1. Introduction
Uranos is not only a tool to install operating systems. It is a system/network management software.
1.1. Thanks
Special thanks to all people who helped to develop and test this software.
Thanks also to the pear people. Some functionality is based on the
pear stuff.
1.2. About
The design of uranos is build to have an easy application framework. For each webapplication you have to ask the same questions again and again:
Authentification
Database
Securtity
Search
Calendar
...
Uranos is built to give you an environment which includes this main functionality:
Permission management
Authentification to database, LDAP (also M$ Active Directory), IMAP, Radius
User[+Group]backend: database or LDAP
Different security checks (e.g. Prevent Session Hijacking, check POST,GET and FILE variables,....)
Templating for easy customize the views
Installing the webapplication
...
2. Installation
2.1. Components
2.1.1. External components
External components depends on your set up and your needs. This will give you an overview for what you need which component.
2.1.1.1. Fileserver
You will need a fileserver for different things. The first is for the boot-cd. The boot-cd can handle the following servers:
NFS Use your NFS Server to hold the environment.
SSH You can use a ssh server for mount your environment. This is supported through the sshfs project.
SMB/CIFS This can be a simple share from a Microsoft computer or a Samba share
Local (for local mount the environment, maybe on a usb-stick or a dvd)
See
boot cd options how to configure the kernel for this features.
For the os installation the fileserver depends on the installation method of the os you want to install. For example you can install fedora through:
http
nfs
ftp
For the Microsoft Windows os-installation you can use the supported filesystems from the
boot cd (see above).
For the software installation in Microsoft Windows through the tools postinst.js and wemerge.cmd
you will need a SMB/CIFS share from a Microsoft computer or a Samba share.
2.1.1.2. Webserver
You need a webserver with php support to run the GUI. We preffer to use Linux as platform for running the Apache-Webserver.
But it is also possible to run the GUI in every other webserver with php support.
2.1.1.3. DHCP
A DHCP-Server is optional. A DHCP-Server gives you the possibility to assign an IP address automatically to your clients.
Also it is a precondition to boot your clients via PXE.
We prefer to use the DHCP-Server from Internet Systems Consortium.
The ISC-DHCP-Server has the possibility to hold your configuration in a LDAP tree.
The GUI gives you the availability to manage the DHCP configuration in your LDAP tree.
It is also possible to use this LDAP configuration for other DHCP-Servers because the module is based on the
Ldap-schema-draft for DHCP.
2.1.1.4. DNS
A DNS-Server is optional. A DNS-Server gives you the possibility to assign names to IP addresses.
We prefer to use the ISC BIND DNS-Server from Internet Systems Consortium.
This ISC BIND DNS-Server can get the configuration from a LDAP tree.
The GUI gives you the availability to manage the DNS configuration in your LDAP tree.
2.1.1.5. PXE
The PXE (Preboot Execution Environment) is optional. You can boot your clients over the wired network in a PXE.
For the PXE you will need:
TFTP-Server
DHCP-Server
pxelinux.0 - from the SYSLINUX distribution
With the SYSLINUX distribution you are also able to build graphical menus:
The GUI gives you the availability to manage the global PXE configuration and the configuration for each client.
2.1.1.6. TFTP
A TFTP-Server is optional. You will need the TFTP-Server for your PXE boot.
The server is used to provide the pxelinux file and configuration.
2.1.2. Internel components
The internal components will give you an overview about how you can use the GUI to manage the internal or external components.
2.1.2.1. Authentification
The user authentification is handled by an internal API.
Currently the API supports these storage drivers:
MDB2 Storage container using PEAR MDB2.
IMAP Storage container for use against IMAP servers.
LDAP Storage container for use against LDAP servers. - also Active Directory.
The GUI provides simple setup for these modules:
LDAP Use your LDAP Server or your Microsoft Active Directory Server.
IMAP Use your IMAP Server.
DB - Use every supported MDB2 (mssql, mysql, mysqli, pgsql,...) whith your own username/password table.
2.1.2.2. User/Group back-end
The User/Group back-end is different to your authentification settings. This means you can manage your users in the database (every supported database from the pear package DB) and authentificate them against your IMAP Server, or use the LDAP Server to manage the users but authentificate them against a database.
The idea behind this is that you can use your internal user database. Currently the following back-ends are supported:
LDAP and through this also (but untested) Active Directory
Database in every supported DB (fbsql, ibase, informix, msql, mssql, mysql, mysqli, oci8, odbc, pgsql, sqlite and sybase)
2.1.2.3. LDAP
For the LDAP back-end you have to set up the parameters in the config file
Set this to "1" to enable the LDAP back-end:
//use ldap as user/groups backend
$u_cfg["useldap"] = 1;
//ldap database only need if u use ldap user/groups backend
$u_cfg["ldapdb"]=array(
"phptype" => "ldap",
"username" => "unattended",
"password" => "password",
"port" => "389",
"hostspec" => "localhost",
"database" => "dc=example,dc=de"
);
//ldap backupdatabase for write actions --> only need if u use ldap user/groups backend
$u_cfg["backupldapdb"]=array(
"phptype" => "ldap",
"username" => "unattended",
"password" => "password",
"port" => "389",
"hostspec" => "localhost",
"database" => "dc=example,dc=de"
);
The settings are also used for the module Ldap Manager.
2.1.2.4. DB
The DB back-end is enabled if your are running through the install process from the GUI.
Parameters in the config file:
Set this to "0" to disable the LDAP back-end:
//use ldap as user/groups backend
$u_cfg["useldap"] = 0;
//database
$u_cfg["database"]=array(
"phptype" => "mysql",
"username" => "unattended",
"password" => "",
"hostspec" => "localhost",
"database" => "unattended"
);
2.1.2.5. Modules
The GUI is designed modular. This means that you can run the GUI for different setups, for example as a GUI to syslog-servers.
Through the modular system it is easy for you to write your own modules.
You can use the API from the GUI which provides you with easy functions. For example to add a entry into a table in a database you can use:
db_insert($tablename,$fields,$dbd="");
db_insert('part_computerconfig',array('pid'=>$pid,'hdtype'=>$hdtype,'computername'=>$computername,'mbr'=>$mbr));
the $dbd can be your own database DSN.
There are core modules which you can not install or uninstall. The following core modules will be setup and installed through the installation:
User (core) The user module manages the users in your User/Group back-end.
Groups (core) The group module manages the groups in your User/Group back-end.
Settings (core) The settings module manages blocks, permissions, language, modules, connectors, sessions, update and authentification settings.
2.1.2.6. Connectors
The main idea behind the connectors is that you can bind easy functionality to your computers.
It is a precondition that you install the module computer to use the connectors.
The internal connectors are:
Checklist
Comments
DHCP Ldap
DNS Ldap
Inventory (fusioninventory)
Status
One example how to bind other informations to a computer is:
Request Tracker http://bestpractical.com/
It is also possible to use other inventory-tools or databases to bind them to the GUI.
For example there is a connector for
Open Computers and Software Inventory
which access the data via the SOAP interface of OCS.
2.1.2.7. Boot environment
The boot environment is used for different scenarios.
You will need the boot environment for installing Microsoft Windows (2000/XP/2003/Vista/2008).
But you can use the boot environment for other things like backup, restore, disk wipe out and so on...
2.1.2.7.1. Componets
kernel - linux kernel which is optimized for harddisk and network support
initrd - the root filesystem for the kernel, all programs except the profile scripts
/z - The directory structure which holds the profile environment
The components of the boot environment can be used in different ways:
kenel/initrd can be boot from cd,usb,pxe(network) or other bootable devices
/z can be mount from network (cifs,sshfs,nfs) or from a local device (cd,usb,harddisk,..)
2.1.2.7.2. Boot process
The kernel and initrd is loaded by the used boot manager. If you are using the cd the boot manager is syslinux.
The /init which is located in the initrd is loaded by the kernel. The init is a bash script.
init starts:
Mounting /proc and /sys
Mounting /dev for udev
Start udev
Fire up shells on virtual consoles 2 and 3
Start /etc/master on virtual console 1
-> /etc/master take control:
Sending log output to /dev/tty4
Starting syslog - logging to /dev/tty5
Setting umask
Disable kernelmessages
Load keyboard settings (if defined)
Setting up hardware
Force loading modules
configure network (DCHP or manually)
configure / mount /z (this can be from network (cifs,sshfs,nfs) or from a local device (cd,usb,harddisk,..))
gives controll to z/bin/init.sh
-> z/bin/init.sh:
source the z/etc/init.conf
init.sh control your profiles (defined in z/etc/init.conf or via the kernel command line)
init.sh starts the selected profile -> see next section for profile informations
/etc/init/profile/PROFILENAME/ is started
2.1.2.7.3. Profiles
The main idea behind the profiles is that you can use the same boot environment for different solutions.
Profiles are simple directories which may have one ore more scripts inside. You can specify the profile you want to start via:
kernel command line (profile=PROFILENAME)
the file z/etc/init.conf
The profile directories can contain more than one script. All executable files in this directory will be run in alphabetical order.
2.1.2.7.4. z/etc/init.conf
This is the main configuration file for the boot environment.
2.2. Run the install script
2.2.1. Download
Main Download page:
http://sourceforge.net/projects/uranos/files/
2.2.2. Install and preapare webserver
For installing all needed packages you have to install at least (this is only an example, you are free to use other combinations):
apache
php
pear
mysql
2.2.2.1. Extract files
Extract the files, in this documentation /srv/ will be used.
#create src directory
mkdir /root/src
#change directory
cd /root/src
#get release
wget http://downloads.sourceforge.net/uranos/uranos-1.531.tar.gz
#change directory to /srv (need to create it or chooce your own)
cd /srv
#extract files
tar xzf /root/src/uranos-1.531.tar.gz
#move
mv /srv/uranos-1.531 /srv/uranos
#give all to the apache user (this is for ubuntu, change www-run to your needs):
chown -R www-data:www-data /srv/uranos
2.2.2.2. Install minimum
To install this in debian/ubuntu run the following:
apt-get install apache2 php-pear mysql-server subversion php5-ldap php5-mysql php5-mcrypt php5-gd samba
2.2.2.3. Install optional
apt-get install nmap tftpd-hpa syslog-ng slapd gcc dhcp3-server-ldap genisoimage
2.2.2.4. Configure apache
Enable php:
This is an example virtual host configuration for the
apache webserver.
