AIX SUMA in 2018The AIX Service Update Management Assistant (SUMA), has been available to administrators since the heady days of AIX 5.3, in 2004. It’s now 2018 and SUMA is still here, ready and willing to help administrator’s move “away from the manual task of retrieving maintenance updates from the Web”.
I’ve found the following (old) document (from 2011) to be a great SUMA reference. I highly recommend reading it, particularly if you are new to SUMA and want to get started using the tool, quickly.
Best Practices: Managing AIX Updates using SUMA, NIM, and AIX Service Tools http
“SUMA provides customers with flexible, task-based options allowing them to perform unattended downloads of AIX software updates from the IBM Support Web site, thereby allowing customers to move toward an automatic maintenance strategy which helps reduce the time spent on system administration”.
Another excellent (and very recent) write up on SUMA is available here: http
If you’re not currently using SUMA to download AIX fixes (from IBM’s Fix Central website), then the first thing you should do, is verify that your AIX system can access the Fix Central servers on the Internet.
Note: Many admin’s choose to run SUMA (suma) from their NIM master. This is a logical location, from which to run suma, as once the fixes have been downloaded, they can be distributed to NIM clients.
To verify that suma can get through your firewall to the IBM fix servers, run the following command (from the AIX system where you want to download the fixes):
# /usr Performing Connectivity Verification Test success Edge success Edge success Edge success Edge success Edge success Edge success Edge success Edge success Edge success Edge success Edge success Edge 12 successes 0 failures Connectivity Verification Test Results: succeeded
If these tests fail, then you may need to work with your network security team to determine why you are unable to access these servers.
The verifyConnectivity command is delivered with the bos.esagent fileset. The command has a bunch of options, which you can use to help troubleshoot connectivity issues to the IBM fix servers.
# lslpp -w /usr File ---- /usr
# /usr This command performs a connectivity verification test for programs that use IBM Electronic Customer Care. By default, all connectivity points exercised by ECC on behalf of the programs are tested.
verifyConnectivity -t [-b] [-q] [-f specfile] [-w] verify connectivity to connect points
verifyConnectivity -l [-f specfile] [-w] display connect point aliases
verifyConnectivity -p [-f specfile] [-w] display connect point details (ip, hostname, port, protocol)
verifyConnectivity verifyConnectivity -h verifyConnectivity -? display this message
-h : this (help) message -? : this (help) message -l : list connect point aliases -p : list connect point details (ip, hostname, port, protocol) -t : perform the connectivity test -b : list only test failures and summary messages -q : disable console mode -f : use a filter file to limit connect points -w : use a comprehensive list of connect points (recommended with -f)
I usually like to download my fixes to a specific location with suma. So I typically modify the download to suit, as follows.
# suma -D -a DLTa # suma -D DisplayName= Action=Download RqType=Latest RqName= Repeats=y DLTa NotifyEmail=root Filt FilterML= MaxDLSize=-1 Extend=y MaxFSSize=-1
There’s a known bug with recent AIX levels that can prevent suma from running successfully. If you hit this problem, contact IBM AIX support and request and ifix for this problem (APAR IJ06197)
# suma -x -a RqType=SP -a Action=Download -a FilterML=7200-02 -a RqNa Partition id was unassigned; will attempt to assign it. Partition id assigned value 22 Exception in thread "main" java at ECCW at ECCW 0500-012 An error occurred attempting to download.
IJ06197: SUMA MAY CAUSE A NULL http
If yo need help from IBM support, with a SUMA specific issue, please refer to the following Technote for information on debugging and troubleshooting SUMA related issues.
Getting assistance for SUMA errors through AIX Support http
Recently, I wanted to download the latest fixes for AIX 7.2 TL2, so I ran the following command to preview the list of latest available fixes. SP2 was the latest available for download.
# suma -x -a Action=Preview -a RqType=Latest -a FilterML=7200-02
**** Performing preview download. ****
Partition id was unassigned; will attempt to assign it. Partition id assigned value 22 Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr …etc…
I did the same (preview) for AIX 7.1 TL5 and found that SP2 was the latest available for download.
