Remebering this earlier post i made about "OpsMgr (SCOM) - Unix/Linux Agents Requisites and Troubleshooting"
I came up with the idea to make a script that made this validations for ourselves.
Basically it'll login your unix/linux servers with your own credentials and will make a bunch of configurations tests.
But, please remember that this is my own scenario oriented, so, read and edit the code for your own scenario.
So, in first place, you'll need this library :
http://www.powershelladmin.com/wiki/SSH_from_PowerShell_using_the_SSH.NET_library
You can put it on your Modules favourite folder (eg. C:\Program Files\WindowsPowerShell\Modules)
Finally!
You can execute this script from your Unix/Linux Resource Pool gateway or MS:
$ServerList = 'C:\Powershell\SCXAgentDSC\list.txt'
$SCXAgents = Get-Content -Path $ServerList
# Change values for your own
$user = 'Your_Run_AsAccountGoesHere!'
$pass = ConvertTo-SecureString 'YourPassword' -AsPlainText -Force
$creds = New-Object System.Management.Automation.PsCredential($user,$pass)
try { Import-Module SSH-Sessions }
Catch { 'No SSH Modules Found' ; Exit }
foreach ( $scxagent in $SCXAgents ) {
$scxdomain = ($scxagent -split "\.")[-2..-1] -join '.'
# Change values for your own here as well
if( (New-SshSession -ComputerName $scxagent -Username Your_Run_AsAccountGoesHere -Password "YourPassword") -notmatch “successfully”) {
$scxagent + ' Could not SSH (bad user / password ? | Or no route ? )'
$SSHStatus = "1"
} Else { $SSHStatus = "0" }
If ($SSHStatus -eq "0" ) {
Invoke-SshCommand -Quiet -ComputerName $scxagent -Command "sudo -l" | Out-File C:\Powershell\sudo.txt
Invoke-SshCommand -Quiet -ComputerName $scxagent -Command "cat /etc/issue" | Out-File C:\Powershell\issue.txt
Invoke-SshCommand -Quiet -ComputerName $scxagent -Command "openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer -dates" | Out-File C:\Powershell\certconfig.txt
# This is only applied if you have limited sudo configuration
# This line will check if the sudo config escapes the EC (error code) variable
$ECCount = (Get-Content C:\Powershell\sudo.txt | select-string -SimpleMatch "EC\=0" | measure).Count
# This will check if you have enought perms for RPM install and uninstall
$RPMLines = Get-Content C:\Powershell\sudo.txt | select-string -SimpleMatch "--force /tmp/scx-monuser/scx"
# This will check if you have root permissions (and no further sudo config is needed - so comment the lines that does not match your scenario)
$SUDOALL = Get-Content C:\Powershell\sudo.txt | select-string -SimpleMatch "(root) NOPASSWD: ALL"
# This will check if you can re-generate certificates if needed
$SSLConfig = Get-Content C:\Powershell\sudo.txt | select-string -SimpleMatch "/opt/microsoft/scx/bin/tools/scxsslconfig"
# This will check if you have a certificate and for the correct FQDN
$CertConfig = Get-Content C:\Powershell\certconfig.txt | select-string -SimpleMatch "$scxagent"
$SCXSSLDomain = ((Get-Content C:\Powershell\certconfig.txt | Select-String -SimpleMatch "subject") -split "=")[-1]
# Port testing (22 and 1270)
Try { If ((new-object System.Net.Sockets.TcpClient("$scxagent","1270")).connected -eq $true ) { $AgentPortStatus = "OK" } Else { $AgentPortStatus = "NOT OK" } } Catch { $AgentPortStatus = "NOT OK"}
Try { If ((new-object System.Net.Sockets.TcpClient("$scxagent","22")).connected ) { $sshstatus = "OK"} Else { $sshstatus = "NOT OK" } } Catch { $sshstatus = "NOT OK" }
# WSMan Testing
If ( Test-WSMan -Port 1270 -ComputerName $scxagent -Authentication Basic -Credential $creds -UseSSL -ErrorAction SilentlyContinue ) { $wsmanstatus = 'OK' } Else { $wsmanstatus = 'NOT OK' }
$scxagenturi = "https://"+"$scxagent"+":1270/wsman"
# WinRM validation
Try { If ( winrm enumerate http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_Agent?__cimnamespace=root/scx -username:'YOUR_USERNAME_HERE' -password:'YOUR_PASSWORD_HERE' -r:$scxagenturi -auth:basic -skipCACheck -skipCNCheck -skiprevocationcheck -encoding:utf-8 ) { $winrmstatus = "OK" } Else { $winrmstatus = "NOT OK" } } Catch { $winrmstatus = "NOT OK" }
If ( $ECCount -gt "0" ) { $ecstatus = "NOT OK" } Else { $ecstatus = "OK" }
If ( $SUDOALL ) { $sudoallstatus = "OK" } Else { $sudoallstatus = "NOT OK" }
If ( $RPMLines -match "[0-9]" ) { $rpmstatus = "NOT OK" } Else { $rpmstatus = "OK" }
If ( $SSLConfig -match "scxsslconfig" ) { $SSLConfigStatus = "OK" } Else { $SSLConfigStatus = "NOT OK" }
If ( $CertConfig -match "$scxagent" -and $CertConfig -match $scxdomain) { $CertificateStatus = "OK" } Else { $CertificateStatus = "NOT OK" }
# Remove the ones that not match your cenario (For sudo config)
Write-Output "$scxagent | WSMAN : $wsmanstatus | SSH : $sshstatus | AgentPort : $AgentPortStatus | EC SUDOConfig : $ecstatus | RPM SUDOConfig : $rpmstatus | SUDOAll : $sudoallstatus | SCXConfig SUDOConfig : $SSLConfigStatus | Certificate : $CertificateStatus | WinRM : $winrmstatus"
}
}
Remove-SshSession -RemoveAll | Out-Null