Software version: 10.21
Original Publication Date: April 8, 2015
This document provides an overview of the HP Server Automation 10.21 release. It contains important information not included in the manuals or in the online help.
All the documentation is available from the new SA 10.x Documentation Library. See the section Documentation Information for instructions on how to use the Documentation Library to access the guides and white papers relevant to this release.
For the most updated release notes, see the SA 10.21 Release Notes on the HP Support website.
SA release notes contain information for users who are familiar with the installation and maintenance of SA, Storage Visibility and Automation, SE Connector, Application Deployment Manager, and DMA integration. The notes contain information that is not included in books or online Help.
What's New in This Release |
Post-Installation / Upgrade Tasks |
Documentation Information |
Deprecation Announcements |
Known Issues |
HP Software Support |
Installation |
Fixed Issues |
Legal Notices |
This section describes new functionality and other relevant release-specific information.
For information about what was new in previous releases, use your HP Passport Credentials to log in to the HPSW Support Portal and use the Search button to search for a specific release-note document.
Important: SA 10.21 uses OpenSSL 1.0.1l and Samba (3.6.25).
This section lists the operating-systems supported on the SA Client.
For complete SA support and compatibility information for this release, see the HP Server Automation Support and Compatibility Matrix.
For a list of supported operating systems and platforms for Storage Visibility and Automation Managed Servers, SE Connector, SAN Arrays, Fibre Channel Adapters, SAN Switches, File System Software, Database Support, and Storage Essentials Compatibility, see the Storage Visibility and Automation Support and Compatibility Matrix.
For more information about supported configurations, see SA 10.20 Installation Guide, chapter 2: “SA Core Configurations Supported For Customer Installation”.
You can now install the SA Agent to another location in Windows Vista, or a newer Windows version, as long you have an NTFS system drive. Additionally, an SA agent previously installed in the default location can be moved to a new location. The implementation is based on symlinking the default-system drive location to the new install location.
To designate the new folder, in the Agent Deployment Tool (ADT), Install SA Agent window choose Options > Advanced > Windows installation path field.
Note: The installation path field only supports ASCII characters. If the directory path contains spaces, do not enclose them in double quotes.
Agents installed in the default location can be moved to a different location.
The following prerequisites must be met:
The SA user needs Allow Install Agent permission
The SA user needs permissions to run an APX on target servers (see the User Guide: Server Automation, section Running SA Extensions, for more information).
The Windows user used by ADT on the managed server must have the Create symbolic links permission (this permission is granted to Administrators by default)
To move the agent, run the APX Move Agent to Custom Location on the relevant servers. This APX is located in the SA Library in folder /Opsware/Tools/Administrative Extensions.
Note: You can also move pre-10.2 SA Agents.
The agent uninstaller will remove the symbolic links on the system drive and all the agent files, except the target directory structure.
However, for pre-10.2 agents, the uninstaller is unable to remove the symbolic links.
OSBPs can use the custom attribute AgentInstallDir to a custom value for Windows agent installation location. If the custom attribute is not present, the agent will be installed to the default location. This custom attribute is ignored for non-applicable platforms.
Note: The SA Virtualization feature does not support the use of agents located on a non-system drive.
Using ADT (Agent Deployment Tool) you can select a maximum of 10 PAPXs to be run sequentially after the agent is successfully installed.
If one of the APX scripts fails, the system will stop at that step and will not run the remaining APXs. In this case the job is reported as FAILED.
Note: In case of an error during the APX script run, the system will not rollback the currently successfully run, nor the previously successfully run, APXs.
Included in this release are three PAPXs for the following functionality:
Assign Server to Customer
Attach Server to Device Group
Attach Server to Software Policies
For more information on SA Agents, see the SA Administration Guide (in the SA 10.x Documentation Library).
Important: See Deprecation and End-of-Support Announcements for important SA Agent version deprecations and end-of-support announcements.
See Post-Installation/Upgrade Tasks for the SA Agent upgrade requirement.
Database and Middleware Automation (HP DMA) is no longer installed as part of Server Automation. Starting with HP DMA version 10.00, HP DMA is available as a separate product with its own installation media. HP DMA 10.0x is still integrated with Server Automation, however. For more information, see the HP DMA Installation Guide.
SA 10.21 will be localized to Simplified Chinese and Japanese.
Updates pertaining specifically to the OO-SA integration (Server Automation operations performed within Operations Orchestration) are delivered via the HP Live Network.
For more information on SA integration, see the SA Integration Guide.See the Errata section for changes to the Oracle Database and Model Repository.
This release comes with a new version of Samba (3.6.25).
Upgraded Linux service OS to RHEL 6.6.
For more information on Provisioning, see the User Guide: Provisioning.
SA now checks the amount of free space available on managed servers before downloading Windows utility files (such as the Microsoft Offline Catalog) during compliance scanning and software registration.
For more information on patching, see the User Guide: Server Patching.
SA now offers the ability to see custom attributes changes in the History Panel for servers, device groups, OS installation profiles, and software policies.
You are now able to execute server scripts in parallel. You can also limit the maximum number of scripts executed by an agent at one time.
Added support for installing zip packages with the same filename but different contents by adding file size and checksum verification. This feature works with agent version 10.21 or higher.
Import of RHEL 7 content is now possible using the new redhat_import tool through Red Hat Subscription Management.
For more information on software management, see the User Guide: Software Management.
This section lists deprecated platforms, features, and agents for this release as well as previously deprecated items that have now reached the end of their support lifecycle.
