NIM: Network Installation Manager
This page is to cover all steps taken and done to do get to the following objective:
- Design a new NIM environment
- Based on AIX 6.1
- Define name conventions
- Support AIX 5.2; 5.3 and 6.1
- Support 6.1 VIOS
- Setup a new NIM environment based on AIX 6.1
- Recreate all clients in the new NIM environment
- Clone AIX installations (bare metal as well as LPARs) to new hardware
- Setup SUMA
- Update all necessary installations to the latest stable technology level
- Design and implement disaster recovery
- Design and implement a Standard Operating Environment
NIM Design
NIM terminology
Master
The machine where you set up and maintain your NIM environment. It's also possible to initiate installations from this machine (push mode).
Client
A target for NIM master-initiated operations such as installation, updates etc. It's also possible to initiate its own installation or update (pull mode).
Resource server
Any machine (master and or client) configured to hold a particular software resource. In most environments, the master is also the (only) resource server.
Push mode
Initiated from the master. To be successful, the client must have AIX and tcp/ip configured.
Pull mode
Initiated from the client. To use, you need access to the clients' SMS menu.
SPOT (Shared Product Object Tree)
A directory of code (installed filesets) that is used during client booting procedure. It's equivalent in content to the code that resides in the /usr file system on a system running AIX. It also contains the code needed to generate the boot images (kernels, which will be stored in the /tftboot directory) that the client uses until it can mount the SPOT over NFS.
lpp_source
A directory similar to AIX installation CDs. It contains the Licensed Program Products (LLPs) in Backup File Format (BFF) and RPM filesets that can be installed.
mksysb
A file containing the image of the root volume group of a machine. It's used to restore a machine, or to install it from scratch (cloning).
bosinst_data
A flat ASCII file similar to the bosinst.data file used for restoring backup images. It automates the installation process by providing the answers to the interactive installation questions.
script
A file which runs after the installation on your client to perform customization such as file system resizing, additional user creation etc.
Name conventions
lpp_source objects
- lpp_5300_05_01
- AIX 5.3 met Technology Level (TL) 5 en Service Pack (SP) 1
spot objects
- spot_5300_05_01
- AIX 5.3 met Technology Level (TL) 5 en Service Pack (SP) 1
mksysb generic objects
- mksysb_5300_05_01
- AIX 5.3 met Technology Level (TL) 5 en Service Pack (SP) 1
mksysb particular objects
- mksysb_lpar1_20090527
- backup of lpar1 on 27 may 2009
network objects
- net_10_1_0_0
- net_10_246_60_00
NIM Setup
Directory structure
According to the redbook on NIM there are several options to maintain the storage needed by NIM. Because we have a SAN which is able to increase allocated volumes and LUNs I create a single volume and two LUNs, one for booting and one for the NIM data. Because I have a separate LUN for NIM, it's possible to increase the filesystem when necessary. That way, I'll always keep one filesystem and volumegroup for booting, and one of each for the NIM data. In case you need to increase the storage space needed for NIM data perform the following steps:
- Increase the SAN volume
- Increase the LUN
- Increase the filesystem
For more info on the last step see AIX Storage.
Create a special volume group to host all NIM related data and create one large filesystem in this volume group. After creation of the filesystem create directories to store all NIM data:
Create a special volume group to host all NIM related data and create one large filesystem in this volume group. After creation of the filesystem create directories to store all NIM data:
bash-3.2# lsvg -l sanvg sanvg: LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINT loglv00 jfs2log 1 1 1 open/syncd N/A fslv00 jfs2 796 796 1 open/syncd /nim bash-3.2# ls -l /nim total 0 drwxr-xr-x 2 root system 256 Jun 09 06:52 images drwxr-xr-x 2 root system 256 Jun 09 06:49 lost+found drwxr-xr-x 2 root system 256 Jun 09 06:52 lpp_source drwxr-xr-x 2 root system 256 Jun 09 06:52 spot drwxr-xr-x 2 root system 256 Jun 09 07:06 tftpboot
Note that the tftpboot directory will hold the boot images when needed for clients. Because the number of boot images may increase with the number of operating system levels I created a special directory on the dedicated volume group and let the directory in root link to this directory:
ln -s /nim/tftpboot/ /tftpboot ls -l lrwxrwxrwx 1 root system 14 Jun 09 07:06 tftpboot -> /nim/tftpboot/
For more information on creating AIX volume groups and filesystems (and logical volumes) see AIX Storage
Master installation
The NIM master software was installed through smitty:
Installation Summary -------------------- Name Level Part Event Result ------------------------------------------------------------------------------- bos.sysmgt.nim.master 6.1.3.0 USR APPLY SUCCESS bos.sysmgt.nim.master 6.1.3.0 USR COMMIT SUCCESS ---- end ----
Now the software is installed but not yet configured/initialized. The command lsnim will tell you by showing you no objects at all:
bash-3.2# lsnim 0042-011 lsnim: unable to access the /etc/niminfo file
NIM Master Initialization
Note: Before starting the initialization, make sure the NIM master can be resolved with the nameserver, for the A-record, as well as for the reverse record.
NIM initialization is done through the nimconfig command:
bash-3.2# nimconfig -a netname=net_10_1_0_0 -a pif_name=en0 -a netboot_kernel=mp -a cable_type=tp -a client_reg=no 0513-071 The nimesis Subsystem has been added. 0513-071 The nimd Subsystem has been added. 0513-059 The nimesis Subsystem has been started. Subsystem PID is 274446.
- netname
- Required: the name of the first nim network that is defined
- pif_name
- Required: The primary network install interface
- netboot_kernel
- Specifies the type of kernel to use when booting the client over the network.
