opsi Installation on Shutdown (free)
By default, the installation of opsi packages is starts when the client boots. The user then has to wait for the software installation to finish, before login is possible. It can therefore be desirable to do most of the software installations when the client is shutting down.
The opsi On-Shutdown-Module provides exactly this functionality. Installation on shutdown can be activated individually for certain clients.
The on-shutdown module can be used on Windows clients. The required basic functionality is part of the package opsi-client-agent.
Some technical restrictions and constraints exist in the following cases:
WAN extension: the Installation on Shutdown module is currently not available for clients that also use the WAN extension. Under some conditions, running the WAN extension on a client requires the use the local configuration files, which interfere with the state handling of the installation on shutdown mechanism.
If the install on shutdown has been triggered by a shutdown or a reboot, the Windows API does not allow to convert a shutdown into a reboot (or vice versa). In the case of a shutdown, products that require a reboot will only be fully installed the next time the computer is started.
The On-Shutdown-Modul is only available on Windows-Clients. On Linux and MacOS-Clients the feature is not available yet.
With opsi 4.2 the package opsi-client-agent was completely rewritten. In the process, the on-shutdown module was also improved. Before opsi 4.2, the configuration of this module was mainly controlled via the product switch
on_shutdown_install of the package opsi-client-agent. This product switch has been removed from the opsi-client-agent package and replaced by a new Hostparameter:
The opsi package of the opsi-client-agent automatically migrates the states of the old product switch with the new Hostparameter. For new clients only this Hostparameter has to be activated. A new installation of the opsi-client-agent is no longer necessary, the Hostparameter should take effect immediately. The old on_shutdown scripts have also been removed, as they are no longer needed in the new module.
A possible collision with shutdown group policies of a possibly existing domain cannot be completely ruled out. Since the opsiclientd service integrates itself into the shutdown process during runtime, the On-Shutdown-Modul should be reliably activated. Nevertheless, in the event of an error, we recommend checking the domain group policies for corresponding collisions.
To activate the module it’s enough to execute the following command:
opsi-admin -d method configState_create opsiclientd.event_on_shutdown.active myclient.domain.de true
For deactivation of this module a complete reinstallation of the opsi-client-agent package is also not needed anymore.
To deactivate the module use the following command:
opsi-admin -d method configState_create opsiclientd.event_on_shutdown.active myclient.domain.de false
The installation during shutdown can be carried out in addition to the installation during system start. This makes sense in normal cases, as clients that have not logged on to the opsi service for a longer period of time (e.g. after the user has gone on holiday) will receive the latest security updates before using the service. If desired, the installation can be switched off at system start-up, see Special Configuration of Installation on Shutdown. However, installations that have been started are continued in any case when the client starts up, see Technical concept.
Windows does not differentiate between a shutdown and a reboot. The installation during shutdown is therefore executed both during shutdown and reboot and it is not possible to distinguish between these two cases when executing a script. The Windows API does not allow conversion of a shutdown to a reboot (or vice versa) at this time. Aborting the shutdown/reboot is also not allowed. If individual software packages require a multi-phase installation with reboot, the installation is only continued at the next start of the client.
The following explanations serve for a better understanding of the technical correlations for special configuration variants as well as for investigation in case of error. Normally, all necessary settings are carried out by the package 'opsi-client-agent' and the opsiclientd independently and fully automatically.
The shutdown installation is based on the interaction of various system components. An essential component is the use of the Windows shutdown script mechanism via local group policy. Shutdown scripts enable the execution of tasks at the exact time of the shutdown process, when the user is already logged off and all user tasks are finished, but all system services are still running.
The opsiclientd service uses this technique. The script is created automatically at runtime of the service. When the module is activated, the service interrupts the system shutdown process and starts the on_shutdown event of the opsiclientd. The system shutdown process will be continued after this event has ended.
If reboots are required for the started installation sequence, the precondition
installation_pending is responsible for the correct control of the process. In such a case, the precondition
installation_pending (regardless of whether
gui_startup is activated or not) leads to a direct continuation of the installation at the next system start-up, if necessary also with further reboots. In the
installation_pending condition, if further reboots are necessary, no installation is carried out during shutdown, since otherwise there would be no reboot between the installation during start-up and the installation during shutdown.
Normally nothing more is required than an up-to-date
opsi-client-agent package to start the installation at shutdown, as described in Activating Installation on Shutdown. For suitable clients, the Hostparameter
opsiclientd.event_on_shutdown.active can be used to activate the installation during shutdown.
By default, the installation at startup also remains active. This ensures that a client that has been switched off for a long time (e.g. during the user’s vacation) always receives the latest software, before the user can log in.
If this is not desired, the installation can be deactivated at start-up. Since this should only be switched off client-specifically, a default configuration must first be created where the default is defined:
opsi-admin -d method config_createBool opsiclientd.event_gui_startup.active "gui_startup active" true
The default value 'true' corresponds to the value in the supplied
If the installation is to be deactivated in the startup for an Install_on_shutdown client, the corresponding 'Hostparameter' is created as follows:
opsi-admin -d method configState_create opsiclientd.event_gui_startup.active myclient.domain.de false
This configuration has the consequence that when the computer is started, no connection is established to the opsi-configserver and thus no installation takes place. Except for an installation that has started, which is triggered by the additional condition
installation_pending. If another reboot is required afterwards, the on_shutdown event is blocked and thus prevents the installation from continuing additionally also during the shutdown. Otherwise there would be no system reboot between the individual installation phases.
gui_startup event runs the risk of disconnecting clients. This means that if there is a issue during the on_shutdown event, such a client would no longer actively install updates. Normally, by shifting the installations to the shutdown process, the blockage from the
gui_startup event should be greatly minimized. Therefore, the general recommendation is to leave the
gui_startup event activated (default behaviour).