Now is the Time to Migrate from Older HMCs
Reminder: Support will soon end for x86-based HMC devices. Now is the time to migrate your data.
A coworker alerted me to this end of service notice for x86-based HMC devices (excerpt below):
“This is the last release to support the 7042 machine type. HMC V9R2 will support the 7063 machine type and Virtual HMC Apliances (x86/ppc64le) only.
“Note: iFixes and Service packs on top of V9 R1 M940 will be supported on 7042 machine types.”
I’ve previously discussed the big changes to the HMC, but as more of you move to POWER9 hardware, here’s a reminder: It’s time to migrate from the older HMCs that still reside in your environments.
While we’re on this topic, I was recently asked about adding a user ssh key to an HMC. The process is detailed in this IBM Knowledge Center doc (excerpt below):
“To enable scripts to run unattended between an SSH client and an HMC, complete the following steps:
1. Enable remote command execution….
2. On the client’s operating system, run the SSH protocol key generator. To run the SSH protocol key generator, complete the following steps:
a. To store the keys, create a directory that is named $HOME/.ssh (either RSA or DSA keys can be used).
b. To generate public and private keys, run the following command:
ssh-keygen -t rsa
The following files are created in the $HOME/.ssh directory:
private key: id_rsa
public key: id_rsa.pub
The write bits for both group and other are turned off. Ensure that the private key has a permission of 600.
On the client’s operating system, use ssh and run the mkauthkeys command to update the HMC user’s authorized_keys2 file on the HMC by using the following command:
ssh hmcuser@hmchostname mkauthkeys -–add <the contents of $HOME/.ssh/id_rsa.pub>
Note: Double quotes (“) are used in commands to ensure that the remote shell can properly process the command. For example:
ssh "mkauthkeys hscuser@somehmchost --add 'ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDa+Zc8+hn1+TjEXu640LqnVNB+Usi
xIE3c649Cgj20gaVWnFKTjcpWVahK/duCLac/zteMtVAfCx7/ae2g5RTPu7FudF2xjs4r
+NadVXhoIqmA53aNjE4GILpfe5vOF25xkBdG9wxigGtJyOKeJHzgnElP7RlEeOBijJD
Ko5gGE12NVfBxboChm6LtKnDxLi9ahhOYtLlFehJr6pV/lMAEuLhd6ax1hWvwrhf/h
5Ym6J8JbLVL3EeKbCsuG9E4iN1z4HrPkT5OQLqtvC1Ajch1ravsaQqYloMTWNFzM
4Qo5O3fZbLc6RuJjtJv8C5t4/SZUGHZxSPnQmkuii1z9hxt hscpe@vhmccloudvm179'"
To delete the key from the HMC, you can use the following command:
ssh hmcuser@hmchostname mkauthkeys --remove joe@somehostTo enable passwords that prompts for all hosts that access the HMC through SSH, use the scp command to copy the key file from the HMC: scp
hmcuser@hmchostname:.ssh/authorized_keys2 authorized_keys2
Edit the authorized_keys2 file and remove all lines in this file and then, copy it back to the HMC: scp authorized_keys2 hmcuser@hmchostname:.ssh/authorized_keys2″
There’s also supporting information about enabling remote command execution and using the HMC remote command line (excerpt below):
“You can use the command line interface in the following situations:
- When consistent results are required. If you have to administer several managed systems, you can achieve consistent results by using the command line interface. The command sequence can be stored in scripts and run remotely.
- When automated operations are required. After you have developed a consistent way to manage the managed systems, you can automate the operations by invoking the scripts from batch-processing applications, such as the cron daemon, from other systems.”