chhmc - change Hardware Management Console (HMC) configuration information
Synopsis
Description
Options
Examples
Environment
Bugs
Author
See Also
To change remote access settings:
chhmc -c {ssh | xntp | sol}
-s {enable | disable | modify}
[--sshprotocol {1 | 2 | all}]
[--help]To change remote web browser access:
chhmc -c remotewebui
-s {enable | disable}
-i interface
[-a {IPv4-address | IPv6-address[/prefix-length]}]
[-nm IPv4-network-mask]
[--help]To enable or disable TLS encrypted system logging over TCP:
chhmc -c syslog -t tls
-s {enable | disable}
[--force]
[--help]To add, modify, or remove a remote system logging destination:
chhmc -c syslog
-s {add | modify | remove}
{-a IP-address | -h host-name}
[-t {tcp | tls | udp}]
[-f input-data-file | --input "input-data"]
[--help]To add or remove an entry in the network time protocol configuration file:
chhmc -c xntp
-s {add | remove}
{-a {IPv4-address | IPv6-address[/prefix-length]} |
-h host-name}
[--ntpversion {1 | 2 | 3 | 4}]
[-nm IPv4-network-mask]
[-i interface]
[--help]
To configure whether keyboard mapping configuration or display configuration will occur at the next reboot:
chhmc -c {kbdcfg | dispcfg}
-s {enable | disable}
[--help]
To configure an alternate disk partition on the HMC as a startup device:
chhmc -c altdiskboot
-s {enable | disable}
--mode {install | upgrade}
[--help]To configure firewall settings to permit or deny IP addresses from utilizing HMC services:
chhmc -c {ssh | service}
-s {add | remove}
-a {IPv4-address | IPv6-address[/prefix-length]}
[-nm IPv4-network-mask]
[-i interface]
[--help]If -nm is omitted, the default IPv4 network
mask will be 255.255.255.255.
If prefix-length is omitted, the default
IPv6 prefix length will be 128.
If -i is omitted, the rule will be applied
to all interfaces.To add or remove a static route:
chhmc -c netroute
-s {add | remove}
[--routetype {host | net}]
[-a {IPv4-address | IPv6-address[/prefix-length]}]
[-nm IPv4-network-mask]
[-g gateway]
[-i interface]
[--position position]Use the chhmc -c network -s modify -g command
to modify the default route.To add or remove entries from the DNS server search order or the domain suffix search order:
chhmc -c network
-s {add | remove}
[-ns DNS-server]
[-ds domain-suffix]
[--help]
To change network settings for a specific network interface:
chhmc -c network
-s modify
-i interface
[-a {none | list]
[-nm IPv4-network-mask]
[--ipv6auto {on | off}]
[--ipv6privacy {on | off}]
[--ipv6dhcp {on | off}]
[--ipv4dhcp {on | off}]
[--lparcomm {on | off}]
[--tso {on | off}]
[--speed {auto | 10 | 100 | 1000}]
[--duplex {auto | half | full}]
[--jumboframe {on | off}]
[--help]To change other network settings:
chhmc -c network
-s modify
[-h host-name]
[-d network-domain-name]
[-g gateway [-i interface]]
[--help]To enable or disable IPv6 on the HMC:
chhmc -c network
-s {enable | disable}
--ipv6
[--help]To add or remove SLP service registration IP addresses (please allow at least 3 minutes for the change to take effect):
chhmc -c slp
-s {add | remove}
-a {IPv4-address | IPv6-address[/prefix-length]}
[--help]To change the locale for the HMC:
chhmc -c locale
-s modify
-l locale
[--help]To change the HMC date and time, or time zone:
chhmc -c date
-s modify
[--datetime date-time]
[--clock {local | utc}]
[--timezone time-zone]
[--help]To change the HMC Kerberos configuration:
chhmc -c kerberos
-s {add | modify | remove}
[{-a KDC-IPv4-address[:port] |
-h KDC-host-name[:port]}]
[--realm realm]
[--defaultrealm realm]
[--clockskew clock-skew]
[--ticketlifetime ticket-lifetime]
[--kpasswdadmin {IPv4-address[:port] | host-name[:port]}]
[--trace {on | off}]
[--weakcrypto {on | off | default}]
[--help]
To change the Integrated Management Module (IMM) settings:
chhmc -c imm
-s modify
[-a IPv4-address -nm IPv4-network-mask -g gateway]
[-u user-ID [--passwd password]]
[--mode {ded | shared}]
[--help]To restart the IMM:
chhmc -c imm
-s restart
[--help]To change the cipher mode for the HMC chatlet interface use the following command. This setting must be consistent among all HMCs using the chatlet interface (port 9920). Enable sets the cipher mode to the legacy anonymous cipher mode and disable removes the use of anonymous ciphers on the chatlet interface. This setting is disabled when the HMC security mode is set to NIST SP 800-131A.
