windows installation. The Linux opsi-client-agent is based on the same source code as the Windows client and provides (when applicable) the same opsiscript instruction sets.

Independent from Linux distribution

The opsi Linux Support is designed to be independent from any special Linux distribution.
The following distributions are supported:

  • Debian

  • Ubuntu

  • Linux Mint

  • OpenSuse / SLES (Suse Linux Enterprise Server)

  • RHEL (RedHat Enterprise Linux)

  • Alma Linux 8

  • Rocky Linux 8

  • CentOS

  • UCS

Please keep in mind that you need at least 4GB of RAM in the machine or VM if you want to install Linux Mint.

Installation of a new Linux PC via opsi (OS-Installation)

opsi Linux netboot products based on the distibution installer
  • Like with the unattended Windows installation, the Linux installer is equipped with an answer file to configure the unattended installation.

  • The installer of a distribution is not like with Windows an executable program, but is a combination of the distribution kernel and initrd implementation.

  • The system installation including partitioning, LVM, and all the basic software, are performed by the installers and not by the bootimage anymore.

  • For the Suse and RedHat like distributions, the installation sources have to be provided by you by introducing the DVD as an ISO-file on the depot share. This is comparable to the Windows installation, with the difference that the Windows installation files are stored in a different place and stored as the content of the DVD and not as an ISO file.

  • The installation of Linux Mint uses the content of the official installation media provided via an NFS share.

  • For the Debian like distributions, the installation sources are taken from the internet. Just the netboot versions of the distribution kernel with the associated initrd are placed on the depot share. These files are small, so they are included in the opsi package.
    Since opsi 4.0.7 it is also possible to provide for some netboot products a local http repository.

  • For further maintenance of the installation the opsi-linux-client-agent can be installed with the basic installation.

Description of the automated installation process:

  1. The opsi-linux-bootimage boots, deletes the partition table and creates a small temporary partition.

  2. The opsi-linux-bootimage fetches the initrd for the distribution and unpacks it on the temporary partition.

  3. The opsi-linux-bootimage fetches the generic answer file, patches it (personalisation) and moves it to the initrd directory.

  4. The opsi-linux-bootimage creates some helper scripts and configuration files (e.g. for installing the opsi-linux-client-agent) and moves them to the initrd directory.

  5. The opsi-linux-bootimage packs the patched initrd directory

  6. The opsi-linux-bootimage boots the distribution kernel with the patched initrd per kexec.

  7. The distribution kernel with the patched initrd performs the unattended installation of the target system and finally installs the opsi-linux-client-agent.

Advantages:

  • The installation is done as specified by the distributor, which is of special importance for providing support in the business context.

  • The opsi integration of new releases is easier and faster available.

  • For Suse, RedHat, Linux Mint like distributions and Ubuntu 22-04, the installation is done from the sources on the opsi-server, and therefore is faster and more stable than installing from the internet repositories.

Providing the installation media on the server via NFS

This affects SUSE like product prior to version 4.2.0.2-1, Redhat like distributions prior to version 4.2.0.3-1 and Linux Mint packages prior to version 4.2.0.2-1. Later on the new variant is explained.

For Suse. RedHat and Linux Mint like distributions, the installation media is provided by an additional nfs-share: opsi_nfs_share.

To configure this share, there must be a NFS server installed and configured on the opsi-server:

Since opsi v4.0.6 stable this is done by the special package opsi-linux-support. This package is not installed by default and must be installed manually once, e.g.

apt install opsi-linux-support

If a firewall is running on your system you need to configure it to accept TCP connections at port 80. Please consult the appropriate manual on how to do this.

The opsi-linux-support package performs the following tasks:

  • Installation of the applicable nfs-server package on the opsi-server. For Debian, Ubuntu, Suse this is the package: nfs-kernel-server. For Centos, Redhat it is the package nfs-utils.

  • The share opsi_nfs_share is created and exported:

    • Create directory:
      mkdir -p /var/lib/opsi/depot/opsi_nfs_share

    • Add the share entry to /etc/exports:
      /var/lib/opsi/depot/opsi_nfs_share *(ro,no_root_squash,insecure,async,subtree_check)

    • Activate the export:
      exportfs -r

    • Check the successful export:
      showmount -e localhost
      The output should be:
      Export list for localhost:
      /var/lib/opsi/depot/opsi_nfs_share *

  • The share opsi_nfs_share has the following directory structure:
    opsi_nfs_share/<productId>/<arch>/<dvd>.iso
    example:
    opsi_nfs_share/opensuse15-2/64/openSUSE-15.2-DVD-x86_64.iso
    The installation file must have an extension .iso, the name of the file does not matter. If there are several .iso files in the same directory, it is not specified which one to use.
    However the Linux Mint installation requires the installation media content, including hodden directories, to be copied into the specific opsi_nfs_share subdirectory.

