Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Server Automation10.60

Install > Advanced SA installation information > Satellite installation > Satellite installation

Satellite installation

This section describes how to install a Satellite on a simple-topology system–a Satellite with a single core.

This topology has the following characteristics:

The Satellite contains a single Software Repository Cache.
The Satellite communicates with a single Management Gateway on a core server. No other gateways communicate with the Satellite. In other words, the Satellite is not part of a cascading Satellite installation in which one Satellite communicates with the core’s Management Gateway while the cascaded Satellites communicate with the core using that Satellite’s Gateway as an intermediary.

Required information

Depending on the interview level you choose (simple, advanced), you will be prompted to supply the following information during the installation process as shown in the following table.

**Satellite installation required information checklist**
Parameter	Requirement	Description
`truth.oaPwd`	opsware_admin user access	The opsware_admin password.
cast.admin.pwd	SA Administrator’s access	The SA Administrator’s password
satellite.dcNm	The Satellite Facility identification	The name of the new Satellite’s facility.
satellite.realm_name	Realm name	The name of the new Realm to be serviced by the Satellite. SA uses the Realm name and the IP address of a managed server to uniquely identify a managed server. The Gateway Installer assigns the Realm name to the new Satellite facility. The Core and Satellite facility names must be different. The Realm name cannot contain spaces.
satellite.gateway_name	The name for a new or existing Satellite Gateway (name cannot contain spaces)	The name of the Gateway the Satellite will use for communicating with the Primary Core management Gateway or other Satellite Gateways (in a cascaded-Satellite topology).
satellite.proxy_port	The port used by Agents to contact the new Satellite.	The port number on which agents can contact the Satellite Gateway (Default: 3001).
satellite.parentgw.ip	A Core Management Gateway IP address	The IP address of a server running a Management Gateway.
satellite.parentgw. tunnel_listener_port	The Management Gateway’s listener port	The port number through which tunnel connections to the Management Gateway will pass (Default port is 2001). The Management Gateway listens on this port for connection requests from the Satellite. In the Management Gateway Properties File, this port is specified with the `opswgw.TunnelDst` parameter. The path to the Core’s Gateway Properties file is: `/etc/opt/opsware/opswgw-mgw0-<facility>/opswgw.properties`
satellite.parentgw. proxy_port	The port on which a Core's Management Gateway listens for connection requests.	The port number on which a Core's Management Gateway listens for connection requests from Satellite Gateways to SA Core Components (default 3003) or the port on which a Satellite Gateway listens for connection requests from other Satellite Gateways to SA Core Components (cascading Satellite links) (default 3001).
decrypt_passwd	Accessing Core cryptographic material	The password required to access the Core’s cryptographic material.
word_root	Package Repository location (SA Provisioning)	The root directory for the Package Repository. For example: `/var/opt/opsware/word`
word_tmp_dir	Software Repository	Directory where Package Repository will temporarily place content during uploads. For example: `/var/opt/opsware/word`
word.store.host	Software Repository	The host name of the server where Software Repository content is stored.
media_server. linux_media	Linux media location (SA Provisioning)	The pathname to the Linux media. For example: /media/opsware/linux
media_server. sunos_media	Solaris media location (SA Provisioning)	The pathname to the Solaris media. For example: /media/opsware/sunos
media_server. windows_media	Windows media location (SA Provisioning)	The pathname to the Windows media. For example: /media/opsware/windows
media_server.windows_ share_name	Windows Media location (SA Provisioning)	The share name to use for the Windows media sharing server Share names that are longer than 8 characters may give errors while browsing or may not be accessible to some older clients.
media_server.windows_ share_password	Windows Media location (SA Provisioning)	The password to write-protect the Windows media share. Import_media tool will prompt for this password each time it is run.
bootagent.host	SA Provisioning Boot Server	The SA Provisioning Boot Server IP or hostname.
agent_gw_list_args	Agent- Gateway communications	The list of Gateways on which the Satellite's agent will be installed. Specified by the IP address and port number (`ip:port`) on which Agents can contact the Gateway in the Satellite facility. Default <satellite_gateway>:3001.
`opswgw.ConfigPort`	Bandwidth configuration	The gateway Bandwidth Configuration Management port.
`opswgw.BwUsageChannel Port`	Bandwidth configuration	The gateway bandwidth usage channel port.
`agw_admin_port`	Bandwidth configuration	The port for the administrative interface of the Agent Gateway.

