Colour code is implemention to servers.
Edit /.profile file of root user with “echo ‘\033[41;97m’” =>Red background with white foreground.
Edit /.profile file of root user with “echo ‘\033[41;97m’” =>Red background with white foreground.
Monday, 17 October 2016
Scope of SSH key usage additional controls and restrictions
==================================================
Scope of SSH key usage additional controls and restrictions:
A) Additional controls in usage of SSH keys in our managed environments.
The directive has mandated that SSH key use be limited and controlled to meet all regulations and compliance.
This should also ensure approved and monitored access to shared and/or privileged userIDs.
Scan all systems.
==================================================
B) Review of existing SSH keys, removing keys which are deemed no longer necessary, labelling SSH keys (as per regulations and
compliance std) that are required to be retained and ensuring control restrictions are in-place on all keys.
Priority:
1) Internet
2) Intranet
1. Review all in-scope SSH keys
Review all SSH keys (private/public) across all in-scope servers.
a) If SSH key(s) are no longer required, remove/delete these (follow any account specific change management processes if required)
b) If SSH key(s) are required to be retained, you are required to label these and provide additional control restrictions on the key
(see steps below).
b.1) Identify ownership and label keys
Each public key must be assessed to determine ownership and labelled according to firm standards.
This label must be in the comment field of the public key, and it must be in gecos label format, starting and ending with the
characters "!!".
Example: rest-of-key...9MOT2QZw== !!Owner name and id!!
b.2) RSA - 1024-bit minimum key length is acceptable however transition to 2048-bit minimum key length is recommended. Where the
substantial extra computational burden of 2048 bits is significant or prohibitive, consider modulus sizes of 1280 or 1536.
Example: ssh-keygen -t rsa -b 1024 -f id_rsa
CASE A: Individual owned SSH keys
SSH keys owned by an individual, must have their key pair re-generated with a pass-phrase.
Individually owned SSH keys must not exist without a passphrase.
(Passphrases must have a minimum number of 5 words each of minimum length of 4 characters and are exempt from the syntax rule for mix
alphabetic and non-alphabetic characters. All other password rules are applicable.)
NOTE: Before creating new keys ensure you have determined all the endpoints where you will have to distribute the new public key and
where required follow any account specific change management processes.
CASE B: Non-individual owned SSH keys
SSH keys which are functional/system/non-individual, must have both the FROM and COMMAND options specified within the public key to
restrict/define access proprieties of the key pair.
1)Add the "from" option to the beginning of your public key entry in the authorized_keys file.
from="xxx.xxx.xxx.xxx" (where xxx.xxx.xxx.xxx is the IP address of the host you are allowing to access this server with the private
key)
2)Also add the "command" option to the beginning of your public key entry in the authorized_keys file.
command="/path of command" (this will for any access to only run the given command)
Example: from="10.10.1.10",command="/usr/bin/script" ssh-dss AZDAAAB3NzaC1kc3MAAACB/xIe.....9MOT2QZRWd== !!Owner name and id!!
CASE C: Customer owned SSH keys
SSH keys which are owned by the customer, must be labelled accordingly as customer owned.
All customer owned IDs will be consolidated and communicated through to each customer with a risk communication.
==================================================
Sunday, 11 September 2016
Mksysb collection and Validation
Simple Mksysb collection and Validation script
===============================================
#!/bin/sh
#Mksysb collection and validation
DATE=`date +"%d%m%y%H%M"`
LOG=/tmp/mksysb.${DATE}.log
/usr/bin/mksysb -i -X -e -p /backups/mksysb.`hostname -s`.$DATE >> $LOG
STD=$?
if [ `echo $STD` = 0 ]
then
cat `ls -ltr /backups/mksysb.$HOST*| sort -n -t _ -k 2 | tail -1 | awk '{print $9}'` | restore -Tvqf - > /dev/null 2>&1
if [ $? -eq 0 ]
then
echo "Valid Mksysb Image" >> $LOG
else
echo "FAILURE: Corrupted or truncated Mksysb Image" >> $LOG
exit 1
fi
else
echo "FAILURE: Mksysb command completion Failed" >> $LOG
exit 1
fi
===============================================
===============================================
#!/bin/sh
#Mksysb collection and validation
DATE=`date +"%d%m%y%H%M"`
LOG=/tmp/mksysb.${DATE}.log
/usr/bin/mksysb -i -X -e -p /backups/mksysb.`hostname -s`.$DATE >> $LOG
STD=$?
if [ `echo $STD` = 0 ]
then
cat `ls -ltr /backups/mksysb.$HOST*| sort -n -t _ -k 2 | tail -1 | awk '{print $9}'` | restore -Tvqf - > /dev/null 2>&1
if [ $? -eq 0 ]
then
echo "Valid Mksysb Image" >> $LOG
else
echo "FAILURE: Corrupted or truncated Mksysb Image" >> $LOG
exit 1
fi
else
echo "FAILURE: Mksysb command completion Failed" >> $LOG
exit 1
fi
===============================================
Wednesday, 22 June 2016
Schedule daily nmon data collection - AIX
Schedule daily nmon data collection
# vi daily_nmon.sh
#!/usr/bin/ksh
## Nmon log collection directory ##
LOGDIR=/nmon/logs
## Start NMON data collection##
cd $LOGDIR
/usr/bin/nmon -fdt -s 120 -c 720
# Daily nmon performance data gathering
0 0 * * * /nmon/daily_nmon.ksh >/dev/null 2>&1
# vi daily_nmon.sh
#!/usr/bin/ksh
## Nmon log collection directory ##
LOGDIR=/nmon/logs
## Start NMON data collection##
cd $LOGDIR
/usr/bin/nmon -fdt -s 120 -c 720
# Daily nmon performance data gathering
0 0 * * * /nmon/daily_nmon.ksh >/dev/null 2>&1
Network related AIX cmds...in draft
#ifconfig en0 192.168.1.100 netmask 255.255.255.0 alias ==> Command to set alias for an interface (Temporarily).
#ifconfig en0 192.168.1.100 netmask 255.255.255.0 delete ==>remove an alias
#chdev -l en0 -a alias4=192.168.1.100,255.255.255.0 ==> Command to set alias permanently.
#chdev -l en0 -a delalias4=192.168.1.100,255.255.255.0 ==> Command to remove alias permanently.
#chdev -l inet0 -a route=net,-netmask,255.255.255.0,-static, 10.0.0.0, 192.168.0.1 ==>Create static route
#chdev -l inet0 -a delroute=net,-netmask,255.255.255.0,-static, 10.0.0.0, 192.168.0.1 ==>Delete static route
#tcpdump -vvv host <target ip> ===>run in required server
#tcpdump -s 96 -w /tmp/tcpdump.191208 host 134.142.34.38
#iptrace -a -d 145.26.53.99(source) -s 134.142.34.37(target) -i en0 -b /tmp/iptrace1.bin===> to start trace with another node
#kill -15 <iptrace PID> ===>to stop the trace
#ipreport /tmp/iptrace1.bin > /tmp/iptrace1.rpt ===>to convert that into ipreport
#startsrc -s iptrace -a -d 145.26.53.99(source) -s 134.142.34.37(target) -i en0 -b /tmp/iptrace1.bin===> to start trace with another
node
#stopsrc -s iptrace ===>to stop the trace
#ipreport /tmp/iptrace1.bin > /tmp/iptrace1.rpt ===>to convert that into ipreport
===================
#ifconfig en0 192.168.1.100 netmask 255.255.255.0 delete ==>remove an alias
#chdev -l en0 -a alias4=192.168.1.100,255.255.255.0 ==> Command to set alias permanently.
#chdev -l en0 -a delalias4=192.168.1.100,255.255.255.0 ==> Command to remove alias permanently.
#chdev -l inet0 -a route=net,-netmask,255.255.255.0,-static, 10.0.0.0, 192.168.0.1 ==>Create static route
#chdev -l inet0 -a delroute=net,-netmask,255.255.255.0,-static, 10.0.0.0, 192.168.0.1 ==>Delete static route
#tcpdump -vvv host <target ip> ===>run in required server
#tcpdump -s 96 -w /tmp/tcpdump.191208 host 134.142.34.38
#iptrace -a -d 145.26.53.99(source) -s 134.142.34.37(target) -i en0 -b /tmp/iptrace1.bin===> to start trace with another node
#kill -15 <iptrace PID> ===>to stop the trace
#ipreport /tmp/iptrace1.bin > /tmp/iptrace1.rpt ===>to convert that into ipreport
#startsrc -s iptrace -a -d 145.26.53.99(source) -s 134.142.34.37(target) -i en0 -b /tmp/iptrace1.bin===> to start trace with another
node
#stopsrc -s iptrace ===>to stop the trace
#ipreport /tmp/iptrace1.bin > /tmp/iptrace1.rpt ===>to convert that into ipreport
===================
Perf command..Draft
#svmon -Pgt15 | perl -e 'while(<>){print if($.==2||$&&&!$s++);$.=0 if(/^-+$/)}' ==>Top paging space usage process
#(sleep 3; echo q) | /usr/bin/topas -F > /tmp/topas.out ==>Topas screen output capture
#filemon -O all -o fmon.out; sleep 10; trcstop ==>Busiest fs, lv, pv and most busy files.
