Status
all OK

1. Introduction

Uranos is not only a tool to install operating systems. It is a system/network management software.

1.1. Thanks

Special thanks to all people who helped to develop and test this software.
Thanks also to the pear people. Some functionality is based on the pear stuff.

1.2. About

The design of uranos is build to have an easy application framework. For each webapplication you have to ask the same questions again and again:
  • Authentification
  • Database
  • Securtity
  • Search
  • Calendar
  • ...

  • Uranos is built to give you an environment which includes this main functionality:
  • Permission management
  • Authentification to database, LDAP (also M$ Active Directory), IMAP, Radius
  • User[+Group]backend: database or LDAP
  • Different security checks (e.g. Prevent Session Hijacking, check POST,GET and FILE variables,....)
  • Templating for easy customize the views
  • Installing the webapplication
  • ...

  • 2. Installation

    2.1. Components

    2.1.1. External components

    External components depends on your set up and your needs. This will give you an overview for what you need which component.

    2.1.1.1. Fileserver

    You will need a fileserver for different things. The first is for the boot-cd. The boot-cd can handle the following servers:
  • NFS Use your NFS Server to hold the environment.
  • SSH You can use a ssh server for mount your environment. This is supported through the sshfs project.
  • SMB/CIFS This can be a simple share from a Microsoft computer or a Samba share
  • Local (for local mount the environment, maybe on a usb-stick or a dvd)
  • See boot cd options how to configure the kernel for this features.
    For the os installation the fileserver depends on the installation method of the os you want to install. For example you can install fedora through:
  • http
  • nfs
  • ftp
  • For the Microsoft Windows os-installation you can use the supported filesystems from the boot cd (see above).
    For the software installation in Microsoft Windows through the tools postinst.js and wemerge.cmd you will need a SMB/CIFS share from a Microsoft computer or a Samba share.

    2.1.1.2. Webserver

    You need a webserver with php support to run the GUI. We preffer to use Linux as platform for running the Apache-Webserver.
    But it is also possible to run the GUI in every other webserver with php support.

    2.1.1.3. DHCP

    A DHCP-Server is optional. A DHCP-Server gives you the possibility to assign an IP address automatically to your clients. Also it is a precondition to boot your clients via PXE. We prefer to use the DHCP-Server from Internet Systems Consortium. The ISC-DHCP-Server has the possibility to hold your configuration in a LDAP tree. The GUI gives you the availability to manage the DHCP configuration in your LDAP tree. It is also possible to use this LDAP configuration for other DHCP-Servers because the module is based on the Ldap-schema-draft for DHCP.

    2.1.1.4. DNS

    A DNS-Server is optional. A DNS-Server gives you the possibility to assign names to IP addresses. We prefer to use the ISC BIND DNS-Server from Internet Systems Consortium. This ISC BIND DNS-Server can get the configuration from a LDAP tree. The GUI gives you the availability to manage the DNS configuration in your LDAP tree.

    2.1.1.5. PXE

    The PXE (Preboot Execution Environment) is optional. You can boot your clients over the wired network in a PXE.
    For the PXE you will need:
  • TFTP-Server
  • DHCP-Server
  • pxelinux.0 - from the SYSLINUX distribution

  • With the SYSLINUX distribution you are also able to build graphical menus:
    Pxelinux-menu.jpg
    The GUI gives you the availability to manage the global PXE configuration and the configuration for each client.

    2.1.1.6. TFTP

    A TFTP-Server is optional. You will need the TFTP-Server for your PXE boot. The server is used to provide the pxelinux file and configuration.

    2.1.2. Internel components

    The internal components will give you an overview about how you can use the GUI to manage the internal or external components.

    2.1.2.1. Authentification

    The user authentification is handled by an internal API.
    Currently the API supports these storage drivers:
  • MDB2 Storage container using PEAR MDB2.
  • IMAP Storage container for use against IMAP servers.
  • LDAP Storage container for use against LDAP servers. - also Active Directory.

  • The GUI provides simple setup for these modules:
  • LDAP Use your LDAP Server or your Microsoft Active Directory Server.
  • IMAP Use your IMAP Server.
  • DB - Use every supported MDB2 (mssql, mysql, mysqli, pgsql,...) whith your own username/password table.

  • Settings_auth.jpg

    2.1.2.2. User/Group back-end

    The User/Group back-end is different to your authentification settings. This means you can manage your users in the database (every supported database from the pear package DB) and authentificate them against your IMAP Server, or use the LDAP Server to manage the users but authentificate them against a database. The idea behind this is that you can use your internal user database. Currently the following back-ends are supported:
  • LDAP and through this also (but untested) Active Directory
  • Database in every supported DB (fbsql, ibase, informix, msql, mssql, mysql, mysqli, oci8, odbc, pgsql, sqlite and sybase)

  • 2.1.2.3. LDAP

    For the LDAP back-end you have to set up the parameters in the config file
  • Set this to "1" to enable the LDAP back-end:
  • //use ldap as user/groups backend
    $u_cfg["useldap"] = 1;

  • set this to your needs, the ldapdb is used for read actions, the backupldapdb is used for write actions
  • //ldap database only need if u use ldap user/groups backend
    $u_cfg["ldapdb"]=array(
    "phptype" => "ldap",
    "username" => "unattended",
    "password" => "password",
    "port" => "389",
    "hostspec" => "localhost",
    "database" => "dc=example,dc=de"
    );

  • set this to you needs, the user you set up here needs write permissions on your user and groups in your LDAP tree
  • //ldap backupdatabase for write actions --> only need if u use ldap user/groups backend
     $u_cfg["backupldapdb"]=array(
    "phptype" => "ldap",
    "username" => "unattended",
    "password" => "password",
    "port" => "389",
    "hostspec" => "localhost",
    "database" => "dc=example,dc=de"
    );

    The settings are also used for the module Ldap Manager.

    2.1.2.4. DB

    The DB back-end is enabled if your are running through the install process from the GUI.
    Parameters in the config file:
  • Set this to "0" to disable the LDAP back-end:
  • //use ldap as user/groups backend
    $u_cfg["useldap"] = 0;

  • This are the connection settings for the database:

  • //database
    $u_cfg["database"]=array(
    "phptype" => "mysql",
    "username" => "unattended",
    "password" => "",
    "hostspec" => "localhost",
    "database" => "unattended"
    );

    2.1.2.5. Modules


    The GUI is designed modular. This means that you can run the GUI for different setups, for example as a GUI to syslog-servers.
    Through the modular system it is easy for you to write your own modules. You can use the API from the GUI which provides you with easy functions. For example to add a entry into a table in a database you can use:
    db_insert($tablename,$fields,$dbd="");
    db_insert('part_computerconfig',array('pid'=>$pid,'hdtype'=>$hdtype,'computername'=>$computername,'mbr'=>$mbr));
    the $dbd can be your own database DSN.
    There are core modules which you can not install or uninstall. The following core modules will be setup and installed through the installation:
  • User (core) The user module manages the users in your User/Group back-end.
  • Groups (core) The group module manages the groups in your User/Group back-end.
  • Settings (core) The settings module manages blocks, permissions, language, modules, connectors, sessions, update and authentification settings.

  • 2.1.2.6. Connectors

    The main idea behind the connectors is that you can bind easy functionality to your computers. It is a precondition that you install the module computer to use the connectors.
    The internal connectors are:
  • Checklist
  • Comments
  • DHCP Ldap
  • DNS Ldap
  • Inventory (fusioninventory)
  • Status

  • One example how to bind other informations to a computer is:
  • Request Tracker http://bestpractical.com/

  • It is also possible to use other inventory-tools or databases to bind them to the GUI. For example there is a connector for
  • Open Computers and Software Inventory
  • which access the data via the SOAP interface of OCS.

    2.1.2.7. Boot environment

    The boot environment is used for different scenarios. You will need the boot environment for installing Microsoft Windows (2000/XP/2003/Vista/2008). But you can use the boot environment for other things like backup, restore, disk wipe out and so on...
    2.1.2.7.1. Componets
  • kernel - linux kernel which is optimized for harddisk and network support
  • initrd - the root filesystem for the kernel, all programs except the profile scripts
  • /z - The directory structure which holds the profile environment

  • The components of the boot environment can be used in different ways:
  • kenel/initrd can be boot from cd,usb,pxe(network) or other bootable devices
  • /z can be mount from network (cifs,sshfs,nfs) or from a local device (cd,usb,harddisk,..)

  • 2.1.2.7.2. Boot process
  • The kernel and initrd is loaded by the used boot manager. If you are using the cd the boot manager is syslinux.
  • The /init which is located in the initrd is loaded by the kernel. The init is a bash script.
  • init starts:
  • Mounting /proc and /sys
  • Mounting /dev for udev
  • Start udev
  • Fire up shells on virtual consoles 2 and 3
  • Start /etc/master on virtual console 1
  • -> /etc/master take control:
  • Sending log output to /dev/tty4
  • Starting syslog - logging to /dev/tty5
  • Setting umask
  • Disable kernelmessages
  • Load keyboard settings (if defined)
  • Setting up hardware
  • Force loading modules
  • configure network (DCHP or manually)
  • configure / mount /z (this can be from network (cifs,sshfs,nfs) or from a local device (cd,usb,harddisk,..))
  • gives controll to z/bin/init.sh
  • -> z/bin/init.sh:
  • source the z/etc/init.conf
  • init.sh control your profiles (defined in z/etc/init.conf or via the kernel command line)
  • init.sh starts the selected profile -> see next section for profile informations
  • /etc/init/profile/PROFILENAME/ is started

  • 2.1.2.7.3. Profiles
    The main idea behind the profiles is that you can use the same boot environment for different solutions. Profiles are simple directories which may have one ore more scripts inside. You can specify the profile you want to start via:
  • kernel command line (profile=PROFILENAME)
  • the file z/etc/init.conf

  • The profile directories can contain more than one script. All executable files in this directory will be run in alphabetical order.
    2.1.2.7.4. z/etc/init.conf
    This is the main configuration file for the boot environment.

    2.2. Run the install script

    2.2.1. Download

    Main Download page:
  • http://sourceforge.net/projects/uranos/files/

  • 2.2.2. Install and preapare webserver

    For installing all needed packages you have to install at least (this is only an example, you are free to use other combinations):
  • apache
  • php
  • pear
  • mysql
  • 2.2.2.1. Extract files

    Extract the files, in this documentation /srv/ will be used.
    #create src directory
    mkdir /root/src
    #change directory
    cd /root/src
    #get release
    wget http://downloads.sourceforge.net/uranos/uranos-1.531.tar.gz
    #change directory to /srv (need to create it or chooce your own)
    cd /srv
    #extract files
    tar xzf /root/src/uranos-1.531.tar.gz
    #move
    mv /srv/uranos-1.531 /srv/uranos
    #give all to the apache user (this is for ubuntu, change www-run to your needs):
    chown -R www-data:www-data /srv/uranos

    2.2.2.2. Install minimum

    To install this in debian/ubuntu run the following:
    apt-get install apache2 php-pear mysql-server subversion php5-ldap php5-mysql php5-mcrypt php5-gd samba

    2.2.2.3. Install optional

    apt-get install nmap tftpd-hpa syslog-ng slapd gcc dhcp3-server-ldap genisoimage
  • nmap is for auto discover your network
  • tftp-hpa if you want to use this host for pxe-boot
  • syslog-ng if you want to use this host as an syslog server
  • slapd if you want to managage your DHCP/DNS entries
  • genisoimage if you want to create auto-running installation cds
  • dhcp3-server-ldap if you want tio use this host as an dhcp server

  • 2.2.2.4. Configure apache

    Enable php:
    a2enmod php5
    This is an example virtual host configuration for the apache webserver.
    <VirtualHost install.example.com>
        ServerName install.example.com
        DocumentRoot /srv/uranos
        <Directory "/srv/uranos">
    		Options Indexes FollowSymLinks
    		AllowOverride None
    		Order allow,deny
    		Allow from all
        </Directory>
    </VirtualHost>

    2.2.2.5. Configure php

    You will need php support in your webserver and the folowing pear packages:
  • Calendar 0.5.3 beta (pear install Calendar-0.5.3)
  • HTTP_Download (pear install --alldeps HTTP_Download)
  • HTML_Template_Sigma (pear install --alldeps HTML_Template_Sigma)
  • Image_Canvas 0.3.1 alpha (pear install image_canvas-0.3.2)
  • Image_Graph 0.7.1 alpha (pear install --alldeps image_graph-0.7.1)
  • MDB2 2.5.0b2 beta (pear install mdb2-2.5.0b2)
  • MDB2_Driver_mysql 1.5.0b2 beta (pear install mdb2_Driver_mysql-1.5.0b2)
  • MDB2_Driver_mysqli 1.5.0b2 beta (pear install mdb2_Driver_mysqli-1.5.0b2)
  • Change memory limit in php:
    vi /etc/php5/apache2/php.ini #change the value of the variable "memory_limit" to 128M

    2.2.2.6. Configure mysql

    Create a user and a database for mysql:
    CREATE DATABASE unattended;
    Remember this user and password because you will need it during the install process.
    GRANT ALL PRIVILEGES ON unattended TO 'unattended'@'localhost' IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
    Optional you can do this steps also with a tool like phpmyadmin.

    2.2.3. Configure networkshare

    The networkshare holds the software, os and the environment for the boot-cd. The root of this share should be point to "uranos/z/".

