Software version: 10.10
Original Publication Date: June 30, 2014
This document provides an overview of the HP Server Automation 10.10 release. It contains important information not included in the manuals or in the online help.
All the documentation is available from the new SA 10.x Documentation Library. See the section Documentation Information for instructions on how to use the Documentation Library to access the guides and whitepapers relevant to this release.
SA release notes contain information for users who are familiar with the installation and maintenance of SA, Storage Visibility and Automation, SE Connector, Application Deployment Manager, and DMA integration. The notes contain information that is not included in books or online Help.
What's New in This Release |
Post-Installation / Upgrade Tasks |
Documentation Information |
Deprecation Announcements |
Known Issues |
HP Software Support |
Installation |
Fixed Issues |
Legal Notices |
This section describes new functionality and other relevant release-specific information.
For information about what was new in previous releases, please see the corresponding release notes at: http://support.openview.hp.com/selfsolve/document/KM00774555/binary/SA_10.1_Release_Notes.html.
Important: SA 10.1 uses OpenSSL 1.0.1h and, as a result, is not susceptible to the Heartbleed or Man in the Middle vulnerabilities.
This section lists the operating-systems supported on the SA Client.
For complete SA support and compatibility information, see the HP Server Automation Support and Compatibility Matrix for this release at: http://support.openview.hp.com/sc/support_matrices.jsp.
For a list of supported operating systems and platforms for Storage Visibility and Automation Managed Servers, SE Connector, SAN Arrays, Fibre Channel Adapters, SAN Switches, File System Software, Database Support, and Storage Essentials Compatibility, see the Storage Visibility and Automation Support and Compatibility Matrix at the same link.All SA and Storage guides are available at: http://support.openview.hp.com/selfsolve/manuals.
For more information about supported configurations, see SA 10.10 Installation Guide, chapter 2: “SA Core Configurations Supported For Customer Installation”.
Important: See Deprecation and End-of-Support Announcements for important SA Agent version deprecations and end-of-support announcements. See Post-Installation/Upgrade Tasks for the SA Agent upgrade requirement.
For information on the Agent Upgrade tool, on installing the agent, and on bringing servers under SA management, see the SA User Guide: Server Automation.
The SA Agent Installer was added as a Web Services Data Access Engine (Twist) service.
SA now supports two-factor authentication using Department of Defense personal identity verification (PIV) smart cards.
Central processing unit (CPU) properties are now displayed in the SA Client in the Inventory > Hardware window.
Database and Middleware Automation (HP DMA) is no longer installed as part of Server Automation. Starting with HP DMA version 10.00, HP DMA is available as a separate product with its own installation media. HP DMA 10.0x is still integrated with Server Automation, however. For more information, see the HP DMA Installation Guide.
The Interactive Installation Configurator (iDoc) allows you generate and view (PDF) an SA Core installation procedure document that is confined to only the SA Core configuration and the SA Core Host operating system you have selected. This allows you to view (PDF) or print an installation procedure document that does not contain information intended for SA Core configurations or core host operating systems that are not relevant to the installation you intend to perform.
Simply run SA_10.10_core_install_config.zip in a browser, select your preferred SA Core Layout and core host operating system and select View or Print.
SA complies with the Federal Information Processing Standards publication 140-2, a security standard that enables government entities to procure equipment that uses validated cryptographic modules. During installation you can choose to enable FIPS by setting the fips.mode parameter to enabled.
When FIPS is enabled, you will be restricted to SHA1 as the hash algorithm. You will be prompted during the installation to specify whether FIPS should be enabled or not.
Under normal security conditions, HP recommends using SHA1 with a key length of 2048. Higher security requirements could require FIPS with a key length of 4096 or SHA256.
Note that use of FIPS or SHA256 can impact core performance. Contact your Security Administrator for more information.
See the SA Installation Guide: Appendix G, "HP SA FIPS 140-2 Compliance Statement".
You can access the Installation Guide through the SA 10.x Documentation Library.
SA 10.10 requires that the following ports be open:
8084/8086 - For bandwidth management, if enabled
These, and other ports, are configurable at install/upgrade time through installer parameters.
Note: In addition, other ports are required to be open for previous releases of SA. See the corresponding release notes at:
http://support.openview.hp.com/selfsolve/manuals.
If your SA Core matches one of the SA Core configurations supported for customer upgrade and described in Chapter 2: SA Core Configurations in the SA Installation Guide, you can upgrade from a previous SA version to SA 10.0 yourself. However, if your core does not match any of these SA Core configurations, your first SA Core upgrade to SA 10.0 from a previous version must be performed by HP Professional Services or an HP certified consultant.
After the core has been upgraded to SA 10.0, HP supports customer-performed upgrades to SA 10.x or later as long as your core configuration is one of the supported configurations. All other core configurations will continue to require the services of HP Professional Services. If you are uncertain whether you can upgrade an existing SA Core yourself, contact HP Technical Support.
In addition to Simplified Chinese and Japanese, the SA 10.10 interface has now been localized to German, Russian, French, and Spanish.
Updates pertaining specifically to the OO-SA integration (Server Automation operations performed within Operations Orchestration) are delivered via the HP Live Network at https://hpln.hp.com/.
The SA distributions Media includes preinstalled customized Oracle 12.1.0.1 RDBMS software and the truth database that can be installed during the SA core installation.
You can also use the Oracle Universal Installer to manually install an Oracle 11g or 12c database, however, you will need to perform certain tasks that the HP-supplied database performs automatically on installation.
See the SA 10.10 Installation Guide, Appendix A, Oracle Setup for the Model Repository.
The following new features have been added to Provisioning for this release:
The following new build-plan features have been added:
The following types of OS Sequences are deprecated:
Instead of OS Sequences, use Build Plans for new provisioning jobs.
