HP Smart Update Manager Release Notes Version 7.1.0 Abstract This document describes release information about this version of HP SUM. This document is intended for individuals who understand the configuration and operations of Microsoft Windows, Windows Server, Linux, smart components, HP-UX, VMware, and the risk of data loss from performing updates. HP Part Number: 679985-404 Published: October 2014 Edition: 2 В© Copyright 2012, 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Acknowledgments MicrosoftВ®, WindowsВ®, and Windows ServerВ® are U.S. registered trademarks of the Microsoft group of companies. вЂў OpenPegasus version 2.10.0 For more information, see the OpenPegasus website at http://www.OpenPegasus.org. вЂў Mongoose version 2.11 For more information, see the Mongoose website at http://sourceforge.net/projects/mongoose/develop. вЂў open-WSMan For more information, see the open-WSMan website at http://sourceforge.net/projects/openwsman. вЂў zlib version 1.2.3 For more information, see the zlib website at http://zlib.net. вЂў libcurl version 7.21.6 For more information, see the libcurl website at http://curl.haxx.se/libcurl. вЂў gSOAP version 2.8.3 For more information, see the gSOAP website at http://gsoap2.sourceforge.net. вЂў libssh2 version 1.2.8 For more information, see the libssh2 website at http://www.libssh2.org. вЂў libxml2 version 2.7.8 For more information, see the libxml2 website at http://www.xmlsoft.org. вЂў libxslt version 1.1.26 For more information, see the libxslt website at http://www.xmlsoft.org. вЂў OpenSSL version 1.0.0d For more information, see the OpenSSL website at http://www.openssl.org вЂў Cygwin libraries For more information, see http://cygwin.com/index.html. вЂў Genisoimage For more information, see http://cdrkit.org/. Description HP SUM is a stand-alone tool you can use to install and update firmware, software, and drivers on HP ProLiant servers, and install and update firmware on HP Integrity servers. You can download the latest version of HP SUM from the HP website at http://www.hp.com/go/hpsum/download. HP also includes HP SUM in some update bundles, for example HP SPP or HP Integrity bundles. As listed in Table 1 (page 3), HP SUM provides a web-based GUI, a non-interactive command-line, scriptable interface, and an interactive command-line interface. HP SUM has an integrated hardware and software discovery engine that finds the installed hardware and current versions of firmware and software in use on nodes you identify. HP SUM installs updates in the correct order and ensures that all dependencies are met before deploying an update. HP SUM prevents an installation if there are version-based dependencies that it cannot resolve. Key features of HP SUM include: вЂў Dependency checking, which ensures appropriate installation order and component readiness вЂў Web browser-based mode, legacy command-line mode, and text-based console mode and scripting вЂў Create custom baselines and ISOs вЂў Simultaneous firmware and software deployment for multiple remote nodes in GUI and CLI modes вЂў Intelligent deployment of only required updates The latest version of HP SUM is available on the HP website at http://www.hp.com/go/hpsum. Table 1 HP SUM interface options Interface Description GUI mode The HP SUM GUI mode is an easy-to-use browser-based graphical user interface that enables deployment and maintenance of system software and firmware components to multiple systems in a single session. CLI mode The HP SUM command-line interface mode allows you to add all parameters in one command line, and then use the silent switch to execute the entire sequence on multiple nodes without any user interaction. This method requires the use of the silent switch and does not allow user interaction. You can update one or more nodes using this method. CLI with Input files mode The HP SUM command-line interface with input files mode allows you to add all parameters to a text file, and then call HP SUM using the inputfile command with the text filename as the parameter. This method requires the use of the silent switch and does not allow user interaction. Using the input file method allows you to provide a larger number of nodes to update. Interactive CLI mode The HP SUM interactive command-line interface mode provides an interactive method for each step of a process. You can run each command individually to add a baseline, add a node, start inventory, and so on. This method is similar to using the GUI but you provide individual commands instead. HP SUM iCLI takes a single command at a time. Using this method allows you to have nodes a different stages of update. For example, you can have one node in the inventory phase, one node in the deployment phase, and another node that you are just adding. Update recommendation вЂў RecommendedвЂ”Includes new enhancements, features, and/or minor bug fixes. HP recommends that all customers update. Supersede information Supersedes: 6.5.0 Description 3 Products This release applies to the following products: вЂў HP SPP and related supplementsвЂ”The minimum HP SPP version is 2013.09.0. вЂў HP Integrity bundlesвЂ”This version of HP SUM supports all currently released HP Integrity bundles. вЂў HP Moonshot Component PacksвЂ”This version of HP SUM supports HP Moonshot Component Pack 2014.06.0. Supported browsers вЂў Internet Explorer version 9, 10, or 11 вЂў Firefox version 17 ESR (Linux) and version 18 (Windows) or later вЂў Chrome version 24 or later вЂў Screen resolution of 1024 x 768 Devices supported Installation of this release allows the following devices to then be supported on the product models: HP SUM runs on/HP SUM 4, 6 deploys to Windows Firmware Linux4, 6 Software Firmware Software VMware ESXi/vSphere4 HP-UX5 Firmware Firmware 1 Software 2,3 Software Windows Yes Yes Yes Yes Yes N/A Yes N/A Linux N/A N/A Yes Yes Yes1 N/A Yes2,3 N/A Offline SPP Yes N/A Yes N/A Yes N/A N/A N/A 1. VMware ESXi 5.0 or VMware vSphere 5.1 and later HP SUM 7.1.0 and later supports online driver updates for VMware ESXi 5.x and later. 