I am hoping someone can help with a little sanity check for me. I have been trying to work with getting some new locations connected to the BigFix environment. These clients are not connected to the domain so for the most part need to go through a local relay or an Internet Relay in order to register with BigFix.
Each installer has some custom config settings to talk to the local relay/Internet relay, a Installer tag for computer group association and locking the endpoint so no actions immediately deploy.
I have been going through a few different IBM pages and cannot seem to get a clear answer on accomplishing this goal for Mac and Linux/Unix, I do seem to get Windows working ok.
Windows - This one seems to work fine
Grab the installer setup.exe from the server and include the clientsettings.cfg in the same directory when installing
Contents of clientsettings.cfg:
__RelayServer1=http://IPaddy of local relay:52311/bfmirror/downloads/
__RelayServer2=http://IPaddy of Internet Relay 1:52311/bfmirror/downloads/
__BESClient_RelaySelect_FailoverRelay=http://IPaddy of Internet Relay 2:52311/bfmirror/downloads/
__BESClient_Comm_CommandPollEnable=1
__BESClient_Comm_CommandPollIntervalSeconds=3600
__BESClient_Installer=InstallerBrand
__LockState=true
Add it to the package file, place it in BESAgent.pkg/Contents/Resources/clientsettings.cfg.
This can be accessed directly from the shell, but in the Finder you will need to right click on the BESAgent.pkg file and choose “Show Package Contents” to navigate within the package.
Copy and Deploy the .DMG file to all MAC’s or do these steps need to be repeated for each machine
Linux/Unix - Have not been able to get this to work (I think the besclient.config file was missing a mandatory setting or the config is getting overwritten)
On the client machine, make sure the directory exists in which the settings file will be placed (mkdir -p /var/opt/BESClient)
Copy besclient.config to /var/opt/BESClient directory
Make sure that the directory and file are owned by root and not writable by anyone else.
When you run the TEM Unix client installer to install the TEM client, the installer will see this directory and file have already been created and it will not try to re-create it or overwrite it.
Contents of besclient.config:
[Software\BigFix\EnterpriseClient]
EnterpriseClientFolder = /opt/BESClient
[Software\BigFix\EnterpriseClient\GlobalOptions]
StoragePath = /var/opt/BESClient
LibPath = /opt/BESClient/BESLib
[Software\BigFix\EnterpriseClient\Settings\Client\__RelayServer1]
effective date = Wed, 12 Aug 2015 11:00:00 -0700
value = http://IP of local relay:52311/bfmirror/downloads/
[Software\BigFix\EnterpriseClient\Settings\Client\__RelayServer2]
effective date = Wed, 12 Aug 2015 11:00:00 -0700
value = http://IP of Internet Relay 1:52311/bfmirror/downloads/
[Software\BigFix\EnterpriseClient\Settings\Client\__RelaySelect_Automatic]
effective date = Wed, 12 Aug 2015 11:00:00 -0700
value = 0
[Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_Comm_CommandPollEnable]
effective date = Wed, 12 Aug 2015 11:00:00 -0700
value = 1
[Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_Comm_CommandPollIntervalSeconds]
effective date = Wed, 12 Aug 2015 11:00:00 -0700
value = 3600
[Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_Installer]
effective date = Wed, 12 Aug 2015 11:00:00 -0700
value = InstallerBrand
[Software\BigFix\EnterpriseClient\Settings\Client\__LockState]
effective date = Wed, 12 Aug 2015 11:00:00 -0700
value = true
Also, your question is buried in the middle of your text and doesn’t even have a question mark. For those of us who read a lot of forum posts it would be really useful to highlight the question you are asking.
Sorry, that was a late night rant as I am trying to simplify the instructions for people that are wary of installing BigFix and cannot resolve the DNS name.
I have tried to base the instructions off of that site but it gets confusing at times as well. There is a part where it talks about setting up the relay “To set the relay, the same lines with IP is needed in the clientsettings.cfg” but it does not say what IP means, and I know for a fact that I have registered clients through the Internet Relay without that line (for Windows machines), so does this line just need to be added for the MAC clientsettings.cfg file (makes that file different from Windows) or is it recommended for both.