You may want to name the Realm according to the physical location of the Satellite’s data center, for example, the building, corporate site, or city. The SA Client lists the facility names of the core and its Satellites.

Satellite installation phases

This section provides a summary of the Satellite installation process. You can use the right-hand column to indicate that a phase is completed:

**Satellite installation phases**
Phase	Description	Complete
1	Prepare for Installation
2	Complete the Installer Interview
3	Install the Satellite
4	Install the SA Provisioning Components (optional)
5	Post-Satellite Installation Tasks

Phase 1: Preparing for installation

Locate the SA Satellite installation media:
- sat_base (HPE Server Automation Satellite Base) - The media used to install the SA Satellite components. This does not include the OS Provisioning components and is therefore smaller and can be helpful when you are transferring the media over the network.
- sat_osprov (HPE Server Automation Satellite Base including OS Provisioning) - The media used to install the SA Satellite and the Satellite’s OS Provisioning components. You can use this media for installing any Satellite.
On the server where you will install the new Satellite, mount the installation media or NFS-mount the directory that contains a copy of the media.

Requirements: The Installer must have read/write root access to the directories where it will install the SA Core Components, including NFS-mounted network appliances.
In a terminal window, log in as a user with root privileges.
Set up the environment for creating the CA certificates:

if working in self-signed certificate mode

Create the Realm directory: mkdir –p /var/opt/opsware/crypto/cadb/realm
Make sure you have copied the database of the cryptographic material (opsware-crypto.db.e) from any Core server in the facility to the Satellite server, as described in Satellite installation requirements.
On the Core server, the database and the GZipped prep_satellite.tar.gz file are located under var/opt/opsware/crypto/cadb/realm/

Important The database of cryptographic material must be copied on the Satellite server to the same directory path as on the core server. The directory and database must be readable by the root user.

If you start installing a Satellite on a server that does not have a copy of the cryptographic material, the installer requires you to copy the material to the server before it can continue.

In a Single-Core installation, the cryptographic material is located in the /var/opt/opsware/crypto/cadb/realm directory on the Primary Core. In a Multimaster Mesh installation, the cryptographic material can be copied from the /var/opt/opsware/crypto/cadb/realm directory on any server that hosts a core component. If you have stored the cryptographic material on a remote, non-SA Core server, copy the file from the remote server’s /var/opt/opsware/crypto/cadb/realm directory.
Create the following directory on the Satellite host:
mkdir –p /etc/opt/opsware/crypto
From the core to which the satellite will connect, copy the /etc/opt/opsware/crypto/security.conf file to the same directory on the Satellite host.
Create the CDF directory: mkdir –p /var/opt/opsware/install_opsware/cdf/cdf
From the Core’s Infrastructure Component bundle host, copy the /var/opt/opsware/install_opsware/cdf/cdf.xml file to the same directory on the Satellite host.

if working in third-party certificate mode

On the Core’s Infrastructure Component bundle host, run the following script. Make sure to specify the full path to the script.
<distro>/disk001/opsware_installer/tools/prep_satellite.sh --decrypt_pass <crypto_password> --loc <location>

**Satellite preparation script arguments**
Argument	Description
--decrypt_pass	Specifies the password for accessing the core cryptographic material. You can find this install parameter in the `/var/opt/opsware/install_opsware/cdf/cdf.xml` file of the SA Core.
--loc	Specifies where to place the prep_satellite.tar.gz file which contains the necessary files for Satellite installation.

