OCS Inventory 安裝記錄 Debian
本篇將以 Debian 系列進行設架服務。
運行環境
本工作室環境都是在 「Proxmox VE 」 虛擬系統上架設,都是以 「 LXC 」模式為主,除非有特殊狀況會告知使用 「 VM 」 模式
- 系統環境: Debian 11、12
- Web 服務: Apache 2.4.61
- PHP 服務: PHP 8.3
- 資料庫服務: MariaDB 10.11
由於 OCS Inventory 只能在 Apache 服務上運行不能在 Nginx ,由於有些服務在 Nginx 上是無法運行只能在 Apache 上才能運行。
安裝過程
安裝 web 服務
- 安裝
Apache服務
sudo apt -y install apache2
- 安裝完之後啟用
Apache服務
sudo systemctl enable --now apache2
安裝資料庫
-
請在參考本篇另一編安裝方式 在 Debian 系統上安裝 MariaDB
-
設定 OCS 資料庫
mariadb -u root -p
CREATE DATABASE ocsweb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON ocsweb.* TO 'ocs'@'localhost' IDENTIFIED BY 'New-Password'; <----要修改 New-Password 密碼
FLUSH PRIVILEGES;
安裝 php 服務
- 安裝 php 必要套件
apt install -y apt-transport-https lsb-release ca-certificates wget
- 新增 php 金鑰
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
- 新增 PHP 來源庫
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/sury-php.list && apt update
- 安裝 php 及其他必要套件
sudo apt -y install re2c gcc curl libapache2-mod-php8.3 php8.3 php8.3-{mysqlnd,pdo,xml,mbstring,fpm,mysql,gd,cli,opcache,curl,ldap,odbc,xmlrpc,soap,intl,zip,common,imap}
- 修改
vim /etc/php/8.3/cli/php.ini設定檔
修改前
;cgi.fix_pathinfo=1
修改後
cgi.fix_pathinfo=0
修改時區
[Date]
修改前
;date.timezone =
修改後
date.timezone = Asia/Taipei
; 記憶體用量上限
memory_limit = 512M
; Script執行時間上限(單位:秒)
max_execution_time = 600
; Script處理資料時間上限(單位:秒)
max_input_time = 600
; Socket無回應斷線時間(單位:秒)
default_socket_timeout = 600
存檔
:wq
# 指令修改
sed -i "s|^;cgi.fix_pathinfo=1.*$|cgi.fix_pathinfo=0|" /etc/php/8.3/cli/php.ini
sed -i "s|^;cgi.fix_pathinfo=1.*$|cgi.fix_pathinfo=0|" /etc/php/8.3/apache2/php.ini
sed -i "s|^;date.timezone =.*$|date.timezone = Asia/Taipei|" /etc/php/8.3/cli/php.ini
sed -i "s|^;date.timezone =.*$|date.timezone = Asia/Taipei|" /etc/php/8.3/apache2/php.ini
sed -i "s|^upload_max_filesize = 2M.*$|upload_max_filesize = 1024M|" /etc/php/8.3/cli/php.ini
sed -i "s|^upload_max_filesize = 2M.*$|upload_max_filesize = 1024M|" /etc/php/8.3/apache2/php.ini
sed -i "s|^post_max_size = 8M.*$|post_max_size = 1024M|" /etc/php/8.3/cli/php.ini
sed -i "s|^post_max_size = 8M.*$|post_max_size = 1024M|" /etc/php/8.3/apache2/php.ini
sed -i "s|^memory_limit = 128M.*$|memory_limit = 512M|" /etc/php/8.3/cli/php.ini
sed -i "s|^memory_limit = 128M.*$|memory_limit = 512M|" /etc/php/8.3/apache2/php.ini
sed -i "s|^max_execution_time = 30.*$|max_execution_time = 600|" /etc/php/8.3/cli/php.ini
sed -i "s|^max_execution_time = 30.*$|max_execution_time = 600|" /etc/php/8.3/apache2/php.ini
sed -i "s|^max_input_time = 60.*$|max_input_time = 600|" /etc/php/8.3/cli/php.ini
sed -i "s|^max_input_time = 60.*$|max_input_time = 600|" /etc/php/8.3/apache2/php.ini
sed -i "s|^default_socket_timeout = 60.*$|default_socket_timeout = 600|" /etc/php/8.3/cli/php.ini
sed -i "s|^default_socket_timeout = 60.*$|default_socket_timeout = 600|" /etc/php/8.3/apache2/php.ini
