Versionen
In diesem Labguide wurde Ubuntu 16.04.2 LTS und OCS Inventory NG 2.3.1 verwendet
Grundinstallation
Es genügt ein minimales Linux-System ohne grafische Oberfläche.
Wie gewohnt erst mal alles updaten und neu starten
# apt update
# apt upgrade
# reboot
Editor und Tools installieren [evtl. noch ssh]
# apt install vim joe ntp
# apt install ssh
Installation Apache, Zertifikat erstellen und einbinden
# apt install apache2 apache2-doc
# mkdir /etc/ssl/ocs01
# cd /etc/ssl/ocs01
# openssl req -new -nodes -x509 -newkey rsa:2048 -keyout ocs01.key -out ocs01.crt -days 7300
Generating a 2048 bit RSA private key ............................................................+++ ..................................................+++ writing new private key to 'ocs01.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:Baden-Wuerttemberg Locality Name (eg, city) []:Musterstadt Organization Name (eg, company) [Internet Widgits Pty Ltd]:demo.hoelzle.net Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:ocs01.demo.hoelzle.net Email Address []:
# vi /etc/apache2/sites-available/default-ssl.conf [...] SSLCertificateFile /etc/ssl/ocs01/ocs01.crt SSLCertificateKeyFile /etc/ssl/ocs01/ocs01.key [...] # a2ensite default-ssl # a2enmod ssl
MySQL installieren und Benutzer erstellen
# apt install mysql-server
Kafeepause : Für OCS Inventory NG benötigte Module installieren
(zur besseren Lesbarkeit habe ich es in Blöcke aufgeteilt…)
# apt install libxml-simple-perl libdbi-perl libdbd-mysql-perl libapache-dbi-perl libnet-ip-perl
# apt install libsoap-lite-perl libio-compress-perl libperl5.22 libphp-pclzip php-dev
# apt install php-gd php-mysql libapache2-mod-perl2 libxml-simple-perl libio-compress-perl
# apt install libdbi-perl libdbd-mysql-perl libapache-dbi-perl libnet-ip-perl libsoap-lite-perl
# apt install libproc-daemon-perl libapache2-mod-perl2-dev libapache2-mod-php php-soap php7.0-mbstring
# apt install php-curl libxml-dom-perl libxml-smart-perl zip unzip
# apt install php7.0-zip
# cpan -i XML::Entities
Loading internal null logger. Install Log::Log4perl for logging messages
CPAN.pm requires configuration, but most of it can be done automatically.
If you answer 'no' below, you will enter an interactive dialog for each
configuration option instead.
Would you like to configure as much as possible automatically? [yes]
Fetching with LWP:
http://www.cpan.org/authors/01mailrc.txt.gz
Reading '/root/.cpan/sources/authors/01mailrc.txt.gz'
............................................................................DONE
Fetching with LWP:
http://www.cpan.org/modules/02packages.details.txt.gz
Reading '/root/.cpan/sources/modules/02packages.details.txt.gz'
Database was generated on Sun, 26 Mar 2017 14:41:02 GMT
.............
New CPAN.pm version (v2.16) available.
[Currently running version is v2.11]
You might want to try
install CPAN
reload cpan
to both upgrade CPAN.pm and run the new version without leaving
the current session.
...............................................................DONE
Fetching with LWP:
http://www.cpan.org/modules/03modlist.data.gz
Reading '/root/.cpan/sources/modules/03modlist.data.gz'
DONE
Writing /root/.cpan/Metadata
Running install for module 'XML::Entities'
Fetching with LWP:
http://www.cpan.org/authors/id/S/SI/SIXTEASE/XML-Entities-1.0002.tar.gz
Fetching with LWP:
http://www.cpan.org/authors/id/S/SI/SIXTEASE/CHECKSUMS
Checksum for /root/.cpan/sources/authors/id/S/SI/SIXTEASE/XML-Entities-1.0002.tar.gz ok
'YAML' not installed, will not store persistent state
Configuring S/SI/SIXTEASE/XML-Entities-1.0002.tar.gz with Makefile.PL
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for XML::Entities
Writing MYMETA.yml and MYMETA.json
SIXTEASE/XML-Entities-1.0002.tar.gz
/usr/bin/perl Makefile.PL INSTALLDIRS=site -- OK
Running make for S/SI/SIXTEASE/XML-Entities-1.0002.tar.gz
cp lib/XML/Entities.pm blib/lib/XML/Entities.pm
cp lib/XML/Entities/Data.pod blib/lib/XML/Entities/Data.pod
cp lib/XML/Entities/Data.pm blib/lib/XML/Entities/Data.pm
cp bin/download-entities.pl blib/script/download-entities.pl
"/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/download-entities.pl
Manifying 1 pod document
Manifying 3 pod documents
SIXTEASE/XML-Entities-1.0002.tar.gz
/usr/bin/make -- OK
Running make test
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/00-xml-entities-data.t .. ok
t/01-xml-entities.t ....... ok
t/02-unicode.t ............ ok
All tests successful.