chhmc -c legacyhmccomm
-s {enable | disable}
[--help]To change the HMC security mode (the HMC will automatically be restarted):
chhmc -c security
-s modify
--mode {legacy | nist_sp800_131a}
[-r]
[--help]To enable or disable the Event Manager for Call Home:
chhmc -c emch
-s {enable | disable}
[--callhome {enable | disable}]
[--help]To enable, disable, or change the GRUB password:
chhmc -c grubpasswd
-s {enable | disable | modify}
[--passwd password]
[--help]To change the Baseboard Management Controller (BMC) settings:
chhmc -c bmc
-s modify
{{[-a IPv4-address] [-nm IPv4-network-mask] [-g gateway]} |
--ipv4dhcp {on | off}}
[--help]
chhmc changes Hardware Management Console (HMC) configuration information, such as remote access settings and network settings.
-c The type of configuration to be modified. Valid values are ssh, syslog, xntp, netroute, network, slp, kbdcfg, dispcfg, altdiskboot, locale, service, date, remotewebui, kerberos, imm, sol for Serial Over LAN, legacyhmccomm, security, emch for Event Manager for Call Home, grubpasswd, and bmc. -s The new state value of the configuration. Valid values are enable, disable, add, modify, remove, and restart. -i The interface to configure, such as eth0 or sl0. If this option is omitted when adding a static route, the route will be added for each interface.
-a The network IP address. For network interface configuration, this is the static IP address configuration. Valid values are:
none - no static IP address configured
list - specify a comma-separated list of static IP
addresses. The list can contain zero or one
static IPv4 address and zero or more static
IPv6 addresses in the following format:
static-address/prefix-lengthFor SLP service registration IP address configuration, specify a comma-separated list of zero or more IPv4 addresses and zero or more IPv6 addresses. IPv6 addresses must be specified in the following format: IPv6-address[/prefix-length]. If prefix-length is omitted, the default prefix length will be 128.
For all other operations except Kerberos, IMM, and BMC configuration, an IPv4 or IPv6 address can be specified.
For Kerberos configuration, use this option to specify the IPv4 address of the Key Distribution Center (KDC). An optional port number can be specified following the IPv4 address. If the KDC has an IPv6 address, then you cannot use this option to specify the IP address of the KDC. You must use the -h option to specify the host name of the KDC instead. Either this option or the -h option to specify the KDC is required for a Kerberos add or remove operation. This option is not valid for a Kerberos modify operation.
-nm The IPv4 network mask. --ipv6 Specify this option to enable or disable IPv6 on the HMC. When disabled, no link-local IPv6 addresses will be automatically assigned to the HMC network interfaces. IPv6 is enabled by default on the HMC.
--ipv6auto The IPv6 autoconfiguration setting for the network interface. Valid values are:
on - autoconfigure IPv6 addresses
off - do not autoconfigure IPv6 addresses--ipv6privacy The IPv6 privacy extension setting for the network interface. Valid values are:
on - use privacy extensions for autoconfiguration
off - do not use privacy extensions for autoconfiguration--ipv6dhcp The IPv6 DHCP setting for the network interface. Valid values are:
on - obtain an IPv6 address automatically via DHCP
off - do not obtain an IPv6 address automatically via DHCP--ipv4dhcp The IPv4 DHCP setting for the network interface or the BMC. Valid values are:
on - obtain an IPv4 address automatically via DHCP
off - do not obtain an IPv4 address automatically via DHCP
This option cannot be used if a static IPv4 address has also been specified with the -a option.--lparcomm The partition communication setting for the network interface. This option has been deprecated. Use the chpsm command to configure which network interfaces are enabled for partition communication.
