Opsi (Open PC Server Integration) est un outil de gestion de clients Windows basé sur un serveur Linux et sous licence AGPLv3 (hors code des modules cofinancés), version modifiée et orientée serveurs de la licence GPLv3. Son code source est la propriété de la société uib gmgh et son représentant en France/Belgique est la société Opensides.
Ses fonctionnalités principales sont :
- Installation automatisée via PXE de systèmes d’exploitation clients Windows par le biais d’une image
- Distribution automatique des logiciels via une connexion agent/serveur
- Intégration automatique des drivers en se basant sur l’ID de ceux-ci
- Inventaires matériels et logiciels
- Dépôts logiciels multiples et décentralisés
Objectif
L’objectif de cet article est l’installation et la configuration d’un serveur de déploiement Opsi en version 4.0.6, sur une distribution Linux Debian Jessie 8.7 32bits
Schéma logique
Pré-requis
1. Pré-requis avant réalisation
- Un serveur Debian Jessie 8.4 32 bits fonctionnel (installation basique avec utilitaires usuels du système et service SSH) qui hébergera Opsi
- Un serveur DNS/DHCP fonctionnel. A ce sujet, voir les articles suivants :
- Packages de base supplémentaires : sudo, resolvconf, aptitude, members
- Domaine utilisé : opensharing.priv
Rmq : L’infrastructure comprendra ici un serveur DNS/DHCP master et un serveur DNS/DHCP slave mais rien n’oblige ce choix, on pourrait simplement se contenter d’un unique serveur et se passer de la redondance de services.
2. Configuration réseau initiale
| Serveur DNS/DHCP master | Serveur DNS/DHCP slave | Serveur Opsi | |
| FQDN | dns1-test.opensharing.priv | dns2-test.opensharing.priv | opsi-test.opensharing.priv |
| Adresse IP | 192.168.1.11 | 192.168.1.12 | 192.168.1.13 |
| Réseau | 192.168.1.0/24 | 192.168.1.0/24 | 192.168.1.0/24 |
| Passerelle | 192.168.1.1 | 192.168.1.1 | 192.168.1.1 |
| dns-nameservers | 127.0.0.1 | 192.168.1.11 127.0.0.1 | 192.168.1.11 192.168.1.12 |
| dns-search | opensharing.priv | opensharing.priv | opensharing.priv |
Contenu du fichier /etc/network/interfaces :
auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet static address 192.168.1.13 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 dns-search opensharing.priv dns-nameservers 192.168.1.11 192.168.1.12
Contenu du fichier /etc/hosts :
127.0.0.1 localhost.localdomain localhost 192.168.1.13 opsi-test.opensharing.priv opsi-test 192.168.1.13 opsi.opensharing.priv opsi
Contenu du fichier /etc/hostname :
opsi-test
La commande suivante :
# getent hosts $(hostname -f)
doit retourner :
192.168.1.13 opsi-test.opensharing.priv opsi-test
Contenu du fichier /etc/host.conf :
order hosts, bind multi on
Contenu du fichier /etc/resolv.conf :
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 192.168.1.11 nameserver 192.168.1.12 search opensharing.priv
Rmq :
Le fichier /etc/resolv.conf ne doit pas être édité dès lors que le paquet resolvconf a été installé.
