opsi Getting Started opsi-version 4.2

uib gmbh


Table of Contents

1. Copyright
2. Introduction
3. Conventions of this document
4. Requirements
4.1. Supported distributions for server
4.2. Hardware requirements
4.2.1. Notes on determining hardware requirements
4.3. Configuration requirements
4.3.1. Valid DNS domain name
4.3.2. Valid DNS hostname
4.3.3. Correct name resolution for the server
4.3.4. Localization settings
4.4. Needed network ports
5. opsi-server Installation
5.1. opsi-server Basic installation
5.1.1. Starting up the uib preconfigured Virtual Machine
5.1.2. Opsi-QuickInstall
5.1.3. Prerequisites for an installation on a server
5.1.4. Installation on Debian / Ubuntu
5.1.5. Installation on a Univention Corporate Server (UCS)
5.1.6. Installation on openSUSE or Suse Linux Enterprise Server (SLES)
5.1.7. Installation on CentOS or RedHat Enterprise Linux (RHEL)
5.2. Update and Configuration of the opsi-server
5.2.1. Proxy Entry in apt-configuration File
5.2.2. Update of the opsi-server
5.2.3. Backend Configuration
5.2.4. Set Samba Configuration and Change Passwords
5.2.5. Create users and configure the groups opsiadmin and opsifileadmins
5.2.6. DHCP Configuration
5.2.7. Configuration of the name resolution
5.3. Importing the minimal opsi products
5.3.1. Automatic import of the minimal opsi products
5.3.2. Manual import of opsi products
6. Management interface opsi-configed
6.1. Installation of the management interface opsi-configed
6.2. Start of the management interface opsi-configed
7. Adding clients to opsi
7.1. Creation of a new opsi client
7.1.1. Creating a new opsi client via the graphical management interface
7.1.2. Creating a new opsi client via the command line
7.1.3. Creating a new opsi client using the opsi-client-bootcd
7.2. Integration of existing Windows clients
7.2.1. Using service_setup.cmd on Windows NT6
7.2.2. Using service_setup_NT5.cmd on Windows NT5
7.2.3. Using opsi-deploy-client-agent
8. Rollout existing products
8.1. Deploying opsi standard products: opsi-configed
8.2. Hard- and Software Inventory with the localboot products hwaudit and swaudit
8.3. Hardware Inventory with the netboot product hwinvent
9. Installation of a new Windows PC with opsi (OS Installation)
9.1. OS-Installation: Complete the Base Package for Windows
9.2. NT6 family: Win7 / 2008R2 and up
9.2.1. Creating a PE
9.2.2. Extending a PE
9.2.3. unattend.xml
9.2.4. Driver Integration
9.2.5. Providing the Installation Files
9.2.6. Installation Log files
9.3. Windows Product Key
9.4. Start the Windows Installation
9.5. Structure of the Unattended Installation Products
9.5.1. Directory Tree Overview
9.5.2. File Descriptions
9.5.3. Directory installfiles / winpe
9.5.4. Directories opsi and custom
9.5.5. Directory drivers
9.6. Simplified Driver Integration during the unattended Windows Installation
9.6.1. General Driver Packages
9.6.2. Drivers that suitable for your hardware but not specially assigned
9.6.3. Drivers manually assigned to clients
9.6.4. Drivers automatically assigned to the clients using the inventory fields
9.6.5. Structure of the Driver Directory and Driver Files
9.6.6. Processing of the Different Levels of Driver Integration
9.6.7. Add and check drivers
10. More Information

List of Figures

5.1. Language selection
5.2. Startup mask
5.3. Input mask
5.4. Graphical view of fresh started opsi-server
5.5. Language and type of installation
5.6. Information
5.7. Installation
5.8. Result
5.9. Result
5.10. Dialog opsi-setup --configure-mysql: Input mask
5.11. Output: opsi-setup --configure-mysql: Output
7.1. Start image opsi-client-boot-cd
7.2. bootimage/boot-cd configuration screen
7.3. bootimage/boot-cd: Choose how to create Client
7.4. bootimage / boot-cd: Authenticate as member of opsiadmin group
7.5. bootimage/boot-cd: netboot product list

Chapter 1. Copyright

The Copyright of this manual is held by uib gmbh in Mainz, Germany.

This manual is published under the creative commons license
Attribution - ShareAlike (by-sa).

CC by sa

A description of the license can be found here:
https://creativecommons.org/licenses/by-sa/3.0/

The legally binding text of the license can be found here:
https://creativecommons.org/licenses/by-sa/3.0/legalcode

Most parts of the opsi software is open source.
Not open source are the parts of the source code which contain new extensions, that are still under cofunding, which have not been paid off yet. See also: opsi cofunding projects

All of the open source code is published under the AGPLv3.

agplv3

The legally binding text of the AGPLv3 license can be found here: http://www.gnu.org/licenses/agpl-3.0-standalone.html

Information about the AGPL: http://www.gnu.org/licenses/agpl-3.0.en.html

For licenses to use opsi in the context of closed source software, please contact uib gmbh.

The names opsi, opsi.org, open pc server integration and the opsi logo are registered trademarks of uib gmbh.

Chapter 2. Introduction

These instructions explain in detail the installation and starting of an opsi-server. It starts from the provided installation package and leads to the test installation of a client.

The installation and commissioning of an opsi-server is done in several steps:

  1. Basic installation of the server
  2. Configuration of the server (adaptation to network conditions, setting up users and passwords, installation of products to be distributed)
  3. Recording and integration of computers in opsi.
  4. Deploying Windows to Clients.
  5. Packaging and distribution of own software

Then an operating system including software can be automatically installed on a client and a hardware and software inventory can be performed.

Further features are described in the opsi manual. There, you will also find explanations about the co-financed extensions and their setup.

The shown network configuration is exemplary and refers to a network without competing DHCP servers (e.g. an isolated test network in which the opsi-server and its clients can be placed for the first tests).

We strongly suggest that you make your first tests with opsi in a test network that is separate from other DHCP servers, but which you can temporarily connect to your main network, e.g. to download updates and packages from the Internet.

For the integration into existing networks you can use consulting services by uib.

Chapter 3. Conventions of this document

Commands are highlighted separately:

this is a command

During installation and configuration, you can usually copy and execute the commands from these fields one after the other using copy & paste from this document.

Chapter 4. Requirements

Subsequently the requirements for the installation of an opsi-server will be described.

4.1. Supported distributions for server

As of 18.02.2021

Distribution

Opsi 4.2

Debian 10 Buster

supported.png

Debian 9 Stretch

supported.png

Ubuntu 20.04 LTS Focal Fossa

supported.png

Ubuntu 18.04 LTS Bionic Beaver

supported.png

Ubuntu 16.04 LTS Xenial Xerus

unsupported.png

RHEL 8

supported.png

RHEL 7

unsupported.png

CentOS 8

supported.png

CentOS 7

unsupported.png

SLES 15 SP1

supported.png

SLES 15 SP2

supported.png

SLES 12SP*

unsupported.png

SLES 12

unsupported.png

openSuse Leap 15-2

supported.png

openSuse Leap 15-1

supported.png

openSuse Leap 15

discontinued.png

UCS 4.4

supported.png

supported.png: Supported unsupported.png: Unsupported develop.png: Under development discontinued.png: Discontinued

4.2. Hardware requirements

For a opsi-server the following hardware is recommended:

  • Intel-x86-compatible PC
  • 2GB RAM or higher
  • a hard disk with 60 GB capacity or more

    • An opsi-server should have at least a minimum free space of 16 GB in the directory /var/lib/opsi

The requirements of the server are moderate in testing environments. In the case of production environments it is recommended to increase the capabilities of the host system.

We recommend in the case of testing with a Virtual machine, that the host computer should have at least a dual core processor and at least 4GB of RAM. For testing purposes, a test client can be run as another Virtual machine on the same host computer.

4.2.1. Notes on determining hardware requirements

Hardware requirements depend heavily on usage. So here are a few tips to calculate the system requirements.

Memory requirements

Each active Samba connection starts its own Samba process. Estimates vary between 800 kB and 4 MB. How many opsi clients access an opsi server at the same time depends heavily on the daily routines in your environment.

The following values ​​were recommended for Samba 3:

Process

1 user

130 users

500 users

smbd

4 MB

520 MB

2000 MB

Since we do not have any values ​​for current Samba versions, the above figures can only be regarded as a rough estimate and should be extended with a safety margin of 50%.

The memory consumption of opsiconfd depends heavily (but not only) on the number of clients. The following minimum memory consumption can be derived from existing installations. The specified number of users are not active users at the same time, but the total number.

Process

100 users

2000 users

4000 users

opsiconfd

500 MB

1000 MB

2000 MB

You should also implement a safety margin here.

CPU

Opsiconfd currently uses only one core. This core is only fully loaded when many opsi clients (> 100) access the server exactly at the same time. But the operating system, Samba, the database, etc. also require computing time.

I.e. with 500 clients two CPU cores should be sufficient, with 1000 clients four CPU cores should be provided.

Also note that opsi-depots put a strain on the opsi-configserver, which is significantly larger than that of a single client.

4.3. Configuration requirements

Your server and your network have to comply to the following requirements to install and work with opsi:

4.3.1. Valid DNS domain name

Your DNS domain name must consist of at least one domain and one toplevel domain. In other words: the fully qualified domain name must contain at least one point. Furthermore, the toplevel domain must consist of at least two characters.

Valid domain names are e.g.: domain.local , uib.de, subdomain.domain.de. An invalid example: mydomain.d because this is only one character at the top-level domain An invalid example: mydomain because this is only a top-level domain

see also:

4.3.2. Valid DNS hostname

The hostnames (also of the clients) must comply with the guidelines. This includes, for example, that they must not contain any underscores.

Make sure that at your opsi-server, returns a fully qualified domainname, in which at least come two dots, e.g. opsiserver.domain.local:

hostname -f

Should the result not look like this (e.g. 127.0.0.1 or localhost) then you check your /etc/hosts directory or the name resolution first.

see also:
* https://en.wikipedia.org/wiki/Hostname

4.3.3. Correct name resolution for the server

Check the entry for the opsi-server in the file /etc/hosts, or check the output of:

getent hosts $(hostname -f)

The result should look like the following example:
192.168.1.1 server.domain.tld server

Here the IP address should belong to the network interface, to which the Clients will be connecting.

If the result looks different from the above example (contains eg. 127.0.0.1 or localhost), or the full qualified hostname does not contain one or more dots, then you must correct your name resolution (DNS or /etc/hosts file).

Note

The names must be in accordance of the rules of a DNS system but a DNS server is not required for the usage of opsi.

Note

opsi does not require Active Directory or similar. Integrating opsi is possible but not required.

4.3.4. Localization settings

opsi requires configured language settings (locale) on the server. It is recommended to use an UTF-8 compatible locale.

The following command performs a simplified check:

test -e /etc/default/locale && echo "ok" || (echo "Check locales:" && locale)

If the output is ok locales are set. If the output is check locales: you should check if the following list has settings for LANG or LC_ALL that are according to your used language.

For English we recommend en_GB.UTF-8 or en_US.UTF-8.

The following commands show how these settings can be changed if nothing or an undesired value is set:

sudo locale-gen en_GB.UTF-8
update-locale LANG=en_GB.UTF-8

To apply these settings systemwide the server should be restarted.

For more information please consult the documentation of your Linux distribution.

4.4. Needed network ports

This is an overview of the used ports and network protocols.

  • opsi-server web service: TCP 4447
    Client to server, depot to server (bidirectional, connections via localhost).
  • opsi-client web service: TCP 4441
    Server to client, connection from client to itself via localhost.
  • opsi-client web service: TCP 4442
    Connection from client to itself via localhost.
  • opsi-client Notifier: TCP 45000 - 65536
    Connection from client to itself via localhost.
    A random port from the given range is selected.
  • TFTP: UDP 69
    Client to server.
  • CIFS/SMB: UDP 137 / UDP 138 (netbios) / TCP 139 / TCP 445
    Client to server (bidirectional).
    Depends on the version of the client operating system.
  • WEBDAV: TCP 80
  • WINEXE: UDP 137 / UDP 138 (netbios) / TCP 139 / TCP 445 Server to client (bidirectional).
    Depends on the version of the client operating system.
  • SSH (optional): TCP 22
  • DNS: TCP 53
  • WakeOnLan (WOL): UDP 7 / UDP 9 / UDP 12287
    Server to Client. These ports are configurable.
  • HTTP: TCP 80
    E.g. To download server updates from http://download.opensuse.org/
  • HTTPS: TCP 443
    To download updates from https://download.uib.de (opsi-package-updater)

Chapter 5. opsi-server Installation

This chapter describes the installation and configuration of an opsi server.

