PowerVM

Hello,

Following Jaqui's great guide on VIOS3.1 > 4.1 migration:

https://techchannel.com/SMB/12/2023/powervm-v4-upgrade

I have defined the files to be preserved:

cat  /home/padmin/filestosave.txt
/etc/environment
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/inittab
/etc/motd
/etc/netsvc.conf
/etc/passwd
/etc/profile
/etc/syslog.conf
/etc/security/limits
/etc/security/login.cfg
/etc/security/passwd
/etc/tunables/nextboot
/etc/ssh/sshd_config
/home/padmin/.profile
/home/padmin/filestosave.txt
/etc/ntp.conf
/etc/rc.tcpip
/home/padmin/config/ntp.conf

...and the migration itself goes just perfectly fine...butttt...the all the config files are wiped to default ones. 

Actually I cannot even login as padmin, since ssh-keys are gone, and prompt complains that "Password expired too long" (Eventhough I actually changed it before starting the migration)

Anyone having any idea for root cause of this behaviour? Or is it by design (e.g should the  original config files be restored somehow manually after the migration) ?

Br,

tommi

------------------------------
Tommi Sihvo, Lead Service Architect
Tietoevry, Compute Services
email tommi.sihvo@tietoevry.com mobile +358 (0)40 5180 Finland
------------------------------

Hi Tommi,

IJ50326: PADMIN UNABLE TO LOGIN AFTER VIOSUPGRADE TO 4.1 (ibm.com)

And be careful with the /etc/group restore 

"With VIOS 4.1 and the new PostgresDB v15, some permission were changed, and now we need a group with id 202 called db_users to run it
We do not have this new group in the /etc/group that we have on the VIOS running 4.1and for this reason CMDB is getting permission issues while starting

[8782274    29-Feb-2024 16:15:03] dba_cm.c               1.21.1.10       create_db_env_CM             @   437 : Creating CM DB
[8782274    29-Feb-2024 16:15:03] dba_db.c               1.5.2.6         vdba_popen                   @   618 : Incoming cmd='su - vpgadmin -c "export LIBPATH=/usr/ios/db/postgres15/lib; /usr/ios/db/postgres15/bin/pg_ctl status -D /home/ios/CM/DB"'
[8782274    29-Feb-2024 16:15:03] violibCommon.c         1.128.14.7      vioLocalPOpen                @  2146 : ERROR: FINISH cmd: su - vpgadmin -c "export LIBPATH=/usr/ios/db/postgres15/lib; /usr/ios/db/postgres15/bin/pg_ctl status -D /home/ios/CM/DB" status = 126
[8782274    29-Feb-2024 16:15:03] dba_db.c               1.5.2.6         vdba_popen                   @   631 : ERR OUT: ksh: /usr/ios/db/postgres15/bin/pg_ctl: 0403-006 Execute permission denied.

Have you copied the old /etc/group during the move to VIOS 4.1?

To recover, next step is to recreate the group (no side effect on the running LPARs)
$ oem_setup_env
# stopsrc -s vio_daemon
# mkgroup -'A' id='202' users='vpgadmin,padmin' db_users
# startsrc -s vio_daemon -a "-d 4"
# kill -1 vio_daemon's PID

This should be enough to properly start the DB.
Please wait few minutes, then retry the query that was failing"

------------------------------
Artur Studzian

Original Message:
Sent: Mon March 04, 2024 04:53 AM
From: Tommi Sihvo
Subject: VIOS upgrade does not preserve config filesj

Hello,

Following Jaqui's great guide on VIOS3.1 > 4.1 migration:

https://techchannel.com/SMB/12/2023/powervm-v4-upgrade

I have defined the files to be preserved:

cat  /home/padmin/filestosave.txt
/etc/environment
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/inittab
/etc/motd
/etc/netsvc.conf
/etc/passwd
/etc/profile
/etc/syslog.conf
/etc/security/limits
/etc/security/login.cfg
/etc/security/passwd
/etc/tunables/nextboot
/etc/ssh/sshd_config
/home/padmin/.profile
/home/padmin/filestosave.txt
/etc/ntp.conf
/etc/rc.tcpip
/home/padmin/config/ntp.conf

...and the migration itself goes just perfectly fine...butttt...the all the config files are wiped to default ones. 

Actually I cannot even login as padmin, since ssh-keys are gone, and prompt complains that "Password expired too long" (Eventhough I actually changed it before starting the migration)

Anyone having any idea for root cause of this behaviour? Or is it by design (e.g should the  original config files be restored somehow manually after the migration) ?

