adminCtrlX – Simplifying System Administration

Running IBM AIX 7.2 on x86 with QEMU POWER8 Emulation – Lab Setup Guide

This document describes the procedure to deploy IBM AIX 7.2 TL04 SP02 (7200-04-02) using QEMU POWER8 emulation on an Ubuntu Server virtual machine running inside VMware Workstation.

This environment enables administrators and engineers to build a functional AIX lab environment on x86 hardware without requiring IBM Power Systems.

The lab environment can be used for:

AIX system administration practice
Software testing and compatibility validation
Networking and storage configuration experiments
OpenSSH configuration and security testing
Development and educational purposes

Since the host platform is x86, QEMU uses TCG (Tiny Code Generator) for software emulation of the POWER architecture.

2. Prerequisites

2.1 Hardware Requirements

Component Requirement

CPU Intel VT-x/EPT or AMD-V/RVI

RAM Minimum 16 GB recommended

Storage Minimum 60 GB free space

Hypervisor VMware Workstation Pro or Player

Important Notes

VT-x / AMD-V is required for Ubuntu VM performance, not for POWER acceleration.

AIX will run using QEMU TCG software emulation.

3. Create Ubuntu Server Virtual Machine

3.1 Create VM in VMware Workstation

Open VMware Workstation

Select Create New Virtual Machine

Configuration:

Setting Value

Guest OS Linux

Version Ubuntu 64-bit

ISO Image ubuntu-24.04.4-live-server-amd64.iso

Memory 8–16 GB

CPU Minimum 4 cores

Disk 100 GB recommended

Network Bridged (recommended) or NAT

3.2 Enable CPU Virtualization

Navigate to:

VM → Settings → Processors

Enable:

Virtualize Intel VT-x/EPT or AMD-V/RVI

Virtualize CPU performance counters (optional)

Ensure hardware virtualization is enabled in system BIOS.

4. Install Ubuntu Server

Download Ubuntu Server ISO:

https://ubuntu.com/download/server

File:

ubuntu-24.04.4-live-server-amd64.iso

Installation Steps

4.1 Boot VM using the ISO.

4.2 Select:

Try or Install Ubuntu Server

4.3 Installation sequence:

Language → English
Ubuntu Server Installation
Configure Network
Configure Storage (LVM recommended)
Create User ID and Password
Enable OpenSSH Server
Start Installation

After installation completes, log in and update the system.

System Update :

$ sudo apt update

$ sudo apt upgrade -y

5. Install QEMU for POWER Architecture

Install QEMU packages required for POWER emulation.

$ sudo apt update

$ sudo apt install qemu-system-ppc qemu-utils

Verify Installation

# qemu-system-ppc64 --version

Example output:

QEMU emulator version 8.2.2 (Debian 1:8.2.2+ds-0ubuntu1.12)

6. Configure Br0 & Br1 for AIX VM to connect Private Network
# vi /etc/netplan/50-cloud-init.yaml

Example:

network:

version: 2

renderer: networkd

ethernets:

ens160:

dhcp4: no

ens192:

dhcp4: no

bridges:

br0:

interfaces: [ens160]

addresses: [192.168.10.108/24]

gateway4: 192.168.10.1

nameservers:

addresses: [192.168.10.100]

search: [ppc.com]

parameters:

stp: false

forward-delay: 0

br1:

interfaces: [ens192]

addresses: [192.168.20.108/24]

gateway4: 192.168.20.1

nameservers:

addresses: [192.168.20.100]

search: [ppc.com]

parameters:

stp: false

forward-delay: 0

Note: If you are using VMware ESXI then make sure below setting need to be enable security level:

7. AIX Disk Template Preparation

Install the AIX 7.2 TL04 SP02 server.
adminCtrlX – Simplifying System Administration: Install QEMU PPC64 on Ubuntu 24.04.4 & Deploy IBM AIX 7.2 TL04 SP02

After Installation AIX 7200-04-02 then Setup .profile
# vi .profile

Example:

indaixwpr01 / # cat .profile

# Root Profile

export HOST=$(uname -n)

# Terminal & Input

export TERM=vt100

stty erase ^H

stty erase ^?

# Path & Libraries

export PATH=/usr/bin:/usr/sbin:/etc:/usr/local/bin:/usr/bin/X11:$HOME/bin:.

export LIBPATH=/usr/lib:/lib:/usr/local/lib

# Shell Behavior

export PS1="$HOST \$PWD # "

export HISTSIZE=5000

export TMOUT=1800 # 30 minute timeout

export EDITOR=vi

export FCEDIT=vi

# System Limits

ulimit -f unlimited

ulimit -d unlimited

# Localization

export LANG=en_US

export LC_ALL=en_US

indaixwpr01 / #

Error:

error: db4 error(22) from dbenv->open: A system call received a parameter that is not valid.

error: cannot open Packages index using db4 - A system call received a parameter that is not valid. (22)

error: cannot open Packages database in /opt/freeware/packages

error: db4 error(22) from dbenv->open: A system call received a parameter that is not valid.

error: cannot open Packages index using db4 - A system call received a parameter that is not valid. (22)

error: cannot open Packages database in /opt/freeware/packages

To fix:

# rm /var/lib/rpm/__db*

# rpm --rebuilddb

Install sudo rpm package
# rpm -Uvh sudo-1.9.17-3.aix71.rpm

# smitty tcpip ---> Minimum Configuration & Startup

indaixwpr01 / # ifconfig -a

en0: flags=e084863,14c0<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGESEND,CHAIN>

inet 192.168.20.13 netmask 0xffffff00 broadcast 192.168.20.255

tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1

en1: flags=e084863,14c0<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGESEND,CHAIN>

inet 192.168.10.13 netmask 0xffffff00 broadcast 192.168.10.255

tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1

lo0: flags=e08084b,c0<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGESEND,CHAIN>

inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255

inet6 ::1%1/64

tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1

indaixwpr01 / #

Shutdown AIX VM:

# shutdown -h

Destination directory:

/aix/image

Example template file: which is the part of the AIX installation boot disk:

aix_7200-04.qcow2

8. Disk Preparation Script

Create the script:

# vi prepare-disks.sh

Purpose:

Convert the AIX disk to template disk to RAW format
Create additional data disks for each VM

Script

------------------------------------------------------------------------------------------------------------------

#!/usr/bin/env bash

set -euo pipefail

BASE_IMG="/aix/image/aix_7200-04.qcow2"

DISK_DIR="/aix/disk"

if [ $# -lt 1 ]; then

echo "Usage: $0 vmname1 [vmname2 vmname3 ...]"

exit 1

echo "Preparing disks for: $@"

echo

for SERVER in "$@"; do

BOOT_DISK="${DISK_DIR}/${SERVER}-hdisk1.raw"

DATA1_DISK="${DISK_DIR}/${SERVER}-hdisk2.raw"

DATA2_DISK="${DISK_DIR}/${SERVER}-hdisk3.raw"

echo "---- $SERVER ----"

if [ ! -f "$BOOT_DISK" ]; then

echo "Creating boot disk..."

qemu-img convert -p -f qcow2 -O raw "$BASE_IMG" "$BOOT_DISK"

if [ ! -f "$DATA1_DISK" ]; then

echo "Creating hdisk2 (30GB)"

qemu-img create -f raw "$DATA1_DISK" 30G

if [ ! -f "$DATA2_DISK" ]; then

echo "Creating hdisk3 (40GB)"

qemu-img create -f raw "$DATA2_DISK" 40G

done

echo "Disk preparation completed."

