I am just using this blog as somewhere to store my reminders and notes for this major PowerVC release.

Editions

PowerVC now has two Editions:

1. PowerVC Standard for PowerKVM
2. PowerVC Standard for PowerVM
3. Cloud PowerVC Manager for PowerVM

You can upgrade from PowerVC Standard Edition for PowerVM to Cloud PowerVC Manager for PowerVM.

There is already a PowerVC 1.3.1.1 update - recommended.

Also you need HMC 850 and VIOS 2.2.4.22 - recommended.

At the time of the latest review:  PowerVC is a version 1.4.4, VIOS 3.1, and HMC 900 series are available.

Database

When upgrading to PowerVC 1.3.1 the underlying database will be changed from DB2 to MariaDB, which is Open Source and has other advantages too. The upgrade is done automatically behind the covers.

You can't save and restore from PowerVC on Intel to PowerVC on Power nor between Big Endian (BE) to Little Endian (LE) images.

Standard Editions new features:

1. AIX Active Memory Expansion
2. Dynamic Resource Optimiser – can be scheduled
3. Remove a VM but keep the storage “just in case”
4. Novalink improvements
5. Project & user role admin for separating resources: VMs, Disks, Images
6. Hitachi Storage Provider: This feature was postponed.  It is best to ask Hitachi why?

Prices

Prices are not covered on a technical website.  The Cloud PowerVC Edition has a higher price than the Standard Edition that we have had a number of years.

Warning: Only do this upgrade to Cloud AFTER you have paid up to stay legal.

Useful weblinks:

1. Knowledgecenter Top Menu for Standard Edition
2. Knowledgecenter Top menu for Cloud PowerVC Manager Edition
3. Knowledgecenter Standard Edition What is New
4. Knowledgecenter install cloudinit on Linux on Power
5. Knowledgecenter install cloudinit on AIX on Power
6. Knowledgecenter PowerVC 131 Cloud Managing Admin
7. Knowledgecenter PowerVC 131 Cloud Metering - Only for the brave "old school hacker"

Videos on YouTube

1. YouTube PowerVC 1.3.1 part 1 Standard Edition Update and Installing
2. YouTube PowerVC 1.3.1 part 2 Projects and Roles

Projects and User Roles

The commands used in the second YouTube video are here.  It might help you get started.

Adding a user to access the PowerVC GUI, instead of root

# adduser powervc -p SECRET
# source /opt/ibm/powervc/powervcrc
# export OS_USERNAME=root
# export OS_PASSWORD=SECRET     <-- actual password
# openstack role add --project ibm-default --user powervc admin

Add a project and list it

# openstack project create --description "Six Project" six
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Six Project                      |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 4e5ed9491daf44319eab573ebd0825e6 |
| is_domain   | False                            |
| name        | six                              |
| parent_id   | default                          |
+-------------+----------------------------------+

# openstack project list
+----------------------------------+-------------+
| ID                               | Name        |
+----------------------------------+-------------+
| 135537788461455183a90a4886142a65 | powervm     |
| 1f0ca545a81a4fffa8af6cf5fd2bea91 | ibm-default |
| 4e5ed9491daf44319eab573ebd0825e6 | six         |
| aa0ed38f28154f0aaac3c0e60decfb65 | service     |
+----------------------------------+-------------+

Create users and roles for access to a project

# adduser sixadmin  -p 666    ? NOT good password
# adduser halfdozen -p 666    ? NOT good password
#

# openstack role add --project six --user sixadmin admin
# openstack role add --project six --user halfdozen admin
# openstack user list
+--------------------------+-------------------+
| ID                       | Name              |
+--------------------------+-------------------+
. . .
| 1dd45dfca1d83b0e38 . . . | powervc           |
| 79d13683f8ab37b1d5 . . . | sixadmin          |
| 897db369914c6109c4 . . . | halfdozen         |
+--------------------------+-------------------+

Ooops - Fixing a Role

# openstack role remove --project six --user halfdozen admin
# openstack role add    --project six --user halfdozen deployer

How do you list the resulting Projects and User assignments?

