Difference between revisions of "GettingStarted"
(→Step by Step) |
|||
(36 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
+ | == New To IBM i == | ||
+ | If you are new to the IBM i platform by IBM, then please take a quick look at the [[New To iSeries]] topic. This will explain a few points of nomenclature and warnings about the system. Please take this step if you are new to the platform because there are many things different about this system. | ||
+ | |||
== Introduction == | == Introduction == | ||
So you just got a new Power 520, and you don't know where to start? | So you just got a new Power 520, and you don't know where to start? | ||
− | A lot of things have changed, and with the current console options things aren't as simple anymore. | + | A lot of things have changed, and with the current [[console]] options things aren't as simple anymore. |
In this example, we'll assume that you have a machine that uses Operations Console LAN attached (vulgo: LAN console). This is usually specified when ordering the machine, so that IBM will preconfigure the machine correctly. | In this example, we'll assume that you have a machine that uses Operations Console LAN attached (vulgo: LAN console). This is usually specified when ordering the machine, so that IBM will preconfigure the machine correctly. | ||
Line 11: | Line 14: | ||
== Step by Step == | == Step by Step == | ||
− | + | === Hardware & Console === | |
Here's a general rundown of steps to be taken: | Here's a general rundown of steps to be taken: | ||
# Get the LAN Console PC into shape. | # Get the LAN Console PC into shape. | ||
− | + | ## Install System i Access V6R1, apply the latest [http://www-03.ibm.com/systems/i/software/access/windows/casp.html service pack]. | |
− | + | ## Disable the Windows Firewall and any anti-virus firewalls - important for getting BOOTP working. It is a best practice to '''COMPLETELY''' turn off everything in your antivirus software (i.e. McAfee) because there is a lot more than just the firewall that will stop the BOOTP process from being allowed to communicate with Operations Console. | |
− | # Plan for [[ASMI]] | + | # Plan for [[ASMI]] |
− | + | ## If you have a DHCP server on your network, ensure that a network cable is attached to HMC Port 1 before powering on your system. This will ensure that the ASMI will obtain an IP address using DHCP. | |
− | + | ## If not, manually configure an IP address for ASMI using a PC directly attached to HMC Port 1, which will listen to the IP address 169.254.2.147. On Power 5 systems, the default IP on HMC Port 1 is 192.168.2.147. | |
− | # Configure the PC for a static IP adress. Add the appropriate LAN console configuration | + | # Configure the PC for a static IP adress. Add an entry to the hosts file (i.e. C:\windows\system32\drivers\etc\hosts) that will be used for your IBM i T1 ethernet port communication. In the hosts file simply make up your own name and give it an IP address that you know is not in use. Then add the appropriate LAN console configuration and specify the name you created in the hosts file. Ensure that the serial number and partition number is entered correctly. If you do not have any partitions, enter "1" as the partition number (this is valid Power 5 and Power 6 systems) |
− | # Attach the PC to the Ethernet Port 1 of the System. | + | # Attach the PC to the Ethernet Port 1 of the System. Not on the HMC ports, but on the first port of the GX+ card, labeled T1. Ensure the PC is directly connected to the system. The PC will not have link until after IBM i OS is being loaded, but make sure that the cable you have is working. Crossover cables are not needed. |
# Start the LAN console connection | # Start the LAN console connection | ||
− | # Attach the UPS relay cable to the system. | + | # Attach the UPS relay cable to the system. It should be attached to serial port number 2. Important: You will need an IBM supplied adapter cable here. Do not attach the UPS cable to the SPCN ports (where it fits without the adapter) |
− | # Attach power to the | + | # Attach power to the system. |
+ | ## As a best practice, attach each power supply to a different UPS. In smaller installations, attach one power supply to the UPS and the other to a protected power socket. This will protect against UPS failure. | ||
+ | ## Attach both power supplies at the same time. Leaving one power supply unplugged may cause an SRC to be raised and the attention light to be lit | ||
# Wait till the FSP has finished initialization (~2-5 minutes). This is indicated by the green power light blinking slowly. | # Wait till the FSP has finished initialization (~2-5 minutes). This is indicated by the green power light blinking slowly. | ||
− | # Logon to ASMI | + | # Logon to ASMI |
