Local Images (opsi-local-image)

With the extension opsi-local-image you can quickly restore many opsi clients to a certain state — for example in the coffee break during a training or in the classroom after class. The administrator controls everything in a central place: first, the extension creates an image, then it saves it on a separate hard disk partition. This image is then used for fast recovery, with minimal impact on network performance.

Prerequisites

This module is currently a paid extension. This means that you need a license file to unlock it. You will receive this file after you have purchased the extension. For evaluation purposes, we’re happy to provide you with a temporary license free of charge. Please contact us via email.

More details can be found in opsi Extensions.

opsi-local-image comes bundled with the opsi-vhd-reset extension (see Virtual Hard Disk (opsi-vhd-reset)), which means that activating opsi-local-image automatically applies to opsi-vhd-reset as well.

The product opsi-local-image-capture requires that the share opsi_depot_rw is writable for the user pcpatch. Therefore please check your Samba configuration.

Introduction

opsi is a great tool to install and maintain Windows computers in an automated way — also and especially if heterogeneous hardware is involved. However, a package-based opsi installation is not fast enough to bring computers back to a predefined state within a short time, e.g. during trainings or in a classroom during a break. This chapter therefore introduces a concept which stores the package-based installation locally on a second partition as an image and allows a fast recovery from there.

Here’s how this works:

  1. Initial installation followed by a local image backup

  2. Fast recovery based on different techniques

  3. System maintenance followed by a local image backup

  4. Integration of WIM capture

  5. Integration of Linux clients into the backup/restore process

Concept

The requirements of educational computer networks differ from those of other networks. Especially in schools, universities and other educational institutions, it is important to quickly restore many computers to a defined state. This restoration should happen within a short time (about 15 minutes), and it should also be possible to install the computer with a different system if necessary. In addition to the installation of certain Windows or Linux versions, continuous maintenance of the systems with security updates should also be ensured.

The usual techniques for installing PCs have advantages and disadvantages:

Table 1. Advantages and Disadvantages of Unattended and Image-based Solutions
Feature Unattended Image

Performance

(-) slow

(+) fast

Sensitivity to heterogenous Hardware

(+) low

(-) high

Network Load

(-) high

(-) high

The concept of opsi-local-image tries to combine the advantages of both approaches:

Table 2. opsi-local-image
Feature Unattended

Performance

(+) fast

Sensitivity to heterogeneous Hardware

(+) low

Network Load

(+) low

The concept consists of four main steps:

  1. initial package-based Windows installation via PXE boot with individual driver integration (opsi Linux boot image)

  2. backup of this initial installation in an image on a separate partition of the local hard drive (opsi Linux boot image)

  3. fast restore of the installation from the local image (opsi Linux boot image)

  4. maintenance of the local installation (security updates) via the opsi software distribution and backup of the updated system to the local backup image (opsi Linux boot image)

Technical Concept

The machines in the computer pools use a static partition table and have with either three or four partitions (at UEFI you have two additional system partitions at the very beginning of the partition table that are not mentioned here):

  • Partition 1 (System)
    The operating system currently in use (Windows/Linux) is located here.
    The size of this partition is controlled by the opsi-local-image-prepare product during partitioning via a property.

  • Optional: Partition 2 (sysdata)
    User data that should not be overwritten during recovery may be located here. The partition is formatted with NTFS.
    The size of this partition is controlled by the opsi-local-image-prepare product during partitioning via a property.

  • Partition 3 (winpe/swap)
    The size of this partition is set to 4 GB.
    On Windows XP, this partition is not used.
    On NT6 (Windows 7), this partition is used for the Windows PE required during installation; it is not visible during actual operation.
    On Linux, this partition is used as a swap partition.

  • Partition 4 (backup)
    This partition is used to store the backed up images and their metadata.
    The size of the partition results from the free space left after the other partitions have been created.

The netboot products for OS installation use only the first two or three partitions and leave the last backup partition untouched. Thus, the images located on partition 4 (backup) are preserved even when a new operating system is installed.

Proceedings

Initial Installation

First create the necessary static partitions with the product opsi-local-image-prepare.

Scheme: Image Restore with `opsi-local-image-restore`
Figure 1. Scheme: Image Restore with opsi-local-image-restore

Next, you can use opsi-local-image-win* and other products to install the operating systems and provide them with different application software.

Schema: OS Installation with `opsi-local-image-win*`
Figure 2. Schema: OS Installation with opsi-local-image-win*

By default, these are automatically saved as an image after installation.

