xaminmo: (Logo Tivoli Certified)
[personal profile] xaminmo
Here's how to set up a TSM client inside of a non-root user's home directory.

First, copy /opt/tivoli/tsm or /usr/tivoli/tsm into the location appropriate to your environment. For me, this was /home/xaminmo/tsm

Next, modify your dsm.sys and dsm.opt files to match the new environment.

TSM assumes hard-coded paths for a bunch of things, so the run line is like this:
export DSM_CONFIG=/home/xaminmo/tsm/client/ba/bin/dsm.opt
export DSM_DIR=/home/xaminmo/tsm/client/ba/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/xaminmo/tsm/client/api/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/xaminmo/tsm/client/ba/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/lib:/usr/lib:/opt/lib:/usr/local/lib

If you use AES encryption, you'll run into something like this:
2011-03-16 19:26:49 ANS1467E ICC routine ICC_Init returned: majRC = 4, minRC = 2, desc = '/opt/tivoli/tsm/client/icc32/icc/icclib/libicclib.so: cannot open shared object file: No such file or directory'.
2011-03-16 19:26:49 ANS1464S Cannot load ICC encryption library.

The "recommended" solution is to not use AES encryption, but what fun is that?

The fix is documented for a Windows PE defect, but is easily adapted to our needs:
ln -s /home/xaminmo/tivoli/tsm/client/icc32/icc /home/xaminmo/tivoli/tsm/client/ba/bin
echo "testflag localicc" >> /home/xaminmo/tivoli/tsm/client/ba/bin/dsm.opt

Finally, with PASSWORDACCESS GENERATE set, but non-root dsmtca, you'll see something like this:
2011-03-16 20:06:25 Unable to locate valid trusted communication agent.
2011-03-16 20:06:25 tcaPath is >/home/xaminmo/tsm/client/ba/bin/dsmtca<. rc is 138
2011-03-16 20:06:25 ANS1501E Trusted agent execution/owner permissions are invalid

The fix is again simple, but only documented in the API Programmer's guide:
chmod -R go-rwx /home/xaminmo/tsm
chmod 4500 /home/xaminmo/tsm/client/*/bin/dsmtca
chown -R xaminmo /home/xaminmo/tsm
echo "PASSWORDDIR /home/xaminmo/tsm/tivinv" >> /home/xaminmo/tivoli/tsm/client/ba/bin/dsm.sys

After that, ONLY xaminmo may run dsmc, but the password will be encrypted and stored in /home/xaminmo/tsm/tivinv/TSM.PWD.

Not pretty, but it's all documented from IBM, and it does work in my lab.


eserver: (Default)
IBM POWER servers

June 2017

45678 910


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 26th, 2017 07:50 pm
Powered by Dreamwidth Studios