OCS Inventory: Unified Unix Agent

Mac Agent 1.1 pkg error

Bug #768949 reported by Salvatore Cristofaro
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OCS Inventory: Unified Unix Agent
In Progress
Medium
mortheres

Bug Description

I installed the Mac Agent (http://launchpad.net/ocsinventory-unix-agent/stable-1.1.2/ocsinventory-unix-agent-1.1.2.1/+download/Agent_MacOSX_1.1.pkg.zip) on a PPC (Tiger), but there's an error when it try to connect to the server.

# sudo /Applications/OCSNG.app/Contents/MacOS/OCSNG
could not find ParserDetails.ini in /Applications/OCSNG.app/Contents/Resources/lib//XML/SA (<-- this message appers only some time)
#

--- /var/log/ocsng.log ---

[Fri Apr 22 13:59:04 2011][debug] Ocsinventory unified agent for UNIX, Linux and MacOSX 1.1
[Fri Apr 22 13:59:04 2011][debug] Log system initialised (File)
[Fri Apr 22 13:59:04 2011][info] You should run this program as super-user.
[Fri Apr 22 13:59:04 2011][debug] --scan-homedirs missing. Don't scan user directories
[Fri Apr 22 13:59:04 2011][debug] Accountinfo file: /var/lib/ocsinventory-agent/https:__xxx.xxx.xxx_ocsinventory/ocsinv.adm
[Fri Apr 22 13:59:04 2011][debug] Turns CompatibilityLayer on for /etc/ocsinventory-agent/modules.conf
[Fri Apr 22 13:59:04 2011][debug] Time to call Proc::Daemon
[Fri Apr 22 13:59:04 2011][debug] Daemon started
[Fri Apr 22 13:59:04 2011][debug] Proc::PID::File avalaible, checking for pid file
[Fri Apr 22 13:59:04 2011][debug] OCS Agent initialised
[Fri Apr 22 13:59:04 2011][info] Going to sleep for 29 second(s)
[Fri Apr 22 13:59:33 2011][debug] Calling handlers : `start_handler'
[Fri Apr 22 13:59:33 2011][debug] Compress::Zlib is not avalaible! The data will be compressed with
        gzip instead but won't be accepted by server prior 1.02
[Fri Apr 22 13:59:33 2011][debug] sending XML
[Fri Apr 22 13:59:33 2011][debug] Calling handlers : `prolog_writers'
[Fri Apr 22 13:59:33 2011][debug] sending: <?xml version="1.0" encoding="UTF-8"?>
<REQUEST>
  <DEVICEID>Giovanni-2011-04-21-14-58-03</DEVICEID>
  <QUERY>PROLOG</QUERY>
</REQUEST>
[Fri Apr 22 13:59:33 2011][error] Cannot establish communication : 500 Can't connect to xxx.xxx.xxx:443 (Invalid argument)
[Fri Apr 22 13:59:33 2011][info] Don't send the inventory
[Fri Apr 22 13:59:33 2011][debug] Calling handlers : `end_handler'
[Fri Apr 22 13:59:33 2011][info] Going to sleep for 3 second(s)
[Fri Apr 22 13:59:36 2011][debug] Calling handlers : `start_handler'
[Fri Apr 22 13:59:36 2011][debug] Compress::Zlib is avalaible.
[Fri Apr 22 13:59:36 2011][debug] sending XML
[Fri Apr 22 13:59:36 2011][debug] Calling handlers : `prolog_writers'
[Fri Apr 22 13:59:36 2011][debug] sending: <?xml version="1.0" encoding="UTF-8"?>
<REQUEST>
  <DEVICEID>Giovanni-2011-04-21-14-58-03</DEVICEID>
  <QUERY>PROLOG</QUERY>
</REQUEST>
[Fri Apr 22 14:07:07 2011][debug] Ocsinventory unified agent for UNIX, Linux and MacOSX 1.1
[Fri Apr 22 14:07:07 2011][debug] Log system initialised (File)
[Fri Apr 22 14:07:07 2011][debug] --scan-homedirs missing. Don't scan user directories
[Fri Apr 22 14:07:07 2011][debug] Accountinfo file: /var/lib/ocsinventory-agent/https:__xxx.xxx.xxx_ocsinventory/ocsinv.adm
[Fri Apr 22 14:07:07 2011][debug] Turns CompatibilityLayer on for /etc/ocsinventory-agent/modules.conf
[Fri Apr 22 14:07:07 2011][debug] Time to call Proc::Daemon
[Fri Apr 22 14:07:07 2011][debug] Daemon started
[Fri Apr 22 14:07:07 2011][debug] Proc::PID::File avalaible, checking for pid file
[Fri Apr 22 14:07:07 2011][debug] OCS Agent initialised
[Fri Apr 22 14:07:07 2011][info] Going to sleep for 15 second(s)
[Fri Apr 22 14:07:22 2011][debug] Calling handlers : `start_handler'
[Fri Apr 22 14:07:22 2011][debug] Compress::Zlib is not avalaible! The data will be compressed with
        gzip instead but won't be accepted by server prior 1.02
[Fri Apr 22 14:07:22 2011][debug] sending XML
[Fri Apr 22 14:07:22 2011][debug] Calling handlers : `prolog_writers'
[Fri Apr 22 14:07:22 2011][debug] sending: <?xml version="1.0" encoding="UTF-8"?>
<REQUEST>
  <DEVICEID>Giovanni-2011-04-21-14-58-03</DEVICEID>
  <QUERY>PROLOG</QUERY>
</REQUEST>
[Fri Apr 22 14:07:22 2011][error] Cannot establish communication : 500 Can't connect to xxx.xxx.xxx:443 (Invalid argument)
[Fri Apr 22 14:07:22 2011][info] Don't send the inventory
[Fri Apr 22 14:07:22 2011][debug] Calling handlers : `end_handler'
[Fri Apr 22 14:07:22 2011][info] Going to sleep for 14 second(s)
[Fri Apr 22 14:07:36 2011][debug] Calling handlers : `start_handler'
[Fri Apr 22 14:07:36 2011][debug] Compress::Zlib is avalaible.
[Fri Apr 22 14:07:36 2011][debug] sending XML
[Fri Apr 22 14:07:36 2011][debug] Calling handlers : `prolog_writers'
[Fri Apr 22 14:07:36 2011][debug] sending: <?xml version="1.0" encoding="UTF-8"?>
<REQUEST>
  <DEVICEID>Giovanni-2011-04-21-14-58-03</DEVICEID>
  <QUERY>PROLOG</QUERY>
</REQUEST>

