What is OCS or OCSng?:
In short, OCS (Open Computers and Software Inventory Next Generation) is an assets management and deployment solution.
OCS can be directly integrated with GLPI for seamless asset tracking automation. Check out my other blog post on how to install GLPI
Read more about OCS on their website: OCS
Overview:
In this article, we will go step-by-step on how to install OCS on CentOS 7. There are a few installation gotchas that I have overcome that are not mentioned in the OCS documentation and I wanted to share this information so that anyone just getting into OCS or wanting to know more about OCS doesn’t have to go through the same pain I had to.
yum install -y epel-release yum-utils vim wget
wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm
wget https://rpm.ocsinventory-ng.org/ocsinventory-release-latest.el7.ocs.noarch.rpm
yum install -y ocsinventory-release-latest.el7.ocs.noarch.rpm remi-release-7.rpm
yum-config-manager --enable remi && yum-config-manager --enable remi-php73
vim /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
yum install -y httpd MariaDB-client MariaDB-server perl-Archive-Zip perl-Compress-Zlib perl-DBD-MySQL perl-DBI perl-Mojolicious perl-Net-IP perl-Plack perl-SOAP-Lite perl-Switch perl-XML-Entities perl-XML-Simple php php-cli php-common php-curl php-domxml php-gd php-imap php-intl php-ldap php-mbstring php-mcrypt php-mysql php-mysqlnd php-opcache php-pdo php-pear-CAS php-pecl-apcu php-pecl-zip php-simplexml php-soap php-sodium php-xmlrpc php-zip
yum update && yum upgrade
yum install -y ocsinventory
systemctl enable mariadb && systemctl start mariadb
mysql_secure_installation
mysql -u root -p
create database ocsweb;
CREATE USER 'ocssa'@'localhost' IDENTIFIED BY 'Password12345';
GRANT ALL PRIVILEGES ON ocsweb. * TO 'ocssa'@'localhost' IDENTIFIED BY
'Password12345';
flush privileges;
exit;
firewall-cmd --permanent --add-service={http,https}
firewall-cmd --reload && firewall-cmd --list-services
vim /etc/php.ini
post_max_size = 50M
upload_max_filesize = 50M
max_execution_time = 300
max_input_time = 300
memory_limit = 256M
vim /etc/httpd/conf.d/ocsinventory-server.conf
# User allowed to connect to database
PerlSetEnv OCS_DB_USER ocssa
# Password for user
PerlSetVar OCS_DB_PWD Password12345
systemctl enable httpd && systemctl start httpd
mv /usr/share/ocsinventory-reports/ocsreports/install.php /usr/share/ocsinventory-reports/ocsreports/install.php.bck
Prerequisites:
- Note: All commands are done via an SSH connection in this guide.
To start you will need to open an SSH session to your CentOS 7 machine, if you are on windows you can use putty or even PowerShell to achieve this.
yum install -y epel-release yum-utils vim wget
wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm
wget https://rpm.ocsinventory-ng.org/ocsinventory-release-latest.el7.ocs.noarch.rpm
yum install -y ocsinventory-release-latest.el7.ocs.noarch.rpm remi-release-7.rpm
yum-config-manager --enable remi && yum-config-manager --enable remi-php73
Create a .repo file so that MariaDB 10.0+ can be installed. OCS only requires MariaDB 4.10+ but it is best practice to keep databases current for various security and performance improvements.
# To edit in vim use: i
# To save and quit vim use: Esc + :wq!
vim /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
After getting all the repositories set up, install the various array of applications and extensions needed to properly run OCS.
yum install -y httpd MariaDB-client MariaDB-server perl-Archive-Zip perl-Compress-Zlib perl-DBD-MySQL perl-DBI perl-Mojolicious perl-Net-IP perl-Plack perl-SOAP-Lite perl-Switch perl-XML-Entities perl-XML-Simple php php-cli php-common php-curl php-domxml php-gd php-imap php-intl php-ldap php-mbstring php-mcrypt php-mysql php-mysqlnd php-opcache php-pdo php-pear-CAS php-pecl-apcu php-pecl-zip php-simplexml php-soap php-sodium php-xmlrpc php-zip
yum update && yum upgrade
- Command Block #01
- epel-release
- Extra packages for enterprise Linux or epel is a special interest group from fedora that creates and maintains additional sets of packages for RHEL, and other Linux distros.
- yum-utils
- Tools for manipulating repositories and extended package management
- vim
- A highly configurable text editor also known as vi.
- wget
- A program that can be used to retrieve content from web pages.
- http://rpms.remirepo.net/enterprise/remi-release-7.rpm
- Installs the Remi repo for PHP7
- epel-release
- Command Block #03
- yum-config-manager –enable remi
- yum-config-manager –enable remi-php73
- Enables the Remi repo for PHP7
- Command Block #06
- yum update && yum upgrade
- && means to run command 2 only if command 1 succedes
- yum update && yum upgrade
Install OCS Inventory:
Next, install OCS so that certain OCS configuration files will be created and staged. We will configure OCS at a later point in the walkthrough.
yum install -y ocsinventory
Configure the MariaDB database:
After installing OCS, we will work on configuring the MariaDB database.
systemctl enable mariadb && systemctl start mariadb
mysql_secure_installation
Create a password for the MariaDB root account as the default is nothing, then for the remaining initial setup wizard accept the defaults using “Y“.
