Install SA Core with a local SA-supplied database

This section describes installing all SA components and the SA-supplied Oracle database on the same server. This is the simplest and easiest installation method. You can use the right-hand column to indicate that a phase is completed:

Core installation phases

Phase	Complete
Phase 1: Preparing to install the SA Core
Phase 2: Run the SA installer
Phase 3: Specify the Core components Host/Select installation type
Phase 4: Select the interview type and provide SA parameter values
Phase 5: Installing the SA components

Phase 1: Preparing to install the SA Core

1. You will need the SA Product Software media, the Agent and Utilities media and the Oracle_SA installation media.
2. The server on which the SA components and the Oracle database are to be installed must be running a supported Red Hat Enterprise Linux or SUSE Enterprise Server Linux operating system. See the SA Support and Compatibility Matrix.
3. On the server where you will install SA, mount the following media: Product Software (primary), the Agent and Utilities media (upload) and the Oracle_SA (oracle_sas), or NFS-mount a directory that contains a copy of the media contents.
   1. Open a terminal window and log in as a user with root permissions.
   2. Change to the root directory: cd /

Phase 2: Run the SA installer

On the server on which you plan to install SA and the Oracle database, run the install script:

/<distro>/opsware_installer/hpsa_install.sh

where <distro> is the full path to the Product Software (primary) media.

You see messages displayed on screen as the SA Installer loads the required files.

Logs for the installation are automatically stored. See Installer logs.

Phase 3: Specify the Core components Host/Select installation type

1. The following menu displays:

   Specify Hosts to Install
========================

   Currently specified hosts:

   192.168.136.36 (this is the IP address of the host on which the installer is invoked)

   Please select one of the following options:

   1. Add/edit host(s)
2. Delete host(s)

   Enter the option number or one of the following directives:
(<c>ontinue, <p>revious, <h>elp, <q>uit)

   Note Since this example installation uses the host the installer is invoked on for all Core Components, type c and press Enter to continue. You can invoke the installation from a remote machine by selecting 2 to delete the localhost IP address followed by 1 to add the remote host IP address.

2. After the host preparation completes, the following menu displays:

   Install Type
============

   1. Typical Primary Core
2. Custom Primary Core
3. Typical Secondary Core
4. Custom Secondary Core

   Enter the option number or one of the following directives:
(<p>revious, <h>elp, <q>uit)

   Enter 1 (Typical Primary Core) and Enter to continue.

3. The following menu appears:

   Oracle Installation
===================

   1. Install Oracle with SA
2. Use Existing Oracle Database

   Enter the option number or one of the following directives:
(<p>revious, <h>elp, <q>uit)

   Enter 1 (Install Oracle with SA) and press Enter to continue.

4. Select the TLS version.
   Cryptographic Protocol Selection for the Server Automation Components
[WARNING] Please make sure that all the cores and satellites from the mesh are at the same TLS level. ========================================================================
1. TLSv1
2. TLSv1.1
3. TLSv1.2

Enter the option number or one of the following directives
(<p>revious, <h>elp, <q>uit)[2]:
   Select 2 (TLSv1.1) and press Enter to continue.

5. Select a certificate mode to use in SA and press Enter to continue.

   Select which certificate mode SA will run in.

   =============================================

   1. self-signed

   2. 3rd party

   Enter the option number or one of the following directives

   (<p>revious, <h>elp, <q>uit)[1]:
   
   

   In third-party certificate mode, make sure that all the SA Core and Satellite hosts define the hostnames of all Core or Satellite hosts at the beginning of their /etc/hosts file. Otherwise, the SA installation will fail.
   Listing these hostnames in the /etc/hosts file enables SA to generate correct certificate signing requests (CSRs) for the SA hosts.
   
   Example: to install an SA mesh with the following topology,
   16.77.42.65 (oracle_sas, truth_mm_overlay)
16.77.41.24 (infrastructure, word_uploads)
16.77.43.252 (slice, osprov)
16.77.45.21 (satellite)
   add the following lines at the beginning of the /etc/hosts file for 16.77.42.65, 16.77.41.24 and 16.77.43.252:
   16.77.42.65 hostname1.example.com hostname1
16.77.41.24 hostname2.example.com hostname2
16.77.43.252 hostname3.example.com hostname3
   The 16.77.45.21 (satellite) server does not need to be listed here because this server is part of the mesh and not part of the Core.