From the core’s Infrastructure Component bundle host, copy the previously created *.tar file to a temporary directory on the Satellite host.

On the server where you will install the new Satellite, run the following script. Make sure to specify the full path to the script.
<distro>/disk001/opsware_installer/tools/preinstall_satellite_3rd_party.sh --tar <tar_file>

**Satellite preinstallation script arguments**
Argument	Description
`--tar`	The prep_satellite.tar.gz file created with the prep_satellite.sh script.

In third-party certificate mode, make sure that all the SA Core and Satellite hosts define the hostnames of all Core or Satellite hosts at the beginning of their /etc/hosts file. Otherwise, the SA installation will fail.
Listing these hostnames in the /etc/hosts file enables SA to generate correct certificate signing requests (CSRs) for the SA hosts.

Example: to install an SA mesh with the following topology,

16.77.42.65  (oracle_sas, truth_mm_overlay)
16.77.41.24  (infrastructure, word_uploads)
16.77.43.252  (slice, osprov)
16.77.45.21 (satellite)

add the following lines at the beginning of the /etc/hosts file for 16.77.42.65, 16.77.41.24 and 16.77.43.252:
16.77.42.65 hostname1.example.com hostname1

16.77.41.24 hostname2.example.com hostname2
16.77.43.252 hostname3.example.com hostname3

The 16.77.45.21 (satellite) server does not need to be listed here because this server is part of the mesh and not part of the Core.

Change to the root directory: cd /

Phase 2: Completing the installer interview

On the Satellite host, run the Installer script:
# <distro>/disk001/opsware_installer/hpsa_add_satellite.sh -c /var/opt/opsware/install_opsware/cdf/cdf_<timestamp>.xml
You must specify the full path to the script.

A screen similar to the following displays:

Host / Component Layout

===============================

1 ( ) Satellite

2 ( ) OS Provisioning Boot Server

3 ( ) OS Provisioning Media Server

Enter the number of the component or one of the following directives

(<c>ontinue, <p>revious, <h>elp, <q>uit):

At the components prompt, select the IDs of the components you want to install and assign each of them to a host. After all the components have been assigned to a host, press c to continue.

The SA Provisioning Boot Server and Media Server entries only appear when you have initiated the Satellite installation from the SA Satellite Base Including OS Provisioning media. You may choose not to install the OS Provisioning components.

Select the same TLS version as on the primary core and press Enter to continue.
Cryptographic Protocol Selection for the Server Automation Components [WARNING] Please make sure that all the cores and satellites from the mesh are at the same TLS level. ======================================================================== 1. TLSv1 2. TLSv1.1 3. TLSv1.2 Enter the option number or one of the following directives (<p>revious, <h>elp, <q>uit)[2]:

A screen similar to the following is displayed:

Host/Component Layout

==============

1. Satellite [192.168.220.134]

2. OS Provisioning Boot Server [192.168.220.134]

3. OS Provisioning Media Server [192.168.220.134]

Enter the option number or one of the following directives

(<c>ontinue, <p>revious, <h>elp, <q>uit): c

Press c to continue.