  • Copy the installation DVD to the opsi_nfs_share and execute:
    opsi-set-rights /var/lib/opsi/depot/opsi_nfs_share
    IMPORTANT: use the standard installation DVDs of the distribution. Modified installation DVDs might have a different structure and therefore cannot be used in this context.

  • If for any reasons the directory /var/lib/opsi/depot/opsi_nfs_share cannot be exported by the opsi-server per NFS (for instance because the depot share is already a NAS NFS share), so the NFS share to be used can be specified by a server config. Like clientconfig.opsi_nfs_share=172.16.166.1:/var/lib/opsi/depot/opsi_nfs_share

  • The product ubuntu22-04 a .iso file has to be placed in the iso directory within the package directory in the depot.

Providing the installation media on the server via opsiconfd WebDAV

This affects SUSE like product after to version 4.2.0.2-1, Redhat like distributions after to version 4.2.0.3-1 and Linux Mint packages after to version 4.2.0.2-1.

RedHat and SUSE like distributions along with Linux Mint and Ubunut 22-04 in the above mentioned versions do not use the NFS method anymore. Instead the opsiconfd WebDAV server is used to distribute the installation media. For this case each of those netboot packages contains a iso or isocontent subdirectory.

The iso subdirectory shall contain an ISO image of the specific distribution. On the other hand the isocontent directory shall contain the contents of an ISO image, including files starting with a dot.

Here is an example how to fill the isocontent directory.

mount SLE-15-SP3-Full-x86_64-GM-Media1.iso /mnt
cp -r /mnt/* /var/lib/opsi/depot/sles15-3/isocontent/
cp /mnt/.treeinfo /var/lib/opsi/depot/sles15-3/isocontent/
cp /mnt/.discinfo /var/lib/opsi/depot/sles15-3/isocontent/
umount /mnt

Please note: the file .discinfo is not present on all distribution installation media and might be missing.

Common properties of the Linux netboot products based on the distibution installer

The following properties are available with all v406 netboot products to configure the Linux installation:

  • askbeforeinst:
    Starting an installation has to be confirmed from the client console? (Default='true')

  • architecture:
    architecture selection, which affects the selection of bootimages and the installation architecture. (Default='64bit')

  • language or locale:
    Which language / locale is to be installed. (Default=distribution dependent / 'de')

  • console_keymap: (not present in ubuntu22-04!)
    keyboard layout to be installed. (Default=distribution dependent / 'de')

  • timezone:
    Timezone to be installed?. (Default='Europe/Berlin')

  • root_password:
    root password. (Default='linux123')

  • user_password:
    user password. (Default='linux123')

  • proxy:
    Proxystring (if required) as: 'http://<ip>:<port'
    (Default='')

  • install_opsi-client-agent:
    Install the Linux opsi-client-agent (co-funded project: a module file is required for activation. (Default='true')

  • setup_after_install:
    Which opsi products should be installed after the installation of the operating system (opsi products set to setup). (Default='')

The products debian10, debian11 and ubuntu18-04, ubuntu20-04, ubuntu22-04 and mint20-1, mint20-2, mint20-3, mint21

The basic OS installation files are taken from the distribution repositories.

This product has the productive state.

This product has the following additional properties, some are not present in the netboot package ubuntu22-04:

  • online_repository:
    distribution repository for the installation. (only for the Debian/Ubuntu family) (Default=distribution dependent)

  • encrypt_password: (not present in ubuntu22-04!)
    Password for disk encryption (only if encrypt_logical_volumes=true)
    Example: linux123 Default: linux123

  • partition_disk: (not present in ubuntu22-04!)
    Disk to use.: first or complete device path Examples: "first", "/dev/sda", "/dev/sdb"
    Default: first

  • partition_method:
    The method use for partitioning of the disk:
    regular: use the usual partition types for your architecture (direct in ubuntu22-04) / lvm: use LVM to partition the disk / crypto: use LVM within an encrypted partition (not present in ubuntu22-04!)
    Possible: "regular" or "direct", "lvm", "crypto"
    Default: lvm

  • partition_recipe: (not present in ubuntu22-04!)
    The kind of partitions that will be used:
    atomic: all files in one partition / home: separate /home partition / multi: separate /home, /usr, /var, and /tmp partitions
    Possible: "atomic", "home", "multi"
    Default: atomic

  • desktop_package:
    Desktop package to install (standard = no desktop) (only for the Debian/Ubuntu family) Possible: "standard", "ubuntu-desktop", "kubuntu-desktop", "lubuntu-desktop", "xubuntu-desktop", "ubuntu-gnome-desktop"
    Default: standard

  • language_packs:
    Possible: "ar", "bg", "by", "cf", "de", "dk", "en", "es", "et", "fa", "fi", "fr", "gr", "il", "it", "kg", "kk", "lt", "mk", "nl", "no", "pl", "ro", "ru", "sg","sr", "ua", "uk", "us", "wo"
    Default: de

  • installation_method:
    Offers a possibility to bypass the kexec in case it fails. The alternate method installs a minimal installation on the local disk and reboot from it. This property currently works with debian10, ubuntu18-04 and ubuntu20-04 in UEFI. Possible: "kexec", "reboot"
    Default: kexec

The product ucs44

The basic OS installation files are taken from the the official UCS repositories.