When a platform/agent/feature is identified as deprecated for a release, it means that you (the SA customer) are considered notified of its future removal. Deprecated features are still fully supported in the release they are deprecated in, unless specified otherwise. The intent is that deprecated features or platforms will have support removed in the next major or minor SA release; however, eventual removal is at the discretion of HP.
The following platforms are deprecated as of SA 10.0:
SA 10.21 no longer supports SA Agents associated with SA versions that are earlier than 10.0.
See the Upgrade Guide for instructions on upgrading your SA Agents.
Agent Upgrade Tool
The Agent Upgrade Tool that is run from the OPSH shell and allows upgrading the agents on managed servers was deprecated. As of SA 10.0, a replacement APX was introduced that has several improvements and can be run from the SA Client.
The following API methods were removed following the move of application configurations into folder in SA 9.0:
Business Service Automation Essentials (BSAE) Reporting was removed in SA 10.1. It has been replaced by the Automation Insight (AI) product.
See Automation Insight (AI) documentation for details.
The SE Connector has been deprecated.
The SA Web Client is being deprecated. The majority of retained features have been ported to the SA Client (NGUI).
OS Sequences are being replaced by OS Build Plans. See the User Guide: Provisioning for instructions.
The Embedded Reports feature is deprecated as of SA 10.1.
The following platforms are no longer supported as of SA 10.0:
Legacy Job Types No Longer Supported New Replacement Job Types Clone Virtual Machine (VMware) Clone Virtual Machine Create Virtual Machine (Hyper-V)
Create Virtual Machine (VMware)Create Virtual Machine Delete Virtual Machine (Hyper-V)
Remove Virtual MachineDelete Virtual Machine Modify Virtual Machine
Modify Virtual Machine (Hyper-V)Modify Virtual Machine Note: Any scheduled or blocked jobs of the legacy job types will be marked as Deleted during migration.
- Virtual Server Management Actions Individual hypervisor management for ESX, ESXi, and Hyper-V is no longer supported. You need to integrate with a VMware vCenter Server to manage ESX and ESXi hypervisors and VMs, or Microsoft’s System Center Virtual Machine Manager (SCVMM) to manage Hyper-V hypervisors and VMs.
- All of the APIs, Reports, and SMOs that were previously deprecated have been removed. New APIs are available for the virtualization management through vCenter and SCVMM.
As of SA 7.80, the following scripts are no longer supported:
As of SA 9.0, you must use the unified start script:
/etc/init.d/opsware-sas
If you have any applications or scripts that depend on this script, you must rewrite them to use the unified start script.
The following new users are supported when using the SA installer to install SA on the local machine:
Note: When you use a regular user for performing the installation or rollback of a core patch, make sure you invoke the command using sudo.
For example:
sudo <distro>/ opsware_installer/hpsa_patch.sh
The following new users are supported when using the SA installer to install SA on remote machines:
WARNING: Password-less sudo is not supported for regular users with sudo capabilities.
Make the following changes to the /etc/sudoers file on every machine where the user (in this case bob) installs SA:
This section describes general rules for user names in SA.
User names should:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 . _
Respect the IEEE Std 1003.1, 2013 Edition. See: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html
See the Installation Guide for installation instructions.
WARNING: Do not rename SA default folders, including the Package Repository folder.
There are two new optional parameters for the enable_ipv6.sh script:
The opsware_installer/hpsa_patch.sh script is used both for installing and for uninstalling SA 10.21.
If any installed SA components (other than a previously installed patch) have a different build ID to SA 10.2, you will not be allowed to install this patch.
/var/opt/opsware/install_opsware/inv/install.invand find the section beginning with
%basics_. Under this line, find thebuild_id.
For example:
%basics_linux
build_id: opsware_60.0.56699.0When you install an SA patch, the patch installation updates the
install.invfile to record the patch installation and the patch build ID.For example:
%opsware_patch
build_id: opsware_60.0.56699.0Note: Starting with release 10.02, the installed patch version can no longer be seen when you invoke rpm -qa. The version is still available in /var/opt/opsware/install_opsware/inv/install.inv under %opsware_patch.
/etc/init.d/opsware-sas status command), the patch operation will terminate. If you must roll back this patch in a Multi-master Mesh, HP recommends that you roll back the secondary cores and satellites first, then the primary core.
spog.pkcs8 certificate must exist under /var/opt/opsware/crypto (typically the
certificate is installed with the Shell, SAS Web Client, or Build
Manager). If the certificate does not exist, the patch operation will fail
with the following error:
Could not find spog.pkcs8
/var/opt/opsware/crypto/occ
Copy the certificate from another core machine
(for example, occ) to
/var/opt/opsware/crypto/occ
and
retry this operation.
If this error is encountered, simply copy the certificate from another core machine to your core server and retry the operation.
You don't have permission to update the patch meta
database in HP SA.
Please re-run this command with a proper hpsa_user and
hpsa_pass.
The hpsa_user needs permission to write the folder
"/Opsware/Tools/Solaris Patching" and the Package Management
Client
Feature, "Manage Package" permission set "Read & Write".
There was a
problem with running update_supplements.
Please refer to section Patch
Management for Solaris of the Users Guide:
Application Automation manual
for details on how to set up Solaris
patching on your core.
You can safely disregard this error.
This section discusses how to install this patch on the core SA server.
To install the patch on the core SA server:
/<distribution mountpoint>/<prefix>-patch/disk001
After you enter the command, you see messages displayed on the screen similar to the following:
patch will be performed on the following identified core host(s).
If there is any inconsistency then try again with the correct Core Definition File (CDF).