+ | ## Either use the manually configured connection per the above step, or look into what IP address your DHCP server has distributed to the FSP. | ||
+ | ## Logon using "admin" as both username and password. | ||
+ | ## Immediately change the password and logon again. You should now see all ASMI options. | ||
+ | ## Logout from ASMI | ||
# Press the white power button | # Press the white power button | ||
# When prompted on the LAN console PC, enter "11111111" as both username and password | # When prompted on the LAN console PC, enter "11111111" as both username and password | ||
− | # You should | + | # You should now see the logon prompt. Logon using QSECOFR/QSECOFR |
− | # Ensure that the system sees the UPS using DSPMSG QSYSOPR | + | # After ensuring that you can logon, enable the Windows Firewall again. |
− | # Change QUPSDLYTIM to something sensible. 300 seconds is a good start if you use the default 1.5kVA UPS and only the Power 520 is attached to it. | + | |
+ | === Initial IBM i OS configuration === | ||
+ | # Upon first signing in with QSECOFR you will be presented with "Work with Software Agreements" screen. You can read the agreements and accept them. | ||
+ | # Ensure that the system sees the UPS using DSPMSG QSYSOPR. You should see message CPI0962 ''The uninterruptible power supply is now attached'' | ||
+ | # Change QUPSDLYTIM to something sensible. 300 seconds is a good start if you use the default 1.5kVA UPS and only the Power 520 and LAN console PC is attached to it. | ||
+ | # Now is a good time to change the DST/SST password. | ||
+ | ## Switch the system into manual mode using the control panel (reference on how to do this?) and execute function 21. | ||
+ | ## You should now see the DST logon prompt. Logon using QSECOFR/QSECOFR. If you disable the QSECOFR id you can reset it using command CHGDSTPWD PASSWORD(*DEFAULT). | ||
+ | ## You will now need to immediately change your password. | ||
+ | ## Reset the password of the QSRV user to a known value and ensure that it's password is not set to expired | ||
+ | ## Log out from DST | ||
+ | ## Ensure that the system is switched back to mode B Normal. | ||
# Change the system name using CHGNETA | # Change the system name using CHGNETA | ||
+ | ## Ensure that MDMCNTRYID is set correctly for your country, otherwise this will prevent them from working | ||
# Configure TCP/IP using GO TCPADM | # Configure TCP/IP using GO TCPADM | ||
## Create an ethernet line description using WRKHDWRSC *CMN / 5 / 1. Use *AUTO/*AUTO (which is the default on V6R1) unless your networking department specifies special settings. | ## Create an ethernet line description using WRKHDWRSC *CMN / 5 / 1. Use *AUTO/*AUTO (which is the default on V6R1) unless your networking department specifies special settings. | ||
Line 39: | Line 60: | ||
## Use CHGTCPDMN to set HOSTNAME, DMNNAME according to whatever your network plan specifies. Set HOSTSCHPTY to *LOCAL. Set at least two (preferably internal) nameservers on INTNETADR. | ## Use CHGTCPDMN to set HOSTNAME, DMNNAME according to whatever your network plan specifies. Set HOSTSCHPTY to *LOCAL. Set at least two (preferably internal) nameservers on INTNETADR. | ||
## Create a host table entry for the HOSTNAME/DMNNAME you set in the previous step using CFGTCP / 10 | ## Create a host table entry for the HOSTNAME/DMNNAME you set in the previous step using CFGTCP / 10 | ||
− | # Install all additionally needed license programs | + | # Change QCCSID, QLOCALE, QDECFMT, [http://publib.boulder.ibm.com/infocenter/iseries/v6r1m0/index.jsp?topic=/rzati/rzatitimezone.htm QTIMZON], QCTLSBS etc. |
− | # Install latest CUM/Group/Hiper PTFs, preferably using [[Image_Catalog]] | + | # Configure the NTP client using CHGNTPA. |
− | # Change | + | ##If you have Windows Domain Controllers in your network, these can serve as a NTP servers |
− | # Configure | + | ##You can also use the [http://www.pool.ntp.org/ NTP Pool] |
+ | # Perform an IPL to ensure that the system runs in mode B Normal | ||
+ | # Wait until INZSYS has completed before proceeding. You will see a QSYSOPR message indicating the completion. | ||
+ | # Install all additionally needed license programs. As a best practice, create an [[Image_Catalog|image catalog]] of the IBM i installation media supplied with the system. This can be useful if you need to install a licensed program at a later time. | ||
+ | # Install latest CUM/Group/Hiper/Security PTFs, preferably using [[Image_Catalog|image catalogs]] | ||
+ | # Configure Electronic Service Agent | ||
+ | ## Create a copy of the QSECOFR user and call it QESAADM | ||
+ | ## Change system value QRETSRVSEC to 1 | ||