<VirtualHost install.example.com>
ServerName install.example.com
DocumentRoot /srv/uranos
<Directory "/srv/uranos">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>2.2.2.5. Configure php
You will need php support in your webserver and the folowing pear packages:
Calendar 0.5.3 beta (pear install Calendar-0.5.3)
HTTP_Download (pear install --alldeps HTTP_Download)
HTML_Template_Sigma (pear install --alldeps HTML_Template_Sigma)
Image_Canvas 0.3.1 alpha (pear install image_canvas-0.3.2)
Image_Graph 0.7.1 alpha (pear install --alldeps image_graph-0.7.1)
MDB2 2.5.0b2 beta (pear install mdb2-2.5.0b2)
MDB2_Driver_mysql 1.5.0b2 beta (pear install mdb2_Driver_mysql-1.5.0b2)
MDB2_Driver_mysqli 1.5.0b2 beta (pear install mdb2_Driver_mysqli-1.5.0b2)
Change memory limit in php:
vi /etc/php5/apache2/php.ini #change the value of the variable "memory_limit" to 128M
2.2.2.6. Configure mysql
Create a user and a database for mysql:
CREATE DATABASE unattended;
Remember this user and password because you will need it during the install process.
GRANT ALL PRIVILEGES ON unattended TO 'unattended'@'localhost' IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
Optional you can do this steps also with a tool like
phpmyadmin.
2.2.3. Configure networkshare
The networkshare holds the software, os and the environment for the boot-cd. The root of this share should be point to "uranos/z/".
2.2.3.1. Configure samba
If you have already a networkshare you can skip this and go on.
This is a short smb.conf
[global]
workgroup = WORKGROUP
server string = %h server (Deploy)
wins support = no
dns proxy = yes
name resolve order = lmhosts host wins bcast
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 1
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
guest account = nobody
invalid users = root
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
pam password change = yes
map to guest = bad user
domain logons = no
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[install]
comment = Installation Service
path = /srv/uranos/z
guest ok = yes
read only = no
2.2.4. Run install.php
After setting up and starting apache and mysql you can call install.php. For that open your preffered browser and go to the address:
http://install.example.com/www/install.php
install.example.com is the name you have configured in your virtual host.
If you got the error:
Warning: touch() [function.touch]: Unable to create file include/config.php
because Permission denied in /home/mario/public_html/ua-install/www/install.php on line 12
The config file is not writeable, pleace check the permissions on the file and try again!
Do the following:
touch include/config.php
chown YOURAPACHEUSER:YOURAPACHEGROUP include/config.php
chmod 600 include/config.php
then check the permissions for your webserver (described in 2.2.2.1. Extract files).
2.2.4.1. Install check
If you have installed all needed pear packages you should see someting simular to this.
If not, read section 2.2.2.5. Configure php of this document.
You can follow the link at the bottom to go on to step 1.
On some systems it might be that the PEAR path is different, e.g on SLES11 use PEAR include path /usr/share/php5/PEAR.
2.2.4.2. Step 1 Chooce language
You can chooce the language. English and german are supported at this time.
2.2.4.3. Step 2 Read license
You can read the license. All code wich is shiped with this software is licensed under the
GNU General Public License Version 2 (GNU GPL v2).
2.2.4.4. Step 3 Check config file
If the check runs ok you can go on to the next step.
2.2.4.5. Step 4 Database settings
Here you have to fill in the database settings of the allready created database (section "2.2.2.6. Configure mysql" of this document).
DB hostname: your database hostname, if it runs on the same host like the webserver leave that at localhost
DB user: the username to connect to the database
DB password: the password to connect to the database
DB name: the name of the database, the database have to be created before this step
DB type: The type of the database you want to connect
Tested databases:
MySQL
PostgreSQL
MS SQL
2.2.4.6. Step 5 Created tables
You see if all tables are created, if there are errors go back and check your database settings.
2.2.4.7. Step 6 Register functions
Functions registered. This is a security feature. You can go on.
2.2.4.8. Step 7 Add initial group
Add a initial group. Fields:
Name: The name of the group. This should not conatin whitespace or other special characters.
Comment: A short decription of the group.
2.2.4.9. Step 8 Add initial user
Add a initial user.
Required fields:
Userid: The login-name of the user. This should not conatin whitespace or other special characters.
Username: The name of the user.
Main group: The main group of this user, only the group you have specified in step 7 should be available at this step.
Password: The password for the user.
Additional fields:
Phone: The users phone number.
Room: The users room number.
EMail: The users email.
2.2.4.10. Step 9 Installation end
If the user is created you can go on.
2.2.4.11. Step 10 Create laguages
All language settings are done, follow the white rabbit.
2.2.4.12. Ready
Installation done, you can proceed with login.
10. Modules
10.1. ssh_client
ssh_client
10.1.1. Description
This module manages your ssh hosts and give you the availability to acces the filesystem via ssh and run commands on the hosts.
This is also used by some other modules to run commands on the specified hosts.
10.1.2. Installation
Simple install the module via settings->modules.
10.1.2.1. Configuration
Go to settings->modules->SSH Client->configuration:
SSH Libary: you can use the ssh commands or the phpseclib. The ssh commands are usable in linux and windows systems. The phpseclib is platform independent.
SSH paths: set the paths to the program files of the ssh, scp and ssh-keygen command, this is only needed if you use the setting "ssh commands" above. The webserver must be able to execute this commands.
10.1.2.2. Personal configuration
Go to usersettings->SSH:
Generate key: with this you can create a new private/public key pair.
Public key: this is your public key, you have to place this key into .ssh/authorized_keys of the users home directory on the host you want to connect to.
Secret key: this is your private key.
Shell background: the color of the shell background.
Shell font: the color of the shells font.
Stay connected for seconds: after this number of seconds you will be disconnected.
You can also upload you exsisting RSA private/public key pairs here.
This will spend you the time if you ave allready deployed it to some hosts.
10.1.2.3. First connect to host
Use:
Name: the name of the remote host you want to connect to
IP address: the IP address of the remote host you want to connect to
Username: the Username on the remote host you want to connect to
to connect to a new host.
10.1.2.3.1. Host settings
After that you have to save the hosts public key:
You can manage your ssh hosts in this view.
10.1.3. SSH Shell
First connect with hostname (IP will be taken from the host table) and the username:
After connecting you can send commands to this host.
This is not a comfortable shell like
shellinabox but
it is working for simple administrative tasks like restarting a service.
10.1.4. SSH Browser
First connect with hostname (IP will be taken from the host table) and the username:
In the ssh filebrowser you can:
Upload a file
Create a new Directory
Delete files and directories
Download files
Browse the entire tree
10.2. ldapmgr
ldapmgr
10.2.1. Description
The ldapmgr module is to manage your ldap server.
10.2.2. Installation
Simple install the module via settings->modules.
10.2.2.1. Configuration
10.2.2.1.1. Add new Server
Name: The name for your configuration. This should be a uniq name.
Hostname: The host name can be an IP, a DNS name or a LDAP URI.
Port: The port of the LDAP server.
Userattribute: The useratribute to search for the "Bind as user". The search will be run in each base DN with Userattribute=username. The username is taken from the login session.
Bind user DN: The user DN to bind to the LDAP server.
Bind user password : The password for the user DN to bind to the LDAP server.
Bind as user: If you want to bind as logged in user you have to choose this option. You also have to define the Userattribute.
LDAP referrals: Follow referrals.
Version: The LDAP version.
10.2.2.1.2. Base DNs
Set different Base DNs.
10.2.2.1.3. Templates
Define Templates to use for the specified LDAP server to add new entries.
10.2.2.1.4. Search configuration
Define the attributes for the global search.
10.2.2.2. Personal configuration
You have to install also the module
usersettings ? to use this configuration.
start: Where to start if you access the ldapmgr module.
Base DN: The default base DN for the search. This can be configured for each server.
Search attribute: The default search attribute for the search.
Sort attribute: The default sort attribute for the search.
Search scope: The default scope for the search.
10.2.3. Ldap Manager
10.2.3.1. The menu
10.2.3.2. Tree view
The tree view. From here you can:
Enter the view entry
Enter the edit entry
Copy and move entries (with subentries) also from one server to an other
Delete entries (with subentries)
10.2.3.3. Search
Chooce the server you want to search.
If you have set default variables for the choosen server in the
usersettings ? you can directly start the search.
Base DN: The default base DN for the search.
Search attribute: The search attribute for the search.
Searchterm: The search term. You can use place holders in the search.
Sort attribute: The sort attribute for the search.
Search scope: The scope for the search.
On the right part of this view you will see the matched entries for your search.
10.2.3.4. New entry
First you have to choose a server. Then you can choose a template which you have defined in the configuration for this server.
10.2.3.5. Edit entry
10.2.3.6. View entry
10.2.3.7. Clear cache
The objectclasses and attributes will be cached in the current session.
Accessing this link will clear the cache and force to read the attributes and objectclasses again.
10.3. licences
licences
10.3.1. Description
Controll and manage your liceces with this module.
10.3.2. Installation
Simple install the module via settings->modules.
10.3.2.1. Configuration
You can set if this module should:
Prevent installation of operating systems if assigned liceneces are expired/consumed
Prevent installation of software if assigned liceneces are expired/consumed
10.3.2.2. Licence types
This is for future use only. There are different rules which are currently only for informational use:
per user single licences per user
per client single licences per client
OEM ONE single licence per client
per processor single licences per processor
per core single licences per core
on demand licece single licences per use
network licece floating or concurrent licences
unlimited no limits
10.3.3. Usage
10.3.3.1. Licence groups
Licence groups are for grouping licences. You are able to add and remove licences to a group to extend or reduce the licence pool.
10.3.3.1.1. Add new licencegroup
First you have to add a licence group. Groups are needed for a licence. Every licence have to have a group.
Name The group name
Description A short description of the group
10.3.3.1.2. Show a single licencegroup
You can see the licence group and short description.
From here you can edit this group, add operating systems and software versions to this group.
You can also assign a single licence to a user.
10.3.3.1.3. Assign operating system to licence
Assign operating systems to a licence group:
Match assigned Select this to match this operating system to each assigned host
Match Inventory Select this to macth this operating system and version to each inventory set - search there for name and version or only the name
You have to define searchstrings into the fields name and version. Here some examples:
Search for Microsoft Office 2003 Professional: Use Name: "Microsoft Office Professional Edition 2003" and let the version empty
Search for every Acrobat Reader installation: use name: "%Adobe Reader%" and let the version empty
Use the fusioninventory module to find out the searchstings which best fit your needs.
