Difference between revisions of "WPKG with winexe"
From WPKG | Open Source Software Deployment and Distribution
m |
m |
||
Line 15: | Line 15: | ||
** TIMEOUT - winexe 0.90 has some bug which prevents it from exiting in some circumstances. Makes sure it's killed if it ever happens for you. | ** TIMEOUT - winexe 0.90 has some bug which prevents it from exiting in some circumstances. Makes sure it's killed if it ever happens for you. | ||
** IGNOREIPS - don't try to start software installation on these IP addresses | ** IGNOREIPS - don't try to start software installation on these IP addresses | ||
+ | |||
+ | * down in the script, correct \\\\branchdc\\unattended paths to point to your server and software/wpkg share | ||
* Create a LOGPATH directory (default: /var/log/wpkg) | * Create a LOGPATH directory (default: /var/log/wpkg) | ||
Line 52: | Line 54: | ||
* security: the script has admin username/password, so make sure to keep it in a directory which is accessible by root only | * security: the script has admin username/password, so make sure to keep it in a directory which is accessible by root only | ||
* security: winexe will present username/password in ps output. If it's a concern for you (i.e. unprivileged users can view process list on that server), you have to modify the script to use --authentication-file with winexe | * security: winexe will present username/password in ps output. If it's a concern for you (i.e. unprivileged users can view process list on that server), you have to modify the script to use --authentication-file with winexe | ||
− | + | * if you have WPKG Client running, but would rather disable it from this script, you can add these lines just before "net use \\\\branchdc\..." in the script: | |
+ | <source lang="dos> | ||
+ | taskkill /F /IM wpkgsrv.exe | ||
+ | sc config wpkgservice start= disabled | ||
+ | </source> | ||
= Script source = | = Script source = |
Revision as of 11:39, 21 December 2009
You can use Samba's preexec directive to launch a script when a PC connects to Samba. To launch WPKG on a Windows machine which connnects to Samba, we will use the below script and winexe.
Features
- will run software installation on Windows PCs without any additional client-side configuration,
Installation
- Copy/paste/save the below script on your Samba server. Note: the script should have UNIX end-of-line characters. If you use Windows, make sure your editor saves the script with UNIX end-of-line characters; if it's saved with Windows end-of-line characters, it will not work.
- Edit these variables:
- WINUSER, PASSWORD - user which will start software installation (must have admin privileges),
- LOGPATH - where to store our logs,
- WINEXE - winexe binary,
- TIMEOUT - winexe 0.90 has some bug which prevents it from exiting in some circumstances. Makes sure it's killed if it ever happens for you.
- IGNOREIPS - don't try to start software installation on these IP addresses
- down in the script, correct \\\\branchdc\\unattended paths to point to your server and software/wpkg share
- Create a LOGPATH directory (default: /var/log/wpkg)
- to smb.conf, add this to the [global] section:
root preexec = /root/scripts/wpkg-preexec.sh %I %m %S &
- don't forget to download winexe from http://eol.ovh.org/winexe/
- That's it!
Testing
In your server terminal/shell, start:
/root/scripts/wpkg-preexec.sh 192.168.145.150 pc-name-test netlogon
Meaning of command line arguments:
- "192.168.145.150" - start software deployment on 192.168.145.150
- "pc-name-test.log" - everything will be logged to /var/log/pc-name-test.log
- "netlogon" - when a PC connects to this share, we deploy software on this PC
In a different terminal on that server, cd to /var/log/wpkg and see the logfiles (pc-name-test.log and wpkg.log).
