====== Installing OS/400 V4R4 on an AS/400 170 ======
This is more or less a consolidation of two sources that, combined, make up what I think of as a "standard" OS/400 V4R4 deployment. As such it is largely paraphrased from the following two folks who did the heavy lifting before me:
* jack23247's [[https://jack23247.github.io/blog/sysadm/installing-os400-v4r4/|Installing OS/400 V4R4 on an AS/400 Model 150 ]]
* PoC's [[https://try-as400.pocnet.net/wiki/Post-Install_Optimizations|OS/400 Post-Install Optimizations]]
These steps should apply pretty broadly to PowerPC AS/400s. CISC and POWER, YMMV. I have dealt with neither.
I assume you are installing from CD. I have no clue where to source V4R4 tape images from, nor do I know how the installation differs from CD. If you have tape media I suggest you join the IBM i Discord and ask. I also assume you already have an understanding of how to get a console on an AS/400 and have already done so. Also, this is not a quick process- on my 170 it takes a few hours to get OS/400 properly reinstalled. On newer machines with fast SAS or NVMe disks this is not such an issue, but if you have older hardware you will want to set aside some time for console-watching and CD-swapping.
===== Quick Tips =====
If a command has options available but you do not want to specify them, you can type the command and press F4 to bring up a prompt menu of all available options.
===== Initial IPL and Install =====
You will need a set of CDs from the V4R4 demopkg. I can't distribute these but a quick Google search will land you there. ''I_BASE_01'', ''B2924_xx'', ''L2924_xx'', and ''F2924_xx'' are the most important ones, these are what you need for a base install. ''C9166440_xx'' are cumulative PTFs, necessary but we'll apply those later.
If you are installing over an existing OS/400 install, for example on a system you have rehomed (make sure you archive anything interesting first!), you will need to IPL to DST and format the DASD first. This is described in the section [[install_os400_v4r4#appendix_ipl_to_dst|Appendix: IPL to DST]]. IME if you only install the LIC, even if you choose to initialize the system, you will be left with data from the previous install. Formatting the DASD is the only way I have been able to get a truly clean install.
If you have a used system, it may have licenses already installed. See if you are able to IPL the machine and log in, and check the license info (WRKLICINF?). If there are licenses, you will want to back these up. This is outside the scope of this document.
Make sure your system IPL mode is set to ''D M'' and boot the machine. You will need a console on port 0 of your twinax brick. Select ''Install the Operating System'' and follow the prompts. You want OS/400, not SSP- SSP is the System/36 environment, and that's all. If you have an Advanced/36 SSP is all you get. When asked for the language feature code, you probably want 2924 which should be the default. This is US English, other language codes are documented [[https://www.ibm.com/docs/en/i/7.1?topic=information-national-language-version-feature-codes|here]].
At some point the system will ask you if you want to destroy your load source. If your ASP is already configured then you can proceed here. If you have not configured your ASP, press F3 here and go into DST to make sure your DASD are allocated how you want them. Balancing the ASP over multiple DASD later will take a while. If you proceed without configuring your ASP or without having one preconfigured OS/400 will give you a single DASD ASP. The install will proceed from here until you need the next CD. Load ''B2924_01'' and continue.
When asked to log in, just log in as ''qsecofr''. IPL options can be left as default for a new install, but you'll want to set the date (V4 is Y2k-compliant, being released in 1999) and time (24 hour). Once IPL'd, the system will inform you that QSECOFR's password has expired. The default is ''qsecofr'' (case insensitive) and the replacement can be up to 9 alphanumeric characters. You will also be informed that the system OS/400 license will expire in 70 days- unless you were able to talk to someone at IBM and have the license transferred to your system, you are in what is known as the "70 day club". You will need to restore your system before 70 days have elapsed.
===== The Base OS/400 System =====
You are now in a base OS/400 V4R4 install, but there is not a lot of interest here yet. The system libraries and objects have been restored, but that is about it. Think of it like a minimal Debian install. As with a minimal Debian install though, there are still some useful things we can do.
For now, you will just change the system name (hostname) of the machine using the **Change Network Attributes** command:
CHGNETA SYSNAME(NAME)
This can be up to 8 alphanumeric characters. It is probably possible as Jack mentions to install software from here, but I have not tried. So for now, we will power down the system and re-IPL just to be careful.