Br,

tommi

------------------------------
Tommi Sihvo, Lead Service Architect
Tietoevry, Compute Services
email tommi.sihvo@tietoevry.com mobile +358 (0)40 5180 Finland
------------------------------

Hello,

Following Jaqui's great guide on VIOS3.1 > 4.1 migration:

https://techchannel.com/SMB/12/2023/powervm-v4-upgrade

I have defined the files to be preserved:

cat  /home/padmin/filestosave.txt
/etc/environment
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/inittab
/etc/motd
/etc/netsvc.conf
/etc/passwd
/etc/profile
/etc/syslog.conf
/etc/security/limits
/etc/security/login.cfg
/etc/security/passwd
/etc/tunables/nextboot
/etc/ssh/sshd_config
/home/padmin/.profile
/home/padmin/filestosave.txt
/etc/ntp.conf
/etc/rc.tcpip
/home/padmin/config/ntp.conf

...and the migration itself goes just perfectly fine...butttt...the all the config files are wiped to default ones. 

Actually I cannot even login as padmin, since ssh-keys are gone, and prompt complains that "Password expired too long" (Eventhough I actually changed it before starting the migration)

Anyone having any idea for root cause of this behaviour? Or is it by design (e.g should the  original config files be restored somehow manually after the migration) ?

Br,

tommi

------------------------------
Tommi Sihvo, Lead Service Architect
Tietoevry, Compute Services
email tommi.sihvo@tietoevry.com mobile +358 (0)40 5180 Finland
------------------------------

Regarding ssh keys, add them into your postupgrade script.

#!/bin/ksh

mkdir -p /home/padmin/.ssh

chown padmin:system /home/padmin/.ssh

chmod 0700 /home/padmin/.ssh

echo 'my-key' >/home/padmin/.ssh/authorized_keys

chown padmin:staff /home/padmin/.ssh/authorized_keys

chmod 0600 /home/padmin/.ssh/authorized_keys

or create another user with the PAdmin role. Because I have ansible user with PAdmin role, I could login as ansible user and then execute /usr/ios/cli/ioscli oem_setup_env to get into root environment and check the configuration ;-)

Hello,

Following Jaqui's great guide on VIOS3.1 > 4.1 migration:

https://techchannel.com/SMB/12/2023/powervm-v4-upgrade

I have defined the files to be preserved:

cat  /home/padmin/filestosave.txt
/etc/environment
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/inittab
/etc/motd
/etc/netsvc.conf
/etc/passwd
/etc/profile
/etc/syslog.conf
/etc/security/limits
/etc/security/login.cfg
/etc/security/passwd
/etc/tunables/nextboot
/etc/ssh/sshd_config
/home/padmin/.profile
/home/padmin/filestosave.txt
/etc/ntp.conf
/etc/rc.tcpip
/home/padmin/config/ntp.conf

...and the migration itself goes just perfectly fine...butttt...the all the config files are wiped to default ones. 

Actually I cannot even login as padmin, since ssh-keys are gone, and prompt complains that "Password expired too long" (Eventhough I actually changed it before starting the migration)

Anyone having any idea for root cause of this behaviour? Or is it by design (e.g should the  original config files be restored somehow manually after the migration) ?

Br,

tommi

------------------------------
Tommi Sihvo, Lead Service Architect
Tietoevry, Compute Services
email tommi.sihvo@tietoevry.com mobile +358 (0)40 5180 Finland
------------------------------

Hi!

Oh, do you use ansible on VIOS with oem_setup_env?  Du you use it with other ansible modules than shell / cmd?

I'm asking the other day we had to change nameserver and ntp settings.  Which was easily possible using an ansible template, but was more difficult on VIOS due to limitations of the padmin user, and we didn't found a way to call oem_setup_env for the them.

Our solution then was to deploying ssh keys to the root acount, and hope we don't have to do many other changes, as that's not how we would like to do it :(

Best regards,

  Alexander

Regarding ssh keys, add them into your postupgrade script.

