Pablo Iranzo Gómez's blog

jul 27, 2006

OCS Inventory Package deployment

Introduction

OCS Inventory is an excelent piece of GPL Software for getting info from hardware components, and software installed on computers running Windows or UNIX-like operating systems (there are also some unofficial clients for running on other platforms).

Since New Generation (OCS-NG), a new architecture was implemented: server were contacted using standard TCP/IP connection (Previous versions, used an MDB file to store information, and required a SMB share to inventory computers ), allowing remote computers to connect as well as providing a new web interface for computer administration, and inventory query.

Within new features, a new small client (about 64kb), was able to contact inventory server, and download from it the full set of required files (OcsAgent.exe) which was expanded to %SYSTEMDRIVE%ocs-ng, then executed, an inventory sent to server.

This approach had a little problem, if you had a small outgoing connection, serving a 700 Kb file was painful... but at least, despite some minor revision changes, machines were able to upgrade automatically (In many other times, you had to manually redeploy or force with the /DEPLOY:#VERNUMBER# the new deployment) when new version was deployed on the server.

With RC3, agent for installation uses near double that size, about 1.5 Mb, but the ability for after first installed, use external servers with a bigger upload bandwidth, eases installation of new versions in computers.

Release Candidate 3, and 1.0

OCS-NG RC3 came with important architectural changes, including several major and minor improvements, being these the more important ones:

  • Now the windows client works as a service (for the first time it includes a windows agent)
  • RC3 includes a component for software/files deployment/distribution

The new tool is called package deployment. This feature it is managed using the also improved admin web interface.

OCS-NG could be setup on different machines hosting each service:

  • An Inventory-receiving machine
  • An Admin web interface
  • A site with information about packages
  • A site with package fragments for deployment

or, as I did in my setup, use a Debian Linux machine for doing the four tasks, but I plan to relay the fourth task to other machines, when packages are bigger than expected.

Setting it up and running

I'll assume that you've running Apache, PHP, and were able to setup OCS using the bundled instructions, so you only have to enable new features for using package deployment.

First of all, we need SSL support in Apache.

Package deployment infrastructure, is too much powerfull, so it requiress SSL access to validate server before trying to download from it, so... we'll need some SSL certificates for use with our server.

I like http://www.cacert.org services: they sign your certificates, and provide one certificate aiming to be used with many FOSS projects, because it's free instead of paid certificates like the ones from Thawte or Verisign.

Getting SSL Certificates

First of all, we need to create a private key and a CSR (Certificate Signing Request) which we will send to CACERT for signing (please, note that if you don't have a domain name, will make it impossible to use OCS Package Deployment if your IP is also dynamic, so if that is your case (as was mine too), open an account at No-IP and create a URL-Redirector to your machine, you'll have to install an update client, but this will allow you to use certificates) it.

Having openssl installed, we will execute (please, double check that questions, specially CN exactly matches ServerName and "hostname", for it to work properly after) the following commands:

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr

First one, will create a private key called "server.key", second one, will create a CSR which we will paste at https://www.cacert.org/account.php?id=10 to get our server certificate signed.

For being able to use http://www.cacert.org services, we'll have to create an account and add a domain to it, this is verified sending an email to an account like webmaster, root or so, clicking on the supplied link, will entitle to work in representation of that domain.

After that, Cacert.org will show you a certificate for your server that you'll have to copy to a file called "server.crt".

Let's then download CACERT's root certificate to "cacert.pem"

Configuring apache for using that certificates

Next, we'll have to tell apache, to use this certificate for SSL support, in my case, I configured:

/etc/apache2/conf.d/ssl:
SSLProtocol all
SSLOptions +StdEnvVars
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile /etc/apache2/ssl/cacert.pem
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

So, I had to put server.crt, server.key and cacert.pem in /etc/apache2/ssl/

Next one, was to configure a new site that requires SSL to work:

/etc/apache2/sites-enabled/001-default:
ServerName yourserver.no-ip.org
NameVirtualHost \*:443
ErrorLog /var/log/apache2/errssl.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl.log combined
ServerSignature On
DocumentRoot /var/www
SSLEngine on
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".\*MSIE.\*" nokeepalive ssl-unclean-shutdown

Afterthat... we have to reload apache configuration and try to connect to https://yourserver.no-ip.org to check if everything is ok.

Well, if this works, we had the first and harder step done ;)

Creating a package

There are three types of packages: RUN, STORE and LAUNCH.

Each of them has different behaviour, one runs a command, the other downloads a file and stores it on a folder, and the other does a combined thing: downloads a file, unzips it, and then runs a command.