This product has a productive state. With this product one can install a master, slave, backup and even a memberserver. It is recommended to use the l-opsi-server localboot product to make an opsi server out of the UCS machine. Memberserver are supported when an opsi server is installed through l-opsi-server. This localboot products makes special adjustments to the server, so it can deploy clients like other UCS roles.

This product has the same properties as described above for debianX or ubuntuX and the following additional ucs specific properties:

  • dns_domain:
    The DNS domain name: Example: example.com Default: ucs.test

  • ldap_base:
    The ldap base. Example: dc=example,dc=com Default: dc=ucs,dc=test

  • ucs_code_name:
    The code name of the ucs version that is provided in the repository.
    Example: ucs414 Default: ucs414

  • organisation:
    The name of the organisation that will be used for the ucs installation.
    Example: uib gmbh Default: uib gmbh

  • windomain:
    The name of the Samba/Windows domain.
    Example: MYDOMAIN Default: MYDOMAIN

  • external_nameserver:
    Which nameserver is included to the ucs installation ?
    Example: 10.11.12.13 Default: auto = the name server given by dhcp

  • ucs_master_ip:
    What is the IP Number of the UCS Domain Controller (needed for other roles to join) ?
    Example: 10.10.10.10 Default: 10.10.10.10

  • ucs_master_admin_password:
    What is the password of the user Administrator of the UCS Domain Controller (needed for other roles to join) ?
    Example: linux123 Default: linux123

  • ucs_role:
    Which UCS role should be installed ?
    Possible: "domaincontroller_master", "domaincontroller_backup", "domaincontroller_slave", "memberserver", "base"
    Default: domaincontroller_master

The products sles12sp3, sles12sp4, sles12sp5, sles15-1, sles15-2, sles15-3, sles15-4

This product has the following additional properties:

name: productkey
multivalue: False
editable: True
description: email:regcode-sles for suse_register. Is only used if the  host parameter  `license-management.use` is set to  false . If it set to  True  the license key will be get from the license management module. / La clé de licence pour l'installation. Est utilisée uniquement si dans "Réseau et paramètres supplémentaires" `license-management.use` est défini à false (faux) . Si c'est réglé sur True (vrai) la clé de licence sera obtenue du module de gestion des licences.
values: ["", "myemail@example.com:xxxxxxxxxxxxxx"]
default: [""]

name: suse_register
description: set to false, if you don't want to register your system online, if you set this to false you have to give local repositories
default: True

name: local_repositories
multivalue: True
editable: True
description: list of local repositories to use. Syntax: "repository description", example entry: "http://sles.example.com/suse/repo NameForRepo"
values: [""]
default: [""]

name: install_unattended
description: If false then do interactive installation
default: True
Source of installation

To download the installation DVD you need an account on SUSE. Prior to version 4.2.0.2-1: Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/sles15-3/64/ After version 4.2.0.2-1 Copy the ISO image content to /var/lib/opsi/depot/sles15-3/isocontent/ Please don’t forget to execute opsi-set-rights.

Videos (time lapse)

The following video shows an installation.
It is made with one frame per second and because of that, the installation that you see it is much more faster than a normal installation.

The products redhat8, redhat9 and alma8, alma9 and rocky8, rocky9

This product has the following additional properties:

name: install_unattended
description: If false then do interactive installation
default: True

name: selinux_mode
multivalue: False
editable: False
description: In which mode should SELinux run ?
values: ["enforcing", "permissive", "disabled"]
default: ["permissive"]

name: partition_method
multivalue: False
editable: False
description: plain: Regular partitions with no LVM or Btrfs. / lvm: The LVM partitioning scheme. / btrfs: The Btrfs partitioning scheme. / thinp: The LVM Thin Provisioning partitioning scheme.
values: ["plain", "lvm", "btrfs", "thinp"]
default: ["lvm"]

name: productkey
multivalue: False
editable: True
description: email:regcode for subscription_register. Is only used if the  host parameter  `license-management.use` is set to  false . If it set to  True  the license key will be get from the license management module. / La clé de licence pour l'installation. Est utilisée uniquement si dans "Réseau et paramètres supplémentaires" `license-management.use` est défini à false (faux) . Si c'est réglé sur True (vrai) la clé de licence sera obtenue du module de gestion des licences.
values: ["", "myemail@example.com:xxxxxxxxxxxxxx"]
default: [""]

name: subscription_register
description: set to false, if you don't want to register your system online, you need to set this to false and you have to introduce your local repository
default: True
Source of installation AlmaLinux

Download the installation DVD here, e.g. from here. Prior to version 4.2.0.3-1 Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/alma8/64/ After version 4.2.0.3-1 Copy the ISO image content to /var/lib/opsi/depot/alma8/isocontent/ Please don’t forget to execute opsi-set-rights.

