Professional Documents
Culture Documents
ThisWant
createsmore content like this?
/home/padmin/snap.pax.Z. ×
You will need to rename this file to TS????.snap.pax.X where TS????
is the problem number for the case you open with IBM. You can then upload the snap to IBM.
Subscribe to TechBeat, our weekly newsletter, for IT related
content delivered straight to your inbox from the experts and
For dual VIO, you should take a snap on both VIO servers so IBM gets the complete picture.
partners at TechChannel.
https://techchannel.com/SMB/02/2022/vio-tips-tricks 1/5
9/12/22, 9:19 AM VIO Server Update Tips and Tricks | TechChannel
exportvg altinst_rootvg
alt_disk_copy -V -B -d hdisk1
If I have to back out later then I set the bootlist to hdisk1 and reboot the VIO on the old version. If your rootvg is
mirrored, then you can unmirror it and take a clone to the disk that was freed up.
3. updateios Command
Most of us are familiar with the updateios command. This is how we put on updates to a VIO server within a
version (i.e. v3.0 to 3.1). This is typically done using the updateios -dev /path -install command. I put all my
VIOS updates into a directory and run updateios against that.
Until recently I didn’t use updateios for putting on efixes, but it turns out that you can and should install efixes
that way.
On VIO 3.1.3.14 there is a patch for lscore which can be downloaded from:
ftp.software.ibm.com/aix/ifixes.security/lscore_fix.tar (ftp://ftp.software.ibm.com/aix/ifixes.security/lscore_fix.tar)
Now I put the efix into its own directory (only copy the epkg.Z file for 3.1.3.14). To determine the correct file
open the Advisory.asc file and search for the level you are running. In my case it is 3.1.3.14 and there is a line
in the file that shows:
exit to padmin
updateios -commit
updateios -install -accept -dev /usr/local/software/flrtfixes/lscore_fix-vio
We use cookies to optimize your visit to our website. By visiting our website without changing your X
On VIO settings, you’reare
3.1.3.14 there acknowledging
two efixes thatyour
areconsent
neededto receive
(as cookies on our
of 2/7/2022)—the onewebsite. If you
for lscore would
above andlike to
change You
openssh_fix14. yourcan
cookie
still settings
use emgr atto
any timethese
check please view
are our privacy
installed policy (/ibm-systems-media-
as follows:
privacy-policy) for additional information. Agree
https://techchannel.com/SMB/02/2022/vio-tips-tricks 2/5
9/12/22, 9:19 AM VIO Server Update Tips and Tricks | TechChannel
# emgr -P
PACKAGE INSTALLER LABEL
======================================================== =========== ==========
bos.rte.security installp IJ36810s3a
openssh.base.client installp 41617s9a
openssh.base.server installp 41617s9a
# emgr -l
ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S IJ36810s3a 02/04/22 16:36:11 IJ36810 Potential security issue
2 S 41617s9a 02/04/22 16:38:26 Ifix for CVE-2021-41617
Prior to any updates (efix or other) you should always run a commit to make sure everything is committed:
updateios -commit
For updates you should also remove any efixes. That way your update won't fail due to a locked fileset. Once
the update is installed and committed you can run FLRTVC (Fix level recommendation tool vulnerability
checker) to determine which efixes need to be installed.
First run lssw to make sure you have the label correct.
If your update fails don't forget to run "updateios -cleanup" to make sure you clean up.
Want more content like this? ×
The log file for efixes will be in /var/adm/ras/emgr.log even though you are using updateios to install the fixes.
Subscribe to TechBeat, our weekly newsletter, for IT related
content delivered straight to your inbox from the experts and
4. Java, SSH and SSL
partners at TechChannel.
These need to be updated regularly. Java patches can be found at Fix Central and SSH/SSL are found at the
AIX Web Download PackKeep Programs site. You will need an IBM site login id to get them. As of Feb 7, 2022 the
me informed
latest versions (32 bit and 64 bit) are:
SSH 8.1.102.2104
SSL 1.1.1.1200 X
We use cookies to optimize your visit to our website. By visiting our website without changing your
Java7 7.0.0.700
settings, you’re acknowledging your consent to receive cookies on our website. If you would like to
Java8 8.0.0.700
change your cookie settings at any time please view our privacy policy (/ibm-systems-media-
There is also a patch for SSH (openssh_fix14) which can be downloaded from IBM at
privacy-policy) for additional information. Agree
ftp.software.ibm.com/aix/ifixes.security/openssh_fix14.tar
(ftp://ftp.software.ibm.com/aix/ifixes.security/openssh_fix14.tar).
https://techchannel.com/SMB/02/2022/vio-tips-tricks 3/5
9/12/22, 9:19 AM VIO Server Update Tips and Tricks | TechChannel
6. LWI Nonstop
If you see this running or messages about waiting for it to exit then you still have systems directory installed. If
systems director is not being used (which in v3 it is not) then you can remove it.
Hopefully you find these updates to the tips and tricks helpful. Additional information and links can be found at
the IBM Support Portal.
References
VIOS Snap (https://www.ibm.com/support/pages/how-collect-snap-powervm-virtual-io-server-vios)
Uploading VIOS Snap to IBM (https://www.ibm.com/support/pages/where-submit-powervm-virtual-io-server-
testcase)
updateios (https://www.ibm.com/docs/en/power-sys-solutions/0008-DEA?
topic=P8DEA/p8hcg/p8hcg_updateios.htm)
updateios and efixes (https://www.ibm.com/support/pages/managing-ifix-vio-server)
FLRTVC (https://www14.software.ibm.com/support/customercare/sas/f/flrt/flrtvc.html)
FLRTVC hiper.csv file (ftp://ftp.software.ibm.com/software/server/flrtvc/hiper_security.csv)
IBM Support Portal (https://www.ibm.com/mysupport/s/?language=en_US)
IBM Power Virtual User Group (http://www.tinyurl.com/ibmaixvug)
UK PowerVM Virtual User Group (http://tinyurl.com/PowerVUG)
AIX Web Download Pack (https://www.ibm.com/resources/mrs/assets/packageList?
source=aixbp&lang=en_US)
X
Related Content
We use cookies to optimize your visit to our website. By visiting our website without changing your
settings, you’re acknowledging your consent to receive cookies on our website. If you would like to
Application development
change (/application-development)
your cookie Service
settings at any time please view Programs
our privacyand Signatures
policy →
(/ibm-systems-media-
(https://techchannel.com/SMB/10/2003/service-programs-signatures)
privacy-policy) for additional information. Agree
https://techchannel.com/SMB/02/2022/vio-tips-tricks 4/5
9/12/22, 9:19 AM VIO Server Update Tips and Tricks | TechChannel
We use cookies to optimize your visit to our website. By visiting our website without changing your
X
settings, you’re acknowledging your consent to receive cookies on our website. If you would like to
change your cookie settings at any time please view our privacy policy (/ibm-systems-media-
privacy-policy) for additional information. Agree
https://techchannel.com/SMB/02/2022/vio-tips-tricks 5/5