Forge Home

scom

Automatically deploy and configure the SCOM agent.

1,904 downloads

1,358 latest version

3.9 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.0 (latest)
  • 0.1.0
released Nov 19th 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'petermanton-scom', '0.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add petermanton-scom
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install petermanton-scom --version 0.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

petermanton/scom — version 0.2.0 Nov 19th 2019

scom

Table of Contents

  1. Description
  2. Setup - The basics of getting started with scom
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

Automates the installation and configuration of the SCOM SCX client on RHEL / CentOS.

Setup

Prerequisites

The general process flow of the module is as follows:

  • Install SCX Agent on linux box -- Copies generated signing request to SCOM machine --- SCOM machine signs the certificate ---- The signed certificate is sent back to linux box ----- The SCX service is restarted ------ The SCOM machine then performs a discovery (This part needs to be manually performed from the SCOM console!)

So we'll get started by preparing our SCOM host by firstly enabling WinRM: (we'll need this for signing of client certificates later):

WinRM quickconfig

(or alternatively via Group Policy)

Since we'll be using WinRM over HTTP we'll need to generate / setup our WinRM listener manually (as the above command only creates an HTTP listener)

We'll use a self-signed certificate here - however in a production envrinoment we'd obviously want it signed by a CA:

New-SelfSignedCertificate -DnsName "" -CertStoreLocation Cert:\LocalMachine\My

We'll then create our listener:

winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=""; CertificateThumbprint=""}'

You should see something like:

ResourceCreated Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous ReferenceParameters ResourceURI = http://schemas.microsoft.com/wbem/wsman/1/config/listener SelectorSet Selector: Address = *, Transport = HTTPS

We'll also need to ensure that the SCOM directory is added to windows path vairable:

setx /M PATH "%PATH%;C:\Program Files\Microsoft System Center\Operations Manager\Server"

Ensure our Puppet host can communicate with WinRM:

netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986 remoteip=

Confirm the listener is present with:

WinRM e winrm/config/listener

We can now validate the new listener from the Puppet host - we need 'puppet bolt' (a tool that provides clientless administration of Windows and Linux systems):

sudo rpm -Uvh https://yum.puppet.com/puppet6/puppet6-release-el-7.noarch.rpm sudo yum install puppet-bolt

Note: The Puppet module should perform this automatically for you providing you have the Puppet RHEL 7 repository configured.

and then upload a test file to test it with:

echo 'testfile' > test.txt bolt file upload test.txt 'C:\temp' --nodes winrm:// --user --password --no-ssl-verify

Create a server mount point for Puppet to store the SCX binaries:

cat <> /etc/puppetlabs/puppet/fileserver.conf [installer_files] path /etc/puppetlabs/puppet/installer_files allow * EOT

You can now copy all of the SCX client installation files to the mount point - the typical location is: 'C:\Program Files\Microsoft System Center\Operations Manager\Server\AgentManagement\UnixAgents\DownloadedKits\'

Now on the SCOM host we'll create a dedicated shared folder for signing requests:

mkdir C:\temp\scx_signing_requests

net share scx_signing_requests=C:\temp\scx_signing_requests /GRANT:,FULL

Beginning with scom

Please refer to examples folder.

Usage

Please refer to examples folders.

Reference

Parameters

String $service_user, # Service username to connect to SCOM server via WinRM

String $service_password, # Server password to connect to SCOM server via WinRM

String $scom_server, # SCOM server DNS name / IP address

String $installer_package, # Path to SRX agent installation file

String $scom_certificate_path, # Directory where signing requests are stored on SCOM server

String $certificate_issuer, # Usually hostname of the SCOM server (it's case sensitive!)

Optional[Boolean] $winrm_ssl # Optionally disable SSL with WinRM (not currently implemented)

Limitations

This only currently works with RHEL 7 / CentOS. Future support for more operating systems may be added if there is popular demand.

Development

https://github.com/peter-manton/puppet-scom