IBM Endpoint Manager IBM Endpoint Manager for OS Deployment Linux OS provisioning using a Server Automation Plan Document version 1.0 Michele Tomassi
Copyright International Business Machines Corporation 2014. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
CONTENTS Contents... iv 1 Purpose of this document...5 1.1 Summary of changes 5 1.2 Software requirements 5 1.3 System Requirements 5 2 Preparing the deployment objects...6 2.1 Step 1: Create the Linux Profile 7 2.1.1 Creating a Linux unattended setup profile... 7 2.2 Step 2: Create the Linux software modules...14 2.2.1Create a software module containing IBM Endpoint Manager client... 14 2.2.2 Create a Linux software module to import the IBM Endpoint Manager certificate file... 17 2.3 Step 3: Create or edit a deployment scheme (optional)...21 2.4 Step 4: Export the deployment objects in RAD format...23 2.5 Step 5: Import the.rad file to the IBM Endpoint Manager Server...24 3 Deploying the RAD profile from the IBM Endpoint Manager Console...27 3.1 Deploying the profile through direct invocation of the RAD fixlets...27 3.2 OS Provisioning through an Automation Plan 28
1 Purpose of this document This document describes how to configure your IBM Endpoint Manager environment for the deployment of a Linux operating system by using IBM Endpoint Manager for OS Deployment, IBM Endpoint Manager for Server Automation, and Tivoli Provisioning Manager for OS Deployment. 1.1 Summary of changes Date April 2014 Notes First version of the document 1.2 Software requirements The following software must be installed in your environment: IBM Endpoint Manager Platform Version 9.0 or later OS Deployment Version 3.4 or later Tivoli Provisioning Manager for OS Deployment Version 7.1.1.15 or later 1.3 System Requirements From an architectural perspective, you need the following components: 1. A Tivoli Provisioning Manager for OS Deployment Server on a dedicated machine 2. An IBM Endpoint Manager Server that must be subscribed to both OS Deployment and Bare Metal Imaging and Server Automation sites 3. An IBM Endpoint Manager relay, connected to the IEM server, with a Bare Metal OS Deployment Server installed locally. 4. At least one bare metal target 5. A DHCP server providing IP addresses and (optionally) other network parameters to boot machines. It is important that DNS be included in the set to resolve the IEM server hostname.
The following graphic describes the main components and their roles: 2 Preparing the deployment objects To prepare a Linux image for deployment in a System Automation plan, you must perform the following steps in order: 1. Create the Linux profile 2. Create the software modules 3. Create or edit the deployment schema (optional) 4. Export the objects created or edited in the previous steps in a.rad format Important: You must run the preparation steps on a dedicated Tivoli Provisioning Manager for OS Deployment server. This machine must NOT have IBM Endpoint Manager client running, or else it will be listed among the available Bare Metal Servers in the "Bare Metal Server Manager" dashboard in your Endpoint Management environment. 5. Import the.rad file to the IBM Endpoint Manager Server 6. Deploy the Linux Profile
2.1 Step 1: Create the Linux Profile You can create the Linux profile by generating it from a DVD image or from a reference machine. In the first case, it is referred to as unattended setup. In the second case, it is a cloned profile. 2.1.1 Creating a Linux unattended setup profile This section describes the creation of a Red Hat Enterprise Linux server 6.5. unattended profile. Proceed as follows: 1. Login to the Tivoli Provisioning Manager for OS Deployment web user interface and browse to Server -> OS Deployment -> System profiles 2. Click new profile. A wizard opens. Choose unattended setup option 3. Choose Linux as platform of the new unattended profile
4. Select the machine where the DVD or the ISO image has been mounted. This machine MUST have an rbagent component registered to the Tivoli Provisioning Manager for OS Deployment server: 5. Browse to the drive where the DVD image or the.iso image is mounted
6. Wait for the rbagent component to detect the operating system image in the path provided in the previous step. When the detection phase is complete, the results are displayed in the wizard: 7. If needed, refine the partition layout.
8. By default, Tivoli Provisioning Manager for OS Deployment automatically selects the base content of the Linux DVD image 9. If needed, add other software package groups from the DVD image to the profile you are creating. Default options do not install any graphical environments.
10. Set root password, language, and time zone of the system profile: 11. If you want to use your own custom ks.cfg file as installation file, you can add it.