Schema: Image Backup with `opsi-local-image-backup`
Figure 3. Schema: Image Backup with opsi-local-image-backup

Restoring an Image

Invoke the opsi-local-image-restore product; this will automatically restore the last image created. To restore a different image, specify it in the imagefile property.

Schema: Image Restore with `opsi-local-image-restore`
Figure 4. Schema: Image Restore with opsi-local-image-restore

Deleting an Image

Schema: Deleting an Image
Figure 5. Schema: Deleting an Image

By executing the product opsi-local-image-delimage, the image specified in the property imagefile will be deleted.
Property imagefile=all_images will delete all stored images.

Updating an Image

To simplify the maintenance of the clients, you can use the product opsi-auto-update.

Schema: Automatic Upgrade of a saved Image
Figure 6. Schema: Automatic Upgrade of a saved Image

The main purpose of the opsi-auto-update product is to keep the installed products up to date. To do this, it sets all installed products whose version differs from the one on the server to setup on the client.

This product is quite useful, not just in the context of opsi-local-image. For a detailed description, see the opsi Standard Products chapter, section opsi-auto-update.

opsi-local-image Products

The opsi-local-image products also support systems with multiple disks. See also the section Some hints to the NT6 netboot products.

The opsi-local-image package contains the following products:

To install the products, set the active attribute of the uib_local_image repository to True in the /etc/opsi/package-updater.repos.d/uib-local_image.repo file. After that, run the following command to install the new products:

opsi-package-updater --repo uib_local_image install

UEFI Compatibility

The opsi-local-image products are compatible with UEFI.

Netboot Product for Partitioning

The opsi-local-image-prepare product creates the static partition table for all other products.

Use this product only for initial preparation of the disk, since it will delete all existing images!

opsi-local-image-prepare supports the following properties:

  • ask_before_inst: Determines if the start of the installation has to be confirmed on the client. (default: true)

  • system_partition_size: Determines the size of partition 1 (system). (default: 30GB)

  • data_partition_size: Determines the size of partition 2 (sysdata). If set to 0G, no data partition will be created. (default: 0G)

  • start_os_installation: Here you can select the operating system which gets installed automatically after partitioning. If you install start_os_installation, the two properties imagefile and imagefiles_list of the opsi-local-image-restore product are deleted, because the repartitioning has made this data invalid.

  • delay_for_reboot: Defines the number of seconds between the end of the script and the reboot, all to give the server time to create the netboot pipe.

  • minimal_backup_partition_size: This property is used to check if the size entries make sense. (default: 55%)
    The size of the backup partition results from:
    hard disk size - (system_partition_size + data_partition_size + winpe_partition_size)
    opsi-local-image is normally used to create a local backup of the system partition. This requires that there is enough space for the backup partition. If, when calculating the partitioning, the product determines that the remaining space for the backup partition is less than minimal_backup_partition_size, it terminates with an error message.

  • winpe_partition_size: size of the WinPE partition (default: 4G)

  • multi_disk_mode: Selects a hard disk for installation. (default: 0)
    Possible values are: 0, 1, 2, 3, prefer_ssd, and prefer_rotational. The values 0, 1, 2, and 3 directly specify the index of the disk, where 0 means the first disk, 1 the second, etc. The prefer_ssd value selects the first SSD disk, prefer_rotational the first classic (rotational) disk. The property is ignored on systems with only one disk.

  • backup_partition_on_same_disk: Determines whether the backup partition is created on the system disk (true) or on the first other free disk (false). (default: true)

Netboot Products for installing Windows

The netboot products for Windows installation are derivatives of the opsi standard products for Windows installation. This means that they are identical in terms of structure and driver integration. You can find corresponding instructions in chapter Windows Clients.

The Windows NT6 products from version 4.1 onward are a subset of the NT6 standard product properties (see section Some hints to the NT6 netboot products). For notes about the hard disk drive properties, see the Netboot Product for Partitioning section. The missing properties for disks and partitions are taken from the product opsi-local-image-prepare.

Do not change the property values of the opsi-local-image-prepare product after you have prepared a machine with it, because subsequent products use these values.

  • opsi-local-image-win7: Installation of Windows 7 (32 bit)

  • opsi-local-image-win7-x64: Installation of Windows 7 (64 bit)

  • opsi-local-image-win10: Installation of Windows 10 (32 bit)

  • opsi-local-image-win10-x64: Installation of Windows 10 (64 bit)

  • opsi-local-image-win11: Installation of Windows 11 (32 bit)

  • opsi-local-image-win11-x64: Installation of Windows 11 (64 bit)

All of these products have the following opsi-local-image specific properties:

  • backup_after_install: After OS installation, first the application software is installed and then an image of the installation is created (default: true). In addition, the imageFile value of the opsi-local-image-restore product is deleted. As a result, the created backup gets the name of the running netboot product (e.g. opsi-local-image-win7).

