Execução quebrada no OCS Inventory [RESOLVIDO]

ekkra
(usa CentOS)

Enviado em 03/08/2021 - 18:36h

Olá senhores,

Decidi implementar um serviço de OCS Inventory na empresa para qual trabalho para auxiliar meu departamento com gerenciamento de ativos. Realizei a instalação de acordo com a documentação oficial do OCS e instalei também 01 agente de rede em meu computador para enviar informações ao meu servidor OCS, até aqui tudo bem, o problema é que quando seleciono qualquer estação (No Dashboard do OCS), não me retorna nenhuma informação do equipamento, fica apenas 'processando eternamente'.
Procurei em outros fóruns mas não obtive nenhum tipo de retorno ao meu problema. Alguém pode me dar alguma sugestão?

ekkra
(usa CentOS)

Enviado em 03/08/2021 - 18:38h

Aqui está o conteúdo do meu /etc/httpd/conf.d/ocsinventory-server.conf:

[madson@ocsinventory ~]$ sudo cat /etc/httpd/conf.d/ocsinventory-server.conf
################################################################################
#
# OCS Inventory NG Communication Server Perl Module Setup
#
# Copyleft 2006 Pascal DANEK
# Web: http://www.ocsinventory-ng.org
#
# This code is open source and may be copied and modified as long as the source
# code is always made freely available.
# Please refer to the General Public Licence http://www.gnu.org/ or Licence.txt
################################################################################

<IfModule mod_perl.c>

# Which version of mod_perl we are using
# For mod_perl <= 1.999_21, replace 2 by 1
# For mod_perl > 1.999_21, replace 2 by 2
PerlSetEnv OCS_MODPERL_VERSION 2

# Master Database settings
# Replace localhost by hostname or ip of MySQL server for WRITE
PerlSetEnv OCS_DB_HOST localhost
# Replace 3306 by port where running MySQL server, generally 3306
PerlSetEnv OCS_DB_PORT 3306
# Name of database
PerlSetEnv OCS_DB_NAME ocsweb
PerlSetEnv OCS_DB_LOCAL ocsweb
# User allowed to connect to database
PerlSetEnv OCS_DB_USER ocs
# Password for user
PerlSetVar OCS_DB_PWD (minha senha)
# SSL Configuration
# 0 to disable the SSL support for MySQL/MariaDB
# 1 to enable the SSL support for MySQL/MariaDB
PerlSetEnv OCS_DB_SSL_ENABLED 0
# PerlSetEnv OCS_DB_SSL_CLIENT_KEY /etc/ssl/private/client.key
# PerlSetEnv OCS_DB_SSL_CLIENT_CERT /etc/ssl/certs/client.crt
# PerlSetEnv OCS_DB_SSL_CA_CERT /etc/ssl/certs/ca.crt
# SSL Mode
# - SSL_MODE_PREFERRED (SSL enabled but optional)
# - SSL_MODE_REQUIRED (SSL enabled, mandatory but don't verify server certificate. Ex self signed cert)
# - SSL_MODE_STRICT (SSL enabled, mandatory and server cert must be trusted)
PerlSetEnv OCS_DB_SSL_MODE SSL_MODE_PREFERRED