------------------------------------------------------------------------------------------------------------------

8.1 Run Disk Preparation

Example:

# ./prepare-disks.sh indaixwpr01

Example output:

/aix/disk/indaixwpr01-hdisk1.raw

/aix/disk/indaixwpr01-hdisk2.raw

/aix/disk/indaixwpr01-hdisk3.raw

Verify disks:

ls -lh /aix/disk

Example:

-rw-r--r-- indaixwpr01-hdisk1.raw 30G

-rw-r--r-- indaixwpr01-hdisk2.raw 30G

-rw-r--r-- indaixwpr01-hdisk3.raw 40G

9. Start AIX Virtual Machine

This script:

Creates TAP network interfaces
Assigns bridge interfaces
Allocates memory and CPU
Starts QEMU POWER8 virtual machine
Exposes console via Telnet port

VM console ports will be allocated between:

8001 – 8100

Example command:

# ./start-vm.sh indaixwpr01

=================================

Starting VM: indaixwpr01

TAP0 (br0): tap0

TAP1 (br1): tap1

Telnet port: 8001

=================================

All requested VMs started successfully.

Create script:

# vi start-vm.sh

------------------------------------------------------------------------------------------------------------------

#!/usr/bin/env bash

set -euo pipefail

DISK_DIR="/aix/disk"

BRIDGE0="br0"

BRIDGE1="br1"

MEM="4G" # Consider increasing to 8G for better performance

CPU="2" # Can increase to match host cores

BASE_PORT=8001

LOG_DIR="/tmp"

if [ $# -lt 1 ]; then

echo "Usage: $0 vmname1 [vmname2 vmname3 ...]"

exit 1

# ---------------- Functions -------------------

is_port_free() {

local port=$1

if ! lsof -i :${port} >/dev/null 2>&1; then

if ! netstat -tln 2>/dev/null | grep -q ":${port} "; then

return 0

return 1

}

get_free_port() {

local port=${BASE_PORT}

while [ $port -le 8100 ]; do

if is_port_free $port; then

echo $port

return 0

port=$((port + 1))

done

echo "ERROR: No free ports available (8001-8100)" >&2

exit 1

}

get_free_tap() {

local index=0

while [ $index -lt 200 ]; do

local tap_name="tap${index}"

if ! ip link show "${tap_name}" >/dev/null 2>&1; then

ip tuntap add mode tap "${tap_name}" user "$(whoami)"

ip link set "${tap_name}" up

echo "${tap_name}"

return 0

index=$((index + 1))

done

echo "ERROR: No free TAP interfaces found (tap0-tap199)" >&2

exit 1

}

generate_mac() {

printf '52:54:00:%02X:%02X:%02X' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))

}

# ---------------- MAIN LOOP -------------------

for SERVER in "$@"; do

if [ -f "${LOG_DIR}/${SERVER}.pid" ]; then

OLD_PID=$(cat "${LOG_DIR}/${SERVER}.pid")

if ps -p "${OLD_PID}" >/dev/null 2>&1; then

echo "Stopping existing VM ${SERVER} (PID ${OLD_PID})"

kill -9 "${OLD_PID}" || true

sleep 1

rm -f "${LOG_DIR}/${SERVER}.pid"

TELNET_PORT=$(get_free_port)

TAP0=$(get_free_tap)

TAP1=$(get_free_tap)

MAC0=$(generate_mac)

MAC1=$(generate_mac)

# ---- RAW disks ----

BOOT_DISK="${DISK_DIR}/${SERVER}-hdisk1.raw"

DATA1_DISK="${DISK_DIR}/${SERVER}-hdisk2.raw"

DATA2_DISK="${DISK_DIR}/${SERVER}-hdisk3.raw"

if [ ! -f "$BOOT_DISK" ]; then

echo "Boot disk not found for ${SERVER}"

echo "Run prepare-disks.sh first."

exit 1

echo "================================="

echo "Starting VM: $SERVER"

echo "TAP0 (br0): $TAP0"

echo "TAP1 (br1): $TAP1"

echo "Telnet port: $TELNET_PORT"

echo "================================="

ip link set "${TAP0}" master "${BRIDGE0}"

ip link set "${TAP1}" master "${BRIDGE1}"

UUID=$(uuidgen)

nohup qemu-system-ppc64 \

-name "${SERVER}" \

-cpu POWER8 \

-uuid "${UUID}" \

-machine pseries,ic-mode=xics,memory-backend=ram0,cap-cfpc=broken,cap-ibs=broken,cap-ccf-assist=off,cap-sbbc=broken \

-accel tcg,thread=multi,tb-size=4096 \

-object memory-backend-ram,id=ram0,size=${MEM},prealloc=yes \

-m ${MEM} \

-smp ${CPU},cores=${CPU},threads=1,sockets=1 \

-serial "telnet:127.0.0.1:${TELNET_PORT},server,nowait" \

-display none \

-device virtio-scsi-pci,id=scsi0 \

-drive file="${BOOT_DISK}",if=none,id=drive-boot,format=raw,cache=writeback,aio=threads \

-device scsi-hd,drive=drive-boot,bus=scsi0.0,scsi-id=0,bootindex=0 \

-drive file="${DATA1_DISK}",if=none,id=drive-data1,format=raw,cache=writeback,aio=threads \

-device scsi-hd,drive=drive-data1,bus=scsi0.0,scsi-id=1 \

-drive file="${DATA2_DISK}",if=none,id=drive-data2,format=raw,cache=writeback,aio=threads \

-device scsi-hd,drive=drive-data2,bus=scsi0.0,scsi-id=2 \

-netdev tap,id=net${SERVER}0,ifname=${TAP0},script=no,downscript=no \

-device spapr-vlan,netdev=net${SERVER}0,mac=${MAC0} \

-netdev tap,id=net${SERVER}1,ifname=${TAP1},script=no,downscript=no \

-device spapr-vlan,netdev=net${SERVER}1,mac=${MAC1} \

-prom-env boot-command="boot disk:" \

-prom-env input-device=vty \

-prom-env output-device=vty \

-prom-env term-type=vt100 \

-prom-env use-nvramrc?=true \

> "${LOG_DIR}/${SERVER}.log" 2>&1 &

PID=$!

echo "${PID}" > "${LOG_DIR}/${SERVER}.pid"

sleep 1

done

echo "All requested VMs started successfully."

------------------------------------------------------------------------------------------------------------------

10. Verify Running VM

Check QEMU process:

# ps -ef | grep ppc

Example:

qemu-system-ppc64 -name indaixwpr01

11. Access AIX Console

Connect to VM console using Telnet.

Example:

telnet localhost 8001

This connects to the AIX system console.