Pour prendre en compte les modifications des fichiers de configuration relatifs au réseau, redémarrage du service réseau :
# /etc/init.d/networking restart # /etc/init.d/networking reload
Configuration du serveur DNS/DHCP master
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.views"; include "/etc/bind/named.conf.servers"; include "/etc/bind/named.conf.controls"; include "/etc/bind/named.conf.loggings"; include "/etc/bind/named.conf.keys";
options {
directory "/var/cache/bind";
listen-on { localhost; 192.168.1.11; };
};
view "internal" {
match-clients { localhost; localnets; };
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.zones";
recursion yes;
forwarders { 8.8.8.8; 8.8.4.4; };
forward first;
allow-recursion { localhost; localnets; };
allow-query { localhost; localnets; };
};
view "other" {
match-clients { any; };
recursion no;
allow-query { none; };
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "opensharing.priv" IN {
type master;
file "/var/cache/bind/db.opensharing.priv";
allow-transfer { localhost; key "tsig-key"; };
allow-update { localhost; key "tsig-key"; };
notify yes;
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "/var/cache/bind/db.opensharing.priv.inv";
allow-transfer { localhost; key "tsig-key"; };
allow-update { localhost; key "tsig-key"; };
notify yes;
};
server 192.168.1.12 {
keys { "tsig-key"; };
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel default_file {
file "/var/log/bind/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
channel queries_file {
file "/var/log/bind/queries.log" versions 3 size 5m;
severity dynamic;
print-severity yes;
print-category yes;
print-time yes;
};
category default { default_file; default_syslog; default_debug; };
category queries { queries_file; };
category unmatched { null; };
};
include "/etc/bind/tsig.key"; include "/etc/bind/rndc.key";
key "tsig-key" {
algorithm hmac-md5;
secret "secT6taENmghntVhdmmtaKMPQM/UTeKrDLdDcgaiSvL76GGY5fbSPLLJ5i002tJrXI12WBTY3lvhRlTcRMoUEA==";
};
key "rndc-key" {
algorithm hmac-md5;
secret "gD3oz9/2pE+zSHLTWcWAe2tTkXyrkVsNOfZxMSU3UPtaMVGIn3KJFkxtWP6uoEjRCFZoq9SvG7G+qLIBuwN2ZA==";
};
$ORIGIN opensharing.priv. $TTL 86400 @ IN SOA dns1-test.opensharing.priv. adminsys.opensharing.priv. ( 2017012402 ; serial 21600 ; refresh (6 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns1-test.opensharing.priv. IN NS dns2-test.opensharing.priv. IN A 192.168.1.14 IN MX 10 mail1-test.opensharing.priv. IN MX 20 mail2-test.opensharing.priv. dns1-test IN A 192.168.1.11 dns2-test IN A 192.168.1.12 opsi-test IN A 192.168.1.13 wp-test IN A 192.168.1.14 mail1-test IN A 192.168.1.15 mail2-test IN A 192.168.1.16 xptest IN A 192.168.1.100 dhcp1 IN CNAME dns1-test dns1 IN CNAME dns1-test dns2 IN CNAME dns2-test mail1 IN CNAME mail1-test mail2 IN CNAME mail2-test www IN CNAME wp-test opsi IN CNAME opsi-test
$ORIGIN 1.168.192.in-addr.arpa. $TTL 86400 @ IN SOA dns1-test.opensharing.priv. adminsys.opensharing.priv. ( 2017012402 ; serial 21600 ; refresh (6 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) IN NS dns1-test.opensharing.priv. IN NS dns2-test.opensharing.priv. 11 IN PTR dns1-test.opensharing.priv. 11 IN PTR dns1.opensharing.priv. 11 IN PTR dhcp1.opensharing.priv. 12 IN PTR dns2-test.opensharing.priv. 12 IN PTR dns2.opensharing.priv. 13 IN PTR opsi-test.opensharing.priv. 13 IN PTR opsi.opensharing.priv. 14 IN PTR www.opensharing.priv. 15 IN PTR mail1-test.opensharing.priv. 15 IN PTR mail1.opensharing.priv. 16 IN PTR mail2-test.opensharing.priv. 16 IN PTR mail2.opensharing.priv.
