Configuring an AMI for Short-Lived Instances

IT Asset Management (Cloud)
The requirements for short-lived on demand instances in your AWS EC2 service are somewhat specialized because of the need to capture and upload inventory within a short space of time. This means you need to prepare a separate Amazon Machine Image (AMI) from which to instantiate these short-lived instances. The requirements include:
  • Installing the latest approved FlexNet inventory agent into the image
  • Adding a customized configuration file that identifies the upload location for inventory
  • Installing a customized schedule to manage FlexNet inventory agent in the resulting instances, triggering inventory gathering on start-up (and best practice is to include a backup schedule for further inventory collection in case an instance from this AMI runs for an unexpectedly long time)
  • Including the current version of InventorySettings.xml that provides advanced functionality for FlexNet inventory agent, since the short lifetime does not allow for normal policy-based downloads
  • Ensuring a unique name for each instance created from this AMI.

At this summary level, the requirements are the same for Windows and Linux platforms. In the details, of course, there are platform specifics.

To prepare an AMI for short-lived instances:

  1. In the web interface for IT Asset Management, navigate to Discovery & Inventory > Inventory Settings.
    The Inventory Settings page displays.
  2. Expand the Inventory agent for download section.
  3. Collect the template configuration file:
    • For a Windows-based AMI, click Download bootstrapping template file, and save mgssetup.ini to a convenient working folder (such as C:\temp). (Do not change the file name.)
    • For a Linux-based AMI, in the Gathering FlexNet Inventory PDF (available through the title page of online help), copy the text from Agent third-party deployment: Sample UNIX Bootstrap Configuration File and save it as mgsft_rollout_response in a convenient working folder (such as C:\temp).
  4. From the Inventory agent drop-down list, select the version of FlexNet inventory agent you want to install in your AMI, and save it to your working folder.
    In general, install the latest available version, subject to your corporate policies. This provides access to the latest functionality. For example, to include advanced inventory for AWS EC2, you must use FlexNet inventory agent 13.2.0 or later.
  5. In your preferred flat text editor, customize your bootstrapping template file to be used for FlexNet inventory agent in your AWS EC2 environment as follows, saving the edited version in a separate subfolder.
    For Windows, the only mandatory change is to identify the upload location for gathered inventory, as described below. (A download location for policy updates is not needed for short-life instances on Windows.) On Linux, FlexNet inventory agent requires both an upload location and a download location. As always, on either platform, experts may also customize other preferences needed for your implementation, as described in the platform-specific topics in the Gathering FlexNet Inventory PDF:
    • Agent third-party deployment: Edit the Configuration File for Microsoft Windows
    • Agent third-party deployment: Configure the Bootstrap File for UNIX.
    The upload (and download) locations require a URL to the host inventory beacon. Best practice is to provide a DNS alias for your chosen inventory beacon, so that when circumstances change, a simple switch of the alias leaves any running and future instances fully operational, without requiring changes to the AMI.
    • For Windows, in mgssetup.ini:
    1. Locate this section for Common preferences, and uncomment (remove the leading semi-colon) and edit the following settings:
      ;=========================================================================
      ; Registry settings to be created under
      ; HKLM\Software\ManageSoft Corp\ManageSoft\Common
      [Common]
      desc0 = UploadSettings\Bootstrap Server\Protocol
      val0  = http
      desc1 = UploadSettings\Bootstrap Server\Priority
      val1  = 100
      desc2 = UploadSettings\Bootstrap Server\AutoPriority
      val2  = False
      desc3 = UploadSettings\Bootstrap Server\Host
      val3  = beacon.fnms.com
      desc4 = UploadSettings\Bootstrap Server\Port
      val4  = 80
