How To: Install OCS on CentOS 7

What is OCS or OCSng?:

In short, OCS (Open Computers and Software Inventory Next Generation) is an assets management and deployment solution.

OCS can be directly integrated with GLPI for seamless asset tracking automation. Check out my other blog post on how to install GLPI

Read more about OCS on their website: OCS

Overview:

In this article, we will go step-by-step on how to install OCS on CentOS 7. There are a few installation gotchas that I have overcome that are not mentioned in the OCS documentation and I wanted to share this information so that anyone just getting into OCS or wanting to know more about OCS doesn’t have to go through the same pain I had to.

yum install -y epel-release yum-utils vim wget

wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm
wget https://rpm.ocsinventory-ng.org/ocsinventory-release-latest.el7.ocs.noarch.rpm
yum install -y ocsinventory-release-latest.el7.ocs.noarch.rpm remi-release-7.rpm

yum-config-manager --enable remi && yum-config-manager --enable remi-php73

vim /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

yum install -y httpd MariaDB-client MariaDB-server perl-Archive-Zip perl-Compress-Zlib perl-DBD-MySQL perl-DBI perl-Mojolicious perl-Net-IP perl-Plack perl-SOAP-Lite perl-Switch perl-XML-Entities perl-XML-Simple php php-cli php-common php-curl php-domxml php-gd php-imap php-intl php-ldap php-mbstring php-mcrypt php-mysql php-mysqlnd php-opcache php-pdo php-pear-CAS php-pecl-apcu php-pecl-zip php-simplexml php-soap php-sodium php-xmlrpc php-zip

yum update && yum upgrade

yum install -y ocsinventory

systemctl enable mariadb && systemctl start mariadb
mysql_secure_installation

mysql -u root -p
create database ocsweb;
CREATE USER 'ocssa'@'localhost' IDENTIFIED BY 'Password12345';
GRANT ALL PRIVILEGES ON ocsweb. * TO 'ocssa'@'localhost' IDENTIFIED BY 
'Password12345';
flush privileges;
exit;

firewall-cmd --permanent --add-service={http,https}
firewall-cmd --reload && firewall-cmd --list-services

vim /etc/php.ini
post_max_size = 50M
upload_max_filesize = 50M
max_execution_time = 300
max_input_time = 300
memory_limit = 256M

 vim /etc/httpd/conf.d/ocsinventory-server.conf
  # User allowed to connect to database
  PerlSetEnv OCS_DB_USER ocssa
  # Password for user
  PerlSetVar OCS_DB_PWD Password12345

systemctl enable httpd && systemctl start httpd

mv /usr/share/ocsinventory-reports/ocsreports/install.php /usr/share/ocsinventory-reports/ocsreports/install.php.bck

Prerequisites:

  • Note: All commands are done via an SSH connection in this guide.

To start you will need to open an SSH session to your CentOS 7 machine, if you are on windows you can use putty or even PowerShell to achieve this.

yum install -y epel-release yum-utils vim wget
wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm
wget https://rpm.ocsinventory-ng.org/ocsinventory-release-latest.el7.ocs.noarch.rpm
yum install -y ocsinventory-release-latest.el7.ocs.noarch.rpm remi-release-7.rpm
yum-config-manager --enable remi && yum-config-manager --enable remi-php73

Create a .repo file so that MariaDB 10.0+ can be installed. OCS only requires MariaDB 4.10+ but it is best practice to keep databases current for various security and performance improvements.

# To edit in vim use: i
# To save and quit vim use: Esc + :wq!

vim /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

After getting all the repositories set up, install the various array of applications and extensions needed to properly run OCS.

yum install -y httpd MariaDB-client MariaDB-server perl-Archive-Zip perl-Compress-Zlib perl-DBD-MySQL perl-DBI perl-Mojolicious perl-Net-IP perl-Plack perl-SOAP-Lite perl-Switch perl-XML-Entities perl-XML-Simple php php-cli php-common php-curl php-domxml php-gd php-imap php-intl php-ldap php-mbstring php-mcrypt php-mysql php-mysqlnd php-opcache php-pdo php-pear-CAS php-pecl-apcu php-pecl-zip php-simplexml php-soap php-sodium php-xmlrpc php-zip
yum update && yum upgrade
  • Command Block #01
    • epel-release
      • Extra packages for enterprise Linux or epel is a special interest group from fedora that creates and maintains additional sets of packages for RHEL, and other Linux distros.
    • yum-utils
      • Tools for manipulating repositories and extended package management
    • vim
      • A highly configurable text editor also known as vi.
    • wget
      • A program that can be used to retrieve content from web pages.
    • http://rpms.remirepo.net/enterprise/remi-release-7.rpm
      • Installs the Remi repo for PHP7
  • Command Block #03
    • yum-config-manager –enable remi
    • yum-config-manager –enable remi-php73
      • Enables the Remi repo for PHP7
  • Command Block #06
    • yum update && yum upgrade
      • && means to run command 2 only if command 1 succedes

Install OCS Inventory:

Next, install OCS so that certain OCS configuration files will be created and staged. We will configure OCS at a later point in the walkthrough.

yum install -y ocsinventory

Configure the MariaDB database:

After installing OCS, we will work on configuring the MariaDB database.

systemctl enable mariadb && systemctl start mariadb
mysql_secure_installation

Create a password for the MariaDB root account as the default is nothing, then for the remaining initial setup wizard accept the defaults using “Y“.

