Service Update Management Assistant (SUMA)

SUMA sets up an automated interface to download fixes from a fix distribution website to your systems. SUMA can be configured to periodically check the availability of specific new fixes and technology levels. Therefore, system administrators do not have to manually retrieve maintenance updates from the web.

When you configure SUMA in an AIX logical partition (LPAR) or as the NIM master, SUMA establishes a connection to the fix distribution website and downloads the available service update. The fix distribution website is an IBM server with the domain name of esupport.ibm.com. If your configuration contains a firewall that blocks the connection to the fix distribution website, you must customize the firewall rules to allow SUMA to connect to the following IP addresses:

  • 129.42.56.189
  • 129.42.60.189
  • 129.42.54.189
SUMA connects to one of these IP addresses based on your geography.
Note: The port numbers of the fix distribution website can be either 80 for HTTP or 443 for HTTPS.
The following figure shows how SUMA connects to the fix distribution website through the internet.
Figure 1. SUMA connection diagram
SUMA connection diagram
You can access the SUMA configuration by running the suma command or by using the SMIT suma fast path. When you create a SUMA policy, you must specify a request type that specifies the type of download.
PTF
Specifies a request to download a program temporary fix (PTF), such as U813941. Only certain PTFs can be downloaded as an individual fileset. This limitation applies to PTFs that contain either the bos.rte.install or bos.alt_disk_install.rte filesets as well as those that are released in between Service Packs (SP). Otherwise, you must download the technology level (TL) or service pack (SP).
TL
Specifies a request to download a specific TL (such as 7200-02).
SP
Specifies a request to download a specific SP (such as 7200-02-00).
Latest
Specifies a request to download the latest fixes. This value returns the latest service pack or the TL as specified in the FilterML attribute.

To start using SUMA, perform the following operations:

Configuring SUMA to use the proxy settings

Before you run the suma command to download any updates, ensure that the AIX LPAR is authenticated to access the internet. To verify that the LPAR is connected to the internet, enter the following command:
suma -x -a Action=Preview -a RqType=Latest
This suma command allows you to preview only the download operation. When you run this command, files are not downloaded. If the LPAR is not authenticated to access the internet, the command returns the following message:
0500-013 Failed to retrieve list from fix server.

In this instance, you must contact your administrator or determine the steps necessary to allow your system to access the internet.

Complete the following steps to configure SUMA to use the proxy settings:
  1. Ensure that the bos.ecc_client.rte fileset is installed on the AIX LPAR by running the following command, lslpp -h bos.ecc_client.rte.
    Figure 2. Checking the bpos.ecc_client.rte fileset
    Checking the bpos.ecc_client.rte fileset
  2. Ensure that the config_conn_path command is available in the bos.ecc_client.rte fileset by running the following command, lslpp -w /usr/ecc/bin/config_conn_path.
    Figure 3. config_conn_path command
    config_conn_path command
  3. Configure your proxy settings by completing the following steps:
    1. Run the smit srv_conn command.
    2. Select Create/Change Service Configuration and press Enter.
    3. Select Create/Change Primary Service Configuration and press Enter.
    4. Set the following fields in the SMIT interface:
      Figure 4. Configuring proxy settings
      Configure proxy settings

      Where, xx.xx.xx.xx is the IP address of the proxy and 5026 is the port number that is used to connect to the proxy settings. When you press Enter, a test connection determines whether the AIX LPAR is authenticated to access the internet by using the proxy settings. The common values for proxy port number are 3138 or 8080.

    5. Run the smit suma_config_base command to access the SUMA base configuration SMIT interface. Verify the fields that are shown in the Base Configuration screen capture.
      Figure 5. Base Configuration SMIT
      The Base Configuration SMIT
Note: For the Fixserver protocol field, https is the only option. For the Download protocol field, http is the default option. You can change the default option to https for a secure connection. If you set the Download protocol to https, the downloads are slower but more secure because HTTP provides multi-threaded performance and HTTPS provides single-threaded performance.

