IBM Support

SmartCloud Provisioning 2.3 Fix Pack 1 (SCP - 2.3.0.1)

Fix readme


Abstract

IBM SmartCloud Provisioning 2.3 Fix Pack 1 (2.3.0.1) is available. This is the README file for the release.

Content

Copyright International Business Machines Corporation 2014. All rights reserved.
Component: IBM SmartCloud Provisioning, Version 2.3.0

Product number: 5725-C88

Fix: Fix Pack 1 (2.3.0.1)

Date: April 2014

Contents:

1.0 General description
2.0 Problems fixed
2.1 APARs
2.2 Enhancements
2.3 Included fixpack
2.4 Fixed security vulnerabilities
3.0 Architecture and prerequisites
4.0 Image directory contents
5.0 Installation instructions
6.0 Additional installation information
7.0 Known problems and workarounds
8.0 Additional product information
9.0 Notices

1.0 General description
=======================

This Fix Pack resolves the APARs listed in the "Problems Fixed" section hereafter.

2.0 Problems fixed
==================

The following problems are addressed by this fix:

2.1 APARs
---------
APAR IC98208 - Inconsistent hostname assignment for Windows VMs
APAR IC98314 - Patterns with parts which contain variables not being passed to AE
APAR IC98480 - Task queue performance problem
APAR IC99873 - CTJCO0003E - 401 "UNAUTHORIZED" message during deploy
APAR IC99215 - Deployment fails if the hostname is not DNS-resolvable
APAR SE57311 - Cannot provision if an ESX is in maintenance mode
APAR SE57516 - SCE-Unable to assign IP address to Windows Japanese images.
APAR SE57844 - Unable to deploy a Windows 2008 R2 server with an additional disk
APAR SE58347 - SCP always deploys to 1st datastore.
APAR SE58436 - Provisions vm to datastore with insufficient disk space
APAR SE58438 - Deployment fails to VMware resource pool
APAR SE58459 - SCP loses connection to vCenter when ESXi host is put in maintenance mode
APAR ZZ00121 - Quota management of fixed_ips doesn't work well in KVM env
APAR ZZ00125 - Documentation - Troubleshooting LDAP integration
APAR ZZ00139 - Documentation - One more troubleshooting for failed actions on instances
APAR ZZ00142 - Enable/Disable Instances Discovery configuration from property file
APAR ZZ00157 - Documentation - Need to add a new section listing the RPMs that are added to an image
APAR ZZ00159 - Parameter "-w" need to be add to "grep" in some scripts in /opt/ibm/openstack/iaas/smartcloud/bin
APAR ZZ00160 - Unable to index images if more than one region is registered to the same vCenter
APAR ZZ00162 - Documentation - Explain which base image to use for virtual applications.
APAR ZZ00163 - Documentation - Infocenter need to provide the port information used by db2
APAR ZZ00164 - Documentation - Update the Hardware pre-reqs section with a reference to creating the virtual images on VMware/KVM
APAR ZZ00165 - User groups disappear after a certain time
APAR ZZ00166 - Documentation - Provide procedure to change passwords of created users
APAR ZZ00167 - Documentation - How to remove an image
APAR ZZ00168 - Documentation - Indexing of Openstack VMs is not supported on KVM
APAR ZZ00169 - ICCT extension of AIX NIM image didn't run properly
APAR ZZ00170 - Documentation - Infocenter contains wrong URLs in REST API Documentation section of the POST /resources/virtualSystems
APAR ZZ00172 - "Deploy Virtual System Instance Offering" - VM name too long for vmware
APAR ZZ00175 - File not found when clicking on "user activity"
APAR ZZ00176 - Documentation - Document how to do thin provisioning on VMware regions
APAR ZZ00177 - Deploy Virtual System Instance does not work if flavor has auto ID
APAR ZZ00178 - Documentation - CONFIGURATION NEEDED IN CASE OF MULTI USERS ACCESS TO SAME VCENTER
APAR ZZ00180 - Documentation - Add limitation that Disk add-on is not supported for shared storage pools
APAR ZZ00182 - Documentation - Install VMware Region - Document that Domain account is not supported
APAR ZZ00183 - Documentation - Refine infocenter on ICCT image requirement part with no-English image
APAR ZZ00185 - Script packages don't preserve file permissions
APAR ZZ00186 - ICCT - "domain suffix for this connection" is always set to rch.kstart.ibm.com
APAR ZZ00187 - Better error message for lack of support of Domain user
APAR ZZ00188 - deploy.conf needs to be updated to reflect the partitions
APAR ZZ00194 - Missing /resources/virtualApplianceInstances/{id} is not documented
APAR ZZ00199 - Strange trace entry in BPM log - unable to lookup MixedCase group names in AD
APAR ZZ00200 - Documentation - Clarify supported VM motion scenarios
APAR ZZ00202 - Cannot change roles of LDAP users if users are loaded with DN
APAR ZZ00203 - Static route configuration is not cleaned up by reset step
APAR ZZ00206 - Documentation - The description for vm_ip_rang in topic installing Region server should be modified to make it more clear
APAR ZZ00209 - TSAAM could not be started.
APAR ZZ00212 - VIL proxy crashes frequently
APAR ZZ00214 - Documentation - Missing documentation on how to specify domainName and projectName
APAR ZZ00216 - Documentation - Role needed to create pattern types
APAR ZZ00218 - Documentation - Port missing
APAR ZZ00225 - The VMware hypervisor does not work after one ESXi host change to maintenance mode
APAR ZZ00226 - Activation Engine: upgrade.sh not working on AIX
APAR ZZ00227 - Documentation - After disabling the primary project for a user, they cannot login any more