For more information on Provisioning, see the SA Provisioning guide (in the SA 10.x Documentation Library).
Server Automation (SA) now supports patch management for Ubuntu, enabling you to identify, install, and remove Ubuntu Debian package updates, and maintain a high level of security across managed servers in your organization.
For more information on patching, see the SA User Guide: Server Patching (in the SA 10.x Documentation Library).
OCLI can now be installed using a software policy on the managed servers.
HP Server Automation (SA) can be used to view and manage Chef Cookbooks and run Chef Recipes. You can upload native Chef Cookbooks to SA, manage them in SA, and run Chef Recipes from SA without having to deploy parallel Chef infrastructure.
Features include:
See the SA User Guide: Chef Cookbook Management for more information. You can access this guide in the SA 10.x Documentation Library.
In order to improve the performance and scalability of remediation jobs, both the job backend and the UI responsible for displaying the job progress and job results were redesigned. Redundant or verbose data was dropped from the job results, reducing the load on the SA components.
The user experience is now enhanced by having only relevant data displayed to the user, thus making the user interface much more usable, especially for large remediation jobs. (CR: QCCR1D165183/ 167473)
Software policies can now be detached without remediation. (ER: 166081)
There is a new attribute implemented in mapping.xml:
<Attribute source='Node/Vendor' target-attr='vendor' enable='false'/>
When enabled (TRUE), the data is flowing in UCMDB.
Two non-supported features (Code Deployment and Rollback (CDR), and Configuration Tracking) were removed from the SA Client interface.
CDR was replaced by ADM. Configuration Tracking was replaced by A&R.
The following new features have been added to Virtualization Management for this release:
SA's OpenStack as a Virtualization Service provides the ability to add your in-house deployment of OpenStack as a Virtualization Service to discover Projects and VMs (OpenStack Instances).
SA complies with the Federal Information Processing Standards (FIPS) publication 140-2, a security standard that enables government entities to procure equipment that uses validated cryptographic modules. If FIPS is enabled, you need to upload CA certificates for each virtualization service.
For information about FIPS, see Chapter 5, “SA Core Installation” and Appendix G, “HP SA FIPS 140-2 Compliance Statement” in the SA Installation Guide.
Secure Mode in SA Virtualization is enabled (or True) by default in a new SA 10.10 installation and disabled (or False) on an upgrade to SA 10.1.
See also the deprecated and unsupported sections of these release notes for deprecated and unsupported virtualization components.For information about editing Virtualization Secure Mode and uploading CA certificates, see Appendix B, “Virtualization Security” in the User Guide: Virtualization Management. To access this guide, see the SA 10.x Documentation Library.
This section lists deprecated platforms, features, and agents for this release as well as previously deprecated items that have now reached the end of their support lifecycle.
When a platform/agent/feature is identified as deprecated for a release, it means that you (the SA customer) are considered notified of its future removal. Deprecated features are still fully supported in the release they are deprecated in, unless specified otherwise. The intent is that deprecated features or platforms will have support removed in the next major or minor SA release; however, eventual removal is at the discretion of HP.
The following platforms are deprecated as of SA 10.0:
After you upgrade to SA 10.10, you should also upgrade to the 10.10 SA Agents on each Managed Server in the facility. If you do not upgrade your agents, the new functionality will not be available.
Additionally, SA 10.10 no longer supports SA Agents associated with SA 9.10 or earlier versions. Therefore, at a minimum, any SA Agents with version 9.10 or earlier must be upgraded to an SA Agent that is version 9.11 or later.See the SA 10.10 Upgrade Guide (in the SA 10.x Documentation Library) for instructions on upgrading your SA Agents.
Agent Upgrade Tool
The Agent Upgrade Tool that is run from the OPSH shell and allows upgrading the agents on managed servers was deprecated. As of SA 10.0, a replacement APX was introduced that has several improvements and can be run from the SA Client.
The following API methods were removed following the move of application configurations into folder in SA 9.0:
Business Service Automation Essentials (BSAE) Reporting was removed in SA 10.1. It has been replaced by the Automation Insight (AI) product.
See Automation Insight (AI) documentation for details.
The SA Web Client is being deprecated. The majority of the features that we intend to retain have been ported to the SA Client (NGUI).
OS Sequences are being replaced by OS Build Plans. See the SA Provisioning Guide for instructions.
The Embedded Reports feature is deprecated as of SA 10.1.
The following platforms are no longer supported as of SA 10.0:
Legacy Job Types No Longer Supported New Replacement Job Types Clone Virtual Machine (VMware) Clone Virtual Machine Create Virtual Machine (Hyper-V)
Create Virtual Machine (VMware)Create Virtual Machine Delete Virtual Machine (Hyper-V)
Remove Virtual MachineDelete Virtual Machine Modify Virtual Machine
Modify Virtual Machine (Hyper-V)Modify Virtual Machine Note: Any scheduled or blocked jobs of the legacy job types will be marked as Deleted during migration.
- Virtual Server Management Actions Individual hypervisor management for ESX, ESXi, and Hyper-V is no longer supported. You need to integrate with a VMware vCenter Server to manage ESX and ESXi hypervisors and VMs, or Microsoft’s System Center Virtual Machine Manager (SCVMM) to manage Hyper-V hypervisors and VMs.
- All of the APIs, Reports, and SMOs that were previously deprecated have been removed. New APIs are available for the virtualization management through vCenter and SCVMM.
As of SA 7.80, the following scripts are no longer supported:
Starting In SA 9.0, you must use the unified start script:
/etc/init.d/opsware-sas
If you have any applications or scripts that depend on this script, you must rewrite them to use the unified start script.