# Slave Database settings
# Replace localhost by hostname or ip of MySQL server for READ
# Useful if you handle mysql slave databases
# PerlSetEnv OCS_DB_SL_HOST localhost
# Replace 3306 by port where running MySQL server, generally 3306
# PerlSetEnv OCS_DB_SL_PORT_SLAVE 3306
# User allowed to connect to database
# PerlSetEnv OCS_DB_SL_USER ocs
# Name of the database
# PerlSetEnv OCS_DB_SL_NAME ocsweb
# Password for user
# PerlSetVar OCS_DB_SL_PWD ocs
# SSL Configuration for Slave database
# 0 to disable the SSL support for MySQL/MariaDB
# 1 to enable the SSL support for MySQL/MariaDB
# PerlSetEnv OCS_DB_SL_SSL_ENABLED 0
# PerlSetEnv OCS_DB_SL_SSL_CLIENT_KEY /etc/ssl/private/client.key
# PerlSetEnv OCS_DB_SL_SSL_CLIENT_CERT /etc/ssl/certs/client.crt
# PerlSetEnv OCS_DB_SL_SSL_CA_CERT /etc/ssl/certs/ca.crt
# SSL Mode
# - SSL_MODE_PREFERRED (SSL enabled but optional)
# - SSL_MODE_REQUIRED (SSL enabled, mandatory but don't verify server certificate. Ex self signed cert)
# - SSL_MODE_STRICT (SSL enabled, mandatory and server cert must be trusted)
# PerlSetEnv OCS_DB_SL_SSL_MODE SSL_MODE_PREFERRED

# Path to log directory (must be writeable)
PerlSetEnv OCS_OPT_LOGPATH "/var/log/ocsinventory-server"

# If you need to specify a mysql socket that the client's built-in
#PerlSetEnv OCS_OPT_DBI_MYSQL_SOCKET "path/to/mysql/unix/socket"
# DBI verbosity
PerlSetEnv OCS_OPT_DBI_PRINT_ERROR 1

# Unicode support
PerlSetEnv OCS_OPT_UNICODE_SUPPORT 1

# If you are using a multi server architecture,
# Put the ip addresses of the slaves on the master
# (This is read as perl regular expressions)
PerlAddVar OCS_OPT_TRUSTED_IP 127.0.0.1
#PerlAddVar OCS_OPT_TRUSTED_IP XXX.XXX.XXX.XXX

# Be careful: you must restart apache to make settings taking effects

# Configure engine to use the settings from this file
PerlSetEnv OCS_OPT_OPTIONS_NOT_OVERLOADED 0

# Try to use other compress algorithm than raw zlib
# GUNZIP and clear XML are supported
PerlSetEnv OCS_OPT_COMPRESS_TRY_OTHERS 1

##############################################################
# ===== OPTIONS BELOW ARE OVERLOADED IF YOU USE OCS GUI =====#
##############################################################

# NOTE: IF YOU WANT TO USE THIS CONFIG FILE INSTEAD, set OCS_OPT_OPTIONS_NOT_OVERLOADED to '1'

# ===== MAIN SETTINGS =====

# Enable engine logs (see LOGPATH setting)
PerlSetEnv OCS_OPT_LOGLEVEL 0
# Specify agent's prolog frequency
PerlSetEnv OCS_OPT_PROLOG_FREQ 12
# Specify if agent take contact on service startup
PerlSetEnv OCS_OPT_INVENTORY_ON_STARTUP 0
# Configure the duplicates detection system
PerlSetEnv OCS_OPT_AUTO_DUPLICATE_LVL 15
# Futur security improvements
PerlSetEnv OCS_OPT_SECURITY_LEVEL 0
# Validity of a computer's lock
PerlSetEnv OCS_OPT_LOCK_REUSE_TIME 600
# Enable the history tracking system (useful for external data synchronisation
PerlSetEnv OCS_OPT_TRACE_DELETED 0

# ===== INVENTORY SETTINGS =====

# Specify the validity of inventory data
PerlSetEnv OCS_OPT_FREQUENCY 0
# Configure engine to update inventory regarding to CHECKSUM agent value (lower DB backend load)
PerlSetEnv OCS_OPT_INVENTORY_DIFF 1
# Make engine consider an inventory as a transaction (lower concurency, better disk usage)
PerlSetEnv OCS_OPT_INVENTORY_TRANSACTION 1
# Configure engine to make a differential update of inventory sections (row level). Lower DB backend load, higher frontend load
PerlSetEnv OCS_OPT_INVENTORY_WRITE_DIFF 1
# Enable some stuff to improve DB queries, especially for GUI multicriteria searching system
PerlSetEnv OCS_OPT_INVENTORY_CACHE_ENABLED 1
# Specify when the engine will clean the inventory cache structures
PerlSetEnv OCS_OPT_INVENTORY_CACHE_REVALIDATE 7
# Enable you to keep trace of every elements encountered in db life
PerlSetEnv OCS_OPT_INVENTORY_CACHE_KEEP 1

