HMC V7R7.9.0 SP3 MH01659 « ssl_error_no_cypher_overlap »
On HMC V7R7.9.0 SP3, don't apply e-fix MH01659, it contains a lot of bugs.
If you really need MH01659, then apply e-fix MH01635 before. ( otherwise a ASM connetion timeout and blank page occur with IBM Power5).
=> MH01659.readme.html
Note: This package includes fixes for HMC Version 7 Release 7.9.0 Service Pack 3. You can reference this package by APAR MB04044 and PTF MH01659. This image must be installed on top of HMC Version 7 Release 7.9.0 Service Pack 3 (MH01546) with MH01635 installed.
MH01659 Impact - Known Issues :
After installing PTF MH01659 and the Welcome page loads on the local console, clicking "Log on and Launch" results in the following error:
Problem loading page
An error occurred during a connection to 127.0.0.1.
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)
This defect also impacts the Power Enterprise Pool GUI when launched remotely. Ensure remote access is enabled and the HMC is accessible remotely for management prior to installing this PTF. A fix is planned for a future PTF.
Circumvention: From the HMC home page, Log on by clicking on the "Serviceable Events" link rather than the "Log on and launch the Hardware Management Console web application" link. The "System Status" and "Attention LEDs" links can also be used. Note that the Power Enterprise Pools (PEP) task will not be available from the local console. CLI or remote GUI can be used to perform PEP tasks.
A vterm console window cannot be opened by the GUI on the local HMC console. You can use the mkvterm or vtmenu command on the local HMC console or use the GUI remotely to open a vterm. A fix is planned for a future PTF.
ASM for POWER5 servers will launch a blank white screen and eventually a "Connection timed out" error if PTF MH01635 is not installed prior to MH01644 or MH01659. The install order and supersedes lists have been updated to include PTF MH01635 prior to installing either MH01644 or MH01659.
HMC Save Upgrade Data failed
If you want to upgrade HMC and Saves Hardware Management Console (HMC) upgrade data failed with HSCSAVEUPGRDATA_ERROR, then check if the home directory of hscroot or other hmcsuperadmin are filled with Virtual I/O server ISO images. The filesystem (/mnt/upgrade) is used to store save upgrade data backup and it is to small to contains ISO images.
Fix: remove VIOS ISO images from HMC and relauch saveupgdata command.
Virtual HMC for November 2015
The IBM Power Systems Hardware Management Console (HMC) virtual appliance can be used to manage any of the systems that are supported by the version 8 HMC, which includes Power Systems servers with IBM POWER6, POWER7, and POWER8 processors.
The Power Systems HMC virtual appliance offers these benefits:
Provides hardware, service, and basic virtualization management for your Power Systems servers
Offers the same functionality as the traditional HMC
Runs as a virtual machine on an x86 server virtualized either by VMware ESXi or Red Hat KVM
Source: IBM
Fix for vulnerabilities in Bash “Shellshock” for HMC
Remediation/Fixes
The Following fixes are available on IBM Fix Central at http://www-933.ibm.com/support/fixcentral/
Product VRMF APAR Remediation/First Fix (PTF)
Power HMC Version 7 R7.3.0 SP6 MB03857 MH01475
Power HMC Version 7 R7.6.0 SP3 MB03852 MH01470
Power HMC Version 7 R7.7.0 SP1 MB03861 MH01479
Power HMC Version 7 R7.7.0 SP2 MB03862 MH01480
Power HMC Version 7 R7.7.0 SP4 MB03853 MH01471
Power HMC Version 7 R7.8.0 SP1 MB03854 MH01472
Power HMC Version 7 R7.9.0 SP1 MB03855 MH01473
Power HMC Version 8 R8.1.0 SP1 MB03856 MH01474
Power HMC Older V7 releases not listed above N/A Please update to supported releases listed above.