      desc5 = UploadSettings\Bootstrap Server\Directory
      val5  = /ManageSoftRL/
    2. Optionally, modify the Protocol value if you want to use HTTPS (val0 = https).
    3. You must customize the Host preference (shown above as val3 = beacon.fnms.com) to your chosen DNS alias (or preferred host setting) and your own enterprise name if the inventory beacon is located in your enterprise network rather than on an AWS EC2 instance. For an inventory beacon hosted on an AWS instance, you can identify its public and private DNS hostnames on the AWS console (select Instances in the navigation pane, choose the instance hosting the inventory beacon, and read both its public and private DNS hostnames in the details pane).
      Tip: If you have an inventory beacon on an AWS instance, your installations of FlexNet inventory agent on other instances can be configured to use the private DNS hostname for accessing the inventory beacon (provided that both are within the scope of your VPC). The private hostname has greater stability, particular if the inventory beacon host is stopped and started from time to time.
    4. Optionally, customize the port setting (for example, if you are switching to the HTTPS protocol, the default port is 443).
      Important: The Directory preference is mandatory, and must be set as shown above.
    5. Create a subfolder (such as ShortLifeAMI) and save your edited mgssetup.ini there. Do not change the file name, which is mandatory.
    • For Linux, in mgsft_rollout_response:
    1. In the first section of the file, customize the setting for the download location (see also the comments for the upload location, next):
      # The initial download location(s) for the installation.
                                      # For example, http://myhost.mydomain.com/ManageSoftDL/
                                      # Refer to the documentation for further details.
                                      MGSFT_BOOTSTRAP_DOWNLOAD=http://beacon.fnms.com:8080/ManageSoftDL/
    2. In the next section of the file, customize the setting for the reporting (upload) location:
      # The initial reporting location(s) for the installation.
                                  # For example, http://myhost.mydomain.com/ManageSoftRL/
                                  # Refer to the documentation for further details.
                                  MGSFT_BOOTSTRAP_UPLOAD=http://beacon.fnms.com:8080/ManageSoftRL/
      You may customize the protocol to HTTPS if required, and omit or customize the port number as required. You must customize the host URL (shown above as beacon.fnms.com) to your chosen DNS alias (or preferred host setting) and your own enterprise name if the inventory beacon is located in your enterprise network rather than on an AWS EC2 instance. For an inventory beacon hosted on an AWS instance, you can identify its DNS hostname on the AWS console (select Instances in the navigation pane, choose the instance hosting the inventory beacon, and read its DNS hostname in the details pane).
      Important: In each case, the trailing /ManageSoftDL/ (download location) or /ManageSoftRL/ (upload or reporting location) is mandatory, and must be specified as shown above.
    3. In the last line of the file, switch the value to prevent policy running after installation, as short-lived instances do not have time to wait for policy and its outcomes:
      MGSFT_RUNPOLICY=0
    4. Create a subfolder (such as ShortLifeAMI) and save your edited mgsft_rollout_response there. Do not change the file name, which is mandatory.
    5. Unless you already have a strategy and practice that gives every Linux instance a unique name, also create a new text file for your Linux AMI, called tmpconfig.ini, with exactly the following two lines:
      [ManageSoft\Common]
                                  MachineID=
      This file is deliberately incomplete at this stage, and is to be completed at instance start-up, as described later.
  6. For either platform, copy the following and paste it into a plain ASCII text file, and save it in your ShortLifeAMI folder as DefaultSchedule.nds (this file name is mandatory). Of course, you may choose to unwrap those lines wrapped for readability here.
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE Schedule PUBLIC "Flexera Inventory Manager schedule" 
         "http://www.managesoft.com/dtd/schedule.dtd">
    
