Cloud

Automated Cross Platform Agent install and Discovery

The purpose of this post is document a step by step method for automated Cross Platform System Center Operations Manager agent installation and discovery.   While the Ops Manager GUI does provide a method for discovering and deploying multiple Cross Platform hosts by way of scanning an IP range, it may not be optimal to do so in large and distributed enterprise environments. This is where the XPlat agent install and discovery PowerShell scripts, released by the Microsoft Cross Platform team, are very useful.(http://blogs.msdn.com/b/scxplat/archive/2009/12/11/cross-platform-powershell-scripts-released.aspx)

The following are caveats to be aware of with this approach:

  • The parameters for the scripts contain specifics
    such as OS, platform, and version.  For
    example: Red Hat Enterprise Linux Server, Version 5, running on X64
    hardware.  So efficiency gains are
    directly correlated to level of standardization.
  • The scripts are expecting to pass the same
    privileged username/password for each installation.
  • Agent deployment using this method is done
    serially, so it may be slow comparatively.

Assumptions:

  • This document is written based upon the
    assumption that you have already created *nix priv and non-priv runas accounts
    and profiles.  If you have not created
    your runas account and profiles, do that before continuing.

Setup and Prep:

Download the x-plat PowerShell scripts from the blog linked above.

Create a folder for the scripts (C:\Scripts) on your Operations Manager (SCOM) Management server (or RMS) and extract the scripts.

Create another folder where you will copy the Linux/Unix agent install package (C:\LinuxAgent).

Copy the agent installation packages required for the OS and platform, found in \Program Files\System Center Operations Manager 2007\AgentManagement\UnixAgents.
(This step is optional, but will simplify the parameter in the script.)

Create a text file containing a list of host names in FQDN format for the agents that you want to install and discover.  Save the file on the C:\Scripts folder
created in step 1.

Prepare the Scripts

One of the features of the scripts is the ability to pass the output from one script as input into another. For purposes of agent installation and discovery we want to pass the output of the installation script as input for the discovery script.

For this step we will take a look at both the installation and discovery scripts separately and then pull them together into a single PowerShell script.  In this example I am showing the parameters applicable to my environment, refer to the blog post mentioned at the beginning of this post for the required and optional parameters, as well as the acceptable format for the required Architecture, OS, and Version parameters.

This is what the install command with parameters looks like for my environment:

InstallUnixAgent.ps1
-RootManagementServer:scom-07.ubergnosis.net -UserName:root -password:password -Packagename:scx-1.0.4-265.rhel.5.x64.rpm -packagePath:C:\LinuxAgent -Distro:RHEL -Version:5 -Architecture:x64

This is the discovery command with parameters:

DiscoverUnixAgent.ps1 -Server:crm2011-1.ubergnosis.net -rootManagementServer:scom-07.ubergnosis.net -Username:root -Password:password -Distro:RHEL -version:5

Putting it all together; create a command string similar to the
one below, populated with your specific environmental information and save it
as a PowerShell script.  Mine is called
DoIT.ps1

gc .\Linuxhosts.txt | .\InstallUnixAgent.ps1
-RootManagementServer:scom-07.ubergnosis.net -UserName:root -Password:password -Packagename:scx-1.0.4-265.rhel.5.x64.rpm -PackagePath:C:\LinuxAgent -Distro:RHEL -Version:5 -Architecture:x64 | Where {$_.status -eq "OK"} | .\DiscoverUnixAgent.ps1 -Server:crm2011-1.ubergnosis.net
-RootManagementServer:scom-07.ubergnosis.net -Username:root -Password:password
-Distro:RHEL -version:5

(Yes, I re-purposed a CRM 2011 test VM to be a SCOM MS 🙂 )

Note:
Unless you add your Scripts folder to your path environment variables you need to tell Powershell to look in the current directory for your text file and scripts hence the .\  in front of the hosts text file and the separate scripts.  Also note that "gc" is a built in alias for the Get-Content cmdlet.

Run the Scripts

On your SCOM Management Server (MS) or RMS
(wherever you have created your scripts) open up the Operations Manager Command
Shell

Change to the File System Provider and path to the location of your scripts.

Execute the script created previously.

As the script completes the install and discovery each agent host name will be output to the screen.

Verify that the agents are now showing up as monitored

You may run into something like this above where the agents appear as unknown versions in a critical state. Using Health Explorer we see the following:

This issue is due to the fact that certificate being presented by the Linux agent is untrusted by the MS.  In my environment I had previoulsy run a console discovery and deployment of Linux agents with my RMS as the primary MS.  That initial dicovery generated the SCX-Certificate used for signing, so the agent certs were signed by the RMS but my MS has no idea that my RMS should be tusted as a certificate authority.

Certificate configuration

If you have previously deployed/discovered Linux agents and then decide you want a different MS contacting those agents so you will need to manually import the public key, validating the CA chain.

On the MS (or RMS) that was originally used for Linux Agent discovery; open the
certificates MMC:

Start-Run-MMC

File-Add/remove Snapin, Select Certificates and click Add.

When Prompted, select Computer Account and click Next.

Choose Local Computer, and click Finish and then click OK.

Expand Certificates, Trusted Root Certificates, and click Certificate.

Highlight SCX-Certificate, right click and click All Tasks, and then Export.

Click Next.  Select No, and click Next.  Change the type to Base 64 encoded x.509, and
click next.

Entera path and file name with a .cer extension, and click Next.

Click Finish.  You should see a message indicating that the export completed successfully, click OK.

On the Management Server where the Linux Agents are pointed:

  • Copy the .cer file created in the previous step
  • Repeat the Steps above to open the certificates
    MMC console.
  • Expand Certificates and Trusted Root Certificate
    Authorities.
  • Right click on Certificates, all tasks, Import.
  • Click Next
  • Browse to the location of the .cer file and
    click Next
  • On the "Place the Certificate" dialog, it should
    default to Trusted Root Certification Authorities, click next.
  • Click Finish, and click OK on the successful
    import message.

Verify that Linux agents are now in a healthy
state, as shown below.

Get Coffee!  🙂

Big thanks goes to Cameron Fuller for content review.

2 Comments

  1. dominique March 23, 2012
  2. dominique March 24, 2012

Leave a Reply