Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Absent Member.. Gino Castoldi_2 Absent Member..
Absent Member..
242 views

OML9 - How to add a node and map the certificate from the command line?

OML9.10

OA11.11

 

The OA 11.11 agent is manually installed on a server. The certificate shows up in the Pending Certificate Request window.
We would like to add the node and map the certificate from the command line.

 

Can this be done?

 

Thank you

Gino

0 Likes
9 Replies
Absent Member.. GTrejos7 Absent Member..
Absent Member..

Re: OML9 - How to add a node and map the certificate from the command line?

Hello Gino,

 

This is the command to add the node to the node bank via command line:

/opt/OV/bin/OpC/utils/opcnode -add_node node_name=<node_name>
net_type=<network_type> mach_type=<machine type> group_name=<node group name>

 

 

i.e.:

 

/opt/OV/bin/OpC/utils/opcnode -add_node node_name=abc.com
net_type=NETWORK_IP mach_type=MACH_BBC_WINNT_X86 group_name=Wingrp

However, this puts it into the Holding Area.
To move the node from the Holding Area to the higher level (Node Bank):

/opt/OV/bin/OpC/utils/opcnode -move_nodes node_list=abc.com net_type=NETWORK_IP layout_group=/

 

Now, to install the certificates on the node manually you can try the following:

 

Issue a new certificate manually from management server :
opccsacm -issue -name <nodename> -file <filename> -coreid <OvCoreId>


Transfer the newly created certificate to the managed node.
Import the new certificate to the managed node:
ovcert -importcert -file <filename>

 

I hope this helps.

 

Best regards,

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
If you liked it I would appreciate KUDOs.
Absent Member.. Gino Castoldi_2 Absent Member..
Absent Member..

Re: OML9 - How to add a node and map the certificate from the command line?

Hi,

 

Thanks for your help.

 

One question.

 

>Issue a new certificate manually from management server

Since the certificate has already been generated for the node do I need to do this step?

 

Should I map and grant the certificate a different way?

 

 

Thank you

Gino

 

0 Likes
Absent Member.. GTrejos7 Absent Member..
Absent Member..

Re: OML9 - How to add a node and map the certificate from the command line?

Hello Gino,

 

In regards to your last question I can tell you that I would suggest to issue a new certificate on the Management server the way I described it since it puts it into a file that can then be transfered to the node for the next step.

 

After importing the new certificate to the managed node with the command:
ovcert -importcert -file <filename>

 

You should be all set.

 

You can double check the status of the certificates first of all checking the communication:

 

node#bbcutil - ping <ManagementServer_name>

MS#bbcutil -ping <node_name>

 

Let me know if you receive errors while executing the following command (on management server)
# opcragt -status <nodename>

from the managed node
# opcagt -status

 

node#ovcoreid -show
node# ovcert -list
node# ovcert -check
node# ovcert -status

 

I hope this helps.

 

Best regards,

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
If you liked it I would appreciate KUDOs.
Absent Member.. Gino Castoldi_2 Absent Member..
Absent Member..

Re: OML9 - How to add a node and map the certificate from the command line?

Hi,

 

 

>In regards to your last question I can tell you that I would suggest to issue a new certificate on the Management server >the way I described it since it puts it into a file that can then be transfered to the node for the next step.

 

 

>After importing the new certificate to the managed node with the command:

 

Since the node already has a certificate pending why would we need to issue a new cert and transfer it to the node?

Couldn't we just map and grant the certificate instead? If we issue another cert then we would have to change it on the node and we do not have login access to the servers. I am just thinking that creating another certificate is unnecessary and will add extra work for us in our environment.

 

 

 

 

Thank you

Gino

 

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: OML9 - How to add a node and map the certificate from the command line?

Hello Gino,

 

Many ways lead to Rome 🙂

 

You can either issue a certificate or just map (if needed) and grant the certificate request.

 

Here are the steps to map and grant the certificate request on the command line:

- Check that the certificate request is indeed pending:

# /opt/OV/bin/OpC/opccsa -list_pending_cr

 

This will also show if it was already mapped to a node in the node bank.

 

- If it's not yet mapped (e.g. because FQDN in the name service is different than on the managed node locally), map it:

# /opt/OV/bin/OpC/opccsa -map_node <hostname>=<nodebank_hostname>

 

- Now grant the certificate:

# /opt/OV/bin/OpC/opccsa -grant <hostname>

 

 

Theoretically, you could even add a node and grant the certificate all at once:

# /opt/OV/bin/OpC/opccsa -grant -add_node <hostname|CertReqId>

 

And if you want to go even further, you can use the auto granting / CSA automation feature.

See the Operations Manager White Paper Installing HP Operations Agents Using Clone Images

for more information:

http://support.openview.hp.com/selfsolve/document/KM1305402/binary/OMU9.10_InstallAgentsUsingClone_Ed3

 

Best regards,

Tobias

 

Absent Member.. Gino Castoldi_2 Absent Member..
Absent Member..

Re: OML9 - How to add a node and map the certificate from the command line?

Hi Tobias,

 

Thanks for answering my questions, that was just the information that I was looking for.

 

 

Thank you again for your help!

Gino

 

0 Likes
Absent Member.. UT_Brandon Absent Member..
Absent Member..

Re: OML9 - How to add a node and map the certificate from the command line?

Whats the difference between

 

ovcm -issue -file <file location and name> -name <node name> -pass <password for file> -coreid <core id of existing node>

 

vs

 

opccsacm -issue -name <nodename> -file <filename> -coreid <OvCoreId>

 

the syntaxes are the same so I presume they are linked.

Should I stop using one or the other due to future phase out?

 

-Brandon

Absent Member.. MuthuvelS Absent Member..
Absent Member..

Re: OML9 - How to add a node and map the certificate from the command line?

opccsacm is the old version of the command that was there prior to 8.x version, ovcm is the updated / enhanced version of the same command that is released as part of 8.x.

End of the day both of them servers the same functionality.

Prefer to use ovcm.

Cheers,
Muthuvel.S
Micro Focus Expert
Micro Focus Expert

Re: OML9 - How to add a node and map the certificate from the command line?

Hello,

 

opccsam is not the old version but a wrapper for ovcm. The opccsam man page tells us the difference:

 

opccsacm - is a wrapper for the ovcm tool.

 

SYNOPSIS
       opccsacm
               [-issue -name <nodename> [-file <filename>]
                   [-coreid <OvCoreId>] [-pass <pass phrase>]]
               [-geninstkey [-file <filename>]
                   [-pass <installation pass phrase>]]

 

DESCRIPTION
       The  command opccsacm has the ovcm functionality for issuing new node certificate manually and for using the
       installation key manually. This wrapper modifies the HPOM database according to the performed  actions,  which
       is not done by the ovcm tool itself.

 

 

In general it's better to use the opccsa and opccsam tools as they have access to the OML database, while the ovcm

tools is the L-Core tool that doesn't care what HPSW product is used (OML, BSM, ...). Thus ovcm doesn't have access

to the OML DB.

 

Best regards,

Tobias

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.