Jump to content
SUSE Manager Management Pack for Microsoft System Center Operations Manager

SUSE Manager Management Pack for Microsoft System Center Operations Manager User Manual

SUSE Manager Management Pack for Microsoft System Center extends the functionality of System Center Operations Manager (SCOM) and utilizes the power of SUSE Manager for managing a Linux environment, allowing Windows administrators to view Linux server health information, and perform Linux patching via the SCOM console, saving time and money.

The document at hand explains how to use SUSE Manager Management Pack for Microsoft System Center Operations Manager.

Publication Date: August 19, 2019

1 Introduction

Management Packs typically contain monitoring settings for applications and services. After a management pack is imported into Microsoft System Center Operations Manager 2007, Operations Manager 2012/R2 management group, and Microsoft System Center Operations Manager 2016, Operations Manager immediately begins monitoring objects based on default configurations and thresholds that are set by the Management Pack.

Microsoft System Center Operations Manager provides a general foundation for monitoring and managing systems and software. This foundation knows nothing about how to do these things for specific components, however.

Providing this specialized knowledge is the responsibility of management packs. SUSE Manager Management Pack for Microsoft System Center extends the functionality of Microsoft System Center Operations Manager and utilizes the power of SUSE Manager for managing a Linux environment, allowing Windows administrators to view Linux server health information, and perform Linux patching via the Microsoft System Center Operations Manager console, saving time and money.

The Management Pack was developed to interact with SUSE Manager using SUSE Manager’s open application programming interface. Windows administrators import the Management Pack into Microsoft System Center Operations Manager and deploy a SUSE Manager Server with the SUSE Manager Lifecycle management module on each Linux server to be managed by Microsoft System Center Operations Manager. Information about patch status and health of the managed Linux servers is passed through to Microsoft System Center Operations Manager, where it may be viewed and acted upon by the administrator.

1.1 Key Features

From a single console via tight integration between SUSE Manager and Microsoft System Center Operations Manager, system administrators are able to:

  • Quickly check all Linux servers for health and update status.

  • View a list of all Linux servers entitled to a selected list of critical and optional updates and patches.

  • Schedule a maintenance window to run updates on a specific Linux server or a group of Linux servers.

1.2 Key Benefits

The key benefits of using SUSE Manager Management Pack for Microsoft System Center Operations Manager are as outlined below:

  • Reduce cost: leverage your investment in existing infrastructure including software, hardware, and expertise.

  • Save time: Linux patch management can be done from the same Microsoft System Center Operations Manager console rather than splitting time between silos.

  • Minimize risk: improved efficiency in the patching and updating process translates to lower risk of failure via a missed or incorrectly applied patch.

2 Patch Management

In this module, all kinds of patch-related events can be managed. It enables administrators to schedule a patch for a particular system, view the number of relevant patches, upgradable packages, removable packages, and installable packages available to the system, etc. Using this module administrators can view scheduled events and their status. It also provides system health information such as critical, warning, and healthy. It provides information about the systems, patches, and channels to which a system is subscribed.

  • For Microsoft System Center Operations Manager 2007 R2, Patch Management can be accessed through the following path:

    Open Microsoft System Center Operations Manager 2007 R2 Operations Console, click Monitoring, click UNIX/Linux Servers, click Linux, click Patch Management.

    Patch Management System Center Operations Manager 2007 R2
    Figure 1: Patch Management System Center Operations Manager 2007 R2
  • For Microsoft System Center Operations Manager 2012 R2 and Microsoft System Center Operations Manager 2016, Patch Management can be accessed through the following path:

    Open Microsoft System Center Operations Manager 2012 R2 / 2016 Operations Console, click Monitoring, click UNIX/Linux Servers, click Linux, click Patch Management.

    Patch Management System Center Operations Manager 2012 R2
    Figure 2: Patch Management System Center Operations Manager 2012 R2
  • Patch Management contains three different types of views:

    1. Systems:

      This view displays the list of managed Linux systems which are attached to both Microsoft System Center Operations Manager and SUSE Manager. The main panel of the Systems tab provides a list of systems subscribed to Microsoft System Center Operations Manager and SUSE Manager. Beneath that there are subtabs which show relevant patches, removable packages, upgradable packages, installable packages, etc., which are related to a system. Administrators need to select systems to perform actions on them. This allows to install relevant patches and packages, remove packages, upgrade packages, deploy configuration files, issue remote commands, auto install, view system properties, view system events, base and configuration channels.

      Patch Management System View
      Figure 3: Patch Management System View
    2. Patches:

      This view displays patches relevant to the type of Linux version for at least one of your managed systems that have not been applied yet. Administrators can track the availability and application of patches to their managed systems. SUSE distinguishes between three types of patches: security updates, bug fix updates, and enhancement updates. Each patch is comprised of a summary of the problem and solution, including the RPM packages fixing the problem.

      Patch Management Patches View
      Figure 4: Patch Management Patches View
    3. Schedule:

      This view enables administrators to track the actions carried out on systems. An action is a scheduled task to be performed on one or more client systems. For example, an action can be scheduled to apply all patches to a system .

      Patch Management Schedule View
      Figure 5: Patch Management Schedule View
  • The status of the system changes to

    • Critical: when relevant patches of the type security advisory exist.

    • Warning: when relevant patches of the type bug fix advisory exist.

    • Healthy: when no relevant patches exist.

  • SUSE Manager monitoring is done using probe actions every four minutes. The system view has to be refreshed manually.

2.1 Systems Tab

You can access the Systems tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Systems tab (default).

  • The main grid consists of the following items:

    • SystemId: ID of the system

    • SystemName: name of the system

    • Status: provides status of the system such as critical or warning

    • AvailablePatches: patches available to the system

    • AvailablePackages: packages available to the system

  • A Detailed View is displayed under this tab. When a system ID is selected, relevant data will be populated in the following grids:

    • Relevant Patches: patches which are relevant to the system

    • Removable Packages: packages which can be removed from the system

    • Upgradable Packages: packages which can be upgraded

    • Installable Packages: packages which can be installed on the system

    • Channels: channels to which the system is subscribed

    • Events: events recently occurred on the system

    • System Properties: properties of the system

Patch Management Systems Tab Details
Figure 6: Patch Management Systems Tab Details

2.1.1 Applying Relevant Patches

The Relevant Patches page displays a customized list of patches applicable to a selected system. The list provides a summary of each patch, including its type, severity (for security updates), advisory number, synopsis, systems affected, and date updated.

You can access the Relevant Patches tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, go to the Systems tab (default), and click on Relevant Patches (which is located under the Systems panel).

  • The grid consists of the following columns:

    • ID: ID of the patch

    • Advisory: the SUSE security team codifies advisories in the following way: SUSE- RU-2011:0030

    • Synopsis: provides a synopsis of the patch

    • Type: provides the type of advisory which may be bug fix advisory, product advisory, or product enhancement advisory

    • UpdateDate: provides the updated date of the patch.

  • Select the patches you want to apply and click the Apply Selected Patches button to apply the selected patches to the particular system.

  • After clicking the button Schedule Your Action, a dialog box will pop up with two options to confirm the date and time of the patch that needs to be applied:

    • Schedule action as soon as possible

    • Schedule action for no sooner than

    For the Schedule action for no sooner than option, the selected time and date should be greater than the current time. Otherwise you will see the message please select date greater than current date on the screen. Upon confirmation, the selected patch will be scheduled for an update to the system. If you select the Cancel button, the pop-up window will close.

    Applying Relevant Patches Schedule
    Figure 7: Applying Relevant Patches Schedule

    The scheduled action can be found in the Schedule tab.

  • Details related to Relevant Patches will be displayed in the following grids:

    • Patch Details: details of the selected patch

    • CVEs: the name assigned to the security advisory by the Common Vulnerabilities and Exposures (CVE) project at http://cve.mitre.org (for example: CVE-2006-4535)

    • Related Packages: packages that are related to the selected patch

    • Affected Systems: systems that are affected by the selected patch

      • A patch can be applied to a particular affected system by clicking Apply Patch under that grid

      • When the Apply Patch button is clicked, a pop-up window will open with two options to confirm the date and time of the patch that needs to be applied:

        • Schedule actions as soon as possible

        • Schedule action for no sooner than

        Upon confirmation, the selected patch will be scheduled for an update to the system. If Cancel is selected, the pop-up window will close.

Relevant Patches Tab
Figure 8: Relevant Patches Tab

2.1.2 Removable Packages Applicable to a System

The Removable Packages page lists installed packages and enables administrators to remove them. You can view and sort packages by name, architecture, and the date they were installed on the system. You can search for the desired packages by typing their name in the Filter by Package Name text box, or by clicking the letter or number corresponding to the first character of the package name. Click on a package name to view its package details in the lower panel. To delete packages from a system, select and click the Remove Packages button in the bottom left-hand corner of the panel. Click confirm to remove the packages.

Access the Removable Packages tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click on Patch Management, go to the Systems tab (default), and click Removable Packages.

  • The grid consists of the following columns:

    • Name: provides the name of the package

    • Version: provides the version of the package

    • Epoch: provides the timestamp for the package

    • Architecture: names the supported architecture

    • Release: provides the release version

    • InstallTime: provides the time of installation

  • Select the packages you want to remove and click the Remove Selected Packages button which is used to remove selected packages from the selected system.

  • After clicking the button Schedule your Action, a dialog box pops up with two options to confirm the date and time of the package for removal:

    • Schedule actions as soon as possible

    • Schedule action for no sooner than

    For the Schedule action for no sooner than, the selected time and date should be greater than the current time. Otherwise you will see the message please select date greater than current date on the screen. Upon confirmation, the particular package will be scheduled for removal from the selected system. If you select the Cancel button, the pop-up window will close.

    Removing Packages Schedule
    Figure 9: Removing Packages Schedule

    The scheduled action can be found in the Schedule tab.

  • Details related to the Removable Packages tab will be displayed in the following grids:

    • Package Details: details of the selected package

    • Dependencies: other dependencies of the selected package

    • Change Log: log changes of the selected package

    • File List: list of files associated with the selected package

Removable Packages Tab
Figure 10: Removable Packages Tab

2.1.3 Upgradable Packages Applicable to a System

The Upgradable Packages tab displays a list of packages with newer versions available in the subscribed channels. Click on the latest package name to view the package details in the lower panel. To upgrade packages immediately, select the respective packages and click Upgrade Packages.

Access the Upgradable Packages tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click on Patch Management, go to the Systems tab (default) and click on Upgradable Packages.

  • The grid consists of the following columns:

    • Name: provides the name of the package

    • Architecture: provides the architecture it supports

    • FromVersion: names the present version of the package in the system

    • FromRelease: names the present release version of the package in the system

    • FromEpoch: provides the time stamp

    • ToVersion: names the upgradable package version

    • ToRelease: names the present release of the package which the system needs to be upgraded to

    • ToEpoch: provides the time stamp

    • PackageId: provides the package ID

  • Select the packages you want to upgrade and click the Upgrade Selected Packages button which is used to upgrade the selected packages for the selected system.

