AIX 7 1 AN12 Implementation and Administration Student

Business Data
Cloud Mobility
Intelligence Centre
Enterprise Computing Solutions
Student Manual
Dirección General de Formación
CONSEJERÍA DE EMPLEO,
TURISMO Y CULTURA
Comunidad de Madrid UNIÓN EUROPEA

FONDO SOCIAL EUROPEO
El Fondo Social Europeo invierte en tu futuro
EDUCATION
S E R V I C E S
V8.2
cover
IBM Training Front cover
.I. n
Student Notebook
.T ció
Power Systems for AIX II: AIX Implementation and
.
Administration
C
.F a
Course code AN12 ERC 3.0
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in
many jurisdictions worldwide:
AIX 5L™ AIX 6™ AIX®
.I. n
AS/400® DB2® Electronic Service Agent™
Everyplace® Express® HACMP™
.T ció
Informix® Language Environment® Notes®
Power Architecture® POWER Hypervisor™ Power Systems™
.
Power® PowerHA® PowerVM®
C
POWER6® POWER7® PureFlex™
.F a
System p® System Storage® Tivoli®
WebSphere®
C rm
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
to fo
both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or
both.
ec vo
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks
oy si
of Oracle and/or its affiliates.

VMware and the VMware "boxes" logo and design, Virtual SMP and VMotion are registered
trademarks or trademarks (the "Marks") of VMware, Inc. in the United States and/or other
u
jurisdictions.
cl
Other product and service names might be trademarks of IBM or other companies.
Ex
July 2013 edition

pr
The information contained in this document has not been submitted to any formal IBM test and is distributed on an “as is” basis without
any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer
responsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. While
each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will
result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.
© Copyright International Business Machines Corporation 2009, 2013.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
V8.2
Student Notebook
TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Course description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
.I. n
Unit 1. Introduction to IBM Power Systems, AIX, and system administration . . . . 1-1
.T ció
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
AIX overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Logical partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
.
Dynamic logical partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
C
Workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
.F a
Live Partition Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
POWER7 offerings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
C rm
Typical Power system layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
The HMC (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11
The HMC (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12
LPAR virtualization overview (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
to fo
LPAR virtualization overview (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Virtual I/O Server overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Virtualization example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18
Role of the system administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
ec vo
Who can perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21

How can we perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25
oy si
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26
Unit 2. AIX system management tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

u
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

UNIX system administration challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
cl
System management objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

AIX administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Ex
SMIT main menu (text based) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

Dialog screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Output screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
SMIT log and script files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
pr
IBM Systems Director Console for AIX (pconsole) . . . . . . . . . . . . . . . . . . . . . . . . 2-14

Console interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
Console applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
Console management view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19
System health (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21
System health (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22
© Copyright IBM Corp. 2009, 2013 Contents iii

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
System health (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-24

Classical SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-26
DCEM portlet (1 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-27
DCEM portlet (2 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-28
DCEM portlet (3 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-29
DCEM portlet (4 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-30
DCEM portlet (5 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-31
Console logging and tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32
.I. n
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-35
.T ció
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-36
Unit 3. System startup and shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1
.
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2
C
System startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3
.F a
Managed system activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5
Startup modes for AIX (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6
C rm
Startup modes for AIX (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7
AIX startup process overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8
AIX partition activation (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9
AIX partition activation (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10
to fo
The alog command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11
/etc/inittab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13
Run levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15
Directory and script control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17
ec vo
System Resource Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-18

Listing subsystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-19
SRC control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-20
AIX partition shutdown (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-21
oy si
AIX partition shutdown (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-23

Managed system shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-26
u
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-27
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-28
cl
Unit 4. AIX installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2
Ex
Installation methods for AIX 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3

AIX installation in a partition (DVD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-4
Installing AIX from DVD (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-5
Installing AIX from DVD (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-6
pr
Installation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7

Installation and Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-8
Method of installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-9
Installation disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-11
Set Primary Language Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-12
Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-13
Software install options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-15
iv AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013

V8.2
Student Notebook
TOC Install summary and installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16

Accept License Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17
AIX installation: Post steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
Installation Assistant and login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
AIX installation in a partition using NIM: NIM overview . . . . . . . . . . . . . . . . . . . . . 4-20
AIX installation in a partition using NIM: Configuration steps . . . . . . . . . . . . . . . . 4-22
Network boot (1 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
Network boot (2 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
.I. n
Network boot (3 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
Network boot (4 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
.T ció
Network boot (5 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
Network boot (6 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
Network boot (7 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
.
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
C
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
.F a
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32
C rm
Unit 5. AIX software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
AIX media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Software packaging definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
to fo
Software bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
AIX software levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
What is my AIX version? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
Software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
ec vo
Software repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12

Software states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
Software listing and versioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14
lslpp, filesets, and files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
oy si
Installing new software using SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16

Installing software using command line: Examples . . . . . . . . . . . . . . . . . . . . . . . . 5-17
Red Hat Package Manager filesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19
u
Applying patches to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21

Applying patches, apply, commit, reject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
cl
Listing fixes (APARs) installed on the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23

Interim fix management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24
Removing installed software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25
Ex
Recovering from broken or inconsistent states . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26

Service update management assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27
SUMA base configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28
SUMA task configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29
pr
SUMA command line execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30

Fix Central website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32
Fix Level Recommendation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-33
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-36
© Copyright IBM Corp. 2009, 2013 Contents v

Student Notebook
Unit 6. System configuration and devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2
Device terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-3
System components locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-5
Device addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-7
Physical location code examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-8
Virtual location codes example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-9
System configuration and device overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-11
.I. n
Device commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-12
prtconf (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-13
.T ció
prtconf (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-14
lscfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15
lsdev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16
.
lsslot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-18
C
lsattr and chdev commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-19
.F a
Device states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-20
/dev directory, device configuration, and control . . . . . . . . . . . . . . . . . . . . . . . . . .6-21
C rm
rendev command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-22
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-23
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-24
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-25
to fo
Unit 7. System storage overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2
Components of AIX storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-3
ec vo
Traditional UNIX disk storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4

Benefits of the LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
Logical Volume Manager components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6
Physical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-8
oy si
Volume groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-10

Volume group descriptor area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-12
Logical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-13
u
Uses of logical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-15

What is a file system? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-17
cl
Why have multiple file systems? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-19

Standard file systems in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-21
/etc/filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-23
Ex
Mount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-25
Mounting over an empty directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-26
Mounting over files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-27
Listing file systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-28
pr
Listing logical volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-29

Checkpoint (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30
Checkpoint (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-31
Checkpoint (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-32
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-33
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-34
vi AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013

V8.2
Student Notebook
TOC Unit 8. Working with the Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
SMIT Volume Groups menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
Adding a volume group to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Adding a scalable volume group to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6
Listing volume groups and VG attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Listing PVs in a VG and VG contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8
.I. n
Change a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Extend and reduce a VG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
.T ció
Remove a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13
Activate and Deactivate a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Import and Export a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15
.
Logical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
C
LVM and RAID support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17
.F a
LVM options which affect performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
Mirroring (RAID1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19
C rm
Mirroring, allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20
Striping (RAID 0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21
Striping and mirroring (RAID 10 or 1+0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23
Mirror pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24
to fo
Logical volume placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26
Mirroring scheduling policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-28
Mirror write consistency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-30
SMIT Logical Volumes menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32
ec vo
Add a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33

Show LV characteristics (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34
Show LV characteristics (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-35
Reorganize logical volumes in a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36
oy si
Add Copies to a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37

Increase the Size of a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-38
Remove a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39
u
List all logical volumes by volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40

Mirroring volume groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-41
cl
Physical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-42

SMIT Physical Volumes menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-43
List physical volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-44
Ex
List logical volumes on a physical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-45

List a physical volume partition map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-46
Add or move contents of physical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-47
Documenting the disk storage setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-48
pr
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-49
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-50
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-51
Unit 9. File systems administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Journaled file system support in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
© Copyright IBM Corp. 2009, 2013 Contents vii

Student Notebook
Advantages of enhanced JFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-4

JFS2 structural components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-5
Listing i-node and block size information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-7
Creating a JFS2 file system (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-8
Creating a JFS2 file system (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-9
Mounting a file system and the /etc/filesystems file . . . . . . . . . . . . . . . . . . . . . . . .9-10
JFS2 logging options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-11
Creating a file system on a previously defined logical volume . . . . . . . . . . . . . . . .9-12
.I. n
Changing the size of a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-13
Removing a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-14
.T ció
File system space management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-15
Listing file system utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-16
Monitoring file system growth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-17
.
Listing disk usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-18
C
Control growing files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-20
.F a
The skulker command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-22
Block size considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-23
C rm
Fragmentation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-25
Verify and repair a file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-26
Documenting file system setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-27
System storage review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-28
to fo
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-29
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-30
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-31
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-32
ec vo
Unit 10. Paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2
What is paging space? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-3
oy si
Paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-5

Sizing paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-7
Paging space thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-8
u
Checking paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-11

Paging space placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-12
cl
Adding paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-14

Change paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-15
Removing paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-17
Ex
Problems with paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-18

Documenting paging space setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-19
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-20
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-21
pr
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-22
Unit 11. Backup and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-2
Backup introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-3
System image backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-5
Creating a mksysb image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-7
viii AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
V8.2
Student Notebook
TOC image.data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9

bosinst.data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11
mksysb tape image format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13
Restoring a mksysb: From tape device (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15
Restoring a mksysb: From tape device (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16
Restoring a mksysb: From a NIM server (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . 11-18
Restoring a mksysb: From NIM server (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-19
Creating a backup of a data volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-20
.I. n
Restoring a backup of a data volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21
Traditional UNIX and AIX backup commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-23
.T ció
Backup by filename and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24
Backup and restore by inode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-25
tar command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26
.
cpio command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27
C
pax command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-28
.F a
dd command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29
Compression commands (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30
C rm
Compression commands (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-31
Good practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-32
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-35
to fo
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36
Unit 12. Security and user administration: Part one . . . . . . . . . . . . . . . . . . . . . . . . 12-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
ec vo
12.1. Security and user concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

Security and user concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4
User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Controlling access to the root account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
oy si
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7
System defined groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9
Role based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-11
u
File/directory permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13

Reading permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15
cl
Changing permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16

umask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-18
Changing ownerships and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-20
Ex
Security policy and setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21

Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-22
12.2. User and group administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-23
User and group administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-24
pr
Security files and security commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25

Validating the user environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-26
chsec, lssec, and stanza format security files . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-28
User and group administration hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-30
Security & Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-31
SMIT users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-33
Listing users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-34
© Copyright IBM Corp. 2009, 2013 Contents ix

Student Notebook
Add or change a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-35

Assign a password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-36
Regaining root’s password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-38
/etc/passwd file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-39
/etc/security/passwd file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-41
SMIT groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-43
Listing groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-44
Add or change a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-45
.I. n
Group files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-47
Remove a user or group from the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-48
.T ció
Files owned by removed user or group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-49
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-50
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-51
.
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-52
C
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-53
.F a
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-54
C rm
Unit 13. Security and user administration: Part two. . . . . . . . . . . . . . . . . . . . . . . . .13-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2
13.1. Additional user administration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-3
Additional user administration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-4
to fo
Console login sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-5
Login related attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7
Security logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-9
User environment setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-11
ec vo
Customizing default user setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-12

Message of the day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-14
Blocked user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-15
Prevent vulnerable passwords (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-16
oy si

Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-21
u
13.2. Basics of enhanced RBAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-23

Basics of enhanced RBAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-24
cl
RBAC overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-25

RBAC defined roles and authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-26
RBAC (basic) implementation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-29
Ex
RBAC example (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-30

RBAC example (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-31
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-32
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-33
pr
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-35
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-36
Unit 14. Scheduling and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-2
The cron daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-3
x AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013

V8.2
Student Notebook
TOC crontab files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5

Format of a crontab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6
Editing a crontab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8
The at and batch commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-10
Controlling at jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12
Documenting scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13
System clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14
Setting date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15
.I. n
Time zone variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16
Time zone formats in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-18
.T ció
Setting POSIX time zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19
POSIX time zone variable breakdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-20
Setting Olson time zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-22
.
Configuring NTP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-23
C
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-25
.F a
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-26
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-27
C rm
Unit 15. TCP/IP networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2
What is TCP/IP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3
to fo
TCP/IP layering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5
LAN and broadcast domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Ethernet adapters and interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-8
Virtual LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10
ec vo
Trunk ports and 802.1Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11

VLAN aware hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12
AIX VLAN tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13
IP and subnet addressing (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-14
oy si
IP and subnet addressing (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15

Subnetting example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-16
Supernetting example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-17
u
How is TCP/IP configured on AIX? (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-18

How is TCP/IP configured on AIX? (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19
cl
Command line TCP/IP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-20

Verifying network interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-21
Name resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-22
Ex
Routing implementation (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-24

Routing implementation (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-26
Multipath routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-27
IP aliasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-28
pr
Testing for remote connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-29

Ports and sockets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-31
inetd daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-32
TCP/IP start-up flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-33
Remote UNIX commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-34
Transferring files over a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-35
Network file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-36
© Copyright IBM Corp. 2009, 2013 Contents xi

Student Notebook
NFS server configuration (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-37

NFS server configuration (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-39
Manual NFS client mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-41
Predefined NFS client mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-42
Virtual Network Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-44
VNC configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-45
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-46
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-47
.I. n
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-48
.T ció
Unit 16. Introduction to workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-2
Workload partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-3
.
Comparing WPARs to LPARs for consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . .16-5
C
Default WPAR network configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-7
.F a
WPAR resource control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-8
System versus application WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-10
C rm
System WPAR process space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-12
System WPAR file systems space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-13
System WPAR storage and device access . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-15
Types of system WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-16
to fo
Versioned WPAR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-18
Basic system WPAR commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-19
Application WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-20
Workload Partition Manager overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-21
ec vo
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-22
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-23
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-24
oy si
Appendix A. Printers and queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Appendix B. Checkpoint solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1

u
cl
Ex
pr
xii AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
V8.2
Student Notebook
TMK Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide.
.I. n
The following are trademarks of International Business Machines Corporation, registered in
many jurisdictions worldwide:
.T ció
AIX 5L™ AIX 6™ AIX®
AS/400® DB2® Electronic Service Agent™
.
Everyplace® Express® HACMP™
C
.F a
Informix® Language Environment® Notes®
Power Architecture® POWER Hypervisor™ Power Systems™
C rm
Power® PowerHA® PowerVM®
POWER6® POWER7® PureFlex™
System p® System Storage® Tivoli®
WebSphere®
to fo
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
ec vo
both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or
both.
oy si
UNIX is a registered trademark of The Open Group in the United States and other
countries.
u
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks
of Oracle and/or its affiliates.
cl
VMware and the VMware "boxes" logo and design, Virtual SMP and VMotion are registered
trademarks or trademarks (the "Marks") of VMware, Inc. in the United States and/or other
Ex
jurisdictions.
Other product and service names might be trademarks of IBM or other companies.
pr
© Copyright IBM Corp. 2009, 2013 Trademarks xiii

Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
xiv AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
V8.2
Student Notebook
pref Course description

Power Systems for AIX II: AIX Implementation and Administration
Duration: 5 days
.I. n
Purpose
.T ció
Students will learn to install, customize, and administer the AIX
operating system in a multiuser POWER (System p) partitioned
environment. The course is based on AIX 7.1 running on a POWER7
.
system managed by Hardware Management Console version 7 and
C
provides practical discussions that are appropriate to earlier AIX
.F a
releases.
C rm
Audience
This intermediate course is intended for system administrators or
anyone implementing and managing an AIX operating system in a
to fo
multiuser POWER (System p) partitioned environment.
Prerequisites
ec vo
The students attending this course should already be able to:

• Log in to an AIX system and set a user password
• Execute basic AIX commands
oy si
• Manage files and directories

• Use the vi editor
u
• Use redirection, pipes, and tees

cl
• Use the utilities find and grep

• Use the command and variable substitution
Ex
• Set and change Korn shell variables

• Write simple shell scripts
• Use a graphic Common Desktop Environment (CDE) interface
pr
These skills can be acquired by attending AIX Basics (AN10) or

through equivalent AIX or UNIX knowledge. Also, it would be helpful
(but not mandatory) if students were familiar with partitioning concepts
and technology taught in Power Systems for AIX I: LPAR
Configuration and Planning (AN11).
© Copyright IBM Corp. 2009, 2013 Course description xv

Student Notebook
Objectives
On completion of this course, students should be able to:
• Install the AIX operating system, filesets, and RedHat Package
Manager (RPM) packages
• Perform system startup and shutdown
• Discuss and use system management tools such as System
.I. n
Management Interface Tool (SMIT) and IBM systems director
console for AIX
.T ció
• Manage physical and logical devices
• Discuss the purpose of the logical volume manager
• Perform logical volume and file system management
.
• Create and manage user and group accounts
C
• Perform and restore system backups
.F a
• Utilize administrative subsystems, including cron to schedule
system tasks, and security to implement customized access of files
C rm
and directories
• Configure TCP/IP networking
• Define and run basic Workload Partitions (WPAR)
to fo
Contents
• Introduction to IBM POWER p systems, AIX, and system
administration
ec vo
• AIX System Management Tools

• System startup and shutdown
• AIX installation
oy si
• AIX software installation and maintenance

• System configuration and devices
• System storage overview
u
• Working with the Logical Volume Manager

• File system administration
cl
• Paging space
• Backup and restore
Ex
• Security and user administration

• Time and scheduling
• TCP/IP networking
• Workload Partitions
pr
Curriculum relationship
This course should follow the AIX Basics course. A basic
understanding of hardware, the AIX environment, and simple
commands is recommended before taking this course.
xvi AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
V8.2
Student Notebook
pref Agenda
Day 1
Welcome
Unit 1: Introduction to IBM Power Systems, AIX, and system
administration
.I. n
Exercise 1
Unit 2: AIX system management tools
.T ció
Exercise 2
Unit 3: System startup and shutdown
.
Exercise 3
C
Unit 4: AIX installation
.F a
Exercise 4
C rm
Day 2
Unit 5: AIX software installation and maintenance
Exercise 5
to fo
Unit 6: System configuration and devices
Exercise 6
Unit 7: System storage overview
Exercise 7
ec vo
Unit 8: Working with the Logical Volume Manager

Exercise 8
Day 3
oy si
Unit 9: File systems administration

Exercise 9
u
Unit 10: Paging space

Exercise 10
cl
Unit 11: Backup and restore

Exercise 11
Ex
Day 4
Unit 12: Security and user administration: Part one
pr
Exercise 12
Unit 13: Security and user administration: Part two
Exercise 13
Unit 14: Scheduling and time
Exercise 14
Unit 15: TCP/IP networking
© Copyright IBM Corp. 2009, 2013 Agenda xvii

Student Notebook
Day 5
Unit 15: TCP/IP networking (continued)
Exercise 15
Unit 16: Introduction to workload partitions
Exercise 16
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
xviii AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
V8.2
Student Notebook
Uempty Unit 1. Introduction to IBM Power Systems, AIX,

and system administration
What this unit is about

This unit provides an introduction to IBM Power Systems, AIX and
.I. n
system administration.
.T ció
What you should be able to do
.
After completing this unit, you should be able to:
C
.F a
• Define terminology and concepts of IBM Power System servers,
virtualization, HMC, and AIX
C rm
• Describe the roles of the system administrator
• Obtain root access with the su command
to fo
How you will check your progress
• Checkpoint questions
• Machine exercises
ec vo
References
oy si
Online AIX 7.1 Information

PSO03004-USEN-05
u
AIX “From Strength to Strength”

Note: References listed as “Online” are available at the following address:
cl
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-1
Student Notebook
Unit objectives
IBM Power Systems

• Define terminology and concepts of IBM Power System
.I. n
servers, virtualization, HMC, and AIX
.T ció
.
C
.F a
C rm
to fo
ec vo
© Copyright IBM Corporation 2009, 2013. All Rights Reserved.

US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp
Figure 1-1. Unit objectives AN123.0
Notes:
oy si
u
cl
Ex
pr
1-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
V8.2
Student Notebook
Uempty
AIX overview
IBM Power Systems
• IBM’s proprietary operating system based on UNIX System V.

– Also has BSD compatible commands and programming interface extensions
.I. n
• Advanced Interactive Executive (AIX) runs on proprietary hardware
(H/W) called IBM Power Systems.
.T ció
– Seventh generation of Power, based on Reduced Instruction Set Computer
(RISC) technology
.
• Most Power Systems today run many instances of AIX in partitions
C
known as logical partitions (LPAR).
.F a
– This is H/W partitioning managed by the system firmware, Power Hypervisor
C rm
LPAR:
to fo AIX1
LPAR:
AIX2
LPAR:
AIX3
ec vo

Figure 1-2. AIX overview AN123.0
Notes:
oy si
Advanced Interactive Executive (AIX) is IBM's proprietary UNIX OS based on UNIX

System V with 4.3BSD-compatible command and programming interface extensions.
u
Announcement Letter Number 286-004 dated January 21, 1986:

cl
• “The AIX Operating System is based on INTERACTIVE Systems Corporation's IN/ix,

which, in turn, is based on UNIX System V, as licensed by AT&T Bell Laboratories.
Ex
Some portions of the modifications and enhancements were developed by IBM; others
were developed by INTERACTIVE under contract to IBM.”
pr
Student Notebook
Logical partition overview

IBM Power Systems
• An LPAR is the allocation of system resources to create logically

separate systems within the same physical footprint.
• The resource allocation and isolation for a logical partition is
.I. n
implemented in firmware called Power Hypervisor.
– Provides configuration flexibility
.T ció
• Each partition has its own:
– Operating system
.
– Resources: Processors, memory, devices (defined in a profile)
C
.F a
• Partitions can consist of physical (real) or virtual devices
– Or a combination of both
C rm
sys1 sys2 sys3 sys4
04:42 14:42 11:42 19:42
to fo
LPAR 1 LPAR 2 LPAR 3 LPAR 4
Power Hypervisor
System Hardware (memory, processors, devices)
ec vo

Figure 1-3. Logical partition overview AN123.0
Notes:
oy si
Logical partition (LPAR)

u
Logical partitioning is the ability to make a single system run as if it were two or more
systems. Each partition represents a division of resources in the Power System. The
cl
partitions are logical because the division of resources is logical and not along physical
boundaries.
Ex
Hypervisor Partitions are isolated from each other by firmware (underlying software)
called the POWER Hypervisor. The names POWER Hypervisor and Hypervisor will be
used interchangeably in this course.
Each partition has its own environment, for example – IP address or time of day, just as
pr
any AIX instance.
V8.2
Student Notebook
Uempty
Dynamic logical partitioning

IBM Power Systems
• DLPAR is the ability to add, remove, and move resources

without reactivation of a partition.
.I. n
– Processor, memory, and I/O allocation changes
• Processors and memory quantities are bound by the
.T ció
minimum and maximum profile settings.
• Applications can be DLPAR-aware.
.
C
.F a
Before After
C rm
LPAR 1 LPAR 1
DLPAR operation: (running) (running)
- Add 2.0 CPU
-Remove 4 Gb Mem 2.0 CPU 4.0 CPU
-Move the DVD slot to LPAR 2 16 Gb Mem 12 Gb Mem
to fo
ec vo

Figure 1-4. Dynamic logical partitioning AN123.0
Notes:
oy si
Dynamic Logical partitioning (DLPAR)

The term Dynamic in DLPAR means we can add, move, or remove resources without
u
having to reactivate the partition. If there are partitions that need more or can do with
fewer resources, you can dynamically move the resources between partitions within the
cl
managed system without shutting down the partitions. Both the source and the
destination partitions must support the dynamic partitioning operation.
Ex
Processors and memory

Each running LPAR has an active profile which contains the resources that LPAR is
entitled to. For processor and memory settings, there is a maximum and a minimum
range. These boundaries cannot be exceeded when performing dynamic reallocation
pr
operations.
Applications
Some applications and utilities may not be DLPAR-aware. If they bind to a processor or
pin memory, then you may need to stop these processes before you are able to perform
the DLPAR operation. IBM provides an Application Programming Interface (API) for
third party program DLPAR support on AIX 5L, AIX 6 and AIX 7.
Student Notebook
Workload partitions
IBM Power Systems
• Software (S/W) partitioning is managed by AIX.

– This has been available since AIX 6.1.
.I. n
• Many AIX OS images can reside within a master global AIX image.
• Live Application Mobility allows WPAR relocation to another box or
.T ció
LPAR.
• WPARs provide automatic workload balancing.
.
• WPAR technology is not H/W dependent.
C
.F a
– Support is available on servers from POWER4 through POWER7.
C rm
AIX1
AIX2 1.
WPAR2 2.
AIX3
WPAR1
WPAR4
to fo
WPAR5
WPAR3
WPAR6 WPAR mgr
ec vo

Figure 1-5. Workload partitions AN123.0
Notes:
oy si
Workload partitions (WPAR) are virtualized, secure operating system environments, within
a single instance of the AIX operating system. Live Application Mobility is a capability of
u
WPAR technology which allows partitions to move between systems with limited
application downtime (for example, 20 seconds).
cl
Ex
pr
V8.2
Student Notebook
Uempty
Live Partition Mobility

IBM Power Systems
• Live Partition Mobility allows running AIX partitions to be migrated from

one physical server to another without downtime.
– For POWER6 and later, LPARs must not contain any physical devices
.I. n
.T ció
No
LPAR:
LPAR:
Downtime
AIX1
AIX1
.
C
• Partition mobility provides systems management flexibility and is
.F a
designed to improve system availability.
– Can help avoid planned outages for hardware or firmware maintenance
C rm
– Can help avoid unplanned downtime
• If a server indicates a potential failure, you can move its partitions to another server
before the failure occurs.
to fo
– Enables optimized resource use by moving workloads from server to server
ec vo

Figure 1-6. Live Partition Mobility AN123.0
Notes:
oy si
Live Partition Mobility is a new capability that enables users to move partitions between
systems with no application downtime. Live Partition Mobility enables organizations to
u
move LPARs from CPU intensive servers to improve overall throughput based on
requirements at a particular time. This also allows us to use a maintenance window on a
cl
physical machine without the need for any application downtime. The only interruption of
service would be due to network latency. If sufficient bandwidth was available, a delay of at
Ex
most, a few seconds, could typically be expected.

pr
Student Notebook
POWER7 offerings
IBM Power Systems
.I. n
p460
.T ció
p260+ Power 795
Power 780
.
Flex System Power 770
C
PureFlex System
.F a
Power 760
Power 750
C rm
PS Blades
Power 740
Power 730
to fo
Power 720
POWER7+
Power 710 32 nm
ec vo

Figure 1-7. POWER7 offerings AN123.0
Notes:
oy si
IBM often introduces new models and updates the current range of servers on a frequent
basis. Here is a summary of the model differences.
u
IBM PureFlex System with POWER7:

cl
Flex System 260 16 cores, 512 GB, 2 drives

Flex System 460 double-wide, 32 cores, 1TB, 2 drives
Ex
Blades:
PS700 - 4 cores, 64 GB, 2 drives
PS701 - 8 cores, 128 GB, 1 drive
pr
PS702 - double-wide, 16 cores, 256 GB, 2 drives

PS703 - 16 cores, 256 GB, no drives
PS704 - double-wide, 32 cores, up to 512 GB, 2 drives
In the following models, unless stated otherwise, there are 4, 6, or 8 cores per socket.
V8.2
Student Notebook
Uempty Models without ability to connect to I/O expansion drawers:

Power 710 Express - 1 socket, 8 to 256 GB, 6 drives
Power 730 Express- 2 sockets, 8 to 512 GB, 6 drives
Models with I/O expansion abilities:
Power 720 - 1 socket, 8 to 512 GB, 6 or 8 drives
.I. n
Power 740 - 2 sockets, 8 to 1024 GB, 6 or 8 drives
Power 750 - 6 or 8 cores per socket, 4 sockets, 1 TB, 8 drives
.T ció
High Performance Computing:
Power 760 - similar to Power 750, 2 TB
.
Multi-enclosure models (1 though 4 enclosures)
C
.F a
Power 770 - 6 or 8 cores per socket, 2 sockets per enclosure, up to 4 TB
C rm
Power 780 - similar to 770, faster cores, up to 4 TB, 24x7 maintenance, PowerCare
support
Large enterprise server:
Power 795 - up to 256 cores, up to 16 TB, supports up to 32 I/O drawers
to fo
For further details see the Power Systems facts and features guide:
http://www-03.ibm.com/systems/power/hardware/reports/factsfeatures.html
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Typical Power system layout

IBM Power Systems
• LPAR configuration and control is completed through the Hardware

Management Console (HMC).
• The HMC connects to the service processors and the LPARs.
.I. n
– A private network usually connects HMC and service processors.
.T ció
Private Service
Managed
.
Processors
network system
C
Secondary HMC
.F a
‘Backup’ LPAR 1
C rm
LPAR 2
Primary HMC Public/open SAN
network LPAR 3
LPAR 4
to fo
NIM Server Images
ec vo

Figure 1-8. Typical Power system layout AN123.0
Notes:
oy si
The diagram above shows a typical example of a Power server set-up configuration. The
server is split into a number of Logical Partitions (LPARs) running AIX. A Network
u
Installation Manager (NIM) server is highly preferable to install and update the AIX LPARs
over the network. There can be a maximum of 2 HMCs connected to each system and
cl
each system has two dedicated Ethernet ports reserved for this. It is recommended that the
HMC to Service Processor communication occurs through a private network reserved for
Ex
that purpose. The HMC also must have open network connectively to the LPARs if such
features as Connection Monitoring and Dynamic LPAR operations are to be achieved.
It is also preferable to have a second HMC connected for availability purposes.
pr
Note: A failure of the HMC does not interfere in any way with the running managed system.
The service processor is a separate, independent processor that provides hardware
initialization during system load, monitoring of environmental and error events, and
maintenance support.
V8.2
Student Notebook
Uempty
The HMC (1 of 2)
IBM Power Systems
• An appliance for the management of POWER-processor

based servers
– IBM provided Intel based server (desktop or rack mount) running a
.I. n
web-based application on a customized version of Linux
.T ció
• Access through https (GUI) and SSH (command line)
.
C
.F a
C rm
• Acts as a focal point for collecting and servicing managed
to fo
system serviceable events
– Can be configured to call home to IBM for parts and service
ec vo

Figure 1-9. The HMC (1 of 2) AN123.0
Notes:
oy si
The HMC is an Intel based server which runs a customized version of Linux (SuSE). Its
main purpose is to configure and control up to 48 managed systems.
u
The HMC also collects diagnostic and error information from the LPARs and Managed
cl
System and logs them as Serviceable events. If configured, the HMC can send these
reports to IBM through the Electronic Service Agent (ESA).
Ex
Note: On entry level machines such as the Power 520 or the Power 720, if the system is to
be used as a non-partitioned system an HMC is not required. An HMC is mandatory for
Power 570 and above (for POWER6) or in Power 770 and above (for POWER7).
Power 550s and below (for POWER6) or Power 740s and below (for POWER7) can use
pr
Integrated Virtualization Manager (IVM) to create and control the managed system. IVM is
available through the VIOS code.
Student Notebook
The HMC (2 of 2)
IBM Power Systems
Managed
Systems
.I. n
.T ció
.
C
.F a
C rm
LPARs Proc &
running MEM
AIX resources
Navigation
area
Task
to fo
Pad
ec vo

Figure 1-10. The HMC (2 of 2) AN123.0
Notes:
oy si
The diagram above shows the main view of a managed system – sys034. Operations such
as create, stop, shutdown LPAR can be performed from the Tasks pad or bar, or by
u
selecting the LPAR itself. The view is highly customizable.

cl
The navigation area offers the main features of the HMC, such as:
• Systems plans for producing or deploying system configuration plans done during
Ex
design
• HMC Management for configuring the HMC, users, roles, network setting, and other
HMC characteristics
• Updates, for updating the HMC and Managed System firmware
pr
This view was taken from an HMC running v7.3.3.1. Pre v7 HMCs ran WSM which was a
much different interface based on Java.
V8.2
Student Notebook
Uempty
LPAR virtualization overview (1 of 2)

IBM Power Systems
• An AIX client partition can:

– Be virtual, have no real devices
.I. n
– Use fractions of CPUs (micro-partitioning)
• Virtualizing LPARs has many advantages:
.T ció
– Flexibility in allocating resources
– More efficient use of system resources through sharing
.
– Consolidation (hardware, floor space, merge production, and test
C
.F a
environments)
– Relocating partitions using Live Partition Mobility
C rm
• A key component of virtualization is the Virtual I/O Server
(VIOS).
– Implemented as special customized version of AIX
to fo
– It is not AIX. It is PowerVM software!
– Requires, at minimum, a PowerVM standard license
• Included on some high-end systems
ec vo

Figure 1-11. LPAR virtualization overview (1 of 2) AN123.0
Notes:
oy si
Virtualizing LPARs
u
The main benefits of virtualized I/O are as follows:

• Partitions can be created without requiring additional physical I/O resources. The new
cl
partitions can be configured to use virtualized I/O resources, which allows them to be
configured in a timely manner, since no physical reconfiguration of the system, that is,
Ex
moving adapter cards and cables, is required.

• Virtualized I/O allows an economical I/O model, since it allows multiple partitions to
share common resources. For example, multiple partitions can share a single physical
adapter. Without virtualized I/O, each partition would require its own adapter, even if the
pr
full capacity of the adapter was not being utilized.

• The use of virtualized I/O facilitates server consolidation. It permits multiple client
partitions to reside on a single machine, and make efficient use of shared resources.
Student Notebook
Virtual I/O Server (VIOS)

The IBM Virtual I/O Server software enables the creation of partitions that use the I/O
resources of another partition. In this way, it helps to maximize the utilization of physical
resources on POWER5 and POWER6 systems. Partitions can have dedicated I/O,
virtual I/O, or both. Physical resources are assigned to the Virtual I/O Server partition in
the same way physical resources are assigned to other partitions. The virtual I/O server
then provides access to these physical resources from the virtual client LPARs.
.I. n
Virtual I/O Server is a separate software product, and is included as part of the standard
.T ció
PowerVM feature. It supports AIX Versions 5.3, 6.1, 7.1,and Linux partitions as virtual
I/O clients.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
LPAR virtualization overview (2 of 2)

IBM Power Systems
• The two key functions of virtualization are:

– Virtual Ethernet is a standard feature of POWER5 and later.
.I. n
• AIX can have up to 256 virtual adapters per LPAR.
• Does not require a VIOS, unless a bridged connection to the outside
.T ció
world is required.
– Virtual SCSI is way of providing virtual disks to clients.
.
• The backend storage can be internal disk (SCSI or SAS) or SAN
C
.F a
storage.
• This is a feature of the VIOS.
C rm
to fo
Note: There are many other virtualization features which are covered in more
depth in the LPAR and virtualization curriculum and roadmap.
ec vo

Figure 1-12. LPAR virtualization overview (2 of 2) AN123.0
Notes:
oy si
Virtual Ethernet Introduction

u
Virtual Ethernet adapters enable inter-partition communication without the need for
physical network adapters assigned to each partition. It can be used in both shared and
cl
dedicated POWER5 or later processor partitions provided the partition is running AIX
V5.3, AIX V6.1, AIX V7.1, or Linux. This technology enables IP-based communication
between logical partitions on the same system using a VLAN Ethernet switch (POWER
Ex
Hypervisor) in POWER5 and later processor-based managed systems.

The number of partitions possible on many systems is greater than the number of I/O
slots. Therefore, virtual Ethernet is a convenient and cost saving option to enable
pr
partitions within a single system to communicate with one another through a virtual
Ethernet LAN. The virtual Ethernet interfaces may be configured with both IPv4 and
IPv6 protocols.
Student Notebook
Virtual SCSI Introduction

The Virtual I/O server supports exporting disks as virtual devices. The Virtual I/O server
supports the exporting of three types of virtual SCSI disks: virtual SCSI disk backed by
a whole physical volume, virtual SCSI disk backed by a logical volume, and virtual SCSI
disk backed by a file. Regardless of whether the virtual SCSI disk is backed by a whole
physical disk, a logical volume, or a file, all standard SCSI conventional rules apply to
the device. The device will behave as a standard SCSI compliant device. The logical
.I. n
volumes and files appear as real devices, hdisks, in the client partitions and can be
used as a boot device. Once a virtual disk is assigned to a client partition, the Virtual I/O
.T ció
Server must be available before the client partitions are able to access it.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Virtual I/O Server overview

IBM Power Systems
• The VIOS partition is allocated physical I/O slots containing real

adapters.
– These are used for the virtual adapters (SCSI or Ethernet) to share amongst
.I. n
the client partitions.
.T ció
.
C
.F a
C rm
to fo
ec vo

Figure 1-13. Virtual I/O Server overview AN123.0
Notes:
oy si
Virtual I/O Server (VIOS) description

u
VIOS provides virtual storage and shared Ethernet capability to client logical partitions
on the system. It allows physical adapters with attached disks and optical devices on
cl
the VIOS to be shared by one or more client partitions.

VIOS partitions are not intended to run applications or to have general user logins.
Ex
VIOS is installed in its own partition. Using VIOS facilitates the following functions:
• Sharing of physical resources between partitions on the system
• Creation of partitions without requiring additional physical I/O resources
pr
• Creation of more partitions than I/O slots or physical devices, by allowing partitions to
have dedicated I/O, virtual I/O, or both
• Maximization of physical resource utilization on the system
Student Notebook
Virtualization example
IBM Power Systems
AIX Virtual I/O Server

LPAR LPAR
.I. n
Physical
.T ció
Virtual Virtual Physical network
Ethernet Virtual Ethernet SEA Ethernet
ent0 Ethernet ent1 Layer 2 ent0
Switch Bridge
Virtual ent2
.
Ethernet
C
ent1
Hypervisor
.F a
Virtual
Virtual Physical
Client Device
C rm
vSCSI Server Storage
Adapter Adapter Mapping
vtscsi0 Adapter
vhost0 fcs0
to fo
SCSI, SAS, FC physical disks
or logical volumes
ec vo

Figure 1-14. Virtualization example AN123.0
Notes:
oy si
VLAN
u
A Virtual Local Area Network (VLAN) enables an Ethernet switch to create sub-groups
within a single physical network where the members of different subgroups are isolated
cl
from each other.

Virtual Ethernet
Ex
There are two main features of virtual Ethernet. One is the inter-partition virtual switch
to provide support for connecting up to 4096 LANs. LAN IDs are used to configure
virtual Ethernet LANs and all partitions using a particular LAN ID can communicate with
each other. The other feature is a function called Shared Ethernet Adapter that bridges
pr
networks together without using TCP/IP routing. This function enables the partition to
appear to be connected directly to an external network. The main benefit of using this
feature is that each partition need not have its own physical network adapter.
V8.2
Student Notebook
Uempty Virtual SCSI adapters

Virtual SCSI adapters provide the ability for a client partitions to see SCSI disks which
are actually SCSI, SAS, SAN disks, or logical volumes inside the VIOS.
Virtual FC adapters
While not shown in the visual, it is also possible to define virtual Fibre Channel (FC)
adapters. These allow the client LPAR to access the SAN through a physical FC in the
.I. n
Virtual I/O Server. The Client LPAR virtual FC has its own unique port number (WWPN)
to which the SAN can zone LUNs.
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Role of the system administrator

IBM Power Systems
• Pre-installation planning of:

– Partitions
– User accounts/groups
.I. n
– Storage allocation/paging space
– Subsystems (printing, networks, and so forth)
.T ció
– Standard naming conventions
– Determine system policies
.
– Install and configure hardware Maintain application /
C
• Network configuration system uptime!
.F a
• System backups and disaster recovery
• Create/manage user accounts
C rm
• Define and manage subsystems
• Manage system resources (for example, disk space)
• Performance monitoring
to fo
• Capacity planning
• Application license management
• Documentation - system configuration, and keep it current!
ec vo

Figure 1-15. Role of the system administrator AN123.0
Notes:
oy si
Overview
u
There are a number of distinct tasks which the system administrator on a UNIX or AIX
system must perform. Often there is more than one system administrator in a large
cl
organization and the tasks can be divided between the different administrators.
Ex
pr
V8.2
Student Notebook
Uempty
Who can perform administration tasks?

IBM Power Systems
• The root user

– Exercise caution when logging in directly as root, especially
remotely.
.I. n
– Keep the root password secure.
.T ció
• Members of special groups or RBAC roles
• The su command enables you to obtain access to root user
.
C
.F a
$ id; pwd $ id; pwd
uid=251(alex) gid=1(staff) uid=251(alex) gid=1(staff)
C rm
/home/alex /home/alex
$ su root $ su - root
root's Password: or root's Password:
# id; pwd
# id; pwd
uid=0(root) gid=0(system) uid=0(root) gid=0(system)
to fo
/home/alex /
# set |grep USER # set |grep USER
USER=alex USER=root
ec vo

Figure 1-16. Who can perform administration tasks? AN123.0
Notes:
oy si
Limiting access to administrative tasks

u
AIX security permissions restrict the performance of administrative tasks to the root
user, and sometimes to other users in special groups. For example, system for general
cl
tasks, security for user administration, printq for AIX Print Subsystem printer
management, and lp for System V Print Subsystem printer management. This means
that the root user's password must be kept secure and only divulged to the few users
Ex
who are responsible for the system. AIX6 has a new feature called Role Based Access
Control (RBAC). This allows OS management tasks to be assigned to roles and then
assigned to users. RBAC is a large security topic and hence will be covered in detail in
the AIX Security course (AN57).
pr
A certain amount of discipline is also required when using the root ID, because typing
errors made as root could do catastrophic system damage. For normal use of the
system, a non-administrative user ID should be used. The superuser (root) privilege
should only be used when that authority is necessary to complete a system
administration task.
Student Notebook
Obtaining root privileges

To obtain superuser or root privileges while logged in as a normal user, you can use the
su command. This prompts you for root's password and then gives you a subshell with
root privileges so that you can perform commands. When you have performed the
required tasks, you should exit from the su subshell. For example, use <ctrl-d> or the
exit command. This prevents accidents which could damage the system.
The su command allows you to assume the permissions of any user whose password
.I. n
you know.
.T ció
Every time the su command is used, an entry is placed in the file /vary/adm/sulog,
this is an ASCII text file. This makes it easy to record access as the superuser. Normal
logins are recorded in the file /vary/adm/wtmp. To read the contents of this file use
.
the command: who /vary/adm/wtmp.
C
.F a
The su command can also be specified with the - (dash) option. The dash (-) specifies
that the process environment is to be set as if the user had logged into the system using
C rm
the login command. Nothing in the current environment is propagated to the new shell.
For example, using the su command without the dash (-) option, allows you to have all
of the accompanying permission of root while keeping your own working environment.
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
How can we perform administration tasks?

IBM Power Systems
• Command line
– UNIX system administration tasks often done from the command
.I. n
line, by executing scripts, or both
• Writing and executing scripts
.T ció
– Typically using Korn shell scripts (ksh is the default shell on AIX)
– Perl for more advanced users
.
C
• SMIT (smit or smitty)
.F a
– Text based tool (graphical version also available)
C rm
• IBM Systems Director Console for AIX (pconsole)
– New web-based GUI in AIX6 and later
• IBM Systems Director
to fo
– A cross platform product for managing Power systems and AIX
across a large enterprise environment
ec vo

Figure 1-17. How can we perform administration tasks? AN123.0
Notes:
oy si
There are many ways to perform administration tasks within AIX. In reality, a combination
of tools or techniques are deployed.
u
While there is a graphic mode for SMIT, most SMIT users prefer using smit in text mode via
cl
an interactive command prompt connection, such as ssh.

IBM Systems Director is more flexible than the others in the list. It supports multiple
Ex
operating systems and virtualization technologies across IBM and non-IBM platforms. It is
not to be confused with Systems Director Console for AIX which is based upon IBM
Systems Director but runs from within AIX to managed the OS as a single instance.
pr
Student Notebook
Checkpoint
IBM Power Systems
1. What is the name of the device which creates and controls LPARs?
.I. n
2. True or False: An AIX operating system can have no real devices.
.T ció
3. True or False: Virtualization features provided by the VIO Server can
be used by default on any Power system.
.
C
.F a
4. True or False: The su command enables you to get root authority even
if you signed on using another user ID.
C rm
to fo
ec vo

Figure 1-18. Checkpoint AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Introduction to
IBM Power Systems and
.T ció
AIX
.
C
.F a
C rm
to fo
ec vo

Figure 1-19. Exercise AN123.0
Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
Having completed this unit, you should be able to:
.I. n
• Define terminology and concepts of IBM Power System
.T ció
servers, virtualization, HMC, and AIX
.
C
.F a
C rm
to fo
ec vo

Figure 1-20. Unit summary AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 2. AIX system management tools

This unit describes the system management tools available in AIX,
with a particular focus on SMIT and the IBM systems director console.
.I. n
.T ció
.
• Describe the benefits of the system management tools available in
C
AIX
.F a
• Discuss the functionality of SMIT and the IBM Systems Director
C rm
Console for AIX
• Explain how system management activity is logged
• Log in to IBM Systems Director Console and use graphic interface
to manage the system
to fo
ec vo
oy si
References
Online AIX Version 7.1 Systems Director Console for AIX
u
AIX Version 7.1 Operating System and Device

cl
Management
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-1
Student Notebook
Unit objectives
IBM Power Systems

• Describe the benefits of the system management tools
.I. n
available in AIX
.T ció
• Discuss the functionality of SMIT and the IBM Systems
Director Console for AIX
.
C
.F a
• Log in to IBM Systems Director Console and use graphic
interface to manage the system
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
UNIX system administration challenges

IBM Power Systems
• Lots of commands to remember

• Complex syntax
– Prone to error!
.I. n
• Flat file configuration
.T ció
– Most UNIX flat files have different layouts, syntax, and options.
– Again prone to error, sometimes causing bad things to happen.
.
C
How do I create
.F a
# crfs -v jfs -g rootvg -m /test -a size=42M efs=yes
an encrypted
Usage: crfs -v Vfs {-g Volumegroup | -d Device} -m
file system?
C rm
Mountpoint [-u Mountgroup] [-A {yes|no}] [-t {yes|no}]
[-p {ro|rw}] [-l Logpartitions] [-n nodename] [-a
Attribute=Value]
to fo
ec vo

Figure 2-2. UNIX system administration challenges AN123.0
Notes:
oy si
UNIX challenges
u
Unfortunately, the same thing that's special about UNIX is also the source of most of what's
wrong. UNIX is an operating system burdened with 30+ years worth of useful add-ons and
cl
different flavors. As a consequence, the OS has an awful lot of inconsistencies and

overlapping functions. At times, this can be confusing and challenging even for
experienced users.
Ex
pr
Student Notebook
System management objectives

IBM Power Systems
• Minimize time and resources spent managing systems
.I. n
• Maximize reliability, performance, and productivity
.T ció
• Provide remote system management solutions
.
C
.F a
C rm
to fo
ec vo

Figure 2-3. System management objectives AN123.0
Notes:
oy si
Minimize time and resources spent managing systems

Organizations seek to minimize the time and resources spent managing systems, that
u
is, to manage computer systems efficiently. AIX helps with tools such as SMIT, the
Web-based System Manager, and IBM Systems Director Console for AIX.
cl
Maximize reliability, performance, and productivity

Organizations also wish to maximize system reliability and performance in order to
Ex
maximize the productivity of the users of computer systems. AIX helps with features,
such as the logical volume manager, that help avoid the need for the system to be
brought down for maintenance.
Provide remote system management solutions
pr
Today's information technology environment also creates a need for remote system
management solutions. AIX supports Web-based technology with the IBM Systems
Director Console for AIX. As a result, multiple systems can be managed from one single
point over the network. This can also be done with command-based programs such as
telnet, ssh, and SMIT.
V8.2
Student Notebook
Uempty
AIX administration
IBM Power Systems
Designed to make administration on AIX simple
.I. n
System IBM
.T ció
Management Systems Director
Interface Tool Console for AIX
(smit) (pconsole)
.
C
Text based Web Interface
.F a
High-level commands
C rm
Low-level Intermediate-level
commands commands
to fo
System
System Kernel Resource Object Data ASCII
calls services Controller Manager files
ec vo

Figure 2-4. AIX administration AN123.0
Notes:
oy si
IIBM provides users on AIX with a great deal of flexibility and choice when it comes to
administering an AIX system. SMIT is a simple, but highly effective ASCII-based
u
management tool that has been in AIX since version 3. IBM Systems Director console is a
new attractive Web-based offering in AIX6.1.
cl
Types of commands
Ex
Commands are classified high-, medium-, or low-level:

• High-level commands: These are standard AIX commands, either shell/perl scripts, or
C programs, which can also be executed by a user. They execute multiple low-level or
intermediate-level commands to perform the system administrative functions.
pr
• Intermediate-level commands: These commands interface with special AIX

components such as the System Resource Controller and the Object Data Manager.
These commands are rarely executed directly by a user.
• Low-level commands: These are AIX commands that correspond to AIX system calls
or kernel services. They are not normally executed directly by a user.
Student Notebook
SMIT
IBM Power Systems
• An interactive application that simplifies virtually every aspect

of AIX system administration.
.I. n
• Part of AIX, SMIT is available by default.
.T ció
• SMIT does not use any special hooks. Everything is based on
standard AIX commands and Korn shell functions.
.
– You can see exactly what commands it performs either before or after
C
execution.
.F a
– This is especially useful when you need to automate a repetitive task.
C rm
You can then use these commands in your own scripts.
• Text / ASCII based by default.
– If on a graphical display, such as the Virtual Network Computing (VNC)
to fo
viewer, and the DISPLAY variable is set, a Motif GUI version is
displayed.
– Most users prefer the text based version called smitty.
ec vo

Figure 2-5. SMIT AN123.0
Notes:
oy si
Overview of SMIT
u
The System Management Interface Tool (SMIT) provides a menu-driven interface that
provides access to most of the common system management functions, within one
cl
consistent environment.
SMIT is an interactive application that simplifies virtually every aspect of AIX system
Ex
administration. It is a user interface that constructs high-level commands from the user's
selections, and then executes these commands on-demand. Those commands could be
entered directly by the user to perform the same tasks, or put into scripts to run over, and
over again.
pr
Occasionally, a system administrator will run AIX commands or edit ASCII files directly to
complete a particular system administration task. However, SMIT does make the most
frequent or complex/tedious tasks much easier with a greater degree of reliability.
V8.2
Student Notebook
Uempty
SMIT main menu (text based)

IBM Power Systems
# smit
System
System Management
Management
.I. n
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Software
Software Installation
Installation and
and Maintenance
Maintenance
.T ció
Software
Software License
License Management
Management
Devices
Devices
System
System Storage
Storage Management
Management (Physical
(Physical && Logical
Logical Storage)
Storage)
Security
Security && Users
Users
Communications
Communications Applications
Applications and
and Services
Services
.
Workload
Workload Partition
Partition Administration
Administration
C
Print
Print Spooling
Spooling
Advanced
Advanced Accounting
.F a
Accounting
Problem
Problem Determination
Determination
Performance
Performance && Resource
Resource Scheduling
Scheduling
System
System Environments
C rm
Environments
Processes
Processes && Subsystems
Subsystems
Applications
Applications
Installation
Installation Assistant
Assistant
Cluster
Cluster Systems
Systems Management
Management
Using
Using SMIT
SMIT (information
(information only)
only)
to fo
F1=Help
F1=Help F2=Refresh
F2=Refresh F3=Cancel
F3=Cancel F8=Image
F8=Image
F9=Shell
F9=Shell F10=Exit
F10=Exit Enter=Do
Enter=Do
ec vo

Figure 2-6. SMIT main menu (text based) AN123.0
Notes:
oy si
Main menu selections

u
The SMIT main menu enables you to select the administrative functions to be performed.
You can also select online help on how to use SMIT.
cl
Use of keys
In the ASCII mode, in order to select from the menus, you have to use the up and down
Ex
arrow keys. This moves a highlighted bar over the menu items. Press Enter to select the
highlighted item. You can also use some of the keyboard function keys to perform other
functions, such as exiting SMIT or starting a shell.
Importance of TERM environment variable
pr
When using SMIT in the ASCII mode, the menus and dialog panels sometimes come up
distorted. That is the result of not having an appropriate TERM variable value. Setting and
exporting this variable can solve the problem. For example, executing the command
export TERM=vt320 might solve the problem.
Student Notebook
General syntax:
smit [-options] [ FastPath ]
Invoke ASCII version:
# smitty
or
# smit –C
.I. n
Log, but do not actually run, commands:
.T ció
# smit -x
Redirect the log file and script file:
.
# smit -s /u/team1/smit.script –l /u/team1/smit.log
C
# smit -s /dev/pts/1 -l /dev/pts/2
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Dialog screen
IBM Power Systems
# smit date
Change
Change // Show
Show Day
Day and
and Time
Time
.I. n
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
.T ció
[Entry
[Entry Fields]
Fields]
YEAR
YEAR (00-99)
(00-99) [08]
[08] ##
MONTH
MONTH (01-12)
(01-12) [10]
[10] ##
DAY
DAY (1-31)
(1-31) [08]
[08] ##
HOUR
HOUR (00-23)
(00-23) [11]
[11] ##
.
MINUTES
MINUTES (00-59)
(00-59) [23]
[23] ##
C
SECONDS
SECONDS (00-59)
(00-59) [06]
[06] ##
.F a
C rm
Shell exit, very
useful to check
Command Current fast path:
something prior to
preview "date"
execution
F1=Help
F1=Help F2=Refresh
F3=Cancel F4=List
F4=List
to fo
F5=Reset
F5=Reset F6=Command
F6=Command F7=Edit
F7=Edit F8=Image
F8=Image
F9=Shell
F9=Shell F10=Exit
F10=Exit Enter=Do
Enter=Do
ec vo

Figure 2-7. Dialog screen AN123.0
Notes:
oy si
Dialog screens and selector screens

u
A dialog screen allows you to enter values that are used in the operation performed. Some
fields are already completed from information held in the system. Usually, you can change
cl
this data from the default values.

