Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Server Automation10.60

Install > SA Core installation > SA Core installation overview

SA Core installation overview

This section describes how to install an SA Core. This guide describes the following samples of core installations:

SA Core with a Local SA-supplied Database
SA Core with a Remote Customer-supplied Oracle Database
SA Core with a Remote Customer-supplied Database and Additional Slice Component Bundles
SA First (Primary) Core with a Secondary Core (Multimaster Mesh)

For an existing core you can also perform the following:

Installing Additional Slice Component Bundles
Installing a Satellite

If you are installing a standalone core or the First Core of a Multimaster Mesh, you must perform the tasks described in this section.

There are certain additional post-installation tasks you may need to perform after installing the core, see SA Core post-installation tasks.

If you are installing the subsequent cores of a Multimaster Mesh, you must complete the tasks described in Install SA first (primary) core with a secondary Core (multimaster mesh) to add additional cores to your mesh. If you have a requirement for more than one Secondary Core in a mesh, you must contact HPE Professional Services or a certified HPE Consultant.

A First Core has all the components required to be the primary core of a Multimaster Mesh. You simply need to add a Secondary Core configured to manage servers and communicate with the First Core. In a Multimaster Mesh installation, a First Core’s role is not much different than any other core’s role in the mesh, however, it does have additional centralized Core Components that oversee communication between the various cores as well as manage conflicts and load balancing.

Installation phases

A typical SA Core installation has the following phases:

Before Installation: Ensure that you:
- Have decided on an appropriate Core Configuration, see SA Core configuration for your facility.
- Ensure that all core host installation prerequisites have been met
- Have the information needed to complete the SA Installer interview
- Have all necessary permissions to complete the installation
- Have the SA installation media.
- Invoke the SA Installer only from the SA Product Software media or mounted copy
  For more information, see System requirements for installation .
Database Installation: The Model Repository requires that an Oracle database is installed and available before the SA Installer is run. You can:
- Install the SA-supplied Oracle database that is provided with the SA product software and installed with the SA Core.
- Use a self-installed Oracle database installation that you have configured for use with SA. This database must be installed and running before you begin the SA Core installation and reserved for use only by SA.
- Install a database using the Oracle Universal Installer before beginning the SA installation and configure it for use with SA. This database must be only used by SA.
  If you plan to use an existing non-SA-supplied Oracle database installation it must be configured for SA, see Oracle setup for the Model Repository).
SA Installation Interview: When you install an SA Core, you are required to complete the SA Interview during which you are asked to provide the values for certain SA configuration parameters. At the end of the interview, SA automatically saves the configuration information to a Core Definition file (CDF). This CDF may also be used later during Secondary Core (multimaster Mesh), and Satellite installation and during SA Core upgrades.

SA Core Component Installation: After you complete the SA Interview, the SA Installer installs the SA Core Components on your host server(s).
After Installation: You must complete the post-installation tasks. For more information, SA Core post-installation tasks.

Note If the SA Installer encounters an error, the installation stops. Correct all the errors before you retry the installation. For information about restarting an interrupted installation, see Restart an interrupted installation.

Oracle database installation options

A functioning, properly configured Oracle 12c database must be available before you begin the SA installation process. You can choose to:

See the SA Support and Compatibility Matrix for supported Oracle versions.
Use the SA-supplied Oracle 12c database and allow the SA Installer to install and pre-configure the database. If you choose to install the SA-supplied Oracle database, the SA Installer guides you through the process as described in this section.
The SA-supplied Oracle database requires that certain system and Oracle environment variables be specified for use with SA. See SA-supplied Oracle RDBMS software and database setup.
Use the Oracle Universal Installer to install a non-SA-supplied Oracle 12c database. However, you must manually configure this database for use with SA. For required Oracle configuration information, see Non-SA-supplied Oracle software and database setup. If you choose to use the Oracle Universal Installer to install Oracle, you must install the database before running the SA Installer, and have all database-related information required by the Installer Interview, such as passwords, the path to ORACLE_HOME, and so on.
Use an existing Oracle 12c installation. This database must be for the exclusive use of SA. You must manually configure this database for use with the SA Model Repository. For more information about the required configuration, see Non-SA-supplied Oracle software and database setup. You may need to contact your local Oracle DBA for assistance in integrating SA with your pre-existing Oracle database.
If you are not using a remote Oracle database, the Model Repository component must be installed on the same server as the Oracle database for both First and Secondary Cores.

TLS hardening

During the SA installation, you are allowed to select the minimal version of the TLS protocol that will be used by the core components:

TLSv1 (compatible with previous SA versions)
TLSv1.1 (default)
TLSv1.2

Important
In a multimaster mesh, you must set all your cores and satellites to the same TLS level. In case you choose to use the default option, you can harden your cores at a later time. For more information on how to do this, see the SA 10.60 Administer section.

