Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- Service Manager Service Portal administration tips and tasks
- Service Manager Service Portal capabilities
- Migrating ESS or SRC to Service Manager Service Portal
- Migrating Propel to Service Manager Service Portal
- Migration from Service Manager Service Portal single node to HA nodes
- Migration from one Service Manager Service Portal single node to another
- Import Service Manager catalog item entitlement to Service Portal
- Service Manager Service Portal Tips
- Service Manager Service Portal Custom Themes
- Changing Service Manager Service Portal Default User Accounts' Passwords
- Encrypt a Password - Service Manager Service Portal User Accounts
- Change the Service Manager Service Portal Master Password
- Change the JWT Signing Key
- Set Service Exchange user roles and organizations
- Perform Service Exchange basic configuration
- Verify Service Exchange configuration
- View and manage Service Exchange content packs and adapters
- Change the host name used in an existing Service Manager Service Portal installation
- Encrypt a password in Service Manager Service Portal
- Back up and restore Service Manager Service Portal PostgreSQL databases
- Remotely connect to the Service Manager Service Portal database
- Change Service Manager Service Portal initial passwords
- Enable query field autofill for catalog item user options
- Adjust the field weight for IDOL search
- Use F5 reverse proxy with Service Portal
- Administrative toolkits
Use F5 reverse proxy with Service Manager Service Portal
This section describes the steps to configure an F5 hardware load balancer as a reverse proxy for a single instance of Service Manager Service Portal.
The configuration consists of two parts: the Service Manager Service Portal server, and the F5 server. A tool (f5_reverse_proxy) is provided to automate the configuration required on the Service Manager Service Portal server, and example configuration files are also provided for the configuration required on the F5 server.
Additionally, the tool can regenerate self-signed SSL certificates if configured as such and replace the out-of-box certificate files with the new files. If you want to use your own certificates, you can choose to skip regenerating certificate when running the tool.
The following configurations are required to use F5 reverse proxy with Service Manager Service Portal.
On the Service Manager Service Portal Server
You can use the f5_reverse_proxy tool to change the proxy configuration of a single instance of Service Manager Service Portal.
Prerequisites
-
You have Ansible 2.2.0.0 and Linux nslookup installed in your Service Manager Service Portal environment.
-
You already have a “propel” user created and you have granted this user the sudo permission. Notice that you will need to run the tool provided as the “propel” user and will be prompted for its password.
-
You know the Service Manager Service Portal server FQDN (<Service_Portal_FQDN>) and the F5 server FQDN (<F5_FQDN>). The F5 FQDN is the virtual server FQDN.
This tool will perform the following three major steps.
-
Replace the Service Manager Service Portal server FQDN in configuration files with the F5 FQDN.
-
Modify the iptables file and configuration files to map the micro services ports to URLs needed by the F5 reverse proxy.
-
(Optional) Regenerate certificates based on the F5 FQDN and overwrite the original certificates.
Note This tool removes the Drop rule from the Service Manager Service Portal iptables file. If the Drop rule is required in your environment, you can add it back afterwards.
To run this tool, follow these steps:
-
Log in to the Service Manager Service Portal server as “propel”.
Note If you are already logged in as another user, change to the “propel” user.
-
Configure the network connectivity:
# ssh-keygen -t rsa -f ~/.ssh/id_rsa # ssh-copy-id propel@<Service_Portal_FQDN>
-
Run this script:
# cd /opt/hp/propel/adminUtil/f5_reverse_proxy # ./f5_reverse_proxy.sh --sp-host <Service_Portal_FQDN> --f5-host <F5_FQDN> [other_options]
The --sp-host and --f5-host parameters are mandatory, and the other options may or may not be required:
- --cert-gen: Use this option to generate self-signed SSL certificates.
- --no-change-host: You must use this option when the last script execution failed, but the log file indicates that first part (replacing the Service Manager Service Portal FQDN with the F5 FQDN) of the script was successfully completed. In this case, you MUST use this option to resume from the second part (changing the proxy).
-
--no-change-proxy: Use this option to skip the second part (changing the proxy) of the script.
Note The script log file is located in the
f5_reverse_proxy/logfolder. -
After the script is finished, do the following:
-
If you did not use the --cert-gen option: Replace the out-of-box certificates in Service Manager Service Portal with your own SSL certificate files (generated with F5 host name), and then copy your certificate files (which must use the following file names) to the following locations:
-
The key:
/opt/hp/propel/security/propel_host.key.rsa -
The certificate:
/opt/hp/propel/security/propel_host.crt -
The trust CA:
/opt/hp/propel/security/CA.crt
For more information about how to replace certificates, see here.
-
-
If you used the --cert-gen option: Go the directories listed above, and check the time stamps of these files to make sure they were generated by the tool.
-
-
Restart Service Manager Service Portal:
# propel stop # Propel start
On the F5 server
Make sure the version of the F5 server is later than 11.4.
Note The following steps will use three text files, which you can find in the f5_reverse_proxy folder on the Service Manager Service Portal server: F5-iRule.txt, F5-CreatePool.txt, and F5-CreateVirtualServer.txt.
-
In the F5 web UI, create the SSL profile with the files created in the "On the Service Manager Service Portal Server" section above.
For example, create the SERVER SSL profile with the name "PROPEL-SERVER”, and create the CLIENT SSL profile with the name "PROPEL-CLIENT."
Note For both PROPEL-SERVER and PROPEL-CLIENT SSL profiles, you can use the same certificate and private key.
-
In the F5 web UI, create a new irule with the name "PROPEL-iRule", copy the content in the "F5-iRule.txt" file.
Note Replace “smci010.hpeswlab.net” with your F5 server’s hostname.
-
In the F5 web UI, create SNAT with the name PROPEL-SNAT.
-
Go to the F5 background, create the pools by running the tmsh command in the "F5-CreatePool.txt" file.
Note Replace “16.187.190.23” with your Service Manager Service Portal’s IP address.
-
Go to the F5 background, create the virtual server by running the tmsh command in the "F5-CreateVirtualServer.txt" file.
Note Replace “16.165.216.242” with your F5 server’s IP address.