10.3.3.1.4. Assign software to licence
Assign software to a licence group:
Match assigned Select this to match this software version to each assigned host
Match Inventory Select this to match this software version to each inventory set - search there for name and version or only the name
You have to define searchstrings into the fields name and version. Here some examples:
Search for Windows 2008R2: Use Name: "Microsoft Windows Server 2008 R2 Enterprise" and let the version empty (or use "6.1.7601")
Search for every SUSE Linux Enterprise Server installation: use name: "SUSE Linux Enterprise Server %" and let the version empty
Search for every SUSE Linux Enterprise Server 11 installation: use name: "SUSE Linux Enterprise Server 11%" and let the version empty
Search for every SUSE Linux Enterprise Server 11 SP1 installation: use name: "SUSE Linux Enterprise Server 11%" and use version: "2.6.32.%"
Use the fusioninventory module to find out the searchstings which best fit your needs.
10.3.3.1.5. Assign licence to a user
Assign a licence to a user is a manually entry. There is no automatic counter behind this.
10.3.3.1.6. show details on operating system matches
From here you can jump directly to the entry which matches this operating system.
10.3.3.1.7. show details on software matches
From here you can jump directly to the entry which matches this software.
10.3.3.2. Licences
10.3.3.2.1. Add new licence
A licence should at least have a expire date and the licence count. The licence will be assigned to a group.
The group can be assigned to operating systems and to softwareversions.
Name The name
Description A short description
Producer The producer of this software/licence
Supplier The supplier
Supplydate The date the licence have been supplied
Account info Account informations if you have an account to manage this licence
Account date The date the account was added
Licence info Additional licence informations
Licence count Licence count
Type The type of the licence
Groups The licence group this licence should belong to
Licence expiration When the licence will expire
Comment A comment
Contact info A name who can be asked in context with this licence
Operating system The operating system this licence is for
Product key The product key associated with this licence
10.3.3.2.2. Show licences
List your licences here. You can filer, group and sort the entries.
10.3.3.3. Mediums
Mediums are optional. You can use this to manage all your CDs, DVDs, isos and so on.
10.3.3.3.1. Show mediums
Name The name
Description A short description
Medium type The type of the medium e.g. iso, CD or other
Operating system The operating system this medium is for
Language The language of the software on this medium
Mediumcount The medium count
Location Where the medium is located
Licences Assign licences to this medium
Contact A name who can be asked in context with this medium
Archived Select to mark this medium as archived
List your mediums here. You can filer, group and sort the entries.
10.4. Settings
Settings
10.4.1. Description
This module gives you the availability to modify your userdefined settings. So each user can have its own language, theme and so on.
There are also some module specified settings which can be controlled from here.
It is highly recommended to install this module.
10.4.1.1. Installation
Simple install the module via settings->modules.
10.5. dns_ldap
dns_ldap
10.5.1. Description
The dns_ldap module is to manage your DNS entries in your ldap database.
10.5.2. Installation
Simple install the module via settings->modules.
10.6. locations
locations
10.6.1. Description
The locations module is to manage your locations.
10.6.2. Installation
Simple install the module via settings->modules.
10.7. samhain
samhain
10.7.1. Description
This module manages the main yule database and configuration for samhain. Also it is possible to deploy samhain to each host.
10.7.2. Quick start:
For the functionality of remote installation, database update and commands you need the ssh module installed.
At this time only ssh-key authentification is supported.
10.7.2.1. Configure your Yule Server
This is only an example!
./configure \
--enable-static \
--enable-network=server \
--with-database=mysql \
--enable-xml-log \
--with-sender= \
--with-recipient= \
--enable-udp \
--with-trusted=
You should use --with-trusted= if you want to use this module to send messages through yulectl and
if you want remote installation.
10.7.2.2. Remote installation
!!!THE FOLLOWING STEPS ARE ONLY NEEDED IF YOU WANT TO DO REMOTE UPDATE/INSTALLATION!!!
Be sure you do the following after the "make"-stuff:
create a group for yule
be sure the daemon (or the user which runs yule) and the webserver-user is member of this group
chown daemon:yule /etc/yulerc
chmod 660 /etc/yulerc
chown -R daemon:yule /var/lib/yule/
chmod 770 /var/lib/yule/
chmod 660 /varlib/yule/[f|r]*
Configure your Samhain Packages:
./configure \
--enable-login-watch \
--enable-mounts-check \
--enable-static \
--enable-suidcheck \
--with-config-file=REQ_FROM_SERVER/etc/samhainrc \
--with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file \
--with-logserver= \
--enable-network=client \
--enable-xml-log \
--enable-userfiles
Now you can build several packages with make run|rpm|....
At this time only the linux packages run, rpm and deb (untested) are supported.
Make a directory "install" in your yule data dir e.g:
/var/lib/yule/install/
and take care that the webserver has read access to this directory and the files.
Here you have to place your packages.
10.8. switch
switch
10.8.1. Description
This module manages your switches. You can use it to document your network topologie.
10.8.2. Installation
Simple install the module via settings->modules.
10.9. PXE
PXE
10.9.1. Description
The PXE module is to manage your PXE entries and control which image a computer has to boot.
10.9.2. Installation
Simple install the module via settings->modules.
10.9.3. TFTP Server configuration
DHCP options to get use of the pxe files:
* filename pxelinux.0
* next-server IP.OF.THE.TFTP-SERVER
Use the path /PATH/TO/URANOS/www/modules/pxe/pxeroot as the root of your tftp server.
10.9.3.1. tftpd.remap
The file /PATH/TO/URANOS/www/modules/pxe/pxeroot/tftpd.remap (shipped with uranos) is only needed if you want to start WinPE over PXE.
10.9.3.2. TFTP Server config example
apt-get install tftpd-hpa
Here is an example for ubuntu /etc/default/tftpd-hpa:
-l -s /PATH/TO/URANOS/www/modules/pxe/pxeroot -m /PATH/TO/URANOS/www/modules/pxe/pxeroot/tftpd.remap
10.10. cal
cal
10.10.1. Description
Controll and manage your calendars and events, submitted by the modules, with this module.
10.10.2. Installation
Simple install the module via settings->modules.
10.11. Computer
Computer
10.11.1. Description
The computer module is to manage computer inventory and configuration for software, partitioning and os.
Also its the main entry point for the
connectors.
10.11.2. Installation
Simple install the module via settings->modules.
10.11.2.1. Configuration
Path to ping: The full path to the ping command.
Options for ping before HOST: The options for ping to use before the hostname.
Options for ping after HOST: The options for ping to use after the hostname.
Path to nmap: The full path to nmap. This should be used with root permissions: /usr/bin/sudo /usr/bin/nmap. (e.g. /etc/sudoers: www-data ALL=(ALL) NOPASSWD: /usr/bin/nmap) See the sudo man page for more information how to run a command without a password. This command is used to import hosts.
Path to net (on windows path to psexec.exe): The full path to the net command (from the samba suite). On windows you can use psexec for that. This command is used to shut down a host.
Use psexec.exe: Check this option if you want to use psexec.exe on windows.
10.11.2.2. Personal configuration
You have to install also the module
usersettings to use this configuration.
Show software versions: If you check this option you are able to see the software versions in the software configuration tab for the computer.
Show contents from packages: If you check this option you are able to see the contents of the packages in the software configuration tab for the computer.
Enable ping: If you check this option the host will be checked via ping (see settings above).
Enable ping in overview: If you check this option all hosts in the overview will be checked via ping (see settings above).
Expiration of the ping-validity in seconds: After this count of seconds the validity of the ping will expire and the host will be pinged again.
Configuration CSV: The configuration for the export to csv.
Columns enclosed by: This option defines the enclosure sign for the single columns.
Columns seperated by: This option defines the seperate sign for the columns.
Columns escaped by: This option defines the escape sign for the columns.
Newline: The newline seperator.
First line is descriptor: Check this option if you want to have a descriptor in the first line of the csv export.
10.11.2.3. The menu
start search: You can use this to submit your entered search condition. Your search will be stored in your session and you will have your last search available each time you go back to the computer module.
delete search: This will delete your search from your session.
Systems: Use this to go the computer view.
New systems: Use this to go to the arp entries / automatic fetch network devices view.
New system: Use this link to add a new host.
Searchgroups: Here you can manage your searchgroups.
New searchgroup: Use this link to add a new searchgroup.
Import: Here you can access the different import methods.
10.11.3. Computer view
Filter: In this view you are able to make a short filter of the hosts. Chooce "all" to display all hosts. Or use a-z to display only the hosts which begins with the letter you chooce.
Ping: If you have enabled ping in overview (see Personal configuration) you are able to see if the host is reachable (green) via the ping command.
Name, Virtuell machine on host, Macadress, IP adress, Inventorynumber, Main group, Main user, Room: Inventory Informations.
Options: From here you are able to edit, clone and delete a host. Also you can access the print view from here.
Entries found: / Export: You can see the entries you have found via the filter or the search in the menu. You can export this list by clicking the link "Export". See CSV configuration in the personal configuration.
Search: From the menu you can search. You will get this view only if there are more than one entries found. Else you will be redirected to the single computer view.
10.11.3.1. Arp entries / automatic fetch network devices
To get the arp entries into your databases you have to run arpwatch on one [or more] host[s].
Start arpwatch on each of your networks: arpwatch -N -n 192.168.0.0/24 -n 10.0.0.0/8 (for options see the arpwatch man page)
To automatic add the entries you have the option to install the cron module and activate the arp-to-db cron. See more on the help page of the cron module.
The other option is to add the cron script (www/modules/cron/defaultcrons/arp_to_db.txt) directly to your crontab. Simple copy the file and make it executeable.
In both cases you have to set the following variables:
$arpwatchfile="/var/lib/arpwatch/arp.dat";
$stripdomain_from_dnsname=".example.com";
$INCexternal="/PATH/TO/uranos/www/include/INCexternal.php";
Search: From the top menu you can search.
Filter: In this view you are able to make a short filter of the hosts. Chooce "all" to display all hosts. Or use a-z to display only the hosts which begins with the letter you chooce.
Options: From here you are able to add the host to your inventory.
Name, Macadress, IP adress, Time, Options are the informations which are added into the database from the arp database.
10.11.3.2. Add a new computer
To add a new computer you can use the "New system" link in the menu, the above described method from arp entries,
the later described import methods or the inventory profile from the
boot stuff.
If you use the "New system" link you will get this form:
Name: This is the name of the machine. You should use dns confirm names here.
Virtuell machine on host: The name of the virtual machine which host this machine.
Macadress: The main mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
Macadress 2: 2. mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
Macadress 3: 3. mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
Macadress 4: 4. mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
Macadress WLAN: Wlan mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
Macadress WLAN2: Wlan 2. mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
Macadress BLUETOOTH: Bluetoth mac address. Enter a valid mac address in the form 00:11:22:33:44:55.
