A WordPress.com site dedicated to System Center and Cloud Management

Archive for the ‘SCOM (Operations Manager)’ Category

Monitoring Linux with SCOM 2012 R2 – Part 3: Installing the SCOM Agent On Linux


In our last post, we went through preparing SCOM for monitoring Linux, which included creating Run As Accounts, and associating them to the applicable Run As Profiles. In this part, we will be installing the SCOM Agent on the Linux system.

Create Linux Accounts

If you recall from our last post, we created 3 Run As accounts in SCOM. However, I mentioned that at the time of creating the SCOM Run As accounts, the actual accounts don’t need to exist on the Linux system yet. So, we will first go over how to create these accounts we referenced in SCOM, on the Linux system.

For reference, these are the Run As accounts that I created in SCOM, and the account name I used for it:

  • UNIX/Linux Action Account = LinuxMonitoring
  • UNIX/Linux Privileged Account = LinuxPrivileged
  • UNIX/Linux Agent Maintenance Account = LinuxMaintenance

Start by logging into the Linux system as the Root user (aka. Local Administrator) so that we can create the accounts and set their permissions. Once you are logged in, right-click on the “Root’s Home” folder, and select “Open In Terminal“.

Create Linux Accounts - 01 - Open Terminal

In the Terminal window, type the following commands (press Enter after each line).

  • sudo useradd ACCOUNTNAME
  • sudo passwd ACCOUNTNAME (Note: After you press Enter you need to type the password twice)

Repeat these steps for each of the Linux Run As accounts so that they are created.

Create Linux Accounts - 02 - Accounts

SUDO Elevation

A new feature for UNIX and Linux monitoring with System Center 2012 – Operations Manager is the ability to use sudo elevation in the discovery and agent upgrade wizards, as well as Run As accounts. This means that the root user is no longer needed for privileged monitoring (log file monitoring, script/command execution) and agent maintenance (installation, upgrade, and uninstallation). In order to use sudo-enabled accounts for Operations Manager monitoring, the sudoers file must be configured (on each UNIX/Linux computer) to authorize elevation for the selected user account, using visudo.

The actual list of commands used for privileged monitoring or agent maintenance varies between platforms. See the following TechNet article for a list: http://social.technet.microsoft.com/wiki/contents/articles/7375.configuring-sudo-elevation-for-unix-and-linux-monitoring-with-system-center-2012-operations-manager.aspx.

In order to use sudo-enabled accounts for Operations Manager monitoring, the sudoers file must be configured (on each UNIX/Linux computer) to authorize elevation for the selected user account, using visudo.

Since in my lab I am using SUSE 11, I am going to be using the following code:

#———————————————————————————–
#User configuration for Operations Manager agent – for a user with the name: monuser

#General requirements
Defaults:monuser !requiretty

#Agent maintenance (discovery, install, uninstall, upgrade, restart, cert signing)
monuser ALL=(root) NOPASSWD: /bin/sh -c cp /tmp/scx-monuser/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem; rm -rf /tmp/scx-monuser; /opt/microsoft/scx/bin/tools/scxadmin -restart
monuser ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-monuser/GetOSVersion.sh; EC=$?; rm -rf /tmp/scx-monuser; exit $EC
monuser ALL=(root) NOPASSWD: /bin/sh -c  cat /etc/opt/microsoft/scx/ssl/scx.pem
monuser ALL=(root) NOPASSWD: /bin/sh -c  rpm -e scx
#SLES 9
monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -F –force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].sles.9.x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC
monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -U –force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].sles.9.x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC
#SLES 10 or 11
monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -F –force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].sles.1[0-1].x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC
monuser ALL=(root) NOPASSWD: /bin/sh -c /bin/rpm -U –force /tmp/scx-monuser/scx-1.[0-9].[0-9]-[0-9][0-9][0-9].sles.1[0-1].x[6-8][4-6].rpm; EC=$?; cd /tmp; rm -rf /tmp/scx-monuser; exit $EC