After you have worked through this chapter, you have a functioning opsi server. This serves as a basis for all further chapters.

In the following chapters we assume that you have a working network configuration on your server.

5.1. opsi-server Basic installation

In this section different variants of the installation of an opsi-server are shown. You will end up with a server system ready for final configuration and commissioning. To evaluate opsi we recommend using the pre-installed virtual machine. Otherwise, you should select the operating system you are most familiar with. In this case please make sure that the packages of the server are up to date.

If a proxy server is used in your network to access the Internet, remember to enter this on your opsi-server as well. In particular the environment variables http_proxy and https_proxy.

In case of problems you can check the free support provided by the community.

5.1.1. Starting up the uib preconfigured Virtual Machine

An opsi-server can be installed as a virtual machine, because the load on the system is low. A ready-to-use and pre-configured virtual machine is provided by uib. You can download the VMware or Virtualbox files from the uib website or opsi.org. The free of charge VMware player or Virtualbox is sufficient to run this machine. You may also use VMware server or ESXi.

First Start

VMware

If you have a server running VMware or VMware player, it only takes a few mouse clicks to install a base opsi-server:

  • Download the opsi server VM from opsi.org
  • Unzip the file and a directory opsivm will be generated.
  • Start VMware player. Open "Open a Virtual Machine", look for the directory opsivm and in it the file opsivm.ovf in its file selection dialog. You may have to change the file types to be displayed to ovf. You can now import the server under its own name. The virtual server can then be started.

ESXi-Server

  • Download the opsi server VM from opsi.org
  • Unzip the file and a directory opsivm will be generated.
  • Start vSphere Client.
    Install a new client with File / Deploy OVF Template…. and answer the next questions.

Virtualbox

  • Download the opsi server VM from opsi.org
  • Unzip the file and a directory opsivm will be generated.
  • Start Virtualbox.
    At the menu File / Import Appliance select your opsivm.ovf file and import it.

General

The VMware player is free of charge and available for all common operating systems at vmware.com. Usually it can be installed without any problems, as long as the resources of the host computer (especially memory) meet the needs of running software systems in parallel.

Language selection

The first step is to choose the preferred language:

Figure 5.1. Language selection

Screenshot: Language selection

First boot

The opsi-server needs to be connected to the Internet to work properly. The script 1stboot.py will automatically start at the first boot in order to configure the opsi-server network settings. If something goes wrong while running 1stboot.py, then you may run 1stboot.py again from the command line.

The log file of 1stboot.py is located at /var/lib/1stboot/1stboot.log.

Warning

You cannot use 1stboot.py to rename your opsi-server afterwards!

Figure 5.2. Startup mask

Screenshot: 1stboot.py Startup mask

Fill in the configuration information for your network and answer the questions.

Figure 5.3. Input mask

Screenshot: 1stboot Input mask

In the following, you will be asked for:

server name
Name of this server (without domain) e.g. opsidemo
domain
DNS-Domain (not Windows-Domain) the name has to include a dot e.g. opsi.local
ip address
Address of this server e.g. 192.168.1.50
netmask
Netmask of this server e.g. 255.255.255.0
windows domain
Name of the Windows Domain (not the DNS domain)
gateway
IP-address of the Internet gateway e.g. 192.168.1.1
proxy
If required for Internet access, the proxy information: e.g. http://myuser:mypass@192.168.1.5:8080
DNS server
IP address of the name server e.g. 192.168.1.1
mail relay
IP address of the mail server e.g. 192.168.1.1
tftp server
IP address of the tftp server (usually the server)
Password of root
Password of root
Password of adminuser
Password of local opsi-admin.

After the program 1stboot.py finishes, the virtual machine will be rebooted.

Second Start

After the reboot, or after completing the network configuration, login as adminuser with your password.

The graphical user interface of the opsi-server should have already started (a lightweight window manager is used). A "Firefox" browser window appears at startup, and displays this document and further information.

If you get a message that there is no network connection, this might be caused by the special configuration of the virtual appliance. Before trying other options, you should reboot the server again. (i.e. use the shutdown button in the GUI)

Figure 5.4. Graphical view of fresh started opsi-server

Screenshot: View of newly started opsi-server

If the network was correctly configured in the previous steps, then you should be able to remotely access the opsi-server, for example:

  • use ssh at the command line to access the server (ssh should already be installed on linux systems, for Windows use putty)
    Use root as the user name, and authenticate with the root password.

Terminal Window

In the following sections, some commands have to be entered into a command line interface. It may be the easiest way to work through these instructions.

The commands are input into a window called a "terminal window". Here are examples that explain how to access a terminal window:

  • Remote access per ssh on the opsi-server (see previous section)
  • Open a terminal window in the opsi-server graphical interface with a click on the terminal icon in the icon bar.
  • Open a terminal window in the opsi-server graphical interface with a right mouse click inside the interface, and choose "Terminal".
    Note: the graphical interface has multiple desktops that are reachable using the variety of buttons in the upper-left-hand corner of the display.

We recommend cutting and pasting commands from this handbook directly into the opsi-server terminal window (most applications support cut and paste).

Example snippets from configuration files are formatted like this:

depoturl = smb://smbhost/sharename/path

Example snippets for commands that you have to execute are formatted like this:

cd /tmp
ls -l

Angle brackets < > mark abstract names. When entering commands, please replace the <abstract name> with a real name.
For example: The file share, where opsi places the software packages, may abstractly be noted as <opsi-depot-share>. If the real file share is /var/lib/opsi/depot, then you have to replace the abstract name by this exact string. The location of the package <opsi-depot-share>/ooffice becomes /var/lib/opsi/depot/ooffice. .

Check the Network Connection

If the network configuration is correct, and the computer is connected to the Internet, then you can access any website using the browser in the start window.

If not everything is working, then you have to open a terminal window (maybe this is not yet possible from a remote connection, only from the server GUI) and then perform the necessary network connection checks and fixes.

You can re-enter the network configuration by entering this command in the terminal window:

1stboot.py

A reboot is forced with the command:

reboot

If the network connection works, then you can install opsi packages or update them, and configure the environment for the first installation test. If you want to use the virtual machine (and not install the opsi-server directly to your host system), then skip to Section 5.2, “Update and Configuration of the opsi-server”.

Update the opsi-Server

To update your opsi-server you need to double click the Icon Update OS on the desktop. To do this please enter the current password for the adminuser and confirm if necessary.

Install the standard opsi-products

By performing a double click the Icon First package installation the minimal opsi-products will be installed. To do this please enter the current password for the adminuser. This automatically fetches the current opsi packages, including templates for OS deployments, from the opsi repositories and installs them on the server.

For more information see Section 5.3, “Importing the minimal opsi products”.

Starting opsi-Server Interface

You can start the management interface by double clicking on the icon Opsi Configuration Editor. For a description of the management interface check Section 6.2, “Start of the management interface opsi-configed”.

You have a running opsi server now, i.e. the opsi application itself is fully configured.

You can now proceed with:

5.1.2. Opsi-QuickInstall

Opsi-QuickInstall is a program to quickly and easily install an opsi-server on the following Linux distributions:

  • Debian 9, Debian 10,
  • openSUSE Leap 15.1, openSUSE Leap 15.2,
  • SLES 15 SP1, SLES 15 SP2,
  • Ubuntu 18.04, Ubuntu 20.04

Download and first Start

You can download Opsi-QuickInstall as zip-file under the following link: https://download.uib.de/opsi4.2/stable/quickinstall/ .

Unzip the file and open the folder opsi-quickinstall. Now you must decide whether you want to execute the installation with or without graphical user interface.

Both versions are described below.

You can find more information on the properties QuickInstall asks for in the opsi-manual under chapter 9.5.10.1 The product l-opsi-server : https://download.uib.de/opsi4.2/stable/documentation/opsi-manual-v4.2-en.pdf . There you also find the default values of the properties. Different from the manual is only the default-value of the property allow_reboot; this one is QuickInstall false.

Opsi-Quickinstall GUI-Version

Open the folder gui and execute the file opsi_quick_install_project (for example per double click).

A window appears in which you can first select the language for Opsi-QuickInstall and the type of installation:

Figure 5.5. Language and type of installation

Screenshot: Language and type of installation

In the custom installation you can make more detailed settings.

Click on next> and answer the questions. For some questions you will find information signs on the right hand side. These can give you more information about the question on mouse click.

Figure 5.6. Information

Screenshot: Information

The questions on name and password of the opsi admin user give example values (also shown on the image Figure 5.6, “Information”). For security reasons you should change these values. Do NOT use the examples!

After the queries, QuickInstall will show you an overview where you can check all your answers. If everything is correct, click finish, type in your password and click finish again. Then the installation of the opsi-server will start.

Figure 5.7. Installation

Screenshot: Installation

The installation may take some minutes. In the end, QuickInstall shows you whether it was successful.

Figure 5.8. Result

Screenshot: Result

If the result is success, your opsi-server ist now ready for use.
If the result is failed, you can search in the log files for the error or, if you have a support contract, you can directly contact uib.

Opsi-Quickinstall No-GUI-Version

Open the folder nogui and execute the file opsi_quick_install_project with one of the following parameters on the console as root:

  • -d, to use the default values for the installation of the opsi-server and immediately start the installation,
  • -f <file>, to use the values from a file for the installation of the opsi-server and immediately start the installation,
  • -n, (recommended) to start a setup program on the console, in which you can set the values for the installation seperately.

So for example execute

sudo ./opsi_quick_install_project -n

The operation of the setup program is shortly described in the following.

If you chose the parameter -n, answer the questions that are asked. On each question you also have the possibility to type in one of the following commands:

  • -b, to jump back to the previous question,
  • -h, (only for questions that are marked with a * at the end) to get further information on this question,
  • type nothing in and press Enter to use the default value for this question.

Afterwards QuickInstall will show you an overview where you can check all your answers. If everything is correct, click Enter to start the installation of the opsi-server.

The installation of the opsi-server may take some minutes. In the end, QuickInstall shows you whether the installation was successful.

Figure 5.9. Result

Screenshot: Result

If the result is success, your opsi-server ist now ready for use.
If the result is failed, you can search in the log files for the error or, if you have a support contract, you can directly contact uib.

5.1.3. Prerequisites for an installation on a server

From version 4.2 the opsi-server needs access to a Redis and a Grafana instance. If these services will also be provided by the opsi server, we recommend switching to the opsi-server-full package during the migration. This package installs and configures everything that is necessary on the opsi server (this will be referred to as a single server setup). This recommendation applies to all supported operating systems, except for Univention UCS. As previously, the opsi4ucs package should be installed on these systems.

Note

The opsi-server-full package installs all necessary components to run opsi on one server.
If certain components should not be installed, for example if Redis, MySQL or Grafana should run on another server,
the packages opsi-server or opsi-server-expert can be used instead.

We recommend using the official Grafana repositories for Grafana:

Debian/Ubuntu/UCS:

sudo apt-get install -y apt-transport-https software-properties-common wget
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
echo "deb https://packages.grafana.com/oss/deb stable main" > /etc/apt/sources.list.d/grafana.list

RHEL/CentOS:

yum install wget
cd /etc/yum.repos.d
cat <<EOF > grafana.repo
[grafana]
name=grafana
baseurl=https://packages.grafana.com/oss/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

openSUSE/SLES:

zypper install wget
cd /etc/zypp/repos.d
cat <<EOF > grafana.repo
[grafana]
name=grafana
baseurl=https://packages.grafana.com/oss/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

5.1.4. Installation on Debian / Ubuntu

In this chapter, we assume you are familiar with the debian package system (you will find information about this in the appropriate Debian books, in the manual pages, or under debian documentation).

Important

Please check the requirements and preperations!

We recommend to install the following packages:

apt install wget host pigz

Furthermore, samba needs to be installed:

apt install samba samba-common smbclient cifs-utils

To start with the installation of opsi add the opsi repository to apt:

Ubuntu 20.04 LTS Focal Fossa:

echo "deb http://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/xUbuntu_20.04/ /" > /etc/apt/sources.list.d/opsi.list
wget -q -O - https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/xUbuntu_20.04/Release.key | sudo apt-key add -

Ubuntu 18.04 LTS Bionic Beaver:

echo "deb http://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/xUbuntu_18.04/ /" > /etc/apt/sources.list.d/opsi.list
wget -q -O - https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/xUbuntu_18.04/Release.key | sudo apt-key add -

Debian 10 Buster:

echo "deb http://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/Debian_10/ /" > /etc/apt/sources.list.d/opsi.list
wget -q -O - https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/Debian_10/Release.key | sudo apt-key add -

Debian 9 Stretch:

echo "deb http://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/Debian_9.0/ /" > /etc/apt/sources.list.d/opsi.list
wget -q -O - https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/Debian_9.0/Release.key | sudo apt-key add -

Check for success of the key import:

apt-key list

should contain the output:
pub rsa2048 2017-09-30 [SC] [expires: 2021-11-30] 2E98F7B5A5B2C8FE7F609705D1F933E6D8361F81 uid home:uibmz:opsi OBS Project <home:uibmz:opsi@build.opensuse.org>

Execute the following commands in order to install opsi on your server:

Single server setup:

apt update
apt install opsi-server-full

Manual setup:

apt update
apt install redis-server redis-timeseries grafana mysql-server
systemctl daemon-reload
systemctl enable grafana-server
systemctl start grafana-server
apt install opsi-server
apt install opsi-windows-support

If you are asked for the tftp directory during the tftpd-installation answer with /tftpboot.

