If you manage a few IBM Power Systems via a Hardware Management Console (HMC), you're probably very familiar with the user-friendly HMC browser. But if you want to run a command for several Power Systems, navigating through the browser menu for each one can be a little cumbersome. For some tasks you may prefer to use the HMC command line interface (CLI). You can connect to the CLI using Secure Shell (SSH) and what's even better is that you can then write a shell script to call HMC commands. That shell script could be written on AIX using the shell of your choosing. This can simplify your job when you want to run tasks on several Power Systems or schedule a task on the HMC instead of running it interactively.
The HMC Restricted Shell
When you connect via SSH to the HMC, you have access to the HMC restricted shell. Even though it's restricted, you can still use it to handle the tasks you'd usually do through the HMC browser. For example, you can use the HMC shell for:
- - creating a system plan – an excellent documentation tool
- - doing a backup of the logical partition (LPAR) profiles
- - stopping, starting or reconfiguring LPARs
- - listing resources allocated to an LPAR
- - creating a virtual terminal (console) session for an LPAR using the HMC vtmenu command
HMC SSH setup
It's easy to set up Secure Shell for the HMC -- provided you have permissions and access to the HMC via a browser or the console. You just have to Enable Remote Command execution. The resources section below has a link explaining the procedure step by step.
Once remote command execution is set up, you can connect to the HMC command line.
ssh hscroot@hmc1
Password:
Last login: Mon Oct 17 12:32:41 2011 from nim1
hscroot@hmc1:~>
When you log onto the HMC using SSH, you can run HMC commands, such as this one which lists managed systems:
lssyscfg -r sys -F name
Server-8204-E8A-SNZZZZZZ
Server-8203-E4A-SNYYYYY
SSH autologin
You can also set up SSH keys from a trusted host. This lets you run HMC commands without having to enter a user name and password each time you connect to the HMC. You need to create an SSH key on the host you're connecting from (such as an AIX LPAR using the ssh-keygen command) and add the key on the HMC using the mkauthkeys command. See the resources section below for more details.
You'll need to be careful using this automatic login -- especially if the user connecting has the task role of hmcsuperadmin. You could power down all critical systems with a single script!
Scripting without the Restrictions
Once you've got the automatic login configured and tested, you can create shell scripts on your AIX LPAR which connect to the HMC and then run commands. This means you can write scripts in your favorite shell (Korn shell or bash, for example) and capture the output from the HMC commands.
Here's a simple script to connect from an AIX LPAR and create a backup of the profile data for each managed system connected to the HMC:
# Connect to HMC (assumes SSH keys have been set up)
# Output date in format YYYYMMDD
datestamp=$(date +%Y%m%d)
# Connect to HMC and list managed systems
for host in $(ssh hscroot@hmc1 lssyscfg -r sys -F name)
do
# Use datestamp and managed system name to set an output file
filename=”${datestamp}_${host}”
# Connect to HMC again and backup the profile data for each managed system
ssh hscroot@hmc1 “bkprofdata -m $host -f $filename”
done
You can enhance this script as you need. Here are some ideas:
- - make the HMC name a parameter
- - set the ssh connection command as a variable
- - include error checking
- - redirect output to a file, or pipe it to another AIX command
- - run other HMC commands such as to create a system plan using mksysplan
The non-interactive shell setup is also available for the Integrated Virtualization Manager (IVM) and the Systems Director Management Console (SDMC).
By setting up ssh keys you have the ability to run commands in the HMC restricted shell while executing a script on AIX using a shell that is not restricted.
Resources
Anthony English is an AIX / Power Systems engineer working in Sydney. Follow him on Twitter @AIXDownUnder.