    2.2.3.1. Configure samba

    If you have already a networkshare you can skip this and go on.
    This is a short smb.conf
    [global]
    	workgroup = WORKGROUP
    	server string = %h server (Deploy)
    	wins support = no
    	dns proxy = yes
    	name resolve order = lmhosts host wins bcast
    	log file = /var/log/samba/log.%m
    	max log size = 1000
    	syslog = 1
    	security = user
    	encrypt passwords = true
    	passdb backend = tdbsam
    	obey pam restrictions = yes
    	guest account = nobody
    	invalid users = root
    	unix password sync = yes
    	passwd program = /usr/bin/passwd %u
    	passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
    	pam password change = yes
    	map to guest = bad user
    	domain logons = no
    	load printers = no
    	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    [install]
    	comment = Installation Service
    	path = /srv/uranos/z
    	guest ok = yes
    	read only = no

    2.2.4. Run install.php

    After setting up and starting apache and mysql you can call install.php. For that open your preffered browser and go to the address:
    http://install.example.com/www/install.php
    install.example.com is the name you have configured in your virtual host.
    If you got the error:
    Warning: touch() [function.touch]: Unable to create file include/config.php 
    because Permission denied in /home/mario/public_html/ua-install/www/install.php on line 12
    The config file is not writeable, pleace check the permissions on the file and try again!
    Do the following:
    touch include/config.php
    chown YOURAPACHEUSER:YOURAPACHEGROUP include/config.php
    chmod 600 include/config.php
    then check the permissions for your webserver (described in 2.2.2.1. Extract files).

    2.2.4.1. Install check

    Install_pre.jpg
    If you have installed all needed pear packages you should see someting simular to this. If not, read section 2.2.2.5. Configure php of this document. You can follow the link at the bottom to go on to step 1. On some systems it might be that the PEAR path is different, e.g on SLES11 use PEAR include path /usr/share/php5/PEAR.

    2.2.4.2. Step 1 Chooce language

    install_1.png
    You can chooce the language. English and german are supported at this time.

    2.2.4.3. Step 2 Read license

    install_2.png
    You can read the license. All code wich is shiped with this software is licensed under the GNU General Public License Version 2 (GNU GPL v2).

    2.2.4.4. Step 3 Check config file

    install_3.png
    If the check runs ok you can go on to the next step.

    2.2.4.5. Step 4 Database settings

    install_4.png
    Here you have to fill in the database settings of the allready created database (section "2.2.2.6. Configure mysql" of this document).
  • DB hostname: your database hostname, if it runs on the same host like the webserver leave that at localhost
  • DB user: the username to connect to the database
  • DB password: the password to connect to the database
  • DB name: the name of the database, the database have to be created before this step
  • DB type: The type of the database you want to connect
  • Tested databases:
  • MySQL
  • PostgreSQL
  • MS SQL


  • 2.2.4.6. Step 5 Created tables

    install_5.png
    You see if all tables are created, if there are errors go back and check your database settings.

    2.2.4.7. Step 6 Register functions

    install_6.png
    Functions registered. This is a security feature. You can go on.

    2.2.4.8. Step 7 Add initial group

    install_7.png
    Add a initial group. Fields:
  • Name: The name of the group. This should not conatin whitespace or other special characters.
  • Comment: A short decription of the group.

  • 2.2.4.9. Step 8 Add initial user


    install_8.png
    Add a initial user. Required fields:
  • Userid: The login-name of the user. This should not conatin whitespace or other special characters.
  • Username: The name of the user.
  • Main group: The main group of this user, only the group you have specified in step 7 should be available at this step.
  • Password: The password for the user.
  • Additional fields:
  • Phone: The users phone number.
  • Room: The users room number.
  • EMail: The users email.

  • 2.2.4.10. Step 9 Installation end


    install_9.png
    If the user is created you can go on.

    2.2.4.11. Step 10 Create laguages


    install_10.png
    All language settings are done, follow the white rabbit.

    2.2.4.12. Ready


    install_ready.png
    Installation done, you can proceed with login.

    10. Modules


    10.1. ssh_client

    ssh_client.png ssh_client

    10.1.1. Description

    This module manages your ssh hosts and give you the availability to acces the filesystem via ssh and run commands on the hosts. This is also used by some other modules to run commands on the specified hosts.

    10.1.2. Installation

    Simple install the module via settings->modules.

    10.1.2.1. Configuration

    Go to settings->modules->SSH Client->configuration:
    ssh-settings.png
  • SSH Libary: you can use the ssh commands or the phpseclib. The ssh commands are usable in linux and windows systems. The phpseclib is platform independent.
  • SSH paths: set the paths to the program files of the ssh, scp and ssh-keygen command, this is only needed if you use the setting "ssh commands" above. The webserver must be able to execute this commands.

  • 10.1.2.2. Personal configuration

    Go to usersettings->SSH:
    ssh-settings-personal.png
  • Generate key: with this you can create a new private/public key pair.
  • Public key: this is your public key, you have to place this key into .ssh/authorized_keys of the users home directory on the host you want to connect to.
  • Secret key: this is your private key.
  • Shell background: the color of the shell background.
  • Shell font: the color of the shells font.
  • Stay connected for seconds: after this number of seconds you will be disconnected.
  • You can also upload you exsisting RSA private/public key pairs here. This will spend you the time if you ave allready deployed it to some hosts.

    10.1.2.3. First connect to host

    Use:
  • Name: the name of the remote host you want to connect to
  • IP address: the IP address of the remote host you want to connect to
  • Username: the Username on the remote host you want to connect to
  • to connect to a new host.
    ssh-connect.png
    10.1.2.3.1. Host settings
    After that you have to save the hosts public key:
    ssh-host-settings.png
    You can manage your ssh hosts in this view.

    10.1.3. SSH Shell

    First connect with hostname (IP will be taken from the host table) and the username:
    ssh-connect.png
    After connecting you can send commands to this host. This is not a comfortable shell like shellinabox but it is working for simple administrative tasks like restarting a service.
    ssh-shell.png

    10.1.4. SSH Browser

    First connect with hostname (IP will be taken from the host table) and the username:
    ssh-connect.png
    In the ssh filebrowser you can:
  • Upload a file
  • Create a new Directory
  • Delete files and directories
  • Download files
  • Browse the entire tree
  • ssh-filebrowser.png

    10.2. Ldap

    ldapmgr.png Ldap

    10.2.1. Description

    The ldapmgr module is to manage your ldap server.

    10.2.2. Installation

    Simple install the module via settings->modules.

    10.2.2.1. Configuration

    10.2.2.1.1. Add new Server
    ldapmgr_settings_add_server_en.png
  • Name: The name for your configuration. This should be a uniq name.
  • Hostname: The host name can be an IP, a DNS name or a LDAP URI.
  • Port: The port of the LDAP server.
  • Userattribute: The useratribute to search for the "Bind as user". The search will be run in each base DN with Userattribute=username. The username is taken from the login session.
  • Bind user DN: The user DN to bind to the LDAP server.
  • Bind user password : The password for the user DN to bind to the LDAP server.
  • Bind as user: If you want to bind as logged in user you have to choose this option. You also have to define the Userattribute.
  • LDAP referrals: Follow referrals.
  • Version: The LDAP version.

  • 10.2.2.1.2. Base DNs
    ldapmgr_settings_base_dns_en.png
    Set different Base DNs.
    10.2.2.1.3. Templates
    ldapmgr_settings_templates_en.png
    Define Templates to use for the specified LDAP server to add new entries.
    10.2.2.1.4. Search configuration
    ldapmgr_settings_search_en.png
    Define the attributes for the global search.

    10.2.2.2. Personal configuration

    You have to install also the module usersettings ? to use this configuration.
    ldapmgr_personal_settings_en.png
  • start: Where to start if you access the ldapmgr module.
  • Base DN: The default base DN for the search. This can be configured for each server.
  • Search attribute: The default search attribute for the search.
  • Sort attribute: The default sort attribute for the search.
  • Search scope: The default scope for the search.

  • 10.2.3. Ldap Manager

    10.2.3.1. The menu

    ldapmgr_menu_en.png

    10.2.3.2. Tree view

    ldapmgr_tree_en.png
    The tree view. From here you can:
  • Enter the view entry
  • Enter the edit entry
  • Copy and move entries (with subentries) also from one server to an other
  • Delete entries (with subentries)

  • 10.2.3.3. Search

    ldapmgr_search_en.png
    Chooce the server you want to search. If you have set default variables for the choosen server in the usersettings ? you can directly start the search.
  • Base DN: The default base DN for the search.
  • Search attribute: The search attribute for the search.
  • Searchterm: The search term. You can use place holders in the search.
  • Sort attribute: The sort attribute for the search.
  • Search scope: The scope for the search.
  • On the right part of this view you will see the matched entries for your search.

    10.2.3.4. New entry

    ldapmgr_new_entry_en.png
    First you have to choose a server. Then you can choose a template which you have defined in the configuration for this server.

    10.2.3.5. Edit entry

    ldapmgr_edit_entry_en.png

    10.2.3.6. View entry

    ldapmgr_view_entry_en.png

    10.2.3.7. Clear cache

    The objectclasses and attributes will be cached in the current session. Accessing this link will clear the cache and force to read the attributes and objectclasses again.

    10.3. licences

    licences.png licences

    10.3.1. Description

    Controll and manage your liceces with this module.

    10.3.2. Installation

    Simple install the module via settings->modules.

    10.3.2.1. Configuration

    You can set if this module should:
  • Prevent installation of operating systems if assigned liceneces are expired/consumed
  • Prevent installation of software if assigned liceneces are expired/consumed

  • licences-settings.png

    10.3.2.2. Licence types

    This is for future use only. There are different rules which are currently only for informational use:
  • per user single licences per user
  • per client single licences per client
  • OEM ONE single licence per client
  • per processor single licences per processor
  • per core single licences per core
  • on demand licece single licences per use
  • network licece floating or concurrent licences
  • unlimited no limits

  • 10.3.3. Usage

    10.3.3.1. Licence groups

    Licence groups are for grouping licences. You are able to add and remove licences to a group to extend or reduce the licence pool.
    10.3.3.1.1. Add new licencegroup
    First you have to add a licence group. Groups are needed for a licence. Every licence have to have a group.
    licences-groups-new.png
  • Name The group name
  • Description A short description of the group

  • 10.3.3.1.2. Show a single licencegroup
    licences-groups.png
    You can see the licence group and short description. From here you can edit this group, add operating systems and software versions to this group. You can also assign a single licence to a user.
    10.3.3.1.3. Assign operating system to licence
    Assign operating systems to a licence group:
  • Match assigned Select this to match this operating system to each assigned host
  • Match Inventory Select this to macth this operating system and version to each inventory set - search there for name and version or only the name
  • You have to define searchstrings into the fields name and version. Here some examples:
  • Search for Microsoft Office 2003 Professional: Use Name: "Microsoft Office Professional Edition 2003" and let the version empty
  • Search for every Acrobat Reader installation: use name: "%Adobe Reader%" and let the version empty
  • Use the fusioninventory module to find out the searchstings which best fit your needs.
    licences-groups-spendlicence-os.png
    10.3.3.1.4. Assign software to licence
    Assign software to a licence group:
  • Match assigned Select this to match this software version to each assigned host
  • Match Inventory Select this to match this software version to each inventory set - search there for name and version or only the name
  • You have to define searchstrings into the fields name and version. Here some examples:
  • Search for Windows 2008R2: Use Name: "Microsoft Windows Server 2008 R2 Enterprise" and let the version empty (or use "6.1.7601")
  • Search for every SUSE Linux Enterprise Server installation: use name: "SUSE Linux Enterprise Server %" and let the version empty
  • Search for every SUSE Linux Enterprise Server 11 installation: use name: "SUSE Linux Enterprise Server 11%" and let the version empty
  • Search for every SUSE Linux Enterprise Server 11 SP1 installation: use name: "SUSE Linux Enterprise Server 11%" and use version: "2.6.32.%"
  • Use the fusioninventory module to find out the searchstings which best fit your needs. licences-groups-spendlicence-software.png
    10.3.3.1.5. Assign licence to a user
    Assign a licence to a user is a manually entry. There is no automatic counter behind this.
    licences-groups-spendlicence-user.png
    10.3.3.1.6. show details on operating system matches
    From here you can jump directly to the entry which matches this operating system.
    licences-groups-detail-os.png
    10.3.3.1.7. show details on software matches
    From here you can jump directly to the entry which matches this software.
    licences-groups-detail-software.png

    10.3.3.2. Licences

    10.3.3.2.1. Add new licence
    A licence should at least have a expire date and the licence count. The licence will be assigned to a group. The group can be assigned to operating systems and to softwareversions.
    licences-new.png
  • Name The name
  • Description A short description
  • Producer The producer of this software/licence
  • Supplier The supplier
  • Supplydate The date the licence have been supplied
  • Account info Account informations if you have an account to manage this licence
  • Account date The date the account was added
  • Licence info Additional licence informations
  • Licence count Licence count
  • Type The type of the licence
  • Groups The licence group this licence should belong to
  • Licence expiration When the licence will expire
  • Comment A comment
  • Contact info A name who can be asked in context with this licence
  • Operating system The operating system this licence is for
  • Product key The product key associated with this licence

  • 10.3.3.2.2. Show licences
    List your licences here. You can filer, group and sort the entries.
    licences-show.png

    10.3.3.3. Mediums

    Mediums are optional. You can use this to manage all your CDs, DVDs, isos and so on.
    10.3.3.3.1. Show mediums
    licences-medium-new.png
  • Name The name
  • Description A short description
  • Medium type The type of the medium e.g. iso, CD or other
  • Operating system The operating system this medium is for
  • Language The language of the software on this medium
  • Mediumcount The medium count
  • Location Where the medium is located
  • Licences Assign licences to this medium
  • Contact A name who can be asked in context with this medium
  • Archived Select to mark this medium as archived

  • List your mediums here. You can filer, group and sort the entries.
    licences-mediums.png

    10.4. Settings

    usersettings.png Settings

    10.4.1. Description

    This module gives you the availability to modify your userdefined settings. So each user can have its own language, theme and so on. There are also some module specified settings which can be controlled from here. It is highly recommended to install this module.

    10.4.1.1. Installation

    Simple install the module via settings->modules.

    10.5. dns_ldap

    dns_ldap.png dns_ldap

    10.5.1. Description

    The dns_ldap module is to manage your DNS entries in your ldap database.

    10.5.2. Installation

    Simple install the module via settings->modules.

    10.6. editor

    editor

    10.6.1. Description

    A simple editor.

    10.6.2. Installation

    Simple install the module via settings->modules.

    10.6.3. Usage

    You can add new files, edit existing, create new folders and delete files/folders. All starting in local_path.