# ===== SOFTWARES DEPLOYMENT SETTINGS =====

# Enable this feature
PerlSetEnv OCS_OPT_DOWNLOAD 0
# Package which have a priority superior than this value will not be downloaded
PerlSetEnv OCS_OPT_DOWNLOAD_PERIOD_LENGTH 10
# Time between two download cycles (bandwidth control)
PerlSetEnv OCS_OPT_DOWNLOAD_CYCLE_LATENCY 60
# Time between two fragment downloads (bandwidth control)
PerlSetEnv OCS_OPT_DOWNLOAD_FRAG_LATENCY 60
# Specify if you want to track packages affected to a group on computer's level
PerlSetEnv OCS_OPT_DOWNLOAD_GROUPS_TRACE_EVENTS 1
# Time between two download periods (bandwidth control)
PerlSetEnv OCS_OPT_DOWNLOAD_PERIOD_LATENCY 60
# Agents will send ERR_TIMEOUT event and clean the package it is older than this setting
PerlSetEnv OCS_OPT_DOWNLOAD_TIMEOUT 7
# Agents will send an error event and clean the package if package command does not respond during this setting
PerlSetEnv OCS_OPT_DOWNLOAD_EXECUTION_TIMEOUT 120

# Enable ocs engine to deliver agent's files (deprecated)
PerlSetEnv OCS_OPT_DEPLOY 0
# Enable the softwares deployment capacity (bandwidth control)

# ===== GROUPS SETTINGS =====

# Enable the computer\s groups feature
PerlSetEnv OCS_OPT_ENABLE_GROUPS 1
# Random number computed in the defined range. Designed to avoid computing many groups in the same process
PerlSetEnv OCS_OPT_GROUPS_CACHE_OFFSET 43200
# Specify the validity of computer's groups (default: compute it once a day - see offset)
PerlSetEnv OCS_OPT_GROUPS_CACHE_REVALIDATE 43200

# ===== IPDISCOVER SETTINGS =====

# Specify how much agent per LAN will discovered connected peripherals (0 to disable)
PerlSetEnv OCS_OPT_IPDISCOVER 2
# Specify the minimal difference to replace an ipdiscover agent
PerlSetEnv OCS_OPT_IPDISCOVER_BETTER_THRESHOLD 1
# Time between 2 arp requests (mini: 10 ms)
PerlSetEnv OCS_OPT_IPDISCOVER_LATENCY 100
# Specify when to remove a computer when it has not come until this period
PerlSetEnv OCS_OPT_IPDISCOVER_MAX_ALIVE 14
# Disable the time before a first election (not recommended)
PerlSetEnv OCS_OPT_IPDISCOVER_NO_POSTPONE 0
# Enable groups for ipdiscover (for example, you might want to prevent some groups to be ipdiscover agents)
PerlSetEnv OCS_OPT_IPDISCOVER_USE_GROUPS 1

# ===== INVENTORY FILES MAPPING SETTINGS =====

# Use with ocsinventory-injector, enable the multi entities feature
PerlSetEnv OCS_OPT_GENERATE_OCS_FILES 0
# Generate either compressed file or clear XML text
PerlSetEnv OCS_OPT_OCS_FILES_FORMAT OCS
# Specify if you want to keep trace of all inventory between to synchronisation with the higher level server
PerlSetEnv OCS_OPT_OCS_FILES_OVERWRITE 0
# Path to ocs files directory (must be writeable)
PerlSetEnv OCS_OPT_OCS_FILES_PATH /tmp

