Blog 
OEM 12c Agent Deploy on Windows – no problem with Cygwin!

Oracle Enterprise Manager Cloud Control 12c offers an easy way to add various targets with the Add Targets Wizard over the GUI. Beside normal hosts, databases, listeners and ASM also Exadatas, Middlware, Cluster Services and many more, espacially for monitoring and also with more or less configuration options. But if you want to integrate a simple server first, you need a so called Agent. The agent is an application which monitores directly on the host and communicates with the Enterprise Manager.

Agent 12c Deploy Cygwin 01

At first you need the agents deployment sofware. You will only get these over the Self Update Service of the Enterprise Manager in opposite to earlier releases. Choose the required OS platform and load the software. In our case Agent Software (12.1.0.3) for Microsoft Windows x64 (64-bit). This works for both Windows Server 2008 and also Windows Server 2012.

Agent 12c Deploy Cygwin 03
Setup > Extensibility > Self Update > Agent Software

If you don’t trust the GUI you can display the available Agents over command line:

$OMS_HOME/bin/emcli login -username=sysman -password=******

Login successful

$OMS_HOME/bin/emcli get_supported_platforms

———————————————–

Version = 12.1.0.3.0

Platform = Linux x86-64

———————————————–

Version = 12.1.0.3.0

Platform = Microsoft Windows x64 (64-bit)

———————————————–

Platforms list displayed successfully.

Now we face a crucial decision. For deploying the Agent to the host over the „Add Host Targets“ you still need a SSH access also on a Windows machine, otherwise you will get an error message trying to install the agent: SSH server check failed – SSH daemon (sshd) is not running on port “22”.

Agent 12c Deploy Cygwin 04

There is an alternative to create an Agent image with command line, which is directly installable on the target host. By that you avoid the necessity to provide SSH access over Cygwin. For an individual version and a few Windows machines that would be surely manageable. As soon as you come to various machines it would be more difficult, furthermore you need to create an image for every new agent and operating system version and install it particularly on every machine this multiplies the effort. In that light the opportunity to deliver a secure SSH access to the Windows machine with Cygwin seems to be much more attractive and feasible. In addition, with Cygwin you don’t implement an open SSH access or other mannered free access to the windows machine. No security configurations will be bypassed. Only the required Cygwin-packages will be installed and a single domain user (Oracle DBA) gets password secured access. Finally the usage of Cygwin with the Add Host Targets Wizard is certified and supported by Oracle (Ref.: https://docs.oracle.com/cd/E24628_01/install.121/e22624/preinstall_req_cygwin_ssh.htm#EMBSC151).

In case you still don’t like Cygwin, you’ll find an instruction for an Agent installation without Cygwin in following Blog: OEM 12c Agent deploy on Windows – no problem without Cygwin.

Agent 12c Deploy Cygwin 05

For everyone else it will proceed with Cygwin installation.

Cygwin installation

You will find the pre-installation package here: https://cygwin.com/install.html (in my case setup-x86_64.exe)

Before you set up the SSH access over Cygwin you have to consider that there are no other SSH services, which eventually will cause conflicts. Oracle explicitly mentions OpenSSH and MKSNT as SSH services, which has to be stopped and deleted from the PATH variables as well – this constraint of course takes effect for every other service that uses or block the SSH port 22 – headword: Firewall.

For installation and first-time set up you need administrative permissions.

Agent 12c Deploy Cygwin 06

Agent 12c Deploy Cygwin 07

Agent 12c Deploy Cygwin 08

You can take the installation files later and move them to the next srever. By that it is not neccessary to download everything repeatedly. On the next server you can choose „Install from Local Directory“ and select the already downloaded files.

C:\cygwin !

Agent 12c Deploy Cygwin 09

Very important!: As Root Directory you should choose C:\cygwin. The default path for the Enterprise Manager is set to C:\cygwin. You can change the path in $OMS_HOME/oui/prov/resources/ssPaths_msplats.properties. Usually SSH_PATH, SCP_PATH, MKDIR_PATH, SH_PATH, CHMOD_PATH and TRUE. But have in mind that you have to provide a possible D: drive on every machine, otherwise you had to adjust here every time.