    10.7. locations

    locations.png locations

    10.7.1. Description

    The locations module is to manage your locations.

    10.7.2. Installation

    Simple install the module via settings->modules.

    10.8. samhain

    samhain.png samhain

    10.8.1. Description

    This module manages the main yule database and configuration for samhain. Also it is possible to deploy samhain to each host.

    10.8.2. Quick start:

    For the functionality of remote installation, database update and commands you need the ssh module installed. At this time only ssh-key authentification is supported.

    10.8.2.1. Configure your Yule Server

    This is only an example!
    ./configure \
    --enable-static \
    --enable-network=server \
    --with-database=mysql \
    --enable-xml-log \
    --with-sender= \
    --with-recipient=  \
    --enable-udp \
    --with-trusted=
    You should use --with-trusted= if you want to use this module to send messages through yulectl and if you want remote installation.

    10.8.2.2. Remote installation

    !!!THE FOLLOWING STEPS ARE ONLY NEEDED IF YOU WANT TO DO REMOTE UPDATE/INSTALLATION!!! Be sure you do the following after the "make"-stuff:
  • create a group for yule
  • be sure the daemon (or the user which runs yule) and the webserver-user is member of this group
  • chown daemon:yule /etc/yulerc
  • chmod 660 /etc/yulerc
  • chown -R daemon:yule /var/lib/yule/
  • chmod 770 /var/lib/yule/
  • chmod 660 /varlib/yule/[f|r]*

  • Configure your Samhain Packages:
    ./configure \
    --enable-login-watch \
    --enable-mounts-check \
    --enable-static  \
    --enable-suidcheck  \
    --with-config-file=REQ_FROM_SERVER/etc/samhainrc \
    --with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file \
    --with-logserver= \
    --enable-network=client \
    --enable-xml-log \
    --enable-userfiles

    Now you can build several packages with make run|rpm|.... At this time only the linux packages run, rpm and deb (untested) are supported. Make a directory "install" in your yule data dir e.g: /var/lib/yule/install/ and take care that the webserver has read access to this directory and the files. Here you have to place your packages.

    10.9. switch

    switch.png switch

    10.9.1. Description

    This module manages your switches. You can use it to document your network topologie.

    10.9.2. Installation

    Simple install the module via settings->modules.

    10.10. PXE

    pxe.png PXE

    10.10.1. Description

    The PXE module is to manage your PXE entries and control which image a computer has to boot.

    10.10.2. Installation

    Simple install the module via settings->modules.

    10.10.3. TFTP Server configuration

    DHCP options to get use of the pxe files: * filename pxelinux.0 * next-server IP.OF.THE.TFTP-SERVER
    Use the path /PATH/TO/URANOS/www/modules/pxe/pxeroot as the root of your tftp server.

    10.10.3.1. tftpd.remap

    The file /PATH/TO/URANOS/www/modules/pxe/pxeroot/tftpd.remap (shipped with uranos) is only needed if you want to start WinPE over PXE.

    10.10.3.2. TFTP Server config example

    apt-get install tftpd-hpa

    Here is an example for ubuntu /etc/default/tftpd-hpa:
    -l -s /PATH/TO/URANOS/www/modules/pxe/pxeroot -m /PATH/TO/URANOS/www/modules/pxe/pxeroot/tftpd.remap

    10.10.4. Configuration

    10.10.4.1. Include own config files

    You can point a menu to an own preconfigured pxe menufile by using the "own configfile" field. Here is an example for the netboot from ubuntu. Copy the entiere netboot.tar.gz extracted directory to the pxeroot directory.
    ubuntu-installer/
    ubuntu-installer/i386
    ubuntu-installer/i386/linux
    ubuntu-installer/i386/boot-screens
    ubuntu-installer/i386/boot-screens/txt.cfg
    ubuntu-installer/i386/boot-screens/syslinux.cfg
    ubuntu-installer/i386/boot-screens/menu.cfg
    ubuntu-installer/i386/boot-screens/f3.txt
    ubuntu-installer/i386/boot-screens/f10.txt
    ubuntu-installer/i386/boot-screens/f6.txt
    ubuntu-installer/i386/boot-screens/f2.txt
    ubuntu-installer/i386/boot-screens/exithelp.cfg
    ubuntu-installer/i386/boot-screens/f5.txt
    ubuntu-installer/i386/boot-screens/f7.txt
    ubuntu-installer/i386/boot-screens/f4.txt
    ubuntu-installer/i386/boot-screens/f1.txt
    ubuntu-installer/i386/boot-screens/rqtxt.cfg
    ubuntu-installer/i386/boot-screens/f8.txt
    ubuntu-installer/i386/boot-screens/adtxt.cfg
    ubuntu-installer/i386/boot-screens/splash.png
    ubuntu-installer/i386/boot-screens/stdmenu.cfg
    ubuntu-installer/i386/boot-screens/f9.txt
    ubuntu-installer/i386/boot-screens/prompt.cfg
    ubuntu-installer/i386/boot-screens/vesamenu.c32
    ubuntu-installer/i386/initrd.gz
    ubuntu-installer/i386/pxelinux.0
    ubuntu-installer/i386/pxelinux.cfg
    ubuntu-installer/i386/pxelinux.cfg/default

    Point the "own configfile" field to: ../ubuntu-installer/i386/boot-screens/menu.cfg and you are able to switch into the ubuntu netboot installer menu.

    10.11. rsyslog

    rsyslog.png rsyslog

    10.11.1. Description

    This module manages your rsyslog servers, including configuration and databases.

    10.11.1.1. Rsyslog Documentation

  • RSyslog - Documentation

  • 10.11.2. Installation

    Simple install the module via settings->modules. You will also need at least one database and one rsyslog server (you can run all on the same host).
    To install rsyslog in ubuntu simply run:
    apt-get install rsyslog rsyslog-mysql

    If you want to use your postgres database:
    apt-get install rsyslog-pgsql

    10.11.2.1. Configuration

    Go to settings->modules->Rsyslog->configuration:
    rsyslog-settings.png
  • color: you can set the color for each priority.
  • live search: Time in miliseconds after the live search will be send after a key is pressed.
  • Create client rule if AUTOADD was send as message via syslog Default settings if you use the input_parser.php to automatical add clients to a default server.

  • 10.11.2.1.1. input_parser.php to automatical add clients
    To use this file you need the following rules, the best is that you use this as last rule in your config:
    $template URANOS_RSYSLOG_MODULE_FORMAT,"%hostname%###%fromhost-ip%###%msg%n"
    Module (load="omprog")
    *.* action(type="omprog" binary="/pathtouranos/www/modules/rsyslog/input_parser.php" template="URANOS_RSYSLOG_MODULE_FORMAT")
    & stop
    

    You can test this script by running:
    echo "test###127.0.0.1###AUTOADD" | /pathtouranos/www/modules/rsyslog/input_parser.php
    This will create a config for the client "test". And add it to a server if you set the needed option in the module configuration.

    10.11.2.2. Personal configuration

    Go to usersettings->Rsyslog:
    rsyslog-usersettings.png
  • Activate live search: activate this if you want to use the live filter.
  • Show entries: how much entries should be displayed per page.

  • 10.11.3. Layout

    This module is designed to manage different databases on differnt hosts and provide a search over all tables on each database. It is also possible to manage and configure more than one rsyslog server. In the basic setup you can run the database, the syslog server and also uranos on the same host. But you can also run it on different hosts. Some examples following.
  • A simple layout with 1 syslog server and 1 database:
  • rsyslog-1server-1database.png
  • A simple layout with 1 syslog server and 2 databases:
  • rsyslog-1server-2databases.png
  • A simple layout with 2 syslog server and 2 databases:
  • rsyslog-2server-2databases.png

    10.11.4. Syslog configuration

    10.11.4.1. Add a new server

    First you have to add a new server:
    rsyslog-new-server.png
    You have to configure this server, with the same name and IP setting in the SSH client module because the configuration is transfered via ssh to the server. Also the reload (or restart, stop and start) commands are sended via ssh. You can not use the clustering feature described below if you add a new server. First you have to add one, after that you can add the second (or more) IP addresses into the IP field and the host names.
    You can also use the "import files" to import the current configuration from the server.
    10.11.4.1.1. Add a cluster
    To have a cluster of syslog servers with the same configuration, you only need to add all IP addresses into the IP field seperated by a ";" and all names also sepearted in the same order. Example: Name server1;server2 IP 10.0.0.10;10.0.0.11

    10.11.4.2. Add a new database

    You need at least one database to add tables as destination for syslog messages:
    rsyslog-new-database.png
    Define the database as a backup database if you want to use it for search but not for active logging.

    10.11.4.3. Add a new table

    Add a table to a database to better seperate the syslog messages.
    rsyslog-new-table.png

    10.11.4.4. Create new config

    Please reffer to the rsyslog documentation to get more information about the configuration.
    10.11.4.4.1. Add a configuration
    rsyslog-add-config.png
    Define a name for the configuration. This will be used as filename if you add this config to a server. The filename will be build in the following way: priority-name.conf. You can use the fields bleow to add:
  • A table -> this will generate a text string like ###DATABASEID#TABLENAME### which will be replaced later with
  • $template DBIDTABLENAME,"insert into `TABLENAME`(host, source_ip, facility, priority, tag, unixtime, program, msg ) values ('%hostname%', '%fromhost-ip%', '%syslogfacility-text%', '%syslogpriority-text%', '%syslogtag%', '%timegenerated:::date-unixtimestamp%', '%programname%', '%msg%')",SQL
    action(type="omDBTYPE" server="DBHOST" serverport="DBPORT" db="DBNAME" uid="DBUSER" pwd="DBPASSWORD" template="DBIDTABLENAME")
  • default rsyslog keywords

  • You will need javascript enabled to auto add the selected field to the current cursor position.
    10.11.4.4.2. Add a client configuration
    rsyslog-client-config.png
  • Computer Chooce the host you want to add
  • Filename The filename which will be used to write the servers to the client configuration, currently only rsyslog clients are supported. If you have an other syslog software leave this field empty.
  • Initscript The init script which will be used to send commands to the client via ssh. You can use this with every compatible init script which accepts start, stop, restart, reload and status.
  • Hostname If you set this option the hosts name will be used as a filter.
  • IP If you set this option the hosts ip address will be used as a filter.
  • Message Set the filter which will be used for the message.
  • Priority Set the filter which will be used for the priority.
  • Facility Set the filter which will be used for the facility.
  • Progamname Set the filter which will be used for the progamname.
  • Last rule If you set this the config for this client on the server will got the "& stop" at the end, this is suggested because without this the message will be passed through each other filter which follows.
  • 10.11.4.4.3. View client configurations
    From this view you can see all defined client configurations. You can filer this view and sort by klicking on the field descriptors.
    rsyslog-client-configurations.png
    10.11.4.4.4. Combine config for a server
    The main configuration options have to be defined per server. This is normaly the rsyslog.conf file. From here normaly all other files are included from rsyslog.d directory. You can add the previous defined configurations to any defined server.
    rsyslog-server-config.png
  • 1 View or write the current configuration to the selected server
  • 2 The main (rsyslog.conf) for the selected server, you should define here the modules you need to write database (e.g. ommysql) and you have to define that you include the configuration files from the directory you have defined for this server (e.g. $IncludeConfig /etc/rsyslog.d/*.conf)
  • 3 Add a client configuration to a server
  • 3 View the client configuration assignments for this server
  • 5 Add a configuration to a server
  • 6 View the configuration assignments for this server

  • 10.11.4.5. View and write config

    View or write the config for this server. You will see the files which will be published to the server.
    rsyslog-write-config.png
  • Restart syslog: chooce this option if you want to send a reload to the rsyslog after writing the config.

  • If you write the files to the server the current config will be saved to /tmp. After that a config check will be performed, if something failes the old config from /tmp will be rolled back and you will get an error message.

    10.11.4.6. Server commands

    You can send the following commands to the server:
  • Reload
  • Stop
  • Start
  • Restart
  • rsyslog-commands.png
    If you access this page the command "status" will be passed to the init script and you will see the current status.

    10.11.4.7. Logs

    The logs are stored in tables. You can view and search each table.
    10.11.4.7.1. View the logs
    rsyslog-view-logs.png
  • 1 Chooce the table to view.
  • 2 Chooce if you want to relad the page automaticaly.
  • 3 Filter the messages.
  • 4 Group entries, group the entries (by msg) to do not show the same massage more than one time.
  • 5: Pagelinks - go to special page.
  • 6: Entries found -count entries matching the current filter.
  • 7: Sorting - sort the entries by clicking on the fieldname.

  • 10.11.4.7.2. Filter the logs
    rsyslog-filter-logs.png
  • 1 Positive Filter: match the [sub]string.
  • 2 Negative Filter: starting with "!" will show all entries which do not match the [sub]string.

  • 10.11.4.7.3. Global search around all tables and all databases
    rsyslog-global-search.png
  • 1 Load old saved search settings. You can save the defined searches to use it later again.
  • 2 Chooce the tables you want to search. You can also chooce * which will stand on the first postion for each database host, second position for each database, and third for each table.
  • 3 Select per table will show you each table seperatly. Select timeline will show you all entries in one timeline.
  • 4 The filter section. For each input field a filter will be set in the form: LIKE "%FILTER%"
  • 5 Select the timespan you want to see.
  • 6 Use perl regular expressions to search.
  • 10.11.4.8. Statistic

    rsyslog-statistic.png
    Here you see a statistical view about all tables in the selected timespan. From here you can jump to the table or directly to the filtered messages behind the lines. You can set the timespan at the top.