IP adress: IP Address
IP adress 2: 2. IP Address
Description: A short description for the machine.
Serialnumber: Serial number.
Servicetag: Service TAG.
Inventorynumber: Inventory number.
Producer: Producer.
Supplier: Supplier.
Supplydate: Supplydate (day.month.year)
Warrenty: Warrenty till (day.month.year)
Group: The main group where the machine belongs to.
Main user: The main user where the machine belongs to.
Room: A room number (helpful with the locations module).
Comment: A comment.
You have to provide at least the macaddress and the name.
10.11.3.2.1. Import
You can import from the following sources. The
clear cache means that the entries which were read from the specified source will be removed from cache and you can run the import again.
On every import you will get an overview and you can decide what to do:
adding new entries
modify entries
delete entries
10.11.3.2.1.1. Import LDAP
Base DN The base DN, the search will be started from there.
Bind DN The full bind DN - if you need a user to bind to the LDAP.
Bind password The password for the bind DN - if you need a user to bind to the LDAP.
Hostname The hostname of the ldap server. This can also be an IP address.
Port The port of the ldap server (normaly 389).
Objectclass The objectclass to search for.
You can define which ldap attribute has to be assigned to which field in the database after saving the above settings. After defining the attributes you can run the
update and go to the next step.
10.11.3.2.1.2. Import CSV
Columns enclosed by The character which enclose each data colmun.
Columns seperated by The character which seperates each data colmun.
First line is descriptor Check this option if the first line of your file is only a description.
Filename The csv file you want to import.
You can define which field from the file has to be assigned to which field in the database after saving the above settings. After defining the filename and the fields you can run the
update and go to the next step.
10.11.3.2.1.3. Import PING
Path to ping The full path to the ping command.
Options for ping before HOST Options for bing before the hostname.
Options for ping after HOST Options for bing after the hostname.
Network The network address.
Networkmask The networkmask in CIDR. E.g. 24 (255.255.255.0) or 28 (255.255.255.128)
After defining the network and networkmask you can run the
update and go to the next step.
10.11.3.2.1.4. Import NMAP
Path to nmap Full path to nmap. You should use sudo (%www ALL=NOPASSWD:/usr/bin/nmap) to run nmap. If you use sudo you should set this to: "/usr/bin/sudo /usr/bin/nmap".
Network The network address.
Networkmask The networkmask in CIDR. E.g. 24 (255.255.255.0) or 28 (255.255.255.128)
After defining the network and networkmask you can run the
update and go to the next step.
10.11.3.2.2. Add from arp entries
You can add entries directly from the arp table.
Use the link from
Options to add the host to the systems database.
10.11.3.3. Single computer view
This is the main view of a computer. Splitted into 3 sections. The main entry point for the connectors on the left side (green) is only displayed
if you chooce
Inventory informations from the main menu on the top (blue). The 3. Section is the content of the specified connector.
If you configure the computer you will not see the connector entry points.
In the red section are the same options you have in the computer view.
Options: From here you are able to edit, clone and delete a host. Also you can access the print view from here.
10.11.3.4. Operating systems
To add a new operating system you have to configure the operating systems in the
unattended module.
After that you can chooce one os from the list:
After you have add an os, you can make special settings to this os which only affects this host. You are able to override the default settings from the
unattended module. You can access this settings by clicking on the
Content button right of the os.
After you have set up the partitioning you can see the produced answer file by clicking the link to
view output.
10.11.3.5. Partitioning
To add a new harddisk layout you have to configure the layouts in the
unattended module.
After that you can chooce one layout from the list:
Harddisk configuration The reference layout you have configured in the unattended module.
Harddisk type The type of the hard disk. For ATA/IDE devices this will be hdX and for SCSI/SATA devices you have to chooce sdX.
Replace mbr If you check this option the mbr will be replaced by your layout.
By clicking on the
Content button you are able to configure the main parts of the layout, e.g. format partition or the mount points.
Type Primary, extended or locical partition.
Number The number of the device.
Boot The boot flag.
Size The Size of the partition.
Filesystem The filesystem of the partition.
Mount point The mount point, this is only needed if you install a linux distribution.
mount point OS The mount pint operating system, this is only needed if you install one or more linux distribution[s].
root OS The root operating system. This is the / (root) for linux or the %SystemDrive% for windows. Chooce here your configured operating system.
format Check this option if you want to format this partition.
10.11.3.6. Software and packages
To set up software to a computer you are able to assign packages, software and software versions in this section.
If you want to see the versions and/or the contents of the packages you may set the options in the computer section of the
usersettings module.
10.11.3.6.1. Packages
To add a package you only have to check the
add option right of the package name.
The package will not assign the software, you will see the installed software only after the software is installed. You will get this result:
10.11.3.6.2. Software
To add a software you only have to check the
add option right of the software name.
You can also add a specified version if you dont want to add the latest stable version.
In each time you specify only the software - the latest stable version of the os language will be installed.
Here is an example how it looks if a software is installed. This software is inherit from the userinstallation, see more in the documentation of the
software module.
You can also chooce that the installed version will not be affected by the updates:
10.11.3.7. PXE
If you have assigned the operating system to a PXE menuentry the pxe entry will be set automaticly for each defined mac address from this host. See more in the
documentation of the
pxe module.
10.11.3.8. Reset
You can easy reset the hosts configuration, for example you want to reinstall it (e.g. after a hard disk crash) or if you want to replay the installation to a clear state.
Packages You can delete all assigned packages from the configuration.
Software Reset means that the install status will be set to install. If you chooce delete all assigned software will be removed from the configuration.
Software versions Reset means that the install status will be set to install. If you chooce delete all assigned software versions will be removed from the configuration. This is recommended because in the next install the latest stable version will be installed.
Partitioning Reset means that all partitions becomes the format flag and the replace mbr will be set to true again. Delete will remove each assigned partition layout from the configuration.
Operating system Reset the status of each installed operating system. Delete will remove each assigned operating system from the configuration.
10.11.3.9. Power on/off WOL
You can send a WOL package to your broadcast address to the selected mac address:
Macaddress The mac address you want to set the WOL package.
Broadcast address The broadcast address of your network.
You can also sht down the host over the network. You have to set up the correct paths to the net (from the samba suite) command or on windows hosts to the psexec.exe. See more in the main computer configuration above.
Timeout A timeout after this count of seconds the host will be shut down.
Comment A comment which is displayed to a looged in user.
Username The username which is allowed to shut down this host.
Password The password of the username which is allowed to shut down this host.
Reboot Check this option if you want a reboot insted of a shutdown.
10.11.3.10. Clone a computer
To clone a computer means that you make an exact copy of the configuration and the inventory informations from a computer.
If you clone a computer you will have the same operating system, partitioning and software configuration on the new host,
so you only need to update the inventory informations and then you can start the installation.
10.11.4. Searchgroups
The power of the searchgroups is that you are able to automate the operating system and software installations to a specified set of hosts.
You can assign a reference system which is preconfigured.
10.11.4.1. Add a new searchgroup
To add a new searchgroup you have to click the link
new searchgroup from the main menu.
Searchgroup The name of the searchgroup. Only use charachters from a-Z and _ because a view will be generated with this name.
Reference system Chooce a preconfigured reference system. This configuration will be assigned to each host of this searchgroup after the host will fetch the configuration.
10.11.4.2. Add a new definition to a searchgroup
To add a new definition use the
add new definition under
options.
You can build up your definition as you want. Use % as a search term from mysql. For example:
%apple% will find: pineapple, Applejuice and also pineapplejuise
apple% will find: all terms beginning with apple, e.g. Applejuice but also only apple
%apple will find: all terms ending with apple, e.g. pineapple but also only apple
If you use place holders you have to define
LIKE. Each term you can connect to the next term via
and or
or.
You can also define more than one definition to a search group. The different definitions can be combined with
and or
or.
10.11.4.3. Overview of a searchgroup
If you take a look into a searchgroup you will see all affected hosts on the left side. If the host has no configuration you will see a green
ok.
If there is a red
attention on a column, this host has allready a configuration. You can click the red
attention to see the configuration.
On the right side you see the configuration of the reference system.
10.12. Software
Software
10.12.1. Description
The software module is to manage software descriptions/installations.
10.12.2. Installation
Simple install the module via settings->modules.
10.12.2.1. Configuration
Temporary directory for creating the iso files. This directory will be used to generate the iso files.
Package directory (your z-mount directory). This directory is the base for your packages. Normaly this should point to ....z/packages.
Directory to store the iso files. This directory will be used to store the produced iso files.
10.12.2.2. User configuration
You need to have the usersettings module installed to see this options.
Direct copy versions. If you set this the software versions will be copied directly without the string replace question.
Default repository. This is the default repository which is choosen to add new software.
Default filter. Here you can set the ID, Repository and Software for your default filter. If you access the softwarelist this is the default filter.
10.12.3. Repositories
Repositories are to manage logical and global definitions of software. Here you can set:
Repository: This is the name of the repository, this should be uniq to avoid problems with external repositories.
Repository location: The location of the repository is only needed when you want to synchronize this from an external repository. The name of the repository have to be the same like the external repository.
Location of repository distfiles: This is for future use. This will be needed if you want to do http/ftp installations.
Location of local repository distfiles: This is for future use. This will be needed if you want to do http/ftp installations and synchronize the files to your local storage.
Type: External means that this is an external repository (you can synchronize software from the defined "Repository location"). Internal is only for internal use, this repository will not be able to get synchornized from other locations. Export is for marking a repository as exportable. You will be able to provide this repository for other users to synchonize if you set this to export.
Example to sychronize the repository "win-non-oss" from uranos.sourceforge.net:
10.12.4. Software
Software is the main name for the software you want to add. Here you can only define metadata:
Software: The name of the software.
URL: The link to the software provider.
Priority: Priority defines the order to install this software. Higher values will be installed later.
Comment: Here you can add additionally informations.
Repository: Define in which repository the software should be listed.
Example for the acrobat reader:
10.12.4.1. Software versions
Software versions define the different versions of a software. Here you can specify all the needed informations for install, check, download, uninstall and so on.
10.12.5. Packages
A package is to group software for a special language.
10.12.6. User
Here you can assign software to a user.
10.12.7. Groups
Here you can assign software to a group.
10.12.8. Winupdates
Here you can upload a scan from z/bin/scanwinupdates.js. This script will check if there are new updates are available and output them.
You can redirect the output to a file:
cscript /nologo z:binscanwinupdates.js > z:updatesupdatescan-%COMPUTERNAME%.xml
After that you can upload the file in this GUI.