12. Stop AIX Virtual Machine

Purpose:

Stop QEMU process

Remove TAP interfaces

Clean PID and log files

Example usage:

# ./stop-vm.sh indaixwpr01

Create script:

# vi stop-vm.sh

------------------------------------------------------------------------------------------------------------------

#!/usr/bin/env bash

set -euo pipefail

LOG_DIR="/tmp"

if [ $# -lt 1 ]; then

echo "Usage: $0 vmname1 [vmname2 vmname3 ...]"

exit 1

for SERVER in "$@"; do

PID_FILE="${LOG_DIR}/${SERVER}.pid"

LOG_FILE="${LOG_DIR}/${SERVER}.log"

echo "================================="

echo "Stopping VM: $SERVER"

echo "================================="

# 1. Kill QEMU process

if [ -f "$PID_FILE" ]; then

PID=$(cat "$PID_FILE")

if kill -0 "$PID" 2>/dev/null; then

echo "Killing PID $PID (SIGTERM)..."

kill "$PID"

sleep 3

if kill -0 "$PID" 2>/dev/null; then

echo "Force kill PID $PID (SIGKILL)..."

kill -9 "$PID"

rm -f "$PID_FILE"

# Fallback kill by name

pkill -f "qemu-system-ppc64.*-name ${SERVER}" 2>/dev/null || true

sleep 2

# 2. **FIND EXACT TAP used by this VM from LOG FILE** (MOST RELIABLE)

VM_TAP=""

if [ -f "$LOG_FILE" ]; then

VM_TAP=$(grep -o "TAP: tap[0-9]*" "$LOG_FILE" 2>/dev/null | tail -1 | cut -d' ' -f2 || true)

# 3. **FIND TAP from /proc filesystem** (if log missing)

if [ -z "$VM_TAP" ]; then

VM_TAP=$(pgrep -f "${SERVER}" || true | \

xargs -r cat /proc/*/cmdline 2>/dev/null | \

grep -o "ifname=tap[0-9]*" | cut -d= -f2 | head -1 || true)

# 4. **Delete ONLY this specific TAP**

if [ -n "$VM_TAP" ] && ip link show "$VM_TAP" >/dev/null 2>&1; then

echo "Deleting VM's TAP interface: $VM_TAP"

ip link set "$VM_TAP" down 2>/dev/null || true

sleep 0.5

ip link delete "$VM_TAP" 2>/dev/null || true

# Verify deletion

if ! ip link show "$VM_TAP" >/dev/null 2>&1; then

echo "TAP $VM_TAP deleted successfully"

else

echo "TAP $VM_TAP still exists"

else

echo "No TAP interface found for $SERVER"

# Final verification

if ! pgrep -f "qemu-system-ppc64.*-name ${SERVER}" >/dev/null 2>&1; then

echo "VM $SERVER fully stopped....................................."

else

echo "VM $SERVER still running....................................."

echo "Log: $LOG_FILE"

echo ""

done

echo "Stop completed."

------------------------------------------------------------------------------------------------------------------

13. Manual TAP Interface Cleanup

If TAP interfaces remain after VM shutdown, remove them manually.

Example:

for i in tap0 tap1 tap2 tap3

sudo ip link delete $i

done

14. Log Files

VM logs and PID files are stored in:

/tmp

Example files:

/tmp/indaixwpr01.log

/tmp/indaixwpr01.pid

15. Performance Recommendations

Parameter Recommended Value

Memory 8 GB

CPU 4 cores

Disk format RAW

Networking Bridged

Running multiple AIX VMs requires additional system memory.

Conclusion:

Using QEMU POWER8 emulation on Ubuntu Server, it is possible to deploy and operate IBM AIX 7.2 environments on x86 hardware.

This setup provides a flexible platform for:

AIX system administration practice
Software development and testing
Training and laboratory environments

Although performance is limited due to software emulation, it provides a reliable environment for functional testing and learning purposes.

Unix System Administrator

Welcome to TechSysAdm, your go-to blog for practical insights, troubleshooting tips, and best practices in managing mission-critical enterprise systems. Here, we cover everything from AIX, RHEL, SUSE Linux, Solaris, VMware, and Windows servers to enterprise databases and DevOps environments, helping IT professionals optimize performance, ensure reliability, and solve complex system challenges.

IBM HMC : Complete Command Reference for Administrators

This reference provides system administrators with a comprehensive guide to all commands and menu options available in the IBM Hardware Management Console (HMC). It covers tasks such as system and partition management, configuration, monitoring, and troubleshooting, enabling efficient administration of IBM Power Systems.

:~> mkhmcauth -u newuser -p StrongPass123! -r administrator -d "HMC admin user" ---> Create a new HMC user with a password, role, and description

:~> mkhmcauth -u audituser -p AuditPass!234 -r read_only -e 90 -m notify@company.com -d "Audit account" ---> Create a new HMC user with password expiration and email notification

:~> chhmcauth -u existinguser -p NewPassw0rd! ---> Modify an existing HMC user’s password

:~> chhmcauth -u existinguser -r operator -d "Updated role to operator" ---> Change an HMC user’s role or description

chhmcauth -u olduser -o disable ---> Disable an HMC user account

:~> chhmcauth -u olduser -o enable ---> Enable a previously disabled HMC user account

:~> chhmcencr -c passwd -o s -e sha512 ---> Set HMC password encryption to SHA-512 for all subsequent users

:~> chhmcauth -o setpwpolicy -m 180 ---> Set password expiration policy to 180 days for HMC users

:~> chhmcauth -u tempuser -o expirepw ---> Force an HMC user to change password on next login

----------------------------------------------------------------------------------------------------------------------

:~> chsyscfg -r sys -m 9406-570*89320051 -i "new_name=sys1,power_off_policy=1" ---> Change the managed system's user-defined name and power off policy

:~> chsyscfg -r lpar -m sys1 -f /tmp/lparfile ---> Change partitions using the configuration data in the file /tmp/lparfile

:~> chsyscfg -r lpar -m system1 -o apply -p p1 -n prof1 ---> Change the attributes of a shutdown partition by applying the profile prof1

:~> chsyscfg -r prof -m sys1 -i "name=profile1,lpar_name=partition3,min_mem-=256,desired_mem-=256,max_mem-=256,desired_procs=2" ---> Change a partition profile's memory amounts (reduce each by 256 MB) and set the number of desired processors

:~> chsyscfg -r prof -m mySys -i "name=p1,lpar_name=lpar3,"virtual_fc_adapters+=""5/client//vios1/15/c0508301e9ac0008,c0508301e9ac0009/1"",""6/client//vios2/6/c0508301e9ac00a0,c0508301e9ac00a1/1"""" ---> Add 2 virtual fibre channel adapters with user-specified WWPNs to a partition profile

:~> chsyscfg -r prof -m P9-1 -i "name=prof1,lpar_id=1,"vnic_adapters+=""slot_num=11:backing_devices=sriov//1/3/2/10/1/30,sriov//2/2/1/10/2/30"""" ---> Add a virtual NIC to a partition profile

:~> chsyscfg -r sysprof -m sys1 -i "name=sysprof1,"lpar_names+=partition3,partition4","profile_names+=3_prof1,4_defaultProf"" ---> Change a system profile by adding 2 new partition profiles

----------------------------------------------------------------------------------------------------------------------

:~> chsysconn -m ebmcSys -r vmi -o set -i eth0 -t ipv4dhcp ---> Configure the VMI eth0 interface to use IPv4 DHCP

:~> chsysconn -m 9105-22A*1234567 -r vmi -o set -i eth1 -t slaac ---> Configure the VMI eth1 interface to use IPv6 SLAAC

:~> chsysconn -m ebmcSys -r vmi -o set -i eth0 -t static -a 9.140.2.155 -g 9.140.2.1 --nm 255.255.255.0 ---> Configure the VMI eth0 interface to use a static IPv4 address

:~> chsysconn -m ebmcSys -r vmi -o set -i eth0 -t static -a 2002:903:15f:325:9:3:1:123/64 -g 2002:903:15f:325::1 ---> Configure the VMI eth0 interface to use a static IPv6 address

:~> chsysconn -m ebmcSys -r vmi -o clear -i eth1 ---> Clear the network settings for the VMI eth1 interface

:~> chsysconn -m ebmcSys -r vmi -o clear -i eth0 -a 2002:903:15f:325:9:3:1:123 ---> Clear the IPv6 address from the VMI eth0 interface