# ===== FILTER SETTINGS =====

# Enable prolog filter stack
PerlSetEnv OCS_OPT_PROLOG_FILTER_ON 0
# Enable core filter system to modify some things "on the fly"
PerlSetEnv OCS_OPT_INVENTORY_FILTER_ENABLED 0
# Enable inventory flooding filter. A dedicated ipaddress ia allowed to send a new computer only once in this period
PerlSetEnv OCS_OPT_INVENTORY_FILTER_FLOOD_IP 0
# Period definition for INVENTORY_FILTER_FLOOD_IP
PerlSetEnv OCS_OPT_INVENTORY_FILTER_FLOOD_IP_CACHE_TIME 300
# Enable inventory filter stack
PerlSetEnv OCS_OPT_INVENTORY_FILTER_ON 0

# ===== DATA FILTER =====

#Enable the dat filtering capacity
PerlSetEnv OCS_OPT_DATA_FILTER 0

# Set the table names and the field associated you want to filter
#PerlAddVar OCS_OPT_DATA_TO_FILTER HARDWARE
#PerlAddVar OCS_OPT_DATA_TO_FILTER USERID


# ===== REGISTRY SETTINGS =====

# Enable the registry capacity
PerlSetEnv OCS_OPT_REGISTRY 1

# ===== SNMP SETTINGS =====

# Enable the SNMP capacity
PerlSetEnv OCS_OPT_SNMP 0
# Configure engine to update snmp inventory regarding to snmp_laststate table (lower DB backend load)
PerlSetEnv OCS_OPT_SNMP_INVENTORY_DIFF 1
# Display error message about agent https communication in logfile
PerlSetEnv OCS_OPT_SNMP_PRINT_HTTPS_ERROR 1

# ===== SESSION SETTINGS =====
# Not yet in GUI

# Validity of a session (prolog=>postinventory)
PerlSetEnv OCS_OPT_SESSION_VALIDITY_TIME 600
# Consider a session obsolete if it is older thant this value
PerlSetEnv OCS_OPT_SESSION_CLEAN_TIME 86400
# Accept an inventory only if required by server
#( Refuse "forced" inventory)
PerlSetEnv OCS_OPT_INVENTORY_SESSION_ONLY 0

# ===== TAG =====

# The default behavior of the server is to ignore TAG changes from the
# agent.
PerlSetEnv OCS_OPT_ACCEPT_TAG_UPDATE_FROM_CLIENT 0

# ===== EXTERNAL USERAGENTS =====

#Path for external useragents reference file
#!! WARNING !! : external agents may not be supported by OCS NG Community !
#PerlSetEnv OCS_OPT_EXT_USERAGENTS_FILE_PATH /tmp/yourfile.txt

# ===== PLUGINS =====

PerlSetEnv OCS_PLUGINS_PERL_DIR "/etc/ocsinventory/ocsinventory-server/perl"
PerlSetEnv OCS_PLUGINS_CONF_DIR "/etc/ocsinventory/ocsinventory-server/plugins"

# ===== DEPRECATED =====

# Set the proxy cache validity in http headers when sending a file
PerlSetEnv OCS_OPT_PROXY_REVALIDATE_DELAY 3600
# Deprecated
PerlSetEnv OCS_OPT_UPDATE 0

############ DO NOT MODIFY BELOW ! #######################

# External modules
PerlModule Apache::DBI
PerlModule Compress::Zlib
PerlModule XML::Simple

# Ocs plugins
PerlModule Apache::Ocsinventory::Plugins

# Ocs
PerlModule Apache::Ocsinventory
PerlModule Apache::Ocsinventory::Server::Constants
PerlModule Apache::Ocsinventory::Server::System
PerlModule Apache::Ocsinventory::Server::Communication
PerlModule Apache::Ocsinventory::Server::Inventory
PerlModule Apache::Ocsinventory::Server::Duplicate