Creating and managing a SUMA task by using the SMIT interface

To create and save a SUMA task by using the SMIT interface, complete the following steps:
  1. Run the smit suma command.
  2. Select Custom/Automated Downloads (Advanced) and press Enter.
  3. Select Create a New SUMA Task and press Enter.
  4. Select an option to determine whether you want to save, execute, or run both simultaneously and press Enter.
    Figure 6. Creating and managing a SUMA task
    Creating and managing a SUMA task
  5. Set the following fields in the SMIT interface and press Enter.
    Figure 7. The SMIT interface
    The SMIT interface

SUMA tasks and the command line

The suma command can be used to perform these operations on a SUMA task or policy. An RqType parameter specifies the type of download that is being requested, such as a TL, SP, or Latest. You can use several flag options with the suma command to perform the following tasks:
  • Create
  • Edit
  • List
  • Schedule
  • Unschedule
  • Delete
Examples
To create and save a SUMA task by using the command line, run the following command:
suma -w -a DisplayName=‘ AIX72TL2SP2‘ -a FilterML=‘7200-00‘
The command returns a task ID after the successful creation of a SUMA task:
Task ID 10 created.
To create and schedule a task that downloads the latest fixes and adds a policy label through the DisplayName field (useful when you are listing policies through SMIT), run the following command:
suma -s "30 2 15 * *" -a RqType=Latest   \
    -a DisplayName="Latest fixes - 15th Monthly"

In this example, the user scheduled the task to run on the 15th day of every month at 2:30 a.m. using cron format.

To create and schedule a task that downloads the entire 7200-03 Technology Level into the /lppsrc/7203 directory on a specific day and time, run the following command:
suma -s "0 23 * * 1" -a Action=Clean -a RqType=ML \
-a RqName=6100-03 -a DLTarget=/lppsrc/6103   \
-a FilterSysFile=/dev/null
This command also duplicates base levels and conflicting updates as well as runs a lppmgr clean operation after the download to remove superseded updates.
Note: Before running a task that specifies Action=Clean, you can run the suma -c command to verify the SUMA global configuration settings that will be used when running lppmgr. Setting REMOVE_SUPERSEDE, REMOVE_DUP_BASE_LEVELS, and REMOVE_CONFLICTING_UPDATES to yes results in the intended action of the preceding example.

Troubleshooting SUMA error messages

You must ensure that you are entitled to download SUMA maintenance updates. If you are not entitled to download SUMA maintenance updates, check with your administrator and licensing team for assistance. Without entitlement, you encounter the following error message:

Error: Entitlement is required to download. The system's serial number is not entitled.

For other SUMA error messages, check your system log files for the time stamp of the operation, the IP address and the port numbers of the fix distribution server. If your system is misconfigured, you might encounter a SUMA error message similar to the following:

# /usr/sbin/suma -x -a Action=Metadata -a RqType=Latest -a FilterML=7100-02 -a DLTarget=/export/eznim/SUMA
0500-013 Failed to retrieve list from fix server.
To begin troubleshooting SUMA error messages, consider the following troubleshooting steps:
  1. Ensure that the client's firewall connection is authenticated by establishing the telnet connection to the fix distribution center
    telnet www.ibm.com 443
    telnet www.ibm.com 80
  2. Verify the connection by running the following command:
    # /usr/esa/bin/verifyConnectivity -t
  3. Verify that Electronic Customer Care (ECC) services are installed by running the following command:
    # /usr/ecc/bin/config_conn_path -c 'PRIMARY' -t 'YES'
  4. Check the SUMA log files at the following locations:
    • /var/adm/ras/suma.log
    • /var/adm/ras/suma_dl.log
    • /var/suma/log/eccTrace0.0.log
    • /var/esa/log
    • /var/ecc/data/log/eccTrace0.0.log
  5. Edit the SUMA configuration to generate verbose log files by running the following command:
    suma -c -a SCREEN_VERBOSE=LVL_DEBUG \
    -a LOGFILE_VERBOSE=LVL_DEBUG \
    -a NOTIFY_VERBOSE=LVL_DEBUG
  6. Edit the configuration and rerun the SUMA task by performing the following steps:
    1. Go to the /var/suma/data/eccBase.properties properties file and set TRACE_LEVEL=info.
    2. Delete the log files in the /var/suma/log location.
    3. Enter the following command to rerun the SUMA task:
      /usr/sbin/suma -x -a Action=Metadata -a RqType=Latest -a FilterML=7100-02 \
               -a DLTarget=/export/eznim/SUMA/7100-02/metadata
    4. Verify that the information in the log file is correct.