  • After clicking the button Schedule Your Action, a dialog box pops up with two options to confirm the date and time of the package that needs to be upgraded.

    • Schedule actions as soon as possible

    • Schedule action for no sooner than

    For the Schedule action for no sooner than option, the selected time and date should be greater than the current time. Otherwise you will see the message please select date greater than current date on the screen. Upon confirmation, the particular package will be scheduled for an upgrade to the selected system.

    Upgrading Packages Schedule
    Figure 11: Upgrading Packages Schedule
  • Details related to the Upgradable Packages tab will be displayed in the following grids:

    • Package Details: provides details of the selected package

    • Dependencies: provides other dependencies of the selected package

    • Change Log: provides log changes of the selected package

    • File List: provides the list of files associated with the selected package

Upgradable Packages Tab
Figure 12: Upgradable Packages Tab

2.1.4 Installable Packages Applicable to a System

The Installable Packages tab displays a list of packages which are installable and available in the subscribed channels. Click on the latest package name to view its package details page. To install packages immediately, select them and click Install Packages.

Access the Installable Packages tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click on Patch Management, go to the Systems tab (default) and click on Installable Packages.

  • The grid consists of the following items:

    • Name: provides the name of the installable package

    • Architecture: provides the architecture it supports

    • Version: provides the version of the installable package

    • Release: provides the release version of the package

    • Epoch: provides the timestamp

    • PackageId: provides the package ID

  • Select the packages you want to install and click the Install Selected Packages button which is used to install the selected packages for the particular system.

  • After clicking the button, a dialog box pops up with two options to confirm the date and time of the package that needs to be installed:

    • Schedule action as soon as possible

    • Schedule action for no sooner than

    For the Schedule action for no sooner than option, the selected time and date should be greater than the current time. Otherwise you will see the message please select date greater than current date on the screen. Upon confirmation, the particular package will be scheduled for installation to the selected system.

    Upgrading Packages Schedule
    Figure 13: Upgrading Packages Schedule

    The scheduled action can be found in the Schedule tab.

  • Details related to the Installable Packages tab will be displayed in the following grids:

    • Package Details: details of the selected package

    • Dependencies: other dependencies of the selected package

    • Change Log: changes to a selected package

    • File List: list of files associated with the selected package

Installable Packages Tab
Figure 14: Installable Packages Tab

2.1.5 Channels

The Channels tab provides a well-defined method to determine which packages should be available to a system for installation or upgrade based upon their operating systems, installed packages, and functionality. Click a channel name to view its channel details page. The list of channels to which the selected system is subscribed is displayed in this tab.

Access the Channels tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click on Patch Management, go to the Systems tab (default) and click on Channels.

  • The grid consists of the following columns:

    • Name: provides the name of the channel

    • ChannelLabel: provides the label of the channel

  • Details related to the Channels tab will be displayed in the following grids:

    • Channel Properties: properties of the selected channel

    • Channel Patches: patches that are published to the selected channel

    • Channel Packages: packages that are subscribed to the selected channel

    • Subscribed Systems: systems that are subscribed to the selected channel

Channels Tab
Figure 15: Channels Tab

2.1.6 Events

The Events tab displays past, current, and scheduled actions on a system.

Access the Events tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click on Patch Management, go to the Systems tab (default) and click on Events.

  • Details related to the Channels tab will be displayed in the following grids:

    • Pending Events: lists events that are scheduled but have not started

      A prerequisite action must complete successfully before the given action is attempted. Actions can be chained so that action A requires action B which requires action C. If any action in the chain fails, the remaining actions also fail.

    • History: provides the history of events that have occurred on a system

Events Tab
Figure 16: Events Tab

2.1.7 System Properties

The System Properties tab provides the properties of the selected system such as system ID, description, base entitlement, add-on entitlement, auto update, and so on.

Access the System Properties tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click on Patch Management, go to the Systems tab (default) and click on System Properties.

System Properties Tab
Figure 17: System Properties Tab

2.1.8 Auto Installation

2.1.8.1 Overview

SUSE Manager uses cobbler to set up PXE and auto installation methods for provisioning. However, if you manually administer cobbler from the command line, SUSE Manager knows what has and has not been configured via the SUSE Manager Web interface, and the Web interface will show the changes. But it will also show that they are not managed by SUSE Manager and will not allow you to edit or change the settings. Therefore, it is recommended to set up your environment through the Web interface.

To set up SUSE Manager for the auto installation or provisioning, you need to perform the following steps (which will be outlined in detail in the following sections):

  1. Configure your DHCP server for PXE booting (the example given is for a Windows Server based DHCP server).

  2. Perform various cobbler setup actions from the command line.

  3. Make the installation files of your Linux distribution available somewhere on the SUSE Manager server’s file system.

  4. Perform the remaining auto installation setup items via the SUSE Manager Web interface.

2.1.8.2 DHCP Server Setup

These are the steps you need to perform to set up the DHCP server:

  1. Open the Server Manager on the DHCP Server

    1. Select DHCP Server

    2. Select 'server_name'

    3. Select IPv4

    4. Select Scope

    5. Select Scope Options

    6. Right-click in the Options page and select Configure options...

  2. Check option 066 and set it to the IP address of the TFTP server (the SUSE Manager server in this case)

  3. Check option 067 and set it to pxelinux.o

2.1.8.3 Cobbler Setup

Run the command cobbler check from the command line and take care of any potential configuration items returned by this command. Here are the items in the list that you will need to set up:

  • Pull in various PXE loaders via

    • cobbler get-loaders

  • Change the default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) by executing the following steps:

    1. Execute the command

      openssl passwd -1 -salt 'r4nd0WPA$$wordpassphrase' 'PA$$word'

      to get the hashed value for the password given. It will look similar to the following:

      $1$r4nd0WPA$ARWps.KUMHpz/DcckxJmj0

    2. Add the generated string from the command above to the cobbler settings file:

      /etc/cobbler/settings

    3. You can edit the file using the command:

      vim /etc/cobbler/settings

  • TFTP server. SUSE Manager has atftpd installed by default (use the default, apparently it comes with KIWI build system integration).

