NSClient++ Help (#1) - Configuration management (#623) - Message List
Hello.
I'm trying to manage nsclient++ deployement on a server park.
I already figured out how to install the binary using the msi installer, and a couple GPOs (one for each 32bits/64bits architecture). However, I'm still needing to distribute the configuration, and also ensure the service is refreshed everytime it changes.
I initially tried to use registry-based configuration, and create an admx-based configuration template. However, I'm facing a design-limitation here: templates can only configure a fixed list of registry key/values, whereas nsclient++ uses a dynamic list of registry values for its module list. So, it seems to be a dead end.
I then switched to a machine-start script to update configuration and restart service: copy
<mydomain>\sysvol\<mydomain>\conf\NSC.ini "c:\Program Files\NSClient++\NSC.ini" /Y
net stop "NSClient++ (x64)" net start"NSClient++ (x64)"
However, this only work at machine launch, and seems ugly and primitive, especially when compared to something as puppet/cfengine on unix side. Is this really the classical way of managing windows applications on more than one machine ?
-
Message #1875
The list is actually pretty fixed (since the values do not change) and I could possibly add some "disabled" value that you can set to "not load them" if you want. The up-coming version already has such an option.
But an more interesting question would be:
How would you like it to be ?
I don't do that much "multi server installs" so i do not really know what a good approach would be so please let me know how you would like it to be and I shall try to accommodate you.
Michael Medin
mickem07/27/10 19:53:46 (19 months ago)-
Message #1926
How would you like it to be ?
A possible way could be to use https and a verifiable certificate to download new files like .ini from a server at certain intervals or a specific time. That would a way to ensure that the conf is loaded from a secure server. A bit more simplifed than using svn.
Another way is to install a sshd onto the servers and push files and restart client from remote.
sr_dev08/11/10 11:14:24 (18 months ago)
-
-
Message #1880
hey there,
I'm in the process of rolling out nsclient++ myself. Rather than use the
server\path option, I opted to use svn.I deployed svn (silksvn to be accurate) to the servers first, then checkout the nscp module.
a scheduled job does "svn update" periodically to update each servers local copy of files and restarts the nsclient++ service.
i've also got some check commands defined and some vbs scripts that will force an update and a restart of the agent.
...security is an issue for sure, but it works...
let me know if you'd like details, scripts, etc.
J
oddboy07/27/10 20:23:01 (19 months ago)-
Message #1894
Sure scripts and such would be pretty nice, I guess using subversion is a pretty good idea.
Michael Medin
mickem07/27/10 22:40:17 (19 months ago)-
Message #1913oddboy07/30/10 16:34:36 (19 months ago)
-
Message #1932
Great read oddboy!
We are working on a model which will use http (perl lwp) so that the client servers can be asked to "phonehome" to their assigned management server. Upon phoning home they provide their current templates (ini files) and plugins, include versions. Then the server will look at our cmdb to determine if these are correct and provide updates to the client, over https, as needed. This model has been in development for a while but hopefully we will go live soon. This is a great topic for discussion and I am always very interested to see how others have tackled this issue.
Ryan Ash
tavor99908/18/10 21:52:40 (18 months ago)
-
-
-