12. Set the profile name, as it will be displayed on the Tivoli Provisioning Manager for OS Deployment web user interface. 13: Wait for the profile creation to complete:
14. Check that the created profile is displayed in the list of system profiles: Linux Profile details view If the profile is selected in the Tivoli Provisioning Manager for OS Deployment web user interface, the following page opens. You can modify partition layout and other settings by selecting the OS configuration at the bottom of the page. Warning: Tivoli Provisioning Manager for OS Deployment allows the binding of multiple OS configurations to the same system profile. However, to export the system profile and then import it to IBM Endpoint Manager, your system profile MUST have only one OS configuration linked to it.
2.2 Step 2: Create the Linux software modules You must add the IBM Endpoint Manager client as software module to the.rad archive that is imported to the IBM Endpoint Manager server. The instructions for manually installing IBM Endpoint Manager client for Red Hat Linux platform, are available here: Red Hat IEM Client installation (http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.1/platform/adm/c_red_hat_i nstallation_instructi.html) To successfully register the IBM Endpoint Manager client to the IBM Endpoint Manager Server, the IBM Endpoint Manager client must have the certificate file actionsite.afxm, related to the IBM Endpoint Manager it wants to register to. It is recommended to create a dedicated software module for each certificate file. The official Tivoli Provisioning Manager for OS Deployment documentation provides the guidelines needed to create a software module for Linux systems at this page: Linux software module creation (http://pic.dhe.ibm.com/infocenter/tivihelp/v3r1/topic/com.ibm.tivoli.tpm.osd.doc/deploy/cosd_softmodul ecreation_linux.htm) 2.2.1 Create a software module containing IBM Endpoint Manager client The IBM Endpoint Manager client for Linux is provided as rpm package, hence you must create a software module of type RPM. The official Tivoli Provisioning Manager for OS Deployment documentation provides guidelines on how to create a software module of type rpm for Linux systems at this page: Linux rpm software module creation (http://pic.dhe.ibm.com/infocenter/tivihelp/v3r1/topic/com.ibm.tivoli.tpm.osd.doc/deploy/tosd_rpm_linux. htm) The rpm provided by IBM changes according to Linux distribution, so if you plan to provision SUSE Linux OS to a Server, the creation of a software module containing the IBM Endpoint Manager Client rpm file for SUSE is needed. 1. Login to the Tivoli Provisioning Manager for OS Deployment web user interface and browse to Server -> OS Deployment -> Software modules 2. Click on new Software button (bottom left of the page). The following wizard opens; select Linux as platform
3. Select to create a software module of type rpm: 4. Select the machine where the rpm file has been copied. This machine MUST have an rbagent component registered to the Tivoli Provisioning Manager for OS Deployment server.
5. Browse to the folder where rpm has been copied 6. Wait for the rbagent component to display the information extracted from the rpm file:
7. Set the software module description. You should add the Linux distribution and the architecture to the Description, so that it can be easily found in the list of all software modules. You can also change the Description after the creation. 8. Enter the installation command as specified in the Tivoli Provisioning Manager for OS Deployment documentation: 9. Wait for the software module creation to complete. If you have not changed the description value earlier, you can do it now. 2.2.2 Create a Linux software module to import the IBM Endpoint Manager Certificate file If you want to connect the IBM Endpoint Manager client to the IBM Endpoint Manager server at the end of the OS provisioning, the certificate file must be imported as a software module. To create this custom software module, you must use a custom script to copy the masthead file. This script is provided here only as a sample without any warranty about its behavior. The certificate file name MUST be actionsite.afxm
Sample script: #!/bin/bash if [! -d /etc/opt/besclient/ ]; then mkdir -p /etc/opt/besclient/ fi cp -f /install/masthead_workstation/actionsite.afxm /etc/opt/besclient/ /etc/init.d/besclient start 1. Log in to the Tivoli Provisioning Manager for OS Deployment web user interface and browse to Server -> OS Deployment -> Software modules 2.Click on the New Software button (bottom left on page). The following wizard opens; Select Linux as platform 3. Choose a custom action software module
4. choose a A set of files to copy on the target computer option 5. Choose the machine where both the script and the certificate were copied. They MUST be in the same directory:
6. browse to the folder where the files were copied: 7. Check that the folder contains only the files that need to be copied: 8. If needed, change the description to a value different from the default:
9. Specify the command to launch on the target: 10. Wait for the software module creation to complete. 2.3 Step 3: Create or edit a deployment scheme (optional) Deployment schemes contain settings that define how the deployment of the operating system is done. When you install the Tivoli Provisioning Manager for OS Deployment server, a deployment scheme with name "Default" is always created. You can edit settings in the default scheme or create a new deployment scheme. You can view details about creating and editing deployment schemes here (http://pic.dhe.ibm.com/infocenter/tivihelp/v3r1/topic/com.ibm.tivoli.tpm.osd.doc/deploy/tosd_deplsche me_linux.htm) This section takes you through the steps you must perform to edit an existing deployment scheme. 1. Log in to the Tivoli Provisioning Manager for OS Deployment web user interface and browse to Server -> OS Deployment -> Task Templates 2. Select the Deployment Schemes folder:
3. Select a deployment scheme from the list and click on the view deployment parameters link 4. Apply the desired changes and click ok. The recommended final action is reboot.