#Log file monitoring
monuser ALL=(root) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p

###Examples
#Custom shell command monitoring example – replace <shell command> with the correct command string
#monuser ALL=(root) NOPASSWD: /bin/bash -c <shell command>
 
#Daemon diagnostic and restart recovery tasks example (using cron)
#monuser ALL=(root) NOPASSWD: /bin/sh -c ps -ef | grep cron | grep -v grep
#monuser ALL=(root) NOPASSWD: /usr/sbin/cron & 

#End user configuration for Operations Manager agent
#———————————————————————————–

Within the Linux system,  right-click on the “Root’s Home” folder, and select “Open In Terminal“.

Create Linux Accounts - 01 - Open Terminal

In the Terminal window, type the following command (press Enter after).

sudo visudo

SUDO Elevation - 01 - Command Line

Navigate to the end of the file (using the arrow keys). Then press “i“, which will change the file into “Insert” mode (it should say ‘insert’ along the bottom).

SUDO Elevation - 02 - Insert

Copy the appropriate code into the file. After you have copied the code into the file, press the escape key (ESC).

Note: You will see in my lab example, that I am referencing my UNIX/Linux Action Account (i.e. LinuxMonitoring). Ensure that you are referring to the correct account in your environment.

SUDO Elevation - 03 - Modified File

After you have pressed ESC, type the following “:wq” (without the quotation marks), then press Enter.

Note: For clarity, look at the following screenshot (at the bottom of the window).

SUDO Elevation - 04 - WQ Command

Configure SCOM Linux Discovery

Now that we have configured the permissions within the Linux system for our monitoring account, we need to configure the SCOM Discovery.

In the SCOM console, navigate to the Administration workspace > Device Management > Agent Managed. Right-click and choose Discovery Wizard.

Discover Linux - 01 - Discovery Wizard

On the Discovery Type screen, select UNIX/Linux Computers, then click Next.

Discover Linux - 02 - Discovery Type

On the Discovery Criteria screen, click the Add button.

Discover Linux - 03 - Discovery Criteria

On the Discovery Criteria Wizard, add the Linux system’s name in the Discovery Scope.

Discover Linux - 04 - Discovery Criteria Wizard

After adding the Linux system to the Discovery Scope, click on the Set Credentials button.

On the Credential Settings dialog, change the Type to “User name and password” since that’s what we have configured. Type in the credentials for the UNIX/Linux Action Account (i.e. LinuxMonitoring in my lab example).

Also ensure that the ‘Does this account have privileged access?’ option is set to “This account does not have privileged access“, then click OK.

Discover Linux - 05 - Credential Settings

Back on the Discovery Wizard screen, now that all the fields/information is filled in, click Save.

Discover Linux - 06 - Discovery Criteria Wizard (Completed)

Back on the Discovery Criteria dialog, select the Resource Pool that will be used to monitor the Linux system, then click Discover.

Discover Linux - 07 - Discovery Criteria (Completed)

On the Computer Selection screen, select the Linux system, then click Manage.

Discover Linux - 08 - Computer Selection

On the Computer Management screen, if the deployment was successful, click Done.

Discover Linux - 09 - Computer Management

In the SCOM console, navigate to the Administration workspace > Device Management > UNIX/Linux Computers. The Linux system should appear.

Discover Linux - 10 - Healthy Linux Computer

You can also navigate within the SCOM console to Monitoring > UNIX/Linux Computers, and check out the different views and diagrams.

Discover Linux - 11 - Monitoring

Discover Linux - 12 - Diagram

Well, that covers my series and experience in using SCOM to monitor a UNIX/Linux system. I hope this was interesting and helpful for everyone.

Advertisements

Monitoring Linux with SCOM 2012 R2 – Part 2: Configure SCOM For Monitoring Linux


In our last post, we went through the Installation and Configuration of a Linux Virtual Machine. In this part, we will configure System Center Operations Manager (SCOM) to be prepared to monitor UNIX / Linux systems. To accomplish this, we will need to setup a Resource Pool, import the appropriate Management Packs, Configure Name Resolution, and Configure/Assign RunAs Accounts. Let’s get started.