A selector screen is a dialog screen on which there is only one value to change. The value
Ex
usually indicates the object which is acted upon by the subsequent dialog and AIX
command.
Entering data
To enter data, move the highlighted bar to the value you want to change. Then, either enter
pr
a value or select one from a list. Fields that you can type in have square brackets [ ]. Fields
that have data that is larger than the field width, have angle brackets < >, to indicate that
there is data further to the left, right, or both sides of the display area.
Student Notebook
Special symbols
Special symbols on the screen are used to indicate how data is to be entered:
• Asterisk (*): This is a required field.
• Number sign (#): A numeric value is required for this field.
• Forward slash (/): A pathname is required for this field.
• X: A hexadecimal value is required for this field.
• Question mark (?): The value entered is not displayed.
.I. n
• Plus sign (+): A pop-up list or ring is available.
.T ció
An asterisk (*) in the leftmost column of a line indicates that the field is required. A value
must be entered here before you can commit the dialog and execute the command. In the
ASCII version, a plus sign (+) is used to indicate that a pop-up list or ring is available. To
.
access a pop-up list, use the F4 key. A ring is a special type of list. If a fixed number of
C
options are available, use the Tab key to cycle through the options.
.F a
In the Motif version, a List button is displayed. Either click the button or press <Ctrl-l> to
display a pop-up window.
C rm
Use of particular keys
The following keys can be used while in the menus and dialog screens. Some keys are
only valid in particular screens. The keys that are only valid for the ASCII interface are
to fo
marked (A). The keys that are only valid for the Motif interface are marked (M).
• F1 (or ESC-1) Help: Show contextual help information.
• F2 (or ESC-2) Refresh: Redraw the display. (A)
ec vo
• F3 (or ESC-3) Cancel: Return to the previous screen. (A)

• F4 (or ESC-4) List: Display a pop-up list of possible values. (A)
• F5 (or ESC-5) Reset: Restore the original value of an entry field.
• F6 (or ESC-6) Command: Show the AIX command that is executed.
oy si
• F7 (or ESC-7) Edit: Edit a field in a pop-up box or select from a multi-selection pop-up
list.
• F8 (or ESC-8) Image: Save the current screen to a file (A) and show the current
u
fastpath.
• F9 (or ESC-9) Shell: Start a sub-shell. (A)
cl
• F9 Reset: all fields. (M)

• F10 (or ESC-0): Exit: Exit SMIT immediately. (A)
Ex
• F10: Go to the command bar. (M)

• F12 Exit: Exit SMIT immediately. (M)
• Ctrl-l List: Give a pop-up list of possible values. (M)
• PgDn (or Ctrl-v): Scroll down one page.
pr
• PgUp (or ESC-v): Scroll up one page.

• Home (or ESC-<): Go to the top of the scrolling region.
• End (or ESC->): Go to the bottom of the scrolling region.
• Enter: Do the current command or select from a single-selection pop-up list.
• /text: Finds the text in the output.
• n: Finds the next occurrence of the text.
V8.2
Student Notebook
Uempty
Output screen
IBM Power Systems
Command
completed No standard
successfully COMMAND
COMMAND STATUS
STATUS error
.I. n
Command:
Command: OK
OK stdout:
stdout: yes
yes stderr:
stderr: no
no
Before
Before command
command completion,
completion, additional
additional instructions
instructions may
may appear
appear below.
below.
.T ció
Wed
Wed 88 Oct
Oct 11:23:06
11:23:06 2008
2008
Standard output
following command
.
execution
C
(stdout)
.F a
C rm
F1=Help F2=Refresh F3=Cancel F6=Command
to fo
F1=Help F2=Refresh F3=Cancel F6=Command
F8=Image
F8=Image F9=Shell
F9=Shell F10=Exit
F10=Exit /=Find
/=Find
n=Find
n=Find Next
Next
ec vo

Figure 2-8. Output screen AN123.0
Notes:
oy si
Fields on first line of output

u
The Command field can have the following values: OK, RUNNING, and FAILED.
The value of the stdout field indicates whether there is standard output, that is, whether
cl
there is output produced as a result of running the command. The output is displayed in the
body section of this screen.
Ex
The value of the stderr field indicates whether there are error messages. In this case, there
are no error messages.
Note that, in the Motif version of SMIT, a representation of a person in the top right-hand
corner of the screen is used to indicate the values of the Command field.
pr
Body of the screen

The body of the screen holds the output or error messages from the command. In this
example, there is output, but there are no error messages.
Student Notebook
SMIT log and script files

IBM Power Systems
smit.log
smit
smit.script
.I. n
command
execution
.T ció
smit.transaction
• $HOME/smit.log
– Records a log of all menu and dialog screens visited, all commands
.
executed, and their output
C
.F a
– Records any errors during the SMIT session
• $HOME/smit.script
C rm
– Shell script containing all AIX commands executed by SMIT
• $HOME/smit.transaction
– SMIT transactions log
– Records date, description, and command script output of the commands
to fo
executed
SMIT output will be redirected
to file: /tmp/new-script. No
# smitty –xs /tmp/new-script commands will be run.
ec vo

Figure 2-9. SMIT log and script files AN123.0
Notes:
oy si
Overview
SMIT creates three files in the $HOME directory of the user running SMIT. If these files
u
already exist, then SMIT appends to them. These files can grow quite large over time,
especially during installations. The user must maintain and truncate these files, when
cl
appropriate.
The smit.log file
Ex
The smit.log file contains a record of every SMIT screen, menu, selector, and dialog
visited, the AIX commands executed, and the output from these commands. When the
image key is pressed, the screen image is placed in the smit.log file. If there are error
or warning messages, or diagnostic or debugging messages from SMIT, then these are
pr
also appended to the smit.log file.

The smit.script file
The smit.script file contains the AIX commands executed by SMIT, preceded by the
date and time of execution. This file can be used directly as a shell script to perform
tasks multiple times, or it can be used as the basis for more complex operations.
V8.2
Student Notebook
Uempty The smit.transaction file

SMIT since AIX 5.2 has a relatively new file, smit.transaction. This file logs all the
executed commands similar to smit.script. The difference being smit.script logs all
commands, while smit.transaction only logs command_to_executes, see smit.log file.
For example, the user backs up the system using smit.
smit.script file
.I. n
#
# [Oct 13 2008, 20:00:19]
.T ció
#
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08
.
smit.transaction file
C
.F a
#=--------------------------------------------
# DATE: Oct 13 2008, 20:00:19
C rm
# DESCRIPTION: Back Up the System
#=--------------------------------------------
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
IBM Systems Director Console for AIX (pconsole)

IBM Power Systems
• Web-based management interface (starting with AIX 6.1)

• Enables converged consoles consistent with IBM Systems
.I. n
Director:
.T ció
– Integrated solutions console
– Lightweight infrastructure
.
• Includes links to SMIT tasks
C
How to check
.F a
• Requires Java v5 that it is
running
• Installed by default
## lssrc
Subsystem
C rm
lssrc -s
Subsystem
-s pconsole
pconsole
Group
Group PID
PID Status
Status
to fo
pconsole
pconsole pconsole
pconsole 737388
737388 active
active
## netstat
netstat -a
-a |grep
|grep 5336
5336
tcp
tcp 00 00 *.5336
*.5336 *.*
*.* LISTEN
LISTEN
ec vo

Figure 2-10. IBM Systems Director Console for AIX (pconsole) AN123.0
Notes:
oy si
IBM Systems Director Console for AIX

u
The IBM Systems Director Console for AIX, also known as the Console, is a new
management interface that allows administrators to manage AIX remotely through a
cl
browser. It provides web access to common systems management tasks. The Console was
introduced as part of AIX 6.1. The only additional component required is a web browser.
Ex
The Console is named after the IBM Systems Director because it is built on the same
graphical user interface as the IBM Systems Director. Although the Console is named after
the IBM Systems Director, it is not a prerequisite. All components necessary to run the
Console are included in AIX 6.1 and later.
pr
The Console also includes menu links to the Systems Management Interface Tool (SMIT),
Web-based System Manager, and Distributed Command Execution Manager (DCEM).
DCEM is a new facility to securely execute SMIT operations or other commands on
multiple machines at one time. This can improve administrator efficiency by reducing the
need to log in to multiple systems to run the same systems management task.
V8.2
Student Notebook
Uempty Lightweight Infrastructure (lwi.runtime)

The Lightweight Infrastructure (LWI) is a small footprint, simple to configure, a secure
infrastructure for hosting web applications, web services, and other application related
components. The LWI is based on Open Services Gateway Initiative (OSGi) architecture
and is derived from WebSphere Everyplace Deployment 6.0 (WED). The LWI is comprised
of the base OSGi/Eclipse service platform plus additional custom components and bundles
which support web applications, web services, and the building of components.
.I. n
File sets installed to support pconsole
.T ció
- sysmgt.pconsole.rte
- sysmgt.pconsole.apps.wdcem
.
- sysmgt.pconsole.apps.wrbac
C
.F a
- sysmgt.pconsole.apps.wsmit
- lwi.runtime
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Console interface
IBM Power Systems
• Web browser-based access

– https://<hostname (or IP)>:5336/ibm/console (Defaults to SSL. Use 5335 for non-SSL.)
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Figure 2-11. Console interface AN123.0
Notes:
oy si
Logging into the console

u
IBM Systems Director Console for AIX relies on your AIX user account for user-logon
security. If the user ID that you provide is already logged into the console, the console
cl
prompts you to choose between logging out from the other session or returning to the login
page. If you choose to log out from the other session, the console will not recover any
unsaved changes that were made by that user.
Ex
Use the Logout link in the console toolbar when you are finished using the console to
prevent unauthorized access. If there is no activity during the login session for an extended
period of time, the session expires and you must log in again to access the console. The
pr
default session timeout period is 30 minutes.

If you encountered the login problem, please check the following items:
• No user account on the target server?
• Have the administrator create an account.
• Password expired or not set (new user account)?
V8.2
Student Notebook
Uempty • Log in through local terminal or telnet, and set the password.
• Already logged into console?
• Look for a warning message which gives you the option to terminate the previous
session.
You can log into the console as root, which gives you the authority to perform all tasks, or
you can delegate certain tasks to non-root users. If the only user that you want to authorize
.I. n
as a console user is root, no further set up is required.
The root id has console administrator authorization, which authorizes them to launch any
.T ció
console task. By default, console tasks are visible only to root. If you want to authorize
non-root users to perform console tasks, additional setup is required. You must authorize
each user to access one or more tasks that appear in the console navigation area and you
.
must assign each user the AIX authorizations (RBAC) for the actions performed by these
C
.F a
tasks.
Changing port values
C rm
IBM Systems Director Console for AIX uses the http: 5335 and https: 5336 ports. If you
need to change the port numbers, modify the following properties in the
/pconsole/lwi/conf/overrides/port.properties file and then restart pconsole to change
to fo
these ports:
• com.ibm.pvc.webcontainer.port=5335
• com.ibm.pvc.webcontainer.port.secure=5336
ec vo
In addition, modify /pconsole/lwi/conf/webcontainer.properties. Change all occurrences

of 5336 to the secure port you wish to use.
Console security
oy si
By default, the IBM Systems Director Console for AIX provides a Secure Sockets Layer
(SSL) certificate that enables HTTPS connections between the IBM Systems Director
Console for AIX and the Web browser client.
u
cl
Ex
pr
Student Notebook
Console applications
IBM Power Systems
• OS Management (new SMIT-based tasks)

• Portlets/modules
.I. n
– For example, system health
.T ció
• Classical SMIT
– Classic-style smit menus for those who prefer a more traditional look
.
and feel
C
• Distributed Command Execution Manager (DCEM)
.F a
– Used to execute commands on multiple systems in parallel
C rm
– Based on the standard UNIX dsh function
• On AIX, this is part of the Cluster Systems Management (CSM) product,
csm.dsh, which is installed as part of a base AIX install.
to fo
– Supports groups of systems
– Supports rsh and ssh authentication
ec vo

Figure 2-12. Console applications AN123.0
Notes:
oy si
Within pconsole exists a number of applications:

u
• OS management
This is the core of the application. Menu options are similar to SMIT but in a redesigned
cl
new layout.
• Portlets/Modules
Are facilities within pconsole which provide system information and health details
Ex
• Classical SMIT
Very useful for those who still prefer the look and feel of traditional SMIT.
• Distributed Command Execution Manager (DCEM)
This is a graphical wrapper around an existing UNIX ‘dsh' utility. It allows commands
pr
and scripts to be executed on multiple hosts.

For further information on dsh, see the AIX man page or the CSM documentation:
http://publib.boulder.ibm.com/infocenter/clresctr/vxrx/index.jsp?topic=/com.ibm.cluster.csm
.doc/csm141/am7cm11052.html
V8.2
Student Notebook
Uempty
Console management view

IBM Power Systems
• New look and feel Define

Toolbar start-up
Navigation pages
area
.I. n
.T ció
.
C
.F a
Work area
C rm
to fo
ec vo

Figure 2-13. Console management view AN123.0
Notes:
oy si
Toolbar
u
The toolbar and banner area displays a common image across IBM System Director
Console for AIX installations. The Console toolbar provides the following functions:
cl
• Displays user name, for example, Welcome root

• Help
Ex
• Logout
Help is available for the entire console or for a specific module in the console. To access
console help, perform the following steps:
pr
• Select Help on the console toolbar. The help is displayed in a separate browser
window.
• In the help navigation tree, select the help set you want to view. For example, select
Console help to view topics that provide information for new console users. Use the
console controls as needed. To access help for a module on a page, on the title bar for
Student Notebook
the module, click the ? icon. This icon is displayed only if help is available for the
module. The help is displayed in a separate browser window.
Navigation area
The navigation area provides a tree to the tasks that are available in the console. Tasks are
grouped into organizational nodes that represent categories of tasks. For example, OS
Management or Settings, are organizational nodes. The organizational nodes can be
nested in multiple levels.
.I. n
The navigation tree only displays tasks to which you have access. This is controlled by the
.T ció
Console Roles and RBAC authorizations.
In this area, the following task categories can be accessed:
.
• Welcome
C
.F a
• My Startup Pages
• OS Management (AIX settings
C rm
• Health
• Settings (Console settings)
When you select a task in the navigation tree, a page containing one or more modules for
to fo
completing the task is displayed in the work area.
Work area
When you initially log in to the console, the work area displays a welcome page. After you
ec vo
launch a task from the navigation tree, the contents of the task are displayed in a page in
the work area. A page contains one or more console modules that are used to perform
operations. Each console module has its own navigation controls. Some pages include a
control to close the page and return to the welcome page.
oy si
Startup pages
u
Regular pconsole users will want to set up startup pages at login, rather than seeing the
welcome page every time. To do this, simply select the page you are interested in from the
cl
box in the top right hand area of the screen. Select add to my start-up pages. The next
time you log in, the page will be displayed in a tab.
Ex
pr
V8.2
Student Notebook
Uempty
System health (1 of 3)
IBM Power Systems
• Portlets: System summary and metric details

Time to
refresh
.I. n
.T ció
Section-
specific
help
.
C
.F a
Refresh
immediately
C rm
to fo
ec vo

Figure 2-14. System health (1 of 3) AN123.0
Notes:
oy si
IBM Systems Director Console for AIX contains several portals. Each portlet refreshes after
a certain time interval to ensure the information is always consistent and up-to-date. The
u
example above is the system health portal. This shows detailed system and performance
information for the host running pconsole.
cl
Metrics
Ex
The metrics feature of IBM Systems Director Console for AIX, provides the overall health of
the monitored metrics for the managed server. The window provides common status
information about the memory and CPUs. The main page provides a description of the
monitored metrics with separate rows for summary information on each metric. These
pr
include the following:

• Select: Click to determine the metric displayed in the Metric Detail feature
• Metric: Displays the name of the metric being monitored
• Trend: Displays a graphic to indicate the recent changes to the metric
• Previous: Displays the prior value for the metric
• Latest: Displays the last monitored value for the metric
Student Notebook
IBM Power Systems
• Configuration information
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
Summary Information
u
The summary feature provides the overall health status of the managed server. The
window provides common status information about the overall system, network, and
cl
paging space configuration.

System Configuration
Ex
This expanded section displays information regarding the System p hardware and AIX
settings including such information as the model and serial number, processor type,
number and speed, memory size and status, and system recovery settings, like the
auto restart setting. All these values are related to the overall health and status of the
pr
server. Some of these values may be changed in the System Environment area of the
console.
Network Configuration
This expanded section displays information regarding the network settings including
such information as IP address, hostname, subnet mask, domain name, gateway, and
V8.2
Student Notebook
Uempty name server. All these values are related to the overall health and status of the network
connections for the server. Some of these values may be changed in the
Communications area of the console.
Paging Space Configuration
This expanded section displays information regarding the operating system paging
space setting which indicates the total paging space available. This value is related to
the overall health and status of the server. The value may be changed in the System
.I. n
Storage Management area of the console.
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
IBM Power Systems
• Portlets: Top Processes and File Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
Top Processes
u
The process feature provides a list of the running processes in a table view. The window
provides common status information about each individual process. A table describes each
cl
process with separate columns to view detailed information. The table is initially sorted by
the parent ID. These columns include the following:
Ex
• Process Name displays the command that initiated the process.

• Process ID displays the ID number for the process.
• Parent ID displays the process ID number for the parent process that started the
process.
pr
• CPU % displays the percent of the total CPU available used by the process in the cycle
before the last refresh.
• Time displays the total CPU time the process has been running before the last refresh.
• User displays the user ID under which the process is running.
V8.2
Student Notebook
Uempty File System

The file system feature provides a list of the defined file systems in a table view. The
window provides common status information about each individual file system. The table
describes each individual file system with separate columns to view detailed information.
The table is sorted by the file system name. These columns include the file system name,
mount point, size, and free area.
• File System displays the file system name.
.I. n
• Mount Point displays the current mount location for the file system.
.T ció
• Size displays the size of the file system in M bytes.
• Free Space displays the size of the free space available in the file system in M bytes.
.
• Free % displays the percentage of the total space not in use.
C
.F a
• Page indicates the current page and total number of pages of file system information.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Classical SMIT
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Figure 2-17. Classical SMIT AN123.0
Notes:
oy si
IBM Systems Director Console for AIX provides a web interface for classical SMIT. The
classical SMIT interface features the same menu structures and dialog panels as the ASCII
u
SMIT.
cl
Ex
pr
V8.2
Student Notebook
Uempty
DCEM portlet (1 of 5)
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
Graphical driven Commands
UNIX dsh
functionality dsh
to fo
LPAR:
LPAR:
LPAR:
LPAR:
AIX4
AIX2
AIX3
AIX1
ec vo

Figure 2-18. DCEM portlet (1 of 5) AN123.0
Notes:
oy si
DCEM allows commands and scripts to be executed on multiple hosts concurrently. It is

based on the standard UNIX dsh (distributed shell) command.
u
cl
Ex
pr
Student Notebook
IBM Power Systems
.I. n
.T ció
Enter job
name and
description.
.
C
.F a
Defaults to
standard PATH
C rm
and user root.
Enter
to fo
commands to
run.
ec vo

Notes:
oy si
The first task is to enter a job name and description, then work along the tabs, filling in the
information as appropriate. Starting with the Command Specification tab, the following
u
fields may be used when creating a distributed command:

cl
• Name: Specify a name for the distributed task if you would like to save it for future use.
• Path: Specify the path of the command.
Ex
• Default User: Specify the user name under which the command will run. The user
currently logged in is the default value.
• Command (required): The command definition.
pr
V8.2
Student Notebook
Uempty
IBM Power Systems
.I. n
.T ció
.
C
.F a
Specify
target
C rm
machines.
to fo
ec vo

Notes:
oy si
Moving to the Target Specification tab, create a set of targets on which the command will
run, by selecting any combination of DSH hosts and groups, CSM hosts and groups, and
u
NIM hosts and groups.

cl
CSM is cluster software for AIX. NIM is software on AIX which allows AIX to be installed
over a network. Both CSM and NIM hosts can be grouped together for ease of
management. For these fields to be used, the IBM Systems Director Console must be
Ex
running directly on either a CSM or NIM server respectively.

Groups, CSM, and NIM are concepts beyond the scope of this course.
pr
Student Notebook
IBM Power Systems
.I. n
.T ció
.
C
Defaults to
.F a
rsh, ssh is
optional
C rm Confirmation
to fo
that job is
running
ec vo

Notes:
oy si
Moving to the Options tab, specify:

• Remote shell: The default value is /usr/bin/rsh. Optionally, you can specify ssh if you
u
want to make the remote execution secure. Either way, the pconsole server must be
able to execute commands on the remote hosts without entering a password.
cl
Otherwise, dsh commands will fail.

• Verify targets are responding: Select this check box to verify that targets are
Ex
responding before running the command.

The following options can be used when running the command:
• Run: This option runs the command on the specified targets.
• Run and Save: This option runs the command on the specified targets and saves the
pr
current command specification as a script.

• Save: This option saves the current command specification as a script. All information
specified in the command specification tab, targets tab, and options tab will be saved.
The Generate Script button will produce a perl command script in the /dcem/scripts
directory on the pconsole server.The submission report will only confirm that the job is
running. To see whether the job has completed successfully, click the View Status button.
V8.2
Student Notebook
Uempty
IBM Power Systems
Status:
Completed OK
or failure!
.I. n
.T ció
.
C
.F a
C rm
Report output.
Further host output
can be seen by
selecting the links
below.
to fo
ec vo

Notes:
oy si
After selecting view status, as shown on the previous visual, the Job Status window will
appear. In the example shown above, the DCEM job was completed successfully. To obtain
u
further information, click the View Report button.

cl
Ex
pr
Student Notebook
Console logging and tracing

IBM Power Systems
• Console logs
– Location: /var/log/pconsole/logs
.I. n
• Formatted using XML
.T ció
– Rotated using file names error-log-#.xml and trace-log-#.xml
## ls
ls /var/log/pconsole/logs
/var/log/pconsole/logs
error-log-0.xml error-log-5.xml trace-log-3.xml
.
error-log-0.xml error-log-5.xml trace-log-3.xml
error-log-0.xml.lck
error-log-0.xml.lck Log_Viewer.xml
Log_Viewer.xml trace-log-4.xml
trace-log-4.xml
C
error-log-1.xml trace-log-0.xml trace-log-5.xml
.F a
error-log-1.xml trace-log-0.xml trace-log-5.xml
error-log-2.xml
error-log-2.xml trace-log-0.xml.lck
trace-log-0.xml.lck
error-log-3.xml
error-log-3.xml trace-log-1.xml
trace-log-1.xml
C rm
error-log-4.xml
error-log-4.xml trace-log-2.xml
trace-log-2.xml
• Classical SMIT logs

– Location: $HOME/wsmit.log & wsmit.script
to fo
• DCEM log
– Location: $HOME/dcem/logs/dcem.log
ec vo

Figure 2-23. Console logging and tracing AN123.0
Notes:
oy si
The Systems Director Console log file are stored in XML format in the
/var/log/pconsole/logs directory.
u
Console Logging and Tracing

cl
Error log file

The system appends log messages to a single log file. A new log file is created each time
Ex
you start Integrated Solutions Console. Logging messages are written to the file
error-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write log messages.
Trace log file
pr
The system appends traces messages to a single log file. A new trace file is created each
time you start Integrated Solutions Console. Trace messages are written to the file
trace-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write trace messages.
V8.2
Student Notebook
Uempty Classical SMIT logs are similar in nature to regular AIX SMIT. The letter w is prefixed to the
standard SMIT log file names, to differentiate these pconsole logs from the standard AIX
SMIT logs. There is no equivalent smit.transaction log produced through pconsole.
An example DCEM.log:
------------------------------------------------------------
Command name: Unspecified
.I. n
Default user: root
Command definition:
.T ció
export PATH=\$PATH;uname -a
Started: Tue Oct 14 17:06:34 2008
Ended: Tue Oct 14 17:06:35 2008
.
Successful targets:
C
DSH nodes:
.F a
statler.lpar.co.uk
waldorf.lpar.co.uk
C rm
Failed targets:
none
Targets not run:
none
to fo
Status:
Command execution completed.
-----------------------------------------------------------
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Checkpoint
IBM Power Systems
1. List the three main system management tools available on AIX.

a. ______________
.I. n
b. ______________
c. ______________
.T ció
2. What is the purpose of the smit.script file?
.
C
.F a
3. What information can one get from looking at the system configuration
details in IBM Systems Director Console?
C rm
a. ______________
b. ______________
c. ______________
to fo
d. ______________
e. ______________
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
AIX system
management
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Describe the benefits of the system management tools
.T ció
available in AIX
• Discuss the functionality of SMIT and the IBM Systems
.
C
Director Console for AIX
.F a
C rm
• Log in to IBM Systems Director Console and use graphic
interface to manage the system
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 3. System startup and shutdown

This unit describes how to start up and shut down the managed
system and AIX partitions.
.I. n
.T ció
.
• Describe the system and AIX startup process
C
.F a
• Activate the system and AIX partitions
• Explain the difference between SMS and normal startup modes
C rm
• Describe the contents of the /etc/inittab file
• Use System Resource Controller commands to start, stop, and
display AIX subsystems
to fo
• Explain how to shut down the system and AIX partitions

ec vo
oy si
References
u
Online AIX Version 7.1 Operating System and Device

Management
cl

Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
• Explain the difference between SMS and normal startup
modes
.
C
.F a
• Use System Resource Controller commands to start, stop,
and display AIX subsystems
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
System startup
IBM Power Systems
Plug in managed system
.I. n
Level 1: Power off Service processor is active.
.T ció
Issue Power On command
All devices are initialized and powered on.
Level 2: Standby
System is ready to support partitions.
.
C
.F a
SMS mode
Start AIX
C rm
- OR -
partitions
Normal mode
to fo
Level 3: Operating System is running partitions.
ec vo

Figure 3-2. System startup AN123.0
Notes:
oy si
Level 1: Power Off state

u
The first power level is achieved by plugging in the power cord of the managed system
into a live power socket. The HMC will report that the managed system is in the Power
cl
Off state. No additional buttons need to be pushed and no commands need to be

issued.
Ex
The service processor will be initialized and the service processor software will be
loaded and run. If your system has an Operator Panel, you'll see codes on the display
panel and after a few minutes, you will also see a steady blinking green light. The HMC
will also display the codes and status information for the managed system. At this point,
pr
the service processor is an active host on the network. You may use the system
management (ASMI) application on the service processor. However, the rest of the
devices, such as disks, processors, and so forth, on the managed system are still
powered off.
Student Notebook
Level 2: Standby state

To advance to the second power on level, a power on command must be issued to the
managed system. At this point, all devices are initialized and ready to use. However, no
partitions are running yet, so their devices are not yet in use. Do not attempt to remove
hardware from the system at this level. The HMC will report that the managed system is
in the Standby state.
Level 3: Operating state
.I. n
Once you start the first partition on the system, your managed system will be at the third
.T ció
and highest power on level. The HMC will report the state of the managed system as
Operating. This means it has been fully powered on, initialized, and is running at least
one partition. With the proper procedures and commands, hot-pluggable devices may
.
be physically removed from the partitions. Once your managed system is in the
C
Operating state, it remains there until you issue a power off command or a system error
.F a
changes the state. If you shut down all of the partitions, but do not power off the
managed system, the HMC will still report the Operating state. However, at this point,
C rm
the system is in a state functionally equivalent to the Standby state.
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Managed system activation

IBM Power Systems
# ssh hscroot@<hmc> chsysstate -m <ms_name> -r sys -o on
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Figure 3-3. Managed system activation AN123.0
Notes:
oy si
Introduction
u
The visual -shows a managed system in the Power Off state. The HMC menu is shown
where you can choose to power on the system. This is the selected menu when the
cl
managed system is selected. The next visual shows you the screen that appears after
choosing Power On from the menu.
Ex
HMC command for managed system power on

The chsysstate HMC command can also be used in an SSH session to change the
state of the managed system or partitions. Specific examples of power on commands
will be shown on the following pages.
pr
Scheduling the managed system power on

You can schedule an automatic managed system power on for a particular date and
time, and it can be scheduled to repeat. This application is found under HMC
Management > HMC Configuration > Schedule Operations.
Student Notebook
Startup modes for AIX (1 of 2)

IBM Power Systems
• The two most popular start-up modes are:

– SMS mode (the firmware menu)
– Normal mode
.I. n
• SMS mode is used for:
.T ció
– Selecting the boot device, for example, network and IPL parameters
– Booting into Service (Maintenance) mode, for example:
.
• To fix a machine that will not boot
C
• Recover root password
.F a
SMS Top
Level
C rm
PowerPC Firmware
Version EL320_083 Firmware
SMS 1.7 (c) Copyright IBM Corp. 2000,2008 All rights reserved. Menu
----------------------------------------------------------------
Main Menu
1. Select Language
2. Setup Remote IPL (Initial Program Load)
to fo
3. Change SCSI Settings
4. Select Console
5. Select Boot Options
ec vo

Figure 3-4. Startup modes for AIX (1 of 2) AN123.0
Notes:
oy si
System Management Services

u
To boot into SMS, either press the 1 key shortly after partition activation, or set the
partition to specifically SMS boot. To do this, click the Advanced button on activation
cl
and set the boot mode to SMS.

SMS is the Power System firmware menu. The code is shipped with the hardware. This
Ex
resource can be used to select the boot device, or change the order of the bootlist and
boot the system into Service mode, if maintenance is required.
Service mode enables the user to run diagnostics or access the system in single-user
mode.
pr
V8.2
Student Notebook
Uempty
Startup modes for AIX (2 of 2)

IBM Power Systems
• Normal mode
– AIX boots into multi-user mode (run level 2).
– Users can log in, the system can be configured, and applications can
.I. n
start.
– The bootlist command can change the start-up boot device list.
.T ció
## bootlist Displays the current
bootlist -m
-m normal
normal -o
-o
hdisk0 boot device (hdisk0)
hdisk0 blv=hd5
blv=hd5
.
C
## bootlist
bootlist –m
–m normal
normal hdisk0
hdisk0 hdisk1
hdisk1
.F a
• Other less common start-up modes:
C rm
– Diagnostic with default boot list
• Boot to service mode using default boot list (has optical drive first)
– Diagnostic with stored boot list
• Boot to service mode using a user customized bootlist
to fo
– Open firmware
• Open firmware prompt; used by service/support personnel to obtain low level
debug information
ec vo

Figure 3-5. Startup modes for AIX (2 of 2) AN123.0
Notes:
oy si
Start-up modes:
u
• Normal: The logical partition starts up as normal. This is the mode that you use to
perform most everyday tasks. When the machine does a normal boot, it completes the
cl
full AIX boot sequence and start processes, enables terminals and generates a login
prompt, to make it available for multi-user access. It also activates the disks, sets up
access to the files and directories, starts networking, and completes other machine
Ex
specific configurations.
• Diagnostic with default boot list: The logical partition boots to service mode using the
default boot list that is stored in the system firmware. This mode is normally used to
either boot to diagnostics from a hard drive, or to boot off bootable media (a diagnostics
pr
CD or installation media).
• Diagnostic with stored boot list: The logical partition performs a service mode boot
using the service mode boot list saved in NVRAM.
• Open Firmware OK prompt: The logical partition boots to the open firmware prompt.
This option is used by service personnel to obtain additional debug information.
Student Notebook
AIX startup process overview

IBM Power Systems
Partition activation
.I. n
Locate AIX boot image
.T ció
via firmware or bootlist
.
Load boot image
C
RAMFS created AIX Kernel is now in control.
.F a
C rm
Configure devices init process from RAMFS
Start rootvg executes rc.boot script.
to fo
Start ‘real’ init process
Process /etc/inittab, default run-level 2.
From rootvg
LOGIN
ec vo

Figure 3-6. AIX startup process overview AN123.0
Notes:
oy si
AIX start-up overview

u
After the partition is activated, a boot image is located from the boot device, specified
from SMS or the bootlist command, and is loaded into memory. During a normal boot,
cl
the location of the boot image is usually a hard drive. Besides hard drives, the boot
image could be loaded from CD/DVD. This is the case when booting into maintenance
mode for service. If working with the Network Installation Manager (NIM), the boot
Ex
image is loaded through the network.

The kernel restores a RAM file system into memory by using information provided in the
boot image. At this stage, the rootvg is not available, so the kernel needs to work with
pr
commands provided in the RAM file system. You can think of the RAM file system as a
small AIX operating system. The kernel starts the init process which was provided in the
RAM file system, not from the root file system. This init process executes a boot script
which is named rc.boot. rc.boot controls the boot process. The base devices are
configured, rootvg is activated or varied on, and the real init process starts from rootvg
which will in turn process the /etc/inittab at run level two.
V8.2
Student Notebook
Uempty
AIX partition activation (1 of 2)

IBM Power Systems
# ssh hscroot@<hmc> chsysstate -m <ms_name> -r lpar \

-o on -n <lpar> -f <profile name> -b sms
.I. n
To activate
into SMS
.T ció
.
C
.F a
C rm
to fo
ec vo

Figure 3-7. AIX partition activation (1 of 2) AN123.0
Notes:
oy si
Activating a partition
u
To activate a partition from the HMC Server Management application, select the
partition name and choose Activate from the menu. An Activate Logical Partition
cl
screen will appear from which the user can select the start-up profile.
Ex
pr
Student Notebook
AIX partition activation (2 of 2)

IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
AIX
AIX Version
Version 77
Copyright
Copyright IBM
IBM Corporation,
Corporation, 1982,
1982, 2013
2013
Console login:
Console login:
ec vo

Figure 3-8. AIX partition activation (2 of 2) AN123.0
Notes:
oy si
Activating a partition (continued)

u
Partitions can have one or many profiles assigned, one of which will be the default.
Profiles contain the attributes of the partition such as process and memory
cl
requirements, and assigned devices. At the time of starting the profile a virtual console
session can be optionally started. The Advanced button enables users to set the
start-up mode. A default start-up mode will be contained within the profile.
Ex
pr
V8.2
Student Notebook
Uempty
The alog command

IBM Power Systems
User Boot Install

NIM
Applications Process Process
.I. n
.T ció
alog program
.
C
.F a
/var/adm/ras/bootlog
/var/adm/ras/BosMenus.log
C rm
Use the
/var/adm/ras/bosinst.log
alog
command
/var/adm/ras/nimlog
to view /var/adm/ras/conslog
logs /var/adm/ras/errlog
to fo
To view the boot log:
## alog
alog –o
–o –t
–t boot
boot
ec vo

Figure 3-9. The alog command AN123.0
Notes:
oy si
Overview
u
The alog command is a BOS feature that provides a general-purpose logging facility
that can be used by any application or user to manage a log. The alog command reads
cl
standard input, writes the output to standard out, and copies it to a fixed size file at the
same time.
Ex
The log file

The file is treated as a circular log. This means that when it is filled, new entries are
written over the oldest entries. Log files used by alog are specified on the command
line or defined in the alog configuration database maintained by the ODM. The
pr
system-supported log types are boot, bosinst, nim, and console.

Use in boot process
Many system administrators start the boot process, and then go and get a cup of coffee.
Unfortunately, boot messages may appear on the screen, only to be scrolled and lost,
never to be seen by the user. In some instances, these messages may be important,
Student Notebook
particularly if the system did not boot properly. Fortunately, alog is used by the rc.boot
script and the configuration manager during the boot process to log important events.
To view the boot information, the command alog –o -t boot may be used. If the
machine does not boot, boot the machine into maintenance mode and view the boot
log contents.
Viewing logs with SMIT
You can also use SMIT to view the different system-supported logs. Use the following
.I. n
command:
.T ció
# smit alog
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
/etc/inittab
IBM Power Systems
Format of the line: id:runlevel:action:command

init:2:initdefault:
init:2:initdefault:
brc::sysinit:/sbin/rc.boot
brc::sysinit:/sbin/rc.boot 33 >/dev/console
>/dev/console 2>&1
2>&1 ## Phase
Phase 33 of
of system
system boot
boot
.I. n
powerfail::powerfail:/etc/rc.powerfail
powerfail::powerfail:/etc/rc.powerfail 2>&12>&1 || alog
alog -tboot
-tboot >> /dev/console
/dev/console
mkatmpvc:2:once:/usr/sbin/mkatmpvc
mkatmpvc:2:once:/usr/sbin/mkatmpvc >/dev/console
>/dev/console 2>&12>&1
atmsvcd:2:once:/usr/sbin/atmsvcd
atmsvcd:2:once:/usr/sbin/atmsvcd >/dev/console
>/dev/console 2>&1
2>&1
.T ció
tunables:23456789:wait:/usr/sbin/tunrestore
tunables:23456789:wait:/usr/sbin/tunrestore -R -R >> /dev/console
/dev/console 2>&1
2>&1 ## Set
Set tunables
tunables
rc:23456789:wait:/etc/rc
rc:23456789:wait:/etc/rc 2>&1
2>&1 || alog
alog -tboot
/dev/console ## Multi-User
Multi-User checks
checks
rcemgr:23456789:once:/usr/sbin/emgr
rcemgr:23456789:once:/usr/sbin/emgr -B -B >> /dev/null
/dev/null 2>&1
2>&1
fbcheck:23456789:wait:/usr/sbin/fbcheck
fbcheck:23456789:wait:/usr/sbin/fbcheck 2>&12>&1 || alog
alog -tboot
/dev/console
srcmstr:23456789:respawn:/usr/sbin/srcmstr
srcmstr:23456789:respawn:/usr/sbin/srcmstr ## System
System Resource
Resource Controller
.
Controller
rctcpip:23456789:wait:/etc/rc.tcpip
rctcpip:23456789:wait:/etc/rc.tcpip >> /dev/console
/dev/console 2>&1
2>&1 ## Start
Start TCP/IP
TCP/IP daemons
daemons
C
rcnfs:23456789:wait:/etc/rc.nfs
rcnfs:23456789:wait:/etc/rc.nfs >> /dev/console
/dev/console 2>&1
2>&1 ## Start
Start NFS
NFS Daemons
Daemons
.F a
sniinst:2:wait:/var/adm/sni/sniprei
sniinst:2:wait:/var/adm/sni/sniprei >> /dev/console
/dev/console 2>&1
2>&1
cron:23456789:respawn:/usr/sbin/cron
cron:23456789:respawn:/usr/sbin/cron
qdaemon:23456789:wait:/usr/bin/startsrc
qdaemon:23456789:wait:/usr/bin/startsrc -sqdaemon
-sqdaemon
C rm
writesrv:23456789:wait:/usr/bin/startsrc
writesrv:23456789:wait:/usr/bin/startsrc -swritesrv
-swritesrv
uprintfd:23456789:respawn:/usr/sbin/uprintfd
uprintfd:23456789:respawn:/usr/sbin/uprintfd
shdaemon:2:off:/usr/sbin/shdaemon
shdaemon:2:off:/usr/sbin/shdaemon >/dev/console
>/dev/console 2>&1
2>&1 ## High
High availability
availability daemon
daemon
l2:2:wait:/etc/rc.d/rc
l2:2:wait:/etc/rc.d/rc 22
to fo
……………
……………
ec vo

Figure 3-10. /etc/inittab AN123.0
Notes:
oy si
Introduction
u
The /etc/inittab file lists the processes that init starts, and it also specifies when to
start them. If this file gets corrupted, the system cannot boot properly. Because of this, it
cl
is a good idea to keep a backup of this file. This file should never be edited directly. Use
lsitab, chitab, and mkitab commands. After editing the /etc/inittab file, force the
system to reread the file by using the telinit q command.
Ex
To list the inittab type: lsitab –a

To add an entry into the inittab type: mkitab [ -i Identifier ] { [ Identifier ] :
[ RunLevel ] : [ Action ] : [ Command ] }
pr
• Example: mkitab "tty002:2:respawn:/usr/sbin/getty /dev/tty2"

To chance an entry in the inittab type: chitab { [ Identifier ] : [ RunLevel ] :
[ Action ] : [ Command ] }
• Example: chitab "tty002:4:respawn:/usr/sbin/getty /dev/tty"
Student Notebook
Format of entries
The individual line entries in /etc/inittab contain the following fields:
• Id: Up to 14 characters that identify the process.
• Runlevel: Defines the run levels for which the process is valid. AIX uses run levels of
0-9. If the telinit command is used to change the run level, a SIGTERM signal is sent to
all processes that are not defined for the new run level. If, after 20 seconds, a process
.I. n
has not terminated, a SIGKILL signal is sent. The default run level for the system is 2,
which is AIX multiuser mode.
.T ció
• Action: How to treat the process. Valid actions are:
- respawn: If the process does not exist, start it. If the process dies then restart it.
.
- wait: Start the process and wait for it to finish before reading the next line.
C
.F a
- once: Start the process and immediately read the next line. Do not restart it if it
stops.
C rm
- sysinit: Commands to be run before trying to access the console
- off: Do not run the command.
- Command. Use the AIX command to run to start the process.
to fo
Run levels
AIX uses a default run level of 2. This is the normal multi-user mode. You may want to
perform maintenance on your system without having other users logged in. The
ec vo
command shutdown -m places your machine into a single user mode terminating all
logins. Once the machine reaches the single user mode, you are prompted to enter the
root password. When you are ready to return to normal mode, type telinit 2.
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Run levels
IBM Power Systems
• Run levels on AIX:

– 0 and 1: Reserved for future use
– 2 default (normal): Multi-user mode
.I. n
– 3 through 9: Free to be defined by the administrator
.T ció
• The telinit or init command can be used to change run
levels.
.
C
– a, b, c, and h can be initiated during any run level start-up, 2 through 9,
.F a
without killing any existing run level processes.
– S, s, M, m, results in the system entering single user / maintenance
C rm
mode.
– Q, q, re-examines and processes the /etc/inittab file on request.
to fo
Example: To go from single user to multi-user mode, execute:
# telinit 2
ec vo

Figure 3-11. Run levels AN123.0
Notes:
oy si
Run levels define the behavior of init, and by extension, those processes which run on the
system when it is at any given level. A run level is a software configuration that allows only
u
a selected group of processes to exist. The system can be at one of the following run
levels:
cl
• 0-9
Ex
Tells the init command to place the system in one run level 0-9
When the init command requests a change to run levels 0-9, it kills all processes at the
current run levels and then restarts any processes associated with the new run levels.
• 0-1
pr
Reserved for the future use of the operating system

• 2
Contains all of the terminal processes and daemons that are run in the multiuser
environment
Student Notebook
In the multiuser environment, the /etc/inittab file is set up so that the init command
creates a process for each terminal on the system. The console device driver is also set
to run at all run levels so the system can be operated with only the console active.
• 3-9
Can be defined according to the user's preferences
• S,s,M,m
.I. n
Tells the init command to enter the maintenance mode. When the system enters
maintenance mode from another run level, only the system console is used as the
.T ció
terminal.
• a,b,c,h
.
Tells the init command to process only those records in the /etc/inittab file with a, b,
C
.F a
c, or h in the run level field. These four arguments, a, b, c, and h, are not true run levels.
They differ from run levels in that the init command cannot request the entire system to
C rm
enter run levels a, b, c, or h. When the init command finds a record in the /etc/inittab
file with a value of a, b, c, or h in the run level field, it starts the process. However, it
does not kill any processes at the current run level. Processes with a value of a, b, c, or
h in the run level field, are started in addition to the processes already running at the
to fo
current system run level. Another difference between true run levels and a, b, c, or h, is
that processes started with a, b, c, or h are not stopped when the init command
changes run levels. There are three ways to stop a, b, c, or h processes:
- Type off in the Action field.
ec vo
- Delete the objects entirely.

- Use the init command to enter maintenance state.
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Directory and script control

IBM Power Systems
• Startup and stop scripts can be defined for each run level
which are automatically invoked at entry and exit.
.I. n
/etc/rc.d
/etc/rc.d ## ls
ls –R
–R
.T ció
init.d
init.d rc
rc rc2.d
rc2.d rc3.d
rc3.d rc4.d
rc4.d rc5.d
rc5.d rc6.d
rc6.d rc7.d
rc7.d rc8.d
rc8.d rc9.d
rc9.d
./init.d:
./init.d:
./rc2.d:
./rc2.d:
Ksshd
Ksshd Kwpars
Kwpars Ssshd
Ssshd Scripts starting
.
with S are invoked
C
./rc3.d:
./rc3.d: at boot time by
.F a
./rc4.d:
./rc4.d:
/etc/rc.d/rc.
./rc5.d:
C rm
./rc5.d:
./rc6.d:
./rc6.d:
Scripts starting with K are
./rc7.d:
./rc7.d:
invoked synchronously by
shutdown with one argument:
./rc8.d:
./rc8.d: 'stop'. They are also called on
to fo
startup prior to invoking the start
./rc9.d:
./rc9.d: scripts.
ec vo

Figure 3-12. Directory and script control AN123.0
Notes:
oy si
Run level control scripts

u
Run level scripts enable system administrators to start and stop selected applications
and services, or perform tasks during system start-up, shutdown or during run level
cl
change. Run level scripts need to be created in the subdirectory of /etc/rc.d that is
specific to the run level. Scripts beginning with K are stop scripts, while scripts
beginning with S are start scripts.
Ex
pr
Student Notebook
System Resource Controller

IBM Power Systems
• Provides a single interface to control subsystems

• Controls individual subsystems or groups of subsystems
.I. n
## ps
ps -ef
-ef |grep
|grep src
src SRC
UID
UID PID
PID PPID
PPID CC STIME
STIME TTY
TTY TIME
TIME CMD
CMD Master
.T ció
root
root 172178
172178 11 00 18
18 Sep
Sep -- 0:00
0:00 /usr/sbin/srcmstr
/usr/sbin/srcmstr process
## ps
ps -T
-T 172178
172178
PID
PID TTY
TTY TIME
TIME CMD
CMD
Parent
172178 -- 0:00
0:00 srcmstr PID = init
.
172178 srcmstr
151672
151672 -- 0:01
0:01 |\--syslogd
|\--syslogd
C
163968
163968 -- 0:00
0:00 |\--inetd
|\--inetd
.F a
303160 -- 0:00 || \--rlogind
303160
512170
0:00 \--rlogind Subsystem
512170 pts/0
pts/0 0:00
0:00 || \--ksh
\--ksh
463024
463024 pts/0
pts/0 0:00
0:00 || \--ps
\--ps
C rm
168088
168088 -- 0:00
0:00 |\--portmap
|\--portmap
180418
180418 -- 0:00
0:00 |\--IBM.ServiceRMd
|\--IBM.ServiceRMd
188650 -- 1:24 |\--rmcd
188650
200856 --
1:24
3:47
|\--rmcd
|\--clstrmgr
Subserver
200856 3:47 |\--clstrmgr
204904
204904 -- 0:00
0:00 |\--tftpd
|\--tftpd
176288
176288 -- 0:00
0:00 || \--tftpd
\--tftpd
213102
213102 -- 0:00
0:00 |\--sshd
|\--sshd
to fo
221334
221334 -- 0:00
0:00 |\--snmpdv3ne
|\--snmpdv3ne
254124
254124 -- 0:00
0:00 |\--IBM.DRMd
|\--IBM.DRMd
262276
262276 -- 0:59
0:59 |\--IBM.CSMAgentRMd
|\--IBM.CSMAgentRMd
417800
417800 -- 0:00
0:00 \--ctcasd
\--ctcasd
ec vo

Figure 3-13. System Resource Controller AN123.0
Notes:
oy si
Purpose of the System Resource Controller

u
The System Resource Controller (SRC) provides a set of commands to make it easier
for the administrator to control subsystems. A subsystem is a daemon, or server, that is
cl
controlled by the SRC. A subserver is a daemon that is controlled by a subsystem.

