HMC Manual Reference Pages - GETFILE (1)

NAME

getfile - get file

Synopsis
Description
Options
Examples
Environment
Bugs
Author
See Also

SYNOPSIS

getfile -t {krbkeyfile | ldapcacert | powersccacert | rsyslogcacert |
rsysloghmccert | rsysloghmckey | bmccacert}
-l {l | s} -f file [-a alias]
[-h host-name -u user-ID [--passwd password] [-k SSH-private-key]]
[--help]

DESCRIPTION

getfile obtains and deploys a file of the specified type on the Hardware Management Console (HMC).

OPTIONS

-t The type of file to get and deploy. Valid values are krbkeyfile for the Kerberos service key (keytab) file, ldapcacert for the LDAP Certificate Authority (CA) certificate file, powersccacert for the for the PowerSC MFA client truststore key file, rsyslogcacert for the rsyslog CA certificate file, rsysloghmccert for the rsyslog HMC certificate file, rsysloghmckey for the rsyslog HMC private key file, and bmccacert for the Baseboard Management Controller (BMC) CA certificate file.
The Kerberos service key file is generated on a Key Distribution Center (KDC) server. The service key file contains the host principal that identifies the HMC to the KDC server. When this command is run, the file obtained will become the /etc/krb5.keytab file on the HMC. This file will be used to verify the identity of the KDC and the HMC during remote Kerberos authentication of HMC users. Kerberos must be configured on the HMC before this command is run, and the HMC must be rebooted after the successful completion of this command for the change to take effect.
The LDAP CA certificate file contains the certificate for the Certificate Authority the HMC recognizes. This file will be used to provide a secure connection between the HMC and the LDAP server during remote LDAP authentication of HMC users. LDAP must be configured on the HMC before this command is run.
The rsyslog CA certificate file, rsyslog HMC certificate file, and rsyslog HMC private key file must be deployed on the HMC before TLS encrypted system logging over TCP can be enabled. These 3 files will automatically be removed from the HMC when TLS encrypted system logging over TCP is disabled.

-l The location where the file to get resides.
Specify l with this option if the file has already been copied to the HMC or resides on removable media. If the file resides on removable media, the media must be present in the removable media device and the device must be mounted with the mount command before this command is issued. The lsmediadev command can be used to display all of the removable media devices on the HMC.
Specify s with this option if the file resides on a remote site. Secure FTP (SFTP) will be used to obtain the file from the remote site.

-f The fully qualified name of the file on the HMC, removable media, or remote site.

-a The alias to identify the BMC CA certificate.
This option is required when getting the BMC CA certificate. Otherwise, this option is not valid.

-h The host name or IP address of the SFTP server from which to get the file.
This option is required when file resides on a remote site. Otherwise, this option is not valid.

-u The user ID to use to log in to the remote site.
This option is required when file resides on a remote site. Otherwise, this option is not valid.

--passwd The password to use to log in to the remote site.
If both this option and the -k option are omitted and file resides on a remote site, you will be prompted to enter the password. The --passwd and -k options are mutually exclusive.
This option is only valid when file resides on a remote site.

-k The name of the file that contains the SSH private key. If the file name is not fully qualified, the file must exist in the user’s home directory on the HMC.
Use the ssh-keygen command to generate the public and private SSH key pair. The ssh-keygen command is not allowed to write to the .ssh directory in the user’s home directory on the HMC, so when you run the command on the HMC, you must specify both the directory and the file name for the private key. If you generate a key with a passphrase, you will be prompted to enter the passphrase when you run any HMC command that uses the key.
If both this option and the --passwd option are omitted and file resides on a remote site, you will be prompted to enter the password. The -k and --passwd options are mutually exclusive.
This option is only valid when file resides on a remote site.

--help Display the help text for this command and exit.

