unixadmin.free.fr just another IBM blog and technotes backup

16nov/16Off

HMC V7R7.9.0 SP3 MH01659 « ssl_error_no_cypher_overlap »

On HMC V7R7.9.0 SP3, don't apply e-fix MH01659, it contains a lot of bugs.

If you really need MH01659, then apply e-fix MH01635 before. ( otherwise a ASM connetion timeout and blank page occur with IBM Power5).
=> MH01659.readme.html

Note: This package includes fixes for HMC Version 7 Release 7.9.0 Service Pack 3. You can reference this package by APAR MB04044 and PTF MH01659. This image must be installed on top of HMC Version 7 Release 7.9.0 Service Pack 3 (MH01546) with MH01635 installed.

MH01659 Impact - Known Issues :

After installing PTF MH01659 and the Welcome page loads on the local console, clicking "Log on and Launch" results in the following error:

Problem loading page
An error occurred during a connection to 127.0.0.1.

Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)

This defect also impacts the Power Enterprise Pool GUI when launched remotely. Ensure remote access is enabled and the HMC is accessible remotely for management prior to installing this PTF. A fix is planned for a future PTF.

Circumvention: From the HMC home page, Log on by clicking on the "Serviceable Events" link rather than the "Log on and launch the Hardware Management Console web application" link. The "System Status" and "Attention LEDs" links can also be used. Note that the Power Enterprise Pools (PEP) task will not be available from the local console. CLI or remote GUI can be used to perform PEP tasks.

A vterm console window cannot be opened by the GUI on the local HMC console. You can use the mkvterm or vtmenu command on the local HMC console or use the GUI remotely to open a vterm. A fix is planned for a future PTF.

ASM for POWER5 servers will launch a blank white screen and eventually a "Connection timed out" error if PTF MH01635 is not installed prior to MH01644 or MH01659. The install order and supersedes lists have been updated to include PTF MH01635 prior to installing either MH01644 or MH01659.

Remplis sous: HMC Commentaires
14déc/15Off

HMC Save Upgrade Data failed

If you want to upgrade HMC and Saves Hardware Management Console (HMC) upgrade data failed with HSCSAVEUPGRDATA_ERROR, then check if the home directory of hscroot or other hmcsuperadmin are filled with Virtual I/O server ISO images. The filesystem (/mnt/upgrade) is used to store save upgrade data backup and it is to small to contains ISO images.

Fix: remove VIOS ISO images from HMC and relauch saveupgdata command.

Remplis sous: HMC Commentaires
8oct/15

Virtual HMC for November 2015

The IBM Power Systems Hardware Management Console (HMC) virtual appliance can be used to manage any of the systems that are supported by the version 8 HMC, which includes Power Systems servers with IBM POWER6, POWER7, and POWER8 processors.

The Power Systems HMC virtual appliance offers these benefits:

Provides hardware, service, and basic virtualization management for your Power Systems servers
Offers the same functionality as the traditional HMC
Runs as a virtual machine on an x86 server virtualized either by VMware ESXi or Red Hat KVM

Source: IBM

Remplis sous: HMC Aucun commentaire
7oct/14

Fix for vulnerabilities in Bash “Shellshock” for HMC

Remediation/Fixes

The Following fixes are available on IBM Fix Central at http://www-933.ibm.com/support/fixcentral/

Product VRMF APAR Remediation/First Fix (PTF)
Power HMC Version 7 R7.3.0 SP6 MB03857 MH01475
Power HMC Version 7 R7.6.0 SP3 MB03852 MH01470
Power HMC Version 7 R7.7.0 SP1 MB03861 MH01479
Power HMC Version 7 R7.7.0 SP2 MB03862 MH01480
Power HMC Version 7 R7.7.0 SP4 MB03853 MH01471
Power HMC Version 7 R7.8.0 SP1 MB03854 MH01472
Power HMC Version 7 R7.9.0 SP1 MB03855 MH01473
Power HMC Version 8 R8.1.0 SP1 MB03856 MH01474
Power HMC Older V7 releases not listed above N/A Please update to supported releases listed above.

Source: Security Bulletin

No fix available now for HMC Power4 like V3.3.7

hscroot@HMCP670:~> export x='() { :;}; /bin/bash'; man
bash: dircolors: command not found
bash: which: command not found
bash: ps: command not found
hscroot@HMCP670:~> /bin/su -
Password:
HMCP670:~ #
Remplis sous: HMC Aucun commentaire
24jan/13

How to debug environnement problem with padmin user on Virtual I/O Server

What is interesting is the HMC command syntax with viosvrcmd and oem_setup_env, example:

unable run oem_setup_env

$ oem_setup_env
rksh: oem_setup_env:  not found

debug via HMC

hscroot@hmcV7:~ > viosvrcmd -m 9119-FHB -p VIOS1 -c "oem_setup_env
> ls -ld /home/padmin"
drwxr-x---    9 root     system         4096 Jan 24 11:13 /home/padmin

hscroot@hmcV7:~ > viosvrcmd -m 9119-FHB -p VIOS1 -c "oem_setup_env
> chown padmin:staff /home/padmin"

login again with padmin

$ oem_setup_env
#

NOTE: hit return after the "oem_setup_env without ending the quotes. That will put you to the next line to run your command as root on the vios then end your quote.