• Version 2 of this section after assistance from IBM developers (cheers team)

You do that with the command: openstack role assignment list but with a load of options and some scripting to remove "fluff" reorder and put back the columns .  We what by project and by user listings.

Notes:

• -f value stops the ghastly ASCII Table look from the 1970's
• -c column-name selects what is output
• --name removes the massive hexadecimal id and gets you the user-friendly names (note the double"-")

Removing @Service lines removes Internal users and we don't need the output littered with the @Default domain.

By Project + Role + Username

# openstack role assignment list -c Project -c Role -c User --names -f value \
| grep -v @Service | sed 's/@Default//g' | \
awk '{ printf "%-15s %-15s %-15s\n", $3, $1, $2 }' | sort
eight           admin           eightadmin
eight           admin           nag
eight           admin           powervc
eight           deployer        eightdep
eight           self_service    eightself
eight           self_service    humble
ibm-default     admin           nag
ibm-default     admin           powervc
ibm-default     admin           root
ibm-default     self_service    humble
seven           admin           nag
seven           admin           powervc
seven           admin           sevenadmin
seven           deployer        sevendep
seven           self_service    humble
seven           self_service    selfish
seven           self_service    sevenself
six             admin           nag
six             admin           powervc
six             admin           sixadmin
six             deployer        halfdozen
six             self_service    humble
six             self_service    sixtine
six             self_service    sixtus

By Username + Project + Role:

# openstack role assignment list -c Project -c Role -c User \
--names -f value | grep -v @Service | sed 's/@Default//g' | \
awk '{ printf "%-15s %-15s %-15s\n", $2, $3, $1 }' | sort
​​​​​​​
eightadmin      eight           admin
eightdep        eight           deployer
eightself       eight           self_service
halfdozen       six             deployer
humble          eight           self_service
humble          ibm-default     self_service
humble          seven           self_service
humble          six             self_service
nag             eight           admin
nag             ibm-default     admin
nag             seven           admin
nag             six             admin
powervc         eight           admin
powervc         ibm-default     admin
powervc         seven           admin
powervc         six             admin
root            ibm-default     admin
selfish         seven           self_service
sevenadmin      seven           admin
sevendep        seven           deployer
sevenself       seven           self_service
sixadmin        six             admin
sixtine         six             self_service
sixtus          six             self_service

Two New Troublesome Commands

These two commands are difficult to understand due to their "quirky" design and lack of documentation.

Here are my notes - I hope it means you don't waste the hours I have to work them out.

powervc-config

Problem there is not overall documentation explaining the 13 things you can set. The only way to work it out what this command done is so run the command 20 times with different sub and sub-sub commands.

I am going to ignore the many audit and debug settings - I assume the settings are useful for diagnosing problems. I would expect PowerVC Support to tell me what to run.  I guess audit would add information to logging files and debug increase the trace and error logs.

The following command finds the current settings with example output from my PowerVC 1.3.1.1 on RHEL7.1 BE on POWER8. Most of the settings are the default values except the network ones.

If you add a "-h" after the same command (not the double quotes), then it shows you how to set the same variable.

I had to use the command to set the network domain as follows as the root user:

# /usr/bin/powervc-config compute server-domain --set ats.uk.ibm.com
The default domain name was updated for the specified hosts. 
Verify that no tasks are in-progress, then run the
 '/opt/ibm/powervc/bin/powervc-services nova restart' command to 
restart the nova services and complete the operation.

# powervc-config general ifconfig
PowerVC IP version : 4
PowerVC management address: vm17.ats.uk.ibm.com
PowerVC hostname: vm17
    ifconfig            Change the hostname or IP address of the PowerVC controller

# powervc-config general ipaddress
Current value: 9.137.62.17
    ipaddress           The IP address of the PowerVC controller Warning: This option will be deprecated in future releases.

# powervc-config general hostname
Current value: vm17
    hostname            The hostname of the PowerVC controller Warning: This option will be deprecated in future releases.