#ps -Alf |grep root|awk '{sum += $10} END {print sum/1024/1024}' - Root process using memory in GB
#(sleep 3; echo q) | /usr/bin/topas -F > /tmp/topas.out ==>Topas screen output capture
#filemon -O all -o fmon.out; sleep 10; trcstop ==>Busiest fs, lv, pv and most busy files.
#ps -Alf |grep root|awk '{sum += $10} END {print sum/1024/1024}' - Root process using memory in GB
Find which PowerVM Edition feature has been ordered
Find which PowerVM Edition feature has been ordered from the
VET code listing in the Capacity on Demand Activation Code website found here:
http://www-912.ibm.com/pod/pod
Sample VET codes:
Use bits 25-28 from the VET code listed on that website.
0000 = Reset to base defaults (No PowerVM)
450F28E3D581AF7273240000 1050 0041FA (1xxx = Express)
B905E3D284DF097DCA1F0000 2C00 00418F (2c00 = Standard)
0F0DA0E9B40C5449CA1F0000 2c20 004102 (2c20 = Enterprise)
HMC Tips
HMC Tips from http://www.unixmantra.com ..I have reposted here as to benefit larger audience as I found it useful.
Thanks Ramesh for this good one.
=========================================================================================================
HMC Tips I - HMC and Managed System
1. To enable ssh in a hmc :
# chhmc -c ssh -s enable
You can disable it by replacing the word 'enable' with 'disable'
2. To enable xntp in a hmc :
# chhmc -c xntp -s enable
You can disable it by replacing the word 'enable' with 'disable'
3. To add an entry in the syslog config file :
# chhmc -c syslog -s add -a IP_Addr ( or '-h host_name' )
You can remove an entry by replacing the word 'add' with 'remove'
4. To add an entry in the ntp config file :
# chhmc -c xntp -s add -a IP_Addr ( or 'h host_name' )
You can remove an entry by replacing the word 'add' with 'remove'
5. To configure the network as a startup device :
# chhmc -c netboot -s enable
You can disable it by replacing the word 'enable' with 'disable'
6. To permit IP addresses from utilizing HMC services :
# chhmc -s ssh ( or any_service) -s add -a IP_Addr
You can remove an entry by replacing the word 'add' with 'remove'
7. To add a DNC_server or domain_suffix :
chhmc -c network -s add [-ns DNS_Server] [-ds domain_suffix ]
You can remove an entry by replacing the word 'add' with 'remove'
8. To change network settings for a specific network interface :
# chhmc -c network -s modify -i interface_name
[-a IP_Addr] [-nm network_mask] [ --lparcomm on|off]
Note: Network settings for the s10 interface cannot be changed.
9. To change other network settings :
# chhmc -c network -s modify [-h hostname] [-d network-domain-name][-g gateway]
10. To change the locale for the HMC :
# chhmc -c locale -s modify -l locale
11. To change the HMC date and time, time zone :
# chhmc -c date -s modify[ --datetime ][ --clock {local | utc} ] [ --timezone {time-zone | none} ]
=========================================================================================================
HMC Tips II - Partitions and Profiles
1. To list all machines configured in a hmc
# lssyscfg -r sys
2. To list all lpars(partitions) in a power machine
# lssyscfg -r lpar -m Managed_System
3. To activate/start an LPAR :
# chsysstate -r lpar -m Managed_System -o on -n LPAR_Name -f Profile_ name
4. To deactivate/shutdown an LPAR :
# chsysstate -r lpar -m Managed_System -o shutdown --immed -n LPAR_Name
5. To open the console of a partition :
# mkvterm -m Managed_System -p LPAR_Name
6. To close the console of a partition:
# rmvterm -m Managed_System -p LPAR_Name
7. To list the profile of a partition:
# lssyscfg -r prof -m Managed_System --filter "lpar_names=LPAR_Name,profile_names=Profile_Name"
8. To change the min/desired/maximum memory settings of a partition profile :
# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,min_mem=512,desired_mem=19456,max_mem=20480"
9. To change the min/desired/maximum processor units of a partition profile :
# chsyscfg -r prof -m Managed_System -i
"name=Profile_Name,lpar_name=LPAR_Name,min_proc_units=0.2,desired_proc_units=0.5,max_proc_units=2.0"
10. To change the min/desired/maximum virtual processor of a partition profile :
# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,min_procs=1,desired_procs=2,max_procs=6"
11. To change capped/uncapped setting in a partition profile :
# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,sharing_mode=uncap,uncap_weight=128"
Possible values for sharing_mode are cap and uncap.
Possible values for uncap_weight are from 0 to 128.
12. To change the name of a partition profile :
# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,new_name=New_Profile_Name"
13. To change the name of a partition :
# chsyscfg -r lpar -m Managed_System -i "name=LPAR_Name,new_name=New_LPAR_Name"
14. To change the default profile of a partition :
# chsyscfg -r lpar -m Managed_System -i "name=LPAR_Name,default_profile=Partition_Profile_Name"
15. To set "power off the machine after all partitions are shutdown" for a power machine :
# chsysscfg -r sys -m Managed_System -i "power_off_policy=0"
Possible values are
0 -> Power off after all partitions are shutdown
1 -> Do not power off after all partitions are shutdown
16. To rename a system profile :
# chsyscfg -r sysprof -m Managed_System -i "name=Sys_Prof_Name,new_name=New_Sys_Prof_Name"
17. To add 2 more partition profiles to a system profile :
# chsyscfg -r sysprof -m Managed_System -i "name=,"lpar_names+=partition3,partition4",
"profile_names+=profile3,profile4""
==============================================================================================================
HMC Tips III - User Management
1. To list all users in a HMC
# lshmcusr
2. To list only user names and managed resource roles for all HMC users :
# lshmcusr -F name:resourcerole
3. To create a user :
# mkhmcusr -u User_Id -a ROLE -d DESCRIPTION --passwd PASSWORD -M PASSWD_EXPIRATION_DAYS
3. To remove a user :
# rmhmcusr -u USER_NAME
4. To change an hmc user's password :
# chhmcusr -u User_Name -t passwd -v New_Password
5. To change the task role for the user "user1" to hmcoperator :
# chhmcusr -r user1 -t taskrole -v hmcoperator
Available task roles are
hmcsuperadmin, hmcoperator, hmcviewer, hmcpe, hmcservicerep or a user defined task role
6. To list all managed resource objects :
# lsaccfg -t resource
7. To list all managed resource roles :
# lsaccfg -t resourcerole
8. To create a task role using a config file :
# mkaccfg -t resourcerole -f /tmp/fil1
9. To create a task role :
# mkaccfg -t taskrole -i "name=tr1,parent=hmcsuperadmin,"resources=cec:chcod+lscod+lshwres,lpar:chssyscfg+lssyscfg+mksyscfg""
10. To change a task role :
# chaccfg -t taskrole -i "name=tr1,"resources=cec:chhwres+chsysstate,lpar:chssyscfg+chled+chhwres""
11. To remove a task role :
# rmaccfg -t taskrole -n tr1
=========================================================================================================
HMC Tips IV - Backup
1. To backup HMC data on DVD :
# bkconsdata -r dvd
2. To backup HMC data to a ftp server :
# bkconsdata -r ftp -h ftp_server_name -u ftp_username --passwd ftp_password
3. To backup HMC data to a NFS mounted file system :
# bkconsdata -r nfs -n nfs_server_name -l Nfs_mount_point
4. To list storage media devices :
# lsmediadev
5. To backup profile data for a managed system :
# bkprofdata -m Managed-System -f File_name
Profile data files are kept under /var/hsc/profiles/Managed-Machine-Serial-Number
6. To restore a managed profile data :
# rstprofdata -m Managed-System -l restore_type -f File-Name
Valid restore types are
1 - Full restore from the backup file.
2 - Merge the current profile data and backup profile data, with priority to backup.
3 - Merge the current profile data and backup profile data, with priority to current data.
4 - Initialize the profile data. All partition, partition/system profiles will be deleted.
============================================================================================
HMC Tips VII - General Terms
1. What is the maximum number of servers managed by HMC ?
> Maximum of 48 non-590-595 servers
> Maximum of 32 590/595 servers
2. What is the maximum number of LPARs supported by a HMC ?
> Maximum of 254 LPARs
3. How many HMCs can manage a server at one time ?
> You can have a maximum of 2 HMCs manage a server at one time
4. What are the different types of dynamic operations you can do with CPU, Memory and I/O Adapter on a LPAR ?
> Add
> Remove
> Move
5. How do we connect the HMC to power machines ?
For Power-4 machines, we connect the hmc using serial cables.
But for Power-5 machines, HMC connects to service processors via SSL-encrypted Ethernet, replacing the serial cables.
6. Do we have firewall configured in HMC ?
Yes. Each network card has an integrated firewall.
7. Do we need to configure DHCP in HMC ?
HMC may be a DHCP server for entry and mid-range servers.
But for high-end servers like P595, HMC must be a DHCP server
8. can we have the same HMC to manage P4 and P5 machines ?