    10.11.4.9. Statistic Graph

    rsyslog-statistic-graph.png

    10.11.5. Rotate the tables:

    When you have more than one table it will be better to use an own database for the old logs and rotate them e.g. every week. create a database (eg. syslog_old) crate a user which has access to write to he database: GRANT ALL PRIVILEGES ON syslog_old.* TO USERNAME@'localhost' IDENTIFIED BY 'PASSWORD';
    If you want to rotate the tables you can use this script (example):
    #!/bin/bash
    # ATTANTION THIS SCRIPT WILL ROTATE ALL TABLES IN THE GIVEN DB
    SQLHOST=localhost
    SQLUSER=USERNAME
    SQLPASS=PASSWORD
    SQLDB=syslog
    SQLOLDDB=syslog_old
    TIMESTAMP=`date +%Y-%m-%d-%H%M`
    TEMPNAME=_tmp_table
    mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "SHOW TABLES;" > /tmp/.tablelist if [ "$?" -eq "0" ] then for TABLE in `cat /tmp/.tablelist` do mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DESCRIBE $TABLE;" > /dev/null 2>&1 if [ "$?" -eq "0" ] then #if describe runs fine the table exists # first we create the new table mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "CREATE TABLE `$SQLDB`.`$TABLE$TEMPNAME`(`host` varchar(32) default NULL,`source_ip` varchar(32) default NULL, `facility` varchar(10) default NULL,`priority` varchar(10) default NULL,`tag` varchar(10) default NULL,`unixtime` varchar(20) default NULL, `program` varchar(15) default NULL, `msg` text,`seq` bigint(20) unsigned NOT NULL auto_increment, PRIMARY KEY (`seq`),KEY `host` (`host`), KEY `program` (`program`),KEY `priority` (`priority`),KEY `facility` (`facility`));" if [ "$?" -eq 0 ] then # now we have the new table and can start renaming mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "ALTER TABLE `$TABLE` RENAME `$TABLE$TEMPNAME$TIMESTAMP`; ALTER TABLE `$TABLE$TEMPNAME` RENAME `$TABLE`;" if [ "$?" -eq 0 ] then #all renaming runs fine now we can safely work with the data mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLOLDDB -e "CREATE TABLE `$SQLOLDDB`.`$TABLE$TIMESTAMP`( `host` varchar(32) default NULL, `source_ip` varchar(32) default NULL, `facility` varchar(10) default NULL, `priority` varchar(10) default NULL, `tag` varchar(10) default NULL, `unixtime` varchar(20) default NULL, `program` varchar(15) default NULL, `msg` text, `seq` bigint(20) unsigned NOT NULL auto_increment, PRIMARY KEY (`seq`),KEY `host` (`host`), KEY `program` (`program`), KEY `priority` (`priority`), KEY `facility` (`facility`));" mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLOLDDB -e "INSERT INTO `$SQLOLDDB`.`$TABLE$TIMESTAMP` SELECT * FROM `$SQLDB`.`$TABLE$TEMPNAME$TIMESTAMP`;" mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DROP TABLE `$TABLE$TEMPNAME$TIMESTAMP`;" else echo "error renaming tables from $TABLE" exit 3 fi else echo "error creating $TABLE$TEMPNAME" exit 2 fi fi done else echo "error in db connection" exit 1 fi

    10.11.6. Clear old syslog entries

    If you want to delete old entries (e.g. older than 1 week) you can use this script (example):
    #!/bin/bash
    # ATTANTION THIS SCRIPT WILL CLEAR ALL TABLES IN THE GIVEN DB
    SQLHOST=localhost
    SQLUSER=USERNAME
    SQLPASS=PASSWORD
    SQLDB=syslog
    TIMESTAMP=`date +%s`
    DELETESPAN=604800
    DELETETIMESTSAMP=$((TIMESTAMP-DELETESPAN))
    mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "SHOW TABLES;" > /tmp/.tablelist if [ "$?" -eq "0" ] then for TABLE in `cat /tmp/.tablelist` do mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DESCRIBE $TABLE;" > /dev/null 2>&1 if [ "$?" -eq "0" ] then #if describe runs fine the table exists # first we create the new table mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DELETE FROM `${SQLDB}`.`${TABLE}` WHERE unixtime<${DELETETIMESTSAMP};" if [ "$?" -eq 0 ] then echo "${SQLDB} ${TABLE} cleared" mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "OPTIMIZE TABLE `${SQLDB}`.`${TABLE}`;" else echo "${SQLDB} ${TABLE} failed" fi fi done else echo "error in db connection" exit 1 fi

    10.12. cal

    cal.png cal

    10.12.1. Description

    Controll and manage your calendars and events, submitted by the modules, with this module.

    10.12.2. Installation

    Simple install the module via settings->modules.

    10.13. Computer

    computer.png Computer

    10.13.1. Description

    The computer module is to manage computer inventory and configuration for software, partitioning and os. Also its the main entry point for the connectors.

    10.13.2. Installation

    Simple install the module via settings->modules.

    10.13.2.1. Configuration

    settings_main_en.png
  • Path to ping: The full path to the ping command.
  • Options for ping before HOST: The options for ping to use before the hostname.
  • Options for ping after HOST: The options for ping to use after the hostname.
  • Path to nmap: The full path to nmap. This should be used with root permissions: /usr/bin/sudo /usr/bin/nmap. (e.g. /etc/sudoers: www-data ALL=(ALL) NOPASSWD: /usr/bin/nmap) See the sudo man page for more information how to run a command without a password. This command is used to import hosts.
  • Path to net (on windows path to psexec.exe): The full path to the net command (from the samba suite). On windows you can use psexec for that. This command is used to shut down a host.
  • Use psexec.exe: Check this option if you want to use psexec.exe on windows.

  • 10.13.2.2. Personal configuration

    You have to install also the module usersettings to use this configuration.
    personal_settings_en.png
  • Show software versions: If you check this option you are able to see the software versions in the software configuration tab for the computer.
  • Show contents from packages: If you check this option you are able to see the contents of the packages in the software configuration tab for the computer.
  • Enable ping: If you check this option the host will be checked via ping (see settings above).
  • Enable ping in overview: If you check this option all hosts in the overview will be checked via ping (see settings above).
  • Expiration of the ping-validity in seconds: After this count of seconds the validity of the ping will expire and the host will be pinged again.
  • Configuration CSV: The configuration for the export to csv.
  • Columns enclosed by: This option defines the enclosure sign for the single columns.
  • Columns seperated by: This option defines the seperate sign for the columns.
  • Columns escaped by: This option defines the escape sign for the columns.
  • Newline: The newline seperator.
  • First line is descriptor: Check this option if you want to have a descriptor in the first line of the csv export.

  • 10.13.2.3. The menu

    menu_en.png
  • start search: You can use this to submit your entered search condition. Your search will be stored in your session and you will have your last search available each time you go back to the computer module.
  • delete search: This will delete your search from your session.
  • Systems: Use this to go the computer view.
  • New systems: Use this to go to the arp entries / automatic fetch network devices view.
  • New system: Use this link to add a new host.
  • Searchgroups: Here you can manage your searchgroups.
  • New searchgroup: Use this link to add a new searchgroup.
  • Import: Here you can access the different import methods.
  • 10.13.3. Computer view

    computer_view_en.png
  • Filter: In this view you are able to make a short filter of the hosts. Chooce "all" to display all hosts. Or use a-z to display only the hosts which begins with the letter you chooce.
  • Ping: If you have enabled ping in overview (see Personal configuration) you are able to see if the host is reachable (green) via the ping command.
  • Name, Virtuell machine on host, Macadress, IP adress, Inventorynumber, Main group, Main user, Room: Inventory Informations.
  • Options: From here you are able to edit, clone and delete a host. Also you can access the print view from here.
  • Entries found: / Export: You can see the entries you have found via the filter or the search in the menu. You can export this list by clicking the link "Export". See CSV configuration in the personal configuration.
  • Search: From the menu you can search. You will get this view only if there are more than one entries found. Else you will be redirected to the single computer view.

  • 10.13.3.1. Arp entries / automatic fetch network devices

    To get the arp entries into your databases you have to run arpwatch on one [or more] host[s].
  • Start arpwatch on each of your networks: arpwatch -N -n 192.168.0.0/24 -n 10.0.0.0/8 (for options see the arpwatch man page)
  • To automatic add the entries you have the option to install the cron module and activate the arp-to-db cron. See more on the help page of the cron module.
  • The other option is to add the cron script (www/modules/cron/defaultcrons/arp_to_db.txt) directly to your crontab. Simple copy the file and make it executeable.
  • In both cases you have to set the following variables:
  • $arpwatchfile="/var/lib/arpwatch/arp.dat";
    $stripdomain_from_dnsname=".example.com";
    $INCexternal="/PATH/TO/uranos/www/include/INCexternal.php";
  • $arpwatchfile is the full path to the arpwatch database.
  • $stripdomain_from_dnsname is your domain name - normaly arpwatch add the hosts FQDN to the database, but you might want to only see the names.
  • $INCexternal is the full path to the INCexternal.php.
  • after runnning the cron_to_db script you will see the entries like shown in this example:
  • arp_entries_en.png
  • Search: From the top menu you can search.
  • Filter: In this view you are able to make a short filter of the hosts. Chooce "all" to display all hosts. Or use a-z to display only the hosts which begins with the letter you chooce.
  • Options: From here you are able to add the host to your inventory.
  • Name, Macadress, IP adress, Time, Options are the informations which are added into the database from the arp database.

  • 10.13.3.2. Add a new computer

    To add a new computer you can use the "New system" link in the menu, the above described method from arp entries, the later described import methods or the inventory profile from the boot stuff.
    If you use the "New system" link you will get this form:
    add_computer_en.png
  • Name: This is the name of the machine. You should use dns confirm names here.
  • Virtuell machine on host: The name of the virtual machine which host this machine.
  • Macadress: The main mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
  • Macadress 2: 2. mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
  • Macadress 3: 3. mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
  • Macadress 4: 4. mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
  • Macadress WLAN: Wlan mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
  • Macadress WLAN2: Wlan 2. mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
  • Macadress BLUETOOTH: Bluetoth mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
  • IP adress: IP Address
  • IP adress 2: 2. IP Address
  • Description: A short description for the machine.
  • Serialnumber: Serial number.
  • Servicetag: Service TAG.
  • Inventorynumber: Inventory number.
  • Producer: Producer.
  • Supplier: Supplier.
  • Supplydate: Supplydate (day.month.year)
  • Warrenty: Warrenty till (day.month.year)
  • Group: The main group where the machine belongs to.
  • Main user: The main user where the machine belongs to.
  • Room: A room number (helpful with the locations module).
  • Comment: A comment.
  • You have to provide at least the macaddress and the name.
    10.13.3.2.1. Import
    import_en.png
    You can import from the following sources. The clear cache means that the entries which were read from the specified source will be removed from cache and you can run the import again.
    On every import you will get an overview and you can decide what to do:
  • adding new entries
  • import_add_en.png
  • modify entries
  • import_modify_en.png
  • delete entries
  • import_del_en.png
    10.13.3.2.1.1. Import LDAP
    import_ldap_en.png
  • Base DN The base DN, the search will be started from there.
  • Bind DN The full bind DN - if you need a user to bind to the LDAP.
  • Bind password The password for the bind DN - if you need a user to bind to the LDAP.
  • Hostname The hostname of the ldap server. This can also be an IP address.
  • Port The port of the ldap server (normaly 389).
  • Objectclass The objectclass to search for.
  • You can define which ldap attribute has to be assigned to which field in the database after saving the above settings. After defining the attributes you can run the update and go to the next step.
    10.13.3.2.1.2. Import CSV
    import_csv_en.png
  • Columns enclosed by The character which enclose each data colmun.
  • Columns seperated by The character which seperates each data colmun.
  • First line is descriptor Check this option if the first line of your file is only a description.
  • Filename The csv file you want to import.
  • You can define which field from the file has to be assigned to which field in the database after saving the above settings. After defining the filename and the fields you can run the update and go to the next step.
    10.13.3.2.1.3. Import PING
    import_ping_en.png
  • Path to ping The full path to the ping command.
  • Options for ping before HOST Options for bing before the hostname.
  • Options for ping after HOST Options for bing after the hostname.
  • Network The network address.
  • Networkmask The networkmask in CIDR. E.g. 24 (255.255.255.0) or 28 (255.255.255.128)
  • After defining the network and networkmask you can run the update and go to the next step.
    10.13.3.2.1.4. Import NMAP
    import_nmap_en.png
  • Path to nmap Full path to nmap. You should use sudo (%www ALL=NOPASSWD:/usr/bin/nmap) to run nmap. If you use sudo you should set this to: "/usr/bin/sudo /usr/bin/nmap".
  • Network The network address.
  • Networkmask The networkmask in CIDR. E.g. 24 (255.255.255.0) or 28 (255.255.255.128)
  • After defining the network and networkmask you can run the update and go to the next step.
    10.13.3.2.2. Add from arp entries
    You can add entries directly from the arp table. arp_entries_en.png
    Use the link from Options to add the host to the systems database.

    10.13.3.3. Single computer view

    This is the main view of a computer. Splitted into 3 sections. The main entry point for the connectors on the left side (green) is only displayed if you chooce Inventory informations from the main menu on the top (blue). The 3. Section is the content of the specified connector. If you configure the computer you will not see the connector entry points.
    single_view_en.png
    In the red section are the same options you have in the computer view.
  • Options: From here you are able to edit, clone and delete a host. Also you can access the print view from here.

  • 10.13.3.4. Operating systems

    To add a new operating system you have to configure the operating systems in the unattended module. After that you can chooce one os from the list:
    os_add_en_1.png
    After you have add an os, you can make special settings to this os which only affects this host. You are able to override the default settings from the unattended module. You can access this settings by clicking on the Content button right of the os.
    os_add_en_2.png
    After you have set up the partitioning you can see the produced answer file by clicking the link to view output.

    10.13.3.5. Partitioning

    To add a new harddisk layout you have to configure the layouts in the unattended module. After that you can chooce one layout from the list:
    part_en_1.png
  • Harddisk configuration The reference layout you have configured in the unattended module.
  • Harddisk type The type of the hard disk. For ATA/IDE devices this will be hdX and for SCSI/SATA devices you have to chooce sdX.
  • Replace mbr If you check this option the mbr will be replaced by your layout.

