基于NIM的mksysb完全实现手册
基于NIM 的mksysb 完全实现手册
之所以想写这样的一个文档,是因为看到IBM技术支持中心已经有了一篇同样内容的资料(中文的),但其实有些操作方面,是不对的,甚至效率低,才CU上也看到有人写了一个PDF文档,也是按照那样的思路来做的,实际上,NIM本身的设计思想,并不是让我们这样去实现mksysb的(其实我主要指的是,他们实现的方式,是本地mksysb 一个image file ,然后Ftp到NIM SERVER,然后单独创建mksysb resource,然后又 …………,而且并没有谈到对应SPOT的创建 …… )
Ok , 开始干活了 , 全程记录本次过程
Let me see , 第一步做啥呢,呵,肯定是登陆到NIM SERVER再说了,需要安装的是一个LPAR,裸机,哈。
环境介绍一下吧,这次我是想将一个670上的系统通过nim mksysb的方式,安装到570的一个LPAR上面,磁带机? 磁带? sorry,这些东西咱都不需要,但网络上必须通,至于怎么通的,请咨询网络工程师。
670 要添加到NIM SERVER中,创建一个NIM CLIENT
570的那个LPAR,也要在NIM SERVER上首先创建一个NIM CLIENT
/etc/hosts 中,都写好 (写啥就不说了)
第一步: 在NIM SERVER中添加670的NIM CLIENT
smitty nim
- > Perform NIM Administration Tasks
-> Manage Machines
-> Manage Machines
Define a Machine
Type or select a value for the entry field.
Press Enter AFTER making all desired changes.
[Entry Fields]
* Host Name of Machine [loveunix] -> 这个是670的hostname , /etc/hosts中也要有所定义
(Primary Network Install Interface)
第二步: 开始直接创建mksysb 的image resource
smitty nim_mkres
resource type 选择 mksysb = a mksysb image
Define a Resource
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[TOP] [Entry Fields]
* Resource Name [loveunix_mksysb_res]
* Resource Type mksysb
* Server of Resource [master] +
* Location of Resource [/export/spot/mksysb/loveunix.mksysb] /
Comments []
Source for Replication [] +
-OR-
System Backup Image Creation Options:
CREATE system backup image? yes +
NIM CLIENT to backup [loveu
nix] +
PREVIEW only? no +
IGNORE space requirements? no +
EXPAND /tmp if needed? no +
Create MAP files? no +
Backup extended attributes? yes +
COMMAND STATUS
Command: running stdout: yes stderr: no
Before command completion, additional instructions may appear below.
+---------------------------------------------------------------------+
System Backup Image Space Information
(Sizes are displayed in 1024-byte blocks.)
+---------------------------------------------------------------------+
Required = 10169413 (9932 MB) Available = 25653008 (25052 MB)
Creating information file (/image.data) for rootvg.
Creating list of files to back up.
OK , 开始mksysb 到远程的Nim server 同时创建好该mksysb resource ,该过程时间较长,请耐心等待 。
创建完了
[Nim-srv]/etc#lsnim -l loveunix
ibpapp2:
class = resources
type = mksysb
arch = power
Rstate = ready for use
prev_state = unavailable for use
location = /export/spot/mksysb/loveunix.mksysb
version = 5
release = 3
mod = 0
oslevel_r = 5300-05
alloc_count = 0
server = master
第三步: 给所要安装的机器,在NIM SERVER中,添加该client , 例如名字为aix
方法如第一步中所示。
第四步:根据该mksysb resource,创建所对应的SPOT,从而引导所需要安装的nim client
smitty nim_mkres , 类型选择SPOT
Define a Resource
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* Resource Name [aix_spot]
* Resource Type spot
* Server of Resource [master] +
* Source of Install Images [aix] +
* Location of Resource [/export/spot/] /
Expand file systems if space needed? yes +
Comments []
installp Flags
COMMIT software updates? no +
SAVE replaced files? yes
+
AUTOMATICALLY install requisite software? yes +
OVERWRITE same or newer versions? no +
VERIFY install and check file sizes? no +
该步骤时间较长,继续耐心等待
COMMAND STATUS
Command: running stdout: yes stderr: no
Before command completion, additional instructions may appear below.