- mp = multiprocessor
- up = uniprocessor
- cable_type
- Required if pif refers to an ethernet network
- tp = Twisted Pair
- bnc = Coaxial cable
- dix = Thick cable, also known as “10Base5”
- client_reg
- Defines whether the clients may register themselves with the master or not
That NIM is initialized now can be checked using the lsnim command:
bash-3.2# lsnim master machines master boot resources boot nim_script resources nim_script net_10_1_0_0 networks ent bash-3.2# lsnim -l master master: class = machines type = master max_nimesis_threads = 20 comments = machine which controls the NIM environment client_reg = no platform = chrp netboot_kernel = mp if1 = net_10_1_0_0 ms-nim01.company.local 001A6444B9C8 cable_type1 = tp Cstate = ready for a NIM operation prev_state = Mstate = currently running serves = boot serves = nim_script master_port = 1058 registration_port = 1059 reserved = yes bash-3.2# lsnim -l boot boot: class = resources type = boot comments = represents the network boot resource Rstate = ready for use location = /tftpboot alloc_count = 0 server = master reserved = yes bash-3.2# lsnim -l nim_script nim_script: class = resources type = nim_script comments = directory containing customization scripts created by NIM Rstate = ready for use location = /export/nim/scripts alloc_count = 0 server = master reserved = yes bash-3.2# lsnim -l net_10_10_0_0 net_10_1_0_0: class = networks type = ent Nstate = ready for use prev_state = information is missing from this object's definition net_addr = 10.10.0.0 snm = 255.255.0.0 routing1 = default 10.10.1.2
And by checking the /etc/niminfo file:
bash-3.2# cat /etc/niminfo # nimconfig export NIM_NAME=master export NIM_CONFIGURATION=master export NIM_MASTER_PORT=1058 export NIM_REGISTRATION_PORT=1059 export NIM_MASTER_HOSTNAME=ms-nim01.company.local
Verify other services
The NIM master uses the bootpd and tftpd services. Check if they're already running:
bash-3.2# lssrc -ls inetd Subsystem Group PID Status inetd tcpip 135338 active Debug Not active Signal Purpose SIGALRM Establishes socket connections for failed services. SIGHUP Rereads the configuration database and reconfigures services. SIGCHLD Restarts the service in case the service ends abnormally. Service Command Description Status xmquery /usr/bin/xmtopas xmtopas -p3 active wsmserver /usr/websm/bin/wsmserver wsmserver -start active time internal active daytime internal active time internal active daytime internal active ntalk /usr/sbin/talkd talkd active exec /usr/sbin/rexecd rexecd active login /usr/sbin/rlogind rlogind active shell /usr/sbin/rshd rshd active telnet /usr/sbin/telnetd telnetd -a active ftp /usr/sbin/ftpd ftpd active
In case they're not (as shown in the example) edit the /etc/inetd.conf file to uncomment the corresponding lines:
bootps dgram udp wait root /usr/sbin/bootpd bootpd /etc/bootptab tftp dgram udp6 SRC nobody /usr/sbin/tftpd tftpd -n
And refresh the inetd daemon:
bash-3.2# refresh -s inetd 0513-095 The request for subsystem refresh was completed successfully.
And check to see if the services are running now:
bash-3.2# lssrc -ls inetd Subsystem Group PID Status inetd tcpip 135338 active Debug Not active Signal Purpose SIGALRM Establishes socket connections for failed services. SIGHUP Rereads the configuration database and reconfigures services. SIGCHLD Restarts the service in case the service ends abnormally. Service Command Description Status tftp /usr/sbin/tftpd tftpd -n active bootps /usr/sbin/bootpd bootpd /etc/bootptab active xmquery /usr/bin/xmtopas xmtopas -p3 active wsmserver /usr/websm/bin/wsmserver wsmserver -start active time internal active daytime internal active time internal active daytime internal active ntalk /usr/sbin/talkd talkd active exec /usr/sbin/rexecd rexecd active login /usr/sbin/rlogind rlogind active shell /usr/sbin/rshd rshd active telnet /usr/sbin/telnetd telnetd -a active ftp /usr/sbin/ftpd ftpd active
As you can see, they are running now.
TFTP and BOOTP debugging
To enable debugging for tftp and bootp edit the inetd.conf again and change the bootp and tftp lines according to these:
bootps dgram udp wait root /usr/sbin/bootpd bootpd -d -d -d /etc/bootptab tftp dgram udp6 SRC nobody /usr/sbin/tftpd tftpd -nvi
and restart the inetd daemon:
bash-3.2# refresh -s inetd 0513-095 The request for subsystem refresh was completed successfully.
