Integrate > SA-HPELN integration > Setting up your integration

Setting up your integration

This section describes how to configure the LNc, as well as its Services and Streams. It also describes how to verify whether content was downloaded and where the LNc log file is located.

Prerequisites

The LNc must be installed on the SA core component server. On the SA core component server (assuming that the LNc script is your $PATH), type the command live-network-connector to launch the LNc.

By default, the LNc will:

  • Connect over SSL
  • Re-attempt a failed download once
  • Download and import core updates for the specified products (if any)
  • Import content from enabled streams

    Note The first update can take a significant amount of time.

Configuring the Live Network connector

This section describes how to configure the LNc to connect to the HPE Live Network.

  1. Add the following to your PATH variable:

    • <install_directory>/lnc/bin

      For example:

      export PATH=$PATH:<install_directory>/lnc/bin

  2. Open a command prompt on the computer where the LNc is installed.

  3. To set the user name and password, enter the following command:

    live-network-connector write-config --username=<username>--password=<password>

    The --username and --password commands can also be run separately.

    Note Manual editing of any LNc configuration file is not supported and could lead to corruption or lost settings. Use the write-config command instead.

  4. To check the URL that the LNc connects to in order to download content, execute the following command: live-network-connector read-config --url

    The output should display the following URL:

    https://hpln.glb.itcs.hpe.com

  5. (Optional) If you need to use a proxy server to access the HPE Live Network, run the following command:

    live-network-connector write-config --http-proxy=<HTTP_PROXY> --http-proxy-user=<HTTP_PROXY_USER> --http-proxy-pass=<HTTP_PROXY_PASS>

    The --http-proxy, --http-proxy-user, and --http-proxy-pass commands can also be run separately.

  6. The default path to the LNc log file is:

    • <install_directory>/lnc/log/live-network-connector.log
  7. The default path to the LNc cache directory is

    • <install_directory>/lnc/cache
    • (Optional) You can change this value, but be aware that doing so can potentially cause the redownload and re-import of previously obtained content, so use with caution. To change this default value, execute the following command on the system where the LNc is installed:

      live-network-connector write-config --cache=<PATH>

  8. The default path to the LNc lock file is:

    • <install_directory>/lnc/live-network-connector.lock

  9. To configure the LNc for a specific product, specify it by using --product.

    To see a list of supported product values, including the long product name, you can run the following command: live-network-connector list-products

    This provides a listing of currently supported products, which should be used in the next configuration step.

    For example, to configure your LNc installation to support Server Automation (sas), execute the following command on the system where the LNc is installed:

    live-network-connector write-config --product=sas

    Important To enable multiple products, a single write-config command must be executed with a --product for each product. Note that subsequent write-config commands will overwrite the previous values.

    • Manual editing of any LNc configuration file is not supported and could lead to corruption or lost settings. Use the write-config command instead.
    • Depending on the products enabled, some additional settings are required. For more information, see the product documentation or the product admin.
  10. Once the product has been configured, you can see a list of available content (streams) for the selected product, run the list-streams command.

    For example: live-network-connector list-streams

    Note If no streams are returned, ensure that you have configured the system for a specific product.

  11. Perform any additional queries against those streams as desired (such as through the describe command).

    For example:

    live-network-connector write-config --stream=content.ms_patch_supp

  12. To set the values of username (sas_user) and password (sas_pass) of the SA user account used to access SA, run the following command:

    live-network-connector write-config
    --setting=sas.sas_user=<sa_username>
    --setting=sas.sas_pass=<sa_userpassword> --add
  13. To set the values of cbt_path and cbt_config_path to the path for the CBT executable and CBT configuration file, run the following command:

    live-network-connector write-config
    --setting=sas.cbt_path=<cbt_pathname>
    --setting=sas.cbt_config_path=<cbt_config_pathname> --add

Services and streams

The HPE Live Network delivers content in the form of streams and services.

  • Stream: A grouping of related content. A stream maintains multiple content objects that are related to each other in form, function, or use.
  • Service: A grouping of streams. A service is a collection of streams that are all available to a customer based on a related entitlement, where entitlement is determined using assets and valid license or maintenance contracts for a given HPE Live Network account.

In the LNc configuration file, streams are grouped in blocks of services or products.

Viewing services and streams

To view a list of available services and streams, either use the list-streams command or the describe command.

Note Having the product set (either by using write-config --product, or by specifying --product in the command line) is mandatory for the command to succeed. To see the available products, use the list-products command.

  • At a command prompt, enter the following command:

    live-network-connector list-streams

    The format of the value returned by the list-streams command is:

    product, service, stream (stream.name)

    An example of a stream returned by this command is:

    sas security vc_cisco (security.vc_cisco)

  • At a command prompt, enter the following command:

    live-network-connector describe

    The format of the value returned by the describe command is:

    product, service, stream (stream.name), enabled/disabled status,
    description and/or url of that stream, the available tags.

    An example of the output returned by this command is:

    Product       Stream                     Enabled
    ========== ============================ ===========
    hpca        security.hpca_config          0
                                            Description
    __________________________________________________________________
    Configuration definition to allow for the HPCA product to add
    new or adapt to changes in subscriptions services.
                                             Tags
    __________________________________________________________________
    hpca_config

     

Configuring the content and security streams

Each stream in a service must be enabled in the LNc configuration using the live-network-connector command followed by write-config plus the specific parameters for each stream. A stream is activated when you set its value to 1.

