Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Installing BMC Server Automation components (Linux and UNIX)

On Linux and UNIX servers, you can install all server components of a BMC Server Automation system at one time except BMC Server Automation Console.

This topic provides instructions for installing the following server components:

  • Application Server
  • RSCD agent
  • Network Shell
  • PXE Server
  • TFTP Server

If you prefer, you can install only some of the available BMC Server Automation components.

Note

  • Choose all components you need for the installation. If you choose not to install a component, you cannot add it to the installation later by running this installation script again.
  • For successful provisioning, the RSCD agent must be installed on the same host computer as the PXE server. If you install the PXE server, you must also install the RSCD agent.


This installation does not install the BMC Server Automation Console. To view the console, you must install it. For information, see Installing the BMC Server Automation Console (Linux and UNIX).

To install a Provisioning Server, install the Application Server and select the option to enable provisioning.

Performing this installation creates a UNIX user called bladmin and a UNIX group called bladmin. The BMC Server Automation Application Server runs as the bladmin user.

If a user wants to use BMC Server Automation and does not have root privileges, the user must first be added to the bladmin group to gain access to essential configuration files.

This installation does not set up a Network Shell Proxy Server. For instructions on setting up and customizing a Network Shell Proxy Server, see Setting up a Network Shell proxy server.

If the host computer on which you are installing the Network Shell has:

  • A supported version of Perl installed — The Network Shell installation automatically installs the Network Shell Perl module. (For information about the Perl versions that BMC Server Automation supports, see Perl support.)
  • An unsupported version of Perl installed — The installation copies files that allow you to install the Perl module after you have installed the supported version of Perl.

To perform a silent installation of BMC Server Automation components, see Using silent mode to install BMC Server Automation components (Linux or UNIX).

Before you begin

  • Linux platforms on which you plan to install the Application Server or Network Shell must have the appropriate version of libtermcap.so.2 shared library installed. Install the shared library before installing these components. For more information, see Requirement for installing the Application Server, BMC Server Automation Console, or Network Shell on Linux.
  • The UNIX or Linux file system partition to which you plan to install the Application Server must not be mounted with the nosuid option.
  • Set the umask for the root user to 0027 or 0022 on the Application Server host computer.
  • BMC Server Automation might have many open files at any given point in its operation. Therefore, unless your environment has specific needs for a more restrictive setting (depending on the specific operation of the Application Server), BMC recommends that you ensure that the following operating system parameters are set for the bladmin user. These settings should be permanently set for the user (for example, in the /etc/security/limits.conf  file for Linux):
    • Set core files to unlimited.
    • Set the number of open file descriptors to 8192
  • Optionally, set the INSTALL_FILES_TEMP environment variable to a valid, writable directory. If this variable is set, the installer files are stored in that location, thereby reducing the disk space requirements for /tmpduring the installation. Enter the following commands at the operating system command line:

    INSTALL_FILES_TEMP=<temporaryDirLocation>
    export INSTALL_FILES_TEMP

    For more information, see Methods for reducing installation space on Linux and UNIX.

To install all BMC Server Automation server components

  1. Navigate to the directory containing installation files and run the installation script for BMC Server Automation. (Script names follow the convention: BBSAversion-platform.) BMC recommends that you execute the installation from a root shell. Do not execute the installation script from a non-root account.
  2. Follow the instructions in the installation script and refer to Worksheet for installing BMC Server Automation on Linux and UNIX for details about the required installation parameters.

    Note

    • To avoid permission issues with bladmin, do not install a local installation beneath the root home directory.
    • If you are setting up VMware ESX servers, you must define certain properties that allow the Application Server to communicate with a web service which accesses the ESX server's virtual infrastructure. For more information on configuring an ESX server, see Setting up a VMware vSphere environment.
    • If you have enabled Security-Enhanced Linux (SELinux), during the agent installation you are prompted to allow the installer to alter settings for SELinux. These setting changes modify the security settings to allow assets to be deployed successfully. If you do not allow the installer to alter SELinux settings, or you enable SELinux after the agent installation, you must disable SELinux or run the following commands to allow assets to be deployed successfully:

      setsebool -P allow_execstack=1
      setsebool -P allow_execmod=1

Where to go from here

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Pedro Barbero iglesias

    Hi guys!