In case you have enabled syslogging you'll now see the messages in your syslog:
Daemon Daemon Information bootpd[430226]: exiting after 15 minutes of inactivity 18:49:14 Jul 01 2009 Daemon Daemon Information tftpd[286866]: [0000010b] EZZ7046I : Status Transaction completed successfully 18:35:04 Jul 01 2009 Daemon Daemon Information tftpd[286866]: [0000010b] EZZ7029I : Status Read request for 10.10.3.9: /tftpboot/ms-lpar01.company.local 18:34:14 Jul 01 2009 Daemon Daemon Information tftpd[286866]: [0000010b] EZZ7044I : 10.10.3.9 RRQ18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Finished processing boot request. 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Gateway IP address (bp->bp_giaddr) = 10.10.3.7 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Server IP address (bp->bp_siaddr) = 10.10.3.7 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Client IP address (bp->bp_ciaddr) = 10.10.3.9 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: The following addresses are included in the bootp reply 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: sending RFC1048-style reply 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: RFC1048 vendor data ( bp_vend[64] ) 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: vendor magic field is 99.130.83.99 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: bootfile = /tftpboot/ms-lpar01.company.local 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: found 10.10.3.9 ms-lpar01.company.local 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: request from IP addr 10.10.3.9 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Received boot request. 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: bootptab mtime is Wed Jul 1 18:20:07 2009 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Finished processing boot request. 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Gateway IP address (bp->bp_giaddr) = 10.10.3.7 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Server IP address (bp->bp_siaddr) = 10.10.3.7 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Client IP address (bp->bp_ciaddr) = 10.10.3.9 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: The following addresses are included in the bootp reply 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: sending RFC1048-style reply 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: RFC1048 vendor data ( bp_vend[64] ) 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: vendor magic field is 99.130.83.99 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: bootfile = /tftpboot/ms-lpar01.company.local 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: found 10.10.3.9 ms-lpar01.company.local 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: request from IP addr 10.10.3.9 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: Received boot request. 18:34:14 Jul 01 2009 Daemon Daemon Information bootpd[430226]: bootptab mtime is Wed Jul 1 18:20:07 2009
TFTP Security
Because tftp uses no authentication it is important to limit the directories the service can access, and because I have created a link from /tftpboot to /nim/tftpboot I have to add extra directories. To do so, create the file /etc/tftpaccess.ctl and define the correct directories:
bash-3.2# vi /etc/tftpaccess.ctl bash-3.2# cat /etc/tftpaccess.ctl # NIM access for network boot allow:/tftpboot allow:/nim/tftpboot
Test TFTP
bash-3.2# cat /tftpboot/test bash-3.2# touch /tftpboot/test2 bash-3.2# tftp -r - 0 /tftpboot ...testtest2Received 64 bytes in 0.0 seconds bash-3.2# bash-3.2# tftp -o - 0 /tftpboot/ms-lpar01.company.local.info #------------------ Network Install Manager --------------- # warning - this file contains NIM configuration information # and should only be updated by NIM export NIM_NAME=ms-lpar01 export NIM_HOSTNAME=ms-lpar01.company.local export NIM_CONFIGURATION=standalone export NIM_MASTER_HOSTNAME=ms-nim01.company.local export NIM_MASTER_PORT=1058 export NIM_REGISTRATION_PORT=1059 export NIM_SHELL="nimsh" export NIM_MASTERID=000153BAD400 export NIM_LICENSE_ACCEPT=yes export RC_CONFIG=rc.bos_inst export NIM_BOSINST_ENV="/../SPOT/usr/lpp/bos.sysmgt/nim/methods/c_bosinst_env" export NIM_BOSINST_RECOVER="/../SPOT/usr/lpp/bos.sysmgt/nim/methods/c_bosinst_env -a hostname=ms-lpar01.company.local" export SPOT=ms-nim01.company.local:/nim/spot/spot_5300_05/usr export NIM_CUSTOM="/../SPOT/usr/lpp/bos.sysmgt/nim/methods/c_script -a location=ms-nim01.company.local:/export/nim/scripts/ms-lpar01.script" export NIM_BOS_IMAGE=/SPOT export NIM_BOS_FORMAT=spot export NIM_HOSTS=" 127.0.0.1:loopback:localhost 10.10.3.9:ms-lpar01.company.local 10.10.3.7:ms-nim01.company.local " export NIM_MOUNTS=" ms-nim01.company.local:/nim/lpp_source/lpp_5300_05:/SPOT/usr/sys/inst.images:dir " export ROUTES=" default:0:10.10.1.2 " Received 1283 bytes in 0.0 seconds bash-3.2# tftp -r - 0 /etc Error code 2: Access violation
Looks like everything works fine.
Define lpp and spot resources
Define lpp source AIX 6.1 SP 1
Define lpp source for AIX 6.1 SP 01, with the CD-rom as source:
bash-3.2# nim -o define -t lpp_source -a server=master -a location=/nim/lpp_source/lpp_6100_00_01 -a source=/dev/cd0 lpp_6100_00_01 Preparing to copy install images (this will take several minutes)... /nim/lpp_source/lpp_6100_00_01/RPMS/ppc/cdrecord-1.9-7.aix5.2.ppc.rpm ...... /nim/lpp_source/lpp_6100_00_01/installp/ppc/X11.loc.BE_BY.6.1.0.0.I Now checking for missing install images... All required install images have been found. This lpp_source is now ready. warning: 0042-265 c_mk_lpp_source: The image source "/dev/cd0" that was used to define the lpp_source is missing one or more of the following from the list of default packages: wio.common wio.fcp
As you can see, there are two 'default' packages missing:
- wio.common
- wio.fcp
Both are used for workload partition, which I'm not running so I don't need them, which means I can ignore this.
Complete software from all CDs
When you create a LPP source you create one by default with only the most used filesets. If you want all software to be in the LPP_source you can add all sources like this:
Keep cd1 in the drive and:
Keep cd1 in the drive and:
- smitty nim
- Perform NIM Administration Tasks
- Manage Resources
- Perform Operations on Resources
- And select the lpp_source (6100_00_01)
- And select update
- Confirm that you're adding software
- And select the input device (/dev/cd0)
- Select the software packages to add and press ENTER (ALL)
It will first ask for the first CD to copy the missing filesets, and after that it will ask for all cds:
bffcreate: Please insert volume 2 into device /dev/cd0 and press Enter
to continue or enter "q" to quit.
