Linux Agent Installation

Agent support is provided for the following Linux flavors: Fedora, RHEL, Ubuntu, Debian, Suse and Suse Enterprise

 

Pre-requisites for SapphireIMS agent installation in linux machines:

 

Limitations / Workaround

Limitation: Linux agent deployment (or agentless node discovery using SSH) may fail if the target system has OpenSSL version later than 1.0.1f

 

Workaround 1: Use the latest version of SapphireIMS SSH client binaries. Please contact SapphireIMS support team to obtain the latest version of SSH client binaries. Copy the obtained binaries to the following path on the SapphireIMS server.

<SAPPHIREIMS_SERVER_INSTALLED_PATH>\ConsoleManagement\bin\

 

Download link for SSH Client binaries:

http://sapphireims.com/patches/4.0/SSH_Client_bins.zip

 

Workaround 2: Manually install the Linux agent on the target system (Please refer to the Installation section for details).

 

Limitation: Patch Management on RHEL systems may not work if Red Hat subscription management service on target system is migrated from Red Hat Network (RHN) to Red Hat Subscription Management (RHSM).

 

Workaround: Currently there is no workaround available. Fix for the issue is under development and shall be made available in the subsequent patch of SapphireIMS.

 

Installation

 

The unarchive command will extract the following files into the same directory

 

sh sapphire_agent_install.sh –installloc /opt –server 172.16.11.66 –port  80  –username  sapphire –password  XXX

 

sh sapphire_agent_install.sh –sudo –installloc /opt –server 172.16.11.66 –port  80 –username  sapphire –password XXX

 

Note.gifNote: Contact SapphireIMS support to obtain the agent installation password.

 

After successful installation SapphireIMS agent will automatically be discovered by the SapphireIMS server

The following options are supported by SapphireIMS agent installer:

 

Usage: sh sapphire_agent_install.sh <-sudo|-nosudo> <-install|-reinstall> -loc <install_path> -server <ServerIP/Hostname> -port <port> -ssl <1-https 0-http> -username <Username> -password <Password>  -proxyip <ProxyIP/Hostname> -proxyport <Proxy Port> -proxyusername <Proxy Username> -proxypassword <Proxy Password> -proxyssl <1-https 0-http> -ou <Organization Unit> -tag <Asset Tag> -customername <customer name> -siteid <site id>

where

-sudo|-nosudo is an optional argument; default -nosudo

-install|-reinstall is a mandatory argument

-loc is a mandatory argument which specifies the installation location

-server is a mandatory argument which specifies the SapphireIMS server ip or hostname

-port is a mandatory argument which specifies the SapphireIMS server port

-username is a mandatory argument and specifies the SapphireIMS server username for agent communication

-password is a mandatory argument which specifies the SapphireIMS server password for agent communication

-ssl is an optional argument which specifies the ssl status of the SapphireIMS server; default value: 0

-proxyip is an optional argument which specifies the proxy server ip or hostname

-proxyport is an optional argument which specifies the proxy server port

-proxyusername is an optional argument which specifies the proxy server username

-proxypassword is an optional argument which specifies the proxy server password

-proxyssl is an optional argument which specifies the ssl status of the proxy server; default value: 0

-ou is an optional argument which specifies the Organization Unit

-tag is an optional argument which specifies the Asset Tag

-customername is a mandatory argument which specifies the customer name (for SapphireIMS SaaS only)

-siteid is a mandatory argument which specifies the site id (for SapphireIMS SaaS only)

 

Uninstallation

service SapphireIMSAgent <-sudo|-nosudo> uninstall

 

In case of failure, the SapphireIMS agent may also be uninstalled using the following command:

/etc/init.d/SapphireIMSAgent < -sudo|-nosudo > uninstall

 

Note: <-sudo|-nosudo> is an optional parameter; if not passed then value provided during agent installation is considered.

After successful uninstallation, you will find a message similar to “SUCCESS: SapphireIMS agent uninstall is completed.” printed on the terminal.

 

Useful Commands

Usage: /etc/init.d/SapphireIMSAgent <-sudo|-nosudo> {start|stop|status|restart|repair|uninstall}

Note1: <-sudo|-nosudo > is optional, will be considered only during uninstall.

Note2: If other user (who has not installed the SapphireIMS agent) is trying to perform start/stop/restart the SapphireIMSAgent service, it will ask for the password of the user who has installed the SapphireIMS agent

 Command: <etc/init.d/SapphireIMSAgent getpath>

 

Command list for sudo user

SapphireIMS needs sudo privilege for the following commands:

/bin/mkdir, /bin/tar, /bin/mv, /bin/find, /bin/kill, /usr/bin/test, /bin/cp, /bin/ls, /bin/chmod, /bin/chown, /sbin/chkconfig, /usr/sbin/update-rc.d, /bin/rm, /usr/sbin/dmidecode, /usr/sbin/rhn_check, /sbin/ethtool, /usr/sbin/smartctl, /dev/mem, /etc/init.d, /sbin/ifconfig, /usr/bin/test, /usr/bin/crontab, /usr/bin/unzip, /bin/ls, /usr/bin/apt-get, /usr/bin/yum, /usr/bin/zypper, $$TEMP_SCRIPT_COPY_LOCATION$$, $$LINUX_AGENT_INSTALL_PATH$$, $$LINUX_AGENT_INSTALL_PATH$$/SapphireIMSAgent/scripts/lshw

 

Note: 

1)      TEMP_SCRIPT_COPY_LOCATION and LINUX_AGENT_INSTALL_PATH are global settings on the server. Default values for above settings are ‘/var/tmp’ and ‘/opt’ respectively.

2)      TEMP_SCRIPT_COPY_LOCATION is the path where SapphireIMS agent installer files will be copied. LINUX_AGENT_INSTALL_PATH is the path where SapphireIMS agent files will be copied. User installing the SapphireIMS agent should have read/write permission to both the directories.

3)      Above mentioned command paths may differ on different flavors of Linux. Before adding the commands to the sudoers file, verify that provided command paths are valid.

 

E.g.  If TEMP_SCRIPT_COPY_LOCATION is ‘/var/tmp’ and LINUX_AGENT_INSTALL_PATH is ‘/opt’, then the sudo command list will be as follows:

/bin/mkdir, /bin/tar, /bin/mv, /bin/find, /bin/kill, /usr/bin/test, /bin/cp, /bin/ls, /bin/chmod, /bin/chown, /sbin/chkconfig, /usr/sbin/update-rc.d, /bin/rm, /usr/sbin/dmidecode, /usr/sbin/rhn_check, /sbin/ethtool, /usr/sbin/smartctl, /dev/mem, /etc/init.d, /sbin/ifconfig, /usr/bin/test, /usr/bin/crontab, /usr/bin/unzip, /bin/ls, /usr/bin/apt-get, /usr/bin/yum, /usr/bin/zypper, /var/tmp, /opt, /opt/SapphireIMSAgent/scripts/lshw

 

Sudoers File Changes

In sudoers file (/etc/sudoers), make sure that the following changes are done.

1)      The line "Defaults requiretty" should be commented out as follows.

#Defaults requiretty

2)      Set !requiretty for sudo user by adding the following line.

Defaults:<user> !requiretty

e.g. If the user name is ‘monitor’

Defaults:monitor !requiretty

3)      Create a command alias for all the commands (command list for which sudo privilege is needed by SapphireIMS) by adding the following line.

Cmnd_Alias LINUXAGENT = /bin/mkdir, /bin/tar, /bin/mv, /bin/find, /bin/kill, /usr/bin/test, /bin/cp, /bin/ls, /bin/chmod, /bin/chown, /sbin/chkconfig, /usr/sbin/update-rc.d, /bin/rm, /usr/sbin/dmidecode, /usr/sbin/rhn_check, /sbin/ethtool, /usr/sbin/smartctl, /dev/mem, /etc/init.d, /sbin/ifconfig, /usr/bin/test, /usr/bin/crontab, /usr/bin/unzip, /bin/ls, /usr/bin/apt-get, /usr/bin/yum, /usr/bin/zypper, /var/tmp, /opt, /opt/SapphireIMSAgent/scripts/lshw

4)      Enable no password option for the command alias by adding the following line.

<user> ALL=NOPASSWD: <command alias>

e.g. If sudo user is ‘monitor’ and command alias is ‘LINUXAGENT’

monitor ALL=NOPASSWD: LINUXAGENT