Agent 12c Deploy Cygwin 10

Agent 12c Deploy Cygwin 11

Agent 12c Deploy Cygwin 12

Agent 12c Deploy Cygwin 13

Arrived at the packages choose only the following:

Agent 12c Deploy Cygwin 14

Admin > cygrunsrv

Agent 12c Deploy Cygwin 15

Archive > unzip + zip

Agent 12c Deploy Cygwin 16

Net > openssh + openssl

Agent 12c Deploy Cygwin 17

Let the routine install all additional packages.

Agent 12c Deploy Cygwin 18

Agent 12c Deploy Cygwin 19

Ready

Cygwin configuration

Edit C:\cygwin\cygwin.bat and add following line between chdir … and bash … :

set CYGWIN=binmode ntsec

Additional code cygwin.bat:

Agent 12c Deploy Cygwin 20

Check for correct installation:

Run C:\cygwin\cygwin.bat “As Administrator” and following command

cygrunsrv -h

Help should show up. If there is a problem at this point you have to re-install Cygwin.

Agent 12c Deploy Cygwin 21

Agent 12c Deploy Cygwin 22

It continues with the SSH configuration.

ssh-host-config

Agent 12c Deploy Cygwin 23

*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes

*** Query: Should StrictModes be used? (yes/no) yes

*** Query: Should privilege separation be used? (yes/no) yes

*** Query: new local account ‘sshd’? (yes/no) yes

*** Query: Do you want to install sshd as a service?

*** Query: (Say “no” if it is already installed as a service) (yes/no) yes

*** Query: Enter the value of CYGWIN for the daemon: [] binmode ntsec

*** Query: Do you want to use a different name? (yes/no) no

*** Query: Create new privileged user account ‘cyg_server’? (yes/no) yes

*** Query: Please enter the password: ******

*** Query: Reenter: ******

Agent 12c Deploy Cygwin 24

After entering cyrunsrv –S sshd the service should start.

Agent 12c Deploy Cygwin 25

The next step is to configure the user, who will finally access the machine over SSH. Whose login information will be deposited in the Enterprise Manager later. Therefore the access from the OEM server should be possible.

I’ve gone the easy way and installed Cygwin directly with the domain Oracle DBA User with administrative permissions. By doing this the user is already implemented. If you want to add another domain user enter the following code in the Cygwin command window:

/bin/mkpasswd -d -u oracle_dba >> /etc/passwd

mkdir -p /home/oracle_dba

chown oracle_dba /home/oracle_dba

For a local user –l instead of –d.

This is the step where you can work on the /etc/passwd and delete all unnecessary user and limit the access for Cygwin itself on a minimum. For that you have to backup C:\cygwin\etc\passwd and edit it directly or over Cygwin command line with vi /etc/passwd.

In every case you have to enter following code:

chown oracle_dba /var/log/sshd.log

chown -R oracle_dba /var/empty

chown oracle_dba /etc/ssh*

chmod 755 /var/empty

chmod 644 /var/log/sshd.log

Depending on the version sshd.log doesn’t exist, which is negligible.

After saving C:\cygwin\etc\sshd_config you have to add the following line in sshd_config folgende at the end:

KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

Hint: The file is much better readable with WordPad.

Agent 12c Deploy Cygwin 26

Change the Log On for the CYGWIN sshd service according to your access user. Services.msc > CYGWIN sshd > Properties > Log On

Agent 12c Deploy Cygwin 27

When the service starts properly you can test the access directly over the OEM server:

oracle@oem12c[DBOEM12C]% ssh -l oracle_dba flowers ‘date’

oracle_dba@flowers’s password:

Fri Dec 12 23:34:56 WEST 2014

After password prompt the date should show up. The SSH access works!

Agent deploy

Now to the real cause of our work: Agent Deploy.

