[tech] Machine Inventory Server

Andrew Adamson bob at ucc.gu.uwa.edu.au
Sat Apr 13 11:46:43 AWST 2019


Hi All,

I noticed that people were manually checking the specifications of 
desktops in the clubroom, so I decided to resurrect the old ocsinventory 
system that UCC used to have. For those of you who don't know, 
ocsinventory is a system where each machine regularly checks in and 
reports its hardware and software configuration. Alternative systems that 
are quite possibly better are osquery and doorman, but I went with ocs 
because I had used it before and like it. For ocsinventory every machine 
needs an agent on it, and there's agents for every OS that UCC uses.

If you head over to https://ocsinventory.ucc.asn.au , you can login with 
your UCC credentials and see the list of machines that already have the 
agents. I suggest you sort by "Last Inventory" time, since I managed to 
bring across most of the old database that was corrupted a few years ago 
when mussel was having disk issues.

Wheel members have admin permissions on the system, everyone else has 
readonly access. I did try and make it so other groups 
(committee/sprocket) had admin access, but there's a bug in the system 
that only permits mapping a single AD group to admins.

I've also installed the agent on every UCC machine that I have remote 
access to. The only machines I think I've missed are:
- corvo
- christmas
- catfish
- combto (projects bench, currently off)
- napoli

I would appreciate it if someone in the clubroom could take a moment to 
set them up.

For those who are interested, the process I followed is roughly:
1. Set up a Debian Buster VM on the cluster in the machine room range
2. Added the VM "myxine" to DNS on mooneye, also adding cnames 
ocsinventory and ocsinventory-ng to point at it
3. Created a new mysql database for ocs using 
https://secure.ucc.asn.au/phpmyadmin
4. Set up ocsinventory server on myxine from debian packages (I am 
reluctant to install from source because it makes it hard to maintain)
5. Much faffing around to get inventorying working properly
6. Much faffing around to get auth working against active directory. 
Thanks to [TPG] for his assistance with that. This also included 
connecting to maaxen and using its AD management tools to create a bind 
user for the service.
7. Manually migrating data from the old corrupt database to the 
new one using https://secure.ucc.asn.au/phpmyadmin
8. Opened up the required ports on the UCC firewall on murasoi.
8. Turned on SSL and set up letsencrypt on the web server on myxine so 
people can log in securely. Thanks to [DAA] for the lesson on how to 
secure a webserver.
10. Installing ocsinventory-agent on as many machines as I could
11. Documenting myxine in uccpass, writing this email and updating the 
SOE page on the wiki

There were a fair few intermediate or repeated steps above, including a 
throwaway VM for the initial attempt at setting it up and testing with a 
very small group of computers.

Enjoy!

Andrew Adamson
bob at ucc.asn.au

|"If you can't beat them, join them, and then beat them."                |
| ---Peter's Laws                                                        |


More information about the tech mailing list