PowerHA SystemMirror and NIM mksysb failures

I built a basic two-node PowerHA SystemMirror (HACMP) cluster for my team a little while ago to use as a test environment for patch updates. While it wasn’t a true reflection of how the production environment is configured, it was enough to test functionality. As such, I configured a single virtual ethernet adapter in each cluster node, which would house both the boot IP and the service IP of the cluster. After a couple of weeks, I noticed that my weekly NIM mksysb’s on one of the two cluster nodes was always failing. Further investigation found that the NIM mksysb’s would always fail on the cluster node that had the active resource group with the service IP attached to it. If I failed the resource group over to the other cluster node, the NIM mksysb would complete successfully.
Continue reading

Patching CVE-2014-6271 and CVE-2014-7169 on AIX via NIM (bash bug aka shellshock)

Update: Patch links from both IBM [4] and Perzl [5] at the bottom of this post.

Below I detail how I patched over 800 AIX LPAR’s that were exposed by CVE-2014-6271 [1] and CVE-2014-7169 [2], also known as shellshock, using the NIM server.

From everything that I’ve been reading on IBM’s Knowledge Centre, creating an LPP source containing only RPM’s isn’t possible. To patch my AIX environment, I decided to use the “script” resource available to the NIM master, along with the pre-existing NFS mounts that I had configured.
Continue reading