2.2 Enhancements
----------------
- Support for ConfigADDomain and ConfigKMSHost properties in image metadata (parts/ovf).
See http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/topic/com.ibm.scp.doc_2.3/sr/ep/ept_creaprof.html for more details.
- Lots of other documentation updates.


2.3 Included fixpacks
---------------------
- SCE 3.1 FP3 (3.1.0.3-IBM-SCE-FP003)


2.4 Fixed security vulnerabilities
----------------------------------
- CVE-2013-6437 Nova compute DoS through ephemeral disk backing files
- CVE-2013-4463, CVE-2013-4469 Potential Nova denial of service through compressed disk images
- CVE-2013-7048 Nova live snapshots use an insecure local directory


3.0 Architecture and prerequisites
==================================

This fix is supported on all operating systems listed in the IBM SmartCloud Provisioning documentation at
http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/topic/com.ibm.scp.doc_2.3/c_os.html


3.1 Prerequisites for this fix
------------------------------
The prerequisite level for this fix is the following:

- IBM SmartCloud Provisioning Version 2.3.0

Because this Fix Pack is cumulative, it can be installed on any fix level for this version, release, and modification level
later than the prerequisite.


4.0 Image directory contents
============================

- 2.3.0-CSI-ISCP-FP0001.README - The README file for IBM SmartCloud Provisioning Version 2.3.0.1
- 2.3.0-CSI-ISCP-FP0001-README.zip - The README file for IBM SmartCloud Provisioning Version 2.3.0.1 translated into other languages
- 2.3.0-CSI-ISCP-FP0001-ICCT.README - The README file for IBM Image Construction and Composition Tool 2.3.0.1
- 2.3.0-CSI-ISCP-FP0001.tgz - IBM SmartCloud Provisioning Version 2.3.0.1 for RHEL Multilingual


5.0 Installation instructions
=============================
This Fix Pack can be installed on top of an existing installation or as a fresh installation.

5.1 Before installing the fix
-----------------------------
- The prerequisites listed under section 3.1, 'Prerequisites for this fix', must be installed before this Fix Pack can be used as an upgrade. Alternatively, you can use this fix pack to perform a fresh installation, in which case no prerequisites are required.
- Read carefully section 7.0, Known problems and workarounds.

5.2 Fresh Install
-----------------
To proceed with SmartCloud Provisioning installation, refer to information available in the infocenter at:
http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/topic/com.ibm.scp.doc_2.3/t_install_sco.html

5.3 Upgrade
-----------
To proceed with IBM SmartCloud Provisioning upgrade, refer to information available in the information center at
http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/topic/com.ibm.scp.doc_2.3/t_upgrade_from_SCO23.html
(The information might not be available at the date this Fix Pack is released. If so, perform the following procedure.)

To upgrade SmartCloud Provisioning, perform the following steps:

5.3.1. Before you begin

Both fresh installation and upgrade use the same package. Prepare the package by performing the following steps on Central Server 1 and all Region Servers:

1. Extract the package into a new directory, for example, if your working directory is /install_fp1_media:

# tar xvf <installation tar media>

2. Navigate to the directory /install_fp1_media/installer/.

3. Prepare the Red Hat Enterprise Linux server DVD ISO file on Central Server 1 and the Region Servers.
On central-server-1, set "iso_location" to the correct location in the file central-server.cfg.
On each region server, set "iso_location" to the correct location in the file region-server.cfg.
iso_location=/opt/RHEL6.3-20120613.2-Server-x86_64-DVD1.iso (The location of the Red Hat Enterprise Linux Server 6 DVD ISO file).

Note:
- No other parameters in the configuration files need to be updated - as these can be determined from the existing installation of SmartCloud Provisioning 2.3.
- Do not move to other directories when you perform the upgrade steps.

5.3.2. Procedure

1. Stop the SmartCloud Provisioning processes:

If System Automation Application Manager is not used to control SmartCloud Provisioning, refer to Starting or stopping SmartCloud Provisioning
http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/topic/com.ibm.scp.doc_2.3/t_start_stop_sco.html
to start or stop SmartCloud Provisioning.