POWER5 HMCs cannot manage POWER4 servers, and vice versa.
9. Can we have the existing P4 HMCs upgraded to support P5 machines ?
Yes. We can. This involves a complete overwirte of the disk and the loss of all previous configuration including user profiles.
10. What to do incase of disk failure in HMC ?
We can restore the HMC using recovery CD.
Then restore the latest Critical consule data backup which will restore the profiles, user ids, passwords, etc..
11. What is the default user id and password for the HMC ?
When the HMC is powered on the first time, login as hscroot and password can be taken from vendor.
12. Can we manage a power machine without a HMC ?
Yes. We can run a server in manufacturing default mode, will all resources but no logical partitionings, CoD or Service Focal
point,etc..For entry level server, we can use the Integrated Virtualization Manager.
13. What is the network critetia for dual HMC connection ?
Dual HMCs require two different private networks.
14. What is the default service processor IP address in Power-5 Machines ?
Eth0 - HMC1 - 192.168.2.147 / 255.255.255.0
Eth1 - HMC2 - 192.168.3.147 / 255.255.255.0
15. What is the default user id and password for accessing service processor ?
User id - admin
Password - Take this from vendor
16. Do we need a HMC for p5 model servers ?
One HMC is mandatory for 590, 595 or 575.
Dual HMC are recommended.
17. Do we need private network for HMc connectivity for p5-595 ?
One private network is mandatory for p5 590,595 or 575.
18. Can we have IVM support multiple servers ?
One IVM allowed per server and it only manages partitions on one server.
19. What does FSP (Flexible Service Processor) has ?
FSP has
a. Operating System
b. UserIds / Passwords
c. Filesystem
d. Networking
e. Firewall
f. Webserver
g. ASMI
h. Firmware
20. What to do if you forgot the admin password for FSP ?
If you do not know the admin password, place a hardware call to get 'celogin'
21. What to do if you forgot the HMC hostname/ipaddress for a long running LPAR ?
You can always get the HMC IPaddress from a LPAR if we have performed "handshake" with the HMC.
Issue the below command to get the HMC IPAddress
# lsrsrc IBM.ManagementServer
Resource Persistent Attributes for IBM.ManagementServer
resource 1:
Name = "169.121.54.48"
Hostname = "169.121.54.48"
ManagerType = "HMC"
LocalHostname = "169.121.54.59"
ClusterTM = "9078-160"
ClusterSNum = ""
ActivePeerDomain = ""
NodeNameList = {"SAP-PRodServer"}
22. One HMC should be within 8metres of Managed Server (Recommended configuration)
23. Each FSP Ethernet port should be connected to only one HMC
============================================================================================
Thanks Ramesh for this good one.
=========================================================================================================
HMC Tips I - HMC and Managed System
1. To enable ssh in a hmc :
# chhmc -c ssh -s enable
You can disable it by replacing the word 'enable' with 'disable'
2. To enable xntp in a hmc :
# chhmc -c xntp -s enable
You can disable it by replacing the word 'enable' with 'disable'
3. To add an entry in the syslog config file :
# chhmc -c syslog -s add -a IP_Addr ( or '-h host_name' )
You can remove an entry by replacing the word 'add' with 'remove'
4. To add an entry in the ntp config file :
# chhmc -c xntp -s add -a IP_Addr ( or 'h host_name' )
You can remove an entry by replacing the word 'add' with 'remove'
5. To configure the network as a startup device :
# chhmc -c netboot -s enable
You can disable it by replacing the word 'enable' with 'disable'
6. To permit IP addresses from utilizing HMC services :
# chhmc -s ssh ( or any_service) -s add -a IP_Addr
You can remove an entry by replacing the word 'add' with 'remove'
7. To add a DNC_server or domain_suffix :
chhmc -c network -s add [-ns DNS_Server] [-ds domain_suffix ]
You can remove an entry by replacing the word 'add' with 'remove'
8. To change network settings for a specific network interface :
# chhmc -c network -s modify -i interface_name
[-a IP_Addr] [-nm network_mask] [ --lparcomm on|off]
Note: Network settings for the s10 interface cannot be changed.
9. To change other network settings :
# chhmc -c network -s modify [-h hostname] [-d network-domain-name][-g gateway]
10. To change the locale for the HMC :
# chhmc -c locale -s modify -l locale
11. To change the HMC date and time, time zone :
# chhmc -c date -s modify[ --datetime ][ --clock {local | utc} ] [ --timezone {time-zone | none} ]
=========================================================================================================
HMC Tips II - Partitions and Profiles
1. To list all machines configured in a hmc
# lssyscfg -r sys
2. To list all lpars(partitions) in a power machine
# lssyscfg -r lpar -m Managed_System
3. To activate/start an LPAR :
# chsysstate -r lpar -m Managed_System -o on -n LPAR_Name -f Profile_ name
4. To deactivate/shutdown an LPAR :
# chsysstate -r lpar -m Managed_System -o shutdown --immed -n LPAR_Name
5. To open the console of a partition :
# mkvterm -m Managed_System -p LPAR_Name
6. To close the console of a partition:
# rmvterm -m Managed_System -p LPAR_Name
7. To list the profile of a partition:
# lssyscfg -r prof -m Managed_System --filter "lpar_names=LPAR_Name,profile_names=Profile_Name"
8. To change the min/desired/maximum memory settings of a partition profile :
# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,min_mem=512,desired_mem=19456,max_mem=20480"
9. To change the min/desired/maximum processor units of a partition profile :
# chsyscfg -r prof -m Managed_System -i
"name=Profile_Name,lpar_name=LPAR_Name,min_proc_units=0.2,desired_proc_units=0.5,max_proc_units=2.0"
10. To change the min/desired/maximum virtual processor of a partition profile :
# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,min_procs=1,desired_procs=2,max_procs=6"
11. To change capped/uncapped setting in a partition profile :
# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,sharing_mode=uncap,uncap_weight=128"
Possible values for sharing_mode are cap and uncap.
Possible values for uncap_weight are from 0 to 128.
12. To change the name of a partition profile :
# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,new_name=New_Profile_Name"
13. To change the name of a partition :
# chsyscfg -r lpar -m Managed_System -i "name=LPAR_Name,new_name=New_LPAR_Name"
14. To change the default profile of a partition :
# chsyscfg -r lpar -m Managed_System -i "name=LPAR_Name,default_profile=Partition_Profile_Name"
15. To set "power off the machine after all partitions are shutdown" for a power machine :
# chsysscfg -r sys -m Managed_System -i "power_off_policy=0"
Possible values are
0 -> Power off after all partitions are shutdown
1 -> Do not power off after all partitions are shutdown
16. To rename a system profile :
# chsyscfg -r sysprof -m Managed_System -i "name=Sys_Prof_Name,new_name=New_Sys_Prof_Name"
17. To add 2 more partition profiles to a system profile :
# chsyscfg -r sysprof -m Managed_System -i "name=,"lpar_names+=partition3,partition4",
"profile_names+=profile3,profile4""
==============================================================================================================
HMC Tips III - User Management
1. To list all users in a HMC
# lshmcusr
2. To list only user names and managed resource roles for all HMC users :
# lshmcusr -F name:resourcerole
3. To create a user :
# mkhmcusr -u User_Id -a ROLE -d DESCRIPTION --passwd PASSWORD -M PASSWD_EXPIRATION_DAYS
3. To remove a user :
# rmhmcusr -u USER_NAME
4. To change an hmc user's password :
# chhmcusr -u User_Name -t passwd -v New_Password
5. To change the task role for the user "user1" to hmcoperator :
# chhmcusr -r user1 -t taskrole -v hmcoperator
Available task roles are
hmcsuperadmin, hmcoperator, hmcviewer, hmcpe, hmcservicerep or a user defined task role
6. To list all managed resource objects :
# lsaccfg -t resource
7. To list all managed resource roles :
# lsaccfg -t resourcerole
8. To create a task role using a config file :
# mkaccfg -t resourcerole -f /tmp/fil1
9. To create a task role :
# mkaccfg -t taskrole -i "name=tr1,parent=hmcsuperadmin,"resources=cec:chcod+lscod+lshwres,lpar:chssyscfg+lssyscfg+mksyscfg""
10. To change a task role :
# chaccfg -t taskrole -i "name=tr1,"resources=cec:chhwres+chsysstate,lpar:chssyscfg+chled+chhwres""
11. To remove a task role :
# rmaccfg -t taskrole -n tr1
=========================================================================================================
HMC Tips IV - Backup
1. To backup HMC data on DVD :
# bkconsdata -r dvd
2. To backup HMC data to a ftp server :
# bkconsdata -r ftp -h ftp_server_name -u ftp_username --passwd ftp_password
3. To backup HMC data to a NFS mounted file system :
# bkconsdata -r nfs -n nfs_server_name -l Nfs_mount_point
4. To list storage media devices :
# lsmediadev
5. To backup profile data for a managed system :
# bkprofdata -m Managed-System -f File_name
Profile data files are kept under /var/hsc/profiles/Managed-Machine-Serial-Number
6. To restore a managed profile data :
# rstprofdata -m Managed-System -l restore_type -f File-Name
Valid restore types are
1 - Full restore from the backup file.