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

After running through the MariaDB setup wizard, log into the MariaDB management interface.

mysql -u root -p

Prestage a database for OCS as well as assign it a dedicated service account with full permissions. This database & service account will be used later on when it comes to the OCS setup wizard.

The user account and password below are examples and should be adjusted to fit your needs accordingly.

create database ocsweb;
CREATE USER 'ocssa'@'localhost' IDENTIFIED BY 'Password12345';
GRANT ALL PRIVILEGES ON ocsweb. * TO 'ocssa'@'localhost' IDENTIFIED BY 'Password12345';
flush privileges;
exit;
  • Command Block #01
    • systemctl enable mariadb && systemctl start mariadb
      • systemctl is an init system and system manager that has widely become the new standard for Linux distributions
      • systemctl enable mariadb tells the MariaDB service to auto-start on boot
      • systemctl start mariadb tells the httpdapache service start right now

Configure Apache Web Server:

After installing the prerequisites we will now work on configuring the HTTPdApache webserver.

firewall-cmd --permanent --add-service={http,https}
firewall-cmd --reload && firewall-cmd --list-services

Edit the PHP “php.ini” to better optimize certain settings for OCS.

# To edit in vim use: i
# To save and quit vim use: Esc + :wq!

vim /etc/php.ini

Look for the following lines and adjust the settings to better fit your needs. The values below are what I have found to be a good balance when running OCS for small to medium businesses.

post_max_size = 50M
upload_max_filesize = 50M
max_execution_time = 300
max_input_time = 300
memory_limit = 256M

Since we changed the default username and password for OCS we need to update OCS’s configuration file with the database’s service account username and password.

 vim /etc/httpd/conf.d/ocsinventory-server.conf
  # Name of database
  PerlSetEnv OCS_DB_NAME ocsweb
  PerlSetEnv OCS_DB_LOCAL ocsweb
  # User allowed to connect to database
  PerlSetEnv OCS_DB_USER ocssa
  # Password for user
  PerlSetVar OCS_DB_PWD Password12345
systemctl enable httpd && systemctl start httpd
  • Command Block #01
    • firewall-cmd
      • firewall-cmd is the command-line client of the firewalld daemon. It provides an interface to manage runtime and permanent configuration.
      • –add-services={http,https} opens ports 80 and 443 in the firewall as they are not open by default.
  • Command Block #06
    • systemctl enable httpd && systemctl start httpd
      • systemctl is a system manager that has widely become the new standard for Linux distributions
      • systemctl enable httpd tells the httpdapache service to auto-start on boot
      • systemctl start httpd tells the httpdapache service start right now

Configure OCS:

After installing OCS, prestaging HTTPd\Apache, and MariaDB, we will now run through the setup wizard to finish setting up the OCS instance.

Browse out to the following: “http://IP-OF-SERVER/ocsreports“, and follow along with the setup wizard to complete the installation and setup of OCS.

Default OCS Login = admin,admin

Clean up:

Rename the “install.php” file in the “OCSReports” directory after the setup wizard is complete or OCS will warn you when you log in.

mv /usr/share/ocsinventory-reports/ocsreports/install.php /usr/share/ocsinventory-reports/ocsreports/install.php.bck

Thoughts?

Thank you for taking the time to read this article, I hope that it was helpful in some way to you. If you noticed anything wrong or have a better way of doing this please don’t hesitate to comment below or send me an email.

Thank you!

7 Comments

  1. the_eye 2022-11-10 at 08:05

    mysql_secure_installation command is not reconized on newer version of MariaDB.

    You need to run :
    mariadb-secure-installation

  2. Jarek 2022-02-19 at 09:40

    Hi 🙂
    Thank you for your solid work and excellent instruction. : D: D
    However, I have a little problem. The server does not show any results. I have the client installed on several computers and nothing is happening. Previously, there was a fussion with GLPI and it was ok.
    I am asking for support: D

  3. Bruno Batt 2022-01-24 at 08:32

    [SOLVED]

    GRANT ALL PRIVILEGES ON ocsweb.* TO admin@localhost IDENTIFIED BY “admin”;
    GRANT ALL ON . to admin@’localhost’ IDENTIFIED BY ‘admin’;
    flush privileges;

    user: admin
    pass: admin

    1. Celerium 2022-02-19 at 09:09

      Hi Bruno,

      Thank you for the feedback, I have updated the document and corrected the mistakes.

  4. Bruno Batt 2022-01-24 at 08:02

    After installation, become user not registered.

    I think found error on this:
    CREATE USER ‘oscsa’@’localhost’ IDENTIFIED BY ‘Password12345’;
    GRANT ALL PRIVILEGES ON ocsweb. * TO ‘ocssa’@’localhost’ IDENTIFIED BY ‘Password12345’;

    CREATE USER ‘oscsa
    TO ‘ocssa’

    oscsa or ocssa ???

Leave a Reply