Hints and tips for IBM i deployments on IBM Power Systems Virtual Server
This chapter describes navigating in IBM Power Systems Virtual Server environment on IBM Cloud for IBM i.
The content in this chapter is derived from real life experiences and challenges while deploying and managing workloads on-premises and in the Cloud with the IBM Power Systems Virtual Server.
This chapter includes the following topics:
5.1 Overview
The hints and tips that are presented here are from real-world problem experiences. In this chapter, you become familiar with the process of the VNC console, SSH tunneling, the console by way of the LAN adapter, and take snapshots on IBM i instances.
5.1.1 Connecting to an IBM i virtual machine
This section describes how to connect to an IBM i virtual machine (VM) after it is deployed your system. See this IBM Cloud Docs web page for more information about configuring your IBM i VM before connecting to an IBM i VM. Then, complete the following steps:
1. From the dashboard, click the button that features three stacked dashes that are at the end of the entry for ibmiVS (see Figure 5-1) and then, click Open console. Use the VNC to access the 5250 console In the IBM Power Systems Virtual Server for IBM i.
Figure 5-1 Opening console on PowerVS for IBM i
2. After a new window opens to access the default credentials for the initial login by way of the web console, enter the user profile QSECOFR and password QSECOFR, as shown in Figure 5-2.
Figure 5-2 Opened console for IBM i on PowerVS
Figure 5-3 Change QSECOFR’s password
4. Accept the software agreements by selecting Option 5 for each. Then, press Enter (see Figure 5-4).
Figure 5-4 Accept software agreements
5. To use the keys that are available from VNC, click Next. Then, select PF15= Accept All, as shown in Figure 5-5.
Figure 5-5 Accept the licenses agreements for Machine code
6. Repeat Step 5 until the display shows all of the software agreements are in the Accept status (see Figure 5-6). Then, press PF3.
Figure 5-6 Work with Software agreements window
The Main Menu is displayed by the VNC.
7. Connect by SSH by using the QSECOFR profile. Then, enable the attribute by running the following command:
EDTF '/QOpenSys/QIBM/UserData/SC1/OpenSSH/etc/sshd_config'
8. Find the #PermitRootLogin yes on the file and remove the # symbol (see Figure 5-7). Then, press PF3 to save and exit.
Figure 5-7 Edit file on IFS
|
Attention: This QSECOFR profile is for demonstrative purposes. The QSECOFR profile is used for the SSH connection. However, the preferred practices that is suggested not to use QSECOFR profile with SSH on IBM i. Use a different user profile with similar authority. The new user profile has a Home directory as well; this directory often is /home/<userprofile>.
|
9. Run the WRKSYSVAL QAUTOVRT command. Then, press Enter, select option 2 = Change and enter the number of auto-configured consoles to which you want to connect concurrently. In this example, four consoles are used, but how many you use depends on how many you need. Press Enter (see Figure 5-8).
Figure 5-8 Change QAUTOVRT system value
|
Note: You can add as many devices that you require on QAUTOVRT.
|
10. Issue the WRKSYSVAL QLMTSECOFR command. Then, press Enter and select option 2 = Change. Then, change the value from 1 to 0. Press Enter.
11. Verify that cloud-init is configured as shown in Figure 5-9. Run the CFGTCP command, select Option 1 and then, press Enter.
Figure 5-9 TCP IPs on IBM i configured by cloud-init
12. Issue the following commands to start the Telnet and SSH services:
STRTCPSVR *TELNET
STRTCPSVR *SSH
13. Verify that the ports for SSH and Telnet are listening, as shown in Figure 5-10. Issue the NETSTAT *CNN command. Then, press Enter and then, press Shift + PF2.
Figure 5-10 Display NETSTAT on IBM i
5.1.2 Remote access to IBM i by tunneling
The public IP address blocks most ports. Therefore, you must use SSH tunneling or configure your certificates and use SSL to allow IBM Access Client Solution to connect over public IP.
Before you use an SSH tunnel, you must create a user profile with USRCLS(*SECOFR) specified.
Complete the following steps to access the solution by using SSH tunneling.
1. Open a PuTTY terminal and create a session that uses the public IP, as shown in Figure 5-11.
Figure 5-11 Set PuTTY terminal
The ports that are required to configure on PuTTY are listed in Table 5-1.
Table 5-1 Ports that are required to set up on PuTTY
|
Source port
|
Destination
|
|
449
|
localhost:449
|
|
50000
|
localhost:23
|
|
8470
|
localhost:8470
|
|
8471
|
localhost:8471
|
|
8472
|
localhost:8472
|
|
8473
|
localhost:8473
|
|
8474
|
localhost:8474
|
|
8475
|
localhost:8475
|
|
8476
|
localhost:8476
|
|
9470
|
localhost:9470
|
|
9471
|
localhost:9471
|
|
9472
|
localhost:9472
|
|
9473
|
localhost:9473
|
|
9474
|
localhost:9474
|
|
9475
|
localhost:9475
|
|
9476
|
localhost:9476
|
Complete the following steps:
a. Set up the source port and destination as shown in Figure 5-12.
