November, 2008

  • musc@> $daniele.work.ToString()

    Programmatically Check for Management Pack updates in OpsMgr 2007 R2

    • 0 Comments

    One of the cool new features of System Center Operations Manager 2007 R2 is the possibility to check and update Management Packs from the catalog on the Internet directly from the Operators Console:

    Select Management Packs from Catalog

    Even if the backend for this feature is not yet documented, I was extremely curious to see how this had actually been implemented. Especially since it took a while to have this feature available for OpsMgr, I had the suspicion that it could not be as simple as one downloadable XML file, like the old MOM2005's MPNotifier had been using in the past.

    Therefore I observed the console's traffic through the lens of my proxy, and got my answer:

    ISA Server Log

    So that was it: a .Net Web Service.

    I tried to ask the web service itself for discovery information, but failed:

    WSDL

    Since there is no WSDL available, but I badly wanted to interact with it, I had to figure out: what kind of requests would be allowed to it, how should they be written, what methods could they call and what parameters should I pass in the call. In order to get started on this, I thought I could just observe its network traffic. And so I did... I fired up Network Monitor and captured the traffic:

    Microsoft Network Monitor 3.2

    Microsoft Network Monitor is beautiful and useful for this kind of stuff, as it lets you easily identify which application a given stream of traffic belongs to, just like in the picture above. After I had isolated just the traffic from the Operations Console, I then saved those captures packets in CAP format and opened it again in Wireshark for a different kind of analysis - "Follow TCP Stream":

    Wireshark: Follow TCP Stream

    This showed me the reassembled conversation, and what kind of request was actually done to the Web Service. That was the information I needed.

    Ready to rock at this point, I came up with this Powershell script (to be run in OpsMgr Command Shell) that will:

    1) connect to the web service and retrieve the complete MP list for R2 (this part is also useful on its own, as it shows how to interact with a SOAP web service in Powershell, invoking a method of the web service by issuing a specially crafted POST request. To give due credit, for this part I first looked at this PERL code, which I then adapted and ported to Powershell);

    2) loop through the results of the "Get-ManagementPack" opsmgr cmdlet and compare each MP found in the Management Group with those pulled from the catalog;

    3) display a table of all imported MPs with both the version imported in your Management Group AND the version available on the catalog:

    Script output in OpsMgr Command Shell

    Remember that this is just SAMPLE code, it is not meant to be used in production environment and it is worth mentioning again that OpsMgr2007 R2 this is BETA software at the time of writing, therefore this functionality (and its implementation) might change at any time, and the script will break. Also, at present, the MP Catalog web service still returns slightly older MP versions and it is not yet kept in sync and updated with MP Releases, but it will be ready and with complete/updated content by the time R2 gets released.

    Disclaimer

    The information in this weblog is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my own personal opinion. All code samples are provided "AS IS" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
    THIS WORK IS NOT ENDORSED AND NOT EVEN CHECKED, AUTHORIZED, SCRUTINIZED NOR APPROVED BY MY EMPLOYER, AND IT ONLY REPRESENT SOMETHING WHICH I'VE DONE IN MY FREE TIME. NO GUARANTEE WHATSOEVER IS GIVEN ON THIS. THE AUTHOR SHALL NOT BE MADE RESPONSIBLE FOR ANY DAMAGE YOU MIGHT INCUR WHEN USING THIS INFORMATION. The solution presented here IS NOT SUPPORTED by Microsoft.

  • musc@> $daniele.work.ToString()

    CentOS discovery in OpsMgr2007 R2 beta

    • 0 Comments

    Here we go again. Now that the OpsMgr2007 R2 beta is out, with an improved and revamped version of the System Center Cross Platform Extensions, I faced the issue of how to upgrade my test lab.

    I have to say that OpsMgr2007 R2 beta release notes explain the known issues, and I had no trouble whatsoever upgrading the windows part. It just took its time (I am running virtual machines in my test lab, that don't have the best performance), but it went smoothly and without a glitch. In a couple of hours I had everything upgraded: databases, RMS, reporting, agents, gateway. All right then. The new purple icons in System Center look cute, and the new UI has some great stuff, such as a long-awaited way to update your management packs directly from the Internet, better display of Overrides (kind of what we used to rely on Override Explorer for)... and  A LOT more new stuff that I won't be wasting my Sunday writing about since everybody else has already done it two days ago:

    opsmgr aggregated feed on Twitter

    Therefore let's get back to my upgrade, which is a lot more interesting (to me) than the marketing tam-tam :-)

    As part of the upgrade to R2, I had to first uninstall the Xplat beta refresh bits, which I had installed, including all Unix Management Packs. Including my CentOS Management Pack I had improvised.

