Configuring an AMI for Short-Lived Instances
- Installing the latest approved FlexNet Inventory Agent into the image
- Adding a customized configuration file that identifies the upload location for inventory
- Installing a customized schedule to manage FlexNet Inventory Agent in the resulting instances, triggering inventory gathering on start-up (and best practice is to include a backup schedule for further inventory collection in case an instance from this AMI runs for an unexpectedly long time)
- Including the current version of InventorySettings.xml that provides advanced functionality for FlexNet Inventory Agent, since the short lifetime does not allow for normal policy-based downloads
- Ensuring a unique name for each instance created from this AMI.
At this summary level, the requirements are the same for Windows and Linux platforms. In the details, of course, there are platform specifics.
To prepare an AMI for short-lived instances:
-
Go to the Inventory Settings page (Data Collection > IT Assets Inventory Tasks > Inventory Settings).
The Inventory Settings page displays.
- Expand the Inventory agent for download section.
-
Collect the template configuration file:
- For a Windows-based AMI, click Download bootstrapping template file, and save mgssetup.ini to a convenient working folder (such as C:\temp). (Do not change the file name.)
- For a Linux-based AMI, in Gathering FlexNet Inventory, copy the text from Agent third-party deployment: Sample UNIX Bootstrap Configuration File and save it as mgsft_rollout_response in a convenient working folder (such as C:\temp).
-
From the Inventory agent drop-down list, select the
version of FlexNet Inventory Agent you want to install in your AMI, and save it
to your working folder.
In general, install the latest available version, subject to your corporate policies. This provides access to the latest functionality. For example, to include advanced inventory for AWS EC2, you must use FlexNet Inventory Agent 13.2.0 or later.
-
In your preferred flat text editor, customize your
bootstrapping template file to be used for FlexNet Inventory Agent in your AWS
EC2 environment as follows, saving the edited version in a separate
subfolder.
For Windows, the only mandatory change is to identify the upload location for gathered inventory, as described below. (A download location for policy updates is not needed for short-life instances on Windows.) On Linux, FlexNet Inventory Agent requires both an upload location and a download location. As always, on either platform, experts may also customize other preferences needed for your implementation, as described in the platform-specific topics in the Gathering FlexNet Inventory PDF:
- Agent third-party deployment: Edit the Configuration File for Microsoft Windows
- Agent third-party deployment: Configure the Bootstrap File for UNIX.
- For Windows, in mgssetup.ini:
-
Locate this section for
Common
preferences, and uncomment (remove the leading semi-colon) and edit the following settings:;========================================================================= ; Registry settings to be created under ; HKLM\Software\ManageSoft Corp\ManageSoft\Common [Common] desc0 = UploadSettings\Bootstrap Server\Protocol val0 = http desc1 = UploadSettings\Bootstrap Server\Priority val1 = 100 desc2 = UploadSettings\Bootstrap Server\AutoPriority val2 = False desc3 = UploadSettings\Bootstrap Server\Host val3 = beacon.fnms.com desc4 = UploadSettings\Bootstrap Server\Port val4 = 80 desc5 = UploadSettings\Bootstrap Server\Directory val5 = /ManageSoftRL/
-
Optionally, modify the
Protocol
value if you want to use HTTPS (val0 = https
). -
You must customize the
Host
preference (shown above asval3 = beacon.fnms.com
) to your chosen DNS alias (or preferred host setting) and your own enterprise name if the inventory beacon is located in your enterprise network rather than on an AWS EC2 instance. For an inventory beacon hosted on an AWS instance, you can identify its public and private DNS hostnames on the AWS console (select Instances in the navigation pane, choose the instance hosting the inventory beacon, and read both its public and private DNS hostnames in the details pane).Tip: If you have an inventory beacon on an AWS instance, your installations of FlexNet Inventory Agent on other instances can be configured to use the private DNS hostname for accessing the inventory beacon (provided that both are within the scope of your VPC). The private hostname has greater stability, particular if the inventory beacon host is stopped and started from time to time. -
Optionally, customize the port setting (for example, if you are
switching to the HTTPS protocol, the default port is
443
).Important: TheDirectory
preference is mandatory, and must be set as shown above. - Create a subfolder (such as ShortLifeAMI) and save your edited mgssetup.ini there. Do not change the file name, which is mandatory.