FIPS compliance options

HPE Server Automation (SA) complies with the Federal Information Processing Standards publication 140-2, a security standard that enables government entities to procure equipment that uses validated cryptographic modules. During installation you can choose to enable FIPS by setting the fips.mode parameter to enabled.

You will be prompted during the installation to specify whether FIPS should be enabled or not.

Under normal security conditions, HPE recommends using SHA256 with a key length of 2048. Higher security requirements could require FIPS with a key length of 4096 or other hash functions from SHA-2 family. Note that use of FIPS or other hash functions from SHA-2 family can impact core performance. Contact your Security Administrator for more information.

Note In FIPS mode, sufficient entropy stemming from the character device /dev/random must be available on the core servers, to ensure proper startup and functionality of SA components.

See FIPS 140-2 compliance.

Cryptographic material options

SA 10.60 and later supports two certificate modes for installing an SA core:

self-signed certificate mode installation
third-party certificate mode installation

In self-signed certificate mode, SA uses its own Certificate Authorities (CAs) to automatically sign all the SA Core components certificates.

In third-party certificate mode, SA generates Certificate Signing Requests (CSRs) for the SA certificates. You are responsible for managing these CSRs and for providing SA with the certificates issued by your trusted CA. The SA Core installation completes only after SA can pick up the valid certificates from your specified location.

To switch from self-signed to third-party certificate mode, upgrade your SA Core and Agents, then run a Core Recertification job. This will replace all certificates signed by self-signed CAs with certificates signed by third-party CAs.

Your selected certificate mode applies to all the SA Cores and Satellites in the SA mesh. This means that you cannot target only specific cores for third-party certification and keep others under SA certification.
SA certificates are unique for each Core, Satellite and managed server. SA Core and Satellite components have unique certificates based on the server they are installed on. For example, on a Core with two slices installed on two servers, the slice certificates of the first server are different from the slice certificates of the second server.

In third-party certificate mode, make sure that all the SA Core and Satellite hosts define the hostnames of all Core or Satellite hosts at the beginning of their /etc/hosts file. Otherwise, the SA installation will fail.
Listing these hostnames in the /etc/hosts file enables SA to generate correct certificate signing requests (CSRs) for the SA hosts.

Example: to install an SA mesh with the following topology,

16.77.42.65  (oracle_sas, truth_mm_overlay)
16.77.41.24  (infrastructure, word_uploads)
16.77.43.252  (slice, osprov)
16.77.45.21 (satellite)

add the following lines at the beginning of the /etc/hosts file for 16.77.42.65, 16.77.41.24 and 16.77.43.252:
16.77.42.65 hostname1.example.com hostname1

16.77.41.24 hostname2.example.com hostname2
16.77.43.252 hostname3.example.com hostname3

The 16.77.45.21 (satellite) server does not need to be listed here because this server is part of the mesh and not part of the Core.

Starting with SA 10.60, if you want to use cryptographic material from a previous SA installation (SA 10.0 or earlier), you can no longer simply copy the existing crypto file due to enhancements to the way SA handles encryption.
You can, however, copy the crypto file from an existing SA 10.1 or later SA Core. You can do so by copying the crypto file /var/opt/opsware/crypto/cadb/realm/opsware-crypto.db.e and the /etc/opt/opsware/crypto/security.conf file to the same locations on the server that will host the SA Core or First Core (Multimaster Mesh) before beginning the installation. During installation, do not have the installer generate cryptographic material and when you are prompted, provide the password for this cryptographic material.

Mounting the SA installation media

The SA installation/upgrade media is organized into separate categories in the downloaded file structure, for example:

oracle_sas (HPE Server Automation Database)
The media used to install the Oracle database
primary (HPE Server Automation Product Software)
The media used to install the SA Core Components
upload (HPE Server Automation Agents and Utilities)
The media used to upload and install SA Core content and tools
sat_base (HPE Server Automation Satellite Base)
The media used to install the SA Satellite components, it does not include the OS Provisioning components and is therefore smaller and can be helpful when you are transferring the media over the network.
sat_osprov (HPE Server Automation Satellite Base including OS Provisioning)
The media used to install the SA Satellite and the Satellite’s OS Provisioning components.

Initial invocation of the hpsa* scripts for core install/upgrade for SA Cores must be from the primary media, Satellites from the sat_base or sat_osprov media.

The SA Installer requires that the media directory structure be maintained, for example:

<mountpoint>/<user_defined_prefix>-<media_name>/disk001/opsware_installer/hpsa*.sh

where <user_defined_prefix>-<media_name> is, for example, hpsa-primary, hpsa-sat_base, etc. HPE recommends the prefix hpsa and the media category identifiers shown above (sat_base,primary, etc.). The hyphen after hpsa is required even if you do not append a prefix.

SA is delivered as media that can be copied to a local disk or mounted as an NFS mount point. You must mount all media on a host where install script will be invoked. If media is mounted as follows the SA installer will auto mount it on local or remote core host(s) as needed.

If you use a different directory structure, the SA Installer will prompt you for the path each time it needs to access the media.

Send Help Center feedback