    • Enable the TFTP daemon to start by default via

      • chkconfig atftpd on

  • Enable rsync

    • Change the disable line to no instead of yes in /etc/xinetd.d/rsync using the command

      vim /etc/xinetd.d/rsync

  • Restart and synchronize cobbler using the following commands:

    • /etc/init.d/cobblerd restart

    • cobbler sync

2.1.8.4 Prepare the System for Serving Distribution Trees

On SUSE Manager server, make sure /etc/hosts references the external IP address for the host name, not a loopback address (for example 127.0.0.1). If this isn't done, SUSE Manager creates references to 127.0.0.1 when setting up the PXE configuration. This obviously wouldn't work if a client tried to access the Kickstart/AutoYaST files on localhost.

Before making the distribution tree, check whether the system is subscribed to any tools channel. If it is not subscribed, issue the following command mgr-ncc-sync -l in the SUSE Manager server system and check the available channels.

Follow the instructions presented on the screen and add the tools channel database to your SUSE Manager server using the command mgr-ncc-sync -c plus the tools channel name.

Subscribe the system for which you want to perform automated installation to the tools channel. During automated installation the system needs some tools like Spacewalk-Koan, which are provided by the tools channel.

2.1.8.5 Making SUSE Linux Enterprise Server Installation Files Available on the File System

Before making the distribution files, enable the Provisioning entitlement on the system using the SUSE Manager Web UI. Select the system you want to enable for Provisioning entitlement and go to Details. Select Properties, check the Provisioning add-on entitlement and click the Update Properties button. There are two options for making the SUSE Linux Enterprise Server installation files available on the SUSE Manager server. Either copy the files from the ISO image or a CD to a location on the file system or just mount the SUSE Linux Enterprise Server installation ISO to a location on the file system.

  • Option 1:

    Copy the contents of the installation CD or DVD (the operating system which needs to be installed) to any location in SUSE Manager. If you have an .iso file then mount that image using the command mount –o loop followed by the source path (path of .iso file) and the destination path (mounting point). Before that you need to create a mount point using the command mkdir /mnt/ followed by the name of your mounting point.

    • Put the the files into /storage/dist/ followed by the distribution name using the command cp –R /mnt/ followed by the mounting point name and the destination path (your location of Distro). Do not put them in /srv/www/cobbler as the files will be erased on a cobbler synchronization initiated from the SUSE Manager Web interface (which synchronizes the settings from the SUSE Manager database onto the cobbler setup on the file system, erasing any manual changes in the process).

  • Option 2: Mount ISO image

    • Copy a SUSE Linux Enterprise Server installation ISO into /storage/iso/

    • Create a mount point

    • Mount the ISO by default in /etc/fstab

      • /storage/iso/SLES-11-SP1-DVD-x86_64-GM-DVD1.iso /mnt/sles11-sp1-x86_64-iso udf,iso9660 user,loop,ro 0 0

      • /storage/iso/rhel-server-6.1-x86_64-dvd.iso /mnt/rhel61-x86_64-iso udf,iso9660 user,loop,ro 0 0

      • Run mount -a after the change to fstab to activate the change

2.1.8.6 Creating Distributions Using the SUSE Manager Web UI

Auto installation distributions need to be created before creating an auto installation profile. Remember that SUSE Manager automatically copies kernel and initrd images in place from the installation tree (ISO image tree). It also makes the installation tree available via HTTP, which means the installation files can be placed anywhere on the server.

  • Create the auto installation distribution. Go to the Web interface, then to Systems, choose Autoinstallation, and then Distributions.

    • For the tree path, provide the local directory on the server where the ISO installation files are located (for example /storage/dist/rhel61-x86_64). Do not worry about setting up Apache to serve the installation trees. SUSE Manager will take care of making the local directory available via HTTP.

    • Leave the kernel options blank. SUSE Manager will automatically populate this for SUSE Linux Enterprise Server systems. For Red Hat Enterprise Linux systems, SUSE Manager will not automatically populate it (but the information does not seem to be important anyhow).

  • Create the automatic installation profile.

Note
Note: Cobbler Equivalent

In the SUSE Manager Web interface, there is a mapping to the cobbler command line equivalent:

  • If you go to the Web interface, choose Systems, then Auto Installation, and then Distributions, you get the equivalent to Cobbler Distro .

    This essentially copies the kernel and initrd images from the installation tree to /srv/tftpboot/images. Keep in mind that this step does not yet create a PXE entry. That happens only when a cobbler profile is created.

  • If you go to the Web interface, choose Systems, then Auto Installation and then Profiles, you get the equivalent to Cobbler Profile .

    This step creates entries in the PXE boot menu. Multiple profiles can use the same underlying distro (kernel and initrd).

2.1.8.7 Auto Installation Using Kickstart Profiles
Important
Important

Refer to Section 2.1.8.1, “Overview” before proceeding. If you encounter issues in setting up the system for auto installation, refer to Section 3, “Troubleshooting Tips”.

The Provisioning service is designed to allow you to deploy and manage your network of SUSE Linux Enterprise systems and Red Hat Enterprise Linux systems.

