Professional Documents
Culture Documents
Getting Started
Supporting
Distribution Server 7.6
November 2006
Copyright 2006 BMC Software, Inc., as an unpublished work. All rights reserved. BMC Software, the BMC Software logos, and all other BMC Software product or service names are registered trademarks or trademarks of BMC Software, Inc. All other trademarks belong to their respective companies. BMC Software considers information included in this documentation to be proprietary and confidential. Your use of this information is subject to the terms and conditions of the applicable End User License Agreement for the product and the proprietary and restricted rights notices included in this documentation.
Customer support
You can obtain technical support by using the BMC Software Customer Support website or by contacting Customer Support by telephone or e-mail. To expedite your inquiry, see Before contacting BMC.
Support website
You can obtain technical support from BMC 24 hours a day, 7 days a week at http://www.bmc.com/support_home. From this website, you can
s s s s s s s
read overviews about support services and programs that BMC offers find the most current information about BMC products search a database for issues similar to yours and possible solutions order or download product documentation report an issue or ask a question subscribe to receive proactive e-mail alerts when new product notices are released find worldwide BMC support center locations and contact information, including e-mail addresses, fax numbers, and telephone numbers
product information product name product version (release number) license number and password (trial or permanent)
operating system and environment information machine type operating system type, version, and service pack or other maintenance level such as PUT or PTF system hardware configuration serial numbers related software (database, application, and communication) including type, version, and service pack or maintenance level
s s s
sequence of events leading to the issue commands and options that you used messages received (and the time and date that you received them) product error messages messages from the operating system, such as file system full messages from related software
Contents
Chapter 1 Product components and capabilities 11 12 12 14 15 15 15 16 16 16 17 17 19 21 21 21 23 25 26 26 26 27 27 28 28 28 33 35 36 37 40 44 44 44 47
5
What is the Distribution Server? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Components of the distribution system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Server Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Support status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing books and release notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Where to go from here. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 2 Installing the Distribution Server
Implementation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Base installation directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deciding how to install the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using more than one Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Choosing a Default or a Custom installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Alternate uses of the Distribution Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Use only the BMC Software installation utility to install the Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About the installation utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing the Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Workflow for installing the Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installable components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Required information for a Default installation of the Distribution Server . . . . . Required information for a Custom installation of the Distribution Server. . . . . Upgrading the Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Server installation worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing Distribution Server on Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing Distribution Server on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Workflow for installing the Distribution Client locally . . . . . . . . . . . . . . . . . . . . . . Required information for a Default, local installation of the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Required information for a Custom, local installation of the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
Distribution Client installation worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Installing the Distribution Client locally on Windows. . . . . . . . . . . . . . . . . . . . . . . 49 Installing the Distribution Client locally on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . 52 About uninstalling products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Local uninstallation with product CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Executable file for the uninstallation program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Use the latest version of the uninstallation program . . . . . . . . . . . . . . . . . . . . . . . . 55 Using a CD to uninstall products in a Windows environment. . . . . . . . . . . . . . . . 56 Using a CD to uninstall products in a UNIX environment . . . . . . . . . . . . . . . . . . . 56 Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Chapter 3 Administering and configuring the Distribution Server 59
Setting up accounts and groups for users on the Distribution Server . . . . . . . . . . . . . 61 Starting and stopping programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Starting and stopping the RTserver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Starting and stopping the Distribution Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Starting and stopping the web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Verifying the installation and execution of the RTserver, Distribution Server, and web server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Starting and stopping the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Running services on Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Backing up and restoring Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Backing up and restoring the Distribution Server on Windows. . . . . . . . . . . . . . . 68 Backing up and restoring the Distribution Server on UNIX . . . . . . . . . . . . . . . . . . 68 Moving the Distribution Server to a different computer . . . . . . . . . . . . . . . . . . . . . . . . 69 Moving the Distribution Server to a new computer . . . . . . . . . . . . . . . . . . . . . . . . . 69 Changing the RTserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Changing the RTserver on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Changing the RTserver on UNIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Updating accounts or passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Encrypting passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Updating the Distribution Server account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Updating the Distribution Client default and registration accounts . . . . . . . . . . . 76 Updating the Distribution Client account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Directory structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Directory structure for the Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Directory structure for the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Environment variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Firewall configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Loading a component conflict override file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Version arbitration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Component conflict overrides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Loading an override file for version arbitration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Chapter 4 Using the Distribution Manager 85
Web browser configuration requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Logging on to the Distribution Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 The Distribution Manager interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Workflow overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Setting up products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 About components and the repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Importing components into the repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 About collections and components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Creating a collection and adding components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 About configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Configuring a collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Setting up systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 About accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Adding an account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 About profiles and directories on remote systems . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Creating a profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 About systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Adding systems and installing the Distribution Client . . . . . . . . . . . . . . . . . . . . . 100 Registering systems with locally installed Distribution Clients. . . . . . . . . . . . . . 101 About system groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Creating a system group and adding members . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Setting up distributions and running reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 About distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Setting up a distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 About reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Running a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Logging off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Where to go from here. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Chapter 5 Using the Distribution Server Command Line Interface 107 109 109 109 109 110 110 111 112 112 113 113 114 114 114 115 115 117 117 119
7
Uses of the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Where to run the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modes for running the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Command line arguments for the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running the CLI in interactive mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running the CLI with an input file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Typographical conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Command syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Encrypting passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exiting interactive mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Connecting to and disconnecting from a Distribution Server . . . . . . . . . . . . . . . Managing components in the repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
Managing systems groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Managing accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Managing profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Installing the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Managing Distribution Client upgrades and removals . . . . . . . . . . . . . . . . . . . . . 125 Managing distributions and distribution items. . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Managing distribution schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Managing operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Managing reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Managing preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Overriding component conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Example scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Example 1: Adding systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Example 2: Distributing products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Example 3: Uninstalling products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Chapter 6 Using pkgcreate 137
Packaging custom components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 pkgcreate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Custom import feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 PATROL Package Format (PPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Support for pkgcreate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Running pkgcreate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Where to run pkgcreate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Running pkgcreate on UNIX systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Running pkgcreate on Windows systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Argument descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Source directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Destination directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Minimum required arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Specifying destination directory and operating system. . . . . . . . . . . . . . . . . . . . . 144 Importing the package into the Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Chapter A Troubleshooting Distribution Server 147
Installation problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 The progress indicator remains at 99%. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 The Distribution Client is not imported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Uninstallation problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 The InstallEngine subdirectory is not uninstalled . . . . . . . . . . . . . . . . . . . . . . . . . 148 Distribution Client problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 The Distribution Client and Distribution Server cannot communicate . . . . . . . . 149 A local installation of the Distribution Client failed . . . . . . . . . . . . . . . . . . . . . . . . 150 A deployment (or remote installation) of the Distribution Client failed . . . . . . . 152 The Distribution Client has a problem with a required account . . . . . . . . . . . . . 153 The Distribution Client failed to register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 The Distribution Client failed to run due to a system lock-down . . . . . . . . . . . . 155 Common usage problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
8 Distribution Server Getting Started
The Distribution Manager web page is not available (Error 404) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Distribution Manager web page is not available (Error 503) . . . . . . . . . . . . I cannot log on using some accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I am prompted for an additional CD when importing components . . . . . . . . . . A configuration question does not apply to my systems . . . . . . . . . . . . . . . . . . . UNIX user authentication problems with the Distribution Server . . . . . . . . . . . Distribution fails on RedHat and SUSE platforms if the CORRECT environment variable is set to cmd . . . . . . . . . . . . . . . . . . . . . . . Security related problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Gathering troubleshooting information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation files for the Distribution Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Server logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web server logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Client logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter B Requirements for distributing the Distribution Client from the Distribution Server
155 156 156 157 157 157 158 159 159 160 160 160 161 162
163 164 164 165 165 166 166 166 167 168 169 171 174 175 177 178 180 180 181 181 182 182 183 183 183 184 185 186 187
9
About distributing the Distribution Client from the Distribution Server . . . . . . . . . Discovering the platform of the target system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Copying and executing the installation package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Registering the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About installation methods for distributing the Distribution Client . . . . . . . . . . . . . Setting and prioritizing installation methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using a PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reading the registry (Windows only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using a mapped drive and task scheduler service (Windows only) . . . . . . . . . . Using SFTP and SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using FTP and Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About simultaneous distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter C Using advanced security
About web communications versus non-web communications . . . . . . . . . . . . . . . . . About security policies and security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security policies for the Distribution Server and related components . . . . . . . . About security level mapping for web communications . . . . . . . . . . . . . . . . . . . About the provided certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Certificate signing authorities for the provided certificates . . . . . . . . . . . . . . . . . Expiration dates for the provided certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration tasks for advanced security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring the web server for security level 1 or 2 . . . . . . . . . . . . . . . . . . . . . . . Configuring the web server and web browser for security level 3 or 4 . . . . . . . Adding the provided trusted root certificate authority to IIS . . . . . . . . . . . . . . . Adding the provided web server certificate to IIS . . . . . . . . . . . . . . . . . . . . . . . . . Requiring client certificates on IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing the provided certificate to a web browser . . . . . . . . . . . . . . . . . . . . . . .
Contents
About unattended and attended modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 About replacing the default certificate for the Apache web server . . . . . . . . . . . . . . 189 About unattended and attended modes for the Apache web server . . . . . . . . . . 189 Replacing the default certificate for Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 About distributing components with advanced security . . . . . . . . . . . . . . . . . . . . . . . 191 Chapter D Distribution failure messages 193
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 List of distribution failure messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Distribution did not happen, system not ready . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Distribution did not happen - incomplete host data . . . . . . . . . . . . . . . . . . . . . . . 196 Distribution on system failed - multiple versions on some components . . . . . . 196 Distribution on system failed - cache size too small . . . . . . . . . . . . . . . . . . . . . . . . 196 Distribution on system did not happen - configuration locales do not match . . 197 Distribution on system did not happen - configuration error detected. . . . . . . . 197 Distribution on system did not happen - ds client not found . . . . . . . . . . . . . . . . 198 Distribution on system did not happen - not enough free disk space . . . . . . . . . 198 Wake-up call to client failed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Timed out during distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Timed out during installation phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 The installation completed but without components to update in inventory . . 199 Done-failed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 The distribution failed due to error on root account . . . . . . . . . . . . . . . . . . . . . . . 200 The installation did not happen due to cache check failure . . . . . . . . . . . . . . . . . 200 The installation completed but failed on post installation action. . . . . . . . . . . . . 201 The installation completed with interim errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Distribution on system did not happen - Nothing to deploy (message is displayed on Distribution Status Report) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Index 203
10
Chapter
1
12 12 14 15 15 15 16 16 17 17
Chapter 1
11
Install, reinstall, upgrade, and uninstall products on remote systems from one central location. Create collections of products and system groups to distribute multiple products to multiple systems in one distribution. Schedule a distribution for a specific date and time. Maintain multiple versions of products to be distributed. View reports to check distribution status, gather distribution data, and diagnosis problems.
Distribution Server (includes web server and RTserver) Distribution Client Distribution Manager Distribution Server Command Line Interface
12
Figure 1
Web browser Point a web browser to the Distribution Manager web site to administer the Distribution Server.
Distribution Server Command Line Interface Use this interface when you do not want to use a web browser.
Distribution Server RTserver This server includes a repository of components and their configurations a list of systems and an inventory of their components distribution schedules
Web server
Distribution Client Install the Distribution Client locally or through the Distribution Server.
Chapter 1
13
Distribution Server
Distribution Server
The Distribution Server performs the following tasks.
s s s s s
houses the repository of products maintains collections, systems, and configuration information hosts the web server used to support the Distribution Manager retrieves information from the Distribution Client instructs the Distribution Client when to install or uninstall which products
Web server
The Distribution Server uses a web server to do the following:
s s s s
Distribute components Communicate with Distribution Clients Host the web site for Distribution Manager Receive log files
On UNIX, you must use the Apache web server that is installed when you install the Distribution Server. On Windows 2000, you must use an existing Microsoft Internet Information Services 5.0 (IIS). On Windows 2003, you must use an existing Microsoft Internet Information Services 6.0 (IIS).
RTserver
The Distribution Server uses an RTserver for internal communications between the Distribution Server and the
s s
By default, an RTserver is installed when you install the Distribution Server. It is good practice to use the RTserver that is installed together with the Distribution Server. However, you can use an RTserver on a different computer. For more information about RTserver, see PATROL Console Server and RTserver Getting Started.
14
Distribution Client
Distribution Client
The Distribution Client is a small program that runs on remote systems to which you want to distribute products. The Distribution Client runs continuously, ready to respond to any of the following requests from the Distribution Server:
s s s s s
return information about the systems operating environment install or uninstall products update the client configuration file for the Distribution Server upgrade the Distribution Client itself post log files about installations
Distribution Manager
The Distribution Manager is the main user interface for the Distribution Server. You use it to access all of the functionality of the Distribution Server. The Distribution Manager runs in a web browser.
Chapter 1
15
Support status
Support status
BMC Software supports the following product versions and releases:
Product Name and Version Distribution Server 7.5.02 Distribution Server 7.5.01 Distribution Server 7.5.00 Distribution Server 7.1.21 Distribution Server 7.1.20 Distribution Server 7.1.15 Level of Support Full Full Full Limited Limited Limited
For more information about the latest support policies, see the Customer Support website at http://www.bmc.com/support_home.
Related documentation
The Distribution Server is supported by the following documents:
s s s s s s
Distribution Server Getting Started (this document) Distribution Manager Help Distribution Server Release Notes Installation Utility Reference Manual PATROL Console Server and RTserver Getting Started PATROL Security User Guide
16
using the Distribution Server Command Appendix 5, Using the Distribution Server Line Interface Command Line Interface
Chapter 1
17
18
Chapter
2
21 21 21 23 25 26 26 27 27 27 28 28 28 33 35 36 37 40 44 44 44 47 48 49 52 54 55 55
Chapter 2
19
Use the latest version of the uninstallation program . . . . . . . . . . . . . . . . . . . . . . . . 55 Using a CD to uninstall products in a Windows environment. . . . . . . . . . . . . . . . 56 Using a CD to uninstall products in a UNIX environment . . . . . . . . . . . . . . . . . . . 56 Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
20
Implementation considerations
Implementation considerations
This section describes several things to consider when implementing the Distribution Server.
Distribute the Distribution Client from the Distribution Server Install the Distribution Client locally
Which method you choose depends largely on whether the network and systems meet the requirements for installing the Distribution Client from the Distribution Server. If some target systems meet the requirements, but others do not, you can use the appropriate method for each system. For more information, see Appendix B, Requirements for distributing the Distribution Client from the Distribution Server. In both methods you must create a connection account and privileged account on the target system and add the accounts to the Distribution Server.
Chapter 2
21
NOTE
Installing the Distribution Client from the Distribution Server is also called initializing the system, or doing a pristine install.
22
Network requirements
Network requirements
The Distribution Server requires a properly installed TCP/IP local area network. The following diagram shows the different communication protocols used by the Distribution Server.
Web browser
tcp
Distribution Client
RTserver
Distribution Server
tcp
Web server
Distributing the Distribution Client: 1. PATROL Agent 2. Reading the registry 3. mapped drive and Task Scheduler service 4. sftp and ssh 5. ftp and telnet Notifying Distribution Client of new distributions: ping
Chapter 2
23
Network requirements
Note that if you add a system using the IP address, the Distribution Server does not have to be able to resolve the Distribution Client by name. However, the Distribution Client still must be able to resolve the Distribution Server by name.
24
Send messages to the Distribution Server Retrieve distributions from the Distribution Server Retrieve upgrades from the Distribution Server
The Distribution Client must be able to resolve the Distribution Server by name. This means that the Distribution Client can ping the Distribution Server using the Distribution Server host name, not the IP address.
Firewall requirements
If there is a firewall between any of the computers, you must create filters to allow the appropriate communications. For more information, see Firewall configuration information on page 82.
Network security
The Distribution Server, like any server in your environment, may be vulnerable to viruses or malicious attacks by remote users. Protect the Distribution Server with precautions such as investing in virus protection software and configuring the permissions of the operating system to deny access to sensitive directories and files.
Chapter 2
25
The Default installation allows you to install all components for either the Distribution Server or the Distribution Client at the same time. You will be asked only for mandatory configuration information. The defaults will be used for all optional configuration information. The Custom installation allows you to install individual components. You will be asked for both mandatory and optional configuration information.
You want to use a security level greater than basic security. You want to install only the Distribution Server Command Line Interface. You want to specify the port numbers the components use to communicate with each other.
The Distribution Server can be a repository for products and components. You can then export installable packages for use in a third-party or in-house distribution system. The Distribution Server can generate reports listing which BMC Software products are installed on which remote systems.