Define lpp_source AIX 5L 5.3 TL 5
Define lpp source for AIX 5.3 TL 05, with a directory as source:
bash-3.2# nim -o define -t lpp_source -a server=master -a location=/nim/lpp_source/lpp5300_05 -a source=/tmp/5300-05/cd1/ lpp_5300_05 Preparing to copy install images (this will take several minutes)... /nim/lpp_source/lpp5300_05/RPMS/ppc/cdrecord-1.9-7.aix5.2.ppc.rpm ...... /nim/lpp_source/lpp5300_05/installp/ppc/bos.adt.5.3.0.0.I Now checking for missing install images... All required install images have been found. This lpp_source is now ready. warning: 0042-265 c_mk_lpp_source: The image source "/tmp/5300-05/cd1/" that was used to define the lpp_source is missing one or more of the following from the list of default packages: bos.swma csm.msg.en_US ifor_ls.html.en_US rsct.msg.en_US bash-3.2# lsnim master machines master boot resources boot nim_script resources nim_script net_10_1_0_0 networks ent lpp_5300 resources lpp_source lpp_5300_05 resources lpp_source
Again, there are packages missing which I don't need.
Update LPP Source
First copy an existing LPP source
bash-3.2# cd /nim/lpp_source/ bash-3.2# ls lpp_5300_05 lpp_6100_00_01 bash-3.2# cp -r lpp_5300_05/ lpp_5300_06_07 bash-3.2# ls lpp_5300-06-07 lpp_5300_05 lpp_6100_00_01
Define the LPP source
bash-3.2# nim -o define -t lpp_source -a server=master -a location=/nim/lpp_source/lpp_5300_06_07 lpp_5300_06_07 Preparing to copy install images (this will take several minutes)... Now checking for missing install images... All required install images have been found. This lpp_source is now ready.
Update the LPP source with a downloaded TL/SP
bash-3.2# nim -o update -a packages=all -a source=/nim/installsources/5300-06-07/ lpp_5300_06_07 /nim/lpp_source/lpp_5300_06_07/installp/ppc/bos.rte.install.5.3.0.67.U ...... /nim/lpp_source/lpp_5300_06_07/installp/ppc/bos.loc.pc.Lv_LV.5.3.0.10.U bash-3.2#
Check the updated LPP source
Checking an updated LPP source consists of 3 steps, first check the lpp source, then remove duplicate packages, and then recheck the lpp source. I don't know for sure if the checking is necessary, but it only takes a few seconds, so better safe then sorry.
bash-3.2# nim -o check lpp_5300_06_07 bash-3.2# nim -o lppmgr -a lppmgr_flags=-rbux lpp_5300_06_07 lppmgr: Source table of contents location is /nim/lpp_source/lpp_5300_06_07/installp/ppc/.toc lppmgr: Building table of contents in /nim/lpp_source/lpp_5300_06_07/installp/ppc .. lppmgr: Building table of contents completed. lppmgr: Generating list of superseded filesets.. lppmgr: Generating duplicate list.. lppmgr: Generating base level duplicate list.. Results: ======================= start list ============================= Java14.license.1.4.2.0.U ....... sysmgtlib.framework.core.5.3.0.50.U ======================== end list ============================== lppmgr: Building table of contents in /nim/lpp_source/lpp_5300_06_07/installp/ppc .. lppmgr: Building table of contents completed. rm: removing /nim/lpp_source/lpp_5300_06_07/installp/ppc/Java14.license.1.4.2.0.U ... ... rm: removing /nim/lpp_source/lpp_5300_06_07/installp/ppc/sysmgtlib.framework.core.5.3.0.50.U bash-3.2# nim -o check lpp_5300_06_07 bash-3.2# lsnim -l lpp_5300_06_07 lpp_5300_06_07: class = resources type = lpp_source arch = power Rstate = ready for use prev_state = verification is being performed location = /nim/lpp_source/lpp_5300_06_07 simages = yes alloc_count = 0 server = master
This is the explanation of the lppmgr_flags option:
- Remove duplicate updates (-u flag).
- Remove duplicate base levels (-b flag).
- Eliminate update imagess which are the same level as base images of the same fileset. Such update images can create conflicts that lead to installation failure (-u flag).
- Remove message and locale filesets other than the language you specify (-k flag).
- Remove superseded filesets (-x flag).
- Remove non-system images from a NIM lpp_source resource (-X flag).
Check content LPP_Source
Check to see what packages on what level are installed in a particular lpp_source:
bash-3.2# nim -o showres lpp_5300_06_07 | grep xlC xlC.aix50.rte 6.0.0.13 I N usr xlC.cpp 6.0.0.0 I N usr xlC.msg.en_US.cpp 6.0.0.0 I N usr xlC.rte 6.0.0.0 I N usr
Define SPOT sources
If you want to work with different kind of versions you have to create a non-/usr SPOT. It is recommended to use a NIM lpp_source to create it from. Note that you don't need to provide the name of the directory for the location, it will automatically create a directory by the name of the SPOT object.
bash-3.2# nim -o define -t spot -a server=master -a location=/nim/spot/ -a source=lpp_6100_00_01 -a installp_flags=-aQg spot_6100_00_01 Creating SPOT in "/nim/spot/" on machine "master" from "lpp_6100_00_01" ... Restoring files from BOS image. This may take several minutes ... Installing filesets ... ...... Be sure to check the output from the SPOT installation to verify that all the expected software was successfully installed. You can use the NIM "showlog" operation to view the installation log file for the SPOT. +-----------------------------------------------------------------------------+ Pre-installation Verification... +-----------------------------------------------------------------------------+ Verifying selections...done Verifying requisites...done Results... SUCCESSES --------- Filesets listed in this section passed pre-installation verification and will be installed. Selected Filesets ----------------- bos.64bit 6.1.0.1 # Base Operating System 64 bit... bos.diag.com 6.1.0.0 # Common Hardware Diagnostics bos.diag.rte 6.1.0.0 # Hardware Diagnostics ... ... +-----------------------------------------------------------------------------+ BUILDDATE Verification ... +-----------------------------------------------------------------------------+ Verifying build dates...done FILESET STATISTICS ------------------ 349 Selected to be installed, of which: 349 Passed pre-installation verification 23 Additional requisites to be automatically installed ---- 372 Total to be installed ... ... installp: * * * A T T E N T I O N ! ! ! Software changes processed during this session require any diskless/dataless clients to which this SPOT is currently allocated to be rebooted. Checking filesets and network boot images for SPOT "spot_5300_05". This may take several minutes ...