2 - Merge the current profile data and backup profile data, with priority to backup.
3 - Merge the current profile data and backup profile data, with priority to current data.
4 - Initialize the profile data. All partition, partition/system profiles will be deleted.
============================================================================================
HMC Tips VII - General Terms
1. What is the maximum number of servers managed by HMC ?
> Maximum of 48 non-590-595 servers
> Maximum of 32 590/595 servers
2. What is the maximum number of LPARs supported by a HMC ?
> Maximum of 254 LPARs
3. How many HMCs can manage a server at one time ?
> You can have a maximum of 2 HMCs manage a server at one time
4. What are the different types of dynamic operations you can do with CPU, Memory and I/O Adapter on a LPAR ?
> Add
> Remove
> Move
5. How do we connect the HMC to power machines ?
For Power-4 machines, we connect the hmc using serial cables.
But for Power-5 machines, HMC connects to service processors via SSL-encrypted Ethernet, replacing the serial cables.
6. Do we have firewall configured in HMC ?
Yes. Each network card has an integrated firewall.
7. Do we need to configure DHCP in HMC ?
HMC may be a DHCP server for entry and mid-range servers.
But for high-end servers like P595, HMC must be a DHCP server
8. can we have the same HMC to manage P4 and P5 machines ?
POWER5 HMCs cannot manage POWER4 servers, and vice versa.
9. Can we have the existing P4 HMCs upgraded to support P5 machines ?
Yes. We can. This involves a complete overwirte of the disk and the loss of all previous configuration including user profiles.
10. What to do incase of disk failure in HMC ?
We can restore the HMC using recovery CD.
Then restore the latest Critical consule data backup which will restore the profiles, user ids, passwords, etc..
11. What is the default user id and password for the HMC ?
When the HMC is powered on the first time, login as hscroot and password can be taken from vendor.
12. Can we manage a power machine without a HMC ?
Yes. We can run a server in manufacturing default mode, will all resources but no logical partitionings, CoD or Service Focal
point,etc..For entry level server, we can use the Integrated Virtualization Manager.
13. What is the network critetia for dual HMC connection ?
Dual HMCs require two different private networks.
14. What is the default service processor IP address in Power-5 Machines ?
Eth0 - HMC1 - 192.168.2.147 / 255.255.255.0
Eth1 - HMC2 - 192.168.3.147 / 255.255.255.0
15. What is the default user id and password for accessing service processor ?
User id - admin
Password - Take this from vendor
16. Do we need a HMC for p5 model servers ?
One HMC is mandatory for 590, 595 or 575.
Dual HMC are recommended.
17. Do we need private network for HMc connectivity for p5-595 ?
One private network is mandatory for p5 590,595 or 575.
18. Can we have IVM support multiple servers ?
One IVM allowed per server and it only manages partitions on one server.
19. What does FSP (Flexible Service Processor) has ?
FSP has
a. Operating System
b. UserIds / Passwords
c. Filesystem
d. Networking
e. Firewall
f. Webserver
g. ASMI
h. Firmware
20. What to do if you forgot the admin password for FSP ?
If you do not know the admin password, place a hardware call to get 'celogin'
21. What to do if you forgot the HMC hostname/ipaddress for a long running LPAR ?
You can always get the HMC IPaddress from a LPAR if we have performed "handshake" with the HMC.
Issue the below command to get the HMC IPAddress
# lsrsrc IBM.ManagementServer
Resource Persistent Attributes for IBM.ManagementServer
resource 1:
Name = "169.121.54.48"
Hostname = "169.121.54.48"
ManagerType = "HMC"
LocalHostname = "169.121.54.59"
ClusterTM = "9078-160"
ClusterSNum = ""
ActivePeerDomain = ""
NodeNameList = {"SAP-PRodServer"}
22. One HMC should be within 8metres of Managed Server (Recommended configuration)
23. Each FSP Ethernet port should be connected to only one HMC
============================================================================================
HMC Administrative Commands
1>Find the managed system to an LPAR with a query
hscroot@hmc> for m in $(lssyscfg -r sys -F name)
do echo $m
lssyscfg -r lpar -m $m -F name:state
done
2>To check OS versions all lpars from HMC
hscroot@hmc> for m in $(lssyscfg -r sys -F name);
do echo $m
lssyscfg -r lpar -m $m -F lpar_id:name:os_version | sort -n
echo "#############################################################################"
done
3>LPAR profile creation
hscroot@hmc> mksyscfg -r lpar -m psystem -i
"name=aixserver01,profile_name=default,lpar_env=aixlinux,min_mem=256,desired_mem=512,max_mem=1024,proc_mode=shared,min_procs=1,desired
_procs=1,max_procs=1,min_proc_units=0.1,desired_proc_units=0.2,max_proc_units=0.5,sharing_mode=uncap,uncap_weight=128,boot_mode=norm,m
ax_virtual_slots=10,virtual_eth_adapters=3/1/1///1,virtual_scsi_adapters=4/client/1/aixservervio1/20/1,resource_config=1"
4>To check virtual SCSI adapter mapping to client from HMC
hscroot@hmc> lshwres -m <pserver> -r virtualio --rsubtype scsi
5>To check virtual switch of VIO(managed server )from HMC
hscroot@hmc> lshwres -m <pframe> -r virtualio --rsubtype vswitch
vswitch=ETHERNET0(Default),vlan_ids=1
6>To check Shared processor pools
hscroot@hmc> lshwres -m <pframe> -r procpool
7>To display lpar profiles properties of a lpar from managed server
hscroot@hmc> lshwres -r proc -m <pframe> --level lpar --filter lpar_names=lparname
lpar_name=lparname,lpar_id=12,curr_shared_proc_pool_id=0,curr_proc_mode=shared,curr_min_proc_units=0.2,curr_proc_units=3.0,curr_max_pr
oc_units=16.0,
curr_min_procs=2,curr_procs=6,curr_max_procs=32,curr_sharing_mode=uncap,curr_uncap_weight=128,pend_shared_proc_pool_id=0,pend_proc_mod
e=shared,
pend_min_proc_units=0.2,pend_proc_units=3.0,pend_max_proc_units=16.0,pend_min_procs=2,pend_procs=6,pend_max_procs=32,pend_sharing_mode
=uncap,
pend_uncap_weight=128,run_proc_units=3.0,run_procs=6,run_uncap_weight=128
8>Display all slots configuration from hmc – identifies the type of adapter in each slot
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys
do
lshwres -r io --rsubtype slot -F unit_phys_loc:phys_loc:lpar_name:description --header -m $mngsys | sed "s/^/$mngsys:/"
done
FRAMENAME:unit_phys_loc:phys_loc:lpar_name:description
9>CPU assignment by LPAR’s within HMC
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys; do lshwres -r proc --level lpar -F
lpar_name:curr_min_procs:curr_procs:curr_max_procs:pend_min_procs:pend_procs:pend_max_procs:run_procs --header -m $mngsys | sed "s/^/
$mngsys:/"; done
FRAMENAME:lpar_name:curr_min_procs:curr_procs:curr_max_procs:pend_min_procs:pend_procs:pend_max_procs:run_procs
FRAMENAME:LPAR:1:2:4:1:2:4:2
10>Memory assignment by LPARs within HMC
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys; do lshwres -r mem --level lpar -F
lpar_name:curr_min_mem:curr_mem:curr_max_mem:pend_min_mem:pend_mem:pend_max_mem:run_min_mem:run_mem --header -m $mngsys | sed "s/^/
$mngsys:/"; done
FRAMENAME:lpar_name:curr_min_mem:curr_mem:curr_max_mem:pend_min_mem:pend_mem:pend_max_mem:run_min_mem:run_mem
FRAMENAME:LPAR:10240:15616:36864:10240:15616:36864:10240:15616
11>Total CPU configuration on managed P5 systems
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys; do lshwres -r proc --level sys -F
configurable_sys_proc_units:curr_avail_sys_proc_units:pend_avail_sys_proc_units:installed_sys_proc_units:deconfig_sys_proc_units:min_p
roc_units_per_virtual_proc:max_virtual_procs_per_lpar --header -m $mngsys | sed "s/^/$mngsys:/"; done
FRAMENAME:configurable_sys_proc_units:curr_avail_sys_proc_units:pend_avail_sys_proc_units:installed_sys_proc_units:deconfig_sys_proc_u
nits:min_proc_units_per_virtual_proc:max_virtual_procs_per_lpar
FRAMENAME:3.0:0.0:0.0:4.0:0:0.1:256
12>Total memory configuration on managed P5 systems
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys; do lshwres -r mem --level sys -F
configurable_sys_mem:curr_avail_sys_mem:pend_avail_sys_mem:installed_sys_mem:deconfig_sys_mem:sys_firmware_mem:mem_region_size --
header -m $mngsys | sed "s/^/$mngsys:/"; done
FRAMENAME:configurable_sys_mem:curr_avail_sys_mem:pend_avail_sys_mem:installed_sys_mem:deconfig_sys_mem:sys_firmware_mem:mem_region_si
ze
FRAMENAME:36864:0:0:40960:0:2048:256
13>Display a managed systems firmware level from hmc
hscroot@hmc> lslic -m <pframe>
lic_type=Managed System,management_status=Enabled,disabled_reason=,activated_level=63,installed_level=63,accepted_level=63,
ecnumber=01EL350,mtms=8204-E8A*SERIALNO,deferred_level=None,platform_ipl_level=63,curr_level_primary=63,curr_ecnumber_primary=01EL350,
curr_power_on_side_primary=temp,pend_power_on_side_primary=temp,temp_level_primary=63,temp_ecnumber_primary=01EL350,perm_level_primary
=63,
perm_ecnumber_primary=01EL350,update_control_primary=HMC
14>List partition migration information for all partitions(lpars) in the managed system
hscroot@hmc> lslparmigr -r lpar -m <pframe>
name=LPAR1,lpar_id=1,migration_state=Not Migrating
name=LPAR2,lpar_id=2,migration_state=Not Migrating
15>List all of the storage media devices that are available for use on the HMC
hscroot@hmc> lsmediadev
device=/dev/cdrom,mount_point=/media/cdrom,type=1,description=CD/DVD
device=/dev/sda,type=6,description=internal hard disk drive
13>List service processor of managed system
hscroot@hmc> lsfru -t sp -m <pframe>
loc_code=U789D.001.XXXXXXX-P1-C11,sp=primary,state=Operational
14>Display which HMC owns the lock on the managed frame myFrame
hscroot@hmc> lslock -e <pframe>
15>List all of the tasks that users logged onto the HMC Web user interface are running:
hscroot@hmc> lslogon -r webui -t
16>List all of the users remotely logged onto the HMC via SSH
hscroot@hmc> lslogon -r ssh –u
17>Terminate all of the HMC Web user interface tasks that the user associated with session 4 is running, and log off the user
hscroot@hmc> termtask -r webui -s 4 -t all
18>Terminate the task with process ID 11644 that the user remotely logged into the HMC via the SSH session pts/5 is running:
hscroot@hmc> termtask -r ssh -s pts/5 -t 11644
19>list HMC file system information
hscroot@hmc> lshmcfs
filesystem=/var,filesystem_size=5898,filesystem_avail=2825,temp_files_start_time=03/15/2010 02:26:00,temp_files_size=2008
filesystem=/dump,filesystem_size=7867,filesystem_avail=7299,temp_files_start_time=09/04/2010 17:30:00,temp_files_size=16
filesystem=/,filesystem_size=15743,filesystem_avail=7917,temp_files_start_time=none,temp_files_size=0
The temporary files in the /var file system include HMC trace and log files.