EXAMPLES

Get the Kerberos service key file from the remote site sftpserver using SFTP, then deploy the file as /etc/krb5.keytab on the HMC (you will be prompted to enter the user’s password):
getfile -t krbkeyfile -l s -h sftpserver -u sftpuser
-f /home/sftpuser/krb5.keytab
Get the rsyslog CA certificate file from the remote site sftpserver using SFTP and SSH keys for authentication, then deploy the file on the HMC:
getfile -t rsyslogcacert -l s -h sftpserver -u sftpuser
-f /home/sftpuser/rsyslog/cacert -k /home/hmcuser/keys/id_rsa
Get the LDAP CA certificate file locally from the user’s home directory, then deploy the file on the HMC:
getfile -t ldapcacert -l l -f /home/user/certs/ldapcert
Get the BMC CA certificate file from the remote site sftpserver using SFTP, then deploy the file on the HMC:
getfile -t bmccacert -l s -h sftpserver -u sftpuser --passwd myPassword
-f /home/sftpuser/bmccerts/CACert1 -a CACert1

ENVIRONMENT

None

BUGS

None

AUTHOR

IBM Austin

HMC Manual Reference Pages - GETFILE (1)

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

OPTIONS

EXAMPLES

ENVIRONMENT

BUGS

AUTHOR

SEE ALSO

-t	The type of file to get and deploy. Valid values are krbkeyfile for the Kerberos service key (keytab) file, ldapcacert for the LDAP Certificate Authority (CA) certificate file, powersccacert for the for the PowerSC MFA client truststore key file, rsyslogcacert for the rsyslog CA certificate file, rsysloghmccert for the rsyslog HMC certificate file, rsysloghmckey for the rsyslog HMC private key file, and bmccacert for the Baseboard Management Controller (BMC) CA certificate file. The Kerberos service key file is generated on a Key Distribution Center (KDC) server. The service key file contains the host principal that identifies the HMC to the KDC server. When this command is run, the file obtained will become the /etc/krb5.keytab file on the HMC. This file will be used to verify the identity of the KDC and the HMC during remote Kerberos authentication of HMC users. Kerberos must be configured on the HMC before this command is run, and the HMC must be rebooted after the successful completion of this command for the change to take effect. The LDAP CA certificate file contains the certificate for the Certificate Authority the HMC recognizes. This file will be used to provide a secure connection between the HMC and the LDAP server during remote LDAP authentication of HMC users. LDAP must be configured on the HMC before this command is run. The rsyslog CA certificate file, rsyslog HMC certificate file, and rsyslog HMC private key file must be deployed on the HMC before TLS encrypted system logging over TCP can be enabled. These 3 files will automatically be removed from the HMC when TLS encrypted system logging over TCP is disabled.
-l	The location where the file to get resides. Specify l with this option if the file has already been copied to the HMC or resides on removable media. If the file resides on removable media, the media must be present in the removable media device and the device must be mounted with the mount command before this command is issued. The lsmediadev command can be used to display all of the removable media devices on the HMC. Specify s with this option if the file resides on a remote site. Secure FTP (SFTP) will be used to obtain the file from the remote site.
-f	The fully qualified name of the file on the HMC, removable media, or remote site.
-a	The alias to identify the BMC CA certificate. This option is required when getting the BMC CA certificate. Otherwise, this option is not valid.
-h	The host name or IP address of the SFTP server from which to get the file. This option is required when file resides on a remote site. Otherwise, this option is not valid.
-u	The user ID to use to log in to the remote site. This option is required when file resides on a remote site. Otherwise, this option is not valid.
--passwd	The password to use to log in to the remote site. If both this option and the -k option are omitted and file resides on a remote site, you will be prompted to enter the password. The --passwd and -k options are mutually exclusive. This option is only valid when file resides on a remote site.
-k	The name of the file that contains the SSH private key. If the file name is not fully qualified, the file must exist in the user’s home directory on the HMC. Use the ssh-keygen command to generate the public and private SSH key pair. The ssh-keygen command is not allowed to write to the .ssh directory in the user’s home directory on the HMC, so when you run the command on the HMC, you must specify both the directory and the file name for the private key. If you generate a key with a passphrase, you will be prompted to enter the passphrase when you run any HMC command that uses the key. If both this option and the --passwd option are omitted and file resides on a remote site, you will be prompted to enter the password. The -k and --passwd options are mutually exclusive. This option is only valid when file resides on a remote site.
--help	Display the help text for this command and exit.