We have redeveloped the opsi core from scratch, rewritten large parts of the opsiconfd service and ported it to Python 3. opsi 4.2 uses modern technologies for better performance, scalability and extensibility, making opsi ideal for use in very large environments at distributed sites.
The new opsiconfd service is based on the fast ASGI server Uvicorn. The web frameworks Starlette and FastAPI significantly improve the performance of the opsi server: Several worker processes can now run on one system, communicating with each other via Redis. The opsi server is thus no longer bound to a single machine, but can be run in parallel on additional instances (keyword: load balancing).
All server components can now run in Docker containers - a good base for the next few years.
Version 4.2 integrates faster and better into existing domains, because LDAP or AD authentication now runs directly via the web service thanks to an extension of the Directory Connector. It is now possible to specify an LDAP or Samba/AD server in the configuration instead of using PAM.
We have also worked on the security-stack of opsi. With opsi 4.2 an own opsi-CA was implemented. This is maintained automatically and opens the possibility to use a more secure verification between server and client by using modern technologies (TLS).
Backend and Client
The backend is largely unchanged except for a few optimizations, which ensures backward compatibility to opsi 4.1. Unlike usual, support for the previous version expires at the end of November 2021 - until then opsi 4.1 will receive security updates and patches.
We have also redeveloped the client and implemented a new build process. The agent now also uses the current Python version 3. The Linux version can now mount and work on WebDAV shares besides CIFS/SMB, which is especially important for connecting clients outside the LAN.
Just like its Windows counterpart, the Linux client now has a notifier that displays opsiclientd status messages on the desktop.
Powerful, visualized and well packaged
When implementing the new frameworks, our developers tested extensively and used a custom tool to measure performance. In the process, we repeatedly compared opsi 4.1 with the new version 4.2. In a pilot project with about 4.000 clients opsi 4.2 has already convinced one customer.
The opsiconfd infopage also benefits from the performance tests and the tools used. As mentioned Redis is used to log the session data. We use the module RedisTimeSeries, and all opsi worker processes write their performance data into a TimeSeries database. Grafana visualizes the whole thing - ready-to-use dashboards are included in the opsi packages, so that everyone can enjoy the graphical representation.
An improved packaging completes the new version. We have bundled all required Python modules, so the time-consuming packaging and installing of single Python packages is no longer necessary. opsi 4.2 controls the dependencies to other components better. Overall, this makes the installation and setup of the client management system more user-friendly.
Ready-to-use packages of opsi 4.2 are available on the download pages; as usual, there is also a virtual appliance.
Additionally we provide a new Quick-Install for quickly evaluating opsi.
The release notes inform in detail about all new features. Here you can also find a migration guide and the changelogs. The documentation for opsi 4.2 is here: https://download.uib.de/4.2/documentation/
For detailed information about opsi 4.2 including migration instructions and changelogs, please see the following release notes: