HMC viosvrcmd fails with HSCL2970

Troubleshooting

Problem

Using viosvrcmd in an attempt to run commands in the VIOS oem_setup_env shell fails with error HSCL2970 when issued from HMC 8.8.5 and later.

Symptom

Example:

hscroot@<HMC_hostname>:~> command='printf "oem_setup_env\nls -l /etc/utmp"'
hscroot@<HMC_hostname>:~> viosvrcmd -m <Managed_Server_Name> -p <VIOS_Name> -c "$command"
HSCL2970 The IOServer command has failed because of the following reason: ioscli printf "oem_setup_env\nls -l /etc/utmp" contains illegal data: printf .

Attempting to run in the padmin shell also fails (as it would if logged-in to the VIOS as padmin directly):

hscroot@<HMC_hostname>:~> command='ls -l /etc/utmp'
hscroot@<HMC_hostname>:~> viosvrcmd -m <Managed_Server_Name> -p <VIOS_Name> -c "$command"
HSCL2970 The IOServer command has failed because of the following reason:
Not a valid command: ls -l /etc/utmp

rc=1

Cause

While it was possible to run commands effectively routed to the oem_setup_env shell in earlier versions, it was seen as a security exposure and limitations were imposed.

The --admin flag was introduced from HMC version 8.5.0 and later, which allows (some) commands to be run directly as root on the VIOS instead.

Environment

HMC V8R8.5.0.0 and later with PowerVM® partitions at any level.

Diagnosing The Problem

Check HMC version with "lshmc -V"

Resolving The Problem

Use a ViosAdminOp user profile on your HMC and amend the viosvrcmd command syntax.

Example:
:~> command=`printf "oem_setup_env\nls -l /etc/utmp"`
becomes:
:~> command="ls -l /etc/utmp"

... but the viosvrcmd part requires "--admin" adding.

Example:
hscroot@<HMC_hostname>:~> viosvrcmd -m <Managed_Server_Name> -p <VIOS_Name> -c "$command"
becomes:
viosadminuser@<HMC_hostname>:~> viosvrcmd -m <Managed_Server_Name> -p <VIOS_Name> -c "$command" --admin

To create the VIOS Admin task role:

hscroot@<HMC_hostname>:~> mkaccfg -t taskrole -i "name=VIOS_Admin,parent=hmcsuperadmin,"resources=lpar:ViosAdminOp""

(NB: This command should all be on a single line).

To create the new HMC "viosadminuser" user with a password="vios-admin" set to expire in 3 days:

hscroot@<HMC_hostname>:~>mkhmcusr -u viosadminuser -a VIOS_Admin --passwd vios-admin -M 3

$ ssh -e T viosadminuser@<HMC_hostname>
viosadminuser@<HMC_hostname>'s password:
Warning: your password will expire in 3 days

Then, create and run commands with "root" authority:
viosadminuser@<HMC_hostname>:~> command="ls -l /etc/utmp"
viosadminuser@<HMC_hostname>:~> viosvrcmd -m <Managed_Server_Name> -p <VIOS_Name> -c "$command" --admin

Example:

viosadminuser@<HMC_hostname>:~> command="ls -l /etc/utmp"
viosadminuser@<HMC_hostname>:~> viosvrcmd -m Server-8406-70Y-SN06BFF6A -p PS700_VIOS_Epic -c "$command" --admin
-rw-r--r-- 1 root system 34992 May 11 16:25 /etc/utmp

Related Information

HMC Commands

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SGGSNP","label":"Hardware Management Console V9"},"ARM Category":[{"code":"a8m0z000000bowEAAQ","label":"Hardware Management Console"},{"code":"a8m50000000L2vzAAC","label":"Howto"}],"ARM Case Number":"TS003637837","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSPHKW","label":"PowerVM Virtual I\/O Server"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSOQ2E","label":"Hardware Management Console V10"},"ARM Category":[{"code":"a8m0z000000bowEAAQ","label":"Hardware Management Console"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips