opsi-Server with multiple depots (free)
Concept
Supporting multiple depot shares in opsi aims at the following targets:
-
central configuration data storage and configuration management
-
providing the software depots on local servers
-
automated deployment of software packages from the central server to the local depots
Accordingly, it is implemented:
-
All configuration data is stored on the central 'opsi-Configserver'.
-
All clients connect to this 'opsi-Configserver' in order to request their configuration data. The configuration data comprise the information on method and target of the 'opsi-Depotserver' connection.
-
All installable software is stored on 'opsi-Depotservers'.
-
The 'opsi-Depotservers' have as well an
opsipxeconfd
running by which they provide boot-images to clients via PXE/tftp. -
opsi-package-manager
A program to (de-)install opsi packages on one ore more 'opsi-Depotservers'. -
The opsi packages are copied via webdav protocol to the 'opsi-Depotservers' and are installed from the opsiconfd via a web service call.
-
'opsi-configed' supports the management of multiple depots.
-
Clients connected to different depots can be managed in one bundle if the involved depots are synchronized (have all product packages in identical versions).
The following schema gives a more detailed view on the communication between the components of a opsi multi depot share environment.
Creating an depot server
In order to create an 'opsi-Depotserver' you have to install a standard 'opsi-Server'. This 'opsi-Server' can be configured to act as 'opsi-Depotserver' by calling the script opsiconfd setup --register-depot
as user root on the server which should become the 'opsi-Depotserver'. Because this script does not only reconfigure the local server, but also registers this server as 'opsi-Depotserver' with the central 'opsi-Configserver', username and password of a member of the 'opsiadmin' group have to be supplied here.
On Univention Corporate Server the registration of a 'opsi-Depotserver' happens automatically. The first server with an opsi installation is used as 'opsi-Configserver' and all following in a UCS domain installed systems will register there as an 'opsi-Depotserver'.
Example:
'opsidepot.your.domain' will be reconfigured as opsi-Depotserver and registered at the opsi-Configserver 'opsiserver.your.domain':
root@opsidepot.your.domain:~# opsiconfd setup --register-depot
Now you will be prompted for the opsi-Configserver you want to connect to . The registration needs to be authorised by supplying the username and password of a member of the group 'opsiadmin' at the opsi-Configserver.
The setup will ask you questions about the server, the user, the password and the description of the depot. In the end the output should look like this:
root@opsidepot:~$ opsiconfd setup --register-depot
Do you want to register this server as a depotserver? [y/n]: y
Enter opsi server address or service url (opsiserver.your.domain):
Enter username for service connection: adminuser
Enter password for 'adminuser':
Connecting to service 'https://opsiserver.your.domain:4447'
Connected to service as 'adminuser'
Enter ID of the depot (opsidepot.your.domain):
Enter a description for the depot (opsidepot): opsidepot
Registering depot
Depot succesfully registered
Usually the configuration files in /etc/opsi/package-updater.repos.d/
on the new depot should be checked.
If the new depot should only update its packages from the main server, only the repository in /etc/opsi/package-updater.repos.d/opsi-server.repo
should remain active.
A possible configuration can look like this:
[repository_opsi_server] active = true opsiDepotId = opsiserver.your.domain autoInstall = true autoUpdate = true autoSetup = false ; Inherit ProductProperty defaults from master repository inheritProductProperties = false
Non-interactive registration of a opsi-Depotserver
It is possible to register a depot without interaction.
To do this the data for the connection to the opsi-Configserver has to be passed as JSON object alongside the parameter --unattended
.
opsiconfd setup --register-depot --unattended '{"configserver": "https://opsi.acme.corp:4447", "username": "some-opsi-admin", "password": "secret", "depot_id": "depot1.acme.corp", "description": "Depot 1"}'
package management with multiple depots
see also:
opsi-package-manager
opsi-package-updater
In or to manage opsi-packages with different 'opsi-Depotserver' the opsi-package-manager
got the option -d
( or --depot
). With this option you can give the target 'opsi-Depotserver' for the installation. Using the keyword 'ALL' the opsi package will be copied to /var/lib/opsi/repository
on all known 'opsi-Depotservers' and then installed via a web service call.
If you don’t give the option -d
, the opsi package will be only installed on the local server (without upload to /var/lib/opsi/repository
).
Example:
Install the package softprod_1.0-5.opsi on all known 'opsi-Depotservers':
opsi-package-manager -d ALL -i softprod_1.0-5.opsi
In order to get information’s about what are the differences between depots you may call opsi-package-manager
with the option -D
(or --differences
).
Example:
Show the differences between all known depots regarding the product mshotfix
opsi-package-manager -D -d ALL mshotfix
mshotfix
vmix12.uib.local : 200804-1
vmix13.uib.local : 200804-1
bonifax.uib.local: 200805-2