Prerequisites

This guide is designed for Fedora, RHEL and CentOS distributions which provides RPM of OCS and GLPI in their official repositories (also available here, you need to activate my repository).

We consider the server is freshly installed : MariaDB / MySQL is not installed nor configured.

This article was writen with OCS version 2.1.2 and GLPI version 0.90.1 on RHEL-7.2.

In this tutorial, I use rootsecret, ocssecret, glpisecret, syncsecret as password, of course, you should use other values...
 

The database server

For Fedora or Enterprise Linux >= 7, MariaDB installation, launch and activation :

# yum install mariadb-server
# systemctl start mariadb
# ystemctl enable mariadd

For Enterprise Linux <= 6, MySQL installation, launch and activation :

# yum install mysql-server
# service mysqld start
# chkconfig mysqld on

Some security on the server : we must change the database administrator password, drop the test database, disable anonymous access, etc:

# mysql_secure_installation

If you've completed all of the above steps, your MariaDB / MySQL installation should now be secure. (We will consider the root password is set to rootsecret)
 

OCS Inventory NG

Installation :

# yum install ocsinventory

For Fedora or Enterprise Linux >= 7, Apache HTTP server, launch and activation :

# systemctl restart httpd
# systemctl enable httpd

For Enterprise Linux <= 6, Apache HTTP server, launch and activation :

# service httpd restart
# chkconfig httpd on

Configuration and database schema creation :

Connect to  http://localhost/ocsreports/install.php (must be modified if you are connected to the server from another computer).

  • Step 1 : enter the MariaDB / MySQL administrator login and password, then Send.
  • Step 2 : schema creation. If all is ok (must be true using the RPM), clic on Send
  • Step 3 : installation final step. write somewhere the account created  (admin/admin) and clic on Click here to enter OCS-NG GUI.
  • Step 4 : choose your language (using the flag on the right top)
  • Step 5 : connect to the application (admin/admin)

Congratulations. You have OCS installed  !

Some required configuration options : open the  pipe wrench / Configuration / Config and then the Server tabs:

  • LOGLEVEL = On (really usefull when you encounter an issue)
  • PROLOG_FREQ = 24 (time between 2 inventory)
  • AUTO_DUPLICATE_LVL = crtieria used to detect that 2 computers are the same (I use Model +  Serial + Mac Address).
  • TRACE_DELETED = On (required by GLPI).
  • SESSION_VALIDITY_TIME = 600.

Changing the application admin password is also really a good idea (don't forget it) : use the "key" icon on the right top.

During the installation step a new database ocsweb is created and a MariaDB / MySQL account ocs with a default password = ocs, which is really not secure.

We need to change the MariaDB / MySQL password :

# mysql -uroot -prootsecret
MariaDB> UPDATE mysql.user SET Password = PASSWORD('ocssecret') WHERE User = 'ocs';
MariaDB> FLUSH PRIVILEGES;
MariaDB> exit

And to update the configuration file with this new password :

In the  /etc/httpd/conf.d/ocsinventory-server.conf file (arround line 29) :

PerlSetVar OCS_DB_PWD ocssecret

In the /etc/ocsinventory/ocsinventory-reports/dbconfig.inc.php file :

$_SESSION["PSWD_BASE"]="ocssecret"

Tell apache to reload his configuration for perl module to read the new parameter value:

# service httpd reload

 

First computer

To test the inventory feature, we are going to install the inventory agent on a first computer. Of course it will be on our server.

# yum install ocsinventory-agent

Now, send the inventory:

# ocsinventory-agent --nolocal --server=localhost

If all is ok, your server should be in the computer list in OCS.

You can enable the automatic inventory of this computer, edit the  /etc/sysconfig/ocsinventory-agent:

OCSMODE[0]=cron
OCSSERVER[0]=http://localhost/ocsinventory

 

GLPI

To start, we are going to create the database schema and the MariaDB / MySQL accounts for GLPI. Using the administrator (root) account is really a bad idea. The glpi account will be used by the application, and the synchro account for the synchronizaton process (to read the ocsweb database from glpi with only minimum rights).

N.B. in this example, the synchro user rights are reduce to the minimal. In the case you want to use some special plugins (uninstall p.e.), full right are required.

