In part 2 we prepared SCOM to get ready for monitoring LINUX. Now we need to deploy the agent. So let’s get started…
Here an overview of the steps we need to take:
Create monitoring account
Modify sudoers file
1. Create Monitoring Account
In part 2 when we configured the RunAs accounts we used the monuser credentials. Now we are going to create this user. Login as root user to your SUSE LINUX system by using VNC and open a terminal window (see part 1). You should see something like that…
run these commands:
sudo useradd monuser
sudo passwd monuser (after you hit enter you must type your password two times)
2. Modify sudoers file
Next step is to modify the sudoers file. This modification allows the monuser to elevate its permission to do certain action where more power is necessary. Luckily Microsoft has predefined the commands we have to enter for different UNIX/LINUX platforms . You will find the list here.
In your terminal run the command:
This will open the sudoers file in vi (LINUX editor) it looks like this….
I copy/paste the command in my case for LINUX into this file.
Here a short vi tutorial
vi is an old text editor from UNIX/LINUX. You will find it on almost every UNIX/LINUX computer. It is a very powerful editor if you know how to use it. Otherwise it will drive you nuts .
This editor has two modes a command mode and an insert mode. You can switch between modes by hitting the escape ESC key on your keyboard or pressing the “i” if you are in command mode. This will enter the insert mode.
So what do we need to do….
Run the command sudo visudo (if you not already have)
User your arrow keys to navigate to the end of the file
Press the “i” on your keyboard (you should see “insert” in your left lower corner)
Copy/Paste like in Windows the lines from above into the file
Press “Esc” key on your keyboard (enter the command mode)
Press “:” key on your keyboard (tells vi to expect commands)
Type “wq” (command write and quit)
Now you should be back on your command line.
3. Discovery wizard
In SCOM 2012 run discovery wizard and select UNIX/Linux computers…
Here I already added a discovery criteria….klick Add…
In discovery scope I entered the LINUX computer name SUSELinux…
Choose “Set credentials…” I used the monuser account and selected “This account does not have privileged access” (as you remember this is a normal LINUX user account without any permissions)
Now in order to receive the elevated permissions we must choose “Use ‘sudo’ elevation”…
Choose the LINUX resource pool and start the discovery process…
Select your LINUX computer…
After the discovery it is possible that the status will be failed…
If you click details the error shows a signing error…
4. Redeploy certificate
In this case we need to resign the certificate. Normally SCOM would get the certificate from the agent, signs the certificate and deploys the certificate back to the agent. Now we need to do this manually .
Got to WinSCP.net and download WinSCP and install it. This is a tool to get and transfer files from Windows to LINUX and vice versa.
Start the WinSCP client and enter the host name…
Enter the root credentials…
Now you got your connection. On the left side is you Windows and on the right side your LINUX system…cool huh?
On your right LINUX window go to /etc/opt/microsoft/scx/ssl and select your scx-host-[hostname].pem file. On your left window choose the destination for example c:\temp. Then press F5 to copy the pem file from the LINUX computer to your Windows computer.
Next open an elevated command prompt and change the directory to C:\Program files\ System Center Operations Manager 2012\Server. Now enter the command
Remeber we copied the scx-host-[hostname].pem fiel to our SCOM into the c:\temp directory.
Next step rename the scx-host-SUSELinux-new.pem to scx-host-SUSELinux.pem and copy it back to the LINUX machine. by pressing F5.
In order to load the new certificate you must restart the service by typing
Re-run the discovery wizard and now you should be able to receive a successfull status
And if you go into your SCOM 2012 console your LINUX should turn green…
So that’s it for part 3…enjoy !