Use only the BMC Software installation utility to install the Distribution Server
You must use the installation utility provided by BMC Software to install the Distribution Server because a Distribution Server cannot deploy another Distribution Server. The installation utility, however, provides some features that might help you install the Distribution Server on remote systems.
26
You can install to remote computers in your environment by creating an installable product image that can be transferred to and installed locally on those computers. You can install to a computer that does not have a web browser by launching the installation utility from a command line and specifying the -serveronly command line option. This option starts the installation web server on the computer that does not have a browser, and you can then connect to that web server using a browser on another computer.
NOTE
If you use pop-up blocker software to prevent pop-up windows from being displayed in your web browser, you must temporarily disable the software on the computer on which you want to install products to run the installation utility. The procedures and requirements for disabling pop-up blocker software vary depending on the software that you are using. Consult the documentation provided with the pop-up blocker software for instructions.
Chapter 2
27
4 Create accounts
indicated in installation information.
Installable components
The following table lists components that can be installed as part of Distribution Server.
Component Distribution Server Comment This is the primary component of the Distribution Server. It maintains the repository of products and collections, systems, and configuration information. It instructs the Distribution Client to install or uninstall products.
Distribution Server This component allows you to use the Distribution Server when you do not want Command Line Interface to use a web browser. It is always included with the Distribution Server. Distribution Client RTserver This component runs on remote computers to which you want to distribute products. This component is used for Distribution Server internal communications, and for communications with the Distribution Server Command Line Interface.
28
The installation will add an ISAPI filter named pslsp to the default IIS web site. It will also add the following virtual directories: components, hosts, and pslsp.
The Distribution Server uses IIS for all server-client activity such as client registration, product distribution, and product inventory reports. If you remove these accounts, server-client functions fail even when using the Distribution Server Command Line Interface.
Chapter 2
29
TIP
For more information about Apache, see the Apache HTTP Server web site at http://httpd.apache.org or the Apache documentation installed with Apache at http://hostname:port/manual, where hostname is the name of the server, and port is its HTTP port. The Apache license information is installed with Apache at $BMC_ROOT/common/apache/apache.1.3.33/platform/htdocs/manual/LICENSE.
30
act as part of operating system log on as a service replace a process level token
This account can be a domain user account or a local account. However, if you want domain users to be able to access the Distribution Server, this account must be a domain account.
Chapter 2
31
TIP
This account is unrelated to the Distribution Client account and privileged account used by the Distribution Client.
WARNING
If you use an RTserver on a different computer from the Distribution Server, install the RTserver first and ensure that it is running before you install the Distribution Server.
Chapter 2
33
This account must exist on the Distribution Server computer before you install the Distribution Server.
TIP
These accounts are unrelated to the Distribution Client account and privileged account used by the Distribution Client.
Considerations for the HTTP and HTTPS ports when using the apache web server
The installation of Apache will use the http and https ports that you specify. If there will be multiple web servers on the system, ensure that each web server uses a different set of ports.
Considerations for the HTTP and HTTPS ports when using the IIS web server
You must enter the http and https ports used by IIS on the default web site. You cannot change the ports by entering different numbers.
34
Security
You must set the level of security that you want to use. The default is basic security. The security level must be compatible with the security level of the components that the Distribution Server will be communicating with, such as the Distribution Client. If you want to use advanced security, see Appendix C, Using advanced security and the PATROL Security User Guide for more information.
The installation utility restarts the World Wide Web Publishing Service and IIS Administration Service, but you must restart all of the other services manually after the installation is complete.
Chapter 2
35
Are you installing from a remote drive? yes / no If yes, you must manually import the Distribution Client. Web server Where do you want to install BMC Software products? The default is /opt/bmc on UNIX, and C:\Program Files\BMC Software on Windows. Are you upgrading on MS-Windows? If yes, did you stop these services? For more information, see Upgrading the Distribution Server on page 35.
s s s s s s s
FTP Publishing Service Network News Transport Protocol (NNTP) Simple Mail Transport Protocol (SMTP) World Wide Web Publishing Service IIS Administration Service
Accounts What is the Distribution Server account name? You must create this account before the installation. What is the Distribution Client default account name? You must create this account before the installation. What is the Distribution Client registration account name? You must create this account before the installation.a You will need the root login name and password. (UNIX only) Web Server Information What is the Web server http port? The default is 80.b What is the Web server https port? The default is 443.b What is the Apache HTTPD user account name? You must create this account before the installation. (UNIX only)
36
What is the Apache HTTPD group name? You must create this group before the installation. (UNIX only) Maximum size for log files. The default is 20 MB. (UNIX only)b Automatically add job to trim log files to crontab? (UNIX only) The default is yes.b For IIS on Windows 2003, is All Unknown ISAPI Extensions set to Allowed? For more information, see About using the IIS web server (Windows Only) on page 29. RTserver Information What is the RTserver variable? The default is tcp:localhost:2059.b What is the RTserver port? The default is 2059.b If you use an RTserver on a different computer from the Distribution Server, what is the name of the RTserver computer? Warning: If on a different computer, the RTserver must be running before you install the Distribution Server. Security Information What security level do you want to use? The default is basic.b
s s s s s
yes / no
yes / no
If you want the Distribution Client registration account to be different from the Distribution Client default account, you must use a custom installation. If you do not use the default, you must use a custom installation.
Chapter 2
37
To install Distribution Server on Windows 1 Insert the Distribution Server CD into the CD drive and run setup.exe at the root of
the CD.
2 On the Welcome to the Installation Utility page, click Next to continue. 3 On the Review License Agreement page, read the license agreement. If you accept
it, select Accept. Then click Next.
4 On the Select Installation Option page, select Install products on this computer now.
Then click Next. For more information about creating an installable image, see the Installation Utility Reference Manual.
5 On the Specify Installation Directory page, type or browse to the location where
you want to install BMC Software products. Then click Next. For more information about the installation directory, see Base installation directory on page 30.
6 On the Select Type of Installation page, select Default or Custom as the installation
type. Then click Next. For more information about the different types of installation, see Choosing a Default or a Custom installation on page 26, Required information for a Default installation of the Distribution Server on page 28, and Required information for a Custom installation of the Distribution Server on page 33.
38 Distribution Server Getting Started
8 Complete the Distribution Server Properties page. A Type the Distribution Server account password and confirm it. For more
information, see Distribution Server account on page 31.
B If you selected a custom installation, type the web server HTTP and HTTPS port
numbers. For more information, see Web server HTTP and HTTPS port numbers on page 34.
C If you selected a custom installation, select whether to stop and restart IIS
during the installation.
D Click Next. 9 On the Distribution Server mapped accounts page, type the Distribution Client
default account name and password, and confirm the password. If you selected a custom installation, also type the Distribution Client registration account name and password and confirm the password. Then click Next. For more information, see Distribution Client default account on page 32 and Distribution Client registration account on page 33.
10 If you selected a custom installation, on the Select Level of Security page, select
advanced or basic security and whether to overwrite the current security configuration. Then click Next. For more information, see Security on page 35, Appendix C, Using advanced security and the PATROL Security User Guide.
11 If you selected a custom installation and selected Advanced security, complete the
security information. There might be multiple pages, depending on your choices. Click Next as you complete each page. For more information, see Security on page 35, Appendix C, Using advanced security and the PATROL Security User Guide.
12 On the Provide Startup Information for RTserver page, select Yes to install
RTserver. Also accept the default port number for RTserver to use, or type a new one. Then click Next. For more information about the RTserver port setting, see RTserver port setting on page 34.
13 On the RTservers Variable Properties page, accept the default value for the
RTserver variable setting, or type a new value. Then click Next.
Chapter 2
39
14 On the Distribution Server post processing page, review and record the URL for
the Distribution Manager graphical user interface, including the use of http versus https. You will use this URL to access the Distribution Manager. Then click Next. If you selected a custom installation, also review the information about security levels. For more information, see Appendix C, Using advanced security.
15 On the Review Selections and Install page, review your selections. Then click Start
Install.
16 Watch the Installation Status page to verify that the installation process completes
successfully. When the installation is 100% complete, click Next.
NOTE
During the installation process, the Percentage Complete progress indicator may appear to be stopped at 99%. The system is completing post-installation scripts and will move to the Installation Results page when finished.
17 On the Installation Results page, click View Log to review the installation log file.
When you are done, click Next to continue then click Finish. The components are now installed on your system.
40
You must know the required information for the type of installation you will perform. For more information, see Choosing a Default or a Custom installation on page 26, Required information for a Default installation of the Distribution Server on page 28, and Required information for a Custom installation of the Distribution Server on page 33. The accounts described in Required information for a Default installation of the Distribution Server on page 28 must exist on the computer. You must be logged on as the Distribution Server account. You must disable any pop-up blocker software to run the installation utility.
To install Distribution Server on UNIX 1 Insert the Distribution Server CD into the CD drive, mount the CD, and
run ./setup.sh at the root of the CD.
2 On the Welcome to the Installation Utility page, click Next to continue. 3 On the Review License Agreement page, read the license agreement. If you accept
it, select Accept. Then click Next.
4 On the Select Installation Option page, select Install products on this computer now.
Then click Next. For more information about creating an installable image, see the Installation Utility Reference Manual.
5 On the Specify Installation Directory page, type or browse to the location where
you want to install BMC Software products. Then click Next. For more information about the installation directory, see Base installation directory on page 30.
6 On the Select Type of Installation page, select Default or Custom as the installation
type. Then click Next. For more information about the different types of installation, see Choosing a Default or a Custom installation on page 26, Required information for a Default installation of the Distribution Server on page 28, and Required information for a Custom installation of the Distribution Server on page 33.
Chapter 2
41
8 On the Provide the System Root Account Properties page, type the password for
the root account. Then click Next. For more information, see Root account (UNIX only) on page 31.
9 Complete the Distribution Server Properties page. Then click Next. A Type the Distribution Server account password. For more information, see
Distribution Server account on page 31.
B If you selected a custom installation, type the web server HTTP and HTTPS port
numbers. For more information, see Web server HTTP and HTTPS port numbers on page 34.
10 On the Distribution Server mapped accounts page, type the Distribution Client
default account name and password, and confirm the password. If you selected a custom installation, also type the Distribution Client registration account name and password and confirm the password. Then click Next. For more information, see Distribution Client default account on page 32 and Distribution Client registration account on page 33.
11 If you selected a custom installation, on the Select Level of Security page, select
advanced or basic security and whether to overwrite the current security configuration. Then click Next. For more information, see Security on page 35, Appendix C, Using advanced security and the PATROL Security User Guide.
12 If you selected a custom installation and selected Advanced security, complete the
security information. There might be multiple pages, depending on your choices. Click Next as you complete each page. For more information, see Security on page 35, Appendix C, Using advanced security and the PATROL Security User Guide.
13 If you selected a custom installation, on the Apache HTTP Server Parameters page,
type the Apache HTTPD user account name and HTTPD group. Then click Next. For more information, see Apache user name and group (UNIX only) on page 32.
42
A Select whether to check and limit the size of the Apache log files automatically
or manually.
B Specify the maximum size in megabytes for the Apache log files.
For more information, see Trimming Apache web server log files (Apache only) on page 35.
15 On the Provide Startup Information for RTserver page, accept the default port
number for the RTserver to use, or type a new one. Then click Next. For more information about the RTserver port setting, see RTserver port setting on page 34.
16 On the RTserver Variable Properties page, accept the default value for the
RTserver variable setting, or type a new value. Then click Next. For more information, see RTserver variable setting on page 33.
17 On the Distribution Server post processing page, review and record the URL for
the Distribution Manager graphical user interface, including the use of http versus https. You will need to use this URL to access Distribution Manager. Then click Next. If you selected a custom installation, also review the information about security levels. For more information, see Appendix C, Using advanced security.
18 On the Review Selections and Install page, review your selections. Then click Start
Install.
19 Watch the Installation Status page to verify that the installation process completes
successfully. When the installation is 100% complete, click Next.
NOTE
During the installation process, the Percentage Complete progress indicator may appear to be stopped at 99%. The system is completing post-installation scripts and will move to the Installation Results page when finished.
20 On the Installation Results page, click View Log to review the installation log file.
When you are done, click Next to continue then click Finish. The components are now installed on your system.
Chapter 2
43
Install the Distribution Client from the Distribution Server. Install the Distribution Client locally.
For more information about choosing a method, see Deciding how to install the Distribution Client on page 21. For more instructions on installing the Distribution Client from the Distribution Server, see Setting up systems on page 94.
4 Create accounts
indicated in installation information.
44
On Microsoft Windows, the default for this directory is C:\Program Files\BMC Software. On UNIX, the default for this directory is /opt/bmc. When you create a profile for this system in Distribution Manager, the base installation directory in the profile must match this directory. If you were to install the Distribution Client using the Distribution Server, you would indicate this directory in the profile for the system. This directory cannot be changed after the installation. For more information, see Base installation directories on page 21.
WARNING
The base installation directory must be different from the working directory.
Chapter 2
45
WARNING
The working directory must be different from the base installation directory.
You must be logged on as this account when you run the installation. When you install the Distribution Client, you must also specify the user name and password of this account. The account must be the same account used by other BMC Software products installed in the same directory.
On the Distribution Client system, the account must be a member of the users group and Administrators group (but not the Administrator account itself), have write access to the file system, and have the right to connect remotely. The account can be a local or domain account. If you use a local account, enter only the account name. If you use a domain account, preface the account name with the domain. The account also must have the following user rights:
s s s s
act as part of operating system increase quotas log on as a service replace a process level token
46
A local installation of the Distribution Client automatically assigns these rights to the account. Installing it from the Distribution Server, however, does not assign these rights. For a remote installation, assign these rights manually using the operating system.
Chapter 2
47
If you were to install the Distribution Client using the Distribution Server, the Distribution Server would send this information to the Distribution Client.
Security
You must set the level of security that you want to use. The default is basic security. The security level must be compatible with the security level of the Distribution Server. If you want to use advanced security, see Appendix C, Using advanced security and the PATROL Security User Guide for more information.
48
What is the Distribution web server host name? What is the Distribution Client port? The default is 50005. a What is the working directory? The default is c:\temp\dsc on Windows. What is the working directory maximum size? The default is 300 MB.a What is the Distribution Client account? You must create this account before the installation. You will need the root login name and password. (UNIX only) Restart the Distribution Client on system reboot? (UNIX only) The default is yes.a Security Information What security level do you want to use? The default is basic.a
a
s s s
**** yes / no
If you do not use the default, you must use a custom installation.
Chapter 2
49
You must disable any pop-up blocker software to run the installation utility.
To install Distribution Client locally on Windows 1 Insert the Distribution Server CD into the CD drive and run setup.exe at the root of
the CD.
2 On the Welcome to the Installation Utility page, click Next to continue. 3 On the Review License Agreement page, read the license agreement. If you accept
it, select Accept. Then click Next.
4 On the Select Installation Option page, select Install products on this computer now.
Then click Next. For more information about creating an installable image, see the Installation Utility Reference Manual.
5 On the Specify Installation Directory page, type or browse to the location where
you want to install BMC Software products. Then click Next. For more information about the installation directory, see Base installation directory on page 30.
6 On the Select Type of Installation page, select Default or Custom as the installation
type. Then click Next. For more information about the different types of installation, see Choosing a Default or a Custom installation on page 26.
8 Complete the Distribution Server Client properties page. Then, click Next. A Type the Distribution web server host name.
For more information, see Distribution Server web server host name on page 45.
B If you chose a custom installation, type the web server HTTP and HTTPS port
numbers. For more information, see Distribution Server web server HTTP and HTTPS port numbers on page 47.
C If you chose a custom installation, type the port number for the Distribution
Client.
50 Distribution Server Getting Started
For more information, see Distribution Client port number on page 48.
D Type the location of the Distribution Client working directory and its maximum
size. For more information, see Distribution Client working directory and maximum size on page 45.
F Click Next. 9 If you chose a custom installation, on the Select Level of Security page, select
advanced or basic security and whether to overwrite the current security configuration. Then click Next. For more information, see Security on page 35, Appendix C, Using advanced security and the PATROL Security User Guide.
10 If you selected a custom installation and selected Advanced security, complete the
security information. There might be multiple pages, depending on your choices. Click Next as you complete each page. For more information, see Security on page 35, Appendix C, Using advanced security and the PATROL Security User Guide.
11 If you selected a custom installation, review the information about the Distribution
Server Client post processing page. Then click Next.
12 On the Review Selections and Install page, review your selections. Then click Start
Install.
13 Watch the Installation Status page to verify that the installation process completes
successfully. When the installation is 100% complete, click Next.
14 On the Installation Results page, click View Log to review the installation log file.
When you are done, click Next to continue then click Finish. The components are now installed on your system.
Chapter 2
51
To install Distribution Client locally on UNIX 1 Insert the Distribution Server CD into the CD drive, mount the CD, and
run ./setup.sh at the root of the CD.
