Technical Blog Post
Abstract
ITM Agent Insights: Upgrading back-level components with "tacmd updateFramework" or local silent installation with response file.
Body
This blog post is to provide a general procedure to update framework components using either a local silent install, or a remote deploy of components from TEMS depot that use "tacmd updateFramework".
Trying to use "INSTALL_FOR_PLATFORM=aix523" in a silent installation response file will NOT work, the silent installation will still default to the detected 64-bit operating system and install components for aix536 platform.
Depending on the order of install performed from various ITM / ITCAM images, different versions / platform-architecture of framework may be installed. These back-level components can result in systems being flagged during security scans due to older versions of AX or GS or JR components being installed.
This is often seen with DB2 monitoring agent (UD) on 64-bit AIX platform. For reference:
ITM Agent Insights: Installing ITCAM UD agent for DB2 monitoring installs back-level components
Based on the specifics of what is already installed in the environment, modify the general steps specific to update any or all of the various AX, GS, JR, UI components.
General steps:
1) Set the shell variable CH to the directory where ITM resides. Change "/opt/IBM/ITM" to the correct path.
CH=/opt/IBM/ITM2) Set the shell variable MEDIA to the directory where install.sh resides on the upacked installation media. Change "/mnt/ITM/06300600/Agents" to the correct path.
MEDIA=/mnt/ITM/06300600/Agents3) Determine the computed architecture for this system.
ARCH=`grep 'Architecture code:' $CH/logs/itm_install.trc | sort -u | cut -d: -f2 | tr -d ' '`
echo $ARCH4) Copy the tf$ARCH.txt file from the media to the /tmp directory.
cp $MEDIA/unix/tf$ARCH.txt /tmp5) Display the installed platforms for the components that can be updated by a local silent "tf" install or a remote tacmd updateframework command.
$CH/bin/cinfo -d | egrep -e '"ax"|"gs"|"jr"|"ui"'"ax","IBM Tivoli Monitoring Shared Libraries","aix523","06230500","100"
"ax","IBM Tivoli Monitoring Shared Libraries","aix526","06300600","100"
"ax","IBM Tivoli Monitoring Shared Libraries","aix536","06300600","100"
"gs","IBM GSKit Security Interface","aix523","07404700","100"
"gs","IBM GSKit Security Interface","aix526","08005036","100"
"jr","Tivoli Enterprise-supplied JRE","aix523","06120000","100"
"jr","Tivoli Enterprise-supplied JRE","aix526","07090100","100"
"ui","Tivoli Enterprise Services User Interface","aix523","06230500","100"
"ui","Tivoli Enterprise Services User Interface","aix526","06300600","100"
"ui","Tivoli Enterprise Services User Interface","aix536","06300600","100"6) Determine the component-platforms that you want to update.
Review the output from the above command.
Modify the file to ensure that there is an entry for each of the component-platforms that need to be updated and save it.
An updated file might look like the following based on the previous output:INSTALL_PRODUCT=tf
INSTALL_IGNORE_RUNNING_PROCESSES=YES
INSTALL_FRAMEWORK_ONLY=YES
INSTALL_FRAMEWORK_PACKAGE=axaix523
INSTALL_FRAMEWORK_PACKAGE=axaix526
INSTALL_FRAMEWORK_PACKAGE=axaix533
INSTALL_FRAMEWORK_PACKAGE=axaix536
INSTALL_FRAMEWORK_PACKAGE=jraix523
INSTALL_FRAMEWORK_PACKAGE=uiaix5237) You can use /tmp/tf$ARCH.txt to perform a local silent installation or you can put it into your TEMS depot (after doing tacmd addbundles for -t -tf without a platform)
8) Perform ONE of the following two options:
A) To perform a local silent installation using tf$ARCH.txt, run the following command.
$MEDIA/install.sh -h $CH -q -p /tmp/tf$ARCH.txtB) To perform a remote tacmd updateframework, run the following commands on the HUB TEMS system.
Set the shell variable CH to the directory where ITM resides. Change "/opt/IBM/ITM" to the correct path.
Set the shell variable MEDIA to the directory where install.sh resides on the unpacked installation media. Change "/mnt/ITM/06300600/Agents" to the correct path.
Set the shell variable ARCH to the same value that was generated on the endpoint. Change "aix536" to the correct value.
Respond to any prompts as required.
CH=/opt/IBM/ITM
MEDIA=/mnt/ITM/06300600/Agents
ARCH=aix536
$CH/bin/tacmd login -s localhost -t 1440
$CH/bin/tacmd addbundles -i $MEDIA/unix -t tf
DEPOTFILE=`find $CH/tables -name tf$ARCH.txt`
cp /tmp/tf$ARCH.txt $DEPOTFILE
$CH/bin/tacmd listsystems -t lz ux | egrep -e 'Managed System Name| Y *$'
Use one of the Managed System Names displayed for the -n on the following command. Change "NODE" to the correct value.
$CH/bin/tacmd updateframework -n NODE
Example showing local silent installation to uplift AX for aix523 platform:
# /opt/IBM/ITMUDFirst/bin/cinfo -i
*********** Fri Apr 14 19:21:33 CEST 2017 ******************
User: root Groups: system bin sys security cron audit lp tivgrp
Host name: nc106182 Installer Lvl:06.30.06.00
CandleHome: /opt/IBM/ITMUDFirst
***********************************************************
...Product inventory
ax IBM Tivoli Monitoring Shared Libraries
aix523 Version: 06.22.02.00
aix526 Version: 06.30.06.00
aix533 Version: 06.30.02.00
gs IBM GSKit Security Interface
aix523 Version: 08.00.50.05
aix526 Version: 08.00.50.36
jr Tivoli Enterprise-supplied JRE
aix523 Version: 07.04.02.00
aix526 Version: 07.09.01.00
ud IBM Tivoli Composite Application Manager Agent for DB2
aix523 Version: 07.10.00.00
aix526 Version: 07.10.00.00
ue Tivoli Enterprise Services User Interface Extensions
aix533 Version: 06.30.02.00
aix536 Version: 06.30.02.00
ui Tivoli Enterprise Services User Interface
aix526 Version: 06.30.06.00
ux Monitoring Agent for UNIX OS
aix526 Version: 06.30.06.00
1) CandleHome install is to /opt/IBM/ITMUDFirst directory
# CH=/opt/IBM/ITMUDFirst
2) CIQ3QML 6.3 FP2 base agents image is extracted to /opt/CIQ3QML_6.3FP2_Agents
# ls /opt/CIQ3QML_6.3FP2_Agents
AUTORUN.INF PrivateConfigSamples kcirunas.cfg silent_config.txt
Deploy README.TXT license silent_install.txt
DeployLnk.sh WINDOWS mibs system_monitor_agent
ITM_V6.3.0.2_AGT_MP_ML.tar i5OS non_ibm_license unix
InstallITM install.sh notices
# MEDIA=/opt/CIQ3QML_6.3FP2_Agents
3) Determine the computed architecture for this system.
# ARCH=`grep 'Architecture code:' $CH/logs/itm_install.trc | sort -u | cut -d: -f2 | tr -d ' '`
# echo $ARCH
aix536
4) Copy the tf$ARCH.txt file from the media to the /tmp directory.
# cp $MEDIA/unix/tf$ARCH.txt /tmp
# ls /tmp/tf*.txt
/tmp/tfaix536.txt
5) Display the installed platforms for the components that can be updated by a local silent "tf" install or a remote tacmd updateframework command.
# $CH/bin/cinfo -d | egrep -e '"ax"|"gs"|"jr"|"ui"'
"ax","IBM Tivoli Monitoring Shared Libraries","aix523","06220200","100"
"ax","IBM Tivoli Monitoring Shared Libraries","aix526","06300600","100"
"ax","IBM Tivoli Monitoring Shared Libraries","aix533","06300200","100"
"gs","IBM GSKit Security Interface","aix523","08005005","100"
"gs","IBM GSKit Security Interface","aix526","08005036","100"
"jr","Tivoli Enterprise-supplied JRE","aix523","07040200","100"
"jr","Tivoli Enterprise-supplied JRE","aix526","07090100","100"
"ui","Tivoli Enterprise Services User Interface","aix526","06300600","100"
6) From the output in step #5, determine the component-platforms that are back-level to update.