--tso The TCP segmentation offload (TSO) setting for the network interface. Valid values are:
on - enable TSO
off - disable TSO--speed The speed setting for the network interface. Valid values are:
auto - automatically detect and set speed
10 - 10Mbps
100 - 100Mbps
1000 - 1000Mbps
Specify auto unless you have a requirement to use a fixed speed setting.--duplex The duplex setting for the network interface. Valid values are:
auto - automatically detect and set duplex
half - half duplex
full - full duplex
Specify auto unless you have a requirement to use a fixed duplex setting.Valid combinations of --speed and --duplex are:
--speed auto --duplex auto
--speed 10 --duplex half
--speed 10 --duplex full
--speed 100 --duplex half
--speed 100 --duplex full
--speed 1000 --duplex full--jumboframe Enables or disables jumbo frames on the network interface. The jumbo frame size is 9000 bytes. Valid values are:
on - enable jumbo frames
off - disable jumbo framesDo not enable jumbo frames on the network interface that is used to connect to managed systems or managed frames. Managed systems and managed frames do not support jumbo frames.
-d The network domain name. -h The host name. For Kerberos configuration, use this option to specify the host name of the Key Distribution Center (KDC). An optional port number can be specified following the host name. Also, either this option or the -a option to specify the KDC is required for a Kerberos add or remove operation. This option is not valid for a Kerberos modify operation.
-g The default gateway IP address. -ns The nameserver IP address to add or remove. -ds The domain suffix to add or remove. --routetype The type of static route to add. Valid values are host to add a static route to a host and net to add a static route to a network. --position The position in the routing table of the static route to add or remove. When adding a static route, if this option is omitted or if the position specified is greater than the position of the first default route entry, the route entry will be added to the routing table just before the first default route entry.
The lshmc --netroute command can be used to display the position of all of the static route entries in the routing table.
--ntpversion The NTP version. Versions 1 - 4 are supported. --mode When configuring an alternate disk partition on the HMC as the startup device, specify the mode to use when starting up. Valid values are install and upgrade. The default value is upgrade. When configuring the HMC IMM settings, specify the IMM network interface mode. Valid values are ded for dedicated and shared. The default value is ded.
When configuring the HMC security mode, valid values are legacy for no security mode, and nist_sp800_131a for NIST SP 800-131A (National Institute of Standards and Technology Special Publication 800-131A). The default value is legacy. The HMC will automatically be restarted after the security mode is changed.
-r When changing the HMC security mode, specify this option to cause the HMC to automatically be restarted without asking for confirmation. -l The locale. For a list of all locales supported by the HMC, issue the lshmc -L command. For the new locale to take effect for the local HMC console, you must log off the console and log back on. For the new locale to take effect for the HMC command line, you must reboot the HMC.
--datetime The new date and time to set on the HMC’s clock. date-time must be specified using the following format:
MMDDhhmm[[CC]YY][.ss]
where MM is the month, DD is the day, hh is the hour in 24 hour format, mm is the minutes, CC is the century, YY is the year, and ss is the seconds.This option is required when the --clock option is specified.
You must reboot the HMC after setting the date and time.
--clock The BIOS clock type. Valid values are local and utc. --timezone The time zone to set for the HMC. time-zone must be specified in continent/city format. You must reboot the HMC after setting the time zone.
--realm The Kerberos realm name. When the first Kerberos realm and KDC is added to the HMC, that realm is set as the default realm and Kerberos is automatically enabled on the HMC. When the last Kerberos realm and KDC is removed from the HMC, Kerberos is automatically disabled on the HMC. Then, if another Kerberos realm and KDC is added to the HMC, Kerberos will automatically be enabled again, and the default realm will be set to the new realm. There is no other way to enable or disable Kerberos on the HMC.
This option is required for a Kerberos add or remove operation. This option is not valid for a Kerberos modify operation.
--defaultrealm The Kerberos default realm name. When no realms exist on the HMC, the default realm is automatically set to the next realm that is added to the HMC.
This option is not valid for a Kerberos add or remove operation.
--clockskew The Kerberos clock skew value in seconds. This is the maximum allowable amount of clock skew before Kerberos considers messages invalid. The clock skew is set to the default value of 120 seconds whenever Kerberos is enabled on the HMC, unless this option is specified. This option is not valid for a Kerberos remove operation.
--ticketlifetime The Kerberos ticket lifetime value (lifetime for credentials). The format of this value is a whole number followed by s for seconds, m for minutes, h for hours, or d for days. The ticket lifetime is set to the default value of 2d (2 days) whenever Kerberos is enabled on the HMC, unless this option is specified. This option is not valid for a Kerberos remove operation.
--kpasswdadmin The Kerberos admin server host name or IP address. This option enables Kerberos users to change their own passwords using the chhmcusr command. If a realm is not specified, the default realm is used for the operation. --trace Enables or disables Kerberos authentication logging. When enabled, trace messages are logged in the /var/log/messages file on the HMC. Valid values are:
on - enable Kerberos authentication logging
off - disable Kerberos authentication logging (default
value)This option is only valid for a Kerberos modify operation.