    So this is the new start page of the integrated Discovery Wizard:

    Discovery Wizard

    Looks nice and integrates the functionality of discovering and deploying Windows machines, SNMP Devices, and Unix/Linux machines.

    Of course, my CentOS machine would not be discovered, and showed up as an unsupported platform. Of course my old Management Pack I had hacked together in XPlat Beta 1 did not work anymore. Therefore, I figured out I had to see what changes were there, and how to make it work again (of course it IS possible - It is NOT SUPPORTED, but I don't care, as long as it works).

    Since the existing agent could not be discovered, the first step I took was logging on the Linux box, un-install the old agent, and install the new one:

    XPlat Agent RPM Install on CentOS

    There I tried to discover again, but of course it still failed.

    At that point I started taking a look at the new layout of things on the unix side. Most stuff is located in the same directories where beta1 was installed, and there are a bunch of useful commands under /opt/microsoft/scx/bin/tools.
    You can check out the Open Pegasus version used:

    [root@centos tools]# ./scxcimconfig --version
    Version 2.7.0

    Let's take a look at what SCX classes we have available:

    ./scxcimcli nc -n root/scx -di |grep SCX | sort

    ./scxcimcli nc -n root/scx -di |grep SCX | sort

    Nice. That's the stuff we will be querying over WS-Man from the Management Server.

    So let's look at the OS Discovery, and we test it from the OpsMgr 2007 box:

    winrm enumerate http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem?__cimnamespace=root/scx -username:root -password:password -r:https://centos:1270/wsman -auth:basic -skipCACheck

    it returns results:

    OS WS-Man Query

    At first I assumed this worked like in Beta1, therefore I exported RedHat management pack and I made my own version of it, replacing the strings it is expecting to find to discover CentOS instead than Redhat.

    While the MP was syntactically correct and would import fine, the Discovery wizard still didn't work.

    I took one more look at the discoveries in the MP, and I found there are two more, targeted to Management Server, which is probably what gets used by the Discovery Wizard to understand what kind of agent kit needs to be deployed.

    MP XML - Discoveries

    So basically this discovery checks for the returned value from the module to determine if the discovered platform is a supported one:

    Discovery Settings

    But how does the module get its data?

    Look at the layout of the /AgentManagement/UnixAgents folder on the Management Server:

    /AgentManagement/unixAgents

    That's it: GetOSVersion.sh - a shell script. A nice, open, clear text, hackable shell script. Let's take a look at it:

    Discovery Script Hack

    So that's it, and how my modification looks like. What happens during the discovery wizard is that we probably copy the script over SCP to the box, execute it, look at a number of things, and return the discovery data we need.

    If you do those steps manually, you see how the script returns something very similar to a PropertyBag, just like discoveries done by VBScript on Windows machines:

    Discovery Script Output

    So after modifying the script... here we go. The Wizard now thinks CentOS is Red Hat, and can install an agent on it:

    Discovery Wizard

    Deploying Agent

    Only when the Management Server discovery finally considers the CentOS machine worth managing, then the other discoveries that use WS-Man queries start kicking in, like the old one did, and find the OS objects and all the other hosted objects. In order for this to work you don't only need to hack the shell script, but to have a hacked MP - the "regular" Red Har one won't find CentOS, which is and remains an UNSUPPORTED platform.

    CentOS Health Model

    Disclaimer

    The information in this weblog is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my own personal opinion. All code samples are provided "AS IS" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
    THIS WORK IS NOT ENDORSED AND NOT EVEN CHECKED, AUTHORIZED, SCRUTINIZED NOR APPROVED BY MY EMPLOYER, AND IT ONLY REPRESENT SOMETHING WHICH I'VE DONE IN MY FREE TIME. NO GUARANTEE WHATSOEVER IS GIVEN ON THIS. THE AUTHOR SHALL NOT BE MADE RESPONSIBLE FOR ANY DAMAGE YOU MIGHT INCUR WHEN USING THIS INFORMATION. The solution presented here IS NOT SUPPORTED by Microsoft.

Page 1 of 1 (2 items)