安裝 Perl 套件
sudo apt -y install perl libxml-simple-perl libcompress-zlib-perl libdbi-perl libdbd-mysql-perl libnet-ip-perl libsoap-lite-perl libio-compress-perl libapache-dbi-perl libapache2-mod-perl2 libapache2-mod-perl2-dev libdbd-mysql-perl libnet-ip-perl libxml-simple-perl libarchive-zip-perl libapache-db-perl
sudo cpan install XML::Entities Apache2::SOAP Net::IP Apache::DBI Mojolicious Switch Plack::Handler Archive::Zip
安裝 OCS Inventory Server 服務
- 匯入
OCS金鑰
curl -sS http://deb.ocsinventory-ng.org/pubkey.gpg | sudo apt-key add -
- 新增加來源庫
echo "deb http://deb.ocsinventory-ng.org/debian/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/ocsinventory.list
- 安裝
OCS服務
sudo apt update && sudo apt install ocsinventory-server -y
- 首先到 官方的 GitHub 查看是否有新版可以下載使用當下版本是 2.12,以照當時所下載新版為主。
wget https://github.com/OCSInventory-NG/OCSInventory-ocsreports/releases/download/2.12.2/OCSNG_UNIX_SERVER-2.12.2.tar.gz
- 解壓剛下載好版本
tar -xvzf OCSNG_UNIX_SERVER-*.tar.gz
- 進到解壓後目錄
cd OCSNG_UNIX_SERVER-2.12.2
- 預先建立相關目錄
mkdir -p /var/www/html
- 安裝 OCS 服務
./setup.sh
- 可以修改路徑如下
預設路徑如下,必要修改到其他路徑這是給 web 服務用的,不然無法連線或者修改設定檔
Where to copy Administration Server static files for PHP Web Console
[/usr/share/ocsinventory-reports]?
這是修改後給予的路徑
Where to copy Administration Server static files for PHP Web Console
[/usr/share/ocsinventory-reports]?/var/www/html
- 安裝過程都是以預設為主,可以直接按
enter鍵到跟上面文字一樣時要注意一下,請修改成自己常放用的 WEB 目錄位飛
Where to copy Administration Server static files for PHP Web Console
[/usr/share/ocsinventory-reports]
+----------------------------------------------------------+
| |
| Welcome to OCS Inventory NG Management server setup ! |
| |
+----------------------------------------------------------+
Trying to determine which OS or Linux distribution you use
+----------------------------------------------------------+
| Checking for Apache web server binaries ! |
+----------------------------------------------------------+
CAUTION: If upgrading Communication server from OCS Inventory NG 1.0 RC2 and
previous, please remove any Apache configuration for Communication Server!
Do you wish to continue ([y]/n)?
Assuming Communication server 1.0 RC2 or previous is not installed
on this computer.
Starting OCS Inventory NG Management server setup from folder /root/OCSNG_UNIX_SERVER-2.10.0
Storing log in file /root/OCSNG_UNIX_SERVER-2.10.0/ocs_server_setup.log
+----------------------------------------------------------+
| Checking for database server properties... |
+----------------------------------------------------------+
Your MySQL client seems to be part of MySQL version 10.9.
Your computer seems to be running MySQL 4.1 or higher, good ;-)
Which host is running database server [localhost] ?
OK, database server is running on host localhost ;-)
On which port is running database server [3306] ?