16.77.1.60 (gateway_master, truth_mm_overlay)
seatrout.rose.hp.com (word_store, osprov_media, slice, osprov_boot_slice)
Do you want to continue (Y/N) [Y]:Y
<host_name> password []:
The system validates the password.
Entering the hpsa_patch.sh command and the host password completes the patch installation on the SA core.
Note: The opsware_installer/hpsa_patch.sh script can be invoked on an infrastructure SA host without providing a Core Definition File (CDF). When invoked in this manner, the script automatically reads CDF information from the default location. Alternatively, the script reads the CDF location from /var/opt/opsware/install_opsware/cdf/cdf.xml when you use the script with the following argument: -c cdf.xml
This section discusses how to validate your CORD patch installation.
How to validate a CORD Patch:
This section discusses how to install this patch on a satellite SA server.
To install the patch on a satellite server:
/<distribution mountpoint>/<prefix>-patch/disk001
After you enter the command, you see messages displayed on the screen similar to the following:
patch_satellite will be performed on the following identified core host(s).
If there is any inconsistency then try again with the correct CDF.
16.77.1.187 (wordcache)
16.77.1.188 (osprov_boot_sat)
brook.rose.hp.com (osprov_media_sat)
Do you want to continue (Y/N) [Y]:Y
Parameter 1 of 2
<host_IP_address> password []:
The system validates the password.
Parameter 2 of 2
<satellite_name> password []:
Entering the hpsa_patch_satellite.sh command and password completes the patch installation on the satellites.
To roll back the SA 10.21 patch on the host to SA 10.2, enter the following command:
<distro>/opsware_installer/hpsa_patch.sh --rollback
To roll back the SA 10.21 patch on the satellite to SA 10.2, enter the following command:
<distro>/opsware_installer/hpsa_patch_satellite.sh --rollback
Certain SA Client features (such as Run OS Build Plan or HP UX Provisioning) require the Adobe Flash Player. If you try to run these features, and you have not yet installed Adobe Flash Player, you will get an error.
To make sure Adobe Flash Player functions correctly and to avoid the error message, you should:This section lists the tasks that should be performed after you install or upgrade to SA 10.21. Some tasks might not be appropriate for your situation.
This section lists the tasks that should be performed after you upgrade to SA 10.21.
After you upgrade to SA 10.21, you should also upgrade to the 10.21 SA Agents on each Managed Server in the facility. If you do not upgrade your agents, the new functionality will not be available.
See the SA 10.2 Upgrade Guide for instructions on upgrading your SA Agents.
If you have customized such settings as Java heap settings, you must reapply your customizations after you install SA 10.21, as the settings are set to the SA default during installation or upgrade.
If you plan to install the SA Command-line Interface (OCLI) on a Windows Server after upgrading to SA 10.21, you must update the SA Agent on that server to the latest version. Errors occur during OCLI installation on Windows servers with earlier SA Agent versions.
If SA 10.21 is installed on Red Hat EL 5.9, sporadic org.omg.CORBA.COMM_FAILURE exceptions will be displayed in the SA Client console.
To work around this issue, after install or upgrade:
Load the sysctl.conf settings you edited in Step 1:
# sysctl -p
Directive:
opswgw.SoReuseAddr=false
Red Hat has a description of this issue on their website: https://access.redhat.com/site/solutions/357683
If you install additional Slice Component bundle instances after patching the SA Core, wayscript versions are set to version 10.2 rather than to the patch version. Use the following procedure to remedy the situation:
cd
/var/opt/opsware/OPSWpatch/OPSWwayscripts/scripts
:
./post_after_startup.sh
Duplicate patches can be inadvertently created in the SA database if you import the Microsoft Patch Supplement (MPS) and then run the SA Patch Import process using the Microsoft Offline Patch Catalog (wsusscn2.cab). These duplicates can cause conflicts during remediation and compliance checks. SA provides a Windows patch de-duplication process that enables you to eliminate these duplicates and resolve this issue.
IMPORTANT: When to perform the de-duplication process:
The Windows patch de-duplication process is only required for SA upgrades, and is only required to be performed once:
How do I know if I have duplicates?
Starting in 9.14, the patch database has a new field, “Last Import Summary, which reports if any duplicates were found in your database. In the SA Client, navigate to Administration > Patch Settings > Patch Database to view this field. If it displays a warning message after performing a patch import, then there are duplicates in your database. If duplicates are found, these de-duplication steps are strongly recommended.
Resolving Duplicates
To resolve this, a one-time de-duplication procedure is available that enables you to remove the duplicates and eliminate the source of these conflicts to prevent future duplication.
Step-by-step instructions are provided in the whitepaper, Resolving Conflicts between SA Patching and the MS Patch Supplement, which is available on the HP Software Support Online site under the 9.15 Server Automation release.
IMPORTANT: The de-duplication procedure varies based on your version of SA. For this reason, there will be multiple versions of this whitepaper, each providing release-specific instructions. Be sure to use the version of the whitepaper recommended for this release.
To find the whitepaper:
You can also do the same search directly from the SSO Product Manuals site: http://support.openview.hp.com/selfsolve/manuals
If you plan to install the SA Command-line Interface (OCLI) on a Windows Server after upgrading to SA 10.21, you must update the SA Agent on that server to the latest version. Errors occur during OCLI installation on Windows servers with earlier SA Agent versions.
This section lists the tasks that should be performed after you upgrade to SA 10.21.
After you upgrade to SA 10.21, you should also upgrade to the 10.21 SA Agents on each Managed Server in the facility. If you do not upgrade your agents, the new functionality will not be available.