See the SA Installation Guide for installation instructions: http://support.openview.hp.com/selfsolve/document/KM00774557/binary/SA_10.1_InstallationGuide.pdf
Certain SA Client features (such as Run OS Build Plan or HP UX Provisioning) require the Adobe Flash Player. If you try to run these features, and you have not yet installed Adobe Flash Player, you will get an error.
To make sure Adobe Flash Player functions correctly and to avoid the error message, you should:This section lists the tasks that should be performed after you install or upgrade to SA 10.10. Some tasks might not be appropriate for your situation.
If you plan to install the SA Command-line Interface (OCLI) on a Windows Server after upgrading to SA 10.10, you must update the SA Agent on that server to the latest version. Errors occur during OCLI installation on Windows servers with earlier SA Agent versions.
This section lists the tasks that should be performed after you upgrade to SA 10.10.
After you upgrade to SA 10.10, you should also upgrade to the 10.10 SA Agents on each Managed Server in the facility. If you do not upgrade your agents, the new functionality will not be available.
Additionally, SA 10.10 no longer supports SA Agents associated with SA 9.10 or earlier versions. Therefore, at a minimum, any SA Agents with version 9.10 or earlier must be upgraded to an SA Agent that is version 9.11 or later.
See the SA 10.10 Upgrade Guide for instructions on upgrading your SA Agents.If you have customized such settings as Java heap settings, you must reapply your customizations after you install SA 10.0, as the settings are set to the SA default during installation or upgrade.
Note: The Server Automation-Executive Scorecard (SA-XS) integration does not support a configuration with XS 9.5 and SA 10.1. See XS documentation for details.
| QCCR1D | Symptom/Description | Platform | Workaround |
|---|---|---|---|
| Agent | |||
| QCCR1D167917/ 168222 | The process of uninstalling an agent on Windows freezes and does not proceed without user input when the following command is run: msiexec /x C:\Program Files\Opsware\agent\pylibs\cog\uninstall\agent_uni?nstall_x64.msi/qn FORCE="1" |
Windows | Use the following command (which performs a silent agent install) instead: C:\Program Files\Opsware\agent\pylibs\cog\uninstall>agent_uninstall.bat --force |
| APX | |||
| QCCR1D112384 | It is not possible to enable debug logging on the /opsw/bin/apx client in the OGSH. | Linux | Use strace linux command. For online linux manpages please check the reference: http://man7.org/linux/man-pages/man1/strace.1.html |
| Audit | |||
| QCCR1D151552 | If you cancel a running audit job, and a target server shows a "SKIPPED" job status in the audit results, until an audit has successfully run, the server's compliance view shows the following incorrect status for the policy:
“Policy has changed since the last scan”. |
Independent | Rerun the audit job. |
| QCCR1D162962 | When you export audit results to XML, the results will not be correctly displayed if they include text that has an accented character. The following error appears in the results:
XML page cannot be displayed. Invalid character was found in text content. |
Independent | None. |
| QCCR1D165732 | Running a snapshot-based audit with multiple Perform Inventory rules will result in the following RuntimeException error:
Multiple Inventory checks are not supported for snapshot-based audit. Optionally, run the corresponding rule types with (*) option. |
Independent | Run the snapshot-based audit for corresponding rule types with the (*) option instead of the Perform Inventory option enabled. |
| QCCR1D183967 | Running a "Users and Group" remediation job with multiple uses and user groups will fail with error message: "No Group found". | Independent | Run a "Users and Group" remediation job with user groups followed by a remediation job to remediate users that belong to the remediated user group. |
| Certificate | |||
| QCCR1D184455 | Running the Core Recert procedures on a FIPS-enabled core will cause start-up failure of the buildmgr Core component after phase 9. | Linux | To avoid this issue: 1. Set the /etc/opt/opsware/crypto/security.conf FIPS field to zero (0) for all core and satellite boxes in the mesh. 2. Start the Core component in the order specified by the Core Recert document. |
| DCML Export Tool (DET) | |||
| QCCR1D141375/ 142522 | DET full export process often stops and does not continue. In addition:
|
Linux | Run the DET process with a single CBT thread. To do this, set cbt.numthreads=1 in the CBT configuration file. The default location on the HP Server Automation core for the configuration file is: /opt/opsware/cbt/cfg/default.properties |
| QCCR1D | Symptom/Description | Platform | Workaround |
| Installer | |||
| QCCR1D172654/ 172880 | Unable to start httpsProxy. SA installer should validate /etc/hosts against multiple 'localhost' definitions. | Linux | In the /etc/hosts file, remove 'localhost' and 'localhost.localdomain' from the definition line that begins with ::1. Save the file, and retry the installer. Note: This installer issue is only valid for Major release not CORD release. |
| QCCR1D186167 | Gateway Load Balance settings are incomplete in multi-slice setup causing way job failures (waybot.badObjectId error). | Independent | 1. Run the command 'wc -c /etc/opt/opsware/opswgw-cgws*/opswgw.pcache' on all slices in a particular realm. The output should look as follows: 2. Copy the file that has the most number of characters, as displayed by the above command, to the other slices in the realm to the same location, thereby overwriting the one already present in the slice. 3. Restart the code gateway using the command '/etc/init.d/opsware-sas restart opswgw-cgws' on the slices to which the opswgw.pcache was copied in step 2. |
| Managed Platforms | |||