Set the vars which will affect the newly generated software and versions.
10.13. syslog_ng
syslog_ng
10.13.1. Description
This module manages your syslog-ng servers, including configuration and databases.
10.13.1.1. Syslog-ng Documentation
Syslog-ng admin guide
10.13.2. Installation
Simple install the module via settings->modules.
You will also need at least one database and one syslog-ng server (all can run on the same host).
10.13.2.1. Configuration
Go to settings->modules->Syslog-ng->configuration:
color: you can set the color for each priority.
live search: Time in miliseconds after the live search will be send after a key is pressed.
10.13.2.2. Personal configuration
Go to usersettings->Syslog-ng:
Activate live search: activate this if you want to use the live filter.
Show entries: how much entries should be displayed per page.
10.13.3. Layout
This module is designed to manage different databases on differnt hosts and provide a
search over all tables on each database. It is also possible to manage and configure more than
one syslog-ng server.
In the basic setup you can run the database, the syslog server and also uranos on the same host.
But you can also run it on different hosts. Some examples following.
A simple layout with 1 syslog server and 1 database:
A simple layout with 1 syslog server and 2 databases:
A simple layout with 2 syslog server and 2 databases:
10.13.4. Syslog configuration
10.13.4.1. Add a new server
First you have to add a new server:
You have to configure this server, with the same name and IP setting in the
SSH client module
because the configuration is transfered via ssh to the server. Also the reload (or restart, stop and start) commands
are sended via ssh.
10.13.4.2. Add a new database
You need at least one database to add tables as destination for syslog messages:
10.13.4.3. Add a new table (destination)
Add a table to a database to hav a new destination for syslog messages.
After creating a table you have a new destionation configured to use:
10.13.4.4. Create new config
Please reffer to the syslog-ng documentation to get more information about the configuration.
10.13.4.4.1. Add new source
Chooce a name and
Source:
After create a new source you can edit it.
Example for external source:
udp(); tcp(max-connections(100));
internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: "));10.13.4.4.2. Add new filter
After create a new filter you can edit it.
10.13.4.4.3. Add new destination
After create a new destination you can edit it.
10.13.4.4.4. Combine config for a server
The global options have to be defined per server:
Chooce a name to add a new log entry:
10.13.4.4.4.1. Add destination to log
A destination is required for a log entry:
10.13.4.4.4.2. Add source to log
A source is required for a log entry:
10.13.4.4.4.3. Add filter to log
A filter is not required but should also be added to a log entry:
10.13.4.5. View and write config
View the config for this server:
Write config:
Restart syslog: chooce this option if you want to send a reload to the syslog-ng after writing the config.
10.13.4.6. Server commands
You can send the following commands to the server:
Reload
Stop
Start
Restart
10.13.4.7. Logs
The logs are stored in tables. You can view and search each table.
10.13.4.7.1. View the logs
Show table: chooce the table to view.
Sorting: sort the entries by clicking on the fieldname.
Pagelinks: go to special page.
Entries found: count entries matching the current filter.
Group entries: group the entries to dont show the same massage more than one time.
10.13.4.7.2. Filter the logs
Positive Filter: match the [sub]string.
Negative Filter: starting with "!" will show all entries which do not match the [sub]string.
10.13.4.7.3. Global search around all tables and all databases
10.13.4.8. Statistic
10.13.4.9. Statistic Graph
10.13.5. Rotate the tables:
When you have more than one table it will be better to use an own database for the old logs and rotate them every ...
create a database (eg. syslog_old)
crate a user which has access to write to he database:
GRANT ALL PRIVILEGES ON syslog_old.* TO USERNAME@'localhost' IDENTIFIED BY 'PASSWORD';
If you want to rotate the tables you can use this script (example):
#!/bin/bash
# ATTANTION THIS SCRIPT WILL ROTATE ALL TABLES IN THE GIVEN DB
SQLHOST=localhost
SQLUSER=USERNAME
SQLPASS=PASSWORD
SQLDB=syslog
SQLOLDDB=syslog_old
TIMESTAMP=`date +%Y-%m-%d-%H%M`
TEMPNAME=_tmp_table
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "SHOW TABLES;" > /tmp/.tablelist
if [ "$?" -eq "0" ]
then
for TABLE in `cat /tmp/.tablelist`
do
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DESCRIBE $TABLE;" > /dev/null 2>&1
if [ "$?" -eq "0" ]
then
#if describe runs fine the table exists
# first we create the new table
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "CREATE TABLE
`$SQLDB`.`$TABLE$TEMPNAME`(`host` varchar(32) default NULL,`source_ip`
varchar(32) default NULL, `facility` varchar(10) default NULL,`priority`
varchar(10) default NULL,`tag` varchar(10) default NULL,`unixtime`
varchar(20) default NULL, `program` varchar(15) default NULL,
`msg` text,`seq` bigint(20) unsigned NOT NULL auto_increment,
PRIMARY KEY (`seq`),KEY `host` (`host`), KEY `program`
(`program`),KEY `priority` (`priority`),KEY `facility` (`facility`));"
if [ "$?" -eq 0 ]
then
# now we have the new table and can start renaming
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB
-e "ALTER TABLE `$TABLE` RENAME `$TABLE$TEMPNAME$TIMESTAMP`;
ALTER TABLE `$TABLE$TEMPNAME` RENAME `$TABLE`;"
if [ "$?" -eq 0 ]
then
#all renaming runs fine now we can safely work with the data
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLOLDDB
-e "CREATE TABLE `$SQLOLDDB`.`$TABLE$TIMESTAMP`(
`host` varchar(32) default NULL,
`source_ip` varchar(32) default NULL,
`facility` varchar(10) default NULL,
`priority` varchar(10) default NULL,
`tag` varchar(10) default NULL,
`unixtime` varchar(20) default NULL,
`program` varchar(15) default NULL,
`msg` text,
`seq` bigint(20) unsigned NOT NULL auto_increment,
PRIMARY KEY (`seq`),KEY `host` (`host`),
KEY `program` (`program`),
KEY `priority` (`priority`),
KEY `facility` (`facility`));"
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLOLDDB
-e "INSERT INTO `$SQLOLDDB`.`$TABLE$TIMESTAMP`
SELECT * FROM `$SQLDB`.`$TABLE$TEMPNAME$TIMESTAMP`;"
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB
-e "DROP TABLE `$TABLE$TEMPNAME$TIMESTAMP`;"
else
echo "error renaming tables from $TABLE"
exit 3
fi
else
echo "error creating $TABLE$TEMPNAME"
exit 2
fi
fi
done
else
echo "error in db connection"
exit 1
fi
10.13.6. Clear old syslog entries
If you want to delete old entries (e.g. older than 1 week) you can use this script (example):
#!/bin/bash
# ATTANTION THIS SCRIPT WILL CLEAR ALL TABLES IN THE GIVEN DB
SQLHOST=localhost
SQLUSER=USERNAME
SQLPASS=PASSWORD
SQLDB=syslog
TIMESTAMP=`date +%s`
DELETESPAN=604800
DELETETIMESTSAMP=$((TIMESTAMP-DELETESPAN))
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "SHOW TABLES;" > /tmp/.tablelist
if [ "$?" -eq "0" ]
then
for TABLE in `cat /tmp/.tablelist`
do
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DESCRIBE $TABLE;" > /dev/null 2>&1
if [ "$?" -eq "0" ]
then
#if describe runs fine the table exists
# first we create the new table
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "DELETE FROM
`${SQLDB}`.`${TABLE}` WHERE unixtime<${DELETETIMESTSAMP};"
if [ "$?" -eq 0 ]
then
echo "${SQLDB} ${TABLE} cleared"
mysql -h $SQLHOST -u $SQLUSER --password=$SQLPASS $SQLDB -e "OPTIMIZE TABLE `${SQLDB}`.`${TABLE}`;"
else
echo "${SQLDB} ${TABLE} failed"
fi
fi
done
else
echo "error in db connection"
exit 1
fi
10.14. dhcp_ldap
dhcp_ldap
10.14.1. Description
The dhcp_ldap module is to manage your DHCP entries in your ldap database.
10.14.2. Installation
Simple install the module via settings->modules.
10.15. Inventory
Inventory
10.15.1. Description
The fusioninventory module is the server part of the fusioninventory agent.
10.15.2. Installation
Simple install the module via settings->modules.
10.15.3. Usage
If you install the fusioninventory agent you have to specify the following:
Username / Password
Realm
URI
You have to set up a user which should be specified during the installation / configuration part of the agent.
You can set the realm in the configuration page in settings->modules->fusioninventory.
The URI has to be in this form:
http[s]://YOURSERVER/PATH/www/modules/fusioninventory/controller.php
It is recommended to use the https protocol to protect your username/password.
10.15.4. Settings
10.15.4.1. Global module settings
Number of hours between two runs of the agent.
Add host to database if no entry exist
Delete old inventory sets from older clients
Automatic assign inventory to host
Save xml files
Path to save XML files
Realm
Time in miliseconds after the live search will be send
10.15.4.2. User settings
Activate live search
Entries per page
10.16. cron
cron
10.16.1. Description
The cron module is to manage cron scripts in one database.
10.16.2. Installation
Simple install the module via settings->modules. After that you have a set of default crons in the database.
10.16.3. Install on clients
10.16.3.1. Run the container Script via scheduled task on Windows systems
Simple add the curl files and the container.cmd into the %WINDIR% directory and add a scheduled task (in this case it runs every 5 minutes):
schtasks /create /sc minute /mo 5 /ru "System" /tn "container-script uranos" /tr "%WINDIR%container.cmd"
10.17. Search
Search
10.17.1. Description
The search module is the main entry point for each module and connector search.
With the help of this module you are able to search each module and connector which provides a search interface.
10.17.2. Installation
Simple install the module via settings->modules.
10.18. Wiki
Wiki
10.18.1. Description
The quwiki module is to manage the documentation of this software and your own documentation in an easy to use format.
10.18.2. Installation
Simple install the module via settings->modules.
Use the "Generate documentation" to regenerate the documentation of this software.
10.19. radius_ldap
radius_ldap
10.19.1. Description
With this module you can manage different VLANs for mac-based-vlan from LDAP.