  • setup_after_install: Specify here one or more products to be set to setup after the operating system installation is complete. All dependencies will be resolved automatically.

Netboot Products for installing Linux

The product opsi-local-image-ubuntu installs Ubuntu 64 bit and is provided for the actual LTS Versions. It creates two user accounts: root and user. The password for root is set by the root_password property (default: linux123), the password for user is set by the user_password property (default: linux123).

The following properties are used to control the installation:

  • askbeforeinst: Determines if the start of the installation has to be confirmed on the client. (default: true)

  • additional_packages: Which additional packages should be installed? List of packages is separated by spaces. (default: '')

  • language: Which language/locale should be installed? (default: de)

  • console_keymap: Keyboard layout (default: de-latin1-nodeadkeys)

  • timezone: Timezone (default: Europe/Berlin)

  • online_repository: Defines the online repository (default: http://de.archive.ubuntu.com/ubuntu).

  • proxy: Defines (if necessary) a proxy server of the form http://<ip>:<port> (default: '')

  • backup_after_install: Saves an image immediately after installation (default: true)

  • setup_after_install: Specify one or more products which should be set to setup after the OS installation; dependencies will be resolved automatically.

  • release: Ubuntu release to install

  • install_opsi-client-agent: Install the Linux client agent (paid extension, see chapter opsi Extensions, default: false).

Netboot Products for Backup and Restore

The opsi-local-image-backup product creates an image of the operating system installed on the first partition and stores it on the fourth partition. The image name is set by a property; if no value is set here, the name of the netboot product currently set to installed is used (e.g. opsi-local-image-ubuntu). The name is also set in the opsi-local-image-restore product as property imagefile, so that calling opsi-local-image-restore will restore exactly this image by default. Also, the name is added to the opsi-local-image-restore property imagefiles_list, so the property contains a list of all available images.

For Windows systems the product saves the current state of the opsi product together with the image so that they can be restored together.

The backup software used is Partclone. This tool creates partition images and restores them if necessary.

opsi-local-image-backup supports the following properties:

  • askbeforeinst: Determines if the start of the installation has to be confirmed on the client. (default: true)

  • free_on_backup: This read-only property displays current information about the backup partition. (device, size, used, remaining, use in %, mount point)

  • imagefile: Sets the name of the image file to create (default: empty, i.e. the name of the currently installed opsi-local-image product will be used). The name may contain spaces, but no special characters. If the name contains spaces, they are treated internally as underscores, e.g. my image becomes my_image.

  • setup_after_install: Specify one or more products which should be set to setup after the OS installation; dependencies will be resolved automatically.

The product opsi-local-image-restore restores the image defined by imagefile to the first partition and makes sure that the bootflag is set. For Windows systems this product saves the current state of the opsi product together with the image, so that they can be restored together.

opsi-local-image-restore supports the following properties:

  • askbeforeinst: Determines if the start of the installation has to be confirmed on the client. (default: true)

  • imagefile: Defines the name of the image to be restored; the value is automatically set by the last backup. The list of available images is contained in the imagefiles_list property.

  • imagefiles_list: List of available images

  • no_proxy: Lists addresses that should bypass the proxy. Use commas to separate multiple addresses

  • proxy: Defines (if necessary) a proxy server of the form http://<ip>:<port> (default: '')

  • setup_after_restore Specify one or more products which should be set to setup after the restore is complete; as a result, they will automatically be installed after the reboot. (Default: windomain to reinstate the restored client to the Windows domain).

The update_and_backup property is no longer recommended. Use the opsi-auto-update product instead. For a detailed description, see the opsi Standard Products chapter, section opsi-auto-update.

The opsi-local-image-delimage product deletes the image specified in the imagefile property from the backup partition:

  • imagefile: name of the the image that will be deleted (default: empty)
    Property imagefile=all_images will delete all stored images.

Localboot Products for controlling Processes

The opsi-local-image-backup-starter localboot product sets the opsi-local-image-backup netboot product to setup and then reboots the client. This product has a very low priority (-98), so all other localboot products will be installed first.

The opsi-auto-update product can be used to ensure that the installed products are up to date. It sets all installed client products which have a version number different from the one on the server to setup.