# powervc-config identity token_expiration
Current value: 6:00:00
Default value: 6:00:00
    token_expiration    Configure the expiration interval for the identity token
   Note: It is not documented but I think this format is Hours:Minutes:Seconds - also used below.

# powervc-config identity repository
PowerVC is configured for operating system authentication.
    repository          Configure the repository for authentication credentials, for example an LDAP server.

# powervc-config image image_size_cap
Current value: 1099511627776 B
Default value: 1099511627776 B
    image_size_cap      Configure the maximum image size, which can be uploaded through PowerVC controller

# powervc-config image user_storage_quota
Current value: 0 B
Default value: 0 B
    user_storage_quota  Configure the maximum amount of per-user image storage.

# powervc-config storage portgroup
usage: powervc-config storage portgroup [-h] --arrayid ArrayID  [--portgroup PortGroup] [--add] [--remove] [--list] [--restart]
    portgroup           Configure the EMC VMAX PortGroup list

    Note: I don't have an EMC disk unit so I am not clear on the details.

# powervc-config compute server-domain
[global]               ats.uk.ibm.com
828642A_100DC7V        ats.uk.ibm.com
8408E8E_21A494V        ats.uk.ibm.com
828422A_215E96V        ats.uk.ibm.com
9117MMB_100C25P        ats.uk.ibm.com
8231E2B_06FA44P        ats.uk.ibm.com
8231E1C_0659GDR        ats.uk.ibm.com
8233E8B_100W72P        ats.uk.ibm.com
8233E8B_100S71P        ats.uk.ibm.com
    server-domain       Display or set the default virtual machine domain name

# powervc-config metering meter_ttl
Current value: 14 days, 0:00:00
Default value: 14 days, 0:00:00
    meter_ttl           Configure the time to live interval for the meter data.

# powervc-config metering event_ttl
Current value: 270 days, 0:00:00
Default value: 270 days, 0:00:00
    event_ttl           Configure the time to live interval for the event data.

# powervc-config web inactivity_timeout
Current value: 2:00:00
Default value: 2:00:00
    inactivity_timeout  Time that UI users will be allowed to idle before being prompted and logged out. Value 0 or less will disable the timer.

# powervc-config web token_expiration_warning_time
Current value: 0:15:00
Default value: 0:15:00
    token_expiration_warning_time  Time before token expiration to prompt user for password to obtain new token. Value 0 or less will disable the timer.

powervc-cloud-config for Setting Policies on Projects

This command applies to the Cloud PowerVC 1.3.1.1+ manager Edition (I think).  This command scores highly on my weird-command-o-meter and I am worried about the sanity of the developer!

First, you need to understand this command is using (as far as I can determine) the remote REST API to "talk" to the PowerVC/OpenStack running on the current system.  For this function to work you have to set 14 shell variables. It also required to use the "openstack" command to control Cloud Edition Projects and User Roles - so it is not so strange.

As the root user, get your shell to read and set the shell variables in this powervcrc file:

source /opt/ibm/powervc/powervcrc

Then, you need to check the OS_USER_NAME and OS_PASSWORD variables have the correct settings as root:

env | egrep -e OS_USERNAME -e OS_PASSWORD
OS_PASSWORD=
OS_USERNAME=

If blank (like the previous example) set them on a default set up machine to the root user and password. As root:

export OS_USERNAME=root
export OS_PASSWD=SECRET

To list the options, you can set use the following:

# powervc-cloud-config list-policy-type
SUCCESS.
 {
  "policy_types": [
    "expired_resources_lifetime",
    "default_request_wait_time",
    "extension_approval_limit",
    "deploy_approval_limit",
    "default_expiration_days",
    "snapshot_approval_limit"
  ]
}

Yes it is odd - displaying the result in a Python program code style or JSON format!

The following panel lists of six items you can change.

Fortunately, the Redbook guys cover these details in the PowerVC 1.3.1+ Redbook in Chapter 3

Now the bad news - the settings can be set to a value (by you) or not set at all. Not set at all is the default.  If it is "not set" then it is assumed to have a special meaning and I don't see a way to get this out of the command. There are no details about the units used.  A value of -1 and zero have special meanings for some variables.

