Opswise Unix Agent Install

1. Synopsis

  • This document describes the setup procedure for installing an OpsWise Agent on CentOS/RedHat hosts.

  • All step should be performed on the target CentOS/RedHat host.

  • Full installation guides:

2. Installation Prerequisites

  • On Fedora, install the cryptography libcrypt.so.1 library

    Fedora
    sudo dnf install -y libxcrypt-compat

    • Confirm with

      ls -l /usr/lib64/libcrypt.so.1

  • Even though Stonebranch has added support for starting the agent via systemctl as of v7.4, the legacy startup script /etc/init.d/ubrokerd still exists; it is not a native systemd unit.

  • In order to allow the ubrokerd.service to start at boot time:

    1. Check for the existence of /usr/lib/systemd/systemd-sysv-install

      Which is a link to /usr/sbin/chkconfig

    2. If it doesn’t exist, then it needs to be installed via:

      sudo dnf install chkconfig -y

3. Prep

  1. Log on to the Software Downloads section of the StoneBranch Portal.

  2. Find the Universal Agent downloads link:

    1. Download the latest tarball image file from here.

      The file will be named like the following:

      RedHat/CentOS:    sb-7.8.2.0-linux-3.10-x86_64.tar.Z
Ubuntu:           sb-7.8.2.0-linux-4-x86_64-deb.tar.Z

  3. Prep the installation script:

    1. Download the installation script as: install-on-unix.bash

    2. Copy or SFTP this script to the /tmp directory.

    3. Edit the script with updated values for the embedded variables. The comments in the script will point out variables that should be updated.

    4. Make the script executable

      sudo chmod u+x ./install-on-unix.bash

4. Install

  1. Copy Tar Ball:

    1. Copy or SFTP the tarball image file to the /tmp directory.

  2. Run the installer:

    As per the previous step our install script should already be in the /tmp directory as well.

    1. As root, run the install-on-unix.bash install script.

      cd  /tmp
      sudo ./install-on-unix.bash

5. Post Installation

5.1. Open port 7887 Inbound

This is only required when an Agent Cluster has its Distribution parameter set to Network Alias and that Network Alias should resolve to this Agent.

  1. Execute

    sudo firewall-cmd --permanent --zone=public --add-port=7887/tcp (1)

sudo systemctl reload firewalld                                 (2)
    1 Open port 7887 for inbound traffic.
    2 Restart the FW daemon.

  2. Confirm ubrokerd is listening on port 7887:

    Command
    sudo ss -tulpn | less | grep :7887
    Result 
    tcp   LISTEN 0      100           0.0.0.0:7887       0.0.0.0:*    users:(("ubrokerd",pid=265030,fd=13)) (1)
    1 The result indicates that the ubrokerd process is listening on port 7887.

5.2. Create the PAM file

  1. Copy the following contents as /etc/pam.d/ucmd.

    More info about PAM files can be found here.
    Command
    sudo vi /etc/pam.d/ucmd
    Expand for ucmd Contents 
    auth       include      system-auth
auth       required     pam_nologin.so
account    include      system-auth

  2. Confirm that /etc/pam.d/system-auth exists.

    • If not, copy the system-auth file from this archive as /etc/pam.d/system-auth.

5.3. Create the startup Unit File

5.3.1. Install prerequisites

  • Install chkconfig

    1. RHEL

      sudo dnf install chkconfig -y

    2. Ubuntu

      Do not try this
      sudo dnf install chkconfig -y

5.3.2. Create the ubrokerd Service

  1. Stop the currently running ubrokerd process

    1. RHEL

      sudo /etc/rc.d/init.d/ubrokerd stop

    2. Ubuntu

      sudo /etc/init.d/ubrokerd stop

  2. Create file /etc/systemd/system/ubrokerd.service with the contents listed below

    Command
    sudo vi /etc/systemd/system/ubrokerd.service
    Expand for ubrokerd.service Contents 
    [Unit]
Description=Universal Broker Service
Wants=network.target network-online.target
After=network.target network-online.target