When installing the opsi-server you will be asked whether the smb.conf may be patched. Answer the questions with Yes. You will also be asked for a password for the pcpatch user. Assign a password (and note the following section on changing the passwords).

Assuming all of the above steps completed successfully, we can assume that the network is properly configured.
Next continue on with Section 5.2, “Update and Configuration of the opsi-server”.

5.1.5. Installation on a Univention Corporate Server (UCS)

Important

UCS support via the app center for opsi 4.2 is still under development and is not yet available.

Important

Please check the configuration requirements and preperations!

The installation on a Univention Corporate Server is possible through the Univention App Center as well as the classic way by using the repositories maintained by uib.

Both are equally supported methods of installations. We recommend using only one method per server. The difference is that an installation of opsi on a member server is not possible if the App Center is used. If new packages for an operating system are released they are available right away if the repositories maintained by uib are used. If the installation is made through the App Center the change to a newer UCS version (i.e. from UCS 4.2 to UCS 4.3) will be blocked until all installed apps are available for the new version of the operating system.

With opsi 4.2 the ucs support was adepted to the opsi-standard like on other supported distibutions. The function of opsi4ucs was implemented in opsi-server package and its variants. The opsi4ucs package exists in opsi 4.2 as a transitionpackage to make the migration easier. This package will automatically removed during the upgrade process.

The first opsi-server in an environment will have its backend configured to make use of the installed MySQL server. All subsequent servers will be registered as depots in opsi.

Manual opsi-installation on UCS (without App-Center)

Important

Please check the requirements and preperations!

Necessary preparations:

  • Samba has to be configured. For the use on a server with the member role, univention-samba has to be used instead of univention-samba4.
  • univention-mariadb or univention-mysql has to be installed.
  • If the machine should also work as DHCP-server, then the dhcpd daemon has to be configured and should be running.

The installation of opsi is possible on a server with the roles master, backup, slave or member. For the installation on a member you need to read the section called “Hints about installing opsi on an UCS server with the role member!

The following documentation describes an installation on a master with Samba 4.

Caution

When installing on a slave the server must be already joined to the master and Samba 4 has to be installed first.
UCS configuration is usually done on the master while the installation and configuration of opsi takes place on the slave.

The classic installation with the user pcpatch in the primary group pcpatch cannot be adhered to with UCS. Samba 4 has the same fundamental restrictions as Active-Directory, so groups with the same name as a user are not allowed. For this reason the configuration file /etc/opsi/opsi.conf has been introduced for UCS 3. This file controls how the group used for the Samba shares will be named. Since UCS 3 the group name pcpatch will be renamed to opsifileadmins with this file. This means that users that need rights for opsi (opsi package builders for example) should not be members of the group pcpatch but must be members of the group opsifileadmins. This peculiarity applies only to UCS and is different to other distributions and different to the next chapters in the opsi-documentation. With UCS the user pcpatch is created as a full domain user. For more information about this new configuration file please refer to the opsi-manual.

  • Next add the opsi4ucs repository:*

Univention UCS 4.4:

echo "deb http://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/Univention_4.4/ /" > /etc/apt/sources.list.d/opsi.list
wget -q -O - https://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/Univention_4.4/Release.key | sudo apt-key add -

For installation the following commands must be entered next:

Single server setup:

univention-install opsi-server-full

Manual setup:

univention-install redis-server redis-timeseries grafana
systemctl daemon-reload
systemctl enable grafana-server
systemctl start grafana-server
univention-install opsi-server

If the role of the target system different than master or backup then we have to run the opsi4ucs Join-Script:

univention-run-join-scripts

A link to the management interface can be found at the URL https://<servername>:4447.

To use the opsi configuration editor the user has to be a member of the group opsiadmin. The group membership can be edited by using Univention-Admin. The user Administrator will automatically be added to this group during the opsi installation.

Finally, in UDM, for the opsi_depot-share we have to set the following option under Advanced Settings → Advanced Samba Settings: follow symlinks must be set to yes. The same should be done for the opsi_depot_rw-share, so the driver integration will run without problems. If the directory /var/lib/opsi/depot is located on an extra partition or hard disk then the option for wide links should be set to yes.

To make sure that opsi is running with the proper settings restart opsi by entering the following commands:

opsi-setup --init-current-config
opsi-set-rights
systemctl restart opsiconfd.service
systemctl restart opsipxeconfd.service

Please be advised that samba 4 will not be automatically restarted, since it is a important service on which other software may depend. You have to restart it manually. After restarting samba there may be a slight delay before the new shares are accessible.

Because there is no direct connection between the Univention LDAP and the opsi-backend all Clients have to be created twice. First in the Univention-LDAP using UDM and then in opsi including all system information (in particular the MAC address). Deleting a LDAP client in Univention will not delete the client in opsi and vice versa. This problem is further discussed in the section called “Synchronising data from LDAP to opsi”.

Since opsi was installed on an existing server we assume that the network configuration is correct.
Continue with the installation by skipping forward to Section 5.2, “Update and Configuration of the opsi-server”.

Warning

The Unix commands used in the following chapters are for Debian systems. You may have to change them to match your Linux system.

Hints about installing opsi on an UCS server with the role member

Warning

Running opsi on a member server is affected by certain limitations. Therefore we recommend beginners to run opsi on a server with a different role.

Installing opsi on a server with the role member is possible. However an automated installation through the Univention App Center is currently not possible.

After an installation you need to make sure that the user that will be used to access the depot exists in the current domain. Check the host parameter clientconfig.depot.user for this. Let’s assume that the domain is backstage, then the value has to be backstage\pcpatch. If it is memberserver\pcpatch then it has to be changed.

Setting the password for the user pcpatch through opsi-admin fails because of the missing AD write access of a member server. To change the password you have to do so additionally on a server with write access - a master, backup or slave.

PXE-Boot configuration for operating system installation

If the PXE-Boot should be used for OS installations the DHCP-service on the relevant UCS-System has to be reconfigured. There are two characteristics which differentiate UCS from other supported distributions.

  • The configuration is not made automatically during the opsi installation on an active UCS infrastructure because often the configuration is already in use.
  • The opsi-tftpd-hpa is not configured as usual using the directory /tftpboot as base directory, instead the /var/lib/univention-client-boot is used. All important files of opsi-linux-bootimage will be moved from /tftpboot to the base directory. The side effect is that the DHCP-Option filename must be pxelinux.0 instead of linux/pxelinux.0.

To implement these settings, a policy must be created in the UCS system. This policy interacts with the existing policies, and has to be implemented appropriately. If opsi was installed on an UCS test system without existing policies, check if the DHCP-service is installed. If the DHCP-service is already installed the easiest way to create the policy is in the UMC-webinterface (Univention Management Console) of the UCS-server. To do this choose the category "Domain" and underneath the module DHCP-server. Next you have to choose the service (in a testing system you will usually find only one entry). In the following view choose the menuitem policies. The policy we need is a DHCP-Boot policy. In the policy configuration choose cn=default-settings as default entry (there should be only one entry) and choose edit. Under basic settings - DHCP-boot enter for the bootserver option the IP address of the opsi-server and enter for the boot-filename option pxelinux.0.

Warning

If the policy is configured like mentioned above, this affects every device that uses DHCP from this server. Therefore, this instruction is meant only for testing opsi and UCS together. In a productive UCS environment you should not configure this policy as described previously.

Optionally, these settings can be done at the console with the udm command. You can find more information about this in the UCS-documentation.

Synchronising data from LDAP to opsi

In an opsi4ucs installation Windows clients have to be created in the UDM first and then they have to be created in opsi-configed. Changes to the client in UDM will not be passed on to opsi. For example if a client’s MAC address changes in LDAP and in opsi a netboot-product is set to setup, the boot configuration would be provided with an incorrect MAC address.

The solution for this is the extension opsi-directory-connector. Please consult the manual for more information.

5.1.6. Installation on openSUSE or Suse Linux Enterprise Server (SLES)

Important

Please check the requirements and preperations!

Necessary preparations:

  • Samba must be installed and configured.
  • mariadb-server must be installed.
  • If the machine should also act as DHCP-server then the dhcpd daemon has to be configured and running.

You can use zypper to add the opsi repositories:

openSUSE Leap 15.1:

zypper addrepo https://download.opensuse.org/repositories/home:uibmz:opsi:4.2:stable/openSUSE_Leap_15.1/home:uibmz:opsi:4.2:stable.repo

openSUSE Leap 15.2:

zypper addrepo https://download.opensuse.org/repositories/home:uibmz:opsi:4.2:stable/openSUSE_Leap_15.2/home:uibmz:opsi:4.2:stable.repo

SLES 15SP1:

zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.2:stable/SLE_15_SP1/home:uibmz:opsi:4.2:stable.repo

SLES 15SP2:

zypper addrepo http://download.opensuse.org/repositories/home:uibmz:opsi:4.2:stable/SLE_15_SP2/home:uibmz:opsi:4.2:stable.repo

After adding the repository, the installation can be started:

Single server setup:

zypper refresh
  Do you want to (r)eject the Key, (t)emporary or (a)lways trust? [r/t/a/?] (a): a
zypper -v install opsi-server-full

Manual setup:

zypper refresh
zypper install redis-server redis-timeseries grafana
systemctl daemon-reload
systemctl enable grafana-server
systemctl start grafana-server
zypper -v install opsi-server
zypper -v install opsi-windows-support

Please make sure that your firewall configuration allows connections to the following ports:

  • tftp: 69/UDP
  • opsi: 4447/TCP and 4441/TCP

In case you used an utility like yast or autoyast to help you with your network configuration it is possible the tool created an entry in the /etc/hosts file like:

127.0.0.2 <fqdn> <hostname>

If you want to leave the configuration of the DHCP server to opsi, this entry has to be changed to the public IP address of the server.

Please continue with Section 5.2, “Update and Configuration of the opsi-server”.

Warning

The unix commands used in the following chapters are based on Debian systems. You may have to adapt them to the corresponding commands for your linux system.

5.1.7. Installation on CentOS or RedHat Enterprise Linux (RHEL)

The installation of opsi on CentOS or Red Hat Enterprise Linux (RHEL) differs only by the used repository.

Important

Please check the configuration requirements and preperations!

When using Red Hat Enterprise Linux, you must register with the Red Hat Network to have access to all required packages in the Red Hat repositories:

subscription-manager register
subscription-manager attach --auto

Necessary preparations:

  • Install Samba and the database:

    yum install mariadb-server samba samba-client
  • Configure samba and database:

    systemctl start smb.service
    systemctl start nmb.service
    systemctl start mariadb.service
    systemctl enable smb.service
    systemctl enable nmb.service
    systemctl enable mariadb.service
    mysql_secure_installation
  • If the machine should also act as DHCP-server then the dhcpd daemon has to be configured and running.

Add the repositories:

CentOS 8:

cd /etc/yum.repos.d/
wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.2:stable/CentOS_8/home:uibmz:opsi:4.2:stable.repo
yum makecache

RHEL 8:

cd /etc/yum.repos.d/
wget https://download.opensuse.org/repositories/home:uibmz:opsi:4.2:stable/RHEL_8/home:uibmz:opsi:4.2:stable.repo
yum makecache

After adding the repository you may start the opsi installation:

Single server setup:

yum install opsi-server-full

Manual setup:

yum makecache
yum install redis-server redis-timeseries grafana
systemctl daemon-reload
systemctl enable grafana-server
systemctl start grafana-server
yum install opsi-server
yum install opsi-windows-support

You may be asked to import the GPG key of the repository. The message is pretty similar to the following one:

   Importing GPG key 0xD8361F81 "home:uibmz OBS Project <home:uibmz@build.opensuse.org>" from http://download.opensuse.org/repositories/home:/uibmz:/opsi:/4.2:/stable/CentOS_8/repodata/repomd.xml.key
   Is this ok [y/N]: y

Please answer with y.