  • By clicking on the Content button you are able to configure the main parts of the layout, e.g. format partition or the mount points.
    part_en_2.png
  • Type Primary, extended or locical partition.
  • Number The number of the device.
  • Boot The boot flag.
  • Size The Size of the partition.
  • Filesystem The filesystem of the partition.
  • Mount point The mount point, this is only needed if you install a linux distribution.
  • mount point OS The mount pint operating system, this is only needed if you install one or more linux distribution[s].
  • root OS The root operating system. This is the / (root) for linux or the %SystemDrive% for windows. Chooce here your configured operating system.
  • format Check this option if you want to format this partition.

  • 10.13.3.6. Software and packages

    To set up software to a computer you are able to assign packages, software and software versions in this section. If you want to see the versions and/or the contents of the packages you may set the options in the computer section of the usersettings module.
    10.13.3.6.1. Packages
    To add a package you only have to check the add option right of the package name.
    packages_en_1.png
    The package will not assign the software, you will see the installed software only after the software is installed. You will get this result:
    packages_en_2.png
    10.13.3.6.2. Software
    To add a software you only have to check the add option right of the software name. You can also add a specified version if you dont want to add the latest stable version. In each time you specify only the software - the latest stable version of the os language will be installed.
    software_en_1.png
    Here is an example how it looks if a software is installed. This software is inherit from the userinstallation, see more in the documentation of the software module.
    software_inherit_en.png
    You can also chooce that the installed version will not be affected by the updates:
    software_noupadte_en.png

    10.13.3.7. PXE

    If you have assigned the operating system to a PXE menuentry the pxe entry will be set automaticly for each defined mac address from this host. See more in the documentation of the pxe module.
    pxe_en.png

    10.13.3.8. Reset

    You can easy reset the hosts configuration, for example you want to reinstall it (e.g. after a hard disk crash) or if you want to replay the installation to a clear state.
    reset_en.png
  • Packages You can delete all assigned packages from the configuration.
  • Software Reset means that the install status will be set to install. If you chooce delete all assigned software will be removed from the configuration.
  • Software versions Reset means that the install status will be set to install. If you chooce delete all assigned software versions will be removed from the configuration. This is recommended because in the next install the latest stable version will be installed.
  • Partitioning Reset means that all partitions becomes the format flag and the replace mbr will be set to true again. Delete will remove each assigned partition layout from the configuration.
  • Operating system Reset the status of each installed operating system. Delete will remove each assigned operating system from the configuration.

  • 10.13.3.9. Power on/off WOL

    You can send a WOL package to your broadcast address to the selected mac address:
    power_en.png
  • Macaddress The mac address you want to set the WOL package.
  • Broadcast address The broadcast address of your network.
  • You can also sht down the host over the network. You have to set up the correct paths to the net (from the samba suite) command or on windows hosts to the psexec.exe. See more in the main computer configuration above.
  • Timeout A timeout after this count of seconds the host will be shut down.
  • Comment A comment which is displayed to a looged in user.
  • Username The username which is allowed to shut down this host.
  • Password The password of the username which is allowed to shut down this host.
  • Reboot Check this option if you want a reboot insted of a shutdown.

  • 10.13.3.10. Clone a computer

    To clone a computer means that you make an exact copy of the configuration and the inventory informations from a computer. If you clone a computer you will have the same operating system, partitioning and software configuration on the new host, so you only need to update the inventory informations and then you can start the installation.

    10.13.4. Searchgroups

    The power of the searchgroups is that you are able to automate the operating system and software installations to a specified set of hosts. You can assign a reference system which is preconfigured.
    searchgroups_en.png

    10.13.4.1. Add a new searchgroup

    To add a new searchgroup you have to click the link new searchgroup from the main menu.
    searchgroup_new_en.png
  • Searchgroup The name of the searchgroup. Only use charachters from a-Z and _ because a view will be generated with this name.
  • Reference system Chooce a preconfigured reference system. This configuration will be assigned to each host of this searchgroup after the host will fetch the configuration.

  • 10.13.4.2. Add a new definition to a searchgroup

    To add a new definition use the add new definition under options.
    searchgroups_add_new_definition_en.png
    You can build up your definition as you want. Use % as a search term from mysql. For example:
  • %apple% will find: pineapple, Applejuice and also pineapplejuise
  • apple% will find: all terms beginning with apple, e.g. Applejuice but also only apple
  • %apple will find: all terms ending with apple, e.g. pineapple but also only apple
  • If you use place holders you have to define LIKE. Each term you can connect to the next term via and or or.
    You can also define more than one definition to a search group. The different definitions can be combined with and or or.

    10.13.4.3. Overview of a searchgroup

    If you take a look into a searchgroup you will see all affected hosts on the left side. If the host has no configuration you will see a green ok. If there is a red attention on a column, this host has allready a configuration. You can click the red attention to see the configuration. On the right side you see the configuration of the reference system.
    searchgroups_detail_en.png

    10.14. Software

    software.png Software

    10.14.1. Description

    The software module is to manage software descriptions/installations.

    10.14.2. Installation

    Simple install the module via settings->modules.

    10.14.2.1. Configuration

    config_en.png
  • Temporary directory for creating the iso files. This directory will be used to generate the iso files.
  • Package directory (your z-mount directory). This directory is the base for your packages. Normaly this should point to ....z/packages.
  • Directory to store the iso files. This directory will be used to store the produced iso files.

  • 10.14.2.2. User configuration

    You need to have the usersettings module installed to see this options.
    user_config_en.png
  • Direct copy versions. If you set this the software versions will be copied directly without the string replace question.
  • Default repository. This is the default repository which is choosen to add new software.
  • Default filter. Here you can set the ID, Repository and Software for your default filter. If you access the softwarelist this is the default filter.

  • 10.14.3. Repositories

    Repositories are to manage logical and global definitions of software. Here you can set:
  • Repository: This is the name of the repository, this should be uniq to avoid problems with external repositories.
  • Repository location: The location of the repository is only needed when you want to synchronize this from an external repository. The name of the repository have to be the same like the external repository.
  • Location of repository distfiles: This is for future use. This will be needed if you want to do http/ftp installations.
  • Location of local repository distfiles: This is for future use. This will be needed if you want to do http/ftp installations and synchronize the files to your local storage.
  • Type: External means that this is an external repository (you can synchronize software from the defined "Repository location"). Internal is only for internal use, this repository will not be able to get synchornized from other locations. Export is for marking a repository as exportable. You will be able to provide this repository for other users to synchonize if you set this to export.

  • Example to sychronize the repository "win-non-oss" from uranos.sourceforge.net:
    repository_example_en.png

    10.14.4. Software

    Software is the main name for the software you want to add. Here you can only define metadata:
  • Software: The name of the software.
  • URL: The link to the software provider.
  • Priority: Priority defines the order to install this software. Higher values will be installed later.
  • Comment: Here you can add additionally informations.
  • Repository: Define in which repository the software should be listed.

  • Example for the acrobat reader:
    software_example_en.png

    10.14.4.1. Software versions

    Software versions define the different versions of a software. Here you can specify all the needed informations for install, check, download, uninstall and so on.

    10.14.5. Packages

    A package is to group software for a special language.

    10.14.6. User

    Here you can assign software to a user.

    10.14.7. Groups

    Here you can assign software to a group.

    10.14.8. Winupdates

    Here you can upload a scan from z/bin/scanwinupdates.js. This script will check if there are new updates are available and output them. You can redirect the output to a file:
    cscript /nologo z:binscanwinupdates.js > z:updatesupdatescan-%COMPUTERNAME%.xml
    After that you can upload the file in this GUI. Set the vars which will affect the newly generated software and versions.

    10.15. syslog_ng

    syslog_ng.png syslog_ng

    10.15.1. Description

    This module manages your syslog-ng servers, including configuration and databases.

    10.15.1.1. Syslog-ng Documentation

  • Syslog-ng admin guide

  • 10.15.2. Installation

    Simple install the module via settings->modules. You will also need at least one database and one syslog-ng server (all can run on the same host).
    To install syslog-ng in ubuntu simply run:
    apt-get install syslog-ng syslog-ng-mod-sql

    10.15.2.1. Configuration

    Go to settings->modules->Syslog-ng->configuration:
    syslog-ng-settings.png
  • color: you can set the color for each priority.
  • live search: Time in miliseconds after the live search will be send after a key is pressed.

  • 10.15.2.2. Personal configuration

    Go to usersettings->Syslog-ng:
    syslog-ng-usersettings.png
  • Activate live search: activate this if you want to use the live filter.
  • Show entries: how much entries should be displayed per page.

  • 10.15.3. Layout

    This module is designed to manage different databases on differnt hosts and provide a search over all tables on each database. It is also possible to manage and configure more than one syslog-ng server. In the basic setup you can run the database, the syslog server and also uranos on the same host. But you can also run it on different hosts. Some examples following.
  • A simple layout with 1 syslog server and 1 database:
  • syslog-ng-1server-1database.png
  • A simple layout with 1 syslog server and 2 databases:
  • syslog-ng-1server-2databases.png
  • A simple layout with 2 syslog server and 2 databases:
  • syslog-ng-2server-2databases.png

    10.15.4. Syslog configuration

    10.15.4.1. Add a new server

    First you have to add a new server:
    syslog-ng-new-server.png
    You have to configure this server, with the same name and IP setting in the SSH client module because the configuration is transfered via ssh to the server. Also the reload (or restart, stop and start) commands are sended via ssh.

    10.15.4.2. Add a new database

    You need at least one database to add tables as destination for syslog messages:
    syslog-ng-new-database.png

    10.15.4.3. Add a new table (destination)

    Add a table to a database to hav a new destination for syslog messages.
    syslog-ng-new-table.png
    After creating a table you have a new destionation configured to use:
    syslog-ng-new-destionation-aftertablecreate.png

    10.15.4.4. Create new config

    Please reffer to the syslog-ng documentation to get more information about the configuration.
    10.15.4.4.1. Add new source
    Chooce a name and Source:
    syslog-ng-new-source.png
    After create a new source you can edit it.
  • Example for external source:
  • udp(); tcp(max-connections(100));
  • Example for internal source:
  • internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: "));

    10.15.4.4.2. Add new filter
    syslog-ng-new-filter.png
    After create a new filter you can edit it.
    10.15.4.4.3. Add new destination
    syslog-ng-new-destination.png
    After create a new destination you can edit it.
    10.15.4.4.4. Combine config for a server
    The global options have to be defined per server:
    syslog-ng-global-options.png
    Chooce a name to add a new log entry:
    syslog-ng-add-log.png
    10.15.4.4.4.1. Add destination to log
    A destination is required for a log entry:
    syslog-ng-log-add-destination.png
    10.15.4.4.4.2. Add source to log
    A source is required for a log entry:
    syslog-ng-log-add-source.png
    10.15.4.4.4.3. Add filter to log
    A filter is not required but should also be added to a log entry:
    syslog-ng-log-add-filter.png

    10.15.4.5. View and write config

    View the config for this server:
    syslog-ng-view-config.png
    Write config:
    syslog-ng-write-config.png
  • Restart syslog: chooce this option if you want to send a reload to the syslog-ng after writing the config.

  • 10.15.4.6. Server commands

    You can send the following commands to the server:
  • Reload
  • Stop
  • Start
  • Restart
  • syslog-ng-commands.png

    10.15.4.7. Logs

    The logs are stored in tables. You can view and search each table.
    10.15.4.7.1. View the logs
    syslog-ng-view-logs.png
  • Show table: chooce the table to view.
  • Sorting: sort the entries by clicking on the fieldname.
  • Pagelinks: go to special page.
  • Entries found: count entries matching the current filter.
  • Group entries: group the entries to dont show the same massage more than one time.

  • 10.15.4.7.2. Filter the logs
    syslog-ng-filter-logs.png
  • Positive Filter: match the [sub]string.
  • Negative Filter: starting with "!" will show all entries which do not match the [sub]string.

  • 10.15.4.7.3. Global search around all tables and all databases
    syslog-ng-global-search.png

    10.15.4.8. Statistic

    syslog-ng-statistic.png

    10.15.4.9. Statistic Graph

    syslog-ng-statistic-graph.png

    10.15.5. Rotate the tables:

    When you have more than one table it will be better to use an own database for the old logs and rotate them every ... create a database (eg. syslog_old) crate a user which has access to write to he database: GRANT ALL PRIVILEGES ON syslog_old.* TO USERNAME@'localhost' IDENTIFIED BY 'PASSWORD';
    If you want to rotate the tables you can use this script (example):
    #!/bin/bash
    # ATTANTION THIS SCRIPT WILL ROTATE ALL TABLES IN THE GIVEN DB
    SQLHOST=localhost
    SQLUSER=USERNAME
    SQLPASS=PASSWORD
    SQLDB=syslog
    SQLOLDDB=syslog_old
    TIMESTAMP=`date +%Y-%m-%d-%H%M`
    TEMPNAME=_tmp_table
    mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "SHOW TABLES;" > /tmp/.tablelist if [ "$?" -eq "0" ] then for TABLE in `cat /tmp/.tablelist` do mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DESCRIBE $TABLE;" > /dev/null 2>&1 if [ "$?" -eq "0" ] then #if describe runs fine the table exists # first we create the new table mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "CREATE TABLE `$SQLDB`.`$TABLE$TEMPNAME`(`host` varchar(32) default NULL,`source_ip` varchar(32) default NULL, `facility` varchar(10) default NULL,`priority` varchar(10) default NULL,`tag` varchar(10) default NULL,`unixtime` varchar(20) default NULL, `program` varchar(15) default NULL, `msg` text,`seq` bigint(20) unsigned NOT NULL auto_increment, PRIMARY KEY (`seq`),KEY `host` (`host`), KEY `program` (`program`),KEY `priority` (`priority`),KEY `facility` (`facility`));" if [ "$?" -eq 0 ] then # now we have the new table and can start renaming mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "ALTER TABLE `$TABLE` RENAME `$TABLE$TEMPNAME$TIMESTAMP`; ALTER TABLE `$TABLE$TEMPNAME` RENAME `$TABLE`;" if [ "$?" -eq 0 ] then #all renaming runs fine now we can safely work with the data mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLOLDDB -e "CREATE TABLE `$SQLOLDDB`.`$TABLE$TIMESTAMP`( `host` varchar(32) default NULL, `source_ip` varchar(32) default NULL, `facility` varchar(10) default NULL, `priority` varchar(10) default NULL, `tag` varchar(10) default NULL, `unixtime` varchar(20) default NULL, `program` varchar(15) default NULL, `msg` text, `seq` bigint(20) unsigned NOT NULL auto_increment, PRIMARY KEY (`seq`),KEY `host` (`host`), KEY `program` (`program`), KEY `priority` (`priority`), KEY `facility` (`facility`));" mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLOLDDB -e "INSERT INTO `$SQLOLDDB`.`$TABLE$TIMESTAMP` SELECT * FROM `$SQLDB`.`$TABLE$TEMPNAME$TIMESTAMP`;" mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DROP TABLE `$TABLE$TEMPNAME$TIMESTAMP`;" else echo "error renaming tables from $TABLE" exit 3 fi else echo "error creating $TABLE$TEMPNAME" exit 2 fi fi done else echo "error in db connection" exit 1 fi

