#!/bin/sh OMI_HOME=/opt/omi OMI_REGISTER_DIR=/etc/opt/omi/conf/omiregister/ CONFIG_SYSCONFDIR=/etc/opt/omi/conf CONFIG_DATADIR=$OMI_HOME/share OMI_LIB=$OMI_HOME/lib mkdir -p $CONFIG_SYSCONFDIR/omsconfig mkdir -p $CONFIG_SYSCONFDIR/omsconfig/InventoryReports mkdir -p $CONFIG_SYSCONFDIR/omsconfig/configuration mkdir -p $CONFIG_SYSCONFDIR/omsconfig/configuration/schema mkdir -p $CONFIG_SYSCONFDIR/omsconfig/configuration/schema/MSFT_LogResource mkdir -p $CONFIG_SYSCONFDIR/omsconfig/configuration/baseregistration mkdir -p $CONFIG_SYSCONFDIR/omsconfig/configuration/registration mkdir -p $CONFIG_SYSCONFDIR/omsconfig/configuration/registration/MSFT_LogResource mkdir -p $CONFIG_SYSCONFDIR/omsconfig/configuration/BuiltinProvCache mkdir -p $CONFIG_DATADIR/omsconfig mkdir -p $CONFIG_DATADIR/omsconfig/configuration mkdir -p $CONFIG_DATADIR/omsconfig/configuration/schema mkdir -p $CONFIG_DATADIR/omsconfig/configuration/registration chmod 700 $CONFIG_SYSCONFDIR/omsconfig # Set up logging directory mkdir -p /var/opt/microsoft/omsconfig chown omsagent /var/opt/microsoft/omsconfig chgrp omsagent /var/opt/microsoft/omsconfig chmod 755 /var/opt/microsoft/omsconfig # Set up log file if [ ! -f /var/opt/microsoft/omsconfig/omsconfig.log ]; then touch /var/opt/microsoft/omsconfig/omsconfig.log fi chown omsagent /var/opt/microsoft/omsconfig/omsconfig.log chgrp omsagent /var/opt/microsoft/omsconfig/omsconfig.log chmod 644 /var/opt/microsoft/omsconfig/omsconfig.log # Set up detailed log file if [ ! -f /var/opt/microsoft/omsconfig/omsconfigdetailed.log ]; then touch /var/opt/microsoft/omsconfig/omsconfigdetailed.log fi chown omsagent /var/opt/microsoft/omsconfig/omsconfigdetailed.log chgrp omsagent /var/opt/microsoft/omsconfig/omsconfigdetailed.log chmod 644 /var/opt/microsoft/omsconfig/omsconfigdetailed.log # Set up dsc_host use switch if [ ! -f /opt/dsc/dsc_host_ready ]; then touch /opt/dsc/dsc_host_ready fi chown omsagent /opt/dsc/dsc_host_ready chgrp omsagent /opt/dsc/dsc_host_ready chmod 644 /opt/dsc/dsc_host_ready # Set up secure_update cache dir mkdir -p /var/opt/microsoft/omsconfig_secure_cache chown root /var/opt/microsoft/omsconfig_secure_cache chgrp root /var/opt/microsoft/omsconfig_secure_cache chmod 755 /var/opt/microsoft/omsconfig_secure_cache # Create links in omi's directories for DSC data mkdir -p $OMI_REGISTER_DIR/root-oms chmod 755 $OMI_REGISTER_DIR/root-oms cp -f /opt/microsoft/omsconfig/etc/*.reg $OMI_REGISTER_DIR/root-oms cp -f /opt/microsoft/omsconfig/etc/omsconfig.reg $OMI_REGISTER_DIR/root-oms ln -fs /opt/microsoft/omsconfig/lib/libomsconfig.so $OMI_HOME/lib/libomsconfig.so ln -fs /opt/microsoft/omsconfig/bin/OMSConsistencyInvoker $OMI_HOME/bin/OMSConsistencyInvoker cp -f /opt/microsoft/omsconfig/mof/OMI_BaseResourceUE.mof $CONFIG_SYSCONFDIR/omsconfig/configuration/baseregistration/baseresource.schema.mof cp -f /opt/microsoft/omsconfig/mof/MSFT_DSCMetaConfiguration.mof $CONFIG_SYSCONFDIR/omsconfig/configuration/baseregistration/MSFT_DSCMetaConfiguration.mof cp -f /opt/microsoft/omsconfig/mof/MSFT_LogResource.registration.mof $CONFIG_SYSCONFDIR/omsconfig/configuration/registration/MSFT_LogResource cp -f /opt/microsoft/omsconfig/mof/MSFT_LogResource.schema.mof $CONFIG_SYSCONFDIR/omsconfig/configuration/schema/MSFT_LogResource chmod a+rx $CONFIG_SYSCONFDIR/omsconfig/ chmod a+rx $CONFIG_SYSCONFDIR/omsconfig/configuration chmod -R a+rx $CONFIG_SYSCONFDIR/omsconfig/configuration/schema chmod -R a+rx $CONFIG_SYSCONFDIR/omsconfig/configuration/baseregistration chmod -R a+rx $CONFIG_SYSCONFDIR/omsconfig/configuration/registration chown -R omsagent /opt/microsoft/omsconfig/modules chown -R omsagent $OMI_REGISTER_DIR/root-oms chown -R omsagent /etc/opt/omi/conf/omsconfig chown -R omsagent /opt/microsoft/omsagent/plugin # Secure the /opt/microsoft/omsagent/plugin dir so that root owned files # cannot me modified by non-root while still allowing omsagent to modify # omsagent owned files chown root /opt/microsoft/omsagent/plugin chgrp omiusers /opt/microsoft/omsagent/plugin chmod 1775 /opt/microsoft/omsagent/plugin # If this is ever changed/removed, coordinate with nxOMSAuditdPlugin author/maintainer(s) chown -R omsagent /opt/microsoft/omsconfig/Scripts # Secure the /opt/microsoft/omsconfig/Scripts dir so that root owned files # cannot me modified by non-root while still allowing omsagent to modify # omsagent owned files chown root /opt/microsoft/omsconfig/Scripts chgrp omiusers /opt/microsoft/omsconfig/Scripts chmod 1775 /opt/microsoft/omsconfig/Scripts # pythonVersion check must be repeated for each section version=$(python3 -V 2>&1 | grep -Po '(?