Modify the /tmp/tf$ARCH.txt file to add a "INSTALL_FRAMEWORK_PACKAGE=" line for each component to update:
In order to update the AX component for platform aix523, there needs to be a line to install the "axaix523" framework package:
INSTALL_PRODUCT=tf
INSTALL_IGNORE_RUNNING_PROCESSES=YES
INSTALL_FRAMEWORK_ONLY=YES
INSTALL_FRAMEWORK_PACKAGE=axaix523
Each component-platform you want to install / update for AX, GS, JR, UI should have its own INSTALL_FRAMEWORK_PACKAGE= line.
The install will only update the component if there is a higher version for it in the install image.
In this example, specifying to install "axaix526" will not install AX for "aix526" platform as the system is already running 6.3 FP6 level which is higher than the version in the 6.3 FP2 image extracted on the system.
7) Perform a local silent installation using /tmp/tf$ARCH.txt
# $MEDIA/install.sh -h $CH -q -p /tmp/tf$ARCH.txt
INSTALL
install.sh : installer level 630 / 100.
install.sh : running aix526 jre.
The following processes are currently running:
Product = Monitoring Agent for UNIX OS PID = 11927628
install.sh warning: Silent installation option to ignore running processes detected, continuing ...
CandleAgent : installer level 630 / 100.
CandleAgent : running aix526 jre.
Processing. Please wait...
Stopping Watchdog process...
Watchdog process was stopped.
Stopping Monitoring Agent for UNIX OS ...
Product Monitoring Agent for UNIX OS was stopped gracefully.
Agent stopped...
/opt/IBM/ITMUDFirst
install.sh : searching for product families; please wait.
install.sh : calculating available disk space.
install.sh : calculating available disk space.
install.sh : "7013316" kilobytes available; only "1000" kilobytes required for the package(s).
install.sh : OK to install.
KCI1362W IBM Tivoli Monitoring version 6.3 introduces a number of platform improvements which may require operating system updates.
It is important that you ensure this system meets these requirements prior to installing or updating your installation.
Please refer to the following technote for more information: http://www-01.ibm.com/support/docview.wss?uid=swg21623341
install.sh : installing products via silent mode.
Initializing ...
install.sh : processing base CI package.
install.sh : installer level 630 / 100.
install.sh : running aix526 jre.
install.sh : computed architecture = "aix536".
install.sh : processing JRE packages.
install.sh : About to check for installed JRE.
install.sh : calculating available disk space.
install.sh : calculating available disk space.
install.sh : "7013260" kilobytes available.
Use of silent installation mode implies license agreement acceptance. You can view the license file details in the /opt/IBM/I
TMUDFirst/LAP/license directory
install.sh : calculating available disk space.
install.sh : calculating available disk space.
install.sh : "7012076" kilobytes available; only "10000" kilobytes required for the package(s).
install.sh : OK to install.
Product packages are available in /opt/CIQ3QML_6.3FP2_Agents/unix
The following products are currently installed in "/opt/IBM/ITMUDFirst":
IBM GSKit Security Interface V08.00.50.05 @ AIX R5.2 (32 bit)/R6.1, R7.1 (32 bit)
IBM GSKit Security Interface V08.00.50.36 @ AIX R5.2 (64 bit)/R6.1, R7.1 (64 bit)
IBM Tivoli Composite Application Manager Agent for DB2 V07.10.00.00 @ AIX R5.2 (32 bit)/R6.1, R7.1 (32 bit)
IBM Tivoli Composite Application Manager Agent for DB2 V07.10.00.00 @ AIX R5.2 (64 bit)/R6.1, R7.1 (64 bit)
Monitoring Agent for UNIX OS V06.30.06.00 @ AIX R5.2 (64 bit)/R6.1, R7.1 (64 bit)
Tivoli Enterprise Services User Interface Extensions V06.30.02.00 @ AIX R6.1, R7.1 (32 bit)
Tivoli Enterprise Services User Interface Extensions V06.30.02.00 @ AIX R6.1, R7.1 (64 bit)
Tivoli Enterprise Services User Interface V06.30.06.00 @ AIX R5.2 (64 bit)/R6.1, R7.1 (64 bit)
Installing IBM Global Security Toolkit
... installing package "axaix523"; please wait.