If System Automation Application Manager is used to control SmartCloud Provisioning, refer to Controlling the management stack
http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/topic/com.ibm.scp.doc_2.3/t_conf_saappman.html
to "Request Offline" SmartCloud Provisioning from System Automation Application Manager.

Once the services are all offline, suspend automation by clicking the "suspend automation" button. If you do not suspend automation,
SAAM will stop the services as they are restarted as part of the upgrade, and the upgrade procedure will fail.


2. Backup the Central Servers and Region Server virtual machines and the compute nodes:

* Back up the file /opt/ibm/pcg/etc/flavors.json on Central Server 2. Otherwise, Public Cloud Gateway will lose the original flavor customization after upgrade.
* For VMware-hosted virtual machines, see Taking Snaphots
http://pubs.vmware.com/vsphere-51/index.jsp?topic=/com.vmware.vsphere.vm_admin.doc/GUID-64B866EF-7636-401C-A8FF-2B4584D9CA72.html
for information about taking snapshots of the virtual machines.


3. On Central Server 1, run deploy_central_server.sh to upgrade the Central Server:

./deploy_central_server.sh

4. On each Region Server, run deploy_region_server.sh to upgrade the Region Server:

./deploy_region_server.sh <-C central-server-1-ip-address>

5. On each KVM Region Server, run deploy_compute_node.sh to upgrade compute node for KVM regions:

./deploy_compute_node.sh <-s additional node ip> [-p OS root password]

6. Restart the SmartCloud Provisioning processes:

If you do not use System Application Automation Manager to control SmartCloud Provisioning, see
Starting or stopping SmartCloud Provisioning
http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/topic/com.ibm.scp.doc_2.3/t_start_stop_sco.html
for information about starting SmartCloud Provisioning.

If you use System Application Automation Manager to control SmartCloud Provisioning, follow the procedure
described in Configuring System Application Automation Manager
http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/topic/com.ibm.scp.doc_2.3/t_conf_saappman.html
to:
- Re-configure service autostart on the Central Servers, Region Servers and compute nodes.
- Run the step to copy control scripts from /iaas/scorchestrator to /home/saam on all the servers.

7. Restore /opt/ibm/pcg/etc/flavors.json on Central Server 2.
Note: If you forget to back up the file /opt/ibm/pcg/etc/flavors.json in step 2, you can find it in /opt/ibm/pcg/backup/server-*.zip on Central Server 2.

5.3.3. Results

You can find the upgrade logs in /tmp/bootstrap-update*.log. If the upgrade failed, you can roll back your SmartCloud Provisioning environment
with the data backed up. For VMware hosted virtual machines, see Taking Snapshots
http://pubs.vmware.com/vsphere-51/index.jsp?topic=/com.vmware.vsphere.vm_admin.doc/GUID-64B866EF-7636-401C-A8FF-2B4584D9CA72.html
for information about taking snapshots of the virtual machines.


6.0 Additional installation information
=======================================
None.

7.0 Known problems and workarounds
==================================
7.1. Running the upgrade a second or subsequent time is not supported. If an error is encountered during the first attempt, the supported steps would be to:
a) Revert the snapshot for all central servers.
b) Correct the issue causing the error.
c) Commit the snapshot(s) for the affected server(s).
d) Create a new snapshot(s).
e) Perform the upgrade.

7.2. In 2.3.0.1, VMware 5.5 is supported via a well known and published VMware workaround to handle where the vSphere Client and vSphere PowerCLI may fail
to connect to vCenter Server 5.5 due to a handshake failure (Issue 2049143).
See http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2049143
for a more detailed explanation and how to solve the issue.

7.3 During upgrade of SmartCloud Provisioning from 2.3.0 to FP1 the existing certificates of SmartCloud Provisioning are overwritten.
If you replaced the self-signed certificates with new (officially signed) ones
(as described in http://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/index.jsp?topic=/com.ibm.scp.doc_2.3/r_replacing_existing_certificates.html)
and imported them under the same alias names, then you must reimported them after the upgrade.

If you kept the self-signed Business Process Manager certificate (alias "iwd") but you renamed it or reimported it under a different name,
then the upgrade process will fail. Make sure the alias name of the self-signed certificate is "iwd" before attempting to upgrade to Fix Pack 1.

7.4 There is a known issue on security vulnerability in OpenSSL identified by CVE-2014-0160. This vulnerability affects the Image Construction and Composition Tool bundle named "Enablement Bundle for Virtual Application and System Plugins in Windows". To fix this issue, you need to install the ifix 2.3.0.1-CSI-ISCP-IF0001 on top of SCP 2.3.0.1.

8.0 Additional product information
==================================
None.


9.0 Notices
===========
For trademark attribution, visit the IBM Terms of Use web site (http://www.ibm.com/legal/us/).

Related information

Fix Central location for 2.3.0-CSI-ISCP-FP001

Document information

More support for: IBM SmartCloud Provisioning

Software version: 2.3

Operating system(s): Platform Independent

Reference #: 1671947

Modified date: 01 May 2014