Else you can also define a variable CMD like this :

hscroot@hmcV7:~ > CMD=`printf "oem_setup_env\nchown padmin:staff /home/padmin"`
hscroot@hmcV7:~ > viosvrcmd -m 9119-FHB -p VIOS1 -c "$CMD"

Thank's Jonathan and Brian :)

20jan/12

Tips for implementing NPIV on IBM Power Systems

IBM India Lab write a excelent document on configuring NPIV :

Power Systems SAN Multipath Configuration Using NPIV v1.2

Chris Gibson shares some tips for implementing NPIV in an AIX and Virtual I/O Server environment on IBM POWER7 systems.

Tips for implementing NPIV on IBM Power Systems

au-NPIV-pdf

Thank's Chris.

Other NPIV source :
NPIV and the virtual I/O server 2008

IBM PowerVM Virtualization managing and monitoring

IBM PowerVM Virtualization Introduction and Configuration

Taggé comme: Aucun commentaire
27sept/11

HMC commands return error « Connection to the Command Server failed »

Problem

Defect in HMC v7r3.1 - v7r3.2 dealing with HMC log rotation scripts will eventually render HMC unusable. While problem is fixed at a later release level, you still might have to manually repair some key files or reinstall the HMC.

Symptom

Access to the V7 HMC GUI is not available (initializing) and CLI functions accessed via ssh are extremely limited, Most CLI commands return error , "Connection to the Command Server failed."
Cause

This is a known problem on that can occur if you were at HMC v7r3.1 or v7r3.2 when the file /var/hsc/log/hmclogger.log grows beyond 10MB.

Environment

HMC v7r3.1 or v7r3.2

Diagnosing the problem

Determine if the hmclogger.log file size exceeds 10MB by running command
ls -la /var/hsc/log/hmclogger.log

Determine if the cimserver.log file exists by running command
ls -la /var/hsc/log/cimserver.log

Most likely there will not be a cimserver.log file and hmclogger.log file will exceed 10MB in size.

Resolving the problem

Either reinstall the HMC and update to v7r3.3 or higher or contact IBM support to obtain a pesh password so you can manually repair key files.

Obtain a pesh password from IBM support. You must know the serial number of the HMC. Unfortunately, the command that gives you the serial#, lshmc -v, will not work as it is one of the symptoms. Hopefully you have an accurate list of serial numbers, otherwise on-site viewing of the HMC for the correct serial number will be needed so that support can give a pesh password that works. The other commands needed to become root usually work without problems.

Create an hscpe account if it does not exist (use lshmcusr to list all HMC user accounts)

$ mkhmcusr -u hscpe -a hmcpe -d "HMC PE user"

enter a password of seven characters or more.

If the hscpe user ID exist already, and you do not know the password, you may change the password as hscroot

$ chhmcusr -u hscpe -t passwd

Also, the password for the root user needs to be known as well. By default, that password is "passw0rd", but you can also change root's password as hscroot.

$ chhmcusr -u root -t passwd

Once you know the passwords for hscpe and root, and you have obtained a pesh password from IBM support, the following commands should resolve the problem.

- SSH to the HMC and login as hscpe and run following command

$ pesh

You will be prompted to enter a password after you enter the command above. Note that the serial number is seven characters long with alphabetical characters in upper case. The pesh password provided by IBM support will be eight characters long with alphabetical characters in lower case.

Once you enter the pesh password and return to the prompt, you will have access to run command "su -" so you can become root. After entering roots password perform the following.

# cat /dev/null > /var/hsc/log/hmclogger.log

Now the hmc needs to be rebooted and the normal hmcshutdown command will not work. Use reboot command as root to restart the HMC.

# reboot

This should reboot the hmc and once its back up you should have access to both the GUI web interface as well as the CLI commands when you ssh to the HMC.

This problem is resolved at 7.3.3, but if you had upgraded and the hmclogger.log file was already past the 10MB limit you may still experience this problem and have to perform this manual repair operation.

Remplis sous: HMC Aucun commentaire
20juin/11

Instructions for hscroot password reset

1) Power off the HMC.

2) Power on the HMC, and as soon as the Loading grub message is displayed

quickly press the F1 key to get into grub.

The Grub menu will show one line with the text hmc.