include "/etc/bind/tsig.key";
authoritative;
ddns-update-style standard;
update-static-leases off;
ignore client-updates;
default-lease-time 1800;
max-lease-time 1800;
log-facility local7;
db-time-format local;
failover peer "opensharing-failover" {
primary;
address 192.168.1.11;
port 647;
peer address 192.168.1.12;
peer port 647;
max-response-delay 30;
max-unacked-updates 3;
load balance max seconds 3;
mclt 480;
split 128;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.1.1;
ddns-domainname "opensharing.priv";
ddns-rev-domainname "in-addr.arpa";
option domain-name "opensharing.priv";
option domain-name-servers dns1.opensharing.priv, dns2.opensharing.priv;
set vendor-string = option vendor-class-identifier;
pool {
failover peer "opensharing-failover";
range 192.168.1.100 192.168.1.199;
allow unknown-clients;
}
}
zone opensharing.priv {
primary 192.168.1.11;
key "tsig-key";
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.11;
key "tsig-key";
}
Configuration du serveur DNS slave
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.views"; include "/etc/bind/named.conf.servers"; include "/etc/bind/named.conf.controls"; include "/etc/bind/named.conf.loggings"; include "/etc/bind/named.conf.keys";
options {
directory "/var/cache/bind";
listen-on { localhost; 192.168.1.12; };
};
view "internal" {
match-clients { localhost; localnets; };
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.zones";
recursion yes;
forwarders { 8.8.8.8; 8.8.4.4; };
forward first;
allow-recursion { localhost; localnets; };
allow-query { localhost; localnets; };
};
view "other" {
match-clients { any; };
recursion no;
allow-query { none; };
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "opensharing.priv" IN {
type slave;
masters { 192.168.1.11; };
file "/var/cache/bind/db.opensharing.priv.slv";
allow-transfer { localhost; key "tsig-key"; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.1.11; };
file "/var/cache/bind/db.opensharing.priv.inv.slv";
allow-transfer { localhost; key "tsig-key"; };
};
server 192.168.1.11 {
keys { "tsig-key"; };
};
controls {
inet * port 953 allow { 127.0.0.1; 192.168.1.11; } keys { "rndc-key"; };
};
logging {
channel default_file {
file "/var/log/bind/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
channel queries_file {
file "/var/log/bind/queries.log" versions 3 size 5m;
severity dynamic;
print-severity yes;
print-category yes;
print-time yes;
};
category default { default_file; default_syslog; default_debug; };
category queries { queries_file; };
category unmatched { null; };
};
include "/etc/bind/tsig.key"; include "/etc/bind/rndc.key";
key "tsig-key" {
algorithm hmac-md5;
secret "secT6taENmghntVhdmmtaKMPQM/UTeKrDLdDcgaiSvL76GGY5fbSPLLJ5i002tJrXI12WBTY3lvhRlTcRMoUEA==";
};
key "rndc-key" {
algorithm hmac-md5;
secret "gD3oz9/2pE+zSHLTWcWAe2tTkXyrkVsNOfZxMSU3UPtaMVGIn3KJFkxtWP6uoEjRCFZoq9SvG7G+qLIBuwN2ZA==";
};
opensharing.priv. 86400 IN SOA dns1-test.opensharing.priv. adminsys.opensharing.priv. 2017012402 21600 3600 604800 86400 opensharing.priv. 86400 IN NS dns1-test.opensharing.priv. opensharing.priv. 86400 IN NS dns2-test.opensharing.priv. opensharing.priv. 86400 IN A 192.168.1.14 opensharing.priv. 86400 IN MX 10 mail1-test.opensharing.priv. opensharing.priv. 86400 IN MX 20 mail2-test.opensharing.priv. dhcp1.opensharing.priv. 86400 IN CNAME dns1-test.opensharing.priv. dns1.opensharing.priv. 86400 IN CNAME dns1-test.opensharing.priv. dns1-test.opensharing.priv. 86400 IN A 192.168.1.11 dns2.opensharing.priv. 86400 IN CNAME dns2-test.opensharing.priv. dns2-test.opensharing.priv. 86400 IN A 192.168.1.12 mail1.opensharing.priv. 86400 IN CNAME mail1-test.opensharing.priv. mail1-test.opensharing.priv. 86400 IN A 192.168.1.15 mail2.opensharing.priv. 86400 IN CNAME mail2-test.opensharing.priv. mail2-test.opensharing.priv. 86400 IN A 192.168.1.16 opsi.opensharing.priv. 86400 IN CNAME opsi-test.opensharing.priv. opsi-test.opensharing.priv. 86400 IN A 192.168.1.13 wp-test.opensharing.priv. 86400 IN A 192.168.1.14 www.opensharing.priv. 86400 IN CNAME wp-test.opensharing.priv. xptest.opensharing.priv. 86400 IN A 192.168.1.100