Source: Security Bulletin
No fix available now for HMC Power4 like V3.3.7
bash: dircolors: command not found
bash: which: command not found
bash: ps: command not found
hscroot@HMCP670:~> /bin/su -
Password:
HMCP670:~ #
How to debug environnement problem with padmin user on Virtual I/O Server
What is interesting is the HMC command syntax with viosvrcmd and oem_setup_env, example:
unable run oem_setup_env
rksh: oem_setup_env: not found
debug via HMC
> ls -ld /home/padmin"
drwxr-x--- 9 root system 4096 Jan 24 11:13 /home/padmin
hscroot@hmcV7:~ > viosvrcmd -m 9119-FHB -p VIOS1 -c "oem_setup_env
> chown padmin:staff /home/padmin"
login again with padmin
#
NOTE: hit return after the "oem_setup_env without ending the quotes. That will put you to the next line to run your command as root on the vios then end your quote.
Else you can also define a variable CMD like this :
hscroot@hmcV7:~ > viosvrcmd -m 9119-FHB -p VIOS1 -c "$CMD"
Thank's Jonathan and Brian
Tips for implementing NPIV on IBM Power Systems
IBM India Lab write a excelent document on configuring NPIV :
Power Systems SAN Multipath Configuration Using NPIV v1.2
Chris Gibson shares some tips for implementing NPIV in an AIX and Virtual I/O Server environment on IBM POWER7 systems.
Tips for implementing NPIV on IBM Power Systems
Thank's Chris.
Other NPIV source :
NPIV and the virtual I/O server 2008
HMC commands return error « Connection to the Command Server failed »
Problem
Defect in HMC v7r3.1 - v7r3.2 dealing with HMC log rotation scripts will eventually render HMC unusable. While problem is fixed at a later release level, you still might have to manually repair some key files or reinstall the HMC.
Symptom
Access to the V7 HMC GUI is not available (initializing) and CLI functions accessed via ssh are extremely limited, Most CLI commands return error , "Connection to the Command Server failed."
Cause
This is a known problem on that can occur if you were at HMC v7r3.1 or v7r3.2 when the file /var/hsc/log/hmclogger.log grows beyond 10MB.
Environment
HMC v7r3.1 or v7r3.2
Diagnosing the problem
Determine if the hmclogger.log file size exceeds 10MB by running command
ls -la /var/hsc/log/hmclogger.log
Determine if the cimserver.log file exists by running command
ls -la /var/hsc/log/cimserver.log
Most likely there will not be a cimserver.log file and hmclogger.log file will exceed 10MB in size.
Resolving the problem
Either reinstall the HMC and update to v7r3.3 or higher or contact IBM support to obtain a pesh password so you can manually repair key files.
Obtain a pesh password from IBM support. You must know the serial number of the HMC. Unfortunately, the command that gives you the serial#, lshmc -v, will not work as it is one of the symptoms. Hopefully you have an accurate list of serial numbers, otherwise on-site viewing of the HMC for the correct serial number will be needed so that support can give a pesh password that works. The other commands needed to become root usually work without problems.
Create an hscpe account if it does not exist (use lshmcusr to list all HMC user accounts)
$ mkhmcusr -u hscpe -a hmcpe -d "HMC PE user"
enter a password of seven characters or more.
If the hscpe user ID exist already, and you do not know the password, you may change the password as hscroot
$ chhmcusr -u hscpe -t passwd
Also, the password for the root user needs to be known as well. By default, that password is "passw0rd", but you can also change root's password as hscroot.
$ chhmcusr -u root -t passwd
Once you know the passwords for hscpe and root, and you have obtained a pesh password from IBM support, the following commands should resolve the problem.
- SSH to the HMC and login as hscpe and run following command
$ pesh
You will be prompted to enter a password after you enter the command above. Note that the serial number is seven characters long with alphabetical characters in upper case. The pesh password provided by IBM support will be eight characters long with alphabetical characters in lower case.
Once you enter the pesh password and return to the prompt, you will have access to run command "su -" so you can become root. After entering roots password perform the following.
# cat /dev/null > /var/hsc/log/hmclogger.log
Now the hmc needs to be rebooted and the normal hmcshutdown command will not work. Use reboot command as root to restart the HMC.
# reboot
This should reboot the hmc and once its back up you should have access to both the GUI web interface as well as the CLI commands when you ssh to the HMC.