2 On the Welcome to the Installation Utility page, click Next to continue. 3 On the Review License Agreement page, read the license agreement. If you accept
it, select Accept. Then click Next.
4 On the Select Installation Option page, select Install products on this computer now.
Then click Next. For more information about creating an installable image, see the Installation Utility Reference Manual.
5 On the Specify Installation Directory page, type or browse to the location where
you want to install BMC Software products. Then click Next.
52
For more information about the installation directory, see Base installation directory on page 30.
6 On the Select Type of Installation page, select Default or Custom as the installation
type. Then click Next. For more information about the different types of installation, see Choosing a Default or a Custom installation on page 26.
8 On the Provide the System Root Account Properties page, enter the name of the
root account, root password, and confirm root password. Root account (UNIX only) on page 47
9 Complete the Distribution Server Client properties page. Then, click Next. A Type the Distribution web Server host name. For more information, see
Distribution Server web server host name on page 45.
B If you selected a custom installation, type the web server HTTP and HTTPS port
numbers. For more information, see Distribution Server web server HTTP and HTTPS port numbers on page 47.
C If you chose a custom installation, type the port number for the Distribution
Client. For more information, see Distribution Client port number on page 48.
D Type the location of the Distribution Client working directory and its maximum
size. For more information, see Distribution Client working directory and maximum size on page 45.
E Type the Distribution Client account name. For more information, see
Distribution Client account on page 46.
G Click Next. 10 If you selected a custom installation, on the Select Level of Security page, select
advanced or basic security and whether to overwrite the current security configuration. Then click Next. For more information, see Security on page 35, Appendix C, Using advanced security and the PATROL Security User Guide.
Chapter 2
53
11 If you selected a custom installation and selected Advanced security, complete the
security information. There might be multiple pages, depending on your choices. Click Next as you complete each page. For more information, see Security on page 35, Appendix C, Using advanced security and the PATROL Security User Guide.
12 If you selected a custom installation, review the information about the Distribution
Server Client post processing page. Then click Next.
13 On the Review Selections and Install page, review your selections. Then click Start
Install.
14 Watch the Installation Status page to verify that the installation process completes
successfully. When the installation is 100% complete, click Next.
15 On the Installation Results page, click View Log to review the installation log file.
When you are done, click Next to continue then click Finish. The components are now installed on your system.
To uninstall the Distribution Server, use the local uninstallation. For more information, see the Installation Utility Reference Manual. To uninstall products on remote systems using the Distribution Server, schedule a distribution in uninstall mode. The products must exist in the repository of the Distribution Server. For more information, see the Distribution Manager Help. To uninstall the Distribution Client using the Distribution Server, have the Distribution Server remove the Distribution Client from the remote system. For more information, see the Distribution Manager Help. To perform a local uninstallation on a remote system when all of the BMC Software products on it have been distributed from the Distribution Server, you need a CD with the installation utility to perform the local uninstallation. For more information, see Local uninstallation with product CDin the following section.
54
The installation utility creates this file so you can launch the uninstallation utility from your local hard drive. When you distribute products, the Distribution Server does not create this file because most users of the Distribution Server want the convenience of uninstalling products remotely. If you must uninstall BMC Software products locally, verify whether the uninstallation file exists on the local drive. If it does not, all of the products on the system were installed by the Distribution Server, and you need a product CD from BMC Software to perform the local uninstallation. This section describes how to perform this type of local uninstallation.
Chapter 2
55
NOTE
You can download the latest version of the installation utility at the following site: ftp://ftp.bmc.com/pub/patrol/patches.
To use a CD to uninstall products 1 Execute the CD_drive:\uninstall.exe file, where CD_drive is the drive letter for the
CD drive that holds the product CD. The Welcome page is displayed. Click Next.
2 Select the installation directory from which you want to remove a product. Click
Next.
3 Select the product or products that you want to uninstall. Click Next. 4 Review your selections and click Uninstall.
Once the uninstallation is complete, a page is displayed that tells you the status of the uninstallation.
To use a CD to uninstall products 1 Change the directory to the CD drive that holds the product CD and enter the
following command to launch the installation utility in uninstall mode:
./uninstall.sh
2 Select the installation directory from which you want to remove a product. Click
Next.
3 Select the product or products that you want to uninstall. Click Next. 4 Review your selections and click Uninstall.
Once the uninstallation is complete, a page is displayed that tells you the status of the uninstallation.
Chapter 2
57
58
Chapter
This chapter contains information for administering and configuring the Distribution Server. This chapter discusses the following topics: Setting up accounts and groups for users on the Distribution Server . . . . . . . . . . . . . 61 Starting and stopping programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Starting and stopping the RTserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Starting and stopping the Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Starting and stopping the web server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Verifying the installation and execution of the RTserver, Distribution Server, and web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Starting and stopping the Distribution Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Running services on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Backing up and restoring Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Moving the Distribution Server to a different computer. . . . . . . . . . . . . . . . . . . . . 69 Backing up and restoring the Distribution Server on UNIX . . . . . . . . . . . . . . . . . . 68 Moving the Distribution Server to a different computer . . . . . . . . . . . . . . . . . . . . . . . . 69 Moving the Distribution Server to a new computer . . . . . . . . . . . . . . . . . . . . . . . . 69 Changing the RTserver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Changing the RTserver on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Changing the RTserver on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Updating accounts or passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Encrypting passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Updating the Distribution Server account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Updating the Distribution Client default and registration accounts . . . . . . . . . . . 76 Updating the Distribution Client account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Directory structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Directory structure for the Distribution Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Directory structure for the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Environment variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Firewall configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Chapter 3
59
Loading a component conflict override file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Version arbitration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Component conflict overrides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Loading an override file for version arbitration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
60
Add the account for each user of the Distribution Server to the appropriate operating system group. When a user connects to the Distribution Server from the Distribution Manager or the Distribution Server Command Line Interface, the user logs on with an operating system account. The Distribution Server uses the operating system account to identify the user, the groups that the user belongs to, and the privileges that the user has. On Windows, if you want to be able to import components from a remote server, the account must be a domain account. For more information about changing privileges, see the Distribution Manager Help.
Chapter 3
61
This section also incudes the basic steps for starting the Distribution Client, verifying that it is running, and stopping it.
NOTE
By default, the Distribution Server and Distribution Client are started automatically and you do not need to start them manually.
NOTE
For more information about starting RTserver, see the PATROL Console Server and RTserver Getting Started Guide.
To manually start the RTserver on UNIX 1 Change to the $BMC_ROOT/common/smartsockets directory. 2 Enter the following command:
./start_rtserver.sh
62
To stop RTserver on UNIX 1 Change to the $BMC_ROOT/common/smartsockets directory. 2 Enter the following command:
./stop_rtserver.sh
To manually start the Distribution Server on UNIX 1 Change to the $BMC_ROOT/Patrol7/bin/platform directory. 2 Enter the following command:
./ds_start.sh
To verify that the Distribution Server is running on UNIX 1 Enter the following command:
ps -ef | grep ds
Chapter 3
63
To stop the Distribution Server on UNIX 1 Change to the $BMC_ROOT/Patrol7/bin/platform directory. 2 Enter the following command, where username and password are the user name and
password of the Distribution Server account.
./ds_stop.sh username password
NOTE
You can enter the password in plain text or use encryption. For more information, see Encrypting passwords on page 74.
To start, stop, or verify the execution of the IIS web server on Windows
Refer to your IIS documentation.
To manually start the Apache web server on UNIX 1 Set the user to root. 2 Change to the $BMC_ROOT/common/bmc/ directory. 3 Enter the following command to set the environment variables:
./patrol7rc.sh
64
Verifying the installation and execution of the RTserver, Distribution Server, and web server
5 Enter one of the following commands, depending on the security level used when
the web server was installed:
s s
./apachectl.bmc -DDSNOSSL start (basic security level) ./apachectl.bmc startssl (security levels 1 through 4)
To verify that the Apache web server is running on UNIX 1 Enter the following command:
ps -ef | grep apache
2 Look for the apache process. To stop the Apache web server on UNIX 1 Set the user to root. 2 Change to the $BMC_ROOT/common/apache/apache.version/platform/bin/ directory. 3 Enter the following command:
./apachectl.bmc stop
Verifying the installation and execution of the RTserver, Distribution Server, and web server
You can verify that the RTserver, Distribution Server, and web server are running by viewing the URLs in the table below. In the URL to view, hostname is the name of the web site. Typically, this is the name of the computer on which the Distribution Server is running. If the web server is not using the default port for http, include the port number in the URL. For example, if the web server myserver is using port 8080, view the URL http://myserver:8080/pslsp/DsManager.
NOTE
The RTserver, Distribution Server, and web server must be started in order.
Chapter 3
65
What to Verify
URL to View
Comments If the default page for the web server is displayed, the web server is running. If the default page for the web server is displayed, https is active. If you are prompted to log on, the Distribution Server and RTserver are running. If you use advanced security, use https instead of http.
Is the web server running? http://hostname Is https active for the web server? Are the RTserver and Distribution Server, and web server running and started in the correct order? https://hostname http:/hostname/pslsp/DsManager
To manually start the Distribution Client on UNIX 1 Change to the $BMC_ROOT/dsclient/bin/platform directory. 2 Enter the following command:
./listener_ctl.sh start
To verify that the Distribution Client is running on UNIX 1 Enter the following command:
ps -ef | grep ds_listener
66
To stop the Distribution Client on UNIX 1 Change to the $BMC_ROOT/dsclient/bin/platform directory. 2 Enter the following command:
./listener_ctl.sh stop
To start a service 1 Open the Control Panel and select Administrative Tools. 2 Double-click the Services icon. 3 Select the name of the service. 4 Choose Action => Properties, then click Start. To verify that a service is running 1 Open the Services dialog box. 2 Look at the status of the service. To stop a service 1 Open the Services dialog box. 2 Select the name of the service. 3 Choose Action => Properties, then click Stop.
Chapter 3
67
To back up the Distribution Server on Windows 1 Stop the Distribution Server. 2 Back up the %BMC_ROOT% directory. To restore the Distribution Server on Windows 1 Reinstall the Distribution Server. 2 Restore the backed up files.
To back up the Distribution Server on UNIX 1 Stop the Distribution Server. 2 Back up the following directories:
s s s
68
To restore the Distribution Server on UNIX 1 Restore the backed up files. 2 If you do not have root authority, have someone with this authority run the
ds_config.sh script located in the $BMC_ROOT/Patrol7/bin/platform directory.
Installing the Distribution Server on the new computer and moving the data to the new computer Having existing Distribution Clients use the new Distribution Server
NOTE
This task overwrites and replaces any Distribution Server data files on the new
computer.
To move the Distribution Server files to a new computer 1 Ensure that there are no active or pending distributions. 2 Stop the Distribution Server on the original computer. 3 Back up all of the files in the $BMC_ROOT/ds directory. 4 Install the Distribution Server on the new computer.
Chapter 3
69
5 Stop the Distribution Server on the new computer, and restore the backed up
directory.
6 Start the RTserver, Distribution Server, and web server on the new computer. 7 If you have Distribution Clients set up, switch them to the new Distribution Server.
See the following process.
2 Open the following directory on the system that hosts the Distribution Client:
s s
$BMC_ROOT/dsclient/config (UNIX)
%BMC_ROOT%\dsclient\config (Windows)
4 Remove the dshostid.conf file. 5 Restart the Distribution Client. 6 Use a web browser to log on to the new Distribution Server, as described in
Logging on to the Distribution Manager on page 87.
7 Using the Distribution Manager, run the System Registration report and register
the Distribution Client.
70
1 Use a web browser to log on to the Distribution Server to which the Distribution
Client is currently connected, as described in Logging on to the Distribution Manager on page 87.
2 Use the Remove Clients command on the Options tab to remove the Distribution
Client.
3 Disconnect from the current Distribution Server, and log on to the new
Distribution Server.
4 Add the computer to the new Distribution Server and install the Distribution
Client, as described in Adding systems and installing the Distribution Client on page 100.
To change the RTserver for the Distribution Server on Windows 1 Edit the RTSERVERS system environment variable to reflect the new RTserver. 2 Stop and restart the Distribution Server.
Chapter 3 Administering and configuring the Distribution Server 71
EXAMPLE
"PslSp_RTLocator" = "tcp:localhost:2059"
On 32-bit Windows computers, double-click pslsp_isapi.reg. On 64-bit Windows computers, run the following command:
%SystemRoot%\SysWOW64\regedt32.exe /S BMC_ROOT\Patrol7\config\pslsp_isapi.reg
NOTE
BMC_ROOT is the base installation directory.
5 Stop and restart the web server. To change the RTserver for the Distribution Server Command Line Interface on Windows
Edit the RTSERVERS system environment variable to reflect the new RTserver.
To change the RTserver for the Distribution Server on UNIX 1 If the RTSERVERS environment variable has been set for the current shell, clear the
value.
72
4 Stop and restart the web server. To change the RTserver for the Distribution Server Command Line Interface on UNIX 1 If the RTSERVERS environment variable has been set for the current shell, clear the
value.
2 Modify the patrol7rc.sh or patrol7rc.csh script to reflect the new RTserver. 3 Execute the script. 4 Start the Distribution Server Command Line Interface.
Chapter 3
73
Distribution Server account. For more information about this account, see Distribution Server account on page 31. Distribution Client default account and Distribution Client registration account. For more information about these accounts, see Distribution Client default account on page 32 and Distribution Client registration account on page 33. Distribution Client account. For more information about this account, see Distribution Client account on page 46.
Encrypting passwords
This task describes how to encrypt a password.
To Encrypt a Password 1 Change to the $BMC_ROOT/common/bmc/bin/platform/ directory. 2 Enter the appropriate command for your platform:
sec_encrypt_p3x plain_text_password (Windows) ./sec_encrypt_p3x plain_text_password (UNIX)
74
To update the account or password for the Distribution Server account 1 If you are changing the account, as well as the password perform the following
steps:
A Create the account in the operating system. B Assign the account the properties specified in Distribution Server account on
page 31, including any user rights and file permissions.
C Ensure that the new account is a member of a group with the appropriate
Distribution Server privileges. For more information, see Setting up accounts and groups for users on the Distribution Server on page 61. During the original installation, the original account is added to all the pat* groups.
2 If you are changing only the password for the account, change the password in the
operating system.
3 On Windows, change the service account to reflect the updated account and
password by following these steps:
A Open the Control Panel. B Choose Administrative Tools => Services. C Double-click BMC Distribution Server. D Access the Logon tab and enter the new account or password. E Click OK. 4 On Windows, repeat step 3 to change the account/password of the RTserver if it
was installed as part of the Distribution Server.
Chapter 3
75
On UNIX, this file is in the /etc/patrol.d/ directory. On Windows, this file is in the %BMC_ROOT%\common\patrol.d\ directory.
7 In the [DS] stanza, modify the defaultAccount variable to reflect the new account
and encrypted password.
On Windows, give the new account read and write permission for all files and subdirectories in %BMC_ROOT%\ds\repository and %BMC_ROOT%\ds\components. On UNIX, assign ownership (chown command) to the new account for all files and subdirectories in $BMC_ROOT/ds/repository and $BMC_ROOT/ds/components.
76
NOTE
If you use the same account as the Distribution Client default account and the Distribution Client registration account (for example, you used a default installation), be sure to change both accounts together.
To update the account or password for the Distribution Client default or registration account 1 If you are changing the account, as well as the password perform the following
steps:
A Create the account in the operating system. B Assign the account the required properties, including any user rights and file
permissions. For more information, see Distribution Client default account on page 32 or Distribution Client registration account on page 33.
C Ensure that the new account is a member of a group with the appropriate
Distribution Server privileges. For more information, see Setting up accounts and groups for users on the Distribution Server on page 61. During the original installation, the original accounts are added to the patop and patpop groups on Windows and all the pat* groups on UNIX.
2 If you are changing only the password for the account, change the password in the
operating system.
On Windows, open the %BMC_ROOT%\Patrol7\config\ds\ds_pslsp.reg file. On UNIX, open the $BMC_ROOT/Patrol7/config/ds/ds_pslsp.conf file.
5 Edit the PslSp_UserPass value, PslSp_UserName value, or both for the appropriate
account (Distribution Client default account or Distribution Client registration account).
6 Save and close the file. 7 On Windows, double-click the file to import the settings into the registry.
Chapter 3
77
8 Stop and restart the web server. 9 Stop and restart the Distribution Server.
To update the account or password for the Distribution Client account on Windows 1 If you are changing the account and password, perform the following steps;
otherwise, skip to step 2:
A Create the account in the operating system. B Assign the account the properties specified in Distribution Client account on
page 46, including any user rights and file permissions.
2 If you are changing only the password for the account, change the password in the
operating system.
3 On Windows, change the service account to reflect the updated account and
password.