OK, database server is running on port 3306 ;-)
+----------------------------------------------------------+
| Checking for Apache web server daemon... |
+----------------------------------------------------------+
Where is Apache daemon binary [/usr/sbin/httpd] ?
OK, using Apache daemon /usr/sbin/httpd ;-)
+----------------------------------------------------------+
| Checking for Apache main configuration file... |
+----------------------------------------------------------+
Where is Apache main configuration file [/etc/httpd/conf/httpd.conf] ?
OK, using Apache main configuration file /etc/httpd/conf/httpd.conf ;-)
+----------------------------------------------------------+
| Checking for Apache user account... |
+----------------------------------------------------------+
Which user account is running Apache web server [apache] ?
OK, Apache is running under user account apache ;-)
+----------------------------------------------------------+
| Checking for Apache group... |
+----------------------------------------------------------+
Which user group is running Apache web server [apache] ?
OK, Apache is running under users group apache ;-)
+----------------------------------------------------------+
| Checking for Apache Include configuration directory... |
+----------------------------------------------------------+
Setup found Apache Include configuration directory in
/etc/httpd/conf.d.
Setup will put OCS Inventory NG Apache configuration in this directory.
Where is Apache Include configuration directory [/etc/httpd/conf.d] ?
OK, Apache Include configuration directory /etc/httpd/conf.d found ;-)
+----------------------------------------------------------+
| Checking for PERL Interpreter... |
+----------------------------------------------------------+
Found PERL interpreter at </usr/bin/perl> ;-)
Where is PERL interpreter binary [/usr/bin/perl] ?
OK, using PERL interpreter /usr/bin/perl ;-)
Do you wish to setup Communication server on this computer ([y]/n)?
+----------------------------------------------------------+
| Checking for Make utility... |
+----------------------------------------------------------+
OK, Make utility found at </usr/bin/make> ;-)
+----------------------------------------------------------+
| Checking for Apache mod_perl version... |
+----------------------------------------------------------+
Checking for Apache mod_perl version 1.99_22 or higher
Found that mod_perl version 1.99_22 or higher is available.
OK, Apache is using mod_perl version 1.99_22 or higher ;-)
+----------------------------------------------------------+
| Checking for Communication server log directory... |
+----------------------------------------------------------+
Communication server can create detailed logs. This logs can be enabled
by setting integer value of LOGLEVEL to 1 in Administration console
menu Configuration.
Where to put Communication server log directory [/var/log/ocsinventory-server] ?
OK, Communication server will put logs into directory /var/log/ocsinventory-server ;-)
+----------------------------------------------------------------------------+
| Checking for Communication server plugins configuration directory... |
+----------------------------------------------------------------------------+
Communication server need a directory for plugins configuration files.
Where to put Communication server plugins configuration files [/etc/ocsinventory-server/plugins] ?
OK, Communication server will put plugins configuration files into directory /etc/ocsinventory-server/plugins ;-)
+-------------------------------------------------------------------+
| Checking for Communication server plugins perl directory... |
+-------------------------------------------------------------------+
Communication server need a directory for plugins Perl modules files.
Where to put Communication server plugins Perl modules files [/etc/ocsinventory-server/perl] ?
OK, Communication server will put plugins Perl modules files into directory /etc/ocsinventory-server/perl ;-)
+----------------------------------------------------------+
| Checking for required Perl Modules... |
+----------------------------------------------------------+
Checking for DBI PERL module...
Found that PERL module DBI is available.
Checking for Apache::DBI PERL module...
Found that PERL module Apache::DBI is available.
Checking for DBD::mysql PERL module...
Found that PERL module DBD::mysql is available.
Checking for Compress::Zlib PERL module...
Found that PERL module Compress::Zlib is available.
Checking for XML::Simple PERL module...
Found that PERL module XML::Simple is available.
Checking for Net::IP PERL module...
Found that PERL module Net::IP is available.
Checking for Archive::Zip Perl module...
Found that PERL module Archive::Zip is available.
Do you wish to setup Rest API server on this computer ([y]/n)?
+----------------------------------------------------------+
| Checking for REST API Dependencies ... |
+----------------------------------------------------------+
Found that PERL module Mojolicious::Lite is available.
Found that PERL module Switch is available.
Found that PERL module Plack::Handler is available.
+----------------------------------------------------------+
| Configuring REST API Server files ... |
+----------------------------------------------------------+
Where do you want the API code to be store [/usr/lib64/perl5/vendor_perl] ?
Copying files to /usr/lib64/perl5/vendor_perl
+----------------------------------------------------------+
| Configuring REST API Server configuration files ... |
+----------------------------------------------------------+
+----------------------------------------------------------+
| OK, looks good ;-) |
| |
| Configuring Communication server Perl modules... |
+----------------------------------------------------------+
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for Apache::Ocsinventory
Writing MYMETA.yml and MYMETA.json
+----------------------------------------------------------+
| OK, looks good ;-) |
| |
| Preparing Communication server Perl modules... |
+----------------------------------------------------------+
+----------------------------------------------------------+
| OK, prepare finshed ;-) |
| |
| Installing Communication server Perl modules... |
+----------------------------------------------------------+
+----------------------------------------------------------+
| OK, Communication server Perl modules install finished;-)|
| |
| Creating Communication server log directory... |
+----------------------------------------------------------+
Creating Communication server log directory /var/log/ocsinventory-server.
Fixing Communication server log directory files permissions.
Configuring logrotate for Communication server.
Removing old communication server logrotate file /etc/logrotate.d/ocsinventory-NG
Writing communication server logrotate to file /etc/logrotate.d/ocsinventory-server
+----------------------------------------------------------------------+
| OK, Communication server log directory created ;-) |
| |
| Creating Communication server plugins configuration directory... |
+----------------------------------------------------------------------+
Creating Communication server plugins configuration directory /etc/ocsinventory-server/plugins.
+----------------------------------------------------------------------+
| OK, Communication server plugins configuration directory created ;-) |
| |
| Creating Communication server plugins Perl directory... |
+----------------------------------------------------------------------+
Creating Communication server plugins Perl directory /etc/ocsinventory-server/perl.
+----------------------------------------------------------------------+
| OK, Communication server plugins Perl directory created ;-) |
| |
| Now configuring Apache web server... |
+----------------------------------------------------------------------+
To ensure Apache loads mod_perl before OCS Inventory NG Communication Server,
Setup can name Communication Server Apache configuration file
'z-ocsinventory-server.conf' instead of 'ocsinventory-server.conf'.
Do you allow Setup renaming Communication Server Apache configuration file
to 'z-ocsinventory-server.conf' ([y]/n) ?
OK, using 'z-ocsinventory-server.conf' as Communication Server Apache configuration file
Removing old communication server configuration to file /etc/httpd/conf.d/ocsinventory.conf
Writing communication server configuration to file /etc/httpd/conf.d/z-ocsinventory-server.conf
+----------------------------------------------------------------------+
| OK, Communication server setup successfully finished ;-) |
| |
| Please, review /etc/httpd/conf.d/z-ocsinventory-server.conf |
| to ensure all is good. Then restart Apache daemon. |
+----------------------------------------------------------------------+
Do you wish to setup Administration Server (Web Administration Console)
on this computer ([y]/n)?
+----------------------------------------------------------+
| Checking for Administration Server directories... |
+----------------------------------------------------------+
CAUTION: Setup now install files in accordance with Filesystem Hierarchy
Standard. So, no file is installed under Apache root document directory
(Refer to Apache configuration files to locate it).
If you're upgrading from OCS Inventory NG Server 1.01 and previous, YOU
MUST REMOVE (or move) directories 'ocsreports' and 'download' from Apache
root document directory.
If you choose to move directory, YOU MUST MOVE 'download' directory to
Administration Server writable/cache directory (by default
/var/lib/ocsinventory-reports), especially if you use deployment feature.
Do you wish to continue ([y]/n)?
Assuming directories 'ocsreports' and 'download' removed from
Apache root document directory.