----------------------------------------------------------------------------------------------------------------------

:~> chlparstate -m sys1 -o suspend -p aix1 ---> Suspend partition aix1

:~> chlparstate -m sys1 -o resume -p aix1 ---> Resume partition aix1

:~> chlparstate -m sys1 -o resume -p aix1 --mpio 2 ---> Resume partition aix1 and do not fail if an equivalent MPIO configuration of all virtual SCSI and virtual fibre channel adapters cannot be maintained

:~> chlparstate -m 8233-E8B*7654321 -o validate -t suspend --id 8 ---> Validate the operation to suspend the partition with ID 8

:~> chlparstate -m systemP -o cancel -t suspend -p mylpar ---> Stop the partition suspend operation that is just starting for partition mylpar

:~> chlparstate -m systemP -o recover -t resume -p mylpar ---> Recover the failed partition resume operation for partition mylpar

:~> chlparstate -m 9406-570*1234567 -o shutdown --id 1 ---> Shut down the partition with ID 1

:~> chlparstate -m sys1 -o shutdown -p p1 --immed --restart ---> Immediately restart the partition p1

----------------------------------------------------------------------------------------------------------------------

:~> chviosupd -n vios1_update -a "new_name=vios_update_3.1.2.10" ---> Change the name of VIOS update image vios1_update to vios_update_3.1.2.10

----------------------------------------------------------------------------------------------------------------------

:~> chviosbk -t vios -m sys1 -p vios1 -f vios1_backup -o s -a "new_name=vios1_backup_2020" ---> Change the name of the full VIOS backup file for vios1

:~> cpviosbk -t ssp -m sys1 -p vios1 -o export -f vios1_ssp_backup -r sftp -h sftpserver -u sftpuser -k /home/hmcuser/keys/id_rsa ---> Copy a VIOS SSP configuration backup file for vios1 to a remote SFTP server using SSH keys

:~> cpviosbk -t vios -m sys1 --uuid 2B809AD7-2019-442F-98F2-1C4D4ACB06E7 -o import -f vios1_backup_march,vios1_backup_april -r nfs -h 9.3.145.52 -l /hmcdata --options "vers=4" -d /backups/vios ---> Copy full VIOS backup files from an NFS file system (version 4) to the HMC

----------------------------------------------------------------------------------------------------------------------

:~> cpviosupd -r sftp -n VIOS_FP_3.1.3.14 -h sftpserver -u sftpuser -k /home/hmcuser/keys/id_rsa -d vios/update/VIOS_FP_3.1.3.14 -f H24094002.iso ---> Import a VIOS update image from a remote SFTP server using SSH keys

:~> cpviosupd -r sftp -n VIOS_FP_3.1.2.10 -h sftpserver -u sftpuser -d vios/update/VIOS_FP_3.1.2.10 ---> Import a VIOS update image from a remote SFTP server (prompted for password)

:~> cpviosupd -r nfs -n VIOS_FP_3.1.3.14 -h 9.3.145.52 -l /images --options "vers=4" -d vios/update/VIOS_FP_3.1.3.14 -f U872970.bff,U877527.bff,U877574.bff,U879820.bff,U883888.bff ---> Import a VIOS update image from an NFS file system using NFS version 4

:~> cpviosupd -r usb -n VIOS_FP_3.1.2.10 --device /dev/sdb1 ---> Import a VIOS update image from a USB data storage device (device must already be connected to the HMC)

----------------------------------------------------------------------------------------------------------------------

:~> chhmcauth -t powersc -h 9.3.12.345 -p 7844 ---> Enable PowerSC MFA for the HMC

:~> chhmcauth -t powersc -h mfaServer.company.com ---> Change the PowerSC MFA server host name (default port 6793)

:~> chhmcauth -t powersc -o disable ---> Disable PowerSC MFA for the HMC

----------------------------------------------------------------------------------------------------------------------

:~> chhmccert -o apply -t self -i "days_to_expire=730,ipaddrs+=9.2.155.120" ---> Change a self-signed certificate (HMC restarts automatically)

:~> chhmccert -t cacert -f certfile -s signingfile1,signingfile2 -l sftp -h server.company.com -u sftpuser -k /home/hmcuser/keys/id_rsa -d /home/sftpuser/certs -r ---> Import and install a CA-signed certificate from SFTP using SSH keys and restart HMC automatically

:~> chhmccert -o apply -t archivecert ---> Install a previously archived certificate (HMC restarts automatically)

:~> chhmccert -o apply -t fcs -n 180 ---> Change expiration date for the certificate used for HMC-to-HMC communication

:~> chhmccert -o archiverm -r ---> Delete and archive the current certificate and restart HMC automatically

:~> chhmccert -o add -t trustedcert -l trustedsslserver -a cmccert -h cmcportal-powercloud.mybluemix.net ---> Add a certificate from a trusted server to the HMC truststore

:~> chhmccert -o add -t trustedcert -l trustedsslserver -a cmccert -h cmcportal-powercloud.mybluemix.net --proxyserver 9.124.125.229:8080 --proxyuser userID --proxypasswd password ---> Add a certificate from a trusted server using a proxy connection with authentication

:~> chhmccert -o remove -t trustedcert -a cmccert ---> Remove a trusted certificate

:~> chhmccert -o set -n 365 ---> Change HMC default setting for days until certificate expiration

----------------------------------------------------------------------------------------------------------------------

:~> chhmcldap -o s --primary ldap://ldap.example.com --basedn dc=example,dc=com --starttls 1 ---> Configure LDAP on the HMC for the first time and enable Start TLS

:~> chhmcldap -o s --basedn "cn=Users,dc=corp,dc=ibm,dc=com","ou=FTC,dc=corp,dc=ibm,dc=com" ---> Configure multiple base DNs for LDAP search

:~> chhmcldap -o s --backup ldap://ldap2.example.com ---> Set a backup LDAP server

:~> chhmcldap -o s --primary ldaps://ldap.example.com:625 ---> Set the primary LDAP server with port 625 using LDAPS

:~> chhmcldap -o s --binddn cn=admin,dc=yourorg,dc=com --bindpw secret ---> Set the bind DN and password

:~> chhmcldap -o s --automanage 1 --auth kerberos ---> Enable automatic management of LDAP users and set authentication to Kerberos

:~> chhmcldap -o s --searchfilter "mail=*@yourcompany.com" ---> Set the LDAP search filter

:~> chhmcldap -o s --scope sub ---> Set the LDAP search scope to subtree

:~> chhmcldap -o s --loginattribute notesshortname ---> Set the login attribute

:~> chhmcldap -o s --timelimit 40 --bindtimelimit 40 --referrals 0 ---> Set time limit, bind time limit, and disable referrals

:~> chhmcldap -o s --hmcgroups group1,group2 ---> Restrict HMC login to users in group1 and group2

:~> chhmcldap -o s --groupattribute groupOfNames --memberattribute member ---> Configure LDAP Group and Member attributes for user validation

:~> chhmcldap -o r -r backup ---> Remove the backup LDAP server

:~> chhmcldap -o r -r ldap ---> Unconfigure LDAP on the HMC

----------------------------------------------------------------------------------------------------------------------

:~> chhmcencr -c passwd -o s -e sha512 ---> Set the password encryption for all subsequent HMC user creations or password modifications to SHA-512

:~> chhmcencr -c webui -o r -e TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ---> Remove TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 from the HMC Web UI ciphers (HMC restart prompted)