Daemon commands and daemon names are usually denoted by a d at the end of the
name. For example, inetd is a subsystem and can be controlled through SRC
Ex
commands. rlogind is a subserver which is started by the inetd subsystem as shown in

the visual.
pr
V8.2
Student Notebook
Uempty
Listing subsystems
IBM Power Systems
• The lssrc command is used to list subsystems.

## lssrc
lssrc -a
.I. n
-a
Subsystem
Subsystem Group
Group PID
PID Status
Status
syslogd
syslogd ras
ras 151672
151672 active
active
portmap portmap 168088 active
.T ció
portmap portmap 168088 active
inetd
inetd tcpip
tcpip 163968
163968 active
active
tftpd
tftpd tcpip
tcpip 204904
204904 active
active
sshd
sshd ssh
ssh 213102
213102 active
active
ctrmc
ctrmc rsct
rsct 188650
188650 active
active
.
snmpd
snmpd tcpip
tcpip 221334
221334 active
active
clcomdES clcomdES 225414 active
C
clcomdES clcomdES 225414 active
clstrmgrES
clstrmgrES cluster
cluster 200856
200856 active
active
.F a
ctcas
ctcas rsct
rsct 417800
417800 active
active
qdaemon
qdaemon spooler
spooler inoperative
inoperative
writesrv
writesrv spooler
spooler inoperative
inoperative
C rm
lpd
lpd spooler
spooler inoperative
inoperative
….
…. Removed
Removed for clarity …..
for clarity …..
lssrc –g
## lssrc –g tcpip
tcpip |grep
|grep active
active
Subsystem
Subsystem Group
Group PID
PID Status
Status
to fo
inetd
inetd tcpip
tcpip 163968
163968 active
active
tftpd
tftpd tcpip
tcpip 204904
204904 active
active
snmpd
snmpd tcpip
tcpip 221334
221334 active
active
ec vo

Figure 3-14. Listing subsystems AN123.0
Notes:
oy si
Introduction
u
In this section, we discuss some examples of SRC commands.

Listing SRC status
cl
The lssrc command is used to show the status of the SRC subsystems. In the example
shown on the visual, we are checking the status of all subsystems using the -a flag and
Ex
the TCP/IP group using the -g flag.

Specifying a subsystem or subsystem group
The -s and -g flags are used to specify subsystems or subsystem groups, respectively.
pr
Student Notebook
SRC control
IBM Power Systems
• Controlling subsystems
## stopsrc
stopsrc -s
-s inetd
inetd
.I. n
0513-044
0513-044 The
The /usr/sbin/inetd
/usr/sbin/inetd Subsystem
Subsystem was
was requested
requested to
to stop.
stop.
.T ció
## startsrc
startsrc -s
-s inetd
inetd
0513-059
0513-059 The inetd
The inetd Subsystem
Subsystem has
has been
been started.
started. Subsystem
Subsystem PID
PID is
is
311374.
311374.
.
## refresh
refresh -s
-s inetd
inetd
C
0513-095
0513-095 The
The request
request for
for subsystem
subsystem refresh
refresh was
was completed
.F a
completed
successfully.
successfully.
Not all
C rm
subsystems
support being
refreshed.
to fo
## refresh
refresh -s
-s sshd
sshd
0513-005
0513-005 The Subsystem,
The Subsystem, sshd,
sshd, only
only supports
supports signal
signal
communication.
communication.
ec vo

Figure 3-15. SRC control AN123.0
Notes:
oy si
If a change is made to a subsystem configuration, then the subsystem will need to be

refreshed. For example, if the entry for the ftp service is disabled in the inetd.conf file, then
u
the inetd subsystem will need to be refreshed by using refresh command. Not all
subsystems can be refreshed. If this is the case, simply use startsrc and stopsrc
cl
commands.
Ex
pr
V8.2
Student Notebook
Uempty
AIX partition shutdown (1 of 2)

IBM Power Systems
• The shutdown command, by default:

– Gracefully stops all activity on the system.
– Warns users of an impending shutdown.
.I. n
Do a fast shutdown,
.T ció
bypassing the
## shutdown
shutdown -Fr
-Fr messages to users,
SHUTDOWN and reboot the
SHUTDOWN PROGRAM
PROGRAM
.
Thu system.
Thu 99 Oct
Oct 20:15:49
20:15:49 2008
2008
C
0513-044
0513-044 The
The sshd
sshd Subsystem
Subsystem was
was requested
requested to
to stop.
stop.
.F a
Wait for 'Rebooting...' before stopping.
Wait for 'Rebooting...' before stopping.
Oct
Oct 99 2008
2008 20:15:50
20:15:50 /usr/es/sbin/cluster/utilities/clstop:
/usr/es/sbin/cluster/utilities/clstop: called
called with
with
flags
flags -f
-f -y
-y -s
-s -N
-N -S
-S
C rm
0513-004
0513-004 The
The Subsystem
Subsystem or
or Group,
Group, clinfoES,
clinfoES, is
is currently
currently inoperative.
inoperative.
Error
Error logging
logging stopped...
stopped...
Advanced
Advanced Accounting
Accounting has
has stopped...
stopped...
Process
Process accounting
accounting stopped...
stopped...
Stopping
Stopping NFS/NIS
NFS/NIS Daemons
Daemons
to fo
Connection
Connection closed.
closed.
ec vo

Figure 3-16. AIX partition shutdown (1 of 2) AN123.0
Notes:
oy si
Introduction
u
The SMIT shutdown fastpath or the shutdown command is used to shut the system
down cleanly. If used with no options, shutdown displays a message on all enabled
cl
terminals (using the wall command), then (after one minute) disables all terminals, kills
all processes on the system, syncs the disks, unmounts all file systems, and then halts
the system.
Ex
Some commonly used options

You can also use shutdown with the -F option for a fast immediate shutdown (no
warning), -r to reboot after the shutdown or -m to bring the system down into
pr
maintenance mode. The -k flag specifies a “pretend” shutdown. It appears to all users
that the machine is about to shut down, but no shutdown actually occurs.
Shutting down to single-user mode
Use the following command to shut down the system to single-user mode:
# shutdown -m
Student Notebook
Creating a customized shutdown sequence

If you need a customized shutdown sequence, you can create a file called
/etc/rc.shutdown. If this file exists, it is called by the shutdown command and is
executed first, “that is, before normal shutdown processing begins”. This is useful if, for
example, you need to close a database prior to a shutdown. If rc.shutdown fails
(non-zero return code value), the shutdown is terminated.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
AIX partition shutdown (2 of 2)

IBM Power Systems
• AIX shutdown can also be initiated from the HMC.

# ssh hscroot@<hmc> chsysstate -o osshutdown
.I. n
.T ció
.
Do a fast
C
shutdown,
.F a
shutdown -F
C rm
to fo
ec vo

Figure 3-17. AIX partition shutdown (2 of 2) AN123.0
Notes:
oy si
From the HMC, the following shutdown options are supported. Generally, best practice is to
shutdown AIX from within the partition.
u
• Delayed: The HMC shuts down the logical partition using the delayed power-off
cl
sequence. This allows the logical partition time to end jobs and write data to disks. If the
logical partition is unable to shut down within the predetermined amount of time, it will
end abnormally and the next restart may be longer than normal.
Ex
• Immediate: The HMC shuts down the logical partition immediately. The HMC ends all
active jobs immediately. The programs running in those jobs are not allowed to perform
any job cleanup. This option might cause undesirable results if data has been partially
pr
updated. Use this option only after a controlled shutdown has been unsuccessfully
attempted.
• Operating System: The HMC shuts down the logical partition normally by issuing a
shutdown command to the logical partition. During this operation, the logical partition
performs any necessary shutdown activities. This option is only available for AIX logical
partitions.
Student Notebook
• Operating System Immediate: The HMC shuts down the logical partition immediately
by issuing a shutdown -F command to the logical partition. During this operation, the
logical partition bypasses messages to other users and other shutdown activities. This
option is only available for AIX logical partitions.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Managed system shutdown

IBM Power Systems
• Ensure all partitions have been shut down first!

# ssh hscroot@<hmc> chsysstate -m <ms_name> -r sys -o off
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Figure 3-18. Managed system shutdown AN123.0
Notes:
oy si
Power down partitions first

u
Before you power off the managed system, you must first shut down the operating systems
in each of the running partitions. Otherwise, they will terminate abnormally which may lead
cl
to file system corruption.

After selecting the Power Off item from the Managed System's Operations task menu, you
Ex
must choose between the Normal power off procedure and the Fast power off procedure.
• Normal power off: The system ends all active tasks in a controlled manner. During that
time, the service processor and the POWER Hypervisor are allowed to perform cleanup
(end-of-job-processing).
pr
• Fast power-off: The system ends all active tasks immediately. The programs running in
the service processor and the POWER Hypervisor are not allowed to perform any
cleanup.
Student Notebook
Checkpoint
IBM Power Systems
1. What is the first process that is created on the system and

which file does it reference to initiate all the other processes
.I. n
that have to be started?
.T ció
2. Which AIX feature can be used to stop and start
subsystems and groups of daemons?
.
C
.F a
3. True or False: You can only execute the shutdown
C rm
command from the console.
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
System startup and
shutdown
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
• Explain the difference between SMS and normal startup
.
C
modes
.F a
C rm
• Use System Resource Controller commands to start, stop,
and display AIX subsystems
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 4. AIX installation

This unit describes the process of installing the AIX 6.1 operating
system.
.I. n
.T ció
.
• List the installation methods for AIX
C
.F a
• List the steps necessary to install the AIX base operating system
• Install and understand all the options when installing AIX from
C rm
optical media
• Carry out post installation tasks
to fo
ec vo
References
oy si
Online AIX Version 7.1 Installation and migration

SG25-7559 IBM AIX Version 7.1 Difference Guide (Redbook)
u
SC23-6629 AIX Version 6.1 Release Notes

cl
GI11-9815 AIX Version 7.1 Release Notes

SC23-6630 AIX Version 7.1 Expansion Pack Release Notes
Ex

pr
© Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-1

Student Notebook
Unit objectives
IBM Power Systems

.I. n
• List the steps necessary to install the AIX base operating
.T ció
system
• Install and understand all the options when installing AIX
.
from optical media
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Installation methods for AIX 7

IBM Power Systems
• Pre-installation option (for a new system order)
.I. n
• DVD (FC 3435)
.T ció
• Network:
.
– Network Installation Manager (NIM)
C
.F a
– Details covered in IBM training course: AIX Installation Management
(AN22G)
C rm
to fo
ec vo

Figure 4-2. Installation methods for AIX 7 AN123.0
Notes:
oy si
When a Power system order is placed with IBM, or a business partner, there are options to
have the system preconfigured. This pre-configuration consists of LPAR creation and
u
installation of OS software including AIX.

cl
AIX 6 and AIX 7 are delivered, by default, on DVD media. Optionally, AIX 6 can also be
ordered on CD (one through eight disks).
Ex
In an LPAR environment, NIM is a very popular method of installing and updating AIX. NIM
is a large topic and is covered in-depth in the AN22 education class.
pr

Student Notebook
AIX installation in a partition (DVD)

IBM Power Systems
• Steps:
Assume a partition and partition profile have already been created.
.I. n
1. Place the AIX DVD in the drive.
2. Activate the partition to SMS and open terminal window.
.T ció
3. Select to boot device using SMS menus in the terminal window.
4. Interact with the AIX install menus.
.
C
.F a
• Note, the partition must either:
C rm
– Have PCI slot which controls a drive which will read CD-ROMs.
OR
– Be allocated a CD-ROM device though a VIOS server (as a virtual
to fo
optical SCSI device).
ec vo

Figure 4-3. AIX installation in a partition (DVD) AN123.0
Notes:
oy si
To install AIX into a partition, the partition and profile must first be created through the
HMC. The partition must have access to a device slot which contains the optical media
u
drawer. If a virtualized environment is to be deployed, then the VIOS partition will probably
own the optical device. In that case, it is still possible to make this CD available to a
cl
partition as a virtual optical SCSI device. In VIOS version 1.5, a new feature was added
which allows a media ISO image to be allocated to multiple partitions, through the
Ex
file-backed virtual optical device feature.

To install AIX from the optical drive, either boot into SMS mode and choose to boot from the
optical media device, or start the partition with the “Diagnostic with default boot list”. Then
follow and interact with the menus.
pr
V8.2
Student Notebook
Uempty
Installing AIX from DVD (1 of 2)

IBM Power Systems
• Boot partition into SMS mode and select DVD.

PowerPC
PowerPC Firmware
Firmware
Version
Version SF240_338
SF240_338
.I. n
SMS
SMS 1.6
1.6 (c)
(c) Copyright
Copyright IBM
IBM Corp.
Corp. 2000,2005
2000,2005 All
All rights
rights reserved.
reserved.
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Main
Main Menu
Menu
.T ció
1.
1. Select
Select Language
Language
2.
2. Setup
Setup Remote
Remote IPL
IPL (Initial
(Initial Program
Program Load)
Load) #then
#then select
select the
the adapter
adapter && IP
IP Parameters
Parameters
3.
3. Change
Change SCSI
SCSI Settings
Settings
4.
4. Select
Select Console
Console
5.
5. Select
Select Boot
Boot Options
.
Options
C
Multiboot
Multiboot
.F a
1.
1. Select
Select Install/Boot
Install/Boot Device
Device
C rm
Select
Select Device
Device Type
Type
3.
3. CD/DVD
CD/DVD
Select
Select Media
Media Type
Type
9. Select the CD-ROM
9. List
List All
All Devices
Devices
drive from the list.
to fo
Select
Select Device
Device
Device
Device Current
Current Device
Device
Number
Number Position
Position Name
Name
1.
1. -- SCSI
SCSI CD-ROM
CD-ROM
(( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0
loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 ))
ec vo

Figure 4-4. Installing AIX from DVD (1 of 2) AN123.0
Notes:
oy si
When SMS starts, choose option 5, followed by the boot device (in this case CD/DVD). The
system will then display all devices of this type. In the visual, there is only one such device.
u
Select this device number and then press Enter.

cl
Ex
pr

Student Notebook
Installing AIX from DVD (2 of 2)

IBM Power Systems
Select
Select Task
Task
SCSI
SCSI CD-ROM
CD-ROM
(( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0
loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 ))
.I. n
1.
1. Information
Information
2.
2. Normal
Normal Mode
Mode Boot
Boot
.T ció
3.
3. Service
Service Mode
Mode Boot
Boot
Are
Are you
you sure
sure you
you want
want to
to exit
exit System
System Management
Management Services?
Services?
.
1.
1. YesYes
2.
2. No No
C
.F a
• The system will now boot from the DVD.
C rm
*******
******* Please
Please define
define the
the System
System Console.
Console. *******
*******
Type
Type aa 11 and
and press
press Enter
Enter to
to use
use this
this terminal
terminal as
as the
the
system
system console.
console.
to fo
>>>
>>> 11 Type
Type 11 and
and press
press Enter
Enter to
to have
have English
English during
during install.
install.
ec vo

Figure 4-5. Installing AIX from DVD (2 of 2) AN123.0
Notes:
oy si
Once the optical media device is selected, we need to perform a normal boot and exit SMS
as shown in the visual. The partition will then proceed and boot from the optical media
u
drive. The first interactive step is to type <1>, and then press Enter to use the terminal as
the system console.
cl
Ex
pr
V8.2
Student Notebook
Uempty
Installation and Maintenance

IBM Power Systems
• Main Installation and Maintenance menu
.I. n
Welcome
Welcome to
to Base
Base Operating
Operating System
System
Installation
Installation and
and Maintenance
Maintenance
.T ció
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter. Choice
Choice is
is indicated
indicated by
by >>>.
>>>.
>>>
>>> 11 Start
Start Install
Install Now
Now with
with Default
Default Settings
Settings
22 Change/Show
Change/Show Installation
Installation Settings
Settings and
and Install
Install
.
C
33 Start
Start Maintenance
Maintenance Mode
Mode for
for System
System Recovery
Recovery
.F a
44 Configure
Configure Network
Network Disks
Disks (iSCSI)
(iSCSI)
88
88 Help
Help ??
C rm
99
99 Previous
Previous Menu
Menu
>>>
>>> Choice
Choice [1]:
[1]: 22
to fo
• Best practice, always look first at the install options (2)
ec vo

Figure 4-6. Installation and Maintenance AN123.0
Notes:
oy si
If option 1 is selected, a default system installation will occur. However, in most cases you
may want to see and change the default settings. To do this, type a <2> and press Enter.
u
Select 88 to display help on this or any subsequent installation screen.

cl
Ex
pr

Student Notebook
Installation and Settings

IBM Power Systems
• Installation and Settings menu

Installation
Installation and
and Settings
Settings
.I. n
Either
Either type
type 00 and
and press
press Enter
Enter to
to install
install with
with current
current settings,
settings, or
or type
type the
the
number
number of
of the
the setting
setting you
you want
want to
to change
change and
and press
press Enter.
Enter.
.T ció
11 System
System Settings:
Settings:
Method
Method of
of Installation.............New
Installation.............New andand Complete
Complete Overwrite
Overwrite
Disk
Disk Where You
Where You Want
Want to
to Install.....hdisk0
Install.....hdisk0
22 Primary
Primary Language
Language Environment
Environment Settings
Settings (AFTER
(AFTER Install):
Install):
.
Cultural
Cultural Convention................English
Convention................English (United
(United States)
States)
C
Language
Language ..........................English
..........................English (United
(United States)
States)
Keyboard ..........................English (United States)
.F a
Keyboard ..........................English (United States)
Keyboard Type......................Default
Keyboard Type......................Default
33 Security
Security Model.......................Default
Model.......................Default
C rm
44 More
More Options
Options (Software
(Software install
install options)
options)
>>>
>>> 00 Install
Install with
with the
the current
current settings
settings listed
listed above.
above.
+-----------------------------------------------------
+-----------------------------------------------------
88
88 Help
Help ?? || WARNING:
WARNING: Base
Base Operating
Operating System
System Installation
Installation will
will
to fo
99
99 Previous
Previous Menu
Menu || destroy
destroy or
or impair
impair recovery
recovery of
of ALL
ALL data
data on
on the
the
|| destination disk hdisk0.
destination disk hdisk0.
>>>
>>> Choice
Choice [0]:
[0]:
• Let's explore each option in more detail.

ec vo

Figure 4-7. Installation and Settings AN123.0
Notes:
oy si
The installation and Settings menu enables you to set the key options and configuration
settings to be deployed during installation.
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Method of installation
IBM Power Systems
• Choose option 1 for a fresh install.

Change
Change Method
Method of
of Installation
Installation
.I. n
Type
Type the
the number
number of
of the
the installation
installation method
method and
and press
press Enter.
Enter.
>>>
>>> 11 New
New and
and Complete
Complete Overwrite
Overwrite
.T ció
Overwrites
Overwrites EVERYTHING
EVERYTHING on
on the
the disk
disk selected
selected for
for installation.
installation.
Warning:
Warning: Only use this
Only use this method
method if
if the
the disk
disk is
is totally
totally empty
empty or
or if
if there
there
is nothing on the disk you want to preserve.
is nothing on the disk you want to preserve.
22 Preservation
Preservation Install
Install
.
Preserves
Preserves SOME
SOME of
of the
the existing
existing data
data on
on the
the disk
disk selected
selected for
for
C
installation.
installation. Warning:
Warning: This
This method
method overwrites
overwrites the
the usr
usr (/usr),
(/usr),
variable
variable (/var), temporary (/tmp), and root (/) file systems. Other
(/var), temporary (/tmp), and root (/) file systems.
.F a
Other
product
product (applications)
(applications) files
files and
and configuration
configuration data
data will
will be
be destroyed.
destroyed.
33 Migration
Migration Install
Install
C rm
Upgrades
Upgrades the
the Base
Base Operating
Operating System
System to
to the
the current
current release.
release.
Other
Other product
product (applications)
(applications) files
files and
and configuration
configuration data
data are
are saved.
saved.
88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu
to fo
>>>
>>> Choice
Choice [1]:
[1]:
ec vo

Figure 4-8. Method of installation AN123.0
Notes:
oy si
Changing the method of installation

u
When you select Option 1 in the Installation and Settings menu to change the method of
installation, the Change Method of Installation sub-menu shown in the visual is
cl
displayed. The contents of which depends on the current state of the machine.
Complete Overwrite Install
Ex
On a new machine, New and Complete Overwrite is the only possible method of
installation. On an existing machine, if you want to completely overwrite the existing
version of BOS, then you should use this method.
Preservation Install
pr
Use the Preservation Install method when a previous version of BOS is installed on
your system and you want to preserve the user data in the root volume group. This
method removes only the contents of /usr, / (root), /var and /tmp. The Preservation
Install option preserves page and dump devices as well as /home and other

Student Notebook
user-created file systems. System configuration has to be done after doing a

preservation installation.
Migration Install
Use the Migration Install method to upgrade from one version and release of AIX t a
different version and release, while preserving the existing root volume group. For
example, when migrating from AIX 6.1 to an AIX 7.1. This method preserves all file
systems except /tmp, as well as the logical volumes and system configuration files.
.I. n
Obsolete or selective fix files are removed.
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Installation disks
IBM Power Systems
• Select disks to be used for the installation.

Change
Change Disk(s)
Disk(s) Where
Where You
You Want
Want to
to Install
Install
.I. n
Type
Type one
one or
or more
more numbers
numbers for
for the
the disk(s)
disk(s) to
to be
be used
used for
for installation
installation and
and press
press
Enter.
Enter. To
To cancel
cancel aa choice,
choice, type
type the
the corresponding
corresponding number
number and
and Press
Press Enter.
Enter.
At
At least
least one
one bootable
bootable disk
disk must
must be
be selected.
selected. The
The current
current choice
choice is
is indicated
indicated
.T ció
by
by >>>.
>>>.
Name
Name Location
Location Code
Code Size(MB)
Size(MB) VG
VG Status
Status Bootable
Bootable
>>>
>>> 11 hdisk0
hdisk0 none
none 6528
6528 rootvg
rootvg Yes
Yes
.
22 hdisk1
hdisk1 none
none 6528
6528 rootvg
rootvg Yes
Yes Note: Some SAN
C
33 hdisk2
hdisk2 none
none 6528
6528 none
none Yes
Yes
44 hdisk3 none 6528 none Yes disks might appear
.F a
hdisk3 none 6528 none Yes
non-bootable. If
so, change the
C rm
>>>
>>> 00 Continue
Continue with
with choices
choices indicated
indicated above
above setting on the disk
55
55 More
More Disk
Disk Options
Options subsystem for the
66
66 Devices
Devices not known to Base Operating System
not known to Base Operating System Installation
Installation
77
77 Display
Display More
More Disk
Disk Information
Information
LUNs.
88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu
Name Device
Device Adapter
Adapter Connection
Connection Location
to fo
>>> Name Location
>>> Choice
Choice [0]:
[0]: or
or Physical
Physical Location
Location Code
Code
>>>
>>> 11 hdisk0
hdisk0 U9113.550.65F2E7F-V11-C2-T1-L810000000000
U9113.550.65F2E7F-V11-C2-T1-L810000000000
22 hdisk1
hdisk1 U9113.550.65F2E7F-V11-C2-T1-L820000000000
U9113.550.65F2E7F-V11-C2-T1-L820000000000
33 hdisk2
hdisk2 U9113.550.65F2E7F-V11-C6-T1-L830000000000
U9113.550.65F2E7F-V11-C6-T1-L830000000000
44 hdisk3
hdisk3 U9113.550.65F2E7F-V11-C6-T1-L810000000000
U9113.550.65F2E7F-V11-C6-T1-L810000000000
ec vo

Figure 4-9. Installation disks AN123.0
Notes:
oy si
Selecting installation disks

u
After you select the type of installation, you must then select the disks that are to be used
for the installation. A list of all the available disks is displayed, similar to the one shown.
cl
This screen also gives you the option to install to an unsupported disk by adding the code
for the device first.
Ex
When you have finished selecting the disks, type <0> in the Choice field and press Enter.
pr

Student Notebook
Set Primary Language Environment

IBM Power Systems
• Default language environment is en_US (US English).

Set
Set Primary
Primary Language
Language Environment
Environment
.I. n
Type
Type the
the number
number for
for the
the Cultural
Cultural Convention
Convention (such
(such as
as date,
date, time,
time, and
and
money),
money), Language,
Language, and
and Keyboard
Keyboard for
for this
this system
system and
and press
press Enter,
Enter, or
or type
type
159
159 and
and press
press Enter
Enter to
to create
create your
your own
own combination.
combination.
.T ció
Cultural
Cultural Convention
Convention Language
Language Keyboard
Keyboard
11 CC (POSIX)
(POSIX) CC (POSIX)
(POSIX) CC (POSIX)
(POSIX)
22 Albanian
Albanian English
English (United
(United States)
States) Albanian
Albanian
.
33 Arabic
Arabic (Algeria)
(Algeria) English
English (United
(United States)
States) Arabic
Arabic (Algeria)
(Algeria)
C
44 Arabic
Arabic (Bahrain)
(Bahrain) English
English (United
(United States)
States) Arabic
Arabic (Bahrain)
(Bahrain)
55 Arabic (Egypt) English (United States) Arabic (Egypt)
.F a
Arabic (Egypt) English (United States) Arabic (Egypt)
66 Arabic (Jordan)
Arabic (Jordan) English (United States) Arabic (Jordan)
English (United States) Arabic (Jordan)
77 Arabic
Arabic (Kuwait)
(Kuwait) English
English (United
(United States)
States) Arabic
Arabic (Kuwait)
(Kuwait)
88 Arabic
Arabic (Lebanon)
(Lebanon) English
English (United
(United States)
States) Arabic
Arabic (Lebanon)
(Lebanon)
C rm
99 Arabic
Arabic (Morocco)
(Morocco) English
English (United
(United States)
States) Arabic
Arabic (Morocco)
(Morocco)
>>>
>>> 10
10 MORE
MORE CHOICES...
CHOICES...
88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu
to fo
>>>
>>> Choice
Choice [10]:
[10]:
ec vo

Figure 4-10. Set Primary Language Environment AN123.0
Notes:
oy si
At this point in the installation process, you can change the language and cultural
convention that is used on the system after installation. This screen will display a full list of
u
supported languages.
cl
It is recommended that if you are going to change the language, change it at this point
rather than after the installation is complete. Whatever language is specified at this point is
obtained from the installation media.
Ex
Cultural Convention determines the way numeric, monetary, and date and time
characteristics are displayed.
The Language field determines the language used to display text and system messages.
pr
The Keyboard field determines the mapping of the keyboard for the selected language
convention.
V8.2
Student Notebook
Uempty
Security Models
IBM Power Systems
• These settings are beyond the scope of this class.

– Covered in course: Implementing AIX Security Features
.I. n
• Security models are all set to NO by default.
Security
Security Models
Models
.T ció
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter.
1.
1. Trusted
Trusted AIX.............................................
AIX............................................. No
No
.
2.
2. Other
Other Security
Security Options
Options (Trusted
(Trusted AIX
AIX and
and Standard)
C
Standard)
Security
Security options
options vary
vary based
based on
on choices.
.F a
choices.
LSPP, SbD, CAP/CCEVAL,
LSPP, SbD, CAP/CCEVAL, TCB
TCB Default....................................... No
1.
1. Secure
Secure by
by Default....................................... No
C rm
2.
2. CAPP
CAPP and
and EAL4+
EAL4+ Configuration
Configuration Install....................
Install.................... No
No
to fo 3.
3. Trusted
Trusted Computing
Computing Base
Base Install..........................
Install.......................... No
No
>>>
>>> 00 Continue
Continue to
to more
more software
software options.
options.
88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu
>>>
>>> Choice
Choice [0]:
[0]:
ec vo

Figure 4-11. Security Models AN123.0
Notes:
oy si
Type <1> and press Enter to change the selection for Trusted AIX. Trusted AIX enables
Multi Level Security (MLS) capabilities in AIX MLS is also referred to as label-based
u
security.
cl
As compared to regular AIX, Trusted AIX label-based security implements labels for all
subjects and objects in the system. Access controls in the system are based on labels that
provide for an MLS environment and include support for the following:
Ex
• Labeled objects: Files, IPC objects, network packets, and other labeled objects
• Labeled printers
• Trusted Network: Support for RIPSO and CIPSO in IPv4 and IPv6
pr
Note that once you choose this mode of installation, you will not be able to go back to a
regular AIX environment without performing an overwrite install of regular AIX. Evaluate
your need for a Trusted AIX environment before choosing this mode of install.

Student Notebook
Do not forget standard AIX provides a set of security features to enable information
managers and administrators to provide a basic level of system and network security. The
primary AIX security features include the following:
• Login and password controlled system and network access
• User, group, and world file access permissions
• Access control lists (ACLs)
.I. n
• Audit subsystem
.T ció
• Role Based Access Control (RBAC)
Trusted AIX builds upon these primary AIX operating system security features to further
enhance and extend AIX security into the networking subsystems.
.
C
Type <2> and press Enter to continue to other security options. For Trusted AIX, the choice
.F a
will be LSPP/EAL4+ configuration. For standard AIX, the choices will be Secure by Default,
CAPP/EAL4+, and Trusted Computing Base.
C rm
Attention: Evaluate your need for any security options before making your choice.
Additional information is available in your security documentation.
For more training on AIX installation security options, attend the IBM training course:
to fo
Implementing the AIX Security Features (course codes AU47 or AN57).
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Software install options

IBM Power Systems
• Further install / software options

Install
Install Options
Options
.I. n
1.
1. Graphics
Graphics Software................................................
Software................................................ Yes Yes
2.
2. System
System Management
Management Client
Client Software................................
Software................................ YesYes
.T ció
3.
3. Create JFS2 File Systems.........................................
Create JFS2 File Systems......................................... Yes Yes
4.
4. Enable
Enable System
System Backups
Backups to
to install
install any
any system......................
system...................... Yes
Yes
(Installs
(Installs all
all devices)
devices)
>>>
>>> 5.
5. Install
Install More
More Software
Software
.
Install
Install More
More Software
C
Software
.F a
1.
1. Firefox
Firefox (Firefox
(Firefox CD)..............................
CD).............................. No
No
2.
2. Kerberos_5
Kerberos_5 (Expansion
(Expansion Pack).......................
Pack)....................... No
No
3.
3. Server
Server (Volume
(Volume 2).................................
2)................................. No
No
C rm
00 Install
Install with
with the
the current
current settings
settings listed
listed above.
above.
88
88 Help
Help ??
to fo
99
99 Previous
Previous Menu
Menu
ec vo

Figure 4-12. Software install options AN123.0
Notes:
oy si
When Graphics Software Install option is Yes, X11, CDE, WebSM, Java, and other
software dependent on these packages is installed.
u
System Management Client Software includes WebSM, Java, service agent, lwi and
cl
pconsole.
The default action, since AIX 5.3, is to create all logical volumes in rootvg using JFS2 file
Ex
systems.
Enabling System Backups to install on other systems, installs all devices code and drivers.
Otherwise, only device drivers necessary to your system hardware configuration are
installed. This is the preferred option, and it is very useful if you want to clone the image to
pr
another system which differs in type or device layout.

To install more software, select option 5 and press Enter.

Student Notebook
Install summary and installation

IBM Power Systems
Overwrite
Overwrite Installation
Installation Summary
Summary
Disks:
Disks: hdisk0
hdisk0
Cultural
Cultural Convention:
Convention: en_GB
en_GB
Language:
Language: en_US
en_US
.I. n
Keyboard:
Keyboard: en_GB
en_GB
JFS2
JFS2 File
File Systems
Systems Created:
Created: Yes
Yes
Graphics
Graphics Software: Yes
Software: Yes
.T ció
System
System Management
Management Client
Client Software:
Software: Yes
Yes
Enable
Enable System
System Backups
Backups to
to install
install any
any system:
system: Yes
Yes
Optional
Optional Software
Software being
being installed:
installed:
.
>>>
>>> 11 Continue
Continue with
with Install
Install
C
+-----------------------------------------------------
+-----------------------------------------------------
.F a
88
88 Help
Help ?? || WARNING:
WARNING: Base
Base Operating
Operating System
System Installation
Installation will
will
99
99 Previous
Previous Menu
Menu || destroy
destroy or
or impair
impair recovery
recovery of
of ALL
ALL data
data on
on the
the
|| destination
destination disk
disk hdisk0.
hdisk0.
C rm
>>>
>>> Choice
Choice [1]:
[1]:
Installing
Installing Base
Base Operating
Operating System
System
Please
Please wait...
wait...
to fo
Approximate
Approximate Elapsed
Elapsed time
time
%% tasks
tasks complete
complete (in
(in minutes)
minutes)
33 00 Making
Making logical
logical volumes
volumes
ec vo

Figure 4-13. Install summary and installation AN123.0
Notes:
oy si
Prior to installation, a summary page is displayed. If you are ready to proceed with your
options, select 1 to continue and the system installation will begin. It takes approximately
u
one hour to build the partition from DVD or CD media.

cl
Ex
pr
V8.2
Student Notebook
Uempty
Accept License Agreements

IBM Power Systems
Software
Software License
License Agreements
Agreements
Show
Show Installed
Installed License
License Agreements
Agreements
Accept
Accept License
License Agreements
Agreements
.I. n
Accept
Accept License
License Agreements
Agreements
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
ACCEPT
ACCEPT Installed
Installed License
License Agreements
Agreements yes
yes ++
C
.F a
Software
Software Maintenance
Maintenance Agreement
Agreement
C rm
View
View Software
Maintenance Terms
Terms and
and Conditions
Conditions
Accept
Accept Software
Maintenance Terms
Terms and
and Conditions
Conditions
Accept
Accept Software
Maintenance Terms
Terms and
and Conditions
Conditions
to fo
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
ACCEPT
ACCEPT Software
Maintenance Agreements?
Agreements? yes
yes ++
ec vo

Figure 4-14. Accept License Agreements AN123.0
Notes:
oy si
When AIX installation is complete, the end user has to accept both Software and
Maintenance License agreements, as shown in the visual.
u
cl
Ex
pr

Student Notebook
AIX installation: Post steps

IBM Power Systems
• Post-install tasks:
– Accept the license agreement.
.I. n
– Optional: Using the installation assistant:
.T ció
• Set root password
• Set date and time
.
C
• Configure network
.F a
C rm
– Exit from installation assistant.
– Update for the operating system to the latest TL and SP level.

to fo
ec vo

Figure 4-15. AIX installation: Post steps AN123.0
Notes:
oy si
The installation is not finished until you complete the post setup in the operating system.
Once AIX has installed, the system will reboot. Several post installation steps are required.
u
Firstly, you have to accept both the software and maintenance license agreements. Finally,
the installation assistant will start. Although optional, it is recommended that you use the
cl
installation assistant at a minimum to set the root password, date, and time, and configure
the network parameters accordingly.
Ex
One AIX is installed, you should update it to the latest technology level and service pack.
These can be downloaded from fix central: http://www.ibm.com/support/fixcentral
pr
V8.2
Student Notebook
Uempty
Installation Assistant and login

IBM Power Systems
Installation
Installation Assistant
Assistant
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Set
Set Date
Date and
and Time
Time
.I. n
Set
Set root
root Password
Password
Configure
Configure Network
Network Communications
Communications
Install
Install Software
Software Applications
Applications
.T ció
Using
Using SMIT (information only)
SMIT (information only)
Tasks
Tasks Completed
Completed -- Exit
Exit to
to Login
Login
.
Note: No root
C
password is set, by
.F a
AIX
AIX Version
Version 77
Copyright
Copyright IBM
IBM Corporation,
Corporation, 1982,
1982, 2010.
2010.
default, if it is not set
Console login: root
Console login: root using the Installation
C rm
*******************************************************************************
**
Assistant
*******************************************************************************
**
** above.
**
** Welcome
Welcome to
to AIX
AIX Version
Version 7.1!
7.1! **
** **
** **
** Please
Please see
see the
the README
README file
file in
in /usr/lpp/bos
/usr/lpp/bos for
for information
information pertinent
pertinent to
to **
to fo
** this
this release
release of
of the
the AIX
AIX Operating
Operating System.
System. **
** **
** **
*******************************************************************************
*******************************************************************************
##
ec vo

Figure 4-16. Installation Assistant and login AN123.0
Notes:
oy si
After the license agreements have been accepted, the installation assistant (ASCII
console) or configuration assistant (Graphical console) will be displayed. The install
u
assistant is similar to a mini version of SMIT. As mentioned earlier in the unit, it is

recommended that one uses the installation assistant at a minimum to set the root
cl
password, date, and time and to configure the network parameters accordingly. Another
approach, would be to exit the installation assistant immediately and use smit, command
Ex
line, or scripts to configure the system.

The installation assistant can be invoked at any time using the install_assist command.
On a graphical console, either the install_assist or configassist commands can be
used to launch the configuration assistant.
pr

Student Notebook
AIX installation in a partition using NIM: NIM

overview
IBM Power Systems
• What is NIM?
– Centralized Installation and Management of AIX over a network
.I. n
LPAR 4 Client
Systems
.T ció
LPAR 1
Public/Open
.
LPAR 2
NIM Server network
C
.F a
NIM resources LPAR 3
lpp_source
SPOT LPAR 4
C rm
Client Definitions
LPAR1
LPAR2
…
to fo
Actions:
• Resources are allocated to clients.
• Clients are set for a BOS operation.
ec vo

Figure 4-17. AIX installation in a partition using NIM: NIM overview AN123.0
Notes:
oy si
Network Install Manager (NIM) introduction

u
NIM can be used to manage the installation of the Base Operating System (BOS) and
optional software on one or more networked machines. NIM gives you the ability to
cl
install and maintain the AIX operating system, and any additional software, and fixes
that may be applied over time. NIM allows you to customize the configuration of
machines both during and after installation. NIM eliminates the need for access to
Ex
physical media, such as tapes and optical media, once the NIM master has been
loaded. You use the NIM master to load other network “clients”. System backups can be
created with NIM, and stored on any server in the NIM environment. The advantage to
using NIM in an LPAR environment is that it solves the device allocation issue. Since
pr
AIX may already be installed once on the system before it is shipped, you can configure
this partition to be the NIM master. Or, you could use another AIX system that is the
proper AIX version. One of the optional steps in creating a NIM master is creating a
mksysb (AIX system backup image). You could use this mksysb to install AIX in the
other partitions. The advantage to mksysb is that it copies AIX customizations from the
source system.
V8.2
Student Notebook
Uempty NIM resources

All operations on clients in the NIM environment require one or more resources. At a
minimum, in order to perform a BOS installation on a client there must be two resources
defined:
• SPOT includes everything that a client machine requires in a /usr file system, such as
the AIX kernel, executable commands, libraries, and applications. The SPOT is
created, controlled, and maintained from the master, even though the SPOT can be
.I. n
located on another system.
.T ció
• An lpp_source resource represents a directory in which software installation images
are stored. NIM uses an lpp_source for an installation operation by first mounting the
lpp_source on the client machine. The installp commands are then started on the
.
client using the mounted lpp_source as the source for installation images. When the
C
installation operation has completed, NIM automatically unmounts the resource. In
.F a
addition to providing images to install machines, lpp_source resources can also be
used to create and update SPOT resources.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr

Student Notebook
AIX installation in a partition using NIM:

Configuration steps
IBM Power Systems
• Assume a partition and partition profile have been created.

– Set up and configure the NIM master to support a BOS installation of
.I. n
your machine.
– Activate the partition using SMS boot mode.
.T ció
– Specify the IP parameters for a network boot.
– Configure the partition to boot from the network adapter.
.
– Interact with AIX installation menus, if required (depends on NIM
C
.F a
configuration).
C rm
• Note:
– Subsequent installs and updates for the same partition can be initiated
to fo
from the NIM master.
– A mksysb restore example is provided in a later unit (Backup and
Restore).
ec vo

Figure 4-18. AIX installation in a partition using NIM: Configuration steps AN123.0
Notes:
oy si
To install a partition from a NIM server, you will need to create the partition and partition
profile, for the partition where AIX will be installed. You would complete this step if you were
u
installing from optical media, except that you would not have to allocate the slot for the CD
or DVD device. The partition will need to be activated in SMS boot mode. From SMS, the
cl
NIM server network details can be entered, which will cause the client to issue a boot
request over the network. From this point, the menu steps are identical to using optical
Ex
media.
pr
V8.2
Student Notebook
Uempty
Network boot (1 of 7)
IBM Power Systems
• Select the Setup Remote IPL option:
.I. n
PowerPC Firmware
Version EL320_040
.T ció
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
--------------------------------------------------------
Main Menu
.
C
1. Select Language
.F a
2. Setup Remote IPL (Initial Program Load)
3. Change SCSI Settings
C rm
4. Select Console
5. Select Boot Options
--------------------------------------------------------
to fo
Navigation Keys:
X = eXit System Management Services
-------------------------------------------------------
ec vo

Figure 4-19. Network boot (1 of 7) AN123.0
Notes:
oy si
Network boot (remote IPL)

u
To configure a partition to boot from another system over the network, choose Setup
Remote IPL (Initial Program Load) from the main SMS menu.
cl
Ex
pr

Student Notebook
IBM Power Systems
• Choose the network adapter:
.I. n
PowerPC Firmware
Version EL320_040
.T ció
----------------------------------------------------------
.
NIC Adapters
C
Device Location Code
.F a
1. Port 1 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-T1
2. Port 2 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-T2
C rm
to fo
----------------------------------------------------------
Navigation Keys:
---------------------------------------------------------
ec vo

Notes:
oy si
NIC adapter
u
Select which network interface to use. The example in the visual shows two ports on the
integrated Ethernet controller.
cl
Ex
pr
V8.2
Student Notebook
Uempty
IBM Power Systems
• Select the network service:
.I. n
PowerPC Firmware
Version EL320_040
.T ció
---------------------------------------------------------
Select Network Service
.
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
C
.F a
1. BOOTP
2. ISCSI
C rm
---------------------------------------------------------
to fo
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
ec vo

Notes:
oy si
Select the Network service: BOOTP.

u
cl
Ex
pr

Student Notebook
IBM Power Systems
• Set up the IP parameters, the adapter configuration options,

then perform the ping test:
.I. n
PowerPC Firmware
.T ció
Version EL320_040
---------------------------------------------------------
.
Network Parameters
C
.F a
C rm
1. IP Parameters
2. Adapter Configuration
3. Ping Test
4. Advanced Setup: BOOTP
to fo
---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
ec vo

Notes:
oy si
Network parameters
u
Choose option 1 and configure the IP parameters. This screen is shown in the next
visual.
cl
Then choose option 2 and configure the adapter settings, such as media speed and
duplex setting.
Ex
When everything is configured properly, run the ping test and it should be successful.
When the ping test is successful, return to the SMS main menu, select the network
adapter as a boot device, and exit the SMS menu. This will start the network boot
process.
pr
V8.2
Student Notebook
Uempty
IBM Power Systems
• IP parameters:
.I. n
PowerPC Firmware
Version EL320_040
.T ció
---------------------------------------------------------
IP Parameters
.
C
1. Client IP Address [10.6.103.64]
.F a
2. Server IP Address [10.6.103.1]
3. Gateway IP Address [10.6.103.254]
C rm
to fo 4. Subnet Mask [255.255.255.0]
---------------------------------------------------------
Navigation Keys:
---------------------------------------------------------
ec vo

Notes:
oy si
IP parameters
Enter the IP address of the client, which is the partition.
u
Enter the IP address of the server, which is the NIM server.

Enter the IP address of the gateway. This is the partition’s gateway system; so it must
cl
be local on the partition’s subnet. This value can be a valid route on the same subnet as
the client partition or the IP address of the NIM server. Ask your network administrator
Ex
which system to use.

Enter the subnet mask that the partition is using.
Adapter configuration
Once you’ve entered this information, return to the previous screen and choose the
pr
Adapter Configuration option. Here you will need to specify the media speed and the
duplex setting.
Ping test and network boot
After you have configured the adapter parameters, return to the main SMS menu. Run
the ping test, and if successful, select the network adapter as a boot device, then exit
the SMS menus to begin the boot process and the installation.

Student Notebook
IBM Power Systems
• Adapter configuration:
.I. n
PowerPC Firmware
Version EL320_040
.T ció
---------------------------------------------------------
IP Parameters
.
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNWGCP5-P1-C4
C
.F a
1. Speed,Duplex
Disable Spanning Tree
C rm
2. Spanning Tree Enabled
for faster operation
3.
to fo Protocol
---------------------------------------------------------
Navigation Keys:
---------------------------------------------------------
ec vo

Notes:
oy si
Overview
u
The adapter configuration screen allows you to set parameters for the adapter itself.
Typically, you can leave it alone with the exception of optionally disabling spanning tree.
cl
This will make the boot go much faster.

The value for option 2 will not change, that is, from Enabled to Disabled. The option
Ex
should have a question mark next to it that is answered when you choose the option.
pr
V8.2
Student Notebook
Uempty
IBM Power Systems
• When remote IPL is configured, perform the ping test.

– If ping is unsuccessful:
.I. n
• Is NIM server on network?
• Check IP parameters screen for mistakes.
.T ció
– Is gateway correct and available?
• Try again.
.
• Return to SMS Select Boot Options menu.
C
.F a
– Select the network adapter as the Install/Boot Device.
C rm
• Exit from SMS initiates network boot.
• AIX Install and Maintenance menu processing is the same as
previously described.
to fo
• NIM can have unattended install with no console interaction.
ec vo

Notes:
oy si
Ping test
u
This option pings the NIM server. If it fails, suspect your IP configuration or the network.
cl
Ex
pr

Student Notebook
Checkpoint
IBM Power Systems
1. AIX 7 can be installed from which of the following? (Select

all that are correct.)
.I. n
a. 8 mm tape
b. CD-ROM
.T ció
c. Diskette
d. NIM server
.
C
.F a
2. True or False: A preservation install preserves all data on
C rm
the disks.
3. What is the console used for during the installation process?

to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
AIX
installation
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr

Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
• List the steps necessary to install the AIX base operating
system
.
C
• Install and understand all the options when installing AIX
.F a
from optical media
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 5. AIX software installation and maintenance

This unit describes how to perform software installation and
maintenance.
.I. n
.T ció
.
• Define the package definitions and naming conventions
C
.F a
• Determine the current installed level of the OS and individual
filesets
C rm
• Apply, commit, and remove AIX software
• Recover from broken and inconsistent software states
• Describe how to download software maintenance using Fix Central
to fo
and SUMA
• Identify if all the components in the Power and AIX environment
are compatible and supported
ec vo

oy si
u
References
cl

SG24-7463 AIX 5L Differences Guide: Version 5.3 Edition
Ex
(Redbook)
SG24-7910 AIX Version 7.1 Differences Guide (Redbook)
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
filesets
.
C
.F a
• Describe how to download software maintenance using Fix
Central and SUMA
C rm
• Identify if all the components in the Power and AIX
environment are compatible and supported
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
AIX media
IBM Power Systems
AIX
AIX AIX AIX AIX 7.1 Base (DVD)
.I. n
AIX AIX
+ update images
.T ció
AIX
AIX 7.1 Expansion Pack
.
C
AIX 7.1 InfoCenter
.F a
AIX
C rm
AI X
AIX Toolbox for Linux
to fo
AIX
Mozilla Firefox Browser
ec vo

Figure 5-2. AIX media AN123.0
Notes:
oy si
Each of the products listed above has a program ID number. At the time of publication they
were:
u
AIX v7.1 standard edition; program ID number: 5765-G98

cl
• AIX v7.1 AIX Base

• AIX v7.1 Expansion Pack
Ex
• AIX v7.1 InfoCenter (DVD)

• AIX Toolbox for Linux
• Mozilla Firefox Browser
pr
For virtual environments, a PowerVM license is required. PowerVM standard edition

program ID number: 5765-PVS. The following software is supplied:
• Virtual I/O Server V2.2
• Virtual I/O Server Expansion Pack
Student Notebook
The AIX Expansion Pack is a collection of extra software that extends the base operating
system capabilities. It contains filesets such as:
• Open Secure Sockets Layer (OpenSSL)
• Java 32- and 64-Bit
• iSCSI Target Device Driver
• List of Open Files (LSOF) and many more
.I. n
The AIX InfoCenter contains a list of support guides and help documentation. It is also
.T ció
available online: http://publib.boulder.ibm.com/infocenter/aix/v7r1/index.jsp
Also available on-line is the AIX toolbox (open source) filesets
http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Software packaging definitions

IBM Power Systems
LPP
Base Operating
.I. n
System Component
bos
.T ció
Package
Base Networking
package
.
bos.net
C
.F a
TCP/IP collection
of filesets
C rm
bos.net.tcp
bos.net.tcp.server
to fo
Fileset
TCP/IP Server fileset
‘the smallest unit’
ec vo

Figure 5-3. Software packaging definitions AN123.0
Notes:
oy si
Licensed Program Product (LPP)

u
A collection of packages that form an installable product.