    10.15.6. Clear old syslog entries

    If you want to delete old entries (e.g. older than 1 week) you can use this script (example):
    #!/bin/bash
    # ATTANTION THIS SCRIPT WILL CLEAR ALL TABLES IN THE GIVEN DB
    SQLHOST=localhost
    SQLUSER=USERNAME
    SQLPASS=PASSWORD
    SQLDB=syslog
    TIMESTAMP=`date +%s`
    DELETESPAN=604800
    DELETETIMESTSAMP=$((TIMESTAMP-DELETESPAN))
    mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "SHOW TABLES;" > /tmp/.tablelist if [ "$?" -eq "0" ] then for TABLE in `cat /tmp/.tablelist` do mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DESCRIBE $TABLE;" > /dev/null 2>&1 if [ "$?" -eq "0" ] then #if describe runs fine the table exists # first we create the new table mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DELETE FROM `${SQLDB}`.`${TABLE}` WHERE unixtime<${DELETETIMESTSAMP};" if [ "$?" -eq 0 ] then echo "${SQLDB} ${TABLE} cleared" mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "OPTIMIZE TABLE `${SQLDB}`.`${TABLE}`;" else echo "${SQLDB} ${TABLE} failed" fi fi done else echo "error in db connection" exit 1 fi

    10.16. dhcp_ldap

    dhcp_ldap.png dhcp_ldap

    10.16.1. Description

    The dhcp_ldap module is to manage your DHCP entries in your ldap database.

    10.16.2. Installation

    Simple install the module via settings->modules.

    10.17. Inventory

    fusioninventory.png Inventory

    10.17.1. Description

    The fusioninventory module is the server part of the fusioninventory agent.

    10.17.2. Installation

    Simple install the module via settings->modules.

    10.17.3. Usage

    If you install the fusioninventory agent you have to specify the following:
  • Username / Password
  • Realm
  • URI

  • You have to set up a user which should be specified during the installation / configuration part of the agent. You can set the realm in the configuration page in settings->modules->fusioninventory. The URI has to be in this form:
  • http[s]://YOURSERVER/PATH/www/modules/fusioninventory/controller.php
  • It is recommended to use the https protocol to protect your username/password.

    10.17.4. Settings

    10.17.4.1. Global module settings

    fusioninventory_settings_en.png
  • Number of hours between two runs of the agent.
  • Add host to database if no entry exist
  • Delete old inventory sets from older clients
  • Automatic assign inventory to host
  • Save xml files
  • Path to save XML files
  • Realm
  • Time in miliseconds after the live search will be send
  • 10.17.4.2. User settings

    fusioninventory_settings_user_en.png
  • Activate live search
  • Entries per page
  • 10.18. cron

    cron.png cron

    10.18.1. Description

    The cron module is to manage cron scripts in one database.

    10.18.2. Installation

    Simple install the module via settings->modules. After that you have a set of default crons in the database.

    10.18.3. Install on clients

    10.18.3.1. Run the container Script via scheduled task on Windows systems

    Simple add the curl files and the container.cmd into the %WINDIR% directory and add a scheduled task (in this case it runs every 5 minutes):
    schtasks /create /sc minute /mo 5 /ru "System" /tn "container-script uranos" /tr "%WINDIR%container.cmd"

    10.19. Search

    search.png Search

    10.19.1. Description

    The search module is the main entry point for each module and connector search. With the help of this module you are able to search each module and connector which provides a search interface.

    10.19.2. Installation

    Simple install the module via settings->modules.

    10.20. Wiki

    quwiki.png Wiki

    10.20.1. Description

    The quwiki module is to manage the documentation of this software and your own documentation in an easy to use format.

    10.20.2. Installation

    Simple install the module via settings->modules.
    Use the "Generate documentation" to regenerate the documentation of this software.

    10.21. radius_ldap

    radius_ldap.png radius_ldap

    10.21.1. Description

    With this module you can manage different VLANs for mac-based-vlan from LDAP.

    10.21.2. Setup freeradius

    10.21.2.1. radiusd.conf

    authorize {
            attr_filter
            #auth_log
            #set AUTH Type
            #rewrite to normal mac address with no delimiter to compare with username
            rewrite_calling_station_id_no
            if(User-Name =~ /^%{Calling-Station-ID}$/i){
                    #rewrite to normal : mac address
                    rewrite_calling_station_id_normal
                    update control {
                            Auth-Type = 'LDAPMAC'
                    }
                    update request {
                            User-Name := "%{Calling-Station-ID}"
                            }
                    ldap-macaddress {
                            notfound = reject
                    }
            }
    }
    authenticate {
            Auth-Type LDAPMAC {
                    #return ok no bind as user is required
                    ok
            }
    }
    #this section is to post the logs into a file which will be parsed to the database
    post-auth {
            #sqlok
            Post-Auth-Type REJECT {
                    attr_filter.access_reject
                    #sqlfailed
            }
    }

    10.21.2.2. Functions to rewrite mac-address

    Include the file via $INCLUDE rewritemac.conf in your radiusd.conf:
    #
    # Rewrite called station id attribute into a standard format.
    #
    policy {
    	rewrite_calling_station_id_no {
    		if(request:Calling-Station-Id =~ 
    			/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){
    			update request {
    				Calling-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
    			}
    		}
    		else {
    			noop
    		}
    	}
    	rewrite_calling_station_id_normal {
    		if(request:Calling-Station-Id =~ 
    			/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){
    			update request {
    				Calling-Station-Id := "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
    			}
    		}
    		else {
    			noop
    		}
    	}
    }

    10.21.2.3. ldap configuration

    contents of file: modules/ldap
    ldap ldap-macaddress {
            server = "ldap.example.com"
            #ldap_debug = 0x0028
            identity = "cn=radius,ou=DSN,dc=example,dc=com"
            password = verysecret
            basedn = "o=radius,dc=example,dc=com"
            base_filter = "(objectclass=radiusObjectProfile)"
            filter = "(radiuscallingstationid=%u)"
            access_attr_used_for_allow = yes
            access_attr = "radiusTunnelPrivateGroupId"
            port = 636
            set_auth_type = no
            tls_require_cert = "never"
            dictionary_mapping = ${raddbdir}/ldap.attrmap
            ldap_connections_number = 5
            timeout = 5
            timelimit = 3
            net_timeout = 2
    }

    10.21.2.4. log configuration

    The modules/sql_log should contain 2 sections, one for failed and one for ok:
    sql_log sqlfailed {
    	path = "${radacctdir}/sql-relay"
    	postlog_table = radiuslog
    	utf8 = yes
    	Post-Auth = "INSERT INTO ${postlog_table} 
    				(callingstationid,nasipaddress,logtime,nasipport,username,failed) 
    				VALUES ('%{Calling-Station-Id}','%{NAS-IP-Address}','%S','%{NAS-Port}',
    				'%{User-Name}',1) ON DUPLICATE KEY UPDATE nasipaddress=VALUES(nasipaddress), 
    				nasipport=VALUES(nasipport), logtime=VALUES(logtime), failed=VALUES(failed);"
    }
    sql_log sqlok {
    	path = "${radacctdir}/sql-relay"
    	postlog_table = radiuslog
    	utf8 = yes
    	Post-Auth = "INSERT INTO ${postlog_table} 
    				(callingstationid,nasipaddress,logtime,nasipport,username,failed) 
    				VALUES ('%{Calling-Station-Id}','%{NAS-IP-Address}','%S','%{NAS-Port}',
    				'%{User-Name}',0) ON DUPLICATE KEY UPDATE nasipaddress=VALUES(nasipaddress), 
    				nasipport=VALUES(nasipport), logtime=VALUES(logtime), failed=VALUES(failed);"
    }

    After that you could add the log entries to the post-auth section of radiusd.conf:
    post-auth {
            sqlok
            Post-Auth-Type REJECT {
                    attr_filter.access_reject
                    sqlfailed
            }
    }

    10.21.3. Deploy logs to database

    After you have installed the module you have a table called radiuslog Here is the script which deploy the log to the database:
    #!/bin/bash
    #Main settings
    LOGFILE=/var/log/freeradius/radacct/sql-relay
    DB_TABLE=radiuslog
    DB=uranos
    DB_USER=uranos-dbuser
    DB_PASS=verysecret
    DB_FILE=/tmp/radiussql.$$
    DB_HOST=mysql.example.com
    #copy logfile cp $LOGFILE $DB_FILE #empty log cat /dev/null > $LOGFILE
    mysql -u $DB_USER -h $DB_HOST --password=$DB_PASS $DB < $DB_FILE
    #at last remove logfile rm $DB_FILE

    You can run this script via a cron job.
    Altenativ you can run the radsqlrelay perl script which is deployed with freeradius.
    radsqlrelay -d mysql -b uranos -h mysql.example.com -u uranos-dbuser -p verysecret /var/log/freeradius/radacct/sql-relay

    10.22. Installation

    unattended.png Installation

    10.22.1. Description

    The unattended module is to manage harddisks and os installations through templates.

    10.22.2. Installation

    Simple install the module via settings->modules.

    10.22.2.1. Get harddisk and os templates

    You can import the os templates and harddisk templates from a local file, or from the sourceforge.net side.
    Local import:
    import_en_local.png
    Remote import:
    import_en_remote.png

    10.22.2.2. Prepare Operating system

    After importing the templates you can configure the operating systems you want:
    10.22.2.2.1. Create os
    create_os_en_part1.png
  • Name: The name of the operating system.
  • OS temapltes: The template you want to use (e.g for windows XP chooce "Windows - XP")
  • Comment: An optional comment to identify the configured tempalte.

  • 10.22.2.2.2. Configure os
    After you have create an os you can configure it and make your settings. The settings you made here will override the default settings from the template.
    configure_os_en_part1.png
    Press Content to get to the settings of this os.
    configure_os_en_part2.png
    On the left side you can go to each section. On the right side you can set the values of the differnt keys. If you chooce Dont use this key via the checkbox right of the key value this key will not be used. If all keys from one section will be disabled the section will not appear in later settings. You can use the following placeholders which will be replaced by the specified key from the inventory information of a system:
  • ###MAC### first macaddress
  • ###MAC2### second macaddress
  • ###MAC3### third macaddress
  • ###MAC4### fourth macaddress
  • ###WLAN### first wlan macaddress
  • ###WLAN2### second wlan macaddress
  • ###BLUETOOTH### bluetooth macaddress
  • ###IP### first IP address
  • ###IP2### second IP address
  • ###COMPUTERNAME### the computer name
  • ###MAIN_USER### the uid from the main user
  • ###SUPPLIER### the supplier
  • ###SUPPLYDATE### the supplydate
  • ###SERIAL### the serial number
  • ###PRODUCER### the producer
  • ###DESCRIPTION### the desription
  • ###SERVICETAG### the servicetag
  • ###INVENTORY### the inventory number
  • ###WARRENTY### the warrentydate
  • ###ROOM### the room number
  • ###COMMENT### the comment