Where to copy Administration Server static files for PHP Web Console
[/usr/share/ocsinventory-reports] ?/var/www/html <------ 修改 PHP 目錄位置
OK, using directory /var/www/html to install static files ;-)
Where to create writable/cache directories for deployment packages,
administration console logs, IPDiscover and SNMP [/var/lib/ocsinventory-reports] ?
OK, writable/cache directory is /var/lib/ocsinventory-reports ;-)
+----------------------------------------------------------+
| Checking for required Perl Modules... |
+----------------------------------------------------------+
Checking for DBI PERL module...
Found that PERL module DBI is available.
Checking for DBD::mysql PERL module...
Found that PERL module DBD::mysql is available.
Checking for XML::Simple PERL module...
Found that PERL module XML::Simple is available.
Checking for Net::IP PERL module...
Found that PERL module Net::IP is available.
+----------------------------------------------------------+
| Installing files for Administration server... |
+----------------------------------------------------------+
Creating PHP directory /var/www/html/ocsreports.
Copying PHP files to /var/www/html/ocsreports.
Fixing permissions on directory /var/www/html/ocsreports.
Creating database configuration file /var/www/html/ocsreports/dbconfig.inc.php.
Creating IPDiscover directory /var/lib/ocsinventory-reports/ipd.
Fixing permissions on directory /var/lib/ocsinventory-reports/ipd.
Creating packages directory /var/lib/ocsinventory-reports/download.
Fixing permissions on directory /var/lib/ocsinventory-reports/download.
Creating snmp mibs directory /var/lib/ocsinventory-reports/snmp.
Fixing permissions on directory /var/lib/ocsinventory-reports/snmp.
Creating Administration server log files directory /var/lib/ocsinventory-reports/logs.
Fixing permissions on directory /var/lib/ocsinventory-reports/logs.
Creating Administration server temporary files directory /var/lib/ocsinventory-reports/tmp_dir.
Fixing permissions on directory /var/lib/ocsinventory-reports/tmp_dir.
Creating Administration server scripts log files directory /var/lib/ocsinventory-reports/scripts.
Fixing permissions on directory /var/lib/ocsinventory-reports/scripts.
Configuring IPDISCOVER-UTIL Perl script.
Installing IPDISCOVER-UTIL Perl script.
Fixing permissions on IPDISCOVER-UTIL Perl script.
Writing Administration server configuration to file /etc/httpd/conf.d/ocsinventory-reports.conf
+----------------------------------------------------------------------+
| OK, Administration server installation finished ;-) |
| |
| Please, review /etc/httpd/conf.d/ocsinventory-reports.conf
| to ensure all is good and restart Apache daemon. |
| |
| Then, point your browser to http://server//ocsreports
| to configure database server and create/update schema. |
+----------------------------------------------------------------------+
Setup has created a log file /root/OCSNG_UNIX_SERVER-2.10.0/ocs_server_setup.log. Please, save this file.
If you encounter error while running OCS Inventory NG Management server,
we can ask you to show us its content !
DON'T FORGET TO RESTART APACHE DAEMON !