Package
cl
A package contains a group of filesets with a common function. It is a single, installable

image. AIX packages are a bundle of binaries glued together with the meta-information
Ex
(name, version, dependencies).

Fileset
A fileset is the smallest, individually installable unit. Generally, it is a single subsystem.
pr
For example, bos.net.tcp.server is a fileset in the bos.net package. This image is a

Unix Backup File Format file (BFF), created with the backup command. Files in an LPP
can be listed with: restore –Tvf <package> or extracted with restore –xvf <package>.
For example: To list the contents of bos.alt_disk_install.rte fileset contained in AIX 7.1
TL01 SP03:
Student Notebook
# restore -Tqvf U843197.bff

New volume on U843197.bff:
Cluster size is 51200 bytes (100 blocks).
The volume number is 1.
The backup date is: Thu Nov 10 19:38:56 CET 2011
.I. n
Files are backed up by name.
The user is BUILD.
.T ció
0 ./
3341 ./lpp_name
.
0 ./usr
C
.F a
0 ./usr/lpp
C rm
0 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1
130444 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/liblpp.a
0 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/inst_root
to fo
2560 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/inst_root/liblpp.a
258155 ./usr/lpp/bos.alt_disk_install/bin/altlib
The number of archived files is 17.
ec vo
235743 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_lib
33476 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_posti
136613 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_prei
oy si
6368 ./usr/sbin/alt_blvset
52083 ./usr/sbin/alt_disk_copy
u
61402 ./usr/sbin/alt_disk_mksysb
cl
46212 ./usr/sbin/alt_rootvg_op
14545 ./usr/lib/instl/jfs2j2
Ex
The total size is 980942 bytes.

Note: This is the only way, in AIX, to see which files are located within an LPP fileset,
prior to install.
pr
V8.2
Student Notebook
Uempty
Software bundles
IBM Power Systems
• A bundle is a collection of packages and filesets suited for a

particular environment.
.I. n
• There are many predefined system bundles in AIX which include:
– AllDevicesKernels
.T ció
– Alt_Disk_Install
– openssh_client and openssh_server
.
• Full list is in /usr/sys/inst.data/sys_bundles. Example:
C
.F a
## /usr/sys/inst.data/sys_bundles
/usr/sys/inst.data/sys_bundles ## cat
cat openssh_server.bnd
openssh_server.bnd
C rm
## MEDIA="Expansion
MEDIA="Expansion Pack"
Pack"
I:openssl.base
I:openssl.base
to fo
I:openssl.man.en_US
I:openssl.man.en_US
I:openssh.base.server
I:openssh.base.server
I:openssh.man.en_US
I:openssh.man.en_US
ec vo

Figure 5-4. Software bundles AN123.0
Notes:
oy si
Since there are thousands of filesets, having to determine which individual fileset you want
on your machine could be a time-consuming task. AIX has bundles which offer a collection
u
of filesets that suit a particular purpose. For example, if you are developing applications,
the App-Dev bundle would be the logical choice to install.
cl
Some filesets within a bundle are only installed if the prerequisite hardware is available. For
example, a graphic adapter is needed to run X11 and CDE. In some cases, bundles are
Ex
equivalent to product offerings. Often, however, they are a subset of a product offering or a
separate customized bundle. The bundles available may vary from AIX version to AIX
version.
pr
Student Notebook
AIX software levels

IBM Power Systems
• There are four distinct software levels and management for AIX.
– Base level
.I. n
– Technology level (TL)
– Service pack (SP)
.T ció
– Interim fixes
.
C
.F a
Fix Packs
Interim
C rm
Base Technology + Service packs fixes
AIX Level level
(Contain APARs)
to fo
ec vo

Figure 5-5. AIX software levels AN123.0
Notes:
oy si
Base AIX level is OS version and release, as first installed.

u
Maintenance:
• Technology level (TL). A TL is a major maintenance update and contains fixes and
cl
functional enhancements. TLs are released twice per year. The first TL is restricted to
hardware features and enablement, in addition to software service. The second TL
Ex
includes new hardware features and enablement, software service, and new software
features, making it the larger of the two yearly releases. Each TL is supported for up to
two years from the introduction of the update. This means that clients with a Software
Maintenance Agreement for the AIX OS will be able to contact IBM support for defect
pr
support during that two year period without having to move up to the latest Technology
Level update. In previous versions of AIX, Technology levels were referred to as
Maintenance Levels (ML). The terms are often still used interchangeably.
• Service pack (SP). SPs contain service-only updates, also known as Program
Temporary Fixes (PTF), that are grouped together for easier identification. SPs are
V8.2
Student Notebook
Uempty released between Technology Levels and contain fixes for highly pervasive, critical, or
security-related issues. Service Packs are cumulative.
• Interim fixes (ifix). Generally, this term refers to a certified fix that is generally available
to all customers between regularly scheduled fix packs or other releases. It can contain
fixes for one or more product defects (APARs). Specifically for AIX, the term Interim Fix
(IF) is used as a replacement for “emergency fix” or “efix”. While the term emergency fix
is still applicable in some situations (a fix given in the middle of the night with minimal
.I. n
testing, for example), the term Interim Fix is more descriptive in that it implies a
temporary state until an update can be applied that has been through more extensive
.T ció
testing. IF fixes often rectify security vulnerabilities.
• APARs (Authorized Problem Analysis Reports). A formal report to IBM
.
development, of a problem caused by a suspected defect in a current unaltered release
C
of an IBM program.
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
What is my AIX version?

IBM Power Systems
• To obtain the AIX level, use the oslevel command.
.I. n
## oslevel
oslevel -s
-s
7100-00-01-1037
.T ció
7100-00-01-1037
Service Pack
AIX Level Release date
.
VRMF for example, 37th week
C
in 2010
.F a
Service Pack
C rm
Technology
Level
• To upgrade from one AIX version and release to another (for example,
to fo
AIX 6.1 to AIX 7.1), a migration must be performed.
• New TLs or SPs are applied through updates.
ec vo

Figure 5-6. What is my AIX version? AN123.0
Notes:
oy si
The oslevel command reports the latest installed maintenance, technology level, and
service pack on the system.
u
The visual shows the system is level AIX 7.1, technology level 0, service pack 1. Service
cl
packs and technology level fixes are applied to the running system. To upgrade the system
with a new level, for example, from AIX 6.1 to 7.1, a new migration update must take place.
This involves system downtime.
Ex
pr
V8.2
Student Notebook
Uempty
Software installation and maintenance

IBM Power Systems
• All aspects of software installation and maintenance can be

performed from SMIT, the command line, or systems director
.I. n
console.
.T ció
• Command line interaction:
.
– lslpp: Lists installed software
C
– installp: Traditional AIX command for installing and maintaining
.F a
LPP packages
C rm
– rpm: RedHat Linux command for installing and maintaining rpm filesets
(part of the AIX Linux affinity introduced in AIX 5L)
– geninstall: A generic installer that installs software of various
package formats: LPP, RPM, and ISMP.
to fo
ec vo

Figure 5-7. Software installation and maintenance AN123.0
Notes:
oy si
The lslpp and installp commands are vital for interacting, installing, and maintaining
software on AIX.
u
The rpm and geninstall commands are relatively new. These commands were introduced
cl
in AIX5L as a part of the AIX affinity for Linux applications which included support for other
software formats like RPM and ISMP (InstallShield MultiPlatform).
Ex
pr
Student Notebook
Software repository
IBM Power Systems
• A location on disk which contains AIX software

– Standard image directory is: /usr/sys/inst.images
.I. n
– AIX filesets require a .toc file
.T ció
• To copy software, for example from an AIX CD to disk, use:
– The SMIT facility: Copy Software to Hard Disk for Future Installation
.
– Or the AIX commands: bffcreate or gencopy
C
.F a
Copy
Copy Software
Software to
to Hard
Hard Disk
Disk for
for Future
Future Installation
Installation
[Entry
[Entry Fields]
Fields]
C rm
** INPUT
INPUT device
device // directory
directory for
for software
software /dev/cd0
/dev/cd0
** SOFTWARE
SOFTWARE package
package to
to copy
copy [all]
[all] ++
** DIRECTORY for storing software package
DIRECTORY for storing software package
[/usr/sys/inst.images]
[/usr/sys/inst.images]
DIRECTORY
DIRECTORY for
for temporary
temporary storage
storage during
during copying [/tmp]
to fo
copying [/tmp]
EXTEND file systems if space needed?
EXTEND file systems if space needed? yes
yes ++
Process
Process multiple
multiple volumes?
volumes? yes
yes
ec vo

Figure 5-8. Software repository AN123.0
Notes:
oy si
Generally, it is useful and sometimes necessary, for example when building and managing
a NIM server to store software to disk. AIX refers to this as a software repository. The
u
default software repository is sometimes referred to as the default installation image

directory. Its location on AIX is /usr/sys/inst.images. However, it is advisable to create and
cl
manage a repository in a separate file system that is not contained in the AIX root volume
group.
Ex
The tables of contents (.toc) file

This is a mandatory file required for installing and updating packages on AIX. If the
command line is used (installp), then the user has to manually create the .toc file. This is
pr
done using the inutoc command. To create a .toc file in the current directory, type:
# inutoc .
SMIT automatically creates a .toc file when copying software files to disk and prior to
installing LPPs.
V8.2
Student Notebook
Uempty
Software states
IBM Power Systems
• The base installation of software is always in a committed

state.
– Committed is a permanent state.
.I. n
• When updates are installed, they can be either applied or
.T ció
committed.
– Applied software can later be rejected or committed.
.
7.1.0.1
C
bos.perf.tools Action: Install and Commit
Committed
7.1.0.1
.F a
AIX
C rm
7.1.0.1 Saved
7.1.0.1
bos.perf.tools
Action: Apply Committed
to fo
7.1.0.2 Reject
7.1.0.2 Applied or
AIX
Commit
7.1.0.2
Committed
ec vo

Figure 5-9. Software states AN123.0
Notes:
oy si
Committed state and the initial install

u
AIX has a number of software states. When you are installing software for the first time,
the software automatically installs to a committed state. This means there is only one
cl
level of that software product installed on your system.

Applied state versus committed state for maintenance
Ex
When you are installing a set of fixes or upgrading to a new technology level on your
system, you have the option of installing the software either in the committed state or
the applied state. The applied state allows you to maintain two levels of the software on
your system. When software is installed in the applied state, the older version is saved
pr
on the disk and is deactivated, while the newer version is installed and becomes the
active version.
The applied state gives you the opportunity to test the newer software before
committing to its use. If it works as expected, then you can commit the software, which
removes the old version from the disk. If the newer version is causing a problem, you
can reject, it which removes the newer version and reverts back to the old version.
Student Notebook
Software listing and versioning

IBM Power Systems
• Software listing is done with the lslpp command.

## lslpp
lslpp -L
-L |grep
|grep bos.net.tcp.client
bos.net.tcp.client
bos.net.tcp.client 7.1.0.2 CC FF TCP/IP
.I. n
bos.net.tcp.client 7.1.0.2 TCP/IP
Client
Client
.T ció
Version Release Modification Fix
AIX Migration smit update_all
.
State
State codes:
codes:
AA -- Applied.
C
-- Applied.
C & F are State
.F a
BB --
-- Broken.
Broken.
CC --
-- Committed.
Committed. and Type
EE --
-- EFIX
EFIX Locked.
Locked. codes.
C rm
OO --
-- Obsolete.
Obsolete. (partially
(partially migrated
migrated to
to newer
newer version)
version)
?? --
-- Inconsistent State...Run lppchk -v.
Inconsistent State...Run lppchk -v.
Type
Type codes:
codes:
FF --
-- Installp
Installp Fileset
Fileset
PP --
-- Product
to fo
Product
CC --
-- Component
Component
TT --
-- Feature
Feature
RR --
-- RPM
RPM Package
Package
EE --
-- Interim
Interim Fix
Fix
ec vo

Figure 5-10. Software listing and versioning AN123.0
Notes:
oy si
The lslpp command displays information about installed filesets or fileset updates. Each
fileset has a version number associated with it (in the format of
u
Version.Release.Modification.Fix), a state code, and a type code.

cl
For the example of:

bos.net.tcp.client 7.1.0.2 C F TCP/IP Client
Ex
• The version and release is 7.1

• The mod level is 0
• The fix level is 2.
pr
The following two codes that represent the state and type of fileset have legends for the
codes at the bottom of the lslpp report.
V8.2
Student Notebook
Uempty
lslpp, filesets, and files

IBM Power Systems
• Switches -f and -w are very useful lslpp flags.

List files in an
LPP fileset.
.I. n
## lslpp
lslpp -f
-f alex.grumpy.rte
alex.grumpy.rte
Fileset
Fileset File
File
.T ció
---------------------------------------------------------
---------------------------------------------------------
Path:
Path: /usr/lib/objrepos
/usr/lib/objrepos
alex.grumpy.rte
alex.grumpy.rte 1.0.0.5
.
1.0.0.5
/usr/local/grumpy/grumpyrecovery
C
/usr/local/grumpy/grumpyrecovery
.F a
/usr/local/grumpy/README
/usr/local/grumpy/README
/usr/local/grumpy/grumpystart
C rm
/usr/sbin/gfunctions
/usr/sbin/gfunctions
/usr/local/grumpy/grumpycheck
To which
/usr/local/grumpy/grumpycheck
fileset does a
/usr/local/grumpy/grumpystop
/usr/local/grumpy/grumpystop file belong?
## lslpp
lslpp -w
-w /usr/local/grumpy/grumpystart
to fo
File
File Fileset
Fileset Type
Type
-----------------------------------------------------------
-----------------------------------------------------------
/usr/local/grumpy/grumpystart alex.grumpy.rte
alex.grumpy.rte File
File
ec vo

Figure 5-11. lslpp, filesets, and files AN123.0
Notes:
oy si
The lslpp command has many useful flags associated with it. It is also possible to see when
a particular LPP was installed using the –h flag. See lslpp man page for more information.
u
A situation may arise where you want to use a particular command but it is not installed on
cl
the system and you are not sure what LPP fileset to install to be able to use the binary. To
help with this problem you can use the which_fileset command. The which_fileset
command searches the /usr/lpp/bos/AIX_file_list file for a specified file name or command
Ex
name, and prints out the name of the fileset that the file or command is shipped in. The
/usr/lpp/bos/AIX_file_list file is large and not installed automatically. You must install the
bos.content_list fileset to receive this file.
pr
Example:
# which_fileset shutdown
/etc/shutdown -> /usr/sbin/shutdown bos.compat.links 7.1.0.0
/usr/sbin/shutdown bos.rte.control 7.1.0.0
Student Notebook
Installing new software using SMIT

IBM Power Systems
• smit install_all
.I. n
Install
Install and
and Update
Update from
from ALL
ALL Available
Available Software
Software
Type
Type or
or select
select values
values in entry
entry fields.
.T ció
in fields.
Press
Press Enter AFTER making
Enter AFTER making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
** INPUT
INPUT device
device // directory
directory for
for software
software ..
** SOFTWARE
SOFTWARE to
to install
install []
[] ++
C
PREVIEW
PREVIEW only?
only? (install
(install operation
operation will
will NOT
NOT occur) no ++
.F a
occur) no
COMMIT software updates?
COMMIT software updates? yes
yes ++
SAVE
SAVE replaced
replaced files?
files? no
no ++
C rm
AUTOMATICALLY
AUTOMATICALLY install
install requisite
requisite software?
software? yes
yes ++
EXTEND
EXTEND file
file systems
systems if
if space
space needed?
needed? yes
yes ++
OVERWRITE
OVERWRITE same
same or
or newer
newer versions?
versions? no
no ++
VERIFY
VERIFY install
install and
and check
check file
file sizes?
sizes? no
no ++
DETAILED output?
DETAILED output? no
no ++
Process
Process multiple
multiple volumes? yes ++
to fo
volumes? yes
ACCEPT
ACCEPT new
new license
license agreements?
agreements? no
no ++
Preview
Preview new
new LICENSE
LICENSE agreements?
agreements? no
no ++
ec vo

Figure 5-12. Installing new software using SMIT AN123.0
Notes:
oy si
There are two fast paths worth remembering when it comes to software and SMIT:
u
• install_all – to install new software

• update_all – to update current software
cl
Prior to the screen shown in the visual, you will be asked to select the “INPUT device /
directory for software”. The input device could be tape (/dev/rmt0), optical media
Ex
(/dev/cd0), or a directory. The period (.) in the example indicates the directory you currently
reside in.
The default behavior when installing new software is to commit. To first apply software
rather than commit, change the COMMIT software updates field to No.
pr
The SMIT software installation panel uses the geninstall command to be able to handle
a variety of software packaging formats.
V8.2
Student Notebook
Uempty
Installing software using command line:
Examples
IBM Power Systems
• installp
– a (apply), -c (commit), -p (preview), -g (apply prerequisites), -X
(expand file systems, if needed), -Y (accept license agreements), -d
.I. n
(device or directory location of software), -q (quiet mode)
.T ció
## installp
installp -acpgXYd
-acpgXYd .. bos.rte.install
bos.rte.install
## installp
installp -acpgXYd
-acpgXYd /TL02_SP01
/TL02_SP01 all
all
.
C
.F a
• geninstall
C rm
– I (use installp flags, as described above), -p (preview), -d
(device or directory location of software)
## geninstall
geninstall -I
-I "-acgXY"
"-acgXY" -p
-p -d
-d .. bos.rte.install
bos.rte.install
to fo
## geninstall
geninstall -I
-I "-acgXY"
"-acgXY" -p
-p -d
-d /TL01_SP02
/TL01_SP02 all
all
ec vo

Figure 5-13. Installing software using command line: Examples AN123.0
Notes:
oy si
The installp command handles software that is packaged in the traditional AIX bff format.
The geninstall command determines the type of packaging and invoke the appropriate
u
utility to handle the selected packages. For example, it would invoke the rpm command if
the software was packaged in that format.
cl
The installp and geninstall commands install and update software from the command
line on AIX. They both accept a large number of flags; the popular flags are, shown in the
Ex
visual. For geninstall, the installp command is invoked if the software is in AIX bff format
rather than rpm); in that case, the needed installp options are passed to the geninstall
command as the value of the I flag. Following are partial descriptions of the flags (see the
man pages for full details):
pr
• -a
Applies one or more software products or updates. This is the default action. This flag
can be used with the -c flag to apply and commit a software product update when
installed.
Student Notebook
• -c
Commits all specified updates that are currently applied but not committed.
• -d Device
Specifies where the installation media can be found. This can be a hardware device
such as tape or diskette, it can be a directory that contains installation images, or it can
be the installation image file itself.
.I. n
• -g
.T ció
When used to install or commit, this flag automatically installs or commits, respectively,
any software products or updates that are requisites of the specified software product.
• -p
.
C
Performs a preview of an action by running all preinstallation checks for the specified
.F a
action.
• -X
C rm
Attempts to expand any file systems where there is insufficient space to do the
installation. This option expands file systems based on current available space and size
estimates that are provided by the software product package.
to fo
• -Y
Agrees to required software license agreements for software to be installed.
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Red Hat Package Manager filesets

IBM Power Systems
• IBM provides strong Linux affinity within AIX

• Many useful packages for AIX come in RPM format
.I. n
– Developed by RedHat, now used in many Linux flavors
– Examples (included within the Linux Toolbox for AIX):
.T ció
• cdrecord
• mkisofs
.
• apache
C
• bash List Remove
.F a
packages package
C rm
## rpm
rpm –qa
–qa
## rpm
rpm -e
-e cairo-1.0.2-6
cairo-1.0.2-6
to fo
Install
## rpm
rpm -i
-i bash-3.2-1.aix.ppc.rpm
bash-3.2-1.aix.ppc.rpm package
ec vo

Figure 5-14. Red Hat Package Manager filesets AN123.0
Notes:
oy si
In addition to providing the ability to run a Linux operating system on IBM Power
Architecture technology, IBM provides strong Linux affinity within the AIX OS. This affinity
u
enables faster and less costly deployment of multi-platform, integrated solutions across
AIX and Linux platforms. Linux packages can be installed and manipulated on AIX using
cl
the RedHat Package Manager as shown in the visual.

AIX affinity with Linux includes Linux application source compatibility, compliance with
Ex
emerging Linux standards, and a GNU Linux build-time environment with GNU and other
open source tools and utilities that combine to facilitate the development and deployment
of Linux applications on the AIX OS. This AIX affinity with Linux allows Linux programs to
be easily recompiled for native execution on the AIX OS. This approach allows you to
pr
benefit from the capabilities of Linux applications combined with the industrial strength
foundation and performance advantages afforded to native AIX applications.
Quick guide to RPM:
• To install: rpm -i <packagefilename>
Student Notebook
• To upgrade (works for install as well): rpm -U <packagefilename>

• To remove/deinstall: rpm -e <packagename> # As in foo, not foo.ppc.rpm
• To query an installed package: rpm -q <packagename>
• To query all installed packages: rpm -qa
• To list files in a package: rpm -ql <packagename>
.I. n
• To list requirements for a package: rpm -q --requires
• To find package providing requirements: rpm -q --whatprovides
.T ció
• To query an uninstalled RPM: rpm -qp <packagefilename>
• To get help: rpm –help
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Applying patches to the system

IBM Power Systems
• Ideally, all systems should be at the latest fix pack (TL and SP level).
• IBM recommends installing the complete fix pack.
• System updates can be applied through smit update_all or using
.I. n
geninstall or installp commands.
.T ció
Some items
removed for
.
smitty
smitty update_all
update_all clarity
C
.F a
** INPUT
INPUT device
device // directory
directory for
for software
software /updates
/updates
** SOFTWARE
SOFTWARE to
to update
update _update_all
_update_all
PREVIEW
PREVIEW only?
only? (update
(update operation
operation will
will NOT
NOT occur)
occur) yes
yes ++
C rm
COMMIT software updates?
COMMIT software updates? no
no ++
SAVE
SAVE replaced
replaced files?
files? yes
yes
• Updates can first be applied and then committed at a later time.

to fo
– This enables you to roll back if needed.
– Once software is committed there is no going back without removal and
reinstall.
ec vo

Figure 5-15. Applying patches to the system AN123.0
Notes:
oy si
In the past, AIX system administrators would often download and install individual filesets
on a system. This caused the software be at mixed levels and sometime created more
u
problems than it solved. Now, IBM allows fixes to be downloaded in a fix pack, containing:
cl
• Technology level (also known as Maintenance level in previous releases)

• Service Pack
Ex
In accordance with 'Enhanced Service Strategy Releases', these generally available

updates have been tested to operate best when all updates in a fix pack are installed. IBM
recommends installing the complete fix pack. AIX updates are provided as Technology
Level packages or Service Packs. These generally available updates have been tested to
pr
operate best when all updates in a fix pack are installed. IBM recommends installing the
complete fix pack.
Student Notebook
Applying patches, apply, commit, reject

IBM Power Systems
• installp example:
## lslpp
lslpp -L
-L |grep
|grep -i
-i cluster
cluster |grep
|grep pdf
pdf
.I. n
cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf 5.4.0.0
5.4.0.0 CC FF HAES
HAES PDF
PDF Documentation
Documentation
Apply
## installp
installp -aB
-aB -d
-d .. cluster.doc.en_US.es.pdf
update
.T ció
## lslpp
lslpp -L
-L |grep
|grep -i
-i cluster
cluster |grep
|grep pdf
pdf (-aB)
5.4.1.0 AA FF HAES
HAES PDF
PDF Documentation
Documentation
Note: “installp
Note: “installp –s
–s ## will
will list
list all
all Applied
Applied software
software on
on the
the system”
system”
.
installp –r
## installp –r cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf Reject
C
(-r)
.F a
## lslpp
lslpp -L
-L |grep
|grep -i
-i cluster
cluster |grep
|grep pdf
pdf
5.4.0.0 CC FF HAES
HAES PDF
PDF Documentation
Documentation
C rm
OR ––
OR
installp –c
## installp –c all
all Commit all
applied software
Installation
Summary (-c)
--------------------
--------------------
to fo
Name
Name Level
Level Part
Part Event
Event Result
Result
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
5.4.1.0 USR
USR COMMIT
COMMIT SUCCESS
SUCCESS
ec vo

Figure 5-16. Applying patches, apply, commit, reject AN123.0
Notes:
oy si
The visual above shows a fileset update being applied to cluster.doc.en_US.es.pdf. This
could be done with system management tools like SMIT, geninstall or installp
u
commands. It is often very useful to remember key installp flags. The flags, -aB mean apply
and update the fileset. Once applied the update can be rejected (-r) or committed (-c).
cl
In this example, the filesets are stored in a software repository on disk in which we are
currently located. Hence the device location (-d) is set to “dot” (the current directory).
Ex
pr
V8.2
Student Notebook
Uempty
Listing fixes (APARs) installed on the system

IBM Power Systems
• TLs and SPs apply fixes (APARs) to AIX.

• You can list these fixes with the instfix command.
.I. n
– instfix is useful for listing and searching through applied updates on the
system.
.T ció
instfix –i
## instfix –i
.
All
All filesets
filesets for
for IY32852
IY32852 were
were found.
found.
C
All
All filesets for IY14691 were
filesets for IY14691 were found.
found.
.F a
All
All filesets
filesets for
for IY31312
IY31312 were
were found.
found.
All
All filesets
filesets for
for IY31879
IY31879 were
were found.
found.
All
All filesets
filesets for
for IY34538
IY34538 were
were found.
C rm
found.
……
…… 2244
2244 lines
lines removed
removed for clarity ….
for clarity ….
## instfix
instfix -i
-i |grep
|grep IY34981
IY34981
All
All filesets for
filesets for IY34981
IY34981 were
were found.
found.
to fo
• Interim fixes between services packs, including service advisories, is
now done through interim fix management.
– emgr command
ec vo

Figure 5-17. Listing fixes (APARs) installed on the system AN123.0
Notes:
oy si
Fixes displayed with the instfix –i command are installed through Technology Level and
Service Pack updates. In previous versions of AIX, interim fixes, between Maintenance
u
level releases, were installed through instfix itself. In AIX6, instfix is really a legacy
command. It is only useful for listing and searching through applied updates on the system.
cl
Necessary fixes that are not part of a TL or SP, are handled through interim fix
management.
Ex
pr
Student Notebook
Interim fix management

IBM Power Systems
## emgr
emgr -pe
-pe 744A_610.071105.epkg.Z
744A_610.071105.epkg.Z
Preview
Install
….lot
….lot of
of output
output is
is produced,
produced, removed
removed for
for clarity!
clarity!
.I. n
EPKG NUMBER
EPKG NUMBER LABEL
LABEL OPERATION
OPERATION RESULT
RESULT
===========
=========== ==============
============== =================
================= ==============
==============
11 744A_610
744A_610 INSTALL
INSTALL PREVIEW
PREVIEW SUCCESS
SUCCESS
.T ció
## emgr
emgr -e
-e 744A_610.071105.epkg.Z
744A_610.071105.epkg.Z
Install
ifix
## emgr
emgr -l
-l List
installed
.
ID
ID STATE
STATE LABEL
LABEL INSTALL
INSTALL TIME
TIME ABSTRACT
ABSTRACT efixes
C
===
=== =====
===== ==========
========== ==================
================== ======================================
======================================
.F a
11 *Q*
*Q* 744A_610
744A_610 10/10/08
10/10/08 23:30:49
23:30:49 Kernel
Kernel fix
fix for
for 0744A_610
0744A_610
emgr –r
## emgr –r –L
–L 744A_610
744A_610 Remove
C rm
Log ifix
Log file
file is
is /var/adm/ras/emgr.log
/var/adm/ras/emgr.log
EFIX
EFIX NUMBER
NUMBER LABEL
LABEL OPERATION
OPERATION RESULT
RESULT
===========
=========== ==============
============== =================
================= ==============
==============
11 744A_610
744A_610 REMOVE
REMOVE SUCCESS
SUCCESS
to fo
ATTENTION:
ATTENTION: system
system reboot
reboot is
is required.
required. Please
Please see
see the
the "Reboot
"Reboot Processing"
Processing"
sections
sections in
in the
the output
output above
above or
or in
in the
the /var/adm/ras/emgr.log
/var/adm/ras/emgr.log file.
file.
Return
Return Status
Status == SUCCESS
SUCCESS
ec vo

Figure 5-18. Interim fix management AN123.0
Notes:
oy si
The interim fix (ifix) management solution enables users to track and manage ifix packages
on a system. An ifix package might be an interim fix, debug code, or test code that contains
u
commands, library archive files, or scripts that run when the ifix package is installed.
cl
The ifix management solution consists of the following commands:

• ifix packager (epkg)
Ex
• ifix manager (emgr)

The epkg command creates ifix packages that can be installed by the emgr command. The
emgr command installs, removes, lists, and verifies system efixes.
pr
It is important to examine the state field after installing an interim fix. The codes for the
state field are documented in the AIX Installation and Migration manual. In the above
example, the state value of Q means that a reboot is necessary for this fix to be effective.
V8.2
Student Notebook
Uempty
Removing installed software

IBM Power Systems
• smit remove
Remove
Remove Installed
Installed Software
Software
.I. n
[Entry
[Entry Fields]
Fields]
** SOFTWARE
SOFTWARE name
name [cluster.es.cspoc.cmds]
[cluster.es.cspoc.cmds] ++
.T ció
PREVIEW
PREVIEW only?
only? (remove
(remove operation
operation will
will NOT
NOT occur)
occur) yes
yes ++
REMOVE
REMOVE dependent
dependent software?
software? yes
yes ++
EXTEND
EXTEND file
file systems
systems if
if space
space needed?
needed? no
no ++
.
DETAILED
DETAILED output?
output? no
no ++
C
.F a
• Removing software from the command line
C rm
– Remove the Firefox web browser
## installp
installp -u
-u Firefox.base.rte
Firefox.base.rte
to fo
– (Preview) Remove all X11 software with associated prerequisites
## installp
installp -upg
-upg X11*
X11*
ec vo

Figure 5-19. Removing installed software AN123.0
Notes:
oy si
Software can be removed by using system management tools or the command line. The
installp –u flag, removes the specified software product and any of its installed updates
u
from the system. The product can be in either the committed or broken state. Any software
products that are dependent on the specified product must also be explicitly included in the
cl
input list unless the -g flag is also specified. Removal of any bos.rte fileset is never
permitted.
Ex
Note: The removal of LPP filesets does not necessarily mean the process will delete all
files included in the filesets. This is dependent on how the LPP filesets are constructed.
pr
Student Notebook
Recovering from broken or inconsistent states

IBM Power Systems
• To list broken or inconsistent filesets, use the lppchk command.

## lslpp
lslpp -L
-L |grep
|grep Firefox.base.rte
Firefox.base.rte
Firefox.base.rte 1.5.0.12 ?? FF Firefox
Firefox Web
Web Browser
.I. n
Firefox.base.rte 1.5.0.12 Browser
Look for ?
or B.
.T ció
## lppchk
lppchk -v
-v
lppchk:
lppchk: The
The following
following filesets
filesets need
need to
to be
be installed
installed or
or corrected
corrected to
to bring
bring
the
the system
system to
to aa consistent state:
consistent state: Display
.
inconsistent
Firefox.base.rte
Firefox.base.rte 1.5.0.12 (APPLYING)
C
1.5.0.12 (APPLYING) filesets.
.F a
## installp
installp -C
-C
C rm
installp:
installp: Cleaning
Cleaning up
up software
software for:
for: Perform a clean-up
Firefox.base.rte operation. Fileset is
Firefox.base.rte 1.5.0.12
1.5.0.12
removed
Installation
Summary
--------------------
--------------------
to fo
Name
Name Level
Level Part
Part Event
Event Result
Result
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Firefox.base.rte
Firefox.base.rte 1.5.0.12
1.5.0.12 USR
USR CLEANUP
CLEANUP SUCCESS
SUCCESS
ec vo

Figure 5-20. Recovering from broken or inconsistent states AN123.0
Notes:
oy si
If the process of installing, updating, or removing software from the system is interrupted or
fails, the outcome is likely to be either broken or inconsistent filesets on the system. To
u
detect this, use the lppchk command. If all is OK, the command will return null, otherwise
broken or inconsistent filesets will be displayed. To clean up from any such operation, use
cl
the installp command with the –C option (clean-up) and then retry the original operation
again. If the failed operation was an uninstall, remove the software manually, using installp
Ex
–u <fileset>.
pr
V8.2
Student Notebook
Uempty
Service update management assistant

IBM Power Systems
• Excellent tool for downloading fixes:

– Optional: Tasks can be automated or driven by ksh scripts
.I. n
• Not installed by default in AIX 7.1:
– bos.suma
.T ció
– Prerequisites of bos.ecc_client.rte and Java6.sdk
• Access: SMIT SUMA
.
• Can be used to download:
C
.F a
– By PTF
– Technology level(s)
C rm
– Service pack(s)
– All latest fixes
• Internet access must be available from the service update management
to fo
assistant (SUMA) host.
• Has many configuration parameters
ec vo

Figure 5-21. Service update management assistant AN123.0
Notes:
oy si
SUMA is an excellent tool for quickly downloading fixes with minimum fuss directly onto an
AIX server or NIM server.
u
The bos.suma fileset is not installed by default and has prerequisites of bos.ecc_client.rte
cl
and Java6.sdk.
Why SUMA?
Ex
Fix automation, the ability to get maintenance fixes onto a system automatically, is
becoming a focus area for IT system administrators. As system administration becomes
more complex and time consuming, it is often a roadblock that prevents systems from
being up to date with current software fixes. Clients want the increased security and
pr
reliability benefits, as well as the reduced downtime and total cost of ownership that comes
with keeping current fixes on a system. To meet these client demands, SUMA has
automated the process of determining which fixes are available, discovering which of the
available fixes a system needs, and downloading the necessary fixes onto a system,
thereby reducing both the complexity and the time spent on system administration to
perform these tasks.
Student Notebook
SUMA base configuration

IBM Power Systems
• Base configuration
– # smit suma_config_base
.I. n
Base
Base Configuration
Configuration
.T ció
[Entry
[Entry Fields]
Fields]
Screen
Screen output
output verbosity
verbosity [Info/Warnings/Errors]
[Info/Warnings/Errors] ++
.
Logfile
Logfile output verbosity
output verbosity [Verbose]
[Verbose] ++
C
Notification
Notification email
email verbosity
verbosity [Info/Warnings/Errors]
[Info/Warnings/Errors] ++
.F a
Remove
Remove superseded
superseded filesets
filesets on
on Clean?
Clean? yes
yes ++
Remove
Remove duplicate
duplicate base
base levels
levels on
on Clean?
Clean? yes
yes ++
C rm
Remove
Remove conflicting
conflicting updates
updates on
on Clean?
Clean? Yes
Yes ++
Fixserver
Fixserver protocol
protocol https
https ++
Download protocol
Download protocol http
http ++
Maximum
Maximum log
log file
file size
size (MB)
(MB) [1]
[1] ##
Download timeout (seconds)
Download timeout (seconds) [180]
[180] ##
to fo
ec vo

Figure 5-22. SUMA base configuration AN123.0
Notes:
oy si
The Base Configuration menu allows SUMA global configuration settings to be viewed or
changed. These settings are used for each SUMA task that is run and allow specification of
u
values for items such as:

cl
• Screen, logfile, and email verbosity levels

• Flag options for the lppmgr command to help manage the size of a download
Ex
repository
• Download protocol
• Download timeout setting
pr
A clean operation will remove unnecessary files from the repository using the lppmgr
command.
The global configuration settings can be viewed from the command line, # suma -c.
In AIX 7 and later, use of HTTP or HTTPS proxy connections requires that the ECC service
connection be configured. This is shared with Service Agent and Inventory Scout.
V8.2
Student Notebook
Uempty
SUMA task configuration

IBM Power Systems
• Default task configuration

– # smit suma_task_defaults Directory to
.I. n
store
View/Change
View/Change SUMA
SUMA Task
Task Defaults
Defaults
downloads
.T ció
[Entry
[Entry Fields]
Fields]
Action
Action [Download]
[Download] ++
Directory
Directory for
for item
item storage
storage [/aix/FIXES]
[/aix/FIXES]
.
Type of item to request
Type of item to request [All
[All Latest
Latest Fixes]
Fixes] ++
C
Name
Name of
of item
item to
to request
request []
[]
.F a
Repository
Repository to filter
to filter against
against [/aix/FIXES]
[/aix/FIXES]
Maintenance
Maintenance oror Technology
Technology Level
Level to
to filter
filter against
against []
[] ++
C rm
System
System or
or lslpp
lslpp output
output to
to filter
filter against
against [localhost]
[localhost]
Maximum
Maximum total
total download
download size
size (MB)
(MB) [-1]
[-1] +#
+#
EXTEND
EXTEND file systems if space needed?
file systems if space needed? yes
yes ++
Maximum
Maximum file
file system
system size
size (MB)
(MB) [-1]
[-1] +#
+#
Notify
Notify email
email address
address [root]
[root] ++
to fo
ec vo

Figure 5-23. SUMA task configuration AN123.0
Notes:
oy si
SUMA default task values can be uniquely set for each SUMA task. The visual above
shows the default settings. The possible actions are:
u
• Preview: SUMA performs the operations that do not directly affect the file system. The
cl
output displayed reflects what would happen during a download. Use this option to
determine which files will be downloaded for your request.
Ex
• Download: SUMA downloads files into the directory specified in Directory for item
storage.
• Download and Clean: SUMA performs a download operation and a clean operation to
remove unnecessary files from the repository.
pr
The task configuration settings can be viewed from the command line, # suma -D
Student Notebook
SUMA command line execution

IBM Power Systems
• SUMA command line examples: Request

type =
– Download specific service pack service pack
.I. n
## /usr/sbin/suma
/usr/sbin/suma -x
-x -a
-a RqType=SP
RqType=SP -a
-a Action=Download
Action=Download \\
-a
-a RqName=‘7100-00-02-1041'
RqName=‘7100-00-02-1041'
.T ció
– Download technology level 6 for AIX 6.1 on Wednesday at 11:00 PM
.
## /usr/sbin/suma
/usr/sbin/suma -s
-s “0
“0 23
23 ** ** 3”
3” -a
-a RqType=ML
RqType=ML –a
–a
Action=Download
Action=Download \\
C
.F a
-a
-a RqName='6100-06-00-1036’
RqName='6100-06-00-1036’
Task
Task ID
ID 11 created.
created. List all
C rm
scheduled
## suma
suma -l
-l SUMA tasks
– Download latest fixes for the currently installed AIX TL

to fo
## /usr/sbin/suma
/usr/sbin/suma -x
-x -a
-a Action=Download
Action=Download -a
-a RqType=Latest
RqType=Latest
ec vo

Figure 5-24. SUMA command line execution AN123.0
Notes:
oy si
SUMA tasks can be initiated through the command line. This is most useful when
producing scripts to automatically download fixes. SUMA uses cron when scheduled tasks
u
are created. In the schedule example above, the following entry will be added to root's
cl
crontab: 0 23 * * 3 _SUMA=cron /usr/suma/bin/suma -x 1

Ex
pr
V8.2
Student Notebook
Uempty The output of command:

# suma -l
1:
DisplayName=
Action=Download
RqType=ML
RqName=6100-02
.I. n
RqLevel=
PreCoreqs=y
.T ció
Ifreqs=y
Supersedes=n
ResolvePE=IfAvailable
.
Repeats=y
C
.F a
DLTarget=/aix/FIXES
NotifyEmail=root
C rm
FilterDir=/aix/FIXES
FilterML=6100-01
FilterSysFile=localhost
MaxDLSize=-1
to fo
Extend=y
MaxFSSize=-1
For further information see the SUMA main page.
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Fix Central website

IBM Power Systems
• To download fixes: http://www.ibm.com/support/fixcentral
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Figure 5-25. Fix Central website AN123.0
Notes:
oy si
AIX fixes are generally available on the Internet at Fix Central. Fixes cat any level, from AIX
4.3.3 to the present version, can be downloaded.
u
Each IBM client accessing Fix Central is required to have an individual IBM ID to download
cl
fixes (some exemptions may apply). If not already registered, the registration is quick and
simple and will provide users with a customized experience to better serve their needs. To
register go to:
Ex
https://www.ibm.com/account/profile
Click the Register link.
pr
V8.2
Student Notebook
Uempty
Fix Level Recommendation Tool

IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
http://www14.software.ibm.com/webapp/set2/flrt/home
ec vo

Figure 5-26. Fix Level Recommendation Tool AN123.0
Notes:
oy si
Today's AIX environment can be complex as lots of components are required. In addition to
AIX, one must also think about but System Firmware, HMC, VIOS, PowerHA levels, and
u
more. How do you know if the levels of these products are compliant and supported? The
answer is FLRT. FLRT is web driven tool that enables you to select your machine type and
cl
software components and levels. It then produces an easy to read report which provides
recommendations, notices and status compliance as shown on the visual.
Ex
pr
Student Notebook
Checkpoint
IBM Power Systems
1. Which of the following states must your software be in, in order for you to be
able to use it? (Select all that apply.)
a. Applied state
.I. n
b. Removed state
c. Install state
.T ció
d. Commit state
.
2. What command is used to list all installed software on your system?
C
.F a
3. Which of the following can you install as an entity? Select all that apply.
a. ifix
C rm
b. LPP
c. Package
d. Bundle
to fo
4. True or False: If a problem is found with the inetd subsystem, it is possible to
download and apply a fix to the bos.net.tcpip.server fileset in AIX to
correct the problem.
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
AIX software
installation and
.T ció
maintenance
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
filesets
.
C
.F a
C rm
• Describe how to download software maintenance using Fix
Central and SUMA
• Identify if all the components in the Power and AIX
to fo
environment are compatible and supported
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 6. System configuration and devices

This unit describes how to list and understand the system
configuration and manipulate devices.
.I. n
.T ció
.
• Explain device terminology
C
.F a
• List device configuration and status
• Configure new devices
C rm
• Manage device states
• Interpret physical and virtual location codes
to fo
ec vo
References
oy si

AIX Version 7.1 Operating System and Device
u
Management
cl

Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Device terminology
IBM Power Systems
• Generic terminology
– Physical devices
– Ports
.I. n
– Device drivers
.T ció
– Logical devices
– /dev directory
– Virtual devices
.
C
.F a
• Power H/W-specific terminology
– CEC
C rm
– System planar
– RIO or 12X
– System ports
to fo
– GX+
– IVE
– PCI
ec vo

Figure 6-2. Device terminology AN123.0
Notes:
oy si
Generic Device terminology

u
• Physical Devices are the actual hardware that is connected in some way to the system
• Ports are the physical connectors and adapters in the system to which physical devices
cl
or cables are attached.

• All Power servers, except but the entry level models, provide the ability to extend the
Ex
internal buses of the system enclosure to the I/O expansion drawers. The I/O expansion
drawers have PCI buses which can support additional adapters and disks (depending
upon the type of I/O drawer. Older Power models used a cabling system called RIO.
The newer servers use a cabling system called 12X (based on InfiniBand).
pr
Logical Devices. Software interfaces (special files) that present a means of accessing a
physical device to the users and application programs. Data appended to logical devices is
sent to the appropriate device driver. Data read from logical devices is read from the
appropriate device driver.
Student Notebook
• /dev is the directory which contains all of the logical devices that can be directly
accessed by the user. Some logical devices defined are only referenced in the ODM
customized database and cannot be accessed by users.
• Virtual Devices are the Ethernet and SCSI devices which are allocated to the client for
networking access and storage. These devices are not real.
Power hardware-specific terminology
.I. n
• Central electronics complex (CEC) is the main system unit that contains system
processors, memory, and remote I/O connections.
.T ció
• System planar is the main component of the CEC where all processor cards, memory
dimms, and I/O attachments are interconnected together.
.
• RIO and 12X provide high-speed connectivity between the system enclosure (contains
C
the CEC) and any I/O drawer enclosures. RIO and 12X are comprised of special cables,
.F a
adapters and protocols, which allow the I/O drawers to effectively act as extensions of
the system enclosure’s internal buses. An I/O drawer can consist of PCI slots/adapters,
C rm
disks, or both, depending on the type of I/O drawer. The I/O drawers connect to the
system enclosure through either a RIO or 12X GX adapter, which sits on the system
enclosure’s GX+ bus.
to fo
• System Ports are the two serial ports on the system planar. In an operating system
environment, the two system ports become host virtual system ports and are only
available for specific limited functions. For example, the two integrated system ports on
a p550 are limited to serial connected TTY console functionality and IBM approved
ec vo
call-home modems. These system ports do not support other general serial connection
uses, such as UPS, PowerHA heartbeat, printers, mice, and so on, If you need
multi-purpose serial port functions, optional PCI adapters are available.
• GX+: Each POWER6 processor provides a GX+ bus, which is used to connect to an I/O
oy si
subsystem or Fabric Interface card.

• IVE: The POWER6 processor-based servers extend the virtualization technologies
u
introduced in POWER5 by offering the Integrated Virtual Ethernet (IVE) adapter. IVE,
also called Host Ethernet Adapter (HEA) in other documentation, enables an easy way
cl
to manage the sharing of the integrated high-speed Ethernet adapter ports. It is a

standard set of features that are part of POWER6 and early POWER7 processor-based
Ex
servers. IVE is discontinued in new models POWER7 processor-based servers.

• PCI, which stands for Peripheral Component Interconnect, is an industry-standard bus
for attaching peripherals to computers.
pr
V8.2
Student Notebook
Uempty
System components locations

IBM Power Systems
5886
SAS disk Location:
drawer • Enclosure
.I. n
• Bus or planar
SAS • Adapter
12X
.T ció
• Port
5877 • Device
PCI
Expansion
.
drawers
12X
C
.F a
12X
PCI cables
C rm 12X
CEC
Power 770 PCI GX
System
to fo
Enclosures CEC
12X
PCI GX
ec vo

Figure 6-3. System components locations AN123.0
Notes:
oy si
A Power server can be comprised of many enclosures. An enclosure is a single box that
could be mounted in a rack. Each enclosure has a unique identifier which consists of the
u
machine type and model (MTM) plus a serial number, as in this example:
cl
U8204.E8A.65BF831.
Virtual devices will use this as the basis for their location.
Ex
The most important enclosure is the system enclosure which contains the CEC. The MTM
and serial for the system enclosure is used as the basis for virtual device locations.
The CEC, within the system enclosure, actually has a separate MTM and serial number. All
of the non-virtual devices within a system enclosure use the CEC identifier as the basis for
pr
their location. For example, device pci1 (on the PCI-X) bus has the device code of
U78A0.001.DNWGCAH-P1
U78A0.001.DNWGCAH is the identifier of the CEC and P1 means the device is attached to
the main System planar.
Student Notebook
For certain server models, multiple system enclosures can be cabled together act as one
large server. An example of that would be a Power 770.
Within each enclosure there will be one or more planars. A planar is often associated with
an internal bus, such as a PCI bus. On each bus there will be one more device adapters.
Each device adapter will have one or more ports. Most of the devices that you will want to
identify will be associated with or connected to one of these ports.
While the system enclosure will have a few integrated disk bays and PCI slots, it is
.I. n
common to desire more of these resources. To support expanding the I/O capacity of the
.T ció
server, the system enclosures can be connected to I/O expansion drawers which act as an
extension of the server. These I/O drawers have their own MTM and serial number that is
used for locating devices attached to them. The current cabling system for connecting I/O
.
expansion drawers to the system drawers is the 12X cabling, though older servers used the
C
RIO cabling. The expansion drawers contain their own internal PCI buses that support card
.F a
slots. Some models also have an integrated SAS or SCSI adapter to support additional
disk bays in the enclosure.
C rm
Finally when additional locally attached disks are needed, it is possible to place a disk
expansion drawer. These are cabled to storage adapter in either a system enclosure or an
I/O expansion drawer using SAS or SCSI cabling, depending on the model I/O drawer.
Devices in this type of I/O drawer are located based upon the storage adapter to which they
to fo
are cabled. And that storage adapter will either be in a system enclosure or an I/O
expansion drawer.
Device location codes will be explored in more depth as we go through this unit.
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Device addressing
IBM Power Systems
• The address of a device allows you to identify its location.