Check SPOT sources
bash-3.2# nim -o check spot_5300_05
Check SPOT level
As far as I know there is no strict way of determining the oslevel including the fixpack from the SPOT resource. However, you can determine the technology level of the spot, which you can use to search for installed filesets. This will give you an almost certainty of which level your SPOT is made.
First check the technology level:
First check the technology level:
bash-3.2# lsnim -l spot_5300_06_07 spot_5300_06_07: class = resources type = spot plat_defined = chrp arch = power bos_license = yes Rstate = ready for use prev_state = verification is being performed location = /nim/spot/spot_5300_06_07/usr version = 5 release = 3 mod = 0 oslevel_r = 5300-06 alloc_count = 0 server = master if_supported = chrp.64 ent if_supported = chrp.mp ent Rstate_result = success
The oslevel_r is set to 5.3 TL 6.
Now see what packages are installed for AIX 5.3 TL6:
Now see what packages are installed for AIX 5.3 TL6:
bash-3.2# nim -o fix_query -a fix_query_flags=-c spot_5300_06_07 | grep :=: | grep "AIX 5300-06" 5300-06_AIX_ML:bos.rte.ILS:5.3.0.50:5.3.0.50:=:AIX 5300-06 Update ...... 5300-06_AIX_ML:devices.pci.1410e601.rte:5.3.0.50:5.3.0.50:=:AIX 5300-06 Update ... ... 53-06-040748_SP:bos.rte.devices_msg:5.3.0.61:5.3.0.61:=:AIX 5300-06-04 Service Pack ... ... 53-06-050806_SP:devices.pciex.14103f03.rte:5.3.0.1:5.3.0.1:=:AIX 5300-06-05 Service Pack ... ... 53-06-060811_SP:perl.rte:5.8.2.62:5.8.2.62:=:AIX 5300-06-06 Service Pack ... ... 53-06-070818_SP:perl.rte:5.8.2.62:5.8.2.62:=:AIX 5300-06-07 Service Pack
As you can see, the output displays all filesets that are installed for AIX 5.3 TL 6, and ends with the software packages from the latest fixpack.
Debug SPOT sources
In case the bootp and tftp stages work fine, but there still goes something wrong with the installation you have two options to debug the NIM operations.
NIM 3-digit LED codes
During the NIM process it produces codes which are displayed in the LED. These codes are (The values are presented in the order in which they are displayed in the three-digit LED):
- 299 Boot image successfully received at the NIM client.
- 600 Starting network boot (portion of /sbin/rc.boot).
- 602 Configuring network parent devices.
- 603 Script defsys, cfgsys, or cfgbus located in /usr/lib/methods/ failed.
- 604 Configuring physical network boot device.
- 605 Configuration physical network boot device failed.
- 606 Running /usr/sbin/ifconfig on logical network boot devices.
- 607 /usr/sbin/ifconfig failed.
- 608 Attempting to retrieve the client.info file with tftp from the SPOT server.
- 609 The client.info file does not exist or could not be accessed, or it is zero length.
- 610 Attempting to mount a remote file system using NFS.
- 611 The client is unable to mount a remote file system (NIM resource) using NFS.
- 612 Accessing remote files. Unconfiguring network boot devices.
- 613 The route command failed.
- 614 Configuration of logical paging devices.
- 615 Configuration of logical paging device failed.
- 616 Converting from diskless to dataless configuration.
- 617 Diskless to dataless configuration failed.
- 618 Configuring remote (NFS) paging device.
- 619 Configuration of remote (NFS) paging space failed.
- 620 Updating special device files and ODM in permanent file system.
- 622 Control returned to the /sbin/rc.boot program.
- 623 The BOS installation program has encountered a fatal error.
- 624 Control passed to the BOS installation Program.
- c40 Extracting data files from media.
- c42 Extracting data files from diskette.
- c44 Initializing install data base with target disk information.
- c46 Normal install processing.
- c48 Prompting user for input.
- 622 Control returned to the /sbin/rc.boot program.
- 623 The BOS installation program has encountered a fatal error.
- 624 Control passed to the BOS installation Program.
- c40 Extracting data files from media.
- c42 Extracting data files from diskette.
- c44 Initializing install data base with target disk information.
- c46 Normal install processing.
- c48 Prompting user for input.
These errors are most common:
608 - tftp retrieve of client info file failure If a 608 hang is encountered, we verify that the ClientName.info file exists in the /tftpboot directory. If it does not exist, we retry the NIM operation to create it. If it does exist, we verify that tftp access to the /tftpboot directory is not restricted in
the /etc/tftpaccess.ctl file. It is also possible that the network adapter was not configured properly in the boot environment. In this case, we use debug-enabled network boot images to look for errors in the boot environment.
608 - tftp retrieve of client info file failure If a 608 hang is encountered, we verify that the ClientName.info file exists in the /tftpboot directory. If it does not exist, we retry the NIM operation to create it. If it does exist, we verify that tftp access to the /tftpboot directory is not restricted in
the /etc/tftpaccess.ctl file. It is also possible that the network adapter was not configured properly in the boot environment. In this case, we use debug-enabled network boot images to look for errors in the boot environment.
611 - Remote mount of NFS file system failure LED 611 hangs occur when the client machine is unable to mount a resource from the NIM master/resource server. First ensure that NFS is running on the master/resource server. We verify that the resources specified for the operation are exported properly by checking the /etc/exports and /etc/xtab files on the server. Also, we confirm that the resources have permissions set correctly for reading. Debug-enabled network boot images can also be used to determine exactly which mount command is failing on the client. We can also check the value of the nfso server portcheck option and usage of NFS reserved ports.For further information about the use of NFS reserved ports and the nfso server portcheck option, refer to 5.3.9, “NFS reserved ports” on page 441.
- This message can also occur when the nim server can't reverse lookup the client. So always create the client in your DNSwith an A and a PTR record.
613 - Failure setting up route tables 613 hangs usually occur because a route is incorrectly defined for a network in the NIM database. We verify that the correct gateways are specified between networks, and all gateways are functional. We use debug-enabled network boot images to determine which routes could not be defined.
Enable SPOT debug
The other option is to enable debugging on the SPOT source.
- Run the following command:
nim -Fo check -a debug=yes SPOTName
where SPOTName is the name of your SPOT.
- Obtain the address for entering the debugger by running the following command to get the address:
lsnim -a enter_dbg SPOTName
where SPOTName is the name of your SPOT. The displayed output will be similar to the following:
spot1:
enter_dbg = "chrp.mp 0x001840d4"
enter_dbg = "chrp.up 0x00160b7c"
enter_dbg = "rs6k.mp 0x001840d4"
enter_dbg = "rs6k.up 0x00160b7c"
enter_dbg = "rspc.mp 0x001840d4"
enter_dbg = "rspc.up 0x00160b7c"
Write down the enter_dbg address for the client you are going to boot. For example, if your client is an chrp-uniprocessor machine, you would write down the address 160b7c.
- Attach a tty device to your client system (port 1).
- Set up and perform the NIM operation that will require the client to boot over the network. Boot the client over the network.
- After the client gets the boot image from the SPOT server, the debug screen will appear on the tty. At the
>prompt, enter:
st Enter_dbg_Value 2
where Enter_dbg_Value is the number you wrote down in step 2 as your machine type’s enter_dbg value. Specifying a 2 at the address of the enter_dbg value prints the output to your tty.
- Type g (for go) and press Enter to start the boot process.
- Use Ctrl-s to temporarily stop the process as you watch the output on the tty. Use Ctrl-q to resume the process.
- To rebuild your boot images in non-debug mode, use the following command:
nim -Fo check SPOTName
where SPOTName is the name of your SPOT.
If the boot image is left in debug mode, every time a client is booted from these boot images, the machine will stop and wait for a command at the debugger
> prompt. If you attempt to use these debug-enabled boot images and there is not a tty attached to the client, the machine will appear to be hanging for no reason.Client operations
Add / reset / remove clients
To see how to add, reset or remove a NIM standalone client please check AIX NIM Client.
Install a client
To see how to install a client with NIM see AIX NIM Client Installation.
Update a client
To update a client from the client you have to do the following steps:
- list the resources available for the client
bash-3.2# nimclient -l -L lpar01 AIX_5300_LPP lpp_source ITO_AIX_5300_LPP lpp_source __smit_bundle_368870 installp_bundle ITO_AIX_5300_SPOT spot ITO_AIX_53-05-CSP_SPOT spot ITO_AIX_53-06-07-0818_LPP lpp_source ITO_AIX_53-06-07-0818_SPOT spot ITO_AIX_53-06-07-0818_LPP_FULL lpp_source ITO_AIX_53-06-07-0818_LPP_SPOT_FULL spot AIX_5300-09_LPP_FULL lpp_source
- allocate the needed resource for the client
bash-3.2# nimclient -o allocate -a lpp_source=ITO_AIX_53-06-07-0818_LPP_FULL
- check to see if the resource is indeed allocated
bash-3.2# nimclient -l -c resources lpar01 ITO_AIX_53-06-07-0818_LPP_FULL lpp_source
- start the update
bash-3.2# nimclient -o cust -a lpp_source=ITO_AIX_53-06-07-0818_LPP_FULL -a fixes=update_all
+-----------------------------------------------------------------------------+
Pre-installation Verification...
+-----------------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results...
SUCCESSES
---------
Filesets listed in this section passed pre-installation verification
and will be installed.
Selected Filesets
-----------------
bos.adt.libm 5.3.0.40 # Base Application Development...
bos.adt.libm 5.3.0.61 # Base Application Development...
<< End of Success Section >>
+-----------------------------------------------------------------------------+
BUILDDATE Verification ...
+-----------------------------------------------------------------------------+
Verifying build dates...done
FILESET STATISTICS
------------------
2 Selected to be installed, of which:
2 Passed pre-installation verification
----
2 Total to be installed
+-----------------------------------------------------------------------------+
Installing Software...
+-----------------------------------------------------------------------------+
installp: APPLYING software for:
bos.adt.libm 5.3.0.40
. . . . . << Copyright notice for bos.adt >> . . . . . . .
Licensed Materials - Property of IBM
5765G0300
(C) Copyright International Business Machines Corp. 1987, 2006.
(C) Copyright AT&T 1984, 1985, 1986, 1987, 1988, 1989.