Example:  expired_resources_lifetime is in days. The resources are the virtual machines and not-set means "never expire the virtual machines" but you are never going to get these details out of the command. 

Read the Redbook for what the six items mean and the special significance or not-set and -1. I am not going to copy it in to this blog.

Next, see that the current settings are using the policy-list.  It is not obvious that command does not list the policy names:

# powervc-cloud-config policy-list
SUCCESS.
 {
  "policies": [ ]
}

Apparently, this command output means no policies have been set, so they all have the "not-set" defaults.

To set one of the policies, follow this example:

# powervc-cloud-config set-policy snapshot_approval_limit 88
Policy Created Successfully.
 {
  "policy": {
    "project_id": "c511b521ca93498397f33f1fa4b16dfc",
    "project_name": "ibm-default",
    "policy_type": "snapshot_approval_limit",
    "value": 88
  }
}

Note: this setting was set for the "ibm-default" project. Which is in the shell variables?

# env | grep OS_
OS_REGION_NAME=RegionOne
OS_NETWORK_API_VERSION=2.0
OS_USER_DOMAIN_NAME=Default
OS_IMAGE_API_VERSION=2
OS_PROJECT_NAME=ibm-default
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=root
OS_AUTH_URL=https://vm17:5000/v3/
OS_COMPUTE_API_VERSION=2.25
OS_USERNAME=SECRET
OS_TENANT_NAME=ibm-default
OS_VOLUME_API_VERSION=2
OS_CACERT=/etc/pki/tls/certs/powervc.crt
OS_PROJECT_DOMAIN_NAME=Default

The command appears to be using these to log in with the username and password and the project to use.

Unfortunately, you can not override these shell variables with the command-line options -u (or --user) and -p (or --project).

So if you want to change the settings for different projects, then one way is to do the following.  Remote the shell variable settings:

# unset OS_USERNAME
# unset OS_PASSWORD
# unset OS_PROJECT

Then, for my project called "six" and its admin user is "sixadmin" note I am setting a different value for this project:

# powervc-cloud-config --user sixadmin --project six set-policy snapshot_approval_limit 77

Enter password for sixadmin:
SSSSSS <-- password type here
Policy Updated Successfully.

Cool - now lets list the new values - unfortunately that takes two commands - one for each project (ibm-default and six).

# powervc-cloud-config  policy-list

Enter password for root:
RRRRRR <-- password type here

SUCCESS.
 {
  "policies": [
    {
      "project_id": "c511b521ca93498397f33f1fa4b16dfc",
      "project_name": "ibm-default",
      "policy_type": "snapshot_approval_limit",
      "value": "88"
    }
  ]
}

So project ibm-default value is 88

# powervc-cloud-config --user sixadmin --project six  policy-list

Enter password for sixadmin:
SSSSSS <-- password type here
SUCCESS.
 {
  "policies": [
    {
      "project_id": "3dcc355325584ddba56c45a96f1f9e79",
      "project_name": "six",
      "policy_type": "snapshot_approval_limit",
      "value": "77"
    }
  ]
}
#

So project "six" value is 77

That seems like hard work to set two numbers! Imagine 5 projects and six settings = 30 commands and passwords to type.

Sounds like a shell script is needed set everything the way you want.

It is easy to get caught out: If OS_TENANT_NAME="ibm-default" then the "--project six"  in the following example, is ignored and you are setting the ibm-default project by mistake.!!

unset OS_TENANT_NAME
powervc-cloud-config --project six set-policy default_request_wait_time 5
powervc-cloud-config --project six set-policy deploy_approval_limit 3
powervc-cloud-config --project six set-policy expired_resources_lifetime 90
powervc-cloud-config --project six set-policy extension_approval_limit 4
powervc-cloud-config --project six set-policy default_expiration_days 30
powervc-cloud-config --project six set-policy snapshot_approval_limit 1

- - - The End - - -