# mysql -uroot -prootsecret
MariaDB> CREATE USER 'glpi'@'%' IDENTIFIED BY 'glpisecret';
MariaDB> GRANT USAGE ON *.* TO 'glpi'@'%' IDENTIFIED BY 'glpisecret';
MariaDB> CREATE DATABASE IF NOT EXISTS `glpi` ;
MariaDB> GRANT ALL PRIVILEGES ON `glpi`.* TO 'glpi'@'%';
MariaDB> CREATE USER 'synchro'@'%' IDENTIFIED BY 'syncsecret';
MariaDB> GRANT USAGE ON *.* TO 'synchro'@'%' IDENTIFIED BY 'syncsecret';
MariaDB> GRANT SELECT ON `ocsweb`.* TO 'synchro'@'%';
MariaDB> GRANT DELETE ON `ocsweb`.`deleted_equiv` TO 'synchro'@'%';
MariaDB> GRANT UPDATE (`CHECKSUM`) ON `ocsweb`.`hardware` TO 'synchro'@'%';
MariaDB> FLUSH PRIVILEGES;
MariaDB> exit

Installation :

# yum install glpi
# service httpd reload

Database schema creation and configuration

Connect to the application : http://localhost/glpi/ it will launch the configuration wizard.

  • select your language and : OK.
  • read and accept the license (GPL) : Continue
  • start the installation : Installation
  • step 0 : prerequisites check (must be ok with the RPM, including SELinux) : Continue
  • step 1 : enter the database connexion parameters (localhost / glpi / glpisecret) : Continue
  • step 2 : select the glpi database and Continue
  • step 3 : write somewhere the adminstrateur login and password (glpi/glpi) et Continue
  • step 4 : also write the other account informations : Use GLPI
  • Authentificate yourself with the new account : glpi/glpi

Congratulations (again) : you have GLPI installed !

Security

By default, after installation, access to the installation assistant is only allowed from the computer where GLPI is installed. If this message is displayed:

Restricted area.
Only local access allowed.
Check your configuration or contact your administrator.

you have to allow access from your computer in the  /etc/httpd/conf.d/glpi.conf (see the comments).

Remind to keep this secured.

 

OCSNG mode configuration

OCS Inventory NG plugin activation :

  • Menu Setup / Plugins
  • OCS Inventory NG => Install
  • OCS Inventory NG => Enable

Server Configuration :

  • Menu Tools / OCS Inventory NG
  • Open configuration (monkey wrench icon) => OCSNG Servers
  • Create a new server (+ icon)
  • Name: My OCS Server
  • OCSweb host: localhost
  • Name of the OCS database: ocsweb
  • OCSweb database user: synchro
  • OCSweb user password: syncsecret
  • Active: yes
  • Synchronisation method: standard
  • Database in UTF8: yes
  • Add

On the test tab:

  • You must get the Connection to OCS database successful message.

Now, we must configure the informations that will be imported from OCS to GLPI. Here is a few examples :

Import options tab:

  • Monitors : Unit import on Serial number
  • Logiciels : Unit Import
  • Use the software dictionary of OCS: No
  • Number of computers to synchronize using the cron: 0 (we are going to use another solution)

General informations tab:

  • Computers : Yes for all that you are interested by.
  • Components : Yes for what you want.
  • etc, etc (you should notice that a lot of behavior are configurable)
  • Post

Check :

  • Menu Tools / OCS Inventory NG
  • Import new computers

In the displayed list, you should see your server (on which we have installed the agent). You can import it and check retrieved information.
 

Automatic OCSNG synchronization - standard mode

Menu Setup / Automatic actions

  • Open the ocsng action
  • Run frequency: 5 minutes (a small value is prefered, to get quickly new inventories and avoid a huge waiting queue)
  • Status: scheduled
  • Run mode: CLI (managed by system, already configured by the RPM installation)
  • Save

 

Automatic OCSNG synchronization - standard mode

I advice against this mode, which give no benefit on standard mode (the old optimisation is broken since GLPI 0.85)

Conclusion

We have configured one of the best inventory and asset management solution in a few minutes (probably the best, as it is OpenSource)

You can now continue to deploy the inventory agent on your other computers, it's available for most OS.

Take also some time to read the official documentation to be able to tune your configuration to fully suite your need:

Don't forget than OpenSource projects exists thanks to their community and to their users contributions. So when you'll have seen what OCS and GLPI can do for you, don't forget to do something for this projects:

 

Comments and support

Of course, comments on this guide are welcome and could be posted here. For support questions, please, use each application official forums:

Don't forget to read and to respect forum usage rules.