+ | ## Logon as user QESAADM | ||
+ | ## Use WRKCNTINF to add contact information | ||
+ | ## Execute GO SERVICE to configure ESA | ||
+ | # Configure routine maintenance | ||
+ | ## Type GO DISKTASKS and add a weekly job for disk information gathering | ||
+ | ## Manually add a job to WRKJOBSCDE that runs STRPASPBAL weekly | ||
== Troubleshooting == | == Troubleshooting == | ||
+ | If the system hangs with a A900 2000, you either | ||
+ | did something wrong or IBM shipped the system with the wrong console | ||
+ | configuration. You will need to perform a [http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzajr/rzajrfunctions6521.htm Procedure 65+21] to recover. | ||
− | + | == Helpful Links == | |
− | + | ||
− | + | [http://en.wikipedia.org/wiki/BOOTP BOOTP] - The boot protocol for the operations console LAN port.<br/> | |
+ | [http://www.axel.com/faq2/faq_as400_e.html FAQ] - A simple FAQ covering some basic how-to and troubleshooting.<br/> | ||
+ | [http://www.common.org Common] - Get educated with a visit to a conference and learn tricks and tips!<br/> | ||
+ | [http://www.itjungle.com/tfh/tfh040802-story04.html QSECOFR Recover] - Recover your QSECOFR profile after lockout.<br/> | ||
+ | [http://martinri.freeshell.org/as400/as400-commands.html OS/400 Commands] - OS/400 Command List. Google search "IBM <command name>" to get details. | ||
+ | |||
+ | ==Categories== | ||
+ | [[Category:Quick Reference]] |
Latest revision as of 20:48, 16 April 2010
Contents
New To IBM i
If you are new to the IBM i platform by IBM, then please take a quick look at the New To iSeries topic. This will explain a few points of nomenclature and warnings about the system. Please take this step if you are new to the platform because there are many things different about this system.
Introduction
So you just got a new Power 520, and you don't know where to start?
A lot of things have changed, and with the current console options things aren't as simple anymore.
In this example, we'll assume that you have a machine that uses Operations Console LAN attached (vulgo: LAN console). This is usually specified when ordering the machine, so that IBM will preconfigure the machine correctly.
LAN console requires the machine to be on the same broadcast domain (hub/switch topology) in order to get initial configuration using BOOTP. It is a recommended best practice to do the initial LAN console configuration using a PC that is directly attached to the system. This will exclude several environmental factors from causing errors.
After initial configuration, the LAN console may be hosted on one or more PCs which can reach the SST IP address on your IBM i. It is heavily recommended to leave a preconfigured, single-purpose console PC right next to your system, so an IBM service representative has easy access to a console in case of a hardware fault.
Step by Step
Hardware & Console
Here's a general rundown of steps to be taken:
- Get the LAN Console PC into shape.
- Install System i Access V6R1, apply the latest service pack.
- Disable the Windows Firewall and any anti-virus firewalls - important for getting BOOTP working. It is a best practice to COMPLETELY turn off everything in your antivirus software (i.e. McAfee) because there is a lot more than just the firewall that will stop the BOOTP process from being allowed to communicate with Operations Console.
- Plan for ASMI
- If you have a DHCP server on your network, ensure that a network cable is attached to HMC Port 1 before powering on your system. This will ensure that the ASMI will obtain an IP address using DHCP.
- If not, manually configure an IP address for ASMI using a PC directly attached to HMC Port 1, which will listen to the IP address 169.254.2.147. On Power 5 systems, the default IP on HMC Port 1 is 192.168.2.147.
- Configure the PC for a static IP adress. Add an entry to the hosts file (i.e. C:\windows\system32\drivers\etc\hosts) that will be used for your IBM i T1 ethernet port communication. In the hosts file simply make up your own name and give it an IP address that you know is not in use. Then add the appropriate LAN console configuration and specify the name you created in the hosts file. Ensure that the serial number and partition number is entered correctly. If you do not have any partitions, enter "1" as the partition number (this is valid Power 5 and Power 6 systems)
- Attach the PC to the Ethernet Port 1 of the System. Not on the HMC ports, but on the first port of the GX+ card, labeled T1. Ensure the PC is directly connected to the system. The PC will not have link until after IBM i OS is being loaded, but make sure that the cable you have is working. Crossover cables are not needed.
