Reimaging Linux Systems
You can reimage Linux systems by deploying images that you previously imported from deployment media.
When you reimage a Linux target system, you are installing an image file (.LIM) previously created from an ISO image and stored in the Image Library. Depending on the reimaging mode, (Upgrade or Install), you are required to specify parameters that are needed for the target deployment. The parameters that you specify must be saved to a template before starting the reimage task. For more information, see Managing templates.
You can reimage Linux systems in two different modes:
- Upgrade
If you select this mode, the operating system RPM Package Manager files (.rpm) on the target are updated at the required level. Optionally, you can choose to upgrade the Endpoint Manager Client that is installed on the target.
- Install
- If you select this mode, the selected image is installed on the target system. The data on the current system is overwritten by the new installation. The disks on the target are re-partitioned by default. The following existing settings on the target are preserved and copied to the reimaged system:
- Machine identity (language, keyboard, timezone, network settings)
- BigFix client identity
Note: In some cases, the BigFix client identity is not preserved. For more information, see Duplicate client computer entry in the Server database after a Linux reimage.
- Reimaging to targets that are managed by a proxy server is not supported.
- If your server is IBM BigFix Version 8.2, you cannot reimage Linux targets from the dashboard. You must use the Linux reimage task. See Using the Linux System Reimage task.
- Reimaging of captured images is not supported.
- It is good practice to backup your system before upgrading.
From the Image Library Dashboard, select the Linux source image you want to deploy and click Deploy to Computer.
Linux configuration options
For the reimaging process, a configuration file is used at deployment time for both reimaging modes. The default configuration file is displayed in the corresponding field of the Deploy Image to Computer dialog. This file includes a base system configuration for the installation of the most common packages, and, for the install mode only, a standard partition layout.
The configuration file is updated on the target system during the reimaging task to copy the machine identity on the destination image. The language, keyboard, timezone, and network settings are added at run time for this purpose. To override this behavior, edit the configuration file by providing your values for these settings. The values you provide are used on the target instead of the default ones.
For more information about customizing the configuration files for the supported Linux operating systems, refer to the specific Linux vendor documentation. For example, you can view information about the RedHat Enterprise Linux Kickstart configuration file options for Version 6, at this link: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/ch-kickstart2.html, and information about the SUSE Linux Enterprise Server Control file for Version 11 SP3, at this link: http://doc.opensuse.org/projects/autoyast/index.html.
Valid reimaging combinations
Architecture (From/To) | Distribution | OS Combinations (From/To) |
---|---|---|
|
|
|
Architecture (From/To) | Distribution | OS/SP Combinations (From/To) |
---|---|---|
|
RHEL to RHEL | Version 5.x to 5.x+n |
Version 5.x to 6.x 1 | ||
Version 6.x to 6.x+n | ||
Version 7.x to 7.x+n | ||
|
|
Version 10.3 and 10.4 x to 11.0 |
Version 10.4 to 11.3 | ||
Version 11.x to 11.x+1 | ||
Version 11.3 or later to 12.x |
- For this OS combination you must select Force upgrade. Upgrading from RHEL 6.x to RHEL 7.x is not supported.
- SUSE Linux Enterprise Server (SLES) Version 10 is supported only as a source operating system. Reimaging to SLES 10 is not supported.
- For 64-bit architectures, both BIOS and UEFI targets are supported.
Reimaging in Upgrade mode
In the Deploy Image to Computer dialog, select Upgrade.
This mode is intended for upgrading to later service packs for the same major release. However, if you check Force upgrade the upgrade to a major release is forced, which could lead to an unsuccessful deployment. If you plan to change major release, you should use the install mode.
There are no required parameters for the Upgrade mode. Optionally, you can select to upgrade the IBM® BigFix client, by checking the corresponding option. You are then prompted to select the client package version. All selections that you make must be saved to a template. You can save to the Default template, choose to save your selections to a new template, or populate the dialog with settings from a previously saved template. The default configuration parameters that are stored in the installer response file and used for the upgrade are displayed. You can modify these parameters to suit your reimaging needs. Optionally, you can specify additional kernel parameters that the Linux installer uses during installation, and any client settings for the targets.
Reimaging in Install mode
In the Deploy Image to Computer dialog, select Install .
Select a previously saved template, create a new template to save the current settings, or save your selections to the Default template. When you reimage in Install mode, the IBM BigFix client is installed. The default version is the same version as the IBM BigFix server. You can select a different version by expanding Client Version. You must specify the root password of the target, or select a previously saved template that contains the correct root password.
The Allow client traffic option is selected by default. If your targets have the operating system firewall enabled, this option allows inbound udp traffic from the server to be correctly received. If you clear this option, you must allow inbound traffic by using Fixlets 678 or 682, depending on the type of operating system, as detailed in Changing Firewall settings
The default deployment configuration parameters stored in the installer response file and used for the installation are displayed. You can modify these parameters to suit your reimaging needs. Optionally, you can specify additional kernel parameters that the Linux installer uses during installation, and any client settings for the targets.
Using the Linux System Reimage task
You can reimage Linux targets using the Linux System Reimage task. Select the image and the associated configuration template containing the settings to be used for the reimaging process that you have previously created and saved in the Image Library. Specify the root password for the target system if you are reimaging in Install mode. The password that you specify can be either in clear text or encrypted. If your server is at IBM BigFix Version 8.2 level, the password you specify must be encrypted. In either case, the password is always encrypted during the deployment process.
You can optionally specify boot-time kernel parameters for the installer, and client settings.
The reimage task does not install the BigFix client. For reimaging to run successfully on the selected targets, the Image Provider component must be running on the relays to which these targets are connected.
During
task execution, the Linux installer boot files are saved in /boot/OSD_XX
(if
the target is BIOS) or /boot/efi/OSD_XX
(if
the target is UEFI), where XX is a randomly generated number.
During
the final steps of the task, the original boot loader sequence is
modified to start the Linux installer after the target reboots. The
original boot loader configuration file is saved in /tmp/BOOTLOADER.rbobkp
,
where BOOTLOADER
is either grub.conf or elilo.conf,
depending on the boot loader on the target.
Password encryption
The root password that you supply for reimaging can be either in clear text or encrypted using any of the encryption methods supported by the corresponding Linux installers.
$id$mysalt$mypassword
where mysalt is
a character string that is preceded by the characters "$id$" where
the value in id identifies the encryption method
used, ending with "$" and followed by the actual
password string. The salt string can be up to 16 characters.ID | Method |
---|---|
1 | MD5 |
2a | Blowfish algorithm |
5 | SHA-256 |
6 | SHA-512 |
Example 1:
# openssl passwd -1 -salt my_key
Password: mypassword
$1$my_key$jVY4Txf5wMoEsJX3ieQaR0
Example 2:
# python -c 'import crypt; print crypt.crypt("mypassword", "$6$my_key")'
$6$my_key$2Wz7.0skHT/FQI3yy9TbjPtLjjRq9cmU.TjnPGHWu4WUjemTR/
.TdaK68y2E63cxdxVaD58i64dyQIpnabUjz/
Changing Firewall settings
- RedHat Firewall is Blocking BES Traffic - BES Client (678)
- SuSE Firewall is Blocking BES Traffic - BES Client (682)