Create A Resource Pool

Log on to the Operations console with an account that is a member of the Operations Manager Administrators role.

Click Administration.

Create Resource Pool - 01 - Administration

In the navigation pane, click Resource Pools.

Create Resource Pool - 02 - Resource Pools

In the Tasks pane, click Create Resource Pool.

Create Resource Pool - 03 - Create Resource Pool

In the Create Resource Pool wizard, on the General Properties page, enter a name and, optionally, a description for the resource pool, and then click Next.

Create Resource Pool - 04 - Resource Pool Wizard - General Properties

On the Pool Membership page, click Add.

Create Resource Pool - 05 - Resource Pool Wizard - Pool Membership

In the Member Selection window, enter text to filter the search results if desired, and then click Search. If you click Search without entering anything in the filter field, all available management servers will be displayed.

In Available items, select the servers that you want in the resource pool, click Add, and then click OK.

Click Next.

Create Resource Pool - 06 - Resource Pool Wizard - Member Selection

On the Summary page, review the settings and then click Create.

Create Resource Pool - 07 - Resource Pool Wizard - Summary

When the wizard completes, click Close.

Create Resource Pool - 08 - Resource Pool Wizard - Completion

Import UNIX and Linux Management Packs

The UNIX and Linux Operating Systems Management Packs enable discovering, monitoring, and managing UNIX and Linux computers with System Center Operations Manager. They provide both proactive and reactive monitoring of the UNIX and Linux operating systems.

In the SCOM Console, navigate to the Administration workspace.

Create Resource Pool - 01 - Administration

Right-click on the Management Pack item in the navigation pane, and choose ‘Import Management Packs’. This will cause the Import Management Packs wizard to launch.

Import MP 02

In the Import Management Pack wizard, click the Add button. You will be presented with 2 options, ‘Add From Catalog’ and ‘Add From Disk’. The ‘Add From Catalog’ option will enable you to search the catalog directly, however, most Production systems don’t have an Internet connection, which this option requires.

Import MP 03

Therefore, we will demonstrate and choose the ‘Add From Disk’ option. When you select this option, you will immediately receive the following prompt. Since, in Production, your server probably will not have Internet access, we will choose ‘No’.

Import MP 05

Now, you will see the File Explorer dialog. From here you need to navigate to the location of the Management Pack files. You can find the UNIX and Linux Management Packs on the SCOM Source Media.

In my lab example, I have the SCOM ISO mounted to my DVD Drive as D:\, so the location of my Management Packs is: D:\ManagementPacks\

NOTE: As of this writing, there is an update available (version 7.5.1025.0) to the existing Management Packs from the source meida, which can be found here: http://www.microsoft.com/en-ca/download/details.aspx?id=29696.

The specific .MP files that you want to import will depend on what version of UNIX or Linux you want to monitor. To start, you will want to import the “Microsofot.Linux.Library.mp”. You will also want to find the appropriate Library and Version MP files for the edition of Linux you are monitoring.

In my lab example, since I am monitoring SUSE, I will also be importing the “Microsoft.Linux.SUSE.Library.mp” and “Microsoft.Linux.SUSE.11.mpb” files.

Import Linux MPs

Once the Management Packs are displayed in the import list, click Install.

Import Linux MPs 02

After the Management Packs have been imported, click Close.

Import Linux MPs 03

NOTE: You may have to restart the following Services on the Management Server:

  • System Center Data Access Service
  • System Center Management Configuration

Configure Name Resolution

The SCOM Management Servers needs to be able to communicate with the Linux server. This means it needs to be able to resolve the FQDN of the Linux system, and the Linux system needs to be able to resolve the SCOM Management Server(s) FQDN.

