Create a template configuration that can be applied to devices during an initial re-purpose or OS conversion
When installing NoTouch OS on a device, it will create a factory-default configuration. The typical workflow is that the client would get its configuration from the management server immediately afterwards. There are cases however, where this is not possible, for example when a specific Wireless LAN or network authentication configuration is needed to access the network. An easy method exists how to automatically preload a configuration to a freshly-repurposed device with the standard USB/CDROM installation (for PXE see below):
- Configure a sample device to the point you'd like to distribute
- Fetch the configuration from this device
- Place the file in the root folder of the USB medium or CD-ROM
On top of that, it is possible to add custom, machine-specific certificates.
Contents
- 1 Read out the configuration from a well-configured device
- 2 Rename and place it on the boot medium
- 3 PXE Live Boot
- 4 MSI file
- 5 Use/Install
- 6 Advanced options
- 7 Certificates
Read out the configuration from a well-configured device
Connect with your browser on your PC/workstation/laptop to the well-configured - the "template" device - and log in with your admin password. Even though it resembles the local configuration, some additional menu items are available:
- Choose "Download configuration"
- A file named HOSTNAME.cfg will be downloaded (instead of "HOSTNAME", the file name will be the actual system's DNS host name)
This file contains the full "configuration", meaning configuration parameters, but also certificates, custom templates, etc. It also contains static IP address configuration if you do not use DHCP.
Rename and place it on the boot medium
The easiest thing is to just rename the file to config.cfg and place it on the USB medium (root folder). Note: Please spell config.cfg all-lowercase, this is case-sensitive.
If, and only if you use a CD-ROM to repurpose devices, you need to create a custom ISO image. You may use third party tools provided they keep the boot capability of the ISO image, or you use the builtin method on Windows systems:
- Inside the extracted NoTouch ZIP, create a folder named "localcd", and a subfolder "images"
- Copy the config.cfg file into the "images" folder, and rename it to live.cfg
- Execute CustomizeISO.cmd
PXE Live Boot
In a PXE live boot setup, you need to:
- Get the configuration from one machine as described above
- Copy config.cfg into the Stratodesk Virtual Appliance using scp or by connecting to the notouch file share
- Make sure it resides in the /opt/clientconf/config directory (or the config subfolder of the notouch file share)
Note: This method can not be used for installation via PXE.
MSI file
If you deploy or boot via our MSI files, configuration preload could not be simpler. Simply roll out your config.cfg file and place it into the C:\ directory.
In other words, the MSI file looks - on the target machine, when executed - for a file named C:\config.cfg. If it is present, it is used, if not, default configuration will apply.
Note: Of course the MSI file should be rolled out after the config.cfg. However, whatever mechanism you use (Group Policies, Altiris, ...), if you can roll out an MSI, you can also roll out the config.cfg.
Use/Install
No extra actions have to be taken. Just install or live boot as usual. (Note: You need at least NoTouch version 2.36.13 to use configuration preload with Live Boot)
With the file present, it will be used automatically. During the textual installation, you will see a one-line text message informing you that the installer is applying the configuration to the system which is not present otherwise.
Advanced options
Modifying the configuration manually
The config.cfg file is actually a gzip-compressed tar file (tar.gz), a very common archive format in the Linux/Unix/Mac OS X world. You can open the archive and modify its internals. However, that can lead to producing unusable configuration, effectively meaning you could repurpose hundreds of devices with a totally useless configuration. So beware!
Per-machine configuration
If a file named MACADDRESS.cfg exists on the boot medium (meaning the MAC address of the local machine), it will be preferred over config.cfg. That means, you can prepare your USB stick to automatically repurpose different devices with different configuration.
Important: Type MAC addresses in a no-colon/no-dash format. So do not write 00:00:0C:12:A3:BC, nor 00-00-0C-12-A3-BC, but rather 00000C12A3BC.cfg. Only the latter is supported!
Side note: It may seem desirable to add more options such as host names, IP addresses etc. However that would defy the purpose. When using this method is mostly to pre-distribute a configuration that allows to access the network. If you have networking from the beginning there is not really a point in preloading the configuration since you could use the management center anyway.
Parameters only preload
The config.cfg contains ALL configuration. You may extract the file config.dat manually and just place this file on the boot medium. You can even create per-machine config.dat's named as MACADDR.dat similar to how described above.
Certificates
The methods described above allow to preconfigure newly repurposed devices with "configuration archives" that may already contain certificates. It is very handy to add certificates that every machine has to use to already beforehand in the configuration archive so you do not have to worry about distributing them. Please see the main article - Certificates - first to understand about how NoTouch works with certificates.
In some case, you may have to distribute machine-specific certificates, however, such as when using WPA2 or IEEE802.1X client certificates. Fortunately, NoTouch has a mechanism for that as well.
When installing/repurposing, the NoTouch installer looks if the boot medium contains a folder named certificates. In this folder, it expects to see subfolders with the names of MAC addresses, again in a no-dash/no-colon style. All files inside the folder matching the current system's MAC address will be copied to the local certificate store, possibly overwriting existing files.
Machine-certificate best practice
We suggest naming machine-specific certificates simply as "machine.crt" or similar. The reason is that you save the effort of entering a different filename into the configuration parameters (such as for WPASupplicant) on each machine. It is so easy, to configure one template machine, and then create a folder hierarchy where each machine has a folder named after the MAC address with a generic filename in there.