[Service]
Type=forking
;User=root
;Group=ubroker

ExecStartPre=/bin/bash -c "mkdir -p /var/run/universal"
ExecStart=/opt/universal/ubroker/ubrokerd start
ExecStartPost=/bin/bash -c "sleep 3; umask 022; pgrep ubrokerd > /var/run/universal/ubrokerd_systemctl.pid"
ExecStop=/opt/universal/ubroker/ubrokerd stop
ExecStopPost=/bin/bash -c "sleep 3"
ExecReload=/opt/universal/ubroker/ubrokerd restart
#Restart=on-failure
PIDFile=/var/run/universal/ubrokerd_systemctl.pid

[Install]
WantedBy=multi-user.target
Alias=ubroker

  3. Issue the the reload command to the system manager in order to add the new ubrokerd.service

    sudo systemctl daemon-reload

  4. Run the following command to configure system manager to start the ubrokerd service when the host is rebooted:

    sudo systemctl enable ubrokerd.service

    If this step fails, reread the Installation Prerequisites portion of this doc.

  5. Start the ubrokerd service

    sudo systemctl start ubrokerd.service

  6. Check the status of the ubrokerd service

    Command
    sudo systemctl status ubrokerd.service
    Sample output 
    ● ubrokerd.service - Universal Broker Service
     Loaded: loaded (/etc/systemd/system/ubrokerd.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2022-09-08 19:56:13 EDT; 11min ago
    Process: 931 ExecStartPre=/bin/bash -c mkdir -p /var/run/universal (code=exited, status=0/SUCCESS)
    Process: 932 ExecStart=/opt/universal/ubroker/ubrokerd start (code=exited, status=0/SUCCESS)
    Process: 1242 ExecStartPost=/bin/bash -c sleep 3; umask 022; pgrep ubrokerd > /var/run/universal/ubrokerd_ststemctl.pid (code=exited, status=0/SUC>
   Main PID: 1241 (ubrokerd)
      Tasks: 0 (limit: 10488)
     Memory: 1.9M
        CPU: 69ms
     CGroup: /system.slice/ubrokerd.service
             ‣ 1241 /opt/universal/ubroker/bin/ubrokerd

Sep 08 19:56:09 v-RedHat00.dhante.local systemd[1]: Starting Universal Broker Service...
Sep 08 19:56:09 v-RedHat00.dhante.local ubrokerd[932]: Starting ubrokerd daemon.
Sep 08 19:56:09 v-RedHat00.dhante.local su[1026]: (to opswise) root on none
Sep 08 19:56:09 v-RedHat00.dhante.local su[1026]: pam_unix(su-l:session): session opened for user opswise(uid=1001) by (uid=0)
Sep 08 19:56:10 v-RedHat00.dhante.local su[1026]: pam_unix(su-l:session): session closed for user opswise
Sep 08 19:56:13 v-RedHat00.dhante.local systemd[1]: Started Universal Broker Service.

6. Changes

6.1. Reconfigure OMS

If the OMS server has changed, edit the /etc/universal/uags.conf file.

7. Uninstall

These steps may be incomplete

  1. Stop Agent via one of the following:

    1. Via init.d

      sudo /etc/init.d/ubrokerd stop

    2. Via sysctl

      sudo systemctl stop ubrokerd.service

  2. Uninstall Agent

    RHEL instructions 
    sudo rpm -e unv-opscli
sudo rpm -e unv
sudo rm -rf /etc/rc3.d/S50ubrokerd
sudo rm -rf /etc/universal
sudo rm -rf /opt/universal
sudo rm -rf /var/opt/universal
    Ubuntu instructions 
    sudo dpkg -r unv
sudo dpkg -r unv-opscli

sudo rm -rf /etc/rc3.d/S50ubrokerd /etc/universal /opt/universal /var/opt/universal