I am trying to simplify the instructions so as we onboard new users I can point them to either the Windows/MAC/Linux instructions and get them to install BigFix without being able to resolve the Bigfix.Domain.com:52311 name. Each set of instructions would have the files they need (installer, masthead, and configuration) and in theory easily follow.
The technote is a bit redundant. The “IP” or “Relay IP” setting is a special option just for use with the client settings.cfg file which can be used instead of the official __RelayServerN options. If you’re specifying the __RelayServerN settings, then you don’t need to use IP in either Windows or Mac.
The Linux/Unix instructions should work, but you might try using the filename besclient.config.default to see if that works better. The post also shows a missing backslash, but I’m assuming that was lost in the post, and is actually present in your file.
should be [Software\BigFix\EnterpriseClient\Settings\Client\__RelayServer1]
Thanks Steve, it looks like the board took the formatting out of the settings I posted.
So I provided the instructions below which I assumed were simple enough to follow but it looks like Apple has changes some things around in Yosemite (10.10.5) update. The instructions I provided says to add the .CFG file in the .PKG file at the following location BESAgent.pkg/Contents/Resources/clientsettings.cfg . The site is reporting that with this update you can no longer do the “Show Package Contents” nor will it open with Terminal.
My understanding is that we are trying to put the config file in the PKG file and then turn it into a .DMG file for deployment to all machines. If we cannot modify the PKG file is there another way to apply relay settings during client installation? They are trying third party tools for PKG modification but not having luck yet.
Instructions provided to local staff (trying to be simple as possible)
Add the clientsettings.cfg to the package file, place it in BESAgent.pkg/Contents/Resources/clientsettings.cfg.
This can be accessed directly from the shell, but in the Finder you will need to right click on the BESAgent.pkg file and choose “Show Package Contents” to navigate within the package.
If you want to create a DMG for outside use with a 9.0+ client just put the PKG, the masthead and the cfg file in the same directory in a DMG and when the user double clicks or runs the PKG from the DMG after mounting it they will take the masthead and configuration settings from the directory.
Do NOT do step 2 as you have listed. The PKG we create now is a flat file signed installer so you shouldn’t be modifying it like that. The installer will look for the CFG at the same level as its PKG file.
Thanks for that link, this is why I am asking as this is the second or third IBM link that I looked at trying to get the answer for this.
So if I am reading this right, I dont need to have a DMG file I can just have the PKG, masthead (renamed actionsite.afxm), and the config file in the same directory and it will work, or do I have to create the DMG file with all of those files together? I feel there should be an easy clear way to do this, especially when I am trying to hand this off to people that are not on the network.
Correct. The three files just need to be together.
A DMG is a good way of pushing it out so they stay together but if you say to download the 3 and run it, it will do the right thing if they are in the same directory.
This page of the 9.2 documentation mentions a BESAgent Installer Builder app and still describes adding the clientsettings.cfg to BESAgent-9.2.xxx.x-BigFix_MacOSXxx.x.pkg/Contents/Resources. Does the BES Installer Builder app still exist? Does it build an old style package rather than a flat pkg?
The Installer Builder doesn’t exist anymore since we switched to a flat package. The masthead (actionsite.afxm) and the cfg file should just be right next to the PKG to be recognized.
You can download the script from GitHub’s RAW link, put it in the same folder as your clientsettings.cfg file, and it will automatically create the besclient.config file for you based upon that file. The code that just does the conversion is found here: https://github.com/jgstew/tools/blob/master/bash/convert_clientsettings.sh
If you do not provide a clientsettings.cfg file when you run install_bigfix.sh then it will automatically set the failover relay for the installed client to the relay you use to download the masthead file from. This means you don’t actually need to create the clientsettings.cfg file first for the specific endpoints if the only thing you need to do is provide the client with a relay it can reach because you provide a relay it can reach as a parameter to install_bigfix.sh
This means you could use a script to determine which relay the client should use based upon it’s DHCP IP address and then pipe that into install_bigfix.sh or always use an internet facing relay. This allows you to kickstart the BigFix client installation in a Post Install script.
For those of us who read a lot of forum posts it would be really useful to highlight the question you are asking.