Creating SPOT in "/export/spot/" on machine "master" from "ibpapp2" ...
Restoring files from BOS image. This may take several minutes ...
从nmon来看
lqDisk-I/O-StatisticsqKBytes/second (K=1024)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
xDisk Busy Read Write 0----------25-----------50------------75--------100 x
x Name KB/s KB/s | | | | | x
xhdisk1 0% 0 0|> | x
xhdisk0 100% 1785 0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>
等吧。
第五步 : 开始安装了
smitty nim_bosinst
-> aix (选择要安装的NIM CLIENT,目前该机器还是裸机)
-> mksysb - Install from a mksysb
-> ibpapp2 resources mksysb (i Select the MKSYSB to use for the installation )
-> 选择之前定义的mksysb resource
-> 选择和该mksysb对应的SPOT
在后面生成的菜单中,选择 ACCEPT new license agreements? [yes]
之后,给570的那个LPAR power on , 然后在IPL中,设置network boot 相关的network config,设置该client的地址,Nim server的地址,然后做Ping test ,然后选择引导的网卡,就可以启动安装了
之后的过程,就和用本地磁带引导恢复安装一样的。
第六步: 总结
回顾整个过程,有一些技术细节,例如如果做了安全的设置,禁用了rsh \ tftp \ nfs \ bootps 等,NIM的实施将不会成功 ,对于真实的企业IT环境,存在防火墙的情况,请参考如下:
Firewall Considerations
NIM makes use of several protocols which are generally considered risky
services on firewall machines. It is recommended that users who desire
firewall protection within their NIM environment follow a few rules:
1. The NFS program usually runs at port 2049 which is outside of the
privileged port space. Normally, access to portmapper (port 111) is
needed to find which port this service runs on, but since most
installations run NFS on this port, hackers can bypass NFS and try this
port directly. NFS was designed as a LAN service and contains numerous
security vulnerabilities when used over the Internet. NFS services
should
not be run on firewall machines; if a NIM master resides on a
firewall machine, then resources should reside on another client -
clients may also be used as resource servers in a NIM environment.
2. If possible, TFTP servers should not be placed on firewall machines
since no authentication is needed when requesting service. The TFTP
protocol does allow for denying access based on entries contained in
/etc/tftpaccess.ctl. NIM manages access to files in /tftpboot only; so
all other directory locations should be off limits. When managed
properly, TFTP access can be viewed as acceptable in the NIM
environment.
3. Since rsh is the standard method of client control, clients
participating in the NIM environment must allow shell service (514) or
enable Kerberos in the NIM environment per client. In order to reduce
the amount of open ports in the NIM environment, the following rules may
be applied:
* For every NIM communication using rsh, leave five (5) ports open
starting at 1023 and decrementing from there. So if a client is
communicating in the NIM environment, the client should leave open ports
(1023-1019) and the master should leave open ports (1023-1019). This is
an estimate and may not work in all environments since other services
may call rreservport() prior to, or during, NIM operations. When
monitored, this approach should work fine in small environments since
access to ports in the privileged space are restricted to super-user
access only.
* Users may also add secondary interfaces for each client participating
in the NIM environment. The additional interfaces should be packet
filtered
* When NIM clients no longer participate in the NIM environment, or are
temporarily removed from the NIM environment, users should disable rsh
services on client machines by removing /.rhosts and/or removing rshd
service.
另外,在nim network Resource的规划也比较重要,否则Nim client在启动的时候,会出现停止在LED0608 OR LED 0613 等位置,因为不同machine 的建立往往在不同网段,就会自动生成不同的network resource,也就有可能产生Network Install Routing 的问题。
到此为止,基本应该结束这个帖子了。
为什么我的NIM菜单不一样???(在js20上,os 5.300-04
#smitty nim
Network Installation Management
Move cursor to desired item and press Enter.
