New and updated version for Debian Stretch and OCS Inventory NG server 2.5 can be found here!
In this easy tutorial we will install and configure OCS-NG Server. If you want to know what OCS-NG is, please read below and visit product site.
Table of contents:
- What is OCS-NG
- Requirements for this tutorial
- LDAP Patch
1. What is OCS-NG
Open Computers and Software Inventory Next Generation is a technical management solution of IT assets.
Since 2001, OCS Inventory NG tries to make the automated inventory of computer hardware more efficiently .
Today, our solution not only extends to the inventory. It includes a sophisticated deployment system, interfacing with third tier applications, a network devices scans, and more…
Full description on ocs-ng project home page: http://www.ocsinventory-ng.org/en/
- Lightweight bandwith usage and small OS footprint.
- High performance: about 1 000 000 of computers inventoried per day using a server bi-Xeon 3 GHz and 4 GB RAM.
- Based on well known products such as Apache web server, MySQL database server, PHP and PERLscripting languages.
- Modular solution with lot of plugins and interfacing with others IT and Asset Management Software like GLPI.
2. Requirements for this tutorial
In this tutorial we will need following peaces of software:
- Debian 8.x ISO, which can be downloaded from http://cdimage.debian.org/debian-cd/8.2.0/multi-arch/iso-cd/debian-8.2.0-amd64-i386-netinst.iso
- OCS-NG 2.2RC1 binaries which can be downloaded from http://www.ocsinventory-ng.org/en/download/download-server.html
- Microsoft Active Directory enironment with admin tools installed
- Administrative credentials for querying AD
- An hour or so
I strongly recommend running this install inside of virtual machine since wiping it, reformatting or restarting is much faster than on standalone server:)
I performed all steps few times inside virutal environment (Vsphere 5.5 hypervisor aka esxi) but this should apply for any other environment.
Our machine should have at least:
- 1 (v)CPU with 2 cores
- 2Gigs of RAM
- 1 Gigabit Ethernet
- 16GB of storage
Once again, I assume installing it in virtual environment so things like vm-tools will not be necessary to install on standalone servers. I will not cover how to install ESXi or VMWare Player since it’a a material (especially ESXi) for complete series of guides:)
To be honest installation is quite simple since all packages are available for Debian 8.x (Jessie). We don’t need to compile anything from sources and manually register or install dependencies. That saves us quite a bit of work. I know that on some other Linux distros installation might go more straightforward but I’m used to Debian and feel quite comfortable in this environment.
Installation consists of three main steps:
- Installation of Debian OS
- Installation of required packages
- Installation of OCS-NG
Installation of Debian OS
- Burn Debian ISO to disk or mount is as cd/dvd in VM
- Boot from above
- Select to install Debian in 64bit version with minimum options: SSH Server, system utilities. Do not install WWW, DB or other services.
- Rest of the options like language or partitioning leave with their default settings.
- Reboot and login to shell
- Now, we need to install required packages in order to be able to perform rest of the steps. Of course all installs must be performed with root privileges.
- Lets type some commands, at last!:
Installation of required packages
apt-get update -y apt-get upgrade -y
Install Open VM Tools – they simply work better than original VM-tools from VMWARE.
apt-get install open-vm-tools -y
After above it’s good to restart the VM. Good old Windows school :)
Now, install rest of the packages (system utils):
apt-get install sudo make -y
apt-get install apache2 -y
Now, packages for it:
apt-get install -y php5-common libapache2-mod-php5 php-pear php5-cli php5-ldap
Restart Apache with the following command:
service apache2 restart
Continue with installation of packages:
apt-get install -y libxml-simple-perl libio-compress-perl libdbi-perl libdbd-mysql-perl libapache-dbi-perl libnet-ip-perl libsoap-lite-perl
cpan -i XML::Entities
Install Zip package for perl:
apt-get install -y libphp-pclzip php5-gd
Now, install MySQL:
apt-get install -y mysql-server php5-mysql
After typing above command you will have to specify root and admin password for MySQL server. Note them somewhere.
As addition to MySQL I like to have visual representation of databases so lets install phpMyAdmin:
apt-get install -y phpmyadmin
Now, we need to link phpMyAdmin to Apache to be able to actually use it:
ln -s /etc/phpmyadmin/apache.conf /etc/apache2/mods-enabled/phpmyadmin.conf
After that restart apache or even the whole server:
service apache2 restart or reboot
Now, you should be able to access your new server at:
- http://localhost – default apache landing page
- http://localhost/phpmyadmin – MySQL phpMyAdmin management suite
Good idea (in case of troubleshooting and config checks) is to place a little apache info file in WWW Root. It will display all apache info in one place. This can be very useful for monitoring changes in apache config, loaded modules etc. So let’s add this file:
New screen will appear
Paste below code into it, press CTRL+X and then confirm changes by pressing Y and then ENTER:
Now, by navigating to:
you will have a nice view at whole apache config. I personally find it very useful. Of course, after setting up everything remove this file for security reasons.
