English : OCS and GLPI installation guide
Lisez le Guide d'installation d'OCS et GLPI en français.
We consider the server is freshly installed : MySQL is not installed nor configured.
This article was writen with OCS version 1.02 RC3 and GLPI 0.71.2.
In this tutorial, I use rootsecret, ocssecret, glpisecret, syncsecret as password, of course, you should use other values...
The database server
MySQL installation, launch and activation :
# yum install mysql-server
# service mysqld start
# chkconfig mysqld on
Some security on the server : we must change the database administrator password, drop the test database, disable anonymous access, etc:
If you've completed all of the above steps, your MySQL installation should now be secure. (We will consider the root password is set to rootsecret)
OCS Inventory NG
# yum install ocsinventory
# service httpd restart
# chkconfig httpd on
Configuration and database schema creation :
Connect to http://localhost/ocsreports/install.php (must be modified if you are connected to the server from another computer).
- Step 1 : enter the MySQL administrator login and password, then Send.
- Step 2 : schema creation. If all is ok (must be true using the RPM), clic on Send
- Step 3 : installation final step. write somewhere the account created (admin/admin) and clic on Click here to enter OCS-NG GUI.
- Step 4 : choose your language (using the flag on the right top)
- Step 5 : connect to the application (admin/admin)
Congratulations. You have OCS installed !
Some required configuration options : open the pipe wrench / Configuration / Config and then the Server tabs:
- LOGLEVEL = On (really usefull when you encounter an issue)
- PROLOG_FREQ = 24 (time between 2 inventory)
- AUTO_DUPLICATE_LVL = crtieria used to detect that 2 computers are the same (I use Model + Serial + Mac Address).
- TRACE_DELETED = On (required by GLPI).
- SESSION_VALIDITY_TIME = 600 (session duration, the empty value provided is not valid).
Changing the application admin password is also really a good idea (don't forget it) : use the "key" icon on the right top.
During the installation step a new database ocsweb is created and a MySQL account ocs with a default password = ocs, which is really not secure.
We need to change the MySQL password :
# mysql -uroot -prootsecret
mysql> UPDATE mysql.user SET Password = PASSWORD('ocssecret') WHERE User = 'ocs';
mysql> FLUSH PRIVILEGES;
And to update the configuration file with this new password :
In the /etc/httpd/conf.d/ocsinventory-server.conf file (arround line 31) :
PerlSetVar OCS_DB_PWD ocssecret
In the /etc/ocsinventory/ocsinventory-reports/dbconfig.inc.php file :
Tell apache to reload his configuration for perl module to read the new parameter value:
# service httpd reload
To test the inventory feature, we are going to install the inventory agent on a first computer. Of course it will be on our server.
# yum install ocsinventory-agent
Now, send the inventory:
# ocsinventory-agent --server=localhost
If all is ok, your server should be in the computer list in OCS.
You can enable the automatic inventory of this computer, edit the /etc/sysconfig/ocsinventory-agent:
To start, we are going to create the database schema and the MySQL accounts for GLPI. Using the administrator (root) account is really a bad idea. The glpi account will be used by the application, and the synchro account for the synchronizaton process (to read the ocsweb database from glpi with only minimum rights).
N.B. in this example, the synchro user rights are reduce to the minimal. In the case you want to use some special plugins (uninstall p.e.), full right are required.
# mysql -uroot -prootsecret
mysql> CREATE USER 'glpi'@'%' IDENTIFIED BY 'glpisecret';
mysql> GRANT USAGE ON *.* TO 'glpi'@'%' IDENTIFIED BY 'glpisecret';
mysql> CREATE DATABASE IF NOT EXISTS `glpi` ;
mysql> GRANT ALL PRIVILEGES ON `glpi`.* TO 'glpi'@'%';
mysql> CREATE USER 'synchro'@'%' IDENTIFIED BY 'syncsecret';
mysql> GRANT USAGE ON *.* TO 'synchro'@'%' IDENTIFIED BY 'syncsecret';
mysql> GRANT SELECT ON `ocsweb`.* TO 'synchro'@'%';
mysql> GRANT DELETE ON `ocsweb`.`deleted_equiv` TO 'synchro'@'%';
mysql> GRANT UPDATE (`CHECKSUM`) ON `ocsweb`.`hardware` TO 'synchro'@'%';
mysql> FLUSH PRIVILEGES;
# yum install glpi
# service httpd reload
Database schema creation and configuration
Connect to the application : http://localhost/glpi/ it will launch the configuration wizard.
