aix:nim_server_install
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
aix:nim_server_install [2021/01/01 21:21] 127.0.0.1 external edit |
aix:nim_server_install [2024/08/19 19:32] (current) manu [Enable NIM over http] |
||
|---|---|---|---|
| Line 148: | Line 148: | ||
| </code> | </code> | ||
| + | |||
| + | ===== Enable NIM over http ===== | ||
| + | |||
| + | The HTTP protocol provides the following advantages for NIM management: | ||
| + | * All communication occur over a single HTTP port. Hence, the authorization through a firewall is easier to manage. | ||
| + | * AIX installation steps are driven from the client's end, that is, the target system of the installation. Therefore remote access is not required for running the commands. | ||
| + | * NIM or any other products that currently use the client-server model of NFS can easily use HTTP. | ||
| + | * Able to extend the end product to support additional protocols. | ||
| + | |||
| + | Enabling the nimhttp service on the NIM server | ||
| + | <cli prompt='#'> | ||
| + | # nimconfig -h | ||
| + | </cli> | ||
| + | |||
| + | **Note:** The crypto or ssl setting is automatically discovered. | ||
| + | |||
| + | An example of the default httpd.conf configuration file follows: | ||
| + | <cli prompt='>'> | ||
| + | > cat /httpd.conf | ||
| + | # | ||
| + | # | ||
| + | #http service defines | ||
| + | # | ||
| + | # | ||
| + | service.name=nimhttp | ||
| + | # Designates the service name used when discovering the listening port for requests (i.e., nimhttp) | ||
| + | # | ||
| + | service.log=/var/adm/ras/nimhttp.log | ||
| + | #Log of access attempts and equivalent responses. Also useful for debug purposes. | ||
| + | # | ||
| + | # service.proxy_port= | ||
| + | #Designates the service portnumber used when configured as a proxy. | ||
| + | # | ||
| + | #--------------------------------------------------------------- | ||
| + | # http configuration | ||
| + | #--------------------------------------------------------------- | ||
| + | # | ||
| + | document_root=/export/nim/ | ||
| + | #Designates the directory to serve files from. | ||
| + | # | ||
| + | enable_directory_listing=yes | ||
| + | #Allow requests for listing served files/directories under the document root. | ||
| + | # | ||
| + | enable_proxy=no | ||
| + | #Enable the webservice to act as a proxy server. | ||
| + | # | ||
| + | ssl.cert_authority=/ssl_nimsh/certs/root.pem | ||
| + | #Designates the file location of the certificate authority used for digital certificate signing. | ||
| + | # | ||
| + | ssl.pemfile=/ssl_nimsh/certs/server.pem | ||
| + | #Designates the file location of the PEM format file which contains both a certificate and private key. | ||
| + | # | ||
| + | </cli> | ||
| + | |||
| + | **document_root path** | ||
| + | |||
| + | Files that are not defined as resource locations can be accessed by using the HTTP protocol. These files must be located in the path setting of the document_root. The defined document_root path location cannot be modified when the nimhttp service is operational. | ||
| + | |||
| + | The document_root path might contain many directories. When you set the enable_directory_listing option, client requests can travel the document_root path. If the **enable_directory_listing** option is set to value of no, all files that are used during the installation must be located in the current working directory of the document_root path. | ||
| + | |||
| + | Disabling the nimhttp service on the NIM server | ||
| + | <cli prompt='#'> | ||
| + | # nimconfig -H | ||
| + | </cli> | ||
| + | |||
| + | The certificate authority and root Privacy Enhanced Mail (PEM) files used in the nimhttp service can be created by using the existing SSL management option in NIM. To create the ssl.cert_authority and ssl.pemfiles files that are used by the nimhttp service, run the following command on the NIM master: | ||
| + | <cli prompt='#'> | ||
| + | # nimconfig –c | ||
| + | </cli> | ||
| + | |||
| + | |||
| + | **Note:** You do not need to create the ssl.cert_authority and ssl.pemfiles files if these SSL files exist in the current directory. | ||
| + | |||
| + | To check whether the NIM master has been configured for SSL authority before starting the nimhttp service by using the SSL option, run the following command on the NIM master: | ||
| + | <cli prompt='#'> | ||
| + | # lsnim –a ssl_support | ||
| + | </cli> | ||
| + | |||
| + | == NIM resources that support HTTP access == | ||
| + | |||
| + | The following resources can access the http file by using the nimhttp service: | ||
| + | * file_res | ||
| + | * fix_bundle | ||
| + | * installp_bundle | ||
| + | * lpp_source | ||
| + | * script | ||
| + | |||
| + | Log file: | ||
| + | /var/adm/ras/nimhttp.log | ||
| + | | ||
| + | === Client command === | ||
| + | |||
| + | Use 3x - to specify and update using nimhttp | ||
| + | <cli prompt='#'> | ||
| + | nimclient –o cust –a lpp_source=<obj_name> ---a fixes=update_all | ||
| + | </cli> | ||
| + | |||
| + | https://www.ibm.com/docs/en/aix/7.2?topic=cnmcbir-using-nim-installing-aix-updates-new-packages-over-http-protocol | ||
| + | |||
| + | https://www.linkedin.com/pulse/yum-nimhttp-armin-schmidt | ||
| + | |||
aix/nim_server_install.1609532507.txt.gz · Last modified: 2021/01/01 21:21 by 127.0.0.1
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