• Physical location codes uniquely identify a specific component in a
.I. n
server or accessed by a server.
– Assigned by the system firmware.
.T ció
• Example hdisk0: U78A0.001.DNWGGRX-P2-D5 (SAS drive)
• Operating system location codes uniquely identify a component only
.
within an AIX instance.
C
– Assigned by AIX.
.F a
– Not as useful or meaningful as physical codes on POWER5 or later systems.
C rm
– Virtual devices do not have AIX location codes.
– Note: Address conventions differ between models and types (adapters,
SCSI, non-SCSI).
• Example. hdisk0: 00-08-00 (SAS drive)
to fo
• Both physical and AIX codes can be seen side by side with:
– lsdev –CHF “name, status, physloc, location”
ec vo

Figure 6-4. Device addressing AN123.0
Notes:
oy si
Every device is assigned a physical location code when it is attached to the system. These
codes are critical. If a device has a problem such as a disk failure, an error report is
u
generated which will identify the device and its location. You can use this information to
replace the failed disk drive.
cl
It is important not to confuse physical location codes with AIX location codes. Before LPAR
technology was introduced into Power Systems, there were only AIX location codes, and
Ex
they remain today for legacy purposes. On POWER-based processor servers that can be
partitioned, you need to use physical location codes.
Note: Virtual devices do not have OS location codes.
pr
Student Notebook
Physical location code examples

IBM Power Systems
• Physical location code format

– Unit_type.Model_no.Serial_no-additional device information
• Examples:
.I. n
hdisk0
hdisk0 U78A0.001.DNWGGRX-P2-D5
U78A0.001.DNWGGRX-P2-D5 SAS
SAS Disk
Disk Drive
Drive
.T ció
SAS
SAS Planar
Planar (P2),
(P2), Device
Device slot
slot reference
reference 5,
5, disk
disk is
is in
in the
the CEC
CEC
ent1
ent1 U78A0.001.DNWGGRX-P1-C4-T2
U78A0.001.DNWGGRX-P1-C4-T2 2-Port
2-Port 10/100/1000
10/100/1000 PCI-X
PCI-X Adapter
Adapter
.
System
System planar
planar (P1),
(P1), Card
Card slot
slot No 4, 22nd
No 4, nd port,
port, Adapter
Adapter is
is in
in the
the CEC
CEC
C
.F a
hdisk0
hdisk0 U7311.D20.6516D3C-P1-C04-T2-L8-L0
U7311.D20.6516D3C-P1-C04-T2-L8-L0 16
16 Bit
Bit LVD
LVD SCSI
SCSI Disk
Disk
Planar
Planar 11 (P1),
(P1), PCI
PCI slot
slot No 4, 22nd
No 4, nd port,
port, SCSI
SCSI ID
ID 8,0,
8,0, Disk
Disk is
is in
in an
an
C rm
attached
attached SCSI 7311-D 20 I/O Drawer.
SCSI 7311-D 20 I/O Drawer.
hdisk5
hdisk5 U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000
U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000 FC
FC SCSI
SCSI Disk
Disk
System
System planar
planar (P1),
(P1), Card
Card slot
slot No
No 3,
3, Port
Port 1,
1, WW == WW
WW unique
unique name
name of
of
to fo
an
an
FC
FC adapter
adapter (where
(where the
the FC
FC adapter
adapter is
is in
in aa remote
remote storage
storage subsystem),
subsystem),
LL == LUN
LUN ID. The disk is a logical device (identified by
ID. The disk is a logical device (identified by the
the LUN
LUN
ID) in the remote storage subsystem.
ID) in the remote storage subsystem.
ec vo

Figure 6-5. Physical location code examples AN123.0
Notes:
oy si
The visual above shows how to interpret physical location code information.
u
The example system is an older model Power 550, but the principle applies to all Power
servers.
cl
This server has a single system enclosure.

• U78A0 identifies the CEC within the system enclosure.
Ex
• The model number for a CEC is always: 001.

• DNWGGRX is the serial number of the CEC.
Power Systems usually have I/O expansion drawers, or in the case of the larger machines,
pr
expansion frames containing I/O drawers. U7311.D20 is a remote I/O drawer (RIO) for low
to mid-range systems. 6516D3 is the serial number assigned to the drawer.
V8.2
Student Notebook
Uempty
Virtual location codes example

IBM Power Systems
– Client (AIX) partition Virtual devices are easily

recognized by the virtual ID
reference. This value is the LPAR
uname –L
## uname –L
.I. n
ID as shown with the uname
22 sys124_v1_T1
sys124_v1_T1 command.
vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Virtual

Virtual SCSI
SCSI Client
Client Adapter
.T ció
vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Adapter
hdisk1
hdisk1 U8204.E8A.652ACD2-V2-C12-T1-L810000000000
U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive
Virtual SCSI Disk Drive
Virtual
Virtual client
client disk,
disk, Virtual
Virtual (LPAR)
(LPAR) ID
ID 2,
2, virtual
virtual card
card slot
slot 12.
12.
.
C
.F a
– VIOS HMC profile
C rm
Virtual SCSI adapter definition
Note: In this example, the HMC profile is required

to show the client server virtual disk relationship.
– VIOS partition
to fo
vhost0
vhost0 U8204.E8A.652ACD2-V1-C12
U8204.E8A.652ACD2-V1-C12 Virtual
Virtual SCSI
SCSI Server
Server Adapter
Adapter
Virtual
Virtual Server
Server adapter,
adapter, Virtual
Virtual (LPAR)
(LPAR) ID
ID 1,
1, virtual
virtual card
card slot
slot (Adapter
(Adapter ID)
ID) 12
12
ec vo

Figure 6-6. Virtual location codes example AN123.0
Notes:
oy si
Virtual devices are assigned location codes in a similar format to physical devices. The
format is:
u
Unit_type.Model_no.virtual_adapter_number.virtual_card_slot_number.[port].[
cl
LUN]
The visual shows a VIOS presenting a virtual disk (hdisk1) to a VIO Client. In order to do
this, the first step is to create a virtual server adapter, on the HMC for the VIOS and also a
Ex
VIO client adapter for the AIX partition. Each adapter has an assigned ID.
The vhost device in the VIOS symbolizes the virtual server adapter. In the example: V1
represents a virtual device with an assigned ID of one. C12 represents the virtual card slot
pr
number, which is always equal to the adapter ID as defined on the HMC.

The vscsi device on the virtual client symbolizes the client adapter. In the example, V2
again represents a virtual device with an assigned ID of two. C12 represents the virtual
card slot number, which is also equal the adapter ID as defined on the HMC. T1 specifies
the port number of the adapter.
Student Notebook
The client disks associated with the virtual client adapter will always inherit the location
code definition plus one additional field, the LUN id (L81000000000). In this example, eight
is the SCSI ID of the physical disk in the VIOS. One represents the first disk on the adapter
to be presented to the client.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
System configuration and device overview

IBM Power Systems
• Understanding the configuration of the system is important.

– The configuration should be documented and updated on a regular
.I. n
basis.
• All devices have attributes, some of which can be changed.
.T ció
– lsattr lists device attributes.
– chdev changes device attributes.
.
C
• AIX devices can be physical or virtual.
.F a
– An AIX partition does not need to have any physical devices!
C rm
• Most devices within AIX are self configured through cfgmgr.
• Device states can be controlled using mkdev and rmdev
commands.
to fo
– This includes virtual devices.
ec vo

Figure 6-7. System configuration and device overview AN123.0
Notes:
oy si
System configuration is important. We need to understand what devices we have at our

disposal and where these devices are physically located within each box or drawer. This is
u
important when devices fail, especially disks! Taking out the wrong disk in the system due
to failure could result in data corruption.
cl
An AIX partition does not need to have any real devices. In today's Power p environments,
virtual LPARs are fast becoming the norm. Virtualization is a large topic and is covered in a
Ex
separate LPAR and virtualization education track. It is beyond the scope of the course.
pr
Student Notebook
Device commands
IBM Power Systems
• prtconf
– Lists major system configuration items
.I. n
• lscfg
– Lists device information including physical location codes
.T ció
• lsdev
– Lists device information including the state of the device
.
• lsslot
C
– Displays all specified hot plug slots and their characteristics
.F a
• chdev
C rm
– Changes the characteristics of a device
• rendev
– Changes the name of a device
to fo
• lsattr
– Displays attribute characteristics and possible values of attributes for devices
in the system
ec vo

Figure 6-8. Device commands AN123.0
Notes:
oy si
There are many commands that are useful in determining the current configuration of your
system. These commands will be covered in more detail on the following visuals.
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
prtconf (1 of 2)
IBM Power Systems
• Shell script that collects system information

## prtconf
prtconf
System
System Model:
Model: IBM,8233-E8B
IBM,8233-E8B
.I. n
Machine
Machine Serial
Serial Number:
Number: 100603P
100603P
Processor
Processor Type:
Type: PowerPC_POWER7
PowerPC_POWER7
Processor
Processor Implementation
Implementation Mode:
Mode: POWER
POWER 77
.T ció
Processor Version: PV_7_Compat
Processor Version: PV_7_Compat
Number
Number Of
Of Processors:
Processors: 22
Processor
Processor Clock
Clock Speed:
Speed: 3000
3000 MHz
MHz
CPU
CPU Type:
Type: 64-bit
64-bit
.
Kernel
Kernel Type:
Type: 64-bit
64-bit Some items were
C
LPAR
LPAR Info: 15
Info: 15 sys304_118_MA
sys304_118_MA removed for
.F a
Memory
Memory Size:
Size: 1024
1024 MB
MB clarity.
Good
Good Memory
Memory Size:
Size: 1024
1024 MB
MB
Platform
Platform Firmware
Firmware level:
level: AL710_099
AL710_099 Output is
C rm
Firmware
Firmware Version:
Version: IBM,AL710_099
IBM,AL710_099 continued on the
Network
Network Information
Information next page.
Host
Host Name:
Name: sys304_118
sys304_118
IP
IP Address: 10.6.52.118
Address: 10.6.52.118
Sub
Sub Netmask:
Netmask: 255.255.255.0
255.255.255.0
to fo
Gateway:
Gateway: 10.6.52.254
10.6.52.254
Paging
Paging Space
Space Information
Information
Total
Total Paging
Paging Space:
Space: 512MB
512MB
Percent
Percent Used:
Used: 10%
10%
ec vo

Figure 6-9. prtconf (1 of 2) AN123.0
Notes:
oy si
prtconf is very useful command which displays an overview of the system configuration.
This is particularly useful for documentation purposes. One should run this command on a
u
regular basis and save or print the output.

cl
Ex
pr
Student Notebook
prtconf (2 of 2)
IBM Power Systems
INSTALLED
INSTALLED RESOURCE
RESOURCE LIST
LIST
The
The following
following resources
resources are
are installed
installed on
on the
the machine.
machine.
+/- Device listing
+/- == Added
Added or
or deleted
deleted from
from Resource
Resource List.
List.
** == Diagnostic
Diagnostic support
support not
not available. including “physical Second half of
.I. n
available.
location codes” the output is
Model
Model Architecture:
Architecture: chrp
chrp
Model
Model Implementation:
Implementation: Multiple
Multiple Processor,
Processor, PCI
PCI bus
bus
identical to
lscfg
.T ció
++ sys0
sys0 System
System Object
Object
++ sysplanar0
sysplanar0 System
System Planar
Planar
** pci6
pci6 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 PCI Bus
PCI Bus
++ usbhc0
usbhc0 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 USB
USB Host Controller
Host Controller (33103500)
(33103500)
++ usbhc1
USB Host
Host Controller
Controller (33103500)
(33103500)
.
++ usbhc2
USB Enhanced
Enhanced Host
Host Controller
Controller (3310e000)
(3310e000)
** pci2
pci2 U5877.001.00H0301-P1
U5877.001.00H0301-P1 PCI
PCI Express
Express Bus
Bus
C
++ ent4
ent4 U5877.001.00H0301-P1-C5-T1
U5877.001.00H0301-P1-C5-T1 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-Express
PCI-Express Adapter
Adapter (14104003)
(14104003)
.F a
++ ent5
ent5 U5877.001.00H0301-P1-C5-T2
U5877.001.00H0301-P1-C5-T2 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-Express
PCI-Express Adapter
Adapter (14104003)
(14104003)
** pci1
pci1 U5877.001.00H0301-P1
U5877.001.00H0301-P1 PCI Express Bus
PCI Express Bus
++ fcs2
fcs2 U5877.001.00H0301-P1-C3-T1
U5877.001.00H0301-P1-C3-T1 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
** fcnet0
fcnet0 U5877.001.00H0301-P1-C3-T1
U5877.001.00H0301-P1-C3-T1 Fibre
Fibre Channel
Channel Network
Network Protocol
Protocol Device
Device
C rm
++ fscsi1
fscsi1 U5877.001.00H0301-P1-C3-T1
U5877.001.00H0301-P1-C3-T1 FC
FC SCSI
SCSI I/O
I/O Controller
Controller Protocol
Protocol Device
Device
++ hdisk4
hdisk4 U5877.001.00H0301-P1-C3-T1-W500507680140581E-L4000000000000
U5877.001.00H0301-P1-C3-T1-W500507680140581E-L4000000000000 MPIO
MPIO IBM 2145 FC
IBM 2145 FC Disk
Disk
++ hdisk5
hdisk5 U5877.001.00H0301-P1-C3-T1-W500507680140581E-L5000000000000
U5877.001.00H0301-P1-C3-T1-W500507680140581E-L5000000000000 MPIO
MPIO IBM 2145 FC
IBM 2145 FC Disk
Disk
++ fcs3
fcs3 U5877.001.00H0301-P1-C3-T2
U5877.001.00H0301-P1-C3-T2 8Gb
8Gb PCI
PCI Express
Express Dual
Dual Port
Port FC
FC Adapter
Adapter (df1000f114108a03)
(df1000f114108a03)
** fcnet1
fcnet1 U5877.001.00H0301-P1-C3-T2
U5877.001.00H0301-P1-C3-T2 Fibre
Fibre Channel
Channel Network
Network Protocol
Protocol Device
Device
++ fscsi2
fscsi2 U5877.001.00H0301-P1-C3-T2
U5877.001.00H0301-P1-C3-T2 FC
FC SCSI
SCSI I/O
I/O Controller
Controller Protocol
Protocol Device
Device
** vio0
vio0 Virtual
Virtual I/O
I/O Bus
Bus
** vscsi0
vscsi0 U8233.E8B.100603P-V15-C35-T1
U8233.E8B.100603P-V15-C35-T1 Virtual SCSI Client Adapter
Virtual SCSI Client Adapter
to fo
** hdisk3
hdisk3 U8233.E8B.100603P-V15-C35-T1-L8400000000000000
U8233.E8B.100603P-V15-C35-T1-L8400000000000000 Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
** hdisk2
hdisk2 U8233.E8B.100603P-V15-C35-T1-L8300000000000000
U8233.E8B.100603P-V15-C35-T1-L8300000000000000 Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
** hdisk1
hdisk1 U8233.E8B.100603P-V15-C35-T1-L8200000000000000
U8233.E8B.100603P-V15-C35-T1-L8200000000000000 Virtual SCSI Disk Drive
** hdisk0
hdisk0 U8233.E8B.100603P-V15-C35-T1-L8100000000000000
U8233.E8B.100603P-V15-C35-T1-L8100000000000000 Virtual SCSI Disk Drive
** ent1
ent1 U8233.E8B.100603P-V15-C2-T1
U8233.E8B.100603P-V15-C2-T1 Virtual
Virtual I/O
I/O Ethernet
Ethernet Adapter
Adapter (l-lan)
(l-lan)
** vsa0
vsa0 U8233.E8B.100603P-V15-C0
U8233.E8B.100603P-V15-C0 LPAR
LPAR Virtual
Virtual Serial
Serial Adapter
Adapter
** vty0
vty0 U8233.E8B.100603P-V15-C0-L0
U8233.E8B.100603P-V15-C0-L0 Asynchronous
Asynchronous Terminal
Terminal
ec vo

Figure 6-10. prtconf (2 of 2) AN123.0
Notes:
oy si
The last function prtconf performs is to run the lscfg command as shown in the visual.
Although the prtconf –v flag can be used to display detailed Vital Product Data (VPD)
u
information, the output on the previous page is omitted. To get around this problem, simply
make a copy of the prtconf script to prtconfVPD and append a “–v” flag to the last lscfg
cl
command at the end of the script.

As follows:
Ex
# tail `which prtconf`

done
fi
pr
#devices information
lscfg ######## APPEND –v here !!! ###########
fi
V8.2
Student Notebook
Uempty
lscfg
IBM Power Systems
• lscfg can be used to display vital product data (VPD) information for
devices.
– IBM customer engineers (CEs) need this to order and replace failed
.I. n
components.
.T ció
Physical
location code
## lscfg
lscfg -v
-v -l
-l ent4
ent4
ent4
ent4 U5877.001.00H0301-P1-C5-T1
U5877.001.00H0301-P1-C5-T1 2-Port
2-Port
.
10/100/1000
10/100/1000 Base-TX PCI-Express
Base-TX PCI-Express Adapter
Adapter (14104003)
(14104003)
C
.F a
2-P VPD
2-P NIC-TX
NIC-TX PCI-e:
PCI-e: information
EC
EC Level....................D76567
C rm
Level....................D76567
Part
Part Number.................46K6601
Number.................46K6601
Manufacture
Manufacture ID..............YL1026
ID..............YL1026
FRU
FRU Number..................46K6601
Number..................46K6601
Network
Network Address.............00145E76B484
Address.............00145E76B484
to fo
ROM Level.(alterable).......EP0170
ROM Level.(alterable).......EP0170
Hardware
Hardware Location
Location Code......U5877.001.00H0301-P1-C5-T1
Code......U5877.001.00H0301-P1-C5-T1
ec vo

Figure 6-11. lscfg AN123.0
Notes:
oy si
The lscfg command displays configuration, diagnostic, and vital product data (VPD)
information about the system.
u
Use the lscfg command to display vital product data (VPD) such as part numbers, serial
cl
numbers, and engineering change levels. VPD data is required for hardware engineers
when they need to order replacement parts due to failures.
Ex
pr
Student Notebook
lsdev
IBM Power Systems
• lsdev displays device information, including the device state.

Software (AIX)
location codes
.I. n
## lsdev
lsdev |grep
|grep ent
ent
ent0
ent0 Available
Available 02-08
02-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902)
ent1
ent1 Available
Available 02-09
02-09 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902)
.T ció
ent2
ent2 Available
Available Virtual
Virtual I/O
I/O Ethernet
Ethernet Adapter
Adapter (l-lan)
(l-lan)
ent3
ent3 Available
Available Shared
Shared Ethernet
Ethernet Adapter
Adapter
## lsdev
lsdev -Cc
-Cc disk
disk
hdisk0
hdisk0 Available
Available 03-08-01-8,0
03-08-01-8,0 16
16 Bit
Bit LVD
LVD SCSI
SCSI Disk
Disk Drive
Drive
.
hdisk1
hdisk1 Available
Available 01-00-02
01-00-02 MPIO
MPIO Other
Other FCFC SCSI
SCSI Disk
Disk Drive
Drive
C
hdisk2
hdisk2 Available
Available 00-08-00
00-08-00 SAS
SAS Disk
Disk Drive
Drive -Cc : list by class
.F a
-Cl : list by device name
## lsdev
lsdev -Cl
-Cl proc2
proc2
proc2
proc2 Available
Available 00-02
00-02 Processor
Processor
C rm
## lsdev
lsdev -p
-p pci5
pci5
ent8
ent8 Available
Available 05-08
05-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902) Child
ent9
ent9 Available
Available 05-09
05-09 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902) devices
Device state
to fo
Locating the
parent
lsdev –Cl
## lsdev cd1 –F
–Cl cd1 –F parent
parent device
ide0
ide0
ec vo

Figure 6-12. lsdev AN123.0
Notes:
oy si
The lsdev command displays information about devices in the device configuration
database.
u
The -C flag requests information about all the customized devices. Newer versions of AIX
cl
assume customized devices if neither -P nor -C are coded. Any combination of the -c
Class, -s Subclass, -t Type, -l Name, -p Parent, and -S State flags selects a subset of the
customized devices.
Ex
A -P flag will display information about all devices supported by the system using the. Any
combination of the -c Class, -s Subclass, and -t Type flags selects a subset of the
supported devices.
pr
In newer versions of AIX, lsdev will assume a request for customized devices if neither -P
nor -C lags are coded.
Commonly used classes include disk, cdrom, adapter, and if (interface).
A simple script that can be useful in seeing the full parentage of a device is:
V8.2
Student Notebook
Uempty # cat parent.device

DEV=$1
while test $? -eq 0
do
printf "$DEV "; DEV=`lsdev -Cl $DEV -F parent`
done 2> /dev/null
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
lsslot
IBM Power Systems
• lsslot displays dynamic reconfigurable slots, such as hot plug slots,

and their characteristics.
.I. n
Lists all logical I/O
slots on the system
.T ció
## lsslot
lsslot -c
-c slot
slot
## Slot
Slot Description
Description Device(s)
Device(s)
U787F.001.DPM0WB8-P1-C1
U787F.001.DPM0WB8-P1-C1 Logical
Logical I/O
I/O Slot
Slot pci7
pci7 fcs1
fcs1
U787F.001.DPM0WB8-P1-C3 Logical
Logical I/O Slot pci4
pci4 sisscsia1
.
U787F.001.DPM0WB8-P1-C3 I/O Slot sisscsia1
U787F.001.DPM0WB8-P1-T5
U787F.001.DPM0WB8-P1-T5 Logical
Logical I/O
I/O Slot
Slot pci5
pci5 ent0
ent0 ent1
ent1
C
U787F.001.DPM0WB8-P1-T10 Logical
Logical I/O Slot pci3
pci3 sisscsia0
.F a
U787F.001.DPM0WB8-P1-T10 I/O Slot sisscsia0
U787F.001.DPM0WB8-P1-T12
U787F.001.DPM0WB8-P1-T12 Logical I/O
Logical I/O Slot
Slot pci2
pci2 ide0
ide0
Lists all PCI hot
U9131.52A.063412G-V1-C0
U9131.52A.063412G-V1-C0 Virtual
Virtual I/O
I/O Slot
Slot vsa0
vsa0
C rm
plug slots
## lsslot
lsslot -c
-c pci
pci
## Slot
Slot Description
Description Device(s)
Device(s)
U787F.001.DPM0WB8-P1-C1
U787F.001.DPM0WB8-P1-C1 PCI-X
PCI-X capable,
capable, 64
64 bit,
bit, 133MHz
133MHz slot
slot fcs1
fcs1
U787F.001.DPM0WB8-P1-C3 PCI-X
PCI-X capable, 32 bit, 66MHz
66MHz slot
slot sisscsia1
to fo
U787F.001.DPM0WB8-P1-C3 capable, 32 bit, sisscsia1
U787F.001.DPM0WB8-P1-C4
U787F.001.DPM0WB8-P1-C4 PCI-X capable,
PCI-X capable, 64
64 bit,
bit, 266MHz slot fcs0
266MHz slot fcs0
ec vo

Figure 6-13. lsslot AN123.0
Notes:
oy si
The lsslot command displays all the specified hot plug slots and their characteristics. Hot
plug slots are the plug-in points for connecting entities that can be added and removed
u
from the system without turning the system power off or rebooting the operating system.
The -c flag is required. It specifies the type of hot plug connector, for example, pci for hot
cl
pluggable PCI adapters. You can display only the empty, that is, available, hot plug slots
with the -a flag, the occupied slots with the -o flag, or a specific slot by using the -s flag.
Ex
The -l flag can be used to locate the slot associated with the specified DeviceName, as
listed by the lsdev command.
pr
V8.2
Student Notebook
Uempty
lsattr and chdev commands

IBM Power Systems
• Use lsattr to view and chdev change device attribute data.

## lsattr
lsattr -El
-El rmt0
rmt0
.I. n
block_size
block_size 1024
1024 BLOCK
BLOCK size
size (0=variable
(0=variable length)
length) True
True
compress
compress yes
yes UseUse data
data COMPRESSION
COMPRESSION True
True
Current block
density_set_1 size = 1KB
density_set_1 71
71 DENSITY
DENSITY setting
setting #1#1 True
True
.T ció
density_set_2
density_set_2 38
38 DENSITY
DENSITY setting
setting #2#2 True
True
extfm
extfm yes
yes UseUse EXTENDED
EXTENDED file
file marks
marks True
True
mode
mode yes
yes UseUse DEVICE
DEVICE BUFFERS
BUFFERS during
during writes
writes True
True
ret
ret no
no RETENSION
RETENSION onon tape
tape change
change or
or reset
reset True
True True indicates
ret_error no RETURN
RETURN error
error onon tape
tape change
change oror reset
reset True that the attribute
.
ret_error no True
size_in_mb
size_in_mb 36000
36000 Size
Size in
in Megabytes
Megabytes False
False is user settable
C
.F a
• To display a specific attribute:
– lsattr –E –l rmt0 -a block_size
C rm
• Tapes cannot be read when the tape device has a different block size.
– Changing the value to 0 (variable) can help overcome this problem.
## chdev
chdev -l
-l rmt0
rmt0 -a
-a block_size=0
block_size=0 Set block
to fo
rmt0 changed size to 0
rmt0 changed
## lsattr
lsattr -El
-El rmt0
rmt0 || grep
grep block_size
block_size Block size
block_size
block_size 00 BLOCK
BLOCK size
size (0=variable
(0=variable length)
length) True
True changed
ec vo

Figure 6-14. lsattr and chdev commands AN123.0
Notes:
oy si
The lsattr command displays information about the attributes of a given device or type of
device.
u
The chdev command changes the characteristics of the specified device with the given
cl
device logical name that is specified with the -l Name flag. The device can be in the
defined, stopped, or available state. Some changes may not be allowed when the device is
in the available state. When changing the device characteristics, you can supply the flags
Ex
either on the command line, or in the specified -f File flag.

pr
Student Notebook
Device states
IBM Power Systems
• Undefined
– The device is unknown to the system.
.I. n
• Defined
.T ció
– The device is know to the system but it is unavailable for use.
• Available
.
– The device is available and ready for use.
C
.F a
• Stopped
– The device is unavailable but remains known by its device driver.
C rm
• The mkdev and cfgmgr commands make devices available
for use.
• The rmdev command can make devices unavailable for use
to fo
and completely remove them from the system.
ec vo

Figure 6-15. Device states AN123.0
Notes:
oy si
Device States
u
• Undefined is not a state one can see assigned in the system, more of a reference
statement. If refers to a device which is supported but is not configured.
cl
• Defined means that the device is known to the system. It has been allocated a logical
device name, a location code, and attributes have been assigned to it. However, it is still
unavailable for use.
Ex
• Available means that the device is fully configured and is ready for use.
• Stopped mean that the device is configured, but not available for use by applications.
• When a device is first identified, it is configured and put into the Available state.
Available devices can be put into the defined or undefined state by using the rmdev
pr
command. Devices can be configured with both the mkdev or cfgmgr commands.
cfgmgr
The cfgmgr command configures devices and optionally installs device software into
the system. It can be run at any time.
V8.2
Student Notebook
Uempty
/dev directory, device configuration, and control

IBM Power Systems
• On UNIX platforms, access to devices is provided through special device

files that reside in /dev directory.
.I. n
## lsdev
lsdev -Cc
-Cc tape;
tape; ls
ls -l
-l /dev/*rmt0*
/dev/*rmt0* Tape drive will be
/dev/*rmt0*
/dev/*rmt0* not
not found
found configured by loading the
device into the kernel
.T ció
## cfgmgr
cfgmgr (/unix).
## lsdev
lsdev -Cc
-Cc tape
tape
rmt0
rmt0 Available
Available 04-08-01-2,0
04-08-01-2,0 LVD
LVD SCSI
SCSI 4mm
4mm Tape
Tape Drive
Drive
.
C
## ls
ls -l
-l /dev/*rmt0*
/dev/*rmt0*
.F a
crw-rw-rw-
crw-rw-rw- 11 root
root system
system 37,
37, 00 13
13 Oct
Oct 14:43
14:43 /dev/rmt0
/dev/rmt0
crw-rw-rw-
crw-rw-rw- 11 root
root system
system 37,
37, 11 13
13 Oct
Oct 14:43
14:43 /dev/rmt0.1
/dev/rmt0.1
…….
……. Removed
Removed rmt0.2
rmt0.2 through
through rmt0.6
rmt0.6
C rm
crw-rw-rw-
crw-rw-rw- 11 root
root system
system 37,
37, 77 13
13 Oct
Oct 14:43
14:43 /dev/rmt0.7
/dev/rmt0.7
## rmdev Minor number.

rmdev -l
-l rmt0
rmt0 The Kernel will
rmt0 Certain devices like
rmt0 Defined
Defined reference the tape tapes can behave in
device through the different ways.
to fo
## mkdev
mkdev -l
-l rmt0
rmt0 major number (37).
rmt0 Available
rmt0 Available
## rmdev
rmdev -l
-l rmt0
rmt0 -d
-d
rmt0
rmt0 deleted
deleted
ec vo

Figure 6-16. /dev directory, device configuration, and control AN123.0
Notes:
oy si
The visual shows a tape drive connected to a system but is undefined. The cfgmgr
command is run to configure and make the device available. Once available, special device
u
files have been created in /dev directory. Some devices like tapes have several special
files. Each file is assigned a major and minor number. Major and minor numbers are used
cl
by the operating system to determine the actual driver and device to be accessed by the
user-level request for the special device file.
Ex
For example, when writing files to a tape, the difference between tar –cvf /dev/rmt0
myfiles.tar and tar –cvf /dev/rmt0.1 myfiles.tar is that rmt0 will result in the tape rewinding
after the operation, whereas with rmt0.1, the tape will not rewind after the write operation.
pr
Student Notebook
rendev command
IBM Power Systems
• You must first unconfigure device to Defined state first.

## rmdev
rmdev -l
-l hdisk2
hdisk2
.I. n
hdisk2
hdisk2 Defined
Defined
.T ció
• Use rendev to change device name.
.
## rendev
rendev -l
-l hdisk2
hdisk2 –n
–n testdisk
testdisk
C
.F a
Device to be
C rm
New desired device name
renamed
• Display new device name:

to fo
## lsdev
lsdev –Cc
–Cc disk
disk
hdisk0
hdisk0 Available
Available Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
hdisk1
hdisk1 Available
Available Virtual SCSI Disk Drive
testdisk
testdisk Available
Available Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
ec vo

Figure 6-17. rendev command AN123.0
Notes:
oy si
The rendev command changes the name of the specified device with the given device
name that is specified with the -l name flag. The new desired name must not exceed 15
u
characters in length. If the name has already been used or is present in the /dev directory,
the operation fails.
cl
One of the use cases would be to rename a group of disks on which application data may
reside, to be able to distinguish them from other disks on the system.
Ex
Devices that are in use (available state) cannot be renamed; the device must first be in a
defined state. If device is a parent of other devices you must unconfigured all child devices
first. The rendev command will restore device to the Available state. The –u flag may be
pr
used to prevent the device from being configured again after it is renamed.
Disk drive devices that are members of the root volume group, or that will become
members of the root volume group (by means of LVM or install procedures), must not be
renamed. Renaming such disk drives may interfere with the ability to recover from certain
scenarios, including boot failures.
V8.2
Student Notebook
Uempty
Checkpoint
IBM Power Systems
1. What does the following location code mean?

fcs0
fcs0 U78A0.001.DNWGGRX-P1-C3-T1
U78A0.001.DNWGGRX-P1-C3-T1 4Gb
4Gb FC
FC PCI
PCI Express
Express Adapter
Adapter
.I. n
2. What is the purpose of a device major number? How would you locate
.T ció
the major number of a disk, hdisk18?
.
3. True or False: cfgmgr is a binary executable that runs at system
C
.F a
initialization time to configure devices on the system.
C rm
4. What commands can you run on AIX to document the system
configuration?
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Exercise
IBM Power Systems
.I. n
System configuration
and devices
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Unit summary
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 7. System storage overview

This unit is an overview of AIX system storage.
.I. n
.T ció
• Describe the terminology and the concepts associated with:
.
- Physical volumes
C
.F a
- Volume groups
- Logical volumes
C rm
- Physical partitions
- Logical partitions
to fo
• Describe how file systems and logical volumes are related

ec vo
oy si
References
u

Management
cl
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction

and Concepts (Redbook)
Ex

pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
– Physical volumes
.T ció
– Volume groups
– Logical volumes
.
– Physical partitions
C
– Logical partitions
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Components of AIX storage

IBM Power Systems
.I. n
Physical storage
.T ció
Logical storage
File systems
.
C
Directories
.F a
Files
C rm
to fo
Managed by
Logical Volume Manager (LVM)
ec vo

Figure 7-2. Components of AIX storage AN123.0
Notes:
oy si
Components
u
The basic components or building blocks of AIX storage are:

• Files
cl
• Directories
Ex
• File systems
• Logical storage
• Physical storage
pr
• Logical Volume Manager (LVM)

As a user, you work with files and directories. As a system administrator, you manage
storage using the Logical Volume Manager.
Student Notebook
Traditional UNIX disk storage

IBM Power Systems
.I. n
Partition 1
Partition 4
.T ció
Partition 2
Partition 3 Partition 5
.
• Problems:
C
.F a
– Fixed partitions
C rm
– Expanding size of the partition
– Limitation on size of a file system and a file
– Contiguous data requirement
to fo
– Time and effort required in planning ahead
ec vo

Figure 7-3. Traditional UNIX disk storage AN123.0
Notes:
oy si
Issues with traditional UNIX disk storage

u
Traditionally, disk partitioning has been implemented through partitions. Customers had
to select the correct size for each partition before the system could be installed.
cl
Each file system was on a partition on the hard disk.

Changing the size of the partition, and thus the file system, was no easy task. It involved
Ex
backing up the file system, removing the partition, creating new ones, and restoring the
file system.
A major limitation to partitions was that each partition had to consist of contiguous disk
space. This characteristic limited the partition to reside on a single physical drive. It
pr
could not span multiple hard disks. Since file systems were always contained within a
partition, no file system could be defined that would be larger than the largest physical
drive. This meant that no single file could be larger than the largest physical drive.
V8.2
Student Notebook
Uempty
Benefits of the LVM

IBM Power Systems
• Solves noncontiguous space problems.

• Data can span disks.
.I. n
• Sizes can be dynamically increased.
.T ció
• Data can be mirrored for availability.
• New disks are easily added to the system.
.
C
• Data can be relocated.
.F a
• LVM (data) statistics can be collected.
C rm
to fo
These tasks can be performed dynamically!
ec vo

Figure 7-4. Benefits of the LVM AN123.0
Notes:
oy si
Constraints virtually eliminated

u
The constraints with traditional UNIX disk storage have been virtually eliminated in AIX,
with the addition of the Logical Volume Manager.
cl
Note that the tasks listed in the visual, can be performed while users are on the system.
Ex
pr
Student Notebook
Logical Volume Manager components

IBM Power Systems
Physical Volume group
.I. n
partitions (PPs) Logical
partitions (LPs)
.T ció
1
2
3
.
4
C
5
write(data);
.F a
6
x
C rm
y
z
Application
Logical
volume (LVs)
to fo
Physical
volumes (PVs)
ec vo

Figure 7-5. Logical Volume Manager components AN123.0
Notes:
oy si
Introduction
u
The AIX Logical Volume Manager controls disk storage resources by mapping data
between a simple and flexible logical view of storage space and the actual physical
cl
disks.
This visual and these notes provide a brief overview of the basic components of LVM.
Ex
Components
A hierarchy of structures is used to manage disk storage:
• Volume groups
pr
• Physical volumes
• Physical partitions
• Logical volumes
• Logical partitions
V8.2
Student Notebook
Uempty Volume group (VG)

A volume group (VG) is the largest unit of storage allocation. A VG consists of a group
of one or more physical volumes (disks) all of which are accessed under one VG name.
The combined storage of all the physical volumes makes up the total size of the VG.
This space can be used by other storage entities like file systems and logical volumes.
VGs are portable and can be disconnected from one system and connected to another
system. All disks in the VG must move together.
.I. n
Physical volume (PV)
.T ció
A physical volume (PV) is the name for an actual disk or hard drive. A PV can be
internally or externally attached.
.
For a disk to be used by LVM, the disk must be added to a volume group, or a new
C
volume group must be set up for it.
.F a
A PV can only belong to one volume group (VG).
C rm
Physical partition (PP)
All of the physical volumes in a volume group are divided into physical partitions (PP).
All the physical partitions within a volume group are the same size, although different
volume groups can have different PP sizes.
to fo
Logical volume (LV)
Within each volume group, one or more logical volumes (LV) are defined. Logical
volumes are groups of information located on physical volumes. Data on logical
ec vo
volumes appears to be contiguous to the user, but can be non-contiguous on the

physical volume, or can even be located on several physical volumes.
Logical partition (LP)
oy si
Each logical volume consists of one or more logical partitions (LP). Logical partitions
are the same size as the physical partitions within a volume group. Each logical partition
u
is mapped to at least one physical partition. Although the logical partitions are
numbered consecutively, the underlying physical partitions are not necessarily
cl
consecutive or contiguous.
This allows file systems, paging space, and other logical volumes to be resized or
Ex
relocated, to span multiple physical volumes, and to have their contents replicated for
greater flexibility and availability in the storage of data.
pr
Student Notebook
Physical storage
IBM Power Systems
PP1
Volume PV1 PP2
group A PP3
PP4 Physical
.I. n
PP5 volume
PP6 /dev/hdiskn
.T ció
Volume PV2 PV3 PV4 PV5
group B
PPn
.
C
Original volume groups Big volume groups
.F a
-t factor Disks (PVs) PPs per PV Disks (PVs) -t factor
1 32 1016 128 1
C rm
2 16 2032 64 2
4 8 4064 32 4
8 4 8128 16 8
to fo
16 2 16256 8 16
N/A N/A 32512 4 32
N/A N/A 65024 2 64
ec vo

Figure 7-6. Physical storage AN123.0
Notes:
oy si
Introduction
u
Disk space on a physical volume (PV) is allocated to logical volumes (LV) in chunks
called physical partitions (PP). Each physical partition size is the same across all the
cl
disks in a volume group (VG). The PP size is set at the time the VG is created. The size
is set in megabytes on power of two boundaries (for example: 4 MB, 8 MB, 16 MB, and
so forth). The default is 4 MB.
Ex
In AIX 5L V5.2 and later, LVM defaults the PP size of a new VG to the smallest PP size
(equal or greater than 4 MB) which allows full addressing of the largest disk in the VG
given the selected maximum number of PPs per PV (defaults to 1016). The smallest PP
pr
size is 1 MB, which is supported by using a larger number of PPs per PV.
When a PV is added to a system, a file called hdiskn is added to the /dev directory. n is
a number allocated by the operating system. It is usually the next available number.
This file may be used to access the device directly but this is not often done.
V8.2
Student Notebook
Uempty Original volume group

Originally AIX supported VGs with a maximum of 32 PVs, no more than 1016 PPs per
disk, and an upper limit of 256 LVs per VG. This VG type is commonly referred to as the
original, normal, or volume group.
As disks increased in size, this meant that the PP size had to increase to use the entire
disk space and stay within the 1016 PPs per disk limit. Larger PPs means less flexibility
in allocating space for LVs, and potentially more wasted space.
.I. n
For example, for an 18 GB disk, you must have a PP size of 32 MB. A PP size of 16 MB
.T ció
would require 1152 PPs, over the limit.
Volume group -t factor
.
To handle the increase in hard disk drive capacity over time, AIX V4.3.1 implemented a
C
new volume group factor, which can be specified by the -t flag of the mkvg command,
.F a
that allows you to increase the maximum number of PPs per disk proportional to the
given integer multiplier value. The maximum number of PVs decreases proportional to
C rm
the specified -t factor.
For example, if you wanted to use an 8 MB PP size with our 18 GB disks, you would
need at least 2304 PPs per disk. Setting the -t factor to 4 would allow 4064 PPs per
to fo
disk, but would limit us to 8 disks in the VG.
Big volume group
AIX V4.3.2 expanded the LVM scalability by introducing big volume groups. A big VG
can have up to 128 physical volumes and a maximum of 512 LVs defined with it. The
ec vo
volume group -t factor can also be used with the big VG.
Using our 18 GB disk example, setting the -t factor to 4, would allow us to have a VG
with a PP size of 8 MB and 32 disks.
oy si
u
cl
Ex
pr
Student Notebook
Volume groups
IBM Power Systems
• Volume group types:

Volume Group Max Max LVs Max PPs per Max PP
– Original Type PVs VG Size
– Big
.I. n
Original 32 256 32512 1 GB
– Scalable (1016 * 32)
.T ció
Big 128 512 130048 1 GB
(1016 * 128)
• Limits Scalable 1024 4096 2097152 128 GB
.
C
.F a
• AIX contains one mandatory volumes group: rootvg
– rootvg created on system install
C rm
– Contains the AIX operating system
• Why create new volume groups?
– Separate user data from operating system files rootvg datavg
to fo
– Disaster recovery
PV1 PV2 PV3
– Data portability
– Data integrity and security
ec vo

Figure 7-7. Volume groups AN123.0
Notes:
oy si
Volume group types

u
With successive versions of AIX, new types of volume groups have been introduced
which allow for greater capacities and greater flexibility:
cl
Original volume groups

When creating a volume group with SMIT or using the mkvg command, original
Ex
volume groups are the default.

Big volume groups
Big volume groups were introduced with AIX V4.3.2. Besides increasing the number
pr
of PVs per VG, the big volume group also doubled the maximum number of LVs per
VG from 255 to 512. Support for creating big volume groups through SMIT was
introduced in AIX 5L V5.3. Previous to 5.3 big volume groups could only be created
from the command line.
V8.2
Student Notebook
Uempty Scalable volume groups

Scalable volume groups were introduced with AIX 5L V5.3. A scalable VG can
accommodate a maximum of 1024 PVs and raises the limit for the number of LVs to
4096. The -t factor does not apply to the scalable VG type.
The maximum number of PPs is no longer defined on a per disk basis but applies to
the entire VG. This opens up the prospect to configure VGs with a relatively small
number of disks, but with fine grained storage allocation options, through a large
.I. n
number of PPs which are small in size. The scalable VG can hold up to 2097152
.T ció
(2048 KB) PPs. Optimally, the size of a physical partition, can also be configured for
a scalable VG.
Existing and new volume groups
.
When the system is installed, the root volume group (rootvg) is created. rootvg
C
.F a
consists of a base set of logical volumes and physical volumes required to start the
system, and any other logical volumes you specify to the installation script.
C rm
Additional disks can either be added to rootvg, or a new volume group can be created
for them. There can be up to 255 VGs per system.
Why create separate volume groups?
to fo
It is recommended that all user and application data be separated from the OS by
placing the data into volume groups. The data should be grouped into individual volume
groups by type or purpose (for example, Oracle data). By maintaining the user file
systems and the operating system files in distinct volume groups, the user files are not
ec vo
jeopardized during operating system updates, reinstallations, and crash recoveries.

Maintenance is easier because you can update or reinstall the operating system,
without having to restore user data.
oy si
For security, you can make the volume group unavailable using varyoffvg.
u
cl
Ex
pr
Student Notebook
Volume group descriptor area

IBM Power Systems
Three-disk or more
One-disk VG Two-disk VG VG
.I. n
.T ció
VGDA VGDA VGDA
VGDA VGDA VGDA VGDA
.
C
.F a
C rm
to fo VGDA VGDA
ec vo

Figure 7-8. Volume group descriptor area AN123.0
Notes:
oy si
Volume Group Descriptor Area (VGDA)

u
The VGDA is an area of disk, at least one per PV, containing information for the entire
VG. It contains administrative information about the volume group (for example, a list of
cl
all logical volume entries, a list of all the physical volume entries, and so forth). There is
usually one VGDA per physical volume. The exceptions are when there is a volume
group with either one or two disks (as shown in the visual).
Ex
Quorum
There must be a quorum of VGDAs available to activate the volume group and make it
available for use with the varyonvg command. A quorum of VGDA copies is needed to
pr
ensure the data integrity of management data that describes the logical and physical
volumes in the volume group. A quorum is equal to 51% or more of the VGDAs
available.
A system administrator can force a volume group to varyon without a quorum. This is
not recommended and should only be done in an emergency.
V8.2
Student Notebook
Uempty
Logical storage
IBM Power Systems
Physical volumes
1 1
.I. n
4 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
.T ció
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
.
35 38 35 38
36 37 36 37
C
41 44 41 44
42 43 42 43
.F a
47 50 47 50
48 49 48 49
C rm
Logical Volume Manager
1 2 3 4 1 2 3 4
to fo
Logical
partitions
Logical Logical
volume volume
ec vo

Figure 7-9. Logical storage AN123.0
Notes:
oy si
Logical partition
u
A physical partition is the smallest unit of disk allocation. Each logical partition maps to
a physical partition which physically stores the data.
cl
The logical partitions within a volume group are the same size as the physical partitions
within that volume group.
Ex
Logical volume
A logical volume consists of one or more logical partitions within a volume group.
Logical volumes may span physical volumes if the volume group consists of more than
pr
one physical volume. Logical volumes do not need to be contiguous within a physical
volume, because the logical partitions within the logical volume are maintained to be
contiguous. The view the system sees is the logical one. Thus, the physical partitions
they point to can reside anywhere on the physical volumes in the volume group.
Logical volumes may be increased in size at any time, assuming that there are sufficient
free physical partitions within the volume group. This can be done dynamically through
Student Notebook
SMIT even when users are doing work in that logical volume. However, logical volumes
cannot easily be decreased and require a file system backup and restore to a
re-created smaller logical volume.
The mapping of which logical partition corresponds to which physical partition, is
maintained in the VGDA for the volume group. It is both a physical view and a logical
view.
LVM mapping
.I. n
The Logical Volume Manager (LVM) consists of the logical volume device driver (LVDD)
.T ció
and the LVM subroutine interface library. The LVM controls disk resources by mapping
data between a more simple and flexible logical view of storage space, and the actual
physical disks. The LVM does this using a layer of device driver code that runs above
.
traditional disk device drivers.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Uses of logical volumes

IBM Power Systems
• A logical volume may contain one of the following:

– Journaled (JFS) or enhanced journaled file system (JFS2)
– Journal log (/dev/hd8)
.I. n
– Paging space (/dev/hd6)
– Boot logical volume (/dev/hd5)
.T ció
– Dump device
– Nothing (raw logical volume)
.
C
• Examples of JFS/JFS2 logical volumes:
.F a
/dev/hd1 /home
C rm
/dev/hd2 /usr
/dev/hd3 /tmp
/dev/hd4 /
/dev/hd9var /var
to fo
/dev/hd10opt /opt
/dev/hd11admin /admin
/dev/lv00 /myfilesystem
ec vo

Figure 7-10. Uses of logical volumes AN123.0
Notes:
oy si
Introduction
u
When you install the system, one volume group (rootvg) is automatically created which
consists of a base set of logical volumes required to start the system. rootvg contains
cl
such things as paging space, the journal log, and boot data, each usually in its own
separate logical volume.
Ex
You can create additional logical volumes with the mklv command or go through the
SMIT menus. This command allows you to specify the name of the logical volume and
to define its characteristics.
JFS and JFS2 file systems
pr
The native file system on AIX is the journaled file system (JFS), or the enhanced
journaled file system (JFS2). They use database journaling techniques to maintain
consistency. It is through the file system's directory structure that users access files,
commands, applications, and so forth.
Student Notebook
Journal log
The journal log is the logical volume where changes made to the file system structure
are written until such time as the structures are updated on disk. Journaled file systems
and enhanced journaled file systems are discussed in greater detail later in the course.
Paging space
Paging space is fixed disk storage for information that is resident in virtual memory but
.I. n
is not currently being maintained in real memory.
Boot logical volume
.T ció
The boot logical volume is a physically contiguous area on the disk which contains the
boot image.
.
Dump device
C
.F a
When you install the operating system, the dump device is automatically configured for
you. By default, the primary device is /dev/hd6, which is the paging logical volume, and
C rm
the secondary device is /dev/sysdumpnull. For systems migrated from versions of AIX
earlier than V4.1, the primary dump device is what it formerly was, /dev/hd7.
Raw logical volume
to fo
A raw logical volume is simply an empty logical volume. Database applications, for
example Oracle, db2, recommend the use of raw logical volumes.
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
What is a file system?

IBM Power Systems
• A file system is:

– Method of storing data
.I. n
– Hierarchy of directories
.T ció
• Seven types are supported:
– Journaled file system (JFS)
– Enhanced journaled file system (JFS2)
.
C
– CD-ROM file system (CDRFS)
.F a
– DVD-ROM file system (UDFS)
C rm
– Network file system (NFS)
– Common Internet File System (CIFS)
– Proc File System (PROCFS)
– Autonomic Health Advisor File System (AHAFS)
to fo
• Different file systems are connected together through directories to form
the view of files that users see.
ec vo

Figure 7-11. What is a file system? AN123.0
Notes:
oy si
Introduction
u
A file system is a directory hierarchy for storing files. It has a root directory and
subdirectories. In an AIX system, the various file systems are joined together so that they
cl
appear as a single file tree with one root. Many file systems of each type can be created.
Because the available storage is divided into multiple file systems, data in one file system
Ex
could be on a different area of the disk than data of another file system. Because file
systems are of a fixed size, file system full errors can occur when that file system has
become full. Free space in one file system cannot automatically be used by an alternate file
system that resides on the same physical volume.
pr
Supported file systems

AIX supports seven file system types:
• JFS - Journaled File System, exists within a logical volume on disk
• JFS2- Enhanced Journaled File System, exists within a logical volume on disk
Student Notebook
• CDRFS - CD-ROM File System on a Compact Disc

• UDFS - Universal Disk Format (UDF) file system on DVD
• CIFS - Common Internet File System accessed across a network (To install CIFS
support on AIX, install the bos.cifs_fs package)
• NFS - Network File System accessed across a network
• PROCFS - Proc file system maps processes and kernel data structures to
.I. n
corresponding files
.T ció
• NAMEFS - NameFS provides the function of file-over-file and directory-over-directory
mounts. It allows you to mount a subtree of a file system in a different place in the file
name space. This allows a file to be accessed through two different path names.
.
Although these are physically different, they appear the same to users and applications.
C
.F a
• AHAFS - Autonomic Health Advisor File System is a part of CAA (Cluster Aware AIX) a
mediator to take the requests of event registration, monitoring and unregistering from
C rm
the processes interested in monitoring for events.
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Why have multiple file systems?

IBM Power Systems
• Can strategically place it on disk for improved performance.

• Some tasks are performed more efficiently on a file system
.I. n
than on each directory within the file system, for example,
back up, move, secure an entire file system.
.T ció
• Can limit disk usage of users by file system through quotas.
.
• Maintain integrity of the entire file system structure, for
C
example, if one file system is corrupted, the others are not
.F a
affected.
C rm
• Special security situations.
• Organize data and programs into groups for ease of file
management and better performance.
to fo
ec vo

Figure 7-12. Why have multiple file systems? AN123.0
Notes:
oy si
Benefits
u
A file system is a structure that allows you to organize your data. It is one level in the
hierarchy of your data. By placing data in separate file systems, it allows for ease of
cl
control and management of the data.