3) On the Grub menu, select e for edit. The next GRUB screen is displayed with two lines:

root (hd0,0)
kernel (hd0,1)/boot/bzImage ro root=/dev/hda2 vga=0x317 apm=power-off

Note: The root device can vary by model: hda2 C03, C04, CR2, and hdc2 for CR3.

4) Move the cursor down to the line starting with kernel. Select e for edit.

Move the cursor to the right and append the following to the end of the string:

V5.1.0 to V6.1.1: init=/bin/bash
V6.1.2 and later: init=/bin/rcpwsh

The final string will vary slightly by version and model:

kernel (hd0,1)/boot/bzImage ro root=/dev/hda2 vga=0x317 apm=power-off init=/bin/rcpwsh

Press the Enter key to save the changes.

5) Press b to boot the changed selection.

This will boot to a bash shell: (none): /#.

6) Verify root is mounted read/write. Type the following command:
(vérifier qu'elle est la partition montée sur / avec # df )
(charger le clavier français # loadkeys fr)

mount -o remount,rw /dev/hda2 /

Note: The root device can vary by model: hda2 C03, C04; hdc2 for CR2,CR3; sda2 for CR4.

7) Reset root and hscroot passwords. Run the following commands to reset the passwords. The command will prompt the user to enter the new password and a confirmation password. Any warning concerning the password being too simplistic can be ignored.

Reset root password:
/usr/bin/passwd

Reset hscroot password:
/usr/bin/passwd hscroot

8.) Reboot the HMC (left ctl+left alt+del).

9) Log on as hscroot.

10) Immediately after logon, use the Web-based System Manager (HMC GUI) or the chhmcusr

Remplis sous: HMC Aucun commentaire
10mar/11

upgrade firmware P5 standalone avec CD de diag

Mise à jour Microcode d'un serveur P5 standalone SF230 ou SF235 sans système AIX et à intégrer sur HMC V7.3.5

1. Se connecter au menu ASMI via port série (laptop + hyperterminal)
Login : admin
password : admin

System Configuration
Firmware Update Policy: Operating system

Power/Restart Control
Power On/Off System
Firmware boot side for the next boot: Temporary

2. Sur serveur AIX de test
Décompresser le Rpm :

 # rpm -Uhv --ignoreos 01SF240_382_382 .rpm

Remarque : l’image sera toujours décompressée dans /tmp/fwupdate.

Renommer l'image en .img

# mv 01SF240_382_382  01SF240_382_382.img

Noter le résultat du checksum

# sum /tmp/fwupdate/01SF240_382_382.img

3. Récupérer l'image 01SF240_382_382.img via FTP en mode binaire

4. Graver 01SF240_382_382.img sur un CDrom avec le fichier 01SF240_382_382.xml

Vérifier le checksum après la gravure sur un AIX de test

# mount -v cdrfs -oro /dev/cd0 /mnt

Comparer le checksum

# sum /mnt/01SF240_320_201.img
# umount /mnt

5. Supprimmer le rpm du serveur de test AIX

# rpm -qa | grep 382
# rpm -e 01SF240_382_382

6. Upgrade firmware via CD diag 53060
ftp://ftp.software.ibm.com/software/server/diags/CD53060.iso'

Mise à jour microcode avec le CD de diag
Démarrer via le menu SMS sur le CD de diag
- Task Selection
- Microcode Tasks
- Update and Manage Flush

... Insérer le CD contenant le microcode une fois demandé.

7. Avant de rattacher le P5 à la HMC positionner le firmware update policy

Se connecter au menu ASMI
Login : admin
password : admin

System Configuration
Firmware Update Policy: HMC

Power/Restart Control
Power On/Off System
Firmware boot side for the next boot: Temporary

8. Ajouter le P5 à la HMC V7 via les menus de la HMC

10sept/10

old HMC – Change WebSM language to en_US

Par défaut sous Windows, WebSM utilise la langue par defaut du système. Pour forcer WebSM en anglais ajouter -Duser.language=en -Duser.country=US à la commande java  dans le batch  C:\Program Files\websm\bin\wsm.bat

java -Duser.language=en -Duser.country=US -Dremote.auiml="true" -Xms%W_HEAP_MIN_SIZE% -Xmine%W_HEAP_INC_SIZE% -Xmx%W_HEAP_MAX_SIZE% -ss128k -DIDebug.enabled=%DEBUGENABLE% -DWEBSM_NO_REMOTE_CLASS_LOADING=%WNRCL%  -DWEBSM_NO_SECURITY_MANAGER=%WNSM% %WSMSSL% -Djava.security.policy=..\config\websm.policy -Dawt.appletWarning="Remote class Window"  -DWEBSM_ALL_PERMISSIONS_FOR_SECURE=true -DWSMDIR="%WSMDIR%" -Dremote.auiml="true" %JAVA_ARG_ACCESSIBLE% %JAVA_ARG_SVK% com.ibm.websm.console.WConsole
Remplis sous: HMC Aucun commentaire