<=Python )(.+)') if [ ! -z "$version" ]; then echo "Using python3" pythonVersion="python3" else version=$(python2 -V 2>&1 | grep -Po '(?<=Python )(.+)') if [ ! -z "$version" ]; then echo "Using python2" pythonVersion="python2" else echo "Python not found." fi fi # Set up built-in resource modules for OMS DSC if [ "$pythonVersion" = "python3" ]; then echo "Running python3, python version is ", $pythonVersion su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nx_1.5.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPerfCounter_2.3.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSSyslog_2.5.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSSudoCustomLog_2.8.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSKeyMgmt_1.0.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxFileInventory_1.4.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip 0" else echo "Running python version is ", $pythonVersion su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nx_1.5.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPerfCounter_2.3.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSSyslog_2.5.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSSudoCustomLog_2.8.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSKeyMgmt_1.0.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxFileInventory_1.4.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip 0" fi # Set up a built-in resource module for DIY DSC that was removed during OMS Agent update # This is a temporary workaround to prevent DIY DSC from breaking after the OMS Agent is updated from version 1.4.4-210 or below # This section can be removed when telemetry shows that customers no longer need to update from version 1.4.4-210 or below # Check if DIY DSC install module script is present on the machine if [ -f /opt/microsoft/dsc/Scripts/InstallModule.py ]; then # Check if nx module package is available in DIY DSC if [ -f /opt/microsoft/dsc/module_packages/nx_1.5.zip ]; then if [ "$pythonVersion" = "python3" ]; then echo "Running python3" /opt/microsoft/dsc/Scripts/python3/InstallModule.py /opt/microsoft/dsc/module_packages/nx_1.5.zip 0 else echo "Running python2 in Check if DIY DSC install... python version is ", $pythonVersion /opt/microsoft/dsc/Scripts/InstallModule.py /opt/microsoft/dsc/module_packages/nx_1.5.zip 0 fi fi fi # Ensure .reg files all have correct permissions chmod 644 $OMI_REGISTER_DIR/root-oms/*.reg if [ -f "/etc/opt/omi/conf/omsconfig/agentid" ]; then chown omsagent:omiusers "/etc/opt/omi/conf/omsconfig/agentid"; fi if [ -f "/etc/opt/omi/conf/omsconfig/generated_meta_config.mof" ]; then chown omsagent:omiusers "/etc/opt/omi/conf/omsconfig/generated_meta_config.mof"; fi if [ -d "/etc/opt/omi/conf/omsconfig/.gnupg" ]; then chown omsagent:omiusers "/etc/opt/omi/conf/omsconfig/.gnupg"; fi if [ -f "/etc/opt/omi/conf/omsconfig/inventory_lock" ]; then chown omsagent:omiusers "/etc/opt/omi/conf/omsconfig/inventory_lock"; fi if [ -f "/etc/opt/omi/conf/omsconfig/keymgmtring.gpg" ]; then chown omsagent:omiusers "/etc/opt/omi/conf/omsconfig/keymgmtring.gpg"; fi if [ -f "/etc/opt/omi/conf/omsconfig/keyring.gpg" ]; then chown omsagent:omiusers "/etc/opt/omi/conf/omsconfig/keyring.gpg"; fi if [ -f "/etc/opt/omi/conf/omsconfig/last_statusreport" ]; then chown omsagent:omiusers "/etc/opt/omi/conf/omsconfig/last_statusreport"; fi if [ -d "/var/opt/microsoft/omsconfig" ]; then chown -R omsagent:omiusers /var/opt/microsoft/omsconfig/*; fi if [ -d "/etc/opt/omi/conf/omsconfig" ]; then chown -R omsagent:omiusers /etc/opt/omi/conf/omsconfig/*; fi if [ -d $OMI_LIB/Scripts ]; then rm -rf $OMI_LIB/Scripts fi cp -R /opt/microsoft/omsconfig/Scripts $OMI_LIB/Scripts # create symlink from /opt/omi/lib/libcurl.so.4 to wherever libcurl.so is on the system CURL_PATH=`which curl` LIBCURL_SO=`ldd ${CURL_PATH} | grep libcurl.so | awk '{print $3}'` # if libcurl was not found (in case of libcurl-gnutls-dev package) let use ldconfig intead. if [ -z "$LIBCURL_SO" ]; then echo "Warning: Unable to find libcurl.so using curl CMD: '${CURL_PATH}'. Trying again with ldconfig." LIBCURL_SO=`ldconfig -p | grep "libcurl" | awk -F ">" '{print $2}' | awk -F " " '{print $1; exit 0}'` if [ -z "$LIBCURL_SO" ]; then echo "Error: Unable to find libcurl in ldconfig. Please install curl." exit 1 fi fi ln -fs $LIBCURL_SO /opt/omi/lib/libcurl.so.3 ln -fs $LIBCURL_SO /opt/omi/lib/libcurl.so.4 chown -R omsagent /opt/microsoft/omsconfig/Scripts # Reset Script dir ownership back to root chown root /opt/microsoft/omsconfig/Scripts su - omsagent -c "/opt/microsoft/omsconfig/Scripts/ImportGPGKey.sh /opt/microsoft/omsconfig/keys/msgpgkey.asc keymgmtring.gpg" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/ImportGPGKey.sh /opt/microsoft/omsconfig/keys/dscgpgkey.asc keyring.gpg" ### Reset ownership of files defined in /etc/sudoers.d/omsagent echo "Reset ownership of files defined in /etc/sudoers.d/omsagent" # Reset file ownership at /opt/microsoft/omsconfig/Scripts chown root:root /opt/microsoft/omsconfig/Scripts/OMSSysklog.post.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSRsyslog.post.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSSyslog-ng.post.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSServiceStat.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSServiceStatAll.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSYumUpdates.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSZypperUpdates.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSAptUpdates.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSYumSecurityUpdates.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSZypperSecurityUpdates.sh chown root:root /opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh # Reset file ownership at /opt/microsoft/omsagent/plugin chown root:root /opt/microsoft/omsagent/plugin/tailfilereader.rb # Set up a dsc cron job to run the ConsistencyInvoker every 30 minutes which is default freq, this is to fix dsc github issue no 322. # It is a temporary workaround to create dsc DYI cron job as omsconfig upgrade removes dsc cron job. # check if dsc consistency invoker is present on the machine if [ -f /opt/omi/bin/ConsistencyInvoker ]; then # check if we do not have dsc cron file on the box then create one. if [ ! -f /etc/cron.d/dsc ]; then echo "*/30 * * * * root /opt/omi/bin/ConsistencyInvoker" > /etc/cron.d/dsc fi fi /opt/omi/bin/service_control restart # pythonVersion check must be repeated for each section version=$(python3 -V 2>&1 | grep -Po '(?<=Python )(.+)') if [ ! -z "$version" ]; then echo "Using python3" pythonVersion="python3" else version=$(python2 -V 2>&1 | grep -Po '(?<=Python )(.+)') if [ ! -z "$version" ]; then echo "Using python2" pythonVersion="python2" else echo "Python not found." fi fi # If omsadmin.conf exists, let's apply the metaconfig if [ -f /etc/opt/microsoft/omsagent/conf/omsadmin.conf ]; then if [ "$pythonVersion" = "python3" ]; then echo "Running python3" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/OMS_MetaConfigHelper.py" else echo "Running python2 if omsadmin.conf exists python version is ", $pythonVersion su - omsagent -c "/opt/microsoft/omsconfig/Scripts/OMS_MetaConfigHelper.py" fi fi cp -f /opt/microsoft/omsconfig/etc/Inventory.mof /etc/opt/omi/conf/omsconfig/configuration/Inventory.mof chown omsagent /etc/opt/omi/conf/omsconfig/configuration/Inventory.mof chgrp omsagent /etc/opt/omi/conf/omsconfig/configuration/Inventory.mof exit 0