2. 3. 4. 5. I/O via online HP-UX Platform firmware via iLO HP ProLiant nodes running a supported OS version HP Integrity nodes running HP-UX NOTE: 6. You can update non-supported operating systems offline. HP SUM supports running on x86 Windows and Linux systems. HP SUM does not support running on IA64 systems. Operating systems HP SUM is supported on the operating systems listed below. For prerequisites on running HP SUM, see вЂњPrerequisitesвЂќ (page 11). 4 вЂў Windows 2008, Windows Server 2008, and Windows Server 2008 R2 вЂў Windows 2012, Windows Server 2012, and Windows Server 2012 R2 вЂў Red Hat Enterprise Linux 5.x вЂў Red Hat Enterprise Linux 6.x вЂў Red Hat Enterprise Linux 7.x Products вЂў SUSE Linux Enterprise Server 10.x вЂў SUSE Linux Enterprise Server 11.x вЂў Offline SPP or HP SUM ISO IMPORTANT: HP SUM does not support adding Windows nodes or deploying components to Windows nodes from a Linux host. Languages вЂў English вЂў Japanese вЂў Simplified Chinese Enhancements This version of HP SUM includes the following enhancements: вЂў Scalability with iLO Federation support в—¦ Added the ability to automatically discover iLO Federation groups on the management network. в—¦ Added the ability to update System ROM and iLO firmware, and view the CPLD and PowerPIC firmware on HP ProLiant servers in the iLO Federation group via iLO. в—¦ Added the ability to update all applicable firmware on HP ProLiant servers in the iLO Federation group via the iLO using offline firmware deployment. вЂў Specify a baseline on the localhost Guided Update screen вЂў View deployment logs during the deployment process вЂў Validate baselines to ensure all files are present in a baseline вЂў Deployment of VMware VIBs and Linux firmware RPMs вЂў Added a warning when deploying updates to nodes with HP Service Guard for HP-UX or Linux вЂў Custom Baseline вЂў в—¦ Added filters for package selection based on the packages in a baseline. в—¦ Added filter for server model. в—¦ Added filter to create an HP CloudSystem Matrix custom baseline. Interactive CLI enhancements в—¦ Added the ability to download a baseline from hp.com or an HTTP server. вЂў Support for HP ProLiant Gen9 servers вЂў Support for Moonshot systems вЂў Support for Internet Explorer 11 вЂў Support for online driver updates for VMware 5.x and later Languages 5 Fixes 6 Fixes Issue Description 1 HP SUM does not start on ports lower than 1024 when using the /port or /ssl_port parameters. 2 HPSUM stops working after logout and login when baseline inventory in progress. 3 HP SUM does not display the scroll bar on the Create Custom Baseline screen if you select invalid components 4 HP SUM displays an Error code 1 in the command line window when launching from a mounted ISO 5 HP SUM deploys updates when user clicks the Analysis button 6 HP SUM displays logged in user as root when you launch HP SUM using sudo 7 A Windows server does not back up because of a registry error with HP SUM 8 Pressing ESC while HP SUM is in Offline Automatic mode causes HP SUM to open 9 HP SUM does not launch from a UNC path 10 After adding iLO\OA nodes, servers page shows an unable to locate (Inactive) error. 11 After performing inventory on the node, the node page displays incorrect status. 12 HP SUM removes the assigned baseline for a node if you edit a node 13 HP SUM Console mode displays an error when you add the localhost by IP address 14 HP SUM does not inventory or deploy all nodes when you select multiple nodes using the GUI 15 HP SUM displays a message that the firmware of Hard Disk Drives behind an HP Smart Array H220/H222 controller is already updated when the firmware component is deployed online 16 HP SUM does not reboot a node after using Localhost Guided Update on Red Hat hosts 17 Aborting deployment and restarting deployment on iPDU nodes causes HP SUM to unexpectedly quit 18 HP SUM does not add all associated nodes when a firewall is enabled on Windows 2012 and Windows 2012 R2 operating systems 19 HP SUM does not downgrade a VC node to version 4.1 20 HP SUM only includes firmware updates when you use the device option filter to create a custom baseline 21 HP SUM does not deploy Brocade switch firmware updates greater than 7.2.0 if MAPS is enabled 22 HP SUM reports incorrectly that a baseline was not deleted in Console mode 23 HP SUM quits working when you delete a baseline 24 HP SUM does not display some RPM components in a baseline 25 HP SUM does not correctly report the number of updates downloaded from the HP website 26 HP SUM does not display a downloaded baseline when you try to assign it to a node 27 HP SUM does not present some RPMs for deployment even if they apply to the node 28 HP SUM does not create a custom baseline if there is not enough free space, but HP SUM displays a message that the baseline was created 29 HP SUM displays components ready for deployment after deploying the components 30 HP SUM does not save configuration settings for SNMP components 31 HP SUM does not configure SMH component when using an input file 32 Component logs for iLO firmware displays incorrect details 33 HP SUM does not deploy Brocade switch firmware updates greater than 7.2.0 if MAPS is enabled Issue Description 34 HP SUM does not deploy groups in legacy CLI mode 35 HP SUM does not display VMware Smart Array firmware components on firmware reports 36 HP SUM generates blank XML reports in Console Mode if no parameters are selected 37 HP SUM does not include the