Installation on UCS
On Univention Corporate Server (UCS), there are two methods to install the opsi server:
-
Installation via the Univention App Center (available only for UCS 5.0 or newer)
-
Manual installation via the uib repositories (for UCS 4.4 and 5.0)
Both approaches result in a fully functional opsi server, but they should not be used simultaneously on the same server. Consider which installation method is most suitable for your environment before proceeding. If you choose to install opsi through the Univention App Center, be aware that updates may take longer to become available. Additionally, upgrading to a new UCS version (like moving from 4.4 to 5.0) is contingent on the availability of all installed apps for the new version. If you opt for installation via the uib repositories, you’ll receive updates more promptly.
Installation via the App Center
In the Univention App Center catalog, you can find opsi for UCS version 5.0. During installation, the package manager will automatically add additional packages, including opsi-tftpd-hpa
and univention-mariadb
.
In a UCS environment, the first opsi server configures an existing MariaDB server to function as the backend. Any subsequent opsi config servers in the same environment are registered as opsi depot servers. If an opsi config server is already present in the UCS environment during installation, the opsi-package-updater tool will be configured to source its packages from this server.
|
Manual Installation
Before proceeding with the manual installation of the opsi server on Univention Corporate Server, ensure the following prerequisites are met.
Preparations
-
Ensure Samba is installed and configured. For UCS servers that are members of an AD domain,
univention-samba
should be installed. This package configures Samba as a member server without domain controller functionality. Alternatively,univention-samba4
sets up Samba as an AD domain controller. -
MariaDB server installation and configuration are required. Install
univention-mariadb
for this purpose. Since UCS 4.3,univention-mysql
has been a meta package that installs the MariaDB server. -
If the UCS computer is also to be used as a DHCP server, configure the DHCP daemon before installing opsi and start the service.
Installation of the opsi server is feasible on servers with various UCS roles, including Primary Directory Node, Backup Directory Node, Replica Directory Node, and Managed Node.
If the opsi server is not being installed on a Primary Directory Node, but rather on a computer with a different UCS system role, it is crucial that the UCS server first joins the domain. |
The configuration file /etc/opsi/opsi.conf
specifies the group for Samba access to the shares; this group is named opsifileadmins
. To grant access rights to the opsi shares (for users who create opsi packages), all relevant users must be members of the opsifileadmins
group.
Configurng Repositories
Make sure that the directory /usr/local/share/keyrings
exists:
sudo mkdir -p /usr/local/share/keyrings
Add the Grafana repository:
REPO_URL=https://apt.grafana.com
REPO_KEY=/usr/local/share/keyrings/grafana.gpg
curl -fsSL ${REPO_URL}/gpg.key | gpg --dearmor | sudo tee ${REPO_KEY} > /dev/null
sudo echo "deb [signed-by=${REPO_KEY}] ${REPO_URL} stable main" | sudo tee /etc/apt/sources.list.d/grafana.list
Add the opsi repository that matches your distribution:
Univention UCS 5.0:
REPO_URL=https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.3:/stable/Univention_5.0/
REPO_KEY=/usr/local/share/keyrings/opsi-obs.gpg
sudo echo "deb [signed-by=$REPO_KEY] $REPO_URL/ /" | sudo tee /etc/apt/sources.list.d/opsi.list
curl -fsSL $REPO_URL/Release.key | gpg --dearmor | sudo tee $REPO_KEY > /dev/null
To confirm the successful import of the GnuPG key, you can use the following command:
gpg --show-keys /usr/local/share/keyrings/opsi-obs.gpg 2>/dev/null
In the output, you should see lines similar to the following, among others:
pub rsa2048 2017-09-30 [SC] [expires: 2025-11-19]
2E98F7B5A5B2C8FE7F609705D1F933E6D8361F81
uid home:uibmz:opsi OBS Project <home:uibmz:opsi@build.opensuse.org>
Installing the Packages
Install the package opsi-server-full
:
sudo univention-install opsi-server-full
If the opsi server is to be installed on a UCS system with a role other than the Primary Directory Node, it’s necessary to execute the command univention-run-join-scripts
as an additional step.
For users to access the opsi-configed
management interface, they must be members of the opsiadmin
group. During the installation process, the Administrator
user is automatically added to this group. To add other accounts, use the User management module in UMC, specifically the Groups tab.
As an alternative to the opsi-server-full package, you can install either opsi-server or opsi-server-expert . These packages differ in their dependencies and are tailored for scenarios where you prefer to run MySQL, Redis, or Grafana on separate servers. While opsi-server and opsi-server-expert provide more flexibility, they are best suited for experienced Linux administrators.
|
Make sure that your firewall and SELinux configurations permit connections on ports 69/UDP (TFTP) and both 4447/TCP and 4441/TCP (opsi). Further information on SELinux can be found at SELinux. |
The opsi server is now set up and ready for the next steps.