10.19.2. Setup freeradius
10.19.2.1. radiusd.conf
authorize {
attr_filter
#auth_log
#set AUTH Type
#rewrite to normal mac address with no delimiter to compare with username
rewrite_calling_station_id_no
if(User-Name =~ /^%{Calling-Station-ID}$/i){
#rewrite to normal : mac address
rewrite_calling_station_id_normal
update control {
Auth-Type = 'LDAPMAC'
}
update request {
User-Name := "%{Calling-Station-ID}"
}
ldap-macaddress {
notfound = reject
}
}
}
authenticate {
Auth-Type LDAPMAC {
#return ok no bind as user is required
ok
}
}
#this section is to post the logs into a file which will be parsed to the database
post-auth {
#sqlok
Post-Auth-Type REJECT {
attr_filter.access_reject
#sqlfailed
}
}10.19.2.2. Functions to rewrite mac-address
Include the file via $INCLUDE rewritemac.conf in your radiusd.conf:
#
# Rewrite called station id attribute into a standard format.
#
policy {
rewrite_calling_station_id_no {
if(request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){
update request {
Calling-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
}
}
else {
noop
}
}
rewrite_calling_station_id_normal {
if(request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i){
update request {
Calling-Station-Id := "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
}
}
else {
noop
}
}
}10.19.2.3. ldap configuration
contents of file: modules/ldap
ldap ldap-macaddress {
server = "ldap.example.com"
#ldap_debug = 0x0028
identity = "cn=radius,ou=DSN,dc=example,dc=com"
password = verysecret
basedn = "o=radius,dc=example,dc=com"
base_filter = "(objectclass=radiusObjectProfile)"
filter = "(radiuscallingstationid=%u)"
access_attr_used_for_allow = yes
access_attr = "radiusTunnelPrivateGroupId"
port = 636
set_auth_type = no
tls_require_cert = "never"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 5
timelimit = 3
net_timeout = 2
}10.19.2.4. log configuration
The modules/sql_log should contain 2 sections, one for failed and one for ok:
sql_log sqlfailed {
path = "${radacctdir}/sql-relay"
postlog_table = radiuslog
utf8 = yes
Post-Auth = "INSERT INTO ${postlog_table}
(callingstationid,nasipaddress,logtime,nasipport,username,failed)
VALUES ('%{Calling-Station-Id}','%{NAS-IP-Address}','%S','%{NAS-Port}',
'%{User-Name}',1) ON DUPLICATE KEY UPDATE nasipaddress=VALUES(nasipaddress),
nasipport=VALUES(nasipport), logtime=VALUES(logtime), failed=VALUES(failed);"
}
sql_log sqlok {
path = "${radacctdir}/sql-relay"
postlog_table = radiuslog
utf8 = yes
Post-Auth = "INSERT INTO ${postlog_table}
(callingstationid,nasipaddress,logtime,nasipport,username,failed)
VALUES ('%{Calling-Station-Id}','%{NAS-IP-Address}','%S','%{NAS-Port}',
'%{User-Name}',0) ON DUPLICATE KEY UPDATE nasipaddress=VALUES(nasipaddress),
nasipport=VALUES(nasipport), logtime=VALUES(logtime), failed=VALUES(failed);"
}
After that you could add the log entries to the post-auth section of radiusd.conf:
post-auth {
sqlok
Post-Auth-Type REJECT {
attr_filter.access_reject
sqlfailed
}
}10.19.3. Deploy logs to database
After you have installed the module you have a table called radiuslog
Here is the script which deploy the log to the database:
#!/bin/bash
#Main settings
LOGFILE=/var/log/freeradius/radacct/sql-relay
DB_TABLE=radiuslog
DB=uranos
DB_USER=uranos-dbuser
DB_PASS=verysecret
DB_FILE=/tmp/radiussql.$$
DB_HOST=mysql.example.com
#copy logfile
cp $LOGFILE $DB_FILE
#empty log
cat /dev/null > $LOGFILE
mysql -u $DB_USER -h $DB_HOST --password=$DB_PASS $DB < $DB_FILE
#at last remove logfile
rm $DB_FILE
You can run this script via a cron job.
Altenativ you can run the radsqlrelay perl script which is deployed with freeradius.
radsqlrelay -d mysql -b uranos -h mysql.example.com -u uranos-dbuser -p verysecret /var/log/freeradius/radacct/sql-relay
10.20. Installation
Installation
10.20.1. Description
The unattended module is to manage harddisks and os installations through templates.
10.20.2. Installation
Simple install the module via settings->modules.
10.20.2.1. Get harddisk and os templates
You can import the os templates and harddisk templates from a local file, or from the sourceforge.net side.
Local import:
Remote import:
10.20.2.2. Prepare Operating system
After importing the templates you can configure the operating systems you want:
10.20.2.2.1. Create os
Name: The name of the operating system.
OS temapltes: The template you want to use (e.g for windows XP chooce "Windows - XP")
Comment: An optional comment to identify the configured tempalte.
10.20.2.2.2. Configure os
After you have create an os you can configure it and make your settings.
The settings you made here will override the default settings from the template.
Press
Content to get to the settings of this os.
On the left side you can go to each
section.
On the right side you can set the values of the differnt
keys.
If you chooce
Dont use this key via the checkbox right of the key value this key will not be used.
If all keys from one section will be disabled the section will not appear in later settings.
You can use the following placeholders which will be replaced by the specified key from the inventory information of a system:
###MAC### first macaddress
###MAC2### second macaddress
###MAC3### third macaddress
###MAC4### fourth macaddress
###WLAN### first wlan macaddress
###WLAN2### second wlan macaddress
###BLUETOOTH### bluetooth macaddress
###IP### first IP address
###IP2### second IP address
###COMPUTERNAME### the computer name
###MAIN_USER### the uid from the main user
###SUPPLIER### the supplier
###SUPPLYDATE### the supplydate
###SERIAL### the serial number
###PRODUCER### the producer
###DESCRIPTION### the desription
###SERVICETAG### the servicetag
###INVENTORY### the inventory number
###WARRENTY### the warrentydate
###ROOM### the room number
###COMMENT### the comment
10.20.2.3. info.txt
In each folder in z/os/ you should hold an info.txt:
PRODUCT: The name of the product (e.g. Windows7|Vista|XP|...)
SERVICEPACK: The servcie pack (e.g. 2)
PRODUCTLANG: The main language of the product (e.g. en-EN)
ARCH: The architekture (x86 or x86_64)
ISO: If you want to use an iso file (only valid for FILETYPE=0 and FILETYPE=wim) set the filename here.
You have to create an iso directory in the same directory where the iso file is located, e.g. /z/os/winxp/iso.
You also have to set the FILE to the correct filename - e.g. iso/sources/install.wim.
ISOTYPE: udf|iso9660 the filesystem on the ISO file, normaly udf for DVDs and iso9660 for CDs
FILE: The complete path to the file, or if FILETYPE=0 you can leave this empty or if FILELOC=0
only the filename (e.g. xp.tar.bz2 or vista.dd.bz2 or http://example.com/file.bz2)
FILELOC: Filelocation can be 0 for this directory or 1 for http/ftp 2 for multicast
FILESIZE: The original size of the Disk/Partition, this is only (optional) needed for images,
clones and partimages. A suffix of "k", "m", "g", or "t" can be added to denote kilobytes (*1024),
megabytes, and so on.
FILETYPE: Filetype can be:
0 = standard installation files
tar.gz = tar.gz compressed install files
tar.bz2 = tar.bz2 compressed install files
tar.7z = tar install files compressed with 7z
7z = install files packed and compressed with 7z
wim = default windows image format
image = uncompressed dd image
image.gz = gzipped dd image
image.bz2 = bziped dd image
image.7z = dd image compressed with 7z
partimage = partition dd image
partimage.gz = gzipped partition dd image
partimage.bz2 = bziped partition dd image
partimage.7z = partition dd image compressed with 7z
clone.TYPE = filesystem-clone
clone.TYPE.gz = gzipped filesystem-clone
clone.TYPE.bz2 = bziped filesystem-clone
clone.TYPE.7z = filesystem-clone compressed with 7z
DRIVERDIR: The directory which holds the dirvers for the os. This directory will be copied
to the root of the operating system. This only affect to Windows operating systems.
DRIVERDIR_SCANDRIVERS: Scan DRIVERDIR for *.inf files which contain the following:
-> if DRIVERDIR_SCANDRIVERS: VENDORID -> copy only directories which contains *.inf files
that matches the vendorid
-> if DRIVERDIR_SCANDRIVERS: DEVICEID -> copy only directories which contains *.inf files
that matches the vendorid and the deviceid
For Windows XP the OEM_PNP_DRIVERPATH will be set automatically via the script.
In Windows Vista, 7 and 2008 you have to set the DRIVERPATH to %SystemDrive%drv_s
DRIVERDIR_SCANDRIVERS_COPY_SUBDIRS: If this option is set also the Subdirectories from a matched DRIVERDIR
is copied. This can be helpful if the inf files are not in the same directory like the driver files.
DRIVERPACKSDIR: (normaly /z/drivers/driverpacks/) The directory which holds the compressed
(currently only 7z is implemented) dirvers for the os.
This files will be extract to the root of the operating system to the directory D/.
This only affect to Windows operating systems.
You can place your own files there with the following limitations:
Directory: /z/drivers/driverpacks/xp is for os W2000,W2003 and XP
/z/drivers/driverpacks/vista ist for Vista, 2008 and 7 (each ARCH)
ARCH: The files in the directory must conatin the ARCH e.g. DP_Chipset_wnt6-x64_10071.7z
(here the x64 will match)
For Windows XP the OEM_PNP_DRIVERPATH will be set automatically via the script and are extracted
to %SystemDrive%D.
In Windows Vista, 7 and 2008 you have to set the DRIVERPATH to %SystemDrive%Driverpacks see:
http://technet.microsoft.com/en-us/library/cc766485%28WS.10%29.aspx.
DRIVER_PATH_TO_LONG_QUESTION: Specify the answer to the question when the path of the OEM_PNP_DRIVER_PATH
is to long when installing W2K, XP or 2003
UDPRECEIVEROPTS: The options passed to udp-reciever, you can specify:
log file
Logs some stuff into file.
nokbd
Do not read start signal from keyboard, and do not display any
message telling the user to press any key to start.
start-timeout sec
receiver aborts at start if it doesn't see a sender within this
many seconds. Furthermore, the sender needs to start transmission
of data within this delay. Once transmission is started, the timeout
no longer applies.
portbase portbase
Default ports to use for udpcast. Two ports are used: portbase and
portbase+1 . Thus, Portbase must be even. Default is 9000. The same
portbase must be specified for both udp-sender and udp-receiver.
ttl ttl
Time to live for connection request packet (by default connection
request is broadcast to the LAN's broadcast address. If ttl is set,
the connection request is multicast instead to 224.0.0.1 with the given
ttl, which should enable udpcast to work between LANs. Not tested though.
mcast-rdv-address address
Uses a non-standard multicast address for the control connection
(which is used by the sender and receivers to "find" each other).