Additionally, SA 10.21 no longer supports SA Agents associated with SA 9.10 or earlier versions. Therefore, at a minimum, any SA Agents with version 9.10 or earlier must be upgraded to an SA Agent that is version 9.11 or later.
See the Upgrade Guide for instructions on upgrading your SA Agents.If you have customized such settings as Java heap settings, you must reapply your customizations after you install SA 10.21, as the settings are set to the SA default during installation or upgrade.
For more information on upgrade, see the Upgrade Guide.
WARNING: Do not rename SA default folders, including the Package Repository folder.
This section describes known issues for SA 10.21. The tables list issues first alphabetically by Subsystem, then numerically within each subsystem.
Note: The Server Automation-Executive Scorecard (SA-XS) integration does not support a configuration with XS 9.5 and SA 10.21. See XS documentation for details.
| QCCR1D | Symptom/Description | Platform | Workaround |
|---|---|---|---|
| APX Framework | |||
| 162834/193764 | The following error is displayed when you run an OS build plan, and that build plan is started on a different facility to the one that its target uses: "Failed to inject required settings.[Errno 2] No such file or directory: '/tmp/osbp_info/'" |
Independent
|
Due to a multi-Master mesh limitation, SA does not support running an OS build plan on target servers attached to a certain core while connected to different core with the SA client. |
| 202211 | Cloning with guest customization for a virtual machine from vSphere that was previously sanitized with 'BRDC HPSA agent sanitizer' APX will result in a virtual machine that will be displayed in SA if the agent on the original machine is installed in an non-system drive location. |
Independent | None. |
| Architecture | |||
| 143993/193285 | When two realms of a satellite datacenter have different tunnel weights to the core datacenters, chronic SERVICE_INSTANCE conflicts appear for newly installed agents upon agent startup. |
Independent | All gateways in a satellite facility should have the same weights defined for primary and backup tunnels. |
| Audit and Remediation | |||
| 183514/193178 | Audit Jobs self-conflict when proxied SessionCommand hits MAXIMUM timeout. | Linux | Make the local and remote timeouts for audits different values. In addition, make sure that way.ssct_proxy_timeout is larger than way.ssct_snapshotcompliance_timeout, to avoid conflicts and inconsistent results. |
| Certificate | 191641 | If the SA core is in FIPS enabled mode before a Core Recert start, then the first attempt of Core Recert's phase 7 will be a no-op. | Linux |
Restart the core after phase 6, log in to the SA Client, and run a Communicate test against any managed server. Then start the core recert in phase 7. Alternatively, re-run phase 7 after the initial attempt times out. |
| Command-Line Interface | |||
| 192256 | OCLI oupload command fails when using option "--old" if the Agent is in a Satellite facility. |
Independent | None. |
| 191551 | If you upgrade from a release prior to SA 10.1, and you want to use the OCLI, you will need to grant permissions on the /Opsware/Tools/Ocli folder in order to successfully use the latest version of the OCLI. If the SA user belongs to one of the following groups, no action needs to be taken: "Software Deployers", "Software Policy Setters", "Superusers". |
Independent | Grant the SA user the following permissions on the /Opsware/Tools/Ocli folder so that user can access the latest version of OCLI: "Software Deployers", "Software Policy Setters", "Superusers" |
| Gateway | |||
| 186115/189177 | During high activity periods tcp flows proxied over the SA gateway mesh may hang causing unexpected delays or failures in carrying out operations. Heavy OO-SA usage was observed to trigger this condition but it may occur sporadically without OO integration as well. | Independent | |
| QCCR1D | Symptom/Description | Platform | Workaround |
| Installer | 190859/190860 | If a satellite facility is given a custom realm name (different from the name of the facility) then SA won't be able to determine the home core DC of the satellite which can lead to functional issues. Way errors: Realm is currently unreachable. Cannot determine parent realm. |
Independent | Install the satellite realm with the default name (same as facility name) Contact SA support for workaround steps if a satellite is already installed and not functioning. |
| 203515/204346 | The Software Repository can complain about tens of missing files if you have a multislice environment on top of a custom LVM partition. | Linux | Re-do the partitioning steps manually. |
| Model Repository Multimaster Component (Vault) | 189533 | RUP - MM conflicts in ROLE_CLASSES table generated when Importing Windows Patch DB on lower schema core. | Independent | HP has reviewed this change request. After careful consideration regrettably HP has determined the requested change will not be addressed within the product. |
| OO Integration | |||
| 192430/192435 | Web Services Data Access Engine does not properly set the trust store when integrating with OO. | Independent | None. |
| Patch Management Backend | 187887/188563 | Solpatch_import does not function correctly when a Solaris 11 server is specified. | Solaris | None. |
| Provisioning (Backend) | |||
| 176162 | When using the RHEL 6.5 service OS, SCVMM 64-bit OSBPs should work with the 64-bit OGFS agent option. However, Hyper-V fails to boot into maintenance. This issue is related to a known Red Hat defect: https://bugzilla.redhat.com/show_bug.cgi?id=923184 |
Independent | Use PXE-less provisioning. |
| 160047 | Running an OS Build Plan on a device created on a facility different from the facility that the build plan will be in when reaching Maintenance mode might fail.