(C) Copyright Regents of the University of California 1982, 1983, 1986, 1987.
(C) Copyright ISQUARE, Inc. 1990.
All rights reserved.
US Government Users Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
. . . . . << End of copyright notice for bos.adt >>. . . .
Filesets processed: 1 of 2 (Total time: 2 secs).
installp: APPLYING software for:
bos.adt.libm 5.3.0.61
. . . . . << Copyright notice for bos.adt >> . . . . . . .
Licensed Materials - Property of IBM
5765G0300
Copyright International Business Machines Corp. 1987, 2008.
Copyright AT&T 1984, 1985, 1986, 1987, 1988, 1989.
Copyright Regents of the University of California 1982, 1983, 1986, 1987.
Copyright ISQUARE, Inc. 1990.
All rights reserved.
US Government Users Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
. . . . . << End of copyright notice for bos.adt >>. . . .
Finished processing all filesets. (Total time: 12 secs).
+-----------------------------------------------------------------------------+
Summaries:
+-----------------------------------------------------------------------------+
Installation Summary
--------------------
Name Level Part Event Result
-------------------------------------------------------------------------------
bos.adt.libm 5.3.0.40 USR APPLY SUCCESS
bos.adt.libm 5.3.0.61 USR APPLY SUCCESS
bash-3.2# oslevel -s
5300-06-07-0818
bash-3.2#
Note: The other time I got an error regarding I had to accept a new license. Adding the parameter -a accept_licenses=yes did the trick.
Install additional software from lpp_source
- We need software that is currently not installed:
bash-3.2# lslpp -l bos.adt.base bos.adt.lib bos.adt.libm bos.perf.libperfstat bos.perf.perfstat bos.perf.proctools xlC.aix50.rte xlC.rte
Fileset Level State Description
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
bos.adt.base 5.3.0.62 COMMITTED Base Application Development
Toolkit
bos.adt.lib 5.3.0.61 COMMITTED Base Application Development
Libraries
bos.perf.libperfstat 5.3.0.61 COMMITTED Performance Statistics Library
Interface
bos.perf.perfstat 5.3.0.62 COMMITTED Performance Statistics
Interface
bos.perf.proctools 5.3.0.63 COMMITTED Proc Filesystem Tools
xlC.aix50.rte 8.0.0.0 COMMITTED C Set ++ Runtime for AIX 5.0
xlC.rte 8.0.0.0 COMMITTED C Set ++ Runtime
Path: /etc/objrepos
bos.perf.libperfstat 5.3.0.50 COMMITTED Performance Statistics Library
Interface
bos.perf.perfstat 5.3.0.62 COMMITTED Performance Statistics
Interface
lslpp: Fileset bos.adt.libm not installed.
- list the resources available for the client
bash-3.2# nimclient -l -L ms-lpar02 lpp_5300_05 lpp_source spot_5300_05 spot lpp_6100_00_01 lpp_source spot_6100_00_01 spot lpp_5300_06_07 lpp_source spot_5300_06_07 spot
- allocate the needed resource for the client
bash-3.2# nimclient -o allocate -a lpp_source=lpp_5300_06_07
- check to see if the resource is indeed allocated
bash-3.2# nimclient -l -c resources ms-lpar02 lpp_5300_06_07 lpp_source
- Start the installation
bash-3.2# nimclient -o cust -a lpp_source=lpp_5300_06_07 -a filesets=bos.adt.libm
+-----------------------------------------------------------------------------+
Pre-installation Verification...
+-----------------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results...
SUCCESSES
---------
Filesets listed in this section passed pre-installation verification
and will be installed.
Selected Filesets
-----------------
bos.adt.libm 5.3.0.40 # Base Application Development...
bos.adt.libm 5.3.0.61 # Base Application Development...
<< End of Success Section >>
+-----------------------------------------------------------------------------+
BUILDDATE Verification ...
+-----------------------------------------------------------------------------+
Verifying build dates...done
FILESET STATISTICS
------------------
2 Selected to be installed, of which:
2 Passed pre-installation verification
----
2 Total to be installed
+-----------------------------------------------------------------------------+
Installing Software...
+-----------------------------------------------------------------------------+
installp: APPLYING software for:
bos.adt.libm 5.3.0.40
. . . . . << Copyright notice for bos.adt >> . . . . . . .
Licensed Materials - Property of IBM
5765G0300
(C) Copyright International Business Machines Corp. 1987, 2006.
(C) Copyright AT&T 1984, 1985, 1986, 1987, 1988, 1989.
(C) Copyright Regents of the University of California 1982, 1983, 1986, 1987.
(C) Copyright ISQUARE, Inc. 1990.
All rights reserved.
US Government Users Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
. . . . . << End of copyright notice for bos.adt >>. . . .
Filesets processed: 1 of 2 (Total time: 4 secs).
installp: APPLYING software for:
bos.adt.libm 5.3.0.61
. . . . . << Copyright notice for bos.adt >> . . . . . . .
Licensed Materials - Property of IBM
5765G0300
Copyright International Business Machines Corp. 1987, 2008.
Copyright AT&T 1984, 1985, 1986, 1987, 1988, 1989.
Copyright Regents of the University of California 1982, 1983, 1986, 1987.
Copyright ISQUARE, Inc. 1990.
All rights reserved.
US Government Users Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
. . . . . << End of copyright notice for bos.adt >>. . . .
Finished processing all filesets. (Total time: 13 secs).
