Virtual I/O Server update/upgrade Procedure

This post explains step by step process to update VIO server from one version to new version. VIOS is nothing but Virtual I/O Server. Tested and successfully completed this VIOS update procedure in our environment from VIO 2.2.4.10 to 2.2.6.32 and VIO 2.2.6.10 to 2.2.6.32. Follow the below steps to update the VIO Server.

1. Take the configuration backup and mksysb or alternate disk back.
2. Break the rootvg mirror and take the clone for quick rollback. If your VIO server with single disk take the mksysb backup.
3. Remove the all interim fixes and commit the filesets in current version.
4. Mount the packages downloaded NFS filesystem
5. Update the VIO Server using updateios command and wait until it completed. Next reboot the VIO Server
6. Verify the latest VIOs version and check if any missing packages and re-mirror the rootvg

1. Take the configuration backup and mksysb or alternate disk back.

The viosbr command creates a backup of only the VIOS configuration.
# viosbr -backup -file /tmp/<file name>

Take the mksysb backup for rootvg. It will create entire rootvg backup
# backupios -file <path to NFS location>/<file name> -mksysb

2. Break the rootvg mirror and take the clone for quick rollback. If your VIO server with single disk take the mksysb backup.

To break the rootvg mirror and create a clone for quick rollback
$ bootlist -mode normal –ls
$ unmirrorios hdisk1
#  migratepv hdisk1 hdisk0     (Run as root user)
$ reducevg -rmlv rootvg hdisk1
$ alt_root_vg -target hdisk1

$oem_setup_env (to get root shell)
# bosboot -ad hdisk0 (using root shell)
# bootlist -m normal hdisk0 hdisk1 (using root shell)

3. Remove the all interim fixes and commit the filesets in current version.

To remove all interim fixes, if any installed.
$ lssw
$ updateios -remove <ifix_LABEL>
Commit existing filesets:
$ updateios –commit

4. Mount the packages downloaded NFS filesystem
# mount $nim_server:/nim/$location_of_vios_patches  /mnt
# cd /mnt

5. Update the VIO Server using updateios command and wait until it completed. Next reboot the VIO Server

Run the following command to perform updating VIOS.
$ updateios -accept -install -dev /mnt -> it will install the VIOS patches

Upon successful update completion take a reboot of server   .

$ shutdown -restart

6. Verify the latest VIOs version and check if any missing packages and re-mirror the rootvg

Check consistency of currently installed filesets
# instfix –i | grep ML
# lppchk –v
$ ioslevel
Once everything confirmed, re-mirror the rootvg.

$ extendvg rootvg hdisk1
$ mirrorios hdisk1
$ bootlist -mode normal -ls (to view)
$ oem_setup_env (to get root shell)
# bosboot -ad hdisk1 (using root shell)
# bootlist -m normal  hdisk0 hdisk1 (using root shell)
# exit (using root shell, to go back to VIOS shell from root shell)

VIOS Backout/Rollback Procedure :
Change the bootlist and Reboot the server with older version.

#bootlist –m normal hdisk1 hdisk0
#bootlist –m normal –o

#shutdown –Fr now
Once the server is came up, Re-mirror the rootvg .

$ extendvg rootvg hdisk1
$ mirrorios hdisk1
$ bootlist -mode normal -ls (to view)
$ oem_setup_env (to get root shell)
# bosboot -ad hdisk1 (using root shell)
# bootlist -m normal  hdisk0 hdisk1 (using root shell)
# exit (using root shell, to go back to VIOS shell from root shell

Restore the mksysb image to alternate Disk in AIX

This restoration process is very useful to restore the server from mksysb backup file, instead of using NIM resources like mksysb and spot.
By using alt_disk_mksysb command we can restore the system backup on separate disk without down the server. No downtime required. This is a online activity.
Minimum downtime required to reboot the server.

Steps are
1. Remove the old_rootvg image, if exists
# alt_rootvg_op -X old_rootvg

Note that the -X flag only removes the volume group place holder for the altinst_rootvg or old_rootvg.

2. To install mksysb image on hdisk1 .It will take few minutes to complete the installation wait until it is completed.
# alt_disk_mksysb -m /mksysb_images/my_mksysb -d hdisk1

alt_disk_mksysb flags
-d target_disk(s) – The disk or disks you want to clone to.

-m Specifies the location of the mksysb that you want to clone. The value for device can be: Tape / CD device OR path name of mksysb image in a file system.