:~> chhmcencr -c webui -o a -r -e TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 ---> Add TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 to HMC Web UI ciphers and restart automatically

:~> chhmcencr -c ssh -o r -e aes128-ctr,aes128-gcm@openssh.com ---> Remove aes128-ctr and aes128-gcm@openssh.com from HMC SSH interface ciphers

:~> chhmcencr -c sshmac -o a -e hmac-sha2-256 ---> Add hmac-sha2-256 to the MAC algorithms supported by the HMC SSH interface

:~> chhmcencr -c sshkey -o r -e curve25519-sha256 ---> Remove curve25519-sha256 from the key exchange algorithms of the HMC SSH interface

----------------------------------------------------------------------------------------------------------------------

:~> lsprimhmc -m server1 ---> List the primary HMC information for managed system server1

----------------------------------------------------------------------------------------------------------------------

:~> lsviosbk ---> List all VIOS backup files on this HMC

:~> lsviosbk --filter "vios_names=vios1,vios2" ---> List all VIOS backup files for vios1 and vios2

:~> lsviosbk --filter "types=ssp,sys_names=sys1" ---> List all Shared Storage Pool configuration backups for VIOSs on sys1

----------------------------------------------------------------------------------------------------------------------

:~> lsviosupd -r disk ---> List the VIOS update images on this HMC

:~> lsviosupd -r ibmwebsite -m sys1 -p vios1 ---> List the VIOS update images on IBM Fix Central that can update vios1

----------------------------------------------------------------------------------------------------------------------

:~> lsdatarep -t data ---> List the data replication status on this HMC

:~> lsdatarep -t local ---> List the data replication configuration and status of this HMC

:~> lsdatarep -t source --filter "hmc_names=hmc1,hmc2" ---> List the data replication configuration and status of source HMCs hmc1 and hmc2

----------------------------------------------------------------------------------------------------------------------

:~> lsmemdev -r avail -m sys1 -p vios1 ---> List all available block storage devices accessible by VIOS partition vios1

:~> lsmemdev -r avail -m sys1 -p vios1,vios2 ---> List all available block storage devices accessible by VIOS partitions vios1 and vios2

:~> lsmemdev -r avail -m sys1 -p vios1 -F device_name,size ---> List the names and sizes of available block storage devices accessible by vios1

:~> lsmemdev -r avail -m sys1 --id 1,2 --min 1024 --max 4096 ---> List available block storage devices between 1 GB and 4 GB for VIOS partitions with IDs 1 and 2

:~> lsmemdev -r avail -m 9117-MMA*1234567 --id 1 --filter "types=phys" ---> List all available physical block storage devices accessible by the VIOS partition with ID 1

----------------------------------------------------------------------------------------------------------------------

:~> lsfru -t sp -m 9117-MMA*1234321 ---> List primary and secondary service processor FRU information for managed system 9117-MMA*1234321

----------------------------------------------------------------------------------------------------------------------

:~> lsrefcode -r sys -m system1 ---> List the current reference code for the managed system

:~> lsrefcode -r sys -m 9406-570*1543901A -n 10 -F --header ---> List the last 10 reference codes for the managed system with attribute headers

:~> lsrefcode -r sys -m system1 -s s -n 5 ---> List the last 5 reference codes for the secondary service processor on the managed system

:~> lsrefcode -r lpar -m system1 -F lpar_name,time_stamp,refcode ---> List the current reference code for each partition, showing partition name, timestamp, and refcode

:~> lsrefcode -r lpar -m 9406-520*12345678 -n 25 --filter "lpar_names=p1,p2" ---> List the last 25 reference codes for partitions p1 and p2

----------------------------------------------------------------------------------------------------------------------

:~> lshmc -b ---> Display the HMC's BIOS level

:~> lshmc -D ---> Display preconfigured HMC DHCP server IPs, masks, and ranges

:~> lshmc -e ---> Display HMC Event Manager settings for Call Home

:~> lshmc -h ---> Display HMC hardware information

:~> lshmc -i ---> Display HMC IMM settings

:~> lshmc -l ---> Display HMC current locale

:~> lshmc -L ---> Display all locales supported by HMC

:~> lshmc -n ---> Display HMC network settings

:~> lshmc -n -F hostname:ipaddr ---> Display HMC host name and IP address, separated by colon

:~> lshmc -r ---> Display HMC remote access settings

:~> lshmc -v ---> Display HMC VPD information

:~> lshmc -V ---> Display HMC version information

:~> lshmc --bmc ---> Display HMC BMC settings

:~> lshmc --boot ---> Display HMC secure boot settings

:~> lshmc --firewall ---> Display enabled firewall settings on HMC

:~> lshmc --netbond ---> Display HMC network bond configuration

:~> lshmc --netroute ---> Display HMC network routing information

:~> lshmc --ntpserver ---> Display HMC NTP server information

:~> lshmc --syslog ---> Display HMC syslog server configuration

:~> lshmc --userdefinfo ---> Display user-defined information for HMC

----------------------------------------------------------------------------------------------------------------------

:~> lshmcauth -t powersc ---> List PowerSC MFA settings for HMC

:~> lshmccert -t currcert ---> List the current certificate installed on this HMC

:~> lshmccert -t trustedcert ---> List certificates added as trusted to this HMC's truststore

:~> lshmccert -t fcs ---> List the certificate used for HMC-to-HMC communication

:~> lshmccert -t config ---> List default number of days until expiration for newly created certificates on HMC

----------------------------------------------------------------------------------------------------------------------

:~> getdump -m sys1 -t sys ---> Offload the system dump from managed system sys1

:~> getdump -m 9117-570*12345678 -t sp -s s ---> Offload the service processor dump from the secondary SP on managed system 9117-570*12345678

:~> getdump -m sys1 -t resource ---> Offload the resource dump from managed system sys1

----------------------------------------------------------------------------------------------------------------------

:~> startdump -m 9406-570*12345678 -t sys ---> Initiate a system dump on managed system 9406-570*12345678 (confirmation required)

:~> startdump -m sys1 -t sp -s p ---> Initiate a dump of the primary service processor on managed system sys1

----------------------------------------------------------------------------------------------------------------------

:~> rstconsdata -r usb ---> Restore critical HMC data from a USB flash memory device

:~> rstconsdata -r ftp -h ftpserver -u ftpuser --passwd ftppassword ---> Restore critical HMC data from a remote FTP site

:~> rstconsdata -r sftp -h sftpserver -u sftpuser -k /home/user/keys/id_rsa ---> Restore critical HMC data from a remote SFTP site using SSH keys

:~> rstconsdata -r nfs -h 9.3.145.52 -l /home/hmc/backups -o "vers=4" ---> Restore critical HMC data from an NFS file system using NFS version 4

----------------------------------------------------------------------------------------------------------------------

:~> rsthwres -r io -m mySystem ---> Restore the physical I/O slots for all partitions

:~> rsthwres -r io -m 9406-570*12345678 -l 21010003 ---> Restore the physical I/O slot with DRC index 21010003

:~> rsthwres -r mem -m 9406-570*12345678 -p p1 ---> Restore memory resources for partition p1

:~> rsthwres -r proc -m mySystem --id 1 ---> Restore processing resources for the partition with ID 1

:~> rsthwres -r sriov -m mySystem ---> Restore all SR-IOV resources in the managed system

:~> rsthwres -r sriov -m mySystem -p p1 ---> Restore all SR-IOV resources for partition p1

:~> rsthwres -r sriov -m mySystem -l 1 --logport 27004001 ---> Restore the SR-IOV logical port with ID 27004001 of the SR-IOV adapter with adapter ID 1

