Preliminary Steps

Make sure that the following conditions are met before you start provisioning an Environment:

The PCK.AUTOMIC_PROVISIONING Pack is installed.

Note: Download the pack from https://marketplace.automic.com/.

Follow the steps below to recursively delete agents registered via provisioning once the Environment is deprovisioned:

To Define a Recurring Execution for the Agent Remove Action

In the Process Assembly perspective, navigate to PACKAGES > PCK.AUTOMIC_PROVISIONING > ACTIONS > SYSTEM_INTEGRATION > AUTOMIC > PROVISIONING.
Double-click the Agent RemoveAction.
Click the Variables & Prompts tab and select Prompt Sets.
Populate the Input and Overwrite Promptset fields with connection strings for client 0.

Notes:
- Enter the Service Username in the following format: Client/User/Department. E.g. 0/ABC/ADMIN.
- Overwrite Agent: default agent = OS agent.
- Overwrite Login: default login = AE login object.
Save your changes.
In the toolbar, click Execute and select the Execute Recurring option from the drop-down list.
Define the execution frequency. See:

Tip: Execute the Action at least once a day.
Click Execute.

The appropriate provisioning provider Pack (for example, PCK.AUTOMIC_PROVISIONING.AWS) is installed.

Prerequisites to provision an Environment with Amazon AWS:

An extra Pack must be installed: PCK.AUTOMIC_AMAZON (v 1.0.2).

The following entities must be available:

An Access Key and Secret Key: both are used when executing ec2 tool commands (for example: run/start/stop/terminate instance...) in CDA provisioning.

Amazon Machine Images (provide the information required to launch an instance, which is a virtual server in the cloud).
Tip: Create at least three AMIs to use Amazon AWS in CDA Environment provisioning:

AMI Name	AMI ID	Platform	Region	Description
Automic AWS Proxy Server	ami-xxxxxx	Windows	E.g. us-west-1	AMI used to create a Proxy Server Instance.
Ubuntu 16.04	ami-xxxxxx	Ubuntu	E.g. us-west-1	AMI used to create a Linux instance. This AMI should have SSH ready to use for Agent Deployment. Username and password should be also defined.
Windows Server 2012 R2 Base	ami-xxxxxx	Windows	E.g. us-west-1	AMI used to create a Windows instance. This AMI should have WinRM ready to use for Agent Deployment. Username and password should be also defined.

At least one Amazon Virtual Private Cloud (Amazon VPC). The VPC enables you to launch Amazon Web Services (AWS) resources into a virtual network.
A subnet associated with the VPC.
An internet Gateway which attached to the VPC (allows communication between instances in your VPC and the internet).
A Route Table (which contains a set of rules, called routes, that are used to determine where network traffic is directed).
A Security Group (which acts as a virtual firewall for your instance to control traffic) with inbound and outbound rules.
A Proxy Server must be installed on an EC2 Instance with Public IP so that it can be reached by the Proxy Client.

Note: You can use the Automic AWS Proxy Server AMI (which contains a Proxy Server and Agent) to launch an instance from that AMI with a Public IP.

The Stack Provider's Agent must run on the same machine where the EC2 tool was installed. The EC2_HOME variable must be set. This variable must point to the bin folder of the EC2 tool.
Make sure that the ports are open in both Amazon AWS and your local network

A new agent-client assignment object (HSTA) has been created in AE and is active.

Note: The agent installed while provisioning a new Environment is auto-assigned to the current logged client in ARA.

If you want to use this agent on another client you can either assign it manually or predefine the HSTA object in client 0. For more information, see Assigning Clients to Agents.

The user provisioning the Environment has been granted either:

Admin rights on CDA
or
R, U, W, D and X rights on the folders where the entities (for example, deployment targets, Environments) are created:

Prerequisites for Windows target boxes:

Supported platforms: Windows Server 2012 R2 and later.
VMware tools must be installed.
WMF 5.0 is installed. See: https://www.microsoft.com/en-us/download/details.aspx?id=50395.
Windows Remoting must be enabled as follows:
- Option 1: enable PowerShell via Group Policy. For more information, see: http://blog.powershell.no/2010/03/04/enable-and-configure-windows-powershell-remoting-using-group-policy/
- Option 2: enable Powershell manually on each server:
  1. From a command prompt, run ‘winrm quickconfig’. The output should be as follows:
  2. From a command prompt, run ‘powershell’ and then enter ‘test-wsman <computer name>’. The output should be as follows if the WinRM service is running:
WinRM is configured as follows (Authentication - Basic, UseSSL = No):

winrm/config/client/auth '@{Basic="true"}'

winrm/config/client '@{AllowUnencrypted="true"}'

winrm set winrm/config/client '@{TrustedHosts="<your-target-box>"}'.

Example: winrm set winrm/config/client '@{TrustedHosts="box1,box2"}' or winrm set winrm/config/client '@{TrustedHosts="*"}'

winrm/config/service/auth '@{Basic="true"}'

winrm/config/service '@{AllowUnencrypted="true"}'

Agents running on Windows Server 2012: To avoid problems while executing actions (access denied), change the value of User Account Control: Run all administrators in Admin Approval Mode to Disabled in the Security Settings / Local Policies / Security Options section of the Local Security Policy application (secpol.msc). This ensures that the Windows Agent using the local Windows administrator account (although in the administrator group) can execute actions properly.

Prerequisites for UNIX target boxes:

Supported platforms: Linux 64bit, Ubuntu Server 16.04.1 LTS (= long-term support version of the Ubuntu server)
VMware tools must be installed.
An SSHD server is installed and its service port (for example, 22) is reachable from the ExecutingAgent.

Note: Agents can be rolled out into docker containers too. In case you are building upon Linux-based containers, an SSH server must be built into your docker image. See: https://docs.docker.com/engine/examples/running_ssh_service/ for more information about how to set up an SSH server in a Linux-based docker container.
Service account:
- A service account is set up on all servers that will own and run the Agent and Service Manager files (that is, automic). This is used to SCP (secure copy) the files to the remote servers and to execute deployment-related commands remotely via SSH.
- The service user has also been added to the sudoers list to perform the agent deployment-related commands.
On the target hosts where the agents should be deployed, the following ports are reachable from the AE-box:
- 2300 - Agent port
- 8871 - Service Manager port