File systems can be placed on the disk in areas that provide the best performance.
Ex
Many times, backups and recoveries are done at a file system level.
Limit disk usage
Since the administrator determines the size of the file system, users are allocated only a
pr
certain amount of shared disk space. This helps to control disk usage. The
administrator can also impose more granular control over that disk space by limiting
how much space an individual user can use in a file system. This is known as file
system quotas.
Student Notebook
Data is not all in one place

By having several different file systems, all of your data is not in one place. If a file
system ever becomes corrupted, the other file systems are not affected. Also,
administrators can take a file system offline without affecting other file systems. This is
helpful when performing back ups or when limiting user access to the file system for
security reasons.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Standard file systems in AIX

IBM Power Systems
hd4
.I. n
/ (root)
.T ció
home sbin opt lpp proc usr dev tftpboot var mnt etc tmp
.
C
.F a
hd1 hd10opt hd3
C rm
hd2 hd9var
/ / / / /
to fo
csm freeware bin lib sbin spool adm tmp
Note: The drawing depicts logical, not physical volumes.

ec vo

Figure 7-13. Standard file systems in AIX AN123.0
Notes:
oy si
Initial file systems

u
When AIX is first installed on a stand-alone system there are only seven journaled file
systems and one pseudo file system (/proc) in existence:
cl
/ (root) = /dev/hd4
• At the top of the hierarchical file tree. It contains the files and directories critical for
Ex
system operations including the device directory and programs that complete the boot
process.
/usr = /dev/hd2
pr
• Operating system commands, libraries, and application programs

• Can be shared across the network
/var = /dev/hd9var
• Variable spool and log files
Student Notebook
• The files in this file system vary considerably depending on system activity.
/home = /dev/hd1
• Users' home directories (was /u in earlier versions of AIX)
• This is traditionally where user data files are stored.
/tmp = /dev/hd3
.I. n
• Space accessible to all users for temporary files and work space
• Should be cleared out frequently.
.T ció
/opt = /hd10opt
• Special file system to store freeware files
.
/proc = /proc
C
.F a
• Special pseudo file system kept in memory to support threads, or light weight processes
C rm
• This file system is not designed to store user files.
• It is a type of file system which is different from a journal file system.
• AIX supports the PROCFS implementation to improve compatibility with Linux.
to fo
/admin = /hd11admin
• There are two empty directories: lost_found and tmp.
• The permissions setting on this /admin/tmp directory is 755 and the directory is owned
ec vo
by root.
• This tmp directory has more security for applications to use.
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
/etc/filesystems
IBM Power Systems
/:
dev = /dev/hd4
vol = root
.I. n
mount = automatic
check = false
vfs = jfs2
.T ció
log = /dev/hd8
type = bootfs
/home:
.
dev = /dev/hd1
C
vol = /home
.F a
mount = true
check = true
vfs = jfs2
C rm
log = /dev/hd8
/home/team01:
dev = /dev/fslv00
vfs = jfs2
log = /dev/loglv00
to fo
mount = true
options = rw
account = false
ec vo

Figure 7-14. /etc/filesystems AN123.0
Notes:
oy si
What is /etc/filesystems?
u
The /etc/filesystems file, documents the layout characteristics, or attributes of file

systems. It is in a stanza format which means a resource is named followed by a colon
cl
and a listing of its attributes in the form of attributes = value.

Each stanza in the /etc/filesystems file, names the directory where the file system is
Ex
normally mounted.
File system attributes
The file system attributes specify all the parameters of the file system. They are as
follows:
pr
• dev For local mounts, identifies the block special file where the file system resides, or
the file or directory to be mounted
• vol Used by the mkfs command when initiating the label on a new file system
Student Notebook
• mount Used by the mount command to determine whether a file system should be
mounted by default. Possible values are:
• automatic File system mounted automatically at system startup
• true File system mounted by the mount all command. This command is issued during
system initialization to automatically mount such file systems.
• false File system is not automatically mounted
.I. n
• check Used by the fsck command to determine the default file systems to be checked.
True enables checking
.T ció
• vfs Specifies the type of mount. For example, vfs=jfs2.
• log The device to which log data is written, as the file system is modified. This option is
.
only valid for journaled file systems.
C
.F a
• type Used to group together related file systems which can all be mounted with the
mount -t command
C rm
• account Used to determine the file systems to be processed by the accounting
subsystem.
• quote Allows the system administrator to control the number of files and data blocks
to fo
that can be allocated to a user or group
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Mount
IBM Power Systems
•mount is the glue that logically connects file systems to

the directory hierarchy.
.I. n
• File systems are associated with devices represented by
special files in /dev (the logical volume).
.T ció
• When a file system is mounted, the logical volume and its
.
contents are connected to a directory in the hierarchical
C
tree structure.
.F a
## mount
mount /dev/fslv00
/dev/fslv00 /home/patsie
/home/patsie
C rm Where to
to fo
What to
mount mount it
ec vo

Figure 7-15. Mount AN123.0
Notes:
oy si
Mounting a file system

u
A file system has to be mounted in order for it to be available for use. Use the mount
command or SMIT to do this. The file system can also be umounted using the umount or
cl
unmount command, or SMIT. These commands can be executed by either the root
user or a member of the system group.
Ex
It is possible to have file systems automatically mounted at boot time. This can be
specified in the /etc/filesystems file using the mount=automatic or mount=true
parameters.
Mount points
pr
Full path names must be used when specifying the mount point. If SMIT is used to
create the file system, the mount point is created automatically.
Student Notebook
Mounting over an empty directory

IBM Power Systems
Before After
home home
.I. n
.T ció
liz john patsie liz john patsie
.
C
.F a
/
C rm
.profile
.exrc data doc
.profile
.exrc data doc
to fo
myscript myscript
ec vo

Figure 7-16. Mounting over an empty directory AN123.0
Notes:
oy si
Accessing data in a file system

u
In order for users to get access to the data contained in a file system, it must be
mounted. When the file system is mounted, it becomes a part of the hierarchical tree
cl
structure of files and directories. From the user’s perspective, there is no way to tell
where one file system ends and another begins.
Ex
pr
V8.2
Student Notebook
Uempty
Mounting over files

IBM Power Systems
Before After
home home
.I. n
.T ció
liz john patsie liz john patsie
.
C
.F a
reports pgms .profile
.exrc
C rm
/
.profile
data doc
to fo
.exrc
myscript
.profile
.exrc data doc
myscript
ec vo

Figure 7-17. Mounting over files AN123.0
Notes:
oy si
What happens when mounting over files?

u
It is possible to mount over files and subdirectories. The result is that the files and
subdirectories that have been mounted over are now hidden from the users, that is,
cl
inaccessible. They have not been lost though. They are again accessible when the
unmount command has been executed on the covering file system.
Ex
Not everyone has the authority to mount file systems randomly. Authority is based on
two things: what the default mount point is, as specified in the file /etc/filesystems, and
whether the user has write authority to that mount point. Users can issue file or directory
mounts provided they belong to the system group and have write access to the mount
pr
point. They can do device mounts only to the default mount points mentioned in the file
/etc/filesystems. root can mount anywhere under any set of permissions.
Student Notebook
Listing file systems

IBM Power Systems
## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
.I. n
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 1966080
1966080 --
-- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 131072
131072 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 4587520
4587520 --
-- yes
yes no
no
.T ció
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 655360
655360 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 393216
393216 --
-- yes
yes no
no
/proc
/proc --
-- /proc
/proc procfs
procfs --
-- --
-- yes
yes no
no
/dev/hd10opt
/dev/hd10opt --
-- /opt
/opt jfs2
jfs2 524288
524288 --
-- yes
yes no
no
.
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 --
-- yes
yes no
no
C
/dev/fslv00
/dev/fslv00 --
-- /db2
/db2 jfs2
jfs2 262144
262144 rw
rw no
no no
no
.F a
C rm
to fo
ec vo

Figure 7-18. Listing file systems AN123.0
Notes:
oy si
The lsfs command

u
You can list the various file systems that are defined using the lsfs command. This
command displays information from /etc/filesystems and from the logical volumes in a
cl
more readable format. The lsfs command also displays information about CD-ROM
file systems and remote NFS file systems.
Ex
The SMIT fastpath to get to the screen which accomplishes the same task as the lsfs
command is: smit fs.
The syntax for the lsfs command is:
lsfs [-q] [ -c | -l ] [ -v vfstype | -u mountgrp ][file system]
pr
The data may be presented in line and colon (-c) or stanza (-l) format. It is possible to
list only the file systems of a particular virtual file system type (-v), or within a particular
mount group (-u). The -q option queries the superblock for the fragment size
information, compression algorithm, and the number of bytes per inode.
V8.2
Student Notebook
Uempty
Listing logical volume information

IBM Power Systems
• List all logical volumes for a volume group

## lsvg
lsvg -l
-l rootvg
rootvg
.I. n
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
.T ció
hd5
hd5 boot
boot 11 22 22 closed/syncd
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 16
16 22 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfs2log
jfs2log 11 22 22 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs2
jfs2 15
15 30
30 22 open/syncd
open/syncd //
.
hd2
hd2 jfs2
jfs2 35
35 70
70 22 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs2
jfs2 55 10
10 22 open/syncd
open/syncd /var
/var
C
hd3 jfs2 33 66 22 open/syncd /tmp
.F a
hd3 jfs2 open/syncd /tmp
hd1
hd1 jfs2
jfs2 11 22 22 open/syncd
open/syncd /home
/home
loglv00
loglv00 jfs2log
jfs2log 11 22 22 closed/syncd
closed/syncd N/A
N/A
C rm
hd11admin
hd11admin jfs
jfs 22 44 22 open/syncd
open/syncd /admin
/admin
fslv00
fslv00
to fo jfs2
jfs2 22 44 22 closed/syncd
closed/syncd /db2
/db2
ec vo

Figure 7-19. Listing logical volume information AN123.0
Notes:
oy si
Viewing logical volume information

u
lsvg -l rootvg
Provides information about the logical volumes in the rootvg volume group.
cl
lslv lvname
Ex
This provides status information about the selected logical volume within the volume
group. For example, lslv hd6.
pr
Student Notebook
Checkpoint (1 of 3)
IBM Power Systems
5. V______ G______
1. V______ G______
.I. n
D ______ A______
VGDA 6. P______ V______
.T ció
2. P______ P ______
.
C
.F a
C rm
3. L_____ P______
to fo
4. L______ V_______
ec vo

Figure 7-20. Checkpoint (1 of 3) AN123.0
Notes:
oy si
For each item in the visual, fill in the blanks to complete the correct term for the indicated
LVM component.
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Checkpoint (2 of 3)
IBM Power Systems
7. How many different physical partition (PP) sizes can be set within a
single VG?
.I. n
8. By default, how big are PPs?
.T ció
9. How many volume groups (VGs) can a physical volume (PV) belong
.
to?
C
.F a
a. It depends on what you specify through SMIT
b. Only one
C rm
c. As many VGs as exist on the system
10. True or False: All VGDA information on your system is identical,

to fo
regardless of how many VGs exist.
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Checkpoint (3 of 3)
IBM Power Systems
Use the following output to answer the questions below:
## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount PtPt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
.I. n
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 294912
294912 -- -- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 32768
32768 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 3309568
3309568 ---- yes
yes no
no
.T ció
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 65536
65536 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 131072
131072 -- -- yes
yes no
no
/dev/hd10opt
/dev/hd10opt ---- /opt
/opt jfs2
jfs2 163840
163840 -- -- yes
yes no
no
/dev/cd0
/dev/cd0 --
-- /infocd
/infocd cdrfs
cdrfs ro
ro yes
yes no
no
.
/dev/lv00
/dev/lv00 --
-- /home/john
/home/john jfs2
jfs2 32768
32768 rw
rw yes
yes no
no
C
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 -- -- yes
yes no
no
.F a
11. With which logical volume is the /home file system associated?
C rm
12. What types of file systems are being displayed?
13. What is the mount point for the file system located on the /dev/hd4 logical
to fo
volume?
14. Which file system is used primarily to hold user data and home directories?
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
System
storage
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
– Volume groups
.
– Logical volumes
C
.F a
– Physical partitions
C rm
– Logical partitions
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 8. Working with the Logical Volume Manager

This unit describes how to work with logical volumes, physical
volumes, and volume groups.
.I. n
.T ció
.
• Explain how to work with the Logical Volume Manager
C
.F a
• Add, change, and delete:
- Volume groups
C rm
- Logical volumes
- Physical volumes
• Describe essential LVM concepts, such as:
to fo
- Mirroring
- Striping
ec vo

oy si
u
References
cl

Management
AIX Version 7.1 Command References
Ex

pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
– Volume groups
– Logical volumes
.
C
.F a
– Mirroring
C rm
– Striping
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty

IBM Power Systems
# smit lvm
Logical
Logical Volume
Volume Manager
Manager
.I. n
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.T ció
Volume
Volume Groups
Groups
Logical
Logical Volumes
Volumes
Physical
Physical Volumes
Volumes
.
Paging
Paging Space
Space
C
.F a
C rm
to fo
ec vo

Figure 8-2. Logical Volume Manager AN123.0
Notes:
oy si
Introduction
The SMIT Logical Volume Manager menu is used to manage many aspects of the system's
u
storage.
cl
• Volume groups: The SMIT Volume Groups menu provides facilities to manipulate the
volume groups in the system.
Ex
• Logical volumes: The SMIT Logical Volumes menu provides facilities to manipulate
the logical volumes in the system. Logical volumes which contain journaled file
systems, paging space, or dump volumes can also be manipulated from their respective
menus.
pr
• Physical volumes: The SMIT Physical Volumes menu allows the user to configure the
physical volumes (fixed disks) in the system. This menu duplicates options on the Fixed
Disks menu of Devices.
• Paging space: The SMIT Page Space menu allows a user to add, delete, activate, and
list the paging spaces available.
Student Notebook
SMIT Volume Groups menu

IBM Power Systems
Volume
Volume Groups
Groups
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.I. n
List
List All
All Volume
Volume Groups
Groups
Add
Add aa Volume
Volume Group
.T ció
Group
Set
Set Characteristics
Characteristics of of aa Volume
Volume Group
Group
List
List Contents
Contents ofof aa Volume
Volume Group
Group
Remove
Remove aa Volume
Volume Group
Group
.
Activate
Activate aa Volume
Volume Group
Group
Deactivate
Deactivate aa Volume
Volume Group
C
Group
.F a
Import
Import aa Volume
Volume Group
Group
Export
Export aa Volume
Volume Group
Group
Mirror
Mirror a Volume Group
a Volume Group
C rm
Unmirror
Unmirror aa Volume
Volume Group
Group
Synchronize
Synchronize LVM
LVM Mirrors
Mirrors
Back
Back Up
Up aa Volume
Volume Group
Group
Remake
Remake aa Volume
Volume Group
Group
Preview
Preview Information
Information about
about aa Backup
Backup
to fo
Verify
Verify the
the Readability
Readability of of aa Backup
Backup (Tape
(Tape only)
only)
View
View the
the Backup
Backup Log
Log
List
List Files
Files in
in aa Volume
Volume Group
Group Backup
Backup
Restore
Restore Files
Files in
in aa Volume
Volume Group
Group Backup
Backup
ec vo

Figure 8-3. SMIT Volume Groups menu AN123.0
Notes:
oy si
The visual shows the SMIT screen that allows for the configuration of volume groups.
u
To get to this menu, use the SMIT fastpath, smit vg.

cl
Ex
pr
V8.2
Student Notebook
Uempty
Adding a volume group to the system

IBM Power Systems
# smit mkvg mkvg –y datavg hdisk1 hdisk2

Add
Add aa Volume
Volume Group
Group
.I. n
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.T ció
Add
Add an
an Original
Original Volume
Volume Group
Group
Add
Add aa Big
Big Volume
Volume Group
Group
Add aa Scalable
Scalable Volume
Volume Group
.
Add Group
C
.F a
Add
Add an
an Original
Original Volume
Volume Group
Group
[Entry
[Entry Fields]
C rm
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg]
Physical
Physical partition
partition SIZE
SIZE in
in megabytes
megabytes ++
** PHYSICAL VOLUME names
PHYSICAL VOLUME names [hdisk1 hdisk2]
[hdisk1 hdisk2] ++
Force
Force the
the creation
creation of
of aa volume
volume group?
group? no
no ++
Activate volume group AUTOMATICALLY yes ++
to fo
Activate volume group AUTOMATICALLY yes
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++
ec vo

Figure 8-4. Adding a volume group to the system AN123.0
Notes:
oy si
The mkvg command

u
The mkvg command is used to create a volume group. A new volume group must contain
at least one physical volume. The -y option is used to indicate the name for the new volume
cl
group. If this is not specified, a system generated name is used.

It is best not to select a physical partition size as the system will select the best fit
Ex
automatically. The default is the smallest physical partition size consistent with the
maximum PP/PV and the largest physical volume in the volume group.
Using SMIT
The volume group MAJOR NUMBER on the SMIT dialog screen is used by the kernel to
pr
access that volume group. This field is most often used for PowerHA where the major
number ideally should be the same for all nodes in the cluster.
Concurrent capable VGs are used for parallel processing applications, whereby the volume
group is read/write accessible to multiple machines at the same time.
Student Notebook
Adding a scalable volume group to the system

IBM Power Systems
# smit mkvg mkvg –S –y db2_vg hdisk3
.I. n
Add
Add aa Scalable
Scalable Volume
Volume Group
Group
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
all desired
desired changes.
changes.
[Entry
[Entry Fields]
.
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg]
C
Physical
Physical partition
partition SIZE
SIZE in
in megabytes ++
.F a
megabytes
** PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk3]
[hdisk3] ++
Force
Force the
the creation
creation of
of aa volume
volume group?
group? no
no ++
C rm
Activate
Activate volume
volume group
group AUTOMATICALLY
AUTOMATICALLY yes
yes ++
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++
Max
Max PPs
PPs per
per VG
VG in
in units
units of
of 1024
1024 32
32 ++
to fo
Max Logical Volumes
Max Logical Volumes 256
256 ++
Enable
Enable Strict
Strict Mirror
Mirror Pools
Pools No
No ++
Infinite
Infinite Retry Option
Retry Option no
no ++
ec vo

Figure 8-5. Adding a scalable volume group to the system AN123.0
Notes:
oy si
Additional options for scalable volume groups

u
There is a separate SMIT panel for adding scalable volume groups. Besides creating a
different format VGDA, the administrator has the option to set the Maximum PPs per VG,
cl
and the Max Logical Volumes for the volume group.

With non-scalable volume groups, LVM allows tuning of the number of physical partitions
Ex
for each physical volume through the -t factor. In scalable volume groups, the physical
partitions are managed on a volume group wide basis.
The maximum number of logical volumes was fixed depending upon the type of volume
group. Now, in scalable volume groups, the maximum is tunable.
pr
V8.2
Student Notebook
Uempty
Listing volume groups and VG attributes

IBM Power Systems
## lsvg
lsvg
rootvg
rootvg
datavg
datavg
db2_vg
.I. n
db2_vg
## lsvg
lsvg -o
-o
.T ció
datavg
datavg
rootvg
rootvg
## lsvg
lsvg rootvg
rootvg
.
C
VOLUME
VOLUME GROUP:
GROUP: rootvg
rootvg VG
VG IDENTIFIER:
IDENTIFIER:
.F a
00cf2e7f00004c000000011cec07b52e
00cf2e7f00004c000000011cec07b52e
VG
VG STATE:
STATE: active
active PP
PP SIZE:
SIZE: 64
64 megabyte(s)
megabyte(s)
VG PERMISSION:
VG PERMISSION: read/write
read/write TOTAL
TOTAL PPs:
PPs: 130
130 (8320
(8320 megabytes)
megabytes)
C rm
MAX
MAX LVs:
LVs: 256
256 FREE
FREE PPs:
PPs: 54
54 (3456
(3456 megabytes)
megabytes)
LVs:
LVs: 11
11 USED
USED PPs:
PPs: 76
76 (4864
(4864 megabytes)
megabytes)
OPEN
OPEN LVs:
LVs: 99 QUORUM:
QUORUM: 22 (Enabled)
(Enabled)
TOTAL
TOTAL PVs:
PVs: 22 VG
VG DESCRIPTORS:
DESCRIPTORS: 33
STALE
STALE PVs:
PVs: 00 STALE
STALE PPs:
PPs: 00
ACTIVE
ACTIVE PVs:
PVs: 22 AUTO
AUTO ON:
ON: yes
yes
to fo
MAX
MAX PPs
PPs per
per VG:
VG: 32512
32512
MAX
MAX PPs
PPs per
per PV:
PV: 1016
1016 MAX
MAX PVs:
PVs: 32
32
LTG
LTG size
size (Dynamic):
(Dynamic): 256
256 kilobyte(s)
kilobyte(s) AUTO
AUTO SYNC:
SYNC: no
no
HOT
HOT SPARE:
SPARE: no
no BB
BB POLICY:
POLICY: relocatable
relocatable
ec vo

Figure 8-6. Listing volume groups and VG attributes AN123.0
Notes:
oy si
The lsvg command, with no parameters, lists the volume groups in the system. If used with
the –o options, all varied on/active volume groups are displayed.
u
To further list the information about the status and content of a particular volume group, run
cl
lsvg <Volumegroup_name>
The output provides status information about the volume group. The most useful
Ex
information here is:

• Volume group state (VG STATE - active or inactive/complete if all physical volumes are
active)
• Physical partition size
pr
• Total number of physical partitions (TOTAL PPs)

• Number of free physical partitions (FREE PPs)
Student Notebook
Listing PVs in a VG and VG contents

IBM Power Systems
## lsvg
lsvg -p
-p rootvg
rootvg
rootvg:
rootvg:
PV_NAME PV
PV STATE TOTAL
TOTAL PPs FREE
FREE PPs FREE
FREE DISTRIBUTION
.I. n
PV_NAME STATE PPs PPs DISTRIBUTION
hdisk0
hdisk0 active
active 99
99 23
23 15..00..00..00..08
15..00..00..00..08
hdisk5
hdisk5 active
active 31
31 31
31 07..06..06..06..06
07..06..06..06..06
.T ció
.
## lsvg
lsvg -l-l rootvg
rootvg
rootvg:
C
rootvg:
.F a
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT
POINT
POINT
hd5
hd5 boot
closed/syncd N/A
N/A
C rm
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
open/syncd /var
/var
to fo
hd3
hd3 jfs
open/syncd /tmp
/tmp
hd1
hd1 jfs
open/syncd /home
/home
hd10opt
hd10opt jfs
open/syncd /opt
/opt
ec vo

Figure 8-7. Listing PVs in a VG and VG contents AN123.0
Notes:
oy si
The lsvg -p Volumegroup command gives information about all of the physical volumes
within the volume group. The information given is:
u
• Physical volume name (PV_NAME)

cl
• Physical volume state (PV STATE - active or inactive)

• Total number of physical partitions (TOTAL PPs)
Ex
• Number of free physical partitions (FREE PPs)

• How the free space is distributed across the disk (FREE DISTRIBUTION)
Free distribution is the number of physical partitions allocated within each section of the
pr
physical volume: outer edge, outer middle, center, inner middle, and inner edge.
The lsvg -l Volumegroup command gives information about all of the logical volumes
within the volume group. The details given are:
• Logical volume name (LVNAME)
V8.2
Student Notebook
Uempty • Type of logical volume (TYPE, for example, file system, paging)
• Number of LPs (LPs)
• Number of physical partitions (PPs)
• Number of physical volumes (PVs)
• Logical volume state (LV STATE)
.I. n
• Mount point (MOUNT POINT), if the logical volume contains a journaled file system
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Change a Volume Group

IBM Power Systems
# smit chvg chvg –a n –Q n datavg
.I. n
Change
Change aa Volume
Volume Group
Group
.T ció
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name datavg
datavg
** Activate
Activate volume
volume group
group AUTOMATICALLY
AUTOMATICALLY no
no ++
at system restart?
.
at system restart?
** AA QUORUM
QUORUM ofof disks
disks required
required to
to keep
keep the
the volume
volume no
no ++
C
group
group on-line
on-line ??
.F a
Convert
Convert this
this VG
VG to
to Concurrent
Concurrent Capable?
Capable? no
no ++
Change
Change to
to big
big VG
VG format?
format? no
no ++
C rm
Change
Change to
to scalable
scalable VG
VG format?
format? no
no ++
LTG Size in kbytes
LTG Size in kbytes 256
256 ++
Set
Set hotspare
hotspare characteristics
characteristics nn ++
Set
Set synchronization characteristics
synchronization characteristics of
of stale
stale nn ++
partitions
partitions
to fo
Max
Max PPs
PPs per
per VG
VG in
in units
units of
of 1024
1024 32
32 ++
Max Logical Volumes
Max Logical Volumes 256
256 ++
Mirror
Mirror Pool
Pool Strictness
Strictness ++
Infinite
Infinite Retry
Retry Option
Option no
no ++
ec vo

Figure 8-8. Change a Volume Group AN123.0
Notes:
oy si
The chvg command changes the characteristics of a volume group. In the example shown
in the visual attributes, Activate volume group AUTOMATICALLY at system restart?
u
and A QUORUM of disks required to keep the volume group on-line? were set to
cl
No, which causes the following command to run: chvg –a n –Q n datavg

Ex
pr
V8.2
Student Notebook
Uempty
Extend and reduce a VG

IBM Power Systems
## extendvg
extendvg -f
-f rootvg
rootvg hdisk2
hdisk2
## lsvg
lsvg -p rootvg || awk
-p rootvg awk ‘{print
‘{print $1,
$1, $2}’
$2}’
rootvg:
rootvg:
.I. n
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active
hdisk1
hdisk1 active
active hdisk2
.T ció
hdisk2
hdisk2 active
active
.
C
.F a
hdisk0 hdisk1
C rm
## reducevg
reducevg -d
## lsvg
-d rootvg
rootvg hdisk1
lsvg -p rootvg || awk
rootvg:
-p rootvg
hdisk1
awk ‘{print
‘{print $1,
$1, $2}’
$2}’
to fo
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active hdisk1
hdisk2
hdisk2 active
active
ec vo

Figure 8-9. Extend and reduce a VG AN123.0
Notes:
oy si
Add a physical volume to a volume group

u
To add a disk to an existing volume group, use the extendvg command or SMIT fastpath
smit extendvg. The disk must be installed in the system or connected to it externally, and
cl
must be powered on.

extendvg formats the disk into physical partitions and then adds them to the physical
Ex
partition mapping maintained in the VGDA for the volume group. The space on the new
disk is now available to be allocated to logical volumes in the volume group. If the existing
data in the VGDA on the disk shows that it is part of another volume group, the -f option
forces the addition of the disk to the volume group, without requesting confirmation.
pr
Use this option when adding a disk which has been previously used, but contains data
which is no longer needed.
The syntax for the extendvg command is:
extendvg [-f] Volumegroup hdiskn
Student Notebook
Remove a physical volume from a volume group

The reducevg command is used to remove a physical volume from a volume group. If it is
the last physical volume, the volume group is removed. To remove a disk from the volume
group, first be sure to free up all the storage on the disk by either deleting the logical
volumes or migrating them to some other disk in the volume group. Once there are no
logical volumes, on the disk, you can remove that disk from the volume group by using the
reducevg command or the SMIT fastpath smit reducevg.
.I. n
The syntax for the reducevg command is:
.T ció
reducevg [-d] [-f] Volumegroup hdiskn
The -d option deallocates the existing logical volume partitions, and then deletes resultant
empty logical volumes from the specified physical volumes. User confirmation is required
.
unless the -f flag is added.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Remove a volume group

IBM Power Systems
# smit reducevg2 reducevg -df db2_vg hdisk2 hdisk3
Remove
Remove aa Volume
Volume Group
.I. n
Group
Type
Type or
or select
select aa value
value for
for the
the entry
entry field.
field.
.T ció
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
** VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg] ++
C
.F a
C rm
to fo
ec vo

Figure 8-10. Remove a volume group AN123.0
Notes:
oy si
You can use the smit reducevg2 fastpath to remove a volume group. It runs a script which
identifies what physical volumes are in the volume group and then runs the reducevg
u
command to remove each physical volume until there are no more physical volumes in the
volume group.
cl
The Remove a Volume Group menu does not have a corresponding high-level command.
The correct way to remove a volume group, is to use the Remove a Physical Volume
Ex
from a Volume Group option, which calls the reducevg command. This removes the
volume group when you remove the last physical volume within it.
The syntax of the reducevg command is:
pr
reducevg [-d] [-f] VolumeGroup PhysicalVolume
Student Notebook
Activate and Deactivate a Volume Group

IBM Power Systems
# smit varyonvg varyonvg datavg

Activate
Activate aa Volume
Volume Group
Group
.I. n
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
.T ció
RESYNCHRONIZE
RESYNCHRONIZE stale
stale physical
physical partitions?
partitions? yes
yes ++
Activate
Activate volume group in
volume group in SYSTEM
SYSTEM no
no ++
MANAGEMENT
MANAGEMENT mode?
mode?
FORCE
FORCE activation
activation ofof the
the volume
volume group? no ++
.
group? no
Warning--this
Warning--this may
may cause
cause loss
loss of
of data
data integrity.
integrity.
C
Varyon
Varyon VG
VG in
in Concurrent
Concurrent Mode? no ++
.F a
Mode? no
Synchronize
Synchronize Logical
Logical Volumes?
Volumes? no
no ++
C rm
# smit varyoffvg varyoffvg datavg
Deactivate
Deactivate aa Volume
Volume Group
Group
to fo
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
Put
Put volume group in
volume group in SYSTEM
SYSTEM no
no ++
MANAGEMENT mode?
MANAGEMENT mode?
ec vo

Figure 8-11. Activate and Deactivate a Volume Group AN123.0
Notes:
oy si
The varyonvg command

u
The varyonvg command is used to activate a volume group that is not activated at system
startup, or has been added to the system since startup.
cl
The -f option is used to force a volume group online. It allows a volume group to be made
active that does not currently have a quorum of available disks. Any disk that cannot be
Ex
brought to an active state is put in a removed state. At least one disk must be available for
use in the volume group.
The varyoffvg command
The varyoffvg command is used to deactivate a volume group. No logical volumes should
pr
be open when this command is issued. Removing a disk without deactivating the volume
group could cause errors and loss of data in the volume group descriptor areas, and the
logical volumes within that volume group.
V8.2
Student Notebook
Uempty
Import and Export a Volume Group

IBM Power Systems
# smit importvg importvg –y datavg hdisk3

Import
Import aa Volume
Volume Group
Group
.I. n
[Entry
[Entry Fields]
Fields]
.T ció
VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg]
** PHYSICAL
PHYSICAL VOLUME
VOLUME name
name [hdisk3]
[hdisk3] ++
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
.
C
.F a
# smit exportvg exportvg datavg
C rm
Export
Export aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
to fo
Note: The volume group must be inactive before it is exported.
ec vo

Figure 8-12. Import and Export a Volume Group AN123.0
Notes:
oy si
Exporting a volume group

u
If you export the volume group from the current system using the exportvg command, this
removes all information about the volume group from the system. This is only local system
cl
(ODM data) operation -- no data in volume group changed. To export a volume group, it
must be inactive first.
Ex
Importing a volume group

If you have a volume group on one or more external disks that you want to access on
another system, it must be imported to the system using the importvg command. Never
attempt to import volume group which is active (varied on) on another system.
pr
Student Notebook
Logical storage
IBM Power Systems
Physical volumes
.I. n
1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 13
.T ció
16 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32
.
32 33 35 33
35 38 38
36 36 37
C
41 37 41 44
44
.F a
42 43 42 43
47 50 47 50
48 49 48 49
C rm
1 2 3 4 1 2 3 4
to fo
Logical
partitions
Logical Logical
volume volume
ec vo

Figure 8-13. Logical storage AN123.0
Notes:
oy si
Logical volumes
u
A logical volume is a group of logical partitions which may span physical volumes, as
long as the physical volumes are in the same volume group. A file system resides on
cl
top of a logical volume (LV). A logical volume can be dynamically extended.

Logical partitions
Ex
Logical partitions are mapped one-to-one to physical partitions unless they are being
mirrored.
pr
V8.2
Student Notebook
Uempty
LVM and RAID support

IBM Power Systems
• LVM supports the following three software RAID configurations:

– RAID 0, Striping
.I. n
– RAID 1, Mirroring (up to 3 copies)
– RAID 10 or 1 + 0, Striping + Mirroring
.T ció
• Striping aides performance, whereas mirroring aides availability.
.
C
• In today’s environment, most data resides in SANs. Disks in a SAN are
.F a
generally grouped together into a RAID array and divided into LUNs.
C rm
– AIX sees LUNs as physical disks.
– One should not further deploy AIX RAID configurations on top of H/W (SAN)
RAID configurations.
– SAN environments provide greater levels of RAID support (performance and
to fo
availability).
– LUNs can be increased in size. If so, AIX must know about it:
# chvg -g datavg
ec vo

Figure 8-14. LVM and RAID support AN123.0
Notes:
oy si
LVM supports three software RAID configurations:

u
• RAID 0. Striping provides improved performance and additional storage, but no fault
tolerance. Any disk failure destroys the array, which becomes more likely with more
cl
disks in the array. A single disk failure destroys the entire array because when data is
written to a RAID 0 drive, the data is broken into fragments. The fragments are written
to their respective disks simultaneously on the same sector. This allows smaller
Ex
sections of the entire chunk of data to be read off the drive in parallel, giving this type of
arrangement huge bandwidth. RAID 0 does not implement error checking so any error
is unrecoverable. More disks in the array means higher bandwidth, but greater risk of
data loss.
pr
• RAID 1.Mirroring on AIX provides fault tolerance from disk errors by creating up to three
copies of the data on different drives.
• RAID 10 Combines RAID levels 0 + 1. Striping + mirroring provides fault tolerance
along with improved performance.
Student Notebook
LVM options which affect performance

IBM Power Systems
• Inter- and intra-policy

– Logical volume placement on disk
.I. n
• Scheduling policy
.T ció
– Dictates how data is read/written for mirrored LVs
.
• Mirror write consistency
C
.F a
– Ensures mirrored PPs are consistent
C rm
• Write verify
– Verifies all writes with a read operation
to fo
– Default is no. Generally it is not recommended to set to yes as it will
impact system (write) performance.
ec vo

Figure 8-15. LVM options which affect performance AN123.0
Notes:
oy si
The visual highlights key LVM options which affect performance.

u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Mirroring (RAID1)
IBM Power Systems
• Mirroring is when a logical partition maps to more than one

physical partition of the same volume group.
.I. n
.T ció
hdisk0 fslv00
First copy PP1
PP2 LP1
.
LP2
C
.F a
hdisk1
Second copy
C rm
PP1
PP2
hdisk2
to fo
Third copy PP1
PP2
ec vo

Figure 8-16. Mirroring (RAID1) AN123.0
Notes:
oy si
Mirroring of data over multiple drives protects against a potential hardware failure. The
structure of LVM enables mirroring by manipulating the relationship between the physical
u
partition and the logical partition. The AIX mirror function does not apply to a physical disk,
only to logical volumes. This is the most important principle to understand for the AIX LVM
cl
mirroring function. In a normal operating environment each physical partition is mapped to

a logical partition. When you mirror data, the ratio becomes one logical partition to two
Ex
physical partitions for a two-way mirror. Or, one logical partition to three physical partitions
for a three-way mirror.
pr
Student Notebook
Mirroring, allocation
IBM Power Systems
• When mirroring, it is essential that all PP copies are stored on

different disks.
.I. n
.T ció
• This setting is controlled by the Allocation policy.
– This is also referred to as strictness.
.
C
.F a
• Allocation can be set to:
– No: This is not recommended.
C rm
– Yes (default): This ensures that no LP copies can share the same PV.
– Superstrict: Ensures that a given PV does not have a mixture of
primary and secondary copies, in addition to strictness.
to fo
ec vo

Figure 8-17. Mirroring, allocation AN123.0
Notes:
oy si
When mirroring data, it is essential that all PP copies are stored on different disks. The
placement of PP is governed by the allocation policy, which by default is set to strict. Strict
u
policy ensures that all mirrored copies are placed on different disks. However, under LVM
RAID 0 +1 configurations, strict policy can lead to situations where mirrored copies of the
cl
data are on the same disk. To protect against this, the system will automatically set the
allocation policy to superstrict. Also, using an initial non-mirrored allocation with the
Ex
inter-policy set to spread the allocations over multiple disks (the so called poor man’s
striping) can result in a non-superstrict situation when mirroring is implemented. When
implementing the LVM snapshot VG, the mirroring must be superstrict.
pr
V8.2
Student Notebook
Uempty
Striping (RAID 0)
IBM Power Systems
• Consecutive stripe units are

created on different physical
1 4 7 LP1 volumes.
.I. n
1
Stripe hdisk0
.T ció
2 • Striping increases read/write
units 3 sequential throughput by
LP2 4 evenly distributing stripe units
.
2
5 8 among disks.
C
5
.F a
6
hdisk1 • Stripe unit size is specified at
C rm
7 the creation time.
8 – 4 KB to 128 MB
3 6 9
LP3 9
to fo
Stream of
data
hdisk2
ec vo

Figure 8-18. Striping (RAID 0) AN123.0
Notes:
oy si
Striping
u
Striping is a technique for spreading the data in a logical volume across several disks, so
that the I/O capacity of the disk drives can be used in parallel, so to access data on the
cl
logical volume.
Striping is designed to increase the read/write performance of frequently accessed, large
Ex
sequential files. Striping can also be used to distribute data evenly across a set of disks, so
that random I/O can be scattered across many drives simultaneously. In non-striped logical
volumes, data is accessed using addresses to data blocks within physical partitions. In a
striped logical volume, data is accessed using addresses to stripe units.
pr
Stripe size
The size of the stripe unit is specified at creation time. The stripe size can range from 4 KB
-128 MB in powers of two.
Student Notebook
Constraints
There are some constraints imposed by implementing striping:
• The number of physical partitions allocated to a striped logical volume must evenly
distributable among the disks.
• At least two physical volumes are required
Performance considerations
.I. n
There are some considerations in configuring striping for performance:
.T ció
• Use as many adapters as possible. For example, if multiple disks in the stripe width are
on the same storage adapter, a read/write of a stripe is not able to read/write the stripe
units in parallel.
.
C
• Design to avoid contention with other uses of the disks used by the striped logical
.F a
volume.
• Create on a volume group dedicated to striped logical volumes.
C rm
It is not a good idea to mix striped and non-striped logical volumes in the same physical
volume. Physical volumes should ideally be the same size within the set used for a striped
logical volume. Just because a logical volume is striped, it does not mean that the file's
to fo
data blocks are going to be perfectly aligned with the stripe units. Therefore, if a file block
crosses a stripe boundary, the block gets split into multiple LVM I/Os.
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Striping and mirroring (RAID 10 or 1+0)

IBM Power Systems
1 3 5 1 3 5 1
.I. n
2
hdisk2 hdisk0 3
.T ció
4
5
.
2 2 4 6
4 6
6
C
.F a
Stream of
hdisk3 hdisk1 data
C rm
• Meets performance and high availability requirements
• More expensive (requires more disks, minimum four)
to fo
• Mirroring allocation automatically set to superstrict
ec vo

Figure 8-19. Striping and mirroring (RAID 10 or 1+0) AN123.0
Notes:
oy si
RAID 10 meets performance and high availability requirements by mirroring strip sets to
different disks. However, this comes at a cost as more disks are required (minimum 4).
u
cl
Ex
pr
Student Notebook
Mirror pools
IBM Power Systems
• Mirror pools simplify the task of isolating a logical volume

copy to a specific group of physical volumes.
.I. n
.T ció
hdisk0
PP1
First copy PP3
on PoolA
.
hdisk1 lv00
PP2
C
PoolB hdisk PP4 LP1
.F a
should be on LP2
remote storage LP3
C rm
server!
hdisk2 LP4
PP1
PP3
Second copy
on PoolB hdisk3
PP2
to fo
PP4
ec vo

Figure 8-20. Mirror pools AN123.0
Notes:
oy si
This visual shows an example of RAID 10, a combination of RAID 1 + 0 Mirroring of data
over multiple drives that protects against a potential hardware failure. Copies of LP1 are on
u
hdisk0 and hdisk2, and copies of LP2 are on hdisk1 and hdisk3. Physically, hdisk0/hdisk1
and hdisk2/hdisk3 are placed on different SAN storage servers. Now, let‘s imagine that
cl
lv00 is placed to more than four hdisks and we need to be sure that all copies are placed on
different storage servers. Also consider that we need to increase the size of lv00 and that
Ex
we are required to attach more hdisks to our system. Proper PP distribution is not an easy
task in this situation.
Mirror pools simplify the task of mirroring data over multiple drives.
pr
Mirror pool requirements and restrictions:

• A mirror pool is made up of one or more physical volumes (hdisk).
• Each physical volume can only belong to one mirror pool.
• Mirror pools are only available for scalable volume groups.
• rootvg cannot be assigned to mirror pools (rootvg cannot be a scalable volume group).
V8.2
Student Notebook
Uempty • Mirror pools are available in AIX 7.1 and AIX V6.1 TL 2 and up.
• After assigning PVs (physical volumes) to a mirror pool, the volume group can no longer
be imported to a previous version of AIX that does not support mirror pools.
• Any changes to mirror pool characteristics will not affect partitions allocated before the
changes were made. The reorgvg command should be used after mirror pool changes
are made to move the allocated partitions to conform to the mirror pool restrictions.
.I. n
No additional commands for mirror pools have been added to AIX. Instead, the existing AIX
LVM commands have been extended to incorporate the mirror pool functionality. Following
.T ció
are some examples of mirror pool enhanced AIX LVM commands.
To create a mirror pool with the defined list of disk (disks should be part of a vg):
.
# chpv –p <mirror_pool_name> <hdisk list>
C
.F a
To create a logical volume in the given mirror pools:
# mklv -c 2 -p copy1=PoolA -p copy2=PoolB datavg 10
C rm
To list mirror pools defined in volume group:
# lsmp datavg
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Logical volume placement

IBM Power Systems
• Intra-physical volume allocation policy

Middle Inner-edge
.I. n
Center Inner-middle
.T ció
Edge
.
C
• Inter-physical volume allocation policy
.F a
– Minimum (default)
C rm
• 1 LV copy: One (or minimum) PV should contain all PPs
• 2 or 3 LV copies: Use as many PVs as copies, keeping PV usage down to
a minimum.
– Maximum
to fo
• PPs should be spread over as many PVs as possible.
Note: These settings have little effect when used in SAN environments, whereby
LUNs are in RAID configurations.
ec vo

Figure 8-21. Logical volume placement AN123.0
Notes:
oy si
Introduction
u
When creating or changing a logical volume you can define the way the Logical Volume
Manager decides which physical partitions to allocate to the logical volume. This affects
cl
the performance of the logical volume.

Intra-physical volume allocation policy
Ex
The intra-disk allocation policy choices, are based on the five regions of a disk where
physical partitions can be located. The closer a given physical partition is to the center
of a physical volume, the lower the average seek time is because the center has the
shortest average seek distance from any other part of the disk. The file system log is a
pr
good candidate for allocation at the center of a physical volume, because it is so

frequently used by the operating system. At the other extreme, the boot logical volume
is used infrequently, and is therefore allocated at the edge or middle of the physical
volume. The general rule is that the more I/Os, either absolutely or during the running of
an important application, the closer to the center of the physical volumes the physical
partitions of the logical volume need to be allocated.
V8.2
Student Notebook
Uempty Inter-physical volume allocation policy

If the minimum inter-disk setting is selected, the physical partitions assigned to the
logical volume are located on a single disk to enhance availability. If you select the
maximum inter-disk setting (range = maximum), the physical partitions are located on
multiple disks to enhance performance.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Mirroring scheduling policy

IBM Power Systems
• Scheduling policies when mirroring:
.I. n
– Parallel (default)
• Write operations on different physical partitions start at the same time.
.T ció
• When the longest write finishes, the write operation is complete.
• Improves performance (especially RAID-Performance)
.
– Parallel write/sequential read
C
> Primary copy is read first, I f unsuccessful, the next copy is used.
.F a
– Parallel write/round robin read
> Round-robin reads alternate disks between copies.
C rm
– Sequential
• Second physical write operation is not started unless the first operation has
completed successfully.
to fo
• In case of a total disk failure, there is always a “good copy”.
• Increased availability, but decreases performance
ec vo

Figure 8-22. Mirroring scheduling policy AN123.0
Notes:
oy si
Scheduling policies
u
The scheduling policy determines how reads and writes are conducted to a mirrored
logical volume. LVM offers several scheduling policies for mirrored volumes to control
cl
how data is written and read from the copies.