The temporary files in the /dump file system include managed system dumps and debug data collected using the HMC pedbg command.
The temporary files in the / file system include HMC Java core dump and heap dump files.
20>List system plans of managed systems
hscroot@hmc> lssysplan
name=VIO1.sysplan,description=System plan created from FRAMENAME,source=HMC V7R3.3.0.0,version=HMC 1.4,date=06/11/2008 21:34:27
21>CPU addition to lpar by DPLAR
chhwres -r proc -m <pframe> -p lpar01 -o a --procunits 2.0 ->to add +2 entitled capacity
chhwres -r proc -m <pframe> -p lpar01 -o a --procs 2 ->to add +2 virtual CPU's
22>Display CPU of lpar from hmc
lshwres -r proc -m <pframe> --level lpar --filter lpar_names=lpar01 -F run_procs --header --> To display VCPU
lshwres -r proc -m <pframe> --level lpar --filter lpar_names=lpar01 -F run_proc_units --header --> to display EC
23>viosvrcmd - Issue virtual I/O server command from HMC
hscroot@hmc> viosvrcmd -m <pframe> -p "VIO Server" -c "ioslevel"
1.5.2.1-FP-11.1
========================================================
hscroot@hmc> for m in $(lssyscfg -r sys -F name)
do echo $m
lssyscfg -r lpar -m $m -F name:state
done
2>To check OS versions all lpars from HMC
hscroot@hmc> for m in $(lssyscfg -r sys -F name);
do echo $m
lssyscfg -r lpar -m $m -F lpar_id:name:os_version | sort -n
echo "#############################################################################"
done
3>LPAR profile creation
hscroot@hmc> mksyscfg -r lpar -m psystem -i
"name=aixserver01,profile_name=default,lpar_env=aixlinux,min_mem=256,desired_mem=512,max_mem=1024,proc_mode=shared,min_procs=1,desired
_procs=1,max_procs=1,min_proc_units=0.1,desired_proc_units=0.2,max_proc_units=0.5,sharing_mode=uncap,uncap_weight=128,boot_mode=norm,m
ax_virtual_slots=10,virtual_eth_adapters=3/1/1///1,virtual_scsi_adapters=4/client/1/aixservervio1/20/1,resource_config=1"
4>To check virtual SCSI adapter mapping to client from HMC
hscroot@hmc> lshwres -m <pserver> -r virtualio --rsubtype scsi
5>To check virtual switch of VIO(managed server )from HMC
hscroot@hmc> lshwres -m <pframe> -r virtualio --rsubtype vswitch
vswitch=ETHERNET0(Default),vlan_ids=1
6>To check Shared processor pools
hscroot@hmc> lshwres -m <pframe> -r procpool
7>To display lpar profiles properties of a lpar from managed server
hscroot@hmc> lshwres -r proc -m <pframe> --level lpar --filter lpar_names=lparname
lpar_name=lparname,lpar_id=12,curr_shared_proc_pool_id=0,curr_proc_mode=shared,curr_min_proc_units=0.2,curr_proc_units=3.0,curr_max_pr
oc_units=16.0,
curr_min_procs=2,curr_procs=6,curr_max_procs=32,curr_sharing_mode=uncap,curr_uncap_weight=128,pend_shared_proc_pool_id=0,pend_proc_mod
e=shared,
pend_min_proc_units=0.2,pend_proc_units=3.0,pend_max_proc_units=16.0,pend_min_procs=2,pend_procs=6,pend_max_procs=32,pend_sharing_mode
=uncap,
pend_uncap_weight=128,run_proc_units=3.0,run_procs=6,run_uncap_weight=128
8>Display all slots configuration from hmc – identifies the type of adapter in each slot
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys
do
lshwres -r io --rsubtype slot -F unit_phys_loc:phys_loc:lpar_name:description --header -m $mngsys | sed "s/^/$mngsys:/"
done
FRAMENAME:unit_phys_loc:phys_loc:lpar_name:description
9>CPU assignment by LPAR’s within HMC
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys; do lshwres -r proc --level lpar -F
lpar_name:curr_min_procs:curr_procs:curr_max_procs:pend_min_procs:pend_procs:pend_max_procs:run_procs --header -m $mngsys | sed "s/^/
$mngsys:/"; done
FRAMENAME:lpar_name:curr_min_procs:curr_procs:curr_max_procs:pend_min_procs:pend_procs:pend_max_procs:run_procs
FRAMENAME:LPAR:1:2:4:1:2:4:2
10>Memory assignment by LPARs within HMC
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys; do lshwres -r mem --level lpar -F
lpar_name:curr_min_mem:curr_mem:curr_max_mem:pend_min_mem:pend_mem:pend_max_mem:run_min_mem:run_mem --header -m $mngsys | sed "s/^/
$mngsys:/"; done
FRAMENAME:lpar_name:curr_min_mem:curr_mem:curr_max_mem:pend_min_mem:pend_mem:pend_max_mem:run_min_mem:run_mem
FRAMENAME:LPAR:10240:15616:36864:10240:15616:36864:10240:15616
11>Total CPU configuration on managed P5 systems
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys; do lshwres -r proc --level sys -F
configurable_sys_proc_units:curr_avail_sys_proc_units:pend_avail_sys_proc_units:installed_sys_proc_units:deconfig_sys_proc_units:min_p
roc_units_per_virtual_proc:max_virtual_procs_per_lpar --header -m $mngsys | sed "s/^/$mngsys:/"; done
FRAMENAME:configurable_sys_proc_units:curr_avail_sys_proc_units:pend_avail_sys_proc_units:installed_sys_proc_units:deconfig_sys_proc_u
nits:min_proc_units_per_virtual_proc:max_virtual_procs_per_lpar
FRAMENAME:3.0:0.0:0.0:4.0:0:0.1:256
12>Total memory configuration on managed P5 systems
hscroot@hmc> lssyscfg -r sys -F name | while read mngsys; do lshwres -r mem --level sys -F
configurable_sys_mem:curr_avail_sys_mem:pend_avail_sys_mem:installed_sys_mem:deconfig_sys_mem:sys_firmware_mem:mem_region_size --
header -m $mngsys | sed "s/^/$mngsys:/"; done
FRAMENAME:configurable_sys_mem:curr_avail_sys_mem:pend_avail_sys_mem:installed_sys_mem:deconfig_sys_mem:sys_firmware_mem:mem_region_si
ze
FRAMENAME:36864:0:0:40960:0:2048:256
13>Display a managed systems firmware level from hmc
hscroot@hmc> lslic -m <pframe>
lic_type=Managed System,management_status=Enabled,disabled_reason=,activated_level=63,installed_level=63,accepted_level=63,
ecnumber=01EL350,mtms=8204-E8A*SERIALNO,deferred_level=None,platform_ipl_level=63,curr_level_primary=63,curr_ecnumber_primary=01EL350,
curr_power_on_side_primary=temp,pend_power_on_side_primary=temp,temp_level_primary=63,temp_ecnumber_primary=01EL350,perm_level_primary
=63,
perm_ecnumber_primary=01EL350,update_control_primary=HMC
14>List partition migration information for all partitions(lpars) in the managed system
hscroot@hmc> lslparmigr -r lpar -m <pframe>
name=LPAR1,lpar_id=1,migration_state=Not Migrating
name=LPAR2,lpar_id=2,migration_state=Not Migrating
15>List all of the storage media devices that are available for use on the HMC
hscroot@hmc> lsmediadev
device=/dev/cdrom,mount_point=/media/cdrom,type=1,description=CD/DVD
device=/dev/sda,type=6,description=internal hard disk drive
13>List service processor of managed system
hscroot@hmc> lsfru -t sp -m <pframe>
loc_code=U789D.001.XXXXXXX-P1-C11,sp=primary,state=Operational
14>Display which HMC owns the lock on the managed frame myFrame
hscroot@hmc> lslock -e <pframe>
15>List all of the tasks that users logged onto the HMC Web user interface are running:
hscroot@hmc> lslogon -r webui -t
16>List all of the users remotely logged onto the HMC via SSH
hscroot@hmc> lslogon -r ssh –u
17>Terminate all of the HMC Web user interface tasks that the user associated with session 4 is running, and log off the user
hscroot@hmc> termtask -r webui -s 4 -t all
18>Terminate the task with process ID 11644 that the user remotely logged into the HMC via the SSH session pts/5 is running:
hscroot@hmc> termtask -r ssh -s pts/5 -t 11644
19>list HMC file system information
hscroot@hmc> lshmcfs
filesystem=/var,filesystem_size=5898,filesystem_avail=2825,temp_files_start_time=03/15/2010 02:26:00,temp_files_size=2008
filesystem=/dump,filesystem_size=7867,filesystem_avail=7299,temp_files_start_time=09/04/2010 17:30:00,temp_files_size=16
filesystem=/,filesystem_size=15743,filesystem_avail=7917,temp_files_start_time=none,temp_files_size=0
The temporary files in the /var file system include HMC trace and log files.
