Configuring Linux systems for patching with OMS
Microsoft OMS recently added the “Update Solution” which provides analysis of the patch status for various operating systems and the solution and perform patch management for various operating systems. For more details on the “Update Solution” and how it compares with Configuration Manager see the recent webinar: “Battle of the Titans: Patching with ConfigMgr vs. OMS“). This blog post will cover the following topics:
- What can this solution do?
- How to easily add Linux systems and test the Update Solution
- What does the solution look like?
- Debugging tips & documentation links
What can this solution do?
The Update Solution provides analysis and patch management capabilities through Microsoft OMS. The current solution capabilities as of 3/3/2017 are as follows:
- Analysis for patch management status for both Windows Server, Windows Client and Linux Operating Systems
- The update solution also provides the ability to schedule and perform patching for Windows operating systems (Windows Server 2012 and higher)
This solution does not currently provide the ability to schedule and perform patching for:
- Systems which are integrated with Configuration Manager
Linux operating systems
How to easily add Linux systems and test the Update Solution:
Create an OMS workspace
If you haven’t already created a workspace for OMS, go to www.microsoft.com/oms and create a new workspace. You can even try it for free at: https://www.microsoft.com/en-us/cloud-platform/operations-management-suite-trial
Deploy a Linux system
Azure makes it simple to deploy one or more Linux systems. Do to this log into your Azure subscription (portal.azure.com) and create a new Linux system. Azure includes many pre-built compute options including Red Hat Enterprise Linux, Ubuntu server and more to choose from.
Install the OMS agent
To install the OMS agent we need to perform the following steps:
- Log into the Linux System
- Copy the link to install the OMS agent
- Install the OMS agent
Logging into the Linux System
Once the Linux system(s) have been deployed the next step is to log into the Linux system. The easiest way to do this was to download putty and connect to the IP address shown for the Public IP Address using the credentials which you defined when you installed the system.
An example of logging in through Putty is shown below for Ubuntu.
Copy the link to install the OMS agent
Log into the OMS console, open Settings, Connected Sources, Linux Servers. Copy the link shown under “Download and onboard agent for Linux” to the Linux system.
NOTE: Use the link provided under “Download and onboard agent for Linux” in the OMS console. What’s in the OMS console is correct and will work for the Update Solution. Do NOT use any other documentation to install the Linux agent. I ran into a situation where I installed the Linux agent from other documentation and it would not report any information to the update solution.
The following is what is available from the OMS console (and worked correctly – if this does not match what is in the OMS console, use what is in the OMS console):
wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <WorkspaceID> -s <PrimaryKey> -d opinsights.azure.com
This is NOT what’s currently documented in the Update Solution: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management
Install the OMS agent
Copy the download and onboard agent link to the Linux system you are logged into via putty. This single line downloads the agent and onboards the agent (including the addition of the Workspace ID and the Primary Key). An example of this string is shown above.
What does the solution look like?
Once the Linux systems are reporting correctly, the update management solution should now display both Windows and Linux systems as shown below.
Debugging tips & Documentation links:
Due to the installation of the wrong Linux agent version there were several debugging steps which were recommended. These include:
- Review the agent log and turn up the log level if need be. Details on logging are available at: https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-linux-agents. Look for this file under /var/opt/microsoft/omsagent/log/omsagent.log
- It is also possible that the Linux box is fully patched, so if it appears as an agent in OMS but it doesn’t appear in the update solution this is something to check into.
Summary: Adding Linux systems to the Update solution in OMS is pretty straightforward – as long as you use the link provided in the OMS console to perform the installation of the OMS agent on Linux. The results are extremely intuitive