Sequential write
Ex
Sequential mirroring writes to multiple copies or mirrors in order. The multiple physical
partitions representing the mirrored copies of a single logical partition are designated
primary, secondary, and tertiary. In sequential scheduling, the physical partitions are
written to in sequence. The system waits for the write operation for one physical
pr
partition to complete, before starting the write operation for the next one. When all write
operations have been completed for all mirrors, the write operation is complete.
Parallel write
V8.2
Student Notebook
Uempty Parallel mirroring simultaneously starts the write operation for all the physical partitions
in a logical partition. When the write operation to the physical partition that takes the
longest to complete finishes, the write operation is completed.
Sequential read
When a sequential read is specified, the primary copy of the read is always read first. If
that read operation is unsuccessful, the next copy is read. During the read retry
operation on the next copy, the failed primary copy is corrected by LVM with a hardware
.I. n
relocation. This patches the bad block for future access.
.T ció
Parallel read
On each read, the system checks whether the primary is busy. If it is not busy, the read
is initiated on the primary. If the primary is busy, the system checks the secondary, and
.
then the tertiary. If those are also busy, the read is initiated in the copy with the least
C
.F a
number of outstanding I/Os.
Round-robin read
C rm
Round-robin reads alternate between copies. This results in equal utilization for reads,
even when there is more than one I/O outstanding.
Which is right for me?
to fo
Each of the scheduling policies provide benefits, as well as drawbacks. When deciding
on a method of mirroring, you need to take into consideration how critical the data is,
and performance. The trade off is performance, versus availability. In general, a
mirrored logical volume is slower than an unmirrored logical volume, because you have
ec vo
to write the data in two or three places. The exception can be a mirrored LV in a
high-read environment. If your application does mostly reads, and you are using parallel
or parallel/round robin scheduling, reads may complete faster because the I/Os are
oy si
spread across multiple disks, which can occur simultaneously if the disks are on
separate controllers. One of the parallel scheduling policies usually provides the best
performance in a write intensive environment, because writes can proceed in parallel.
u
However, there is some additional overhead, and mirrored logical volumes are usually
slower than comparable unmirrored logical volumes in a write intensive environment.
cl
Sequential scheduling provides the worst performance, but provides the best chance of
recovering data in the event of a system crash in the middle of a write operation.
Ex
Sequential scheduling makes it more likely that you have at least one good copy, the
primary copy, of a logical partition after a crash.
Synchronization
When turning on mirroring for an existing logical volume, the copies have to be
pr
synchronized so the new copy contains a perfect image of the existing copy, at that
point in time. This can be done by using the -k option on the mklvcopy command at the
time mirroring is turned on, or with the syncvg command at a later time. Until the copies
are synchronized, the new copy is marked stale.
Student Notebook
Mirror write consistency

IBM Power Systems
• Problem: If the system crashes before the write to all mirrors

is complete, the mirrors are in an inconsistent state, and the
system must distinguish between the old copy and the new
.I. n
copy.
.T ció
• Solution: Mirror write consistency
.
– Ensures PPs are consistent after reboot
C
– Three modes: off, active, and passive
.F a
– Active (default)
C rm
• Uses a cache on disk
• The physical write operation proceeds when the cache has been updated.
– Passive. (Big VGs only)
to fo
• Logging of LV updates, but does not log writes
• If the system crashes on reboot, a forced synchronization of the LVs takes
place.
ec vo

Figure 8-23. Mirror write consistency AN123.0
Notes:
oy si
The LVM always ensures data consistency among mirrored copies of a logical volume
during normal I/O processing.
u
For every write to a logical volume, the LVM generates a write request for every mirror
cl
copy. A problem arises if the system crashes in the middle of processing a mirrored write,
and before all copies are written. If mirror write consistency recovery is requested for a
logical volume, the LVM keeps additional information to allow recovery of these
Ex
inconsistent mirrors. Mirror write consistency recovery should be performed for most
mirrored logical volumes. Logical volumes, such as the page space that do not use the
existing data when the volume group is re-varied on, do not need this protection.
pr
The Mirror Write Consistency (MWC) record consists of one sector. It identifies which
logical partitions may be inconsistent if the system is not shut down correctly. When the
volume group is varied back online, this information is used to make the logical partitions
consistent again. Note: With Mirror Write Consistency LVs, because the MWC control
sector is on the edge of the disk, performance may be improved if the mirrored logical
volume is also on the edge.
V8.2
Student Notebook
Uempty Beginning in AIX 5L, a mirror write consistency option called Passive Mirror Write
Consistency is available. The default mechanism for ensuring mirror write consistency is
Active MWC. Active MWC provides fast recovery at reboot time after a crash has occurred.
However, this benefit comes at the expense of write performance degradation, particularly
in the case of random writes. Disabling Active MWC eliminates this write-performance
penalty, but upon reboot after a crash, you must use the syncvg -f command to manually
synchronize the entire volume group, before users can access the volume group. To
.I. n
achieve this, automatic vary-on of volume groups must be disabled.
Enabling Passive MWC not only eliminates the write-performance penalty associated with
.T ció
Active MWC, but logical volumes will be automatically resynchronized as the partitions are
being accessed. This means that the administrator does not have to synchronize logical
volumes manually or disable automatic vary-on. The disadvantage of Passive MWC is that
.
slower read operations may occur, until all the partitions have been resynchronized.
C
.F a
You can select either mirror write consistency option within SMIT, when creating or
changing a logical volume. The selection option takes effect only when the logical volume
C rm
is mirrored (copies > 1).
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
SMIT Logical Volumes menu

IBM Power Systems
# smit lv
.I. n
Logical
Logical Volumes
Volumes
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Logical
Logical Volumes
Volumes byby Volume
Volume Group
Group
Add a Logical Volume
.
Set
Set Characteristic
Characteristic of
of aa Logical
Logical Volume
Volume
C
Show
Show Characteristics
Characteristics of
of aa Logical
Logical Volume
.F a
Volume
Remove
Remove aa Logical
Logical Volume
Volume
Copy
Copy aa Logical
Logical Volume
Volume
C rm
to fo
ec vo

Figure 8-24. SMIT Logical Volumes menu AN123.0
Notes:
oy si
This is the top-level SMIT menu for logical volumes. The next few pages discuss these
items.
u
cl
Ex
pr
V8.2
Student Notebook
Uempty

IBM Power Systems
mklv –y datalv –t jfs2 –c 2 \
# smit mklv datavg 10 hdisk2 hdisk3
Add
Add aa Logical
Logical Volume
Volume
.I. n
[Entry
[Entry Fields]
Fields]
Logical
Logical volume
volume NAME
NAME [datalv]
[datalv]
** VOLUME
VOLUME GROUP
GROUP name
name datavg
datavg
** Number
Number of LOGICAL PARTITIONS
of LOGICAL [100] ##
.T ció
PARTITIONS [100]
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk2
[hdisk2 hdisk3]
hdisk3] ++
Logical volume TYPE
Logical volume TYPE [jfs2]
[jfs2] ++
POSITION
POSITION onon physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER of PHYSICAL VOLUMES
NUMBER of PHYSICAL VOLUMES []
[] ##
.
to
to use
use for
for allocation
allocation
Number of COPIES of each logical
Number of COPIES of each logical 22 ++
C
partition
partition
.F a
Mirror
Mirror Write
Write Consistency?
Consistency? active
active ++
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on a SEPARATE physical
a SEPARATE physical volume?
volume?
RELOCATE the logical volume
RELOCATE the logical volume duringduring yes
yes ++
C rm
reorganization?
reorganization?
Logical
Logical volume
volume LABEL
LABEL []
[]
MAXIMUM
MAXIMUM NUMBER
NUMBER ofof LOGICAL
LOGICAL PARTITIONS
PARTITIONS [512]
[512] ##
Enable
Enable BAD BLOCK relocation?
BAD BLOCK relocation? yes
yes ++
SCHEDULING POLICY for writing/reading
SCHEDULING POLICY for writing/reading parallel
parallel ++
logical
logical partition
partition copies
copies
Enable
Enable WRITE
WRITE VERIFY?
VERIFY? no
no ++
File
File containing ALLOCATION MAP
containing ALLOCATION []
to fo
MAP []
Stripe
Stripe Size?
Size? [Not
[Not Striped]
Striped] ++
Serialize IO?
Serialize IO? no
no ++
Mirror
Mirror Pool
Pool for
for First
First Copy
Copy ++
Mirror
Mirror Pool
Pool for
for Second
Second Copy
Copy ++
Mirror Pool for Third
Mirror Pool for Third Copy Copy ++
Infinite Retry Option
Infinite Retry Option no
no ++
ec vo

Figure 8-25. Add a Logical Volume AN123.0
Notes:
oy si
The mklv command creates a logical volume. The name of the logical volume can be
specified or a system-generated name is used. The volume group the logical volume
u
belongs to, and the size (in logical partitions, must be specified. Other characteristics that
can be set are, the allocation policy, copies (mirroring), scheduling policy, and striping.
cl
Ex
pr
Student Notebook
Show LV characteristics (1 of 2)
IBM Power Systems
## lslv
lslv datalv
datalv
LOGICAL
LOGICAL VOLUME:
VOLUME: datalv
datalv VOLUME
VOLUME GROUP:
GROUP: datavg
datavg
LV
LV IDENTIFIER:
IDENTIFIER: 00cf2e7f00004c000000011d68130bea.1
00cf2e7f00004c000000011d68130bea.1
PERMISSION:
PERMISSION: read/write
read/write
.I. n
VG
VG STATE:
STATE: active/complete
active/complete LV
LV STATE:
STATE: closed/syncd
closed/syncd
TYPE:
TYPE: jfs2
jfs2 WRITE
WRITE VERIFY:
VERIFY: off
off
MAX
MAX LPs:
LPs: 512
512 PP
PP SIZE:
SIZE: 44 megabyte(s)
megabyte(s)
.T ció
COPIES:
COPIES: 22 SCHED
SCHED POLICY:
POLICY: parallel
parallel
LPs:
LPs: 10
10 PPs:
PPs: 20
20
STALE
STALE PPs:
PPs: 00 BB
BB POLICY:
POLICY: relocatable
relocatable
INTER-POLICY:
INTER-POLICY: minimum
minimum RELOCATABLE:
RELOCATABLE: yes
yes
INTRA-POLICY:
INTRA-POLICY: middle
middle UPPER
UPPER BOUND:
BOUND: 11
.
MOUNT
MOUNT POINT:
POINT: N/A
N/A LABEL:
LABEL: None
None
C
MIRROR
MIRROR WRITE
WRITE CONSISTENCY:
CONSISTENCY: on/ACTIVE
on/ACTIVE
.F a
EACH
EACH LPLP COPY
COPY ON
ON AA SEPARATE
SEPARATE PV
PV ?:
?: yes
yes (superstrict)
(superstrict)
Serialize
Serialize IO IO ?:
?: NO
NO
INFINITE
INFINITE RETRY:
RETRY: no
no
DEVICESUBTYPE: DS_LVZ
C rm
DEVICESUBTYPE: DS_LVZ
COPY
COPY 11 MIRROR
MIRROR POOL:
POOL: None
None
COPY
COPY 22 MIRROR
MIRROR POOL:
POOL: None
None
COPY
COPY 33 MIRROR
MIRROR POOL:
POOL: None
None
## lslv
lslv -l
-l datalv
datalv
to fo
datalv:N/A
datalv:N/A
PV
PV COPIES
COPIES IN
IN BAND
BAND DISTRIBUTION
DISTRIBUTION
hdisk2
hdisk2 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
hdisk3
hdisk3 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
ec vo

Figure 8-26. Show LV characteristics (1 of 2) AN123.0
Notes:
oy si
To list the characteristics of a logical volume use the command: lslv

u
<logicalvolume_name>
The –l flag lists the following fields for each physical volume in the logical volume:
• PV: Physical volume name.
cl
• Copies:
- The number of LPARs containing at least one physical partition (no copies) on the
Ex
PV
- The number of LPARs containing at least two physical partitions (one copy) on the
PV
- The number of LPARs containing three physical partitions (two copies) on the PV
pr
• In band: The percentage of physical partitions on the physical volume that belong to the
logical volume, and were allocated within the physical volume region specified by
Intra-physical allocation policy
• Distribution: The number of physical partitions allocated within each section of the PV:
outer edge, outer middle, center, inner middle, and inner edge of the PV.
V8.2
Student Notebook
Uempty
Show LV characteristics (2 of 2)
IBM Power Systems
• Show LP to PP relationship on disks

## lslv
lslv -m
-m datalv
datalv
.I. n
datalv:N/A
datalv:N/A
LP
LP PP1
PP1 PV1
PV1 PP2
PP2 PV2
PV2 PP3
PP3 PV3
PV3
.T ció
0001
0001 0104 hdisk2
0104 hdisk2 0104
0104 hdisk3
hdisk3
0002
0002 0105
0105 hdisk2
hdisk2 0105
0105 hdisk3
hdisk3
0003
0003 0106
0106 hdisk2
hdisk2 0106
0106 hdisk3
hdisk3
0004
0004 0107
0107 hdisk2 0107 hdisk3
.
hdisk2 0107 hdisk3
0005
0005 0108
0108 hdisk2
hdisk2 0108
0108 hdisk3
hdisk3
C
0006
0006 0109
0109 hdisk2 0109 hdisk3
.F a
hdisk2 0109 hdisk3
0007
0007 0110
0110 hdisk2
hdisk2 0110
0110 hdisk3
hdisk3
0008
0008 0111
0111 hdisk2
hdisk2 0111
0111 hdisk3
hdisk3
C rm
0009 0112 hdisk2
0009 0112 hdisk2 0112
0112 hdisk3
hdisk3
0010
0010 0113
to fo 0113 hdisk2
hdisk2 0113
0113 hdisk3
hdisk3
ec vo

Figure 8-27. Show LV characteristics (2 of 2) AN123.0
Notes:
oy si
The lslv –m flag shows the LP to PP relationship. The example in the visual, shows LP
number 1 for datalv, is mapped to physical partition number 104 on hdisk2, and is also
u
mirrored to the same physical partition number on hdisk3.

cl
Ex
pr
Student Notebook
Reorganize logical volumes in a volume group

IBM Power Systems
• reorgvg moves physical partition allocations for logical

volumes to more closely match the policies of those LVs.
.I. n
hdisk3 hdisk4
datavg
.T ció
1 2 3 4
empty
5 6 7 8
.
C
.F a
• # chlv –e x mylv (set to maximum number of disks)
C rm
• # reorgvg datavg mylv
hdisk3 hdisk4
datavg
to fo
1 3 5 7 2 4 6 8
ec vo

Figure 8-28. Reorganize logical volumes in a volume group AN123.0
Notes:
oy si
Reorganizing a volume group

u
If the intra-physical volume allocation policy (location on disk: center, middle, edge, inner
edge, and inner middle) is changed after the logical volume is created, the physical
cl
partition does not relocate automatically. The reorgvg command is used to redistribute the
physical partitions of the logical volumes of a volume group according to their preferred
allocation policies. This should improve disk performance. Preference is given in the order
Ex
listed on the command line.

reorgvg syntax
The syntax is: reorgvg Volumegroup [LogicalVolume]
pr
For example: reorgvg rootvg hd4 hd5

Using SMIT, no other arguments can be supplied. The entire volume group is reorganized.
V8.2
Student Notebook
Uempty
Add Copies to a Logical Volume

IBM Power Systems
# smit mklvcopy mklvcopy -k datalv 3 hdisk4
.I. n
Add
Add Copies
Copies to
to aa Logical
Logical Volume
Volume
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
** NEW
NEW TOTAL
TOTAL number
number of
of logical
logical partition 33 ++
C
partition
.F a
copies
copies
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk4]
[hdisk4] ++
POSITION
POSITION on
on physical
physical volume
volume middle
middle ++
C rm
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER
NUMBER of
of PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
to
to use
use for
for allocation
allocation
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on aa SEPARATE
SEPARATE physical
physical volume?
volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]
to fo
SYNCHRONIZE
SYNCHRONIZE the
the data
data in
in the
the new
new yes
yes ++
logical
logical partition
partition copies?
copies?
Mirror
Mirror Pool
Pool for
for First
First Copy
Copy []
[] ++
Mirror
Mirror Pool
Pool for
for Second
Second Copy
Copy []
[] ++
Mirror
Mirror Pool
Pool for
for Third
Third Copy
Copy []
[] ++
ec vo

Figure 8-29. Add Copies to a Logical Volume AN123.0
Notes:
oy si
Adding a copy of a logical volume

The mklvcopy command is used to add up to three copies to a logical volume. Specify
u
the logical volume to change and the total number of copies wanted. This only
succeeds if there are enough physical partitions to satisfy the requirements on the
cl
physical volumes that are specified to be used. That is, if all copies are to be on
different physical volumes. Once a logical volume has been created, striping cannot be
Ex
imposed or removed.
Synchronizing a mirrored logical volume
Also, in order for the copies to match, the logical volume has to be synchronized using
the syncvg command. This can be done with the -k option when the copy is originally
pr
started. It can be done later, using the syncvg command.

Removing a copy of a logical volume
The rmlvcopy command is used to reduce the total number of copies for a logical
volume. Specify the total number wanted. For example, two if you are reducing the
number of copies from three to two. The rmlvcopy command allows you to specify
which disk to remove the copy from.
Student Notebook
Increase the Size of a Logical Volume

IBM Power Systems
# smit extendlv extendlv datalv 20
.I. n
Increase
Increase the
the Size
Size of
of aa Logical
Logical Volume
Volume
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
C
** Number
Number of
of ADDITIONAL
ADDITIONAL logical
logical partitions
partitions [20]
[20] ##
.F a
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names []
[] ++
POSITION
POSITION on
on physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
C rm
MAXIMUM
MAXIMUM NUMBER
NUMBER of
of PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
to use for allocation
to use for allocation
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on aa SEPARATE
SEPARATE physical
physical volume?
volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]
to fo
ec vo

Figure 8-30. Increase the Size of a Logical Volume AN123.0
Notes:
oy si
The extendlv command increases the number of logical partitions allocated to the
LogicalVolume, by allocating the number of additional logical partitions represented by the
u
Partitions parameter. The LogicalVolume parameter can be a logical volume name or a

logical volume ID. To limit the allocation to specific physical volumes, use the names of one
cl
or more physical volumes in the PhysicalVolume parameter. Otherwise, all the physical
volumes in a volume group are available for allocating new physical partitions.
Ex
The default maximum number of partitions for a logical volume is 512. Before extending a
logical volume to more than 512 logical partitions, use the chlv command to increase the
default value.
pr
The default allocation policy is to use a minimum number of physical volumes per logical
volume copy, to place the physical partitions belonging to a copy as contiguously as
possible, and then to place the physical partitions in the requested region specified by the
-a flag. Also by default, each copy of a logical partition is placed on a separate physical
volume.
V8.2
Student Notebook
Uempty
Remove a Logical Volume

IBM Power Systems
# smit rmlv rmlv –f datalv2
.I. n
Remove
Remove aa Logical
Logical Volume
Volume
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
LOGICAL
LOGICAL VOLUME
VOLUME name
name [datalv2]
[datalv2] ++
C
.F a
C rm
to fo
ec vo

Figure 8-31. Remove a Logical Volume AN123.0
Notes:
oy si
The rmlv command removes logical volumes, and in the process, destroys all data.
u
The LogicalVolume parameter can be a logical volume name or logical volume ID. The
logical volume first must be closed. If the volume group is varied on in concurrent mode,
cl
the logical volume must be closed on all the concurrent nodes on which the volume group
is varied on. For example, if the logical volume contains a file system, it must be
unmounted. However, removing the logical volume does not notify the operating system
Ex
that the file system residing on it has been destroyed.

pr
Student Notebook
List all logical volumes by volume group

IBM Power Systems
## lsvg
lsvg -o
-o || lsvg
lsvg -i
-i –l
–l
.I. n
datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
.T ció
datalv
datalv jfs2
jfs2 30
30 90
90 33 closed/syncd
closed/syncd N/A
N/A
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
closed/syncd N/A
N/A
.
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
C
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
.F a
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
open/syncd /var
/var
C rm
hd3
hd3 jfs
open/syncd /tmp
/tmp
hd1
hd1 jfs
open/syncd /home
/home
hd10opt
hd10opt jfs
open/syncd /opt
/opt
loglv00
loglv00 jfs2log
jfs2log 11 11 11 closed/syncd
closed/syncd N/A
N/A
hd11admin
hd11admin jfs
open/syncd /admin
/admin
fslv00 jfs2 22 22 11 closed/syncd /db2
to fo
fslv00 jfs2 closed/syncd /db2
ec vo

Figure 8-32. List all logical volumes by volume group AN123.0
Notes:
oy si
From the smit lv fastpath, the List all Logical Volumes by Volume Group option uses lsvg
-o to find out the active volume groups, and then lsvg -il to list the logical volumes within
u
them. The -i option of lsvg reads the list of volume groups from standard input.
cl
Ex
pr
V8.2
Student Notebook
Uempty
Mirroring volume groups

IBM Power Systems
• Mirroring rootvg is very important.

# smit mirrorvg mirrorvg rootvg hdisk1
.I. n
Mirror Can be used
Mirror aa Volume
Volume Group
Group
to mirror
any VG
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
all desired
desired changes.
changes.
[Entry
[Entry Fields]
.
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name rootvg
rootvg
C
Mirror
Mirror sync
sync mode [Foreground] ++
.F a
mode [Foreground]
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk1]
[hdisk1] ++
Number
Number of
of COPIES
COPIES of
of each
each logical
logical 22 ++
C rm
partition
partition
Keep
Keep Quorum
Quorum Checking
Checking On?
On? no
no ++
Create Exact LV Mapping?
Create Exact LV Mapping? no
no ++
## bosboot
bosboot -a
-a -d
-d /dev/hdisk1
/dev/hdisk1
to fo
Additional
## bootlist
bootlist -m
-m normal
normal hdisk0
hdisk0 hdisk1
hdisk1 steps
required for
## shutdown rootvg
shutdown –Fr
–Fr (not
(not required
required with
with AIX6
AIX6 and
and later)
later)
ec vo

Figure 8-33. Mirroring volume groups AN123.0
Notes:
oy si
The mirrorvg command takes all the logical volumes on a given volume group and mirrors
those logical volumes. This same functionality may also be accomplished manually if you
u
execute the mklvcopy command for each individual logical volume in a volume group. As
with mklvcopy, the target physical drives to be mirrored with data, must already be
cl
members of the volume group.

When mirrorvg is executed, the default behavior of the command requires that the
Ex
synchronization of the mirrors must complete before the command returns to the user. If
you wish to avoid the delay, use the –S (background Sync) or -s (disable sync) option. The
default value of two copies is always used.
If there are only two disks in the volume group to be mirrored, Keep Quorum Checking On
pr
should be set to no. Otherwise, if a disk fails, the entire volume group would go offline.
Protecting rootvg on AIX from disk failure is important. Mirroring the data is one way to
achieve this. When mirroring rootvg there are additional steps to perform:
• Create a boot image on the mirrored disk, using bosboot command.
• Add the newly mirrored disk to the bootlist.
• Shut down and reboot the system.
Student Notebook
Physical volumes
IBM Power Systems
PV1 Volume group PV2
.I. n
1 1 4
4
2 2 3
7 3 7 10
10
.T ció
8 8 9
9 13 16
13 16
14 14 15
19 15 19 22
22 20 21
20 21 25
25 28 28
26 27
.
26 27 31
31 34 34
32 32 33
33
C
35 35 38
38 36
.F a
36 37 41 37
41 44 44
42 42 43
43 47 50
47 50
48 49 48 49
C rm
Physical partitions
• Physical volume (PV)
to fo
– Hard disk, a virtual disk or a LUN
• Physical partition (PP)
– Smallest assignable unit of allocation on a physical disk
ec vo

Figure 8-34. Physical volumes AN123.0
Notes:
oy si
A physical partition is a fixed size, contiguous set of bytes, on a physical volume (PV).
u
Physical partitions (PP) must be the same size across an entire volume group. However,
there may be multiple volume groups on a single system, each with a different PP size.
cl
The limitations for each type of volume group (original, big, and scalable) such as the
number of physical volumes and size of the physical partitions, was given in the last unit,
Ex
System Storage Overview.

pr
V8.2
Student Notebook
Uempty
SMIT Physical Volumes menu

IBM Power Systems
# smit pv
.I. n
Physical
Physical Volumes
Volumes
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Physical
Physical Volumes
Volumes in
in System
System
Add a Disk
.
Add a Disk
Change
Change Characteristics
Characteristics of
of aa Physical
Physical Volume
Volume
C
List
List Contents
Contents of
of aa Physical
Physical Volume
.F a
Volume
Move
Move Contents
Contents of
of aa Physical
Physical Volume
Volume
C rm
to fo
ec vo

Figure 8-35. SMIT Physical Volumes menu AN123.0
Notes:
oy si
This is the top-level menu for physical volume. Each of these items is discussed in the
following pages.
u
cl
Ex
pr
Student Notebook
List physical volume information

IBM Power Systems
• List all physical volumes in the system.

## lspv
lspv
hdisk0
hdisk0 00cf2e7ff02c5fc4
00cf2e7ff02c5fc4 rootvg
rootvg active
active
.I. n
hdisk1
hdisk1 00cf2e7f713ca357
00cf2e7f713ca357 None
None
hdisk2
hdisk2 00cf2e7fea693331
00cf2e7fea693331 datavg
datavg active
active
.T ció
hdisk3
hdisk3 00cf2e7fea6a26e0
00cf2e7fea6a26e0 datavg
datavg active
active
hdisk4
hdisk4 00cf2e7fea6a318
00cf2e7fea6a318 datavg
datavg active
active
• List the attributes of a PV.
.
C
## lspv
lspv hdisk3
hdisk3
.F a
PHYSICAL
PHYSICAL VOLUME:
VOLUME: hdisk3
hdisk3 VOLUME
VOLUME GROUP:
GROUP: datavg
datavg
PV
PV IDENTIFIER:
IDENTIFIER: 00cf2e7fea6a26e0
00cf2e7fea6a26e0
VG
VG IDENTIFIER 00cf2e7f00004c000000011d68130bea
C rm
IDENTIFIER 00cf2e7f00004c000000011d68130bea
PV
PV STATE:
STATE: active
active
STALE
STALE PARTITIONS:
PARTITIONS: 00 ALLOCATABLE:
ALLOCATABLE: yes
yes
PP
PP SIZE:
SIZE: 44 megabyte(s)
megabyte(s) LOGICAL
LOGICAL VOLUMES:
VOLUMES: 11
TOTAL
TOTAL PPs:
PPs: 511
511 (2044
(2044 megabytes)
megabytes) VG
VG DESCRIPTORS:
DESCRIPTORS: 11
FREE
FREE PPs:
PPs: 481
481 (1924
(1924 megabytes)
megabytes) HOT
HOT SPARE:
SPARE: no
no
to fo
USED
USED PPs:
PPs: 30
30 (120
(120 megabytes)
megabytes) MAX
MAX REQUEST:
REQUEST: 256K
256K
FREE
FREE DISTRIBUTION:
DISTRIBUTION: 103..72..102..102..102
103..72..102..102..102
USED
USED DISTRIBUTION:
DISTRIBUTION: 00..30..00..00..00
00..30..00..00..00
MIRROR
MIRROR POOL:
POOL: None
None
ec vo

Figure 8-36. List physical volume information AN123.0
Notes:
oy si
From the smit pv fastpath, the List all Physical Volumes in System option uses the
undocumented command lspv | /usr/bin/awk {print$1}'' list the physical volumes in
u
the system.
cl
The lspv command with no parameters can be used to list the physical volume name,
physical volume identifier, and volume group for all physical volumes in the system.
Ex
The lspv pvname command gives status information about the physical volume. The most
useful information here is:
• State (active or inactive)
• Number of physical partition copies that are stale (are not up to date with other copies)
pr
• Total number of physical partitions

• Number of free physical partitions
• Distribution of free space on the physical volume
V8.2
Student Notebook
Uempty
List logical volumes on a physical volume

IBM Power Systems
## lspv
lspv -l-l hdisk0
hdisk0
hdisk0:
hdisk0:
.I. n
LV
LV NAME
NAME LPs
LPs PPs
PPs DISTRIBUTION
DISTRIBUTION MOUNT
MOUNT POINT
POINT
hd2
hd2 35
35 35
35 00..00..03..20..12
00..00..03..20..12 /usr
/usr
.T ció
hd9var
hd9var 55 55 00..05..00..00..00
00..05..00..00..00 /var
/var
hd8
hd8 11 11 00..00..01..00..00
00..00..01..00..00 N/A
N/A
hd4
hd4 15
15 15
15 00..00..15..00..00
00..00..15..00..00 //
hd5 11 11 01..00..00..00..00 N/A
.
hd5 01..00..00..00..00 N/A
hd6
hd6 88 88 00..08..00..00..00
00..08..00..00..00 N/A
N/A
C
hd10opt 44 44 04..00..00..00..00 /opt
.F a
hd10opt 04..00..00..00..00 /opt
hd3
hd3 33 33 00..03..00..00..00
00..03..00..00..00 /tmp
/tmp
hd1
hd1 11 11 00..01..00..00..00
00..01..00..00..00 /home
/home
C rm
hd11admin
hd11admin 22 22 00..02..00..00..00
00..02..00..00..00 /admin
/admin
fslv00
fslv00 22 22 02..00..00..00..00
02..00..00..00..00 /db2
/db2
loglv00
loglv00 11 11 00..01..00..00..00
00..01..00..00..00 N/A
N/A
to fo
ec vo

Figure 8-37. List logical volumes on a physical volume AN123.0
Notes:
oy si
The lspv -l pvname command lists all the logical volumes on a physical volume including
the number of logical partitions, physical partitions, and distributions on the disk.
u
cl
Ex
pr
Student Notebook
List a physical volume partition map

IBM Power Systems
## lspv
lspv -p
-p hdisk0
hdisk0
hdisk0:
hdisk0:
.I. n
PP
PP RANGE
RANGE STATE
STATE REGION
REGION LV
LV NAME
NAME TYPE
TYPE MOUNT
MOUNT
POINT
POINT
1-1
1-1 used
used outer
outer edge
edge hd5
hd5 boot
boot N/A
N/A
.T ció
2-14
2-14 free
free outer
outer edge
edge
15-16
15-16 used
used outer
outer edge
edge fslv00
fslv00 jfs2
jfs2 /db2
/db2
17-20
17-20 used
used outer
outer edge
edge hd10opt
hd10opt jfs2
jfs2 /opt
/opt
.
21-28
21-28 used
used outer
outer middle
middle hd6
hd6 paging
paging N/A
N/A
C
29-29
29-29 used
used outer
outer middle
middle loglv00
loglv00 jfs2log
jfs2log N/A
N/A
.F a
30-31
30-31 used
used outer
outer middle
middle hd11admin
hd11admin jfs2
jfs2 /admin
/admin
32-32
32-32 used
used outer
outer middle
middle hd1
hd1 jfs2
jfs2 /home
/home
33-35 used outer
outer middle hd3 jfs2 /tmp
C rm
33-35 used middle hd3 jfs2 /tmp
36-40
36-40 used
used outer middle
outer middle hd9var
hd9var jfs2
jfs2 /var
/var
41-41
41-41 used
used center
center hd8
hd8 jfslog
jfslog N/A
N/A
42-56
42-56 used
used center
center hd4
hd4 jfs2
jfs2 //
57-59
57-59 used
used center
center hd2
hd2 jfs2
jfs2 /usr
/usr
60-79 used inner
inner middle hd2 jfs2 /usr
to fo
60-79 used middle hd2 jfs2 /usr
80-91
80-91 used
used inner
inner edge
edge hd2
hd2 jfs2
jfs2 /usr
/usr
92-99
92-99 free
free inner
inner edge
edge
ec vo

Figure 8-38. List a physical volume partition map AN123.0
Notes:
oy si
The lspv -p pvname command lists all the logical volumes on a disk, and the physical
partitions to which its logical partitions are mapped. It is listed in physical partition order and
u
shows what partitions are free and which are used, as well as the location; that is, center,
outer middle, outer edge, inner edge, and inner middle.
cl
Ex
pr
V8.2
Student Notebook
Uempty
Add or move contents of physical volumes

IBM Power Systems
• Today, virtually all disks are configured to AIX through

configuration manager (cfgmgr).
.I. n
• Move the contents of a physical volume:
.T ció
.
migratepv [ -l lvname ] sourcePV targetPV ..
C
.F a
## migratepv
migratepv -l
-l lv02
lv02 hdisk0
hdisk0 hdisk6
hdisk6
C rm
to fo
ec vo

Figure 8-39. Add or move contents of physical volumes AN123.0
Notes:
oy si
Although there is an option in SMIT to add a physical volume to the system SMIT >
Devices > Add a Disk, in reality the use of this function is not required. Today, virtually all
u
disks can be configured to AIX using the configuration manager (cfgmgr).

cl
Preparation to remove a physical device

The migratepv command can be used to move all partitions, or partitions from a
Ex
selected logical volume, from one physical volume, to one or more other physical
volumes in the same volume group. This would be used if the physical volume is about
to be taken out of service and removed from the machine or to balance disk usage.
pr
Student Notebook
Documenting the disk storage setup

IBM Power Systems
• List the volume groups:

# lsvg
.I. n
• List the disks on the system (PVID and volume
.T ció
group):
# lspv
.
C
.F a
• List which logical volumes are contained in each
C rm
volume group:
# lsvg -l vgname
to fo
• List the logical volumes on each disk:
# lspv -l pvname
ec vo

Figure 8-40. Documenting the disk storage setup AN123.0
Notes:
oy si
It is important to have your storage information readily available in case you have a
problem with your system, or in the very worst case, a system crashes. The commands in
u
the visual help you to get this information.

cl
Ex
pr
V8.2
Student Notebook
Uempty
Checkpoint
IBM Power Systems
1. True or False: A logical volume can span more than one physical
volume.
.I. n
2. True or False: A logical volume can span more than one volume
.T ció
group.
.
3. True or False: The contents of a physical volume can be divided
C
between two volume groups.
.F a
C rm
4. True or False: If mirroring logical volumes, it is not necessary to
perform a backup.
to fo
5. True or False: Striping can be combined with mirroring to provide
increased performance and availability.
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Exercise
IBM Power Systems
.I. n
Working with LVM
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Unit summary
IBM Power Systems
.I. n
.T ció
– Volume groups
.
C
– Logical volumes
.F a
C rm
– Mirroring
– Striping
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 9. File systems administration

This unit covers important concepts and procedures related to AIX file
systems.
.I. n
.T ció
.
• Identify the components of an AIX file system
C
.F a
• Work with enhanced journaled file systems
- Add, list, change, and delete
C rm
• Monitor file system disk space usage
• Manage file system growth and control growing files
• Implement basic file system integrity checks
to fo
ec vo
oy si
References
Online AIX Version 7.1 Operating system and device
u
management
cl
AIX Version 7.1 File Reference

Ex

pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
– Add, list, change, and delete
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Journaled file system support in AIX

IBM Power Systems
• Two types are supported:

– Journaled file system (JFS)
.I. n
– Enhanced JFS, commonly referred to as JFS2
• JFS is the original AIX file system.
.T ció
• Enhanced JFS JFS2) was introduced in AIX 5.1 and is now
.
the default file system (since AIX 5.3).
C
.F a
• Journaling:
– Before writing actual data, a journaling file system logs the metadata to
C rm
a circular JFS log on disk.
– In the event of an OS crash, journaling restores consistency by
processing the information in the JFS log file.
to fo
• There is no easy migration path from JFS to JFS2.
– Conversion can only be achieved through backup and restore.
ec vo

Figure 9-2. Journaled file system support in AIX AN123.0
Notes:
oy si
Journaled file systems (JFS)

u
JFS was developed for transaction-oriented, high performance Power Systems. JFS is
both salable and robust. One of the key features of the file system is logging. JFS is a
cl
recoverable file system, which ensures that if the system fails during power outage, or
system crash, no file system transactions will be left in an inconsistent state.
Ex
Migration
JFS file systems can co-exist on the same system with JFS2 file systems. However, to fully
utilize the JFS2 features, the following steps are necessary:
1. Back up JFS file system data.
pr
2. Create new JFS2 file systems.

3. Restore JFS file system data to new JFS2 file systems.
Student Notebook
Advantages of enhanced JFS

IBM Power Systems
• Increased performance
• Increased flexibility
.I. n
– File systems can be dynamically increased and decreased.
.T ció
– Support for larger enabled file systems
– Internal or external JFS logging
.
– Data encryption
C
– Support for snapshots
.F a
C rm
to fo
ec vo

Figure 9-3. Advantages of enhanced JFS AN123.0
Notes:
oy si
JFS2 is the default file system type on AIX, since version 5.3. JFS2 provides increased
performance and flexibility when compared to its predecessor, JFS.
u
JFS file systems:

cl
• Cannot be dynamically decreased

• Can only support large files, greater than 2GB, if created in a special large enabled
Ex
filesystem
- Individual file size can be up to 64GB with JFS as opposed to 16TB with JFS2
• Only support external JFS logging
pr
• Have no support for data encryption or snapshots. A snapshot is a point-in-time image,

like a photograph, of a JFS2 file system
V8.2
Student Notebook
Uempty
JFS2 structural components

IBM Power Systems
• Superblock
– The superblock maintains information about the entire file system.
• i-nodes
.I. n
– Each file has an i-node that contains access information, such as file type,
.T ció
access permissions, owner's ID, and the number of links to that file.
• Data blocks
.
– Data blocks contain file data.
C
– Each file system has a user settable fixed block size attribute.
.F a
• 512, 1024, 2048, or 4096 bytes
• Allocation maps
C rm
– Allocation maps record the location and allocation of all i-nodes and the
allocation state of each data block.
• Allocation groups
to fo
– Allocation groups are responsible for dividing the file system space into
chunks so that related data blocks and i-nodes can be clustered together to
achieve good locality.
ec vo

Figure 9-4. JFS2 structural components AN123.0
Notes:
oy si
Superblock
u
The first addressable logical block on the file system is the superblock. The superblock
contains information such as the file system name, size, number of i-nodes, and
cl
date/time of creation. The superblock is critical to the file system and, if corrupted,
prevents the file system from mounting. For this reason, a backup copy of the
superblock is always written in block 31.
Ex
i-nodes
Each file and directory has an associated i-node which contains metadata such as
ownership and access times. JFS2 allocates i-nodes, as required.
pr
Data blocks
An individual file within a file system, by default, has units allocated to it in blocks of
4096 bytes. The file system block size can be set to 512, 1024, 2048, or 4096 bytes. A
smaller block size uses less disk space for small files, but may degrade performance.
Student Notebook
Some AIX commands often report file sizes in units of 512 bytes, to remain compatible
with other UNIX file systems. This is independent of the actual unit of allocation.
Allocation maps
A JFS2 file system has two allocation maps:
• The i-node allocation map records the location and allocation of all i-nodes in the file
system.
.I. n
• The block allocation map records the allocation state of each file system block.
.T ció
Allocation groups
Allocation groups divide the space on a file system into chunks. Allocation groups allow
JFS2 allocation policies to use well-known methods for achieving optimum I/O
.
performance. The allocation policies try to cluster related disk blocks and disk i-nodes
C
.F a
to achieve good locality for the disk, as files are often read and written sequentially, and
the files within a directory are often accessed together.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Listing i-node and block size information

IBM Power Systems
• To view i-node information:

## ls
ls -li
-li
total
total 33
.I. n
12309
12309 -rw-r-----
-rw-r----- 11 adminusr
adminusr security
security 119
119 12
12 Feb
Feb 19:43
19:43 datafile1
datafile1
12307
12307 -rwxr-----
-rwxr----- 11 adminusr
adminusr security
security 254
254 27
27 Jan
Jan 18:19
18:19 .profile
.profile
12308
12308 -rw-------
-rw------- 11 adminusr
adminusr security
security 156
156 28
28 Jan
Jan 14:31
14:31 .sh_history
.sh_history
.T ció
## istat
istat datafile1
datafile1
Inode
Inode 12309
12309 on
on device
device 10/8
10/8 File
File i-node
Protection:
Protection: rw-r-----
rw-r----- number
.
Owner:
Owner: 211(adminusr)
211(adminusr) Group:
Group: 7(security)
7(security)
Link
Link count:
count: 11 Length
Length 119
119 bytes
C
bytes
.F a
Last
Last updated:
updated: Thu
Thu 12
12 Feb
Feb 19:44:09
19:44:09 2009
2009
Last
Last modified:
modified: Thu
Thu 12
12 Feb
Feb 19:43:42
19:43:42 2009
2009
Last
Last accessed:
accessed: Thu
Thu 12
12 Feb
Feb 19:43:42
19:43:42 2009
2009
C rm
• To view file system block size information:
## lsfs
lsfs –cq
–cq /data
/data
to fo
#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct
#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct Block size.
/data:/dev/fslv00:jfs2:::204800:rw:no:no
/data:/dev/fslv00:jfs2:::204800:rw:no:no (Some output
(lv
(lv size
size 204800:fs
204800:fs size
size 204800:block
204800:block size
size 4096
4096 removed for
clarity.)
ec vo

Figure 9-5. Listing i-node and block size information AN123.0
Notes:
oy si
The istat command can be used to display the i-node information for a particular file or
directory. You can specify the file either by providing a file or directory name, or by
u
providing an i-node number using the –i flag. I-node numbers can be discovered using the
–i flag with the ls command.
cl
The file system block size information can be discovered using the lsfs command.
Ex
pr
Student Notebook
Creating a JFS2 file system (1 of 2)

IBM Power Systems
# smit crfs_j2
# crfs -v jfs2 -g datavg -a size=1G –m /data
.I. n
Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
.T ció
[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name datavg
datavg
.
SIZE
SIZE of file
of file system
system
Unit
Unit Size
Size Gigabytes
Gigabytes ++
C
** Number
Number of
of units [1] ##
.F a
units [1]
** MOUNT
MOUNT POINT
POINT [/data]
[/data]
Mount
Mount AUTOMATICALLY
AUTOMATICALLY at at system
system restart?
restart? No
No ++
C rm
PERMISSIONS
PERMISSIONS read/write
read/write ++
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log size (MBytes)
Log size (MBytes) []
[] ##
to fo
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota Management?
Quota Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
Allow
Allow internal
internal snapshots?
snapshots? no
no ++
ec vo

Figure 9-6. Creating a JFS2 file system (1 of 2) AN123.0
Notes:
oy si
The SMIT screen in the visual shows the creation of a 1GB filesystem (/data) in volume
group: datavg. The creation is done by the crfs command.
u
In this example, the crfs command will create a file system on a new logical volume, within
cl
a previously created volume group. An entry for the file system is put into the
/etc/filesystems file.
Ex
The minimum size of a JFS2 filesystem is 16 MB.

For further information, see the crfs man page.
pr
V8.2
Student Notebook
Uempty
Creating a JFS2 file system (2 of 2)

IBM Power Systems
• When the file system is created, the lsfs command will

display the characteristics of the file system.
.I. n
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data
File
File system
system created
created successfully.
.T ció
successfully.
1048340
1048340 kilobytes
kilobytes total
total disk
disk space.
space.
New
New File
File System
System size
size is
is 2097152
2097152
.
## lsfs
lsfs /data
/data
C
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto
.F a
/dev/fslv00
/dev/fslv00 --
-- /data
/data jfs2 2097152
jfs2 2097152 --
-- no
no
## lsvg
lsvg -l datavg
C rm
-l datavg
datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
loglv00
loglv00 jfs2log
jfs2log 11 11 11 closed/syncd N/A
closed/syncd N/A
fslv00
fslv00 jfs2
jfs2 256
256 256
256 11 closed/syncd
closed/syncd /data
/data
to fo
JFS log automatically created,
1 LP in size (if one does not
already exist) for the VG.
ec vo

Figure 9-7. Creating a JFS2 file system (2 of 2) AN123.0
Notes:
oy si
The visual shows the actual creation of the /data file system shown in the previous slide.
The lsfs command can be used to display the characteristics of the file system.
u
Prior to the creation of the file system, the contents of the datavg volume group were
cl
empty. We can see two logical volumes created, loglv00 and fslv00. The loglv00 volume
acts as the JFS log for both the /data file system and by default any other file systems that
will be created. In creating a file system this way the underlying logical volume is created
Ex
using default options. Often it is preferable to first create the logical volume (using custom
values) and then create the file system on top. We shall see this procedure later in the unit.
pr
Student Notebook
Mounting a file system and the /etc/filesystems

file
IBM Power Systems
• When a file system is created, the device and mount point

information is stored in the /etc/filesystems file.
.I. n
## grep
grep -p
-p /data
/data /etc/filesystems
/etc/filesystems
/data:
/data:
.T ció
dev
dev == /dev/fslv00
/dev/fslv00
vfs
vfs == jfs2
jfs2
log
log == /dev/loglv00
/dev/loglv00
.
mount
mount == false
false
C
account
account == false
false
.F a
The mount command reads the
C rm
stanza in the /etc/filesystems
file, therefore only the mount point
## mount
mount /data
/data is required.
## mount
mount |egrep
|egrep '/data|node'
'/data|node'
node
node mounted mounted
mounted over
over vfs date options
to fo
mounted vfs date options
/dev/fslv00
/dev/fslv00 /data
/data jfs2
jfs2 13
13 Feb
Feb 10:32
10:32 rw,log=/dev/loglv00
rw,log=/dev/loglv00
ec vo

Figure 9-8. Mounting a file system and the /etc/filesystems file AN123.0
Notes:
oy si
Upon creation of a file system, a stanza in appended to the /etc/filesystems file. The
stanza includes:
u
• The device (dev) which is the underlying logical volume

cl
• The virtual file system type (VFS)

• The path to the JFS log device (log)
Ex
• Whether the file system should be mounted at system start time (mount) and processed
by the AIX accounting system (account).
Before the filesystem can be used it must first be mounted, using the mount command. As
pr
there is a stanza in the /etc/filesystems file, the only parameter required is the name of the
file system. The mount command with no options, will display all file systems which are
currently mounted and available for use.
V8.2
Student Notebook
Uempty
JFS2 logging options

IBM Power Systems
• For JFS2 file systems, there are three logging options:

– Use the global JFS log for the volume group.
.I. n
– Create a specific JFS log for each file system.
• 1 LP in size.
.T ció
• Format the log using the logform command.
## mklv
mklv –y
–y my_jfs2_log
my_jfs2_log –t
–t jfs2log
jfs2log datavg
datavg 11
.
C
## logform
logform /dev/my_jfs2_log
.F a
/dev/my_jfs2_log
logform:
logform: destroy
destroy /dev/rmy_jfs2_log
/dev/rmy_jfs2_log (y)?y
(y)?y
C rm
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data -a
-a logname=my_jfs2_log
logname=my_jfs2_log
– Create an inline log inside the file system.

• 0.4% of the file system space will be reserved for this option.
to fo
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data -a
-a logname=INLINE
logname=INLINE \\
-a logsize=<value
-a logsize=<value in MB>
in MB>
ec vo

Figure 9-9. JFS2 logging options AN123.0
Notes:
oy si
As we have seen by default, a JFS log file is created when the first file system is created in
a volume group. This JFS log will act as the global logging device for all file systems,
u
unless:
cl
• A specific external log is created for each file systems in the volume group. This
approach has several advantages. It will aide performance and availability. If the
logging device were to become corrupt, it would only affect the associated file system.
Ex
• The JFS log device is internal to the filesystem (inline). This saves time having to
create, format, and manage a separate JFS log volume. Inline logging is only available
with JFS2 file systems.
pr
Student Notebook
Creating a file system on a previously defined

logical volume
IBM Power Systems
# smit crfs_j2
# crfs -v jfs2 –d lv_for_data –m /data2 –A yes
.I. n
Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
.T ció
[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name lv_for_data
lv_for_data ++
** MOUNT POINT
MOUNT POINT [/data2]
[/data2]
.
Mount
Mount AUTOMATICALLY
AUTOMATICALLY atat system
system restart?
restart? yes
yes ++
C
PERMISSIONS
PERMISSIONS read/write
read/write ++
.F a
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
C rm
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log
Log size
size (MBytes)
(MBytes) []
[] ##
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota
Quota Management?
Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
to fo
Allow
Allow internal snapshots?
internal snapshots? No
No ++
ec vo

Figure 9-10. Creating a file system on a previously defined logical volume AN123.0
Notes:
oy si
Adding a file system to a previously created logical volume provides greater control over
where the file system will reside on disk and provides options for availability and
u
performance. When creating file systems in highly available environments (for example,
using PowerHA or Veritas Cluster Services), one should always follow this method, in order
cl
to use you own naming convention for the logical volume names.
On creation, the size of the filesystem is set to the size of the logical volume. For example,
Ex
if the PP size for the volume group is 64MB, and the logical volume was 4 LPs in size, then
the size of the file system would be (4 x 64MB) 256MB.
After the file system is created:
pr
• If the logical volume is expanded, the size of the file system is not increased.
• The underlying logical volume policies can be dynamically changed. However, there will
be a performance hit, especially for large file systems.
V8.2
Student Notebook
Uempty
Changing the size of a JFS2 file system

IBM Power Systems
• To increase the size of a file system:

## chfs
chfs -a
-a size=+1G
size=+1G /data2
/data2
Filesystem
Filesystem size
size changed
changed to
to 2179072
2179072
.I. n
• To shrink the size of a file system:
.T ció
## chfs
chfs -a
-a size=-500M
size=-500M /data2
/data2
Filesystem
Filesystem size
size changed
changed to
to 1155072
1155072
.
C
• Using SMIT: # smit chjfs2
.F a
Change
Change // Show
Characteristics of
of an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
C rm
[Entry
[Entry Fields]
Fields]
File
File system
system name
name /data2
/data2
NEW
NEW mount
mount point
point [/data2]
[/data2]
SIZE
SIZE of
of file
file system
system
to fo
Unit
Unit Size
Size Gigabytes
Gigabytes ++
Number
Number of
of units
units [10]
[10] ##
Note:
Note: Advanced
Advanced options
options removed.
removed.
ec vo

Figure 9-11. Changing the size of a JFS2 file system AN123.0
Notes:
oy si
JFS2 file systems can be dynamically increased or decreased in size (subject to available
space and LVM rules). You can either choose to increase or decrease by a set amount,
u
using + or – options respectively, or by providing a specific set number, as shown in the

SMIT example.
cl
The minimum size you can decrease by is 16 MB.

Ex
pr
Student Notebook
Removing a JFS2 file system

IBM Power Systems
• The file system must first be unmounted.

• Using SMIT: # smitty rmfs2
.I. n
# rmfs /data2
.T ció
Remove
Remove an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
.
** FILE
FILE SYSTEM
SYSTEM name
name /data2
/data2 ++
C
Remove
Remove Mount
Mount Point
Point no
no ++
.F a
C rm
to fo
ec vo

Figure 9-12. Removing a JFS2 file system AN123.0
Notes:
oy si
Ways to remove a file system

The rmfs command or SMIT can be used to remove a file system.
u
Restrictions
In order to remove a file system, it must be unmounted from the overall file tree, and this
cl
cannot be done if the file system is in use, that is, some user or process is using the file
system or has it as a current directory.
Ex
Effects of using rmfs command

The rmfs command removes any information for the file system from the ODM and
/etc/filesystems. When the file system is removed, the logical volume on which it
resides is also removed.
pr
Syntax
The syntax of the rmfs command is:
rmfs [-r] [-i] FileSystem
• r Removes the mount point of the file system
• i Displays warning and prompts the user before removing the file system
V8.2
Student Notebook
Uempty
File system space management

IBM Power Systems
• File systems expand upon notice, not automatically.

• To keep from running into problems:
.I. n
– Monitor file system growth
.T ció
– Determine causes
– Control growing files
.
– Manage file system space usage
C
– Control user disk usage
.F a
– Block size considerations
C rm
– Fragmentation considerations
to fo
ec vo

Figure 9-13. File system space management AN123.0
Notes:
oy si
The Resource Monitoring and Control (RMC) subsystem

u
You can also use the Resource Monitoring and Control (RMC) subsystem that is based
on the AIX Reliable Scalable Cluster Technology (RSCT) filesets. Web-based System
cl
Manager can be used to configure RMC. The ctrmc subsystem is started in the
/etc/inittab. RMC is outside the scope of the course.
Ex
pr
Student Notebook
Listing file system utilization

IBM Power Systems
• The df command displays information about total space and

available space on a file system.
.I. n
.T ció
# df [-k] [-m] [-g]
## df
df -g
-g
.
Filesystem
Filesystem GB
GB blocks
blocks Free
Free %Used
%Used Iused
Iused %Iused
%Iused Mounted
Mounted on
on
/dev/hd4 1.44 1.10 24% 9896 2% /
C
/dev/hd4 1.44 1.10 24% 9896 2% /
.F a
/dev/hd2
/dev/hd2 2.50
2.50 0.10
0.10 97%
97% 49616
49616 8%
8% /usr
/usr
/dev/hd9var
/dev/hd9var 0.31
0.31 0.24
0.24 25%
25% 1308
1308 2%
2% /var
/var
/dev/hd3
/dev/hd3 0.12
0.12 0.12
0.12 6%
6% 128
128 1%
1% /tmp
/tmp
C rm
/proc
/proc -- -- -- -- -- /proc
/proc
/dev/hd10opt
/dev/hd10opt 0.25
0.25 0.03
0.03 88%
88% 4567
4567 7%
7% /opt
/opt
/dev/fslv00
/dev/fslv00 8.00
8.00 1.40
1.40 83%
83% 6888
6888 3%
3% /export
/export
/dev/fslv01
/dev/fslv01 9.00
9.00 2.33
2.33 75%
75% 4059
4059 1%
1% /aix
/aix
/dev/lv00
/dev/lv00 0.12
0.12 0.12
0.12 4%
4% 20
20 1%
1% /audit
/audit
to fo
/dev/hd11admin
/dev/hd11admin 0.12
0.12 0.12
0.12 4%
4% 18
18 1%
1% /admin
/admin
/dev/hd1
/dev/hd1 0.62
0.62 0.16
0.16 75%
75% 270
270 1%
1% /home
/home
grumpy:/nimback
grumpy:/nimback 25.00
25.00 3.26
3.26 87%
87% 99 1% /mnt
1% /mnt
ec vo

Figure 9-14. Listing file system utilization AN123.0
Notes:
oy si
Importance of the df command

u
The df command lists the free space on all mounted file systems.
This is an important command to know about and use frequently. If you run out of space in
cl
a file system (especially / or /tmp), system corruption could occur.