Please make sure that your iptables and SELinux configuration allow access to the following ports:

  • tftp: 69/UDP
  • opsi: 4447/TCP and 4441/TCP

Assuming all of the previous steps were completed successfully we can assume that the network is properly configured.
Next continue with Section 5.2, “Update and Configuration of the opsi-server”.

Warning

The unix commands used in the following chapters are based on Debian systems. You may have to adapt them to match your CentOS- /RHEL system.

5.2. Update and Configuration of the opsi-server

In this chapter, the installed opsi-server is configured.

5.2.1. Proxy Entry in apt-configuration File

If necessary please adapt the file /etc/apt/apt.conf to your network configuration (enter the correct proxy or comment/delete unnecessary lines). You can edit your file with a program like midnight commander:

mcedit /etc/apt/apt.conf

5.2.2. Update of the opsi-server

Bring the opsi-server up to date by executing the following commands one after the other in a terminal window:

apt update
apt upgrade

Tip

If you are asked during the update whether the smb.conf should be overwritten, you have to confirm this. If the smb.conf has already been changed, you should keep the default and compare the files later. If this question has already been answered with no, you can do this later on the opsi-server by running opsi-setup --auto-configure-samba.

5.2.3. Backend Configuration

Opsi supports different backends for data storage.

These are essentially:

  • file - data storage in files
  • mysql - data storage in a MySQL database

Besides these there are some backends for special purposes:

  • opsipxeconfd - the service used for network booting with opsi
  • dhcpd - used for configuring and restarting the dhcp service on the opsi-server
  • jsonrpc - for forwarding all requests to another server

By default the mysql backend is used for inventory data. The usage of the file backend for inventory data is possible but noticeably slower and therefore not recommended.

Note

The use of the mysql backend for inventory data is free and does not require activation.
More information about the activation can be found in the opsi manual.

Note

Some distributions use MariaDB instead of MySQL.
The mysql backend also functions with MariaDB.

Caution

Since MySQL server version 5.7 the previously optional strict mode is enabled by default.
This mode prevents the command opsi-setup --configure-mysql from finishing properly.
To disable the strict mode please edit the file /etc/mysql/mysql.conf.d/mysqld.cnf.
In the [mysqld] section add the following line underneath the section name:
sql_mode=NO_ENGINE_SUBSTITUTION

Now the service mysql has to be restarted: systemctl restart mysql.service

We will now configure the mysql backend. It is assumed that a MySQL server is installed and configured, and that the credentials for a database administrator are known. For specific information on installation and configuration of the database please refer to the manuals of your distribution.

For the initial configuration of the mysql backend use the command:

opsi-setup --configure-mysql

The command will ask for the credentials for database access, to create a database for opsi and to create an user with appropriate rights to access that database.

The following screenshots show examples for the MySQL configuration setup:

Figure 5.10. Dialog opsi-setup --configure-mysql: Input mask

Dialog opsi-setup --configure-mysql: Input mask

Figure 5.11. Output: opsi-setup --configure-mysql: Output

Output: opsi-setup --configure-mysql: Output

You may accept the defaults for all questions except the Database Admin Password. The Database Admin Password is linux123 on the pre-installed opsi-VM, otherwise it is the password you entered during the mysql-server installation.

Different kinds of data may be stored in different types of backends. For some actions (such as method calls) more than one backend is involved. For this purpose, the different opsi method calls are assigned to the backends. This is configured in the file /etc/opsi/backendManager/dispatch.conf.

Here an example:

# = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
# =      backend dispatch configuration                                     =
# = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
#
# This file configures which methods are dispatched to which backends.
# Entries has to follow the form:
# <regular expression to match method name(s)> : <comma separated list of backend name(s)>
#
# Backend names have to match a backend configuration
# file basename <backend name>.conf beneath /etc/opsi/backends.
# For every method executed on backend dispatcher
# the first matching regular expression will be decisive.

# Recommended standard configuration (dhcpd not at the opsi server)
#    file as main backend, mysql as hw/sw invent
#     and license management backend and opsipxeconfd backend:
backend_.*         : file, mysql, opsipxeconfd
host_.*            : file, opsipxeconfd
productOnClient_.* : file, opsipxeconfd
configState_.*     : file, opsipxeconfd
license.*          : mysql
softwareLicense.*  : mysql
audit.*            : mysql
.*                 : file

At the top of this file information and examples are given. In the first column is the name of the opsi method being called (with wildcard .*) and after the colon is the list of backends used by that opsi method. For every called method procedure the first column of this list is checked to determine which backend has to be used. The first line that matches the method name is used. The last line (.*) matches all opsi method calls.

The default configuration after the installation is the usage of the file backend as main backend and the mysql backend for license management and inventory data.

Caution

Make sure that all used backends are listed in the line starting with backend_.*.

Whenever the file dispatch.conf is changed, the following commands should be executed. Even if you have not changed the file during the initial setup execute these commands now.

opsi-setup --init-current-config
opsi-set-rights
systemctl restart opsiconfd.service
systemctl restart opsipxeconfd.service

5.2.4. Set Samba Configuration and Change Passwords

Opsi requires certain samba shares. To ensure that they are available please enter the following command:

opsi-setup --auto-configure-samba

Please restart the samba services using the following commands:

systemctl restart smbd.service
systemctl restart nmbd.service

Tip

If the server is updated and it asks if the file smb.conf should be overwritten, you have to confirm this.
If the smb.conf has been customised before, you should keep the default and merge the files later.
If this question has already been answered with no, you can repeat this later on the opsi-server by running opsi-setup --auto-configure-samba.

A pcpatch pseudo-user is created on the system. Clients login with this user to install software and to get access to the installation files on the samba shares. The user pcpatch must be created with a correct password - simultaneously as a system user, as a samba user and as an opsi user.

In a terminal window the program opsi-admin should be executed, which will set the pcpatch-password (for the opsi, unix and samba user).

opsi-admin -d task setPcpatchPassword

After executing the command you are asked to enter the password.

5.2.5. Create users and configure the groups opsiadmin and opsifileadmins

Administrative control of opsi is only allowed for members of the UNIX-group opsiadmin.

In the following example, we create the user adminuser.

Firstly we create the user:

useradd -m -s /bin/bash adminuser

We then set the unix password:

passwd adminuser

and now the samba password:

smbpasswd -a adminuser

Caution

Do not use the character § in the passwords, because this character is not permitted when connecting to the opsi service.

Now we create and test the group membership with these commands:

usermod -aG opsiadmin adminuser
getent group opsiadmin

The getent command should show a result like this:

opsiadmin:x:1001:opsiconfd,adminuser

Note

When root is not a member of the opsiadmin, then root will not be able to use all administrative opsi commands!

To perform everyday tasks on your opsi server, it is usually not necessary to be logged in as root. Our recommendation is to use a normal user and use the sudo command whenever administrative privileges are required.

All users who build opsi packages (opsi-makepackage), install opsi packages (opsi-package-manager), or manually edit the configuration files also have to be members of the group opsifileadmins :

usermod -aG opsifileadmins adminuser

Test the results by entering:

getent group opsifileadmins

The result should look like
opsifileadmins:x:998:adminuser

To make sudo opsi-set-rights available for users of the group pcpatch, please execute:

opsi-setup --patch-sudoers-file

Afterwards opsi-set-rights, which does the same as opsi-setup --set-rights, can be executed not only as root, but also with sudo by members of the group opsi-file-admins:

Example:

sudo opsi-set-rights .

5.2.6. DHCP Configuration

A correctly working name resolution and DHCP are essential for the correctly functioning of opsi. To simplify the setup the opsi-server VM is supplied with a working DHCP server. On the other hand, in many environments there often already exists a DHCP server, which will be used with opsi. Both alternatives are described below.

Using a DHCP Server at the opsi-server

Using the opsi-Server VM: The preconfigured opsi VM already has a DHCP server installed.
The DHCP server on the opsi-server VM is configured with no free leases, so no unknown clients will get an IP address from this DHCP server.
If you create a client on the opsi-server using opsi-configed, you must supply the IP address and MAC address of the client. This will be entered into /etc/dhcp/dhcpd.conf and the DHCP service will be restarted.

Your own installation: If you want to use the opsi server as a DHCP server, you have to install the corresponding DHCP server package.

e.g.

apt install isc-dhcp-server

After the installation the dhcp configuration file has to be adjusted. This is done by the following command:

opsi-setup --auto-configure-dhcpd

To restart the DHCP server, as described in /etc/opsi/backends/dhcpd.conf, an entry in /etc/sudoers is required. This is created using the command:

opsi-setup --patch-sudoers-file

The permissions for the dhcpd configuration file should look similar to this:

-rw-r--r-- 1 opsiconfd opsiadmin 80174 Dec 22 14:37 /etc/dhcp/dhcpd.conf

Using an External DHCP Server

Using the opsi-Server VM: If you use an external DHCP server, then you can uninstall the DHCP server on the opsi-server.

This is done by entering this command:

apt remove isc-dhcp-server

Your own installation: Since opsi 4.0.3 a DHCP server will not be installed automatically in this situation.

You have to configure the external DHCP server, so a PXE boot from the opsi-server is possible. If your external DHCP runs on Linux, then you need the following entries for the clients in the DHCP daemon configuration file (i.e. etc/dhcp/dhcpd.conf):

next-server <ip of opsi-server>;
filename "linux/pxelinux.0";

Replace <ip of opsi-server> with the IP address of your opsi-server.

If the opsi server runs on openSUSE or SLES, then filename=opsi/pxelinux.0.
If the opsi server runs on UCS, then filename=pxelinux.0.

If you are using a Windows DHCP server, then the corresponding entries are bootserver (Option 66) and bootfile (Option 67).

If you create a client on the opsi-server, then you only have to supply the MAC-address, but not the IP address.

Checking the Backend Configuration for DHCP Entries

Regardless of whether or not you use an external DHCP server, the configuration of the opsi-server must be changed.

The file /etc/opsi/backendManager/dispatch.conf defines which backends are used (i.e. file, mysql).

The lines with the backend_.* and host_.* entries configure whether or not the opsi-server should work with the local DHCP configuration. If you are using the DHCP server on the opsi-server, then the backend dhcpd has to be added here. The corresponding entry with file backend must then look like this:

backend_.*         : file, opsipxeconfd, dhcpd
host_.*            : file, opsipxeconfd, dhcpd

If the local DHCP service on the opsi-server isn’t used (because another server in the local network performs this task, and is also used for the opsi-clients), then the backend dhcpd is not required:

backend_.*         : file, opsipxeconfd
host_.*            : file, opsipxeconfd

After editing the backend configuration, the configuration has to be initialised and the opsiconfd service has to be restarted:

opsi-setup --init-current-config
opsi-set-rights
systemctl restart opsiconfd.service
systemctl restart opsipxeconfd.service

5.2.7. Configuration of the name resolution

To install software on the clients before login, generally only the clients have to know how to contact the opsi-server.

However, opsi also has a number of push features such as on_demand events, sending messages, starting remote control software, and retrieving session information.

For all these functions the server must be able to reach the client and therefore needs to determine the IP address of the client. How this works best depends on the specific configuration of DNS and DHCP. There are a large number of possible configurations.

Therefore we show two typical extremes:

  1. The clients are not known by the DNS, and they have dynamically assigned frequently changing IP addresses.
  2. The DNS always provides the correct IP address of a client.

To adapt the opsi server to different situations, you may change the following parameters:

  • The entry resolveHostAddress in the file /etc/opsi/backends/hostcontrol.conf
    If this option is set to True, when connecting from the opsi-server to an opsi-client, the IP address of the client is first determined via the name resolution. To give preference to the IP address stored in the opsi backend, the option must be set to False.
  • The entry update ip in the file /etc/opsi/opsiconfd.conf
    If this entry is set to yes, whenever the opsi-server receives an IP address from a client (e.g. on every connection the client makes) the IP address stored in the backend will be updated. The default is yes.

For the first variant, then you should probably set resolveHostAddress to False and update ip to yes.

FOr the second variant, then the best configuration is to set resolveHostAddress to True and update ip to no.

You should decide for yourself which combination fits your situation best.

If you changed anything in these files, then you should restart the opsiconfd:

systemctl restart opsiconfd.service

5.3. Importing the minimal opsi products

For deploying software with opsi ready-made packages are available. One of these contains the agent (opsi-client-agent), which must be installed on the clients to enable management.

It is possible to install the packages in automated or manual fashion. The automated way is recommended.