Installation of OCS-NG Server
Installation of server itself is quite simple. OCS team provided us a nice install script that does pretty much of everything for us. If all required packages are available and running user has root privileges all should go hassle free.
First of all we need to download latest build:
Then extract it somewhere. Might be your current dir if you are in for example in /home/ or /tmp/:
tar -zxf OCSNG_UNIX_SERVER-2.2RC1.tar.gz
Enter new directory and execute:
Now install script should configure pretty much for you. At one point you will have to answer non default way:
- When script will ask about main apache conf file. If you didn’t change anything paste this:/etc/apache2/apache2.conf*
- When script checks: Checking for Apache Include configuration directory…, paste this: /etc/apache2/sites-enabled*
- Script will ask if you want to use SOAP extensions and more likely report that libraries are missing. Just continue.
*this might be found in info.php results :)
Script should finish with a message that apache service needs to be restarted. We will do it in few moments.
Now it’s good time to fix some permissions:
chown -R www-data:www-data /var/www/html chown -R www-data:www-data /usr/share/ocsinventory-reports/
Now, restart apache:
service apache2 restart
After this there is OCS server is almost ready.
You should get install screen for OCS. Type in:
- root user for mySql
- root pass for mySql
- name of database: I use default: ocsweb
- hostname of mySql: localhost (since it all runs on one server)
Now you will get screen, that DB needs to updated. Press Perform the update. After upgrade you will be able to login to OCS server by typing admin as user and password.
Ok, back to command line. Installer sets default user and pass for ocsweb DB as ocs/ocs. It’s ok for test environment, but in production we need to change it.
- Login to phpMyAdmin with DB root login and pass
- Find users TAB in main windows
- Note, that there will be two ocs users, click on ocs@localhost (or whatever the host is)
- Click Edit Permissions
- Click Change password
- Change password and submit changes.
Now, OCS will stop working. It’s ok. Now we need to change password in OCS config:
nano /usr/share/ocsinventory-reports/ocsreports/dbconfig.inc.php replace "ocs" in line: define("PSWD_BASE","ocs"); with password you just set
Now OCS reports should be running again.
Now, just delete install script by typing following command:
Base OCS is now installed and running:)
4. LDAP Patch
As you should know by now, ocs supports external authentication through LDAP to Active Directory. It is very useful since you do not need to define users inside ocs, manage passwords etc. LDAP configuration tutorial is provided by OCS team on their wiki page: http://wiki.ocsinventory-ng.org/index.php/Documentation:OCSsynchroLDAP.
Above tutorial is quite simple, but I found group checking a little not working after setting all according to it. Basically all configuration is covered in it and you must follow it to enable LDAP. Just after enabling I encourge you to patch it a little to avoid:
- every LDAP authenticated user may login to ocs (no matter if he/she has specifed LDAP group)
- user with ldap group is added to local users DB. After removing user from group or group from user – he/she is still able to login
- LDAP user is granted specifed rights no matter if he/she is member of a specifed group or not
I think I have managed to fix this a little by editing 2 files:
Changed sources are attached below:
<?php //==================================================================================== // OCS INVENTORY REPORTS // Copyleft Erwan GOALOU 2010 (erwan(at)ocsinventory-ng(pt)org) // Web: http://www.ocsinventory-ng.org // // This code is open source and may be copied and modified as long as the source // code is always made freely available. // Please refer to the General Public Licence http://www.gnu.org/ or Licence.txt //==================================================================================== /* * LDAP custom authentication module * * This module will check and report if a LDAP user is valid based on the configuration supplied. * Adapted by Erico Mendonca <email@example.com> from original OCS code. * * I'm fetching a few LDAP attributes to fill in the user record, namely sn,cn,givenname and mail. * * * **/ /* * Small changes to clearly save user ldap groups in session instead of storing them in one big array with rest of data (like name, title cn etc). * Miłosz Engel */ connexion_local_read(); $sql="select substr(NAME,7) as NAME,TVALUE from config where NAME like '%s'"; $arg=array('%CONEX%'); $res=mysql2_query_secure($sql,$_SESSION