English : OCS and GLPI installation guide
Lisez le Guide d'installation d'OCS et GLPI en français.
We consider the server is freshly installed : MariaDB / MySQL is not installed nor configured.
This article was writen with OCS version 2.1.2 and GLPI version 0.90.1 on RHEL-7.2.
In this tutorial, I use rootsecret, ocssecret, glpisecret, syncsecret as password, of course, you should use other values...
The database server
For Fedora or Enterprise Linux >= 7, MariaDB installation, launch and activation :
# yum install mariadb-server # systemctl start mariadb # ystemctl enable mariadd
For Enterprise Linux <= 6, MySQL installation, launch and activation :
# yum install mysql-server # service mysqld start # chkconfig mysqld on
Some security on the server : we must change the database administrator password, drop the test database, disable anonymous access, etc:
If you've completed all of the above steps, your MariaDB / MySQL installation should now be secure. (We will consider the root password is set to rootsecret)
OCS Inventory NG
# yum install ocsinventory
For Fedora or Enterprise Linux >= 7, Apache HTTP server, launch and activation :
# systemctl restart httpd # systemctl enable httpd
For Enterprise Linux <= 6, Apache HTTP server, launch and activation :
# service httpd restart # chkconfig httpd on
Configuration and database schema creation :
Connect to http://localhost/ocsreports/install.php (must be modified if you are connected to the server from another computer).
- Step 1 : enter the MariaDB / MySQL administrator login and password, then Send.
- Step 2 : schema creation. If all is ok (must be true using the RPM), clic on Send
- Step 3 : installation final step. write somewhere the account created (admin/admin) and clic on Click here to enter OCS-NG GUI.
- Step 4 : choose your language (using the flag on the right top)
- Step 5 : connect to the application (admin/admin)
Congratulations. You have OCS installed !
Some required configuration options : open the pipe wrench / Configuration / Config and then the Server tabs:
- LOGLEVEL = On (really usefull when you encounter an issue)
- PROLOG_FREQ = 24 (time between 2 inventory)
- AUTO_DUPLICATE_LVL = crtieria used to detect that 2 computers are the same (I use Model + Serial + Mac Address).
- TRACE_DELETED = On (required by GLPI).
- SESSION_VALIDITY_TIME = 600.
Changing the application admin password is also really a good idea (don't forget it) : use the "key" icon on the right top.
During the installation step a new database ocsweb is created and a MariaDB / MySQL account ocs with a default password = ocs, which is really not secure.
We need to change the MariaDB / MySQL password :
# mysql -uroot -prootsecret MariaDB> UPDATE mysql.user SET Password = PASSWORD('ocssecret') WHERE User = 'ocs'; MariaDB> FLUSH PRIVILEGES; MariaDB> exit
And to update the configuration file with this new password :
In the /etc/httpd/conf.d/ocsinventory-server.conf file (arround line 29) :
PerlSetVar OCS_DB_PWD ocssecret
In the /etc/ocsinventory/ocsinventory-reports/dbconfig.inc.php file :
Tell apache to reload his configuration for perl module to read the new parameter value:
# service httpd reload
To test the inventory feature, we are going to install the inventory agent on a first computer. Of course it will be on our server.
# yum install ocsinventory-agent
Now, send the inventory:
# ocsinventory-agent --nolocal --server=localhost
If all is ok, your server should be in the computer list in OCS.
You can enable the automatic inventory of this computer, edit the /etc/sysconfig/ocsinventory-agent:
To start, we are going to create the database schema and the MariaDB / MySQL accounts for GLPI. Using the administrator (root) account is really a bad idea. The glpi account will be used by the application, and the synchro account for the synchronizaton process (to read the ocsweb database from glpi with only minimum rights).
N.B. in this example, the synchro user rights are reduce to the minimal. In the case you want to use some special plugins (uninstall p.e.), full right are required.