This product is quite useful, not just in the context of opsi-local-image. For a detailed description, see the opsi Standard Products chapter, section opsi-auto-update.

Backup Partition

The backup partition is (for computers with MBR BIOS and without data partition) the third partition of the system hard disk. If there is a separate partition for the user data (sysdata), then the backup partition is the fourth partition.
At UEFI you have two additional system partitions at the very beginning of the partition table that are not mentioned here.

On systems with more than one disk, the opsi-local-image-prepare property multi_disk_mode determines the system disk. The backup partition can also be located on the first partition of another disk (depending on the opsi-local-image-prepare property backup_partition_on_same_disk).

Among other things, you will find the following data on the backup partition:

  • The master.log file with information about all performed image operations. This logfile is transferred to the boot image logs.

  • The image directories have the same name as the image and contain the images' metadata in addition to the image itself. The size of the images depends not only on the operating system, but also on the software installed there. To give you an idea about the file size, here are a few numbers for different images of different operating systems without standard installed:

    • opsi-local-image-ubuntu: 16 GB (V 22.04)

    • opsi-local-image-win11-x64: 23 GB

Windows Imaging Format Integration (opsi-wim-capture)

Starting with NT6, Microsoft has introduced the image format WIM. A WIM file (Windows Imaging Format) stores the installation settings, including all software, hotfixes and configurations from an existing computer.It’s an archive for files and metadata rather than a hard disk or partition image. You can then use this WIM as a base for future installations on other computers, making the whole process much easier and faster.

A WIM file can contain several images. The normal installation of an NT6 computer is based on the fact that the file setup.exe unpacks an image from the file install.wim, configures it afterwards and provides it with additional drivers.

WIM Components

You need the opsi-wim-capture product to capture an image in WIM format.

In addition, there are target products which are intended to hold the captured images:

  • opsi-local-image-win10-capture

  • opsi-local-image-win10-x64-capture

  • opsi-local-image-win11-x64-capture

Difference between opsi-local-image and standard mode in opsi-wim-capture

You can find the procedures and settings for the product opsi-wim-capture under Windows Imaging Format (opsi-wim-capture). The properties of opsi-wim-capture are described in section Main product opsi-wim-capture.

The main difference between the two modes is: with opsi-local-image, the mechanism of opsi-local-image-backup/opsi-local-image-restore is used for backing up and restoring the partition. In standard mode, the product opsi-clonezilla is used for this purpose.

In opsi-local-image mode, opsi-wim-capture will fail if your system has been set up with a data partition. In this case, reinstall the computer with the opsi-local-image-prepare property data_partition_size=0.

Windows Installation from a Target Product

This section describes how to restore opsi metadata to installed products.

The Problem:

If you reinstall a Windows system with opsi, all localboot products which were previously set to installed on this computer are automatically set to setup when the opsi-client-agent is installed. Therefore they will be reinstalled later. When rolling out the WIM images, this works a little differently:

  • The image contains the backup of the opsi data, which was stored there during the capturing process.

  • During the opsi-client-agent installation the backup is detected and restored on the opsi server.

  • Thus the products, which were installed in the image at the time of the capture, have the state installed on the freshly installed computer.

If all products set to installed were now changed to setup, all products installed in the image would be installed again. This is not what we want.

There are therefore two options for restoring the opsi metadata of installed products:

Option 1

When rolling out a WIM image, only the products which were already set to setup before the start of the operating system installation are installed automatically afterwards. This may have been done either by a manual intervention or by setting the setup_after_install property.

Products set to installed are not set to setup. This is the default behavior.

Option 2

Option 2 behaves similarly to installations from non-captured images. After restoring the metadata, products marked as installed are set to setup. Products that are included in the restored metadata are excluded.

To use option 2, configure the host parameter accordingly and set the clientconfig.capture.switch_installed_products_to_setup entry to true. If it is set to false, option 1 is used.

These Hostparameter can then be used to enable or disable events for the respective client. You can create the Hostparameter via opsi-configed or opsi-cli. The corresponding opsi-cli command is as follows:

opsi-cli jsonrpc execute config_createBool clientconfig.capture.switch_installed_products_to_setup "capture.switch_installed_products_to_setup" true

Please note that this will activate the second option for all computers.

In opsi-configed you can create the Hostparameter via Server configuration / clientconfig. Right-click on the right side and select Add Boolean configuration entry.

Helper Product opsi-wim-info

With the product opsi-wim-info you can quickly gather information about the images stored in install.wim. This information is then saved in the logfile.

Property:

  • target_product: ProductId of the product where the install.wim file is searched.