This problem is resolved at 7.3.3, but if you had upgraded and the hmclogger.log file was already past the 10MB limit you may still experience this problem and have to perform this manual repair operation.
Instructions for hscroot password reset
1) Power off the HMC.
2) Power on the HMC, and as soon as the Loading grub message is displayed
quickly press the F1 key to get into grub.
The Grub menu will show one line with the text hmc.
3) On the Grub menu, select e for edit. The next GRUB screen is displayed with two lines:
root (hd0,0)
kernel (hd0,1)/boot/bzImage ro root=/dev/hda2 vga=0x317 apm=power-off
Note: The root device can vary by model: hda2 C03, C04, CR2, and hdc2 for CR3.
4) Move the cursor down to the line starting with kernel. Select e for edit.
Move the cursor to the right and append the following to the end of the string:
V5.1.0 to V6.1.1: init=/bin/bash
V6.1.2 and later: init=/bin/rcpwsh
The final string will vary slightly by version and model:
kernel (hd0,1)/boot/bzImage ro root=/dev/hda2 vga=0x317 apm=power-off init=/bin/rcpwsh
Press the Enter key to save the changes.
5) Press b to boot the changed selection.
This will boot to a bash shell: (none): /#.
6) Verify root is mounted read/write. Type the following command:
(vérifier qu'elle est la partition montée sur / avec # df )
(charger le clavier français # loadkeys fr)
mount -o remount,rw /dev/hda2 /
Note: The root device can vary by model: hda2 C03, C04; hdc2 for CR2,CR3; sda2 for CR4.
7) Reset root and hscroot passwords. Run the following commands to reset the passwords. The command will prompt the user to enter the new password and a confirmation password. Any warning concerning the password being too simplistic can be ignored.
Reset root password:
/usr/bin/passwd
Reset hscroot password:
/usr/bin/passwd hscroot
8.) Reboot the HMC (left ctl+left alt+del).
9) Log on as hscroot.
10) Immediately after logon, use the Web-based System Manager (HMC GUI) or the chhmcusr
upgrade firmware P5 standalone avec CD de diag
Mise à jour Microcode d'un serveur P5 standalone SF230 ou SF235 sans système AIX et à intégrer sur HMC V7.3.5
1. Se connecter au menu ASMI via port série (laptop + hyperterminal)
Login : admin
password : admin
System Configuration
Firmware Update Policy: Operating system
Power/Restart Control
Power On/Off System
Firmware boot side for the next boot: Temporary
2. Sur serveur AIX de test
Décompresser le Rpm :
Remarque : l’image sera toujours décompressée dans /tmp/fwupdate.
Renommer l'image en .img
Noter le résultat du checksum
3. Récupérer l'image 01SF240_382_382.img via FTP en mode binaire
4. Graver 01SF240_382_382.img sur un CDrom avec le fichier 01SF240_382_382.xml
Vérifier le checksum après la gravure sur un AIX de test
Comparer le checksum
# umount /mnt
5. Supprimmer le rpm du serveur de test AIX
# rpm -e 01SF240_382_382
6. Upgrade firmware via CD diag 53060
ftp://ftp.software.ibm.com/software/server/diags/CD53060.iso'
Mise à jour microcode avec le CD de diag
Démarrer via le menu SMS sur le CD de diag
- Task Selection
- Microcode Tasks
- Update and Manage Flush
... Insérer le CD contenant le microcode une fois demandé.
7. Avant de rattacher le P5 à la HMC positionner le firmware update policy
Se connecter au menu ASMI
Login : admin
password : admin
System Configuration
Firmware Update Policy: HMC
Power/Restart Control
Power On/Off System
Firmware boot side for the next boot: Temporary
8. Ajouter le P5 à la HMC V7 via les menus de la HMC
old HMC – Change WebSM language to en_US
Par défaut sous Windows, WebSM utilise la langue par defaut du système. Pour forcer WebSM en anglais ajouter -Duser.language=en -Duser.country=US à la commande java dans le batch C:\Program Files\websm\bin\wsm.bat