For example, to activate the stream, enter the following command from a shell on the server where the LNc is installed:

live-network-connector write-config --stream=security.cc_library --enable

The LNc must be installed on the server the SA software repository component is installed on. The LNc must be configured as described in Configuring_the_Live_Network_connector.

Note If you run the live-network-connector write-config command and you receive a message that the configuration parameter does not exist, append the --add option to the command. Manual editing of any LNc configuration file is not supported and could lead to corruption or lost settings. Use the write-config command instead.

Configuring the Microsoft patch supplement stream

To configure the LNc to activate the Microsoft Patch Supplement stream:

  1. On the system where the LNc is installed, run the following command to enable the Microsoft Patch Supplement stream:

    live-network-connector write-config --stream=content.ms_patch_supp --enable

  2. (Optional) To disable the Microsoft Patch Supplement stream, run the command using the -- disable command:

    live-network-connector write-config --stream=content.ms_patch_supp --disable

  3. (Optional) To enable the Microsoft Patch Supplement stream to overwrite the metadata when the content is imported into SA, set the sas.force_win_patch_import parameter.

    For example, to enable the option, run the following command:

    live-network-connector write-config --setting=
    sas.force_win_patch_import=1 --add
  4. (Optional) To disable this option, run the following command:

    live-network-connector write-config --setting=
    sas.force_win_patch_import=0 --add
  5. Enter the following command to launch the LNc:

    live-network-connector

Configuring the software discovery stream

To configure the LNc to activate the SA software discovery stream:

  1. On the system where the LNc is installed, run the following command to enable the software discovery stream:

    live-network-connector write-config
    --stream=content.software_discovery --enable
  2. (Optional) To disable the software discovery stream, run the command using the --disable option:

    live-network-connector write-config
    --stream=content.software_discovery --disable
  3. Enter the following command to launch the LNc:

    live-network-connector

Configuring the SA DMA stream

To configure the LNc to activate the sa_dma stream:

  1. On the system where the LNc is installed, run the following command to enable the sa_dma stream:

    live-network-connector write-config --stream=content.sa_dma --enable

  2. (Optional) To disable the sa_dma stream, run the command using the --disable option:

    live-network-connector write-config --stream=content.sa_dma --disable

  3. Enter the following command to launch the LNc:

    live-network-connector

Configuring the content operating system platform family streams

To configure the LNc to activate the platform streams (Linux, Unix, Windows and VMware):

  1. On the system where the LNc is installed, run the following command to enable the platform_<family_platform_type> stream:

    live-network-connector write-config --stream=content.platform_<family_platform_type> --enable

  2. (Optional) To disable the platform_<family_platform_type> stream, run the command using the --disable option:

    live-network-connector write-config --stream=content.platform_<family_platform_type> --disable

  3. Enter the following command to launch the LNc:

    live-network-connector

Configuring the Solaris patch supplement stream

As a prerequisite for downloading this content, solpatch_import.conf file from: /etc/opt/opsware/solpatch_import/ should be edited (values for sa user/password, download user/password, proxy host and fujitsu_download_user/pass should be added).

Using the solpatch_import.conf, a db should be created.

To configure the LNc to activate the solaris_patching stream:

  1. On the system where the LNc is installed, run the following command to enable the solaris_patching stream:

    live-network-connector write-config --stream=content.solaris_patching --enable

  2. (Optional) To disable the solaris_patching stream, run the command using the --disable option:

    live-network-connector write-config --stream=content.solaris_patching --disable

  3. Enter the following command to launch the LNc:

    live-network-connector

Configuring the security scanner stream

To configure the LNc to activate the security_scanner stream, perform the following steps:

  1. On the system where the LNc is installed, run the following command to enable the security_ scanner stream:

    live-network-connector write-config
    --stream=security.security_scanner --enable
  2. (Optional) To disable the security_scanner stream, run the command using the --disable option:

    live-network-connector write-config
    --stream=security.security_scanner --disable
  3. Enter the following command to launch the LNc:

    live-network-connector

Configuring SA vulnerability content streams

To configure the LNc to activate the SA vulnerability content streams, perform the following steps:

  1. Log in to the system where the LNc is installed.
  2. From the command line, set specific LNc configuration parameters to 1 in order to activate each SA vulnerability content stream you want to receive updates from.

    For example, if you have subscribed to vulnerability content for SA, run the following command:

    live-network-connector write-config --stream=security.vc_winxp
    --stream=security.vc_win2k3 --stream=security.vc_rhel3
    --stream=security.vc_hpux11 --enable
  3. (Optional) To disable a stream, execute the command using the --disable option:

    live-network-connector write-config --stream=security.vc_winxp
    --stream=security.vc_win2k3 --stream=security.vc_rhel3
    --stream=security.vc_hpux11 --disable

Configuring SA compliance content streams

The security.cc_library stream is a prerequisite stream that enables all SA compliance streams, and should be run at least once on each SA system you want to download content onto. Each time you want to import new content from the HPELN, this stream should be enabled.

To configure the LNc to activate the SA compliance content streams, perform the following steps:

  1. Log into the system where the LNc is installed.
  2. From the command line, set specific LNc configuration parameters to 1 in order to activate each SA compliance content stream you want to receive updates from.

    For example, to enable compliance content for SA Audit and Remediation, run the following command:

    live-network-connector write-config —stream=security.cc_library
    --stream=security.ec_disa_stig --enable
  3. (Optional) To disable a stream, run the command using the --disable option:

    live-network-connector write-config —stream=security.cc_library
    --stream=security.ec_disa_stig --disable