The temporary files in the /dump file system include managed system dumps and debug data collected using the HMC pedbg command.
The temporary files in the / file system include HMC Java core dump and heap dump files.
20>List system plans of managed systems
hscroot@hmc> lssysplan
name=VIO1.sysplan,description=System plan created from FRAMENAME,source=HMC V7R3.3.0.0,version=HMC 1.4,date=06/11/2008 21:34:27
21>CPU addition to lpar by DPLAR
chhwres -r proc -m <pframe> -p lpar01 -o a --procunits 2.0 ->to add +2 entitled capacity
chhwres -r proc -m <pframe> -p lpar01 -o a --procs 2 ->to add +2 virtual CPU's
22>Display CPU of lpar from hmc
lshwres -r proc -m <pframe> --level lpar --filter lpar_names=lpar01 -F run_procs --header --> To display VCPU
lshwres -r proc -m <pframe> --level lpar --filter lpar_names=lpar01 -F run_proc_units --header --> to display EC
23>viosvrcmd - Issue virtual I/O server command from HMC
hscroot@hmc> viosvrcmd -m <pframe> -p "VIO Server" -c "ioslevel"
1.5.2.1-FP-11.1
========================================================
HMC Upgrade and Frame microcodes upgrades from HMC commanline
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1) updhmc - update code on the Hardware Management Console
This command performs the equivalent of the Install Corrective Service task under Licensed Internal Code Maintenance/HMC Code Update on the console.
A>The following command performs an update using a server and a viewable password.
#updhmc -t s -h hostname -u user1 -p password -f /tmp/Update1.zip
B>The following command performs an update using a server and a password prompt.
#updhmc -t s -h hostname -u user1 -i-f /tmp/Update1.zip
C>Updating the code on multiple HMCs using the remote command line
for i in 1 2 3 4 5 6 7
do
scp hmc_update.zip hscroot@hmc$i:/home/hscroot
done
for i in 1 2 3 4 5 6 7
do
ssh hscroot@hmc$i “updhmc –t l –f /home/hscroot/hmc_update.zip –c –r"
done
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) updlic - update Licensed Internal Code (LIC) of managed system
==============================================================
1) updhmc - update code on the Hardware Management Console
This command performs the equivalent of the Install Corrective Service task under Licensed Internal Code Maintenance/HMC Code Update on the console.
A>The following command performs an update using a server and a viewable password.
#updhmc -t s -h hostname -u user1 -p password -f /tmp/Update1.zip
B>The following command performs an update using a server and a password prompt.
#updhmc -t s -h hostname -u user1 -i-f /tmp/Update1.zip
C>Updating the code on multiple HMCs using the remote command line
for i in 1 2 3 4 5 6 7
do
scp hmc_update.zip hscroot@hmc$i:/home/hscroot
done
for i in 1 2 3 4 5 6 7
do
ssh hscroot@hmc$i “updhmc –t l –f /home/hscroot/hmc_update.zip –c –r"
done
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) updlic - update Licensed Internal Code (LIC) of managed system
==============================================================
HMC Troubleshooting Utilities
1) pesh - provides PE Shell access
pesh provides full shell access to Product Engineer/Support Personnel. pesh takes the serial number of the machine where full shell access is
requested, then prompts the user for a 1 day password obtained from the support organization. If the password is valid, the user will be granted
full shell access. Only user hscpe can access this command (pesh <serial number of machine>)
#hscpe@localhost:~>pesh 23FGYWF
You will be prompted for a password:
2) pedbg - Product Engineering debug tools
pedbg provides debug tools for Product Engineer/Support Personnel. This command requires PE authority to run, i.e, only hscpe user can access this command.
=============================================================
pesh provides full shell access to Product Engineer/Support Personnel. pesh takes the serial number of the machine where full shell access is
requested, then prompts the user for a 1 day password obtained from the support organization. If the password is valid, the user will be granted
full shell access. Only user hscpe can access this command (pesh <serial number of machine>)
#hscpe@localhost:~>pesh 23FGYWF
You will be prompted for a password:
2) pedbg - Product Engineering debug tools
pedbg provides debug tools for Product Engineer/Support Personnel. This command requires PE authority to run, i.e, only hscpe user can access this command.