    I feel a little confused about this point discussed here,

    "Set the umask for the root and bladmin users to 0027 on the Application Server host computer."

    Because initially "bladmin" user doesn't exist. So that, should we previously create it before proceeding with the installation? In that case, what is the correct configuration to do it (for instance talking in terms of, home directory,shell (restricted or not) and so on...)?

    Or we just have to set umask to "root" and "blasadmin" once the installation is completed?

    According to one or other, as you can see will change completely the set of permissions given to the content under the installation directory...

    Any clarification will be appreciated.

    My best regards.

    Jun 24, 2015 02:25
    1. Moiz Nalwalla

      After some investigating I found out that the prerequisite for setting unmask for bladmin is now dropped.

      We might even drop the prerequisite for setting unmask for root, but that still needs to be tested more thoroughly before its officially communicated.

      In any case, i have removed the mention of unmask for bladmin, so that would clear your confusion. Hope this helps.

      Jun 29, 2015 02:10
  2. Pedro Barbero iglesias

    Hi again,

    Another doubt has been raised about the same prerequisite...

    Set the umask for the root user to 0027 on the Application Server host computer.

    Does we have to be consider this requisite also when installing just the RSCD agent? I am asking this because nothing is mentioned in the section below.

    Installing only the RSCD agent (Linux and UNIX)

    I am asking this because an audit of us has detected how some of our agents has some directories with writing permission for others. So it seems they have been installed without taking in consideration this requisite that for sure would avoid this potentially risk.

    Regards.

    Nov 24, 2015 10:32
    1. Bill Robinson

       where do you see 'umask' on this page: Installing only the RSCD agent (Linux and UNIX) ?

       

      "I am asking this because an audit of us has detected how some of our agents has some directories with writing permission for others"

      these:Why do certain RSCD Agent directories have world-writable (777) permissions?

       

      Resolution: Certain RSCD Agent directories (typically within /opt/bmc/bladelogic/RSCD) have world-writable (777) permissions, with a sticky bit. The following table provides information about why these directories (which all reside within the RSCD Agent installation directory) require world-writable permissions. In general, the directories are world-writable so that when roles are mapped to different local user accounts, these accounts are able to write various data into the following directories:

      Directory
      Reason for world-writable permissions
      IPC

      Directory used by various custom configuration objects for the storage of temporary data. For example, this directory contains files used as locks for shared memory communication between the RSCD Agent and various artifacts of the deploy process and the custom configuration objects.

      logRSCD logging directory
      snapshotDirectory used for storage of temporary data for Snapshot Jobs and Audit Jobs during job execution.
      tmp

      Directory used by agent process that are run by users other than root for storage of temporary files.

      Transactions

      Storage location for Deploy Job logs and Deploy Job rollback payload and instructions.

      World-writable permissions also allow individual Deploy Jobs to speak to each other on the Agent and coordinate certain functionalities. For example, coordination of a reboot between two jobs that are running simultaneously, where one deploy job requires a reboot and the other does not.

       


      Nov 24, 2015 04:03
  3. Pedro Barbero iglesias

    Hi there Bill,

    Answering you...

    • I haven't seen it on "Installing only the RSCD agent (Linux and UNIX)", but I saw it here and make me feel confused. Because depending of the umask you set before installing will turn into different set of permissions as a result.

      So that , if I am planning to install just a RSCD agent in a target server, a default umask of "0022" it will be the correct one and enough for this goal. Is this correct?
    • Ok, now is clearly justified why RSCDs agents must have the  world writeable permissions, because is needed by the way they work. Taking in consideration it could be some different users logged in and  mapped as different local users account.

    I will share this clarifications with my peers, so that they can give the correct justification to audit people. Once again, thank you very much for your help. 

    Regards.

     

    Nov 25, 2015 02:34
    1. Bill Robinson

      for the appserver install 0022 or 0027 is fine.  i think there were some issues if it's 0077 or 0007.

      for the rscd i think the umask is irrelevant.

      Nov 25, 2015 06:31