--- CUT ---

--- /etc/ocsinventory-agent/ocsinventory-agent.cfg ---
server=https://ocs.xxx.xxx/ocsinventory
noproxy=1
ssl=1
authrequired=1
user=agent
password=xxx
cabundle=cacert.pem
logger = File
logfile=/var/log/ocsng.log
delaytime=30
debug=2
--- CUT ---

--- /etc/ocsinventory-agent/modules.conf ---
# this list of module will be load by the at run time
# to check its syntax do:
# $perl modules.conf
# You must have NO error. Else the content will be ignored
# This mechanism goal it to keep compatibility with 'plugin'
# created for the previous linux_agent.
# The new unified_agent have its own extension system that allow
# user to add new information easily.

# use Ocsinventory::Agent::Option::Download;

# DO NO REMOVE the 1;
1;
--- CUT ---

#uname -a
Darwin Giovanni.local 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:57:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_PPC Power Macintosh

Tnx you in advance for support

Revision history for this message
mortheres (mortheres) wrote :

Hi,

Several options you set in your ocsinventory-agent.cfg seems to be directly get from the OCS Windows agent configuration file. However, OCS Unix Agent and OCS Windows agent don't use the same configuration options.

To test if your agent works, can you try to desactivate SSL and use simple configuration. This is an example of a simple configuration to put in ocsinventory-agent.cfg:

basevardir=/var/lib/ocsinventory-agent
server=http://ocs.xxx.xxx/ocsinventory
logfile=/var/log/ocsng.log

Kind regards,

Guillaume

Revision history for this message
Nick Phillips (nick-phillips) wrote :

I think this may be caused by the problem I described at https://bugs.launchpad.net/ocsinventory-unix-agent/+bug/736511 - if the server version is < 1.02

Cheers,

Nick

Revision history for this message
Salvatore Cristofaro (salvatore-cristofaro) wrote :

The server version is 2.0rc4.

I'll test desactivateing SSL as soon as possible,

Just a question: what are the options to include in the ocsinventory-cfg to enable SSL connection with username and password for Mac OS X agent?

Is there a MacOSX Agent .pkg file for 2.0rc4 ?

Thanks you in advance,
Salvatore

Revision history for this message
mortheres (mortheres) wrote :

Hi,

You can enable https communication with user/password information by adding these lines in ocsinventory-agent.cfg:

server=https://your.ocs.server/ocsinventory
user=myuser
password=mypassword

The New OCS Agent 2.0 .pkg will released in a separate release after the 2.0 final release. All the bugs has not been corrected for the moment and that's why we cannot release the pkg MacOSX agent for the moment. Don't worry, you will be warned of this special release here (launchpad bugtrack) and by news on OCS website.

Kind regards,

Guillaume

Revision history for this message
Salvatore Cristofaro (salvatore-cristofaro) wrote :

Hi,

I make server to listen on 80 too (without SSL) and all works fine... but it's insecure.
Have you any news on 2.0 Mac OS X pkg?

Thanks you in advance.

mortheres (mortheres)
Changed in ocsinventory-unix-agent:
assignee: nobody → mortheres (mortheres)
Revision history for this message
Boris Polyak (boris-polyak) wrote :

I get the same behavior with agent 2.0beta1 on OS X 10.5, PowerPC.
It works sans https, but it won't submit over https.

Revision history for this message
mortheres (mortheres) wrote :

Hi,

Can you make tests using the new OCS MacOSX agent 2.0 beta4 release : http://launchpad.net/ocsinventory-unix-agent/stable-2.0/2.0.3/+download/Ocsinventory_Agent_MacOSX_beta4.pkg.zip ? Can you send us OCS agent logs and /var/log/system.log content when it happens ?

Kind regards,

Guillaume

Revision history for this message
M@ Childress (childrss) wrote :

I'm running OCSinventory_Agent_MacOSX_beta4 and I've got it sucessufully deployed via ARD and Munki to about 20 macintoshes running primarily 10.6.8 and a few on 10.7.2 (or perhaps .3 now) and it's working wonderfully, though I had to do quite a bit of hacking to make a secondary installer with luggage to configure OCS via placing files in specific directories/launchctl plists and scripts -- if there's a place where this is documented OR I could document what I did I'd be happy to!

I'm seeing this error as well in my /var/log/ocsng.log:

         Cannot establish communication : 500 Can't connect to xxx.xxx.xxx.xxx:443 (Invalid argument)

And from some quick research it seems to have to do with the WindowServer in 10.5 and "Untrusted apps are not all
owed to connect to or launch Window Server before login" discussed on Apple's forums here:

http://lists.apple.com/archives/macos-x-server/2008/May/msg00707.html

from my /var/log/system.log:

Feb 7 16:56:13 xxx-xxx OCSNG[210]: 3891612: (connectAndCheck) Untrusted apps are not all
owed to connect to or launch Window Server before login.
Feb 7 16:56:13 xxx-xxx org.ocsng.agent[210]: Tue Feb 7 16:56:13 xxx-xxx OCSNG[
210] <Warning>: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch
Window Server before login.
Feb 7 16:56:13 xxx-xxx /Applications/OCSNG.app/Contents/MacOS/OCSNG[210]: _RegisterAppli
cation(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection()
is NULL.
Feb 7 16:56:13 xxx-xxx org.ocsng.agent[210]: _RegisterApplication(), FAILED TO establish
 the default connection to the WindowServer, _CGSDefaultConnection() is NULL.
Feb 7 16:56:13 xxx-xxx authexec[211]: executing /Applications/OCSNG.app/Contents/Resourc
es/ocscontact
Feb 7 16:56:13 xxx-xxx ocscontact[211]: Running ocscontact
Feb 7 16:56:13 xxx-xxx org.ocsng.agent[210]: 2012-02-07 16:56:13.746 ocscontact[211:913]
 Running ocscontact
Feb 7 16:56:13 xxx-xxx org.ocsng.agent[210]: could not find ParserDetails.ini in /Applic
ations/OCSNG.app/Contents/Resources//lib//XML/SAX

Revision history for this message
M@ Childress (childrss) wrote :

Turning off the secure sockets (changing https:// to http:// ) in /etc/ocsinventory-agent/ocsinventory-agent.cfg does indeed solve the reporting problem -- it checks in just fine.

Which is good enough for *our* purposes to call it a non-issue for us as we use Munki for deployment on the macs so the secure sockets is not that much of an issue, plus we're phasing out 10.5 as it is not actively security patched.

Having our Macs and PCs (and hopefully soon our iOS and Android) devices all inventoried in one place will be most excellent!

Revision history for this message
mortheres (mortheres) wrote :

Hi,

Thanks a lot for your report.

Yes there is a SSL problem under Tiger (and surely under Leopard) because it only uses libssl 0.97 and Crypt::SSLeay and Net::SSLEay are compiled using lissl O.98 under OCS MacOSX agent beta4. I am currently working on it and maybe we will have to compile Crypt::SSLeay and Net::SSLeay using libsssl 0.97 to garantee compatibility with MacOSX Tiger and Leopard....:( :(

About the "Untrusted apps are not allowed to connect to or launch Window Server before login", can you tell us when this error occurs ? When you launch OCSNG.app manually by clicking on it or by launching it using Launchd ? Rebooting system after isntall solves the problem ?

For information, a OCS MacOSX agent packager is currently in development. Using this packager, you will be able to customize OCS MacOSX installer file (.pk) using a graphical interface to set your configuration and your certificate file. It will generate a custom .pkg file (including your configuration and files) that you will be able to deploy using Apple Remote Desktop or "install -pkg package.pkg -target /" command. OCS MacOSX agent will be the brother of OCS WIndows packager ;) ;).

Kind regards,

Guillaume

Revision history for this message
M@ Childress (childrss) wrote :

"For information, a OCS MacOSX agent packager is currently in development. "

That sounds very nice. However until that is made available, is there a place where I can document for others the process that worked for me (and others that are more knowledgeable may review my work?)

For many that would use OCSInventory on a mac, knowledge of how to create a .pkg file using The Luggage would be very handy -- necessity is indeed the mother of invention (or in this case, learning ;-)

mortheres (mortheres)
Changed in ocsinventory-unix-agent:
importance: Undecided → Medium
status: New → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.