===== DSH Howto =====

DSH is an IBM tool to run parallel commands on all servers defined in a file collection. It's include in **AIX package dsm.dsh**\\
If you want to use IBM dsh or dcp, you have to set some variables into you .profile\\
By default dsh use Rcommands, and the name as resolved on you machine, /etc/hosts if available, else DNS
<code>
DSH_NODE_LIST=~root/DSH_NODE_LIST
DSH_NODE_RSH=/usr/bin/ssh
DSH_NODE_RCP=/usr/bin/scp
DCP_NODE_RCP=/usr/bin/scp
export DSH_NODE_LIST DSH_NODE_RSH DSH_NODE_RCP DCP_NODE_RCP
</code>

//Other options: ex -q suppress banner//
  Ex: export DSH_NODE_OPTS="-q -o BatchMode=yes"


To list all DSH variables:
<cli prompt='#'>
dsh_srv:root[/home/root]# dsh -q
DSH:DCP_DEVICE_OPTS=
DSH:DCP_DEVICE_RCP=
DSH:DCP_NODE_OPTS=
DSH:DCP_NODE_RCP=/usr/bin/scp
DSH:DSH_CONTEXT=
DSH:DSH_DEVICE_LIST=
DSH:DSH_DEVICE_OPTS=
DSH:DSH_DEVICE_RCP=
DSH:DSH_DEVICE_RSH=
DSH:DSH_ENVIRONMENT=
DSH:DSH_FANOUT=
DSH:DSH_LOG=
DSH:DSH_NODEGROUP_PATH=
DSH:DSH_NODE_LIST=/root/.dsh/nodelist
DSH:DSH_NODE_OPTS=
DSH:DSH_NODE_RCP=/usr/bin/scp
DSH:DSH_NODE_RSH=/usr/bin/ssh
DSH:DSH_OUTPUT=
DSH:DSH_PATH=
DSH:DSH_REPORT=
DSH:DSH_SYNTAX=
DSH:DSH_TIMEOUT=
DSH:RSYNC_RSH=
</cli>

To use an alternate ssh port on clients with dsh, set export DSH_REMOTE_OPTS=-p6666

If you want a automatic update of your DSH_NODE_LIST file use the script below **/root/scripts/dconsupd.ksh**


**On AIX 7.1TL2-SP2, check NIM hosts**

**1° solution:** 
<code>
root@nim1 : / # dsh -waixlpar1 date
0042-053 lsnim: there is no NIM object named "aixlpar1"
The node aixlpar1 is not defined in NIM database.

aixlpar1: Mon Aug  4 14:01:57 EET 2014
</code>
Just export DSH_CONTEXT=DSH variable

**2° solution:**
On the latest update of dsh, you can disable the NIM host check into dsh:\\
Replace into the file **/opt/ibm/sysmgt/dsm/pm/DSHCLI.pm**\\
                if ( -e '/opt/ibm/sysmgt/dsm/pm/Context/NIM.pm' ) {
by:
<code>
# Modified by Manu
                if ( ! -e '/opt/ibm/sysmgt/dsm/pm/Context/NIM.pm' ) {
</code>

===== Dconsole =====

Dconsole is an utility that allows to open a terminal console for all LPARs defined on an HMC or IVM from one central server, for example a NIM server.**AIX package dsm.core**

**Exit console**: use CTRL+x

Open a console from an AIX host (for example NIM server) to an LPAR through the HMC:
<code>
dconsole -t -n <host>
</code>

I use a little script **dscons** which list all available LPARs if no argument is used
<cli prompt='#'>      
root@nim - /root/scripts # cat /root/scripts/dcons
</cli>
<code>
#!/bin/ksh93
#set -x
#@(#) Open a console on an LPAR through the HMC
# try : what *
########################################################################
# verion 1.0 18-11-2015 Manu

dir=`dirname $0`
. $dir/.env

DCONSOLE_NODE_LIST=/etc/ibm/sysmgt/dsm/nodeinfo

#############################################
# function usage
usage()
{
echo "Usage: "$0" <LPAR_name> "
echo "Enter the LPAR name after the dcons command"
awk 'FS="|" {print $1}' $DCONSOLE_NODE_LIST | sort
exit 1
}

#############################################
# Main
if [ $# -eq 0 ]
then
  usage
else
  dconsole -t -n $1
fi
</code>

**Here is a script to rebuild automatically dsh_node_list and file for dconsole:**
http://emmanuel.iffly.free.fr/doku.php?id=aix:nim_dsh_dconsole

==== Additionnal info to register HMC password ====

<code>
The VMControl code that runs on the NIM master tries several commands on the user's behalf to get this to work.

If you've gotten to this part of the troubleshooting guide, VMControl is not able to get it to work because of some environment issue that's affecting your system. You can try to run the commands yourself and debug the environment issue.

1. This command is run to generate a password file:\\
/opt/ibm/sysmgt/dsm/bin/dpasswd -o -f /etc/ibm/sysmgt/dsm/config/passwd_userid_IPADDRESS_WITH_UNDER_BARS -U userid -P password
where:

      userid is the user ID for your HMC/IVM
      IPADDRESS_WITH_UNDER_BARS- is the IP address of the HMC/IVM with the periods replaced with under bars- for example 192.168.0.30 becomes 192_168_0_30
      password - is the password for the userID for your HMC/IVM

The exact command that VMControl is running on your system (without the password parameter) can be found in your NIM master's Common Agent trace log (/opt/ibm/director/agent/logs/trace-log-0.xml).