- Start the LAN console connection
- Attach the UPS relay cable to the system. It should be attached to serial port number 2. Important: You will need an IBM supplied adapter cable here. Do not attach the UPS cable to the SPCN ports (where it fits without the adapter)
- Attach power to the system.
- As a best practice, attach each power supply to a different UPS. In smaller installations, attach one power supply to the UPS and the other to a protected power socket. This will protect against UPS failure.
- Attach both power supplies at the same time. Leaving one power supply unplugged may cause an SRC to be raised and the attention light to be lit
- Wait till the FSP has finished initialization (~2-5 minutes). This is indicated by the green power light blinking slowly.
- Logon to ASMI
- Either use the manually configured connection per the above step, or look into what IP address your DHCP server has distributed to the FSP.
- Logon using "admin" as both username and password.
- Immediately change the password and logon again. You should now see all ASMI options.
- Logout from ASMI
- Press the white power button
- When prompted on the LAN console PC, enter "11111111" as both username and password
- You should now see the logon prompt. Logon using QSECOFR/QSECOFR
- After ensuring that you can logon, enable the Windows Firewall again.
Initial IBM i OS configuration
- Upon first signing in with QSECOFR you will be presented with "Work with Software Agreements" screen. You can read the agreements and accept them.
- Ensure that the system sees the UPS using DSPMSG QSYSOPR. You should see message CPI0962 The uninterruptible power supply is now attached
- Change QUPSDLYTIM to something sensible. 300 seconds is a good start if you use the default 1.5kVA UPS and only the Power 520 and LAN console PC is attached to it.
- Now is a good time to change the DST/SST password.
- Switch the system into manual mode using the control panel (reference on how to do this?) and execute function 21.
- You should now see the DST logon prompt. Logon using QSECOFR/QSECOFR. If you disable the QSECOFR id you can reset it using command CHGDSTPWD PASSWORD(*DEFAULT).
- You will now need to immediately change your password.
- Reset the password of the QSRV user to a known value and ensure that it's password is not set to expired
- Log out from DST
- Ensure that the system is switched back to mode B Normal.
- Change the system name using CHGNETA
- Ensure that MDMCNTRYID is set correctly for your country, otherwise this will prevent them from working
- Configure TCP/IP using GO TCPADM
- Create an ethernet line description using WRKHDWRSC *CMN / 5 / 1. Use *AUTO/*AUTO (which is the default on V6R1) unless your networking department specifies special settings.
- Configure the IP address using CFGTCP / 1
- Configure the default route using CFGTCP / 2
- Use CHGTCPDMN to set HOSTNAME, DMNNAME according to whatever your network plan specifies. Set HOSTSCHPTY to *LOCAL. Set at least two (preferably internal) nameservers on INTNETADR.
- Create a host table entry for the HOSTNAME/DMNNAME you set in the previous step using CFGTCP / 10
- Change QCCSID, QLOCALE, QDECFMT, QTIMZON, QCTLSBS etc.
- Configure the NTP client using CHGNTPA.
- If you have Windows Domain Controllers in your network, these can serve as a NTP servers
- You can also use the NTP Pool
- Perform an IPL to ensure that the system runs in mode B Normal
- Wait until INZSYS has completed before proceeding. You will see a QSYSOPR message indicating the completion.
- Install all additionally needed license programs. As a best practice, create an image catalog of the IBM i installation media supplied with the system. This can be useful if you need to install a licensed program at a later time.
- Install latest CUM/Group/Hiper/Security PTFs, preferably using image catalogs
- Configure Electronic Service Agent
- Create a copy of the QSECOFR user and call it QESAADM
- Change system value QRETSRVSEC to 1
- Logon as user QESAADM
- Use WRKCNTINF to add contact information
- Execute GO SERVICE to configure ESA
- Configure routine maintenance
- Type GO DISKTASKS and add a weekly job for disk information gathering
- Manually add a job to WRKJOBSCDE that runs STRPASPBAL weekly
Troubleshooting
If the system hangs with a A900 2000, you either did something wrong or IBM shipped the system with the wrong console configuration. You will need to perform a Procedure 65+21 to recover.
Helpful Links
BOOTP - The boot protocol for the operations console LAN port.
FAQ - A simple FAQ covering some basic how-to and troubleshooting.
Common - Get educated with a visit to a conference and learn tricks and tips!
QSECOFR Recover - Recover your QSECOFR profile after lockout.
OS/400 Commands - OS/400 Command List. Google search "IBM <command name>" to get details.