- 论坛徽章:
- 0
|
第一步做啥呢,呵,肯定是登陆到NIM SERVER再说了,需要安装的是一个LPAR,裸机,哈。
环境介绍一下吧,这次我是想将一个670上的系统通过nim mksysb的方式,安装到570的一个LPAR上面,磁带机? 磁带? sorry,这些东西咱都不需要,但网络上必须通,至于怎么通的,请咨询网络工程师。
670 要添加到NIM SERVER中,创建一个NIM CLIENT
570的那个LPAR,也要在NIM SERVER上首先创建一个NIM CLIENT
/etc/hosts 中,都写好 (写啥就不说了)
第一步: 在NIM SERVER中添加670的NIM CLIENT
smitty nim
- > Perform NIM Administration Tasks
-> Manage Machines
-> Manage Machines
Define a Machine
Type or select a value for the entry field.
Press Enter AFTER making all desired changes.
[Entry Fields]
* Host Name of Machine [loveunix] -> 这个是670的hostname , /etc/hosts中也要有所定义
(Primary Network Install Interface)
第二步: 开始直接创建mksysb 的image resource
smitty nim_mkres
resource type 选择 mksysb = a mksysb image
Define a Resource
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[TOP] [Entry Fields]
* Resource Name [loveunix_mksysb_res]
* Resource Type mksysb
* Server of Resource [master] +
* Location of Resource [/export/spot/mksysb/loveunix.mksysb] /
Comments []
Source for Replication [] +
-OR-
System Backup Image Creation Options:
CREATE system backup image? yes +
NIM CLIENT to backup [loveunix] +
PREVIEW only? no +
IGNORE space requirements? no +
EXPAND /tmp if needed? no +
Create MAP files? no +
Backup extended attributes? yes +
COMMAND STATUS
Command: running stdout: yes stderr: no
Before command completion, additional instructions may appear below.
+---------------------------------------------------------------------+
System Backup Image Space Information
(Sizes are displayed in 1024-byte blocks.)
+---------------------------------------------------------------------+
Required = 10169413 (9932 MB) Available = 25653008 (25052 MB)
Creating information file (/image.data) for rootvg.
Creating list of files to back up.
OK , 开始mksysb 到远程的Nim server 同时创建好该mksysb resource ,该过程时间较长,请耐心等待 。
创建完了
[Nim-srv]/etc#lsnim -l loveunix
ibpapp2:
class = resources
type = mksysb
arch = power
Rstate = ready for use
prev_state = unavailable for use
location = /export/spot/mksysb/loveunix.mksysb
version = 5
release = 3
mod = 0
oslevel_r = 5300-05
alloc_count = 0
server = master
第三步: 给所要安装的机器,在NIM SERVER中,添加该client , 例如名字为aix
方法如第一步中所示。
第四步:根据该mksysb resource,创建所对应的SPOT,从而引导所需要安装的nim client
smitty nim_mkres , 类型选择SPOT
Define a Resource
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* Resource Name [aix_spot]
* Resource Type spot
* Server of Resource [master] +
* Source of Install Images [aix] +
* Location of Resource [/export/spot/] /
Expand file systems if space needed? yes +
Comments []
installp Flags
COMMIT software updates? no +
SAVE replaced files? yes +
AUTOMATICALLY install requisite software? yes +
OVERWRITE same or newer versions? no +
VERIFY install and check file sizes? no +
该步骤时间较长,继续耐心等待
COMMAND STATUS
Command: running stdout: yes stderr: no
Before command completion, additional instructions may appear below.
Creating SPOT in "/export/spot/" on machine "master" from "ibpapp2" ...
Restoring files from BOS image. This may take several minutes ...
从nmon来看
lqDisk-I/O-StatisticsqKBytes/second (K=1024)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
xDisk Busy Read Write 0----------25-----------50------------75--------100 x
x Name KB/s KB/s | | | | | x
xhdisk1 0% 0 0|> | x
xhdisk0 100% 1785 0|RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR>
等吧。
第五步 : 开始安装了
smitty nim_bosinst
-> aix (选择要安装的NIM CLIENT,目前该机器还是裸机)
-> mksysb - Install from a mksysb
-> ibpapp2 resources mksysb (i Select the MKSYSB to use for the installation )
-> 选择之前定义的mksysb resource
-> 选择和该mksysb对应的SPOT
在后面生成的菜单中,选择 ACCEPT new license agreements? [yes]
之后,给570的那个LPAR power on , 然后在IPL中,设置network boot 相关的network config,设置该client的地址,Nim server的地址,然后做Ping test ,然后选择引导的网卡,就可以启动安装了
之后的过程,就和用本地磁带引导恢复安装一样的。
第六步: 总结
回顾整个过程,有一些技术细节,例如如果做了安全的设置,禁用了rsh \ tftp \ nfs \ bootps 等,NIM的实施将不会成功 ,对于真实的企业IT环境,存在防火墙的情况,请参考如下:
Firewall Considerations
NIM makes use of several protocols which are generally considered risky
services on firewall machines. It is recommended that users who desire
firewall protection within their NIM environment follow a few rules:
1. The NFS program usually runs at port 2049 which is outside of the
privileged port space. Normally, access to portmapper (port 111) is
needed to find which port this service runs on, but since most
installations run NFS on this port, hackers can bypass NFS and try this
port directly. NFS was designed as a LAN service and contains numerous
security vulnerabilities when used over the Internet. NFS services
should not be run on firewall machines; if a NIM master resides on a
firewall machine, then resources should reside on another client -
clients may also be used as resource servers in a NIM environment.
2. If possible, TFTP servers should not be placed on firewall machines
since no authentication is needed when requesting service. The TFTP
protocol does allow for denying access based on entries contained in
/etc/tftpaccess.ctl. NIM manages access to files in /tftpboot only; so
all other directory locations should be off limits. When managed
properly, TFTP access can be viewed as acceptable in the NIM
environment.
3. Since rsh is the standard method of client control, clients
participating in the NIM environment must allow shell service (514) or
enable Kerberos in the NIM environment per client. In order to reduce
the amount of open ports in the NIM environment, the following rules may
be applied:
* For every NIM communication using rsh, leave five (5) ports open
starting at 1023 and decrementing from there. So if a client is
communicating in the NIM environment, the client should leave open ports
(1023-1019) and the master should leave open ports (1023-1019). This is
an estimate and may not work in all environments since other services
may call rreservport() prior to, or during, NIM operations. When
monitored, this approach should work fine in small environments since
access to ports in the privileged space are restricted to super-user
access only.
* Users may also add secondary interfaces for each client participating
in the NIM environment. The additional interfaces should be packet
filtered
* When NIM clients no longer participate in the NIM environment, or are
temporarily removed from the NIM environment, users should disable rsh
services on client machines by removing /.rhosts and/or removing rshd
service. |
|
免费注册
发表于 2007-12-15 17:29