5.3.1. Automatic import of the minimal opsi products

For the automatic installation of opsi products the opsi-package-updater tool is available, which as configured as in /etc/opsi/opsi-package-updater.conf, automatically fetches the current packages from the opsi repository and installs them on the server.

opsi-package-updater -v install

If a proxy is needed to access the internet, this may be entered in the .repo configuration files in /etc/opsi/package-updater.repos.d/ as the value for proxy. Since opsi-utils version 4.1.1.33 a global proxy can be configured in /etc/opsi/opsi-package-updater.conf.

[repository_uib_windows]
...
proxy =

To later update the installed packages, this can be done with the following command:

opsi-package-updater -v update

More information on opsi-package-updater can be found in the manual.

Note

Please note that OS installation products like win10-x64, are not immediately ready for use after installation. The installation has to be supplemented by the installation files from the corresponding installation media (i.e. DVD, see Section 9.1, “OS-Installation: Complete the Base Package for Windows”).

5.3.2. Manual import of opsi products

There is also the option of manually downloading and installing the packages.

Download the current opsi packages in the .opsi package format. The packages can be found at https://download.uib.de/opsi4.2/stable/packages/windows in the directories netboot/, localboot/ and for Linux-clients also in https://download.uib.de/opsi4.2/stable/packages/linux.

We recommend to save these .opsi-files in /var/lib/opsi/repository. To make sure opsiconfd is allowed to access these files run opsi-set-rights /var/lib/opsi/repository.

After the download you have to install the packages on your server with the command opsi-package-manager -i <packagename>.opsi. If the packages are stored under /var/lib/opsi/repository, the following command can be used for the initial installation:

opsi-package-manager --install /var/lib/opsi/repository/*.opsi

Chapter 6. Management interface opsi-configed

Opsi offers with the opsi-configed a comfortable management interface. It communicates via HTTPS with the opsi server and can therefore be used on any computer that can establish a corresponding connection.

Tip

When using a virtual machine, make sure that the virtual screen has a large enough resolution. For opsi-configed a minimum resolution of 1024x768 pixels is required. To improve the graphics and mouse driver integration at a higher resolution, it is helpful to install the VMware Tools on a VMware machine or the virtual guest additions on a VirtualBox machine.

6.1. Installation of the management interface opsi-configed

The management interface is installed as a local application on the administration PCs. In your web browser, go to the address https://<opsidepotserver>:4447/. There you will find links to installers for different operating systems.

Alternatively, you can find corresponding installers under https://download.uib.de/opsi4.2/misc/helper/.

Important

The Windows installer must be executed with administrative rights. To do this, right click to open the context menu of the installer and then select Run as administrator.

Once one PC is equipped with the management interface, further PCs can have easily have the interface Section 8.1, “Deploying opsi standard products: opsi-configed” installed with the localboot product opsi-configed, as long as the opsi agent is already installed on the PC.

6.2. Start of the management interface opsi-configed

Start opsi-configed via the shortcut in your Start menu.

Log in as a user who is a member of the group opsiadmin.

The operation of the management interface is pretty much self explanatory. You will find detailed instructions in the opsi manual.

Note

Changes in the opsi management interface must be saved before they take effect and changes in the data must be retrieved from the server via the Reload data button.

Chapter 7. Adding clients to opsi

To be able to manage computers with opsi, they must be known to the opsi system. In addition, an agent must be running on these computers so that communication between the server and client is possible. No management is possible without this client agent.

Depending on the environment in which opsi is to be used, there are different procedures. If there are already clients in the environment with an installed operating system that are to be managed with opsi, they can be integrated in different ways.

The alternative to this is that the computers to be managed by opsi are equipped with a new operating system. As part of the installation of the operating system, the required agent is also installed by opsi. However, any previously installed software (including the operating system) will be removed. To use this procedure you first add a client to opsi and then perform an OS installation.

7.1. Creation of a new opsi client

To manage computers, they must be known to the opsi-server. This chapter describes different ways to create a client in opsi for later management. This is particularly helpful if you want to install an operating system on your computer using opsi.

For the integration of clients with an already installed operating system, please read the chapter integration of existing Clients.

7.1.1. Creating a new opsi client via the graphical management interface

A client can be added to the opsi-server through the opsi-configed graphical user interface.

From the menu, choose OpsiClient / Create new opsi client and enter:

  • Client name
  • DNS domain (if different from the default)
  • Client description
  • IP address (required if DNS can not be used resolve the address of the client)
  • MAC address (required if the opsi-server is the DHCP server or if you want to use PXE boot with this client)

After completing the input, the client will be created on the opsi-server, and if the opsi-server is also the DHCP server, the client will also be created in the DHCP configuration, as a PXE client.

The list of configured opsi clients can be viewed at any time in the opsi-configed mode "Client configuration" under the clients tab.

7.1.2. Creating a new opsi client via the command line

A client can added through the command line using the tool opsi-admin.

The syntax is the following:

opsi-admin -d method host_createOpsiClient <client-id> [opsiHostKey] [description] [notes] [hardwareAddress] [ipAddress] [inventoryNumber] [oneTimePassword] [created] [lastSeen]

Missing values usually use a default value - most fields are then empty.

The following command will create the client testclient.domain.local with a random host key, the description Testclient, no notes, the MAC address of 00:0c:29:12:34:56 and the IP address 192.0.2.1:

opsi-admin -d method host_createOpsiClient testclient.domain.local "null" "Testclient" "" 00:0c:29:12:34:56 192.0.2.1

7.1.3. Creating a new opsi client using the opsi-client-bootcd

On the download page of uib you will find various ISO images of the opsi-client-boot-cd at https://download.uib.de/opsi4.2/boot-cd/. Download the latest and burn it to a CD.

Start the computer from the CD. You then should see the following screen:

Figure 7.1. Start image opsi-client-boot-cd

Screenshot: Start image opsi-client-boot-cd

Choose Start opsi (English). After a while, the following screen will appear. If your DHCP server assigns IP addresses to unknown DHCP clients, then most fields will already have valid values. Otherwise you have to complete the missing data by hand. You must at least give the hostname.

Figure 7.2. bootimage/boot-cd configuration screen

Screenshot: bootimage/boot-cd configuration screen

Then choose OK.

Figure 7.3. bootimage/boot-cd: Choose how to create Client

Screenshot: bootimage/boot-cd: Choose how to create Client

Then choose Admin account. This tells the client to register itself at the opsi-server using provided credentials.

Figure 7.4. bootimage / boot-cd: Authenticate as member of opsiadmin group

Screenshot: bootimage / boot-cd: Authenticate as member of opsiadmin group

Now you will get a login window, where you must authenticate yourself as a member of the opsiadmin group. If this was successful, then the client sends its data to the server, at which point the client will be created at the server. In the next step, the client asks the server for the list of available netboot products, and makes them available for you to choose from.

Figure 7.5. bootimage/boot-cd: netboot product list

Screenshot: bootimage/boot-cd: netboot product list

Now you may choose the operating system that you would like to install (or e.g. hwinvent).

7.2. Integration of existing Windows clients

To include existing Windows clients in opsi, the opsi-client-agent must be installed on them. This can be realised in several ways. After you have installed the opsi-client-agent as described below, the client will also appear in the client list of opsi-configed, unless you have already added the client there.

Basically there is the possibility to install the agent on the client or to start the installation from the server.

Executing the installation directly on the client is suitable for individual computers. For a mass rollout of the agent, have a look at opsi-deploy-client-agent. If there is already another way to distribute software available, then it is also possible to distribute the opsi-client-agent through it and execute the script silent_setup.cmd included in the package.

Once the agent is installed, available opsi products can be installed on these clients.

7.2.1. Using service_setup.cmd on Windows NT6

  1. Logon to the Windows client with administrative privileges.
  2. Mount the share \\<opsiserver>\opsi_depot on a drive letter.
  3. On the drive from the previous step, start the script opsi-client-agent\service_setup.cmd
    Do not start the script elevated (via right mouse click: as Administrator) because an elevated script has no access to the network share.
  4. The script copies the needed files to a temporary local directory and starts from there the opsi-script (winst32.exe) elevated in order to do the installation. This may cause an UAC Message at this point.
  5. The script connects to the server via the opsi webservice in order to create the client on the serverside and to retrieve the pckey. This is tried first with the user and password provided in config.ini. If the connection fails, a login window will appear, with the Service-URL (opsi-config-server), and user and password. The user required here needs to be a member of the group opsiadmin. It is also possible to use a user which only has rights to call the method host_createOpsiClient.

Caution

After installation the client reboots without notice.

7.2.2. Using service_setup_NT5.cmd on Windows NT5

  1. Logon to the Windows client with administrative privileges.
  2. Mount the share \\<opsiserver>\opsi_depot on a drive letter.
  3. On the drive from the previous step, start the script opsi-client-agent\service_setup_NT5.cmd
  4. The script copies the needed files to a temporary local directory and starts from there the opsi-script (winst32.exe) in order to do the installation.
  5. The script connects to the server via the opsi webservice in order to create the client on the serverside and to retrieve the pckey. This is tried first with the user and password provided in config.ini. If the connection fails, a login window will appear, with the Service-URL (opsi-config-server), and user and password. The user required here needs to be a member of the group opsiadmin.

Warning

After installation the client reboots without notice.

7.2.3. Using opsi-deploy-client-agent

The opsi-deploy-client-agent script installs the opsi-client-agent directly from the opsi-server on the clients. This makes it easy to integrate a large number of clients from a server into an opsi environment.

Requirements for the clients are:

  • an open C$ share
  • an open admin$ share
  • an administrative account
  • winexe must not be blocked by an antivirus program.

The program winexe must be available on the server. This is part of the opsi-windows-support package.

The opsi-deploy-client-agent script can be found at /var/lib/opsi/depot/opsi-client-agent
Execute the script with root privileges. If the script is not executable, you can solve this issue by executing the following command:
opsi-set-rights /var/lib/opsi/depot/opsi-client-agent/opsi-deploy-client-agent.

The script creates the client on the server, then copies the installation files and the configuration information, including the pckey, to the client. After copying the necessary information, opsi-deploy-client-agent starts the installation on the client.

There are two ways to copy the installation files. The first method will use the mount-command on the server to mount the C$ share of the client, and copy the files to the share for installation. The second variant will use smbclient-command on the server for mounting C$ share of the client, and copy the files to the share for installation.

With the opsi-deploy-client-agent script you can also install to a list of clients. To do this, either any number of clients can be passed as the last parameter or the clients can be read from a file using the -f option. When using a file, there must be a client on every line.

The script can work with IP addresses, hostnames or FQDNs. It will try to automatically detect what type of address it is processing.

Possible parameters can be found by using --help:

bonifax:/home/uib/oertel# cd /var/lib/opsi/depot/opsi-client-agent
bonifax:/var/lib/opsi/depot/opsi-linux-client-agent# ./opsi-deploy-client-agent --help

usage: opsi-deploy-client-agent [-h] [--version] [--verbose]
                                [--debug-file DEBUGFILE] [--username USERNAME]
                                [--password PASSWORD]
                                [--use-fqdn | --use-hostname | --use-ip-address]
                                [--ignore-failed-ping]
                                [--reboot | --shutdown | --start-opsiclientd | --no-start-opsiclientd]
                                [--hosts-from-file HOSTFILE]
                                [--skip-existing-clients]
                                [--threads MAXTHREADS] [--depot DEPOT]
                                [--group GROUP] [--smbclient | --mount]
                                [--keep-client-on-failure | --remove-client-on-failure]
                                [host [host ...]]

Deploy opsi client agent to the specified clients. The c$ and admin$ must be
accessible on every client. Simple File Sharing (Folder Options) should be
disabled on the Windows machine.

positional arguments:
  host                  The hosts to deploy the opsi-client-agent to.

optional arguments:
  -h, --help            show this help message and exit
  --version, -V         show program's version number and exit
  --verbose, -v         increase verbosity (can be used multiple times)
  --debug-file DEBUGFILE
                        Write debug output to given file.
  --username USERNAME, -u USERNAME
                        username for authentication (default: Administrator).
                        Example for a domain account: -u
                        "<DOMAIN>\\<username>"
  --password PASSWORD, -p PASSWORD
                        password for authentication
  --use-fqdn, -c        Use FQDN to connect to client.
  --use-hostname        Use hostname to connect to client.
  --use-ip-address      Use IP address to connect to client.
  --ignore-failed-ping, -x
                        try installation even if ping fails
  --reboot, -r          reboot computer after installation
  --shutdown, -s        shutdown computer after installation
  --start-opsiclientd, -o
                        Start opsiclientd service after installation
                        (default).
  --no-start-opsiclientd
                        Do not start opsiclientd service after installation.
  --hosts-from-file HOSTFILE, -f HOSTFILE
                        File containing addresses of hosts (one per line).If
                        there is a space followed by text after the address
                        this will be used as client description for new
                        clients.
  --skip-existing-clients, -S
                        skip known opsi clients
  --threads MAXTHREADS, -t MAXTHREADS
                        number of concurrent deployment threads
  --depot DEPOT         Assign new clients to the given depot.
  --group GROUP         Assign fresh clients to an already existing group.
  --smbclient           Mount the client's C$-share via smbclient.
  --mount               Mount the client's C$-share via normal mount on the
                        server for copying the files. This imitates the
                        behaviour of the 'old' script.
  --keep-client-on-failure
                        If the client was created in opsi through this script
                        it will not be removed in case of failure. (DEFAULT)
  --remove-client-on-failure
                        If the client was created in opsi through this script
                        it will be removed in case of failure.

