Deprecated Solutions¶
OCS Inventory¶
Note
OCS Inventory is now deprecated. GLPI Agent should be used for inventory instead.
By deploying agents on each of the company’s devices, that send data to the server on NetEye, with the Asset Management Module it will be possible not only to keep the infrastructure’s inventory updated, but thanks to the REST API and the SNMP support it will be easy to interact with the devices and monitor them.
Currently, OCS inventory is integrated in the NeyEye GUI; during the setup process two users will be created:
root is used to access the OCS Inventory’s GUI; here additional users can be created if necessary.
agent is used to authenticate the OCS inventory agents, since basic authentication is required for OCS inventory agents to access the OCS inventory server. Note that these tasks can not be excuted as root. The corresponding password is contained in file
/root/.pwd_ocsinventory_server_agent
OCS can be directly accessed from the NetEye GUI (within the Asset Management menu) using Single Sign On, if the logged user has permissions to access OCS (see below). Upon the first access to OCS from a user, that user will be created inside OCS with OCS permissions initialized.
Note
If the user logs out from NetEye, its active OCS session will be closed automatically and it will be redirected to the NetEye login page.
The official, full documentation for OCS inventory is available directly from within its interface.
Interaction between OCS and GLPI¶
During NetEye Asset group installation the GLPI’s plugin OCS Inventory NG will be automatically installed and set up.
This plugin allows the automatic synchronization between OCS Inventory
NG and GLPI solutions. It replaces the OCS native mode of GLPI and use
the plugin massocsimport
functionality to provide better
compatibility and scalability with OCS.
OCSInventory-NG import is performed using scripts (PHP or Shell) that automate synchronisation of computers. A graphical interface displays the list of defined scripts and all the related data.
Note
GLPI does not import new computers added to the infrastructure, therefore a script based on a systemd timer runs daily to ensure that the data about new computers is stored in GLPI.
During the plugin setup the default NetEye OCS Server will be automatically added to the plugin’s servers list. This server will be pre-configured with default synchronization settings and will point to the current OCS Inventory installation.
You can customize the plugin setting directly from within the GLPI’s
GUI: OCSNG server: NetEye OCS
Server
.
OCS Permissions¶
Users who wants to access the OCS from the NetEye GUI will need special permissions. To grant these permissions to users, you need to create a role (go under Configuration > Authentication > Roles) with a suitable permissions/restrictions (like e.g., profile) over the Assetmanagement module.
The OCS profile of users must be mapped correctly in the NetEye (Configuration > Authentication > Roles) to persist across login/logout.
Each NetEye role corresponds to a unique OCS profile. If a user belongs to more than one NetEye role which is assigned to more than one OCS Profile, she/he must be assigned to a single profile by following order:
sadmin
admin
ladmin
other profiles (alphabetical order)
All profiles must be manually created, before users login, for having a success permission synchronization. The only exceptions to this are the default OCS profiles. If the profile does not exist for the users in OCS, then he will redirect to the NetEye.
The OCS tags is a comma separated list of OCS computers tags that the users with this role are allowed to see. If left empty, which is the default, the user has access to all the tags. This restriction is considered only if the OCS Profile has the computers limitation enabled.
Note that if you need to investigate on what happens during the permissions synchronization (e.g. for debugging purposes), you can have a look at the following logfile, in which are logged all the actions performed during the process:
/neteye/shared/ocsinventory-ocsreports/log/logs/ocsinventory-ocsreports.log
Special Cases¶
There exist two special cases, with pre-defined profile:
NetEye users with Administrative Access
NetEye users with Full Module Access for the Assetmanagement
Both cases correspond to users with sadmin profile.
Note
For any reason, the user must not rename/remove the OCS sadmin profile and also, if he renamed the admin and ladmin profiles than they will be considered as normal profiles (alphabetical order)
Usage of SSL Certificates with OCSInventory NG¶
The security standards of NetEye disallow all insecure communication over public channels. This affects also the deployment of OCS Inventory Agents on all operating systems.
You can follow the Official Deployment Strategy and use the OCS Inventory NG Packager for deploying the Agents into your infrastructure. This section explains you how to find the server certificate needed by OCS Packager, which is also the certificate used by NetEye for all HTTPS communication and is usually signed by your company’s Certificate Authority.
You can find the correct path to your certificate in the file
/etc/httpd/conf.d/ssl.conf
and identify the line containing
SSLCertificateFile (e.g. SSLCertificateFile
/neteye/shared/httpd/conf/tls/certs/neteye.example.com.crt
)
Since OCS Inventory Agents expect a cacert.pem
file in PEM
format, should you have a certificate in crt
format, as in the above
case, you can convert the file using the following command:
openssl x509 -in /neteye/shared/httpd/conf/tls/certs/neteye.example.com.crt -out cacert.pem
Replace the
/neteye/shared/httpd/conf/tls/certs/neteye.example.com.crt
file name
with the one you found as SSLCertificateFile.