Note |
The information in this topic applies only to
System Center 2012 Configuration Manager SP1
and System Center 2012 R2
Configuration Manager. |
Before you can manage a Linux or UNIX server with Configuration
Manager, you must install the Configuration Manager client for
Linux and UNIX on each Linux or UNIX computer. You can accomplish
the installation of the client manually on each computer, or use a
shell script that installs the client remotely. Configuration
Manager does not support the use of client push installation for
Linux or UNIX servers. Optionally you can configure a Runbook for
System Center 2012 Orchestrator to automate the install of the
client on the Linux or UNIX server.
Regardless of the installation method you use, the install
process requires the use of a script named install to manage
the install process. This script is included when you download the
Client for Linux and UNIX.
The install script for the Configuration Manager client for
Linux and UNIX supports command line properties. Some command line
properties are required, while others are optional. For example,
when you install the client, you must specify a management point
from the site that is used by the Linux or UNIX server for its
initial contact with the site. For the complete list of command
line properties, see Command Line Properties for
Installing the Client on Linux and UNIX Servers.
After you install the client, you specify Client Settings in the
Configuration Manager console to configure the client agent in the
same way you would windows-based clients. For more information, see
the
Client Settings for Linux and UNIX Servers section in the
How to Manage
Linux and UNIX Clients in Configuration Manager topic.
Use the following sections to help you install the client for
Linux and UNIX:
About Client Installation Packages
and the Universal Agent
To install the client for Linux and UNIX on a specific
platform, you must use the applicable client installation package
for the computer where you install the client. Applicable client
installation packages are included as part of each client download
from the Microsoft Download Center. In addition to client
installation packages, the client download includes the
install script that manages the installation of the client
on each computer.
- Prior to cumulative update 1, each
operating system and platform requires the use of an operating
system and platform specific client installation package. The
operating system and platform are identified in the name of each
client installation package.
- Beginning with cumulative update 1, the
installation packages from the Universal Agent replace the separate
client installation packages for several Linux operating systems.
However, not all supported operating systems are supported by the
Universal Agent. Versions of Linux that are not supported by the
Universal Agent and all versions of UNIX continue to require the
use of client installation packages that are specific to each
operating system and platform.
When you install a client, you can use the same process
and command line properties regardless of the client installation
package you use.
For information about the operating systems, platforms,
and client installation packages that are supported by each release
of the Configuration Manager client for Linux and UNIX, see the
Client Requirements for Linux and UNIX Servers section in the
Supported
Configurations for Configuration Manager topic.
Install the Client on Linux and UNIX
Servers
To install the client for Linux and UNIX, you run a
script on each Linux or UNIX computer. The script is named
install and supports command line properties that modify the
installation behavior and reference the client installation
package. The install script and client installation package must be
located on the client. The client installation package contains the
Configuration Manager client files for a specific Linux or UNIX
operating system and platform.
Each client installation package contains all the
necessary files to complete the client installation and unlike
Windows-based computers, does not download additional files from a
management point or other source location.
After you install the Configuration Manager client for
Linux and UNIX, you do not need to reboot the computer. As soon as
the software installation is complete, the client is operational.
If you reboot the computer, the Configuration Manager client
restarts automatically.
The installed client runs with root credentials. Root
credentials are required to collect hardware inventory and perform
software deployments.
Following is the command format: ./install -mp
<computer> -sitecode <sitecode> <property #1>
<property #2> <client installation package>
Command line |
Actions |
./install –mp smsmp.contoso.com -sitecode S01
ccm-Universal-x64.<build>.tar
|
- install is the name of the script file
that installs the client for Linux and UNIX. This file is provided
with the client software.
- -mp smsmp.contoso.com specifies the
initial management point that is used by the client.
- -sitecode S01 specifies the client is
assigned to the site with the site code of S01.
- ccm-Universal-x64.<build>.tar is
the name of the client installation .tar package for this computer
operating system, version, and CPU architecture.
|
You can insert additional command line properties
before the command line property that specifies the client
installation .tar file. The client installation .tar file must be
specified last.
For a list of command line options, see Command Line Properties for
Installing the Client on Linux and UNIX Servers.