correct number of components in a baseline from the HP website in an Inventory report 38 HP SUM does not display the online help on the Deploy screen when you select multiple nodes Issues and workarounds Drivers and/or enablement kits must be installed prior to detecting and updating some hardware and firmware - HP SUM might need to be run twice for all firmware components to be presented for installation Drivers and/or enablement kits must be installed prior to detecting and updating some hardware and firmware. There are several scenarios when HP SUM might need to be run twice for all firmware components to be presented for installation. This is due to a requirement that drivers are needed for HP SUM to discover some hardware and thus the needed firmware. After the drivers are installed for the first time and the system rebooted, HP SUM needs to be run again for all of the firmware components to be presented for installation. The scenarios are: 1. When performing online updates with HP SUM on a fresh installation of a supported Windows or Linux OS, all of the appropriate drivers are listed on the Review/Deploy screen but all of the applicable firmware components might not be listed. 2. Network Adapters (NICs), Host Bus Adapters (HBAs), and iLO require a driver or enablement kit to be installed in order to be recognized by HP SUM. 3. When running HP SUM on Windows, if the iLO Channel Interface Driver is not installed, the iLO FW will show a version of вЂњCHIF NeededвЂќ as the installed version and вЂњReady for InstallationвЂќ as the status on the Select Bundle or Select Component page. This applies to firmware for iLO 2, 3, and 4. When you try to update the firmware, it might not update if it is already up to date. 4. Broadcom NICs are not discovered by HP SUM unless the appropriate driver is installed and all Ethernet ports are up. You can bring up Ethernet port by using the following command: # ifup ethx or # ifup ethx up To update the firmware for Broadcom NIC, use the following steps: вЂў Install the appropriate Windows or Linux driver found in the SPP. If updating a Linux server, the driver can also be retrieved from the SDR or the Linux distro. вЂў Enable all the Ethernet ports. вЂў Run the Broadcom FW upgrade component. HP SUM displays the error message вЂњMultiple connections to a server or shared resource by the same user...вЂќ HP SUM uses the admin$ share function on Windows-based servers to copy files and perform required operations on remote node servers. If HP SUM detects multiple connections to the remote Windows node, it might display вЂњMultiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.вЂќ Issues and workarounds 7 Suggested Action: If HP SUM displays the error, check for open admin$ shares on the remote node you want to update, and then remove the connections. Use the following commands to check for open shares and delete them: 1. Open a command prompt window. 2. Enter net use. 3. If the command returns open connections on the remote node, enter: net use <node_admin_share> /delete 4. Retry the operation in HP SUM that caused HP SUM to display the error. HP SUM does not display information after shutting it down and then relaunching Suggested Action: Refresh the browser. HP SUM does not inventory some nodes when the system running HP SUM has both IPv4 and IPv6 network enabled Suggested Action: Only use IPv4 or IPv6 on a node, do not use both. Inventory fails Suggested Action: Make sure you have not duplicated any nodes or added the same nodes with different credentials. HP SUM displays Inventory Started after you cancel a node inventory Suggested Action: No action. Message error only. HP SUM stops responding when you type a baseline address Suggested Action:Use the browse button to navigate to a baseline directory. HP SUM does not deploy updates in CLI mode if you use the report command Suggested Action: Run reports in a separate CLI command after you deploy updates. Deploying updates to OA and iLO nodes at the same time might cause a network issue Suggested Action: Deploy updates to OA and iLO through the OA node by selecting iLO associated nodes on the OA deployment screen. HP SUM determines the proper deployment order to minimize deployment issues. Alternatively, you can wait for HP SUM to finish updating one node and then update the other node. HP SUM cannot update the OAs in a stacked enclosure Suggested Action: Use the OA firmware smart component or the OA GUI to update the OAs. This will be resolved in a future version. HP SUM encounters an error while deploying to a VC node that has a domain IP different than the primary VC module Suggested Action: Make sure the domain IP and the primary VC IP address are the same. Update returns an error while deploying cp020438 (HDD) with TPM A Trusted Platform Module (TPM) has been detected in this system. Failure to perform proper OS encryption procedures will result in loss of access to your data if recovery key is not available. Recommended procedure for Microsoft Windows(R) BitLocker(TM) is to "disable" BitLocker prior to System ROM or Option ROM firmware flash. If you do not have your recovery key or have not 8 Issues and workarounds suspended BitLocker, exit this flash: Failure to follow these instructions will result in loss of access to your data. HP SUM deletes a component log file if HP SUM encounters a YUM error Suggested Action: Update an entire family of hard drives, if you update a single drive in a family, then HP SUM deletes a component log. HP SUM displays an inventory error when connecting to a node HP SUM displays the incorrect error Inventory error: Please check the IP address, username, password. when the HP SUM loses contact with a node during inventory. Suggested Action: Check your