--weakcrypto Specifies whether or not Kerberos is allowed to use weak encryption types. This option is not allowed when the HMC security mode is set to NIST SP 800-131A. Valid values are:
on - allow Kerberos to use weak encryption types
off - do not allow Kerberos to use weak encryption
types
default - use the default setting on the HMCThis option is only valid for a Kerberos modify operation.
--sshprotocol The SSH protocol to use. Valid values are 1 for version 1, 2 for version 2, or all for both versions 1 and 2. The default value is 2. -u The new IMM user ID. --passwd The new IMM user password or the new GRUB password. If this option is omitted, you will be prompted to enter the password. -t The type of connection to use for forwarding syslog messages to the remote destination. Valid values are tcp for unencrypted TCP, tls for TLS encrypted TCP, and udp for unencrypted UDP. If this option is not specified, it defaults to udp.
The HMC does not support both encrypted and unencrypted remote system logging destinations simultaneously.
Before TLS encrypted system logging over TCP can be enabled, the getfile command must be run to deploy the rsyslog certificate files and private key file on the HMC.
-f The name of the file containing the input data for this command. The input data consists of attribute name/value pairs, which are in comma separated value (CSV) format. The format of the input data is as follows:
"attribute-name=value,value,..." ,...
When a list of values is specified, the attribute name/value pair must be enclosed in double quotes. Depending on the shell being used, nested double quote characters may need to be preceded by an escape character, which is usually a ’#146; character.
If ’+=’ is used in the attribute name/value pair instead of ’=’, the specified value is added to the existing list.
If ’-=’ is used in the attribute name/value pair instead of ’=’, the specified value is deleted from the existing list.
Valid attributes for this command:
filter_msg_contains_discard_strings
Defines a property-based syslog message filter that
discards all syslog messages containing the specified
strings in their message textInput data for this command can be specified with this option or the --input option. The -f and the --input options are mutually exclusive.
This option is only valid for a syslog add or modify operation.
--input This option allows you to enter input data on the command line, instead of using a file. Data entered on the command line must follow the same format as data in a file, and must be enclosed in double quotes. Input data for this command can be specified with this option or the -f option. The --input and the -f options are mutually exclusive.
This option is only valid for a syslog add or modify operation.
--callhome When disabling the Event Manager for Call Home, use this option to specify whether automatic call home is to remain disabled or automatic call home is to be enabled. This option is required and only allowed when disabling the Event Manager for Call Home. Valid values are:
disable - automatic call home is to remain disabled
enable - enable automatic call homeWhen the Event Manager for Call Home is enabled, automatic call home is automatically disabled.
--force Specify this option to force TLS encrypted system logging over TCP to be disabled when there are remote system logging destinations configured. All configured remote system logging destinations will be removed. --help Display the help text for this command and exit.
To change the Hardware Management Console host name:chhmc -c network -s modify -h mynewhost
To set the IP address and network mask for network interface eth0:
chhmc -c network -s modify -i eth0 -a 10.10.10.1
-nm 255.255.255.0To disable IPv6 on the HMC:
chhmc -c network -s disable --ipv6
To add a static route to the network 192.165.31.0 for interface eth0 to the beginning of the routing table:
chhmc -c netroute -s add --routetype net -a 192.165.31.0
-nm 255.255.255.0 -g 192.165.178.1 -i eth0 --position 1To remove the static route entry in position 3 of the routing table:
chhmc -c netroute -s remove --position 3
To enable remote access via ssh:
chhmc -c ssh -s enable
To enable remote access via Serial Over LAN:
chhmc -c sol -s enable
To disable remote web browser access from all IP addresses over network interface eth0:
chhmc -c remotewebui -s disable -i eth0
To add a remote system logging destination that will receive syslog messages over UDP:
chhmc -c syslog -s add -a 10.10.10.2
To enable TLS encrypted system logging over TCP:
chhmc -c syslog -s enable -t tls
To add a remote system logging destination that will receive TLS encrypted syslog messages over TCP:
chhmc -c syslog -s add -t tls -h secure.ibm.com
To set a syslog filter for the server secure.ibm.com. The filter will cause all syslog messages that contain the string informational in their message text to be discarded:
chhmc -c syslog -s modify -t tls -h secure.ibm.com --input
"filter_msg_contains_discard_strings=informational"To remove the syslog filter for the server secure.ibm.com:
chhmc -c syslog -s modify -t tls -h secure.ibm.com --input
"filter_msg_contains_discard_strings="To enable keyboard mapping configuration to occur on the next reboot:
chhmc -c kbdcfg -s enable
To enable display configuration to occur on the next reboot:
chhmc -c dispcfg -s enable
To permit a single IP address to use the ssh service over network interface eth0:
chhmc -c ssh -s add -a 10.10.10.3 -nm 255.255.255.255
-i eth0To enable Network Time Protocol service:
chhmc -c xntp -s enable
To add a Network Time Protocol server to the configuration file:
chhmc -c xntp -s add -h mytimeserver.company.com
Specify the hostname will not change firewall rule settings. It is assumed that the user will use the Customize Network Settings to change firewall settings.