Files=3, Tests=21, 3 wallclock secs ( 0.03 usr 0.01 sys + 3.10 cusr 0.02 csys = 3.16 CPU)
Result: PASS
SIXTEASE/XML-Entities-1.0002.tar.gz
/usr/bin/make test -- OK
Running make install
Manifying 1 pod document
Manifying 3 pod documents
Installing /usr/local/share/perl/5.22.1/XML/Entities.pm
Installing /usr/local/share/perl/5.22.1/XML/Entities/Data.pod
Installing /usr/local/share/perl/5.22.1/XML/Entities/Data.pm
Installing /usr/local/man/man1/download-entities.pl.1p
Installing /usr/local/man/man3/XML::Entities::Data.3pm
Installing /usr/local/man/man3/XML::Entities.3pm
Installing /usr/local/man/man3/download-entities.pl.3pm
Installing /usr/local/bin/download-entities.pl
Appending installation info to /usr/local/lib/x86_64-linux-gnu/perl/5.22.1/perllocal.pod
SIXTEASE/XML-Entities-1.0002.tar.gz
/usr/bin/make install -- OK
# cpan -i Compress::Zlib [....] cpan -i Apache2::SOAP [....]
perl -MCPAN -e shell install Apache2::SOAP install XML::Entities Exit
# a2enmod perl
Herunterladen der aktuellen OCS Inventory NG Version und auf den Server kopieren.
Entpacken und den installer starten
# tar –xvzf OCSNG_UNIX_SERVER-2.3.1.tar.gz
# cd OCSNG_UNIX_SERVER-2.3.1
# ./setup.sh
Alle Fragen können mit dem vorgeschlagenen Wert bestätigt werden.
Die Apache-Configuration aktivieren
# a2enconf ocsinventory-reports
# a2enconf z-ocsinventory-server
# service apache2 restart
Jetzt kann man schon mal den Aufruf testen: http://[servername oder ip]\ocsreports
Auch der Aufruf mittels https muss funktionieren: https://[servername oder ip]\ocsreports
Anpassen der php.ini
# vi /etc/php/7.0/apache2/php.ini [...] file_uploads = On upload_max_filesize = 5000M post_max_size = 5100M memory_limit = 128M max_execution_time = -1 max_input_time = -1 [...]
Anpassen der ocsinventory-reports.conf
# vi /etc/apache2/conf-enabled/ocsinventory-reports.conf
[...]
AddType application/x-httpd-php .php
php_flag file_uploads on
# Some PHP tuning for deployment feature up to 8 MB
# post_max_size must be greater than upload_max_filesize
# because of HTTP headers
php_value post_max_size 5100m
php_value upload_max_filesize 5000m
# You may have to uncomment following on errors
#php_value max_execution_time -1
#php_value max_input_time -1
# Uncomment following if you need to specify a mysql socket
#php_value mysql.default_socket "path/to/mysql/unix/socket"
#!! Mandatory !! : set magic_quotes_gpc to off (to make ocsreports works correctly)
php_flag magic_quotes_gpc off
[...]
Anpassen der Berechtigungen
# chown -R www-data:www-data /var/lib/ocsinventory-reports/ # chmod g+s /var/lib/ocsinventory-reports/ # chmod -R g+rwx /var/lib/ocsinventory-reports/
Wenn die Anmeldung funktioniert, noch das Installationsscript entfernen
# rm /usr/share/ocsinventory-reports/ocsreports/install.php
Das Standardpassword des MySQL Benutzers ändern
# mysql -u root -p mysql> SET PASSWORD FOR 'ocs'@'localhost' = PASSWORD('password'); mysql> SET PASSWORD FOR 'ocs'@'%' = PASSWORD('password'); mysql> flush privileges; mysql> exit
# vim /usr/share/ocsinventory-reports/ocsreports/dbconfig.inc.php [...] define("COMPTE_BASE","ocsuser"); define("PSWD_BASE","password"); [...]
# vim /etc/apache2/conf-available/z-ocsinventory-server.conf [...] PerlSetEnv OCS_DB_USER ocsuser PerlSetVar OCS_DB_PWD password [...]
Zusätzliche Anpassungen
# vim /etc/apache2/conf-available/z-ocsinventory-server.conf
[...]