To simplify this process in my lab, we’re going to modify the HOSTS file. On the Management Server(s), navigate to C:\Windows\System32\Drivers\ETC and edit the HOSTS file. Note that there is no file extension on this file. The easiest way to edit the file is in Notepad.

Name Resolution - 01 - Hosts FileWhen you have the HOSTS file open in Notepad, we need to add an entry for the Linux system so that the SCOM Management Server(s) can resolve it. Once you have added the entry, save the file.

Name Resolution - 02 - Modified Hosts File

Now from the SCOM Management Server(s), ensure that you can successfully PING the name of the Linux server.

Name Resolution - 03 - PING From Management Server

Also from the Linux server, ensure that you can successfully PING the name of the SCOM Management Server(s).

Name Resolution - 04 - PING From Linux Server

Configure Run As Accounts and Profiles for UNIX and Linux

You must create Run As accounts for agent maintenance operations, and for health and performance monitoring. These Run As accounts must then be associated with the Run As profiles defined in the UNIX and Linux management packs, so they can access the agents on UNIX and Linux computers.

We need to create 3 accounts:

  • UNIX/Linux Action Account
  • UNIX/Linux Privileged Account
  • UNIX/Linux Agent Maintenance Account

UNIX/Linux Action Account

In the Operations console, click Administration.

Create Resource Pool - 01 - Administration

In Run As Configuration, click UNIX/Linux Accounts.

Linux RunAs - 01 - UNIX Linux Accounts

In the Tasks pane, click Create Run As Account.

Linux RunAs - 02 - Create Run As Account

On the Account Type page, choose the Monitoring Account option, then click Next.

Linux RunAs - 03 - Account Type

On the General Properties page, provide a name and description for the account, then click Next. The description is optional.

Linux RunAs - 04 - General Properties

On the Account Credentials page, provide account credentials that can be used for the Run As account type that you selected, then click Next.

NOTE: This account does not necessarily need to exist on the Linux system yet, and you can create it later if need be.

Linux RunAs - 05 - Account Credentials

On the Distribution Security page, select the More Secure or Less Secure option, then click Create.

Linux RunAs - 06 - Distribution Security

Once the wizard is complete, click Close.

Linux RunAs - 07 - Next Step

UNIX/Linux Privileged Account

In the Operations console, click Administration.

Create Resource Pool - 01 - Administration

In Run As Configuration, click UNIX/Linux Accounts.

Linux RunAs - 01 - UNIX Linux Accounts

In the Tasks pane, click Create Run As Account.

Linux RunAs - 02 - Create Run As Account

On the Account Type page, choose the Monitoring Account option, then click Next.

Linux RunAs - 03 - Account Type

On the General Properties page, provide a name and description for the account, then click Next. The description is optional.

Linux RunAs - 04 - General Properties

On the Account Credentials page, provide account credentials that can be used for the Run As account type that you selected, then click Next. Ensure that the elevation option is set to “Elevate the account using sudo for privileged access“.

NOTE: This account does not necessarily need to exist on the Linux system yet, and you can create it later if need be.

Linux RunAs - 05 - Account Credentials

On the Distribution Security page, select the More Secure or Less Secure option, then click Create.

Linux RunAs - 06 - Distribution Security

Once the wizard is complete, click Close.

Linux RunAs - 07 - Next Step

UNIX/Linux Agent Maintenance Account

In the Operations console, click Administration.

Create Resource Pool - 01 - Administration

In Run As Configuration, click UNIX/Linux Accounts.

Linux RunAs - 01 - UNIX Linux Accounts

In the Tasks pane, click Create Run As Account.

Linux RunAs - 02 - Create Run As Account

On the Account Type page, choose the Agent Maintenance Account option, then click Next.

Linux RunAs - 03 - Account Type

On the General Properties page, provide a name and description for the account, then click Next. The description is optional.

Linux RunAs - 04 - General Properties

On the Account Credentials page, select the “User name and password” option, and provide account credentials that can be used for the Run As account, then click Next. Ensure that the privileged access option is set to “This account does not have privileged access“.