| QCCR1D160543 | HPLN APX content developed for 'platfrom_linux' stream fails on content reload | Independent | None. |
| Model Repository | |||
| QCCR1D172374/ 172530 | Creation of secondary core failed with error: ORA-31685: Object type PROCEDURE:"AAA"."GATHER_AAA_SCHEMA_STATS" failed due to insufficient privileges. |
Independent | On the database server do the following, or, if you have a RACed environment, then log into one of the RAC nodes and run the following. 1. su – oracle 2. sqlplus opsware_admin/<password> 3. SQL> select * from dba_sys_privs where grantee = 'AAA'; -- privilege 'create procedure' will not be there 4. SQL> grant create procedure to aaa; 5. SQL> select * from dba_sys_privs where grantee = 'AAA'; -- privilege 'create procedure' should be there 6. Restart the HPSA installer. The installer will figure out that AAA was incomplete. It will cleanup AAA schema and re-import it. |
| Provisioning | |||
| QCCR1D168921 | tftp writing does not work on SLES. | SLES | None. |
| QCCR1D184355/ 184356 | TMBC configuration resets the dhcpd server which can cause PXE boot failures for multiple concurrent builds. | Windows | Put a sleep delay between the MBC operation and start the VMs. |
| QCCR1D187163 | PINP step with ipv6 enabled does not work for Windows. |
Windows | The network where you provision Windows machines cannot be IPv6 enabled. That is, no Router Advertisements should be sent in that network by the gateway. To fix this issue, patch the step called "Personalize Network Settings of Installed System" (post_install_network_personalization.py) and replace line 80 |
| QCCR1D | Symptom/Description | Platform | Workaround |
| Patch Management | |||
| QCCR1D100566 | Although the reboot is performed correctly, when you preview remediating a patch policy on a server, or view the job status for a patch policy that is already remediated, the reboot setting might incorrectly display “Install and Reboot Later” when it should display “Install and Reboot”. | Solaris | A workaround is not required because the reboot is performed correctly, even though the display may be incorrect. |
| QCCR1D131674/ 131725 | Using the create solaris patch policy services exposed in the API can result in the creation of Solaris Patch Policies with an inappropriate Platform. |
Solaris | Solaris patch policies created with a non-Solaris platform can be updated with the correct Solaris platform using the UAPI method SoftwarePolicyService.update. |
| QCCR1D137915/ 153979 | You might encounter the following error when attempting to import Solaris Patch Supplement content on a Fujitsu server that is missing the appropriate Fujitsu credentials in the solpatch_import.conf file. Sample error: live-network-connector:ERROR : Import of content Solaris Patch Supplement version 2.00.00-01 failed. Exception: [PostExecuteError] Non-zero exit (6) for post-execute command '/tmp/tmpgcTtsa/install.sh'. 2011-08-31 19:09:48,823 live-network-connector:DEBUG : Associated metadata: /content/sas/solaris_patching/ dd78741ee8ea41718ca70bf0debf3f51.metadata.xml 2011-08-31 19:09:48,824 live-network-connector:DEBUG : { File "modules/lnc_client.py", line 584, in _importStreams File "modules/content-handlers/content_uncompress.py", line 87, in import_content File "modules/lnc_common/ContentType.py", line 111, in do_post_execute } |
Solaris | This issue is caused by the fact that Fujitsu recently started requiring username/passwords to download README's from their website.
1. If you have a Fujitsu account, enter the Fujitsu account credentials into /etc/opt/opsware/solpatch_import.conf. Here are the Fujitsu credential entries in the solpatch_import.conf file: fujitsu_download_user=<user name> 2. You can also do a temporary workaround to disable the attempted download of Fujitsu account information by editing the /etc/opt/opsware/solpatch_import/collections.xml file to remove the <Fujitsu_clusters> tag information. This will prevent the solpatch_import script from attempting to import the Fujitsu README files. Here is an example of the XML data that will need to be removed: fujitsu_download_pass=<password> <fujitsu_clusters> <download_url>ftp://ftppatch.computers.us.fujitsu.com/ fjrs_cluster/${fujitsu_filename} </download_url> <readme_url>ftp://ftppatch.computers.us.fujitsu.com/ fjrs_cluster/README.${fujitsu_basename} </readme_url> <fujitsu_cluster name="Fujitsu Solaris 10 OS Recommended Patch Cluster"> <file_name>10_Recommended.zip</file_name> </fujitsu_cluster> <fujitsu_cluster name="Fujitsu Solaris 9 OS Recommended Patch Cluster"> <file_name>9_Recommended.zip</file_name> </fujitsu_cluster> <fujitsu_cluster name="Fujitsu Solaris 8 OS Recommended Patch Cluster"> <file_name>8_Recommended.zip</file_name> </fujitsu_cluster> </fujitsu_clusters> |
| QCCR1D146902/ 157891 | Solaris 11 Patch policies should prevent the user from changing the reboot option to something other than the default option: 'Hold all server reboots until all actions are complete.' | Solaris | Always ensure that the reboot option is 'Hold all server reboots until all actions are complete.' when remediating Solaris 11 Patch Policies. |
| QCCR1D147304 | Recommended patches KB979309 and KB2416400 are not shown as recommended in SA, but are present in scanpatchoutput. | Windows | None. |
| QCCR1D156610/ 159052 | A failure occurs during the remediation because all agent reboots are not held to the end. Instead the agent is rebooted as required by the software(patch) being installed. The point of failure is a patch that is being installed while the reboot is being done for the patch prior to it that requested a reboot. | Independent | None. |
| QCCR1D161961 | Uninstalling an SP1 patch on Windows 2008 R2 fails with timeout. | Windows | When the next scan occurs, the status will be updated. |