network connectivity and HP WBEM Provider status in the VMware node, and then restart the inventory. HP SUM does not display a driver version on VMware nodes and indicates drivers need to be installed Suggested Action: No action. Under review. The command open_firewall does not work on some nodes On some nodes, HP SUM launches and adds nodes, but fails when you inventory a node. Suggested action: HP SUM is unable to open the firewall in all instances. These include: third-party firewall applications, Linux iptables DROP entries, and firewalls with complex rules. When the open_firewall command does not work, manually open the firewall and then HP SUM can manage the node. HP SUM does not deploy IPDU nodes if the same version of the firmware is already installed Suggested action: No action. This will be resolved in a future version. HP SUM stops responding when you click Abort while performing inventory on a group Suggested action: Do not abort an inventory, wait for the inventory to complete. This will be resolved in a future version. HP SUM does not generate reports using interactive CLI after group deployment Suggested action: If HP SUM is unable to deploy updates to one node in a group, it will not allow creating of a deployment report using interactive CLI. HP SUM does not create log files for IPv6 node groups Suggested action: No action. This will be resolved in a future version. HP SUM does not shut down the engine on a remote node after deployment finishes Suggested action: HP SUM shuts down the engine on the remote node when you shutdown HP SUM on the local host. HP SUM displays the message Install done. Reboot required after install multiple times Suggested action: The reboot succeeds after the multiple messages. This will be resolved in a future version. Issues and workarounds 9 HP SUM cannot add a node and displays the error HP SUM ports are blocked in firewall Suggested action: If you added a node and selected Use Current Credentials, add the node again and enter the credentials, do not select Use Current Credentials. HP SUM incorrectly displays a deployment error for Moonshot nodes If HP SUM encounters an error deploying to a Moonshot node, and you re-run the update, HP SUM might display an error even though the update deployed successfully. Suggested action: View the component log to determine if the update deployed successfully. To clear the error, run the gatherlogs script, and then run clean-cache. The gatherlogs script allows you to collect all errors before clearing them for troubleshooting if the problem persists. gatherlogs and clean-cache do not work if you are running HP SUM with a non-default temp directory path Suggested action: Manually zip or tar the non-default temp directory when needed instead of using gatherlogs. Manually erase the non-default temp directories instead of using clean-cache. HP SUM displays an error when you re-inventory a node group Suggested action: Under review. No action needed. HP SUM displays an incorrect status message after node group scouting or inventory Suggested action: Expand the yellow status bar to see the status of the node group. This will be resolved in a future version. HP SUM disables Node Group inventory or deploy after deploying a node group Suggested action: Shut down HP SUM and relaunch it to re-inventory or re-deploy the node group. HP SUM does not display some server types on the Custom Baseline screen Suggested Action: Under review. No action needed. HP SUM does not deploy updates if the baseline path includes a space Suggested Action: Make sure directory paths do not include spaces. HP SUM displays duplicate server types on the Create Custom Baseline screen Suggested Action: No action. This will be resolved in a future version. HP SUM displays incorrect node count during node group deployment Suggested Action: No action. This will be resolved in a future version. HP SUM continues to download a file from the web after you click Abort Suggested Action: HP SUM finishes downloading the current component after you click Abort. HP SUM does not generate reports or validate baselines added automatically Suggested Action: No action. This will be resolved in a future version. HP SUM displays 64вЂ“bit components for a 32вЂ“bit Windows node Suggested Action: Make sure that components that do not apply are not selected. 10 Issues and workarounds HP SUM displays that a Linux node is updated when there are valid updates available Suggested Action: Use a Windows host to update the component CP023848.scexe. HP SUM deploys Linux nodes when you select ignorewarnings=no and the node is part of a Serviceguard cluster in CLI mode Suggested Action: Do not use CLI mode to deploy Linux nodes that are active members of a Serviceguard cluster. HP SUM does not provide a message that the FTP 21 port is already in use in interactive CLI mode Suggested Action: FTP port 21 is disabled by default. If you enable the port in interactive CLI mode, HP SUM does not display a message if another application is using the port. Make sure the port is open, or use another port in the hpsum.ini file. HP SUM getbaseline command is case-sensitive Suggested Action: If an error occurs, make sure that the baseline directory path is in the same case as used to add the baseline. HP SUM does not automatically reboot HP-UX nodes after updating an IO If you click select Reboot when updating an HP-UX IO, HP SUM shuts down the node, but does not automatically restart the node. Suggested Action: Manually restart the node after HP SUM shuts it down. HP SUM generates XML report files in Console Mode if no report type is selected Suggested Action: Choose the report type that you want to generate. HP SUM does not display the correct System ROM version format on the