1.168.192.in-addr.arpa. 86400 IN SOA dns1-test.opensharing.priv. adminsys.opensharing.priv. 2017012402 21600 3600 604800 86400 1.168.192.in-addr.arpa. 86400 IN NS dns1-test.opensharing.priv. 1.168.192.in-addr.arpa. 86400 IN NS dns2-test.opensharing.priv. 11.1.168.192.in-addr.arpa. 86400 IN PTR dns1.opensharing.priv. 11.1.168.192.in-addr.arpa. 86400 IN PTR dhcp1.opensharing.priv. 11.1.168.192.in-addr.arpa. 86400 IN PTR dns1-test.opensharing.priv. 12.1.168.192.in-addr.arpa. 86400 IN PTR dns2.opensharing.priv. 12.1.168.192.in-addr.arpa. 86400 IN PTR dns2-test.opensharing.priv. 13.1.168.192.in-addr.arpa. 86400 IN PTR opsi.opensharing.priv. 13.1.168.192.in-addr.arpa. 86400 IN PTR opsi-test.opensharing.priv. 14.1.168.192.in-addr.arpa. 86400 IN PTR www.opensharing.priv. 15.1.168.192.in-addr.arpa. 86400 IN PTR mail1.opensharing.priv. 15.1.168.192.in-addr.arpa. 86400 IN PTR mail1-test.opensharing.priv. 16.1.168.192.in-addr.arpa. 86400 IN PTR mail2.opensharing.priv. 16.1.168.192.in-addr.arpa. 86400 IN PTR mail2-test.opensharing.priv.
include "/etc/bind/tsig.key";
authoritative;
ddns-update-style standard;
update-static-leases off;
ignore client-updates;
default-lease-time 1800;
max-lease-time 1800;
log-facility local7;
db-time-format local;
failover peer "opensharing-failover" {
secondary;
address 192.168.1.12;
port 647;
peer address 192.168.1.11;
peer port 647;
max-response-delay 30;
max-unacked-updates 3;
load balance max seconds 3;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.1.1;
ddns-domainname "opensharing.priv";
ddns-rev-domainname "in-addr.arpa";
option domain-name "opensharing.priv";
option domain-name-servers dns1.opensharing.priv, dns2.opensharing.priv;
set vendor-string = option vendor-class-identifier;
pool {
failover peer "opensharing-failover";
range 192.168.1.100 192.168.1.199;
allow unknown-clients;
}
}
zone opensharing.priv {
primary 192.168.1.11;
key "tsig-key";
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.11;
key "tsig-key";
}
Réalisation
0. Mise à jour préalable du système et des paquets installés
# aptitude update # aptitude upgrade
1. Installation des paquets pré-requis
# aptitude install wget lsof host python-mechanize p7zip-full cabextract openbsd-inetd pigz
2. Installation de Samba et des utilitaires associés
# aptitude install samba samba-common smbclient cifs-utils samba-doc
3. Installation des paquets Opsi
3.1. Création du dépôt Opsi
# nano /etc/apt/sources.list.d/opsi.list
Le fichier opsi.list est ainsi créé.
Ajout du contenu suivant :
deb http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_8.0 ./
Import de la signature du dépôt Opsi :
# wget -O - http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_8.0/Release.key | apt-key add -
--2016-09-16 02:14:59-- http://download.opensuse.org/repositories/home:/uibmz:/opsi:/opsi40/Debian_8.0/Release.key
Résolution de download.opensuse.org (download.opensuse.org)… 2001:67c:2178:8::13, 195.135.221.134
Connexion à download.opensuse.org (download.opensuse.org)|2001:67c:2178:8::13|:80… connecté.
requête HTTP transmise, en attente de la réponse… 200 OK
Taille : 999 [application/pgp-keys]
Sauvegarde en : « STDOUT »
- 100%[===============================================================================>] 999 --.-KB/s ds 0s
2016-09-16 02:15:07 (137 MB/s) — envoi vers sortie standard [999/999]
OK
Vérification de l’import de la signature :
# apt-key list
[...]
/etc/apt/trusted.gpg
--------------------
pub 1024D/4DC87421 2010-07-23 [expire : 2017-02-17]
uid home:uibmz OBS Project <home:uibmz@build.opensuse.org>
[...]