Some more info
- prevents from starting multiple WPKG instances on a single Windows PC
- new software deployment is started by Samba in two cases:
- PC connects to [netlogon] share (happens automatically for domain PCs which are turned on; nobody has to log in)
- if /var/log/wpkg/<workstation>.log is not present, or is older than 24 hours
- security: the script has admin username/password, so make sure to keep it in a directory which is accessible by root only
- security: winexe will present username/password in ps output. If it's a concern for you (i.e. unprivileged users can view process list on that server), you have to modify the script to use --authentication-file with winexe
- if you have WPKG Client running, but would rather disable it from this script, you can add these lines just before "net use \\\\branchdc\..." in the script:
taskkill /F /IM wpkgsrv.exe
sc config wpkgservice start= disabled
Script source
#!/bin/bash
# Launches wpkg.js on a remote Windows machine
# Author: Tomasz Chmielewski (tch .at. wpkg .dot. org)
HOST_IP=$1
HOST_NAME=$2
SHARE=$3
WINUSER='DOMAIN\Administrator'
PASSWORD='secretpass'
LOGPATH=/var/log/wpkg
WINEXE=/opt/winexe
TIMEOUT=3600 # winexe seem to hang sometimes - kill it after 1 hour if it's still there
IGNOREIPS="192.168.111. 127.0.0.1 192.168.128.10"
# No need to change anything below
if [ "x$HOST_IP" == "x" -o "x$HOST_NAME" == "x" ] ; then
cat <<EOF
This script launches WPKG on a specified machine.
Usage:
$0 <host_ip> <host_name>
EOF
exit 0
fi
# We don't want to execute winexe on nagios, PDC etc.
IGNORE=0
for IGNOREIP in $IGNOREIPS; do
echo $HOST_IP | grep -q $IGNOREIP
if [ $? -eq 0 ] ; then
IGNORE=1
fi
done
if [ $IGNORE -eq 1 ] ; then
exit 0
fi
# The main "launch wpkg" function
launch_wpkg()
{
$WINEXE --debug-stderr --system -U "$WINUSER%$PASSWORD" //$HOST_IP \
cmd.exe <<EOF &>"$LOGPATH/$HOST_NAME.log"
net use \\\\branchdc\\unattended /user:$WINUSER $PASSWORD
cscript \\\\branchdc\\unattended\\packages\\wpkg\\wpkg.js /synchronize /nonotify /debug
net use /delete \\\\branchdc\\unattended
echo wpkg_run_is_done
exit 0
EOF
if [ $? -eq 0 ] ; then
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) WPKG execution finished" >>$LOGPATH/wpkg.log
elif [ $? -eq 1 ] ; then
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) cscript was already running" >>$LOGPATH/wpkg.log
else
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) unspecified error code" >>$LOGPATH/wpkg.log
fi
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) processing done" >>$LOGPATH/wpkg.log
}
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) starting processing (share hit: $SHARE)" >>$LOGPATH/wpkg.log
UPDATE=0
if [ "$SHARE" == "netlogon" ] ; then
UPDATE=1
else
grep -q "wpkg_run_is_done" $LOGPATH/$HOST_NAME.log
if [ $? -ne 0 ] ; then
UPDATE=1
else
STAMP=$(find $LOGPATH -mtime +0 -name $HOST_NAME.log)
if [ "x$STAMP" != x ] ; then
UPDATE=1
fi
fi
fi
# Check if the host was updated in the past 24 hours
if [ $UPDATE -eq 1 ] ; then
ps aux | grep winexe | grep -q $HOST_IP
if [ $? -ne 0 ] ; then
if [ "$SHARE" == "netlogon" ] ; then
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) netlogon share hit - starting WPKG" >>$LOGPATH/wpkg.log
else
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) not updated during the last 24 h - starting WPKG" >>$LOGPATH/wpkg.log
fi
launch_wpkg &
WINEXEPID=$!
while [ $TIMEOUT -gt 0 ] ; do
sleep 10
ps -C winexe | grep -q $WINEXEPID
if [ $? -gt 0 ] ; then
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) process finished - winexe ended" >>$LOGPATH/wpkg.log
exit
else
TIMEOUT=$((TIMEOUT-10))
fi
if [ $TIMEOUT -le 0 ] ; then
kill $WINEXEPID
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) killed winexe after inactivity timeout" >>$LOGPATH/wpkg.log
fi
done
else
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) winexe already running" >>$LOGPATH/wpkg.log
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) processing done" >>$LOGPATH/wpkg.log
fi
else
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) updated during the past 24 hours - skipping an update" >>$LOGPATH/wpkg.log
echo "$(date) $HOST_NAME (IP: $HOST_IP, PID: $$) processing done" >>$LOGPATH/wpkg.log
fi