| QCCR1D162337 | Windows 2k12 software policy remediation fails with the following type of error: 'AGENT_ERROR_PATCH_DATABASE_CERTIFICATE_ERROR' | Windows | Import and run the latest (later than October 2012) Microsoft patch CAB file once. You should only have to do this one time. |
| QCCR1D168977 | Unable to uninstall a Microsoft patch. | Windows | None. If you cannot uninstall a patch, it means that Microsoft no longer supports that patch. |
| QCCR1D170780 | Patch will install but will not appear as an installed item in the Windows control panel, and the patch cannot be uninstalled. | Windows 2012 | None. You will not be able to uninstall the patch. |
| QCCR1D184160 | For a large number of servers and packages, the application compliance phase uses significant resources on the core and model repository and takes longer to complete. |
RHEL | Monitor the Oracle tablespaces and lower the number of packages in policies attached to your servers as low as possible if you encounter performance or disk space problems. |
| QCCR1D186135 | Data Integrity Checker will show "FAILED" status "Missing In-Use Packages" check if any of the Ubuntu debian packages are not uploaded to the Software Repository. | Ubuntu | This does not represent a problem. The packages can be uploaded to the software repository and the integrity checker will show "OK" after successful upload of the packages. The packages can be imported from vendor for file via the UI or by running the server script "Import Ubuntu packages" |
| QCCR1D | Symptom/Description | Platform | Workaround |
| Reports | |||
| QCCR1D181684 | Cannot enter any values in text fields until you toggle with "Equal" option in reports. | Independent | None. |
| Server Automation Visualizer (SAV) | |||
| QCCR1D186041 | If the server selection includes a SunOS 5.11 hypervisor with global zones (or the selection includes the global zones and the user chooses to scan virtualization), the SAV scan will fail with the SAXParseException, and the SAV window will open but not show any of the devices selected for the scan. |
Solaris | None. |
| Scripts | |||
| QCCR1D163487/ 164275 | Python script types are not supported on Unix servers. | Unix | Do not run or choose Python- type scripts on Unix servers. |
| Search | |||
| QCCR1D92244 | Searching on extended ascii (that is, European) characters returns no matching results. | Independent | None. |
| Software Management | |||
| QCCR1D159841 | When performing a core upgrade, you might experience conflicts originating from the UNITS and REALM_UNITS tables. | Independent | In order to continue with the upgrade process, either shut down the satellites during the upgrade or to solve the conflicts with the force resolver script. During a mesh upgrade, all operations on units are done through the master spin. |
| QCCR1D178465/ 180611, 185123 | The SA client does not prevent attaching a policy of one customer to a device of another customer. This issue has no security impact since the units that have no matching customer are filtered out at runtime. |
Linux | None. |
| QCCR1D179479/ 179480 | The tokens used by recurring application configuration compliance jobs has a limited lifetime of one year. This causes the recurring jobs to stop working after one year. | Independent | Recreate the job. |
| Storage Host Agent Extension | |||
| QCCR1D93690 | The Server -> Relationships -> SAN
Switches panel on a virtual server is empty/only displays SAN switches to which the given server is directly connected. In some cases, a server may depend on SAN switches that are not displayed in this panel. For example, a virtual server may be using storage allocated from a hypervisor that was allocated storage from a SAN. |
Independent | None. |
| QCCR1D105953 | An EMC Symmetrix array that is discovered through SE Connector can report more than one storage volume with the same LUN number presented to a managed server. Running the storage snapshot specification on the managed server will succeed; however, the Inventory -> Storage -> File Systems and Inventory -> Storage -> Managed Software panels will be empty. In addition, some host volumes with a LUN service type will not be displayed in the Storage -> Inventory -> Volumes panel. | Independent | None. |
| QCCR1D142746 | Storage Visibility Automation does not support ESX Servers on the Storage Host Agent. | Independent | None. |
| Virtualization | |||
| QCCR1D141907 | Invalid CPU configuration can occur if you configure the number of cores per socket using the native vSphere client, and modify the number of virtual processors with a Modify VM job in SA. You see the following error message: “Number of cores per socket cannot be greater than number of virtual CPUs”
|
VMware | If the number of cores per socket for a VM is greater than 1, and you want to modify the CPUs:
From SA, set the number of Virtual Processors as a strong multiple of the number of cores per socket. Or, use the native vSphere client to modify the CPUs. |
| QCCR1D157368/ 160408 | Search with IP Address or Hostnames on Add Virtual Server screen does not list HP-UX machines. This issue is noticed for machines with vpar and hpvm software installed. | HP-UX | Servers can still be added when "All" is selected on the Add Virtual Server screen. |
| QCCR1D158199 | Virtual distributed switches cannot be discovered using the VMware virtualization service. As a result, a virtual machine's NIC connections to virtual distributed switches will not be visible in the SA Client or in backend objects. | VMware | None. |
| QCCR1D160891 | If a Create VM, Clone VM, or Deploy VM from VM Template job fails running the OSBP, and the VM ends up in Build Server Failed state, the VM cannot be deleted from SA Client. | Independent | Delete the VM from the native vendor tool and reload in SA. |
| QCCR1D183608 | Floating IP for OpenStack servers is not displayed in the usual places: the list of IP interfaces for the server, and the server's Network view. | OpenStack | None.