PWRDWNSYS *IMMED RESTART(*NO)
Throw ''B2924_02'' in the CD tray while you are there, and IPL in ''B N'' mode. Once up, log back in as QSECOFR. We'll now need to prepare the system for licensed program installation by putting it into a restricted state and stopping all running subsystems. First, run:
CHGMSGQ QSYSOPR *BREAK SEV(60)
Answer/clear any outstanding messages and exit. Now, end the subsystems:
ENDSBS *ALL *IMMED
Once you get back a message indicating the system is in a restricted state you can proceed.
===== Getting the Interesting Stuff =====
Next, enter ''GO LICPGM'' and select option 11, **Install Licensed Programs**. If you have the disk space, it is easiest to install everything and cull what you do not want later. On a single 4.2GB DASD this will consume around 70% of the available space. If you are light on disk space you can try a more minimal install, such as the one provided by Jack (mirrored below). The following CD load order should work for both. Your installation device is ''OPT01''. I do not allow automatic IPL since I want to install everything in one go, then install and apply PTFs separately.
The following CD load order works for me:
- B2924_02
- B2924_03
- L2924_01
- F2924_01 (PASE)
Once WRKLICPGM is satisfied it will exit and remind you that you are in restricted mode. Sometimes it will fail, you can check QSYSOPR's message queue to determine what failed and why. You will have to run through these steps again to fill in the gaps.
Once you are satisfied, re-IPL the system:
PWRDWNSYS *IMMED RESTART(*YES)
===== Post-Install Setup =====
=== Creating a user ===
You can add a user with the ''CRTUSRPRF'' command, changes to accounts can be made with ''WRKUSRPRF USRPRF()'' (or ''USRPRF(*ALL)'' if you're not sure who you want). Consider creating a library specifically for your profile and set the **Current Library** to that.
>I strongly recommend creating a library for each of your users and work using local copies of your source objects to keep the system tidy. This can be accomplished by using the ''WRKLIB'' (**Work with Libraries**) menu as user QSECOFR, creating a library for your user, and then specifying its name in the current library field when creating the user. At this point, the library can be added to your user’s **LIBL** (Library List) via the ''EDTLIBL'' command and it can be used as some kind of “home directory” for the user. To copy objects, make sure you are in the right authorization group and use the the Work with Libraries menu, option 12 (Work with Objects, aka ''WRKOBJ'').
It is recommended that your profile for daily tasks go in the ''*PGMR'' group, but this is just security best practice. If only you touch this machine feel free to put yourself in one of the ''*SEC...'' groups.
=== Disabling unwanted services/applications ===
You can (and probably should) disable SMTP and LPD, the rest are up to you:
CHGLPDA AUTOSTART(*NO)
CHGSMTPA AUTOSTART(*NO)
IME the other services (DHCP, HTTP, etc) are disabled by default on V4R4 but you can make sure by running ''CHGHTTPA AUTOSTART(*NO)'', ''CHGSNMPA AUTOSTART(*NO)'', etc.
**Some of this is not validated due to how I set up my 170 while writing this guide. The following commands are harmless if you want to do what they say they do, though. :>**
If you did not install Ultimedia or LDAP (Directory Services), remove the autostart jobs and associated files:
RMVPJE SBSD(QSYSWRK) PGM(QUMEDIA/QUMBPJTC)
RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBA)
RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBE)
Same for Performance Tools if you do not have that:
RMVAJE SBSD(QCTL) JOB(QPFRCOL)
=== Console Setup ===
By default you will have issues logging into the system over Telnet due to the **QAUTOVRT** system value. The following command will allow for unlimited terminals generated by network requests- if you are on a hostile network on the default ports you will want to limit this if you cannot change your listening port for some reason.
CHGSYSVAL SYSVAL(QAUTOVRT) VALUE(*NOMAX)
=== Various tunables ===
Allow object restore with all flags:
CHGSYSVAL SYSVAL(QALWOBJRST) VALUE(*ALL)
Enable encrypted passwords (mandatory for TCP connections):
CHGDDMTCPA PWDRQD(*ENCRYPTED)
Allow QSYSOPR to log in on all devices (local and network terminals):
CHGSYSVAL SYSVAL(QLMTSECOFR) VALUE('0')
Raise maximum and minimum allowable password lengths (10 is max on V4):
CHGSYSVAL SYSVAL(QPWDMAXLEN) VALUE(10)
CHGSYSVAL SYSVAL(QPWDMINLEN) VALUE(8)
Only install PTFs during unattended IPL and don't try to report problems to IBM:
CHGSRVA PTFINSTYP(*DLYALL) RPTPRBAUTO(*NO)
Allow ordinary users to compile in the background in PDM and generally submit batch jobs:
GRTOBJAUT OBJ(QGPL/QBATCH) OBJTYPE(*JOBD) USER(*PUBLIC) AUT(*USE)
Some others you may want to consider (check ''WRKSYSVAL''):
Allow users with Security Officer permissions to log in on any workstation (see [[https://www.ibm.com/docs/en/i/7.2?topic=values-limit-security-officer-qlmtsecofr|here]]):
CHGSYSVAL QLMTSECOFR VALUE('0')
Autoconfigure devices, printers, etc (should be default from install):
CHGSYSVAL QAUTOCFG VALUE('1')
Intermediate help:
CHGSYSVAL QASTLVL VALUE(*INTERMED)
Use QCTL instead of QBASE:
CHGSYSVAL QCTLSBSD VALUE(QCTL)
This one is pretty much completely arbitrary, but some people find QCTL to be organized a bit better than QBASE, a bit easier to understand. If you are planning to eventually create and tweak your own subsystems it is also much easier under QCTL.