The interview type selection screen is displayed:
```
Interview Type
```
```
==============
```
```
1. Simple Interview
```
```
2. Advanced Interview
```
```
3. Expert Interview
```
```
Enter the option number or one of the following directives
```
```
(<p>revious, <h>elp, <q>uit):
```
Select 1 for a simple interview or 2 for an Advanced interview. The list in step 4 shows which parameters are modifiable in the Simple and Advanced interviews. The Expert interview is for the use of HPE Technical Support or Professional Services only.
Provide values for parameters presented during the interview or accept defaults.
The parameter values requested during the interview depend on the interview mode:
1. (truth.oaPwd) Please enter the password for the opsware_admin user
  - Simple and Advanced
2. (cast.admin.pwd) Enter the password for the SA admin user
  - Advanced and Expert
1. (satellite.dcNm) Enter the new Satellite Facility name
  - Simple and Advanced
2. (satellite.realm_name) Enter the new Satellite Realm name
  - Expert
3. (satellite.gateway_name) Enter the name of the Satellite Gateway
  - Expert
4. (satellite.proxy_port) Enter the port used by agents to contact the new Satellite- Advanced and Expert
5. (satellite.parentgw.ip) Enter the IP address of the First Core Management Gateway
  - Simple and Advanced
6. (satellite.parentgw.tunnel_listener_port) Enter the port number on which a Core's Management Gateway listens for connections from Satellite Gateways or the port on which a Satellite Gateway listens for connections from other Satellite Gateways (cascading satellite links)
  - Advanced and Expert
7. (satellite.parentgw.proxy_port) Enter the port on which the Management Gateway listens for Satellite connections
  - Advanced and Expert
8. (decrypt_passwd) Enter the password for the cryptographic material- Advanced
9. (word_tmp_dir) Enter directory where Package Repository will temporarily place content during uploads. [/var/opt/opsware/wordbot_tmp/]- Expert
10. (word_root) Enter the root directory for the Package Repository [/var/opt/opsware/word]- Expert
11. (media_server.linux_media) Enter the pathname of the Linux media [/media/opsware/linux]- Advanced and Expert SA Provisioning
12. (media_server.sunos_media) Enter the pathname of the Solaris media [/media/opsware/sunos]- Advanced and Expert SA Provisioning
13. (media_server.windows_media) Enter the pathname of the Windows media [/media/opsware/windows]- Advanced and Expert SA Provisioning
14. (media_server.windows_share_name) Enter the share name to use for the Windows media sharing server (Note: share names that are longer than 8 characters may give errors while browsing or may not be accessible to some older clients.) [OSMEDIA]-Expert
15. (media_server.windows_share_password) Enter a password to write-protect the Windows media share. Import_media tool will prompt for this password each time it is run- Expert
16. (bootagent.host)Enter the OS Provisioning Boot Server ip or hostname- Simple and Advanced SA Provisioning
17. (agent_gw_list_args)Enter the IP address and port number (ip:port) on which agents can contact the gateway in this facility- Expert
Supply values for the parameters. When you have completed entering all of the required information, the Installer displays this message:
All parameters have values. Do you wish to finish the interview (y/n):
If you are satisfied with your answers, press y.
If you want to review or change your answers, press n. The installer displays the prompts again, showing in brackets [ ] the values that you just entered during the interview.
After modifying your responses, press y to finish the interview.
The Installer automatically saves your values into a CDF in /var/tmp.

Phase 3: Installing the Satellite components

A screen similar to the following is displayed:
Install components =================== Satellite OS Provisioning Boot Server PS Provisioning Media Server Enter one of the following directives (<c>ontinue, <p>revious>, <h>elp, <q>uit): c
Press c to continue.
Before starting the installation, SA performs a prerequisites check. This check validate that the host on which you are installing SA meets the minimum requirements for the installation:
- the required packages are installed
- the required environment variables are set
- sufficient disk space is available, and so on.
If your host fails the prerequisites check, the installation fails with an error message that describes the problem. In this case, correct the problem and retry the installation. If you are unable to resolve the problem, contact HPE support services.
If the prerequisites check completes successfully, you may still see some messages similar to the following:

Prerequisite Checks ============== Results for <IP_address>: WARNING File system ‘/’ has 29447 MBytes available and 154050 is recommended. Enter the option number or one of the following directives: (<c>ontinue, <p>revious, <h>elp, <q>uit):
The Prerequisites check identifies WARNINGs and/or FAILUREs. FAILUREs can cause a failed or incomplete installation and must be resolved before continuing the installation. WARNINGs allow you to continue the installation, however, Core performance may be negatively affected if you continue without resolving them. If your server passes the prerequisite check, enter c and press Enter to start the installation.