  • 10.22.2.3. info.txt

    In each folder in z/os/ you should hold an info.txt:
    PRODUCT: The name of the product (e.g. Windows7|Vista|XP|...)
    SERVICEPACK: The servcie pack (e.g. 2)
    PRODUCTLANG: The main language of the product (e.g. en-EN)
    ARCH: The architekture (x86 or x86_64)
    ISO: If you want to use an iso file (only valid for FILETYPE=0 and FILETYPE=wim) set the filename here.
    	You have to create an iso directory in the same directory where the iso file is located, e.g. /z/os/winxp/iso.
    	You also have to set the FILE to the correct filename - e.g. iso/sources/install.wim.
    ISOTYPE: udf|iso9660 the filesystem on the ISO file, normaly udf for DVDs and iso9660 for CDs
    FILE: The complete path to the file, or if FILETYPE=0 you can leave this empty or if FILELOC=0 
    	only the filename (e.g. xp.tar.bz2 or vista.dd.bz2 or http://example.com/file.bz2)
    FILELOC: Filelocation can be 0 for this directory or 1 for http/ftp 2 for multicast
    FILESIZE: The original size of the Disk/Partition, this is only (optional) needed for images, 
    	clones and partimages. A suffix of "k", "m", "g", or "t" can be added to denote kilobytes (*1024), 
    	megabytes, and so on.
    FILETYPE: Filetype can be:
    	0 = standard installation files
    	tar.gz = tar.gz compressed install files
    	tar.bz2 = tar.bz2 compressed install files	
    	tar.7z = tar install files compressed with 7z
    	7z = install files packed and compressed with 7z
    	wim = default windows image format
    	image = uncompressed dd image
    	image.gz = gzipped dd image
    	image.bz2 = bziped dd image
    	image.7z = dd image compressed with 7z
    	partimage = partition dd image
    	partimage.gz = gzipped partition dd image
    	partimage.bz2 = bziped partition dd image
    	partimage.7z = partition dd image compressed with 7z
    	clone.TYPE = filesystem-clone
    	clone.TYPE.gz = gzipped filesystem-clone
    	clone.TYPE.bz2 = bziped filesystem-clone
    	clone.TYPE.7z = filesystem-clone compressed with 7z
    DRIVERDIR: The directory which holds the dirvers for the os. This directory will be copied 
    	to the root of the operating system. This only affect to Windows operating systems.
    DRIVERDIR_SCANDRIVERS: Scan DRIVERDIR for *.inf files which contain the following:
    	 -> if DRIVERDIR_SCANDRIVERS: VENDORID -> copy only directories which contains *.inf files 
    	 that matches the vendorid
    	 -> if DRIVERDIR_SCANDRIVERS: DEVICEID -> copy only directories which contains *.inf files 
    	 that matches the vendorid and the deviceid
     	For Windows XP the OEM_PNP_DRIVERPATH will be set automatically via the script.
     	In Windows Vista, 7 and 2008 you have to set the DRIVERPATH to %SystemDrive%drv_s
    DRIVERDIR_SCANDRIVERS_COPY_SUBDIRS: If this option is set also the Subdirectories from a matched DRIVERDIR
    	is copied. This can be helpful if the inf files are not in the same directory like the driver files.
    DRIVERPACKSDIR: (normaly /z/drivers/driverpacks/) The directory which holds the compressed 
    	(currently only 7z is implemented) dirvers for the os. 
    	This files will be extract to the root of the operating system to the directory D/. 
    	This only affect to Windows operating systems.
     	You can place your own files there with the following limitations:
     		Directory: /z/drivers/driverpacks/xp is for os W2000,W2003 and XP
     					/z/drivers/driverpacks/vista ist for Vista, 2008 and 7 (each ARCH)
     		ARCH: The files in the directory must conatin the ARCH e.g. DP_Chipset_wnt6-x64_10071.7z 
     			(here the x64 will match)
     	For Windows XP the OEM_PNP_DRIVERPATH will be set automatically via the script and are extracted 
     	to %SystemDrive%D.
     	In Windows Vista, 7 and 2008 you have to set the DRIVERPATH to %SystemDrive%Driverpacks see: 
     	http://technet.microsoft.com/en-us/library/cc766485%28WS.10%29.aspx.
    DRIVER_PATH_TO_LONG_QUESTION: Specify the answer to the question when the path of the OEM_PNP_DRIVER_PATH 
    	is to long when installing W2K, XP or 2003
    UDPRECEIVEROPTS: The options passed to udp-reciever, you can specify:
    
  • log file
  • Logs some stuff into file.
  • nokbd
  • Do not read start signal from keyboard, and do not display any message telling the user to press any key to start.
  • start-timeout sec
  • receiver aborts at start if it doesn't see a sender within this many seconds. Furthermore, the sender needs to start transmission of data within this delay. Once transmission is started, the timeout no longer applies.
  • portbase portbase
  • Default ports to use for udpcast. Two ports are used: portbase and portbase+1 . Thus, Portbase must be even. Default is 9000. The same portbase must be specified for both udp-sender and udp-receiver.
  • ttl ttl
  • Time to live for connection request packet (by default connection request is broadcast to the LAN's broadcast address. If ttl is set, the connection request is multicast instead to 224.0.0.1 with the given ttl, which should enable udpcast to work between LANs. Not tested though.
  • mcast-rdv-address address
  • Uses a non-standard multicast address for the control connection (which is used by the sender and receivers to "find" each other). This is not the address that is used to transfer the data. By default mcast-rdv-address is the Ethernet broadcast address if ttl is 1, and 224.0.0.1 otherwise. This setting should not be used except in very special situations, such as when 224.0.0.1 cannot be used for policy reasons.
  • exit-wait milliseconds
  • When transmission is over, receiver will wait for this time after receiving the final REQACK. This is done in order to guard against loss of the final ACK. Is 500 milliseconds by default.
  • nosync
  • Do not open target in synchronous mode. This is the default when writing to a file or a pipe.
  • sync
  • Write to target in synchronous mode. This is the default when writing to a device (character or block)

    10.22.3. Operating systems

    10.22.3.1. Install methods

    10.22.3.1.1. Directly
    Installing directly from source you only have to copy the install files to z/os.
    You should have there always an info.txt in the directory. For example here is one for windows XP:
    PRODUCT: XP
    SERVICEPACK: 3
    PRODUCTLANG: en-EN 
    ARCH: x86
    FILELOC: 0

    For all linux distributions you can use your own mirror or an mirror outside. This depends on the distribution. In most cases you can specify the location of your source in the answer file.
    If you have problems to mount the z share case insensitiv you have to rename all the files in i386/ to lowercase.
    Here is an example for an folder structure:
  • z/os/xpdesp3/i386 <- this is the directory which contains the contents of the installation CD
  • z/os/xpdesp3/info.txt <- the info file

  • z/os/xpdesp3-packed/xpdesp3.tar.bz2 <- this is the file which contains the contents of the installation CD
  • z/os/xpdesp3-packed/info.txt <- the info file

  • z/os/xpensp1x64/amd64 <- this is the directory which contains the contents of the installation CD
  • z/os/xpensp1x64/i386 <- this is the directory which contains the contents of the installation CD
  • z/os/xpensp1x64/info.txt <- the info file

  • It is possible to hold the contents of the cd in a compressed form. The following archives are supported:
  • tar.gz = tar.gz compressed install files
  • tar.bz2 = tar.bz2 compressed install files

  • 10.22.3.1.2. Image
    Installing/publish an image gives you the possibility to install/restore nearly all operating systems you want. Simple place the image in an extra folder in z/os. See the section info.txt for setting up the info.txt file.
    10.22.3.1.3. Transfermodes
    There are different transfer modes for the installationfiles which are specified by "FILELOC". FILELOC can be 0 for standard installation files, these files will be transfered directly from the mounted volume (normaly cifs).
  • Example:
  • FILE: file.tar.bz2
    FILELOC: 0
    If you want to transfer the files from ftp/http you have to set FILELOC: 1 and give the url in FILE parameter.
  • Example:
  • FILE: http://example.com/file.tar.bz2
    FILELOC: 1
    If you set FILELOC to 2, multicast is used to transfer the file. If you have specified more than one sender, you have to set the correct UDPRECEIVEROPTS.
  • Example:
  • FILE: file.tar.bz2
    FILELOC: 2
    UDPRECEIVEROPTS: --log /var/log/udp-receiver.log --portbase 8500 --nokbd --sync
    On the server side the udp-sender have to run. For more informations take a look into the command line description of udpcast.

    10.22.3.2. Windows

    You can access the unattended.[txt|xml] file via this http://YOURSERVER/external.php?function=install_os&computer=COMPUTERNAME side with the browser, or:
    wget -O unattend.txt http://YOURSERVER/external.php?function=install_os&computer=COMPUTERNAME
    to save the informations to a file. The boot-cd contains a script which controls the complete setup for windows include getting this file.
    10.22.3.2.1. Windows 2000/XP/2003
    For this versions you can use both install methods. Simple copy the content of your installation CD into an folder in z/os:
  • z/os/xpdesp3/i386 <- this is the directory which contains the contents of the installation CD
  • z/os/xpdesp3/info.txt <- the info file

  • You can also pack the i386 [and amd64 for XP-64bit] directory to speed up the installation over slow networks:
  • z/os/xpdesp3-packed/xpdesp3.tar.bz2 <- this is the file which contains the contents of the installation CD
  • z/os/xpdesp3-packed/info.txt <- the info file
  • This can be done by running the command:
    tar cjpf xpdesp3.tar.bz2 i386/

    10.22.3.2.2. Windows Vista/2008/Windows7
    10.22.3.2.2.1. Install method wim file
    You can use your prepared install file or the original from the install DVD. Simple place the file into a subdirectory in z/os:
  • z/os/win7-de-x86/install.wim <- this is the wim file from the DVD
  • z/os/win7-de-x86/info.txt <- the info file
  • The info file should contain at least:
    PRODUCT: Windows7
    SERVICEPACK: 0
    PRODUCTLANG: de-DE
    ARCH: x86
    FILE: install.wim
    FILELOC: 0
    FILETYPE: wim
  • set the wim_index in your answer file (_meta section).
  • The wim_index will indicate what product you want to install from the wim.
    You dont need to add drivers to the wim, check out the info.txt how to add drivers during the installation. If you have an audit section in your answer file (uranos default) the audit mode (with is searching for and install drivers) will run first. Read more here: http://technet.microsoft.com/en-us/library/hh824920.aspx#bkmk_4
    Here are some links to add drivers to the wim (if you want to do so):
  • http://technet.microsoft.com/en-us/library/cc766141%28WS.10%29.aspx
  • http://superuser.com/questions/63773/how-to-add-drivers-to-windows-7-installation-dvd

  • You can also build a new wim file from a pre configured machine. See section 3.2.2.2. for prepartion and run after that (from the boot environment)
     imagex capture /dev/hda1 (chooce the right partition where your installation is located) /z/os/MYWINXXX/install.wim IMAGE_NAME DESCRIPTION --compress=maximum
    10.22.3.2.2.2. Install method ntfsclone
    The installation proccess of this versions is always an image installation. For installing this versions via unattended and the ntfsclone method you have to prepare it in the following way:
  • Make a clean vista/7/2008 installation (we suggest to use a 15-20GB partition) - install servicepacks and / or updates if you want.
  • Activate the administrator account.
  • Log off if you are not in the administartor account.
  • Log in as administrator.
  • Delete the files from the user and the user account itself.
  • Install ServicePacks (optional). (USE c:\Windows\System32\vsp1cln.exe /verbose for cleaning up SP1 installation backup files and c:\Windows\System32\compcln.exe for cleaning up SP2 installation backup files and DISM.exe /online /Cleanup-Image /spsuperseded /hidesp on W2k8 R2 SP1)
  • Install software (optional). This is not recommended because of to stay up to date with the programs.
  • Personalize the administrators desktop (optional).
  • Install your MAK (optional).
  • Set the IDE controller driver to \"Standard IDE Controller\" - this is normaly done by the /generalize pass, but we need the generalize pass later (see "How it works")
  • Check if the Start Reg_Word in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msahci is set to 0 http://support.microsoft.com/kb/922976/en-us
  • At last run the command: %WINDIR%\system32\sysprep\sysprep.exe /audit /shutdown

  • 10.22.3.2.2.2.1. Save a ntfsclone
  • Boot into boot-cd
  • Save the image to an mounted volume:
  •  ntfsclone -s -o /z/os/vista-x86-SP2/vista-x86-SP2-de.clone.ntfs /dev/hda1
  • Optional you can zip or bzip it
  • bzip2 /z/os/vista-x86-SP2/vista-x86-SP2-de.clone.ntfs
  • At last create the info.txt. For this example:
  • PRODUCT: Vista
    SERVICEPACK: 1
    PRODUCTLANG: de-DE
    ARCH: x86
    FILE: vista-x86-SP2-de.clone.ntfs.bz2
    FILELOC: 0
    FILETYPE: clone.ntfs.bz2
    FILESIZE: 11000m
    10.22.3.2.2.2.2. Save a partimage via dd
  • Boot into boot-cd
  • Save the image to an mounted volume:
  • dd if=/dev/hda1 of=/z/os/vista-x86-SP2/vista-x86-SP2-de.partimage
  • Optional you can zip or bzip it
  • bzip2 /z/os/vista-x86-SP2/vista-x86-SP2-de.partimage
  • or run it as one command:
  • dd if=/dev/hda1 | bzip2 - > /z/os/vista-x86-SP2/vista-x86-SP2-de.partimage.bz2
  • At last create the info.txt. For this example:
  • PRODUCT: Vista
    SERVICEPACK: 1
    PRODUCTLANG: de-DE
    ARCH: x86
    FILE: vista-x86-SP2-de.partimage.bz2
    FILELOC: 0
    FILETYPE: partimage.bz2
    FILESIZE: 15000m

    10.22.3.2.2.2.3. How it works:
  • next time the machine boots into the auditSystem pass of windows setup to set the admin password, enable autologon and to add drivers
  • after that the auditUser pass runs sysprep /generalize /oobe /reboot command to go to the specialize and oobe part of the answer file
  • the specialize part is to activate the admin account, set computer name, ProductKey and JoinDomain or JoinWorkgroup
  • at last the oobeSystem part sets all other infos, install software via postinst.js and activate Windows
  • 10.22.3.2.2.3. Windows error codes
    http://msdn.microsoft.com/en-us/library/ms681381%28v=VS.85%29.aspx

    10.22.3.3. Kickstart

    Uranos can also produce kickstart files. The following distribution use kickstart and there is a template for each. To use the answer file you can add this line to the kernel append to boot the installation:
    ks=http://YOURSERVER/external.php?function=install_os

    10.22.3.3.1. CentOS
  • Web: http://www.centos.org/

  • 10.22.3.3.2. Fedora
  • Web: http://fedoraproject.org/

  • 10.22.3.3.3. RHEL
  • Web: http://www.redhat.com/rhel/

  • 10.22.3.3.4. ScientificLinux
  • Web: https://www.scientificlinux.org/

  • 10.22.3.3.5. ESX
  • Web: http://www.vmware.com/
  • You should add also the ksdevice and ip:
    ksdevice=eth0 ip=dhcp ks=http://YOURSERVER/external.php?function=install_os
    You could also specify a static ip configuration: [[code#:mem=512M quiet ksdevice=eth0 ip=10.0.0.10 netmask=255.255.255.0 gateway=10.0.0.1 nameserver=10.10.0.2]]

    10.22.3.4. Presseed

    Uranos can also produce presseed files. The following distribution use presseeding and there is a template for each. To use the answer file you can add this line to the kernel append to boot the installation:
    auto=true priority=critical console-setup/layoutcode=de  locale=de_DE url=http://YOURSERVER/external.php?function=install_os --

    10.22.3.4.1. Debian
  • Web: http://www.debian.org/

  • 10.22.3.4.2. Ubuntu
  • Web: http://www.ubuntu.com/

  • To get use of the partition settings you have to disable the following entries in the template:
  • Auto partitioning
  • Auto partitioning device
  • Auto partitioning recipes
  • Auto partitioning own recipes

  • If you use a stitic ip configuration you have to add:
    killall.sh; netcfg
    in the early script.