To add a Network Time Protocol server to the configuration file, using IP address and at the same time enable firewall access through network interface eth0:
chhmc -c xntp -s add -a 10.10.10.32 -i eth0
To remove a Network Time Protocol server from the configuration file:
chhmc -c xntp -s remove -h mytimeserver.company.com
To remove the HMC IP address 9.53.182.99 from the SLP service registration IP addresses:
chhmc -c slp -s remove -a 9.53.182.99
To set the current locale to Spanish:
chhmc -c locale -s modify -l es_ES
To set the alternate disk partition on HMC as a startup device on the next HMC boot:
chhmc -c altdiskboot -s enable --mode upgrade
To update the HMC clock to January 25, 2007 14:30:50 (the current year is 2007):
chhmc -c date -s modify --datetime 01251430.50 or
chhmc -c date -s modify --datetime 012514302007.50 or
chhmc -c date -s modify --datetime 0125143007.50To update the HMC clock to December 8, 2008 09:45, local time:
chhmc -c date -s modify --datetime 120809452008 --clock
localTo update the HMC time zone to United States, Central time:
chhmc -c date -s modify --timezone America/Chicago
To add a Kerberos realm and KDC to the HMC:
chhmc -c kerberos -s add --realm EXAMPLE.COM -a 10.10.0.20
To add a Kerberos admin server and allow Kerberos users to change their own passwords using the chhmcusr command:
chhmc -c kerberos -s add --kpasswdadmin 10.10.0.20 or
chhmc -c kerberos -s add --kpasswdadmin 10.10.0.20 --realm EXAMPLE.COM
To replace a Kerberos admin server:
chhmc -c kerberos -s modify --kpasswdadmin 10.10.0.20 or
chhmc -c kerberos -s modify --kpasswdadmin 10.10.0.20 --realm
EXAMPLE.COMTo remove the Kerberos admin server:
chhmc -c kerberos -s remove --kpasswdadmin 10.10.0.20 --realm
EXAMPLE.COMTo add a Kerberos realm and KDC and set the clock skew to 140 seconds and ticket lifetime to 1 day:
chhmc -c kerberos -s add --realm EXAMPLE.COM
-h kdc.example.com:88 --clockskew 140
--ticketlifetime 1dTo remove a Kerberos realm and KDC from the HMC:
chhmc -c kerberos -s remove --realm EXAMPLE.COM
-h kdc.example.comTo modify the Kerberos default realm on the HMC:
chhmc -c kerberos -s modify --defaultrealm EXAMPLE2.COM
To modify the Kerberos clock skew to 60 seconds on the HMC:
chhmc -c kerberos -s modify --clockskew 60
To modify the Kerberos ticket lifetime to 12 hours on the HMC:
chhmc -c kerberos -s modify --ticketlifetime 12h
To change the IMM network settings:
chhmc -c imm -s modify -a 9.3.99.100 -nm 255.255.255.0 -g 9.3.99.1 chhmc -c imm -s restart (to apply the new network settings)
To change the IMM user ID and password (the password must be entered when prompted):
chhmc -c imm -s modify -u immusername
To disable the use of anonymous ciphers on the HMC chatlet interface:
chhmc -c legacyhmccomm -s disable
To enable NIST SP 800-131A mode:
chhmc -c security -s modify --mode nist_sp800_131a
To enable the Event Manager for Call Home:
chhmc -c emch -s enable
To enable and set a GRUB password:
chhmc -c grubpasswd -s enable --passwd myPassword
To change the GRUB password (the password must be entered when prompted):
chhmc -c grubpasswd -s modify
To change the BMC network settings:
chhmc -c bmc -s modify -a 9.3.99.100 -nm 255.255.255.0 -g 9.3.99.1
None
None
IBM Austin
lshmc, chpsm, getfile
| Linux | CHHMC (1) | "August 2017" |