Answers to Your Common Questions on Enterprise Manager 12.1.0.3 Agent deployment using Add Host Targets Wizard (Agent Push)

Deploying EM agents through Add Host Targets Wizard (Agent Push) is one of the most used deployment method and oracle recommended method for deploying multiple agents in a single go.  In this blog we will address some frequently asked questions:

Question 1) Can I perform mass agent deployment using command line?

Ans) Yes, starting EM 12.1.0.3 you can now perform mass agent deployment using EM CLI. This functionality will allow you to push multiple agents from command line.  We can divide EM CLI verbs into 2 categories:


A. Perform agent deployment

a) submit_add_host -- Submit an Add Host session
b) list_add_host_platforms -- List the supported Add Host platforms
c) retry_add_host -- Retry a failed Add Host session

d) continue_add_host - Resume a failed Add Host session


B. Tracking Add Host verbs

a) get_add_host_status        -- Display the latest status of a submitted Add Host session.
b) list_add_host_sessions         -- List the submitted Add Host sessions

You can watch short video on how to perform agent deployment using EMCLI from here:
Screenwatch: How to perform mass agent deployment using Add host wizard (Agent Push) through EM CLI (New in EM 12.1.0.3)

Question 2) Can I use my SSH-key credential while deploying agent through Add Host Targets Wizard (Agent Push) ? 

 Answer 2) Starting EM 12.1.0.3 named credentials support SSH public key authentication and password based authentication. So you can use an existing SSH public key authentication without exposing your passwords. There are 2 use cases here.

i.  If you have setup SSH between the OMS and the target hosts and has the ssh keys handy the he has to follow only steps 4 and 5

ii. If you have not setup SSH between the OMS and the target hosts and does not have the ssh keys then he has to follow steps 1 to 5.

1. Navigate to the following location in the OMS home: $<OMS_HOME>/oui/prov/resources/scripts 

For example, /home/software/em/middleware/oms/oui/prov/resources/scripts

2. Run the following script, and pass the OMS user name you used for installing the OMS and the fully qualified name of the target hosts.

sshUserSetup.sh -setup -user <user_name> -hosts <target_hosts>

3. The SSH keys are generated under $OMS_USER_HOME/.ssh/id_rsa and $OMS_USER_HOME/.ssh/id_rsa.pub

4. Upload the keys to EM

5. Select the keys during agent deployment

Question 3) In my company we use Tectia instead of SSH, can I still use Add Host Targets Wizard (Agent Push) to deploy agents? 

Answer 3)  Yes, Add Host Targets Wizard (Agent Push ) supports SSH Vendors are OpenSSH (SSH2), Tectia. If you have any of these setup between your OMS and target machine you don’t have to do anything extra, application is intelligent enough to pick up the configuration and perform the agent deployment.

Question 4) Does Add Host Targets Wizard (Agent Push) support RSH?  

Answer 4) We don’t support RSH as we need secure shell to perform remote execution and remote copy. Even if RSH is setup Agent push application will not honor it.

Question 5)  I am not sure on which port my SSH is running and how to change SSH port for Add Host Targets Wizard (Agent Push)?

Answer 5) SSH default port is 22 but if you want to cross check or its running on different port then you can cat /etc/ssh/sshd_config to find out what port ssh is running on. Another way to find the port used by SSH you can run:

netstat -anp | grep -i sshd

Output of this command  will be like- 

tcp      0 0 0.0.0.0:22         0.0.0.0:*         LISTEN         3188/sshd

So in the above output 22 is the ssh port.

Once you know the ssh port used, you can update the SSH_PORT property in $<OMS_HOME>/oui/prov/resources/Paths.properties as below: SSH_PORT=<port number>

Question 6) Cygwin is required for deploying agents on Windows host using Add Host Targets Wizard (Agent Push). Once 12c agent is properly installed, is there a need to maintain a copy of Cygwin on the Windows server?  Can it be deleted?

Answer 6) Cygwin 1.7  is required to just deploy EM 12c agent on remote host and can be remove once agents are deployed. Cygwin is not required for any other EM lifecycle operations. 

Follow the steps to configure cygwin for agent deployment from here: http://docs.oracle.com/cd/E24628_01/install.121/e22624/preinstall_req_cygwin_ssh.htm#CBHCDFCH

Question 7)  What is the purpose of user "cyg_server" getting created, while Installing Cygwin, from 12c Cloud Control side. Is this user used during authentication? What if we provide some other username instead of "cyg_server"?

Answer 7) This user is an internal user created by ssh for privilege delegation and not used for agent install.

Question 8) I don’t want to deploy agents using EM login user: SYSMAN. Can I perform role based agent deployment? 

 Answer 8) Yes you can deploy agent from UI and EM CLI with non-sysman user having CREATE_TARGET privilege. If user tries to access the add host page with a user who does not have this privilege, he will get the below error.

Question 9) What all authentication utilities does Add Host Targets Wizard (Agent Push) support?

Answer 9) We support for all standard pdp utilities, sudo, pbrun, sesu , su. 

Question 10) What are the sudo requirements for deploying agent using Add Host Targets Wizard (Agent Push)?

Answer 10)  If your install user can become root then make sure that the /etc/sudoers file have following permission: 

<install_user> ALL=(root) /usr/bin/id, <agent_home>/*/agentdeployroot.sh

For example, oracle ALL=(root) /usr/bin/id, /home/oracle/agentibd/*/agentdeployroot.sh.

Here, oracle is the installing user, and /home/oracle/agentibd is the Management Agent home, that is, the agent base directory.

Question 11) Why do we need install user to have permission to run  /usr/bin/id command?

Answer 11) We use this command to check if the install user has the privilege to switch to root user using the privilege delegation tool.  If you are have locked account usecase then the user that you will switch to should have the permission to run this command. More details on locked account usecase refer to : http://docs.oracle.com/cd/E24628_01/install.121/e22624/install_agent.htm#CACJEFJI

Question 12)  In EM 12.1.0.3 do we still need to set the visiblepw in the /etc/sudoers file?

Answer 12) From EM 12.1.0.3 its not mandatory to set this parameter in /etc/sudoers file instead user can just  pass –enablePty in the additional parameters and set the global property oracle.sysman.prov.agentpush.enablePty=true in $OMS_HOME/sysman/prov/agentpush/agentpush.properties.

You need to set the above property so that the privilege delegation tools such as pbrun, sesu, and su can use pseudo terminal for remote command execution over SSH.

More Information:

What's New in Enterprise Manager 12.1.0.3 Agent Deployment

http://www.oracle.com/technetwork/oem/install-upgrade/em-12103-agent-deployment-1967206.pdf

EM 12.1.0.3 Add Host Targets Wizard (Agent Push) chapter

http://docs.oracle.com/cd/E24628_01/install.121/e22624/install_agent.htm#CACJEFJI 

Screenwatch: How to perform mass agent deployment using Add host wizard (Agent Push) through EM CLI (New in EM 12.1.0.3)  

https://apex.oracle.com/pls/apex/f?p=44785:24:0:::24:P24_CONTENT_ID,P24_PREV_PAGE:7714,1 

    Comments:

    Post a Comment:
    • HTML Syntax: NOT allowed
    About

    Latest information and perspectives on Oracle Enterprise Manager.

    Related Blogs




    Search

    Archives
    « March 2015
    SunMonTueWedThuFriSat
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
        
           
    Today