78
Directory structure
C Double-click BMC Distribution Server. D Access the Logon tab and enter the new account or password. E Click OK. 4 Stop and restart the Distribution Client. To update the account for the Distribution Client account on UNIX NOTE
The password for the Distribution Client is not used on UNIX.
1 If, during the installation of the Distribution Client, you selected to restart the
Distribution Client on reboot, perform the following:
A Locate the S99dsclient file in the /etc/rc* script section depending on the run level. B Edit the appropriate S99dsclient file and modify the tag
DSCLIENTUSER=user_name by replacing the current user name with the new
user name.
C Save the file. 2 If you do not reboot, switch to the new user name. 3 Change to the $BMC_ROOT/dsclient/bin/platform/ directory. 4 Stop and restart the Distribution Client.
For more information, see Starting and stopping the Distribution Client on page 66.
Directory structure
The directory structure for the Distribution Server is different from the directory structure for the Distribution Client
Chapter 3
79
NOTE
These directories refer to the sub-directories of $BMC_ROOT. By default, this is C:\Program Files\BMC Software on Windows and /opt/bmc on UNIX.
80
NOTE
These directories refer to the sub-directories of $BMC_ROOT. By default, this is C:\Program Files\BMC Software on Windows and /opt/bmc on UNIX.
Environment variables
This section lists the environment variables used by Distribution Server. The values of these variables are assigned at installation.
Environment Variable BMC_ROOT PATROL_ROOT RTSERVERS How Variable Is Used points to the location where BMC Software products are installed equivalent to $BMC_ROOT/Patrol7 and points to the location where Distribution Server is installed identifies the RTserver that Distribution Server Command Line Interface uses
Chapter 3
81
Using the Distribution Manager web interface Using the Distribution Server Command Line interface Distributing the Distribution Client from the Distribution Server Executing Distributions
The following table lists the protocols, ports, and connection directions required for each major feature. Note that day-to-day operations involving only the Distribution Manager and executing distributions requires only one connection protocol and portHTTP:80 or HTTPS:443, depending on the security level.
Feature Protocol Default Port 80 / 443 2059 3181 135 - 139 135 - 139 21 23 115 22 80 / 443 80 / 443 50005 Distribution Client --> Distribution Server Distribution Server --> Distribution Client Connection Direction web browser --> web Server CLI --> Distribution Server Distribution Server --> target system
Distribution Manager (web HTTP /HTTPS (TCP) interface) Distribution Server Command Line Interface Distributing the Distribution Client from the Distribution Server COS (TCP, RT) PATROL (pexec) WIN MAP (SMB) WIN Remote Reg FTP Telnet SFTP SSH Distribution (pull files) Distribution (post logs) Distribution (wakeup) HTTP / HTTPS HTTP / HTTPS TCP
82
Version arbitration
The Distribution Server uses version arbitration to solve component conflicts. In the previous example, the Distribution Server would use information about sub-component C to determine whether versions 1.5.00 and 1.7.00 are compatible. If yes, it chooses the appropriate version and adds component A to the collection. If the Distribution Server finds that it does not have enough information about sub-component C, it prevents you from adding component A to the collection.
To load the override file as you start the Distribution Server 1 Stop the Distribution Server if it is running. 2 Copy the override file to the following directory:
s s
3 Change the name of the override file to ds_component_overrides.mof (if it does not
already have this name).
4 Start the Distribution Server. To load the override file as you import a component 1 Copy the override file to the index directory of the installation image from which
you want to import a component.
2 Change the name of the override file to ds_component_overrides.mof (if it does not
already have this name).
3 Import the desired component from the installation image. To load the override file with the Distribution Server CLI
Use the coverride update command from the Distribution Server CLI. For more information about coverride update, see Overriding component conflicts on page 132.
84
Chapter
Chapter 4
85
Where to use the Distribution Manager Web browser requirements Logging on to the Distribution Manager The Distribution Manager interface
The browser must check for newer versions of stored pages for every visit to the pages. JavaScript support must be turned on. The browser must enable style sheets. Pop-up blocking must be disabled.
For more information about how to configure your browser, see the documentation for your browser. Error messages and other screens in the Distribution Server Manager will not display if pop-up blocking is enabled. Disable the pop-up blocking software on the computer on which you want to run the Distribution Server Manager. The procedures and requirements for disabling pop-up blocker software vary depending on the software that you are using. Consult the documentation provided with the pop-up blocker software for instructions.
86 Distribution Server Getting Started
The name of the computer where the Distribution Server is installed. The user name and password of an account on the Distribution Server with the necessary Distribution Server privileges.
To log on to the Distribution Manager 1 Point the web browser to http://hostname/pslsp/DsManager, where hostname is the
name of the system where the Distribution Server is installed. If the web server is not using the default port for http, include the port number in the URL. For example, if the web server myserver is using port 8080, view the URL http://myserver:8080/pslsp/DsManager. If you use advanced security, use https to access Distribution Manager, instead of http.
TIP
If the Distribution Server is installed on a Windows computer, and you are accessing Distribution Manager from the same computer, you can start Distribution Manager by clicking the Start button on the taskbar, then choosing Programs => BMC Distribution Server => Distribution Manager.
Tab Area The tab area is located at the top of the Distribution Manager interface. The tabs provide access to all of the functionality in Distribution Manager. Each tab represents a major area of functionality.
Chapter 4
87
List Area The list area is located at the left side of the Distribution Manager interface. This area provides a list of objects associated with a task that you are performing.
Results Area The results area is located at the right side of the Distribution Manager interface. The results area displays information as you browse the tabs or select objects from the list area.
Toolbar The toolbar is located at the upper right side of the Distribution Manager interface. The toolbar area displays the ID for the user logged on for a particular session. The toolbar also provides links for you to access Help for the current page.
88
Workflow overview
Workflow overview
Setting Up Products (A) Setting Up Systems (B)
1 Create accounts
in the OS of the systems.
4 Arrange systems
in system groups.
Chapter 4
89
Setting up products
Setting up products
When you receive a new version of a product that you want to distribute, you import its components into the repository. When you are ready to distribute components from the repository, you create a collection defining which components you want to distribute together and how to configure them.
90
NOTE
You cannot reactivate an inactive component by re-importing it into the repository. See the Distribution Manager Help for more information about inactive components.
To import components 1 In the tab area, click the Components tab. 2 In the list area, click the Import button. 3 Type or browse to the location where the components are located. Then click Next.
Select the directory that contains the products directory (not the products directory itself). For a CD, this is the root of the CD
4 Select the check boxes for the components that you want to import. Then click OK. 5 Click Import to import the selected components. WARNING
While an import is in progress, do not create, modify, or refresh any collections. During import, the Distribution Server might need to import dependency files that affect other components in the repository.
Chapter 4
91
All the components in a collection are distributed together, as if they were on a single CD image. If components were designed to be distributed serially, such as some products and their patches, do not put them in the same collection. Instead, put them in separate collections, to distribute in the appropriate order. In general, components that were not released together or that were not shipped in the same kit should be distributed serially, unless otherwise noted in the product documentation. For strategies on setting up the components in a collection, see the Distribution Manager Help.
To create a collection 1 In the tab area, click the Collections tab. 2 In the list area, click the Add button. 3 Type the name of the collection. Then click Add. 4 (optional) In the Description box, type a description of the collection. 5 Proceed with adding components to the collection. To add components to a collection 1 In the results area for the collection, click the Components sub-tab. 2 In the results area, click Add. 3 Select the check boxes for the components that you want to add. 4 Click Add. 5 Proceed with configuring the collection.
92
About configurations
About configurations
Each collection has one or more configurations, which contain installation and uninstallation information for all the components in the collection. The configuration information varies for each collection, depending on the components in the collection. If multiple components in a collection share a configuration question, that question is asked only once in the configuration, and all components use the same answer. When you create a collection, a default configuration, which uses the default responses to all configuration questions, is also created. However, for some components, the default configuration might not have enough information to successfully install or uninstall the components. For example, some components might require specific account information. You can edit or remove the default configuration and create more configurations. For strategies for setting up configurations, see the Distribution Manager Help.
Configuring a collection
This task describes how to create a configuration for a collection.
To create a configuration for a collection 1 In the results area for the collection, click the Configurations sub-tab for the
collection.
2 Click Add. 3 Type the name and description for the configuration. Then click Next. 4 For each screen, provide the requested information for the configuration. Then
click Next. On the last screen, click Finish. For more information about what is requested, refer to the product-specific documentation.
Chapter 4
93
Setting up systems
Setting up systems
When you have a computer that you want to include in the Distribution Server, you perform the following tasks. Although you can perform some of these tasks in a different order, BMC Software recommends using the following order.
1 Create accounts
in the OS of the systems.
4 Arrange systems
in system groups.
If you performed a local installation of the Distribution Client, you register the computer with the Distribution Server, instead of adding it and installing the Distribution Client.
About accounts
Each remote computer must have a connection account and a privileged account. These accounts must already exist on the computers to which you want to connect. On Windows, both accounts should be the same account on the remote computer. You then add them to the Distribution Server using Distribution Manager. Specific account information is stored separately from the computers on the Distribution Server to make it easier to use one account for multiple remote computers. For example, if several remote computers use the same account, you could create one account for all of them and avoid having to re-type information. If the account information changes, you have to change it in only one place.
94
About accounts
Before you distribute any products to a computer, including the Distribution Client, you must create a connection account on the computer and add it to the Distribution Server.
connection account Distribution Client account (Distribution Client account on page 46) privileged account (About the privileged account on page 96)
NOTE
If the Distribution Server is running on a Windows 2003 computer and you want to use Mapped Drive/Task Scheduler Service to deploy Distribution Clients, the Distribution Server account and the Distribution Client account must have the same name. For more information, see Using a mapped drive and task scheduler service (Windows only) on page 168.
The connection account must be the same account used by other BMC Software products installed in the same directory, it must be a member of the users and Administrators groups (but not the Administrator account itself), and it must have the right to connect remotely. The account can be a local or domain account. If you use a local account, enter only the account name. If you use a domain account, preface the account name with the domain. The account must have the following user rights:
s s s s
act as part of operating system increase quotas log on as a service replace a process level token
A local installation of the Distribution Client automatically assigns the previous rights to the account. Installing it from the Distribution Server, however, does not assign these rights. For a remote installation, assign these rights manually using the operating system.
Chapter 4
95
About accounts
The connection account must be the same account used by other BMC Software products installed in the same directory, and it must have the right to connect remotely.
NOTE
Even though the privileged account is often the same as the connection account, you must add the privileged account to properties of the computer.
Must be a member of the Administrators group, but not be the Administrators account itself. Must have the user right log on as a batch job assigned to it. Set this right in the operating system. Can be a local or domain account. If you use a local account, enter only the account name. If you a domain account, preface the account name with the domain.
96
About accounts
To install and configure sudo 1 Download sudo version 1.6.7p5 or later from the following web site:
www.courtesan.com/sudo.
Password caching causes sudo sessions to be on a timer, meaning one sudo operation could allow multiple operations without password authentication. The installation/deployment code that is used to support sudo expects a password prompt every time sudo is invoked; therefore, password caching should be turned off for sudo to work correctly with the Distribution Server.
4 On the computer where you install sudo, enter the following lines for the User
privilege specification in the sudoers file located in the local /etc directory:
patrol ALL=PASSWD:/opt/patrol/bmc_install.sh Defaults:patrol authenticate
These entries authenticate the user. The Distribution Server always expect a password prompt when the bmc_install.sh script is invoked, so sudo must be configured to supply the password. No entries are required for the host alias, user alias, or command alias specifications.
Chapter 4
97
Adding an account
Adding an account
This task describes how to add an account in Distribution Manager.
To add an account 1 In the tab area, click the Systems tab. 2 In the list area, click Accounts. 3 In the list area, click the Add button. 4 Type a name for the account.
This name is used only within the Distribution Server. You might want to use a naming convention to indicate the account usage (connection account or privileged account) and the remote computer to which this account applies, as well as the user name.
6 Type the password to use with this user name in both the Password box and the
Confirm Password box.
7 Click Add.
98
The installation directory is where all BMC Software products, including the Distribution Client and products that are installed locally, are installed on the system. This directory corresponds to the installation directory in a local installation. You cannot install products to different installation directories. The working directory is where the Distribution Client stores files from the Distribution Server.
WARNING
The installation directory and the working directory must be two separate directories. You cannot change either directory if the profile is used by a system with the Distribution Client installed. If you register a system with a locally installed Distribution Client, the Distribution Server might automatically create a profile for the system. For more information, see the Distribution Manager Help.
Specific profile information is stored separately from the systems to make it easier to use one profile for multiple Distribution Clients. For example, if all the profile information is the same for all Windows computers, you could create one profile for all of them and avoid having to re-type information. If the profile information changes, you have to change it in only one place.
Creating a profile
This task describes how to create a profile.
To create a profile 1 In the tab area, click the Systems tab. 2 In the list area, click Profiles. 3 In the list area, click the Add button.
Chapter 4
99
About systems
4 Type a name for the profile. 5 Type the installation directory for the systems that use this profile.
This directory is the location where all components will be installed when they are distributed.
6 Type the working directory for the systems that use this profile.
This directory is the location where the installation files are stored before they are run.
7 Click Add.
About systems
A system is a remote computer to which you want to distribute components using the Distribution Server. Each system needs a connection account, privileged account, and profile. For more information about connection and privileged accounts, see About accounts on page 94. For more information about profiles, see About profiles and directories on remote systems on page 99. Before you can distribute components to a system, you must install the Distribution Client. You can install the Distribution Client locally, when you add the system, or after adding the system. To send distributions to a system, you must put the system in one or more system groups. For more information about system groups, see About system groups on page 102.
NOTE
For more information about adding systems, including importing multiple systems from a file, see the Distribution Manager Help.
To add a system and install the Distribution Client 1 In the tab area, click the Systems tab. 2 In the list area, click Systems. 3 In the list area, click the Add button. 4 In the System Name box, type the fully qualified domain name or the IP address of
the computer that you want to add.
5 If there are groups already defined, you can select a group to which you want the
system to belong. You can add the system to other groups later.
6 Select the profile, connection account, and privileged account for the system.
If the profile, connection account, or privileged account does not exist, click the corresponding New button and create it.
8 Click Add. 9 To view the status of installing the Distribution Client, including any log files, view
the Distribution Status or Client Activity reports.
Chapter 4
101
To register and configure a system manually 1 In the tab area, click the Reports tab. 2 In the list area, click the System Registration report. 3 Select the systems that you want to add. 4 Click Register. 5 In the tab area, click the Systems tab. 6 In the list area, click Systems. 7 In the list area, click the name of the system. 8 Select the connection account and privileged account for the system. 9 Click Apply Changes.
102
NOTE
If you want to distribute components to a single system by itself, create a system group that includes only that system.
To create a system group 1 In the tab area, click the Systems tab. 2 In the list area, click System groups. 3 In the list area, click the Add button. 4 Type a name for the system group 5 Click Add. To add systems to a system group 1 In the tab area, click the Systems tab. 2 In the list area, click System groups. 3 In the list area, click system group. 4 Click the Members tab. 5 Select the systems to belong to the group and click Add. 6 Click Apply Changes.
Chapter 4
103
About distributions
About distributions
A distribution is the mechanism by which you define which collections of components and associated configurations are distributed to which groups of systems, and when. A distribution includes a set of distribution items. Each distribution item identifies the following:
s s s
the collection of components to be distributed the configuration of that collection to use the system group
When you schedule a distribution, you identify when the components are distributed and the distribution mode (install, force install, or uninstall). You can schedule distributions to run immediately or on a date and time that you specify.
Setting up a distribution
This task describes how to set up a distribution.
To create a distribution 1 In the tab area, click the Distributions tab. 2 In the list area, click the Add button. 3 Type a name for the distribution, then click Add. 4 (optional) In the Description box, type a description of the distribution. 5 Proceed with adding distribution items.
104
Setting up a distribution
To add a distribution item 1 In the results area for the distribution, click the Items sub-tab. 2 Click Add Item. 3 Select the collection, configuration, and system group that you want to use. 4 Click Add. 5 After adding all distribution items, proceed with scheduling the distribution. To schedule a distribution 1 In the results area for the distribution, click the Schedule sub-tab. 2 Click Add Schedule. 3 Do one of the following:
s
If you want to distribute the components immediately, select Distribute Immediately. If you want to distribute the components at a later time, select Schedule Distribution, and choose the start date and time.
5 Click Add. 6 Once a distribution is activated, to view the status of a distribution, including any
log files, view the Distribution Status report.
Chapter 4
105
About reports
About reports
On the Reports page, you can select the report that you want to run. For more information about each report, see the Distribution Manager Help.
s s s s s s s
Distribution Status Report Product Distribution Report Product Inventory Report Client Activity Report Unknown Systems Report System Reboot Report System Registration Report
NOTE
You use some reports to take actions on systems, in addition to simply viewing information. For example, you use the System Registration report to register systems which you installed the Distribution Client locally.