Do not change the IP from its “Default” value to the value of the internal OpenStack IP. |
| Work Load Manager (WLM) | |||
| QCCR1D163928 | For recurring non-blocked WLM jobs, once the child job is run, SA determines if the parent job should expire by comparing the end date with the next fire date. The status of the parent job is updated to EXPIRED if the next fire date is beyond the end date. For recurring blocked WLM jobs, however, when the child job completes its run, SA does not determine the expiration of the parent job. If the approval notification for a BLOCKED job is not setup at all or setup incorrectly, the child job will remain in the BLOCKED state and no computation will be made to determine the status of the parent job. |
Independent | None. |
| QCCR1D166350 | Jobs remain with a status of Active, even though their associated tasks show a status of Success (applicable only to Workload Manager framework-based jobs, such as V12n or iLO). | Independent | This issue occurs only in multi-core mesh installations where the SA Jobs are being approved using Operations Orchestration on all the cores of the mesh. To work around this issue, setup OO workflow only on the primary core of the mesh. |
| QCCR1D | Symptom/Description | Platform | Workaround |
|---|---|---|---|
| Compatibility Matrix | |||
| QCCR1D184778 | The Linux IA64 platform does not provide cores/sockets information thus we can't display CPU information for this platform. | Linux | |
| QCCR1D184782 | The HP-UX PA-RISC platform does not provide cores/sockets information thus we can't display CPU information for this platform. | HP-UX | |
| Model Repository | |||
| QCCR1D172371 / 172528 | During secondary core creation on Oracle 11.2.0.3 RACed environment, the following error is displayed: ORA-01031: insufficient privileges: grant execute on dbms_utility to data_owner. |
Independent | Apply Oracle PSU 11.2.0.3.7 and re-run the HPSA installer. |
| Software Management | |||
| QCCR1D171076 | Packages that are recommended by other packages that are going to be installed will not be removed when detaching a software policy. | Ubuntu | |
| QCCR1D171553 | Downgrading DEB packages leaves package conflicts. | Ubuntu | |
| ISM Tool | |||
| QCCR1D184338 | When uninstalling an ismtool-created policy, the application's pre/post-uninstall scripts that call the control scripts can't run because the control package was removed before the application. This is a known issue for rpm, which doesn't respect the dependency order at uninstall time. It was fixed with rpm version 4.4.6. | Independent | As a workaround, you can upgrade the rpm tool to a newer version (at least 4.4.6) or, if you want to do it manually, try to reverse the order of packages. |
The table lists issues first by subsystem, then numerically within each subsystem.
| QCCR1D | Symptom/Description | Platform | |
|---|---|---|---|
| AAA | |||
| QCCR1D167959/ 168244 | /opt/opsware/twist/ldap_config.sh does not support multiple base DN searches. | Linux | |
| QCCR1D168463/ 168468 | WRITE_PERSISTENCE_ERROR messages in the twist logs. | Linux | |
| QCCR1D171593/ 171873 | OperationRegistry HashMaps are not thread safe, and can lead to defunct twist. | Independent | |
| Agent | |||
| QCCR1D171798/ 175411 | SA driver cannot communicate with SCVMM, agent opens cmd console and not Powershell console. | Independent | |
| QCCR1D174136/ 175137 | SA Client agent installer copies curl and portping into /tmp which, if mounted with noexec, disallows their execution. | Linux | |
| QCCR1D180130/ 181061 | SA Client flooding server last log. | Linux | |
| QCCR1D182546/ 182547 | Unnecessary logging of fileset.dbg on AIX server. | AIX | |
| Application Configuration | |||
| QCCR1D160790/ 161093 | Application Configuration Block Key does not load data correctly. | Linux | |
| Audit and Compliance | |||
| QCCR1D131063 | Cannot create Registry snapshots for Windows 2003 with Chinese Traditional Language. | Independent | |
| QCCR1D159358/ 171124 | ttlg/rosh handshake timeout can occur for large saved scripts over slow networks. | Independent | |
| QCCR1D165724/ 165613 | java.lang.ClassCastException: com.opsware.rmi.wrapper.gen_server.comopswarerfsRemoteFileSystemTie_Stub cannot be cast to com.opsware.rmi.wrapper.gen_intf.IcomopswarerfsRemoteFileSystem. | Independent | |
| QCCR1D166532/ 166535 | Duplicate Audit rules are filtered out when performing audits, causing missing audit compliance results in BSAE and the SA Client. | Independent | |
| QCCR1D168310/ 168326 | calculateAuditBasePath does not create '0' subdir if 'audits' directory exists but is empty. | Linux | |
| QCCR1D176351/ 176355 | Audit fails with snapshot as source on Windows 2008 R2 - Recursive directory structure option. | Linux | |
| QCCR1D179435/ 182600 | Audit result migration logic fails for non-compliant SCO policy check rules. | Independent | |
| QCCR1D179889/ 179890 | Cannot open custom script audit results. | Linux | |
| BSAE Integration | |||
| QCCR1D178130 | BSAE Java Client compliance report not showing expected data. An out of range error similar to the one below is found in server.log: 2013-11-13 08:39:23,709 ERROR [STDERR] com.opsware.cmdb.loader.exceptions.LoaderException: Error processing attribute column value. at com.opsware.cmdb.loader.LoaderSession.processLoaderTask(LoaderSession.java:1463) .... at java.lang.Thread.run(Thread.java:619) java.lang.NumberFormatException: Value out of range. Value:"192" Radix:10 at java.lang.Byte.parseByte(Byte.java:153) ... at com.opsware.cmdb.cooper.dao.AttributeColumnValue.setValue(AttributeColumnValue.java:143) at com.opsware.cmdb.cooper.dao.AttributeColumnValue.<init>(AttributeColumnValue.java:37) ... at java.lang.Thread.run(Thread.java:619) RESOLUTION: The data type holding the cluster CPU info was updated to support larger values |
Linux | |
| Build System | |||
| QCCR1D129560 | SA Agent installation fails on AIX 6.1 if System Locale is Japanese. | AIX | |
| QCCR1D150973/ 157308 | Upgrade open SSL version. | Linux | |
| Command Engine | |||
| QCCR1D182277/ 182279 | If a long-running proxied command drops from the source waybot, it could lead to incorrect job results. | Independent | |
