Installation on RHEL/AlmaLinux/Rocky Linux
This chapter focuses on the package-based installation process of an opsi server on Red Hat Enterprise Linux (RHEL), AlmaLinux, and Rocky Linux.
Proxy Settings
For the installation process, it’s important to ensure that you have Internet access via HTTP/HTTPS.
If you need to access through an HTTP proxy, it’s recommended to set the proxy settings at a system-wide level using environment variables. These should be entered into the /etc/environment
file.
Keep in mind that the names of these environment variables consist only of lowercase letters. |
-
http_proxy
: Configures the proxy for HTTP connections. It requires the full URL, including if authentication is needed:
http_proxy=http://<user>:<password>@<proxy-address>:<port>
-
https_proxy
: Similar tohttp_proxy
but for HTTPS connections:
https_proxy=https://<proxy-address>:<port>
-
no_proxy
: Lists addresses that should bypass the proxy. Use commas to separate multiple addresses:
no_proxy=127.0.0.1,localhost,mydomain.example,hostname.domain.com:8080
Remember these rules for addresses:-
Only use lowercase letters.
-
Include IP addresses only for direct access via IPs, as no name resolution occurs for exceptions.
-
CIDR notation for IP address ranges (like
192.168.0.0/24
) is not supported. -
Always include exceptions for
localhost
and127.0.0.1
. -
Wildcards and regular expressions are not supported.
-
Treat each name as a suffix, so
domain.com
applies to all hostnames ending indomain.com
. -
Optionally, add a specific port after a colon for each address to confine the exception to that port.
-
Here’s an example for setting up the /etc/environment
file:
http_proxy=http://10.1.1.1:8080
https_proxy=https://10.1.1.1:8080
no_proxy=127.0.0.1,localhost,company.tld
To apply the changes to the currently running shell, execute the following commands:
set -a; source /etc/environment; set +a
For Suse distributions, the NO_PROXY parameter in the /etc/sysconfig/proxy file needs to be adjusted. Set NO_PROXY=127.0.0.1,localhost,company.tld as appropriate.
|
If the access to opsiconfd
is channeled through a proxy, the service requests will appear to originate from the IP address of the proxy. As a result, all functionalities that rely on the client’s IP address, such as networks
, admin-networks
, update-ip
, or max-session-per-ip
, might not operate correctly. To address this, you can define trusted proxy addresses using the trusted-proxies
parameter. When a connection comes from a trusted proxy, the server will look at the X-Forwarded-For
header to ascertain the real IP address of the client.
Example:
admin-networks=[192.168.10.0/24]
trusted-proxies=[192.178.16.27]
Preparations
If you are using Red Hat Enterprise Linux, it’s necessary to register with the Red Hat Network to access all the required packages:
sudo subscription-manager register
sudo subscription-manager attach --auto
In addition the usage of the Extra Packages for Enterprise Linux (EPEL) repository is needed to fullfill all package dependencies.
One should use the commands below on AlmaLinux or RockyLinux:
dnf config-manager --set-enabled crb
dnf install epel-release
On Oracle Linux one should use the following command:
dnf install oracle-epel-release-el8
respectively
dnf install oracle-epel-release-el9
Depending or Oracle Linux 8 or 9 is being used.
When RedHat is the server operating system, the below commands should be used:
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
respectively
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
Depending it Redhat 8 or 9 is the operating system.
Install Samba and MariaDB:
sudo yum install mariadb-server samba samba-client
Start and configure Samba and MariaDB:
sudo systemctl start smb.service
sudo systemctl start nmb.service
sudo systemctl start mariadb.service
sudo systemctl enable smb.service
sudo systemctl enable nmb.service
sudo systemctl enable mariadb.service
sudo mysql_secure_installation
If the machine is also to be used as a DHCP server, the dhcpd daemon must be installed and configured.
|
Configuring Repositories
Add the Grafana repository:
sudo cat <<EOF | sudo tee /etc/yum.repos.d/grafana.repo
[grafana]
name=grafana
baseurl=https://rpm.grafana.com
repo_gpgcheck=1
enabled=1
gpgcheck=1
exclude=*beta*
gpgkey=https://rpm.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF
Add the opsi repository that matches your distribution:
RHEL 9:
sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/RHEL_9/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache
RHEL 8:
sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/RHEL_8/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache
AlmaLinux 9:
sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/AlmaLinux_9/home:uibmz:opsi:4.3:stable}.repo
sudo yum makecache
AlmaLinux 8:
sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable}/AlmaLinux_8/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache
Rocky Linux 9:
sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/RockyLinux_9/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache
Rocky Linux 8:
sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/RockyLinux_8/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache
Oracle Linux 8:
sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/OracleLinux_8/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache
Oracle Linux 9:
sudo cd /etc/yum.repos.d/
sudo wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.3:stable/OracleLinux_9/home:uibmz:opsi:4.3:stable.repo
sudo yum makecache
Installing the Packages
Install the package opsi-server-full
:
sudo yum install opsi-server-full
If you encounter a message prompting for confirmation when importing the GnuPG key of the repository, simply type y
and press [Enter] to confirm the addition of the key:
Importing GPG key 0xD8361F81 "home:uibmz OBS Project " from http://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.3:/stable/distribution/repodata/repomd.xml.key
Is this ok [y/N]: y
As an alternative to the opsi-server-full package, you can install either opsi-server or opsi-server-expert . These packages differ in their dependencies and are tailored for scenarios where you prefer to run MySQL, Redis, or Grafana on separate servers. While opsi-server and opsi-server-expert provide more flexibility, they are best suited for experienced Linux administrators.
|
Make sure that your firewall and SELinux configurations permit connections on ports 69/UDP (TFTP) and both 4447/TCP and 4441/TCP (opsi). Further information on SELinux can be found at SELinux. |
The opsi server is now set up and ready for the next steps.