Phase 4: Select the interview type and provide SA parameter values

1. The following menu appears:

   Interview Type
==============

   1. Simple Interview
2. Advanced Interview
3. Expert Interview

   Enter the option number or one of the following directives:
(<p>revious, <h>elp, <q>uit)

   Enter 1 (Simple Interview) and Enter to continue.

2. You are prompted to supply values for the following SA parameters:
   • truth.oaPwd: an SA administrator password (the default username is admin). The password you specify here will be used as the default password for all SA features that require a password until you explicitly change the defaults.

   • fips.mode: This parameter specifies whether to enable FIPS mode for this SA installation.

   • crypto.hash_algorithm: The hashing algorithm [SHA1, SHA224, SHA256, SHA384, or SHA512] for SA cryptographic module
   • crypto.key_length: the key length [2048 or 4096] used for hashing algorithm of SA cryptographic module.

   • crypto.legacyCertificateValidity: the validity period of the temporary self-signed SA Agent certificate. This parameter is displayed only if you have chosen the third-party certification mode and you will use your own CA to sign the certificates. For more information, see Cryptographic material options.

   • bootagent.host: the host on which to install the OS Provisioning Boot Server component.

   • decrypt_passwd: A password for the SA cryptographic material. This prompt is displayed only if you are using your own crypto file and not allowing SA to automatically generate the crypto file.

   • truth.dcNm: A name for your SA facility.

   • windows_util_loc: The location for the Microsoft Patching utilities.
   • word.store.host: The IP address of the NFS server for the Software Repository
   • word.store.path: The absolute path on the NFS server for Software Repository
     (/var/opt/opsware/word)

   For more information about these parameters, see the SA Core parameter reference.

   You see these prompts (the prompts display one at a time; after you provide a value and press enter. If the value is acceptable, the next prompt displays:

   Interview Parameters
====================

   Navigation Keys:
Use <Ctrl>P to go to the previous parameter.
Use <Ctrl>N to go to the next parameter.
Use >Tab> to view help on the current parameter.
Use <Ctrl>C to interrupt the interview.

   Parameter 1 of 10 (truth.oaPwd)
Please enter the password for the opsware_admin user. This is the password used to connect to the Oracle database. If you are installing Oracle with SA the opsware_admin user will be created with this password. Make sure the password complexity matches the security guidelines in your organization: []

   The password you specify here will be used as the default password for all SA features that require a password until you explicitly change the defaults.

   Parameter 2 of 10 (fips.mode)
Do you want SA to be in FIPS mode? (y/n) [n]: n

   Parameter 3 of 10: (crypto.hash_algorithm)
Please enter the hashing algorithm for SA cryptographic module. Press TAB for a list of possible values. [SHA256]:

   Parameter 4 of 10: (crypto.key_length)
Please enter the key length [2048 or 4096] used for hashing algorithm of SA cryptographic module. [2048]:

   Parameter 5 of 10 (crypto.legacyCertificateValidity)

   Please enter the number of days for which a Legacy Certificate will be valid. [1]:

   • The crypto.legacyCertificateValidity parameter is displayed only if you have chosen the third-party certification mode to use an external Certificate Authority for signing the SA certificates. For information on the SA certification modes, see Cryptographic material options.
   • Change the current default value of one day to a more relevant period of time.

   Parameter 6 of 10: (truth.dcNm)
Please enter the short name of the facility where the Opsware Installer is being run (no spaces).: []

   Parameter 7 of 10 (windows_util_loc)
Please enter the directory path containing the Microsoft patching utilities. Press Ctrl-I for a list of required files or enter “none” if you do not wish to upload the utilities at this time (none).: []

   These utilities are required if you plan to use SA to install Windows operating system patches/hotfixes and/or to manage Windows-based servers with SA. If you do not intend to use SA for these tasks, you can bypass the upload of these files by entering “none”. However, if in the future, you decide to use SA for Windows patching or to manage Windows servers, you will be required to install these files from the SA Client. For information about uploading these files from the SA Client, see Server patching.

   Parameter 8 of 10 (word.store.host)
Please enter the IP address of the NFS server for the Software Repository. For satellite installs, please enter the IP address of the Software Repository Cache. [192.168.136.39]:

   Parameter 9 of 10 (word.store.path)
Please enter the absolute path on the NFS server for Software Repository
[/var/opt/opsware/word]:

   Parameter 10 of 10 (bootagent.host)

   Please enter the OS Provisioning Boot Server ip or hostname [192.168.136.39]:

   You are asked to re-enter any required passwords for confirmation.

   Uploading the Microsoft patching utilities is optional, however, if you expect to have Windows-based managed servers, you should follow the instructions for obtaining these files as described in System requirements for installation .