Running a report
This task describes how to run a report.
1 In the tab area, click the Reports tab. 2 In the list area, click the report that you want to run.
Logging off
To log off, close the browser. The Distribution Server will automatically log you off after about 15 minutes.
106
Chapter
5
109 109 109 109 110 110 111 112 112 113 113 114 114 114 115 115 117 117 119 121 122 123 124 125 125 126 126 127 131 132
107
This chapter contains information for using the Distribution Server Command Line Interface (CLI). This chapter discusses the following topics: Uses of the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Where to run the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modes for running the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Command line arguments for the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running the CLI in interactive mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running the CLI with an input file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Typographical conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Command syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Encrypting passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exiting interactive mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Connecting to and disconnecting from a Distribution Server . . . . . . . . . . . . . . . Managing components in the repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing systems groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Distribution Client upgrades and removals . . . . . . . . . . . . . . . . . . . . . Managing distributions and distribution items . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing distribution schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing operating systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overriding component conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 5 Using the Distribution Server Command Line Interface
Example scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Example 1: Adding systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Example 2: Distributing products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Example 3: Uninstalling products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
108
You cannot access the Distribution Server with a web browser, or the connection with a web browser is slow. You want to execute commands through a batch file. You want to integrate the Distribution Server with a different program.
In interactive mode, you enter a single command and wait for completion of the command before entering another command. In script mode, the CLI reads and sequentially executes a list of commands from an input file.
Chapter 5
109
-ignore_error
-d value
To run the CLI in interactive mode 1 On UNIX, perform the following steps: A Change to the $BMC_ROOT/common/bmc/ directory. B Enter the following command to set the environment variables:
./patrol7rc.sh
110
2 Enter the following command at the operating system command prompt, followed
by any optional command line arguments.
dsadmin
For more information about command line arguments, see Command line arguments for the CLI on page 110.
For more information about connecting to a Distribution Server, see Connecting to and disconnecting from a Distribution Server on page 115.
4 Enter each of the commands that you want to execute, one at a time.
For more information about the available commands, see CLI commands on page 112.
NOTE
The first command in the input file must be a connect command. You can use an encrypted or unencrypted password.
Chapter 5
111
CLI commands
To run the CLI with an input file 1 On UNIX, perform the following steps: A Change to the $BMC_ROOT/common/bmc/ directory. B Enter the following command to set the environment variables:
./patrol7rc.sh
CLI commands
This section lists the commands that you can use in the CLI.
Typographical conventions
The following conventions are used in this section:
s
Text in italics represents a variable, as shown in the following examples: The table table_name is not available.
system/instance/file_name
Items enclosed in braces ( { } ) and separated by a vertical bar ( | ) indicate that you must choose one item. (Do not type the braces or vertical bar.) In the following example, you would choose a, b, or c: { a | b | c }
An ellipsis ( . . . ) indicates that you can repeat the preceding item or items as many times as necessary. You must separate each item with spaces. Square brackets ( [ ] ) around an item indicate that the item is optional. (Do not type the brackets.)
112
Command syntax
Command syntax
This section describes the command syntax for the Distribution Server Command Line Interface.
Case sensitivity
Commands and options are case-insensitive. However, names of items, such as collections and distributions, are case-sensitive.
EXAMPLE
The commands collection add mycollection and Collection ADD mycollection do the same thing, but the command collection add MyCollection adds a different collection.
Text strings
Enclose text strings with spaces, such as labels, in double-quotes.
EXAMPLE
collection add my collection
Comment lines
Type the # character as the first non-space character in a line to indicate a comment line.
EXAMPLE
# This is a comment.
Getting help
Command help [command] Description This command displays a list of help information for all commands. If you specify a command, this command displays detailed help for that command.
Chapter 5
113
Encrypting passwords
Encrypting passwords
Several commands take encrypted passwords as command arguments. You use the following command to encrypt a plain text password.
Command util encrypt string_to_encrypt Description This command displays the value in string_to_encrypt as an encrypted string. You can use this command to encrypt a password to use in a CLI batch file.
Using aliases
You can create aliases for commands to map commands to names of your choosing. Aliases have the following properties:
s
You can create an alias for any command, including command arguments. The alias must be the first item on the line where it is used. You can use only one alias per line. Aliases are case-sensitive. Aliases are valid for only the current session or script. Once you exit the Distribution Server Command Line Interface, all aliases are lost.
Description This command adds the alias for the specified command. This command removes the specified alias. This command lists the existing aliases.
Command alias add alias_name command alias remove alias_name alias list
114
Description This command connects to the specified Distribution Server with the specified username and password. If you omit the password when running interactively, you will be prompted for it.
econnect server_name encrypted_username This command connects to the specified Distribution Server with encrypted_password the encrypted username and encrypted password. See Encrypting passwords on page 114 for information about how to encrypt a password. disconnect This command disconnects from the current Distribution Server.
Chapter 5
115
Description This command sets the location of the product directories for import. You must execute this command prior to importing components. The -user flag with the user name and encrypted password are required when the Distribution Server is run as a service on a Windows computer. See Encrypting passwords on page 114 for information about how to encrypt a password.
This command sets the destination directory for export. You must execute this command prior to exporting components. This command lists all selectable components on the image. This command lists all selectable components in the repository.
s
If the -invalid flag is set, only invalid components are listed. If the -inactive flag is set, only inactive components are listed.
This command imports the ppf and all dependencies from the source directory. Use the -nowait flag to execute the command asynchronously. This command exports the ppf and all dependencies to the destination directory. The ppf_revision is the revision number. In rare cases, a component has a revision because at least one other component has the same name and version. For more about revisions, see the Distribution Manager Help. Use the -nowait flag to execute the command asynchronously. This command removes the component and all dependencies. The ppf_revision is the revision number. In rare cases, a component has a revision because at least one other component has the same name and version. For more about revisions, see the Distribution Manager Help. Use the -nowait flag to execute the command asynchronously. This command makes a component inactive, which means you cannot add it to a collection. Also the component list command does not display inactive components by default. You can undo this command with the component reactivate command. For more information about inactive components, see the Distribution Manager Help. This command turns an inactive component into an active component. Reactivate an inactive component when you need to add it to a collection.
116
Managing collections
Managing collections
Command collection add collection_name [-des description] collection modify collection_name [-ren collection_name] [-des description] collection remove collection_name collection list collection addcomp collection_name ppf_name:ppf_version[:ppf_revision] [] Description This command adds a new collection and optionally defines its description. This command modifies the name of the specified collection, its description, or both. This command removes the specified collection. This command lists all collections. This command adds one or more components to an existing collection. The ppf_revision is the revision number. In rare cases, a component has a revision because at least one other component has the same name and version. For more about revisions, see the Distribution Manager Help. This command removes one or more components from an existing collection. The ppf_revision is the revision number. In rare cases, a component has a revision because at least one other component has the same name and version. For more about revisions, see the Distribution Manager Help. This command displays the collection name, description, the selectable components in the collection, and configurations. This command updates any hidden components in a collection that may have previously been missing from the repository, but which are now available This command copies the specified collection to a new collection. You can optionally copy all configurations to the new collection and set the description for the new collection.
Managing configurations
Command configuration add configuration_name collection_name [-des description] configuration modify configuration_name collection_name [-ren configuration_name] [-des description] Description This command adds a new configuration for the specified collection, and optionally sets its description. All answers to the questions of this collection are set to the default value. This command modifies the name of the specified configuration, its description, or both.
Chapter 5
117
Managing configurations
Command configuration remove configuration_name collection_name configuration list collection_name configuration info configuration_name collection_name configuration interview configuration_name collection_name [-ques question_name value] [] [-uninstall]
Description This command removes the specified configuration. This command lists all configurations for the specified collection. This command displays the configuration name, collection name, description and all configuration variables and answers. This command performs the interview for a configuration. You will be prompted for values for each question in the configuration. When the CLI displays the configuration questions, it does not remove the HTML tags that are used to present the question in the Distribution Server GUI. Disregard the HTML tags. If you use the -ques flag, this command sets the answer to the specified questions. Use the configuration info command to find the names of the questions you want to answer with the -quest flag. Use the -uninstall flag to answer questions associated with uninstalling the components.
This command copies the specified configuration to a new configuration and optionally sets its description. The new configuration will belong to the same collection as the original configuration, unless a different collection is specified.
118
Managing systems
Command configuration setdestdir destination_directory configuration export configuration_name collection_name os [] [-expin] [-idir installation_directory] [-nowait] [-role [managed],[console], [common],[role_string]]
Description This command sets the existing destination directory for export. This command exports the specified configuration to the destination directory. For a list of operating systems known to the Distribution Server, see Managing operating systems on page 126. If expin (exportinstaller) is set, the installation engine is also exported. Use the -idir flag to set the installation directory in the exported control file. Use the -nowait flag to execute the command asynchronously. Use the -role flag to export packages meant for specified roles.
Managing systems
Command system add system_name [] [-prof profile_name] [-cacct connection_account] [-pacct privileged_account] [-group group_name] Description This command adds one or more systems, defining the following:
s s s
the profile for the systems the accounts for the systems the group the system(s) will be member of (optional)
The system_name can be the DNS name or an IP address. system import path_and_file_name [-prof profile_name] [-cacct connection_account] [-pacct privileged_account] [-group group_name] This command imports one or more systems from a file, defining the following:
s s s
the profile for the systems the accounts for the systems the group the systems will be members of (optional)
The system_name can be the DNS name or an IP address. system remove system_name [] system list [-group group_name] This command removes one or more systems. This command lists all known systems. Use the -group flag to list only systems in the given group.
Chapter 5
119
Managing systems
Command system info system_name [] system modify system_name [-ren system_name] [-grpadd group_name []] [-grprem group_name []] [-prof profile_name] [-cacct connection_account] [-pacct privileged_account] [-dns dns_name] [-wins wins_name] [-infrole role []] [-loc locale1 []] [-rboot { yes|no | inherit } ] [-trusted { yes | no } ] [-pushmode <yes | no>] [-siteid <site_id>]
Description This command displays the properties of the specified systems. This command modifies the properties of the system.
s s s s s s s s s s s s
The -ren flag renames the system label. The -grpadd flag adds the system to one or more groups. The -grprem flag removes the system from one or more groups. The -prof flag defines the profile the system uses. The -cacct flag defines the connection account the system uses. The -pacct flag defines the privileged account the system uses. The -dns flag sets the DNS name. The -wins flag sets the WINS name. The -infrole flag sets one or more infrastructures roles. The -loc flag sets one or more locales. The -trusted flag defines the system as trusted or not trusted. The -pushmode flag determines whether files are pushed from the DS server (yes) or pulled from DS client (no). This flag is applicable only for VMS/Alpha systems. The -siteid flag defines the site ID number for the VMS cluster. This flag is applicable only for VMS/Alpha systems.
system setattribute system_name [Country: value ] [City: value ] [Building: value ] [Floor: value ] [OfficeLocation: value ] [Category: value ] system proddisc system_name []
This command sets the value for one or more system attributes.
120
This command removes one or more system groups. This command lists the group name, description, profile, connection account, and the group members. This command lists all system groups. This command sets the destination directory for export. If the destination directory is not set, the current directory is used. Note, this is a directory on the local system, not necessarily on the Distribution Server. This command exports the group and member systems to the specified file in the destination directory. By default the file is overwritten. To append to the file, use the -f flag. This command imports the group and member systems from the specified file in the destination directory. Note, this is a directory on the local system, not necessarily on the Distribution Server. This command initiates product discovery for the systems in the specified system groups.
Chapter 5
121
Managing accounts
Managing accounts
Command account add account_name user_name password password_confirmation [-encrypted] Description This command adds a new account. If the account will not have a password, you can use as a null value in the password and the password_confirmation fields. For example, account add TestAcc user1 adds the account TestAcc with no password information. The -encrypted flag indicates that the password and the password confirmation are encrypted. See Encrypting passwords on page 114 for information about how to encrypt a password. This command modifies the properties of an account. account modify account_name [-ren account_name] [-user user_name password password_confirmation The -ren flag renames the account. [-encrypted]] If the account does not have a password, use as a null value in the password and the password_confirmation fields. The -encrypted flag indicates that the password and the password confirmation are encrypted. See Encrypting passwords on page 114 for information about how to encrypt a password. account remove account_name account list This command removes the specified account. This command lists all defined accounts, including their user names.
122
Managing profiles
Managing profiles
Command profile add profile_name inst_dir cache_dir [-dslist ds_server1 []] [-rboot {yes | no | inherit} ] [-autostart { yes | no } ] [-ctout MM] [-thres # # ] [-runct HH:MM] [-runch MM] [-cache cachedays_# # cachesize_# # ] [-cport # # ] [-aport # # ] [-httpto # # # ] Description This command adds a new profile.
s s s s s s
s s s s s s
The inst_dir and cache_dir are the installation (BMC root) directory and Distribution Client working directories. The -dslist flag specifies a list of valid distribution servers. The -rboot flag sets the system reboot flag. (Windows only) The -autostart flag specifies whether the Distribution Client restarts when the system reboots. (UNIX only) The -ctout flag sets the connection time-out. The -thres flag sets the maximum number of times the Distribution Client will attempt to retrieve a file from the Distribution Server. The -runct flag is used when the Distribution Client is run daily. It defines the start time for the Distribution Client. The -runch flag defines in minutes how often the Distribution Client will check for distributions. The -cache flag defines how long packages stay in the cache after an unsuccessful deployment and the cache size in MB. The -cport flag defines the port the Distribution Server uses to ping the Distribution Client. The -aport flag defines the port used by the PATROL Agent, if any, on the system. The -httpto flag defines the time in seconds that the Distribution Client will wait for a response from the Distribution Server.
The ds_hostprofile.mof file contains the default values for the optional fields.
Chapter 5
123
Command profile modify profile_name [-ren profile_name] [-idir inst_dir ] [-cdir cache_dir] [-dslist ds_server1 []] [-rboot { yes | no | inherit }] [-autostart { yes | no } ] [-ctout MM] [-thres # # ] [-runct HH:MM] [-runch MM] [-cache cachedays_# # cachesize_# # ] [-cport # # ] [-aport # # ] [-httpto # # # ] profile remove profile_name profile info profile_name profile list
The -ren flag renames the current profile. The -idir flag sets the installation directory (BMC root). the -cdir flag sets the cache directory.
For a description of the flags that are in both this command and in the profile add command, see the profile add command. Only the fields you specify are updated. The other fields retain their current value.
This command removes the specified profile. This command displays the properties of the profile. This command lists all profiles.
124
This command lists all distributions. This command displays the distribution name, description and all distribution items. This command validates a distribution. Any warnings/errors are displayed at the command line. See Distribution Manager Help for more information about validating distributions.
dset additem distribution_name This command adds one or more distribution items to group_name :collection_name: configuration_name [] the specified distribution. A distribution item ID is returned. dset removeitem distribution_name group_name :collection_name: configuration_name This command removes a distribution item from the specified distribution.
Chapter 5
125
126
Managing reports
Managing reports
Command report setdestdir destination_directory report deployactive distribution_name start_timestamp [-f file_name] [-csv] Description This command sets the destination directory for output to file. If not set, the current working directory is used. This command displays a report on the activity of the specified distribution, including
s s s s s
system name deployment state status message progress distribution and installation log file location
This report corresponds to the active tab of the Distribution Status report in Distribution Manager. The format for the start_timestamp variable is: yyyymmddhhmmss.xxxxxxsyyy where: s yyyy is year s mm is month s dd is day s hh is hour s mm is minute s ss is second s xxxxxx is microseconds (always 000000 within the Distribution Server) s s is either a + or - to indicate the direction of the local offset from GMT s yyy is local offset from GMT Use the -f flag to write the report to the specified file in the destination directory. If the file exists, it is overwritten. Use the -csv flag to format the report as a list of comma separated values.
Chapter 5
127
Managing reports
Command
Description
report deployhist distribution_name start_timestamp This command displays a report on the history of the [-f file_name] specified deployment, including [-csv] s system name s deployment start and end times s deployment state s total number of packages deployed s total package size s distribution and installation log file location This report corresponds to the history tab of the Distribution Status report in Distribution Manager. The format for the start_timestamp variable is: yyyymmddhhmmss.xxxxxxsyyy where: s yyyy is year s mm is month s dd is day s hh is hour s mm is minute s ss is second s xxxxxx is microseconds (always 000000 within the Distribution Server) s s is either a + or - to indicate the direction of the local offset from GMT s yyy is local offset from GMT Use the -f flag to write the report to the specified file in the destination directory. If the file exists, it is overwritten. Use the -csv flag to format the report as a list of comma separated values.