|
Independent | Create the device record with the correct Facility to begin with, that is, the facility that the server will register when reaching Maintenance mode. Alternatively, use the Manage Boot Client extension to configure the OS Build Plan to start automatically when the server reaches Maintenance mode. |
| 184918 | OSBP Windows and Linux Deployments sometimes fail with rosh error code 249 | Linux;Windows | On each core, enter the following commands: /etc/init.d/opsware-sas stop opswgw-mgw opswgw-cgws opswgw-agws cd /etc/opt/opsware/opswgw-agws1-<facility_name> mv opswgw.custom opswgw.custom.org echo "opswgw.PreConnectRetries=3" >> opswgw.custom /etc/init.d/opsware-sas start opswgw-mgw opswgw-cgws opswgw-agws To roll back the workaround, enter the following commands: /etc/init.d/opsware-sas stop opswgw-mgw opswgw-cgws opswgw-agws cd /etc/opt/opsware/opswgw-agws1-<facility_name> mv opswgw.custom.org opswgw.custom /etc/init.d/opsware-sas start opswgw-mgw opswgw-cgws opswgw-agws |
| 201287 | RHEL 7 provisioning over NFS fails on ProLiant. | Linux | If Proliant Drivers are not used, the issue does not occur. Use this procedure to remove the drivers:
However, the correct drivers are still required. You can also retry the provisioning with newer drivers, if available, before performing these steps. |
| 202884/203091 | Ubuntu 12.04.5 fails at Wait for the SA Agent if DHCPv6 is not enabled in VLAN. | Ubuntu | There are two workaround steps:
|
| Software Management (Backend) | |||
| 181556 | Installation and system failures occur when you install packages with circular dependencies and different install flags. |
Ubuntu | Do not use different install flags when you install packages with circular dependencies. Ideally, do not use any flags. To resolve the issue, as root, run a script that contains the following line: apt-get -f -y install |
| 188216 | SA cannot be used to install/uninstall RPMs that have a non-zero epoch on SLES 11 GA servers because the native tool used (zypper) does not support specifying a non-zero epoch for a package in an install or remove command. | SLES | Upgrade your zypper version or use packages that have a zero epoch. |
| 189493 | Neither the RPMs, nor the required libxml2-python library, is installed correctly if only the core package group is installed (typical in a minimal installation). Remediation with the native yum will fail. |
CentOs | Manually install the libxml2-python library. |
| 189579 | Removing either zypper version 2, or an RPM package, while installing zypper version 1 causes the status of the zypper version 2 RPM to be displayed as "Uninstalled as a Side-Effect", instead of "Uninstalled". This is caused by native zypper behavior which downgrades the RPM package, instead of uninstalling version 2 and then installing version 1. |
SLES | This change request is related to the 3rd party product for which HP does not have any ownership. It cannot be resolved by HP. |
| 191279 | The exit code for the yum shell (which is used by the yum plugin) is 0 (zero), even if the install commands executed inside the yum shell were successful or not. The consequence is that for failed installations or uninstallations the Job Status will be "Warning" instead of "Failed". |
Independent | HP has reviewed this change request. After careful consideration regrettably HP has determined the requested change will not be addressed within the product. |
| 202365 | The rpm version used for extracting the metadata cannot read RPM packages bigger than 4GB. | Linux | Split the big RPMs into smaller ones (under 4GB in size). |
| Usability | |||
| 193483 | In some cases, when you attempt to get page-level help for your current feature window, it results in a blank browser page. | Independent | Click the Show Navigation button, which is in the upper left corner of the window. The table of contents for the online help will be displayed. |
| Virtualization (Backend) | 201672 | V12n Clone VM Windows fails for agent installed at custom location (non-system drive agent). When trying to clone a VM with agent installed at a custom location, the clone job will fail with the following error: Update HP SA Agent Information failed with exit code 1.STANDARD ERROR (the last 10 KB): [...] IOError: [Errno 2] No such file or directory: 'C:\\Program Files\\Common Files\\Opsware\\etc\\agent\\mid |
Independent | None. |
The Fixed Issues table includes issues that:
The table lists issues first by subsystem, then numerically within each subsystem.
| QCCR1D | Symptom/Description | Platform | |
|---|---|---|---|
| Agent | |||
| 191450/191889 | Corrupt persisto file causes all future peval commands to fail. | Independent | |
| 193649/193651 | SA Agent doesn't work properly when code page cp28605 is set on managed Windows platform. | Independent | |
| 194419/194421 | SA Agent init.d script fails to run on AIX when /etc/environment contains a variable declaration that already exists and is read only. | AIX | |
| 194406/194468 | The ptymonitor script segfaults when it is started from the bs_software folder because the PATH environment variable is missing. | Linux | |
| 195034/195038 | Unicode characters outside the ASCII codeset from server scripts are replaced with "?" (question marks). | AIX | |
| APX Content/Framework | |||
| 187113/201440 | BRDC virus sanitizer, when used to sanitize a VM, does not interact well with the vCenter configuration wizard. A static IP address configuration is clobbered and will be restored to DHCP. | Independent | |
| 189127/190392 | The SA Agent could not be installed on a VM that was cloned, and was prepared with cloning APX. A race condition was detected, caused by the network setup running in parallel with the agent install. A delay of 5 minutes was added for the automatic agent install in the task scheduler. | Windows | |
| 192885/193163 | SSL protocols accepted for HTTPS communication cannot be configured. Support for configuring the SSL protocols accepted for HTTPS communication has been added via the new apxproxy.sslprotocols optional configuration parameter that can be set in the apxproxy.conf file or apxproxyOverrides.conf. By default the configuration parameter is commented out, thus apxproxy uses the Java defaults for setting the accepted SSL protocols. The active SSL protocols will be recorded at startup in the /var/log/opsware/apxproxy/apxproxy.log.0 logfile if apxproxy.sslprotocols configuration parameter is active and com.opsware.apxproxy.level is set to at least "FINE". |
Linux | |
| Audit and Compliance | |||