This is not the address that is used to transfer the data. By default
mcast-rdv-address is the Ethernet broadcast address if ttl is 1, and
224.0.0.1 otherwise. This setting should not be used except in very
special situations, such as when 224.0.0.1 cannot be used for policy reasons.
exit-wait milliseconds
When transmission is over, receiver will wait for this time after
receiving the final REQACK. This is done in order to guard against
loss of the final ACK. Is 500 milliseconds by default.
nosync
Do not open target in synchronous mode. This is the default when
writing to a file or a pipe.
sync
Write to target in synchronous mode. This is the default when
writing to a device (character or block)
10.20.3. Operating systems
10.20.3.1. Install methods
10.20.3.1.1. Directly
Installing directly from source you only have to copy the install files to z/os.
You should have there always an info.txt in the directory. For example here is one for windows XP:
PRODUCT: XP
SERVICEPACK: 3
PRODUCTLANG: en-EN
ARCH: x86
FILELOC: 0
For all linux distributions you can use your own mirror or an mirror outside. This depends on the distribution.
In most cases you can specify the location of your source in the answer file.
If you have problems to mount the z share case insensitiv you have to rename all the files in i386/ to lowercase.
Here is an example for an folder structure:
z/os/xpdesp3/i386 <- this is the directory which contains the contents of the installation CD
z/os/xpdesp3/info.txt <- the info file
z/os/xpdesp3-packed/xpdesp3.tar.bz2 <- this is the file which contains the contents of the installation CD
z/os/xpdesp3-packed/info.txt <- the info file
z/os/xpensp1x64/amd64 <- this is the directory which contains the contents of the installation CD
z/os/xpensp1x64/i386 <- this is the directory which contains the contents of the installation CD
z/os/xpensp1x64/info.txt <- the info file
It is possible to hold the contents of the cd in a compressed form. The following archives are supported:
tar.gz = tar.gz compressed install files
tar.bz2 = tar.bz2 compressed install files
10.20.3.1.2. Image
Installing/publish an image gives you the possibility to install/restore nearly all operating systems you want. Simple place the image in an extra folder in z/os.
See the section info.txt for setting up the info.txt file.
10.20.3.1.3. Transfermodes
There are different transfer modes for the installationfiles which are specified by "FILELOC".
FILELOC can be 0 for standard installation files, these files will be transfered directly from the mounted volume (normaly cifs).
Example:
FILE: file.tar.bz2
FILELOC: 0
If you want to transfer the files from ftp/http you have to set FILELOC: 1 and give the url in FILE parameter.
Example:
FILE: http://example.com/file.tar.bz2
FILELOC: 1
If you set FILELOC to 2, multicast is used to transfer the file. If you have specified more than one sender, you have to set the correct UDPRECEIVEROPTS.
Example:
FILE: file.tar.bz2
FILELOC: 2
UDPRECEIVEROPTS: --log /var/log/udp-receiver.log --portbase 8500 --nokbd --sync
On the server side the udp-sender have to run. For more informations take a look into the
command line description of udpcast.
10.20.3.2. Windows
You can access the unattended.[txt|xml] file via this http://YOURSERVER/external.php?function=install_os&computer=COMPUTERNAME side with the browser, or:
wget -O unattend.txt http://YOURSERVER/external.php?function=install_os&computer=COMPUTERNAME
to save the informations to a file. The boot-cd contains a script which controls the complete setup for windows include getting this file.
10.20.3.2.1. Windows 2000/XP/2003
For this versions you can use both install methods. Simple copy the content of your installation CD into an folder in z/os:
z/os/xpdesp3/i386 <- this is the directory which contains the contents of the installation CD
z/os/xpdesp3/info.txt <- the info file
You can also pack the i386 [and amd64 for XP-64bit] directory to speed up the installation over slow networks:
z/os/xpdesp3-packed/xpdesp3.tar.bz2 <- this is the file which contains the contents of the installation CD
z/os/xpdesp3-packed/info.txt <- the info file
This can be done by running the command:
tar cjpf xpdesp3.tar.bz2 i386/
10.20.3.2.2. Windows Vista/2008/Windows7
10.20.3.2.2.1. Install method wim file
You can use your prepared install file or the original from the install DVD. Simple place the file into a subdirectory in z/os:
z/os/win7-de-x86/install.wim <- this is the wim file from the DVD
z/os/win7-de-x86/info.txt <- the info file
The info file should contain at least:
PRODUCT: Windows7
SERVICEPACK: 0
PRODUCTLANG: de-DE
ARCH: x86
FILE: install.wim
FILELOC: 0
FILETYPE: wim
The wim_index will indicate what product you want to install from the wim.
You dont need to add drivers to the wim, check out the info.txt how to add drivers during the installation.
If you have an audit section in your answer file (uranos default) the audit mode (with is searching for and install drivers) will run first. Read more here:
http://technet.microsoft.com/en-us/library/hh824920.aspx#bkmk_4
Here are some links to add drivers to the wim (if you want to do so):
http://technet.microsoft.com/en-us/library/cc766141%28WS.10%29.aspx
http://superuser.com/questions/63773/how-to-add-drivers-to-windows-7-installation-dvd
You can also build a new wim file from a pre configured machine. See section 3.2.2.2. for prepartion and run after that (from the boot environment)
imagex capture /dev/hda1 (chooce the right partition where your installation is located) /z/os/MYWINXXX/install.wim IMAGE_NAME DESCRIPTION --compress=maximum
10.20.3.2.2.2. Install method ntfsclone
The installation proccess of this versions is always an image installation. For installing this versions via unattended and the ntfsclone method you have to prepare it in the following way:
Make a clean vista/7/2008 installation (we suggest to use a 15-20GB partition) - install servicepacks and / or updates if you want.
Activate the administrator account.
Log off if you are not in the administartor account.
Log in as administrator.
Delete the files from the user and the user account itself.
Install ServicePacks (optional). (USE c:\Windows\System32\vsp1cln.exe /verbose for cleaning up SP1 installation backup files and c:\Windows\System32\compcln.exe for cleaning up SP2 installation backup files and DISM.exe /online /Cleanup-Image /spsuperseded /hidesp on W2k8 R2 SP1)
Install software (optional). This is not recommended because of to stay up to date with the programs.
Personalize the administrators desktop (optional).
Install your MAK (optional).
Set the IDE controller driver to \"Standard IDE Controller\" - this is normaly done by the /generalize pass, but we need the generalize pass later (see "How it works")
Check if the Start Reg_Word in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msahci is set to 0 http://support.microsoft.com/kb/922976/en-us
At last run the command: %WINDIR%\system32\sysprep\sysprep.exe /audit /shutdown
10.20.3.2.2.2.1. Save a ntfsclone Boot into boot-cd
Save the image to an mounted volume:
ntfsclone -s -o /z/os/vista-x86-SP2/vista-x86-SP2-de.clone.ntfs /dev/hda1
bzip2 /z/os/vista-x86-SP2/vista-x86-SP2-de.clone.ntfs
PRODUCT: Vista
SERVICEPACK: 1
PRODUCTLANG: de-DE
ARCH: x86
FILE: vista-x86-SP2-de.clone.ntfs.bz2
FILELOC: 0
FILETYPE: clone.ntfs.bz2
FILESIZE: 11000m
dd if=/dev/hda1 of=/z/os/vista-x86-SP2/vista-x86-SP2-de.partimage
bzip2 /z/os/vista-x86-SP2/vista-x86-SP2-de.partimage
dd if=/dev/hda1 | bzip2 - > /z/os/vista-x86-SP2/vista-x86-SP2-de.partimage.bz2
PRODUCT: Vista
SERVICEPACK: 1
PRODUCTLANG: de-DE
ARCH: x86
FILE: vista-x86-SP2-de.partimage.bz2
FILELOC: 0
FILETYPE: partimage.bz2
FILESIZE: 15000m
10.20.3.2.2.3. Windows error codes
http://msdn.microsoft.com/en-us/library/ms681381%28v=VS.85%29.aspx
10.20.3.3. Kickstart
Uranos can also produce kickstart files. The following distribution use kickstart and there is a template for each.
To use the answer file you can add this line to the kernel append to boot the installation:
ks=http://YOURSERVER/external.php?function=install_os
10.20.3.3.1. CentOS
Web: http://www.centos.org/
10.20.3.3.2. Fedora
Web: http://fedoraproject.org/
10.20.3.3.3. RHEL
Web: http://www.redhat.com/rhel/
10.20.3.3.4. ScientificLinux
Web: https://www.scientificlinux.org/
10.20.3.3.5. ESX
Web: http://www.vmware.com/
You should add also the ksdevice and ip:
ksdevice=eth0 ip=dhcp ks=http://YOURSERVER/external.php?function=install_os
You could also specify a static ip configuration:
[[code#:mem=512M quiet ksdevice=eth0 ip=10.0.0.10 netmask=255.255.255.0 gateway=10.0.0.1 nameserver=10.10.0.2]]
10.20.3.4. Presseed
Uranos can also produce presseed files. The following distribution use presseeding and there is a template for each.
To use the answer file you can add this line to the kernel append to boot the installation:
auto=true priority=critical console-setup/layoutcode=de locale=de_DE url=http://YOURSERVER/external.php?function=install_os --
10.20.3.4.1. Debian
Web: http://www.debian.org/
10.20.3.4.2. Ubuntu
Web: http://www.ubuntu.com/
To get use of the partition settings you have to disable the following entries in the template:
Auto partitioning
Auto partitioning device
Auto partitioning recipes
Auto partitioning own recipes
If you use a stitic ip configuration you have to add:
in the early script.
10.20.3.5. openSuSE/SLES
Web (SLES): http://www.novell.com/de-de/products/server/
Web (openSuSE): http://opensuse.org/
Uranos can also produce xml files for SLES and OpenSuSE.
To use the answer file you can add this line to the kernel append to boot the installation:
autoyast=http://YOURSERVER/external.php?function=install_os
11. Connectors
11.1.
doc:connectors:ocsinventory_ng:help
11.1.1. Description
This connector will search your OCS database for the computername and display the results.
11.1.2. Installation
Simple install the connector via settings->connectors.
11.1.3. Configuration
You can reach the configuration in the main settings module in the connectors section.
There is a "Configuration" link behind the conncetor if the connector is installed.
Hostname the hostname where ocsinventory server is located.