- For Linux, in mgsft_rollout_response:
-
In the first section of the file, customize the setting for the
download location (see also the comments for the upload location,
next):
# The initial download location(s) for the installation. # For example, http://myhost.mydomain.com/ManageSoftDL/ # Refer to the documentation for further details. MGSFT_BOOTSTRAP_DOWNLOAD=http://beacon.fnms.com:8080/ManageSoftDL/
-
In the next section of the file, customize the setting for the
reporting (upload) location:
You may customize the protocol to HTTPS if required, and omit or customize the port number as required. You must customize the host URL (shown above as# The initial reporting location(s) for the installation. # For example, http://myhost.mydomain.com/ManageSoftRL/ # Refer to the documentation for further details. MGSFT_BOOTSTRAP_UPLOAD=http://beacon.fnms.com:8080/ManageSoftRL/
beacon.fnms.com
) to your chosen DNS alias (or preferred host setting) and your own enterprise name if the inventory beacon is located in your enterprise network rather than on an AWS EC2 instance. For an inventory beacon hosted on an AWS instance, you can identify its DNS hostname on the AWS console (select Instances in the navigation pane, choose the instance hosting the inventory beacon, and read its DNS hostname in the details pane).Important: In each case, the trailing/ManageSoftDL/
(download location) or/ManageSoftRL/
(upload or reporting location) is mandatory, and must be specified as shown above. -
In the last line of the file, switch the value to prevent policy
running after installation, as short-lived instances do not have time to
wait for policy and its outcomes:
MGSFT_RUNPOLICY=0
- Create a subfolder (such as ShortLifeAMI) and save your edited mgsft_rollout_response there. Do not change the file name, which is mandatory.
-
Unless you already have a strategy and practice that gives every Linux
instance a unique name, also create a new text file for your Linux AMI,
called tmpconfig.ini, with exactly the following
two lines:
This file is deliberately incomplete at this stage, and is to be completed at instance start-up, as described later.[ManageSoft\Common] MachineID=
-
For either platform, copy the following and paste it into a plain ASCII text
file, and save it in your ShortLifeAMI folder as
DefaultSchedule.nds (this file name is mandatory). Of
course, you may choose to unwrap those lines wrapped for readability here.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE Schedule PUBLIC "Flexera Inventory Manager schedule" "http://www.managesoft.com/dtd/schedule.dtd"> <Schedule NAME="Default Schedule" TIMEDATESTAMP="20180903T044104Z" SCHEDSCHEMA="60"> <Event NETWORK="False" NAME="Generate Inventory" CATCHUP="Never" ID="{F065A477-B500-4611-8340-3BF313FB785B}"> <LogicalCommand PARAM=" -o UserInteractionLevel=Quiet" ACTION="Report" COMPONENT="Tracker"/> <Trigger TYPE_PARAM="0" TIMESTART="143950" DATESTART="20180903" TYPE="Logon" MAXDELAY="0"/> </Event> <!-– Following two events are optional (see notes) --!> <Event NETWORK="False" NAME="Generate Inventory" IDLEDURATION="86400" CATCHUP="Never" ID="{F065A477-B500-4611-8340-3BF313FB785B}"> <LogicalCommand PARAM=" -o UserInteractionLevel=Quiet" ACTION="Report" COMPONENT="Tracker"/> <Trigger TYPE_PARAM="1" TIMESTART="001000" DATESTART="20180903" TYPE="Daily" REPEAT="21600" TIMEWINDOW="3600" DURATION="86400"/> </Event> <Event NETWORK="False" NAME="Upload Client Files" CATCHUP="Never" ID="{9CB87BAE-2829-498C-8643-10A9BD3BFA56}"> <LogicalCommand PARAM="-a" ACTION="Upload" COMPONENT="Uploader"/> <Trigger TYPE_PARAM="1" TIMESTART="002000" DATESTART="20180903" TYPE="Daily" REPEAT="600" DURATION="86400"/> </Event> </Schedule>
The first event in this schedule triggers machine inventory collection on startup (
TYPE="Logon"
), and thetracker
component automatically attempts an upload to the bootstrap inventory beacon as soon as inventory gathering is complete. If you are certain that all instances from this image are short-lived, only this event is required. If you are using an EBS-backed instance, and you choose to stop and restart your instance (rather than to terminate and re-launch it), this inventory is checked on each restart.In addition, two further schedule events provide easy management of cases where an instance proposed to have a short life in fact keeps on running for some longer time.
The second event also generates inventory, and is triggered every 6 hours (
REPEAT="21600"
, with all times expressed in seconds), to start within an hour thereafter (TIMEWINDOW="3600"
). However, this inventory collection is different than the first case, because here the FlexNet Inventory Agent does not repeat the inventory collection if it has been successful within the last 24 hours (IDLEDURATION="86400"
). This means that, effectively, the FlexNet Inventory Agent checks four times a day whether there has been a successful inventory collection in the last 24 hours, and if not, it runs a new inventory collection.In a perfect world, the third event is redundant because the
tracker
component uploads inventory as soon as it is collected. This third, separate upload event is a catch-up to work around transient network issues. It checks every 10 minutes to see whether any inventory files have failed to upload (and are therefore still waiting in the staging folder). In normal cases, nothing is waiting, and theuploader
shuts down immediately, causing negligible load on the instance. But where there have been networking issues, upload is attempted again every 10 minutes until all files are successfully uploaded and removed from the staging folder. -
On a convenient inventory beacon, navigate to
%CommonAppData%\Flexera
Software\Staging\Common\ClientConfiguration, take a copy of
InventorySettings.xml, and save it to your
ShortLifeAMI working folder.