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
After running through the MariaDB setup wizard, log into the MariaDB management interface.
mysql -u root -p
Prestage a database for OCS as well as assign it a dedicated service account with full permissions. This database & service account will be used later on when it comes to the OCS setup wizard.
The user account and password below are examples and should be adjusted to fit your needs accordingly.
create database ocsweb;
CREATE USER 'ocssa'@'localhost' IDENTIFIED BY 'Password12345';
GRANT ALL PRIVILEGES ON ocsweb. * TO 'ocssa'@'localhost' IDENTIFIED BY 'Password12345';
flush privileges;
exit;
- Command Block #01
- systemctl enable mariadb && systemctl start mariadb
- systemctl is an init system and system manager that has widely become the new standard for Linux distributions
- systemctl enable mariadb tells the MariaDB service to auto-start on boot
- systemctl start mariadb tells the httpdapache service start right now
- systemctl enable mariadb && systemctl start mariadb
Configure Apache Web Server:
After installing the prerequisites we will now work on configuring the HTTPdApache webserver.
firewall-cmd --permanent --add-service={http,https}
firewall-cmd --reload && firewall-cmd --list-services
Edit the PHP “php.ini” to better optimize certain settings for OCS.
# To edit in vim use: i
# To save and quit vim use: Esc + :wq!
vim /etc/php.ini
Look for the following lines and adjust the settings to better fit your needs. The values below are what I have found to be a good balance when running OCS for small to medium businesses.
post_max_size = 50M
upload_max_filesize = 50M
max_execution_time = 300
max_input_time = 300
memory_limit = 256M
Since we changed the default username and password for OCS we need to update OCS’s configuration file with the database’s service account username and password.
vim /etc/httpd/conf.d/ocsinventory-server.conf
# Name of database
PerlSetEnv OCS_DB_NAME ocsweb
PerlSetEnv OCS_DB_LOCAL ocsweb
# User allowed to connect to database
PerlSetEnv OCS_DB_USER ocssa
# Password for user
PerlSetVar OCS_DB_PWD Password12345
systemctl enable httpd && systemctl start httpd
- Command Block #01
- firewall-cmd
- firewall-cmd is the command-line client of the firewalld daemon. It provides an interface to manage runtime and permanent configuration.
- –add-services={http,https} opens ports 80 and 443 in the firewall as they are not open by default.
- firewall-cmd
- Command Block #06
- systemctl enable httpd && systemctl start httpd
- systemctl is a system manager that has widely become the new standard for Linux distributions
- systemctl enable httpd tells the httpdapache service to auto-start on boot
- systemctl start httpd tells the httpdapache service start right now
- systemctl enable httpd && systemctl start httpd
Configure OCS:
After installing OCS, prestaging HTTPd\Apache, and MariaDB, we will now run through the setup wizard to finish setting up the OCS instance.
Browse out to the following: “http://IP-OF-SERVER/ocsreports“, and follow along with the setup wizard to complete the installation and setup of OCS.
Default OCS Login = admin,admin
Clean up:
Rename the “install.php” file in the “OCSReports” directory after the setup wizard is complete or OCS will warn you when you log in.
mv /usr/share/ocsinventory-reports/ocsreports/install.php /usr/share/ocsinventory-reports/ocsreports/install.php.bck
Thoughts?
Thank you for taking the time to read this article, I hope that it was helpful in some way to you. If you noticed anything wrong or have a better way of doing this please don’t hesitate to comment below or send me an email.
Thank you!
repolist “baseurl = http://yum.mariadb.org/10.1/centos7-amd64” for the mariab-db does not exist.
the correct repolist is “baseurl = http://yum.mariadb.org/yum/10.10/centos7-amd64“
mysql_secure_installation command is not reconized on newer version of MariaDB.
You need to run :
mariadb-secure-installation
I had some issues with the repolist for MariaDB
the URL is bad , it should be
baseurl = http://yum.mariadb.org/yum/10.10/centos-amd64
Instead of
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
Hi 🙂
Thank you for your solid work and excellent instruction. : D: D
However, I have a little problem. The server does not show any results. I have the client installed on several computers and nothing is happening. Previously, there was a fussion with GLPI and it was ok.
I am asking for support: D
[SOLVED]
GRANT ALL PRIVILEGES ON ocsweb.* TO admin@localhost IDENTIFIED BY “admin”;
GRANT ALL ON . to admin@’localhost’ IDENTIFIED BY ‘admin’;
flush privileges;
user: admin
pass: admin
Hi Bruno,
Thank you for the feedback, I have updated the document and corrected the mistakes.
After installation, become user not registered.
I think found error on this:
CREATE USER ‘oscsa’@’localhost’ IDENTIFIED BY ‘Password12345’;
GRANT ALL PRIVILEGES ON ocsweb. * TO ‘ocssa’@’localhost’ IDENTIFIED BY ‘Password12345’;
CREATE USER ‘oscsa
TO ‘ocssa’
oscsa or ocssa ???