Username the user to access the ocsinventory server.
Password the password for the user to access the ocsinventory server.
The hostname will be used to generate the links to access the soap interface:
http://HOSTNAME/Apache/Ocsinventory/Interface
http://HOSTNAME/ocsinterface
For more informations check the documentation of OCS:
http://wiki.ocsinventory-ng.org/index.php/Developers:Web_services
http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=98&cntnt01returnid=80
11.1.4. Usage
After configure your os inventory server will be searched for this hostname.
11.2.
doc:connectors:rt:help
11.2.1. Description
Connect your RT
http://bestpractical.com/rt/ database.
This connector will search your RT database for the current computername to display all requests.
11.2.2. Installation
Simple install the connector via settings->connectors.
11.2.3. Configuration
You can reach the configuration in the main settings module in the connectors section.
There is a "Configuration" link behind the conncetor if the connector is installed.
Database user the user to access the rt database.
Database password the password for the database user to access the rt database.
Database host the hostname where the rt database is located.
Link to rt host link to your request tracker host. This link will be used to generate links to the tickets.
11.2.4. Usage
After configure you should see all tickets found in the rt database:
You can click on the
Ticket ID or the
Subject to go directly to the ticket.
11.3.
doc:connectors:dns_ldap:help
11.3.1. Description
Manage DNS entries for the systems.
11.3.2. Installation
Simple install the connector via settings->connectors. You will need also the
dns_ldap module installed.
11.4.
doc:connectors:remotecmd:help
11.4.1. Description
Specify and run remote commands. You can run remote commands on ssh enabled hosts (module
ssh_client needed) and on windows machines.
11.4.2. Installation
Simple install the connector via settings->connectors. You will need also the
ssh_client and
computer module installed.
11.4.3. Configuration
In the main configuration you have to set the path to
psexec.exe on windows systems.
On Linux set the path to
winexe.
Path to winexe (on windows path to psexec.exe): Full path to winexe/psexec
winexe/psexec options: Options for the command psexec: use -s to run it on the system account winexe: --interactive=0 --system to run it on the system account --uninstall to remove the service after execution
11.4.3.1. Configure credentials
Name: Uniq name of the credentials
Username: The remote username to run the command
Password: The password for the remote user - for ssh you have to provide the username which ssh keys should be used
You can view, edit and delete the credentials from this view:
11.4.3.2. Configure commands
Name: Uniq name of the command
Type: Choose if this is a ssh or winexe/psexec command
Default credentilas: Choose the default credentials to use with this command
Command: The contents of the command
Here is an example to use the scanwinupdates.js to scan hosts for updates:
@echo off
IF EXIST z: net use z: /DELETE
net use z: \\ntinstall\install secretpassword /USER:DOMAIN\user
cscript /nologo z:\bin\scanwinupdates.js > z:\updates\scans\%COMPUTERNAME%.xml
net use z: /DELETE
You can view, edit and delete the commands from this view:
11.4.3.3. Logs
You can view and delete the logs from this view.
11.4.4. Usage
11.4.4.1. Run command from the connector
Simple choose the command and press "run". This will execute the selected command with the default credentials for this command.
If you want to use your own credentials choose the entry "Use own credentials" and set your username and your password.
If you want to run an ssh command with your own credentials you have to set the username to the remote users name (e.g. root) - you dont need to specify a password because the ssh command will use your ssh_keys.
11.4.4.2. Run commands via cron / script
Here is an example script which runs commandid 3 with the default credentials on host: host.example.com
#!/usr/bin/php5 -f
<?php
//global settings
$INCexternal="/var/www/install/uranos-svnroot/www/include/INCexternal.php";
//require system
require_once ($INCexternal);
ini_set ('display_errors',true);
ini_set ('display_startup_errors',true);
error_reporting(E_ALL^E_NOTICE);
if (!require_connector_file('remotecmd','connector.php'))
{
exit;
}
$host='host.example.com';
$out=remotecmd_run($host,3);
echo "* command executed on host $host:n";
echo $out['command'];
echo "n";
if ($ret['stat']==0)
{
echo "* command run with exit state 0n";
}
else
{
echo "* command failed with exit state ".$ret['stat']."n";
}
echo "* Output:n";
if (is_array($out['out']))
{
foreach ($out['out'] as $o)
{
echo $o."n";
}
}
?>
Here is an example to run a command on each host in group "example" with username and password:
#!/usr/bin/php5 -f
<?php
//global settings
$INCexternal="/var/www/install/uranos-svnroot/www/include/INCexternal.php";
//require system
require_once ($INCexternal);
//required for the getGROUPCOMPUTERS
$INCuser="/var/www/install/uranos-svnroot/www/include/APIuser.php";
require_once ($INCuser);
ini_set ('display_errors',true);
ini_set ('display_startup_errors',true);
error_reporting(E_ALL^E_NOTICE);
if (!require_connector_file('remotecmd','connector.php'))
{
exit;
}
//Select hosts the groupid is the id of the group
$groupid=2;
$examplehosts=getGROUPCOMPUTERS($groupid);
if (is_array($examplehosts['entries']))
{
foreach ($examplehosts['entries'] as $h)
{
$host=$h['computername'];
$out=remotecmd_run($host,3,"Adminsitrator","seCret");
echo "* command executed on host $host:n";
echo $out['command'];
echo "n";
if ($ret['stat']==0)
{
echo "* command run with exit state 0n";
}
else
{
echo "* command failed with exit state ".$ret['stat']."n";
}
echo "* Output:n";
if (is_array($out['out']))
{
foreach ($out['out'] as $o)
{
echo $o."n";
}
}
}
}
?>11.5.
doc:connectors:dhcp_ldap:help
11.5.1. Description
Manage IP addresses for each macaddress from the system.
11.5.2. Installation
Simple install the connector via settings->connectors. You will need also the dhcp_ldap module installed.
11.5.3. Configuration
Please check the settings of the
dhcp_ldap module.
11.5.4. Usage
You can add an IP address for each macaddress - if you need also with specified options:
11.6. Inventory
Inventory
11.6.1. Description
View your inventory for this system.
11.6.2. Installation
Simple install the connector via settings->connectors. You will need also the fusioninventory module installed.
11.6.3. Configuration
Please check the settings of the
fusioninventory module.
11.6.4. Usage
If the hostname is found you can assign one or more fusioninventory hardware-id[s] to this host.
You have a link to each section on the top of this connector:
In the sections you see the keys and values:
11.7.
doc:connectors:cron:help
11.7.1. Description
If you install this connector you will be able to add cron scripts to each system.
11.7.2. Installation
Simple install the connector via settings->connectors. This connector requires the cron module.
11.7.3. Configuration
See the cron module configuration.
11.7.4. Usage
11.8.
doc:connectors:systemnetwork:help
11.8.1. Description
If you install this connector you will be able to see the arp entries
and network infos from the switch.
11.8.2. Installation
Simple install the connector via settings->connectors.
You also need the
cron and
the
switch module to view all infos.
11.8.3. Configuration
You can reach the configuration for
cron via the module configuration.
The cron module is used to add the entries from the
arpwatch database.
The switch module will give you the availability to locate this host on the switchport and
if configured you will see the room where this host is currently attatched.
11.8.4. Usage
After configure should view the last entries from the arp.
This view will be generated by searching the systems_arp table for each mac address
assigned to this host:
This is the view of a network port where one macaddress is found:
11.9.
doc:connectors:radius_ldap:help
11.9.1. Description
Assign a VLAN to each mac address from each system.
11.9.2. Installation
Simple install the connector via settings->connectors. You will need also the radius_ldap module installed.
11.10.
doc:connectors:bugzilla:help
11.10.1. Description
Connect your BUGZilla database.
This connector will search your bugzilla database for the current computername to display all requests.
11.10.2. Installation
Simple install the connector via settings->connectors.
11.10.3. Configuration
You can reach the configuration in the main settings module in the connectors section.
There is a "Configuration" link behind the conncetor if the connector is installed.
Database user the user to access the bugzilla database.
Database password the password for the database user to access the bugzilla database.
Database host the hostname where the bugzilla database is located.
Link to bugzilla host link to your bugzilla host. This link will be used to generate links to the tickets.
Comma seperated list of fields to search define which fileds should be searched for the computer name.
11.10.4. Usage
After configure you should see all tickets matching defined searchfileds:
You can click on the
Ticket ID or the
Subject to go directly to the ticket.
11.11.
doc:connectors:checklist:help
11.11.1. Description
Generate your own checklists. This can be assigned to each system and be processed from different users.
11.11.2. Installation
Simple install the connector via settings->connectors.
11.11.3. Configuration
You can reach the configuration in the main settings module in the connectors section.
There is a "Configuration" link behind the conncetor if the connector is installed.
Add a new check-list:
Name: Chooce a name for the check-list.
Comment: Add a comment for the check-list.
Edit content to edit and add parts to the check-list.
Add new ckeckfield to add a new part to the check-list.
You can also edit single parts of the check-list:
11.11.4. Usage
In the computer view you have to chooce the
Checklists connnector:
You can add more than one checklist to an computer.
You only can delete the already assigned check-list if you have the permissions to do that.
After adding a check list you can run the checks by clicking the
*edit* button behind the assigned check-list.
Add your comments and check the part of the check-list behind
the comment field to approve this part of the check-list.
After that you see the user and the time when this part of the check-list was approved:
11.12.
doc:connectors:comments:help
11.12.1. Description
If you install this connector you will be able to add comments to each system.
11.12.2. Installation
Simple install the connector via settings->connectors.
11.12.3. Configuration
There is no need for a configuration.
11.12.4. Usage
In the computer view you have to chooce the
Comments connnector.
After that you can add a new comment:
You see all comments and comments of comments in a date ordered view:
You can
comment,
edit and
delete a comment.
11.13.
doc:connectors:ldaphosts:help
11.13.1. Description
This connector will search your LDAP database for the computername and display the results.
11.13.2. Installation
Simple install the connector via settings->connectors.
11.13.3. Configuration
You can reach the configuration in the main settings module in the connectors section.
There is a "Configuration" link behind the conncetor if the connector is installed.
User the user DN to connect to the ldapserver, leave empty if anonymouse bind is wanted.
Password the password for the user DN.
Host the hostname of the ldap server.
BaseDN the base DN, the search will be performed in the base of this DN.
Port the port of the ldap server.
Entry name the attr name for the DN to search, e.g. cn.
Search samba host the base DN for search samba host entries.
11.13.4. Usage
After configure your ldap server will be searched for the hostname.
Here is an example of an ipHost:
Here is an example of an Samba host:
Wiki 