128
Managing reports
Description This command displays a report on the products deployed on the systems in the specified system group. The summary report includes
s s s s
Use the -f flag to write the report to the specified file in the destination directory. If the file exists, it is overwritten. Use the -csv flag to format the report as a list of comma separated values. report prodsdeployed ppf_name [] [-group group_name ] [ { detail | summary } ] [-f file_name] [-csv] This command displays a report on the specified products deployed for all systems (default) or a specified group. The summary report displays: s product description s package name s product version s number of installations The detailed report displays s product description s system name s product version s package name This report corresponds to the Product Distribution report in Distribution Manager. Use the -f flag to write the report to the specified file in the destination directory. If the file exists, it is overwritten. Use the -csv flag to format the report as a list of comma separated values.
Chapter 5
129
Managing reports
Description This command displays a report on the systems in a group that are either not discovered or not initialized. This report corresponds to the Unknown Systems report in Distribution Manager. If -init is set and discovery is successful, the system is initialized. Use the -f flag to write the report to the specified file in the destination directory. If the file exists, it is overwritten. Use the -csv flag to format the report as a list of comma separated values.
report proddisc { -system system_name [] | -sysgroup group_name [...] } [-f file_name] [-csv] [-reminvent ]
This command displays a report with the results of product discovery on the specified systems. This report corresponds to the Product Inventory report in Distribution Manager. Use the -f flag to write the report to the specified file in the destination directory. If the file exists, it is overwritten. Use the -csv flag to format the report as a list of comma separated values. Use the -reminvent flag to remove entries from the product inventory that are listed as missing on this report. Missing inventory items are products that are listed in the inventory, but not found during product discovery. These components were probably uninstalled locally.
This command displays a report on the initialization status of all hosts for the specified initialization ID. This report corresponds to the Client Activity report in Distribution Manager. Use the -f flag to write the report to the specified file in the destination directory. If the file exists, it is overwritten. Use the -csv flag to format the report as a list of comma separated values.
130
Managing preferences
Description This command displays a report on all systems waiting to be registered with the Distribution Server. This report corresponds to the System Registration report in Distribution Manager. The -register flag registers the systems with the Distribution Server. Use the -f flag to write the report to the specified file in the destination directory. If the file exists, it is overwritten. Use the -csv flag to format the report as a list of comma separated values.
This command displays a report on all systems that require a reboot after the installation process is complete. This report corresponds to the System Reboot report in Distribution Manager. The -rboot flag reboots the specified systems. Use the -f flag to write the report to the specified file in the destination directory. If the file exists, it is overwritten. Use the -csv flag to format the report as a list of comma separated values.
Managing preferences
Command privilege add usergroup privilege [] Description This command adds one or more privileges to the specified user group. For a list of privileges, use the help privilege command. privilege remove usergroup privilege [] This command removes one or more privileges from the specified user group. For a list of privileges, use the help privilege command.
Chapter 5
131
Command privilege list [usergroup] ds setglobal [-rboot { yes | no } ] [-depnc # # ] [-llog { yes | no } ] [-uplog { yes | no } ] [-remlogs dd] [-areg { yes | no } ] [-trace { yes | no } ] [-reminvent { yes | no } ] [-protocols protocol_1,protocol_2protocol_n] [-cleanuptime hh:mm]
Description This command lists the privileges assigned to the specified usergroup or to all usergroups if no group is specified. This command sets global Distribution Server options.
s
The -rboot flag sets the global system reboot flag. (Windows only) The default is no. The -depnc flag sets the number of Distribution Clients the Distribution Server deploys to in parallel during a deployment session. The -llog flag defines whether a localized log file will be generated in addition to the English log file. The -uplog flag defines if the log files get uploaded from the Distribution Client to the Distribution Server if the installation was successful. The -remlogs flag removes log files after the specified number of days. The -areg flag controls whether incoming Distribution Client registration requests are automatically approved. The -trace flag defines if the Distribution Server will operate in trace mode. The -reminvent flag determines whether the Distribution Server automatically removes entries from the product inventory that are listed in the inventory, but not found during product discovery. These components were probably uninstalled locally. The -protocols flag sets the methods for installing the Distribution Client. The options for protocol are windows, sftp, ftp, and agent. You can use as few as one or as many as all protocols. This flag is the same as set install method in the Distribution Manager. See About installation methods for distributing the Distribution Client on page 166. The -cleanuptime flag sets the time of day that you want the Distribution Server cleanup task to begin.
132
Example scripts
Description This command allows you to upload an override file for a component conflict. A component conflict prevents you from putting two or more components in the same collection.
Example scripts
This section contains example scripts for the Distribution Server Command Line Interface.
################################################################## # Subject : Distribution Server # Description: This file performs a system PI of clients # assigned to DS # # MyServer : the DS server being used # MySolaris : a Solaris client machine # MyWindows : a Windows client machine # MyLinux : a Linux client machine ################################################################## ################################################################## # Connect to DS server ################################################################## connect MyServer MyServerAcct MyServerPasswd ################################################################## # Create Connection accounts ################################################################## account add "MySolaris connection account" SolarisAcct SolarisPasswd SolarisPasswd account add "MyWindows connection account" WinAcct WinPasswd WinPasswd account add "MyLinux connection account" LinuxAcct LinuxPasswd LinuxPasswd ################################################################## # Create Privilege accounts Chapter 5 Using the Distribution Server Command Line Interface 133
################################################################## account add "MySolaris priv account" root SolarisRootPasswd SolarisRootPasswd account add "MyWindows priv account" WinAcctWithAdminPrivs AcctPasswd AcctPasswd account add "MyLinux priv account" root LinuxRootPasswd LinuxRootPasswd ################################################################## # Create profiles ################################################################## profile add "MySolaris profile" /apps2/home/patroli/DSClient /apps2/home/patroli/DSClient/cache -cport 50005 profile add "MyWindows profile" C:\DSClient C:\DSClient\cache -cport 50005 profile add "MyLinux profile" /usr/patroli/DSClient /usr/patroli/DSClient/cache -cport 50005 ################################################################## # Add systems ################################################################## system add MySolaris.bmc.com -cacct "MySolaris connection account" -pacct "MySolaris priv account" -prof "MySolaris profile" system add MyWindows.bmc.com -cacct "MyWindows connection account" -pacct "MyWindows priv account" -prof "MyWindows profile" system add MyLinux.bmc.com -cacct "MyLinux connection account" -pacct "MyLinux priv account" -prof "MyLinux profile" ########################################## # Start PI ########################################## initialize start "System Initialization" -system MySolaris.bmc.com initialize start "System Initialization" -system MyWindows.bmc.com initialize start "System Initialization" -system MyLinux.bmc.com ########################################## # Add systems to system groups ########################################## sysgroup add Windows sysgroup add UNIX sysgroup modify Windows -sysadd MyWindows.bmc.com sysgroup modify UNIX -sysadd MySolaris.bmc.com sysgroup modify UNIX -sysadd MyLinux.bmc.com disconnect exit
134
################################################################## # Subject : Distribution Server Testing Environment Setup # Description: This file imports and distributes the PATROL agent # # Windows system group: Windows # Windows collection: coll_nt_agent # Windows configuration: Windows_agent_inst # UNIX system group: UNIX # UNIX collection: coll_unix_agent # UNIX configuration: Unix_agent_inst ################################################################## ################################################################## # Connect to DS server ################################################################## connect MyServer MyServerAcct MyServerPasswd ########################################## # Create a distribution set ########################################## dset add Deploy_Agent_Set ################################################# # Add a distribution item to distribution set ################################################# dset additem Deploy_Agent_Set "Windows:coll_nt_agent:Windows_agent_inst" dset additem Deploy_Agent_Set "Unix:coll_unix_agent:Unix_agent_inst" ################################################# # Schedule deployment ################################################# deployment add Deploy_Agent_Set 0000-00-00 00:00 ########################################## # Disconnect ########################################## disconnect exit
Chapter 5
135
################################################################## # Subject : Distribution Server Testing Environment Setup # Description: This file uninstalls the PATROL Agent ################################################################## ########################## # Connect to DS server ########################## connect MyServer MyServerAcct MyServerPasswd ################################################### # Schedule the distribution set in uninstall mode ################################################### deployment add Deploy_Agent_Set 0000-00-00 00:00-mode uninstall ############## # Disconnect ############## disconnect exit
136
Chapter
6
138 138 138 139 139 139 139 139 140 140 142 142 143 143 144 145
Using pkgcreate
This chapter explains the pkgcreate program by showing the uses of this program, the package creation process, and the pkgcreate command arguments. The following topics are discussed: Packaging custom components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . pkgcreate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Custom import feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATROL Package Format (PPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Support for pkgcreate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running pkgcreate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Where to run pkgcreate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running pkgcreate on UNIX systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running pkgcreate on Windows systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Argument descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Source directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Destination directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Minimum required arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying destination directory and operating system . . . . . . . . . . . . . . . . . . . . Importing the package into the Distribution Server . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 6
Using pkgcreate
137
pkgcreate
pkgcreate is a command line interface program for advanced users, and it provides
many options that affect how the Distribution Server handles a custom component. After using pkgcreate, import your package into the Component Repository of the Distribution Server with the standard import feature in the Distribution Manager or Distribution Server Command Line Interface. This chapter describes how to use pkgcreate.
NOTE
You might also find the PPFExtract and PPFCompress utilities helpful in packaging custom components. See the PATROL Command Line Interfaces Reference Manual.
138
Running pkgcreate
This section describes how to run pkgcreate.
To run pkgcreate on a UNIX system 1 Change to the $BMC_ROOT/common/bmc/ directory. 2 Enter one of the following commands to set the environment variables:
s
Chapter 6
Using pkgcreate
139
3 Enter the following command at the operating system command prompt, followed
by the command arguments:
pkgcreate
For more information about command arguments, see Argument descriptions on page 140.
pkgcreate creates the .ppf file and the compressed files in the destination directory.
For more information about the files and directories that are created, see Destination directory on page 142.
To run pkgcreate on a Windows system 1 Open a command window. 2 Enter the following command at the operating system command prompt, followed
by the command arguments:
pkgcreate
For more information about command arguments, see Argument descriptions on page 140.
pkgcreate creates the .ppf file and the compressed files in the destination directory.
For more information about the files that are created, see Destination directory on page 142.
Argument descriptions
In this section, each argument is described in detail, including its syntax and options. The typographic conventions used in this section are described in Typographical conventions on page 112.
140
Argument descriptions
Table 1 presents a description for each argument for the pkgcreate command. Table 1
Argument -p productname -fs source_path
[-fd destination_path]
[-z version] [-b book] [-d description] [-o oslist] [-r releasever] [-s pkgsize] [-c pkgcsize] [-id infrastruct_designator]
[-force_new]
[-h] [-v]
Chapter 6
Using pkgcreate
141
Source directory
Source directory
The source directory contains the files you want to package using pkgcreate. You specify the source directory by using the -fs argument. You must specify an absolute path to the source directory. pkgcreate will not recognize a relative path. pkgcreate gathers the custom files from the source directory and preserves the existing subdirectories. When the Distribution Server deploys the package, the files are placed in the installation directory in the same subdirectory structure. For example, if the test.km file is located in the $Source_Directory/lib/knowledge directory when pkgcreate is run, and Patrol3 is selected as the installation directory when the package is distributed by Distribution Server, then the Distribution Server places the test.km file in the $BMC_ROOT/Patrol3/lib/knowledge directory.
Destination directory
When pkgcreate creates a package, it places all the package files in the destination directory. It uses two subdirectories of the destination directory, the Index directory and the Product directory. If these two directories do not exist, pkgcreate creates them. pkgcreate then creates a subdirectory in the Product directory with the productname you specified with the -p argument.
pkgcreate compresses the files from the source directory, places them in the productname directory, and adds the filenames to the Files section of the .ppf file. pkgcreate places a copy of the .ppf file in the Index subdirectory and places the .ppf file, the .xml file, the .cat file, and all the .gz files in the productname subdirectory.
As a default, pkgcreate uses the current directory as the destination directory. However, you can specify a different directory as the destination directory by using the -fd argument. If you do use the -fd argument you must specify the absolute path to the directory. pkgcreate will not recognize a relative path. If the destination directory is the same as the source directory, or if it is a subdirectory of the source directory, pkgcreate needs a temporary directory to work in. You must specify the temporary directory with the -wd argument.
142
Examples
Examples
Minimum required arguments
This example shows the most basic pkgcreate command and parameters. Only the two required parameters, -p and -fs, are specified. All the other ppf file parameters are assigned by default.
Command:
pkgcreate -p mytest -fs C:\temp\mytestfiles
Results
If the Index and Products directories do not already exist in your current directory, pkgcreate creates them. Then pkgcreate creates the mytest directory as a subdirectory of the Products directory. pkgcreate places a copy of the newtest.ppf file in both the Index and the Products/mytest directories. pkgcreate places several .gz files in the Products/mytest directory along with the newtest.cat and newtest.xml files.
PPF file
# # mytest.ppf - automatically generated by PPFCOMPRESS on Mon May 19 14:31:51 2003 # [HEADER] PRODUCT=mytest VERSION=1.1.00 PKGNAME= BOOK=Patrol Knowledge Modules DS_QTEMPL=mytest.xml DESC=mytest Custom Package OSLIST=all RELEASEVER=3.5,7.2 PKG_SIZE=0 PKG_CSIZE=0 INFRASTRUCT_DESIGNATOR= INFRASTRUCT_ROLE= PRODUCT_FAMILY=PATROL [END HEADER] [FILES] ./archives/mytest.ppf;Y;;;644;all ./file_one;Y;;;644;all ./file_two;Y;;;644;all ./file_three;Y;;;644;all
Chapter 6
Using pkgcreate
143
Command:
pkgcreate -p testd -fs /export/jl/source/ -fd /export/jl/target -o solaris28
Results
If the Index and Products directories do not already exist in the /export/jl/target directory, pkgcreate creates them. Then pkgcreate creates the testd directory as a subdirectory of the Products directory. pkgcreate places a copy of the testd.ppf file in both the Index and the Products/testd directories. pkgcreate places several .gz files in the Products/testd directory along with the testd.cat and testd.xml files. The ppf file contains a line that tells the Distribution Server to only deploy the testd package to Solaris 2.8 computers.
PPF file
# # testd.ppf - automatically generated by PPFCOMPRESS on Mon May 14:45:56 2003 # [HEADER] PRODUCT=testd VERSION=1.1.00 PKGNAME= BOOK=Patrol Knowledge Modules DS_QTEMPL=testd.xml DESC=testd Custom Package OSLIST=solaris28 RELEASEVER=3.5,7.2 PKG_SIZE=0 PKG_CSIZE=0 INFRASTRUCT_DESIGNATOR= INFRASTRUCT_ROLE= PRODUCT_FAMILY=PATROL [END HEADER] [FILES] ./fix.main;Y;;;644;all ./fix.msg;Y;;;644;all ./fix.sh;Y;;;644;all ./archives/testd.ppf;Y;;;644;all 19
144
Chapter 6
Using pkgcreate
145
146
Appendix
Appendix A
147
Installation problems
Installation problems
This section contains troubleshooting information for the following installation problems.
Problem Type The progress indicator remains at 99% The Distribution Client is not imported Page page 148 page 148
Solution:
Solution:
Uninstallation problems
This section contains troubleshooting information for the following installation problem.
Solution:
148
Solution:
NOTE
If your environment does not permit the ping command, use the nslookup command instead.
Problem: Solution:
A firewall blocks communication between client and server. See Firewall configuration information on page 82 for information about opening the firewall.
Appendix A
149
Problem: Solution:
The Distribution Client uses the wrong URL to contact the Distribution Server. To fix this issue, you have to correct the URL that the Distribution Client uses to contact the Distribution Server and correct the URL that the server sends to the clients. On the Distribution Client system, correct the URL in the BMC_DS_TSERVER_URL parameter of the dsclient.ini file. You can use the procedure in To switch a Distribution Client to a new Distribution Server: local configuration on page 70. On the Distribution Server, use a text editor to correct the URL in the bmc_ds_webserver_url parameter of the ds_config.mof file ($BMC_ROOT\patrol7\lib\mof directory). Restart the Distribution Server after you change this value.
Problem:
A Distribution Client cannot resolve the system name of the Distribution Server from an IP address, or the server cannot resolve the system name of the client. Use a text editor to view the host file on both the Distribution Client and Distribution Server. If needed, correct the value of the IP address or host name for the client or server systems. You can also use the nslookup command to troubleshoot this problem.
Solution:
Problem:
The Distribution Server uses the wrong system name or IP address for the Distribution Client system. In the Distribution Manager, verify that the DNS Name field has the correct system name or IP address for the Distribution Client system. You can find DNS Name on the Properties tab of the Systems page.
Solution:
150
3. Re-add the system to the Distribution Server. 4. Install the Distribution Client again.
Problem:
The installation and working directories in the profile for the system are not valid. For example, on Windows, the specified drives might not exist. Perform the following steps: 1. Ensure that the directories in the profile are valid for that system. The directories do not have to exist. 2. Remove the system from the Distribution Server. 3. Re-add the system to the Distribution Server. 4. Install the Distribution Client again.