In third-party certificate mode, SA installs the OCT (Opsware Cert Tool) component on the Satellite server before the Satellite installation begins. The OCT component will generate the Certificate Signing Requests (CSRs) for the certificates required for the current installation configuration. After OCT install, follow the following two additional steps before the SA installation begins:
1. Enter the location where you want the OCT component to generate the *.csr files.
  Select path where to generate CSRs
  =============================
  Specify the path on the Model Repository server where SA will generate the CSR files
  [/var/tmp/csrFiles]:
  CSRs were generated in the /var/tmp/csrFiles directory on the server that hosts the Model Repository component [192.168.136.39].
  Please have them signed by your CA. You can resume the install process after all CSRs are signed.
  Make sure you copy all certificates in the same directory on the core's Model Repository server.
  You will be prompted for the path to this directory in the next step of the install process.
  Submit these files to your CA for signing and place the issued certificates in a folder of your choice.
  After generating the cryptographic material, SA places the CSRs created for that instance in a subfolder named by date. For example: csr_2017-05-02.08:21:05 csr_2017-05-02.08:22:10. Any new CSRs are placed in the dedicated folder that you provide during the installer interview.
  When providing the third-party certificates, make sure to follow the certificate format and naming requirements described in the SA certificates format.
2. Provide the location where you have placed the custom certificates signed by your CA. The installer checks that the path is correct and that all required certificates are available.
  Enter the path to the directory containing the custom certificates. ===================================================================
  Path to the directory containing the certificates. [/var/tmp/certificateFiles]:
  SA now generates a new cryptographic material containing your signed certificates. The cryptographic material is then copied it on all hosts in the mesh.

Phase 4: Post-Satellite installation tasks

After you install the Satellite, perform the tasks listed in the following sections. For more information, see the "Satellite Administration" section in the SA 10.60 Administer section.

Facility permission settings

This is an important step because until you set the facility permissions, you cannot view the new Satellite or view/modify the managed servers associated with the Satellite’s facility.

The SA Gateway Installer assigns the Realm name to the facility name of the Satellite. To access managed servers in the Satellite, an SA user must belong to a group that has the necessary permissions for the Satellite’s facility. For example, you might set the permissions for the Satellite facility to Read & Write for the Advanced Users group, enabling members of this group to modify the servers managed by the Satellite.

For further instructions, see the Setting the Facility Permissions of a User Group section in the SA 10.60 Administer section.

Checking the Satellite

To verify that the Core Management Gateway is communicating with the Satellite:

Log in to the SA Client as a member of a user group that has the Manage Gateway permission.
From the Navigation panel, click Administration > Gateway.
Verify that the upper left corner of the Manage Gateway page displays a link for the new Satellite.
If the Manage Gateway page does not display the link for the Satellite, you may need to modify the Satellite properties file located in:
/etc/opt/opsware/opswgw-sat/opswgw.properties
If you are implementing a cascaded satellite setup with wordcache enabled, then you must manually add the following entries in the properties file (opswgw.properties) of the parent satellite:
opswgw.EgressFilter=tcp:*:1003:*:<cascaded satellite realm name>
opswgw.EgressFilter=tcp:*:8061:*:<cascaded satellite realm name>
If you modify the properties file, you must restart the Satellite:
/etc/init.d/opsware-sas restart opswgw
Log in to the SA Client as a member of a user group that has Read (or Read & Write) permission for the Satellite facility.
From the Navigation panel, click Servers > Manage Servers.
Verify that the Manage Server page displays the host name of the Satellite server.

DHCP configuration for SA Provisioning

After you install the SA Provisioning Boot Server component, you must set up a DHCP server. For more information, see DHCP configuration for SA Provisioning.

Optional: Installing the OS Provisioning component for an already installed satellite

The SA Provisioning Boot Server and Media Server are required only if you want to use the SA Provisioning feature in the Satellite. The SA Provisioning Boot Server and Media Server can reside on a different server than the Satellite.

The OS Provisioning components are considered optional and can be installed at a later time.

Send Help Center feedback