===== Applying PTFs =====
TBD
===== Setting up TCP/IP =====
First, determine your ethernet adapter and its resource name:
WRKHDWRSC *CMN
2723 is 10Mb ethernet, 2838 is 10/100Mb ethernet. Create an ethernet line with the proper speed:
CRTLINETH LIND(ETHLINE) RSRCNAME(CMN02) LINESPEED(100M)
Next, vary on the line:
VRYCFG CFGOBJ(ETHLINE) CFGTYPE(*LIN) STATUS(*ON)
Then, ''CFGTCP'' at the command line, and **Work with TCP/IP Interfaces**. Fill out IP address, line description (''ethline''), and subnet mask. You'll then want to ''CFGTCP'' again, **Work with TCP/IP Routes**, and fill in your information.
* Route Destination: ''*DFTROUTE''
* Subnet Mask: ''*NONE''
* Next Hop: Gateway IP
Next up is DNS. Type ''CHGTCPDMN'' at the command line and hit F4. Configure for your environment and submit. From here you should be able to ''STRTCP''. Sometimes this doesn't work. If it doesn't, re-IPL and try again. If it still does not work, review your settings from the previous steps.
Configuring TCP/IP to autostart at IPL is as simple as:
grtobjaut obj(qsys/strtcp) objtype(*cmd) user(qpgmr) aut(*use)
chgjobd jobd(qsys/qtocstrtcp) jobq(qsys/qsysnomax)
addaje sbsd(qsys/qsyswrk) job(struptcpip) jobd(qsys/qtocstrtcp)
===== Appendix A: IPL to DST (and installing over an extant install) =====
**BE SURE TO BACK UP YOUR LICENSES (IF YOU HAVE ANY) BEFORE REINSTALLING OS/400!**
The easiest way to IPL to DST on hardware of this era is to set the IPL mode to ''D M'' on the front panel. You will need a CD or tape with ''I_BASE_01'' on it to act as the primary load source. Once the main menu loads you can select ''Work With Dedicated Service Tools''. The default login should be ''qsecofr/qsecofr''.
If you have already archived the data on all ASPs and wish to reinstall the OS or reconfigure the disk layout you will need to initialize and format the DASD (hard disks). On my 170 (bottom end CPU, ~1GB RAM) with 7x 4.2GB DASD this did not take long, maybe an hour at most. This will break the ASP (essentially a RAID disk) and leave you with a bunch of unconfigured DASD. If you are not presented with all of your DASD then you are in the OS DST, and thus not allowed to touch DASD in the active ASP, only unconfigured DASD. Make sure you are IPLing to ''D M''.
On a brand new ASP you can simply add all the DASD, there is no data to balance. If you accidentally installed a single disk ASP you can add disks to the ASP and balance data from DST, or this can also be done from the OS. It is recommended to keep ASPs balanced. Configuring parity, protection, etc is not currently in scope. I will add more about this later.
Regarding layout, I personally use six of my seven DASD as active in the ASP and leave one unconfigured as a cold spare. Most of what you will be storing (at least in all likelihood) are small text files, so you do not need a ton of space. If you only have 3 DASD consider using the third as a spare. Remember, these are meant to be reliable machines, so don't let a single DASD failure hose your ASP. :)
===== Appendix B: Why not V4R5? =====
If you can run V4R4, I would consider it more interesting than V4R5 or later because it is the last release to support Advanced/36, IBM's System/36 emulation layer; you can run SSP and OS/400 on the same hardware, V4R5 loses this capability and does not gain much of interest in exchange. You keep OfficeVision/400 though.
I will eventually have guides on setting up A/36 and OV/400.