Automated Server-based Deployment of ZENworks Desktop Management 7
Novell Cool Solutions: Feature
By Peter Lambrechtsen
Digg This -
Posted: 5 Jan 2006
- Executive Summary
- The ZENworks Desktop Management 7 Deployment
- CPK Variables
- Deploying the CPK using the standalone deployer
- Known issues
- Rebuilding the CPK
- Appendix A: Credits and Legal Attribution
In today's business environment, manually installing ZENworks Desktop Management 7 (ZDM7) across an enterprise in a consistent and handsoff way cannot be done with the current ZENworks Desktop Management 7 Installer. It is a well known fact that automating the installation process can significantly lower a system's total cost of ownership.
Typically, when administrators want to install ZDM7 to a given Server, they need to Launch the ZDM7 Installer, select the server and select the component they wish to install. The Installer then attaches to the server, stops the services, copys the files and restarts all the services. All the while the administrator is monitoring the screen for its completion. The time involved can be anywhere between half an hour and two hours?and sometimes even more. Multiply that by hundreds of servers and many patches?the costs to your business can skyrocket.
From a physical-networking perspective, things become even more complex. You have two options of installing, either running the install over the wire to the remote server if the WAN has sufficient bandwith, or getting the whole installation CD (via copying over the WAN or physically sending a CD out to that site) and running the installation remotely from a Windows workstation. This raises a whole host of logistic issues such as finding a Windows PC you can use, making sure it's Novell Client is up to date, making sure no one turns it off, and what happens if the Windows PC hangs and you don't have anyone onsite to reboot it?
This white paper addresses all of these concerns by showing how a pre-built ZENworks Server Management Complied Package (CPK) can be used to deploy ZENworks Desktop Management 7 software. This is using two methods. One using the ZENworks Server Management ?Standalone Deployer? which can be run on a server without a complete installation of ZENworks Server Management Tiered Electronic Distribution. The other is using ZENworks Server Management Tiered Electronic Distribution to automate and schedule the distribution of the package throughout the enterprise.
In this white paper I hope to show you the pre-built CPK Novell provides now for ZENworks Desktop Management 7 is by far the quickest and easiest way to deploy ZENworks Desktop Management 7 to multiple backend servers.
This pre-build CPK has been taken from the ZENworks Desktop Management 7 installer. A CPK is merely a compiled package of files and the logic it needs to deploy successfully onto your servers. For more information on Software packages see this section of the documentation.
- English Only - The package only includes the English language files for all components (ConsoleOne, NLM help files, etc.). This was done to reduce the overall size of the CPK, and since all of the customers I have ever worked with use English.
- Variables used - If you are planning to use ZENworks Server Management to deploy the CPK, you MUST define all variables or the package will fail to install. This means all 18 variables will either need to be defined on the destination subscriber, or using a Service Location Package that defines the "global" variables, and have server-specifics defined per subscriber. This is a very important fact, since if you use the "standalone" deployer instead, only the components you wish to install need their variables to be defined.
- NetWare Only - This is a NetWare-only install; Windows and Linux are not currently supported. I intend to build support for a CPK Install on Windows and Linux before BrainShare 2006.
- Schema - None of the schema changes are done in this CPK. It is assumed that you have already extended the schema and licensed ZENworks Desktop Management 7
- Debug Install - If you wish to enable debugging on the installation you need to create an empty file in SYS:\ called "ZDMCPK-DEBUG" — this means that all the working files that are created in SYS:\ZDMCPK will not be removed at the end of the deployment.
- No Standalone - The Install will not create the "Standalone" server policy package for Inventory.
- Java Shutdown - Unlike when you are using the regular Windows installer, with this you do not need to shut down Java (unless existing ZENworks Desktop Management components are running). It is recommended that you shut down all ZENworks components (using ZFDSTOP.NCF and INVSTOP.NCF) prior to installing the CPK. The majority of testing has been done on a "clean" server without existing ZENworks components already installed.
Two extra Java Applications are also distributed with the CPK to allow for two functions that are not available in ZENworks Server Management CPK by default.