Agent 12c Deploy Cygwin 28

Setup > Add Target > Add Targets Manually > Add Host Targets > Add Host …

Agent 12c Deploy Cygwin 29

Specify Host and Plattform > Next

Agent 12c Deploy Cygwin 30
IMPORTANT: Here it depends on the Named Credentials. Lower and Upper Case will be considered. The login information must be similar to the data deposited in the passwd (C:\cygwin\etc\passwd). You can freely choose the Installation Base Directory and the Instance Directory will be added automatically.
 Agent 12c Deploy Cygwin 31

Agent 12c Deploy Cygwin 32

Deploy Agent

Agent 12c Deploy Cygwin 33

Congratulations!

Cygwin completely uninstalling

At the end a roll backwards. If you want to delete Cygwin start the setup.exe. Run through the setup until you reach the package selection and click next to All until Uninstall appears, Next, Next, Finish.

Agent 12c Deploy Cygwin 34

Unfortunately a rest of files lefts over. To clean that enter following commands:

C:\> takeown /f C:\cygwin /r /d y

C:\> icacls C:\cygwin /t /grant everyone:F

C:\> sc \\localhost delete sshd

Now you’re able to delete the Cygwin folder. The last crumbs are the local user cyg_server and sshd plus two registry entries under HKEY_CURRENT_USER\Software\Cygwin and HKEY_LOCAL_MACHINE\SOFTWARE\Cygwin, which you can safely delete.

12 comments on “OEM 12c Agent Deploy on Windows – no problem with Cygwin!

Great !! Thanks. It is much clearer now. After I successfully install, I will make more comments. Thank you Sir !:)

[b]Thanks for a very detailed write-up !!! Everything is clear except here : [/b]

The next step is to configure the user, who will finally access the machine over SSH. Whose login information will be deposited in the Enterprise Manager later. Therefore the access from the OEM server should be possible.
I’ve gone the easy way and installed Cygwin directly with the domain Oracle DBA User with administrative permissions. By doing this the user is already implemented. If you want to add another domain user enter the following code in the Cygwin command window:
/bin/mkpasswd -d -u oracle_dba >> /etc/passwd
mkdir -p /home/oracle_dba
chown oracle_dba /home/oracle_dba
For a local user –l instead of –d.

This is the step where you can work on the /etc/passwd and delete all unnecessary user and limit the access for Cygwin itself on a minimum. For that you have to backup C:cygwinetcpasswd and edit it directly or over Cygwin command line with vi

[b]Please explain what account are you referring to ? do you mean the O/S account to access the Windows machine ? or the Grid Control sysman account ?[/b][b][/b]

In this case I mentioned the domain user which is the as you called it O/S account to access the Windows machine. Take a closer look into the /etc/passwd in the cygwin directory and you can see that there’re already all (local) accounts listed you can find on your Windows machine under Users and Groups. To get access with the domain account you have to register him this way and give him the right permissions. Be aware of upper- and lower case because the Unix system (for ssh) is case sensitive.

Hi..my /etc/passwd file is empty

Hi Tesla,
there seems to be something wrong with your installation/configuration. Have you just tried to create a user with this command: /bin/mkpasswd -d -u oracle_dba >> /etc/passwd ? Did you get an error message?
Regards
Sebastian

Thats some awesome stuff right there. Cheerz bro!!!

greate information 🙂
KexAlgorithms info 🙂

Don’t forget, if you’re allowing access from outside the host, to add an inbound rule for port 22 to the Windows Firewall allow list.

For some reason I needed to use the full name with server to get the ssh command to work. Ex.:
ssh SERVERNAME+ora_dba@SERVERNAME ‘date’

If anyone is having the same issue, hope this helps!

Update to the previous comment. I edited the /etc/passwd file and removed the servername prefix. Works as stated above now.

Thank You Sebastian for the excellent tutorial! I owe you a beer! 😀

I am getting shell path validation falied in OEM server , Can you please help me?

Leave a Reply

Your email address will not be published. Required fields are marked *

What can CarajanDB do for you?