=============================================================
Monitoring HMC Resources
========================================================================
1) hscroot@localhost:~> monhmc -r disk
Every 4.0s: MONHmc disk Thu Dec 23 03:31:59 2010
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 16121184 7194232 8108040 48% /
udev 517280 220 517060 1% /dev
/dev/sda3 6040320 2820516 2912964 50% /var
/dev/sda7 8056524 172560 7474712 3% /dump
/dev/sda8 38669964 203056 36502564 1% /extra
2) hscroot@localhost:~> monhmc -s hmcsvr
Every 4.0s: MONHmc hmcsvr Thu Dec 23 03:32:49 2010
Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6593 root 16 0 19424 4036 2784 S 0 0.4 171:01.84 /opt/hsc/hdwr_svr/hdwr_svr
3) hscroot@localhost:~> monhmc -s rmc
Every 4.0s: MONHmc rmc Thu Dec 23 03:33:04 2010
Tasks: 5 total, 0 running, 5 sleeping, 0 stopped, 0 zombie
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5411 root 16 0 59496 5012 3956 S 0 0.5 9:58.81 rmcd
5525 root 16 0 28900 5564 4592 S 0 0.5 0:06.72 IBM.ServiceRMd
5524 root 17 0 13632 2652 2604 S 0 0.3 0:00.00 IBM.CSMAgentRMd
5527 root 16 0 23604 3872 3460 S 0 0.4 0:00.47 IBM.LparCmdRMd
5526 root 15 0 28596 5336 4484 S 0 0.5 8:18.69 IBM.DMSRMd
4) hscroot@localhost:~> monhmc -r proc
Every 4.0s: MONHmc proc Thu Dec 23 03:33:21 2010
Cpu0 : 1.5%us, 0.8%sy, 0.0%ni, 96.0%id, 1.7%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 : 1.4%us, 0.8%sy, 0.0%ni, 97.7%id, 0.1%wa, 0.0%hi, 0.0%si, 0.0%st
5) hscroot@localhost:~> monhmc -r mem
Every 4.0s: MONHmc mem Thu Dec 23 03:33:42 2010
Mem: 1034564k total, 1007292k used, 27272k free, 52396k buffers
6) hscroot@localhost:~> monhmc -r swap
Every 4.0s: MONHmc swap Thu Dec 23 03:34:49 2010
Swap: 2040244k total, 266628k used, 1773616k free, 141604k cached
7)HMC’s Network/process/memory stats(5mins interval) can be checked in these files
hscroot@localhost:~> ls -l /dump/HMCMonitor
-rw-r--r-- 1 root root 36045 2010-12-23 03:42 meminfo_1223
-rw-r--r-- 1 root root 2962293 2010-12-23 03:42 monitor.log
-rw-r--r-- 1 root root 24767 2010-12-23 03:42 netstat_12230342
-rw-r--r-- 1 root root 13042 2010-12-23 00:27 procs_12230027
====================================================================================================
1) hscroot@localhost:~> monhmc -r disk
Every 4.0s: MONHmc disk Thu Dec 23 03:31:59 2010
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 16121184 7194232 8108040 48% /
udev 517280 220 517060 1% /dev
/dev/sda3 6040320 2820516 2912964 50% /var
/dev/sda7 8056524 172560 7474712 3% /dump
/dev/sda8 38669964 203056 36502564 1% /extra
2) hscroot@localhost:~> monhmc -s hmcsvr
Every 4.0s: MONHmc hmcsvr Thu Dec 23 03:32:49 2010
Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6593 root 16 0 19424 4036 2784 S 0 0.4 171:01.84 /opt/hsc/hdwr_svr/hdwr_svr
3) hscroot@localhost:~> monhmc -s rmc
Every 4.0s: MONHmc rmc Thu Dec 23 03:33:04 2010
Tasks: 5 total, 0 running, 5 sleeping, 0 stopped, 0 zombie
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5411 root 16 0 59496 5012 3956 S 0 0.5 9:58.81 rmcd
5525 root 16 0 28900 5564 4592 S 0 0.5 0:06.72 IBM.ServiceRMd
5524 root 17 0 13632 2652 2604 S 0 0.3 0:00.00 IBM.CSMAgentRMd
5527 root 16 0 23604 3872 3460 S 0 0.4 0:00.47 IBM.LparCmdRMd
5526 root 15 0 28596 5336 4484 S 0 0.5 8:18.69 IBM.DMSRMd
4) hscroot@localhost:~> monhmc -r proc
Every 4.0s: MONHmc proc Thu Dec 23 03:33:21 2010
Cpu0 : 1.5%us, 0.8%sy, 0.0%ni, 96.0%id, 1.7%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 : 1.4%us, 0.8%sy, 0.0%ni, 97.7%id, 0.1%wa, 0.0%hi, 0.0%si, 0.0%st
5) hscroot@localhost:~> monhmc -r mem
Every 4.0s: MONHmc mem Thu Dec 23 03:33:42 2010
Mem: 1034564k total, 1007292k used, 27272k free, 52396k buffers
6) hscroot@localhost:~> monhmc -r swap
Every 4.0s: MONHmc swap Thu Dec 23 03:34:49 2010
Swap: 2040244k total, 266628k used, 1773616k free, 141604k cached
7)HMC’s Network/process/memory stats(5mins interval) can be checked in these files
hscroot@localhost:~> ls -l /dump/HMCMonitor
-rw-r--r-- 1 root root 36045 2010-12-23 03:42 meminfo_1223
-rw-r--r-- 1 root root 2962293 2010-12-23 03:42 monitor.log
-rw-r--r-- 1 root root 24767 2010-12-23 03:42 netstat_12230342
-rw-r--r-- 1 root root 13042 2010-12-23 00:27 procs_12230027
====================================================================================================
HMC Commands (Basic Display and Modification commands)
===============================================================================================================
hscroot@hmc:~> ls /usr/hmcrbin
asmmenu chlparutil cut getopt lsaccfg lslic lssysplan mksysconn rmprofdata sendfile viosvrcmd
basename chomsec defsysplanres getriotopology lsavailres lslock lssysplanres mksysplan rmsyscfg setkeyoncec vtmenu
bkconsdata chpwrmgmt deploysysplan getupgfiles lscod lslogon lsusrtca mkvterm rmsysconn setlparcap which
bkprofdata chsacfg diagrmc grep lscuod lslparmigr lsvet monhmc rmsysplan ssh who
chaccfg chsvcevent diff head lsdump lslparutil man osinstall rmsysplanres ssh-keygen whoami
chcod chsyscfg dircolors hmcshutdown lsfru lsmediadev migrcfg OS_install rmvterm startdump
chcuod chsyspwd dlslic hmcwin lshmc lsmemdev migrlpar pedbg rnvi sum
chhmc chsysstate du host lshmcencr lsomsec migrremote pesh rsMMRioServer tail
chhmcencr chusrtca dump installios lshmcfs lspartition mkaccfg rm rsthwres termtask
chhmcfs chvet egrep ldapsearch lshmcldap lspwrmgmt mkauthkeys rmaccfg rstprofdata updhmc
chhmcldap clear expr less lshmcusr lsrefcode mkdir rmdir rstupgdata updlic
chhmcusr cp fgrep locale lshsc lssacfg mkhmcusr rmfile runlpcmd utilcollect
chhwres cpdump gen_backup_db logssh lshwinfo lssvcevents mkhmcusr_ldap rmhmcusr saveupgdata utilhmcevent
chkmedia cpsysplan getdump lpar_netboot lshwres lssyscfg mkmigrkeys rmlock scp utilpurge
chled csmlicutil getfile lpcfgop lsled lssysconn mksyscfg rmlparutil sed utilsnapmoni
================================================================================================================
hscroot@hmc> lshmc -V --->HMC version
hscroot@hmc> lslpars ---->P4 lpar status
hscroot@hmc> hmcshutdown -t now -r --->Reboot the HMC
hscroot@hmc> chhmcusr -u hscroot -t passwd --->Change passwd
hscroot@hmc> lssysconn -r all -F type_model_serial_num:ipaddr:state | sort --->P5 systems connection status
hscroot@hmc> lssyscfg -m pserver1 -r lpar -F name:state ---->P5 and above lpar status
hscroot@hmc> lssyscfg -r sys -F name:serial_num:state --->power5 managedsystem listing
hscroot@hmc> lssyscfg -r lpar -m pserver -n mylpar -->P4 Status and LED/LCD Display of an LPAR
hscroot@hmc> lssyscfg -r sys -n pserver --->P4 Status and LED/LCD Display of a Systems Running in FullPartitionMode
hscroot@hmc> lssyscfg -r lpar -m pserver -F lpar_id:name:serial_num:state | sort -n -->List lpar ID's
hscroot@hmc> lssyscfg -m cr1g6f6a03-9179-MHC-SN10205FR -r lpar -F lpar_id:name:default_profile:state -->List lpar profile names
hscroot@hmc> lssvcevents -t console --> To display hmc console events
hscroot@hmc> lssvcevents -t hardware -m DEV-QA-Ser-8204-E8A-SN06FB7D1 -d 90 (-d days to goback and search) --> Frame related events
hscroot@hmc> lsrefcode -m pserver -r lpar --filter "lpar_names=mylpar" -F lpar_name:refcode --->P5 LED codes
hscroot@hmc> lsrefcode -m pserver -r lpar --filter "lpar_names=mylpar" -n 5 -F lpar_name:refcode --->P5 history of LED codes
hscroot@hmc> lsled -m pserver -r sa -t virtuallpar --filter ""lpar_names=mylpar"" -->LED status
hscroot@hmc> mkvterm -m pserver -p mylpar --->Create Virtual Console
hscroot@hmc> mkvterm -m pserver --->Create Virtual Console for frame running in FullSystemPartition-Mode
You can escape from the console connection by typing ~~. (twice tilde followed by a dot)
hscroot@hmc> rmvterm -m pserver -p mylpar --->To forcefully terminate console connection
hscroot@hmc> chsysstate -m pserver -r lpar -n mylpar -o reset --->P4 Soft Reset of an LPAR(wil take dump)
hscroot@hmc> chsysstate -r lpar -m pserver -o shutdown -n mylpar --->P4 Hard Reset of an LPAR
hscroot@hmc> chsysstate -n pserver -r sys -o reset --->P4 Soft Reset of a System Running in FullPartitionMode
hscroot@hmc> chsysstate -m pserver -r lpar -n mylpar -o off --->P4 Hard Reset of an LPAR
hscroot@hmc> chsysstate -n pserver -r sys -o off --->P4 Hard Reset of a System Running in FullPartitionMode