Like the SUSE Manager subscription service, which allows you to manage your network of SUSE Linux Enterprise systems, Red Hat Enterprise Linux systems, users, and system groups, provisioning is also based on an organization which contains a network of SUSE Linux Enterprise systems, Red Hat Enterprise Linux systems, users, and system groups.

It takes this concept a step further by enabling you with provisioning entitlements to autoinstall using Kickstart profiles. Kickstart profiles are the recipes that allow the installer to install the system with all of the configurations that the user wants. They reside in a predefined path in the SUSE Manager system. At the time of autoinstallation, the client system accesses that file and installs the system according to that configuration.

The Provisioning tab and its subtabs allow you to schedule and monitor Kickstart installations. The subtabs are further divided into a Schedule and a Status subtab.

2.1.8.8 Scheduling Auto Installation

The tab Schedule allows you to schedule an auto installation for a system using a Kickstart profile. Choose from the list of available profiles, select a time for the autoinstallation to begin, and click the Schedule Autoinstall and Finish buttons to schedule the autoinstallation.

Scheduling Auto-Installation Using Patch Management
Figure 18: Scheduling Auto-Installation Using Patch Management
  • The grid consists of the following columns:

    • KickstartProfileLabel: provides the label of the Kickstart profile

    • KickstartTreeLabel: provides the label of the Kickstart distribution tree

    • KickstartProfileName: provides the name of the Kickstart profile

    • IsAdvancedMode: states true or false according to whether the profile is using advanced options or not

    • IsOrgDefault: states true or false

    • IsActive: states true or false according to whether the profile whether it is active or not

Kickstart Profiles for Provisioning in Patch Management
Figure 19: Kickstart Profiles for Provisioning in Patch Management

The tab Status tracks the progress of previously scheduled auto installations, stating whether they are completed or failed and giving additional information.

  • The grid consists of the following columns:

    • Id: provides the ID of the event

    • Name: provides the name of the event

    • ActionType: provides the type of action the event is going to perform

    • Version: provides the version number

    • SchedulerUser: provides the scheduler user information

    • CreatedDate: provides the date of creation

    • EarliestAction: provides the earliest expected time of picking up the action

    • ModifiedDate: provides the modified date when it exceeds the EarliestAction time

    • PickupDate: provides the actual pickup date

    • Result: provides the result after completion of the event

    • FailedCount: provides the count of failed systems

    • SuccessCount: provides the count of successfully completed systems

Provisioning Status Information in Patch Management
Figure 20: Provisioning Status Information in Patch Management

2.1.9 Configuration Management

2.1.9.1 Enabling Remote Command Execution

To enable remote command execution (configuration feature) in the client system, the following steps must be performed:

  1. First make sure the client system is up to date and has all relevant patches and packages installed. Check the Relevant patches tab and the Upgradable packages tab under the Systems tab. If there are still some items in the list then apply those patches and packages.

  2. In the client system, check whether the Rhncfg packages are installed. In the terminal window, type the command rpm –qa|grep rhncfg.

  3. If the packages are already installed then the system should display the following packages with their version number:

    rhncfg-management

    rhncfg-actions

    rhncfg

    rhncfg-client

  4. In the SUSE Manager Web UI select the Configuration tab. In the Configuration section, there is a table named Configuration Actions. From that table select Enable Configuration Management On Systems. From the list of systems, select the system on which you want to install the packages and click the Enable SUSE Manager Configuration button.

    Enabling SUSE Manager Configuration Feature in SUSE Manager Web UI
    Figure 21: Enabling SUSE Manager Configuration Feature in SUSE Manager Web UI
  5. If the step described above does not work, you need to install the missing packages by moving to the Installable packages tab (go to System and choose Installable packages). Refer to Section 3, “Troubleshooting Tips” if you are facing any problems.

  6. After installing these packages, run the command rpm –qa|grep rhncfg and make sure you get the installed packages list as shown in step 3.

  7. Next log in to the SUSE Manager server system as root and add the following file to the local SUSE Manager configuration directory: allowed-actions/script/run.

    1. Create the necessary directory on the target system:

      mkdir -p /etc/sysconfig/rhn/allowed-actions/script

    2. Create an empty run file in that directory which acts as a flag to SUSE Manager signaling permission to allow remote commands:

      touch /etc/sysconfig/rhn/allowed-actions/script/run

  8. Run the following commands from the terminal of the target system:

    1. First run rhn_check.

    2. After that run one of the following:

      for Red Hat Enterprise Linux systems

      rhn-actions-control --enable-all

      and for SUSE Linux Enterprise Server systems

      rhn-actions-control --enable-all

      or

      Mgr-actions-control --enable-all

    3. Make sure you get the following result when you issue the command rhn-actions-control --report:

      sles11sp2x64-om2012-sm17:/ # rhn-actions-control --report
      deploy is enabled
      diff is enabled
      upload is enabled
      mtime_upload is enabled
      run is enabled
      sles11sp2x64-om2012-sm17:/ #
    4. Run the command cd /etc/sysconfig/rhn/allowed-actions/configfiles.

      In the above-mentioned directory you should now see a file named all.

    5. Check if you have properly executed the above commands by entering the command rhncfg-client listin the terminal window.

      It should display the list of configuration channels with the configuration files to which that target system is subscribed, similar to the below:

      sles11sp2x64-om2012-sm17:/ # rhncfg-client list
      DoFoS       Config Channel   File
      F   testsandboxchannel     /etc/ldapnew.conf
      sles11sp2x64-om2012-sm17:/ #

      After installing these packages and creating the necessary folders try issuing a remote command providing the necessary inputs and scripts in the text boxes provided in the Remote Command tab. Refer to Section 3, “Troubleshooting Tips” if you are facing any problems.