| 193457/193477 | Remediating all preparation takes a very long time on audits with many devices. | Linux | |
| 179510/194560 | Allow installation of core patch without enabling SSH login for the root ssh user. | Linux | |
| Gateway | |||
| 186115/189177 | During high activity periods tcp flows proxied over the SA gateway mesh may hang causing unexpected delays or failures in carrying out operations. Heavy OO-SA usage was observed to trigger this condition but it may occur sporadically without OO integration as well. | Independent | |
| Installer (OI) | |||
| 193972/194295 | Uninstalling the SA Satellite without uninstalling the patch first fails with a TypeError. | Linux | |
| Provisioning (Backend) | |||
| 188842/189133 | Twist error : ilo auto registration silently fails. There are two different transactions against devices table: one made by the Spin that updates a server record (agent registration) and the other one made by Twist to read the same record (iLO autoregistration).Twist always gets the old value of the server, even if the read operation is retried after 15 seconds. This was fixed by using a non-cached read operation. | Independent | |
| 193783/193788 | OS Build Plan fails reboot on satellite facility. | Independent | |
| SA Client Framework | |||
| 194765/195008 | Selecting a destination device to copy a source File from the Device Explorer unexpectedly sets that device to Rename mode. | Linux | |
| Scripts Backend | |||
| 192139/192141 | Running a script against a device group containing a server managed by v12n and a deactivated agent fails. | Independent | |
| Server Management Backend | |||
| 201412/201415 | ptymonitor should not open processes when the user's password is locked or expired. | Linux | |
| Software Management | |||
| 194229 | Scheduled Install Software jobs do not appear in Jobs and Session panel. |
Linux | |
| 201463/202108 | Unable to patch RHEL 7 servers with rhn_import because Red Hat has changed the Classic Network Channel workflows and replaced them with a new patch management system based on subscriptions. |
Linux | |
| Software Repository | |||
| 194286/194443 | During windows patches deletion, the patch becomes corrupted and the following CBT error is displayed: SEVERE: Command error. com.opsware.cbt.errors.CBTException: An error occurred during export. See log for details. at com.opsware.cbt.apps.Exporter.export(Exporter.java:189) ... Oct 20, 2014 10:12:36 PM com.opsware.cbt.util.FileProgressListener error SEVERE: Command Error Message: An error occurred during export. See log for details. ... at com.opsware.cbt.apps.CBT.main(CBT.java:191) |
Independent | |
| 194285/194439 | If a unit is uploaded with the same unit_loc of a previously deleted unit, then |
Windows | |
| 183704/195156 | Core Content Synchronization is not working as expected. | Linux | |
This section discusses documentation information for this release.
Best Practices for using SA rhn_import to download Red Hat content for RHEL 7
All the latest Server Automation documentation for this release is available from the SA 10.x Documentation Library on the HP Software Support portal.
This portal requires that you register for an HP Passport and sign in. Use the SA Documentation Library to access any of the guides, release notes, support matrices, and white papers relevant to this release or to download the full documentation set as a bundle. The SA Documentation Library is updated in each release and whenever the release notes are updated or a new white paper is introduced.
A direct link to the SA Documentation Library is also provided on the SA Client Help Welcome Page. From the SA Client menu, select Help > Help Contents, Index and Search.
Note: You can always find the most up-to-date SA Documentation Library on the HP Software Support portal. This portal requires that you register for an HP Passport and sign in. After signing in, click the Search button and begin filtering documentation and knowledge documents using the filter panel. If you do not have an HP Passport, you will be given an opportunity to register for one from the login page.
This section includes a list of technical information resources for each product.
To access the information resources for the included products, use any of the following methods:
Note: A direct link to the SA Documentation Library is also provided on the SA Client Help Welcome Page. From the SA Client menu, select Help > Help Contents, Index and Search.
Note: Some of guides and white papers, although released in earlier patches, are still relevant to this release. You will also receive updated or new editions if you subscribe to the appropriate product support service. Contact your HP sales representative for details. Note the Document Release Date on the title page of your guide and see the Documentation Change Notes on page 3 of most documents for a list of any revisions. The release-notes change table is at the bottom of this document.
Agent Tools must be run as the root user on UNIX/Linux systems or as an Administrator on Windows systems.
Correct:
Agent Tools must be run as the root user on UNIX/Linux systems or as the Administrator on Windows systems.
Performing this procedure does not shut down or uninstall SA in a facility. Decommission facilities with care, because this task cannot be undone. When you decommission a facility, the facility is still listed in the SA Client, however, it is grayed out.
Note: Short names cannot be reused, even if they belonged to a decommissioned facility.
Preliminary Steps
Before you decommission a facility, you must perform preliminary steps on that facility.
To perform preliminary steps:
usage:
migrate_sessions.sh -d <destination_facility_id> -f <filename to hold the session id>
Decommissioning
To decommission a facility using the SA Client, perform the following steps.
To decommission a facility:
- In the SA Client, deactivate the SA agent on all of the core’s component hosts. Make sure that the SA Agent’s lifecycle displays a Deactivated status.
- Go to Administration > Facilities.
- In the list of facilities, right-click the core and chose Decommission. Make sure that the core’s facility status is inactive.
- Verify that all the jobs still run successfully.
After you have deactivated a facility, you must delete the deactivated core host. This prevents system diagnostic errors.
"There are two new optional parameters for the enable_ipv6.sh script:
• -i <IPV6 address>: use specified IPV6 address instead of autodiscovered based on hostname DNS
AAAA resolution.