# Capacities
PerlModule Apache::Ocsinventory::Server::Capacities::Registry
PerlModule Apache::Ocsinventory::Server::Capacities::Update
PerlModule Apache::Ocsinventory::Server::Capacities::Ipdiscover
PerlModule Apache::Ocsinventory::Server::Capacities::Download
PerlModule Apache::Ocsinventory::Server::Capacities::Notify
PerlModule Apache::Ocsinventory::Server::Capacities::Snmp
# This module guides you through the module creation
# PerlModule Apache::Ocsinventory::Server::Capacities::Example
# This module adds some rules to filter some request sent to ocs server in the prolog and inventory stages
# PerlModule Apache::Ocsinventory::Server::Capacities::Filter
# This module add availibity to filter data from HARDWARE section (data filtered won't be stored in database)
# PerlModule Apache::Ocsinventory::Server::Capacities::Datafilter

# PerlTaintCheck On

# SSL apache settings
#SSLEngine "SSL_ENABLE"
#SSLCertificateFile "SSL_CERTIFICATE_FILE"
#SSLCertificateKeyFile "SSL_CERTIFICATE_KEY_FILE"
#SSLCACertificateFile "SSL_CERTIFICATE_FILE"
#SSLCACertificatePath "SSL_CERTIFICATE_PATH"
#SSLVerifyClient "SSL_VALIDATE_CLIENT"

# Engine apache settings
# "Virtual" directory for handling OCS Inventory NG agents communications
# Be careful, do not create such directory into your web server root document !
<Location /ocsinventory>
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
order deny,allow
allow from all
</IfModule>
# If you protect this area you have to deal with http_auth_* agent's parameters
# AuthType Basic
# AuthName "OCS Inventory agent area"
# AuthUserFile "/etc/ocsinventory/ocsinventory-server/htpasswd"

ekkra
(usa CentOS)

Enviado em 03/08/2021 - 18:45h

Também não identifico nada nos logs do http e o diretório var/log/ocsinventory-server esta vazio.

[madson@ocsinventory ~]$ sudo tail /var/log/httpd/error_log
[Tue Aug 03 15:48:55.359458 2021] [core:notice] [pid 48681:tid 140719693478208] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Aug 03 17:16:51.342806 2021] [mpm_event:notice] [pid 48681:tid 140719693478208] AH00492: caught SIGWINCH, shutting down gracefully
[Tue Aug 03 17:16:54.213613 2021] [core:notice] [pid 50588:tid 139882005215552] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Aug 03 17:16:54.214742 2021] [suexec:notice] [pid 50588:tid 139882005215552] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
ocsinventory-server: Bad setting. `IPDISCOVER_LINK_TAG_NETWORK` is not set. Default: `0`
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::250:56ff:fe9c:27ad. Set the 'ServerName' directive globally to suppress this message
[Tue Aug 03 17:16:54.790335 2021] [lbmethod_heartbeat:notice] [pid 50588:tid 139882005215552] AH02282: No slotmem from mod_heartmonitor
[Tue Aug 03 17:16:54.792733 2021] [http2:warn] [pid 50588:tid 139882005215552] AH02951: mod_ssl does not seem to be enabled
[Tue Aug 03 17:16:55.009779 2021] [mpm_event:notice] [pid 50588:tid 139882005215552] AH00489: Apache/2.4.37 (centos) mod_perl/2.0.11 Perl/v5.26.3 configured -- resuming normal operations
[Tue Aug 03 17:16:55.009868 2021] [core:notice] [pid 50588:tid 139882005215552] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

Buckminster
(usa Debian)

Enviado em 03/08/2021 - 21:45h

Veja essas duas linhas do log:
ocsinventory-server: Bad setting. `IPDISCOVER_LINK_TAG_NETWORK` is not set. Default: `0`
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::250:56ff:fe9c:27ad. Set the 'ServerName' directive globally to suppress this message

"ocsinventory-server: Configuração incorreta. `IPDISCOVER_LINK_TAG_NETWORK` não está definido. Padrão: `0`
AH00558: httpd: Não foi possível determinar com segurança o nome de domínio totalmente qualificado do servidor, usando fe80 :: 250: 56ff: fe9c: 27ad. Defina a diretiva 'ServerName' globalmente para suprimir esta mensagem"

Porém, isso não significa exatamente que o erro de ficar processando se corrigirá, mas corrija a configuração no OCS e sete o ServerName no Apache, reinicie e veja se muda alguma coisa.