Chapter 8. Rollout existing products

For the rollout of software on clients the opsi-client-agent must be installed. This can be deployed on existing computers. If an operating system is installed via opsi, the opsi-client-agent will be installed automatically.

Afterwards the management interface opsi-configed is used to distribute software to clients.

8.1. Deploying opsi standard products: opsi-configed

One of the opsi standard products is the product opsi-configed, which installs the opsi Management Interface. This Application is a Java application, therefore a Java Runtime Engine is bundled with the product.

Using opsi-configed, in the mode Configuration of clients, choose the appropriate client in the tab Clients.

If you have not already done so, update the data of opsi-configed by using File / Reload all data or click the reload icon.

Switch to the tab Product configuration, look for the line with the product opsi-configed. Click in the column Requested Action, and select the action setup.

The check mark in the icon menu bar should change its color to red. If you click on it, the new settings will be transmitted to the opsi-server, afterwards its color will be green again.

Reboot the client. The opsi-client-agent should start and install the product opsi-configed. After the installation you can find opsi-configed in the start menu.

8.2. Hard- and Software Inventory with the localboot products hwaudit and swaudit

Using opsi-configed, in the mode Configuration of clients, choose the appropriate client in the tab Clients.

If you have not already done so, update the data of opsi-configed by using File / Reload all data or click the reload icon.

Switch to the tab Product configuration, look for the line with the product hwaudit. Click in the column Requested Action, and select the action setup. Repeat this for the product swaudit.

The check mark in the icon menu bar should change its color to red. If you click on it, the new settings will be transmitted to the opsi-server, afterwards its color will be green again.

Reboot the client. The opsi-client-agent should start and install the products hwaudit and swaudit. With hwaudit and swaudit, hardware and software information is collected and transmitted to the opsi-server. The collected data is displayed under the Hardware information or Software inventory tabs.

8.3. Hardware Inventory with the netboot product hwinvent

If the product hwinvent is installed on your opsi server and you have added a client Section 7.1, “Creation of a new opsi client” which is configured to boot over the network, you can do something else useful: Hardware inventory when there is no operating system installed.

Using opsi-configed, in the mode Configuration of clients, choose the appropriate client in the tab Clients. If you have not already done so, update the data of opsi-configed by using File / Reload all data or click the reload icon. Switch to the tab Netboot products, look for the line with the product hwinvent. Click in the column Requested Action, and select the action setup. The check mark in the icon menu bar should change its color to red. If you click on it, the new settings will be transmitted to the opsi-server, afterwards its color will be green again.

Then reboot the client. It should now pull a Linux image over the network (via PXE), to scan the hardware of the PC and then reboot it. If the computer was not otherwise already set up, afterwards the message appears that no operating system is installed on the disk.

The results of the hardware scan have been transmitted to the opsi-server. The results can be viewed under the Hardware information tab.

Note

In case the screen remains black after booting the bootimage or if the network card does not work (correctly), the start parameters of the bootimage may have to be adjusted for this specific hardware.
This can be achieved using opsi-configed in the Host parameters tab by editing the entry opsi-linux-bootimage.append.
More information can be found in the opsi manual, in the chapter netboot products.

Chapter 9. Installation of a new Windows PC with opsi (OS Installation)

The following describes how a computer with no operating system can get a Windows OS installed with opsi.

Suitable clients are real or virtual computers with at least 2048 MB RAM and a network card with network boot support: This means that they support the PXE protocol for booting systems via the network. The network boot has to be activated in the BIOS menu or moved to the first position of the bootorder options.

Virtual hardware is usually well supported by the Windows standard drivers, which can be tried if perform a test installation of Windows. To install Windows on newer real-world machines, you may need to integrate additional drivers first. For an initial test, you can use a VMware Appliance that contains an empty machine and can run in VMware Workstation Player.

For the following chapter you should create a corresponding client in opsi Section 7.1, “Creation of a new opsi client”. This can be done easily through opsi-configed.

Note

Some tools useful for deploying Windows with opsi are installed through the opsi-windows-support package.

9.1. OS-Installation: Complete the Base Package for Windows

The opsi win-OS-packages contain only the files that are necessary to perform our automated OS installation, but not the operating system software itself.

For an automatic installation of a Windows operating system, you have to copy your existing original Windows installation files (and if necessary, store the Windows license key on the server).

9.2. NT6 family: Win7 / 2008R2 and up

In order to perform an OS Installation, a so-called WinPE is being used as a Live OS. You can create it using an opsi package (opsi-winpe), or manually if you so desire. Generally speaking, the Windows version of the PE is independent of the Windows OS version being installed. Above all, the availability of drivers for disk- and network devices is important. Microsoft recommends a 32-Bit PE for 32-bit installations, and a 64-Bit PE for 64-bit installations.

"To install a 64-bit version of Windows you must use a 64-bit version of Windows PE. Likewise, to install a 32-bit version of Windows, you must use a 32-bit version of Windows PE."
https://technet.microsoft.com/en-us/library/cc766093.aspx

Iny any case you will need an "Assessment and Deployment Kit" (ADK, Windows 8.1 or 10), or its predecessor "Windows Automated Installation Kit" (Windows AIK; until Windows 7), which you install on a supported (preferably 64-bit) Windows OS:

Install the Windows PE Add-On for ADK (if possible on a 64-bit machine) in the suggested path under Program Files (x86). Select only the "Windows Pre-Installation Environment (Windows PE)"; Dependencies are automatically selected.

This site provides you with an ISO file, which may then be burned to a CD or mounted, and then installed.

9.2.1. Creating a PE

The simplest method requires a computer that has opsi-client-agent installed, as well as the Windows ADK (Win8.1, Win10). The manual method is described below in the section called “Manual PE creation for Windows 10 & Windows 8 (ADK)”.

Automated PE creation using opsi

  • Using opsi-configed set the localboot-product opsi-winpe to once for the client you intend to use, if desired adjust the product property to x86 instead of x64 at the lower right side, and save (right click > save).
  • If the opsi-product opsi-winpe is missing, install it onto your opsi-server with the command opsi-package-updater -v install opsi-winpe.
  • Launch an installation event for the client (right click > on-demand, or reboot).
  • After a successful completion of this action, move or copy the contents of the now existing folder on your client C:\winpe_<ARCH>\media\ into the pre-existing folder within the OS folder you want to install: \\opsiserver\opsi_depot_rw\<operating system>\winpe\
  • Finally run the following command on the console of your opsi server. Finished.
opsi-set-rights

Manual PE creation for Windows 10 & Windows 8 (ADK)

The console commands are very similar in 32- or 64-bit versions, except for the <ARCH> entries. These have to be replaced with either x86 , amd64 or ia64.

Run Start ⇒ "Windows Kits" ⇒ "Windows ADK" ⇒ "Deployment and Imaging Toolkits Environment" from the Start Menu. A command prompt will open which has the required environment variables set.

  • Copy the WinPE
copype.cmd <ARCH> C:\winpe
  • Mount the Image
dism /Mount-Wim /WimFile:C:\winpe\media\sources\boot.wim /index:1 /MountDir:c:\winpe\mount
  • replace startnet.cmd
echo c:\opsi\startnet.cmd > "C:\winpe\mount\Windows\System32\startnet.cmd"

(Note: The file c:\opsi\startnet.cmd will be created by the opsi linux bootimage after the script setup.py is executed. The startnet.cmd contains the call to wpeinit.)

  • Unmount the Image
dism /Unmount-Wim /MountDir:c:\winpe\mount /Commit
  • Copy the contents of C:\winpe\ISO to /var/lib/opsi/depot/<productid>/winpe .
    Adjust the access rights by entering:
opsi-set-rights /var/lib/opsi/depot/<productid>/winpe

Manual PE creation for Windows 7 (WAIK)

The console commands are very similar in 32- or 64-bit versions, except for the <ARCH> entries. These have to be replaced with either x86 , amd64 or ia64.

Start a command prompt as Administrator with elevated rights (Start ⇒ Programs ⇒ Accessories ⇒ right click on "Command Prompt" ⇒ "Run as" ⇒ Administrator).

  • Copy the WinPE
"%ProgramFiles%\Windows AIK\Tools\PETools\copype.cmd" <ARCH> C:\winpe
  • Mount Image:
"%ProgramFiles%\Windows AIK\Tools\<ARCH>\imagex.exe" /mountrw "C:\winpe\winpe.wim" 1 "C:\winpe\mount"
  • replace startnet.cmd
echo c:\opsi\startnet.cmd > "C:\winpe\mount\Windows\System32\startnet.cmd"

(Note: The file c:\opsi\startnet.cmd will be created by the opsi linux bootimage after the script setup.py is executed. The startnet.cmd contains the call to wpeinit.)

  • Unmount the Image
"%ProgramFiles%\Windows AIK\Tools\<ARCH>\imagex.exe" /commit /unmount "C:\winpe\mount"
  • Move the WinPE now (From this target dir more files will be moved to the server).
move "C:\winpe\winpe.wim" "C:\winpe\ISO\sources\boot.wim"
  • Copy the contents of C:\winpe\media to /var/lib/opsi/depot/<productid>/winpe.
    Adjust the access rights by entering:
opsi-set-rights /var/lib/opsi/depot/<productid>/winpe

9.2.2. Extending a PE

In some cases it is useful to extend a PE. Especially when using Dell-Hardware. Dell provides special network and storage drivers specially recommended for use in a PE. These instructions only work with Windows 7. (Windows Vista does not inherit the needed DISM- Deployment Image Servicing and Management.) These instructions assume that you have already completed the previous chapter and have created a PE.

Note

The Windows Automated Installation Kit is not needed for following instructions.

The first step is to download Dell-PE-drivers from the Dell-Website. For Windows 7, you will need the WINPE 3.0 Drivers from Dell. The downloaded CAB-File must be extracted to the local disk. This can be done with 7-zip or the command-line-tool Expand.exe. For simplicity, we recommend creating a directory called "dell-driver" on the local disk, and then extracting the CAB-File into this directory.

  • First dism is used to scan the image, in order to determine the required index number. Start a command prompt as administrator (Start ⇒ Programs ⇒ Accessories ⇒ right click on "Command Prompt" ⇒ "Run as" ⇒ (Administrator) and run the following command:
dism /Get-WimInfo /WimFile:C:\winpe\ISO\sources\boot.wim

In the output of this command, you can see which images are included in the image file. Normally a PE-image is a one-image-file, so you can generally use the index 1, but it is better to check first.

  • The next command mounts the image for modification:
dism /Mount-Wim /WimFile:C:\winpe\ISO\sources\boot.wim /index:1 /MountDir:c:\winpe\mount
  • To integrate the extracted drivers into the mounted image, you need to execute this command:
dism /Image:C:\winpe\mount /Add-Driver /Driver:c:\dell-driver\winpe\x64 /Recurse

If the architecture is 32-bit, the x64 must be replaced with x86. The Driver-CAB from Dell contains the drivers for both architectures.

Note

If only one driver has to be integrated, then leave out the option /Recurse, and point directly to the driver-inf-File instead of the driver-directory. Furthermore, with the option /ForceUnsigned it is possible to integrate unsigned drivers to the image.

  • Finally the image is unmounted, and the changes are committed:
dism /Unmount-Wim /MountDir:c:\winpe\mount /Commit
  • Copy the contents of C:\winpe\ISO to /var/lib/opsi/depot/<productid>/winpe.
    Adjust the access rights by entering:
opsi-set-rights /var/lib/opsi/depot/<productid>/winpe

9.2.3. unattend.xml

The control file for the unattended installation is the XML file unattend.xml, which you can find under /var/lib/opsi/depot/win7/custom. Any modifications to this file should be made in this directory and not in the opsi directory.

The file unattend.xml that comes with the opsi package, contains references to the netboot productproperties, which among other things is responsible for activating the Administrator account with the password nt123.