Firmware Report HP SUM does not read the format for the firmware version. Suggested Action: No action. This will be resolved in a future version. HP SUM interactive CLI mode abort command does not abort adding a node Suggested Action: Wait until HP SUM adds the node and then delete the node. Prerequisites Before deploying any components to a system, be sure that a recent backup of the system is available in the event the deployment procedure fails. Make sure there is at least 1 GB of free disk space available for HP SUM to generate temporary files it uses. HP SUM uses the host systemвЂ™s language settings to determine which language it displays. Table 2 Operating system dependencies Linux Windows HP-UX libcrypt.so WLDAP32.dll /usr/bin/swlist libcrypt.so.1 OLEAUT32.dll /usr/bin/swinstall /usr/lib/libqlsdm.so RPCRT4.dll /usr/lib64/libqlsdm-x86_64.so KERNEL32.dll /lib/cim/libqlsdm.so USER32.dll Prerequisites 11 Table 2 Operating system dependencies (continued) Linux Windows /usr/lib/libemsdm.so SHELL32.dll /usr/lib64/libemsdm.so ole32.dll /lib/cim/libemsdm.so ADVAPI32.dll /usr/lib/bfahbaapi.so WS2_32.dll /usr/lib64/bfahbaapi.so GDI32.dll HP-UX /lib/cim/bfahbaapi.so linux-vdso.so.1 /lib64/libcrypt.so.1 /lib64/libpthread.so.0 /lib64/libz.so.1 /lib64/libdl.so.2 /lib64/librt.so.1 /usr/lib64/libstdc++.so.6 /lib64/libm.so.6 /lib64/libgcc_s.so.1 /lib64/libc.so.6 /lib64/ld-linux-x86-64.so.2 Table 3 Linux tools Tool Location coreutils cut /bin/ls /bin/uname sed /bin/rpm /bin/bash util-linux /bin/kill /sbin/shutdown module-init-tools /sbin/lsmod pciutils /sbin/lspci gawk /awk grep sed 12 samba /usr/bin/ntlm_auth uuidd /usr/bin/uuidd procps /usr/bin/ps ipmitool /usr/bin/ipmitool Prerequisites Table 3 Linux tools (continued) Tool Location sudo /usr/bin/sudo /usr/bin/model dirname Updating VMware remote host firmware HP SUM does not run on VMware. You can update servers running VMware ESXi 5.0 or VMware vSphere 5.1 and later operating systems remotely while running HP SUM on a Linux or Windows system. HP SUM supports updating firmware and drivers for VMware nodes. The HP SPP contains the latest released firmware. For recommended driver and firmware versions for HP ProLiant servers running VMware ESXi 5.0 or VMware vSphere 5.1 and later, see the VMware firmware and software recipe available on the HP Online Deport, available at http:// vibsdepot.hp.com/. For information on the firmware updates available in the HP SPP, see HP Service Pack for ProLiant Release Notes. The SPP 2014.09.0 release includes HP and third-party drivers that HP includes in the HP Custom Image. You can update servers running VMware ESXi 5.0 or VMware vSphere 5.1 and later operating systems remotely while running HP SUM on a Linux or Windows system. You cannot execute HP SUM locally to update a VMware ESXi or VMware vSphere node. The following must be true to update a VMware vSphere node: вЂў To update a node in online mode, you need to install the full WBEM providers. You can update the nodes in offline mode from a bootable ISO without installing the WBEM providers. You cannot deploy drivers in offline mode. вЂў The node must be running VMware ESXi 5.0 or VMware vSphere 5.1 and later. вЂў The node must be active on the network so that HP SUM can detect it. вЂў The VMware server must be running hp-smx-provider-500.03.01.2вЂ“434156 or later. Download the providers for the appropriate version of VMware vSphere release from one of the following locations: вЂў в—¦ Version 1.3.5 and later of the HP Insight Management WBEM Provider offline bundle. You can download the bundle from the HP Online Depot at http://vibsdepot.hp.com. в—¦ Version 5.25 and later of the HP Custom Image includes the provider. You can download the HP Custom Image ISO from the Custom VMware Image for ProLiant Servers website at http://www.hp.com/go/esxidownload. You are executing HP SUM on a Windows or Linux host computer. NOTE: node. You cannot execute HP SUM locally to update a VMware ESXi or VMware vSphere Using Linux and HP-UX root credentials If you run HP SUM from a Linux system where you have not logged into the system as a root user, you can still update nodes if you use sudo or super user Access level options. вЂў If you have run HP SUM as a root user, remove the temp directory created by HP SUM. вЂў Make sure you have read/write access permissions to the /tmp and /var directories. Prerequisites 13 вЂў вЂў If you create a sudo user, make sure that you add that user to the /etc/sudoers file. The following table shows the privileges and specifications for users. User Privilege Specification Root ALL= (ALL) ALL Sudo_user ALL= (ALL) ALL Edit the entry in the /etc/sudoers file so the system asks for the sudo user password instead of root user password when you run the sudo command. The following table shows the privileges to comment or remove from /etc/sudoers. User Privilege Specification All ALL= (ALL) ALL This often occurs in SUSE Linux systems. #Defaults targetpw # ask for the password of the target user. WARNING! вЂў Only use this option with Defaults targetpw. To use super user functionality, configure the user as a super user with all root privileges. You can also use non-root user with a root user to update components. Making HP SUM network ports available HP SUM requires that certain network ports are available for proper operation. If you lock down network ports, make sure that the ports listed in the network port tables are open so that HP SUM works correctly when connecting to remote node servers and hosts. If you are unable to unlock these network ports, you must run HP SUM locally and update network-based hosts, such as the OA, iLO, and VC modules, through their web interfaces. NOTE: Use the open_firewall parameter for HP SUM to automatically