IBM Spectrum Scale 4.2 (GPFS) with sudo wrappers

IBM have recently released Spectrum Scale (formerly GPFS) version 4.2 with support for sudo wrappers. Prior to version 4.2, GPFS cluster configuration and administration in a typical setup relied on creating root SSH keys between all clusters to allow commands to be run against all nodes. In an attempt to alleviate the requirement for root SSH keys, IBM have developed a solution that uses both sudo and SSH keys with a non-privileged user. This post details the changes I made in my environment to create a basic two node GPFS cluster using the sudo wrappers.
Continue reading

HMC Elastic CoD detail function

IBM have created a self-service portal [1] for its customers to allow them to request their own Elastic Capacity on Demand codes for their registered systems. In my time using the new website, the codes have been generated and sent to me via email on average between 30 & 45 minutes. This significantly reduces not only the time taken to get new codes posted to the POD [2] website, but also eliminates the process of having to reach out to your IBM representative to request them from the COD office in the USA.
Continue reading

PowerHA SystemMirror and NIM mksysb failures

I built a basic two-node PowerHA SystemMirror (HACMP) cluster for my team a little while ago to use as a test environment for patch updates. While it wasn’t a true reflection of how the production environment is configured, it was enough to test functionality. As such, I configured a single virtual ethernet adapter in each cluster node, which would house both the boot IP and the service IP of the cluster. After a couple of weeks, I noticed that my weekly NIM mksysb’s on one of the two cluster nodes was always failing. Further investigation found that the NIM mksysb’s would always fail on the cluster node that had the active resource group with the service IP attached to it. If I failed the resource group over to the other cluster node, the NIM mksysb would complete successfully.
Continue reading

Patching CVE-2014-6271 and CVE-2014-7169 on AIX via NIM (bash bug aka shellshock)

Update: Patch links from both IBM [4] and Perzl [5] at the bottom of this post.

Below I detail how I patched over 800 AIX LPAR’s that were exposed by CVE-2014-6271 [1] and CVE-2014-7169 [2], also known as shellshock, using the NIM server.

From everything that I’ve been reading on IBM’s Knowledge Centre, creating an LPP source containing only RPM’s isn’t possible. To patch my AIX environment, I decided to use the “script” resource available to the NIM master, along with the pre-existing NFS mounts that I had configured.
Continue reading

AIX boot hangs with HMC 2700 LED code

We recently upgraded the firmare on our Power frame, which required shutting down some of our AIX LPAR’s. The firmware upgrade went well, as did starting up all the AIX LPAR’s, except for one. This particular LPAR booted to HMC LED code 2700 and hung there. I restarted the partition to the Open Firmware (OF) prompt, and tried booting again using verbose mode to see where the boot process was hanging.
Continue reading