  9. For creating the configuration channels and adding configuration files in the SUSE Manager Web UI, please refer to the SUSE Manager Installation and Troubleshooting Guide at https://www.suse.com/documentation/suse-manager-3/singlehtml/suse_manager21/book_susemanager_install/book_susemanager_install.html.

2.1.9.2 Deploying Configuration Files Using Configuration Channels

To enable Configuration File deployment in the client system follow the steps provided in Section 2.1.9, “Configuration Management”. For more information on troubleshooting refer to Section 3, “Troubleshooting Tips”.

In Configuration Channels, you can check configuration channels and files, centrally or limited to a single system. Centrally-managed files are available to multiple systems; changes to a single file affect all these systems. Each system with a lifecycle entitlement has also a local configuration channel, sometimes referred to as an override channel, and a sandbox channel. Deploy the configuration files to a system using configuration channels related to that system. To manage a system's configuration with SUSE Manager, it must have the appropriate tools and the config-enable file installed.

When a system is selected in the Systems tab, you can see the channels to which the system is subscribed and the related details of each channel in a separate panel.

  • The configuration channel grid shows the following details:

    • Channel Name: provides the name of the channel

    • Channel Label: provides the label information of the channel

    • Total files: provides the total number of files available on the configuration channel

    • Rank: provides the rank of the channel when a system is subscribed to more than one channel

    Configuration Channels - Deploying Configuration Files
    Figure 22: Configuration Channels - Deploying Configuration Files
  • Each channel has associated information which is shown in four separate tabs as follows:

    • Channel Properties: provides the properties of the channel, such as Description, OrgId, Number of systems subscribed, etc.

    • Centrally-Managed Files: provides the details of the centrally-managed files

    • Local Sandbox Files: provides the details of the local configuration files which override the centrally-managed files

    • Subscribed Systems: provides details of the systems which are subscribed to that channel

2.1.10 Rebooting and Running Remote Command

To enable Rebooting and Remote Script Scheduling in the target system follow the steps provided in Section 2.1.9, “Configuration Management”. For more information on troubleshooting refer to Section 3, “Troubleshooting Tips”.

The subtab Remote Command allows you to execute a remote command on any Linux client system by writing scripts in the Operations Console and executing them on remote client systems via scheduling. Before doing so, you must configure the system to accept remote commands (this is explained later in this section). This subtab also allows you to reboot a system.

The following is an example of how to write a script to create a directory on a remote client by using Remote Command:

#!/bin/sh

mkdir /root/MyDirectory

Check the Run Remote Command option. In the panel, enter the user, group, and timeout details (the definitions of these inputs are explained next). Copy the above script and paste it into the Script text box. Schedule the selected action by clicking on Schedule Remote Command.

The execution of the above script will create a directory named MyDirectory located in the root directory of the client system.

Executing Remote Script Using Patch Management
Figure 23: Executing Remote Script Using Patch Management

The option Running Remote Command requires some more information to be submitted for processing the action:

  • Run as user: requires the user name for the system on which you are issuing the remote command for the system entry

  • Run as group: requires the group name to which the user belongs

  • Timeout: requires the time interval for the command for timing out the execution on the client system

  • Script: requires to enter into the text box the script which is going to be executed on the client system

The option Reboot System just requires the selection of the system to reboot and to schedule.

Rebooting System using Patch Management
Figure 24: Rebooting System using Patch Management

2.2 Patches

The Patches tab displays a list of all patches that are published to channels that are subscribed to the systems in SUSE Manager.

You can access the Patches tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Patches tab.

  • The main grid consists of the following columns:

    • ID: provides the ID of the patch

    • Advisory: provides the advisory of the patch

    • Synopsis: provides the synopsis of the patch

    • Type: provides the type of the patch which may be it is Bug fix advisory or Product enhancement or Security advisory

    • UpdateDate: provides the updated date of the patch

  • Under the Patches tab, there is also displayed a Detailed View tab. When a patch is selected the relevant data will be populated in the following grids:

    • Patch Details: details of the selected patch

    • CVEs: CVEs of the selected patch

    • Affected Systems: systems that are affected by that selected patch

    • Related Packages: information about related packages

Patches Overview
Figure 25: Patches Overview

2.2.1 Patch Details

The Patch Details tab displays all relevant details of the selected patch.

You can access the Patch Details tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Patches tab, and go to the Patch Details tab.

Patch Details
Figure 26: Patch Details

2.2.2 Applying Patches to Affected Systems

The Affected Systems tab displays all systems that are affected by the selected patch.

You can access the Affected Systems tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Patches tab, and go to the Affected Systems tab.

  • The grid consists of the following columns:

    • SystemId: provides the ID of the Linux server

    • System Name: provides the name of the Linux server

    • Status: provides the status, which may be critical, warning, or healthy

    • Available Patches: provides the patches available to a system

    • Available Packages: provides the patches available to a system

  • You can apply a patch to a particular affected system by clicking the Apply Patch button. After clicking that button, a pop-up window opens with two options to confirm the date and time of the patch that needs to applied. The options are:

    • Schedule action as soon as possible

    • Schedule action for no sooner than

    Upon confirmation, the particular patch will be scheduled for the update to the selected system.

Affected Systems Details
Figure 27: Affected Systems Details

2.2.3 CVEs (Common Vulnerabilities and Exposures)

CVEs is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known cyber security issues. The goal of CVEs is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with a common enumeration. You can find more information about the CVE project at http://cve.mitre.org.

The CVEs tab displays the Common Vulnerabilities and Exposures (CVEs) and their related information.