Solution:
Problem: Solution:
The Distribution Client is not running. Start the client. See Starting and stopping the Distribution Client on page 66.
Problem:
The installation utility did not copy the files of the Distribution Client to the target system. To verify whether these files were properly installed, see Installation files for the Distribution Client on page 160. If any files are missing, re-install the Distribution Client.
Solution:
Appendix A
151
SFTP and SSH FTP and Telnet PATROL Agent 3.5.30 or later
For more information about installation methods, see Appendix B, Requirements for distributing the Distribution Client from the Distribution Server.
Problem:
A deployment of the Distribution Client failed between a Distribution Server and target system that are both on Windows platforms. Before trying the deployment again, map a network drive (i.e. C$) from the Distribution Server system to the target system. Use a privileged account to map this network drive. Ensure that the Administrative share (i.e. C$, D$, etc.) is enabled on the target system.
Solution:
Problem: Solution:
A deployment of the Distribution Client failed for unknown reasons. Research the failure by reading the log files on the Distribution Server that relate to deploying clients. These log files exist in the following directories:
s s
In these directories, look for file names that display the host name of the target system. Also read the pitool.log file because it contains information about the status of client deployments.
152
Solution:
NOTE
To remove or add a system to the Distribution Manager, see the Distribution Manager Help.
Problem:
The Distribution Client is locked out because someone changed the password for a required account in the operating system, but did not also change the password in the Distribution Client. If the connection or privileged account is the problem, change the password in the Distribution Manager by using the Account list on the Systems tab. For more information, see the Distribution Manager Help. If the Distribution Client account is the problem, see Updating the Distribution Client account on page 78. If the Distribution Client Default or Registration account is the problem, see Updating the Distribution Client default and registration accounts on page 76.
Solution:
Appendix A
153
4. Restart the Distribution Client. 5. In the Distribution Manager, run the System Registration report, and register the Distribution Client system if it appears on this report.
Problem: Solution:
The Distribution Manager cannot automatically register the Distribution Client. In the Distribution Manager, change the Global Options to allow automatic registration. Or run the System Registration report in the Distribution Manager and manually register the Distribution Client. For more information, see the Distribution Manager help.
Problem:
The Distribution Client failed to register because the Distribution Server, RTserver, or web server was not running. Ensure that the Distribution Server, RTserver, and web server are running; and then restart the Distribution Client, as described in Starting and stopping the Distribution Client on page 66.
Solution:
NOTE
You have to manually register if auto-registration is disabled in the Distribution Manager.
154
Solution:
protocol (http vs. https) Web server name port number for the web server (if not 80 or 443) case (if the web server is on a UNIX system)
Problem: Solution:
Problem: Solution:
The Distribution Server might not be using the correct RTserver. Ensure that the the Distribution Server is using the correct RTserver. For more information, see Changing the RTserver on page 71.
Solution:
Problem:
The account is a domain account, but you did not preface the account with the domain name. Preface the account name with the domain name.
Solution:
Problem:
The account is a domain account, but the Distribution Server is not configured to accept domain accounts. Ask your system administrator to change the Distribution Server account to a domain account. For more information, see Updating the Distribution Server account on page 75.
Solution:
156
Solution:
Solution:
Solution:
Appendix A
157
Distribution fails on RedHat and SUSE platforms if the CORRECT environment variable is set to cmd
NOTE
All root operations may fail during installation because of the permissions controlled by the NFS server on the same exported filesystem.
Distribution fails on RedHat and SUSE platforms if the CORRECT environment variable is set to cmd
Problem: On SUSE platforms, by default, the CORRECT environment variable is cmd. When the CORRECT environment variable in /etc/csh.cshr is set to cmd, the shell tries to correct what it perceives as command line typing errors. This causes the shell command line to attempt to correct the telnet commands for the client installation, causing the protocol to fail. If the connection account for a client computer has the tcsh shell as the default shell and if the telnet protocol of the client installation is to be used to install the client on that computer, then you should ensure that the environment variable CORRECT is not set.
Solution:
NOTE
For RedHat platforms, the CORRECT environment variable is not set by default. This problem only occurs on RedHat if the default value of CORRECT is changed to cmd.
158
Cause:
The web browser does not have a certificate installed, or the web browser does not support the level of encryption used by the web server. Install the web browser certificate and verify that the web browser supports the level of encryption required by the webweb server. For example, if the web server uses 128 bit encryption, the browser must also use 128 bit encryption.
Solution:
Problem:
Distribution Server does not recognize the PATROL Agent on a system to which you want to install the Distribution Client. Verify that these aspects of PATROL Security are true:
s s s
Solution:
Port number is correct. PATROL Agent and Distribution Server use the same security level. All trial keys and certificates from BMC Software are current.
NOTE
Ignore the preceding bullet if you use your own certificates. See PATROL Security Components Technical Bulletin (May 21, 2003).
Appendix A
159
$BMC_ROOT/dsclient/config (UNIX)
%BMC_ROOT%\dsclient\config (Windows)
Client Installation Files on UNIX ds_listener dsclient dshostid.conf dsclient.ini ds_listener.log dsclient.log dsclient_startup.log
Client Installation Files on Windows ds_listener.exe ds_client.exe dshostid.conf dsclient.ini ds_listener.log dsclient.log dsclient_startup.log
Installation logs
One log file is created each time the installation utility is run. The name of the log file is a combination of the computer name and a time stamp. The location of the file depends on the operating system.
s
On Windows, the log file is saved to the Document and Settings\username\Application Data\BMCinstall\ directory. On UNIX, the log file is saved to the home_directory/BMCINSTALL/ directory.
Type of log files This directory contains the Distribution Server log files. This directory contains the log files on the component delete action.
160
Type of log files This directory contains the Distribution Server component export log files. This directory contains the Distribution Server component import log files. This directory contains the configuration export log files. This directory contains the Distribution Server distribution log files. This directory contains Distribution Manager debug log files. The logs in this folder describe the installation of the Distribution Client, and the status of deployments to that client.
Appendix A
161
This utility can be run periodically as a job in the root crontab. If you chose to automatically add the job to the root crontab in the installation, the following line is added, which runs the utility every hour on the half-hour.
30 * * * * /etc/patrol.d/apache/bmctrimlog
If you chose to not add the job to the root crontab, you can add the job manually and adjust the job schedule. For more information about cron and crontab, see the man pages for them for your system. To fine-tune the log file management, edit the bmctrimlog.conf file. For example, you can set different maximum sizes for each log file. See the comments in the configuration file for more information.
NOTE
When the Distribution Client creates a new log file, it does not overwrite the existing files. Instead it renames the existing files assigning an increasing number to each file. The more recent files have lower numbers than older files. The most recent file does not have a number. For example, dsclient.log is the most recent client log file and dsclient1.log is the next most recent.
162
Appendix
Requirements for distributing the Distribution Client from the Distribution Server
B
This appendix contains information for distributing the Distribution Client from the Distribution Server. This appendix discusses the following topics: About distributing the Distribution Client from the Distribution Server . . . . . . . . . Discovering the platform of the target system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Copying and executing the installation package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Registering the Distribution Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About installation methods for distributing the Distribution Client . . . . . . . . . . . . . Setting and prioritizing installation methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using a PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reading the registry (Windows only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using a mapped drive and task scheduler service (Windows only) . . . . . . . . . . Using SFTP and SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using FTP and Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About simultaneous distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 164 165 165 166 166 166 167 168 169 171 174 175
Appendix B
Requirements for distributing the Distribution Client from the Distribution Server
163
NOTE
The Distribution Manager determines which installation methods are tried in which order. For more information about installation methods, see the Distribution Manager Help System.
Once the Distribution Server identifies the platform of the target system, the it verifies that the platform is supported and selects the appropriate installation package from the component repository to install the Distribution Client on that system. If all methods of discovering the platform fail or if the platform is not supported, the Distribution Server cannot install the Distribution Client on the target system.
164 Distribution Server Getting Started
Appendix B
Requirements for distributing the Distribution Client from the Distribution Server
165
A PATROL Agent v3.5.30 or later, depending on the security level, must be running on the target system.
166
The PATROL security level of the target system and the Distribution Server must be compatible. The PATROL Agent account must have rights to create or access to the working directory and installation directory and copy files to those directories.
When using this method, the Distribution Server does the following: 1. The Distribution Server attempts to discover to a PATROL Agent on the system using the port in the profile for the system. 2. If a PATROL Agent is discovered, the Distribution Server uses the connection account for the system to connect to the PATROL Agent. 3. The Distribution Server uses the PATROL Agent to transfer the discovery script or installation package to the working directory specified in the profile for the system. If the working directory does not exist, the Distribution Server has the PATROL Agent create it. 4. The Distribution Server creates a new OS task on the PATROL Agent to execute the discovery script or installation package.
The Distribution Server must be a Windows system. If the target system is a Windows system, the Remote Registry service on the system must be running.
Appendix B
Requirements for distributing the Distribution Client from the Distribution Server
167
The Distribution Server uses the privileged account to connect to the system and access the remote registry service. If the Distribution Server discovers the platform information using the remote registry, it uses a mapped drive and the Task Scheduler service to copy and execute the installation package.
Both the Distribution Server and the target system are Windows systems. The administrative drives (for example, C$, D$) must be shared on the target system. The Task Scheduler service must be available on the target system. If the Task Scheduler service on the system is not started, the Distribution Server will start it. If the Distribution Server is running on a Windows 2003 system, the Distribution Server account and Distribution Client account must have the same name. In addition, the client account must be a member of the Administrators group and have the following user rights:
s s s s s
Act as part of the OS Increase quotas Log on as a batch job Log on as a service Replace a process level token
When using this method, the Distribution Server does the following: 1. The Distribution Server identifies the drive for the working directory in the profile for the system. 2. The Distribution Server maps the drive for the working directory on the target system as a network drive, using the privileged account for the system. 3. If the working directory does not exist, the Distribution Server creates it.
168
4. The Distribution Server copies the discovery script or installation package to the working directory. 5. The Distribution Server uses the Task Scheduler service to execute the discovery script or installation package.
The SFTP and SSH servers must be running on the target system. (The SFTP and SSH servers might be the same.) The SFTP server must support the commands listed under SFTP commands used on page 170. The corresponding SFTP and SSH clients must be on the Distribution Server and in the system path. The SFTP and SSH setup must be configured and verified. All SFTP and SSH client systems must be added to the list of known hosts on the Distribution Server system.
When using this method, the Distribution Server does the following: 1. The Distribution Server runs its SFTP client and connects to the SFTP server on the target system using the connection account for the system. 2. The Distribution Server uses SFTP to copy the discovery script or installation package to the working directory specified in the profile for the system. If the working directory does not exist, the Distribution Server creates it. 3. The Distribution Server runs its SSH client and connects to the SSH server on the target system using the connection account for the system. 4. The Distribution Server uses the SSH client to execute the discovery script or installation package.
Appendix B
Requirements for distributing the Distribution Client from the Distribution Server
169
170
A suitable FTP server and telnet service must be running on the target system. The FTP server must support the commands listed under FTP commands used on page 172. The corresponding FTP and telnet clients must be on the Distribution Server and in the system path.
When using this method, the Distribution Server does the following: 1. The Distribution Server runs its FTP client and connects to the FTP server on the target system using the connection account for the system. 2. The Distribution Server uses FTP to copy the discovery script or installation package to the working directory specified in the profile for the system. If the working directory does not exist, the Distribution Server creates it. 3. The Distribution Server runs its telnet client and connects to the telnet server on the target system using the connection account for the system. 4. The Distribution Server uses telnet to execute the discovery script or installation package.
Appendix B
Requirements for distributing the Distribution Client from the Distribution Server
171
ascii binary cd delete lcd mdelete mkdir mput prompt put user
The ftp service must be able to connect to any directory, like UNIX, or at least allow reading and writing to the directory that you want to install to. The telnet service must allow connections from a UNIX system. The default telnet service for Windows allows connections from only other Windows systems. If the telnet server uses NTLM authentication, such as the telnet service that comes with Windows 2000, you must disable NTLM authentication for telnet service. The Distribution Server requires standard username and password prompting for authentication. The ftp service must not be configured for restricted access (restricted shell) for the connection account. For example, the WU-ftp defaults to all users running in a restricted shell. The connection account must be able to access or create the working directory for the system using ftp.
172
cygwin (Windows only) IIS FTP (Windows only) WU ftpd (UNIX) Solaris FTP Server (SUNWftpr) cygwin (Windows only) Microsoft telnet service (Windows only) Hummingbird Exceed telnet server (Windows only)
Telnet
s s s
NOTE
When you create a virtual directory, you must also create the corresponding actual directory in the file system.
Example 1: Working directory and installation directory share a common base path
Suppose the working directory and installation directory are as follows:
Directory Installation Directory Working Directory Path C:\Program Files\BMC Software C:\Program Files\BMC Software\DSClient\DScache
Appendix B
Requirements for distributing the Distribution Client from the Distribution Server
173
Because the working directory and installation directory have a common base path, you can create a single virtual directory. The virtual directory can be any of the following:
Virtual Directory Program Files BMC Software Actual Directory C:\Program Files C:\Program Files\BMC Software
Example 2: Working directory and installation directory do not share a common base path
Suppose the working directory and installation directory are as follows:
Directory Installation Directory Working Directory Path C:\Program Files\BMC Software C:\temp\DScache
Because the working directory and installation directory do not share a common base path, you must create two separate virtual directories: one for the working directory, and another for the installation directory. The virtual directory for the working directory can be any of the following:
Virtual Directory temp DScache Actual Directory C:\temp C:\temp\DScache
The virtual directory for the installation directory can be any of the following:
Virtual Directory Program Files BMC Software Actual Directory C:\Program Files C:\Program Files\BMC Software
174
About timeouts
For example, if you distribute the Distribution Client to a system group with more than 10 members, the Distribution Server will distribute the Distribution Client to only 10 systems at a time. If you distribute the Distribution Client to multiple system groups at the same time, the limit applies to each system group. For example, if you distribute the Distribution Client to 3 system groups at the same time, the Distribution Server will effectively distribute the Distribution Client to 30 systems at a time. Keep in mind that maximum number of Distribution Clients that the Distribution Server can distribute at a time is also limited by the memory, CPU, and other resources of the Distribution Server.
About timeouts
When distributing the Distribution Client, the Distribution Server must wait for several operations to complete as part of the process. How long the Distribution Server waits before determining that the operation failed due to a time out is listed in the following table.
Operation Waiting for data to stop arriving from a target system (based on when data starts arriving) Time-out 5 seconds
Waiting for an event to occur, such as waiting for data to arrive from a target 60 seconds system after executing an interactive command Waiting for the completion of a file transfer to a target system Waiting for a discovery or installation script to complete execution on a target system 15 minutes 15 minutes
If you determine that you need to adjust these time-out values, please contact customer support.
Appendix B
Requirements for distributing the Distribution Client from the Distribution Server
175
About timeouts
176
Appendix
Appendix C
177
The default certificates for web versus non-web communications are signed by different certificate signing authorities. For more information, see Certificate signing authorities for the provided certificates on page 182. For non-web communications, both components must have the same security level. However, for web communications, security levels are mapped. For more information, see About security level mapping for web communications on page 181.
Web browser
RTserver
Distribution Server
Web server
Web communications
Non-Web communications
Distribution Client
178
PATROL Agent
used only to distribute the Distribution Client
OS Services
used only to distribute the Distribution Client
DMZ DMZ
http / https http / https ping TCP/ UDP/ SSL various
Web server (IIS or Apache) pslsp plug-in for Web server Distribution Server
TCP/ SSL
Appendix C
179
Distribution Server Command site.plc Line Interface (and Distribution dsadmin.plc Server when distributing the Distribution Client to a system with a PATROL Agent) Distribution Client site.plc dsclient.plc
site dsclient
In general, components use the security level specified in the site policy. However, the Distribution Client uses the security level in the dsclient policy instead. This allows you to use one security level for distribution, and another security level for other operations. For example, you might want to use a higher security level for distribution than for PATROL Agents, PATROL Console Servers, and PATROL consoles.
180
Web Communications Protocol http https with server authentication https with mutual authentication
Other combinations of security levels are not supported. For example, the Distribution Client cannot operate at security level 1 or 3.
The Distribution Server and its components are delivered with keys and certificates provided by BMC Software. These keys and certificates are supplied only to demonstrate a turnkey security configuration, for purposes such as demos and trial installations. Before using this product, replace the provided keys and certificates with your own unique entities.
s
All components, except for the web server and the web browser, use the certificates specified in their policies. For more information, see Security policies for the Distribution Server and related components on page 180.