- SetZfDPassword.class) This class sets the "zenwmid" attribute to the required objects. The "zenwmid" attribute is a special attribute that ZENworks uses to allow workstations (and Imaging, Inventory, etc.) to login to the directory itself without needing a user account. It's a one-way password hash that is set in conjunction with a traditional "Public Key/Private Key" password that is assigned to the object (this can be viewed via DSBROWSE, you will see that all objects that have a zenwmid attribute also have a "Public Key" attribute on them. This Java Class sets the password using the Admin User.
- Iniedit.class) This class allows for editing of INI files. There isn't support for editing INI files natively in the CPK, so this class is used to edit the SYS:\SYSTEM\zenworks.properties file which is an INI-formatted file that other applications depend on. This was compiled with assistance from Stephen Kavanagh, and used IniEditor (a Java INI file editor found here).
This CPK uses ICE.NLM on the server to import a number of LDIF files into eDirectory to create the necessary objects. It uses SSL to connect to the server and accesses the SSL key via SYS:\PUBLIC\ROOTCERT.DER. This file must exist and be the correct Public Key of the Certificate Authority for the tree. Unless the server has been rebuilt from a different tree, this should not be an issue.
There are 18 Variables that need to be defined for the CPK to successfully install. The first 12 variables are used to define which components you wish to install. They directly relate to the different components you can select during the regular Windows-based install.
The following variables must be defined to install the following sub-components of ZENworks Desktop Management. The value of the variable must be the same as the variable name to install the component. Otherwise set the value to "DISABLED" to not install the component:
- ZDMCPK-APPMGMT - Installs Application Management
- ZDMCPK-WKSMGMT - Installs Workstation Management (including Remote Control, Remote Management and Wake On Lan)
- ZDMCPK-SYBASE - Installs Sybase Database (Required for INVDB & NALDB)
- ZDMCPK-NALDB - Installs the desktop management database
- ZDMCPK-INVDB - Installs the inventory database
- ZDMCPK-INV - Installs the inventory server
- ZDMCPK-INVPROXY - Installs the inventory proxy
- ZDMCPK-IMAGING - Installs imaging
- ZDMCPK-PXE - Installs the PXE components for imaging
- ZDMCPK-LOCALDHCP - Modifies the PDHCP.INI to enable DHCPSRVR.NLM and PDHCP.NLM to load on the same server. Refer to TID 10069274 for more information.
- ZDMCPK-AWSI - Installs Workstation Import / Removal Server
- ZDMCPK-CONSOLEONE - Installs ConsoleOne Snapins to the server
Additional Variables needed that aren't in the regular Windows Install.
- ZDMCPK-SYBASE - As stated above, this variable is needed for NAL Database and Inventory Database.
- ZDMCPK-LOCALDHCP - As stated above, this makes the changes to the PDHCP.INI.
As you can see above, the variables directly correlate to the settings during a ZENworks Windows-based install.
Below is a screenshot from ConsoleOne against a Subscriber showing all the components enabled as variables. The Variable and the value need to be the same, otherwise set the variable to DISABLED to not install the component.
The following variables need to be set to the volume that you want to install the component to. These variables should be set to the volume name only including the colon, as follows: "ZEN:" - there should be no trailing backslash.
- ZDMCPK-INVRMVOL - Inventory and / or Remote Management Volume.
- ZDMCPK-DBVOL - NAL / Inventory Database Volume.
If you are not installing these components then you still need to define the variable, but set the value to DISABLED.
Screenshots from the regular windows installation and how they compare to the CPK Variables.
CPK Variable: ZDMCPK-INVRMVOL
CPK Variable: ZDMCPK-DBVOL
Screenshot from the subscriber showing the variables defined.
- USER_ID - The eDir / NDS-Formatted DN for the Admin User (IE "CN=Admin.O=Novell")
- PWD - Password for Admin User ID
- TREE - Name of the tree
- EDIRSERVER_DN - The eDir / NDS Formatted DN for the Server (IE "CN=SERVER.OU=SERVERS.O=NOVELL")
Both the USER_ID and EDIRSERVER_DN variables MUST be the eDirectory (NDS)-formatted DN for the object specified. There must be no leading period (dot / "."). If they are not typeful (IE CN= OU= O= C=) and not eDirectory formatted (with the period / dot / "." to delimit them) then the install WILL fail. The USER_ID is used in a number of places to login to the server, sometimes as a eDirectory object, other times to login using ICE using an LDAP-formatted DN to login. The same applies to the EDIRSERVER_DN variable: it MUST be eDirectory formatted.
Here is a screenshot of the Installation Specific Variables defined on the Subscriber:
The following ZENworks Server Management TED system variables are used. If you use the standalone deployer you need to define all the variables on the command line except IP_ADDRESS:
- SERVER_NAME - The name of the server (IE "SERVER")
- IP_ADDRESS - The IP Address of the server (IE "10.1.2.3")
- SERVER_DN - The unqualified DN of the server object (IE "SERVER.SERVERS.NOVELL")
These variables are already defined in the CPK, and can be changed where necessary to integrate support packs into the CPK, by modifying the SPK and re-compiling the CPK.
- ZDM_SUPPORTPACK. This is set to 0
- ZDM_LANGUAGE. Set to 1033 for English (All non-English files have been stripped from the CPK)
- ZDM_VERSION1. This version number is used by INV, WKSMGMT, INVDB, NALDB, ZWSPROXY.
- ZDM_VERSION2. This version number is used by COMMON, APPMGMT, IMAGING, PXE, AWSI
- ZDM_INSTALLEDFROM. This is a generic variable used to normally describe where ZDM was installed from. This is normally "Product CD", but in the CPK it is set to "CPK".
As shown above, you can use ZENworks Server Management Tiered Electronic Distribution to deploy the CPK. However, if you do not have TED installed, or would like to use the standalone deployer, then this is also possible. The standalone is a extremely stripped-down version of TED with only the necessary Java files required to install the CPK.
Its syntax is quite straightforward where you need to specify the name of the CPK, set the logging level (normally 6 to get the most information) then the variables plus values you need. This is shown below with the significant line out of the ZDM7.NCF (which is included in the ZIP file). The CPK and NCF file should be copied into SYS:\CPK along with the standalone deployer for the CPK to install. The standalone deployer should also be installed into SYS:\CPK\ZSM directory.
The below snippet should all be on the same line.
--- Snippet from ZDM7.NCF --- java -ns -noclassgc -classpath $zfspaths com.novell.application.servman.services.softwarepackage.PackageProcessor sys:\cpk\zdm7deploy.cpk 6 ZDMCPK-APPMGMT ZDMCPK-APPMGMT ZDMCPK-WKSMGMT ZDMCPK-WKSMGMT ZDMCPK-SYBASE ZDMCPK-SYBASE ZDMCPK-NALDB ZDMCPK-NALDB ZDMCPK-INVDB ZDMCPK-INVDB ZDMCPK-INV ZDMCPK-INV ZDMCPK-INVPROXY ZDMCPK-INVPROXY ZDMCPK-IMAGING ZDMCPK-IMAGING ZDMCPK-PXE ZDMCPK-PXE ZDMCPK-AWSI ZDMCPK-AWSI ZDMCPK-CONSOLEONE ZDMCPK-CONSOLEONE ZDMCPK-INVRMVOL ZEN: ZDMCPK-DBVOL DB: USER_ID "CN=ADMIN.O=NOVELL" PWD NOVELL TREE ZSM1 EDIRSERVER_DN "CN=SRV1.OU=SRV.O=NOVELL" SERVER_DN "SRV1.SRV.NOVELL" SERVER_NAME SRV1 --- End ---
As you see above, the SERVER_DN and the SERVER_NAME need to be additionally defined as well as all other variables, since the standalone deployer doesn't know about those variables.
You can use "SHOWVARS" in ZENworks Server Management to see which default variables have already been defined.
- We don't create the "Standalone" server policy package for these reasons. It can be easily be created in the directory using ConsoleOne afterwards and most administrators want to customize the server policy packages they create.
