Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z This document can be found on the web at www.ibm.com/support/techdocs Search for author s name under the category of White Papers. Version 1.0 October 2013 Mike Bonett IBM Advanced Technical Skills (bonett@us.ibm.com) Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 1 of 10
Special Notices This document reflects the IBM Advanced Technical Support organizations experience with implementing IBM Tivoli Provisioning Manager on Linux on System z. It was produced and reviewed by the members of the IBM Advanced Technical Skills organization. This document is presented As-Is and IBM does not assume responsibility for the statements expressed herein. It reflects the opinions of the IBM Advanced Technical Skills organization. These opinions are based on the authors experiences. If you have questions about the contents of this document, please contact the author at bonett@us.ibm.com. Trademarks The following are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: IBM, the IBM logo, AIX, Candle, DB2, developerworks, NetView, Passport Advantage, Redbooks, Tivoli, WebSphere, z/os, xseries, zseries, System z, z/vm. A full list of U.S. trademarks owned by IBM may be found at http://www.ibm.com/legal/copytrade.shtml. Microsoft, Windows, Windows NT, Internet Explorer, and the Windows logo are registered trademarks of Microsoft Corporation in the United States and/or other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle Corporation, Inc. in the United States, other countries, or both. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Oracle is a registered trademark of Oracle Corporation. Apache is a trademark of the Apache Software Foundation in the United States, other countries, or both. UNIX is a registered trademark in the United States and other countries licensed exclusively through The Open Group. Intel and Pentium are registered trademarks and MMX, Pentium II Xeon and Pentium III Xeon are trademarks of Intel Corporation in the United States and/or other countries. Other company, product and service names may be trademarks or service marks of others. Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 2 of 10
Introduction... 4 Single Server Installation... 4 Required TPM Version... 5 Interim Fix Installation... 6 TPM Server Considerations... 6 Pre-installation Tasks... 7 Graphical Installation... 7 Backing up the TPM Server... 8 z/vm Considerations... 8 Linux Master Image Considerations... 9 SCSI Support... 9 Provisioning Considerations... 9 Performance and Tuning... 10 Self Service User Interface... 10 Acknowledgements... 10 Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 3 of 10
Introduction IBM Tivoli Provisioning Manager (TPM) can be used to provision Linux guests running under z/vm. It also runs on Linux on System z, thus providing a complete System z manage-from and manage-to platform for provisioning Linux on System z Cloud environments. This paper provides additional guidance and pointers to information sources, to assist with the implementation of TPM on Linux on System z, and on using TPM to provision Linux on System z guests. It is *not* a substitute for the product installation and customization documentation, which can be found at http://pic.dhe.ibm.com/infocenter/tivihelp/v45r1/index.jsp?topic=%2fcom.ibm.tivoli.tpm.doc%2fwelcome%2fic-homepage.html. It highlights additional findings based on the authors installation experiences that are easily overlooked but which must be considered when deploying TPM to run on and manage Linux on System z. Not all of this information will apply to every installation environment; the items must be evaluated for applicability to a particular environment. Single Server Installation TPM relies on multiple components for its execution: Middleware (the following products are provided with TPM): o IBM DB2 o IBM HTTP Server o IBM WebSphere Application Server o IBM Tivoli Directory Server (for LDAP functions) TPM Core Components TPM Application Base Services Optional self service user interfaces Note: the Oracle database can be used in place of DB2 and Microsoft Active Directory can be used in place of Tivoli Directory Server. Consult the installation manual for supported environments when using these products. Due to this complexity it is best to start with a simple installation that installs all of these components on a single Linux on System z guest. The following picture shows such an installation, along with the other z/vm and Linux on System z components the TPM server will interact with: Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 4 of 10
The IBM middleware components are provided as part of the TPM license and are installed during the TPM installation process. Installing all components on a single server has implications such as the supported Linux versions that can be used. These implications are documented in the TPM Installation Guide. However, installing on a single server provides the quickest time to value and can be used to more rapidly start using the product. Distributed topology options can be pursued once experience with TPM has been gained. Required TPM Version TPM 7.2.1 must be at interim fix 3 or greater. Interim fix 3 contains the most current workflows that support z/vm Linux provisioning; with additional enhancements such as support for SCSI devices and the optional zcloud Self-Service interface (see details below). The currently supported and tested versions of Linux for the TPM server are Red Hat Linux 5.5 Red Hat Linux 6.1 and 6.2 (requires interim fix 2 or greater) SUSE Linux Enterprise Server (SLES) 11.2 Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 5 of 10