Figure 5-12 Set the source ports on PuTTY
|
Note: Steps 5, 6, and 7 that are shown in Figure 5-12 are repeated for each port that is in Table 5-1 on page 151.
|
b. Return to Session on Category that is on the left side of PuTTY and click Save.
c. Click Open at the session in PuTTY and click Yes to trust this host and connection.
d. A new window terminal is opened. Enter QSECOFR and the password that was changed, and then, press Enter. The tunneling is now ready. Hold the terminal open, as shown in Figure 5-13.
Figure 5-13 PuTTY log in for QSECOFR
|
Important: The tunneling that is done by using PuTTY is for a Windows system. If you use another operating system, such as Linux or Mac, the SSH tunneling to allow ACS to connect over the External IP is different. For more information, see this IBM Cloud Docs web page.
|
2. Select Access client solutions → Management → 5250 Session Manager → New Display Session. A new window opens, and the 5250 display setup is shown (see Figure 5-14).
Figure 5-14 5250 display configurations
|
Important: For this example, 50000 was chosen as the source port number. This value also was configured in PuTTY. Do not change the source port numbers. When telnetting, avoid making the source port the same as the destination.
|
3. A window opens in which the connection with the PuTTY tunnel is established. Enter the credentials of the QSECOFR profile and their password. Finally, a window capture shows the Main Menu. Select File → Save as to save the 5250 display.
|
Note: A commonly secure Telnet session is used on-premises. However, because the use of SSH tunnel encryption is working in this example, 992 port is not necessary.
|
5.1.3 IBM i 5250 console through LAN adapter
Working with IBM i instances on IBM Power Systems Virtual Server, you need a 5250 console to perform migration, backups, and maintenance procedures.
IBM Power Systems Virtual Server instances provide a web console from the portal, which is based on noVNC and HTML5. Any HTML5 browser can be used to open our console session.
Figure 5-3 on page 147 shows the web-based console that presents the following limitations:
•Session expires after approximately 5 minutes of inactivity.
•Options that are available at the bottom of the window can be confusing because they include function keys and other special keys.
•Cut and paste cannot be used in the window.
|
Tip: IBM i instance connects to a remote LAN console by using IBM i Access Client Solutions. With IBM i ACS, full access is available to the physical keyboard, sessions do not drop unless the connection fails, data can be inserted data by using cut and paste.
|
Configuration procedure
IBM i Access Client Solutions (ACS) must be installed so that the IBM i ACS console can be configured.
Download the installation package from one of the following web pages:
|
Note: The client software is available free of charge. The license is installed on the IBM i instance.
|
Configure a Private Network and add it to the instance. In this example, the 192.168.80.0/24 network was added.
|
Tip: A ticket in IBM Cloud is required to activate the VLAN and subnet. For more information, see IBM Cloud Support.
|
Configuring the Service Tools Server LAN adapter
Complete the following steps:
1. Start the Service Tools by using QSECOFR or a user with *SERVICE authority: STRSST.
2. In the console window, connect by using the QSECOFR user (the default password is QSECOFR).
3. In the DST menu, select option 8 – Work with Service Tools Server Security and Devices. Select F13=Select STS LAN Adapter, as shown in Figure 5-15. (Use NEXT to see more Fn options.)
Figure 5-15 Select STS LAN adapter at SST on IBM i
4. Select the Resource Name that is connected to your Private Network. If nothing is shown, press F21, and the adapters that are in use are shown (see Figure 5-16).
Figure 5-16 Select Service Tools Server LAN adapter
5. Assign the LAN Adapter its own IP address to the LAN Adapter, as shown in Figure 5-17. Press F7 to save, F13 to deactivate and then, F14 to reactivate the adapter.
Figure 5-17 Assigning IP on LAN adapter
|
Note: When an adapter is in use, IPL your IBM i system.
|
6. Configure the console at IBM Access Client Solutions, as shown in Figure 5-18. Click System Configuration → New. Then, enter the System Name, which often is the IP address. If a hostname.
Figure 5-18 Adding a system on Access Client Solutions
7. Go to the Console tab and select the Service hostname, as shown in Figure 5-19. This name is the IP address for the Service Tools Server LAN Adapter.
Figure 5-19 Insert the IP address
8. Verify the connection. If all of the information is correct, click OK and start the console connection.
5.2 Using snapshots on IBM i instances
Snapshots are a resource that is used to create a checkpoint in IBM i VMs for a possible future rollback. It uses copy-on-write procedures to minimize snapshot time to near zero, which allows the VM to be restored quickly.