3.2. Installation des paquets Opsi depuis le dépôt ainsi créé
3.2.1. Mise à jour conservatrice du système
# aptitude update # aptitude safe-upgrade
3.2.2. Suppression d’un éventuel paquet tftpd déjà installé
# aptitude remove tftpd # update-inetd --remove tftpd
3.2.3. Installation du paquet opsi-atftpd
Ce paquet permet l’installation d’un server TFTP avancé depuis les dépôts uib en version 0.7.dfsg-6.
# aptitude install opsi-atftpd
Rmq :
Si une question relative à la prise en charge du multicast est posée, répondre Non (question non posée avec cette version).
3.2.4. Installation du paquet opsi-depotserver
Ce paquet permet l’installation et la configuration d’un serveur de dépôt Opsi depuis les dépôts uib, ici en version 4.0.6.7-2.
# aptitude install opsi-depotserver
Rmq :
Correspond à l’exécution des commandes suivantes :
# opsi-setup –init-current-config
# opsi-setup –auto-configure-samba
# opsi-setup –patch-sudoers-file
# opsi-setup –set-rights
# opsi-setup –auto-configure-samba
# opsi-setup –patch-sudoers-file
# opsi-setup –set-rights
Accepter la modification des fichiers /etc/samba/smb.conf et /etc/sudoers.
Si une question relative au mot de passe de l’utilisateur pcpatch est posée, définir et mémoriser le mot de passe choisi (question non posée avec cette version car apparemment un mot de passe a été automatiquement généré).
Ceci a, entre autres, pour effet :
☑ Le paramétrage du service opsiconfd (version 4.0.7.4.1-1)
☑ Le paramétrage du service opsipxeconfd (version 4.0.7.1-1)
☑ Le paramétrage de zsync (version 0.6.2-1)
☑ Le paramétrage de opsi-utils (version 4.0.7.7-3)
☑ Le paramétrage de opsi-linux-bootimage (version 20160921-1)
☑ La génération d’un certificat SSL valide 2 ans requis par le démon opsiconfd
Generating a 1024 bit RSA private key
............++++++
..++++++
writing new private key to '/etc/opsi/opsiconfd.pem'
-----
1024 semi-random bytes loaded
Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time
.++*++*++*++*++*++*
subject= /C=FR/ST=Ile-de-France/L=Paris/O=Opensharing/OU=Service Informatique/CN=opsi-test.opensharing.priv/emailAddress=admin@opensharing.priv
notBefore=Jan 24 10:17:42 2017 GMT
notAfter=Oct 21 10:17:42 2019 GMT
SHA1 Fingerprint=96:DF:91:39:18:69:5E:F5:9E:AD:5B:16:4A:DF:4B:AE:FB:A2:84:82
[5] [Jan 24 11:18:03] Getting current system config (opsi-setup|111)
[5] [Jan 24 11:18:03] System information: (opsi-setup|164)
[5] [Jan 24 11:18:03] distributor : Debian (opsi-setup|165)
[5] [Jan 24 11:18:03] distribution : Debian GNU/Linux 8.7 (jessie) (opsi-setup|166)
[5] [Jan 24 11:18:03] ip address : 192.168.1.13 (opsi-setup|167)
[5] [Jan 24 11:18:03] netmask : 255.255.255.0 (opsi-setup|168)
[5] [Jan 24 11:18:03] subnet : 192.168.1.0 (opsi-setup|169)
[5] [Jan 24 11:18:03] broadcast : 192.168.1.255 (opsi-setup|170)
[5] [Jan 24 11:18:03] fqdn : opsi-test.opensharing.priv (opsi-setup|171)
[5] [Jan 24 11:18:03] hostname : opsi-test (opsi-setup|172)
[5] [Jan 24 11:18:03] domain : opensharing.priv (opsi-setup|173)
[5] [Jan 24 11:18:03] win domain : WORKGROUP (opsi-setup|174)
☑ La création d’un utilisateur pcpatch et de sa clef privée RSA
[5] [Jan 24 11:18:03] Configuring client user pcpatch (opsi-setup|180)
[5] [Jan 24 11:18:03] Creating RSA private key for user pcpatch in '/var/lib/opsi/.ssh/id_rsa' (opsi-setup|194)
