|
midrange.com
This is on IBM's website, see below - sending commands to HMC
Sending HMC Commands from a CL Program
Technote
In R530 of IBM i5/OS, HMC commands can now be sent directly to the HMC by using
the 5733SC1 IBM Portable Utilities for i5/OS LPP. This allows i5/OS system
administrators to send commands to the HMC from an i5/OS command line or from a
program. As an example, a CL program performing a system backup can now issue a
DLPAR move command to add a tape device to its partition before performing the
save.
HMC commands are sent using the ssh command, which is part of the IBM Portable
Utilities for i5/OS product. The ssh command can be invoked from QSHELL, the
PASE shell, or the PASE terminal window.
CL Sample
The following sample CL program shows how to invoke QSHELL to run the ssh
command. The ssh command runs a HMC command on the remote HMC. The following
example calls the CL program and runs a DLPAR add operation to add the
specified IO slot to the target i5/OS partition. The program checks the exit
status of the HMC command to determine if the command succeeded. If run in
batch, the standard out from the HMC is directed to a spooled file for the job.
For more complex operations, it may be easier to wrapper the HMC commands in a
QSHELL script and run the script from the CL program.
Example Call:
CALL PGM(HMCCL) PARM(
'chhwres -r io -m CS6520 -o a - p RCHASCS6B -l 2102000A '
'9.5.32.12 ' 'ddilling2 ' '/ddilling/.ssh/id_rsa ')
/******************************************************************************/
/* HMC ssh Sample
*/
/*
*/
/* HMCCMD CHAR(122) HMC command to execute padded to 122 chars
*/
/* HOST CHAR(15) HMC hostname or ip address
*/
/* USER CHAR(10) [optional] HMC user profile name
*/
/* IDENTITY CHAR(48) [optional] Identity file name
*/
/*
*/
/* Parameters map to the ssh command being run as
*/
/* ssh host | user@host [-i identity] hmccmd
*/
/* where optional parameters with values of all blanks are treated as
missing.*/
/*
*/
/* - Requires 5733-SC1 -- IBM Portable Utilities for i5/OS
*/
/* - Secure script execution between the i5/OS partition and the HMC
*/
/* must be configured for the hmc profile being used.
*/
/* - if PARM3 is omitted (all blanks), ssh defaults to using the i5/OS user
*/
/* profile the program is running under (or name specified in user config
*/
/* file).
*/
/* - PARM4 can be omitted (all blanks) if the default location for the
*/
/* identity file is used (<homedir>/.ssh)
*/
/* - Assumes QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/bin
*/
/* has been added to the path.
*/
/*
*/
/* Example (as entered in call qcmd). Verify parameters are padded to the
*/
/* correct length.
*/
/* ===> CALL PGM(HMCCL)PARM(
*/
/*'ls /usr/hmcrbin
*/
/* ' '9.5.32.12 ' 'ddilling '
*/
/*'/ddilling/.ssh/id_rsa ')
*/
/*
*/
/* 6/28/2005 1.4 user profile parameter
*/
/* 7/05/2005 1.5 bug fix
*/
/* V1.5 ddilling@xxxxxxxxxx
*/
/******************************************************************************/
PGM PARM(&HMCCMD &HOST &USER &IDENTITY)
DCL VAR(&HMCCMD) TYPE(*CHAR) LEN(122)
DCL VAR(&HOST) TYPE(*CHAR) LEN(15) /*HMC host name/ip */
DCL VAR(&USER) TYPE(*CHAR) LEN(10) /*HMC userprofile */
DCL VAR(&IDENTITY) TYPE(*CHAR) LEN(48) /*Identity file */
DCL VAR(&CMD) TYPE(*CHAR) LEN(256)
DCL VAR(&USERLEN) TYPE(*INT)
DCL VAR(&X) TYPE(*INT)
/* return status parms */
DCL VAR(&BIN4) TYPE(*CHAR) LEN(4)
DCL VAR(&EXITCODED) TYPE(*DEC) LEN(8 0)
DCL VAR(&EXITCODEC) TYPE(*CHAR) LEN(8)
DCL VAR(&MSGID) TYPE(*CHAR) LEN(7)
/* Build the qshell command to execute */
/* adding the user profile as needed. */
IF (%SST(&USER 1 1) *EQ ' ') THEN(DO)
CHGVAR VAR(&CMD) VALUE('ssh ' *CAT &HOST)
ENDDO
ELSE DO
CHGVAR VAR(&CMD) VALUE('ssh ' *CAT &USER +
*TCAT '@' *CAT &HOST)
ENDDO
/*Add identity file if needed. */
IF (%SST(&IDENTITY 1 1) *NE ' ') THEN(DO)
/* Add the -i option to specify the identity file name */
/* Ex: -i /ddilling/.ssh/id_rsa */
CHGVAR VAR(&CMD) VALUE(&CMD *TCAT +
' -i ' *CAT &IDENTITY )
ENDDO
/*Append the command */
CHGVAR VAR(&CMD) VALUE(&CMD *TCAT +
' "' *CAT &HMCCMD *CAT '"' )
/* execute the command */
QSH CMD(&CMD)
MONMSG MSGID(CPF9999) EXEC(DO)
UNKNOWN:
SNDPGMMSG MSG('Unable to execute the ssh command. +
Review joblog for details.')
GOTO EXIT
ENDDO
/* Check the status code */
RCVMSG MSGTYPE(*COMP) RMV(*NO) MSGDTA(&BIN4) +
MSGID(&MSGID)
CHGVAR VAR(&EXITCODED) VALUE(%BINARY(&BIN4))
CHGVAR VAR(&EXITCODEC) VALUE(&EXITCODED)
/* 0 is command worked */
IF COND(&EXITCODED=0) THEN(DO)
SNDPGMMSG MSG('HMC command executed successfully, exit +
code 0')
ENDDO
/* 1 is command execution failed */
/* 2 is command syntax error */
/* 255 Unable to connect */
/* ELSE CMD(IF COND(&EXITCODD=1) THEN(DO */
ELSE CMD(DO)
SNDPGMMSG MSG('HMC command was executed but failed +
with a non-zero exit code of ' *CAT +
&EXITCODEC *CAT '. View stdout for details')
ENDDO
EXIT:
ENDPGM
Setup
1 Enable SSH on the HMC
In the Navigation area, click the HMC Management icon.
In the Contents area, double-click the HMC Configuration icon.
In the Contents area, click Enable/Disable Remote Command Execution.
Select the appropriate check box.
Click OK.
2 Install and Configure IBM Portable Utilities for i5/OS
The LPO 5733SC1, IBM Portable Utilities for i5/OS, is now available for V5R3
i5/OS users. The 5733SC1 LPO contains the OpenSSH, OpenSSL, and zlib open
source packages that are ported to i5/OS by using the i5/OS PASE runtime
environment. The 5733SC1 LPO requires that i5/OS V5R3 and i5/OS Option 33
(i5/OS PASE - Portable Solutions Application Environment) are installed. For
further information on installing and configuring this LPP, refer to the
following Web site:
http://www-1.ibm.com/servers/enable/site/porting/tools/openssh.html .
2a Configure the QSHELL path
The sample assumes the IBM Portable Utilities are added to the QSHELL path. The
QSHELL path can be set system wide by adding a path environment variable or by
using one of the other methods described in the iSeries Information Center.
To set the path using a system wide environment variable, on the i5/OS command
line type the following:
ADDENVVAR ENVVAR(PATH) +
VALUE('/usr/bin:/QOpenSys/usr/bin:/QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/bin')
LEVEL(*SYS)
Press the Enter key.
2b Verify the i5/OS user profile home directory
For each i5/OS user profile running the program under their account, verify the
home directory. Use the DSPUSRPRF command to verify the i5/OS user's home
directory (HOMEDIR field):
DSPUSRPRF <user>
Press the Enter key. The default is /home/<userprofilename>.
Verify the directory exists:
wrklnk <HOMEDIR value>
Press the Enter key. Use the mkdir command to create the directory or alter the
profile to the desired existing home directory as desired. This directory is
used to store the user ssh configuration information such as known_hosts or the
rsa key pairs.
2c Verify the DNS configuration and network connectivity
On the i5/OS command line type the command:
ping <hmc host name>
where <hmc host name> is the HMC's short host name. Verify that the ping is
successful. Then type the following command:
nslookup 'w.x.y.z'
where 'w.x.y.z' is the HMC's TCP/IP address. This must return the HMC's fully
qualified host name. Then type the following command:
nslookup <hmc host name>
where <hmc host name> is the HMC's short host name. This must return the HMC's
fully qualified host name and TCP/IP address.
2d Verify the ssh connection
Start QSHELL using the command STRQSH .
At the QSHELL prompt verify the ssh connection by using the following command:
ssh <user@hmc host name>
Verify that the user can log on the HMC and run a command such as ls
/usr/hmcrbin . If prompted for a terminal type, type vt100 .
Note: The first time a ssh connection is made to the HMC the user is prompted
to verify the authenticity of the hmc:
The authenticity of host 'cs6hmc (9.5.32.12)' can't be established.
. key fingerprint is RSA.
Are you sure you want to continue connecting (yes/no)?
