OCS Inventory tracks and inventories computer assets, and provides automatic package deployment and integration with ticket tracking systems like GLPI. Here is how to install an OCS Inventory Server 2.1 on Ubuntu 12.04 and setup the Windows agent automatically to deploy automatically to Windows clients using a logon script.
Install a clean Ubuntu 12.04 Server. During the installation, no additional packages are required, however the SSH Server is always handy for remote administration. Change the hostname now, since changing it later will break the SSL certificate that the installation process will generate.
Ubuntu contains packages to install OCS Inventory Server 2.0.2, which is not the latest version and the agents and packagers compatible with this version do not work well on modern, up-to-date operating systems. To install the OCS Inventory Server 2.1, along with all required dependencies, use the ocs2-1.sh script from the angryelectron automate repo on Github.
- You’ll be prompted for a new password for the mysql “root” user (assuming mysql has not been previously installed). The password can be anything you wish, but remember what it is as you’ll need it later on.
- CPAN will prompt: “Would you like to configure as much as possible automatically?” Yes! Yes you would! Simply press enter to accept all the default values.
- OCS will prompt: “Do you wish to continue” – again, press enter to accept the default values (Unless you are upgrading, in which case you are on your own!)
- The script will pause and ask you to complete some configuration using the web interface. Load http://<hostname>/ocsreports, and change the mysql user from “ocs” to “root”, then enter the mysql root password you created earlier. Hit Submit, then review the next page for errors. If all looks OK, hit “Submit Query” at the bottom of the page. Note the default user name and password given.
- Return to the shell script and press Enter to continue.
- Enter a new password for the OCS database followed by the root mysql password
- When the script is complete, login to the web interface and address any errors shown.
The OCS Inventory Server should now be ready for use.
Configuring Server for Package Deployment
- If you are going to be using OCS to deploy software packages to clients, don’t forget to change Config -> Deployment -> Download to “ON” and possibly change the download settings to smaller values (ie. 1second) so things deploy faster.
- If deploying large packages (>100M), review the post_max_size and upload_max_size settings in /etc/apache2/conf.d/ocsinventory-reports.conf.
- Large deployment packages may exceed the maximum amount of memory a PHP script may consume. You can solve this by adjusting the memory_limit in /etc/php5/apache2/php.ini, or (preferable) deploying your package in smaller fragment sizes.
The OCS Inventory Agent runs on client machines, checks for packages to be deployed, and gathers and sends inventory data back to the server. While the OCS Inventory Agent can be installed manually on each machine, deploying it automatically is much more useful. The process is generally this:
- Assemble build tools
- Build a deployment package that includes the OCS Windows Agent
- Upload the Agent to the deployment server
- Using Group Policy, tell the OCS Logon tool to run when a user logs on
- Configure OCS Logon to check for a deployed Agent, and deploy it if necessary.
- Once the agent has been deployed, it will run as a service and send inventory reports automatically.
This all needs to take place on a Windows machine.
Assemble Build Tools
- Create a new, temporary folder called OCS-BUILD which will be used to assemble all the executables and certificates needed.
- Copy ‘cacert.pem’ from the server (created in the same directory as ocs.sh) into the OCS-BUILD directory.
- Download OCS Packager 126.96.36.199 and extract OcsPackager.exe into the OCS-BUILD directory. This is not the default version but a version found in the support forums that fixes an issue in which the Packager cannot write the final output without permission errors.
- Download OCSNG-Windows-Agent-2.1 and extract OcsLogon.exe and OCS-NG-Windows-Agent-Setup.exe into OCS-BUILD directory.
- Download PsTools and extract PSExec.exe into the OCS-BUILD directory.
Build Deployment Package
Assuming you are using the Windows Domain ‘DOMAIN’, I recommend creating a domain user called “ocsinventory” and granting it Administrator rights. When the package is deployed, this is the user that will run the installation process, so it must have permissions to install programs and start/stop services.
Run OcsPackager.exe in the OCS-BUILD directory and enter the following:
- Agent Setup File = OCS-NG_Windows-Agent-Setup.exe
- Certificate File = cacert.pem
- Command Line = /S /server:<ip or dns of server> /np /DEBUG
- User = DOMAIN\username
- Password = <DOMAIN\username’s password>
When you click “Next”, the tool will create a file called “OcsPackage.exe”. Rename it to “ocspackage.exe” (case matters) and remember not to confuse it with “OcsPackager.exe”. You can test your settings at this point by running ocspackage.exe with elevated privileges (Right-Click -> Run As Administrator).
Still on the Windows machine, launch a browser, navigate to http://<ocsserver>/ocsreports, and login. Then:
- Click the Wrench icon
- Select “Agent”
- Click “Add file”
- Browse and select ocspackage.exe which you created in the previous step.
- Click “Send”
You now have a deploy-able package on your OCS Inventory server that will install and run the Windows OCS Inventory Agent. This package also includes the server certificate that is required to deploy other types of packages. If you want to test your work so far, browse to http://<ocsserver>/ocsinventory/deploy/ocspackage.exe – an executable should download which, when run with elevated privileges, installs the OCS Inventory agent.
Create a Login Script
- Launch the Group Policy Management tool (built into your Windows Domain Controller, or installed as part of the Remote Server Admin Tools from Microsoft).
- Expand Forest, Domains, <DOMAIN>
- Right-Click “Group Policy Objects” and select New. Give the policy a name (eg. OCS Inventory)
- In the new policy, expand User Configuration, Policies, Windows Settings, Scripts
- Right-click “Logon” and select properties.
- Click “Add”
- Enter “ocslogon.exe” as the Script Name
- Enter “/SERVER=http://<ip or dns of server>/ocsinventory /PACKAGER /DEPLOY=188.8.131.52 /DEBUG” as the parameters
- Click “OK’.
- Click “Show Files”, then copy OcsLogon.exe from the OCS-BUILD directory into the Logon folder.
- Close the Logon folder and click “OK” in the Logon Properties window.
- Close the Group Policy Editor window
- Back in the Group Policy Management window, drag and drop the newly created “OCS Inventory” policy onto the <DOMAIN> node (ie. the node below Forest and below Domains. This will link the new policy to the domain.
Now, whenever a user logs into a domain computer, ocslogon.exe will run. OcsLogon will check if the OCS Inventory Agent is installed. If not (or if an older version is found), OcsLogon will automatically contact the OCS server and attempt to deploy the ocspackage.exe package. When run as part of a logon script, ocspackage.exe will be executed automatically with elevated privileges, unlike earlier during testing when this step had to be done manually.
After logging into a domain computer for the first time, the OCS Inventory agent should run and send an inventory report to the server. Login to the server and verify the computer appears. If it does not, there are several log files to check which may reveal the problem.
On the Server
Look for perl, permissions, and access errors.
On the Windows Client
- %temp%/OcsLogon.log – created when ocslogon.exe runs
- %temp%/ocspackage.log – created when the Agent is deployed
- %programdata%/OcsInventory NG/Agent/OCSInventory.log – created when the Inventory is created/sent. There are other log files in the Agent directory that might be useful too.
To add an Ubuntu computer to OCS Inventory, simply install the agent (sudo apt-get install ocsinventory-agent), then run it (sudo ocsinventory-agent). The agent will run periodically from a cron job to keep the inventory up to date. Older Agents (apt-get installs version 2.0.1) are all compatible with the latest server version.