open the required firewall ports on the local host and any remote servers. Updates for most node types require network traffic in both directions between the server running HP SUM and the node. The server running HP SUM creates a local HTTP server, which is used to serve firmware binaries to the node and to communicate node status. The remote node issues HTTP requests and posts status updates to the server running HP SUM during the update process. If there is a routing problem or firewall blocking traffic back from the remote node to the system running HP SUM, firmware updates might be blocked, status updates blocked or delayed, or both. Table 4 HP SUM Windows network ports 14 Ports Description Port 22 Establishes a connection to a remote node via SSH to perform node To remote node inventory. Port 443 A secure data port used to transfer information. To remote node Ports 445 and 137/138/139 (Port 137 is used only if you are using NetBIOS naming service.) Connects to the remote ADMIN$ share on node servers. These are the standard ports Windows servers use to connect to the remote file shares. If you can connect remotely to a remote Windows file share on the node server, you have the correct ports open. To remote node Port 5989 This port is used for VMware WBEM discovery. Make sure this port To remote node is not blocked on the VMware ESXi or VMware vSphere host. Prerequisites Direction Table 4 HP SUM Windows network ports (continued) Ports Description Direction Ports 63001вЂ“63002 Updates are passed to the node and retrieved through an internal To remote node and from web server that runs by default on port 63001 for localhost http remote node traffic and port 63002 for local and remote secure https traffic. This allows iLO and VC firmware updates without having to access the host server. It also allows the servers to run VMware or other virtualization platforms to update the iLO firmware without requiring a server reboot or a migration of the virtual machines to other servers. Remote HP Integrity iLO and Superdome 2 updates require these ports to be open on systems for network traffic in both directions to transfer firmware files. Ports 21 or 63006вЂ“63010 You can use these FTP ports to perform switch updates. From remote node Table 5 HP SUM Linux network ports Ports Description Direction Port 22 Establishes a connection to a remote node via SSH to perform node inventory. To remote node Port 443 A secure data port used to transfer information. To remote node Port 5989 This port is used for VMware WBEM discovery. Make sure this port is not blocked on the VMware ESXi or VMware vSphere host. To remote node Ports 63001вЂ“63002 Updates are passed to the node and retrieved through an internal web To remote node and from server that runs by default on port 63001 for localhost http traffic and remote node port 63002 for local and remote secure https traffic. This support allows iLO and VC firmware updates without having to access the host server. It also allows servers running VMware or other virtualization platforms to update their iLO without having to reboot their server or to migrate their virtual machines to other servers. Remote HP Integrity iLO and Superdome 2 updates require these ports to be open on systems for network traffic in both directions to transfer firmware files. Ports 21 or 63006вЂ“63010 You can use these FTP ports to perform switch updates. From remote node NOTE: HP SUM 6.0.0 and later supports /port and /ssl_port options, which allow you to use ports other than 63001 and 63002. Use these options to avoid conflicts with firewalls. HP SUM supports --open_firewall on Linux systems only. HP SUM uses the iptables command to open the HTTP and HTTPS ports used by HP SUM for external access. Open these ports for remote node functionality and for remote browser access. For example: hpsum /port 80 /ssl_port 443 Beginning with HP SUM 6.3.0, you can use the command /ftp_port to assign which port to use for FTP service. By default FTP port is disabled. Use the command to enable the service. Changing the port address in the hpsum.ini file You can change the default ports in the hpsum.ini file, instead of using the /port or /ssl_port parameters. 1. Navigate to the hpsum.ini file in the temp directory, %temp%\HPSUM (Windows) or /tmp/ HPSUM (Linux). NOTE: HP SUM creates this directory the first time you launch HP SUM. If you have not launched HP SUM, launch it and then shut it down. Prerequisites 15 2. 3. 4. Open the file in a text editor, and edit the following items in the [HTTP] section. вЂў port=63001 edit to port=80 вЂў ssl_port=63002 edit to ssl_port=443 Save the file. Launch HP SUM. It now uses the 80 and 443 ports. Enabling HP SUM ports for VMware nodes By default, outgoing connections are blocked in VMware servers, except ports 80 and 443. Use the following steps to enable the default ports of 63001 and 63002. You need to enable these outgoing ports on the VMware server. 1. Create an httpHPSUM firewall rule that enables outgoing connection via port 63001. 2. Create the file httpSUM.xml in the /etc/vmware/firewall directory. Type the following into the file: /etc/vmware/firewall # cat httpHPSUM.xml  <ConfigRoot> <service id='0000'> <id>httpHPSUM</id> <rule id='0000'> <direction>outbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port>63001</port> </rule> <enabled>true</enabled> <required>false</required> </service> </ConfigRoot> 3. 