You can access the CVEs tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Patches tab, and go to the CVEs tab.

CVEs Details
Figure 28: CVEs Details

2.2.4

The Related Packages tab displays all information about related packages of the patch currently selected in the Patches tab in a detailed view.

You can access the Related Packages tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Patches tab, and go to the Related Patches tab.

Related Packages Details
Figure 29: Related Packages Details

2.3 Schedule

The Schedule tab enables you to track the actions carried out on your systems. An action is a scheduled task to be performed on one or more client systems. For example, an action can be scheduled to apply all patches to a system.

You can access the Schedule tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, and click the Schedule tab.

  • The Schedule tab consists of the following subtabs:

    • Completed Actions: displays the list of actions successfully carried out

    • Pending Actions: displays actions not yet started or still in progress

    • Failed Actions: displays whether an action cannot be completed and returns an error

    • Archived Actions: displays (completed or failed) selected actions to be stored for review

  • The grid for all subtabs consists of the following columns:

    • ID: provides the ID of the patch or package which is scheduled

    • Name: provides the name of the patch or package which is scheduled

    • Type: provides the type of action, whether it is a package install or a patch update

    • Scheduled By: provides details about who scheduled the event

    • Scheduled Time: provides the scheduled time

    • Completed Systems: provides the list of systems that completed the scheduled events

    • Failed Systems: provides the list of systems that failed the scheduled events

    • In Progress Systems: provides the list of systems whose scheduled events are in progress

  • A Detailed View is also displayed under this tab. When an action is selected the relevant data will be populated in the following grids

    • Completed Systems

    • In Progress Systems

    • Failed Systems

2.3.1 Completed Actions

The Completed Actions tab displays the list of completed actions successfully carried out.

You can access the Completed Actions tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Schedule tab, and go to the Completed Actions tab.

Completed Actions Details
Figure 30: Completed Actions Details

2.3.2 Failed Actions

The Failed Actions tab displays the list of actions that could not be completed and failed during execution.

You can access the Failed Actions tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Schedule tab, and go to the Failed Actions tab.

Failed Actions Details
Figure 31: Failed Actions Details

2.3.3 Rescheduling Failed Actions

You can reschedule failed actions. To do so, go to the Failed Actions tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Schedule tab, and go the Failed Actions tab.

Rescheduling Failed Actions
Figure 32: Rescheduling Failed Actions

Here you get an overview of all failed actions.

Select the actions you want to reschedule and click the Reschedule Action button. After successful rescheduling, you can check the rescheduled actions in the Pending Actions tab.

2.3.4 Pending Actions

The Pending Actions tab displays the list of actions not yet started or still in progress.

You can access the Pending Actions tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Schedule tab, and go to the Pending Actions tab.

Pending Actions Details
Figure 33: Pending Actions Details

2.3.5 Canceling Pending Actions

You can cancel pending actions. To do so, go to the Pending Actions tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Schedule tab, and go to the Pending Actions tab.

Here you get an overview of all pending actions.

Select the actions you want to cancel and click the Cancel Actions button as shown on the screenshot above to cancel the selected actions. Canceled actions are not listed anywhere.

2.3.6 Completed Systems

The Completed Systems tab displays the list of completed systems for the selected scheduled action in the Completed Actions or Archived Actions tab. Select any completed action from the Completed Actions or Archived Actions tab and view the completed system details in the Completed Systems tab.

You can access the Completed Systems tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Schedule tab, and go to the Completed Systems tab.

  • The grid consists of the following columns:

    • Server ID: provides the ID of the Linux server

    • Server Name: provides the name of the Linux server

    • Base Channel: the primary channel for the system based upon its operating system

    • Time Stamp: provides the timestamp of when the event completed

    • Message: provides any message displayed to the user

Completed Systems Details
Figure 34: Completed Systems Details

2.3.7 In Progress Systems

The In Progress Systems tab displays the list of in-progress systems, for the selected pending action. Select any pending action from the Pending Actions tab and view the in-progress system details in the In Progress Systems tab.

You can access the In Progress Systems tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Schedule tab, and go to the In Progress Systems tab.

  • The grid consists of the following columns:

    • Server ID: provides the ID of the Linux server

    • Server Name: provides the name of the Linux server

    • Base Channel: the primary channel for the system based upon its operating system

    • Time Stamp: provides the timestamp of when the event completed

    • Message: provides any message displayed to the user

In Progress Systems Details
Figure 35: In Progress Systems Details

2.3.8 Failed Systems

The Failed Systems tab displays the list of failed systems for the selected failed action. Select any failed action from the Failed Actions or Archived Actions tab and view the failed system details in the Failed Systems tab.

You can access the Failed Systems tab through the following path:

Open the Microsoft System Center Operations Manager Operations console, click Patch Management, click the Schedule tab, and go to the Failed Systems tab.

  • The grid consists of the following columns:

    • Server ID: provides the ID of the Linux server

    • Server Name: provides the name of the Linux server

    • Base Channel: the primary channel for the system based upon its operating system

    • Time Stamp: provides the timestamp of when the event completed

    • Message: provides any message displayed to the user

Failed Systems Details
Figure 36: Failed Systems Details

2.4 Common Features

Patch management provides several additional options. Sorting and filtering functions are available for all the grids in all tabs except for the following subtabs:

  • Package Details

  • Patch Details

  • Change Log

  • Channel Properties

  • Kickstart Profile Details

  • System Properties

  • The Sort function is implemented in all the grids of the Patch Management page. All the records in the grid will be sorted according to the filter option that is selected by checking the column name in the filter list and applying the filter.