3. Once completed above command, Verify bootable image is created on hdisk1 or not . For hdisk1 it has to show YES.
# ipl_varyon -i

4. If you got the downtime reboot the server with hdisk1(altinst_rootvg)
# bootlist -m normal -o
# bootlist -m normal hdisk1 hdisk0

# shutdown -Fr

Note :
If your rootvg was mirrored to hdisk0 & hdisk1 on the source system when you created the mksysb, and you want to alt_clone to a single disk, (hdisk2 on the target system, for example) using a customized image.data file located under /home/image.data, you would run the following:

# alt_disk_mksysb -m /usr/sys/inst.images/mksysb_filename -i /home/image.data -d hdisk2

-i image_data –  image.data file to use instead of the default image.data file from mksysb image. The image.data file name must be a full path name (for example, /tmp/my_image.data).

For example if you have a customized image.data file. A common use of a custom image.data file would be to break the mirrors on the rootvg so you can install a mksysb backup with a mirrored rootvg environment to one disk

Remove Timeout Parameter for SSH Connection in AIX

To remove timeout parameter for ssh connection

clientAliveInterval  600 : It means if the session is idle for 600 seconds session  will automatically  timeout.

Step 1 : Comment following parameter in /etc/profile file

# TMOUT=600

Step 2 : Un-comment in /etc/ssh/sshd_config file and set the "clientAliveInterval"  parameter:

clientAliveInterval 600
# TcpKeepAlive =yes
# ClientAlivecountMax 0

Step 3 : stop the ssh services and again start the ssh services.To reflect the ssh changes

     # stopsrc -s sshd
     # startsrc -s sshd

NOTE:  if you are not commenting TMOUT parameter, then the session will timeout if it is idle for 600 seconds even
if you have commented the mentioned the parameters in sshd_config file.

Thanks for reading this Post

How to disable SSH direct root login in AIX

In this post will discuss about to disable the direct root user login permanently. For security reasons you should not share the root password to others and however you can directly login from console either physical or virtual console.
Suppose if you have root password you can run commands whatever you want so in realtime this is not going to happen because SUDO will be implemented and direct root login has been disabled.
If you have are a oracle user you are authorised to run oracle related commands,files and directories

Step 1 : Take the backup of /etc/ssh/sshd_config file
# cp -rp /etc/ssh/sshd_config /etc/ssh/sshd_config_orgi

Step 2 : Disable "PermitRootLogin no" entry from /etc/ssh/sshd_config file. By default it mentioned as "yes" change it to "no"
# vi /etc/ssh/sshd_config

PermitRootLogin no

:wq!

save it

Step 3 : Stop the ssh services and again start the ssh services.To reflect the ssh changes.

# stopsrc -s sshd
# startsrc -s sshd

Note : Direct root login has been disbaled. If you want to login as a root two ways to login

1. Login from console its either physical or virtual
2. Login with your own user ID then switch to root
# ssh serverX@USERID
# su - root

Thanks for reading this Post

Differences between RHEL6 and RHEL7

Redhat 6

1. Release Date :  10th Nov 2010 10th NOV 2010.

2. Operating System Names : If you want to see this use this command
#cat /etc/redhat-release
RHEL6 : REDHAT ENTERPRISE LINUX (SANTIGO)

3. Kernel Version :  2.6.32

4. OS Boot Time :  40 sec

5. Single Partition Size Max : 50TB(Ext4)

6. Boot Loader : /boot/grub/grub.conf

7. Processor Architecture : Supports 32bit & 64bit  both

8. How To Repair a File System : fsck -y /dev/hda6

9. Manage Network : #setup

10. KDUMP : Kdump does’t support with large RAM Size

11. Hostname Configuration File : /etc/sysconfig/network

12. Default ISO Image Mount Path : /media

13. File System Check : e2fsck

14. File System Resize : #resize2fs  -p /dev/vg00/lv1

15. Tune a File System : tune2fs

16. IP Tables and Firewall : iptables

Redhat 7

1. Release Date : 10th June 2014

2. Operating System Names :If you want to see this use this command
#cat /etc/redhat-release
RHEL7: REDHAT ENTERPRISE LINUX (MAIPO)

3. Kernel Version :   3.0.10

4. OS Boot Time :  20 sec

5. Single Partition Size Max : 500TB(xfs)

6. Boot Loader : /boot/grupb2/grub.cfg

7. Processor Architecture : Only support 64bit

8. How To Repair a File System : xfs_repair /dev/hda6

9. Manage Network : #nmtui

10. KDUMP : Supported up to 3TB

11. Hostname Configuration File : /etc/hostname

12. Default ISO Image Mount Path : /run/media/root

13. File System Check : xfs_repair

14. File System Resize : #xfs_growfs  /dev/vg00/lv1

15. Tune a File System : xfs_admin

16. IP Tables and Firewall : firewalld


NOTE:
To see firewall status in RHEL7
#firewall-cmd   –state
To see Firewall status in RHEL6
#service iptables status
To stop firewall in RHEL7
#systemctl stop firewalld.service
To stop firewall in RHEL6
#service iptables stop

Thanks for reading this Post