NOTE: This account does not necessarily need to exist on the Linux system yet, and you can create it later if need be.

Linux RunAs - 05C - Account Credentials

On the Elevation page, select the Use ‘sudo’ elevation option, then click Next.

Linux RunAs - 06C - Elevation

On the Distribution Security page, select the More Secure option, then click Create.

Linux RunAs - 07C - Distribution Security

Once the wizard is complete, click Close.

Linux RunAs - 08C - Completion

Configuring Run As Profiles for UNIX and Linux

Now that you have created the Run As accounts, you must add each Run As account to the applicable profile.

In the Operations console, click Administration.

Create Resource Pool - 01 - Administration

In Run As Configuration, click Profiles.

Linux Profiles - 01 - Profiles

In the list of profiles, right click and then select Properties on one of the following profiles:

  • UNIX/Linux Action Account
  • UNIX/Linux Privileged Account
  • UNIX/Linux Agent Maintenance Account

Linux Profiles - 02 - Profile Properties

In the Run As Profile wizard, click Next until you get to the Run As Accounts page.

Linux Profiles - 03 - Run As Accounts

On the Run As Accounts page, click Add to add a the Run As account that you created. Select the “All targeted objects” option, then click OK.

Linux Profiles - 04 - Add Run As Account

Click Save.

Linux Profiles - 05 - Run As Accounts Added

On the Completion screen, you may see a warning message about the More Secure accounts (if you chose this option when creating the accounts).

Linux Profiles - 06 - Completion

If you click on the Linux Action Account link, the Run As Account Properties dialog will appear. Click the Add button.

Linux Profiles - 07 - Run As Account Properties

On the Computer Search screen, search for the Resource Pool, and add the Linux Resource Pool that we previously created, then click OK.

Linux Profiles - 08 - Computer Search

Back on the Run As Account Properties screen, click OK.

Linux Profiles - 09 - Run As Account Distribution

Back on the Completion screen, the Warning icon will now have changed to a green checkmark. Click Close.

Linux Profiles - 10 - Completion (Distributed)

Repeat these steps for each of the UNIX/Linux Run As Profiles.

Wow! That was a lot of work, but SCOM is now ready to monitor Linux. In the next part of this series, we will install the SCOM Agent on the Linux server.

Monitoring Linux with SCOM 2012 R2 – Part 1: Installation and Configuration of Linux (SUSE) Virtual Machine


I wanted to write a post/series on something that I knew about, but never had the opportunity to actually do in a Production environment; monitoring Linux/UNIX servers using System Center Operations Manager (SCOM).

All of my experience has been in a Windows-based environment. Even though the environments I have worked in did have some Linux/UNIX systems, these were not within my realm of jurisdiction, and therefore I could not install the SCOM Agent on these servers.

So, what better way to gain experience with something, than doing some research, and trying it out. Here it goes. Let’s start with setting up a Linux server. In my lab I’m running Hyper-V, so I will setup a Linux VM to work with.

The first thing that you need to do is choose an appropriate Linux/UNIX distribution. System Center Operations Manager supports multiple versions/editions of Linux/UNIX, but it doesn’t support ALL versions. Here is the link for the Supported UNIX and Linux Operating System Versions, specific to System Center 2012, 2012 SP1, and 2012 R2 Operations Manager.

Review the list, and choose a version you would like to work with. If you are not familiar with UNIX or Linux at all (like myself), I have read that it SUSE Linux Enterprise Server 11 is easier to work with because it has setup wizard, which we Windows-IT folk are more used to.

Now that we have chosen a Linux distribution to use, SUSE 11 in my lab example, we have to obtain the files necessary. Go to the SUSE webpage and navigate to the SUSE Downloads page. In their Basic Search tool, select the appropriate options to find the download. At the time of this writing, the latest version of SUSE is version 11 SP3.

IMPORTANT: You will need to register for a free account before you will be allowed to download the ISOs.

