Monitoring Linux with SCOM 2012 R2 – Part 2: Configure SCOM For Monitoring Linux

In our last post, we went through the Installation and Configuration of a Linux Virtual Machine. In this part, we will configure System Center Operations Manager (SCOM) to be prepared to monitor UNIX / Linux systems. To accomplish this, we will need to setup a Resource Pool, import the appropriate Management Packs, Configure Name Resolution, and Configure/Assign RunAs Accounts. Let’s get started.

 

Create A Resource Pool

Log on to the Operations console with an account that is a member of the Operations Manager Administrators role.

Click Administration.

Create Resource Pool - 01 - Administration

In the navigation pane, click Resource Pools.

Create Resource Pool - 02 - Resource Pools

In the Tasks pane, click Create Resource Pool.

Create Resource Pool - 03 - Create Resource Pool

In the Create Resource Pool wizard, on the General Properties page, enter a name and, optionally, a description for the resource pool, and then click Next.

Create Resource Pool - 04 - Resource Pool Wizard - General Properties

On the Pool Membership page, click Add.

Create Resource Pool - 05 - Resource Pool Wizard - Pool Membership

In the Member Selection window, enter text to filter the search results if desired, and then click Search. If you click Search without entering anything in the filter field, all available management servers will be displayed.

In Available items, select the servers that you want in the resource pool, click Add, and then click OK.

Click Next.

Create Resource Pool - 06 - Resource Pool Wizard - Member Selection

On the Summary page, review the settings and then click Create.

Create Resource Pool - 07 - Resource Pool Wizard - Summary

When the wizard completes, click Close.

Create Resource Pool - 08 - Resource Pool Wizard - Completion

 

 

Import UNIX and Linux Management Packs

The UNIX and Linux Operating Systems Management Packs enable discovering, monitoring, and managing UNIX and Linux computers with System Center Operations Manager. They provide both proactive and reactive monitoring of the UNIX and Linux operating systems.

In the SCOM Console, navigate to the Administration workspace.

Create Resource Pool - 01 - Administration

Right-click on the Management Pack item in the navigation pane, and choose ‘Import Management Packs’. This will cause the Import Management Packs wizard to launch.

Import MP 02

In the Import Management Pack wizard, click the Add button. You will be presented with 2 options, ‘Add From Catalog’ and ‘Add From Disk’. The ‘Add From Catalog’ option will enable you to search the catalog directly, however, most Production systems don’t have an Internet connection, which this option requires.

Import MP 03

Therefore, we will demonstrate and choose the ‘Add From Disk’ option. When you select this option, you will immediately receive the following prompt. Since, in Production, your server probably will not have Internet access, we will choose ‘No’.

Import MP 05

Now, you will see the File Explorer dialog. From here you need to navigate to the location of the Management Pack files. You can find the UNIX and Linux Management Packs on the SCOM Source Media.

In my lab example, I have the SCOM ISO mounted to my DVD Drive as D:, so the location of my Management Packs is: D:ManagementPacks

NOTE: As of this writing, there is an update available (version 7.5.1025.0) to the existing Management Packs from the source meida, which can be found here: http://www.microsoft.com/en-ca/download/details.aspx?id=29696.

The specific .MP files that you want to import will depend on what version of UNIX or Linux you want to monitor. To start, you will want to import the “Microsofot.Linux.Library.mp”. You will also want to find the appropriate Library and Version MP files for the edition of Linux you are monitoring.

In my lab example, since I am monitoring SUSE, I will also be importing the “Microsoft.Linux.SUSE.Library.mp” and “Microsoft.Linux.SUSE.11.mpb” files.

Import Linux MPs

Once the Management Packs are displayed in the import list, click Install.

Import Linux MPs 02

After the Management Packs have been imported, click Close.

Import Linux MPs 03

NOTE: You may have to restart the following Services on the Management Server:

  • System Center Data Access Service
  • System Center Management Configuration

 

Configure Name Resolution

The SCOM Management Servers needs to be able to communicate with the Linux server. This means it needs to be able to resolve the FQDN of the Linux system, and the Linux system needs to be able to resolve the SCOM Management Server(s) FQDN.

To simplify this process in my lab, we’re going to modify the HOSTS file. On the Management Server(s), navigate to C:WindowsSystem32DriversETC and edit the HOSTS file. Note that there is no file extension on this file. The easiest way to edit the file is in Notepad.

Name Resolution - 01 - Hosts FileWhen you have the HOSTS file open in Notepad, we need to add an entry for the Linux system so that the SCOM Management Server(s) can resolve it. Once you have added the entry, save the file.

Name Resolution - 02 - Modified Hosts File

Now from the SCOM Management Server(s), ensure that you can successfully PING the name of the Linux server.

Name Resolution - 03 - PING From Management Server

Also from the Linux server, ensure that you can successfully PING the name of the SCOM Management Server(s).

Name Resolution - 04 - PING From Linux Server

 

 

Configure Run As Accounts and Profiles for UNIX and Linux

You must create Run As accounts for agent maintenance operations, and for health and performance monitoring. These Run As accounts must then be associated with the Run As profiles defined in the UNIX and Linux management packs, so they can access the agents on UNIX and Linux computers.