Enjoy OCS Inventory NG ;-)
- 只要看到 Enjoy OCS Inventory NG ;-) 表示你已安裝成功了
設定後續的設定值
- 修改有關於 OCS 相關權限
# 注意剛剛如果有修改路徑的話,後面的路徑要指向剛剛你所設定的路徑
chmod -R 766 /var/www/html/ocsreports
# 只給 apache 服務使用,路徑要注意如有修改記得要改
chown -R www-data:www-data /var/www/html/ocsreports
# 此路徑不用改,因為是預設
chown -R www-data:www-data /var/lib/ocsinventory-reports/
# 注意剛剛如果有修改路徑的話,後面的路徑要指向剛剛你所設定的路徑
chcon -R -t httpd_sys_rw_content_t /var/www/html/ocsreports
WEB 安裝畫面
- 連線之前要重啟
Apache服務
systemctl restart apache2
- 開啟瀏灠器輸入
http://server/ocsreports(站台位置)
- 設定資料庫連線位置
- MySQL login:輸入剛剛建立可以讓 ocs 登入的帳號
- MySQL password:輸入剛剛建立可以讓 ocs 登入的密碼
- Name of Database: 輸入剛剛建立的給 ocs 使用的資料庫名稱
- MySQL HostName:輸入資料庫所在位置
- 正在安裝的畫面,安裝完之後按下
Click here to enter OCS-NG GUI
- 因資料庫版本有更新所以手動更新按下
Perform the update
- 更新完之後按下
Click here to enter OCS-NG GUI
- 登入畫面,官方預設帳號密碼都是
admin
- 登入之後會有一個警告訊息是說要請把
install.php此檔移除或者修改名稱
OCS Inventory 記錄無法收集原因
BUBU 在測試的時候發現無法正常收到設備回報,去查了一下 OCS Log 檔,出現這樣子的錯誤,如果出現這樣子的錯誤表示 OCS 設定檔系統沒有協助設定好,這個意思是說 「 z-ocsinventory-server.conf 」設定檔裡的密碼是錯的,導至無法寫入資料庫要,要進到此設定檔裡面做修改就好了
# 修改路徑
vim /etc/apache2/conf-available/z-ocsinventory-server.conf
修改
PerlSetVar OCS_DB_PWD “New-Password”
- 畫面如下
- 再確認一下
dbconfig.inc.php
vim /var/www/html/ocsreports/dbconfig.inc.php
# 注意此的密碼是不是沒有正確寫入資料庫密碼
define(“PSWD_BASE”,”New-Password”);
- 再確認一下
zz-ocsinventory-restapi.conf
# 修改路徑
vim /etc/apache2/conf-available/z-ocsinventory-server.conf
# 注意此的密碼是不是沒有正確寫入資料庫密碼
$ENV{OCS_DB_PWD} = 'ocs';
- 畫面如下
- 啟用 Apache 的設定檔
sudo a2enconf ocsinventory-reports
sudo a2enconf z-ocsinventory-server.conf
sudo a2enconf zz-ocsinventory-restapi
- 以上都確認好之後重啟服務,這樣子就可以正常收到資料了
systemctl restart apache2 && systemctl restart mariadb
OCS Inventory 軟體記錄顯示處理
BUBU 有發現到在顯示所有軟體清單沒有正常顯示出來,經過 Google 查到該功能需要用排程方式定期處理
-
相關排程說明
-
cron_all_software.php: 補充和更新All software頁面 -
cron_cve.php: 根據OCS Inventory軟體清理並補充CVE報告 -
cron_ipdiscover.php: 清除IpDiscover數據 -
cron_wol.php: 執行預定的Wake On Lan -
cron_mailer.php: 從OCS Inventory發送報告郵件
-
-
目錄位置
cd /var/www/html/ocsreports/crontab
- 排程設定,這需求就看個人做調整
30 8 * * * cd /var/www/html/ocsreports/crontab/ && php cron_all_software.php > /var/log/cron_all_software.log 2>&1
OCS Inventory Apache 報錯
- 在測試
Apache設定檔有沒有正常出現此問題
ocsinventory-server: Bad setting. `SNMP_LINK_TAG` is not set. Default: `0`
- 出現此問題請在
z-ocsinventory-server.conf此腳本新增加設定找到SNMP相關參數新增下面的指令後存檔檢查就會正常了
PerlSetEnv OCS_OPT_SNMP_LINK_TAG 0
OCS Inventory 上傳檔案失敗
官方預設沒有很大但需要修改 ocsinventory-reports.conf
- 修改位置
vim /etc/apache2/conf-available/ocsinventory-reports.conf行數大約 49 行
# 修改前
php_value post_max_size 101m
php_value upload_max_filesize 100m
# 修改後
php_value post_max_size 1001m
php_value upload_max_filesize 1000m
- 重啟
Web服務
systemctl restart apache2