Monitor UNIX - 01 - SUSE Download

After you have downloaded  the ISOs, we need to create a VM to install it onto. I’m not going to detail how to create a Virtual Machine (VM) in Hyper-V; but if you do need me to detail/document that piece, please email me and I will add it. On my VM, I have mounted the first ISO, and then powered on the VM.

Setup/Installation of SUSE Linux

NOTE: Within the SUSE VM, use the up and down arrows and the Tab key to navigate around, and the Enter key to accept or confirm a selection.

On the setup screen, highlight the Installation option, and then press Enter.

Install SUSE - 01 - Start Screen

Once the OS loads, on the Welcome screen, change the Language and Keyboard Layout options as desired, then click Next.

Install SUSE - 02 - Welcome

On the Media Check screen, click the Start Check button to check the files contained on the ISO. Once the check has completed successfully, click Next.

Install SUSE - 03 - Media Check

After the System Analysis runs, you will be on the Installation Mode screen. Choose New Installation and then click Next.

Install SUSE - 04 - Installation Mode

On the Time Zone screen, make the appropriate selection for Region and Time Zone, then click Next.

Install SUSE - 05 - Clock and Time Zone

On the Server Scenario screen, select the “Physical Machine (also for Fully Virtualized Guests” option, then click Next.

Install SUSE - 06 - Server Scenario

One the Installation Summary screen, review the information displayed, and then click Install.

Install SUSE - 07 - Installation Summary

On the Confirm Package License screen, review the information displayed, then click I Agree.

Install SUSE - 08 - Confirmation

On the Confirm Installation screen, click Install.

Install SUSE - 09 - Confirm Installation

Now we can watch the installation being performed. But we’re not done yet.

Install SUSE - 10 - Installation In Progress

Configuration of SUSE Linux

After the installation has been completed, we have to perform some configuration steps.

The first configuration you will be prompted with is for the Password for the System Administrator “Root” account. Provide a password and then click Next.

IMPORTANT: This is the most important thing to provide (and remember). The “Root” user account is equal to the Windows Local Administrator account.

Config SUSE - 01 - Root Password

On the Hostname screen, provide a name for the computer, and also provide a domain name, then click Next.

IMPORTANT: The domain name provided must NOT be a valid Active Directory domain name. Also ensure that the “Change Hostname via DHCP” option is NOT selected.

Config SUSE - 02 - HostName

On the Network screen, make the appropriate changes as you require, then click Next.

In my lab example, I disabled the Firewall, enabled VNC Remote Administration,

Config SUSE - 03 - Network

On the Test Internet Connection screen, you can choose the option to “Yes, Test Connection to the Internet” or “No, skip this test“, then click Next.

In my lab example, my VMs are not connected to the Internet, so I chose to skip the test.

Config SUSE - 04 - Test Internet Connection

On the Network Services Configuration screen, click Next.

Config SUSE - 05 - Network Service Configuration

On the User Authentication Method screen, you can choose the Authentication Method that you want to use, then click Next.

In my lab example, I used the “Local (/etc/passwd)” option, since this setup is similar to the Windows “Workgroup” type setup.

Config SUSE - 06 - User Authentication Method

On the New Local User screen, I am going to create a new account to use with SCOM monitoring, then click Next.

Config SUSE - 07 - New Local User

On the Release Notes screen, review the information, then click Next.

Config SUSE - 08 - Release Notes

On the Hardware Configuration screen, click Next.

Config SUSE - 09 - Hardware Configuration

Now the installation/configuration is finally complete! Click Finish.

Config SUSE - 10 - Installation Completed

Now you can login to the new Linux installation. Login with the Root account that we setup.

Config SUSE - 11 - Login

If everything is setup and configured correctly, your home screen should look something like this.

Config SUSE - 12 - Home Screen

Now that we have a UNIX / Linux system setup, in our next post of this series we will setup SCOM to be able to monitor Linux systems.

Tag Cloud

%d bloggers like this: