Over the last months we have worked intensively on a new generation of opsi-client-agents.
With the release on 05.08.2021 we have published them under "testing".
This blogpost is intended to highlight their new features, as well as changes in their structure and handling.
-
The opsi-client-agents 4.2.x are compatible with opsi 4.1, but some of the new features, like providing the installer, only work with a current opsi 4.2 config server.
-
All Windows versions starting from NT6.0 are supported by opsi-client-agent 4.2.x, older Windows versions are no longer supported.
-
The installation procedures of the different modes (OS installation / service_setup / opsi-deploy-client-agent/ update via service) have been unified and simplified. Installations of the opsi-client-agent now always take place in service context.
For OS installation, opsi-deploy-client-agent and service_setup, a connection to the opsi service is now established first, so that all configurations, product properties, etc. can be retrieved directly from the opsi service.
This eliminates the need to use config files (e.g. config.ini) and duplicate installation as part of the OS installation.
-
Additionally there is now a comfortable installer to install the opsi-client-agent without the need to connect to the opsi depot share first.
This installer is provided by the opsi config server and can be downloaded from https://<config-server>:4447/public/opsi-client-agent without authentication.
-
The installer and the service_setup now use an installation helper. This finds available opsi 4.2 config servers in the LAN via Zeroconf automatically.
-
The installation and update of the opsi-client-agents usually do not need a reboot anymore.
-
The action processor opsi-script (successor of opsi-winst) is now included (also for windows).
To enable updates of the action processor, the opsi package "opsi-script" should be installed on all depots.
-
The opsiclientd included in the opsi-client-agent now uses a server certificate issued by the configserver via the "opsi CA".
Clients that trust the "opsi CA" also trust the certificate of the opsiclient (client port 4441).
-
File permissions under windows are set via icacls, which makes the process now much more performant.
-
opsi-client-agent, opsi-linux-client-agent and opsi-mac-client-agent have been aligned so that their structure is now (largely) consistent. For windows and linux an extensible postinst mechanism is available to install the respective opsi-client-agent after netboot installation and to make adjustments if necessary.
-
The structure of the client-agents is now so that under CLIENT_DATA directly the setup.opsiscript is located, which regulates the installation procedure. In addition opsi-deploy-client-agent (and opsi-deploy-client-agent41 for compatibility with very old server operating systems under opsi4.1) and the oca-installation-helper are located there. The latter is used by service_setup (, silent_setup) and the installer and assists in setting the configuration for a new client. custom files, which should overwrite the defaults, can be stored under CLIENT_DATA/files/custom.
-
On Linux, opsi-script and opsi-client-systray are now compactly located under /opt so that they can be updated efficiently - the update_action_processor thus also extends to the opsi-script libraries, default skin and locales.
-
The opsiclientdguard which previously existed to restart the opsiclientd service in case of a crash is no longer necessary and has been removed from the opsi-client-agent (on windows).
These changes were made with the goal of making the client-agents simpler, more efficient and easier to maintain.
We hope that you like the new features and we always appreciate your feedback and suggestions.