We need to create 3 accounts:

  • UNIX/Linux Action Account
  • UNIX/Linux Privileged Account
  • UNIX/Linux Agent Maintenance Account

UNIX/Linux Action Account

In the Operations console, click Administration.

Create Resource Pool - 01 - Administration

In Run As Configuration, click UNIX/Linux Accounts.

Linux RunAs - 01 - UNIX Linux Accounts

In the Tasks pane, click Create Run As Account.

Linux RunAs - 02 - Create Run As Account

On the Account Type page, choose the Monitoring Account option, then click Next.

Linux RunAs - 03 - Account Type

On the General Properties page, provide a name and description for the account, then click Next. The description is optional.

Linux RunAs - 04 - General Properties

On the Account Credentials page, provide account credentials that can be used for the Run As account type that you selected, then click Next.

NOTE: This account does not necessarily need to exist on the Linux system yet, and you can create it later if need be.

Linux RunAs - 05 - Account Credentials

On the Distribution Security page, select the More Secure or Less Secure option, then click Create.

Linux RunAs - 06 - Distribution Security

Once the wizard is complete, click Close.

Linux RunAs - 07 - Next Step

UNIX/Linux Privileged Account

In the Operations console, click Administration.

Create Resource Pool - 01 - Administration

In Run As Configuration, click UNIX/Linux Accounts.

Linux RunAs - 01 - UNIX Linux Accounts

In the Tasks pane, click Create Run As Account.

Linux RunAs - 02 - Create Run As Account

On the Account Type page, choose the Monitoring Account option, then click Next.

Linux RunAs - 03 - Account Type

On the General Properties page, provide a name and description for the account, then click Next. The description is optional.

Linux RunAs - 04 - General Properties

On the Account Credentials page, provide account credentials that can be used for the Run As account type that you selected, then click Next. Ensure that the elevation option is set to “Elevate the account using sudo for privileged access“.

NOTE: This account does not necessarily need to exist on the Linux system yet, and you can create it later if need be.

Linux RunAs - 05 - Account Credentials

On the Distribution Security page, select the More Secure or Less Secure option, then click Create.

Linux RunAs - 06 - Distribution Security

Once the wizard is complete, click Close.

Linux RunAs - 07 - Next Step

UNIX/Linux Agent Maintenance Account

In the Operations console, click Administration.

Create Resource Pool - 01 - Administration

In Run As Configuration, click UNIX/Linux Accounts.

Linux RunAs - 01 - UNIX Linux Accounts

In the Tasks pane, click Create Run As Account.

Linux RunAs - 02 - Create Run As Account

On the Account Type page, choose the Agent Maintenance Account option, then click Next.

Linux RunAs - 03 - Account Type

On the General Properties page, provide a name and description for the account, then click Next. The description is optional.

Linux RunAs - 04 - General Properties

On the Account Credentials page, select the “User name and password” option, and provide account credentials that can be used for the Run As account, then click Next. Ensure that the privileged access option is set to “This account does not have privileged access“.

NOTE: This account does not necessarily need to exist on the Linux system yet, and you can create it later if need be.

Linux RunAs - 05C - Account Credentials

On the Elevation page, select the Use ‘sudo’ elevation option, then click Next.

Linux RunAs - 06C - Elevation

On the Distribution Security page, select the More Secure option, then click Create.

Linux RunAs - 07C - Distribution Security

Once the wizard is complete, click Close.

Linux RunAs - 08C - Completion

Configuring Run As Profiles for UNIX and Linux

Now that you have created the Run As accounts, you must add each Run As account to the applicable profile.

In the Operations console, click Administration.

Create Resource Pool - 01 - Administration

In Run As Configuration, click Profiles.

Linux Profiles - 01 - Profiles

In the list of profiles, right click and then select Properties on one of the following profiles:

  • UNIX/Linux Action Account
  • UNIX/Linux Privileged Account
  • UNIX/Linux Agent Maintenance Account

Linux Profiles - 02 - Profile Properties

In the Run As Profile wizard, click Next until you get to the Run As Accounts page.

Linux Profiles - 03 - Run As Accounts

On the Run As Accounts page, click Add to add a the Run As account that you created. Select the “All targeted objects” option, then click OK.

Linux Profiles - 04 - Add Run As Account

Click Save.

Linux Profiles - 05 - Run As Accounts Added

On the Completion screen, you may see a warning message about the More Secure accounts (if you chose this option when creating the accounts).

Linux Profiles - 06 - Completion

If you click on the Linux Action Account link, the Run As Account Properties dialog will appear. Click the Add button.

Linux Profiles - 07 - Run As Account Properties

On the Computer Search screen, search for the Resource Pool, and add the Linux Resource Pool that we previously created, then click OK.

Linux Profiles - 08 - Computer Search

Back on the Run As Account Properties screen, click OK.

Linux Profiles - 09 - Run As Account Distribution

Back on the Completion screen, the Warning icon will now have changed to a green checkmark. Click Close.

Linux Profiles - 10 - Completion (Distributed)

Repeat these steps for each of the UNIX/Linux Run As Profiles.

Wow! That was a lot of work, but SCOM is now ready to monitor Linux. In the next part of this series, we will install the SCOM Agent on the Linux server.

%d bloggers like this: