With the vulnerability and fixes supplied to BASH a few months back there’s been a need to update the service control script I had written for the Configuration Manager client.
The updated client can be found here.
Be sure to read the README file contained within the tarball and modify the cm-installer file as required for your environment.
If you want additional information, please review the original post found here.
So there was a recent security update for RHEL that breaks a library dependency for the Configuration Manager client and OMI.
/opt/microsoft/configmgr/bin/ccmexec.bin: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory
The issue is simple enough to fix with a sym link update.
sudo ln -sf /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.1.0.0 sudo ln -sf /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.1.0.0
Simple enough. If you are on x86 then change /usr/lib64 to just /usr/lib/
Special thanks to Morten Vinding for the best library to use.
Post updated 1/24/15
With the SP1 release of Configuration Manager 2012 support for certain Linux distributions as a client platform has been introduced. Interestingly enough, they’ve added a WMI type mock up that the client uses to interact with and gather data from these varied distributions. It’s not a perfect solution, but certainly a step in the right direction. I’ve spent a fair amount of time working through some of the Linux client problems (within Redhat) and have built an installer, and service control script, along with cron jobs to overcome some of the faults I’ve seen with the client failing to perform certain tasks in a timely fashion.
Before using any of my code, I recommend reviewing the Linux Configuration Manager installation documentation provided via Technet. I’d also encourage you to read up on managing these clients from the Technet as well. It’s fairly straight forward, but as I stated before it’s not a perfect solution. I’ve found problems with zombied threads of the client on the box preventing policy updates, or needs for random restarts of the omiserver etc.
You are welcome to use parts of or all of the provided code as you see fit in your environments of course:
This first portion is a service control script that works for the Redhat distrubtions of the client. I place this within the bin of all my assets to give simpler control of the services and for simplified cron entries.
#!/bin/bash
#CM Client Script
#Author: Daniel Belcher
#Date: 8/7/13 Modified: 1/19/15
#This script is intended for automation of services by cron and simpler
#asset management through the command line
#LDIR="/var/log/"
#DATE=`date '+%m%d%y'`
RUID=0
CCMEXEC="/opt/microsoft/configmgr/bin/ccmexec"
if [ "$UID" -ne "$RUID" ]
then
echo "User needs to be root to run $0 $1"
exit 1
fi
start () {
$CCMEXEC
sleep 1
echo
exit 1
}
stop () {
$CCMEXEC -s
sleep 1
echo
if $(ps aux | grep [c]cmexec.bin) > /dev/null
then
kill $(ps aux | grep [c]cmexec.bin | awk '{print $2}')
fi
exit 0
}
restart () {
$CCMEXEC -s
sleep 2
if [ $(ps aux | grep [c]cmexec.bin) ]
then
kill $(ps aux | grep [c]cmexec.bin | awk '{print $2}')
fi
sleep 1
$CCMEXEC
sleep 1
echo
exit 0
}
trimlogs () {
if [ ! $2 ];then
SIZE=2048
else
SIZE=$(( $2 * 1024 ))
fi
rollover $SIZE "/var/opt/microsoft/scxcm.log"
rollover $SIZE "/var/opt/mirorosft/scx/log/scx.log"
rollover $SIZE "/var/opt/microsoft/scx/log/scxcimd.log"
rollover $SIZE "/var/opt/microsoft/scxcmprovider.log"
}
rollover () {
FILESIZE=$1
LOGPATH=$2
if [ -f $LOGPATH ];then
LOGSIZE=$(du ${LOGPATH} | awk '{print $1}')
if [ $LOGSIZE -gt $FILESIZE ];then
cat /dev/null > $LOGPATH
echo "Clearing entries in $LOGPATH"
fi
fi
}
policy () {
$CCMEXEC -rs policy
sleep 1
echo
exit 0
}
hinv () {
$CCMEXEC -rs hinv
sleep 1
echo
exit 0
}
sinv () {
$CCMEXEC -rs sinv
sleep 1
echo
exit 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
policy)
policy
;;
hinv)
hinv
;;
sinv)
sinv
;;
trimlogs)
trimlogs $2
;;
*)
echo $"Usage: $0 (start|stop|restart|policy|hinv|sinv|trimlogs)"
exit 1
esac
This next portion is a simplified installer script that can be used to build a unified installer for your environment that I’m currently using (it also places the script from above, and imports the cron jobs I’ve created). It’s still required to place the client install files in the folder with this script of course:
#!/bin/bash
RUID=0
MP="management.point.server.com"
SITECODE="ABC"
if [ "$UID" -ne "$RUID" ]
then
echo "User needs to be root to run $0"
exit 1
fi
if [ -f "fix-lib.sh" ]; then
./fix-lib.sh
fi
./install -mp $MP -sitecode $SITECODE -clean ccm-Universalx64.tar
cp configmgr /bin/
# crontab cm-crontab
sleep 5
configmgr stop
sleep 30
cp scxcmprovider.conf /opt/microsoft/omi/etc/
if [ -f "/opt/microsoft/omi/scxcmprovider.log" ]; then
echo "Moving scxcmprovider.log to /var/opt/microsoft/"
mv /opt/microsoft/omi/scxcmprovider.log /var/opt/microsoft/
fi
configmgr start
These are the cron entries, to be used as an example:
#---Begin Configmgr Jobs--- 0 0 * * 2,4,7 configmgr restart 1 * * * * configmgr policy 0 12 * * * configmgr hinv 0 8 * * 3 configmgr sinv 0 * * * * configmgr trimlogs 5 #---End Configmgr Jobs---
For more information regarding cron and what these entries mean, please read this. They do a nice job of explaining this in a fairly straightforward manner.
Putting it all together….
This following link contains the tar.gz that can be used to install from. Be mindful to read the README file and update the cm-installer script before you begin to insure you are pointing to a proper site.
A further note that the Red Hat install I’m using here is based off the universal x64 binaries and will work for a lot of different distributions. Be sure to verify your distribution against the required package and substitute as needed.
So this is a quick blog for a frustrating issue, that is actually very easy to resolve.
If you are on Windows Server 2012, and you’ve had to reinstall WSUS for any reason and receive the following error in your tmp log after attempting to finalize the installation:
2013-02-20 16:04:17 Creating default subscription.
2013-02-20 16:04:17 Instantiating UpdateServer
2013-02-20 16:04:19 CreateDefaultSubscription failed. Exception: System.Net.WebException: The request failed with HTTP status 503: Service Unavailable.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.Internal.ApiRemoting.GetServerVersion()
at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.GetServerVersion()
at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.CreateUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer..ctor(Boolean bypassApiRemoting)
at Microsoft.UpdateServices.Setup.StartServer.StartServer.CreateDefaultSubscription()
2013-02-20 16:04:19 StartServer encountered errors. Exception=The request failed with HTTP status 503: Service Unavailable.
2013-02-20 16:04:19 Microsoft.UpdateServices.Administration.CommandException: Failed to start and configure the WSUS service
at Microsoft.UpdateServices.Administration.PostInstall.Run()
at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
It’s most likely an IIS issue.
Open the IIS console, delete the WSUS Site, and perform the post installation tasks again.