The user must answer yes. The HMC's public key will then be stored in the
user's <home>/.ssh/known_hosts file and the user will not be prompted again.
The known_hosts file must be configured for each i5/OS user profile that the CL
program will run under.
3 Setup secure script to run between the i5/OS and HMC
Secure script allows an ssh session to be created without prompting for
user/password. Click here and follow the instructions on the Web site to
configure secure script to run from the i5/OS to the HMC:
The commands used in the setup can be entered from QSHELL ( STRQSH ) or from
the PASE terminal session ( call qp2term ). If prompted for a terminal type,
type vt100 .
3a Generate a key pair by using the command ssh-keygen . Do not type a
passphrase when prompted (press the Enter key).
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/ddilling/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /ddilling/.ssh/id_rsa.
Your public key has been saved in /ddilling/.ssh/id_rsa.pub.
The key fingerprint is: 86:57:44:54:f6:2c:9f:fa:88:fd:97:2e:b4:53:c0:f8
ddilling@xxxxxxxxxxxxxxxxxxxxxxxx
3b List the public key that was generated:
cat <filename>
where <filename> is the public key file name (id_rsa.pub) from the previous
step. The output will be a long string such as the following:
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwQD9d7iHyQLgz2pj4rv1CUhLlh5VfnHd4NCyWrCL2lpiv8vm9gB6P4gF
p361JtRdyGzh5KXtuXhctQrYnR5nAIJyALUfYZMiDwakXK4puDalu/49V/oXu4gkNjOACcOBmsGsXLo8b8N9
2cNRJKW2bvM0JtuleFCoC784Z9sVqBM= ddilling@xxxxxxxxxxxxxxxxxxxxxxxx
3c Use ssh to run the HMC mkauthkeys command
This command stores the public key generated in step 3a in the HMC user's
~/.ssh/authorized_keys2 file:
ssh <user@hostname> "mkauthkeys --add '<the key string from
$HOME/.ssh/id_rsa>'"
Note: Type or copy/paste the key string exactly as it is stored in the file. Do
not include any carriage return or line feed characters.
3d _ Verify the secure script configuration
Verify that the key was entered correctly. The output of the following command
must contain the key exactly as shown in step 3b. If multiple systems have
configured secure script, then more than one entry may exist.
ssh <user@hostname> "cat .ssh/authorized_keys2"
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwQD9d7iHyQLgz2pj4rv1CUhLlh5VfnHd4NCyWrCL2lpiv8vm9gB6P4gF
p361JtRdyGzh5KXtuXhctQrYnR5nAIJyALUfZMiDwakXK4puDalu/49V/oXu4gkNjOACcOBmsGsXLo8b8N92
cNRJKW2bvM0JtuleFCoC784Z9sVqBM= ddilling@xxxxxxxxxxxxxxxxxxxxxxxx
If the keys match, then running the ssh command will no longer prompt for a
user or password (the terminal type prompt will not appear when run in batch).
ssh <user@hostname>
tcgetattr: The specified device does not exist.
Last login: Thu Jun 30 17:26:51 2005 from localhost.localdomain
tset: unknown terminal type unknown
Terminal type?
vt100
vt100
ddilling@cs6hmc:~>
Common Error Messages
ssh: w.x.y.z: Hostname and service name not provided or found
When you connect using a TCP/IP address, ssh expects to be able to perform a
DNS reverse-lookup for the address provided. If the host name cannot be
resolved, this error is returned. To resolve the problem, correctly register
the HMC in the DNS (and enable reverse name look-up) or add a host table entry
for the HMC address to the IBM eServer? i5 partition's host table. The
following command creates a host table entry in i5/OS:
ADDTCPHTE INTNETADR('w.x.y.z') HOSTNAME((somehostname)
Press the Enter key.
-----Original Message-----
From: M. Lazarus <mlazarus@xxxxxxxx>
To: midrange-l@xxxxxxxxxxxx
Sent: Mon, 20 Feb 2006 21:23:00 -0500
Subject: Allocating controller via HMC programmatically
I have just started a project at a client and my colleague has run
into a situation brought on by the installation of the HMC.
OS version: v5r3.
HMC version: 5.1
The goal is to be able to allocate (switch over) the I/O controller
for the tape drive programmatically between LPARs. Previously
(before the HMC was installed) he was using the QYHCHCOP (Perform
Hardware Configuration Operations) API to accomplish the
switch. Since we don't know when the first partition's backup will
end, we can't just schedule the switch at a fixed time via the
HMC. Therefore, we'd like to make the allocation
programmatically. Is this possible? Can anyone supply some sample code? TIA.
-mark
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