Configure Network Installation Management Client Fileset
Install and Update Software
List Software on Media and Related Information
Manage Network Install Permissions
Manage Network Install Resource Allocation
Perform a NIM Client Operation
Configure Client Communication Services
Thin Server Maintenance
Configure Client as Master for Virtual I/O Server and Integrated Virtualizatio
n Manager Installation
因为你是在NIM CLIENT上敲得smitty nim
补充: NIM MKSYSB 过
程中0613的解决过程 (呵呵,这样写,google就可以search到)
我在实际的操作过程中,其实遇到了一个技术问题,该问题在国内的技术网站没有发现解决办法,后来在https://www.360docs.net/doc/7d8199903.html,/viewthread.cfm?qid=1307070&page=3中看到了这个帖子, 前面其实也说到过,network install routing的问题所致。
Q:提问
Ok, im trying to install a mksysb image onto a client created through nim.
the client/mksysb is AIX 5.3 TL4-03. The NIM server is running at AIX5.3 TL5-00.
The mksysb resource is created, boot image is created fine, created from the TL4-03 lpp_source/spot.
When i boot the client over the network from SMS, it talks quite happily with the NIM server, and downloads its boot image. It starts booting AIX, then it hangs and i get an HMC error 0613, which according to the docs means it "could not query the dump".
Snooping the network interface of the nim server, i also see nim client reporting udp port 6178 unavailable. Unsure of this is related or not ??
17:14:12.342611 IP 192.168.1.2 > 192.168.1.1: icmp 36: 192.168.1.2 udp port 6178 unreachable
Any idea's whats wrong ?
Thanks in advance.
C'mon guys, someone must know something about this ?
More snooping on the network between nim master & client, im seeing a lot of packets from the client to master for udp port 32768, which the master is reporting as not available
master = 192.168.1.1
client = 192.168.1.2
12:04:18.812959 IP 192.168.1.1.33060 > 192.168.1.2.32768: udp 516
12:04:18.813278 IP 192.168.1.2 > 192.168.1.1: icmp 36: 192.168.1.2 udp port 32768 unreachable
12:04:23.812998 IP 192.168.1.1.33060 > 192.168.1.2.32768: udp 516
12:04:23.813324 IP 192.168.1.2 > 192.168.1.1: icmp 36: 192.168.1.2 udp port 32768 unreachable
12:04:28.813037 IP 192.168.1.1.33060 > 192.168.1.2.32768: udp 516
12:04:28.813301 IP 192.168.1.2 > 192.168.1.1: icmp 36: 192.168.1.2 udp port 32768 unreachable
So, my guess is that the client cant nfs mount the mksysb resource. However, NFS is running ok on the master, and the resources are visible, and assigned for use by the client.
root@aixtest01:/# showmount -e
export list for aixtest01:
/export/nim/lpp_source53TL4/lpp_source53TL4 aixtest02_bta
/export/nim/spot53TL4/spot53TL4/usr aixtest02_bta
/data01/mksysb/aixtest02_mksysb aixtest02_bta
/export/nim/scripts/aixtest02.script aixtest02_bta
Someone must have been through this before.
A1: 另外一个网友的回答
Long time ago, I had the same HMC led code 613 but it was linked to some bug in AIX (I was not able to boot system from a SAN disk). But you have newer TL/ML so I guess it is not the case.
I also was not able to install successfuly when my mksysb "contained" mirrored rootvg and I had only one disk in new system. As far as I remember to solve the issue I had to customize bosinst.data.
In your settings all seems to be ok, master and client s
eems to be in the same network.
Please let me know the status of all steps you are perfroming installing your mksysb (I would set no gateway in the interface configuration in SMS).
Starting from AIX 5.3 it is possible to create SPOT from a mksysb - you could also try it to isolate the problem.
Check also your hardware firmware level.