hscroot@hmc> chsysstate -r lpar -m pserver -o on [ -f myprofile ] -n mylpar -->P4 Lpar activation
hscroot@hmc> chsysstate -o on -r sys -n pserver -c full -->P4 Power on a System Running in FullPartitionMode
hscroot@hmc> chsysstate -r lpar -m pseries -o shutdown -n mylpar --immed --->P5 Hard Reset of an LPAR
hscroot@hmc> chsysstate -r lpar -m pserver -o on -f myprofile -n mylpar -->P5 Lpar activation
hscroot@hmc> chsysstate -r lpar -o chkey -k norm -n mylpar -m pserver -->Bring the key switch to position NORMAL
hscroot@hmc> chusrtca -o a -f /tmp/WelcomeFile.txt --> To set HMC welcome page
hscroot@hmc> chusrtca -o ab -b /tmp/BannerFile.txt --> To set HMC banner page
hscroot@hmc> lsusrtca -t w --> To display HMC banner
hscroot@hmc> lsusrtca -t b --> To display HMC welcome
================================================================================================================
hscroot@hmc:~> ls /usr/hmcrbin
asmmenu chlparutil cut getopt lsaccfg lslic lssysplan mksysconn rmprofdata sendfile viosvrcmd
basename chomsec defsysplanres getriotopology lsavailres lslock lssysplanres mksysplan rmsyscfg setkeyoncec vtmenu
bkconsdata chpwrmgmt deploysysplan getupgfiles lscod lslogon lsusrtca mkvterm rmsysconn setlparcap which
bkprofdata chsacfg diagrmc grep lscuod lslparmigr lsvet monhmc rmsysplan ssh who
chaccfg chsvcevent diff head lsdump lslparutil man osinstall rmsysplanres ssh-keygen whoami
chcod chsyscfg dircolors hmcshutdown lsfru lsmediadev migrcfg OS_install rmvterm startdump
chcuod chsyspwd dlslic hmcwin lshmc lsmemdev migrlpar pedbg rnvi sum
chhmc chsysstate du host lshmcencr lsomsec migrremote pesh rsMMRioServer tail
chhmcencr chusrtca dump installios lshmcfs lspartition mkaccfg rm rsthwres termtask
chhmcfs chvet egrep ldapsearch lshmcldap lspwrmgmt mkauthkeys rmaccfg rstprofdata updhmc
chhmcldap clear expr less lshmcusr lsrefcode mkdir rmdir rstupgdata updlic
chhmcusr cp fgrep locale lshsc lssacfg mkhmcusr rmfile runlpcmd utilcollect
chhwres cpdump gen_backup_db logssh lshwinfo lssvcevents mkhmcusr_ldap rmhmcusr saveupgdata utilhmcevent
chkmedia cpsysplan getdump lpar_netboot lshwres lssyscfg mkmigrkeys rmlock scp utilpurge
chled csmlicutil getfile lpcfgop lsled lssysconn mksyscfg rmlparutil sed utilsnapmoni
================================================================================================================
hscroot@hmc> lshmc -V --->HMC version
hscroot@hmc> lslpars ---->P4 lpar status
hscroot@hmc> hmcshutdown -t now -r --->Reboot the HMC
hscroot@hmc> chhmcusr -u hscroot -t passwd --->Change passwd
hscroot@hmc> lssysconn -r all -F type_model_serial_num:ipaddr:state | sort --->P5 systems connection status
hscroot@hmc> lssyscfg -m pserver1 -r lpar -F name:state ---->P5 and above lpar status
hscroot@hmc> lssyscfg -r sys -F name:serial_num:state --->power5 managedsystem listing
hscroot@hmc> lssyscfg -r lpar -m pserver -n mylpar -->P4 Status and LED/LCD Display of an LPAR
hscroot@hmc> lssyscfg -r sys -n pserver --->P4 Status and LED/LCD Display of a Systems Running in FullPartitionMode
hscroot@hmc> lssyscfg -r lpar -m pserver -F lpar_id:name:serial_num:state | sort -n -->List lpar ID's
hscroot@hmc> lssyscfg -m cr1g6f6a03-9179-MHC-SN10205FR -r lpar -F lpar_id:name:default_profile:state -->List lpar profile names
hscroot@hmc> lssvcevents -t console --> To display hmc console events
hscroot@hmc> lssvcevents -t hardware -m DEV-QA-Ser-8204-E8A-SN06FB7D1 -d 90 (-d days to goback and search) --> Frame related events
hscroot@hmc> lsrefcode -m pserver -r lpar --filter "lpar_names=mylpar" -F lpar_name:refcode --->P5 LED codes
hscroot@hmc> lsrefcode -m pserver -r lpar --filter "lpar_names=mylpar" -n 5 -F lpar_name:refcode --->P5 history of LED codes
hscroot@hmc> lsled -m pserver -r sa -t virtuallpar --filter ""lpar_names=mylpar"" -->LED status
hscroot@hmc> mkvterm -m pserver -p mylpar --->Create Virtual Console
hscroot@hmc> mkvterm -m pserver --->Create Virtual Console for frame running in FullSystemPartition-Mode
You can escape from the console connection by typing ~~. (twice tilde followed by a dot)
hscroot@hmc> rmvterm -m pserver -p mylpar --->To forcefully terminate console connection
hscroot@hmc> chsysstate -m pserver -r lpar -n mylpar -o reset --->P4 Soft Reset of an LPAR(wil take dump)
hscroot@hmc> chsysstate -r lpar -m pserver -o shutdown -n mylpar --->P4 Hard Reset of an LPAR
hscroot@hmc> chsysstate -n pserver -r sys -o reset --->P4 Soft Reset of a System Running in FullPartitionMode
hscroot@hmc> chsysstate -m pserver -r lpar -n mylpar -o off --->P4 Hard Reset of an LPAR
hscroot@hmc> chsysstate -n pserver -r sys -o off --->P4 Hard Reset of a System Running in FullPartitionMode
hscroot@hmc> chsysstate -r lpar -m pserver -o on [ -f myprofile ] -n mylpar -->P4 Lpar activation
hscroot@hmc> chsysstate -o on -r sys -n pserver -c full -->P4 Power on a System Running in FullPartitionMode
hscroot@hmc> chsysstate -r lpar -m pseries -o shutdown -n mylpar --immed --->P5 Hard Reset of an LPAR
hscroot@hmc> chsysstate -r lpar -m pserver -o on -f myprofile -n mylpar -->P5 Lpar activation
hscroot@hmc> chsysstate -r lpar -o chkey -k norm -n mylpar -m pserver -->Bring the key switch to position NORMAL
hscroot@hmc> chusrtca -o a -f /tmp/WelcomeFile.txt --> To set HMC welcome page
hscroot@hmc> chusrtca -o ab -b /tmp/BannerFile.txt --> To set HMC banner page
hscroot@hmc> lsusrtca -t w --> To display HMC banner
hscroot@hmc> lsusrtca -t b --> To display HMC welcome
================================================================================================================
Saturday, 11 June 2016
IBM TSM (DSMC) Commands
#dsmc q sess ===> To check the tsm server session detail from client
#dsmc restore -subdir=yes -su=yes -fromdate=02/10/09 -todate=02/10/09 -inactive -pick "/test/*" ===>Pick and restore files to default location
#dsmc restore -subdir=yes -su=yes -fromdate=02/10/09 -todate=02/10/09 -inactive -pick "/test/*" "/target/" ==>Pick and restore files to specified location.
#dsmc rest -subdir=yes "/test/*" ===>Restore files to default location
#dsmc restore -ina -pick "filesystem/*" ==>To list/pick details about backup date wise
#dsmc retrieve “fromnode=node1 -server=TSM1 -pick /mkcd/mksysb.img /nfs_mksysb/mksysb.img ==>To restore different TSM client's backup in TSM1 server from another node.
#dsmc q arc "/mksysbfs/mksysb.node1" ==>List archived(backed up) files
#dsmc ret -pick /mksysbfs/mksysb.node1 ==>To pick and restore, archived (backed up) files
#dsmc restore -subdir=yes -su=yes -fromdate=02/10/09 -todate=02/10/09 -inactive -pick "/test/*" ===>Pick and restore files to default location
#dsmc restore -subdir=yes -su=yes -fromdate=02/10/09 -todate=02/10/09 -inactive -pick "/test/*" "/target/" ==>Pick and restore files to specified location.
#dsmc rest -subdir=yes "/test/*" ===>Restore files to default location
#dsmc restore -ina -pick "filesystem/*" ==>To list/pick details about backup date wise
#dsmc retrieve “fromnode=node1 -server=TSM1 -pick /mkcd/mksysb.img /nfs_mksysb/mksysb.img ==>To restore different TSM client's backup in TSM1 server from another node.
#dsmc q arc "/mksysbfs/mksysb.node1" ==>List archived(backed up) files
#dsmc ret -pick /mksysbfs/mksysb.node1 ==>To pick and restore, archived (backed up) files
Identify vhost and vfchost device details from VIO client lpar
VHOST (VSCSI) Identification:
#echo "cvai" | kdb | grep vscsi ==>to find vhost assigned from VIO Client (aix 6.1 onwards)
#echo "cvscsi\ncvai vscsi0\ncvai vscsi1" | kdb |grep -E "vhost|part_name" ==>to find vhost assigned from VIO Client(aix 5.3)
#for VSCSI in `lsdev -Cc adapter|grep vscsi|awk '{print $1}'`
do
echo $VSCSI
echo "cvscsi\ncvai $VSCSI"| kdb |grep -E "vhost|part_name"
echo "#####################"
done ==>to find vhost (for more than 2 vscsi cards) assigned from VIO Client(aix 5.3)
VFCHOST (NPIV) Indentification:#echo vfcs | kdb | grep vfc ==>to find vfchost assigned from VIO Client(aix 6.1 onwards)
AIX files and directory Management Commands
#find /tmp -xdev -ls |awk '{print $7 " " $11}' |sort -nr |head -25 ==>to chk the files using high space in /tmp FS
#find /tmp -xdev -type l -exec ls -l {} \; ==>To list all link files/dir's in /tmp FS
===Draft : Work on Progress====
#find /tmp -xdev -type l -exec ls -l {} \; ==>To list all link files/dir's in /tmp FS
===Draft : Work on Progress====
Subscribe to:
Posts (Atom)