Use the following procedure as an example of how to
install the client for Linux and UNIX.
Note |
The following example procedure installs the client from the
cumulative update 1 release of the client for Linux and UNIX
on a Red Hat Enterprise Linux 5 (RHEL5) x64 computer. To
adjust this procedure for the operating systems that you use,
replace the client installation file
(ccm-Universal-x64.<build>.tar) with the applicable
package for the computer where you are installing the client. Also
plan to use additional command line properties to meet your
requirements. |
To install the Configuration Manager
Client on Linux and UNIX servers
-
Copy the install script and the client
installation .tar file to a folder on the RHEL 5 x64
based computer.
-
On the RHEL5 computer, run the following command to
enable the script to run as a program: chmod +x install
Important |
You must use root credentials to install the client. |
-
Next, run the following command to install the
Configuration Manager client: ./install –mp <hostname>
-sitecode <code> ccm-Universal-x64.<build>.tar
When you enter this command, use additional
command-line properties you require.
-
After the script runs, validate the install by
reviewing the /var/opt/microsoft/scxcm.log file.
Additionally, you can confirm that the client is installed and
communicating with the site by viewing details for the client in
the Devices node of the Assets and Compliance
workspace in the Configuration Manager console.
Command Line Properties for Installing
the Client on Linux and UNIX Servers
When you install the client for Linux and UNIX on a
Linux or UNIX computer, you run the install script with
command-line properties that specify the following:
- The client’s assigned site.
- The management point with which the client
initially communicates
- The client installation .tar file for the
computer’s operating system
- Additional configurations you require
The properties described in the following table are
available to modify the installation behavior.
Note |
Use the property -h to display this list of supported
properties. |
Property |
Required or optional |
More information |
-mp <server FQDN>
|
Required
|
Specifies by FQDN, the management point server that the client
will use as an initial point of contact.
Important |
This property does not specify the management point to which
the client will become assigned after installation. |
Note |
When you use the -mp property to specify a management
point that is configured to accept only HTTPS client connections,
you must also use the -UsePKICert property. |
Specify the management point by FQDN.
|
-sitecode <sitecode>
|
Required
|
Specifies the Configuration Manager primary site to assign the
Configuration Manager client to.
Example: -sitecode S01
|
-fsp <server_FQDN>
|
Optional
|
Note |
Beginning with cumulative update 1, the Configuration
Manager client for Linux and UNIX supports the use of fallback
status points. |
Specifies by FQDN, the fallback status point server that the
client uses to submit state messages.
For more information about the fallback status point, see the
Determine
Whether You Require a Fallback Status Point section in the
Determine the
Site System Roles for Client Deployment in Configuration
Manager topic.
|
-dir <directory>
|
Optional
|
Specifies an alternate location to install the Configuration
Manager client files.
By default, the client installs to the following location:
/opt/microsoft.
|
-nostart
|
Optional
|
Prevents the automatic start of the Configuration Manager client
service, ccmexec.bin, after the client installation
completes.
After the client installs, you must start the client service
manually.
By default, the client service starts after the client
installation completes, and each time the computer restarts.
|
-clean
|
Optional
|
Specifies the removal of all client files and data from a
previously installed client for Linux and UNIX, before the new
installation starts. This removes the client’s database and
certificate store.
|
-keepdb
|
Optional
|
Specifies that the local client database is retained, and reused
when you reinstall a client. By default, when you reinstall a
client this database is deleted.
|
-UsePKICert <parameter>
|
Optional
|
Specifies the full path and file name to a X.509 PKI certificate
in the Public Key Certificate Standard (PKCS#12) format. This
certificate is used for client authentication.
When you use -UsePKICert, you must also supply the
password associated with the PKCS#12 file by use of the
-certpw command line parameter.
If the certificate is not valid, or cannot be found, the client
falls back to use HTTP and a self-signed certificate.
If you do not use this property to specify a PKI certificate,
the client uses a self-signed certificate and all communications to
site systems are over HTTP.
Note |
You must specify this property when you install a client and
use the -mp property to specify a management point that is
configured to accept only HTTPS client connections. |
Example: -UsePKICert <Full path and filename> -certpw
<password>
|
-certpw <parameter>
|
Optional
|
Specifies the password associated with the PKCS#12 file that you
specified by use of the -UsePKICert property.
Example: -UsePKICert <Full path and filename> -certpw
<password>
|
-NoCRLCheck
|
Optional
|
Specifies that a client should not check the certificate
revocation list (CRL) when it communicates over HTTPS by use of a
PKI certificate. When this option is not specified, the client
checks the CRL before establishing an HTTPS connection by use of
PKI certificates. For more information about client CRL checking,
see Planning for PKI Certificate Revocation.
Example: -UsePKICert <Full path and filename> -certpw
<password> -NoCRLCheck
|
-rootkeypath <file location>
|
Optional
|
Specifies the full path and file name to the Configuration
Manager trusted root key. This property applies to clients that use
HTTP and HTTPS client communication. For more information, see
Planning for the Trusted Root Key.
Example: -rootkeypath <Full path and filename>
|
-httpport
|
Optional
|
Specifies the port that is configured on management points that
the client uses when communicating to management points over HTTP.
If the port is not specified, the default value of 80 is used.
Example: -httpport 80
|
-httpsport
|
Optional
|
Specifies the port that is configured on management points that
the client uses when communicating to management points over HTTPS.
If the port is not specified, the default value of 443 is used.
Example: -UsePKICert <Full path and certificate name>
-httpsport 443
|
-ignoreSHA256validation
|
Optional
|
Specifies that client installation skips SHA-256 validation. Use
this option when installing the client on operating systems that
did not release with a version of OpenSSL that supports SHA-256.
For more information, see the About
Linux and UNIX Operating Systems That do not Support SHA-256
section in the Planning for Client
Deployment for Linux and UNIX Servers topic.
|
-signcertpath <file location>
|
Optional
|
Specifies the full path and .cer file name of the
exported self-signed certificate on the site server. This
certificate is stored in the SMS certificate store and has
the Subject name Site Server and the friendly name Site
Server Signing Certificate.
This certificate is used by the client for all HTTP and HTTPS
communications with management points and distribution points.
Example: -signcertpath=<Full path and file
name>
|
-rootcerts
|
Optional
|
If multiple root certificates exist in the Configuration Manager
environment, you can specify additional root certificates that the
client might need to validate site system servers.
Example: -rootcerts=<Full path and file name>,<Full
path and file name>
|
Upgrade the Client on Linux and UNIX
Servers
You can upgrade the version of the client for Linux and
UNIX on a computer to a newer client version without first
uninstalling the current client. To do so, install the new client
installation package on the computer while using the -keepdb
command line property. When the client for Linux and UNIX installs,
it overwrites existing client data with the new client files.
However, the –keepdb command line property directs the
install process to retain the clients unique identifier (GUID),
local database of information, and certificate store. This
information is then used by the new client installation.
For example, you have a RHEL5 x64 computer that runs
the client from the original release of the Configuration Manager
client for Linux and UNIX. To upgrade this client to the client
version from cumulative update 1, you manually run the
install script to install the applicable client package from
cumulative update 1, with the addition of the –keepdb
command line switch. The command line you use resembles the
following: ./install –mp <hostname> -sitecode <code>
-keepdb ccm-Universal-x64.<build>.tar
How to use a Software Deployment to
Upgrade the Client on Linux and UNIX Servers
You can use a software deployment to upgrade the client
for Linux and UNIX to a new client version. However, the
Configuration Manager client cannot directly run the installation
script to install the new client because the installation of a new
client must first uninstall the current client. This would end the
Configuration Manager client process that runs the installation
script before the installation of the new client begins. To
successfully use a software deployment to install the new client,
you must schedule the installation to start at a future time and to
be run by the operating system’s built-in scheduling
capabilities.
To accomplish this, use a software deployment to first
copy the files for the new client installation package to the
client computer, and then deploy and run a script to schedule the
client installation process. The script uses the operating system’s
built-in at command to delay its start. Then, when the
script runs, its operation is managed by the client operating
system and not the Configuration Manager client on the computer.
This allows the command line called by the script to first
uninstall the Configuration Manager client and then install the new
client, completing the process of upgrade of the client on the
Linux or UNIX computer. After the upgrade completes, the upgraded
client remains managed by Configuration Manager.
Use the following procedure to help you configure a
software deployment to upgrade the client for Linux and UNIX. The
following steps and examples upgrade a RHEL5 x64 computer that runs
the initial release of the client to the cumulative update 1
client version.
To use a software deployment to
upgrade the client on Linux and UNIX servers
-
Copy the new client installation package file to the
computer that runs the Configuration Manager client that you plan
to upgrade.
For example, you might place the client installation
package and install script for cumulative update 1 in the
following location on the client computer: /tmp/PATCH
-
Create a script to manage the upgrade of the
Configuration Manager client, and then place a copy of the script
in the same folder on the client computer as the client
installation files from step 1.
The script does not require a specific name, but must
contain command lines sufficient to use the client installation
files from a local folder on the client computer, and to install
the client installation package by using the –keepdb command
line property. You use the –keepdb command line property to
maintain the unique identifier of the current client for use by the
new client you are installing.
For example, you create a script named
upgrade.sh that contains the following lines, and then copy
it to the /tmp/PATCH folder on the client computer:
|
Copy Code |
#!/bin/sh
#
/tmp/PATCH/install -sitecode <code> -mp <hostname> -keepdb /tmp/PATCH/ccm-Universal-x64.<build>.tar
|
-
Use software deployment to have each client use the
computers built-in at command to run the upgrade.sh
script with a short delay before the script runs.
For example, use the following command line to run the
script:
at –f /tmp/upgrade.sh –m now + 5 minutes
After the client successfully schedules the
upgrade.sh script to run, the client submits a status
message indicating the software deployment completed successfully.
However, the actual client installation is then managed by the
computer, after the delay. After the client upgrade completes,
validate the install by reviewing the
/var/opt/microsoft/scxcm.log file on the client computer.
Additionally, you can confirm that the client is installed and
communicating with the site by viewing details for the client in
the Devices node of the Assets and Compliance
workspace in the Configuration Manager console.
Uninstalling the Client from Linux and
UNIX Servers
To uninstall the Configuration Manager client for Linux
and UNIX you use the uninstall utility, uninstall. By
default, this file is located in the
/opt/microsoft/configmgr/bin/ folder on the client computer.
This uninstall command does not support any command line parameters
and will remove all files related to the client software from the
server.
To uninstall the client, use the following command
line: /opt/microsoft/configmgr/bin/uninstall
You do not have to reboot the computer after you
uninstall the Configuration Manager client for Linux and UNIX.
Configure Request Ports for the
Client for Linux and UNIX
Similar to Windows-based clients, the Configuration
Manager client for Linux and UNIX uses HTTP and HTTPS to
communicate with Configuration Manager site systems. The ports that
the Configuration Manager client uses to communicate are referred
to as a request ports.
When you install the Configuration Manager client for
Linux and UNIX, you can change the clients default request ports by
specifying the -httpport and -httpsport installation
properties. When you do not specify the installation property and a
custom value, the client uses the default values. The default
values are 80 for HTTP traffic and 443 for HTTPS
traffic.
After you install the client, you cannot change its
request port configuration. Instead, to change the port
configuration you must reinstall the client and specify the new
port configuration. When you reinstall the client to change the
request port numbers, run the install command similar to the
new client install, but use the additional command line property of
-keepdb. This switch instructs the installation to retain
the client database and files including the clients GUID and
certificate store.
For more information about client communication port
numbers, see How
to Configure Client Communication Port Numbers in Configuration
Manager.
Configure the Client for Linux and
UNIX to Locate Management Points
When you install the Configuration Manager client for
Linux and UNIX, you must specify a management point to use as an
initial point of contact.
The Configuration Manager client for Linux and UNIX
contacts this management point at the time the client installs. If
the client fails to contact the management point, the client
software continues to retry until successful.
For more information about how clients locate
management points, see the section Locating
Management Points section in the How to Assign Clients to
a Site in Configuration Manager topic.