Source of installation RedHat

To download the installation DVD you need an account on RedHat. Prior to version 4.2.0.3-1 Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/redhat8/64/ After version 4.2.0.3-1 Copy the ISO image content to /var/lib/opsi/depot/redhat8/isocontent/ Please don’t forget to execute opsi-set-rights.

Source of installation RockyLinux

Download the installation DVD here, e.g. from here. Prior to version 4.2.0.3-1 Copy the ISO-File to /var/lib/opsi/depot/opsi_nfs_share/rocky8/64/ After version 4.2.0.3-1 Copy the ISO image content to /var/lib/opsi/depot/rocky8/isocontent/ Please don’t forget to execute opsi-set-rights.

Videos (time lapse)

The following video shows an installation.
It is made with one frame per second and because of that, the installation that you see it is much more faster than a normal installation.

Linux netboot products with generic installer

Without distribution installer

Basic OS installation per netboot

To install Linux on a client, at the beginning the standard opsi-linux-bootimage boots per netboot. It is the same image as the one used for the Windows installation.
The bootimage automatically performs the partitioning and formatting of the hard disc (/ and swap). Next the installation of the basic Linux Operating System is performed (including network and ssh, but without X11). The installation process itself is quite different for the individual distributions, but has in common, that the installation is performed directly from the original distribution packages.

The opsi-client-agent for Linux can be installed, which enables the automated installation and configuration of further software packages.

The opsi-client-agent for Linux is available as a co-funded opsi extension module, the required opsi netboot products for Linux installation are available as free Open Source modules.

Because the base installation is done from the Standard opsi-linux-bootimage, there are some distribution dependent differences, that have to be installed and configured after the first reboot of the installed system. This is for example the SELinux installation of the 'RedHat like' or the keyboard configuration of the 'Debian like' systems. These after boot installations and patches are done by the standard localboot

Common properties of Linux netboot products (generic installer)

The following properties for controlling the Linux installation are available with all netboot products:

  • askbeforeinst:
    confirm start of the new installation on the client? (default='true')

  • architecture:
    architecture selection - affects the selection of the bootimage and the installation architecture. (default='64bit')

  • system_partition_size:
    size of the system partition - the size may be given as percent of the hard disk size or as absolute size (G=Gigabyte). If you choose another value than 100%, the remaining rest will be used as data_partition. (default='100%')

  • swap_partition_size: +size of the swap partition. (default='2000M')

  • data_partition_create:
    create a data partition if there is some space left. (true/false) (default='true')

  • language:
    language / locale to be installed (default='de')

  • timezone:
    time zone to be configured (default='Europe/Berlin')

  • root_password:
    root password (default='linux123')

  • user_password:
    user password (default='linux123')

  • online_repository:
    repository to use for installation - repository of the Linux distribution to be used for installation (not for SLES) (default = distribution dependent)

  • proxy :
    proxystring (if required) as: 'http://<ip>:<port>'
    (default='')

  • additional_packages:
    additional packages to install. Packages names separated by blanks. (default='')

  • install_opsi-client-agent:
    install the Linux opsi-client-agent (cofunding project: has to be activated by the /etc/opsi/modules) (default='false')

  • release:
    (Debian and Ubuntu only)
    which release of the distribution is to be installed? (default = distribution dependent)

  • setup_after_install:
    opsi product(s) to be installed after the OS installation is done (opsi products to be set to 'setup') (default='l-os-postinst')

Ubuntu

The basic installation is performed per debootstrap directly from the network.

This product has the status 'productive'.

It is UEFI/GPT compatible.

Debian

The basic installation is performed per debootstrap directly from the network.

This product has the status 'productive'.

It is UEFI/GPT compatible.

For this product applicable opsi-server packets are available, that can be installed by setting 'install_opsi_server=true'.

opsi-linux-client-agent

The opsi-client-agent for Linux is part of the cofunding project 'Linux Agent', which is liable to pay costs.

The opsi-client-agent for Windows is based on two components:

  1. the service opsiclientd

  2. the action processor opsi-script / opsi-script-nogui

The opsi-client-agent for Linux is based on the Linux port of the Windows client agent.

The opsiclientd is not ported to all supported Linux distributions.