[5] [Jan 24 11:18:04] Setting rights on directory '/var/lib/opsi/.ssh' (Rights.py|121)
☑ La création de partages Samba avec sauvegarde du fichier smb.conf original (ici smb.conf.2017-01-24_11:18) :
[5] [Jan 24 11:18:09] Configuring samba (Samba.py|234)
[5] [Jan 24 11:18:10] Adding share [opsi_depot] (Samba.py|111)
[5] [Jan 24 11:18:10] Adding share [opsi_depot_rw] (Samba.py|160)
[5] [Jan 24 11:18:10] Adding share [opsi_images] (Samba.py|171)
[5] [Jan 24 11:18:10] Adding share [opsi_workbench] (Samba.py|184)
[5] [Jan 24 11:18:10] Adding share [opsi_repository] (Samba.py|200)
[5] [Jan 24 11:18:10] Creating backup of /etc/samba/smb.conf (Samba.py|219)
[5] [Jan 24 11:18:10] Writing new smb.conf (Samba.py|222)
[5] [Jan 24 11:18:10] Reloading samba (Samba.py|226)
[5] [Jan 24 11:18:11] Samba configuration finished. You may want to restart your Samba daemon. (Samba.py|239)
- [opsi_depot] pointant sur /var/lib/opsi/depot/ en lecture seule
- [opsi_depot_rw] pointant sur /var/lib/opsi/depot/ en lecture/écriture
- [opsi_images] pointant sur /var/lib/opsi/ntfs-images en lecture/écriture
- [opsi_workbench] pointant sur /home/opsiproducts/ en lecture/écriture
- [opsi_repository] pointant sur /var/lib/opsi/repository/ en lecture seule
[global] workgroup = WORKGROUP dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [opsi_depot] available = yes comment = opsi depot share (ro) path = /var/lib/opsi/depot follow symlinks = yes writeable = no invalid users = root admin users = @pcpatch [opsi_depot_rw] available = yes comment = opsi depot share (rw) path = /var/lib/opsi/depot follow symlinks = yes writeable = yes invalid users = root [opsi_images] available = yes comment = opsi ntfs images share (rw) path = /var/lib/opsi/ntfs-images writeable = yes invalid users = root [opsi_workbench] available = yes comment = opsi workbench path = /home/opsiproducts writeable = yes invalid users = root create mask = 0660 directory mask = 0770 [opsi_repository] available = yes comment = opsi repository share (ro) path = /var/lib/opsi/repository follow symlinks = yes writeable = no invalid users = root
☑ La configuration du fichier /etc/sudoers avec sauvegarde du fichier original (ici sudoers.2017-01-24_11:18) :
[5] [Jan 24 11:18:11] Adding sudoers entries for opsi (Sudoers.py|133)
[5] [Jan 24 11:18:11] Creating backup of /etc/sudoers (Sudoers.py|148)
[5] [Jan 24 11:18:11] Writing new /etc/sudoers (Sudoers.py|157)
opsiconfd ALL=NOPASSWD: /usr/bin/opsi-set-rights %pcpatch ALL=NOPASSWD: /usr/bin/opsi-set-rights Defaults!/usr/sbin/service !requiretty
☑ La création, entre autres, des dossiers Opsi suivants :
- /etc/opsi/ : fichiers de configuration du serveur et de ses services
- /var/log/opsi/ : fichiers de logs relatifs au serveur et à ses différents services
- /var/lib/opsi/ : fichiers du backend file et répertoire home du service opsiconfd
- /home/opsiproducts/ : dossier destiné à la construction de nouveaux paquets
- /tftpboot/linux/ : fichiers de démarrage requis pour un boot en PXE du client
3.2.5. Installation du paquet opsi-configed
Ce paquet permet l’installation de l’éditeur de configuration Opsi (interface Web de déploiement logiciels et de systèmes d’exploitation) en version 4.0.7.1.3-1.
# aptitude install opsi-configed
3.2.5. Et ensuite?
Après la partie 1 d’installation, il est nécessaire de consulter les articles suivants :