- select your language and : OK.
- read and accept the license (GPL) : Continue
- start the installation : Installation
- step 0 : prerequisites check (must be ok with the RPM) : Continue
- step 1 : enter the database connexion parameters (localhost / glpi / glpisecret) : Continue
- step 2 : select the glpi database and Continue
- step 3 : write somewhere the adminstrateur login and password (glpi/glpi) et Continue
- step 4 : also write the other account informations : Use GLPI
- Authentificate yourself with the new account : glpi/glpi
Congratulations (again) : you have GLPI installed !
By default, after installation, access to the installation assistant is only allowed from the computer where GLPI is installed. If this message is displayed:
Only local access allowed.
Check your configuration or contact your administrator.
you have to allow access from your computer in the /etc/httpd/conf.d/glpi.conf (see the comments).
Remind to keep this secured.
OCSNG mode configuration
OCSNG mode activation :
- Menu Setup / General
- Restrictions tabs
- Activate OCSNG mode : Yes, and Post
Server Configuration :
- Menu Setup / OCSNG mode
- Select the server created during installation: localhost
- Name: My OCS Server
- OCSweb host: localhost
- Name of the OCS database: ocsweb
- OCSweb database user: synchro
- OCSweb user password: syncsecret
You must get the Connection to OCS database successful message.
Now, we must configure the informations that will be imported from OCS to GLPI. Here is a few examples :
- Monitors : Unit import on Serial number
- Logiciels : Unit Import
- Use the software dictionary of OCS: No
- Number of computers to synchronize using the cron: 0 (we are going to use another solution)
- General informations Computers : Yes for all that you are interested by.
- Components : Yes for what you want.
- etc, etc (you should notice that a lot of behavior are configurable)
- Menu Tools / OCSNG
- Import new computers
In the displayed list, you should see your server (on which we have installed the agent). Don't ask for it to be imported as we are going to see how to use automatic synchronization.
Automatic OCSNG synchronization
This step is not required as the internal pseudo-cron integrated in GLPI also do an automatic synchronization. But this solution seems more cumfortable and flexible (at least, for me).
We are going to use the Mass import from OCSNG plugin.
Disconnect from GLPI (logout link) and install the plugin:
# yum install glpi-mass-ocs-import
Connect into GLPI to install / configure the plugin :
- Menu Setup / Plugins
- Link : OCS massive Import
- Link : Install OCS massive import plugin (plugin tables creation)
- Default OCS server: My OCS Server
- Post the configuration page
- Enable the synchronization
The planified task configured by the RPM will be launched every 5 minutes. Be patient, your first computer should be imported into GLPI.
Tu supervise the synchronization :
- Menu : Plugins / OCS Massive Import
- Tab : Informations about scripts execution
We have configured one of the best inventory and asset management solution in a few minutes (probably the best, as it is OpenSource)
You can now continue to deploy the inventory agent on your other computers, it's available for most OS.
Take also some time to read the official documentation to be able to tune your configuration to fully suite your need:
Don't forget than OpenSource projects exists thanks to their community and to their users contributions. So when you'll have seen what OCS and GLPI can do for you, don't forget to do something for this projects:
Comments and support
Of course, comments on this guide are welcome and could be posted here. For support questions, please, use each application official forums:
Don't forget to read and to respect forum usage rules.
Publié le vendredi 24 octobre 2008 par Remi