Documentation for unattend.xml can be found in the directory C:\Program Files\Windows\Waik\docs\chms, after installing the WAIK.

9.2.4. Driver Integration

The driver integration proceeds as described here: Section 9.6, “Simplified Driver Integration during the unattended Windows Installation”.

9.2.5. Providing the Installation Files

Copy the complete installation DVD to
/var/lib/opsi/depot/<productid>/installfiles And adjust the rights and ownership:

opsi-set-rights /var/lib/opsi/depot/<productid>/installfiles

9.2.6. Installation Log files

  • c:\Windows\Panther\setupact.log:
    Log until the end of setup phase 4 (running under WinPE)
  • c:\Windows\Panther\setupact.err:
    Error log until the end of setup phase 4 (running under WinPE)
  • c:\Windows\Panther\UnattendGC\setupact.log:
    Log from the specialize phase
  • c:\Windows\Panther\UnattendGC\setupact.err:
    Error log from the specialize phase
  • c:\Windows\System32\Winevt\Logs\*
  • c:\Windows\ntbtlog.txt (only when startup logging is activated)

9.3. Windows Product Key

If you have the opsi license management module, you can manage the Windows product keys using the license management module. Read the license management manual or the corresponding chapter in the opsi manual.

If you do not have the license management module, or do not want to use it, proceed as follows.

If you have already set up opsi clients, you can enter a Windows product key per client in the opsi configuration editor:

  • select a client
  • switch to the netboot products tab
  • select the product (e.g. win10-x64)
  • change the product property productkey in the lower right corner
  • enter the key in the value field
  • save by clicking on the "red tick" and leave the field
  • save the changes in the backend ("red tick" at the top right).

Or you can assign a default for the Windows product key for the complete opsi depot, which can also be done via the opsi configuration editor:

  • Select the depot properties in the configuration editor (tile top right)
  • Switch to the Product Default Properties tab
  • select the product (e.g. win10-x64)
  • Go to the property line productkey in the switch list on the right
  • Enter the key in the value field and add it by clicking on "+"
  • save by clicking on the "red tick" and leave the field
  • save the changes in the backend ("red tick" at the top right).

9.4. Start the Windows Installation

To start a Windows installation, select the relevant client in opsi-configed, set in the Netboot products tab the action to setup for the desired operating system (e.g. win10-x64). Click on the red checkmark (which turns green again).

The client should now load the opsi-linux-bootimage via the network when booting, where you have to confirm the new OS installation again. Then everything should continue automatically until the logon prompt of the installed Windows is finally on the screen.

Note

If the screen remains black after loading the boot image or the network card does not work correctly, the start parameters of the boot image may have to be adjusted for this specific hardware.
You can do this in opsi-configed in the Host parameters tab at the entry opsi-linux-bootimage.append.
You can find details on this in the opsi manual in the Netboot Products chapter.

Caution

Beware of clients with a hard disk larger than 2 TB. In a non-UEFI system, the maximum partition size is 2 terabytes. If a larger partition is to be created, the installation will fail. This a technical limitiation of the standard partition table. You need to split the hard drive into partitions. You can control this via the product properties. Or you can purchase the UEFI module, which eliminates this technical limitation.

9.5. Structure of the Unattended Installation Products

This chapter applies to the Windows netboot products.

9.5.1. Directory Tree Overview

<productid>-
           |-i386/                              NT5 only: Installation files
           |-installfiles/                      NT6 only: Installation files
           |-winpe/                             NT6 only
           |-opsi/                              scripts and templates by opsi.org
           |  |-$oem$/                                  NT5 only: $oem$ according to Microsoft
           |  |-postinst.d/                             scripts after OS-install by opsi.org
           |  !-unattend.(txt/xml).template             Template by opsi.org
           |-custom/                            scripts and templates by customer
           |  |-$oem$/                                  NT5 only: $oem$ according to Microsoft by customer
           |  |-postinst.d/                             scripts after OS-install by customer
           |  !-unattend.(txt/xml)                      unattend.txt by customer
           |-drivers/                           drivers directory
           |  |-drivers/                        drivers directory
           |  |-pciids/                         symbolic links to drivers
           |  |-vendors/                        symbolic links to drivers
           |  |-classes/                        symbolic links to drivers
           |  |-usbids/                         symbolic links to drivers
           |  |-hdaudioids/                     symbolic links to drivers
           |  |-pci.ids                         PCI-IDs DB
           |  !-usb.ids                         USB-IDs DB
           |-setup.py                           installation script
           |-<productid>_<version>.control      meta data (only for info)
           |-<productid>.files                  file list (created automatically)
           |-create_driver_links.py             driver management script
           !-show_drivers.py                    driver management script

9.5.2. File Descriptions

  • setup.py
    This is the installation script which is executed by the boot image.
  • <productid>_<version>.control
    Contains the metadata of the product as prepared from the package maintainer. These files are here for information purposes only. Changes to this file have no effect on the system.
  • <productid>.files
    This file is created automatically and should not be changed.
  • create_driver_links.py
    show_drivers.py
    These scripts are for driver integration, which is explained in more detail in the chapter Simplified driver integration in the automatic Windows installation.

9.5.3. Directory installfiles / winpe

  • installfiles
    This directory contains all files from the installation CD/DVD.
  • winpe
    Contains a bootable winpe image.

9.5.4. Directories opsi and custom

These two directories contain scripts and configuration files for controlling the operating system installation. During installation, priority is given to files in the custom directories.

The opsi directory contains files that can be overwritten without notice by updates. So no changes to these files should be made. For adjustments, you can make changes in the directory custom, which is preserved during updates.

The subdirectory postinst.d contains scripts which are started via the` postinst.cmd` after the actual installation of the operating system, e.g. to install the opsi-client-agent. The scripts are processed in alphabetical order. To clarify the order of execution, the file names begin with a two-digit number (10_dhcp.cmd). If you want to make extensions here, you can store scripts in the custom/postinst.d directory with starting numbers between decades (13_myscript.cmd). The starting numbers 10, 20, 30,… are reserved for maintenance by opsi.org/uib. The script 99_cleanup.cmd is the final script and ends with a reboot.

9.5.5. Directory drivers

This directory is used for the integration of drivers and is described in the following chapter.

9.6. Simplified Driver Integration during the unattended Windows Installation

When managing a group of PCs that have devices whose drivers are not included in the standard Windows installation, it usually makes sense to integrate these drivers directly into the installation. In the case of network devices, this can sometimes be unavoidable, because a Windows without a network card is not easily accessible for the administrator.

Opsi supports the automatic integration of drivers into the installation, and therefore simplifies driver deployment. The drivers simply need to be placed into the correct directory. By executing a script, the driver directories are searched and a catalog is created, based on which the bootimage can automatically identify and integrate the correct drivers. Standard drivers, USB drivers, HD audio drivers as well as drivers for hard disk controllers (text mode drivers) can be stored and automatically integrated.

In order for the drivers to be installed with the Windows installation, they must be stored in a specific form on the server. Suitable drivers contain a *.inf file that describes the driver for the Windows Setup program. Any drivers in setup.exe, *.zip or packed any other way are not usable. If you have a computer that already has the drivers installed, then you can extract the drivers in the correct format with the program double driver (http://www.boozet.org/dd.htm).

There are multiple levels of driver integration:

  • General driver packages
  • Drivers that are suitable for your hardware but are not specially assigned
  • Drivers that are manually assigned to computers
  • Drivers that are automatically assigned to the computers via the <vendor>/<model> fields of the inventory.

How these different levels can be used is described below:

9.6.1. General Driver Packages

When the hardware configuration across the computers is very heterogeneous, then it can make sense to work with general driver packages.
General drivers can be placed under ./drivers/drivers.

Drivers which are found in ./drivers/drivers/, will be matched to the corresponding hardware using the PCI IDs (or USB- or HD_Audio-IDs) in the description file, and then integrated into the Windows setup if needed.

9.6.2. Drivers that suitable for your hardware but not specially assigned

In case you have to support few different hardware configurations, you can use the drivers provided by the manufacturers.
Additional or tested drivers belong in their own directories (name and depth of the directory structure do not matter) below the directory
./drivers/drivers/preferred.
Drivers located in the directory ./drivers/drivers/preferred are prioritised over the drivers in ./drivers/drivers/ by using the PCI IDs (or USB- or HD_Audio-IDs) in the description file, and then integrated into the Windows setup if needed.
Problems can occur when the same PCI ID can be found in the description file of different drivers in preferred. In this case a direct assignment of the drivers to the client is necessary.

9.6.3. Drivers manually assigned to clients

Additional drivers that are to be installed regardless of their assignment or detection via the PCI- or USB-IDs must be in their own directories (name and depth of the directory structure are irrelevant) below the directory ./drivers/drivers/additional. Via the product property additional_drivers you can assign one or more paths of driver directories within ./drivers/drivers/additional to a client. Directories specified in the additional_drivers product property are searched recursively and all included drivers will be integrated. Symbolic links are also followed. You can use this to create a directory for certain computer types (e.g. dell-optiplex-815).

If a driver for a matching PCI device (or HD audio, USB) is found in the driver directories specified via additional_drivers, then no other driver from drivers/preferred or drivers/ is integrated for this device (additional_drivers can be thought of as super-preferred). This means that additional_drivers has the function of adding drivers that would not be found via normal driver detection.

9.6.4. Drivers automatically assigned to the clients using the inventory fields

The mechanism of direct assignment of drivers to devices described in the previous section can be automated since opsi 4.0.2. The directory ./drivers/drivers/additional/byAudit is searched for a directory name that corresponds to the vendor found during hardware inventory. A search is now made in this vendor directory for a directory name that corresponds to the model found during hardware inventory. If such a directory is found, this directory is treated as if it were manually assigned via the product property additional_drivers. The directory name byAudit is case sensitive. The directory names for Vendor and Model are not case sensitive (Dell and dELL are treated the same way).

Since opsi 4.0.5, the drivers for a opsi-client can be made available via opsi-configed in the Hardware Inventory tab (see: opsi manual "Automatic driver upload").

The opsi-linux-bootimage looks for drivers in the order:

  • <vendor>/<model> (<sku>)
  • if in the previous no match is found <system vendor>/<system model> is checked.
  • if in the previous no match is found <motherboard vendor>/<motherboard model> is checked.

Some manufacturers use model names, which are very unfavourable for this method, because you can not use some special characters such as / in file- or directory names. An example of this would be a model name like: "5000/6000/7000". A directory with this name is not permitted due to the special characters. Since opsi 4.0.3 the following special characters: < > ? " : | \ / * have therefore been replaced internally by a _. With this change you can create the directory for the example as: "5000_6000_7000" and the directory is automatically assigned, although the information in the hardware inventory does not correspond to the directory structure.

9.6.5. Structure of the Driver Directory and Driver Files

/var/
  !-lib/
     !-opsi/depot/
        !-<productid>/
           !-drivers
              |-classes/                (Links to driver device classes)
              |-hdaudioids/             (Links to HD-Audio drivers)
              |-pciids/                 (Links to PCI-ID drivers)
              |-pci.ids                 (PCI database)
              |-usbids/                 (Links to USB-ID drivers)
              |-usb.ids                 (USB database)
              |-vendors/                (Links to manufacturer drivers)
              !-drivers                 (place for general driver packages)
                 |-additional/          (manually assigned drivers)
                    |-byAudit/          Model-specific drivers that
                       |-<vendor>               are assigned by
                          |-<model>              Hardware Inventory
                 |-buildin/             (data for the i386 version)
                 |-preferred/           (certified drivers)
                 |-exclude/             (excluded drivers)
                 !-mydriverpacks/       (example driver packages)

9.6.6. Processing of the Different Levels of Driver Integration

The top priority is to include all drivers that are found using the property additional_drivers or using the inventory data in ./drivers/drivers/additional/byAudit. As part of the integration of drivers, it is checked for which hardware of a device (based on the PCI-, USB-, HD-Audio IDs) a driver has been made available in this way. Only for devices that are not matched by a driver, the following methods are used in order to find a matching driver.

For devices for which a driver has not been assigned via additional_drivers (or byAudit), a suitable driver is searched for and integrated using the PCI ID (or USB-, HD-Audio ID).

Integration of drivers means the following:

  • The driver will be copied to the local hard drive at c:\drv\<num>.
  • The Windows Setup is told in the unattended file to search for matchin drivers in c:\drv\.

9.6.7. Add and check drivers

After adding a driver or any other change in the ./drivers/drivers directory (or below), execute the following command in the root directory of the netboot product directory to set the rights correctly:

opsi-set-rights ./drivers

After storing drivers in the directories ./drivers/drivers or ./drivers/drivers/preferred, then run the script ./create_driver_links.py. The script searches the directories under ./drivers/drivers and generates a list of links that can be used to identify the assignment of the drivers to specific hardware (PCI-IDs, USB-IDs and HD-Audio-IDs). The script will prioritize the drivers in the preferred directories.