=> installed package "axaix523".
... installing package "axaix536"; please wait.
=> installed package "axaix536".
INSTALL_FRAMEWORK_ONLY is set YES, tf upgrade finished
You may now configure any locally installed IBM Tivoli Monitoring product via the "/opt/IBM/ITMUDFirst/bin/itmcmd config
" command.
UpdateAutoRun.sh : installer level 630 / 100.
UpdateAutoRun.sh : running aix526 jre.
Automatic start at system initialization has been configured.
You must manually configure automatic stop at system shutdown. Create or modify /etc/rc.shutdown to invoke the command '
/etc/rc.itm8 stop'. Refer to AIX documentation for more information about /etc/rc.shutdown.
CandleAgent : installer level 630 / 100.
CandleAgent : running aix526 jre.
Processing. Please wait...
Starting Monitoring Agent for UNIX OS ...
Monitoring Agent for UNIX OS started
# $CH/bin/cinfo -i
*********** Fri Apr 14 19:59:29 CEST 2017 ******************
User: root Groups: system bin sys security cron audit lp tivgrp
Host name: nc106182 Installer Lvl:06.30.06.00
CandleHome: /opt/IBM/ITMUDFirst
***********************************************************
...Product inventory
ax IBM Tivoli Monitoring Shared Libraries
aix523 Version: 06.30.02.00
aix526 Version: 06.30.06.00
aix533 Version: 06.30.02.00
aix536 Version: 06.30.02.00
gs IBM GSKit Security Interface
aix523 Version: 08.00.50.05
aix526 Version: 08.00.50.36
jr Tivoli Enterprise-supplied JRE
aix523 Version: 07.04.02.00
aix526 Version: 07.09.01.00
ud IBM Tivoli Composite Application Manager Agent for DB2
aix523 Version: 07.10.00.00
aix526 Version: 07.10.00.00
ue Tivoli Enterprise Services User Interface Extensions
aix533 Version: 06.30.02.00
aix536 Version: 06.30.02.00
ui Tivoli Enterprise Services User Interface
aix526 Version: 06.30.06.00
ux Monitoring Agent for UNIX OS
aix526 Version: 06.30.06.00
Note that AX component for aix523 platform is upgrade. The installation also installed AX for aix536 platform, since that is what the 6.3 FP6 based common installer recognizes the OS architecture as (Step #3).
Example showing remote deployment that uses "tacmd updateFramework" with modified tf$ARCH.txt file in TEMS depot:
Do initial install to new CandleHome using CIN1CML image:
# /opt/IBM/79394/bin/cinfo -i
*********** Fri Apr 14 20:17:05 CEST 2017 ******************
User: root Groups: system bin sys security cron audit lp tivgrp
Host name: nc106182 Installer Lvl:06.23.03.00
CandleHome: /opt/IBM/79394
***********************************************************
...Product inventory
ax IBM Tivoli Monitoring Shared Libraries
aix523 Version: 06.22.02.00
aix526 Version: 06.22.02.00
gs IBM GSKit Security Interface
aix523 Version: 07.40.27.00
aix526 Version: 07.40.27.00
jr Tivoli Enterprise-supplied JRE
aix526 Version: 05.12.01.00
ud IBM Tivoli Composite Application Manager Agent for DB2
aix523 Version: 07.10.00.00
aix526 Version: 07.10.00.00
ui Tivoli Enterprise Services User Interface
aix526 Version: 06.22.02.00
This installs old back-level components that the DB2 image contains for AX, GS, JR components.
