Installation on RHEL/AlmaLinux/Rocky Linux

This chapter focuses on the package-based installation process of an opsi server on Red Hat Enterprise Linux (RHEL), AlmaLinux, and Rocky Linux.

Proxy Settings

For the installation process, it’s important to ensure that you have Internet access via HTTP/HTTPS.

If you need to access through an HTTP proxy, it’s recommended to set the proxy settings at a system-wide level using environment variables. These should be entered into the /etc/environment file.

Keep in mind that the names of these environment variables consist only of lowercase letters.
  • http_proxy: Configures the proxy for HTTP connections. It requires the full URL, including if authentication is needed:
    http_proxy=http://<user>:<password>@<proxy-address>:<port>

  • https_proxy: Similar to http_proxy but for HTTPS connections:
    https_proxy=https://<proxy-address>:<port>

  • no_proxy: Lists addresses that should bypass the proxy. Use commas to separate multiple addresses:
    no_proxy=127.0.0.1,localhost,mydomain.example,hostname.domain.com:8080
    Remember these rules for addresses:

    • Only use lowercase letters.

    • Include IP addresses only for direct access via IPs, as no name resolution occurs for exceptions.

    • CIDR notation for IP address ranges (like 192.168.0.0/24) is not supported.

    • Always include exceptions for localhost and 127.0.0.1.

    • Wildcards and regular expressions are not supported.

    • Treat each name as a suffix, so domain.com applies to all hostnames ending in domain.com.

    • Optionally, add a specific port after a colon for each address to confine the exception to that port.

Here’s an example for setting up the /etc/environment file:

http_proxy=http://10.1.1.1:8080
https_proxy=https://10.1.1.1:8080
no_proxy=127.0.0.1,localhost,company.tld

To apply the changes to the currently running shell, execute the following commands:

set -a; source /etc/environment; set +a
For Suse distributions, the NO_PROXY parameter in the /etc/sysconfig/proxy file needs to be adjusted. Set NO_PROXY=127.0.0.1,localhost,company.tld as appropriate.

If the access to opsiconfd is channeled through a proxy, the service requests will appear to originate from the IP address of the proxy. As a result, all functionalities that rely on the client’s IP address, such as networks, admin-networks, update-ip, or max-session-per-ip, might not operate correctly. To address this, you can define trusted proxy addresses using the trusted-proxies parameter. When a connection comes from a trusted proxy, the server will look at the X-Forwarded-For header to ascertain the real IP address of the client.

Example:

admin-networks=[192.168.10.0/24]
trusted-proxies=[192.178.16.27]

Preparations

If you are using Red Hat Enterprise Linux, it’s necessary to register with the Red Hat Network to access all the required packages:

sudo subscription-manager register
sudo subscription-manager attach --auto

In addition the usage of the Extra Packages for Enterprise Linux (EPEL) repository is needed to fullfill all package dependencies.

One should use the commands below on AlmaLinux or RockyLinux:

dnf config-manager --set-enabled crb
dnf install epel-release

On Oracle Linux one should use the following command:

dnf install oracle-epel-release-el8

respectively

dnf install oracle-epel-release-el9

Depending or Oracle Linux 8 or 9 is being used.

When RedHat is the server operating system, the below commands should be used:

dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

respectively

dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

Depending it Redhat 8 or 9 is the operating system.

Install Samba and MariaDB:

sudo yum install mariadb-server samba samba-client

Start and configure Samba and MariaDB:

sudo systemctl start smb.service
sudo systemctl start nmb.service
sudo systemctl start mariadb.service
sudo systemctl enable smb.service
sudo systemctl enable nmb.service
sudo systemctl enable mariadb.service
sudo mysql_secure_installation
If the machine is also to be used as a DHCP server, the dhcpd daemon must be installed and configured.

Configuring Repositories

Add the Grafana repository:

sudo cat <<EOF | sudo tee /etc/yum.repos.d/grafana.repo
[grafana]
name=grafana
baseurl=https://rpm.grafana.com
repo_gpgcheck=1
enabled=1
gpgcheck=1
exclude=*beta*
gpgkey=https://rpm.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

Add the opsi repository that matches your distribution:

RHEL 9:

sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/RHEL_9/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache

RHEL 8:

sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/RHEL_8/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache

AlmaLinux 9:

sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/AlmaLinux_9/home:uibmz:opsi:4.3:stable}.repo
sudo yum makecache

AlmaLinux 8:

sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable}/AlmaLinux_8/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache

Rocky Linux 9:

sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/RockyLinux_9/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache

Rocky Linux 8:

sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/RockyLinux_8/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache

Oracle Linux 8:

sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/OracleLinux_8/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache

Oracle Linux 9:

sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/OracleLinux_9/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache

Installing the Packages

Install the package opsi-server-full:

sudo yum install opsi-server-full

If you encounter a message prompting for confirmation when importing the GnuPG key of the repository, simply type y and press [Enter] to confirm the addition of the key:

Importing GPG key 0xD8361F81 "home:uibmz OBS Project " from http://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.3:/stable/distribution/repodata/repomd.xml.key
Is this ok [y/N]: y
As an alternative to the opsi-server-full package, you can install either opsi-server or opsi-server-expert. These packages differ in their dependencies and are tailored for scenarios where you prefer to run MySQL, Redis, or Grafana on separate servers. While opsi-server and opsi-server-expert provide more flexibility, they are best suited for experienced Linux administrators.
Make sure that your firewall and SELinux configurations permit connections on ports 69/UDP (TFTP) and both 4447/TCP and 4441/TCP (opsi). Further information on SELinux can be found at SELinux.

The opsi server is now set up and ready for the next steps.