| Compliance Dashboard | |||
| QCCR1D164840/ 168599 | No Rules Associated with Policy. | Linux | |
| Custom Extension | |||
| QCCR1D181151/ 181324 | Change password custom extension fails due to log exceeding 4000 characters limit rather than reporting actual cause. | Linux | |
| Data Access Engine | |||
| QCCR1D166753/ 171126 | The object 'HPUXProductUnit' has no field named 'remove_flags. | Independent | |
| QCCR1D169827/ 169862 | Repo.restrict throws ORA-01795 when using a parent folder with more than 1000 sub-folders. | Linux | |
| QCCR1D175131/ 175133 | Software Registration errors on Windows server with DBNotNullConstraintError. | Windows | |
| QCCR1D180103/ 180104 | Get error when using remove method to delete server that has an ILO. | Independent | |
| DCML Export Tool | |||
| QCCR1D168103/ 168807 | CBT import from Air Gapped Development Core to Production Core failing. | Linux | |
| QCCR1D | Symptom/Description | Platform | |
| Gateway | |||
| QCCR1D165971/ 170081 | Redhat 5.9, 6.3, 6.4 kernel issue: SA Client fails with the following error: org.omg.CORBA.COMM_FAILURE. | Redhat | |
| QCCR1D166041/ 166044 | opswgw tunnel disruption can lead to stuck proxied TCP flows - allow this setting to be customer configurable. | Linux | |
| QCCR1D170836/ 170840 | Gateway crashes with a segmentation fault. | Linux | |
| QCCR1D172459/ 172559 | Add a configurable parameter to set the internal PAC thread timeout value. | Linux | |
| QCCR1D182548/ 182549 | Zero link LSA from a restricted remote gw peer will segfault local gw peer. | Independent | |
| Global File System (Spoke) | |||
| QCCR1D171803/ 171861 | Remote terminal to Linux server fails to create a home folder on first time log on. | Linux | |
| QCCR1D176048/ 176050 | Data Conversion Exception error observed when auditing one of many Windows Servers: Caused by: com.opsware.cfl.util.DataConversionException: Invalid JSON from server module. at com.opsware.cfl.util.JSONToCFL.next(JSONToCFL.java:160) ... Caused by: org.apache.noggit.NoggitException: invalid hex digit: char=\,position=1844 at org.apache.noggit.JSONParser.err(JSONParser.java:226) ... The audit is snapshot-based and contains some Windows Registry and Local Security Settings rules. |
Linux | |
| QCCR1D182344/ 182345 | SA device creation logic can leave the os_version column null, leading to an EIO error in the OGFS. | Independent | |
| QCCR1D182454/ 182457 | ttlg core dumps in fatal() function. | Independent | |
| Installer | |||
| QCCR1D176904/ 176904 | Upgrade of the secondary 10.00 core to 10.10 cannot be completed due to the following error: [>>>>Upgrading component Software Repository - Content (install once per mesh). ......WARNING: an error was detected while running an external command or script. The output follows: Verifying OCC available: FAILURE (Certificate file /var/opt/opsware/crypto/word_uploads/wordbot.srv does not exist) |
Linux | |
| Jobs | |||
| QCCR1D165832/ 168765 | OGFS Script Failure: Missing fields ([token]) + Error from remote (1691) | Linux | |
| QCCR1D170782/ 170784 | Remediation jobs completed but are missing details, some targets were not acted upon. | Linux | |
| SA Library | |||
| QCCR1D129781/ 170793 | SA Client performs sluggishly. | Independent | |
| SA Client | |||
| QCCR1D168719/ 168720 | PackagePropertiesPanel validation is too aggressive and inefficient when editing package scripts. | Independent | |
| Software Management | |||
| QCCR1D165594/172126 | Software Provisioning custom attributes are not documented.
Resolution: Information about the SA RPM Repository was added to the UG: Software Management. |
Independent | |
| OGFS/OGSH (Hub) | |||
| QCCR1D167608/ 168532 | Failures running OGSH commands in SA from OO. | Linux | |
| OS Provisioning | |||
| QCCR1D165440/ 168329 | Cannot install any G7 or Gen8 Servers that have AMD CPU's. Resolution: A new custom attribute was introduced, pxe_boot_arguments, that can be set on the server records to configure the kernel arguments for the Linux Build Plan service OSs. This allows passing customized arguments, such as 'noacpi'. Can be done with Managed Boot Clients. |
Linux | |
| QCCR1D175867/ 176097 | method getNodeListByName does not exist in UnattendParser class. | Independent | |
| QCCR1D176374/ 176381 | linux/buildserver.py::getBootPartition fails to identify the disk node for "/dev/cciss/c<x>d<y>p<z>" partition nodes. | Independent | |
| QCCR1D176701/ 176702 | SA 10 OSBP content breaks old SA 9.1x build plans after upgrade or CBT import. | Linux | |
| QCCR1D177263 | When executing a Windows OSBP, it can sometimes take up to 2.5 hours for the build plan to complete because it gets stuck in the "Reboot WinPE(OGFS Script)" step. | Independent | |
| QCCR1D184063/ 184168 | MBC automatic provision rule configuration can cause ORA-00060 deadlock when executed concurrently. | Independent | |
| QCCR1D | Symptom/Description | Platform | |
| Patch Management | |||
| QCCR1D166319/ 170006 | Importing a depot file without machine_type set in the catalog/INDEX file results in an "Invalid depot file" error. | Linux | |
| QCCR1D174155/ 174159 | AIX dependency solver lets through unsatisfied dependencies. | AIX | |
| QCCR1D174991/ 176754 | SA Client: large delay for remediate dialog to appear after large number of servers are selected. | Windows | |
| QCCR1D175648/ 175650 | Error "Software Remediation Job Argument is set to the illegal value 'null'" when scheduling remediation. | Linux | |
| QCCR1D176141/ 176143 | Patch compliance exports in the SA Client take a long time. | Windows | |
| QCCR1D177309/ 177311 | Windows Patch compliance scans failing due to timeout issues. | Linux | |
| QCCR1D179631/ 179633 | AIX System slows down and stops during patching because of circular dependencies of few packages. | Linux | |
| QCCR1D181231/ 182797 | Remediate sometime fails following the install of patches that require double reboot, like KB2862330. | Linux | |
| QCCR1D183881 | Cannot import Solaris patches from Oracle. An error similar to the one below appears when attempting to run solpatch_import tool. Encountered error when downloading file at URL 'https://getupdates.oracle.com/all_unsigned/118367-04.zip': (47) Maximum (10) redirects followed (error code 47) |