4. Refresh by using the command, esxcli network firewall refresh. Repeat the steps for port 63002. Special network configuration note for HP Integrity servers HP Integrity servers have management network and production interfaces. These are usually kept on separate subnets in an installation. To perform full remote administration of the server, access is required for both networks. If you keep both networks isolated, you need to perform management and operating systems tasks separately. Component dependencies In some cases, HP SUM might not detect that there is a missing library dependency until it attempts to deploy the component. If you see a Return Code = 7 error in the component log file, you are likely running on a 64-bit Linux operating system and donвЂ™t have the required 32-bit dependencies on your system. Installation instructions HP SUM is delivered with each HP SPP, HP Integrity update bundle, or as a stand-alone ISO. HP SUM requires no installation. You only need to download HP SUM to a supported server, and then launch 16 Installation instructions it. You can download the latest version of HP SUM from the HP SUM download website at http:// www.hp.com/go/hpsum/download. Downloading HP SUM You can download HP SUM from the HP website or from the HP Software Delivery Repository. These downloads do not include firmware, software, or drivers. You can obtain software and firmware from the HP SPP, Integrity Firmware Bundles, or download the latest components from hp.com using HP SUM baseline functionality. Downloading HP SUM from the HP website 1. 2. 3. Launch a web browser. Go to http://www.hp.com/go/hpsum/download. Click the file that you want to download: вЂў HP Smart Update Manager ISO вЂ“ The HP SUM ISO contains HP SUM and a bootable ISO environment. Firmware and Software components can be added to create a customized baseline. вЂў HP Smart Update Manager RPM вЂ“ HP SUM RPM is a native package for Linux and is also available on the Software Delivery Repository at http://downloads.linux.hp.com/SDR/ project/hpsum/. вЂў HP Smart Update Manager zip вЂ“ The HP SUM zip contains the files for running HP SUM on supported Windows and Linux operating systems. NOTE: These downloads do not include software or firmware updates. Software and/or firmware updates can be obtained from the HP Service Pack for ProLiant, Integrity Firmware Bundles, or download the latest components from hp.com using HP SUM baseline functionality. HP SUM applications Use the following applications to run HP SUM, collect logs, migrate nodes, and clear the cache: Filename Description hpsum The HP SUM application. How HP SUM runs depends on the variables you pass. By default, HP SUM opens in the GUI version. If you type hpsum /s, HP SUM runs in the CLI mode. If you type hpsum and one of the interactive CLI commands, HP SUM opens in interactive CLI mode. clean-cache Removes the files in the temp directory associated with HP SUM that contain cached information about nodes and baselines. Logs are still maintained. gatherlogs Collects all logs for HP SUM. Useful in debugging troubleshooting issues for HP SUM. hpsum_migration Migrates node location and name from earlier versions of HP SUM to the current version of HP SUM. port-targets Migrates node location and name from HP SUM 5.x to the current version of HP SUM. Downloading HP SUM from the SDR website You can download HP SUM as an RPM from the HP Software Delivery Repository at http:// downloads.linux.hp.com/SDR/project/hpsum/. The SDR contains a version of the HP SUM RPM for each supported operating system and architecture type. Instructions on how to set up your yum configuration are available on the SDR website. You can use yum commands to search for and download HP SUM to your system. You can also use a web browser to navigate the HP SDR and download the rpm. Installation instructions 17 Use the following commands to search, download, or install HP SUM from the SDR: Action Command example Search for HP SUM with yum yum search hpsum Install HP SUM with yum yum install hpsum Download HP SUM from the SDR with a web browser, and then install the RPM rpm -Uvh hpsum-6.0.1-14.rhel-6x86_64.rpm For more information on using the HP SDR, see the Getting Started and FAQ sections on the HP Software Delivery Repository website at http://downloads.linux.hp.com/SDR/index.html. For more information on using HP SUM with the SDR, see Linux best practices using HP Service Pack for ProLiant (SPP) and Software Delivery Repository (SDR) at http://h20564.www2.hp.com/portal/ site/hpsc/public/kb/docDisplay/?docId=c03479393. Launching HP SUM If you downloaded HP SUM as a stand-alone application, the ISO, zip, or RPM does not include component updates. If you downloaded HP SUM along with an SPP or Integrity bundle release, the download includes component updates. If you launch HP SUM from a mounted ISO, such as iLO Virtual Media, HP SUM creates a %temp%/ localhpsum (Windows) or /tmp/localhpsum (Linux) directory. You need to delete the temporary localhpsum files manually because the clean-cache command does not clean these files. HP SUM displays messages about copying files to the drive specified. HP SUM does not need to copy the files if you run HP SUM on a fileshare directory. вЂў GUI mode: Navigate to the directory where you saved HP SUM. Type the command hpsum.bat (Windows) or hpsum.sh (Linux) to start the GUI. вЂў Text-based console mode (iCLI): Navigate to the directory where you saved HP SUM. From the command line, type hpsum and a console parameter. For a full list of parameters, type hpsum -h (Linux) or hpsum /h (Windows). вЂў Legacy CLI mode (with input): Navigate to the directory where you saved HP SUM. Type hpsum /s /h Windows and hpsum -s -h (Linux) for a full list of parameters. For full details on using HP SUM in legacy CLI mode, see the HP Smart Update Manager User Guide. Launching HP SUM in GUI mode from an ISO Run 1. 2. 