2.4 Step 4: Export the deployment objects in RAD format Exporting the objects in a.rad file format is a step you perform from the Tivoli Provisioning Manager for OS Deployment web user interface. The.rad file format is a proprietary archive format of the Tivoli Provisioning Manager for OS Deployment product. 1. Log in to the Tivoli Provisioning Manager for OS Deployment web user interface and browse to Server -> OS Deployment -> Software modules 2. Click on the RAD export button at the bottom of the page. The export wizard opens 3. Select the IEM Endpoint Manager client and "Copy masthead_workstation" software modules, the deployment scheme ("Default" if no other deployment schemas have been added) and the Linux profile created above. Then click next
4. Select the destination folder: If file size is less than 2 GB, you an also download it through an HTTP connection (link at the top of the wizard), otherwise one of the possible options MUST be selected. After the.rad file has been saved locally, it must be copied to IBM Endpoint Manager Server environment. Then you can import it to the Image Library dashboard. 2.5 Step 5: Import the.rad file to the IBM Endpoint Manager Server You import the.rad file to IBM Endpoint Manager through the Image Library dashboard. Log in to the IBM Endpoint Manager Console. In the OS Deployment and Bare Metal Imaging Site, select Image Library. Click Import Image
Browse to the folder where the.rad file was transferred. Select.rad format (bottom right of the wizard) and select the.rad image file Select the file and click open; then click Analyze. The import step starts with an image introspection and then proceeds in the background (green arrow visible on the console). It may take some time, depending on the IBM Endpoint Manager server performance and other factors (IBM Endpoint Manager console on a different machine from the IBM Endpoint Manager Server). At the end of the import process, the image will be available in the Image Library dashboard. Select it and click Send to Server to copy it to the Bare Metal Server
The copy action can take time, and is affected by the network bandwidth between the IBM Endpoint Manager Server and the IBM Endpoint Manager relay. When the action is complete, you can check that the image is available at the Bare Metal Server side from both the Image Library and Bare Metal Server Manager dashboards From the Image Library dashboard: From the Bare Metal Server dashboard: You are now ready to provision the operating system using the Server Automation fixlets. More information about these fixlets is available here: deploy of.rad profiles (http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.1/lifecycle_man/osd_users _Guide/c_Deploy_using_RAD.html)
3 Deploying the RAD profile from the IBM Endpoint Manager Console 3.1 Deploying the profile through direct invocation of the RAD fixlets In this section the deployment of a.rad profile through the fixlets belonging to "OS Deployment and Bare Metal Imaging" site is displayed. From the set of available fixlets, select number 133 or number 107. The main difference is that fixlet 133 as a first step registers the target of the OS provisioning to the Bare Metal Server and then asks for the hostname of the machine being provisioned. On the contrary, fixlet 107 uses the hostname which is already registered in the Bare Metal Server database. You must specify the target and.rad profile values in the Fixlet fields, then you can run the Fixlet on the Bare Metal Server. Even if the fixlet is marked as complete on the IBM Endpoint Manager console, it does not necessarily mean that the OS provisioning has completed too. You can monitor the progress of the OS provisioning from the Deployment Activity Dashboard.
3.2 OS Provisioning through an Automation Plan You can create custom Automation Plans that have OS provisioning as a first step, by using one of the Fixlets described in the previous paragraphs. At the end of the OS provisioning, the new machine is registered to IBM Endpoint Manager Server.
Copyright IBM Corporation 2014 IBM United States of America US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PAPER AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON- INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes may be made periodically to the information herein; these changes may be incorporated in subsequent versions of the paper. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this paper at any time without notice. Any references in this document to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation 4205 South Miami Boulevard Research Triangle Park, NC 27709 U.S.A. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information is for planning purposes only. The information herein is subject to change before the products described become available. If you are viewing this information softcopy, the photographs and color illustrations may not appear.
Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at "Copyright and trademark information" at http://www.ibm.com/legal/copytrade.shtml. Other company, product, or service names may be trademarks or service marks of others.