Chapter 14. Managing Linux clients
Ready for another chapter on operating system deployment? Ha-ha, just kidding; I wouldn’t inflict that on you! Instead, let’s indulge in a change of scene and delve into the (relatively) new world of managing non-Windows clients—specifically, Linux.
ConfigMgr (and SMS, in its previous life) has been all about deploying and managing Windows environments, but with the release of ConfigMgr 2012 Service Pack (SP) 1 came the ability for us ConfigMgr admins to start managing systems running Mac OS X and Linux/UNIX-based operating systems.
Because you’re running an up-to-date version of ConfigMgr in your lab environment, you’re ready to rock with Linux. As shown in figure 14.1, you’ll introduce Ubuntu Server into your lab environment and use ConfigMgr to take control.
Figure 14.1. This chapter is Linux, Linux, and more Linux!
14.1. Installing an Ubuntu server
If you’ve never installed a Linux distribution before, fear not—it’s straightforward. ConfigMgr does support various versions of Linux and UNIX, but I’ve chosen Ubuntu for this lab because it’s easy to install and configure.
The first thing you’ll need is yet another virtual machine in your lab environment. If you need to power off CLIENT01 and/or CLIENT02 to free up resources for another VM, that’s fine. You won’t need those systems for the rest of this chapter.
Create a new virtual machine by using the specifications detailed in table 14.1.
Table 14.1.
|
Setting value |
|
|---|---|
| VM Name | LINUX01 |
| CPU | 1 × CPU |
| RAM | 1 GB |
| Hard Disk | 1 × 40GB |
| Network | 1 × NIC |
Now that you’ve created the VM, it’s time to install Ubuntu by growing a neckbeard, gorging on bulk-buy donuts, and trotting out any other Linux stereotype you fancy!
To get Ubuntu running in the lab environment, do the following:
1. Go to www.ubuntu.com/download/server and download the latest build of Ubuntu Server 14.04 LTS (which stands for Long-Term Support). The desktop version of Ubuntu will work too, but the server version is the officially supported build and is also the one you’re most likely to encounter in an enterprise environment.
2. The file downloaded should be called ubuntu-14.04.3-server-amd64.iso (or something similar). Attach this ISO to the newly created VM and boot from it.
3. As shown in figure 14.2, the default option is to install Ubuntu Server.
Figure 14.2. Installing Ubuntu Server from the installation ISO
4. Go through the installation options for preferred language, geographical location, and keyboard layout.
5. For the system hostname, enter linux01 (lowercase), and enter your own name and choose a password for the extra user account. The password you choose here will also be the password set for the root (superuser) administrative account.
6. For the disk partitioning method, select “Guided – use entire disk and set up LVM.” There should only be one disk to choose from. Accept all the defaults, and the partition structure is written to disk.
7. Enter HTTP proxy information if you need to (this shouldn’t be needed in a home lab environment) and configure image updates as “No automatic updates.”
8. When prompted to choose which software to install, select “OpenSSH server and Samba file server” (use the spacebar to select multiple options). Then sit back and let the installation process finish.
9. After the installation is complete, log in to the server by using the username and password you configured during the installation.
10. Now you’ll perform a little bit of maintenance and configuration:
11. Download and install all the available critical system updates by using the command sudo apt-get update (the sudo password is the same password as your user account) and then sudo apt-get upgrade. Because this system has never been patched before, this process can take a bit of time, but it’s worth it. After completion, reboot the system by using the command sudo shutdown -r now.
12. Optionally, configure a static IP address on the system by using the command-line Nano editor and the command sudo nano /etc/network/interfaces. Edit the interfaces file to look like figure 14.3, and then save it and exit using Ctrl-X.
Figure 14.3. Configure a static IP address on your Ubuntu system—it is a server, after all.
13. Finally, reboot the system one last time.
Wow—we do spend a lot of time on preparation, don’t we? Never fear; now you can get on to the ConfigMgr piece.