#!/bin/ksh

mkdir -p /home/padmin/.ssh

chown padmin:system /home/padmin/.ssh

chmod 0700 /home/padmin/.ssh

echo 'my-key' >/home/padmin/.ssh/authorized_keys

chown padmin:staff /home/padmin/.ssh/authorized_keys

chmod 0600 /home/padmin/.ssh/authorized_keys

or create another user with the PAdmin role. Because I have ansible user with PAdmin role, I could login as ansible user and then execute /usr/ios/cli/ioscli oem_setup_env to get into root environment and check the configuration ;-)

Hello,

Following Jaqui's great guide on VIOS3.1 > 4.1 migration:

https://techchannel.com/SMB/12/2023/powervm-v4-upgrade

I have defined the files to be preserved:

cat  /home/padmin/filestosave.txt
/etc/environment
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/inittab
/etc/motd
/etc/netsvc.conf
/etc/passwd
/etc/profile
/etc/syslog.conf
/etc/security/limits
/etc/security/login.cfg
/etc/security/passwd
/etc/tunables/nextboot
/etc/ssh/sshd_config
/home/padmin/.profile
/home/padmin/filestosave.txt
/etc/ntp.conf
/etc/rc.tcpip
/home/padmin/config/ntp.conf

...and the migration itself goes just perfectly fine...butttt...the all the config files are wiped to default ones. 

Actually I cannot even login as padmin, since ssh-keys are gone, and prompt complains that "Password expired too long" (Eventhough I actually changed it before starting the migration)

Anyone having any idea for root cause of this behaviour? Or is it by design (e.g should the  original config files be restored somehow manually after the migration) ?

Br,

tommi

------------------------------
Tommi Sihvo, Lead Service Architect
Tietoevry, Compute Services
email tommi.sihvo@tietoevry.com mobile +358 (0)40 5180 Finland
------------------------------

Hello,

Following Jaqui's great guide on VIOS3.1 > 4.1 migration:

https://techchannel.com/SMB/12/2023/powervm-v4-upgrade

I have defined the files to be preserved:

cat  /home/padmin/filestosave.txt
/etc/environment
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/inittab
/etc/motd
/etc/netsvc.conf
/etc/passwd
/etc/profile
/etc/syslog.conf
/etc/security/limits
/etc/security/login.cfg
/etc/security/passwd
/etc/tunables/nextboot
/etc/ssh/sshd_config
/home/padmin/.profile
/home/padmin/filestosave.txt
/etc/ntp.conf
/etc/rc.tcpip
/home/padmin/config/ntp.conf

...and the migration itself goes just perfectly fine...butttt...the all the config files are wiped to default ones. 

Actually I cannot even login as padmin, since ssh-keys are gone, and prompt complains that "Password expired too long" (Eventhough I actually changed it before starting the migration)

Anyone having any idea for root cause of this behaviour? Or is it by design (e.g should the  original config files be restored somehow manually after the migration) ?

Br,

tommi

------------------------------
Tommi Sihvo, Lead Service Architect
Tietoevry, Compute Services
email tommi.sihvo@tietoevry.com mobile +358 (0)40 5180 Finland
------------------------------

Hi Tommi,

Regarding your config files migration.... there are two options to bring them to new VIOS version. Specifying that list of files with "-g" option, will copy them to "/home/padmin/backup_files" path and user needs to use that copy to merge with the current system files that are present in respective paths. This is the best practice for all system related files. Specifying both "-g" option and "-F forcecopy", will copy the given list of files to the respective paths on the new VIOS version. This option is good for user files, but not for system files.

You may find the below caution information in documentation: https://www.ibm.com/docs/en/power10/9105-22B?topic=ic-viosupgrade-command

Hello,

Following Jaqui's great guide on VIOS3.1 > 4.1 migration:

https://techchannel.com/SMB/12/2023/powervm-v4-upgrade

I have defined the files to be preserved:

cat  /home/padmin/filestosave.txt
/etc/environment
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/inittab
/etc/motd
/etc/netsvc.conf
/etc/passwd
/etc/profile
/etc/syslog.conf
/etc/security/limits
/etc/security/login.cfg
/etc/security/passwd
/etc/tunables/nextboot
/etc/ssh/sshd_config
/home/padmin/.profile
/home/padmin/filestosave.txt
/etc/ntp.conf
/etc/rc.tcpip
/home/padmin/config/ntp.conf

...and the migration itself goes just perfectly fine...butttt...the all the config files are wiped to default ones. 

Actually I cannot even login as padmin, since ssh-keys are gone, and prompt complains that "Password expired too long" (Eventhough I actually changed it before starting the migration)

Anyone having any idea for root cause of this behaviour? Or is it by design (e.g should the  original config files be restored somehow manually after the migration) ?

Br,

tommi

------------------------------
Tommi Sihvo, Lead Service Architect
Tietoevry, Compute Services
email tommi.sihvo@tietoevry.com mobile +358 (0)40 5180 Finland
------------------------------