3. HP SUM on a Windows or Linux operating system. Copy the files from the ISO to your local host. Open a supported browser. Run launch_hpsum.bat (Windows) or launch_hpsum.sh (Linux). HP SUM and SPP Boot environment change Beginning with HP SUM 6.2.0 and HP SPP 2014.02.0, the HP USB Key Utility no longer supports multi-boot setups on a single device. HP SUM and SPP ISOs contain signed parts to work with the UEFI bootloader. This change no longer allows for multi-boot setups on a single device, such as a USB key. Running HP SUM in online or offline mode 18 Mode Uses Online The installation occurs while the host processor is running in the normal server environment. For example, if the server runs Microsoft Windows Server 2012, the update occurs under this environment. The update does not require you to Installation instructions Mode Uses boot to a special environment to update the firmware. You might need to reboot the node to activate the firmware. Offline (In offline mode, HP SUM does not support some features that require the regular local host operating systems.) In offline mode, HP SUM boots a small Linux kernel and enables updates to occur on a single server. вЂў Only updates the local system вЂў Only uses a single baseline Running HP SUM in offline interactive or automatic mode from an ISO with updates If your ISO contains updates, you can copy the ISO to a DVD or USB key. From the DVD or USB key, you can run HP SUM in an offline interactive or automatic mode. вЂў Automatic modeвЂ”Firmware components update without interaction. To launch automatic mode: 1. Install the DVD or USB key into the server, boot the server to the DVD or USB key. 2. HP SUM launches and deploys updates after a short period. вЂў Interactive offline modeвЂ”Allows you to use the GUI mode to deploy updates. To launch offline interactive mode: 1. Install the DVD or USB key into the server, boot the server to the DVD or USB key. 2. Press a key to launch HP SUM in offline interactive mode. Launching HP SUM from the RPM From the HP SUM path, type hpsum. Using a PXE server to deploy updates Use these steps to set up a PXE server on a Linux system. 1. Install the following packages: 2. 3. 4. вЂў tftp-server вЂў dhcp вЂў httpd вЂў syslinux Set up a DNS server on your network. Although not required, HP recommends setting up a DNS server. Activate TFTP within XINETD. вЂў Change disable=yes to disable=no in /ect/xinet.d/tftp вЂў Restart XINETD Set up the PXE server to use a static IP: a. Create the file /ect/sysconfig/network-scripts/ifcfg-eth0.static b. Set the contents to the file as: DEVICE=eth0 BOOTPROTO=STATIC ONBOOT=no TYPE=Ethernet IPADDR=<IP> NETMASK=<IPMASK> GATEWAY=<GATEWAYIP> Installation instructions 19 5. Set up the PXE boot environment: a. Copy initrd.img and vmlinuz from the /system directory of the SPP ISO to /tftpboot directory of the PXE system. b. Copy pxelinux.0 (PXE boot Linux kernel) to the /tftpboot directory. c. Ensure the files copied to /tftpboot are world readable. 6. Configure PXELINUX a. Create directory /tftpboot/pxelinux.cfg. b. Create files representing the hex value of the static IP address in the /tftpboot/ pxelinux.cfg directory. For example, if the static IP address used is 192.168.0.254, the hex value is C0A800FE and the files to be created would be: c. 7. вЂў C вЂў C0 вЂў C0A вЂў C0A8 вЂў COA80 вЂў COA800 вЂў C0A800F вЂў COA800FE Create a zero-sized file (using touch) representing the MAC address of the NIC of the boot PXE boot client (pre-pended with 01 and replacing вЂ�:вЂ™ with вЂ�-вЂ�) in the /tftpboot/ pxelinux.cfg directory. For example, if the NIC MAC address were 00:01:02:03:04:05, a file name would be 01-00-01-02-03-04-05. Create a default pxelinux configuration. a. Create a file name default in the /tftpboot/pxelinux.cfg directory. b. Set the contents of the default file to: prompt 1 default Linux timeout 100 label Linux kernel vmlinux append initrd=initrd.img ramdisk_size=9216 noapic acpi=off 8. 9. Copy the entire contents of the SPP ISO to a directory named /tftpboot/SPP*, where вЂ�вЂќвЂ™ represents the version of the SPP. Add the following to /ect/httpd/conf/httpd/conf where вЂњ*вЂќ represents the version of the SPP. <Directory /tftpboot/SPP*>. Options Indexes AllowOverride None </Directory> Alias /linux /tftpboot/SPP* 10. Start the dhcpd and apache services and activate tftp. service dhcpd start service xinetd restart service httpd start 20 Installation instructions 11. PXE boot the servers to begin the update process. Migrating nodes from 6.x to the current version Nodes you added to earlier versions of HP SUM must be migrated before you can use them in this version of HP SUM. Use the script hpsum_migration to perform the migration at any time. 1. From the HP SUM directory, launch hpsum_migration.bat (Windows) or hpsum_migration.sh (Linux). 2. HP SUM displays a list of previous versions of HP SUM it finds. Select the versions you want to migrate to the current version. HP SUM migrates the node address and name that you have entered in the earlier version of HP SUM. Related information You can find the latest documentation for HP SUM in the HP Smart Update Manager information Library website at http://www.hp.com/go/hpsum/documentation. Available documents include the following: вЂў HP Smart Update Manager User Guide вЂў HP Smart Update Manager Release Notes To open the HP Smart Update Manager Online Help in the GUI, click the ? in the upper right-corner of the application. For help using any of the CLI options, see Running commands outside the GUI in the HP Smart Update Manager User Guide. You can also type hpsum /h /s (CLI mode) or hpsum /h (interactive CLI mode) from the directory where you saved HP SUM. Documentation feedback HP is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback ([email protected]). Include the document title and part number, version number, or the URL when submitting your feedback. Related information 21