A2 (其实是自己搞定了)Ok, got to the bottom of it.
Turns out there was a network install route to a gateway which was not accessable to the nim client interface being used to talk to the NIM master.
I removed the route from the NIM config, and et voila !
昨天被人问: 如果单独安装一个BUNDLE,通过NIM分发,或者类似ssh , hacmp 这样的软件,通过NIM SERVER分发安装,如何做 ?
OK ,举例如下:
安装CDE BUNDLE:
1、安装CDE BUNDLE到lpp_source1中(做resource是第一位的)
smitty nim -> Perform NIM Administration Tasks -> Manage Resources -> Perform Operations on Resources ->
选择 lpp_source1 resources lpp_source
选择 update = add or remove software to or from an lpp_source
Update an lpp_source
Type or select a value for the entry field.
Press Enter AFTER making all desired changes.
[Entry Fields]
Add or Remove Software add +
如上图所示
Add Software to an lpp_source
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
TARGET lpp_source lpp_source1
SOURCE of Software to Add cd0
SOFTWARE Packages to Add [] +
-OR-
INSTALLP BUNDLE containing packages to add [CDE] +
gencopy Flags
DIRECTORY for temporary storage during copying [/tmp]
EXTEND filesystems if space needed? yes +
Process multiple volumes? no + +
选择CD0,增加CDE BUNDLE到LPP_SOURCE
COMMAND STATUS
Command: OK stdout: yes stderr: no
Before command completion, additional instructions may appear below.
/export/lpp_source/lpp_source1/installp/ppc/X11.Dt.5.3.0.0.I
/export/lpp_source/lpp_source1/installp/ppc/X11.Dt.5.3.0.0.I.1
OK ,执行成功。
2、开始分发CDE BUNDLE (其它雷同)
smitty nim -〉Perform NIM Software Installation and Maintenance Tasks -〉 Install and Update Software -〉 Install Software Bu
ndle -〉
Select a TARGET for the operation 例如:loveunix
Select the LPP_SOURCE containing the install images (在lpp_source1中有CDE image,所以就选择这个)
Select the BUNDLE to use : 这里面选择CDE
3、Press ENTER and wait for
使用 SMIT 配置 NIM 主控机并创建基本的安装资源
使用此步骤使用 SMIT 配置 NIM 主控机并创建基本的安装资源。
将 AIX 5.3 卷 1 CD 插入指定主控机的相应驱动器中。
要安装 bos.sysmgt.nim.master 文件集,输入 smit install_latest 快速路径。
使用 LIST 选项选择 /dev/cd0 作为软件的“输入”设备/目录。
指定 bos.sysmgt.nim.master 为要安装的“软件”。
接受此屏幕上的所有其他字段的缺省值。在成功完成此安装后,退出 SMIT。
要配置 NIM 主控机,输入 smit nim_config_env 快速路径。
使用 LIST 选项,选择 NIM 主控机的“主网络接口”。
使用 LIST 选项为安装/映像的输入设备字段选择 /dev/cd0 或 /dev/rmt0。
如果要支持无盘或无数据客户机,在创建无盘/无数据机器资源?字段中选择是,然后提供要创建资源的名称。
在如果此操作的任何部分失败则除去所有新添加的 NIM 定义和文件系统处选择是。这将使得发生故障时较容易重新启动本过程。
接受在本屏幕上的所有其他字段的缺省值。
注:
视机器的速度而定,创建基本的 NIM 资源可能是一个很长的过程。
此过程提供比只是配置 NIM 主控机和创建 lpp_source 与 SPOT 资源强得多的能力。然而,对于这种简单的配置,则仅会使用可用功能的子集。高级 NIM 管理员可以使用通过此过程访问的 SMIT 屏幕来创建更复杂的环境。
当您对于配置任务已经更加了解时,您可能希望在发生故障时不自动撤销所有配置(如先前过程中的步骤 10)。对经验丰富的管理员,从最后的故障点继续能产生更快的配置。