"Para solicitar seu inventário ipdiscover, você pode identificar sua sub-rede por um nome e um ID. Vá para Manage > Network scan, Administer subnet, clique em ADD.

Administrar sub-rede

Defina o nome, o ID, o endereço IP e a rede e clique em OK.

Note: o campo TAG pode ser usado apenas se IPDISCOVER_LINK_TAG_NETWORK estiver ativado.

Administrar sub-rede

Agora, se você retornar Inventory > IpDiscover, poderá ver sua sub-rede com a descrição da rede."

https://wiki.ocsinventory-ng.org/06.Network-Discovery-with-OCS-Inventory-NG/Using-IP-discovery-featu...

E veja esta outra linha:
[Tue Aug 03 17:16:54.792733 2021] [http2:warn] [pid 50588:tid 139882005215552] AH02951: mod_ssl does not seem to be enabled
mod_ssl parece não estar habilitado, caso tu esteja usando ssl para comunicação (não sei) o fato do ssl não estar habilitado dará problema.

E esta outra linha:
[Tue Aug 03 17:16:54.213613 2021] [core:notice] [pid 50588:tid 139882005215552] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
O SELinux está habilitado, de repente, como última opção, talvez ele esteja se metendo na comunicação.

E veja este link, quem sabe te ajuda também.
https://www.vivaolinux.com.br/topico/Duvidas-em-Geral/Agente-OCS-nao-se-comunica-com-server

ekkra
(usa CentOS)

Enviado em 04/08/2021 - 19:03h

Olá Buckminster,

Ainda não configurei o SSL portanto ignorei esta linha do mesmo modo que não configurei ainda o IPDISCOVER.
Obrigado pela dica do Hostname, eu a alterei mas ainda permaneço com o mesmo problema. Dei liberação ao SELinux aos diretorios principais do /usr/share/ocs*... mas não me adiantou de nada... Continuo tentando.

Buckminster
(usa Debian)

Enviado em 04/08/2021 - 19:19h

Vamos ver se o problema é na rede em si.
Tentou pingar o servidor OCS da estação e vice-versa?
Tentou pingar pelo IP e depois pelo nome?
Verificou o firewall do server e da estação?

Katherine146
(usa NetBSD)

Enviado em 05/08/2021 - 02:08h

Inventory feature. OCS Inventory NG uses an agent that launches an inventory on client computers, a management server centralizes the results of inventories.

https://www.navyarmyccu.ltd/

ekkra
(usa CentOS)

Enviado em 05/08/2021 - 10:04h

Minha estação está pingando com a estação do OCS normalmente, tanto pelo IP quanto pelo hostname, e também meu servidor OCS está pingando com qualquer estação de minha LAN.

O Firewall de host do meu servidor OCS estão com os seguintes serviços ativos: HTTPS, HTTP, MYSQL,SSH.

[madson@ocsinventory ~]$ sudo firewall-cmd --list-all
[sudo] senha para madson:
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: cockpit dhcpv6-client http https mysql ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Realmente já não sei o que tentar. Vou tentar subir utilizando o Centos 7 invés do 8.

ekkra
(usa CentOS)

Enviado em 05/08/2021 - 11:32h

Refiz a configuração do z-ocsinventory-server e agora meu problema foi resolvido. Obrigado pela atenção de qualquer forma.

Buckminster
(usa Debian)

Enviado em 05/08/2021 - 11:43h

De nada.