----------------------------------------------------------------------------------------------------------------------

:~> rstprofdata -m mySystem -l 1 -f /media/sdb1/myFile ---> Do a full restore of profile data from file myFile on a USB flash device (USB must already be connected)

:~> rstprofdata -m 9406-570*3413444 -l 3 -f backup1 ---> Restore profile data from file backup1, giving priority to current profile data

:~> rstprofdata -m 9406-570*3413444 -l 4 ---> Initialize the profile data

----------------------------------------------------------------------------------------------------------------------

:~> rstviosbk -t viosioconfig -m sys1 -p vios1 -f vios1_io_backup ---> Restore a VIOS I/O configuration backup for vios1

:~> rstviosbk -t ssp -m sys1 --id 1 -f vios1_ssp1_backup -r ---> Restore a Shared Storage Pool configuration backup for VIOS with ID 1 and restart VIOS if required

----------------------------------------------------------------------------------------------------------------------

:~> updhmc -t dvd -r ---> Install a corrective service package from a DVD in the local drive and reboot the HMC

:~> updhmc -t dvd -n /dev/sr1 ---> Install a corrective service package from virtual media on any HMC except Power HMC CR2

:~> updhmc -t usb -n /dev/sdb ---> Install a corrective service package from virtual media on Power HMC CR2

:~> updhmc -t ftp -h ftpServer -u user1 -f /tmp/Update1.iso ---> Install a corrective service package from an FTP server (password prompted)

:~> updhmc -t sftp -h sftpServer -u user1 -k /home/hmcuser/keys/id_rsa -f /tmp/Update1.iso ---> Install a corrective service package from an SFTP server using SSH keys

:~> updhmc -t nfs -h 9.3.121.61 -l /hmc/images -f 830/update.iso ---> Install a corrective service package from an NFS file system

:~> updhmc -t usb -f /media/sdb1/update2.iso ---> Install a corrective service package from a USB data storage device (USB must already be connected)

:~> updhmc -t ibmwebsite --ptf MF70120 ---> Install PTF MF70120 from the IBM Fix Central website

----------------------------------------------------------------------------------------------------------------------

:~> updvios -m sys1 -p vios1 -r disk -n VIOS_FP_3.1.3.14 --restart ---> Update VIOS vios1 using a VIOS update image from the HMC hard disk and restart the VIOS if required

:~> updvios -m sys1 -p vios1 -r sftp -h sftpserver -u sftpuser -k /home/hmcuser/keys/id_rsa -d vios/update/VIOS_FP_3.1.3.14 -f H24094002.iso ---> Update VIOS vios1 using a VIOS update image from a remote SFTP server with SSH keys

:~> updvios -m 9080-HEX*1234567 --id 1 -r sftp -n VIOS_FP_3.1.2.10 -h sftpserver -u sftpuser -d vios/update/VIOS_FP_3.1.2.10 --restart --save ---> Update VIOS with ID 1 from a remote SFTP server (password prompted), restart VIOS if required, and save image on HMC

:~> updvios -m sys1 -p vios1 -r nfs -h 9.3.145.52 -l /images --options "vers=4" -d vios/update/VIOS_FP_3.1.3.14 --restart -f U872970.bff,U877527.bff,U877574.bff,U879820.bff,U883888.bff ---> Update VIOS vios1 using a VIOS update image from NFS v4 and restart if required

:~> updvios -m sys1 --id 1 -r usb --device /dev/sdb1 ---> Update VIOS with ID 1 using a VIOS update image from a USB device (USB must be connected)

:~> updvios -m sys1 -p vios1 -r ibmwebsite -n VIOS_FP_3.1.3.14 --restart --save ---> Update VIOS vios1 using a VIOS update image from IBM Fix Central, restart VIOS if required, and save image to HMC

:~> upgvios -m sys1 -p vios1 --disk hdisk6 -r disk -n VIOS_4.1.0.00 ---> Upgrade VIOS vios1 using a VIOS installation image from the HMC hard disk

:~> upgvios -m sys1 -p vios1 --disk hdisk2,hdisk3 -r sftp -h sftpserver -u sftpuser -k /home/hmcuser/keys/id_rsa -d vios/upgrade/VIOS_3.1.4.00 -f dvdimage.iso ---> Upgrade VIOS vios1 using a VIOS installation image from a remote SFTP server with SSH keys

:~> upgvios -m 9080-HEX*1234567 --id 1 --disk hdisk1 -r sftp -n VIOS_3.1.4.00 --save -h sftpserver -u sftpuser -d vios/upgrade/VIOS_3.1.4.00 -f dvdimage.v1.iso,dvdimage.v2.iso ---> Upgrade VIOS with ID 1 from remote SFTP server (password prompted) and save image on HMC

:~> updvios -m sys1 -p vios1 --disk hdisk9,hdisk10 -r nfs -h 9.3.145.52 -l /images --options "vers=4" -d vios/upgrade/VIOS_IMAGE -f dvdimage.iso ---> Upgrade VIOS vios1 using VIOS installation image from NFS v4

:~> upgvios -m sys1 --id 1 --disk hdisk1,hdisk2,hdisk3 -r usb --device /dev/sdb1 ---> Upgrade VIOS with ID 1 using a VIOS installation image from a USB device (USB must be connected)

----------------------------------------------------------------------------------------------------------------------

:~> deploysysplan -f mysysplan.sysplan -o dv ---> Deploy system plan from mysysplan.sysplan and validate against managed system

:~> deploysysplan -f mysysplan.sysplan -o dv -m mySystem --force ---> Deploy system plan from mysysplan.sysplan onto mySystem, validate, and force deployment despite active partitions

:~> deploysysplan -f mysysplan.sysplan -o dv -m 9406-570*34134888 -v ---> Deploy system plan from mysysplan.sysplan onto 9406-570*34134888, validate, and output any errors

:~> deploysysplan -f multisysplan.sysplan -o v -m mySystem --plan 3 ---> Validate third system plan in multisysplan.sysplan against mySystem without deploying

:~> deploysysplan -f mysysplan.sysplan -o v -m mySystem -v ---> Validate system plan from mysysplan.sysplan against mySystem, output steps not yet implemented and any errors

:~> deploysysplan -f mysysplan.sysplan -o d -m mySystem -v --force ---> Deploy system plan from mysysplan.sysplan onto mySystem without validation, output deployment steps, force deployment

----------------------------------------------------------------------------------------------------------------------

:~> rmsysplan -f sysplan.sysplan ---> Remove system plan file sysplan.sysplan

----------------------------------------------------------------------------------------------------------------------

:~> rmsysplanres -r osinstall -n rhel4 ---> Remove osinstall-type system plan resource for Red Hat install source

:~> rmsysplanres -r osinstall -n aix53 ---> Remove osinstall-type system plan resource for AIX V5R3 install source

----------------------------------------------------------------------------------------------------------------------

:~> mksyscfg -r lpar -m system1 -i "name=aix_lpar2,profile_name=prof1,lpar_env=aixlinux,min_mem=256,desired_mem=1024,max_mem=1024,proc_mode=ded,min_procs=1,desired_procs=1,max_procs=2,sharing_mode=share_idle_procs,auto_start=1,boot_mode=norm,lpar_io_pool_ids=3,"io_slots=21010003/3/1,21030003//0",max_virtual_slots=20,"virtual_fc_adapters=10/client/1//110//1,""11/client/2//111/c0507609a405005a,c0507609a405005b/1"""" ---> Create an AIX or Linux partition

:~> mksyscfg -r prof -m 9406-570*34134441 -i "name=prof2,lpar_id=3,min_mem=512,desired_mem=512,max_mem=1024,proc_mode=shared,min_procs=1,desired_procs=1,max_procs=2,min_proc_units=0.1,desired_proc_units=0.5,max_proc_units=1.5,sharing_mode=uncap,uncap_weight=128,auto_start=1,"lpar_io_pool_ids=1,2","io_slots=2101001B/1/1,2103001B/2/1,2105001B//0",load_source_slot=2101001B,console_slot=hmc,max_virtual_slots=14,"virtual_scsi_adapters=12/client/2//13/1,13/server////1"" ---> Create an IBM i partition profile

:~> mksyscfg -r prof -m system1 -f /tmp/profcfg ---> Create partition profiles from configuration file /tmp/profcfg

:~> mksyscfg -r prof -m system1 -o save -p p1 -n newProfile ---> Create a new partition profile by saving the current configuration of partition p1

:~> mksyscfg -r sysprof -m system1 -i "name=sysprof1,"lpar_names=lpar1,lpar2","profile_names=prof1,prof1"" ---> Create a system profile

:~> mksyscfg -r prof -m system1 -o save -p aix1 -n activeProfile --force ---> Save current configuration of partition aix1 to an existing profile

:~> mkviosbk -t ssp -m sys1 -p vios1 -f vios1_ssp_backup ---> Create a Shared Storage Pool configuration backup

:~> mkviosbk -t viosioconfig -m 9080-M9S*1234567 -f vios1_io_backup --force --uuid 2B809AD7-2019-442F-98F2-1C4D4ACB06E7 ---> Create a VIOS I/O configuration backup and overwrite if it exists

:~> mkviosbk -t vios -m sys1 --id 1 -f vios1_full_backup -a "nimol_resource=1,media_repository=1" ---> Create a full VIOS backup including NIMOL resources and media repository

----------------------------------------------------------------------------------------------------------------------

:~> mkprofdata -r sys -o recreate -m mySys -s sys -v ---> Recreate the profile data for managed system mySys

:~> mkprofdata -r sys -o createxml -m mySys -x mySysXML ---> Convert current profile data on mySys to XML format and save as mySysXML.xml and mySysXML_dir.xml

:~> mkprofdata -r sys -o createxml -b /home/hscpe/sysA -x sysAXML ---> Convert profile data in /home/hscpe/sysA to XML format and save as sysAXML.xml and sysAXML_dir.xml

:~> chhmcauth -t powersc -h 9.3.12.345 -p 7844 ---> Enable PowerSC MFA for the HMC

:~> chhmcauth -t powersc -h mfaServer.company.com ---> Change PowerSC MFA server host name and use default port 6793

:~> chhmcauth -t powersc -o disable ---> Disable PowerSC MFA for the HMC

----------------------------------------------------------------------------------------------------------------------

:~> chhmccert -o apply -t self -i "days_to_expire=730,ipaddrs+=9.2.155.120" ---> Change a self-signed certificate (HMC restarts automatically)

:~> chhmccert -t cacert -f certfile -s signingfile1,signingfile2 -l sftp -h server.company.com -u sftpuser -k /home/hmcuser/keys/id_rsa -d /home/sftpuser/certs -r ---> Import and install CA signed certificate from SFTP using SSH keys, restart HMC

:~> chhmccert -o apply -t archivecert ---> Install previously archived certificate (HMC restarts automatically)

:~> chhmccert -o apply -t fcs -n 180 ---> Change expiration date for HMC-to-HMC certificate

:~> chhmccert -o archiverm -r ---> Delete and archive current certificate, restart HMC

:~> chhmccert -o add -t trustedcert -l trustedsslserver -a cmccert -h cmcportal-powercloud.mybluemix.net ---> Add a certificate on a trusted server to HMC truststore

:~> chhmccert -o remove -t trustedcert -a cmccert ---> Remove a trusted certificate

:~> chhmccert -o set -n 365 ---> Change HMC default number of days until certificate expiration

----------------------------------------------------------------------------------------------------------------------

:~> lshmccert -t currcert ---> List current certificate installed on HMC

:~> lshmccert -t trustedcert ---> List trusted certificates in HMC truststore

:~> lshmccert -t fcs ---> List certificate used for HMC-to-HMC communication

:~> lshmccert -t config ---> List default setting for days until expiration for new certificates

----------------------------------------------------------------------------------------------------------------------

:~> chhmcldap -o s --primary ldap://ldap.example.com --basedn dc=example,dc=com --starttls 1 ---> Configure LDAP on HMC for the first time and enable Start TLS

:~> chhmcldap -o s --basedn "cn=Users,dc=corp,dc=ibm,dc=com","ou=FTC,dc=corp,dc=ibm,dc=com" ---> Configure multiple base DNs for LDAP search

:~> chhmcldap -o s --backup ldap://ldap2.example.com ---> Set a backup LDAP server

:~> chhmcldap -o s --primary ldaps://ldap.example.com:625 ---> Set primary LDAP server using LDAPS and port 625

:~> chhmcldap -o s --binddn cn=admin,dc=yourorg,dc=com --bindpw secret ---> Set bind DN and password

:~> chhmcldap -o s --automanage 1 --auth kerberos ---> Enable automatic management of LDAP users and Kerberos authentication

:~> chhmcldap -o s --searchfilter "mail=*@yourcompany.com" ---> Set LDAP search filter

:~> chhmcldap -o s --scope sub ---> Set LDAP search scope to subtree

:~> chhmcldap -o s --loginattribute notesshortname ---> Set login attribute

:~> chhmcldap -o s --timelimit 40 --bindtimelimit 40 --referrals 0 ---> Set LDAP time limit, bind time limit, and disable referrals

:~> chhmcldap -o s --hmcgroups group1,group2 ---> Restrict HMC login to users in group1 and group2

:~> chhmcldap -o s --groupattribute groupOfNames --memberattribute member ---> Configure LDAP group and member attributes

:~> chhmcldap -o r -r backup ---> Remove backup LDAP server

:~> chhmcldap -o r -r ldap ---> Unconfigure LDAP on the HMC

:~> lshmcldap -r config ---> List the HMC LDAP configuration

:~> lshmcldap -r user ---> List all LDAP users on the LDAP server

:~> lshmcldap -r user --filter "names=uname1,uname2" -v ---> List LDAP users uname1 and uname2, output execution details to stderr

----------------------------------------------------------------------------------------------------------------------

:~> chhmcencr -c passwd -o s -e sha512 ---> Set password encryption for all subsequent HMC user creations/modifications to SHA-512

:~> chhmcencr -c webui -o r -e TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ---> Remove TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 from HMC Web UI ciphers (HMC restart required)

:~> chhmcencr -c ssh -o r -e aes128-ctr,aes128-gcm@openssh.com ---> Remove aes128-ctr and aes128-gcm@openssh.com from HMC SSH ciphers

:~> chhmcencr -c sshmac -o a -e hmac-sha2-256 ---> Add hmac-sha2-256 to MAC algorithms supported by HMC SSH

:~> chhmcencr -c sshkey -o r -e curve25519-sha256 ---> Remove curve25519-sha256 from key exchange algorithms supported by HMC SSH

----------------------------------------------------------------------------------------------------------------------

:~> lssacfg -t authuser ---> Display users authorized to access ESA-collected information

:~> lssacfg -t callhome ---> Display call-home states for systems managed by this HMC