Red Hat Linux versions 5.6-5.9 should work but have not yet been verified by TPM development for Linux on System z. Interim Fix Installation Documentation on installing interim fixes is provided as part of the interim fix package. Installation involves many steps and includes stopping/restarting of various TPM middleware and product components. The documentation should be reviewed completely, and a backup of the environment taken, before beginning the installation process. An IBM Support Technical Exchange recording and presentation on installing interim fix 3 is available at http://www.ibm.com/support/docview.wss?uid=swg27036246. This is also helpful to review if installing a later Interim Fix, to get an understanding of the process. For new TPM installations on operating system platforms that require an interim fix to support the TPM Server, the TPM base software can be installed and then the interim fix installed on top of it. Installation of the interim fix may fail if the TPM Java certificate has expired. When TPM is initially installed a Java certificate is created that is valid for one year. This certificate is used by TPM command line functions that carry out actions on the TPM server. The interim fix invokes several of these command line functions. If the certificate has expired a may appear when the interim fix is being installed, similar to the following: 2013-09-30 20:48:51,865 ERROR COPCOM608E The command cannot be run because of the following reason: Connection failed, check if TPM server was started successfully. (com.ibm.jsse2.util.h: Certificate expired). The text might also say no trusted certificates found. If this occurs, update the Java certificate using the procedure in the product documentation, which is also summarized in this technote: http://www.ibm.com/support/docview.wss?uid=swg21448300 TPM Server Considerations A large amount of DASD storage is needed to support the TPM server. The exact requirements are documented in the TPM Installation Guide; however, 90-100 GB is not unusual (not including space for backups), particularly when accounting Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 6 of 10
for database growth. If CKD devices are used, this will require multiple z/vm DASD volumes defined in Linux as logical volumes. The TPM Server requires swap space to be defined. The installation will fail otherwise, even if a large amount of memory exists. The recommended swap space size is at least twice the amount of memory. Pre-installation Tasks A number of pre-installation tasks are required before the installation begins. The tasks are documented in the installation guide. It is critical to step through all of these tasks, as failure to do so with cause problems during the installation that may require removing all of the software and starting from the beginning or worse, having to reinstall the operating system platform. Some of the key pre-installation task steps: Installing additional required Linux software packages. This varies by Linux type and release level and is important to review to ensure the specific software packages for the installation platform are installed. In some cases both the 32 bit and 64 bit versions of the package are required. Performing required operating system customization, to change several default operating system configuration values. Using the IBM Prerequisite Scanner for hardware/software/storage/package verification. Details on using the prerequisite scanner can be found at http://www.ibm.com/support/docview.wss?uid=swg24031503. For Red Hat Linux the ksh package must be installed; this is not normally installed by default on Red Hat installations. Graphical Installation VNC Server is recommended to be installed, to use for the graphical installation. Running the TPM installer in graphical mode may require additional packages to be installed. If the installer fails to start with the message the installer is unable to run in graphical mode use this technote to determine what additional packages need to be installed: http://www.ibm.com/support/docview.wss?uid=swg21303823. Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 7 of 10