Verify contents of ITM remote deployment depot on HUB TEMS, and install the UX OS agent through remote deploy with "tacmd createNode" command.
c:\IBM\ITM>tacmd viewDepot -t UX
Product Code : ux
Version : 063006000
Description : Monitoring Agent for UNIX OS
Host Type : aix523
Host Version : aix523,aix533,aix613,aix713
Prerequisites: ci:063006000,ax:063006000,ui:063006000,jr:070901000,gs:080050036,la:010001000
Product Code : ux
Version : 063006000
Description : Monitoring Agent for UNIX OS
Host Type : aix526
Host Version : aix526,aix536,aix616,aix716
Prerequisites: ci:063006000,ax:063006000,ui:063006000,ax:063006000,jr:070901000,gs:080050036,la:010001000
c:\IBM\ITM>tacmd viewDepot -t TF
Product Code : tf
Version : 063006000
Description : Tivoli Enterprise Management Agent Framework Update
Host Type : aix523
Host Version : aix523
Prerequisites: ci:063006000,jr:070901000,gs:080050036,la:010001000
Product Code : tf
Version : 063006000
Description : Tivoli Enterprise Management Agent Framework Update
Host Type : aix526
Host Version : aix526
Prerequisites: ci:063006000,jr:070901000,gs:080050036,la:010001000
Product Code : tf
Version : 063006000
Description : Tivoli Enterprise Management Agent Framework Update
Host Type : aix533
Host Version : aix533
Prerequisites: ci:063006000,jr:070901000,gs:080050036,la:010001000
Product Code : tf
Version : 063006000
Description : Tivoli Enterprise Management Agent Framework Update
Host Type : aix536
Host Version : aix536
Prerequisites: ci:063006000,jr:070901000,gs:080050036,la:010001000
tacmd createnode -h 9.128.106.182 -u root -w *** -o TIMEOUT=10000
# /opt/IBM/79394/bin/cinfo -i
*********** Sat Apr 15 05:55:04 CEST 2017 ******************
User: root Groups: system bin sys security cron audit lp tivgrp
Host name: nc106182 Installer Lvl:06.30.06.00
CandleHome: /opt/IBM/79394
***********************************************************
...Product inventory
ax IBM Tivoli Monitoring Shared Libraries
aix523 Version: 06.22.02.00
aix526 Version: 06.30.06.00
gs IBM GSKit Security Interface
aix523 Version: 07.40.27.00
aix526 Version: 08.00.50.36
jr Tivoli Enterprise-supplied JRE
aix526 Version: 07.09.01.00
ud IBM Tivoli Composite Application Manager Agent for DB2
aix523 Version: 07.10.00.00
aix526 Version: 07.10.00.00
ui Tivoli Enterprise Services User Interface
aix526 Version: 06.30.06.00
ux Monitoring Agent for UNIX OS
aix526 Version: 06.30.06.00
Note the "UI" was already updated for aix526 platform as a prerequisite of the UNIX OS agent on the "tacmd createNode"
If necessary to update "UI" for aix523 platform, it can be updated by making an entry for "uiaix523" in the tf$ARCH.txt file.
The general instructions make the assumption the TEMS is on UNIX / Linux to be able to use "find" to locate the correct tf*.txt file to update.
For a TEMS on Windows platforms, manually copy the modified tf$ARCH.txt to the correct location in TEMS depot.
You must identify the platform architecture for the endpoint which will be updated with the "tacmd updateFramework" command, step #3.
The platform architecture on the endpoint in this example is aix536, and the file in TEMS depot to be updated would be tfaix536.txt file.
For Windows based TEMS, the depot has a different directory structure than on UNIX / Linux:
On UNIX / Linux TEMS, you would look under <CandleHome>/tables directory.