The script setup.py of the bootimage examines the hardware of the computer to be installed and identifies the necessary drivers. These are then copied to the hard disk and the unattend.xml will be patched accordingly.

If a hardware inventory is available for a client, you can use the command:

./show_drivers.py <clientname>

This will show which drivers the boot image would choose for installation via PCI-IDs, USB-IDs, HD-Audio-IDs and additional_drivers (or byAudit) and for which hardware no driver is available yet.

Use the output of show_drivers.py to check if the desired drivers will be integrated.

It is possible that driver directories from manufacturers contain drivers for different operating system versions (e.g. Windows 7/8.1/10) or different configurations (SATA / SATA-Raid). This cannot be differentiated automatically. If you suspect that the wrong driver will be used, move this driver to the drivers/exclude directory and then run create_driver_links.py again. Drivers in the directory drivers/exclude are not used during driver integration.

Example output of show_drivers.py for a client:

./show_drivers.py pcdummy

PCI-Devices
   [(Standardsystemgeräte), Standard PCI to PCI bridge]
      No driver - device directory  /var/lib/opsi/depot/<productid>/drivers/pciids/1022/9602 not found
   [ATI Technologies Inc., Rage Fury Pro (Microsoft Corporation)]
      Using build-in windows driver
   [(Standard-IDE-ATA/ATAPI-Controller), Standard-Dual-Channel-PCI-IDE-Controller]
      /var/lib/opsi/depot/<productid>/drivers/drivers/D/M/N/123
   [Realtek Semiconductor Corp., Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC]
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/realtek_gigabit_net_8111_8168b
   [IEEE 1394 OHCI-conform Hostcontroller-Manufacturer, OHCI-conform IEEE 1394-Hostcontroller]
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/197B/2380' not found
   [Advanced Micro Devices, Inc., AMD AHCI Compatible RAID Controller]
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/ati_raid_sb7xx
   [(Standard-USB-Hostcontroller), Standard OpenHCD USB-Hostcontroller]
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/1002/4397' not found
   [ATI Technologies Inc, ATI SMBus]
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/ati_smbus

USB-Devices
   [(Standard-USB-Hostcontroller), USB-Connection device]
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/brother_844x_pGerb
   [Microsoft, USB-Printersupport]
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/brother_844x_pGerb

Additional drivers
   [ati_hdaudio_azalia]
     /var/lib/opsi/depot/<productid>/drivers/drivers/additional/ati_hdaudio_azalia

Example for a client with additional_drivers:

 ./show_drivers.py e5800
Manually selected drivers (additional)
   [hp_e5800]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp52852/Vista64/HDXHPAI3.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp52852/Vista64/HDX861A.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp52852/Vista64/HDXHPAI1.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp52852/Vista64/HDXCPC.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp52852/Vista64/HDXHPAI2.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp50134/autorun.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp50134/ibxHDMI/IntcDAud.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp50134/HDMI/IntcHdmi.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp50134/Graphics/kit24890.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp50134/IIPS/Impcd.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp54284/Realtek 64bit/hp64win7.inf]

PCI-Devices
   [8086:27C8]  Intel : Intel(R) N10/ICH7 Family USB Universal Host Controller - 27C8
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:27DA]  Intel : Intel(R) N10/ICH7 Family SMBus Controller - 27DA
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:27C9]  Intel : Intel(R) N10/ICH7 Family USB Universal Host Controller - 27C9
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:27DF]  Intel : Intel(R) ICH7 Family Ultra ATA Storage Controllers - 27DF
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:27CA]  Intel : Intel(R) N10/ICH7 Family USB Universal Host Controller - 27CA
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:2E30]  Intel : Intel(R) 4 Series Chipset Processor to I/O Controller - 2E30
      /var/lib/opsi/depot/<productid>/drivers/drivers/not_preferred/x64/C/Intel/1
   [8086:27CB]  Intel : Intel(R) N10/ICH7 Family USB Universal Host Controller - 27CB
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:2E32]  Intel Corporation : Intel(R) G41 Express Chipset
      Manually selected [hp_e5800] /var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp50134/Graphics
   [8086:27CC]  Intel : Intel(R) N10/ICH7 Family USB2 Enhanced Host Controller - 27CC
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:244E]  Intel : Intel(R) 82801 PCI Bridge - 244E
      Using build-in windows driver
      This driver will not be integrated, because same device already integrated in: '/var/lib/opsi/depot/<productid>/drivers/drivers/not_preferred/x64/C/Intel/1/dmi_pci.inf'
   [8086:27D0]  Intel : Intel(R) N10/ICH7 Family PCI Express Root Port - 27D0
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:27B8]  Intel : Intel(R) ICH7 Family LPC Interface Controller - 27B8
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:27D2]  Intel : Intel(R) N10/ICH7 Family PCI Express Root Port - 27D2
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:27C0]  Intel : Intel(R) N10/ICH7 Family Serial ATA Storage Controller - 27C0
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/R293337/WIN7
   [8086:27D8]  Microsoft : High Definition Audio-Controller
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/8086/27D8' not found
   [10EC:8136]  Realtek : Realtek RTL8102E/RTL8103E-Familie-PCI-E-Fast-Ethernet-NIC (NDIS 6.20)
      Manually selected [hp_e5800] /var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp54284/Realtek 64bit

USB-Devices
   [0461:0010]  (Standardsystemgeräte) : USB-Eingabegerät
      No driver - vendor directory '/var/lib/opsi/depot/<productid>/drivers/usbids/0461' not found
   [0461:4D20]  (Standardsystemgeräte) : USB-Eingabegerät
      No driver - vendor directory '/var/lib/opsi/depot/<productid>/drivers/usbids/0461' not found
   [058F:6366]  Kompatibles USB-Speichergerät : USB-Massenspeichergerät
      No driver - vendor directory '/var/lib/opsi/depot/<productid>/drivers/usbids/058F' not found
   [0461:0010]  (Standard-USB-Hostcontroller) : USB-Verbundgerät
      No driver - vendor directory '/var/lib/opsi/depot/<productid>/drivers/usbids/0461' not found

HD-Audio-Devices
   [10EC:0662]  Realtek High Definition Audio
      Manually selected [hp_e5800] /var/lib/opsi/depot/<productid>/drivers/drivers/additional/hp_e5800/sp52852/Vista64

Example for a client with byAudit:

 ./show_drivers.py pctry5detlef
Manually selected drivers (additional)
   [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi/pctry5detlef/Display/Radeon X300-X550-X1050 Series Secondary (Microsoft Corporation - WDDM)/atiilhag.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi/pctry5detlef/Display/Radeon X300-X550-X1050 Series (Microsoft Corporation - WDDM)/atiilhag.inf]
      [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi/pctry5detlef/MEDIA/Realtek AC'97 Audio/oem21.inf]

PCI-Devices
   [1002:5B70]  ATI Technologies Inc. : Radeon X300/X550/X1050 Series Secondary (Microsoft Corporation - WDDM)
      Manually selected [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi] /var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi/pctry5detlef/Display/Radeon X300-X550-X1050 Series Secondary (Microsoft Corporation - WDDM)
      Multiple selected [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi] /var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi/pctry5detlef/Display/Radeon X300-X550-X1050 Series (Microsoft Corporation - WDDM)
   [10DE:0053]  (Standard-IDE-ATA/ATAPI-Controller) : Standard-Zweikanal-PCI-IDE-Controller
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/10DE/0053' not found
   [10DE:005D]  (Standardsystemgeräte) : PCI Standard-PCI-zu-PCI-Brücke
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/10DE/005D' not found
   [1022:1100]  AMD : K8 [Athlon64/Opteron] HyperTransport Technology Configuration
      Using build-in windows driver
   [10DE:0054]  (Standard-IDE-ATA/ATAPI-Controller) : Standard-Zweikanal-PCI-IDE-Controller
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/fsc__esprimo_p625/FTS_NVIDIASATAAHCIDRIVERVISTA64V103042MCP78__1026963/NVIDIA_SATA_AHCI_DRIVER_Vista64_V10.3.0.42_MCP78 (textmode capable)
   [1022:1101]  AMD : K8 [Athlon64/Opteron] Address Map
      Using build-in windows driver
   [10DE:0055]  (Standard-IDE-ATA/ATAPI-Controller) : Standard-Zweikanal-PCI-IDE-Controller
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/fsc__esprimo_p625/FTS_NVIDIASATAAHCIDRIVERVISTA64V103042MCP78__1026963/NVIDIA_SATA_AHCI_DRIVER_Vista64_V10.3.0.42_MCP78 (textmode capable)
   [1022:1102]  AMD : K8 [Athlon64/Opteron] DRAM Controller
      Using build-in windows driver
   [10DE:0057]  NVIDIA : CK804 Ethernet Controller
      Using build-in windows driver
   [1022:1103]  AMD : K8 [Athlon64/Opteron] Miscellaneous Control
      Using build-in windows driver
   [10DE:0059]  Realtek : Realtek AC'97 Audio
      Manually selected [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi] /var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi/pctry5detlef/MEDIA/Realtek AC'97 Audio
   [10DE:005E]  NVIDIA : CK804 Memory Controller
      /var/lib/opsi/depot/<productid>/drivers/drivers/preferred/ga-ma78-pcbon4/chipset_win7-64/SMBUS
   [104C:8025]  Texas Instruments : OHCI-konformer Texas Instruments 1394-Hostcontroller
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/104C/8025' not found
   [10DE:005A]  (Standard-USB-Hostcontroller) : Standard OpenHCD USB-Hostcontroller
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/10DE/005A' not found
   [10DE:0050]  (Standardsystemgeräte) : PCI Standard-ISA-Brücke
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/10DE/0050' not found
   [10DE:005B]  (Standard-USB-Hostcontroller) : Standard PCI-zu-USB erweiterter Hostcontroller
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/10DE/005B' not found
   [1002:5B60]  ATI Technologies Inc. : Radeon X300/X550/X1050 Series (Microsoft Corporation - WDDM)
      Manually selected [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi] /var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi/pctry5detlef/Display/Radeon X300-X550-X1050 Series Secondary (Microsoft Corporation - WDDM)
      Multiple selected [/var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi] /var/lib/opsi/depot/<productid>/drivers/drivers/additional/byAudit/nvidia/awrdacpi/pctry5detlef/Display/Radeon X300-X550-X1050 Series (Microsoft Corporation - WDDM)
   [10DE:0052]  NVIDIA : CK804 SMBus
      Using build-in windows driver
   [10DE:005C]  (Standardsystemgeräte) : Standard PCI to PCI bridge
      No driver - device directory '/var/lib/opsi/depot/<productid>/drivers/pciids/10DE/005C' not found

USB-Devices
   [1241:1111]  (Standardsystemgeräte) : USB-Eingabegerät
      No driver - vendor directory '/var/lib/opsi/depot/<productid>/drivers/usbids/1241' not found

HD-Audio-Devices
   No devices installed
TIPS
NDIS 6.0: Windows Vista
NDIS 6.1: Windows Vista SP1, Server 2008, Windows Embedded Compact 7, Windows Embedded Compact 2013
NDIS 6.20: Windows 7, Server 2008 R2
NDIS 6.30: Windows 8, Windows Server 2012
NDIS 6.40: Windows 8.1, Windows Server 2012 R2
NDIS 6.50: Windows 10, version 1507
NDIS 6.60: Windows 10, version 1607 and Windows Server 2016
NDIS 6.70: Windows 10, version 1703
NDIS 6.80: Windows 10, version 1709
NDIS 6.81: Windows 10, version 1803
NDIS 6.82: Windows 10, version 1809 and Windows Server 2019
NDIS 6.83: Windows 10, version 1903
  • Some chipset drivers contain description files, which specify hardware without actually providing drivers. An example would be the cougar.inf or ibexahci.inf from Intel. If such a pseudo driver directory is assigned via additional_drivers (or byAudit), this means that the hardware listed here is excluded from further searches for drivers in the preferred directory.
  • SATA drivers and SATA-RAID drivers refer to the same PCI ID. However, a SATA RAID driver will not function with a single-disk system.
  • Check the output of ./show_drivers.py carefully!

Chapter 10. More Information

The opsi manual contains a wide array of additional information that is important for use in production. If you are using your opsi server in production, we recommend that you familiarize yourself with the opsi-backup tool in order to create a backup of your data.

If you cannot find what you are looking for or need help, please visit the opsi community.

For production installations we recommend professional support by uib with a maintenance and support contract.