• -n : do not start/restart SA components when making configuration file changes."
Upgrading the Model Repository in a RACed Environment
You must perform pre-upgrade steps before you upgrade the repository, and post-upgrade steps after you upgrade.
Pre-upgrade steps:
1. Backup vault.conf and opsware_start.config files or they will be overwritten by the installer. These files were modified for Oracle RAC.
/etc/opt/opsware/vault/vault.conf
/opt/opsware/oi_util/startup/opsware_start.config
2. Update the tnsnames.ora file.
In an Oracle RAC environment, only one of the RAC nodes is used during the installation/upgrade process. The SA Installer connects to only one Oracle instance to modify the Model Repository. During normal SA operations, all the RAC nodes are used.
To accommodate the remote Model Repository install/upgrade process in Oracle RACed environment, the following two tnsnames.ora files are required on the SA server. (By default, SA expects the tnsnames.ora file to be located in /var/opt/oracle.)
— tnsnames.ora-install_upgrade
This copy of tnsnames.ora is used during SA installation/upgrade. The file can be renamed.
— tnsnames.ora-operational
This copy of tnsnames.ora is used during normal SA operation. The file can be renamed.
During the upgrade process, you can use soft links to point the tnsnames.ora file to tnsnames.ora-install_upgrade.
The tnsnames.ora links can be changed as follows:
– Make sure that none of the clients are connected to the Oracle RACed database.
– Use soft links to point tnsnames.ora to tnsnames.ora-install_upgrade.
For example: $ln –s tnsnames.ora-install_upgrade tnsnames.ora
3. Start SA.
Post-Upgrade Steps:
1. Verify vault.conf and opsware_start.config files.
Prior to the upgrade these files were backed up. Look at section ‘vault.conf File Changes’ and the backed up files and replace the value of truth.sid. The installer may try to re-start the Vault during the upgrade process and it might fail due to an incorrect truth.aid value. In that case, make the changes to vault.conf and then re-start the installer.
2. Update tnsnames.ora file
After the entire SA upgrade is done, change the soft link and point tnsnames.ora to tnsnames.ora-operational. During normal SA operation, the installer connects to the database through all the active RACed node.
The tnsnames.ora links can be changed as follows:
— Make sure that none of the clients are connected to the Oracle RACed database.
— You can use softlinks to point tnsnames.ora to tnsnames.ora-operational.
For example, $ln –s tnsnames.ora-operational tnsnames.ora
3. Start SA.
Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00150
Windows: https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00150
If you attempt to get page-level help for your current feature window, and it results in a blank browser page, click the Show Navigation button, which is in the upper left corner of the window. The table of contents for the online help will be displayed.
You must perform pre-upgrade steps before you upgrade the repository, and post-upgrade steps after you upgrade.
Pre-upgrade steps:
1. Backup vault.conf and opsware_start.config files or they will be overwritten by the installer. These files were modified for Oracle RAC.
/etc/opt/opsware/vault/vault.conf
/opt/opsware/oi_util/startup/opsware_start.config
2. Update the tnsnames.ora file.
In an Oracle RAC environment, only one of the RAC nodes is used during the installation/upgrade process. The SA Installer connects to only one Oracle instance to modify the Model Repository. During normal SA operations, all the RAC nodes are used.
To accommodate the remote Model Repository install/upgrade process in Oracle RACed environment, the following two tnsnames.ora files are required on the SA server. (By default, SA expects the tnsnames.ora file to be located in /var/opt/oracle.)
— tnsnames.ora-install_upgrade
This copy of tnsnames.ora is used during SA installation/upgrade. The file can be renamed.
— tnsnames.ora-operational
This copy of tnsnames.ora is used during normal SA operation. The file can be renamed.
During the upgrade process, you can use soft links to point the tnsnames.ora file to tnsnames.ora-install_upgrade.
The tnsnames.ora links can be changed as follows:
– Make sure that none of the clients are connected to the Oracle RACed database.
– Use soft links to point tnsnames.ora to tnsnames.ora-install_upgrade.
For example: $ln –s tnsnames.ora-install_upgrade tnsnames.ora
3. Start SA.
Post-Upgrade Steps:
1. Verify vault.conf and opsware_start.config files.
Prior to the upgrade these files were backed up. Look at section ‘vault.conf File Changes’ and the backed up files and replace the value of truth.sid. The installer may try to re-start the Vault during the upgrade process and it might fail due to an incorrect truth.aid value. In that case, make the changes to vault.conf and then re-start the installer.
2. Update tnsnames.ora file
After the entire SA upgrade is done, change the soft link and point tnsnames.ora to tnsnames.ora-operational. During normal SA operation, the installer connects to the database through all the active RACed node.
The tnsnames.ora links can be changed as follows:
— Make sure that none of the clients are connected to the Oracle RACed database.
— You can use softlinks to point tnsnames.ora to tnsnames.ora-operational.
For example, $ln –s tnsnames.ora-operational tnsnames.ora
3. Start SA.
Adding a New Core or Slice to a Recertified Core Multimaster Mesh
Pre-SA 10.1, the core recertification procedure did not re-sign Model Repository (truth) data and other SA data. During operation, both old/archived and new CAs are loaded to validate the signatures. As of SA 10.1, core recertification re-signs SA data.
If your mesh was recertified prior to SA 10.1, before adding a new core/slice to this recertified mesh, run re-signing scripts. Contact support to obtain the re-sign scripts and instructions on how to run them. Re-sign scripts might take a long time to finish, depending on the amount of data to re-sign.
Note: If FIPS is enabled, you must use SHA1, not SHA256, as the hashing algorithm.