    10.22.3.5. openSuSE/SLES

  • Web (SLES): http://www.novell.com/de-de/products/server/
  • Web (openSuSE): http://opensuse.org/

  • Uranos can also produce xml files for SLES and OpenSuSE. To use the answer file you can add this line to the kernel append to boot the installation:
    autoyast=http://YOURSERVER/external.php?function=install_os

    11. Connectors

    11.1.

    ocsinventory_ng.png doc:connectors:ocsinventory_ng:help

    11.1.1. Description

    This connector will search your OCS database for the computername and display the results.

    11.1.2. Installation

    Simple install the connector via settings->connectors.

    11.1.3. Configuration

    You can reach the configuration in the main settings module in the connectors section. There is a "Configuration" link behind the conncetor if the connector is installed.
    ocsinventory_ng_config.png
  • Hostname the hostname where ocsinventory server is located.
  • Username the user to access the ocsinventory server.
  • Password the password for the user to access the ocsinventory server.
  • The hostname will be used to generate the links to access the soap interface:
  • http://HOSTNAME/Apache/Ocsinventory/Interface
  • http://HOSTNAME/ocsinterface

  • For more informations check the documentation of OCS:
  • http://wiki.ocsinventory-ng.org/index.php/Developers:Web_services
  • http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=98&cntnt01returnid=80

  • 11.1.4. Usage

    After configure your os inventory server will be searched for this hostname.

    11.2.

    rt.png doc:connectors:rt:help

    11.2.1. Description

    Connect your RT http://bestpractical.com/rt/ database. This connector will search your RT database for the current computername to display all requests.

    11.2.2. Installation

    Simple install the connector via settings->connectors.

    11.2.3. Configuration

    You can reach the configuration in the main settings module in the connectors section. There is a "Configuration" link behind the conncetor if the connector is installed.
    rt_config.png
  • Database user the user to access the rt database.
  • Database password the password for the database user to access the rt database.
  • Database host the hostname where the rt database is located.
  • Link to rt host link to your request tracker host. This link will be used to generate links to the tickets.

  • 11.2.4. Usage

    After configure you should see all tickets found in the rt database:
    rt_view.png
    You can click on the Ticket ID or the Subject to go directly to the ticket.

    11.3.

    dns_ldap.png doc:connectors:dns_ldap:help

    11.3.1. Description

    Manage DNS entries for the systems.

    11.3.2. Installation

    Simple install the connector via settings->connectors. You will need also the dns_ldap module installed.

    11.4.

    remotecmd.png doc:connectors:remotecmd:help

    11.4.1. Description

    Specify and run remote commands. You can run remote commands on ssh enabled hosts (module ssh_client needed) and on windows machines.

    11.4.2. Installation

    Simple install the connector via settings->connectors. You will need also the ssh_client and computer module installed.

    11.4.3. Configuration

    In the main configuration you have to set the path to psexec.exe on windows systems. On Linux set the path to winexe.
    remotecmd_pathsettings.png
  • Path to winexe (on windows path to psexec.exe): Full path to winexe/psexec
  • winexe/psexec options: Options for the command psexec: use -s to run it on the system account winexe: --interactive=0 --system to run it on the system account --uninstall to remove the service after execution

  • 11.4.3.1. Configure credentials


    remotecmd_credentials_new.png
  • Name: Uniq name of the credentials
  • Username: The remote username to run the command
  • Password: The password for the remote user - for ssh you have to provide the username which ssh keys should be used

  • You can view, edit and delete the credentials from this view:
    remotecmd_credentials.png

    11.4.3.2. Configure commands

    remotecmd_commands_new.png
  • Name: Uniq name of the command
  • Type: Choose if this is a ssh or winexe/psexec command
  • Default credentilas: Choose the default credentials to use with this command
  • Command: The contents of the command

  • Here is an example to use the scanwinupdates.js to scan hosts for updates:
    @echo off
    IF EXIST z: net use z: /DELETE
    net use z: \\ntinstall\install secretpassword /USER:DOMAIN\user
    cscript /nologo z:\bin\scanwinupdates.js > z:\updates\scans\%COMPUTERNAME%.xml
    net use z: /DELETE
    

    You can view, edit and delete the commands from this view:
    remotecmd_commands.png

    11.4.3.3. Logs

    You can view and delete the logs from this view.
    remotecmd_logs.png

    11.4.4. Usage

    11.4.4.1. Run command from the connector

    Simple choose the command and press "run". This will execute the selected command with the default credentials for this command. If you want to use your own credentials choose the entry "Use own credentials" and set your username and your password. If you want to run an ssh command with your own credentials you have to set the username to the remote users name (e.g. root) - you dont need to specify a password because the ssh command will use your ssh_keys.
    remotecmd_run.png

    11.4.4.2. Run commands via cron / script

    Here is an example script which runs commandid 3 with the default credentials on host: host.example.com
    #!/usr/bin/php5 -f
    <?php
    //global settings
    $INCexternal="/var/www/install/uranos-svnroot/www/include/INCexternal.php";
    //require system
    require_once ($INCexternal);
    ini_set ('display_errors',true); ini_set ('display_startup_errors',true); error_reporting(E_ALL^E_NOTICE);
    if (!require_connector_file('remotecmd','connector.php')) { exit; } $host='host.example.com'; $out=remotecmd_run($host,3); echo "* command executed on host $host:n"; echo $out['command']; echo "n"; if ($ret['stat']==0) { echo "* command run with exit state 0n"; } else { echo "* command failed with exit state ".$ret['stat']."n"; } echo "* Output:n"; if (is_array($out['out'])) { foreach ($out['out'] as $o) { echo $o."n"; } } ?>

    Here is an example to run a command on each host in group "example" with username and password:
    #!/usr/bin/php5 -f
    <?php
    //global settings
    $INCexternal="/var/www/install/uranos-svnroot/www/include/INCexternal.php";
    //require system
    require_once ($INCexternal);
    //required for the getGROUPCOMPUTERS
    $INCuser="/var/www/install/uranos-svnroot/www/include/APIuser.php";
    require_once ($INCuser);
    ini_set ('display_errors',true);
    ini_set ('display_startup_errors',true);
    error_reporting(E_ALL^E_NOTICE);
    if (!require_connector_file('remotecmd','connector.php')) { exit; } //Select hosts the groupid is the id of the group $groupid=2; $examplehosts=getGROUPCOMPUTERS($groupid); if (is_array($examplehosts['entries'])) { foreach ($examplehosts['entries'] as $h) { $host=$h['computername']; $out=remotecmd_run($host,3,"Adminsitrator","seCret"); echo "* command executed on host $host:n"; echo $out['command']; echo "n"; if ($ret['stat']==0) { echo "* command run with exit state 0n"; } else { echo "* command failed with exit state ".$ret['stat']."n"; } echo "* Output:n"; if (is_array($out['out'])) { foreach ($out['out'] as $o) { echo $o."n"; } } } } ?>

    11.5.

    rsyslog.png doc:connectors:rsyslog:help

    11.5.1. Description

    If you install this connector you will be able to see syslog messages for the system and are able to configure the client.

    11.5.2. Installation

    Simple install the connector via settings->connectors. This connector requires the rsyslog module.

    11.5.3. Statistic

    rsyslog-connector-statistic.png
    Here you see a statistical view about all assigned tables for the client. From here you can jump to the table or directly to the filtered messages behind the lines. You can set the timespan at the top.

    11.5.4. Configuration

    rsyslog-connector-configuration.png
    Here you can configure the client filter and the client to server/db assignement.
  • 1 Add the client configuration to a server and assign it to a table
  • 2 Write the client configuration to the specified file, currently only rsyslog config is supported, the file will be overwritten on the client
  • 3 See the filename and the config which will be created on the client
  • 4 See and delete the assignemnt to a server, from here there is a link to write the server config which is needed if you assign a client to a server
  • 5 The main Client configuration, set the filters you need the init script and the filename which will be written on the client. The filer IP and filer hostname will be ignored for the client config and is only set on the server

  • 11.5.5. Commands

    rsyslog-connector-commands.png
    Here you can run the following commands on the client: start, stop, reload and restart. If you access this page the command status will be passed to the init script.

    11.6.

    dhcp_ldap.png doc:connectors:dhcp_ldap:help

    11.6.1. Description

    Manage IP addresses for each macaddress from the system.

    11.6.2. Installation

    Simple install the connector via settings->connectors. You will need also the dhcp_ldap module installed.

    11.6.3. Configuration

    Please check the settings of the dhcp_ldap module.

    11.6.4. Usage

    You can add an IP address for each macaddress - if you need also with specified options:
    dhcp_ldap_connector.png

    11.7. Inventory

    fusioninventory.png Inventory

    11.7.1. Description

    View your inventory for this system.

    11.7.2. Installation

    Simple install the connector via settings->connectors. You will need also the fusioninventory module installed.

    11.7.3. Configuration

    Please check the settings of the fusioninventory module.

    11.7.4. Usage

    If the hostname is found you can assign one or more fusioninventory hardware-id[s] to this host. You have a link to each section on the top of this connector:
    fusioninventory_connector.png
    In the sections you see the keys and values:
    fusioninventory_connector_view.png

    11.8.

    cron.png doc:connectors:cron:help

    11.8.1. Description

    If you install this connector you will be able to add cron scripts to each system.

    11.8.2. Installation

    Simple install the connector via settings->connectors. This connector requires the cron module.

    11.8.3. Configuration

    See the cron module configuration.

    11.8.4. Usage

    11.9.

    systemnetwork.png doc:connectors:systemnetwork:help

    11.9.1. Description

    If you install this connector you will be able to see the arp entries and network infos from the switch.

    11.9.2. Installation

    Simple install the connector via settings->connectors. You also need the cron and the switch module to view all infos.

    11.9.3. Configuration

    You can reach the configuration for cron via the module configuration. The cron module is used to add the entries from the arpwatch database. The switch module will give you the availability to locate this host on the switchport and if configured you will see the room where this host is currently attatched.

    11.9.4. Usage

    After configure should view the last entries from the arp. This view will be generated by searching the systems_arp table for each mac address assigned to this host:
    systemnetwork_arp.png
    This is the view of a network port where one macaddress is found:
    systemnetwork_switch.png

    11.10.

    radius_ldap.png doc:connectors:radius_ldap:help

    11.10.1. Description

    Assign a VLAN to each mac address from each system.

    11.10.2. Installation

    Simple install the connector via settings->connectors. You will need also the radius_ldap module installed.

    11.11.

    bugzilla.png doc:connectors:bugzilla:help

    11.11.1. Description

    Connect your BUGZilla database. This connector will search your bugzilla database for the current computername to display all requests.

    11.11.2. Installation

    Simple install the connector via settings->connectors.

    11.11.3. Configuration

    You can reach the configuration in the main settings module in the connectors section. There is a "Configuration" link behind the conncetor if the connector is installed.
    bugzilla_config.png
  • Database user the user to access the bugzilla database.
  • Database password the password for the database user to access the bugzilla database.
  • Database host the hostname where the bugzilla database is located.
  • Link to bugzilla host link to your bugzilla host. This link will be used to generate links to the tickets.
  • Comma seperated list of fields to search define which fileds should be searched for the computer name.

  • 11.11.4. Usage

    After configure you should see all tickets matching defined searchfileds:
    bugzilla_view.png
    You can click on the Ticket ID or the Subject to go directly to the ticket.

    11.12.

    checklist.png doc:connectors:checklist:help

    11.12.1. Description

    Generate your own checklists. This can be assigned to each system and be processed from different users.

    11.12.2. Installation

    Simple install the connector via settings->connectors.

    11.12.3. Configuration

    You can reach the configuration in the main settings module in the connectors section. There is a "Configuration" link behind the conncetor if the connector is installed.
    Add a new check-list:
    checklist_new.png
  • Name: Chooce a name for the check-list.
  • Comment: Add a comment for the check-list.

  • checklist_edit_content_1.png
  • Edit content to edit and add parts to the check-list.

  • checklist_edit_content_2.png
  • Add new ckeckfield to add a new part to the check-list.

  • You can also edit single parts of the check-list:
    checklist_edit_content_3.png

    11.12.4. Usage

    In the computer view you have to chooce the Checklists connnector:
    checklist_add.png
    You can add more than one checklist to an computer. You only can delete the already assigned check-list if you have the permissions to do that. After adding a check list you can run the checks by clicking the *edit* button behind the assigned check-list.
    checklist_check_1.png
    Add your comments and check the part of the check-list behind the comment field to approve this part of the check-list.
    checklist_check_2.png
    After that you see the user and the time when this part of the check-list was approved:
    checklist_check_3.png

    11.13.

    comments.png doc:connectors:comments:help

    11.13.1. Description

    If you install this connector you will be able to add comments to each system.

    11.13.2. Installation

    Simple install the connector via settings->connectors.

    11.13.3. Configuration

    There is no need for a configuration.

    11.13.4. Usage

    In the computer view you have to chooce the Comments connnector. After that you can add a new comment:
    comments_1.png
    You see all comments and comments of comments in a date ordered view:
    comments_2.png
    You can comment, edit and delete a comment.

    11.14.

    ldaphosts.png doc:connectors:ldaphosts:help

    11.14.1. Description

    This connector will search your LDAP database for the computername and display the results.

    11.14.2. Installation

    Simple install the connector via settings->connectors.

    11.14.3. Configuration

    You can reach the configuration in the main settings module in the connectors section. There is a "Configuration" link behind the conncetor if the connector is installed.
    ldaphosts_config.png
  • User the user DN to connect to the ldapserver, leave empty if anonymouse bind is wanted.
  • Password the password for the user DN.
  • Host the hostname of the ldap server.
  • BaseDN the base DN, the search will be performed in the base of this DN.
  • Port the port of the ldap server.
  • Entry name the attr name for the DN to search, e.g. cn.
  • Search samba host the base DN for search samba host entries.

  • 11.14.4. Usage

    After configure your ldap server will be searched for the hostname.
    Here is an example of an ipHost:
    ldaphosts_entry.png
    Here is an example of an Samba host:
    ldaphosts_entry_samba.png