+-----------------------------------------------------------------------------+
Summaries:
+-----------------------------------------------------------------------------+
Installation Summary
--------------------
Name Level Part Event Result
-------------------------------------------------------------------------------
bos.adt.libm 5.3.0.40 USR APPLY SUCCESS
bos.adt.libm 5.3.0.61 USR APPLY SUCCESS
Note: You can install multiple packages at once like this:nimclient -o cust -a lpp_source=lpp_5300_06_07 -a filesets="bos.adt.libm bos.adt.base"
* Now the software is installed:
bash-3.2# lslpp -l bos.adt.base bos.adt.lib bos.adt.libm bos.perf.libperfstat bos.perf.perfstat bos.perf.proctools xlC.aix50.rte xlC.rte
Fileset Level State Description
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
bos.adt.base 5.3.0.62 COMMITTED Base Application Development
Toolkit
bos.adt.lib 5.3.0.61 COMMITTED Base Application Development
Libraries
bos.adt.libm 5.3.0.61 APPLIED Base Application Development
Math Library
bos.perf.libperfstat 5.3.0.61 COMMITTED Performance Statistics Library
Interface
bos.perf.perfstat 5.3.0.62 COMMITTED Performance Statistics
Interface
bos.perf.proctools 5.3.0.63 COMMITTED Proc Filesystem Tools
xlC.aix50.rte 8.0.0.0 COMMITTED C Set ++ Runtime for AIX 5.0
xlC.rte 8.0.0.0 COMMITTED C Set ++ Runtime
Path: /etc/objrepos
bos.perf.libperfstat 5.3.0.50 COMMITTED Performance Statistics Library
Interface
bos.perf.perfstat 5.3.0.62 COMMITTED Performance Statistics
Interface
bash-3.2# oslevel -s
5300-06-07-0818
As you can see, the software is applied now, to commit it, run this command:
installp -c bos.adt.libm
Create a SOE
AIX SOE is the term IBM uses for imaging of AIX machines. The purpose is to create an overall document which describes into detail how AIX machines are installed and managed. Because that document should be creates by every company on their own I will focus on only creating the so-called golden image… or as you could say… One image to rule them all.
This image is created using the configuration outlined in AIX Post Install. Follow the guidelines under cloning AIX to see how an image can be created and restored.
Clone AIX
AIX cloning or imaging is an easy way to set up a standard environment for your AIX installations. Create one installation which counts for all and restore that image everytime you need a new installation. That way you can never forget a setting etc.
Create a mksysb image
We do this through the smity fastpath “smitty nim_mkres”
- Select mksysb
Setup these values according to your environment:
And see the progress of the backup:
When nim is ready with creating the mksysb resource it will tell you so:
And see the progress of the backup:
When nim is ready with creating the mksysb resource it will tell you so:
Now you have a new resource:
bash-3.2# lsnim master machines master ...... soe_20090713 resources mksysb
Restore a mksysb image
We do this through the smity fastpath “smitty nim_bosinst”
- Select a target, this is the machine you're gonna restore the image to
- Select mksysb as thge installation type
- Select the mksysb resource you just created
- Select the spot related to the mksysb resource (should be of the same os level)
Adjust the parameters according to your environment, but at least set these settings to “yes”:
- ACCEPT new license agreements?
- This one is set twice under:
- Customization FB Script to run at first reboot
- installp Flags
If the lpar you selected is still running you'll see this message:
The machine will reboot now, so you have to go to the console of the lpar, because you'll have to set the console, accept English as the installation language, and accept the default settings:
After that the installation starts. You can monitor the installation through the console and through the nim commandline:
The machine will reboot now, so you have to go to the console of the lpar, because you'll have to set the console, accept English as the installation language, and accept the default settings:
After that the installation starts. You can monitor the installation through the console and through the nim commandline:
bash-3.2# lsnim -l ms-lpar01 ms-lpar01: class = machines type = standalone connect = nimsh platform = chrp netboot_kernel = mp if1 = net_10_1_0_0 ms-lpar01 0 net_settings1 = auto auto cable_type1 = tp Cstate = Base Operating System installation is being performed prev_state = BOS installation has been enabled Mstate = in the process of booting info = BOS install 38% complete : 42% of mksysb data restored. boot = boot mksysb = soe_20090713 nim_script = nim_script spot = spot_5300_06_07 cpuid = XXXXXXXXXXXX control = master Cstate_result = success
This is the lpar after the installation first reboot. Network and everything is being configured:
SUMA
SUMA Commands
I didn't test these commands myself yet. They have been used in a production environment however, so I think you could trust them.
- update suma on server to use proxy
suma -c -a HTTP_PROXY=http://proxy:3128/ suma -c -a HTTPS_PROXY=http://proxy:3128/ suma -c -a FTP_PROXY=http://proxy:3128/
- download updates to lpp_source
suma -x -a Action=Clean -a RqType=TL -a RqName=5300-09 -a DLTarget=/export/eznim/lpp_source/AIX_5300-09_LPP_FULL/
- other updates MP/SP
suma -x -a Action=Preview -a RqType=SP -a RqName=5300-06-07 -a FilterDir=/export/eznim/lpp_source/ITO_AIX_53-06-07-0818_LPP_FULL/ suma -x -a Action=Download -a RqType=ML -a RqName=5300-09 -a DLTarget=/export/eznim/lpp_source/ITO_AIX_53-09
NIM Troubleshooting
NIM Error
0042-291 NIMkid: The NIM master is not currently allowing registration of NIM clients. Please seek assistance from your network install administrator.
Solution: Set the parameter in the NIM Server so clients can register themselves:
- smitty nim
- Perform NIM Administration Tasks
- Configure NIM Environment Options
- Manage Client Registration
- Allow Machines to Register Themselves as Clients?
No comments:
Post a Comment