1. Log into the SA Web Client as a user that belongs to SA Administrators group. The SA Web Client home page appears.
1. Log into the SA Web Client as a user that belongs to the SA System Administrators group.
Text to be replaced: The current CML parser requires that neither whitespace nor '@' appear inside a CML tag.
Replace with: The current CML parser does not allow whitespace to appear inside a CML tag. The '@' symbol can be escaped by prepending it with another '@'.
(Note: The new text should replace all notes that talk about @ not appearing in CML tags, including in the CML Overview section.)
Remediating Patch Compliance for Servers
Note: This section does not apply to ESXi.
When you remediate patch compliance for one or multiple servers, you can choose to remediate either all of the policies attached to the servers or choose to remediate individual policies.
To remediate patch policies on one or multiple servers:
1. In the Device Explorer, in the navigation pane, select Devices > Servers > All Managed Servers.
2. From the View drop-down list, select Compliance.
3. Select one or more servers.
4. In the details pane of the Compliance view, expand the Patch category and select a patch policy that is attached to the selected servers. Or, select the top level Patch category if you want to remediate all of the patch policies attached to the selected servers.
5. Click Remediate and then complete the steps in the Remediate wizard.
Remediating Patch Compliance for Device Groups
When you remediate patch policies on one device group, you can remediate all the policies attached to all device groups. However, when you select a group, you can only remediate all patch policies attached to all groups and any sub-groups.
To remediate patch policies on one or multiple device groups:
1. In the Device Explorer, in the navigation pane, select Devices > Device Groups.
2. From the View drop-down list, select Compliance.
3. Select one or more device groups.
4. In the details pane of the Compliance view, expand the Patch category and select a policy that is attached to the selected groups. Or, select the top level Patch category if you want to remediate all of the policies attached to the selected groups.
5. Click Remediate and then complete the steps in the Remediate wizard.
• Custom attributes changes.
Extra installer options: This enables you to specify any other installer options, such as:
--log file <path> allows you to specify the path to the installer log file.
Extra installer options: This enables you to specify any other installer options, such as:
--logfile <path> allows you to specify the path to the installer
log file.
• Jobs that were run on the server, such as snapshots, audits, patch and software policy remediations.
• Custom attributes changes.
Note: For servers, device groups, OS installation profiles, and software policies custom attributes changes are reflected in the History panel.
You can now execute server scripts that do not change the server (Change Server option is set to No) in parallel with other scripts. This functionality is governed by the following configuration parameters:
Using the Native Zypper to Remediate RPM Packages
The native tool Zypper is used to analyze and install the phase of the remediation process on the managed server.
Server Requirements
In order to work with Zypper, your managed server must be SLES 11 GA or later. This option is automatically selected when the managed server is SLES 11 GA ++ (no other remediation options are provided for the selection).The installed zypper version can be identified by running the following command in the command line:
zypper –versionFor complete SA support and compatibility information for this release, see the HP Server Automation Support and Compatibility Matrix .
Note: In the SLES service pack upgrade process, all rpm packages from upgrade software policy have to be marked with the option Install RPM only if an earlier version is installed. See Setting Installation and Update Options for an RPM on page 32 for more information.
Zypper Restrictions
Zypper does not support :
Even for SA-installed software, the software inventory does not maintain relationships between the SA library packages used in the install job and the items in the inventory, because the same package can be duplicated in several folders of the SA Library, with each package having its own properties, including uninstall parameters and scripts. As a result, uninstalling a package from the server inventory will not use the uninstall parameters and scripts of any package in the SA Library. To uninstall a package using uninstall parameters and scripts, see the section entitled Installing/Uninstalling Software without a Software Policy in this guide.
To accommodate the remote Model Repository install/upgrade process in Oracle RACed environment, the following two tnsnames.ora files are required on the SA server.( By default, SA expects the tnsnames.ora file to be located in /var/opt/oracle.)
After the SA upgrade is completed, change the soft link and point tnsnames.ora to tnsnames.ora-operational. During normal SA operation, the installer connects to the database through all the active RACed nodes.
The tnsnames.ora links can be changed as follows:
For more information, see the SA Oracle Setup for the Model Repository guide, Oracle RAC Support section.
This web site provides contact information and details about the products, services, and support that HP Software offers. For more information, visit the HP Support web site at: HP Software Support Online.
HP Software support provides customer self-solve capabilities. It provides a fast and efficient way to access interactive technical support tools needed to manage your business.
As a valued support customer, you can benefit by being able to:
To access the Self-Solve knowledge base, click Search. Use the filter panel to search for knowledge documents, product manuals, patches, or any kind of available documentation type.
Note: Most of the support areas require that you register as
an HP Passport user and sign in. Many also require an active support contract.
To find more information about support access levels, go to:
Access Levels.
If you do not have an HP Passport, you will be given an opportunity to register for one from the login page.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
© Copyright 2000-2014 Hewlett-Packard Development Company, L.P.
Adobe® is a trademark of Adobe Systems Incorporated.
Intel® and Itanium®
are trademarks of Intel Corporation in the U.S. and other
countries.
Microsoft®, Windows®‚ Windows® XP are U.S. registered trademarks
of Microsoft Corporation.
Oracle and Java are registered trademarks of Oracle
and/or its affiliates.
UNIX® is a registered trademark of The Open
Group.
| New Publication Date | Change |
To check for recent updates or to verify that you are using the most recent
edition of a document, go to:
SA 10.x Documentation Library.
You will receive updated or new editions if you subscribe to the appropriate product support service. Contact your HP sales representative for details.