- Have an existing Sybase database already running on the server. If the server already has a Sybase database running (such as the Server Management Database for ZENworks Server Management etc) there will already be a SYS:\SYSTEM\MGMTDBS.NCF which is the startup script used to start the databases. Unfortunately there is no easy way to append to a particular line in a CPK, so this file will need to be cleaned up. Please ensure that the LOAD DBSRV8.NLM has all the databases on the same line (ie LOAD DBSRV8.NLM ... DB:\ZFSLOG.DB DB:\NAL.DB DB:\MGMTDB.DB etc). And remove all additional references to LOAD DBSRV8 from the second line.
- ZENworks Web Server. If you are installing the CPK using ZENworks Server Management then neither the ZENworks Web Server (component of Inventory) or the Inventory XML Proxy server are installed. This is due to the fact that the ZENworks Web Server and Inventory XML Proxy are already installed as part of the ZSM installation.
- Inventory (XML) Proxy. By default the XML Proxy Port is set to 65000 during the installation. If you want to change the port to anything other than the default port of 65000, you will need to edit this file:
And change the line:
to whatever you want the Proxy Port to be set to. (It was easier to have this change done manually than to add another variable.)
For some of you, this compiled CPK may be either too large or too cumbersome. You may not want to have to manage so many variables and may merely be looking for a way to install each component in a separate CPK. In order to satisfy these requirements, we are providing the SPK (Source Package) as well as the CPK (Compiled Package). The SPK only contains the logic and a location to where to pull in the files when you got to compile. See the online docs for more information on how to compile SPKS.
The Source package needs to be extracted to S:\ZENworks\Build\.... The ZIP file has the top directory starting with ZENworks and has the sub-structure below that.
The easiest (and fastest) way to extract the CPK is to unzip it to C:\ZDMCPK. Then use the windows command "SUBST" to substitute the S drive to C:\ZDMCPK. In a command prompt do the following "SUBST S: C:\ZDMCPK". Then with the ZENworks Server Management ConsoleOne Snapins installed you can under "Server Software Packages" right-hand click and select "Insert Software Package". Now browse to "S:\ZENworks\Build\ZDM7Deploy.spk" and you will have the package available for editing as per the screenshot below:
I am not going to go into the details of each sub-component (but I will at BrainShare 2006!). But if you have done work with building a CPK before then it will be all reasonably straightforward. Be sure to read the text on each Component. I've heavily documented each one with instructions on what they do and why they are doing it.
This install CPK will help reduce not only the install time but will save on network traffic since the CPK can be copied in non-peak hours. This means you can have a completely hands-off installation of ZENworks Desktop Management 7 in less than 5 minutes and only need to transfer ~140Megs across the wire instead of the ~700 megs that transfers as part of a regular Windows installation. Also the installation can be done completely remotely and you don't need to have a Windows workstation on the local site to perform the installation.
For the CPK we do not believe a re-boot is required as when tested all services loaded cleanly.
- Peter Lambrechtsen Senior Consultant, Consultant, Novell New Zealand.
Contributors and Reviewers
- Martin Irwin - Global Resolution Engineer, ZENworks, Worldwide Support Services, Novell, Inc.
- Oliver Koelsch - Senior Consultant, Consulting, Novell Germany.
- Stephen Kavanagh - Senior Developer, Novell New Zealand.
- Martin Buckley - Evil ZEN Scientist, Novell, Inc.
- Rolf Lennertz - Technical Architect, Consulting, Novell Germany.
Thanks, Martin I., for all your help and direction on CPKs, Oliver for fantastic testing provided. Stephen for knocking out a Java class in no time flat. Martin B, for being a wealth of contacts and being the Evil ZEN Scientist. Last but not least, Rolf for providing me the zenwmid Java Class, without which it would have never come together.
Linux is a registered trademark of Linus Torvalds. Sybase are trademarks or registered trademark of Sybase, Inc. or its subsidiaries. IniEditor is Copyright © 2003-2005, Nik Haldimann available from http://ubique.ch/code/inieditor/ - modifications to the original source are available in the CPK as part of iniedit.jar. All other company and product names mentioned may be trademarks of the respective companies with which they are associated.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com