To ensure data integrity, a disk stage must be completed on IBM i to save data that is cached in memory.
Snapshots are useful before the following change management tasks are conducted:
•Performing an OS upgrade
•Installing PTFs
•Making changes to system values
•Updating application programs
|
Remember: Snapshot is not a backup mechanism. It cannot use one snapshot in a different system than the source instance. Also, snapshot data cannot be moved to other medium and snapshots cannot be mounted on a new system as is done with PowerHA SystemMirror for backup purposes.
|
5.2.1 Taking snapshots
Snapshots can be taken from the command line only by using APIs or IBM Cloud CLI. Users must be familiar with IBM Cloud CLI to perform this task.
Installing and using IBM Cloud CLI
For more information about installing the IBM Cloud CLI on Windows, see this IBM Cloud Docs web page.
|
Note: For Windows, some functions are not supported unless you are running Windows 10 Pro.
|
Complete the following steps:
1. Open a PowerShell window as Administrator and run the command that is shown in Example 5-1.
Example 5-1 Running the installation command
[Net.ServicePointManager]::SecurityProtocol = "Tls12, Tls11, Tls, Ssl3"; iex(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/IBM-Cloud/ibm-cloud-developer-tools/master/windows-installer/idt-win-installer.ps1')
This process can take some minutes. Wait until the end of the process and then, restart the system.
2. In a command window, run the command that is shown in Example 5-2 to check whether the setup processes succeed.
Example 5-2 Checking ibmcloud cli setup process
ibmcloud dev help
If the help is shown, the process can continue.
3. Connect to your account as shown in Example 5-3 and continue installing the plug-ins.
Example 5-3 Logging in to your account
ibmcloud login
The system prompts you for your account’s email and password.
If you use more than one account, select the account you use and the region by using the item number that is shown in the window.
4. To install the required plug-in to work with Power Systems Virtual Server, run the command that is shown in Example 5-4.
Example 5-4 Install Power IaaS plug-in
ibmcloud plugin install power-iaas
5. Click Y when you are prompted to continue with the setup process.
The available services are then listed (see Example 5-5).
Example 5-5 List available services
ibmcloud pi service-list
Figure 5-20 shows the list of available services.
Figure 5-20 List available services
6. Target the service by running the ibmcloud pi service-target <crn> command, as shown in Example 5-6.
Example 5-6 Target the service to use
ibmcloud pi service-target crn:v1:bluemix:public:power-iaas:lon04:a/af339adbfd124f99a5cea8271bf030cc:5fa3d138-6bc4-409f-ba6d-641c071b8e51::
7. To list the available instances, run the command that is shown in Example 5-7.
Example 5-7 List instances
ibmcloud pi ins
8. By using this list, you can copy the instance ID that is must be frozen by using snapshot.
9. Return to the green window console or terminal session and perform a disk stage. Then, quiesce the database, as shown in Example 5-8. All data that is cached in memory is written to disk, and the transactions are held in memory until the snapshot completes.
Example 5-8 Perform a disk stage and quiesce database
CHGASPACT ASPDEV(*SYSBAS) OPTION(*FRCWRT)
CHGASPACT ASPDEV(*SYSBAS) OPTION(*SUSPEND) SSPTIMO(60)
This action must be performed on any available ASP before the snapshot command is run.
10. After the data is written to disk and transactions are held in memory, continue ibmcloud cli and take the snapshot. Run the ibmcloud pi snapshot-create command and target your VM instance. Then, choose a name to identify the snapshot (see Example 5-9).
Example 5-9 Taking the snapshot by using ibmcloud cli
ibmcloud pi snapshot-create c451ccd1-54e8-4953-9402-XXXXXXXXXXXX --name SNP01_EW01-EWIBMi01
11. Run the ibmcloud pi snaps command to list the snapshot. You see that the snapshot state is next to the Instance ID and Snapshot ID. Wait for the available status.
12. When the status is available, resume database activity, as shown in Example 5-10.
Example 5-10 Resuming database activity
CHGASPACT ASPDEV(*SYSBAS) OPTION(*RESUME)
13. To restore the snapshot, power-off your VM instance.
14. Run the following command to restore the snapshot data, as shown in Example 5-11:
ibmcloud pi snapshot-restore <instance_id> --snapshot <snapshot_id>
Example 5-11 Restoring the snapshot
ibmcloud pi snapshot-restore daa5033a-269a-4bb4-9537-XXXXXXXXXXXX --snapshot 57122996-ac9b-4aec-a356-YYYYYYYYYYYY
15. Run the ibmcloud pi snaps command to see the restore operation status.
16. Start the VM instance after the snapshot is restored.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.