For Package creating, we must have write access to Apache's DocumentRoot/download folder, and after creation, copy contents of "/download" to "/", or as I did, gave write access to "/var/www", and create (ln -s . download) a symbolic link for download.

So... let's create a first package:

  1. We must login into OCS Web interface, and select (first menu option on first yellow icon) package creation
  2. We must assign a name for the package, Platform, Protocol and Priority (priority will allow us to decide package execution order in the client, the lower number, the higher priority)
  3. If we're going to upload files, we must ZIP it BEFORE, so OCS will unzip on client machine, and then run commands
  4. We choose an action, and then, a path (we can use system variables like %SYSTEMDRIVE%, %TEMP%, %USERPROFILE%,%PROGRAMFILES%, etc) to store the file, or command to run
  5. We can choose if we want the user to be warned about package execution, and even to allow user to delay execution (useful for service pack deployments, etc)

Next step, will allow us to specify fragments (pieces in wich the package will be splitted for allowing better deployment, making use of redownloading for only failed fragments, etc), as well as checksum for data validity

Your package, will be created then on "/var/www/download/#pkgid#".

Activating a package

Once a package has been defined, we have an "info" file, describing package actions, and package fragments, we can have them together or split it between different servers, and we will have to specify where is located each piece, before using it on our machines. That process is called "Activation".

When we select that option, we have to specify the pkgid, so we use the second menu entry in the package deployment icon, and we'll get a list of packages ready for activation, and then, we select "Activate" from the one we're interested in.

On package activation, we will be asked for two SERVERS (thanks to the development team, specially to Pascal who helped in determining that we require to specify server name, not URL) one with https (for downloading info file) and one with http for downloading fragments (if any).

After sending server names, OCS will check availability of "info" and fragment files (if any (On RUN packages, there is nothing to download prior to running the commands) and then, package will be activated and ready for next step.

Afecting a package

In this step, we can select a computer in the main view, or do a search using specific criteria, and as a result, apply a package on listed computers.

We can affect a package to several computers at once, just to one, and even, have different packages affect to the same computer....

OCS will connect, and execute actions defined in priority order...

How to get client side Package working

Packages from client side, are as easy to setup, as having a working OCS Agent Service installed and a file called cacert.pem, which we got from the SSL Creation step... having them in the OCS Agent folder, and a package affected to a computer, will make computer to download, and do the actions specified. ¿What are the pro's and con's of this method?

When installing OCSAgent, using: OCSAgentSetup.exe /S /SERVER:yourserver.no-ip.org, we have no cacert.pem file copied, so we must copy it by hand, or, as I did, use a scriptable install system whicho does this in one step.

I've used NSIS to create a script for doing this:

First, we'll have to create a folder and put in it:

  • OcsAgentSetup.exe
  • cacert.pem
  • NSIS Script
  • service.ini (in my case, for accelerating first inventory creation)

service.ini like this:

[OCS_SERVICE]
TTO_WAIT=10
PROLOG_FREQ=1
OLD_PROLOG_FREQ=1
Miscellaneous= /S /SERVER:yourserver.no-ip.org

And NSIS script with:

; Script edited using HM NIS Edit Script Wizard.
; Creator Pablo Iranzo Gómez (Pablo.Iranzo@uv.es)
; Homepage: http://Alufis35.uv.es/~iranzo/
; License: http://creativecommons.org/licenses/by-sa/2.5/  
; HM NIS Edit Wizard helper
defines
!define PRODUCT_NAME "OCS"
!define PRODUCT_VERSION "RC3"
!define PRODUCT_PUBLISHER "Pablo Iranzo Gomez (Pablo.Iranzo@uv.es)"
!define PRODUCT_WEB_SITE "http://Alufis35.uv.es/~iranzo/"
SetCompressor zlib
Name "${PRODUCT_NAME} ${PRODUCT_VERSION}"
OutFile "ocs-inst.exe"
InstallDir "$TEMP"
Icon "${NSISDIR}ContribGraphicsIconsmodern-install.ico"
SilentInstall silent
InstallDirRegKey HKLM "${PRODUCT_DIR_REGKEY}" ""  Section "Principal" SEC01
SetOverwrite on
SetOutPath "$TEMP"
File "OcsAgentSetup.exe"
Exec "$TEMPOcsAgentSetup.exe /S /SERVER:yourserver.no-ip.org"
Exec "$PROGRAMFILESOCS Inventory AgentOCSService.exe -stop"
SetOutPath "$PROGRAMFILESOCS Inventory Agent"
File "cacert.pem"
File "service.ini"
Exec "$PROGRAMFILESOCS Inventory AgentOCSService.exe -start"
Exec "$PROGRAMFILESOCS Inventory AgentOCSInventory.exe /SERVER:yourserver.no-ip.org /DEBUG"
SectionEnd
Section -Post
SectionEnd`

This script, when compiled, will create a ocs-inst.exe file, with all files needed packed in it, when executed, will:

  1. silently run
  2. extract OCSAgentSetup
  3. install it using silent install
  4. then, stop service
  5. output cacert.pem certificate in OCS Service folder
  6. replace service.ini for faster inventory, and then,
  7. start service
  8. Force DEBUG and hand-started inventory

This will leave us with a working OCS Agent Setup, with a valid certificate for autenticating against our deployment server, and ready for creating more packages.

