[tech] Machine Inventory Server
Andrew Adamson
bob at ucc.gu.uwa.edu.au
Sat Apr 13 11:46:43 AWST 2019
Hi All,
I noticed that people were manually checking the specifications of
desktops in the clubroom, so I decided to resurrect the old ocsinventory
system that UCC used to have. For those of you who don't know,
ocsinventory is a system where each machine regularly checks in and
reports its hardware and software configuration. Alternative systems that
are quite possibly better are osquery and doorman, but I went with ocs
because I had used it before and like it. For ocsinventory every machine
needs an agent on it, and there's agents for every OS that UCC uses.
If you head over to https://ocsinventory.ucc.asn.au , you can login with
your UCC credentials and see the list of machines that already have the
agents. I suggest you sort by "Last Inventory" time, since I managed to
bring across most of the old database that was corrupted a few years ago
when mussel was having disk issues.
Wheel members have admin permissions on the system, everyone else has
readonly access. I did try and make it so other groups
(committee/sprocket) had admin access, but there's a bug in the system
that only permits mapping a single AD group to admins.
I've also installed the agent on every UCC machine that I have remote
access to. The only machines I think I've missed are:
- corvo
- christmas
- catfish
- combto (projects bench, currently off)
- napoli
I would appreciate it if someone in the clubroom could take a moment to
set them up.
For those who are interested, the process I followed is roughly:
1. Set up a Debian Buster VM on the cluster in the machine room range
2. Added the VM "myxine" to DNS on mooneye, also adding cnames
ocsinventory and ocsinventory-ng to point at it
3. Created a new mysql database for ocs using
https://secure.ucc.asn.au/phpmyadmin
4. Set up ocsinventory server on myxine from debian packages (I am
reluctant to install from source because it makes it hard to maintain)
5. Much faffing around to get inventorying working properly
6. Much faffing around to get auth working against active directory.
Thanks to [TPG] for his assistance with that. This also included
connecting to maaxen and using its AD management tools to create a bind
user for the service.
7. Manually migrating data from the old corrupt database to the
new one using https://secure.ucc.asn.au/phpmyadmin
8. Opened up the required ports on the UCC firewall on murasoi.
8. Turned on SSL and set up letsencrypt on the web server on myxine so
people can log in securely. Thanks to [DAA] for the lesson on how to
secure a webserver.
10. Installing ocsinventory-agent on as many machines as I could
11. Documenting myxine in uccpass, writing this email and updating the
SOE page on the wiki
There were a fair few intermediate or repeated steps above, including a
throwaway VM for the initial attempt at setting it up and testing with a
very small group of computers.
Enjoy!
Andrew Adamson
bob at ucc.asn.au
|"If you can't beat them, join them, and then beat them." |
| ---Peter's Laws |
More information about the tech
mailing list