# suma -x -a Action=Preview -a RqType=Latest -a FilterML=7100-05
**** Performing preview download. **** Partition id was unassigned; will attempt to assign it. Partition id assigned value 22 Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr Download SUCCEEDED: /usr …etc… Then I went ahead and downloaded SP2 for 7200-02.
# suma -x -a RqType=SP -a Action=Download -a FilterML=7200-02 -a RqNa Partition id was unassigned; will attempt to assign it. Partition id assigned value 22 Download SUCCEEDED: /nim Download SUCCEEDED: /nim Download SUCCEEDED: /nim Download SUCCEEDED: /nim …etc…
With the imminent release of AIX 7.2 TL3, I was patiently waiting for the fixes to become available.
# suma -x -a Action=Preview -a RqType=Latest -a FilterML=7200-03
**** Performing preview download. **** Partition id was unassigned; will attempt to assign it. Partition id assigned value 22 0500-035 No fixes match your query.
Then, September 22nd, they were up on the Fix Central site. So, I downloaded them immediately.
# mkdir -p /nim # suma -x -a RqType=SP -a Action=Download -a FilterML=7200-03 -a RqNa Partition id was unassigned; will attempt to assign it. Partition id assigned value 22 Download SUCCEEDED: /nim Download SUCCEEDED: /nim Download SUCCEEDED: /nim Download SUCCEEDED: /nim Download SUCCEEDED: /nim Download SUCCEEDED: /nim Download SUCCEEDED: /nim ...etc… Download SUCCEEDED: /nim Total bytes of updates downloaded: 5654346752 Summary: 992 downloaded 0 failed 0 skipped
There’s a handy little script, which you can grab here: http
# /nim Sat Sep 22 02:16:07 AEST 2018: AIX TL 7200-03: is AVAILABLE for DOWNLOAD. Sat Sep 22 02:16:07 AEST 2018: AIX SP 7200-03-01: is AVAILABLE for DOWNLOAD. Sat Sep 22 02:16:07 AEST 2018: AIX SP 7200-02-03: is NOT available for download. Sat Sep 22 02:16:07 AEST 2018: AIX SP 7100-05-03: is AVAILABLE for DOWNLOAD.
I observed that, whilst suma was running, there were several connections to the external IBM fix servers (visible with lsof). The java process (below) is called by suma to manage the download process(es).
# lsof -i tcp COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME …etc… java 11928000 root 96u IPv6 0xf1000f000346e3b8 0t825707 TCP nim1 java 11928000 root 103u IPv6 0xf1 java 11928000 root 104u IPv6 0xf1 java 11928000 root 108u IPv6 0xf1 java 11928000 root 110u IPv6 0xf1 java 11928000 root 112u IPv6 0xf1 java 11928000 root 114u IPv6 0xf1 java 11928000 root 115u IPv6 0xf1 java 11928000 root 117u IPv6 0xf1
# ps wwwwww | grep 11928000 11928000 pts/0 A 0:12 /usr
Note: Make sure you are entitled to download fixes from Fix Central before you start. You must have a valid, up to date, paid for, hardware and software maintenance agreement in place, with IBM. If you attempt to download fixes from a system that is not currently entitled, then suma will report the following message:
# suma -x -a RqType=SP -a Action=Download -a FilterML=7200-03 -a RqNa Platform Extension: information for proxy SAS not found in repository Partition id was unassigned; will attempt to assign it. Partition id assigned value 48 Storing auth proxy creds for SAS successfully stored auth proxy creds for SAS Storing auth proxy creds for PROFILE_URIS_LENGTH successfully stored auth proxy creds for PROFILE_URIS_LENGTH Storing auth proxy creds for PROFILE_URI_0 successfully stored auth proxy creds for PROFILE_URI_0 0500-059 Entitlement is required to download. The system's serial number is not entitled. Please go to the Fix Central website to download fixes.
Unfortunately, many administrators are unable to take advantage of suma, because their network security teams will not provide them the necessary firewall rules to access the external (Internet) servers. This is a shame, as having the ability to either automatically or “on-demand” download fixes, directly to your AIX system is fast and efficient and makes the AIX admin’s job a whole lot easier!
|