    <Schedule NAME="Default Schedule" TIMEDATESTAMP="20180903T044104Z" SCHEDSCHEMA="60">
    	<Event NETWORK="False" 
                     NAME="Generate Inventory" 
                     CATCHUP="Never" ID="{F065A477-B500-4611-8340-3BF313FB785B}">
    	    <LogicalCommand PARAM=" -o UserInteractionLevel=Quiet" 
                     ACTION="Report" COMPONENT="Tracker"/>
               <Trigger TYPE_PARAM="0" TIMESTART="143950" 
                     DATESTART="20180903" TYPE="Logon" MAXDELAY="0"/>
    	</Event>
          <!-– Following two events are optional (see notes) --!>
    	<Event NETWORK="False" 
                     NAME="Generate Inventory" IDLEDURATION="86400" 
                     CATCHUP="Never" ID="{F065A477-B500-4611-8340-3BF313FB785B}">
    	    <LogicalCommand PARAM=" -o UserInteractionLevel=Quiet" 
                     ACTION="Report" COMPONENT="Tracker"/>
    	    <Trigger TYPE_PARAM="1" TIMESTART="001000" 
                     DATESTART="20180903" TYPE="Daily" REPEAT="21600" 
                     TIMEWINDOW="3600" DURATION="86400"/>
    	</Event>
           <Event NETWORK="False" 
                     NAME="Upload Client Files" 
                     CATCHUP="Never" ID="{9CB87BAE-2829-498C-8643-10A9BD3BFA56}">
    	    <LogicalCommand PARAM="-a" 
                     ACTION="Upload" COMPONENT="Uploader"/>
    	    <Trigger TYPE_PARAM="1" TIMESTART="002000" 
                     DATESTART="20180903" TYPE="Daily" REPEAT="600" 
                     DURATION="86400"/>
    	</Event>
    </Schedule>

    The first event in this schedule triggers machine inventory collection on startup (TYPE="Logon"), and the tracker component automatically attempts an upload to the bootstrap inventory beacon as soon as inventory gathering is complete. If you are certain that all instances from this image are short-lived, only this event is required. If you are using an EBS-backed instance, and you choose to stop and restart your instance (rather than to terminate and re-launch it), this inventory is checked on each restart.

    In addition, two further schedule events provide easy management of cases where an instance proposed to have a short life in fact keeps on running for some longer time.

    The second event also generates inventory, and is triggered every 6 hours (REPEAT="21600", with all times expressed in seconds), to start within an hour thereafter (TIMEWINDOW="3600"). However, this inventory collection is different than the first case, because here the FlexNet inventory agent does not repeat the inventory collection if it has been successful within the last 24 hours (IDLEDURATION="86400"). This means that, effectively, the FlexNet inventory agent checks four times a day whether there has been a successful inventory collection in the last 24 hours, and if not, it runs a new inventory collection.

    In a perfect world, the third event is redundant because the tracker component uploads inventory as soon as it is collected. This third, separate upload event is a catch-up to work around transient network issues. It checks every 10 minutes to see whether any inventory files have failed to upload (and are therefore still waiting in the staging folder). In normal cases, nothing is waiting, and the uploader shuts down immediately, causing negligible load on the instance. But where there have been networking issues, upload is attempted again every 10 minutes until all files are successfully uploaded and removed from the staging folder.

  7. On a convenient inventory beacon, navigate to %CommonAppData%\Flexera Software\Staging\Common\ClientConfiguration, take a copy of InventorySettings.xml, and save it to your ShortLifeAMI working folder.

    This completes the preparation of materials for your AMI for instances of this expected life. Now continue to use these materials to prepare the AMI. For both platforms, the high-level process is to customize a running instance, and then save it as an AMI.

    For a Windows-based AMI, the recommended best practice is to run Sysprep, as this can easily ensure that each instantiation from this AMI receives a unique device name. For Sysprep, AWS offers two different sets of scripts to assist, with separate documentation:
    For a Linux AMI, the following notes relate to an EBS-backed instance, since this is the simpler process, and the flexibility of the resulting instances is greater (for example, supporting stopping an instance without necessarily terminating it). If you have instead chosen to use an instance store-backed instance, follow the AWS documentation closely, and give it priority where there may be any disparities with this document. Choose from either:
  8. Following the AWS documentation, select (or create), launch and connect to your chosen instance from which you are creating your AMI.
  9. To customize your instance:
    1. Ensure that the destination folder exists for your installation of FlexNet inventory agent, and if not create it.
      The default paths for each platform are:
      • On Windows, C:\Program Files (x86)\Flexera Software\Agent
      • On Linux, /opt/managesoft/bin.
    2. From your local ShortLifeAMI working folder, copy these files into the destination folder on your instance:
      • DefaultSchedule.nds
      • InventorySettings.xml
      • Only on Windows, mgssetup.ini
      • Only on Linux, tmpconfig.ini.
    3. For Linux only, also copy your amended mgsft_rollout_response file to /var/tmp/ on your instance.
    4. Collect the downloaded installer for FlexNet inventory agent from your working folder, and run the installer on your instance, installing FlexNet inventory agent into the prepared destination folder.
      The installer automatically configures the custom settings declared in the configuration file (either mgssetup.ini or mgsft_rollout_response, depending on platform). For more information about running the installation, see the Agent third-party deployment: Details chapter of the Gathering FlexNet Inventory PDF, focusing on the installation topic for your preferred platform.
    5. When installation is complete, in the same destination folder and for both platforms, run the following command to install your default schedule:
      start ndschedag.exe -t machine .\DefaultSchedule.nds
    Tip: When creating your AMI in the following steps, make the name for this image meaningful, such as "Short-life instances", to remind you of the special conditions embodied in the AMI.
  10. Only for Windows: complete the remaining steps in the AWS document to Sysprep your instance, finishing by clicking Shutdown with Sysprep (or, for pre-2016 versions of Windows, click OK and confirm Yes to run Sysprep and shut down the instance).
    Important: If you are using EC2Launch on Windows 2016, in the Ec2 Launch Settings dialog, be sure to leave the Set Computer Name check box clear. This allows Sysprep to clear the computer name from the instance as it shuts down, so that new instances launched from this image each receive a unique device name.
  11. Only for Linux (for an EBS-backed image):
    1. Navigate to your instance configuration.
      For example, if you are creating a new instance, select the third tab across the top of your console, showing 3. Configure Instance.
    2. If necessary, scroll down, and expand the Advanced Details panel.
    3. In the User data field, add the following two lines As text to ensure that each Linux instance reports a unique device name in its inventory (lines are wrapped here for publication, but each command should be entered on a single line):
      sudo sed -i 
                                  "s/MachineID=/MachineID=$(curl http://169.254.169.254/latest/meta-data/instance-id/)/g"
                                  tmpconfig.ini
                                  /opt/managesoft/bin/mgsconfig -i /var/tmp/tmpconfig.ini
      The first line replaces the unfinished MachineID setting in the tmpconfig.ini file with a setting completed with the Instance ID, which is recovered in the standard way from the AWS metadata for the current image. The second line runs a small FlexNet utility that merges the new value into the standard config.ini for the Linux-based FlexNet inventory agent. These two lines of code are run as the instance is being instantiated, before the FlexNet inventory agent is run. The result is that, whenever an instance is launched from the image you are creating, FlexNet inventory agent takes the MachineID setting from the config.ini file, and reports that unique device name as part of its uploaded inventory.
    4. If your instance is running, stop it now. (Making an AMI from a stopped instance is preferred for lower risk and better stability in your image.)
  12. Monitor the Instances page in the Amazon EC2 console, until the state for your chosen instance displays stopped.
  13. Follow your preferred process to create an AMI from that stopped instance.
    For example, on Windows, since you have already installed AWS Tools for Windows PowerShell, you could use the cmdlet New-EC2Image. For Linux, in the navigation pane, you can choose Instances, select your instance, and then choose Actions > Image > Create Image, and provide the necessary details. For more information on creating AMIs, see either of:
This AMI is now ready to instantiate short-lived instances. As soon as each instance is spawned, the embedded FlexNet inventory agent gathers inventory from the instance, and immediately uploads it to the bootstrap inventory beacon. Depending on the resources on each instance, this process may take around 2-5 minutes, after which the instance can be stopped (but remember, not terminated if you wish to track related software licenses in IT Asset Management).

IT Asset Management (Cloud)

Current