On Windows TEMS, you would look under <CandleHome>\CMS\depot\PACKAGES\<platform architecture>\k<pc>\<version>\unix directory
So for "aix536" platform architecture, for "TF" component, and the version of package in the depot is 6.3 FP6, the directory to the tfaix536.txt file is:
C:\IBM\ITM\CMS\depot\PACKAGES\aix536\ktf\063006000\unix
Contents of the tf$ARCH.txt file in TEMS depot after modification:
INSTALL_PRODUCT=tf
INSTALL_IGNORE_RUNNING_PROCESSES=YES
INSTALL_FRAMEWORK_ONLY=YES
INSTALL_FRAMEWORK_PACKAGE=axaix523
INSTALL_FRAMEWORK_PACKAGE=axaix526
INSTALL_FRAMEWORK_PACKAGE=axaix533
INSTALL_FRAMEWORK_PACKAGE=axaix536
INSTALL_FRAMEWORK_PACKAGE=gsaix523
The "axaix523" line is already included, but to update the GS component as well requires adding the line in blue to upgrade GS package for aix523 architecture.
Determine the node to run the "tacmd updateFramework" against:
tacmd listSystems -t UX
Managed System Name Product Code Version Status
nc106182:KUX UX 06.30.06.00 Y
tacmd updateFramework -n nc106182:KUX
C:\Users\Administrator>tacmd updateFramework -n nc106182:KUX
KUICUF008I: Are you sure you want to update the TEMA Framework on node nc106182:KUX to the latest version? Updating the TEMA Framework stops all agents on the node that are running, applies the changes, and restarts them.
Enter Y for yes or N for no: y
KUICUF011I: Updating the agents.
KUICUF027I: The operation has been successfully queued for deployment, the transaction id is 1492231429875000000000041, use the getDeployStatus CLI to view the status.
C:\Users\Administrator>tacmd getDeploystatus
Transaction ID : 1492231429875000000000041
Command : UPDATE
Status : SUCCESS
Retries : 0
TEMS Name : HUB_NC9053114043
Target Hostname: nc106182:KUX
Platform : aix536
Product : tf
Version : 063006000
Error Message : KDY0028I: Request completed successfully. Deployment request was processed successfully and is now completed.
[root@NC106182]:\ # /opt/IBM/79394/bin/cinfo -i
*********** Sat Apr 15 07:23:15 CEST 2017 ******************
User: root Groups: system bin sys security cron audit lp tivgrp
Host name: nc106182 Installer Lvl:06.30.06.00
CandleHome: /opt/IBM/79394
***********************************************************
...Product inventory
ax IBM Tivoli Monitoring Shared Libraries
aix523 Version: 06.30.06.00
aix526 Version: 06.30.06.00
aix533 Version: 06.30.06.00
aix536 Version: 06.30.06.00
gs IBM GSKit Security Interface
aix523 Version: 08.00.50.36
aix526 Version: 08.00.50.36
jr Tivoli Enterprise-supplied JRE
aix526 Version: 07.09.01.00
ud IBM Tivoli Composite Application Manager Agent for DB2
aix523 Version: 07.10.00.00
aix526 Version: 07.10.00.00
ui Tivoli Enterprise Services User Interface
aix526 Version: 06.30.06.00
ux Monitoring Agent for UNIX OS
aix526 Version: 06.30.06.00
Note that both AX and GS components for aix523 platform are updated to current levels.
With these steps, it should be possible to force the upgrade of AX, GS, JR, UI for any specific platform as long as you either have a copy of the ITM base agent image extracted on the endpoint to perform a local silent installation using a modified response file including a separate INSTALL_FRAMEWORK_PACKAGE= for each component-platform you want to update, or you have added the TF bundle to your TEMS depot and you modify the tf<arch>.txt file under the TF bundle in the depot to add INSTALL_FRAMEWORK_PACKAGE= entries for those AX, GS, JR, UI component-platform you want to upgrade on an endpoint by performing a "tacmd updateFramework" using the modified tf<arch>.txt file.
Keywords:
drd401709 5608A41CI 1661263 common installer CI
More ITM Agent Insights series of IBM Tivoli Monitoring Agent blogs are indexed under ITM Agent Insights: Introduction.
UID
ibm11082997