#Web Service for plugin engine
# Apache 2.4
# Require local
# Apache 2.2
order deny,allow
allow from 127.0.0.1
#SetHandler perl-script
PerlHandler Apache::Ocsinventory::Plugins::Apache
[...]
Rechte für das Download-Verzeichnis anpassen:
# chmod -R -v 755 /var/lib/ocsinventory-reports/download
Apache-Config für den Download-Ordnder anpassen
# vi /etc/apache2/conf-enabled/ocsinventory-reports.conf
################################################################################
# Deployment packages download area
#
# Alias to put Deployment package files outside Apache document root directory
#
# Apache 2.4
Require all granted
Order deny,allow
Allow from all
Options Indexes FollowSymLinks
DirectoryIndex index.php
AllowOverride Options
Alias /download /var/lib/ocsinventory-reports/download
Verzichten auf [URL]/ocsreports
Wer auf die Eingaben von /ocsreports verzichten möchte, kann das einfach folgendermaßen Anpassen:
# vi /etc/apache2/sites-enabled/000-default.conf
#DocumentRoot /var/www/html DocumentRoot /usr/share/ocsinventory-reports/ocsreports
# vi /etc/apache2/sites-enabled/default-ssl.conf
#DocumentRoot /var/www/html DocumentRoot /usr/share/ocsinventory-reports/ocsreports
Lange habe ich versucht diesen Fehler zu beheben, was mir leider nicht gelungen ist.
Aus der Not heraus habe ich einfach mal eine Softwareverteilung gemacht uns siehe da, es funktioniert.
Somit kann man diesen Fehler als „kosmetisch“ betrachten und freizügig ignorieren.
Update 04.07.2018
Der OCS-Server verhält sich hier wie ein Client und benötigt deshalb eine gültige Zertifikatskette.
Das fehlende (root/intermediate/etc) Zertifikat nach /usr/local/share/ca-certificates kopieren und mit update-ca-certificates anwenden.
WEB-Service aktivieren
# vi /etc/apache2/conf-enabled/z-ocsinventory-server.conf
... # ===== WEB SERVICE (SOAP) SETTINGS ===== PerlSetEnv OCS_OPT_WEB_SERVICE_ENABLED 1 PerlSetEnv OCS_OPT_WEB_SERVICE_RESULTS_LIMIT 100 # PerlSetEnv OCS_OPT_WEB_SERVICE_PRIV_MODS_CONF "WEBSERV_PRIV_MOD_CONF_FILE" # Be careful: you must restart apache to make settings taking effects ...
Fehler:
[Thu Jun 29 13:11:07.449129 2017] [perl:error] [pid 23439] [client ::1:48002] Illegal field name ‚APR::Table=HASH(0x5618dd16b5a8)‘ at /usr/local/share/perl/5.22.1/SOAP/Transport/HTTP2.pm line 103.\n
Hier ist ein downgrade von libhttp-message-perl notwendig (vor Version 6.05!)
Entfernen der ursprünglichen Version und update verhindern
# dpkg -r --force-depends libhttp-message-perl
# apt-mark hold libhttp-message-perl
Entfernen der Verweise auf die libhttp-message-perl
# vi /var/lib/dpkg/status
-entfernen aller dependencies auf libhttp-message-perl
Herunterladen und installieren der funktionierenden Version.
# cd /tmp
# wget http://www.hoelzle.net/wp-content/uploads/2017/04/libhttp-message-perl_6.01.orig_.tar.gz
# tar zxf libhttp-message-perl_6.01.orig_.tar.gz
# cd HTTP-Message-6.01/
# perl Makefile.PL
# make
# make test
# make install
Testscript
"$proto://$host:$port/ocsinterface",
'uri' => "$proto://$host:$port/Apache/Ocsinventory/Interface",
'login' => $user,
'password' => $pass,
'trace' => TRUE,
'soap_version' => SOAP_1_1,
);
$request = '
FIRST
META
131071
0
131071
';
try {
$client = new SoapClient(NULL, $options);
} catch (Exception $e) {
echo "Construct Error: " . $e->getMessage() . "
";
}
try {
$result = $client->get_computers_V1($request);
echo "Headers:" . $client->__getLastRequestHeaders() . "
";
echo "Request:
" . $client->__getLastRequest() . "
";
echo "Result:
";
var_dump($result);
echo "
";
} catch (Exception $e) {
echo "Connection Error: " . $e->getMessage() . "
";
echo "Headers:
\r\n" . $client->__getLastRequestHeaders() . "
";
echo "Request:
\r\n" . $client->__getLastRequest() . "
";
}
Danach ein Neustart des Systems machen!