# mysql -uroot -prootsecret MariaDB> CREATE USER 'glpi'@'%' IDENTIFIED BY 'glpisecret'; MariaDB> GRANT USAGE ON *.* TO 'glpi'@'%' IDENTIFIED BY 'glpisecret'; MariaDB> CREATE DATABASE IF NOT EXISTS `glpi` ; MariaDB> GRANT ALL PRIVILEGES ON `glpi`.* TO 'glpi'@'%'; MariaDB> CREATE USER 'synchro'@'%' IDENTIFIED BY 'syncsecret'; MariaDB> GRANT USAGE ON *.* TO 'synchro'@'%' IDENTIFIED BY 'syncsecret'; MariaDB> GRANT SELECT ON `ocsweb`.* TO 'synchro'@'%'; MariaDB> GRANT DELETE ON `ocsweb`.`deleted_equiv` TO 'synchro'@'%'; MariaDB> GRANT UPDATE (`CHECKSUM`) ON `ocsweb`.`hardware` TO 'synchro'@'%'; MariaDB> FLUSH PRIVILEGES; MariaDB> exit
# yum install glpi # service httpd reload
Database schema creation and configuration
Connect to the application : http://localhost/glpi/ it will launch the configuration wizard.
- select your language and : OK.
- read and accept the license (GPL) : Continue
- start the installation : Installation
- step 0 : prerequisites check (must be ok with the RPM, including SELinux) : Continue
- step 1 : enter the database connexion parameters (localhost / glpi / glpisecret) : Continue
- step 2 : select the glpi database and Continue
- step 3 : write somewhere the adminstrateur login and password (glpi/glpi) et Continue
- step 4 : also write the other account informations : Use GLPI
- Authentificate yourself with the new account : glpi/glpi
Congratulations (again) : you have GLPI installed !
By default, after installation, access to the installation assistant is only allowed from the computer where GLPI is installed. If this message is displayed:
Only local access allowed.
Check your configuration or contact your administrator.
you have to allow access from your computer in the /etc/httpd/conf.d/glpi.conf (see the comments).
Remind to keep this secured.
OCSNG mode configuration
OCS Inventory NG plugin activation :
- Menu Setup / Plugins
- OCS Inventory NG => Install
- OCS Inventory NG => Enable
Server Configuration :
- Menu Tools / OCS Inventory NG
- Open configuration (monkey wrench icon) => OCSNG Servers
- Create a new server (+ icon)
- Name: My OCS Server
- OCSweb host: localhost
- Name of the OCS database: ocsweb
- OCSweb database user: synchro
- OCSweb user password: syncsecret
- Active: yes
- Synchronisation method: standard
- Database in UTF8: yes
On the test tab:
- You must get the Connection to OCS database successful message.
Now, we must configure the informations that will be imported from OCS to GLPI. Here is a few examples :
Import options tab:
- Monitors : Unit import on Serial number
- Logiciels : Unit Import
- Use the software dictionary of OCS: No
- Number of computers to synchronize using the cron: 0 (we are going to use another solution)
General informations tab:
- Computers : Yes for all that you are interested by.
- Components : Yes for what you want.
- etc, etc (you should notice that a lot of behavior are configurable)
- Menu Tools / OCS Inventory NG
- Import new computers
In the displayed list, you should see your server (on which we have installed the agent). You can import it and check retrieved information.
Automatic OCSNG synchronization - standard mode
Menu Setup / Automatic actions
- Open the ocsng action
- Run frequency: 5 minutes (a small value is prefered, to get quickly new inventories and avoid a huge waiting queue)
- Status: scheduled
- Run mode: CLI (managed by system, already configured by the RPM installation)
Automatic OCSNG synchronization - standard mode
I advice against this mode, which give no benefit on standard mode (the old optimisation is broken since GLPI 0.85)
We have configured one of the best inventory and asset management solution in a few minutes (probably the best, as it is OpenSource)
You can now continue to deploy the inventory agent on your other computers, it's available for most OS.
Take also some time to read the official documentation to be able to tune your configuration to fully suite your need:
Don't forget than OpenSource projects exists thanks to their community and to their users contributions. So when you'll have seen what OCS and GLPI can do for you, don't forget to do something for this projects:
Comments and support
Of course, comments on this guide are welcome and could be posted here. For support questions, please, use each application official forums:
Don't forget to read and to respect forum usage rules.
Publié le vendredi 24 octobre 2008 par Remi