This completes the preparation of materials for your AMI for instances of this expected life. Now continue to use these materials to prepare the AMI. For both platforms, the high-level process is to customize a running instance, and then save it as an AMI.
For a Windows-based AMI, the recommended best practice is to run Sysprep, as this can easily ensure that each instantiation from this AMI receives a unique device name. For Sysprep, AWS offers two different sets of scripts to assist, with separate documentation:- For a Windows 2016 AMI, use EC2Launch, and see https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html#ec2launch-sysprep
- For an AMI for an earlier version of Microsoft Windows, use the EC2Config service, and see https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ami-create-standard.html
For a Linux AMI, the following notes relate to an EBS-backed instance, since this is the simpler process, and the flexibility of the resulting instances is greater (for example, supporting stopping an instance without necessarily terminating it). If you have instead chosen to use an instance store-backed instance, follow the AWS documentation closely, and give it priority where there may be any disparities with this document. Choose from either:- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html (preferred, for your EBS-backed instance)
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-instance-store.html (for an instance backed by the instance store).
- Following the AWS documentation, select (or create), launch and connect to your chosen instance from which you are creating your AMI.
-
To customize your instance:
-
Ensure that the destination folder exists for your installation of
FlexNet Inventory Agent, and if not create it.
The default paths for each platform are:
- On Windows, C:\Program Files (x86)\Flexera Software\Agent
- On Linux, /opt/managesoft/bin.
-
From your local ShortLifeAMI working folder, copy
these files into the destination folder on your instance:
- DefaultSchedule.nds
- InventorySettings.xml
- Only on Windows, mgssetup.ini
- Only on Linux, tmpconfig.ini.
- For Linux only, also copy your amended mgsft_rollout_response file to /var/tmp/ on your instance.
-
Collect the downloaded installer for FlexNet Inventory Agent from your
working folder, and run the installer on your instance, installing
FlexNet Inventory Agent into the prepared destination folder.
The installer automatically configures the custom settings declared in the configuration file (either mgssetup.ini or mgsft_rollout_response, depending on platform). For more information about running the installation, see the Agent third-party deployment: Details chapter of the Gathering FlexNet Inventory PDF, focusing on the installation topic for your preferred platform.
-
When installation is complete, in the same destination folder and for
both platforms, run the following command to install your default
schedule:
start ndschedag.exe -t machine .\DefaultSchedule.nds
Tip: When creating your AMI in the following steps, make the name for this image meaningful, such as "Short-life instances", to remind you of the special conditions embodied in the AMI. -
Ensure that the destination folder exists for your installation of
FlexNet Inventory Agent, and if not create it.
-
Only for Windows: complete the remaining steps in the AWS document to
Sysprep your instance, finishing by clicking
Shutdown with Sysprep (or, for pre-2016 versions of
Windows, click OK and confirm Yes
to run Sysprep and shut down the instance).
Important: If you are using EC2Launch on Windows 2016, in the Ec2 Launch Settings dialog, be sure to leave the Set Computer Name check box clear. This allows Sysprep to clear the computer name from the instance as it shuts down, so that new instances launched from this image each receive a unique device name.
-
Only for Linux (for an EBS-backed image):
-
Navigate to your instance configuration.
For example, if you are creating a new instance, select the third tab across the top of your console, showing 3. Configure Instance.
- If necessary, scroll down, and expand the Advanced Details panel.
-
In the User data field, add the following two
lines As text to ensure that each Linux instance
reports a unique device name in its inventory (lines are wrapped here
for publication, but each command should be entered on a single
line):
The first line replaces the unfinishedsudo sed -i "s/MachineID=/MachineID=$(curl http://169.254.169.254/latest/meta-data/instance-id/)/g" tmpconfig.ini /opt/managesoft/bin/mgsconfig -i /var/tmp/tmpconfig.ini
MachineID
setting in the tmpconfig.ini file with a setting completed with the Instance ID, which is recovered in the standard way from the AWS metadata for the current image. The second line runs a small FlexNet utility that merges the new value into the standard config.ini for the Linux-based FlexNet Inventory Agent. These two lines of code are run as the instance is being instantiated, before the FlexNet Inventory Agent is run. The result is that, whenever an instance is launched from the image you are creating, FlexNet Inventory Agent takes theMachineID
setting from the config.ini file, and reports that unique device name as part of its uploaded inventory. - If your instance is running, stop it now. (Making an AMI from a stopped instance is preferred for lower risk and better stability in your image.)
-
Navigate to your instance configuration.
- Monitor the Instances page in the Amazon EC2 console, until the state for your chosen instance displays stopped.
-
Follow your preferred process to create an AMI from that stopped instance.
For example, on Windows, since you have already installed AWS Tools for Windows PowerShell, you could use the cmdlet New-EC2Image. For Linux, in the navigation pane, you can choose Instances, select your instance, and then choose Actions > Image > Create Image, and provide the necessary details. For more information on creating AMIs, see either of:
IT Asset Management (Cloud)
Current