   When you have supplied values for all parameters, the following message displays:

   All parameters have values. Do you wish to finish the interview? (y/n):

   Enter y and press Enter to continue. If you enter n, you are presented with each parameter again with the value you entered as the default. You can then change the value or accept the default. If you need to exit the installation, press Ctrl-C.

3. You can now install the database and SA Components.

Phase 5: Installing the SA components

1. The following screen appears:

   Install Components
==================

   Oracle RDBMS for SA
Model Repository, First Core
Core Infrastructure Components
Slice
OS Provisioning Components
Software Repository - Content (install once per mesh)

   Enter the option number or one of the following directives:
(<c>ontinue, <p>revious, <h>elp, <q>uit)

   Enter c and press Enter to begin the prerequisite checks.

2. The prerequisite check may display messages similar to the following:

   Prerequisite Checks
==============

   Results for <IP_address>:

          WARNING Insufficient swap space (18 GBytes).
                24 Gbytes is the recommended for Oracle.

           WARNING File system ‘/’ has 29447 MBytes available and 154050 is
                recommended.

           WARNING Nothing listening at db.host:db.port (ip_address).
                Note: Can be ignored if core install will be performed
                using hpsa_install script.

   Enter the option number or one of the following directives:
(<c>ontinue, <p>revious, <h>elp, <q>uit)

   The Prerequisite check identifies WARNINGs and/or FAILUREs. FAILUREs can cause a failed or incomplete installation and must be resolved before continuing the installation. WARNINGs allow you to continue the installation, however, core performance may be negatively affected if you continue without resolving them.

   If your server passes the prerequisite check, enter c and press Enter to begin the installation.

   You see many messages displayed as the installation progresses, unless the installation fails, these messages are purely informational. The installation can take several hours based on the performance of your server. When the installation completes, the Core Description File (CDF) is automatically saved.

3. In third-party certificate mode, SA installs the OCT (Opsware Cert Tool) component on the Model Repository server before the Core installation begins. The OCT component will generate the Certificate Signing Requests (CSRs) for the certificates required for the current installation configuration. After OCT install, follow the following two additional steps before the SA installation begins:
   

   1. Configure the /etc/opt/opsware/crypto/csr.conf file with the attributes of the Subject field and the Subject Alternative Name extension of the SA certificates.

      The csr.conf file enables you to configure your CSRs. If you choose not to configure this file, the default values will be used.

      Do not change the subject@CN entry as SA will not work with any other value for the CN attribute.

      Certificate Signing Request (CSR) configuration

      ===============================================

      Please review and edit the CSR configuration in /etc/opt/opsware/crypto/csr.conf on the server that hosts the Model Repository component [192.168.92.8]. This file defines the attributes of the Subject field and the Subject Alternative Name extension of the SA certificates.

      You can continue with the install process once this file contains the right settings for your organization. SA will use the attributes defined in this file to generate the Subject field of the CSRs that will have to be signed by your CA.

      Enter one of the following directives

      (<c>ontinue, <p>revious, <h>elp, <q>uit):

   2. Enter the location where you want the OCT component to generate the *.csr files.

      Select path where to generate CSRs

      =============================

      Specify the path on the Model Repository server where SA will generate the CSR files

      [/var/tmp/csrFiles]:

      CSRs were generated in the /var/tmp/csrFiles directory on the server that hosts the Model Repository component [192.168.136.39].

      Please have them signed by your CA. You can resume the install process after all CSRs are signed.

      Make sure you copy all certificates in the same directory on the core's Model Repository server.

      You will be prompted for the path to this directory in the next step of the install process.

      Submit these files to your CA for signing, and place the issued certificates in a folder of your choice.
      After generating the cryptographic material, SA places the CSRs created for that instance in a subfolder named by date. For example: csr_2017-05-02.08:21:05 csr_2017-05-02.08:22:10. Any new CSRs are placed in the dedicated folder that you provide during the installer interview.
      When providing the third-party certificates, make sure to follow the certificate format and naming requirements described in the SA certificates format.
      

   3. Provide the location where you have placed the custom certificates signed by your CA. The installer checks that the path is correct and that all required certificates are available.
      Enter the path to the directory containing the custom certificates.
===================================================================

      Path to the directory containing the certificates. [/var/tmp/certificateFiles]:
      SA now generates a new cryptographic material containing your signed certificates. The cryptographic material is then copied it on all hosts in the mesh.

Post-installation tasks

Complete the tasks described in SA Core post-installation tasks