Appendix C
181
The certificate provided by BMC Software for the Apache web server is stored in the location specified in the httpd.conf file. For more information, see the SSL documentation included with the Apache documentation at http://hostname:port/manual/mod/mod_ssl, where hostname is the name of the server and port is its http port. For IIS, you must manually install the certificate. For more information, see Adding the provided trusted root certificate authority to IIS on page 184 and Adding the provided web server certificate to IIS on page 185. For the web browser, you must manually install the certificate. For more information, see Installing the provided certificate to a web browser on page 187.
For information about certificates that you must manually configure, see Configuration tasks for advanced security on page 183.
182
Configuring the web server and web browser for security level 3 or 4
When the Distribution Server uses security level 3 or 4, web communications must use https and the web server and the Distribution Client and web browsers must mutually authenticate to each other with certificates. For more information, see About security level mapping for web communications on page 181. You must manually install the web browser certificate to each web browser that is used to access Distribution Manager. If you install the Distribution Server on a Windows computer, you must also perform the following manual configuration tasks: 1. Add the trusted root certificate authority (For more information, see page 184). 2. Add the web server certificate (For more information, see page 185). 3. Require client certificates (For more information, see page 186). If you install the Distribution Server on a UNIX computer, the Apache web server is automatically configured according to the security level selected at installation.
Appendix C
183
To add the provided trusted root certificate authority 1 In Windows Explorer, double-click the BMC_demo_ca.crt file in the
%BMC_ROOT%\Patrol7\security directory.
2 Click Install Certificate. 3 On the Certificate Wizard's Welcome screen, click Next. 4 On the Certificate Store screen, click the radio button for Place all Certificates in the
following store.
5 Click Browse. 6 In the Select Certificate Store dialog, check the box next to Show Physical Stores. 7 Expand the tree for Trusted Root Certification Authorities. 8 Highlight Local Computer, and click OK. 9 Click Next to advance to the next wizard screen. 10 Click Finish.
A confirmation appears stating The import was successful.
11 Click OK to close the Certificate window. 12 If you want to verify the import, double click the file BMC_demo_ca.crt.
The Certification Path tab in the Certificate window displays the message The certificate is OK.
184
To add the provided web server certificate (Windows 2000) 1 Open the Internet Services Manager using the Start => Programs => Administrative
Tools => Internet Services Manager menu or entering the following at the command
2 Expand the host in the selection tree and locate the web site from which you will
install the certificate. Example: Default Web Site
3 To display the Web Site Properties dialog box, right-click the web site and choose
Properties.
4 On the Directory Security tab, click Server Certificate. 5 On the Welcome screen for the Web Server Certificate Wizard, click Next. 6 On the Server Certificate window, select Import a Certificate from a Key Manager
backup file and click Next.
7 Type the path or use the Browse button to select the IIS.key file located in the
%BMC_ROOT%\Patrol7\security directory, then click Next.
9 On the Imported Certificate Summary window, click Next. 10 On the final screen, click Finish.
Appendix C
185
11 If the Web Site Properties dialog box is not open, repeat step 1 through step 3. 12 On the Web Site tab, enter a port number for SSL Port. A typical port number for
SSL is 443.
13 Click OK to close the Web Site Properties dialog box and apply the changes.
To require client certificates on IIS 1 Open the Internet Service Manager using one of the following methods:
s
On Windows: choose Start => Programs => Administrative Tools => Internet
Service Manager.
Type the following command using the command line or Run dialog: %SystemRoot%\System32\inetsrv\iis.msc
2 Use the tree view to find the web sites and/or Virtual Directories that need to have
a client certificate requirement. Complete the following steps for each web site or Virtual Directory:
3 Display the Properties sheet by right-clicking the web site or Virtual Directory and
selecting Properties.
4 On the Directory Security tab, in the section labeled Secure Communications (the
yellow key icon), click Edit.
5 In the Secure Communications dialog, select the check box for Require secure
channel (SSL).
6 If you want to use 128-bit encryption, select the check box next to Require 128-bit
encryption in the dialog box.
NOTE
The browser must use the same level of encryption as the web server. For example, if the web server uses 128 bit encryption, the browser must also use 128 bit encryption.
186
7 In the Client Certificate Authentication section, select the radio button for
Require client certificates.
8 Click OK to return to the Properties sheet. 9 Click OK to close the Properties sheet. You may be prompted for whether you
want to override security settings for subdirectories within this web site or Virtual Directory.
To install the provided web browser certificate on Internet Explorer 1 Copy the BMC_demo_client.pfx from the %BMC_ROOT%\Patrol7\security directory
on the Distribution Server to any location on the target computer.
2 Double-click the BMC_demo_client.pfx file on the target computer. 3 On the Welcome screen of the Import Certificate Wizard, click Next. 4 On the File to Import page, the path to file you selected appears in the File name
field. Click Next.
5 On the Password page, leave the password field empty and click Next. 6 On the Certificate Store page, accept the default selection of Automatically select the
certificate store based on the type of certificate.
NOTE
If the trusted root certificate is already installed, select Place all certificates in the following store. Click Browse, select the Personal folder, then click OK.
7 Click Next and then Finish. 8 A confirmation appears stating The import was successful. 9 Click OK. 10 Open the browser and enter the URL to the web site or Virtual Directory where
you added a client certificate requirement.
Appendix C
187
To see the Client Certificate prompt, you should use the fully qualified host and domain name (for example myhost.bmc.com) so that Internet Explorer will be in the Internet zone. If you use the host name without the domain, Internet Explorer will be in the Local intranet zone, where the browser may use the client certificate without prompting you. It will still function properly, but it will not be obvious that the client certificate is being used. If you are using the fully qualified domain name, the Client Authentication dialog box appears, which allows you to select a client certificate to use for this host.
To install the provided web browser certificate on Netscape 4.x 1 Copy the BMC_demo_client.pfx from the %BMC_ROOT%\Patrol7\security directory
on the Distribution Server to any location on the target computer.
2 From the Netscape menu, choose Communicator => Tools => Security Info. 3 On the menu on the left, click Certificates, then click Yours. 4 Click Import a Certificate. 5 Select the BMC_demo_client.pfx file and click Open. 6 Click OK on the password windows.
A confirmation appears stating Your certificates have been successfully imported.
7 Click OK. 8 On the menu on the left, click Navigator. 9 Clear the check boxes for any warning messages that you do not want to see. 10 In the Certificate to identify you to a web site field, choose Select Automatically or
BMC_CLIENT certificate.
11 Click OK.
188
If you will distribute the Distribution Client from the Distribution Server, do not set the Distribution Server Command Line Interface (dsadmin policy) to attended mode. The Distribution Server Command Line Interface is launched in the background when the Distribution Client is distributed. If you want to set the Apache web server to attended mode, see About unattended and attended modes for the Apache web server on page 189 for more information.
About replacing the default certificate for the Apache web server
The default certificate installed with Apache is not protected with a password. If you replace this certificate with a certificate that is protected with a password and want to run Apache in unattended mode, you can store the encrypted password in the Apache policy file.
About unattended and attended modes for the Apache web server
By default, Apache runs in unattended mode because its private key in its default certificate is not protected with a password. If you replace the default certificate, you might also have to generate a private key and keystore. If the new keystore is protected by a password, you have the option of running Apache in unattended mode or attended mode.
Appendix C
189
NOTE
Apache operates outside the PATROL Security context. The Apache.plc policy file is used only to store and retrieve the password for the private key, if you replace the default certificate. Other information stored in the file is not used. For more information about policy files, see the PATROL Security User Guide.
1 Obtain the certificate from a certificate authority. 2 Installing the new certificate.
See your certificate authority for detailed instructions.
3 If you want to run Apache in unattended mode, use the plc_password utility to
update the password for the Apache.plc policy file to the password for the private key for the new certificate.
190
NOTE
The plc_password utility is documented in the PATROL Security User Guide.
4 If you want to run Apache in attended mode, convert Apache to attended mode.
For more information, see Running Apache in attended mode on page 190.
When using the Distribution Server to distribute products with a different security level from products on the system, you must schedule the distribution in the force install mode. Otherwise, the site policy will not be updated. The Distribution Client uses the security level set in the dsclient policy. Any products that you install after the Distribution Client will not affect the security level of the Distribution Client.
Appendix C
191
192
Appendix
D
194 194 195 196 196 196 197 197 198 198 198 199 199 199 200 200 200 201 201 201
Appendix D
193
Overview
Overview
The Distribution Server maintains a distribution status for each computer that hosts a Distribution Client. Ideally the distribution status message for each computer should be The DS client is ready for distribution or Done-OK. The first message indicates that the Distribution Client is ready, and the second says that a distribution completed successfully. If the message is anything else, consider it a distribution failure message. Use this appendix to identify and troubleshoot distribution failure messages.
CLI Message
Distribution did not happen, Distribution did not happen - No Deployment Executed system not ready system not ready Uninitialized System Distribution did not happen - Distribution did not happen - No Deployment Executed incomplete host data incomplete host data Incomplete System Data
Distribution on system failed Distribution did not happen - No Deployment Executed 196 - multiple versions on some multiple versions on some Multiple Versions of a Component components components Distribution on system failed Distribution did not happen - No Deployment Executed - cache size too small cache size too small Insufficient Cache Space Distribution on system did not happen - Configuration locales do not match Distribution on system did not happen - Configuration error detected Distribution on system did not happen - DS Client not found Distribution did not happen - No Deployment Executed configuration locale Configuration locale does not mismatch match system locale Distribution did not happen - No Deployment Executed - Errors error in configuration were found in the configuration Distribution did not happen - No Deployment Executed - DS missing dsclient client not found in host inventory No Deployment Executed Insufficient Free Disk Space 196 197
197
198
Distribution on system did Distribution failed - not not happen - not enough free enough free disk space disk space
198
194
CLI Message No Deployment Executed - Client Wake-up Failed Distribution Timed Out Installation Timed Out Installation completed with no components to update in the inventory Failed Deployment Failed - Need valid root account No Deployment - System failed cache check routine Deployment Failed - Post Installation Failure
Wake-up call to client failed. Wake-up call to client failed Timed out during distribution Time-out during file distribution
Timed out during installation Timed out in phase install/uninstall phase The installation completed but without components to update in inventory Done-Failed Done but without components to update in inventory Done Failed
The distribution failed due to Done failed - error on root error on root account account The installation did not happen due to cache check failure Failed due to client cache check failure
The installation completed Done failed on post install but failed on post installation action action The installation completed with interim errors
201
Done but with interim errors Installation completed with an interim error in the exception log Distribution on system did not happen - Nothing to deploy ((message is displayed on Distribution Status Report)
201 201
Failed to deploy distribution Distribution on system did set 'dset_name': Can not find not happen - Nothing to deploy (message is displayed items for this deployment on Distribution Status Report)
Appendix D
195
196
NOTE
An English language configuration is compatible with any Distribution Client.
Appendix D
197
Distribution on system did not happen - not enough free disk space
DM Message: Distribution on system did not happen - not enough free disk space Log Message: Distribution failed - not enough free disk space CLI Message: No Deployment Executed - Insufficient Free Disk Space Solution: The distribution failed because the computer that hosts the Distribution Client does not have enough free disk space. Delete files from the client computer to create more disk space.
198
Appendix D
199
Done-failed
Done-failed
DM Message: Done-Failed Log Message: Done Failed CLI Message: Failed Solution: An error occurred during installation. View the installation.log file for the system or call support at BMC Software.
200
Distribution on system did not happen - Nothing to deploy (message is displayed on Distribution Status Report)
DM Message: Distribution on system did not happen - Nothing to deploy (message is displayed on Distribution Status Report) Log Message: Failed to deploy distribution set 'dset_name': Can not find items for this deployment CLI Message: Distribution on system did not happen - Nothing to deploy (message is displayed on Distribution Status Report)
Appendix D
201
Distribution on system did not happen - Nothing to deploy (message is displayed on Distribution Status Report)
Solution: This message is displayed for a variety of reasons. If all the components to be deployed are already installed on the client computer, this message is displayed for an installation deployment. In such instances, the deployment can be forced by using the "force_install" deployment option. This message is also displayed if all components in a distribution are filtered for a particular system because of the infrastructure role or Operating System characteristics.
202
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Index
Symbols
.ppf 141 components about 90 adding to collections 92 custom 140 custom import 140 import 140 importing 90 in collections 91 packaging 140 configurations about 93 creating 93 connection account 94 custom components 140 custom import 140 customer support 3
A
accounts adding in Distribution Manager 98 Apache account 32 connection account 94 Distribution Client account 46, 94 Distribution Client default account 32 Distribution Client registration account 33 Distribution Server account 31 on remote system 94 privileged account 96 root account 31, 47 users on the Distribution Server 61 Apache web server logs 163 trimming log files 35 user name and group 32 Apache.plc (file) 192 attended mode 191
D
directory structure 79 Distribution Client directory structure 81 distributing from the Distribution Server 166 environment variables 82 logs 164 methods of installing 21 port number 48 purpose 15 registration process 167 starting, stopping, and verifying execution 66 Distribution Client account 46, 94 Distribution Client default account 32 Distribution Client registration account 33 Distribution Client working directory 45 distribution failure messages 196 Distribution Manager interface 87 logging off 106 overview 59, 85 purpose 15 where to use 86
B
backing up Distribution Server 68 base installation directories base installation directories 21 in profile 99 BMC Software, contacting 2 BMC_ROOT environment variable 81, 82
C
certificates Apache web server 191 provided 183 signing authorities 184 client security policy 182 collections about 91 creating 92
Index
203
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Distribution Server backing up and restoring 68 components 12 directory structure 80 environment variables 81 features 12 installing 19 logs 162 overview 11 purpose 14 starting, stopping, and verifying execution 63 troubleshooting 151, 157 Distribution Server account 31 Distribution Server CLI about 107 command line arguments 110 commands 112 example scripts 134 modes for running 109 purpose 15 uses 109 Distribution Server web server name 45 distributions about 104 setting up 104 documentation list of documents 16 manuals, availability 16 release notes, availability 16 ds security policy 182 ds_config.sh (file) 31 dsadmin security policy 182 dsclient security policy 182 logs 163 required accounts 29 import custom 140 installable components 28 installation Distribution Client workflow 44 Distribution Server workflow 28 logs 162 troubleshooting 150 installation types default versus custom 26 Internet Guest account for IIS 29 ISAPI extensions for IIS web server 30
L
Launch IIS Process account for IIS 29 logging off 106 logging on to Distribution Manager 87 logs Apache web server 163 Distribution Client 164 Distribution Server 162 IIS web server 163 installation 162
M
manuals, availability 16 mapped drive distributing the Distribution Client 170 installing Distribution Server from 29
E
environment variables 81
N
network requirements 23
F
firewall 82 ftp 173
P
packaging 140 packaging components 140 PATROL Agent 168 PATROL Knowledge Module 140 PATROL Package Format (PPF) 141 PATROL_ROOT environment variable 81 pkgcreate pkgcreate 139 argument descriptions 143 destination directory 144 source directory 144 policy files 182
H
HTTP and HTTPS ports 34, 47
I
IIS ftp server 175 IIS web server about 29 default web site 29 ISAPI extensions 30
204
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
ports Distribution Client port 48 firewall 82 HTTP and HTTPS 47 HTTP and HTTPs 34 RTserver 34 PPFCompress 140 PPFExtract 140 privileged account 96 privileged account,creating with sudo 97 privileges 61 product support 3 products setting up 90 uninstalling with a CD in UNIX environments 56 uninstalling with a CD in Windows environments 56 profiles about 99 creating 99 pslsp security policy 182 sftp 171 site security policy 182 ssh 171 starting Distribution Client 66 Distribution Server 63 RTserver 62 web server 64 stopping Distribution Client 66 Distribution Server 63 RTserver 62 web server 64 sudo, installing and configuring 97 support, customer 3 system groups about 102 creating 103 systems about 100 adding 100 registering 101 setting up 94
R
release notes, availability 16 remote registry 169 reports about 106 running 106 repository repository 140 about 90 root account installing Distribution Client 47 installing Distribution Server 31 root account, using a sudo-privileged account in place of 97 RTserver port 34 purpose 14 starting, stopping, and verifying execution 62 variable setting 33 RTSERVERS environment variable 81
T
task schedule service 170 technical support 3 telnet 173 test urls 65 troubleshooting common usage problems 151, 157 distribution failure messages 196 installation problems 150 security problems 161
U
unattended mode 191 uninstalling products 54 uninstalling products with a CD in UNIX environments 56 in Windows environments 56
S
security configuration tasks 185 distributing components 193 policy files 182 provided certificates 183 security level mapping 183 troubleshooting 161 unattended vs. attended modes 191 using advanced 179 web communications 183
V
virtual directories 175
Index
205
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
W
Web server HTTP and HTTPS port numbers 34 log files 163 purpose 14 starting, stopping, and verifying execution 64 workflow Distribution Client installation 44 Distribution Server installation 28 workflow overview Distribution Manager 89 working directory working directory 45 in profile 99 worksheet Distribution Client installation 48 Distribution Server installation 36
206
Notes
*65065*