    Record Sorting and Page Refresh
    Figure 37: Record Sorting and Page Refresh

    You can refresh the entire view or page by clicking the Refresh icon in the top-right corner of each main tab as shown in the above screenshot. All records are reloaded into the grid from the SUSE Manager Server.

  • The Filter function is provided in all grids of the Patch Management page. You can filter the records of each column with a matching filter criterion. By default the first column in the grid is considered for filtering of all the records. By moving the mouse over the filter icon, a context menu appears which allows you to change the column selection for filtering. After selecting the filter column, enter your search text in the filter text box. Click on the Search icon to filter the records in the grid. To remove the filter criteria, clear the filter text box.

    Record Filtering
    Figure 38: Record Filtering
  • By default all grids are enabled with a page navigation on the Patch Management page. All grids contain 100 records per page by default. At any point in time you can navigate to any of the following pages:

    • next page (>)

    • last page (>>|)

    • previous page (<)

    • first page (|<<)

  • If you select any row or any cell in a grid and right-click on it, a context menu appears which contains the options Copy, Export, Refresh, and Properties.

    Additional Options
    Figure 39: Additional Options
    • By using the Copy option you can select a portion of data manually, copy the selected portion of content, and paste it anywhere.

    • By using the Export option you can export the values of the entire grid to an Excel sheet by providing the path.

      Important
      Important: Prerequisites for Enabling the Export Functionality
      • Microsoft Office 2010 or later must be installed in the Microsoft System Center Operations Management system.

      • Check the path C:\Windows\assembly for the Microsoft.Office.Interop. Excel” assembly with the version 14.0.0.0. By default version “14.0.0.0” will be placed automatically in the folder “C:\Windows\assembly” on installation of Office 2010.

    • By selecting the Refresh option the entire grid view is refreshed. This means it is reloading the entire data grid by collecting the data from the server.

    • By using the Properties option you can check the properties of a particular system, package, patch, profile, or channel, depending on the selection.

3 Troubleshooting Tips

3.1 Auto Installation Issues

  • If you are getting any dependency problems, before rescheduling make sure the system is up to date with all relevant patches installed. Otherwise it will cause dependency problems for installing other packages or patches.

  • If you face any errors after scheduling the auto installation, check the message for the cause in the Schedule section.

    In the /var/log/ path check the up2date file for complete information about the issue using the task pick up time and date.

    See the sample screenshot of an up2date file for an issue below.

    Screenshot up2date File
    Figure 40: Screenshot up2date File
  • Follow the steps given in the description to resolve the issue. Manually download the packages which have dependency problems by selecting the packages from the SUSE Manager UI or from the Internet, if they are not available from SUSE Manager Installable Packages. Try to install those packages manually using zypper install <package name>(for SUSE Linux Enterprise Server) or yum install <package name>(for Red Hat Enterprise Linux) commands.

    Important
    Important: SUSE Manager Documentation

    Refer to the SUSE Manager documentation Installable packages in the Web interface at https://www.suse.com/documentation/suse-manager-3/book_suma_reference_manual_3/data/book_suma_reference_manual_3.html.

  • If you do not find any description regarding that issue, check other log files in the /var/log path and try to find the data relating to that issue using the task pickup date and time value.

  • If you get a message Internal server problems while creating the distribution tree, free up space by deleting unnecessary files and folders from your SUSE Manager server system.

  • If you are getting an initrd not found in the specified path error message while creating Kickstart profiles or AutoYaST profiles, check the distribution tree path you provided and the version of architecture the distribution contains.

  • If your system could not register even after performing an auto installation using an AutoYaST profile, try manually using the following command in the target or client system:

    curl –Sks https://Server_hostname/pub/bootstrap/bootstrap_edited.sh |/bin/bash

    Replace Server_hostname with your SUSE Manager server host name.

3.2 Run Remote Command Issues

  • Refer to the SUSE Manager documentation at https://www.suse.com/documentation/suse-manager-3/for more information on bootstrap and registering a client to a SUSE Manager server.

  • If you are getting errors while installing the rhncfg packages check the message in the Failed systems tab under the Schedule tab.

  • If you are getting any error message regarding the rhn-setup-gnome dependency, check if you have installed a package version newer than the version mentioned in the error message. If the version is older, try installing the newer version. After that try installing the rhncfg packages. If the installed version is already newer than the version mentioned in the error message, or if you still get the same message after installing the newer version, remove the package using the Removable packages tab under the Systems tab in the Operations console.

    Screenshot Error Message
    Figure 41: Screenshot Error Message
  • If you are getting any error message regarding the rhn_register package dependency, follow the below-mentioned procedure.

  • When a Red Hat Enterprise Linux System is subscribed to SUSE Manager, usually the Spacewalk tools override the rhn_register package. If that is not happening and if you are still able to find rhn_register after being subscribed to SUSE Manager, use the following procedure to ensure the system will not make use of rhn_register.

  • Use the following command to find the rhn_register package in Red Hat Enterprise Linux systems (this is not required for SUSE Linux Enterprise systems):

    locate rhn_register

    You will get the result with the files in the following folders:

    • /usr/bin/

    • /usr/sbin/

    • /usr/share/firstboot/modules/

    Just rename the files using the mv as shown below.

    mv rhn_register rhn_register1

    Use the mv to rename all the files with an rhn_register name such as

    • rhn_register

    • rhn_register.py

    • rhn_register.pyo

    • rhn_register.pyc

4 Appendix

The SUSE Manager Management Pack allows scheduling the same package(s) multiple times to a single system. All other scheduled actions will be canceled if the first scheduled action completes successfully.

Print this page