Using FLRT and FLRTVC to Plan Your AIX Fixes
FLRT and FLRTVC have changed significantly in the past couple of years and have added many new features.
By Jaqui Lynch04/01/2018
IBM has come a long way with the changes they have been making to the support website, so it is time to look again at what’s provided there. Apart from Fix Central and the Entitled Software Site, the two webpages I visit the most are the FLRT (fix level recommendation tool) and FLRTVC (FLRT vulnerability checker) sites. These have changed significantly in the past couple of years and have added many new features.
FLRT (Fix level recommendation tool) has been around for several years now and it is something I use whenever I am planning an upgrade or trying to determine how long I can stave off an upgrade for. FLRT provides guidance for software and firmware maintenance. The most recent version provides you with the release date for the versions you are running and their end of service date (if announced). It also provides the same dates for the recommended update levels and provides links to the readme files for the recommended updates.
FLRT provides upgrade recommendations for software and firmware, providing custom reports for each system. Support is built-in, not just for the operating systems (Linux, AIX and IBM i), but also for the HMC, virtual I/O server (VIOS), as well as PowerHA, PowerVC, PowerVP and Spectrum Scale. FLRT is a great way to check that products are at the recommended levels and that any interdependencies are being met. The combination of FLRT and the prerequisite tool is a very powerful way to avoid potential problems when considering upgrades, when bringing in new hardware or when planning for future updates.
At the FLRT home page there are now multiple icons that allow easy access to tools. These are labeled report tools, data tables, scripting tools and Apar tools. I use the first two the most.
Report tools now provides links to a number of options. You can select from Power Systems, Purepower, Power devices adapter microcode, Power Systems prerequisites, Live Partition Mobility and FLRTVC Online. Additionally, they provide the ability to load an inventory file.
The Power Systems option allows you to select your current hardware, firmware, HMC levels, VIOS levels and operating system levels. It covers Power, Pureflex and Blade servers and provides support for AIX, IBM i and Linux. Once you select all your options it checks them against engineering recommendations and provides a status. It gives you the release date and EoSPS date for the version you are running, along with links to the latest version and its release date. You can save the file you create in .txt, .xml or json format. It also provides links to recommended patches to the HMC along with links to known security reports (called CVEs) for both the operating system and the VIO.
There is a new feature in FLRT called Version Timeline. You’ll see it to the right of each line item in the report. If you click on it a bar graph is produced that shows the life cycle for the level you are at and the potential update levels. This can be very helpful in determining which level to update to and when to perform that update.
The Power Systems requisites data got moved to the report tools area late in 2017. The report allows you to see the minimum levels required for each feature code on a specific machine type and model. You can use this to supplement the FLRT reports to produce overall recommendations. If you don’t know your feature codes you can get them from IBM’s install inventory site. At the site click on By serial, enter the product type (e.g., 8408) and the last 5 digits of the serial. Make sure the following boxes are checked—retrieve all system data, add to summary and save, retrieve on order data, retrieve uninstalled hardware and clear summary prior to retrieval. Then click on show and it will get the data and take you to a save file option. Instead go down two lines and click on show report, then printable version. This report will show all the information you need on your configuration including all the feature codes for the various adapters. Now you can use that information with the prerequisite tool to ensure you have any required operating system fixes and minimum firmware levels.
Once you have the feature codes you can also check for the latest recommended microcode levels for the adapter at Fix Central. Click on Select Product and then select Power I/O Firmware. You can then select the feature code. As an example, I selected EN0S which is a 10Gb/1Gb network adapter. Information provided included the latest firmware level (30100150), a link to get the firmware and a link to the description (readme) file which should be read before installation. The release date was also provided which in this case was 1/15/2015.
Data tables provides a quick look at data in tabular format. The options provided include AIX security tables, system software maps, AIX Hiper tables, VIOS to NIM mapping, a CVS file of all AIX hiper and security issues and access to FLRT Lite.
If you click on FLRT Lite you can select the system you are interested in (i.e. HMC) and it shows you a list of all of the software levels, their release date and their EoSPS (end of service pack support) dates. You can also download this information in a .csv or json format
System Software maps allows you to pick the operating system, then the hardware and it provides a list of supported levels for that hardware. There is also a link at the bottom that provides the list of supported firmware and HMC code combinations for all the servers.
The VIOS to NIM mapping provides a list of the minimum level that the NIM server has to be at in order to install, support and recover your VIO servers.
The AIX/VIOS security tables and the AIX Hiper tables provide a list of known security or critical issues along with links on how to fix them with a direct link to the actual fix.
Finally, Apar tools allows you to search for more detailed information on Apars.
FLRT is run external to your systems and is used to help with planning for upgrades and maintenance. However, it doesn’t address known vulnerabilities in the operating system. The tool that does that is called FLRTVC (FLRT vulnerability checker). FLRTVC is a script that you install on the AIX LPAR to be checked. That script will download a file from IBM called apar.csv. It uses wget or curl to try to download a file called apar.csv from IBM and it then checks known issues against your software levels. The most common things it finds are back levels of SSH, SSL and Java. If your server is unable to download the file you can download it yourself from the site. Then just edit the script and change SKIPDOWNLOAD=0 to 1. It will then read the local file. I run this on all my VIO servers and my primary copy of LPARs (since they are usually set up the same) once every 4 to 6 weeks to make sure I find any outstanding security issues. FLRTVC produces a .txt file (if you tell it to) that can be downloaded and opened in Excel. That file identifies the efixes and ifixes that need to go on, provides links to the readmes, and also provides links to the actual download where possible.
System maintenance is an ongoing never-ending task, but in today's insecure world it is more critical than ever to ensure that your systems are at a) supported and b) secure levels. The combination of FLRT and FLRTVC is a great way to get ahead of the game here. At the bottom of the FLRT home page is a series of Blog entries where IBMers keep you up to date with the latest additions to the products. There is also a feedback link where you can make recommendations for additional features you might like to see. I regard FLRT and FLRTVC as critical parts of my maintenance toolbox along with Fix Central, HMC Scanner and various other tools.
Jaqui Lynch has over 38 years of experience working with a projects and OSes across vendor platforms, including IBM Z, UNIX systems and more. More →