HP Instant Capacity release notes for Version 10.x (5900-1258, October 2010)
Table Of Contents
- HP Instant Capacity release notes for Version 10.x
- Table of Contents
- About this Guide
- 1 Instant Capacity 10.x release notes
- 2 Major Changes, New Features, and Requirements of Instant Capacity Version 10.x
- Program Requirements
- Summary of New Features and Changes
- Changes in Version 10.02 from Version 10.01 (HP-UX)
- Changes in Version 10.01 from Version 10.00 (HP-UX)
- Changes in Version 10.00 from Version 9.03 (HP-UX)
- Changes in Version 9.03 from Version 9.02 (HP-UX)
- Changes in Version 9.02 from Version 9.01 (HP-UX)
- Changes in Version 9.01 from Version 9.0 (HP-UX)
- Changes in Version 9.0 from Version 8.03.01 (HP-UX)
- Changes in Version 8.03.01 from Version 8.03 (HP-UX)
- Changes in Version 8.03 from Version 8.02.01 (HP-UX)
- Changes in Version 8.02.01 from Version 8.02 (HP-UX)
- Changes in Version 8.02 from Version 8.01.01 (HP-UX)
- Changes in Version 8.1 (OpenVMS)
- Known Problems
- Software Requirements
- Usage Rights Requirement
- GiCAP Requirements
Whenever the GiCAP software needs to exchange SSL certificates between hosts it will prompt
for the root password so that it can exchange the certificates. If the GiCAP software needs to
exchange SSL certificates it will remove any existing certificates with the same “Issuer” and
“Subject” attributes as the certificates the GiCAP software wishes to install. WBEM does not
allow the installation of certificates with the same Issuer and Subject as previously installed
certificates. The GiCAP software uses private certificates with an Issuer and Subject that should
not conflict with other certificates.
Note that the addition of the -n option to the icapmanage -Q command means certificates will
not be exchanged and no password prompting will occur. This option is provided for situations
where certificates have already been exchanged and the icapmanage command must be
embedded in a control script.
Use the cimtrust -l command to list all WBEM certificates on a host system.
Status Considerations
You can use the icapmanage -s -v command on a group manager system to evaluate if the
SSL certificates have been properly exchanged for the group. The -v (verbose) option checks
each member host to make sure that two-way communication has been established between the
manager and the host. If there is a problem, a note at the end of the display will indicate which
hosts might have a problem with group communication. It is recommended that you do this
check periodically on both the active manager and on any standby manager that you have defined,
particularly if you want to be prepared for any failover from the active group manager to any
standby manager. Only the icapmanage -s command with the -v option does this complete
communication check though all icapmanage -s operations report on communication problems
uncovered as icapmanage -s fetches the information it needs from the various group members.
The icapstatus command on a member host does not check that two-way communication has
been established but it will report on problems trying to contact the active group manager. (It
does not try to contact a standby manager if one is defined.)
Lost Certificates
SSL certificates allow the secure exchange of information between two hosts without the use of
passwords. Each host maintains the SSL key information necessary to connect to the other host.
If you inadvertently remove these SSL keys (for example by reigniting a member system or by
accidentally deleting certificate files) you have broken the ability to communicate with the other
host. Fixing this problem may involve multiple steps.
Consider the case where someone accidently deletes the certificate files in the /etc/opt/iCAP
directory on a GiCAP member (GiCAPcert.pem and GiCAPpkey.pem). An icapstatus on
such a system will show errors similar to the following:
Member xyz in GiCAP group One
-------------------------------------------------
Active Group Manager: gm1.oa.hp.com
Standby Group Manager: gm2.ba.hp.com
ERROR: Unexpected error
PGS00415: SSL EXCEPTION: PGS09207: CANNOT GET SERVER CERTIFICATE.
While /etc/opt/iCAP/GiCAP_keygen will create new copies of these files (as will a
re-installation of iCAP), this is insufficient to restore communication between the member host
and its GiCAP group manager. Instead of the message above, icapstatus will report something
similar to:
Member xyz in GiCAP group One
-------------------------------------------------
Active Group Manager: gm1.oa.ff.com
Standby Group Manager: gm2.ba.ff.com
ERROR: Unexpected error
HTTP Error (401 Unauthorized).
38 Major Changes, New Features, and Requirements of Instant Capacity Version 10.x