Independent | |
| QCCR1D183949/ 184547 | Performance problem occurs when you first export Patch Info to a CSV file. | Windows | |
| Scripts Backend | |||
| QCCR1D174984/ 176746 | Allow SA 9.0x agents (older than 50.0.0.0 ) to run BAT and VBS scripts on Windows server managed by SA core. | Independent | |
| Server Management | |||
| QCCR1D184566/ 184590 | The various scripts of the APP_INSTALLER type units do not all follow the same timeout. | Independent | |
| Software Management | |||
| QCCR1D79147 | Executable(.sh): Install / Uninstall Parameter should not require user to enter "$EXE_FULL_NAME". | Independent | |
| QCCR1D144785/ 169908 | Impossible to install Software Policy with a ZIP file. | Independent | |
| QCCR1D164624/ 183620 | Policy items are installed out of order. | Linux | |
| QCCR1D165183/ 167473 | Remediation data structures contain too much redundant information, and does not scale well. | Independent | |
| QCCR1D165745/ 167458 | opsware.swprov.doer CA Queries should be disabled by default. | Independent | |
| QCCR1D167731/ 169071 | Require an efficient methodology to snapshot RHN channels. | RHEL | |
| QCCR1D168231/ 168526 | Regression occurs with OPSWpackage_path CA in stage_blob when peer cache functionality is added. | Linux | |
| QCCR1D168451/ 168453 | Solaris Packages with response files fail to install. | Solaris | |
| QCCR1D170040/ 172290 | Method SoftwarePolicyService.startRemediateNow fails to install correctly. | Linux | |
| QCCR1D177166/ 183628 | Preview mode can fail after 5 minutes timeout with the following message: Non-zero exit code (None) from dependency solver | Linux | |
| QCCR1D177995/ 179374 | Unzip returned status 256. Some files might not be present. | Linux | |
| QCCR1D180436/ 180439 | Doer sub session of RPM remediation job stops in rebuild_to_list. | Independent | |
| QCCR1D | Symptom/Description | Platform | |
| Software Repository (Word) | |||
| QCCR1D100672 | "wordcache" is not load balanced and displays a "Service unavailable" error. | Independent | |
| Web Services Data Access Engine | |||
| QCCR1D165592/ 165593 | Inherited custom attribute access does not scale well. | Independent | |
| QCCR1D167739/ 167740 | getServerVO permissions not escalated during audit execution. | Independent | |
| QCCR1D176828/ 176836 | Copy and Paste of OS Build Plans within HP SA Client Library does not copy custom attributes. | Independent | |
| QCCR1D179528/ 179529 | ComplianceScanHelper.01 SQL query is inefficient for large device groups. | Independent | |
This section discusses documentation information for this release.
This section describes new documents or major changes to documents.
This guide has undergone a reorganization of format and content. The new guide is centered around Build Plans and offers a much simplified view over the provisioning feature. It also includes step-by-step descriptions of common use cases that you can follow to get acquainted with what provisioning in SA has to offer.
All the latest Server Automation documentation for this release is available from the *new* SA 10.x Documentation Library:
http://support.openview.hp.com/selfsolve/document/KM00417675/binary/SA_10_docLibrary.html
Use the SA Documentation Library to access any of the guides, release notes, support matrices, and whitepapers relevant to this release or to download the full documentation set as a bundle. The SA Documentation Library is updated in each release and whenever the release notes are updated or a new whitepaper is introduced.
A direct link to the SA Documentation Library is also provided on the SA Client Help Welcome Page. From the SA Client menu, select Help > Help Contents, Index and Search.
This section includes a list of technical information resources for each product.
To access the information resources for the included products, use any of the following methods:
Note: Some of guides and white papers, although released in earlier patches, are still relevant to this release. You will also receive updated or new editions if you subscribe to the appropriate product support service. Contact your HP sales representative for details. Note the Document Release Date on the title page of your guide and see the Documentation Change Notes on page 3 of most documents for a list of any revisions. The release-notes change table is at the bottom of this document.
This web site provides contact information and details about the products, services, and support that HP Software offers. For more information, visit the HP Support web site at: HP Software Support Online.
HP Software support provides customer self-solve capabilities. It provides a fast and efficient way to access interactive technical support tools needed to manage your business.
As a valued support customer, you can benefit by being able to:
To access the Self-Solve knowledge base, visit the Self-Solve
knowledge search home page.
Note: Most of the support areas require that you register as
an HP Passport user and sign in. Many also require an active support contract.
To find more information about support access levels, go to: Access levels.
To register for an HP Passport ID, go to: HP
Passport Registration.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
© Copyright 2000-2014 Hewlett-Packard Development Company, L.P.
Adobe® is a trademark of Adobe Systems Incorporated.
Intel® and Itanium®
are trademarks of Intel Corporation in the U.S. and other
countries.
Microsoft®, Windows®‚ Windows® XP are U.S. registered trademarks
of Microsoft Corporation.
Oracle and Java are registered trademarks of Oracle
and/or its affiliates.
UNIX® is a registered trademark of The Open
Group.
| New Publication Date | Change |
To check for recent updates or to verify that you are using the most recent
edition of a document, go to:
http://support.openview.hp.com/selfsolve/manuals
This site requires that you register for an HP Passport and sign in or click the New users - please register link on the HP Passport login page. You will also receive updated or new editions if you subscribe to the appropriate product support service. Contact your HP sales representative for details.