Follow the steps in this section to create a new virtual machine and install Ubuntu Server 14.04 on it. Then patch the server and assign it a static IP address.
14.2. Installing the ConfigMgr client for Linux
You have a Linux system ready to go, and your ConfigMgr environment has been updated, so it’s time to get the client installed. By default, the client files for non-Windows platforms aren’t included in the ConfigMgr installation binaries or on the installation media. Instead, you need to download them separately.
To download the appropriate ConfigMgr client, do the following:
1. Navigate to www.microsoft.com/en-au/download/details.aspx?id=39360.
2. Click the “Download” button, and select “ConfigMgr Client for Linux.” Note that clients are available for other platforms too, including Mac OS X.
3. Download the ConfigMgr Clients for Linux.exe file to E:Temp on CM01.
4. Launch the executable. In the folder location to place the extracted files, enter E:Program FilesMicrosoft Configuration ManagerXPlat5.0.7958Linu x.
Tip
The folder structure in step 4 doesn’t exist in any standard ConfigMgr implementation. But in your lab environment, E:ConfigMgr also maps to \CM01SMS_PS1, so by creating a new folder structure here, you’re making the Linux client available via the network. The folder structure also shows exactly which version of the Linux client is located there.
5. A Linux server needs a little help to grab files directly from a Windows server. You need to make the SMS_PS1 share on CM01 appear as part of the Linux server by doing the following on LINUX01:
6. Create a new folder in /mnt (the mount folder) by using the command sudo mkdir /mnt/SMS_PS1.
7. Mount the share on CM01 to the new folder by using the command sudo mount –t cifs //cm01/SMS_PS1 /mnt/SMS_PS1/ -o username=administrator. You’re prompted for the sudo password as well as the Administrator password on CM01 (which is P@ssw0rd).
8. The mount should complete successfully. Change folders via the command cd/mnt/SMS_PS1 and get a directory listing by using ls. You’ll see the contents of the remote file share, as shown in figure 14.4.
Figure 14.4. Accessing the ConfigMgr server share directly from LINUX01
Looking good! Now you can perform the client installation.
Tip
You can quickly enter file and folder names in Linux by using the Tab key. It tries to work out which file/folder you want based on what’s available, like PowerShell.
1. Change the folder to the Linux client installers by using cd /mnt/SMS_PS1 /XPlat/5.00.7958.1060/Linux.
2. Get a folder listing by using ls. You’ll see an install script as well as a few packages for various versions of Linux.
3. Install the client by using the following command: sudo ./install –mp cm01.mol.sccmlab.net –sitecode PS1 ccm-Universalx64.tar. This command tells the installer which Management Point and ConfigMgr site code to use, as well as which client package. The installation takes a couple of minutes to complete successfully, as shown in figure 14.5.
Figure 14.5. The best kind of installation is a successful one!
4. Open the ConfigMgr console on CM01 and go to Assets and Compliance > Devices. You’ll see that LINUX01 is listed, but there’s no value for client activity. Right-click and select “Approve,” as shown in figure 14.6.
Figure 14.6. You need to manually approve a system that ConfigMgr can’t automatically validate.
And that’s it! The ConfigMgr client is installed and active on a Linux system. Congratulations!
Follow the steps in section 14.2 to install the correct ConfigMgr client for Linux on LINUX01. Make sure that the system appears in the ConfigMgr console and that you approve it.
Why did you need to manually approve the new system? Any system that has a valid ConfigMgr client on it and is talking to a site server that can’t automatically validate its identity must be manually approved. Any other approach could be a security risk.
You didn’t need to do that for the Windows machines because they’re part of the same Active Directory domain as CM01; a common platform for identification and authentication is in place. Had they not been on the domain but in a workgroup, you would have had to manually approve them.
Linux servers aren’t part of the AD domain, so instead they use certificates to prove their identity. Because the certificate is created and signed during the ConfigMgr client installation, the site server doesn’t trust it automatically. In a secure ConfigMgr environment, where the server roles are configured with SSL certificates created and signed by a common certificate authority (more on that later), then a new Linux server can be automatically trusted and doesn’t require manual approval.
14.3. Navigating ConfigMgr for Linux
The ConfigMgr client for Linux doesn’t have a graphical user interface like the Windows client, so any interaction with the client is done via the command line. This isn’t an issue on Linux servers, because most administration is done remotely using a Secure Shell (SSH) connection that enables you to run commands as if you were logged on locally. Let’s set up remote administration first.
14.3.1. Connecting to Ubuntu remotely
When you installed LINUX01, you selected the SSH server role. It’s ready to accept connections, so all you need to do is connect. To connect via SSH, do the following:
1. Log on to CM01 and go to www.chiark.greenend.org.uk/~sgtatham/putty/. PuTTY is a free Telnet/SSH client that has been around for ages, and still does a great job.
2. Go to the download page and download the latest x86 build of PuTTY to CM01.
3. Launch the file, and PuTTY opens (there’s nothing to install). Connect to LINUX01 by using the same configuration shown in figure 14.7.
Figure 14.7. Using PuTTY to remotely connect to LINUX01 with SSH
4. Click “Open,” and then click “Yes” to store the server’s encryption key (you’re prompted for this only once).
5. Enter the same username and password you’re using to log in to LINUX01, and that’s it!
Easy, huh? You’ll do the rest of this chapter remotely using PuTTY; that’s a realistic admin experience. You can log out of LINUX01 without impacting your SSH session. Use the command logout.
14.3.2. Exploring ConfigMgr logs for Linux
Before you can explore the ConfigMgr client, you should first check out the log file so you can see what changes are happening in real time. Needless to say, it’s not as straightforward as all that. There’s no Linux equivalent of CMTrace, so one way (though not the only way) to expose the log files is to create a file share on the Linux server and connect to the log files remotely. Linux uses Samba to serve network shares to Windows computers, and you installed Samba when you installed LINUX01.
To create a new share, do the following:
1. From PuTTY, type in sudo smbpasswd –a <username>, where <username> is the user that you’re using to log in with. By default, Linux accounts aren’t automatically Samba accounts, so you need to assign a Samba password.
2. Edit the Samba configuration by entering sudo nano /etc/samba/smb.conf.
3. Add the following lines to the [global] section of the file:
oplocks = no
kernel oplocks = no
4. Scroll to the end of the smb.conf file and enter the following text block:
[configmgr]
path = /var/opt/microsoft
available = yes
valid users = <username>
read only = yes
browseable = yes
public = yes
writable = no
csc policy = disableTip
Note the use of single spaces in the code block. Don’t miss these; without them, the share won’t be created properly.
5. Use Ctrl-X to save and exit the file. Then restart the Samba service by using sudo restart smbd.
6. On CM01, open File Explorer and navigate to \ubuntu.mol.sccmlab.netconfigmgr. You’re prompted for a username and password; enter the Linux username and Samba password that you created earlier.
7. Authenticate, and you should see a folder with a single file: scxcm.log. This is the ConfigMgr log for the Linux client. Launch it with CMTrace. You now have full access to the remote log, as shown in figure 14.8.
Figure 14.8. Accessing the ConfigMgr client for Linux logs via a remote Samba share—very techy!
Follow the steps in section 14.3 to remotely connect to LINUX01 using SSH, and then create a new Samba share so that you can access the ConfigMgr client logs from CM01.
Congratulations! If you’ve never worked with Linux before, you’ve done well to get through this chapter—it has plenty of new concepts to wrap your head around.
14.4. Lab
Ubuntu isn’t the only Linux distro supported by ConfigMgr. Another one that’s common in enterprise environments and also relatively easy to set up is CentOS.
So—feeling brave? Good! Have a go at creating another virtual machine in your lab environment called CENTOS, and install the latest release of version 7, which you can download from here: http://wiki.centos.org/Download.
Follow the same process you used for Ubuntu to get the ConfigMgr client installed on CentOS; make sure it’s talking back to the site server and that the client is approved.