wiki:opsi
Last modified 3 years ago Last modified on 01/02/13 15:55:13

opsi (open pc server integration)

opsi is a Windows system management tool, supporting everthing up to Windows XP, Windows Vista and Windows 7.

It handles the initial Windows installation and the installation of additional software products.

opsi is mainly developed by uib.

additional OPSI ressources

General remarks about Windows silient/unattended configuration

/!\ more or less just some notes I've collected during work.

OPSI Products

These are the packages, that can be installed by OPSI.

Standard packages can be found at:

Our full packages are also hosted at

Full packages include are requires components. On the other side, template packages only contain the freely distributable (Open-Source) parts. The other components must be added manually.

How to handle template packages from http://www.dass-it.de:

  • copy the sources to your OPSI workbench
  • if required, add the missing components
  • create an OPSI package by
    • opsi-makeproductfile PACKAGENAME
  • install package by
    • opsi-package-manager --install --properties ask PACKAGE.opsi

bitlocker

source
source:opsi/products/bitlocker
package
source:opsi/products/

Windows 7 includes the bitlocker tool for harddisk encryption. With this opsi package bitlocker can be centrally configured.

For more information, see wiki:windows/windows7#Bitlocker

Bitlocker requires TPM activated in the BIOS. If TPM isn't available or disabled, the bitlocker OPSI package will fail.

If TPM is activated, the bitlocker packages requires 2 reboots.

The recovery password must be 8 blocks of 6 digits (as in the provided as example) and each block must be devidable by 11. Example:

000011-000022-000033-000044-000055-000066-000077-000088

bacula

source
source:opsi/products/bacula
package
source:opsi/products/

Bacula client for Windows.

Features:

  • automatic firewall configuration
  • creates bacula config files based on the OPSI properties for the Bacula package
  • Bacula Director configuration can be automatically generated, see next section

Bacula Director: automatic configuration

The Bacula Director configuration files can be automatically generated by the opsiclient script.

For a detailed presentation (in German) from the http://bacula-conference.org 2012 see this attachment:praesentation-20120925-BaculaKonferenz-OPSI.pdf

Alternativly follow these instructions:

virtualbox-guest-tools

source
source:opsi/products/virtualbox-guest-tools
package
source:opsi/products/

Windows guest tools for VirtualBox.

wsusoffline

source
source:opsi/products/wsusoffline

Using "WSUS Offline Update", you can update any computer running Microsoft Windows and Office safely, quickly and without an Internet connection, see http://www.wsusoffline.net/

This tools will download all (most) available

  • Microsoft Windows Updates
  • Microsoft Office Updates

and additional Microsoft components like

  • .Net Framework
  • Powershell
  • MS Defender

All these components are stored in the client/ subdirectory. This directory can be distributed to other client systems. On these systems it can be installed by a wsusoffline script without further user interaction.

To distribute and install these components, it can be packed into a OPSI package.

create a wsusoffline OPSI package

using the wsusoffline RPM

  • install the wsusoffline from http://software.opensuse.org/download/package?project=home:dassit:opsi:opsi4&package=wsusoffline
  • make sure, that the download user is member of the group wsusoffline, e.g.
    • sudo /usr/sbin/groupmod wsusoffline -A $USER
  • execute
    • wsus-download-updates.sh
      • select required products and start the download
        • the updates will be stored in the directory: /var/lib/wsusoffline/client/
  • copy the wsusoffline client directory into the OPSI package at opsi_workbench/wsusoffline/CLIENT_DATA/client/
    • rsync -av --progress /var/lib/wsusoffline/client/. $YOUR_OPSI_PATH/opsi_workbench/wsusoffline/CLIENT_DATA/client/.
  • adapt version information in $YOUR_OPSI_PATH/opsi_workbench/wsusoffline/OPSI/control
  • create package
    • opsi-makeproductfile $YOUR_OPSI_PATH/opsi_workbench/wsusoffline

RPM sources at source:opsi/server/wsusoffline

using the wsusoffline ZIP-archive

  • download and install wsusoffline from the ZIP archive at http://www.wsusoffline.net/
  • start wsusoffline/sh/DownloadUpdates.sh
    • select required products and start the download
      • the updates will be stored in the subdirectory: client/
  • copy the wsusoffline subdirectory client/ into the OPSI package at opsi_workbench/wsusoffline/CLIENT_DATA/client/

Known limitations

  • wsusoffline 7.3.2
    • bug in the Linux download code (dos2unix). Not all products are properly selected/deselected
  • wsusoffline 7.3
    • winxp, dotnet-Framework 3.5 Language Pack is known not to work. I suggest installating dotnet-Framework 3.5 as a separate package
  • Why isn't the full wsusoffline application directly included in the OPSI package? Wouldn't it be easier to start the download directly in the OPSI directory instead of copying the client-directory to OPSI afterwards?
    • For the first run, this would be indeed easier. However, if you update the OPSI wsusoffline package to a newer version, all files already downloaded will be deleted (by opsi-package-manager), because they are not included in the package. Of course, you can backup them before, and apply them again after the update. However, then this approach would not be easier anymore. So in my opinion, it is cleaner, to handle the download indepent from the install part, and copy the full client-directory to OPSI after downloading the files.

xenserver-tools

source
source:opsi/products/xenserver-tools

Windows tools when running on a Citrix XenServer:

Attachments