2. Check keys files:

If either of the files /.ssh/id_rsa and /.ssh/id_rsa.pub exist and are zero length, remove both files:
rm -rf /.ssh/id_rsa /.ssh/id_rsa.pub

If either of the files /.ssh/id_dsa and /.ssh/id_dsa.pub exist and are zero length, remove both files:
rm -rf /.ssh/id_dsa /.ssh/id_dsa.pub

3. The next command that's run is the dkeyexch command.  This command exchanges SSH keys between the NIM master and the HMC/IVM.

/opt/ibm/sysmgt/dsm/bin/dkeyexch -z -f /etc/ibm/sysmgt/dsm/config/passwd_hscroot_192_168_0_30 -I hmc -H 192.168.0.30

Where -f specifies the password file you generated.  The -I hmc signifies it's to an HMC (replace with 'ivm') if you're going to an IVM, and the -H  specifies the IP address.  Again, the exact command that VMControl is running on your system can be found in your NIM master's Common Agent trace log (/opt/ibm/director/agent/logs/trace-log-0.xml).

4. Lastly, try the SSH command again:
/usr/bin/ssh hscroot@192.168.0.30 "ls" or /usr/bin/ssh hscroot@yourhost.yourdomain.com "ls"

If the command runs without error the communication should be ready for use in VMControl.

When these steps fail they'll usually fail on step number 3, but the underlying cause is usually that dkeyexch is having trouble running SSH, so the most useful error messages will come out of trying to run the SSH command and trying to debug from there.

If the SSH command fails with a message like this:

Warning: Permanently added 'yourHostName.yourDomain.com' (RSA) to the list of known hosts. 
Permission denied, please try again.
Received disconnect from 192.168.0.5: 2: Too many authentication failures for hscroot

This can be caused by APAR IV08171 http://www-304.ibm.com/support/docview.wss?uid=isg1IV08171 if either your /.ssh/id_rsa.pub or /.ssh/id_dsa.pub files on the NIM master contain the slash '/' character.

You need to install the fix for the APAR. If you cannot install the fix you can manually work around the issue by manually exchanging the keys on the HMC/IVM.
To manually exchange the keys on the HMC/IVM, log into the HMC/IVM with your user ID.
Run the mkauthkeys -a command with the contents of both the /.ssh/id_rsa.pub and /.ssh/id_dsa.pub public key files like this:

mkauthkeys -a "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl6RyOPKb3CoqNL6NkFnGhtOMPCMsA3fFaTc2l2hYLVLm6nDzg0nAQvV/Vumpq6Xt9U4jWf9qS9fWRs0xFDOOglGMM+H5TL+nHnAwtuPUosxXGIQq+JnlZv7mHfmI1HTPGwYqJ2DNm99yXGoWxuV9H9BHcgk46YgzkoVPXs8fqiTazVESMPpe8A+UqVX1ypXEwFkLHO8rLt/AYXpjpjKwQJTruhjtcYpUxs34kdsCZtjzqUCv0yRJBhT9EtlIDKi7/QMHW7lVOhgXhOBoqAa1FKnhAP4yN3ACEEMxP5bH4CdUrzgT1+6LXr1JFr2xv8LWjNpxaUa7OgADRzFypV+W1 root@mynimmaster.domain.com"

mkauthkeys -a "ssh-dss AAAAB3NzaC1kc3MAAACBAOW4PFUHJ0hyG77Ih26JUablCZ4UjVvfel5NUqWWYUQys7rwbq4h1hgoIcK+EYoptIqYsPokdBjvBx7ZMBzWJPekgXd8omR/qI/Pbr5TJMO1oBQ+WfqQodKuaapVYva1Pfs49AeemV/QYFz5+YiGcg5SMmfXpxstEqVQr/mMiTetAAAAFQC2v1vrYUyCONV54LMBg2c3JVrVIQAAAIAKGuissPybByndgdieLttl7jQ1Uj4+6NgoB4UBmsvByZS/QD2JK1H6qu+GIvs3V3fNCocK2ktVleHLXsduybaz29n4lh+7gxbcw9uLzxrz7LWzCaC3krPq2A7ltGvHaUWFXqvrOqH3WByEh50yD7KSEx13B3dCQq8b2qm3fffRsQAAAIEA5O67aSbP7kfiWLC0zqP0z7IDGBolOG3kFzUjH1a7ATD0yJCdBA8X5/eNZ3PdbAMFUeM/DUB2LOxO+o5HD+nzFRwL7OtYrVKFyZBww+ERssZB/XHEu4kc/NZqyUY/YDwkYv4s5p2HF9iR2qXJxVdt7LjFVCZY7SRZvZspQ6tullk= root@mynimmaster.domain.com"

After this key exchange you can attempt the /usr/bin/ssh hscroot@192.168.0.30 "ls" between the NIM master and HMC/IVM again.

</code>