In part 1 we installed LINUX and now it is time to get SCOM 2012 ready for LINUX monitoring.
There are several steps we need to do:
- Set up a Resource Pool
- Import the management packs
- Setup name resolution
- Configure the RunAs accounts
- Assign the RunAs accounts to profiles.
1. Create Resource Pool
This pool groups one or more SCOM management server together to achive high available monitoring for LINUX. For example if one management server fails another management server in the Resource Pool will take over.
In SCOM console go to Administration/Resource Pools right-click an choose “Create Resource Pools”
Give it a meaningful name e.g. LINUX
Add the management servers to the pool which are responsible for LINUX monitoring. I just have set up one management server.
If you add more than one management server to the pool you need to take an additional step according to here. For each management server you need to export the root certificate and import each management server root certificate from every management server in the Resource Pool. Do this after the Resource Pool wizard is finished.
For example – Resource Pool “LINUX” contains management server (MS) MS1, MS2, MS3. MS1 must import the certificates from MS2 und MS3. MS2 must import the certificates form MS1 und MS3 and so on…
The commands are:
Export:
%ProgramFiles%\System Center Operations Manager 2012\Server\scxcertconfig.exe – export c:\Temp\<filename>
Import:
%ProgramFiles%\System Center Operations Manager 2012\Server\scxcertconfig.exe –import c:\Temp\<filename>
Note: If you deploy from MS1 an agent to a LINUX machine, the management server MS1 signs the certificates for the agents with its certificate. In case MS1 fails and the LINUX agent makes a failover to MS2 the LINUX agent would not trust to the new management server because MS2 has a different certificate – no communication would be possible. Because of that you need to exchange the certificates.
On the next screen hit “Save”
And “Close”
2. Import Management Pack
Start the management pack import wizard and choose to import MP from disk. Go to your SCOM 2012 source and navigate to the Management Packs folder. Now you need to select the following MP.
Click “Install”
After you imported these MPs RESTART the System Center Management and System Center Management Configuration Services or just reboot the management server. I had trouble installing the LINUX agent but after restart of the services/server everything went ok. Just in case…
3. Setup Name Resolution
In order to get the name resolution working for the LINUX system from the management server I modified the hosts file in C:\Windows\System32\drivers\etc on my SCOM management server…
After modification ping the the name of your LINUX system and make sure the name resolves to its IP address.
4. RunAs Accounts
There are three accounts we need to setup and map these to the appropriate profile.
I copied this a table out of a ppt slide from the CEP SCOM program. This shows you the accounts and what they are used for.
In my example I used a user called “monuser” as used in this script which we will need in Part 3. Also in part 3 we will add this user to our SUSELinux computer. For now every time you need to enter the monuser credentials choose the same password.
To create the accounts in the SCOM console go to Administration/UNIX/Linux Account/Create Run As Account…
First we create a low privileged LINUX Action Account. Choose Monitoring Account…
Give it a display name…
Enter the monuser credentials. Remember this user will be created in part 3, at this time it doesn’t exist. You just choose some password, but be sure to set the same password later in part 3!
Choose More secure an add the management server(s)…
Finish/Close…
LINUX Privileged Account
Choose Monitoring Account…
Give it a display name…
Again enter the monuser credential which we are going to set in part 3. Now choose for this account “Elevate the account using sudo for privileged access”…
Again More secure and add the management server(s)…
Finish/Close…
Agent Maintenance Account
For upgrade/uninstall/restart the LINUX agent we need the Agent Maintenance Account. Start the same wizard as before, but now select Agent Maintenance Account…
Add a display name…
Enter the monuser credentials. Remember this user will be created in part 3, at this time it doesn’t exist. You just choose some password, but be sure to set the same password later in part 3! Choose “This account does not have privileged access”…
Very important choose “Use sudo elevation”…
Choose More secure an add the management server(s)…
Close/Finish…
Now that you created these 3 accounts we need to assign these accounts to profiles.
5. LINUX Profiles
After you imported the LINUX management packs these 3 profiles were created…
Add to each of these profile the appropriate account which we created in the step before.
UNIX/Linux Action Account Profile
Add the LowPrivAccount to this profile. Select “All targeted objects”…
UNIX/Linux Privileged Account Profile
Add the HighPrivAccount to this profile. Select “All targeted objects”…
UNIX/Linux Agent Maintenance Account Profile
Add the AgentMaintAccount to this profile. Select “All targeted objects”…
That’s it SCOM is now ready for the next part…
where is part 3 ???
Hi mohammad,
I just published it 🙂
Regards,
Stefan
thank you very much ,.. waiting for part 4 🙂
Hi,
Can the same management server(s) monitor both linux/unix servers as well as windows ones. Reading about resource pools for Network Monitoring, the resource pool and the management servers it contains must be dedicated to Network Monitoring. Is the same true for linux/unix monitoring? In a big distributed monitoring environment this could get expensive if the same management servers cannot reside in 2 pools (the all servers pool for windows management and the linux/unix resource pool) and do monitoring for both.
Hi Matt
Well it depends :). If you have a large Environment of Linux machines then it is best practice to assign dedicated management server(s) in a dedicated resource pool for Linux. If you just got a few Linux computers and also Windows computers you can share this pool for both tasks.
Technically a management server can reside in multiple pools.
Regards,
Stefan
Thank you Stefan 🙂
Hi
Im confused is this to allow us to Add red hat servers to SCOM so we can manage alerts from there, sorry very new to SCOM and struggling to add Red Hat Servers to the application.
Hi
This post Shows you how to integrate Linux machines into SCOM and which steps you need to take. As you might know SCOM is for monitoring Windows systems and in SCOM 2012 there is better support for monitoring Linux systems. Finally the Linux systems will show up in the SCOM console and there will be basic stuff monitored as network adapter, disk space, memory, processor etc.
Cheers,
Stefan
Hi,
Great guide on adding Linux monitoring. However (and I don’t know if this is a SCOM 2012 SP1 feature is) when importing the management packs make sure to import the appropriate .MPB file as well (in this case it would be the Microsoft.Linux.SLES.11.mpb located on the installation source). This MPB file contains the agent installation sources for the specific Linux distribution.
Hi Bas
Thank you for your comment, you are right concerning management pack bundle files.
Regards,
Stefan
Can i get a list off all MP for unix/linux?
Hi
Find them here http://www.microsoft.com/en-us/download/details.aspx?id=29696
Cheers,
Stefan
I have imported MP from the Console for UNIX/Linux, but what is currently available on these MP is not what our company is looking for. Any other suggestions for advanced monitoring for UNIX/Linux?
Hi
Well I depense what your Company Needs. But of course you can do almost any sort of monitoring using the script Monitors / rules for UNIX/Linux like in this post http://stefanroth.net/2012/10/21/scom-2012-linux-two-state-monitor-with-script-in-script/
Cheers,
Stefan