Tasks of the opsiclientd at startup are: * connect to the opsi-server: check whether actions are to be performed * mount the depot share * update the action processor if necessary * start the action processor * unmount the depot share * transfer the logfile to the server

The Linux action processor is named opsi-script and is built from the same sources as for Windows. So on Linux the same scripting syntax is available as on Windows. All common features, that are not Windows specific, are available, as there are e.g.:

  • file handling

  • string and stringlist functions

  • executing external scripts and programs

  • communication with the opsi-Server

  • patching config files

Of course Windows specific features (like patching the Windows registry) are not available on Linux, but there are some additional Linux specific functions like e.g.:

  • getLinuxDistroType

  • getLinuxVersionMap

Logging of the opsi-script ist available (like on Windows).

Linux opsi-script is available as a graphical version for working with X-Windows and a noGUI version for systems without graphical user interface.

opsi-linux-client-agent: Installation: service_setup.sh

This method is the first choice for installations on a single computer. service_setup.sh can also be used for maintenance or repair of a client. For mass roll-out, see the chapter below.

  1. login to the Linux client with root privileges

  2. mount the shared directory on the opsi server at //<opsiserver>/opsi_depot to any mount point

  3. change to directory opsi-linux-client-agent at the mountpoint

  4. start at this place the script ./service_setup.sh

The script connects to the opsi-webservice in order to create the server side client information and to get the pckey. The connection requires the user/password combination which it tries to retrieve from various configuration files. If that fails, a login window pops up (or commandline questions), where the user can fill in a URL, user, and password. The provided user has to be a member of the group 'opsiadmin'.

opsi-linux-client-agent: Installation: opsi-deploy-client-agent

The opsi-deploy-client-agent installs the opsi-client-agent directly from the opsi-server to the clients.

Requirements for the clients are:

  • ssh access as root or as a user that has the possibility to run sudo

The program creates the client on the server, then copies the installation files and the configuration information including the pckey to the client. After copying the necessary information, opsi-deploy-client-agent starts the installation on the client.

With opsi-deploy-client-agent a whole list of clients can be processed. These can include any number of clients that can be passed as the last parameter, or with the option '-f' by which the clients can be read from a file. When using a file, on each line a client must be present.

The program can work with IP addresses, host names and FQDNs. It will automatically try to recognize what kind of Address was passed.

The program can be found at '/var/lib/opsi/depot/opsi-linux-client-agent'
Run the program with root privileges or as a user being part of the "opsifileadmins" group.

bonifax:/var/lib/opsi/depot/opsi-linux-client-agent# ./opsi-deploy-client-agent  --help
usage: opsi-deploy-client-agent [-h] [--version] [--verbose]
                                [--debug-file DEBUGFILE] [--username USERNAME]
                                [--password PASSWORD]
                                [--use-fqdn | --use-hostname | --use-ip-address]
                                [--ignore-failed-ping]
                                [--reboot | --shutdown | --start-opsiclientd | --no-start-opsiclientd]
                                [--hosts-from-file HOSTFILE]
                                [--skip-existing-clients]
                                [--threads MAXTHREADS] [--depot DEPOT]
                                [--group GROUP] [--smbclient | --mount]
                                [--keep-client-on-failure | --remove-client-on-failure]
                                [host [host ...]]

Deploy opsi client agent to the specified clients. The c$ and admin$ must be
accessible on every client. Simple File Sharing (Folder Options) should be
disabled on the Windows machine.

positional arguments:
  host                  The hosts to deploy the opsi-client-agent to.

optional arguments:
  -h, --help            show this help message and exit
  --version, -V         show program's version number and exit
  --verbose, -v         increase verbosity (can be used multiple times)
  --debug-file DEBUGFILE
                        Write debug output to given file.
  --username USERNAME, -u USERNAME
                        username for authentication (default:
                        Administrator).Example for a domain account: -u
                        <DOMAIN>\\<username>
  --password PASSWORD, -p PASSWORD
                        password for authentication
  --use-fqdn, -c        Use FQDN to connect to client.
  --use-hostname        Use hostname to connect to client.
  --use-ip-address      Use IP address to connect to client.
  --ignore-failed-ping, -x
                        try installation even if ping fails
  --reboot, -r          reboot computer after installation
  --shutdown, -s        shutdown computer after installation
  --start-opsiclientd, -o
                        Start opsiclientd service after installation
                        (default).
  --no-start-opsiclientd
                        Do not start opsiclientd service after installation.
  --hosts-from-file HOSTFILE, -f HOSTFILE
                        File containing addresses of hosts (one per line).If
                        there is a space followed by text after the address
                        this will be used as client description for new
                        clients.
  --skip-existing-clients, -S
                        skip known opsi clients
  --threads MAXTHREADS, -t MAXTHREADS
                        number of concurrent deployment threads
  --depot DEPOT         Assign new clients to the given depot.
  --group GROUP         Assign fresh clients to an already existing group.
  --smbclient           Mount the client's C$-share via smbclient.
  --mount               Mount the client's C$-share via normal mount on the
                        server for copying the files. This imitates the
                        behaviour of the 'old' script.
  --keep-client-on-failure
                        If the client was created in opsi through this script
                        it will not be removed in case of failure. (DEFAULT)
  --remove-client-on-failure
                        If the client was created in opsi through this script
                        it will be removed in case of failure.

opsi-linux-client-agent: Installation: Via opsi netboot product

If you install a Linux via opsi netboot product, you only have to switch the property install_opsi-client-agent to 'true' (which is the default) in order to install the opsi-linux-client-agent.

opsi-linux-client-agent: opsiclientd configuration

The opsiclientd for Linux is a port of the opsiclientd for Windows. So it works withe similar configuration file which is located at: /etc/opsi-client-agent/opsiclientd.conf.

A detailed description of this file you will find at the chapter for the opsi-client-agent for Windows: opsi-client configuration

At the moment there are not all of the features and events available on Linux.
Available are:

  • Start at boot time (or via explicit start of the service opsiclientd). At Linux is the name of this event opsiclientd_start (not gui_startup)

  • event_on_demand

  • The event_timer but only with the configuration: super = default

Not available are:

  • Everything that is related to local caching ('WAN-Extension').

  • The event_net_connection

  • The event_on_shutdown

  • The event_silent_install

opsi-linux-client-agent: installation paths

As usual on Linux, the linux-opsi-client-agent is spread to several directories:

The binaries (or symlinks to binaries):

/usr/bin/opsi-script

/usr/bin/opsiclientd

Auxiliary files:

Skin files:
/opt/opsi-script/skin custom : /usr/share/opsi-script/customskin

opsi-script Library:
/opt/opsi-script/lib

Translation files: /opt/opsi-script/locale/opsi-script.po

Config files:

/etc/opsi-client-agent/opsiclientd.conf (configuration of the opsiclientd)

/etc/opsi-script/opsi-script.conf (configuration of opsi-script)

Logfiles / temporary files:

/var/log/opsi-client-agent

/var/log/opsi-client-agent/opsiclientd

/var/log/opsi-script/

opsi-linux-client-agent: Known Bugs

Copy a bundle of files via Files section from a smb share may fail according to the Samba version This problem was reported from some samba3 Versions but seems to be vanished in samba4.

Workaround: Instead of:

[Files_copy_netboot]
copy -s "%scriptPath%/installfiles/*" "$target$/installfiles/"

you may use:

[ShellScript_opsi_copy_netboot]
set -x
export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
cd "%scriptPath%"
tar cf - installfiles | ( cd "$target$/installfiles/" ; tar xf - )

Script examples

For software deployment on Windows clients there can be said: the installation of software itself is as important as the subsequent configuring of the software.
On Linux most packets are available from the distribution repositories. So the installation part is less, but the configuration part stays the same. Also there are applications, that are not available from the standard repositories. In this case special repositories or installation sources have to be added to the system. The important feature is, that all installation and configuration settings can be managed and logged on the opsi-server.

Here are some example snippets for an opsi-linux-client-agent opsi-script:

  • exit in case the script detects a non Linux system

  • detecting the distribution type (to use apt, zypper or yum)

  • detecting the Linux version

  • installing a packet

  • adding a repository

Example: exit in case the script detects a non Linux system:

[Actions]
requiredWinstVersion >= "4.11.4.1"
ScriptErrorMessages=off

DefVar $OS$

set $OS$ = GetOS

if not($OS$ = "Linux")
	LogError "Wrong OS: Product: " + $ProductId$ + "is only for Linux"
	isFatalError "Wrong OS"
endif

Example: detecting the distribution type:

[Actions]
requiredWinstVersion >= "4.11.4.1"
ScriptErrorMessages=off

DefVar $distrotype$

set $distrotype$ = getLinuxDistroType

if $distrotype$ = 'debian'
	Message "Try to get Package Lock..."
	if waitForPackageLock("60","false")
		comment "we got the package lock."
	else
		LogError "could not get Package Lock"
		isFatalError "package lock failed"
	endif
	ShellScript_Upgrade_deb
else
	LogError "Wrong Distro: This Product is for Debian/Ubuntu only"
	isFatalError "Wrong distro"
endif

if not("0" = getLastExitCode)
	Message "failed ShellScript_Upgrade"
	LogError "failed ShellScript_Upgrade"
	isFatalError "failed Upgrade"
endif


[ShellScript_Upgrade_deb]
set -x
export DEBIAN_FRONTEND=noninteractive
apt update
apt --yes dist-upgrade
exit $?

Example: detecting the Linux version and installing a packet:

[Actions]
requiredWinstVersion >= "4.11.4.1"
ScriptErrorMessages=off

DefVar $distCodeName$
DefVar $distroName$
DefVar $distRelease$
DefVar $desktop$

DefStringList $linuxInfo$

set $linuxInfo$ = getLinuxVersionMap
set $distCodeName$ = getValue("Codename", $linuxInfo$)
set $distRelease$ = getValue("Release", $linuxInfo$)
set $distroName$  = getValue("Distributor ID", $linuxInfo$)

set $desktop$ = GetProductProperty("desktop", "kde")


if $distrotype$ = 'suse'
	if $desktop$ = "unity"
		Message " No Unity on SUSE - fallback to KDE ..."
		set $desktop$ = "kde"
	endif ; unity

	Message "Try to get Package Lock..."
	if waitForPackageLock("60","false")
		comment "we got the package lock."
	else
		LogError "could not get Package Lock"
		isFatalError "package lock failed"
	endif

	if $desktop$ = "kde"
		if ($distroName$ = 'openSUSE project')
			ShellScript_kde_suse
		endif
		if ("SUSE LINUX" = $distroName$) and ($distRelease$ = "11")
			ShellScript_kde_sles11
		endif
		if not("0" = getLastExitCode)
			LogError "failed ShellScript"
			Message "failed kde"
			isFatalError "failed kde"
		endif
	endif ; kde
endif; suse type

[ShellScript_kde_suse]
set -x
zypper --no-gpg-checks --non-interactive install patterns-openSUSE-kde4 patterns-openSUSE-kde4_basis
zypper --no-gpg-checks --non-interactive install splashy-branding-openSUSE
exit $?

[ShellScript_kde_sles11]
set -x
zypper --no-gpg-checks --non-interactive install --auto-agree-with-licenses -t pattern kde
exit $?

Example: adding a repository:

[Actions]
requiredWinstVersion >= "4.11.4.1"
ScriptErrorMessages=off

DefVar $distCodeName$
DefVar $distroName$
DefVar $distRelease$
DefVar $desktop$

DefStringList $linuxInfo$

set $linuxInfo$ = getLinuxVersionMap
set $distCodeName$ = getValue("Codename", $linuxInfo$)
set $distRelease$ = getValue("Release", $linuxInfo$)
set $distroName$  = getValue("Distributor ID", $linuxInfo$)

set $desktop$ = GetProductProperty("desktop", "kde")


if $distroName$ = 'Ubuntu'

	if $desktop$ = "cinnamon"
		set $desktopPackage$ = $desktop$
		Message "Try to get Package Lock..."
		if waitForPackageLock("60","false")
			comment "we got the package lock."
		else
			LogError "could not get Package Lock"
			isFatalError "package lock failed"
		endif
		ShellScript_ubuntu_cinnamon
		if not("0" = getLastExitCode)
			Message "failed ShellScript_ubuntu_cinnamon"
			LogError "failed ShellScript_ubuntu_cinnamon"
			isFatalError "failed cinnamon"
		endif
	endif ; cinnamon
endif; ubuntu

[ShellScript_ubuntu_cinnamon]
set -x
export DEBIAN_FRONTEND=noninteractive
# we need to get the add-apt-repository command
apt --yes install python-software-properties
# the cinnamon repository
add-apt-repository ppa:gwendal-lebihan-dev/cinnamon-stable
apt update
apt --yes install ubuntu-desktop
exit $?

Many of these as well as some other functions are available in the opsi-script standard library uib_lin_install.opsiscript.

Linux localboot products

Here some localboot products that are part of the standard opsi Linux support.

The product l-opsi-server

The product 'l-opsi-server' serves to install on a Linux computer an opsi-server via opsi-linux-client-agent in an automated way. This can serve to install quickly a new opsi-depot-server or e.G. an opsi Test system.

Currently for a opsi-config server an other maschine can’t be a opsi-linux-client and a opsi-depot-server at the same time.
To work around this limitation, you have two possibilities:
1. Using one opsi-config-server: After the installation of opsi via 'l-opsi-server' and before you register this maschine as opsi-depot-server, you have to delete it as client in the configed.
2. Using two opsi-config-servers: Setup a second independent opsi-config-server, which is only used to administrate (install and mantain) your opsi-servers. So this second opsi-config-server knows the other opsi-servers only as linux-clients. Your other (first) opsi-config-server know theses other opsi-servers as depots.
In a UCS environment method 2 is recommended and the second opsi-config server must not be a UCS Server.

The product 'l-opsi-server' has the following Properties:

  • opsi_online_repository:
    (Base-) Repository for opsi-server installation.
    (Default="https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/")
    see also 'repo_kind'

  • opsi_noproxy_online_repository:
    (Base-) Repository for opsi-server installation (without any cache proxy).
    (Default="https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/")
    Should you require on opsi_online_repository to introduce a Proxy or deb-cacher (e.G. 'http://mydeb-cacher:9999/download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/"), than introduce the URL without Proxy. Otherwise introduce the same as opsi_noproxy_online_repository.

  • repo_kind:
    Which kind of repository ["experimental", "stable", "testing"] should be installed ?. (Default='stable')
    With the Client OS, 'opsi_online_repository' and 'repo_kind' the URL will be built and the client will be added to an opsi repository.

  • backend:
    Which backend should be installed ? (mysql needs a valid activation file). (Default='file')
    A modules file with the require Activations can be stored in the custom directory of the product. If a modules file is found there, then will this one used.

  • opsi_admin_user_name:
    The name of the opsi_admin_user to create (empty= nothing created). (Default='adminuser')
    If a user is introduced here, it will applied, also it will be added to the group 'opsiadmin', 'pcpatch'/'opsifileadmin' and become as unix and samba password the value opsi_admin_user_password

  • opsi_admin_user_password:
    What is the password of the opsi_admin_user to create (empty= not allowed). (Default='linux123')
    see opsi_admin_user_name

  • setup_after_install:
    Which opsi product(s) should we switch to setup after l-opsi-server installation is done ?. (Default="")

  • allow_reboot:
    May the server reboot if script is finished ?. (Default='true')

  • install_and_configure_dhcp:
    Should we run the dhcp server on this machine ?. (Default='False')
    If this property is 'false' then the following properties: 'netmask', 'network', 'dnsdomain','nameserver' and 'gateway' are meaningless because they are only used for dhcp configuration.

  • myipname:
    Set a different IP name (FQDN) ('auto'= use standard) (Default='auto')
    Meaningless if 'install_and_configure_dhcp=false'

  • myipnumber:
    Set a different IP number ('auto'= use standard) (Default='auto')
    Meaningless if 'install_and_configure_dhcp=false'

  • netmask:
    Netmask (for dhcp). (Default="255.255.0.0")
    Meaningless if 'install_and_configure_dhcp=false'

  • network:
    network address (for dhcp). (Default="192.168.0.0")
    Meaningless if 'install_and_configure_dhcp=false'

  • dnsdomain:
    DNS domain (for dhcp). (Default="uib.local")
    Meaningless if 'install_and_configure_dhcp=false'

  • nameserver:
    Primary nameserver (for dhcp). (Default="192.168.1.245")
    Meaningless if 'install_and_configure_dhcp=false'

  • gateway:
    gateway (option routers for dhcp). (Default="192.168.1.245")
    Meaningless if 'install_and_configure_dhcp=false'

  • ucs_master_admin_password:
    Only needed for opsi installation on UCS Server with other Roles than Role 'Master'. (Default='linux123')

  • update_test:
    Do not use: Internal Debugging. (Default='False')

  • ucs_master_admin_password:
    On a UCS machine the roles Slave, Backup and Member have to be joined correctly with the Mas ter. This property takes the password to perform the join.

The product has 'setup required before' dependency to the product 'l-system-update'. That means when you set 'l-opsi-server' on 'setup' it will also automatically set 'l-system-update' also on setup and installed before.

In the directory custom of the product l-opsi-server the activated file (modules) is stored, which is used in the Installation of the product l-opsi-server and will be preserved in the case of a new version of the product.

l-os-postinst

This product installs and configures those parts of the base installation, that cannot be done from the bootimage in a proper way.

This is for the different distributions:

  • CentOS:

    • installation of SELinux

This product has a dependency to the product 'l-system-update' which is executed before running 'l-os-postinst'.
This product has a high priority, so it is executed before common products.

l-desktop

The product l-desktop installs a desktop packet on the computer.

The property desktop selects the desktop to be installed. Not all of the desktops are available for every distribution. For instance 'Unity' is available for Ubuntu only. If the selected desktop is not available, the distribution specific default desktop will be installed. Furthermore the scope of the desktop packets differs according to the distribution and the selected desktop. It can be just the actual desktop software, or might also contain some base products like libreoffice, firefox, PDF Reader etc.

The property desktop can have the following values:

  • Gnome
    Default for Debian, CentOS, RHEL.
    Available for all distributions.

  • KDE
    Default für SLES, OpenSuse. Available for all distributions.

  • Unity
    Available for Ubuntu only.

  • Cinnamon
    Available for Ubuntu only.

  • xfce4
    Available for Ubuntu, Debian.

  • lxde
    Available for Ubuntu, Debian.

l-system-update

This product updates the system.

swaudit

Software inventory, based on the packet manager

hwaudit

Hardware inventory.
The hardware inventory currently is based on the Python implemented method as also used by the bootimage.

l-jedit

Java based editor with syntax highlighting for opsi-script. If Java is missing on the system, it will be installed automatically.

Inventory

To create an inventory, the data are collected on the client and sent to the server. The hardware inventory is based on the methods implemented in the bootimage.

The software inventory is based on the data from the packet management of the deployed Linux distribution.

UEFI / GPT support

Most of the opsi 4.1 / opsi 4.2 Linux netboot products are UEFI/GPT compatible.

Proxy for '.deb'-packages

Instructions for installation and use of servers for local caching of debian packages: