In part 2 (Part 2 – Apple OSX MP -The compiling and installing of the OMI agent on your Mac) we got the OMI agent running on our Apple Mac and were able to query it with the OMI client. No we will go one step further and do some cross-platform querying with Powershell.
First of all make sure you are running at lease Powershell version 3.0. Earlier versions of Powershell do not contain the Get-CimInstance commandlet which we need to query OMI.
We also need to make sure we can resolve our Mac by FQDN. In my test lab I just added the my Mac to the hosts file so that I can resolve and ping demos-mac.local.
So lets try to connect to OMI by using the following Powershell script:
Personally I like to use the Poweshell ISE that comes standard with Windows, so I plugged the code into the code Window and hit run.
… Oh dear, Powershell spat out lots of angry red errors at us. At this point we have a few options:
1. Allow encrypted traffic from the Windows Computer from which we are running the Powershell Script.
2. Import the certificates generated by the OMI Agent.
3. Generate your own certificates.
In this blog I will go for the second option, and import the Certificates generated by the OMI agent. To import the certificates from the OMI agents we need to convert and export them from the machine on which the OMI agent is installed.
First browse to the directory in which OIM is installed, in my case /opt/omi1.0.7/etc/ssl/certs
OpenSSL can combine a separate certificate (usercert.pem or usercert.cer) and private key file (userkey.pem) into PKCS12 format using the pkcs12 command:
If you downloaded the OMI Package on your MAC, double click the package to unzip the archive. If you are using Windows, you will need something like 7zip (freely available) to unzip the archive.
I unzipped my archive and saved it to Document/omi-1.0.7, but you can choose your own directory. Before we can compile OMI we need to download compile and install the package pkg-config. Pkg-config is used by the OMI package for configuration so we need to satisfy this dependency. The latest pkg-config source can be downloaded here. I have found that some of the newer versions of the pkg-config package do not compile well on a Mac so I use the pkg-config-0.18.1.tar.gz which should also work for you. After downloading the package I unzipped the archive and saved it to Documents/pkg-config-0.18.1. Now open a terminal window (open a finder window and click Applications -> Utilities -> Terminal) and cd into the pkg-config-0.18.1 directory. Once in the directory issue the ./configure command at the command prompt.
If there are no errors creating the configuration, issue the make command.
Now if there are no errors, issue the sudomakeinstall command. This will prompt you for an admin password because it wants to install the compiled files.
We also need to set the pkg-config path so it can find all the libraries:
Also before compiling, check that the file /usr/lib/pkgconfig/openssl.pc has the same paths as in the screenshot:
Now the OMI package install is not made for OSX, this is why the PAM modules need to be registered manually if we want to use certificates for secure communication. To create the PAM entry, create a file named “omi” in the /etc/pam.d directory. In the omi file ad the following text entries:
# The configuration of omi is generated by the omi installer.
# sshd: auth account password session
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
We are now all set to build the OMI package. CD into the omi-1.0.7 directory and issue the commands:
sudo make install
Note that after issuing the ./configure command you will receive the error “pam script is not supported on Mac-OS yet“. You can safely ignore this error because already we registered the PAM modules manually.
Just like we did with building the pkg-config package, if OMI installed successfully, the output should look something like this:
So let’s test our OMI installation. If you are not logged in as root, su into root (su root). Then cd into /opt/omi-1.0.7/bin and start the OMI server by typing ./omiserver -d You can find all the server commands by running ./omiserver –help Now we can test the omi server by running ./omicli id the output should be something like in the screenshot:
So woohoo! Our OMI server is running on our Mac and accessible by a client. In part 3 of this blog we will explore how to query the OMI server by using Powershell.
The first thing we need to do is getting our Apple Mac ready for compiling OMI. To compile OMI on a Mac demands some changes in some of the source files of the OMI package. At this point I would like to give credit due to the following post that shows you how to compile OMI for Linux: Managing Linux via OMI: Installation. Before you change the settings on your Mac shown in this blog, please be aware that this might pose a security risk so I would advise against doing this on a production system. Ok Lets get started. The first thing we need to do is make sure we are working with the latest version of OSX. The version that we will be using is OS X 10.8 Mountain Lion.
Next we need to install Xcode (free of charge). Login to the App Store with your Apple ID and install Xcode.
In Xcode we need to change a settings before we can edit/compile/install the omi package. From the menu click Preferences and then the Downloads button. We need to add the Command Line Tools.
Your Mac does not allow you to edit source code downloaded form the internet by default. To change this we must browse to System Preferences -> Security & Privacy and change the Allow applications downloaded from: setting to Anywhere.
We also want to be able to login with SSH, so we enable this System Preferences -> Sharing and checking the Remote Login check box.
OMI expects to run under the root account, so we will want to enable it. To do this you must enable the root user:
Choose Apple menu -> System Preferences, and then click Users & Groups.
Click the lock icon to unlock it, and then type an administrator name and password.
In the Network Account Server section, click Join or Edit.
Click Open Directory Utility.
Click the lock icon to unlock it, and then enter your administrator name and password.
Choose Edit -> Enable Root User, and then enter a root user password in the Password and Verify fields.
Your Mac should now be ready to compile, configure, and install the OMI package as shown in part 2.
On of the things I love to do in IT is connect systems that were not designed to communicate with each other. This is one of the reasons that I was pretty exited when Microsoft introduced cross platform capabilities in OpsMgr. Because recently the cross platform agent has been redesigned to work with a super light weight agent (OMI) on UX like systems, I thought it would be a worthwhile exercise to explore it in a bit more detail. Now what would be a fun project for exploring this topic? Well… what about monitoring my girlfriends Apple Mac 🙂
This is the first part of creating a management pack for the latest version of Apple’s OS X (10.8) Mountain Lion. This post will show you how to compile the new OMI agent (Open Management Infrastructure), set up communication with the agent through Powershell and finally create a Management Pack to communicate with the OMI agent.
The following parts will be handled in this series:
OpsLogix acquires Approved Consulting to expand its business with professional and managed services for IT-operations. Together we strive towards our new vision “Never down, always optimized, completely autonomous". The post Press Release: OpsLogix Acquires Approved Consulting appeared first on OpsLogix.
On May 15 & 16 we hosted the first SCOM Management Pack Development training in Amsterdam. It was an interesting and exciting course as for a first timer in our region, all slots were sold out in the first three weeks after the announcement. The post Looking Back At The First SCOM Management Pack Development […]
We’re happy to announce a new update release this month of our VMware Management Pack for SCOM 2012, 2016, 180x, 1901 & 2019. The post VMware Management Pack V1.3.1471.0 – Update Release appeared first on OpsLogix.
A FEW IMPORTANT CHANGESWe would like to inform you about price changes across the entire product line of OpsLogix, payments & payment methods starting from May 1st, 2019: A 2% price hike across all OpsLogix product lines due to inflation. We always strive to offer great pricing for our products to our customers and avoid unnecessary price […]