FAQ for PowerVM LPM/SRR Automation Tool

Answer

1. What are the new features in the version 9.1.930.0  PowerVM LPM/SRR Automation tool?
   • Review the following document for details - LPM V9 New Features Training v930.pdf
      
2. What are the new LPM and SRR features in each PowerVM release?
   • Review the following document for details - LPM Enhancements 840_920.pdf
      
3. What ports need to be opened on the server where the tool is installed?
   • The default web browser needs 8443 and 8080 and 8005 ports opened. There are instructions in the QuickStart Guide if you want to use different ports.
      
4. My security team is flagging the GHOSTCAT vulnerability - what can be done?
   • Ghostcat CVE2020-1938 is a recent vulnerability found in the Tomcat server. The tool uses Tomcat so this applies to it.
     It is easily mitigated by editing the file conf/server.xml and removing these two lines and restarting the tool.
     The tool does not use AJP so you do not need it enabled.
     
     <!-- Define an AJP 1.3 Connector on port 8009 -->
         <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
     
     For an AIX system, do the following:
     
     cd lpm_aix  (other users might have either lpm_linux or lpm_win)
     ps -ef | grep lpm    (if the tool is running, you should see a process id similar to the following)
     
     root 10944622        1   0   May 11      - 64:55 /tmp/lpm_aix_0303/bin/../jre7/bin/java..........
     
     cd lpm_aix/bin
     ./shutdown.sh
     ps -ef | grep lpm    (ensure the tool has stopped running)
     cd lpm_aix/conf
     cp server.xml server.xml.orig
     vi server.xml   (delete these two lines)
     
      <!-- Define an AJP 1.3 Connector on port 8009 -->
         <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
     
     cd lpm_aix/bin
     ./startup.sh
     ps -ef | grep lpm   (you should see a process id similar to this)
     
     root 10944622        1   0   May 11      - 64:55 /tmp/lpm_aix_0303/bin/../jre7/bin/java..........
     
     Check to see that the port wasn't initialized as follows:
     
     cd lpm_aix/logs
     tail catalina.out (you should see something similar to this with only http-bio-8080 and http-bio-8443 started.....)
     
     log4j:WARN No appenders could be found for logger (freemarker.cache).
     log4j:WARN Please initialize the log4j system properly.
     log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
     /tmp/lpm_aix_0303/webapps/lpm//WEB-INF/log4j.properties
     May 13, 2020 10:38:34 AM org.apache.coyote.AbstractProtocol start
     INFO: Starting ProtocolHandler ["http-bio-8080"]
     May 13, 2020 10:38:34 AM org.apache.coyote.AbstractProtocol start
     INFO: Starting ProtocolHandler ["http-bio-8443"]
     May 13, 2020 10:38:34 AM org.apache.catalina.startup.Catalina start
     INFO: Server startup in 8800 ms
     
     If you see this, STOP...you have not edited the server.xml file correctly!
     
     INFO: Starting ProtocolHandler ["ajp-bio-8009"]
     May 13, 2020 10:37:03 AM org.apache.catalina.startup.Catalina start
      
5. The tool seems to be broken...its acting weird, what is wrong?
   • There are four common problems:
     1. The most common issue is that you have added a redundant HMC to tool. This is not supported and it causes many issues......the GUI isn't refreshing the partitions after they are moved, the config.properties file isn't being applied.
        • To fix this, remove the redundant HMC from the tool and restart the tool.
     2. The next problem is the file system is full where the tool is running. The symptom here is that you can't seem to do anything with the tool...it seems hung and restarting it doesn't fix it.
        • To fix this, make the filesystem larger. or free up space. The tool only needs 3 GB of file space.
     3. Another problem that happens is that the tool is installed by one user who has a set of file permissions. And the tool is started and those permissions are used for the derby database file. Then later on someone starts the tool but doesn't have permissions to write to the derby database file. So they can LPM and do other stuff but when they log out and log back in, things don't seem saved from their previous sessions or LPARS seem out of place.
        • To resolve this, stop the tool and then have someone with the same permissions as the original user to startup the tool.
     4. The last problem, which rarely happens, is that there are two versions of the tool up and running. On AIX or Linux, you can "ps -ef | grep lpm" and should only see one process running.
        • To fix this, do a shutdown, do a "ps -ef | grep lpm" and repeat a shutdown if necessary until no processes are running.
           
6. How can you control the VSCSI/NPIV/VNIC/Vswitch mappings with the tool?
   • Review the video titled Changing the Virtual adapters during LPM and SRR with spreadsheets (including NPIV, VSCSI and VNIC) for details.
      
7. How do you configure LDAP authentication for the tool?
   • Review the document titled LDAPconfigurationProcedure-Oct30th.pdf to configure the tool to use LDAP.
     Note that Windows AD versus AIX servers might have a slight difference in their syntax. Try either syntax for this line in the config.properties file as follows:
     com.ibm.lbs.asset.lpm.login.ldap.principal=uid=%user%,ou=People,o=ibm          << ===  For some AD environments
     com.ibm.lbs.asset.lpm.login.ldap.principal=%user%@somedomain.com            << ===  For other AD environments