Monday, October 11, 2010

IBM HMC: Accessing the Product Engineering Shell (PESH) Command Line

On this site you can find manual how to access PESH in HMC.
http://www-01.ibm.com/support/docview.wss?uid=nas1dba3b86d228b9b6c862570d1008009fd

It can be used when solving problem with too big /var/hsc/log/hmclogger.log file and need to do any operation under root.
http://www-01.ibm.com/support/docview.wss?uid=isg3T1011162


The procedure in this document can be used to obtain an unrestricted shell on the HMC and log on as root.
Prerequisites: Obtain a pesh password from IBM support.
Right-click on the HMC desktop, select Terminals > rshterm . Run the lshmc -v command to obtain the HMC serial number (as stored in the BIOS). The serial number is listed in the SE field (in bold blue below):


lshmc -v
“vpd=*FC ????????
*VC 20.0
*N2 Thu Dec 08 17:42:59 CST 2005
*FC ????????
*DS Hardware Management Console
*TM 7310-C03
*SE 104ECBA
*MN IBM
*PN 6AUBR1DKKFK
Note the date displayed in the *N2 field and give it to IBM support. Give IBM support the serial number and the date that the pesh procedure will be run. IBM support will generate a password valid for that serial number and day.

Step 1: Log on the HMC with user profile hscroot or with any other profile that has a taskrole of hmcsuperadmin.

Step 2: Open a restricted shell by doing one of the following:
o For a local HMC V6 and earlier, right-click on the HMC desktop, select Terminals > rshterm . Minimize the HMC System Manager window if necessary.
o For a local HMC V7, click on HMC Management > Open Restricted Shell .
o If remote command execution is enabled and open in the firewall, use a remote ssh client such as PuTTY.

Step 3: Create the hscpe user profile (if necessary). Type the following command:
mkhmcusr -u hscpe -a hmcpe
Type a seven or eight character password as prompted.
If the command returns the following message , the user profile already exists:
The user name specified already exists or may be reserved by the Hardware Management Console. Choose another user name.
If the password is lost, reset the password by typing the following command:
chhmcusr -u hscpe -t passwd

Step 4: Enable ssh. Type the following command:
chhmc -c ssh -s enable

Step 5: Open an ssh session as hscpe. To log on a rshterm window as hscpe on the local HMC, issue the ssh command to loopback:
ssh hscpe@localhost

Answer yes to the prompt for the message The authenticity of host ‘localhost (127.0.0.1)’ can’t be established . Ignore the warning 964: Failed to add the host to the list of known hosts (/home/hscpe/.ssh/known_hosts) . Type the password for hscpe.

Step 6: Issue the pesh command to the unrestricted shell:
pesh serial_number
Type the pesh password provided by IBM support.
Note: Both the serial number and the password are case sensitive. Serial numbers are always uppercase; passwords are always lowercase.

Step 7: Log on as root by typing the following command:
su -
Type the root (not hscroot) password. If the password is lost, log on a second restricted shell as an hmcsuperadmin and then reset the password ( chhmcusr -u root -t passwd ). Repeat the su - command.
 

No comments:

Post a Comment