:~> lssacfg -t callhomeserver ---> Display call-home server settings for this HMC

:~> lssacfg -t connmon ---> Display connection monitoring settings for managed systems

:~> lssacfg -t connmontimer ---> Display connection monitoring timer settings

:~> lssacfg -t custinfo ---> Display customer information settings

:~> lssacfg -t email ---> Display Service Agent customer email notification settings

:~> lssacfg -t ftpfirewall ---> Display FTP firewall settings used for offloading service information

:~> lssacfg -t ftpoffload -F host,directory ---> Display FTP server host name and directory used for offloading service information

:~> lssacfg -t snmp ---> Display Service Agent configuration for emitting SNMP trap notifications

:~> lssacfg -t snmpopt ---> Display Service Agent SNMP options

:~> lssacfg -t snmptrapnames ---> Display all defined Service Agent SNMP traps

----------------------------------------------------------------------------------------------------------------------

:~> lsusrtca -t w ---> Display welcome text shown on HMC Web UI before login

:~> lsusrtca -t b ---> Display SSH banner text shown before SSH login

----------------------------------------------------------------------------------------------------------------------

:~> mount /mnt/floppy ---> Mount floppy disk containing welcome text file

:~> mount /media/sdb1 ---> Mount USB flash memory device

----------------------------------------------------------------------------------------------------------------------

:~> scp someID@someHost:/tmp/WelcomeFile.txt /tmp ---> Copy WelcomeFile.txt to HMC /tmp

:~> scp someID@someHost:/tmp/BannerFile.txt /tmp ---> Copy banner file to HMC /tmp

----------------------------------------------------------------------------------------------------------------------

:~> chusrtca -o a -f /mnt/floppy/WelcomeFile.txt ---> Add welcome text from file on floppy

:~> chusrtca -o a -f /tmp/WelcomeFile.txt -c ---> Add welcome text from /tmp and remove the file after use

:~> chusrtca -o r ---> Remove welcome text from HMC

:~> chusrtca -o rb ---> Remove SSH banner text from HMC

:~> chusrtca -o ab -b /tmp/BannerFile.txt -c ---> Add banner text from /tmp and remove the file after use

:~> chusrtca -c -b /tmp/BannerFile.txt ---> Remove banner text file from HMC

----------------------------------------------------------------------------------------------------------------------

:~> monhmc -r proc -n 10 ---> Monitor HMC processor usage, updating statistics every 10 seconds

:~> monhmc -s rmc -n 0 ---> Display RMC subsystem statistics once

----------------------------------------------------------------------------------------------------------------------

:~> pedbg -d on ---> Enable debug mode

:~> pedbg -d off ---> Disable debug mode

----------------------------------------------------------------------------------------------------------------------

:~> chipsec -m j21 --left fe80:0:0:0:221:5eff:fe46:57ce --passkey hmctest1234! ---> Create and start an IPsec connection to managed system j21

:~> chipsec -f connfile.txt --passkey passphrase1 ---> Create and start a user-defined IPsec connection from file connfile.txt

----------------------------------------------------------------------------------------------------------------------

:~> lsmediadev ---> List media devices (needed to mount USB for IPsec files)

----------------------------------------------------------------------------------------------------------------------

:~> chipsec -f /media/sdb1/user_file.txt --cert /media/sdb1/user_cert.pem --passkey hmctest1234! ---> Start a user-defined IPsec connection using certificate on USB

:~> chipsec --up j21 ---> Start the IPsec connection j21

:~> chipsec --down j21 ---> Stop the IPsec connection j21

:~> chipsec -r j21 ---> Remove the IPsec connection j21

:~> chipsec --start ---> Start the IPsec service on the HMC

:~> chipsec --stop ---> Stop the IPsec service on the HMC

----------------------------------------------------------------------------------------------------------------------

:~> getdump -m sys1 -t sys ---> Offload system dump from managed system sys1

:~> getdump -m 9117-570*12345678 -t sp -s s ---> Offload service processor dump from secondary SP

:~> getdump -m sys1 -t resource ---> Offload resource dump from managed system sys1

----------------------------------------------------------------------------------------------------------------------

:~> startdump -m 9406-570*12345678 -t sys ---> Initiate system dump (confirmation required)

:~> startdump -m sys1 -t sp -s p ---> Initiate dump of primary service processor

----------------------------------------------------------------------------------------------------------------------

:~> getfile -t krbkeyfile -l s -h sftpserver -u sftpuser -f /home/sftpuser/krb5.keytab ---> Retrieve Kerberos key file via SFTP and deploy as /etc/krb5.keytab

:~> getfile -t rsyslogcacert -l s -h sftpserver -u sftpuser -f /home/sftpuser/rsyslog/cacert -k /home/hmcuser/keys/id_rsa ---> Retrieve rsyslog CA certificate via SFTP with SSH keys and deploy on HMC

:~> getfile -t ldapcacert -l l -f /home/user/certs/ldapcert ---> Deploy local LDAP CA certificate from user's home directory

:~> getfile -t bmccacert -l s -h sftpserver -u sftpuser --passwd myPassword -f /home/sftpuser/bmccerts/CACert1 -a CACert1 ---> Retrieve BMC CA certificate via SFTP and deploy on HMC

----------------------------------------------------------------------------------------------------------------------

:~> getupgfiles -r ftp -h ftpserver -u ftpuser -d /home/ftpuser/images ---> Get HMC upgrade files from remote FTP server

:~> getupgfiles -r sftp -h 9.3.123.25 -u sftpuser -k /home/hmcuser/keys/id_rsa -d /home/sftpuser/images ---> Get HMC upgrade files from remote SFTP server using SSH keys

:~> getupgfiles -r nfs -h nfsserver -l /hmc/upgrades -d 830 ---> Get HMC upgrade files from remote NFS server

:~> getupgfiles -r disk -d /home/hscroot ---> Get HMC upgrade files from HMC hard disk

----------------------------------------------------------------------------------------------------------------------

:~> diagrmc ---> Check for general RMC connection issues

:~> diagrmc -m system1 -p mylpar --ip 9.53.22.86 ---> Check RMC connection issues for partition mylpar on system1

:~> diagrmc -m system1 --id 5 --ip 9.41.161.33 --autocorrect ---> Check and auto-correct RMC connection issues for partition ID 5

:~> diagrmc --mcip 9.41.161.45 ---> Check RMC issues for management console with IP 9.41.161.45 in a Power enterprise pool

----------------------------------------------------------------------------------------------------------------------

:~> refdev -m sys1 -p remoteRestartPartition ---> Refresh remote restart data for partition remoteRestartPartition

----------------------------------------------------------------------------------------------------------------------

:~> saveupgdata -r disk ---> Save upgrade data to HMC hard drive

:~> saveupgdata -r diskusb ---> Save upgrade data to HMC hard drive and USB flash drive

:~> saveupgdata -r diskftp -h ftpserver -u ftpuser -d /home/ftpuser/saveupgdata ---> Save upgrade data to HMC and remote FTP server

:~> saveupgdata -r disksftp -h 9.3.123.25 -u sftpuser -k /home/hmcuser/keys/id_rsa -d /home/sftpuser/saveupgdata ---> Save upgrade data to HMC and remote SFTP server with SSH keys

:~> saveupgdata -r diskusb --migrate -i netcfg ---> Save upgrade data including network configuration for migration from x86 HMC to Power HMC

Unix System Administrator

Pages

Running IBM AIX 7.2 on x86 with QEMU POWER8 Emulation – Lab Setup Guide

IBM HMC : Complete Command Reference for Administrators