The technote does not identify the package levels for the latest versions of SUSE Linux or Red Hat Linux. But it can be used to determine the package name, and the most current version appropriate for the operating system level (which should be available on the operating system installation media or via an online update) can be installed. The Firefox browser is required for the graphical installation. If Firefox version 10 or higher is used, the installation program launchpad.sh might not work, as it may not recognize version 10 as a supported browser. If this happens please review this technote for a workaround: http://www.ibm.com/support/docview.wss?uid=swg21595098. Backing up the TPM Server It is prudent to take backups of the TPM Server after major steps of the installation process. While not required, should problems be encountered in a step it may be easier to revert to the previous backup and start over. This of course will require additional DASD storage to be available. A backup is recommended at the following points in the installation and maintenance process: o After the middleware installation and verification of its functionality. o After the base services and core components installation and verification. o After the post-installation activities and verification. o Before an interim fix is applied. z/vm Considerations Review the Managing Virtualization with zvm_virtual_infrastructure contents of the TPM documentation, which is in the Configuring Virtual Servers section of the TPM online information center. This covers the z/vm customization needed to authorize TPM to access and issue DIRMAINT requests, and walks through the steps of using the provided workflows to: o discover a z/vm system o discover Linux guests and create master image definitions o provision new Linux guests from a master image o control (power on/off), move, and delete a provisioned server TPM provisions new Linux guests by requesting storage from disk pools defined in the z/vm EXTENT CONTROL file, and cloning the master image disks to the Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 8 of 10
storage defined for the new guest. Two disk pools are needed to allocate DASD for the new guest: o a pool to allocate space for a small CMS formatted disk o a pool to allocate space from the disks used by the Linux operating system. These are the only disk pools that are available to TPM to draw space from for new image instances. They are defined when the z/vm system is discovered and there is no way to specify other disk pools. Linux Master Image Considerations A 1 cylinder CMS mini disk must be defined. It holds network information used when a new guest is provisioned from the master image. Only 1 NIC definition is supported by the workflows. The password defined for the master image USER DIRECT entry must match the root password of the Linux operating system running in the guest virtual machine. This password is captured by the ztpm_system_z_linux_define_image workflow and stored in the TPM database. When a new guest is cloned from this image definition, the password is used to make the initial Linux login into the guest to complete the clone update process. SCSI Support TPM interim fix 3 or higher is required to support SCSI based DASD. When using SCSI based DASD, TPM can only create master image templates and provision guests if the DASD devices are emulated as FBA devices and defined as FB-512 in the master image directory entry, for example: MDISK 0700 FB-512 32 17000000 SI3F00 07110743 Other emulated device types, such as 9336, are not supported. Verify the default FB-512 device size in DEFAULTS DATADVH. It likely must be overridden in EXTENT CONTROL to ensure enough blocks are defined to allow provisioning to occur. Provisioning Considerations The hostname given to a newly provisioned guest must be resolvable to an IP address or the provisioning will fail. This can be addressed by either including the Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 9 of 10
name in the DNS environment, or (for a quicker, simpler solution), including the hostname and IP address in the /etc/hosts file of the TPM Server. Performance and Tuning The TPM Version 7 Capacity Planning Cookbook is available on the IBM Integrated Service Management Library (ISML) at https://www- 304.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW10107 O and should be consulted for configuration, tuning, and operational guidance related to the TPM server performance. Self Service User Interface The TPM User Interface is meant for administrators involved in the provisioning process and not for self service (though an installation may choose to use it as such, by implementing the appropriate security and authentication controls). For Linux on System z there are 2 add on options available to provide a self service interface for provisioning Linux on System z: o zvm_virtual_infrastructure_extensions: this package provides a web based interface to provision, start, stop, and delete servers without having to access the TPM user interface. It is available on ISML at https://www- 304.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW101 09A. o zcloud Self-Service Interface: This package builds on the zvm_virtual_infrastructure_extensions package to provide a more granular self-service interface. It is available from IBM Advanced Technical Skills. Both of the above self-service interfaces are provided as-is with no formal support. Acknowledgements Special thanks to the following individuals for their contributions to this technote: Vaughn Burton, IBM Advanced Technical Skills John Goodyear, IBM Advanced Technical Skills Pat Hayes, IBM Software Group, Cloud & Smarter Infrastructure Michael Sine, IBM Advanced Technical Skills Hints and Tips for Using IBM Tivoli Provisioning Manager with Linux on System z Page 10 of 10