Since virtual HMCs do not have a graphics card, the graphical Guided Setup Wizard cannot be started when installing a virtual HMC. This means that the IP configuration for the public network (open network), as well as the ability to allow SSH and remote access, must be configured manually via the HMC’s CLI.

Note: LPAR tool and the HMC GUI cannot be used until this basic configuration is completed.

Logging in via the console of the virtual HMC is possible with the account hscroot and the default password “abc123“:

IBM Linux 9 (hmc9_0p)
Kernel 4.18.0-193.14.3.el8.ibm.1.ppc64le on an ppc64le

localhost login: hscroot
Password: abc123
hscroot@localhost:~>

First, the password for the user hscroot should be changed. To do this, you can use the “chhmcusr” command on the HMC command line:

hscroot@localhost:~> chhmcusr -u hscroot -t passwd
Enter the new password: XXXXXXXX
Retype the new password: XXXXXXXX
hscroot@localhost:~>

Next, a hostname should be set. This can be set with the command “chhmc -c network”:

hscroot@localhost:~> chhmc -c network -s modify -h vhmc01
hscroot@localhost:~>

In order for the vHMC to be accessible via the network, an IP address must be configured:

hscroot@localhost:~> chhmc -c network -s modify -i eth0 -a 172.16.199.58 -nm 255.255.255.0
hscroot@localhost:~>

Setting a default gateway then completes the basic IP configuration:

hscroot@localhost:~> chhmc -c network -s modify -g 172.16.199.1
hscroot@localhost:~>

In order for admin access via the network to be possible, SSH and/or remote web access must be activated:

hscroot@localhost:~> chhmc -c ssh -s enable
hscroot@localhost:~>
hscroot@localhost:~> chhmc -c remotewebui -s enable -i eth0
hscroot@localhost:~>

Note: SSH access is required to use the LPAR tool.

To activate remote web access, the interface through which web access should take place must be specified.

However, logging in remotely is still not possible. SSH access via the network is blocked by default by the HMC firewall. When you try, you will see corresponding messages on the console:

[ 1523.210757] DROPPED PACKET:IN=eth0 OUT= MAC=9a:6c:51:6b:c8:02:00:1c:7f:a2:c9:f8:08:00 SRC=172.16.199.167 DST=172.16.199.58 LEN=64 TOS=0x00 PREC=0x00 TTL=57 ID=34650 DF PROTO=TCP SPT=36392 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
[ 1524.211223] DROPPED PACKET:IN=eth0 OUT= MAC=9a:6c:51:6b:c8:02:00:1c:7f:a2:c9:f8:08:00 SRC=172.16.199.167 DST=172.16.199.58 LEN=64 TOS=0x00 PREC=0x00 TTL=57 ID=34651 DF PROTO=TCP SPT=36392 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0
[ 1526.215128] DROPPED PACKET:IN=eth0 OUT= MAC=9a:6c:51:6b:c8:02:00:1c:7f:a2:c9:f8:08:00 SRC=172.16.199.167 DST=172.16.199.58 LEN=64 TOS=0x00 PREC=0x00 TTL=57 ID=34652 DF PROTO=TCP SPT=36392 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0

Therefore, a firewall rule that allows SSH must first be added:

hscroot@localhost:~> chhmc -c ssh -s add -a 0.0.0.0 -nm 0.0.0.0
hscroot@localhost:~>

Note: The combination with IP address 0.0.0.0 and netmask 0.0.0.0 allows SSH access for all IP addresses.

Remote web access must also first be permitted via another rule:

hscroot@localhost:~> chhmc -c SecureRemoteAccess.name -s add -a 0.0.0.0 -nm 0.0.0.0 -i eth0
hscroot@localhost:~>

The vHMC should then be accessible via SSH:

$ ssh -l hscroot vhmc01
The authenticity of host 'vhmc01 (172.16.199.58)' can't be established.
ECDSA key fingerprint is SHA256:l9FcdVUdd/3erCRFT+oNWDETZkb/QdtHVaxik1dyrj4.
ECDSA key fingerprint is MD5:48:cb:f6:c9:da:ca:73:ec:40:1e:31:1e:89:0d:08:14.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vhmc01,172.16.199.58' (ECDSA) to the list of known hosts.
Password: XXXXXXXX
Last login: Mon Dec 11 08:07:15 2023 from 172.16.199.55
/usr/bin/xauth:  file /home/hscroot/.Xauthority does not exist
hscroot@vhmc01:~>

After the vHMC can be reached via SSH, it can be registered with the LPAR tool using the command “hmc add” (the HMC must be licensed for this). The vHMC can be temporarily added using the hscroot account:

$ hmc add hscroot@vhmc01
Password: XXXXXXXX
vhmc01:
$

Everything else can then be configured either with the LPAR tool or alternatively with the HMC GUI.

Note: The Guided Setup Wizard can then be started at any time via the HMC GUI.