I hope this document is good for you to test this excelent software.

Thanks (again) to the OCS Developing team (specially to Pascal Danek) for creating such a nice program, and helping in diagnosing problems found and setup procedures for correctly using it.

Thanks to Pablo Chamorro for reviewing this article too ;)

Have a look at OCS Deployment Tips and tricks to get ideas on how to use package deployment

Click to read and post comments

abr 12, 2004

Error según número de pitidos en la BIOS

Las BIOS (Basic Input Output System) de los pc's informan de los errores del hardware del pc en el arranque mediante un código de pitidos en el caso en el que no puede aparece nada por pantalla... aqui los podrás ver..

Código de errores emitido por la BIOS para indicar los problemas que surgen durante el POST (Power On Self Test (Autocomprobación tras el encendido)) del arranque:

Errores Fatales

  Número de Pitidos   Significado
  ------------------- -------------------------------------
  1                   Error de refresco DRAM
  2                   Fallo de los 640Kb Ram base
  4                   Error del timer de sistema
  5                   Fallo del procesador
  6                   Error de la puerta de teclado A20
  7                   Error de excepción del modo virtual
  9                   Error de checksum de la ROM-BIOS

Errores no fatales

  Número de Pitidos   Significado
  ------------------- -----------------------------------------------------------
  3                   Fallo de comprobación de memoria convencional y extendida
  8                   Fallo de monitor y fallo de trazado vertical y horizontal
Click to read and post comments

abr 06, 2004

Jumpers Olivetti Echos P75

Olivetti Echos Family (Tested on my P75, but obtained from the Internet) (Running now at 166 mhz)

Jumper Settings Processor Speed
1100 75 MHz
0000 90 MHz
0100 100 MHz
1110 100 MHz
0010 120 MHz
1111 120 MHz
0110 133 MHz
0011 150 MHz
1101 150 MHz
0001 166 MHz
0111 166 MHz

Switchs 1,2:

Switch 1 Switch 2 bus
OFF OFF 60
OFF ON 66.6
ON OFF 20
ON ON 50

Switch 3,4:

Switch 3 Switch 4 Multiplier
OFF OFF 1.5x
OFF ON 3x
ON OFF 2x
ON ON 2.5x

You'll find those jumpers under the sound card, remove the ring from the outside part of the notebook, then remove the plastic pieces that keep keyboard in its position, then remove a screw that is retainning an aluminum piece (acting as disipator for the microprocessor) . Then, you'll see the sound card piece in the left side of the notebook, lift it up and you'll see a four switch piece... configure it as showed in the table before and you'll set the new processor speed.

I don't know if this will damage your computer, so I give you no warranty, if you proceed, you're doing it at your own risk, all that I can say is that this worked for me. I've just replaced P75 for a P120 processor, I did this without any "overclocking" intention, just using real processor.

¡Good Luck!

Mine stopped working in August, the screen gets white and only Fn-F11 and Fn-F12 seems to work, hard disk is working properly, CPU too, so it seems a problem with the mainboard. I've found several cases on Internet regarding this problem, and some describe it as an oscillator problem that makes it boot sometimes and other no.

For me, it's always not working, I try from time to time because I keep hope on its awakening...

UPDATE: 1st October 2006, I've tried to boot it up for trying to update an USR2450 AP card I use with LinuxAP , and it booted! it said that there was a problem with the RTC clock, but after configuring bios properly, I have it on... when I'm finished with updating the pcmcia card (newer notebook has no pcmcia slot) I'll try to shutdown and retest...

SECOND UPDATE: After moving the notebook for connecting a parallel cable from my zip drive, computer shutdown, and now, has the video problem again... bad luck :'(

I've the following hardware if someone interested in buying it:

Olivetti Echos P75 system: - Motherboard - DSTN Screen - Spanish Keyboard - Sound card - Floppy drive - Used battery - Power adapter

THIRD UPDATE: 17th November 2007: At How to create a digital frame says that the problem with the blinking cursor is related with battery being exhausted (as a visitor pointed too). Will try :)

Click to read and post comments