Useful df command flags
Ex
A number of flags (options) can be used with the df command. Some of the most useful of
these flags are shown below:
• -i: Displays the number of free and used i-nodes for the file system; this output is the
pr
default when the specified file system is mounted

• -I: Displays information on the total number of blocks, the used space, the free space,
the percentage of used space, and the mount point for the file system
• -k: Displays statistics in units of 1024-byte blocks
• -m: Displays statistics in units of MB blocks
• -g: Displays statistics in units of GB blocks
V8.2
Student Notebook
Uempty
Monitoring file system growth

IBM Power Systems
• A simple script using the df command, which can be run at

regular intervals to warn against file systems becoming full.
.I. n
#!/bin/ksh
#!/bin/ksh
.T ció
df
df || egrep
egrep -v
-v '(used|proc)'
'(used|proc)' || awk
awk '{print
'{print $4"
$4" "$7}'
"$7}' \\
|| sed 's:%::g' | while read LINE
sed 's:%::g' | while read LINE
do
do
.
PERC=ècho
PERC=ècho $LINE
$LINE || awk
awk '{print
'{print $1}'`
$1}'`
C
FILESYSTEM=ècho
FILESYSTEM=ècho $LINE | awk
$LINE | awk '{print
'{print $2}'`
$2}'`
.F a
if
if [[ $PERC
$PERC -gt
-gt 70
70 ]]
C rm
then
then
mail
mail -s
-s "Filesystem
"Filesystem check
check on
on box:
box: `hostname`"
`hostname`" \\
admin@ibm.com
admin@ibm.com <<<< EOF
EOF
$FILESYSTEM
$FILESYSTEM isis $PERC%
$PERC% full,
full, please
please check
check
EOF
EOF
to fo
fi
fi
done
done
ec vo

Figure 9-15. Monitoring file system growth AN123.0
Notes:
oy si
The need to monitor file system growth

u
Although AIX provides for dynamic expansion of a file system, it does not expand the
file system on the fly. The system administrator must continually monitor file system
cl
growth and expand file systems as required before they get full. If a file system
becomes 100% full, then the users receive out of space messages when they try to
extend files.
Ex
Regular use of the df command

One useful technique is to run the df command through cron, the job scheduler, to
perform a regular check of the space available in the file system and produce a report.
pr
cron is covered in a later unit.
Student Notebook
Listing disk usage

IBM Power Systems
• The du command lists the number of blocks used by a file

or a directory.
.I. n
/export
/export ## du
du -sg
-sg ..
6.59
6.59 ..
.T ció
/export
/export ## du
du FirstBoot.sh
FirstBoot.sh
88 FirstBoot.sh
FirstBoot.sh
.
/export
/export ## du
du –sm
–sm ** || sort
sort -rn
C
-rn
.F a
2131.16
2131.16 mksysbaix53
mksysbaix53
1846.36
1846.36 mksysbaix61
mksysbaix61
C rm
1373.11
1373.11 mksysbaix61.light
mksysbaix61.light
248.52
248.52 spot
spot
0.01
0.01 nim
nim
0.01
0.01 bosinst.data
bosinst.data
0.00
0.00 FirstBoot.sh
FirstBoot.sh
to fo
0.00
0.00 BUILD.sh
BUILD.sh
ec vo

Figure 9-16. Listing disk usage AN123.0
Notes:
oy si
Use of the du command

u
There may be a number of files or users that are causing the increased use of space in
a particular file system. The du command helps to determine which files, users, or both,
cl
are causing the problem.

Specifying the units du should use
Ex
By default, du gives size information in 512-byte blocks. Use the -k option to display
sizes in 1 KB units, use the -m option to display sizes in 1 MB units, or use the -g option
to display sizes in 1 GB units.
Specifying output by file
pr
By default, du gives a hierarchical listing of directories only. With the -a option, the
hierarchical listing includes the non-directory files. With the -s option, only the specified
file is listed. For each listed directory, the size is the total amount of space for that
directory and all files underneath it, recursively.
V8.2
Student Notebook
Uempty Using du in conjunction with sort

If the output of du is sorted numerically and in descending order (using the -n and –r
flags of the sort command) by the value in the first column, this output can be an aid in
determining which files/directories are the largest. Then using an ls -l, you can
determine the file/directory's owner.
The -x flag
.I. n
The -x flag/option is also very useful. When you use du -ax, the report only shows
information from the specified file system. This is the best way to determine what file is
.T ció
filling a particular file system.
Using the find command to locate large files
.
The find command is useful for locating files that are over a certain size. For example,
C
to find all files that contain more than 1 000 000 characters, and then list them, use the
.F a
following command:
C rm
# find / -size +1000000c -exec ls -l {} ;
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Control growing files

IBM Power Systems
• /var/adm/wtmp
• /etc/security/failedlogin
.I. n
• /var/adm/sulog
.T ció
• /var/spool/*/*
.
• /var/tmp/*
C
.F a
C rm
• $HOME/smit*
to fo
ec vo

Figure 9-17. Control growing files AN123.0
Notes:
oy si
Managing files that grow

u
Growing files should be monitored and cleaned out periodically. Some of the files that grow
are listed on the visual.
cl
Records of login activity

The files /var/adm/wtmp, /etc/security/failedlogin, and /var/adm/sulog are needed
Ex
because they contain historical data regarding login activity. Thus, these files should
always contain a few days of login activity. If accounting is turned on, /var/adm/wtmp is
kept to a reasonable size. If accounting is not turned on, to capture the data to archive it,
use who -a on /var/adm/wtmp and /etc/security/failedlogin and redirect the output to a
pr
save file. Then, the log file can be purged by overwriting it with a null string. Two ways of
overwriting a log file in this way are illustrated in the following examples:
Example 1:
# cat /dev/null > /var/adm/wtmp
V8.2
Student Notebook
Uempty Example 2:
# > /etc/security/failedlogin
The file /var/adm/sulog can be edited directly.
The /var/spool directory
The directory /var/spool contains cron entries, the mail, and other items that grow on an
ongoing basis, along with printer files. If there is a problem with the printer files, you can try
.I. n
to clear the queuing subsystem by executing the following commands:
.T ció
stopsrc -s qdaemon
rm /var/spool/lpd/qdir/*
rm /var/spool/lpd/stat/*
.
rm /var/spool/qdaemon/*
C
startsrc -s qdaemon
.F a
Records of SMIT and Web-based System Manager activity
C rm
Files such as smit.log in the home directory of the root user, and other system
administration accounts, can also become quite large. These files need to be monitored
regularly and managed appropriately.
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
The skulker command

IBM Power Systems
• The skulker command cleans up file systems by removing

unwanted or obsolete files.
.I. n
• Candidate files include:
.T ció
– Files older than a selected age
– Files in the /tmp, /var/spool, /var/tmp, /var/news directories
.
– a.out, *.bak, core, ed.hup files
C
.F a
• skulker is normally invoked daily by the cron command as
C rm
part of the crontab file of the root user.
– Disabled by default
• Modify the skulker shell script to suit local needs for the
to fo
removal of files.
– Test carefully!!
ec vo

Figure 9-18. The skulker command AN123.0
Notes:
oy si
Function of the skulker command

u
The shell script /usr/sbin/skulker includes a series of entries containing commands that
remove unwanted or obsolete files of various types. To analyze the commands that are
cl
executed by each entry, print out or view the contents of the /usr/sbin/skulker file.
Concerns related to skulker
Ex
A particular version of skulker is suited to the operating system and level with which it was
distributed. If the operating system has been upgraded or modified, it may be inadvisable to
use an old version of skulker. In addition, the skulker shell script is moderately complex.
When making modifications, you should make a copy of the shell script first - just in case!
pr
Note that if skulker is modified, or if it is used on the incorrect version of the operating
system, it ceases to be a supported component of AIX.
Note: The skulker is disabled by default.
V8.2
Student Notebook
Uempty
Block size considerations

IBM Power Systems
• Default block size for a JFS2 file system is 4 K.

– Possible values are 512, 1024, 2048, 4096 bytes.
.I. n
• If a directory structure is to contain many small files, it is
beneficial to store them in a separate file system with a small
.T ció
block size.
– Otherwise, the file system might fill up and still contain lots of free
.
C
space.
.F a
4096 bytes 4096 bytes
C rm
2000 bytes 2000 bytes
1024 1024 1024 1024
This free space cannot These free blocks can

to fo
be used by another file. be used by other files.
ec vo

Figure 9-19. Block size considerations AN123.0
Notes:
oy si
Benefits of a small block size

u
In JFS, as many whole blocks as necessary are used to store a file or directory's data.
Consider that we have chosen to use a block size of 4 KB, and we are attempting to
cl
store file data which only partially fills a block. Potentially, the amount of unused or
wasted space in the partially filled block can be quite high. For example, if only 500
bytes are stored in this block, then 3596 bytes are wasted. However, if a smaller block
Ex
size, say 512 bytes, was used, the amount of wasted disk space would be greatly
reduced - to only 12 bytes. It is, therefore, better to use small block sizes, if efficient use
of available disk space is required, in a filesystem which will consist of lots of small files.
pr
Adverse effects of a small block size

Although small block sizes can be beneficial in reducing wasted disk space, they can
have an adverse effect on disk I/O activity. For a 4 KB file, stored in a single block of 4
KB, only one disk I/O operation would be required to either read or write the file. If the
choice of the block size was 512 bytes, a 4 KB file would only be allocated a 4 KB block
if one were available. If a single 4 KB block were not available, 512 byte blocks would
Student Notebook
be used, with a potential to allocate eight blocks for this file. For a read or write to
complete, several additional disk I/O operations (disk seeks, data transfers, and
allocation activity) would be required. Therefore, for file systems which use a block size
of 4 KB, the number of disk I/O operations are far less, than file systems which employ
a smaller block size.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Fragmentation considerations
IBM Power Systems
• Over time, due to data relocation, extensions, reductions, and

deletions, contiguous free space can run out and data can
become fragmented.
.I. n
File system
.T ció
.
C
.F a
Used block
Free block
FileA
C rm
• There are three options to deal with this situation.
– Try to increases a file system’s contiguous free space using the
defragfs command.
to fo
– Back up, delete, recreate the file system and restore the data.
– Create a new file system and migrate the data.
ec vo

Figure 9-20. Fragmentation considerations AN123.0
Notes:
oy si
Irrespective of the block size, over time data can become fragmented on disk. The
defragfs command will attempt to increases a file system's contiguous free space by
u
reorganizing free block allocations to be contiguous, rather than scattered across the disk.
The file system to be defragmented can be specified with the device variable, which can be
cl
the path name of the logical volume (for example, /dev/hd4) or the name of the file system,
which is the mount point in the /etc/filesystems file.
Ex
Another approach, is to backup and restore the data in a new file system or backup the
data, delete, recreate the file system and restore. This method is certainly cleaner, but
requires some element of downtime.
pr
Student Notebook
Verify and repair a file system

IBM Power Systems
• fsck command
– Checks file system consistency and interactively repairs the file system
.I. n
– If no file system name is specified, the fsck command checks all file
systems which have the check=true attribute set in the
.T ció
/etc/filesystems.
– Orphan files are placed in the lost+found directory.
• Unmount the file system before running fsck.
.
C
.F a
## fsck
fsck /data
/data
The
The current
current volume
volume is:
is: /dev/fslv00
/dev/fslv00
C rm
Primary
Primary superblock
superblock is is valid.
valid.
J2_LOGREDO:log
J2_LOGREDO:log redo
redo processing
processing for
for /dev/fslv00
/dev/fslv00
Primary
Primary superblock
superblock is is valid.
valid.
***
*** Phase
Phase 11 -- Initial
Initial inode
inode scan
scan
***
*** Phase
Phase 22 -- Process
Process remaining
remaining directories
directories
to fo
*** Phase 3 - Process remaining
*** Phase 3 - Process remaining filesfiles
***
*** Phase
Phase 44 -- Check
Check and
and repair
repair inode
inode allocation
allocation map
map
***
*** Phase 5 - Check and repair block allocation
Phase 5 - Check and repair block allocation map
map
File
File system
system isis clean.
clean.
ec vo

Figure 9-21. Verify and repair a file system AN123.0
Notes:
oy si
Always run the fsck command on file systems after a system malfunction. The internal
integrity of a file system should be checked before the file system is mounted. By default,
u
the fsck command runs interactively, prompting the administrator for the action to perform
in order to repair the file system. If orphaned files or directories (those that cannot be
cl
reached) are found, fsck will attempt to store them file in the /lost+found directory.
For further information, see the fsck man page.
Ex
pr
V8.2
Student Notebook
Uempty
Documenting file system setup

IBM Power Systems
• Run the lsfs command.

• Save the contents of the /etc/filesystems file.
.I. n
• Run the df command to check space allocation.
.T ció
• Check all the mounted file systems by running the mount
command.
.
C
.F a
C rm
File System Records
to fo
ec vo

Figure 9-22. Documenting file system setup AN123.0
Notes:
oy si
u
cl
Ex
pr
Student Notebook
System storage review

IBM Power Systems
LogicalVolume
Logical volume storage
Structure
.I. n
hd2
.T ció
hd4 /usr hd2 free hd1 free hd1 free
/(root) /usr /home /home
hd6 hd3 hd1 hd1
Page Space /tmp /home /home
hd8 hd2
.
log /usr free free
hd61 lv00 lv00
C
Page Space special DB special DB
.F a
hd5 free hd9var lv00 lv00
/blv /var special DB special DB
C rm
hdisk0 hdisk1 hdisk2 hdisk3
rootvg datavg
File Systems
/(root)
File System
to fo
Directories File Systems
/bin /dev /etc /lib /usr /tmp /var /home

ec vo

Figure 9-23. System storage review AN123.0
Notes:
oy si
Difference between file system and simple directory

u
It is important to understand the difference between a file system and a directory. A file
system is a section of disk that has been allocated to contain files. This section of disk is
cl
the logical volume. The section of disk is accessed by mounting the file system over a
directory. Once the file system is mounted, it looks like any other directory structure to
the user.
Ex
File systems on the visual

The directories on the right of the bottom portion of the visual are all file systems. These
file systems are all mounted on the directories /usr, /tmp, /var and /home. Notice the
pr
corresponding logical volume in the graphic at the top of the visual.

Simple directories
The directories on the left of the bottom portion of the visual are strictly directories that
contain files and are part of the /(root) file system. There is no separate logical volume
associated with these directories.
V8.2
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
1. Does the size of the file system change when the size of the logical
volume it is on is increased?
.I. n
2. If you remove a file system, is the logical volume on which it sits
.T ció
removed as well?
.
3. When a file system is created, what needs to be done in order to make
C
it available for use?
.F a
C rm
4. What size should an external JFS log be set to?
5. True or False: SMIT can be used to easily increase or decrease the

to fo
size of an enhanced JFS filesystem.
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
6. A file system is 2 GB. How would you do the following?

a. Add 1 GB
.I. n
b. Set the size to 5 GB
.T ció
7. What command can you use to determine if a file system is full?
.
8. What command can produce a report listing the size (in MB) of all the
C
.F a
files and directories contained in a specific location?
C rm
9. What command checks and interactively repairs inconsistent file
systems?
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
File system
administration
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
– Add, list, change, and delete
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 10. Paging space

This unit presents the key concepts related to paging space.
.I. n
.T ció
• Explain the purpose of paging space
.
• Modify the state or size of a paging space
C
.F a
• Add or remove paging spaces
• List and monitor the paging space utilization
C rm
to fo
ec vo
References
management
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
What is paging space?

IBM Power Systems
Divided into segments
.I. n
Made up of page frames
.T ció
.
Real
C
Virtual memory
.F a
memory (RAM)
C rm
Active
page,
Page resident in
frame memory Paging
table space
to fo
Inactive
page, paged
out
ec vo

Figure 10-2. What is paging space? AN123.0
Notes:
oy si
How data is placed into Paging Space?

u
Memory under AIX is virtualized by the Virtual Memory Manager (VMM). The basic idea
behind virtual memory is that each program has its own address space which is
cl
partitioned into segments. A segment is a 256 MB, contiguous portion of the

virtual-memory address space into which a data object can be mapped.
Ex
Virtual-memory segments are partitioned into fixed-size units called pages. Each page
in a segment can be in real memory (RAM), or stored on disk until it is needed.
Similarly, real memory is divided into page frames.
A page might be resident in memory (that is, mapped into a location in physical
pr
memory), or a page might be resident on a disk (that is, paged out of physical memory
into paging space or a file system).
The role of the VMM is to manage the allocation of real-memory page frames and to
resolve references by the program to virtual-memory pages that are not currently in real
Student Notebook
memory or do not yet exist (for example, when a process makes the first reference to a
page of its data segment).
Page Frame Table (PFT) is the data structure used by a VMM to store the mapping
between virtual addresses and physical addresses.
When the number of available real memory frames on the free list becomes low, a page
stealer is invoked. A page stealer moves through the PFT, looking for pages to steal
from Real Memory to Paging Space. The PFT includes flags to signal which pages have
.I. n
been referenced and which have been modified. If the page stealer encounters a page
.T ció
that has been referenced, it does not steal that page, but instead, resets the reference
flag for that page. The next time the clock hand (page stealer) passes that page and the
reference bit is still off, that page is stolen.
.
Paging space is not a substitute for sufficient real memory. A persistent shortage of real
C
memory can result in so much paging space page-in and page-out activity, that is will
.F a
severely impact the performance of that system. For more information about memory
and paging performance issue, attend the AIX Performance Management course.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Paging space
IBM Power Systems
• Is a secondary storage area for:

– Inactive memory
.I. n
– Over-committed memory
.T ció
• Holds inactive pages on disk
– Page size historically has been 4 KB in size.
.
– AIX 7.1 running on POWER5+ processors supports four page sizes:
C
.F a
4 KB, 64 KB, 16 MB, and 16 GB.
C rm
• Is not a substitute for real memory
• To display the amount of real memory:

lsattr -El mem0
to fo
– Or
lsattr -El sys0 -a realmem
ec vo

Figure 10-3. Paging space AN123.0
Notes:
oy si
A secondary storage area

u
Paging space is disk storage for information that is resident in virtual memory, but is not
currently being accessed. As memory fills, inactive pages are moved to the paging
cl
space on disk.
A temporary holding area for inactive pages
Ex
It is very important to remember that paging is a temporary holding area for inactive
pages; it is not a substitute for real memory. If your machine has many active
processes, it requires more real memory. You must ensure the machine has enough
memory to maintain all the active processes. If you run out of memory, your machine
pr
reaches a constant state of paging called thrashing. As it attempts to make room in

memory, it completes a page-out; as soon as the page reaches the disk, it is needed
again because it is still active. Your machine's resources are wasted performing only
paging activity, and no real work gets done.
Student Notebook
Thrashing indicates a need for additional memory

Increasing the amount of paging space when your machine is thrashing does not solve
the problem. Thrashing is a result of not enough real memory.
Displaying real memory size
Here are three ways of displaying real memory:
# bootinfo -r
.I. n
# lsattr -E -l mem0 ??
# lsattr -E -l sys0 -a realmem
.T ció
High performance environments
On Power4 (or later) environments, page size can be set to large enabled (16MB). This
.
is done through the vmo command, as follows:
C
.F a
# vmo -r -o lgpg_regions=10 -o lgpg_size=16777216
On Power5+ (or later), page size can be set to huge enabled (16 GB). This is done on
C rm
the HMC through manage system properties.
16 MB and 16 GB page frames are never paged out to disk. Even if totally unused, they
remain in memory. They are mainly used in High Performance Computing (HPC)
to fo
environments.
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Sizing paging space

IBM Power Systems
• hd6 is created at installation time.

– The default paging space formula will likely result in having more space than
is needed.
.I. n
• If real <256 MB then page space = 2 x real
.T ció
• If real >= 256MB then page space = 256MB
• However, the amount needed is dependent on application and system
usage.
.
C
• Running low on paging space is bad.
.F a
– New processes will not start and the system may start killing processes.
C rm
• Paging space should be continually monitored, using:
– # lsps –a or # lsps –s
• Can dynamically:
to fo
– Add or remove paging space
– Increase or decrease size of a paging space
ec vo

Figure 10-4. Sizing paging space AN123.0
Notes:
oy si
Creation of paging space

Paging space is created during AIX installation. The initial size is dependent on various
u
factors, particularly the amount of RAM in your system. Currently, the initial paging
space size is determined according to the following standards:
cl
• If real memory <256 MB then page space = 2 x real

• If real memory>= 256 MB then page space = 256 MB
Ex
• no more than 20% disk

Adjusting the amount of paging space
The initial size of paging space is just a starting point. This is not necessarily the
amount of the paging space that is right for your machine. The number and types of
pr
applications dictates the amount of paging space needed. Many sizing rules of thumb
have been published, but the only way to correctly size your machine's paging space is
to monitor the utilization of your paging space.
Monitoring paging space
Monitoring the utilization of the paging space is done with the command lsps -a. This
command and its output are covered shortly.
Student Notebook
Paging space thresholds

IBM Power Systems
• When paging space fills up, the OS can hang or crash.

– Common warning: Messages about failures to fork new processes
.I. n
• Thresholds for free paging space pages try to avoid this:
.T ció
vmo –o npswarn, SIGDANGER is sent to all processes
.
vmo –o npskill, SIGKILL is sent to certain processes
C
.F a
• Monitor paging space and act before the thresholds are
C rm
reached.
• Can exempt processes from SIGKILL for select UIDs .

to fo
vmo -o nokilluid=N
– Processes owned by UIDs 0 through N-1 are exempt
ec vo

Figure 10-5. Paging space thresholds AN123.0
Notes:
oy si
Impact and messages of low paging space

u
Running low on paging space can prevent new processes from starting. The affect can
even be a hung or crashed operating system.
cl
You might see these warning messages:

"INIT: Paging space is low"
Ex
"ksh: cannot fork no swap space"

"Not enough memory"
"Fork function failed"
"fork () system call failed"
pr
"unable to fork, too many processes"

"Fork failure - not enough memory available"
"Fork function not allowed. Not enough memory available."
"Cannot fork: Not enough space„
V8.2
Student Notebook
Uempty Results of low paging space

If your system runs low on paging space, a message is sent to the console and
sometimes to users as well. At this point, the system is unable to start new work until
memory is freed up, either by having processes explicitly free and release allocated
memory or by terminating processes (thus automatically freeing memory associated
with those processes). This situation should obviously be avoided.
The situation can get worse. If paging space continues to fill, non-system processes are
.I. n
terminated, and the system may even crash. Ensure you have enough paging space.
.T ció
The vmo command manages VMM tunable parameters. One parameter which may be
of interest is nokilluid. The parameter accepts an integer, which by default is 0 (off).
For example, if the value is set to 1, this will result in processes for user IDs lower than
.
this value (in this case, root) becoming exempt from getting killed due to low
C
page-space conditions.
.F a
npswarn and npskill thresholds
C rm
If available paging space depletes to a low level, then the operating system will try to
free up resources by first warning processes to free up paging space and finally by
killing processes if there still is not enough paging space available for the current
processes. It will kill one process at a time and an error log entry will be generated.
to fo
The npswarn and npskill thresholds are used by the VMM to determine when to first
warn processes and eventually when to kill processes. The default values of npswarn
and npskill will depend on how much paging space is configured on the system. The
ec vo
default value of npskill is MAX [64, (Total number of paging space pages)/128]. The
default value of npswarn is the MAX [512, 4*npskill].
If the npswarn threshold is reached, then all active processes are sent a SIGDANGER
signal. If a process is handling this signal, then the process can choose to ignore it or do
oy si
some other action like exit or free up memory using disclaim().

If the shortage continues and falls below a second threshold, npskill, then the system
u
sends the SIGKILL signal to the youngest process that does not have a signal handler
for the SIGDANGER signal. (The default action for the SIGDANGER signal is to ignore the
cl
signal). The system continues sending SIGKILL signals until the number of unallocated
paging space blocks is above the paging space kill level.
Ex
If the vmo low_ps_handling parameter is set to 2 and if no process is found to kill

(without the SIGDANGER handler), then the system sends the SIGKILL signal to the
youngest process that has a signal handler for the SIGDANGER signal. The
low_ps_handling parameter is new in AIX 5L V5.3.
pr
nokilluid
By setting the nokilluid parameter to a nonzero value with the command
vmo -o nokilluid, user IDs lower than this value will be exempt from being killed
because of low page space conditions. The default is 0 (off).
Student Notebook
vmo command
The vmo command manages VMM tunable parameters. To make a parameter update
persistent through reboots, add the -p flag.
pacefork parameter
If a process cannot be forked due to a lack of paging space pages, then it will retry the
fork five times. In between each retry, the calling thread will delay for a default of 10
.I. n
clock ticks. This number of ticks is tunable via the schedo -o pacefork.
Factors that can affect paging space usage
.T ció
The most obvious cause of the paging space being filled up is a large over commitment
of memory, where the total virtual memory allocations by the applications far exceeds
.
the real memory of the system, thus requiring the rest to be stored in paging space. For
C
this you can either allocate more memory or restrict the demand for memory.
.F a
A common source of excess memory demand is a program which has a memory leak. It
C rm
repeated allocates memory, briefly uses it, forgets it has that memory allocated. The old
allocations tend to end up in the paging space.
Applications can place greater demand on paging space by requesting an Early Page
Space Allocation policy (variable PSALLOC=early) for their memory allocations.
to fo
Normally the system does not allocate pages in paging space until it needs to actually
page out a page of memory (Deferred Page Space Allocation). With early allocation,
AIX will pre-allocate a page in paging when the application allocates a page of memory,
just in case that page needs to be paged out (it may never be paged out). That is great
ec vo
insurance for the application, but will require more paging space to support that.
It should be noted that once a paging space page is allocated in order to page out a
page of memory, it stays allocated even when that data is paged back in. It is not freed
oy si
until the corresponding virtual memory page is freed.

u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Checking paging space

IBM Power Systems
## lsps
lsps -a
-a
Page Space
Page Space Physical
Physical Volume
Volume Volume
Volume Group
Group Size
Size %Used
%Used Active
Active Auto
Auto Type
Type
.I. n
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 512MB
512MB 13
13 yes
yes yes
yes lv
lv
.T ció
.
## lsps
lsps –s
–s
C
Total
Total Paging Space
Paging Space Percent
Percent Used
Used
.F a
512MB
512MB 13%
13%
C rm
## vmstat
vmstat 11 10
10
to fo
ec vo

Figure 10-6. Checking paging space AN123.0
Notes:
oy si
The lsps command

u
The lsps command lists detailed information regarding the paging spaces on the
system, including whether they are in use at the time and, if so, what percentage of their
cl
total space is allocated.

Another useful option available with the lsps command, is the -s option, which
Ex
specifies the summary characteristics of all paging spaces. The information consists of
the total size of the paging spaces (in MB) and the percentage of paging spaces
currently used.
The paging space created during system installation, is named hd6. Paging spaces
pr
created by the system administrator after system installation, are named paging00,
paging01, and so on.
svmon is an advanced command which captures and analyzes the current snapshot of
virtual memory. It is the only system command which shows the breakdown of page
frame sizes.
Student Notebook
Paging space placement

IBM Power Systems
• Placement guidelines:
– More than one page volume.
.I. n
– Paging spaces all the same size including hd6.
– Only one paging space per physical disk.
.T ció
– Use disks with the least activity.
– Do not extend “a paging space” over multiple physical volumes.
.
C
– Place on SAN disks for better performance.
.F a
– Mirror all page spaces that are on internal or nonraided disk.
C rm hd6 paging00
to fo
paging01
ec vo

Figure 10-7. Paging space placement AN123.0
Notes:
oy si
Introduction
Placement and size of your paging space does impact its performance. The following
u
material contains tips regarding placement and size of paging areas.

cl
Configure only one paging space per disk

Do not have more that one paging space per disk. The paging space is allocated in a
Ex
round-robin manner, and uses all paging areas equally. If you have two paging areas on
one disk, then you are no longer spreading the activity across several disks.
Use disks with low levels of activity
Paging space performs best when it is not competing with other activity on the disk. Use
pr
disks that do not have much activity.

Create paging spaces of roughly the same size
Paging spaces should be roughly the same size. Because of the round-robin technique
that is used, if they are not the same size, then the paging space usage is not balanced.
Smaller paging areas fill faster.
V8.2
Student Notebook
Uempty Do not span multiple physical volumes

Do not extend a paging space to span multiple physical volumes. Although you can
spread a paging area (like a regular logical volume) across several disk, the round-robin
technique treats the paging area as a single paging area. Therefore, the activity is not
evenly spread across the disks.
Use SAN disks and Fibre Channel controllers
.I. n
Using SAN disks generally results in better throughput when reading and writing to the
disk. SAN controllers have large cache which will store the frames, when paged-out, to
.T ció
disk. If the page frames are required to be paged back-in, and the data is still in cache,
the system will not have to read from disk, improving performance. However, we do
have to balance this with the exposure that we may lose connection to the SAN storage.
.
Mirror paging space for availability
C
.F a
AIX will crash if he lost currently used paging volumes. AIX will not boot without hd6
present.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Adding paging space

IBM Power Systems
# smit mkps mkps –s 10 -n -a rootvg hdisk1
Add
Add Another
Another Paging
Paging Space
Space
.I. n
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.T ció
Press Enter AFTER making all
all desired changes.
desired changes.
[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name rootvg
rootvg
.
SIZE
SIZE of paging space
of paging space (in
(in logical
logical partitions) [10] ##
C
partitions) [10]
.F a
PHYSICAL
PHYSICAL VOLUME
VOLUME name
name hdisk1
hdisk1 ++
Start
Start using
using this
this paging
paging space
space NOW?
NOW? yes
yes ++
C rm
Use
Use this
this paging
paging space
space each
each time
time the
the system
system is
is yes
yes ++
RESTARTED?
RESTARTED?
# lsps -a
to fo
Page Space PV VG Size %Used Active Auto Type
paging00 hdisk1 rootvg 640MB 1 yes yes lv
hd6 hdisk0 rootvg 512MB 16 yes yes lv
ec vo

Figure 10-8. Adding paging space AN123.0
Notes:
oy si
Ways of adding extra paging space

u
To add extra paging space volumes to the system, you can use SMIT (as illustrated on
the visual), the mkps command, or the Web-based System Manager.
cl
Using the mkps command

When using the mkps command, the syntax and options are:
Ex
mkps [-a] [-n] [-t Type] -s NumLPs Vgname [Pvname]

• Vgname: The volume group within which to create the paging space
• Pvname: Specifies the physical volume of the volume group
• -s NumLPs: Sets the size of the new paging space in logical partitions
pr
• -a: Activate the paging space at the next restart (adds it to /etc/swapspaces)
• -n: Activate the paging space immediately.
• -t Type: Specifies the type of paging space (lv or nfs)
When a paging space is created, the /etc/swapspaces file is also updated, if needed.
V8.2
Student Notebook
Uempty
Change paging space

IBM Power Systems
# smit chps chps –d 5 paging00
Change
Change // Show
Characteristics of
of aa Paging
Paging Space
Space
.I. n
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.T ció
desired changes.
[Entry
[Entry Fields]
Fields]
Paging
Paging space
space name
name paging00
paging00
.
Volume group name
Volume group name rootvg
rootvg
C
.F a
Physical
Physical volume
volume name
name hdisk1
hdisk1
NUMBER
NUMBER of
of additional
additional logical
logical partitions
partitions []
[] ##
C rm
Or
Or NUMBER
NUMBER of
of logical
logical partitions
partitions to
to remove
remove [5]
[5] ##
Use
Use this
this paging
paging space
space each
each time
time the
the system
system is
is yes
yes ++
RESTARTED?
RESTARTED?
to fo
# lsps -a
paging00 hdisk1 rootvg 320MB 1 yes yes lv
ec vo

Figure 10-9. Change paging space AN123.0
Notes:
oy si
Characteristics that can be changed

u
A paging space may have its size increased or decreased and may have its autostart
options changed while it is in use (this updates /etc/swapspaces).
cl
These changes can be made through SMIT (as illustrated on the visual) or by using the
chps command.
Ex
Decreasing paging space

The ability to dynamically decrease paging space was introduced in AIX 5L V5.1. The
argument -d to the chps command calls the shrinkps shell script to reduce the size of
an active paging space. The use of a shell script reduces the possibility of getting into
pr
an unbootable state because users are not allowed to run out of paging space. The
script checks paging space actually in use and adds a paging space warning threshold
buffer. The SMIT fastpath is smit chps.
Student Notebook
The process chps decreases an active paging space as follows:

Step Action
Create a new, temporary space from the same volume group as the one being
1
reduced.
2 Deactivate the original paging space.
3 Reduce the original paging space.
4 Reactivate the original paging space.
.I. n
5 Deactivate the temporary space.
The primary paging space (usually hd6) cannot be decreased below 32 MB.
.T ció
When you reduce the primary paging space, a temporary boot image and a temporary
/sbin/rc.boot pointing to this temporary primary paging space are created to ensure the
.
system is always in a state where it can be safely rebooted.
C
Activating paging space
.F a
Inactive paging spaces may be activated dynamically once they have been defined. To
C rm
do this enter: swapon /dev/pagingnn
Note: This operation is supported through SMIT as well, fastpath pgsp. Alternatively,
use: swapon -a to activate all paging spaces defined in /etc/swapspaces. This
command is run in /etc/rc at system startup.
to fo
Examples of chps command use
The following examples illustrate use of the chps command:
• Example 1: Delete one logical partition from the paging00 paging space.
ec vo
# chps -d 1 paging00
• Example 2: Add one logical partition to the paging00 paging space.
oy si
# chps -s 1 paging00
Refer to the entry for chps in the online AIX 7.1 Commands Reference (or the
u
corresponding man page) for more information regarding the chps command.
cl
Ex
pr
V8.2
Student Notebook
Uempty
Removing paging space

IBM Power Systems
• First, deactivate the paging space. swapoff /dev/paging00
• Remove the paging space. rmps paging00
.I. n
# smit rmps
.T ció
Remove
Remove aa Paging
Paging Space
Space
.
C
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.F a
desired changes.
[Entry
[Entry Fields]
Fields]
C rm
PAGING
PAGING SPACE
to fo SPACE name
name paging00
paging00 ++
# lsps -a
ec vo

Figure 10-10. Removing paging space AN123.0
Notes:
oy si
Deletion of surplus paging space

As we have discussed, paging space can be added to the system, if necessary.
u
Similarly, surplus paging space can be deleted to free up the disk space for other logical
volumes.
cl
Deactivation of paging space

Inactive paging space can be activated dynamically to meet system demand. In order to
Ex
delete paging space, it must be inactive (that is, not used by the kernel.) Beginning with
AIX 5L V5.1, active paging spaces can be deactivated while the system is running using
the swapoff command or with the SMIT fastpath swapoff.
Reasons the swapoff command may fail
pr
The swapoff command might fail due to:

• Paging size constraints: The process to remove an active paging space is to move all
the pages of the paging space being removed to another paging space. If there is not
enough active paging space to do this, the command fails.
• I/O errors.
Student Notebook
Problems with paging space

IBM Power Systems
• Monitor the system carefully.

– If paging space is running low or gets to 100% full, the system will
.I. n
panic. Errors will be seen on the console, such as INIT: Paging
space is low!
.T ció
– The kernel will randomly start to kill processes.
• UNIX version 7 manual, quote: “Absolute mayhem guaranteed.”
.
• Paging space too small:
C
.F a
– Dynamically increase the size by allocating more partitions.
OR
C rm
– Add an additional paging space definition to another physical disk.
• Paging space too large:
to fo
– Dynamically decrease the size by deallocating partitions.
OR
– Remove a paging space definition.
ec vo

Figure 10-11. Problems with paging space AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Documenting paging space setup

IBM Power Systems
• Run the lsps command.

• Have a hardcopy of the /etc/swapspaces file.
.I. n
** /etc/swapspaces
/etc/swapspaces
.T ció
**
** This
This file
file lists
lists all
all the
the paging
paging spaces
spaces that
that are
are automatically
automatically put
put
** into
into service
service on
on each system restart ('swapon -a‘)
each system restart ('swapon -a‘)
.
**
C
** WARNING:
WARNING: Only
Only paging
paging space
space devices
devices should
should be
be listed
listed here.
here.
.F a
**
** This
This file
file is
is modified
modified by
by the
the chps,
chps, mkps
mkps and
and rmps
rmps commands
commands and
and
C rm
referenced
referenced by
by the
the lsps
lsps and
and swapon
swapon commands.
commands.
hd6:
hd6:
dev
dev == /dev/hd6
/dev/hd6
auto
auto = yes
= yes
to fo
paging00:
paging00:
dev
dev == /dev/paging00
/dev/paging00
auto
auto = yes
= yes
ec vo

Figure 10-12. Documenting paging space setup AN123.0
Notes:
oy si
Running lsps
u
Run lsps to monitor paging space activity. Keep good documentation so that you know
what is normal for that system.
cl
The /etc/swapspaces file

The file /etc/swapspaces contains a list of the paging space areas that are activated at
Ex
system startup.
Keep a copy of /etc/swapspaces so that you know what paging spaces are defined to
start at boot.
pr
Student Notebook
Checkpoint
IBM Power Systems
1. What conclusions regarding potential paging space problems can you

reach based on the following listing?
.I. n
Page
Page Physical
Physical Volume
Volume Size
Size %Used
%Used Active
Active Auto
Auto Type
Type chksum
chksum
Space
Space Volume
Volume Group
Group
.T ció
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 640
640 MB
MB 43%
43% yes
yes yes
yes lv
lv 00
paging00
paging00 hdisk1
hdisk1 rootvg
rootvg 640
640 MB
MB 7%
7% yes
yes yes
yes lv
lv 00
.
paging01
paging01 hdisk1
hdisk1 rootvg
rootvg 160
160 MB
MB 89%
89% yes
yes yes
yes lv
lv 00
C
.F a
C rm
2. True or False: The size of paging00 (in the above example) can be
dynamically decreased.
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Paging
space
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
This lab allows you to add, decrease, monitor, and remove paging space.
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 11. Backup and restore

This unit covers how to back up and restore volume groups and file
systems using the facilities built into the AIX operating system.
.I. n
.T ció
.
• Back up the rootvg volume group using the mksysb utility
C
.F a
• Explain how to restore the operating system using a mksysb
image
C rm
• Explain the role of the image.data and bosinst.data files
• Back up and restore a user defined volume group
• Back up and restore file systems using various utilities
to fo
ec vo
References
oy si

u
management
AIX Version 7.1 Installation and migration
cl

Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
• Explain how to restore the operating system using a
.T ció
mksysb image
• Explain the role of the image.data and bosinst.data
.
files
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Backup introduction
IBM Power Systems
• Why back up?

– Data is very important; expensive to re-create
– Hardware failure
.I. n
– Accidental deletion
.T ció
– Damage due to software installation or hardware repair
– Create a system image for installation cloning
– Long term archive
.
– Disaster recovery
C
Generally handled by
.F a
enterprise backup
• Types of backup: mgmt solutions, for
example TSM
– Volume group
C rm
• mksysb utility which records an image backup of the operating system
• savevg utility which performs a full backup of a user-created VG
– Full
to fo
• Backs up all specified data
– Incremental
• Records changes since previous backups
ec vo

Figure 11-2. Backup introduction AN123.0
Notes:
oy si
Why back up your data?

u
The data on a computer is usually far more important and expensive to replace than the
machine itself. Data loss can happen in many ways. The most common causes are
cl
hardware failure and accidental deletion. AIX provides several ways in which we can
back up and restore data.
Ex
• Volume group backup: AIX provides a mksysb utility which creates a back up
image of the operating system (that is, the root volume group) and the savevg
utility to backup user defined volume groups. It is very important that regular
mksysb backups are created as they allow us to reinstall a system to its original
pr
state if it has been corrupted. If you create the backup on external media, for
example tape, the media is bootable and includes the installation programs
needed to install from the backup.
• Full backup: A full backup (sometimes referred to as level 0 backup) will back
up all files and directories in the specified location. AIX provides the backup
Student Notebook
command and several standard UNIX utilities for performing a full backup such
as tar, cpio and pax.
• Incremental backup: An incremental backup, backs up all the files which have
changed since the last full or incremental backup. The backup command on AIX
is capable of providing this functionality.
AIX (and Unix) systems are often deployed in high performance, fault tolerant, 24x7
mission critical environments. As a result of this, often enterprise backup solutions are
.I. n
deployed, like IBM Tivoli Storage Manager (TSM) for System Backup and Recovery
.T ció
(Sysback). TSM for Sysback is designed to provide centralized, automated data
protection that can help reduce the risks associated with data loss while also helping to
reduce complexity, manage costs, and address compliance with regulatory data
.
retention requirements. TSM for Sysback is outside the scope of this class.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
System image backup

IBM Power Systems
• Backs up rootvg only using the mksysb command.
• Unmounted file systems are not backed up.
.I. n
• If device selected is tape, bootable tape is created in backup
.T ció
format.
.
• Can be completed over a network to a NIM server.
C
.F a
• Provides facilities for a non-interactive installation.
C rm
• Saves system-created paging space definitions.
• Saves LV policies and file system attributes.
to fo
• There should be minimal user and application activity.
ec vo

Figure 11-3. System image backup AN123.0
Notes:
oy si
The mksysb utility provides the following functions:

u
• Saves the definition of the paging space

• Provides a non-interactive installation that gives information required at installation time
cl
through a data file

• Saves the inter-disk and intra-disk policies for the logical volumes
• Saves map files for logical volumes, if requested by the user
Ex
• Provides the ability to shrink the file system and logical volume in a volume group at
system installation or mksysb recovery time
• Saves the file system characteristics
• Allows the user to restore single or multiple files from a system image
pr
The volume group image is saved in backup format.

System backup or clone?
If the mksysb command is used for to backup the source system, it is considered a
system backup. However, if the intent of the backup is to provide a customized system
Student Notebook
for use on other machines, the mksysb is considered a clone. Cloning means
preserving either all or some of a system's customized information for use on a different
machine. During install, the default option is Enable System Backups to install any
system = Yes. This means that mksysb files are not system specific. Otherwise, if the
mksysb by itself, is used to clone a machine or LPAR that is not a hardware clone, it
may not work, as it cannot provide support for hardware devices unique to the new
machine or LPAR. For example, loading a mksysb image made from a physical
.I. n
machine will not install correctly on a virtual LPAR because they use different AIX
filesets. However, this is an easy problem to resolve. In addition to the mksysb, you
.T ció
also need to boot using the AIX installation media to provide the filesets needed by the
other machine or LPAR. If using a NIM server, a bosinst.data file must be defined with
the option INSTALL_DEVICES_AND_UPDATES = yes and the lppsource allocated to the
.
client machine, must also have all the possible device support.
C
.F a
Non-interactive installation
If a system backup is being made to install another system or to reinstall the existing
C rm
system, a customer can predefine installation information so questions at installation
time are already answered. This keeps user interaction at the target node to a
minimum. The system backup and BOS install, interact through several files. The
mksysb saves the data, used by the installation, through taking a snapshot of the
to fo
current system, and its customized state.
System backup components
The components provided as part of the system backup utility, are packaged in the
ec vo
bos.sysmgt.sysbr package.
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Creating a mksysb image

IBM Power Systems
• smit mksysb /usr/bin/mksysb -i /backups/my_mksysb

Back
Back Up
Up the
the System
System
.I. n
Backup
Backup DEVICE
DEVICE or
or FILE
FILE [/backups/my_mksysb]
[/backups/my_mksysb]
/Create
/Create MAP
MAP files?
files? no
no
.T ció
EXCLUDE
EXCLUDE files?
files? no
no
List
List files
files as
as they
they are
are backed
backed up?
up? no
no
Verify Back up to tape, for
Verify readability
readability if
if tape
tape device?
device? no
no example /dev/rmt0
Generate
Generate new
new /image.data
/image.data file?
file? yes
yes is also popular.
.
EXPAND
EXPAND /tmp
/tmp if
if needed?
needed? no
no
Disable
Disable software
software packing
packing ofof backup?
backup? no
no
C
Backup extended attributes?
Backup extended attributes? yes
yes
.F a
Number
Number of
of BLOCKS
BLOCKS to
to write
write inin aa single
single output
output []
[]
(Leave
(Leave blank
blank to
to use
use aa system
system default)
default)
Location
Location of
of existing
existing mksysb
mksysb image []
C rm
image []
File
File system
system to
to use
use for
for temporary
temporary work
work space
space []
[]
(If
(If blank,
blank, /tmp
/tmp will
will be
be used.)
used.)
Backup
Backup encrypted
encrypted files?
files? yes
yes
Back
Back up
up DMAPI
DMAPI filesystem
filesystem files?
files? yes
yes ++
to fo
• SMIT also provides facilities to do a system backup to CD and
DVD, see smit sysbackup
ec vo

Figure 11-4. Creating a mksysb image AN123.0
Notes:
oy si
Introduction
u
The SMIT screen shown in the visual, Back Up the System, performs a a mksysb
operation and only backs up mounted file systems in rootvg.
cl
Create MAP files?

This option generates a layout mapping of the logical-to-physical partitions for each
Ex
logical volume in the volume group. This mapping is used to allocate the same
logical-to-physical partition mapping when the image is restored.
EXCLUDE files?
pr
This option excludes the files and directories listed in the /etc/exclude.rootvg file from
the system image backup.
List files as they are backed up?
Change the default to see each file listed as it is backed up. Otherwise, you see a
percentage-completed progress message while the backup is created.
Student Notebook
Verify readability if tape device?

Verifies the file header of each file on the backup tape, and reports any read errors as
they occur.
Generate new /image.data file?
If you have already generated a new /image.data file and don't want a new file created,
change the default to no. The default value is yes (-i flag) on the command line.
.I. n
EXPAND /tmp if needed?
.T ció
Choose yes if the /tmp file system can automatically expand if necessary during the
backup.
Disable software packing of backup?
.
C
The default is no, which means the files are packed before they are archived to tape.
.F a
Files that cannot be compressed are placed in the archive as is. Restoring the archive
automatically unpacks the files packed by this option. If the tape drive you are using
C rm
provides packing or compression, set this field to yes.
Backup extended attributes?
By default, the mksysb, savevg, and backup utilities save any extended attributes. If
to fo
you plan to restore to a back-level system which does not understand the format with
extended attributes, then this option allows you to override that default behavior.
Number of BLOCKS to write in a single output
ec vo
This specifies the number of 512 bytes to write in a single output operation, referred to
as the block size. If a number is not specified, the backup command uses a default
value appropriate for the physical device selected. Larger values result in larger
physical transfers to tape devices. The block size must be a multiple of the physical
oy si
block size of the device being used.

Location of existing mksysb image
u
Specifies the full path name to the location of a previously-created mksysb image that
can be used to create a bootable tape backup.
cl
File system to be used for temporary work space

Ex
Specifies the full path name to the location of a directory or file system to be used as
temporary space to create a bootable tape backup. The file system used must have at
least 100 MB of available free disk space for the creation of the bootable image. If this
field is left blank, the /tmp file system is used.
pr
Back up encrypted files?

Specifies if encrypted files should be backed up. AIX 6.1 introduces the ability to
encrypt files on a per file basis without the need of third party tools.
Back up DMAPI file system files?
Specifies if DMAPI file system files are to be backed up.
V8.2
Student Notebook
Uempty
image.data file
IBM Power Systems
• The image.data file contains information describing the image installed

during the BOS installation process. This includes:
– Sizes, names, maps, and mount points of logical volumes and file systems in
.I. n
the root volume group
.T ció
• It is a large file arranged in stanza format
– Is not recommended that the user modify the file, apart from the shrink field
.
• New image.data can be created during a mksysb operation or by
C
calling the mkszfile command.
.F a
image_data:
image_data:
IMAGE_TYPE=
IMAGE_TYPE= bff
bff
C rm
DATE_TIME=
DATE_TIME= Mon
Mon 20
20 Oct
Oct 17:54:07
17:54:07 2008
2008
UNAME_INFO=
UNAME_INFO= AIX neo
AIX neo 11 66 00CBE2FE4C00
00CBE2FE4C00
PRODUCT_TAPE= no
PRODUCT_TAPE= no
USERVG_LIST=
USERVG_LIST=
PLATFORM=
PLATFORM= chrp
chrp The SHRINK field can be
OSLEVEL=
OSLEVEL= 6.1.1.0
6.1.1.0
OSLEVEL_R=
set to yes.
OSLEVEL_R= 6100-01
6100-01
CPU_ID=
CPU_ID= 00CBE2FE4C00
to fo
00CBE2FE4C00
LPAR_ID=
LPAR_ID= 44
logical_volume_policy:
logical_volume_policy:
SHRINK=
SHRINK= no
no
EXACT_FIT=
EXACT_FIT= no
no
ec vo

Figure 11-5. image.data file AN123.0
Notes:
oy si
The image.data file contains information describing the image installed during the BOS
installation process. This information includes the sizes, names, maps, and mount points of
u
logical volumes and file systems in the root volume group. The mkszfile command
generates the image.data file. It is not recommended that the user modify the file.
cl
Changing the value of one field without correctly modifying any related fields, can result in
a failed installation, and a corrupted backup image. The only exception to this
Ex
recommendation is the SHRINK field, which the user may modify to instruct the BOS
installation routines to create the file systems as specified in the image.data file, or to
create the file systems only as large as is required to contain all the data in the file system.
The BOS installation process also takes input from the image.data file regarding defaults
pr
for the machine being installed. Any default values in the image.data file will override
values obtained when the BOS installation queries the hardware topology and existing root
volume group. The image.data file resides in the / directory.
To create a mksysb backup image with a customized image.data file:
• Create a new image.data file: # mkszfile.
Student Notebook
• Edit the image.data file as appropriate.

• Create mksysb with the customized image.data file: # mksysb /backup/my_mksysb.
This file is part of System Backup and BOS Install Utilities.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
bosinst.data file
IBM Power Systems
• Defines defaults for variables controlling an installation

• Can be used to created non-prompted installations
• Key options below, for a full description see:
.I. n
– /usr/lpp/bosinst/bosinst.template.README
control_flow:
.T ció
control_flow:
CONSOLE
CONSOLE == Default
Default ALT_DISK_INSTALL_BUNDLE = no
INSTALL_METHOD
INSTALL_METHOD == overwrite
overwrite GRAPHICS_BUNDLE = yes
PROMPT
PROMPT == no
no MOZILLA_BUNDLE = no
EXISTING_SYSTEM_OVERWRITE
EXISTING_SYSTEM_OVERWRITE == yes
yes KERBEROS_5_BUNDLE = no
.
INSTALL_X_IF_ADAPTER
INSTALL_X_IF_ADAPTER == nono SERVER_BUNDLE = yes
RUN_STARTUP
RUN_STARTUP == yes
yes
C
ALT_DISK_INSTALL_BUNDLE = no
RM_INST_ROOTS
RM_INST_ROOTS == no
no
.F a
ERROR_EXIT
ERROR_EXIT == locale:
CUSTOMIZATION_FILE
CUSTOMIZATION_FILE == SCREEN
SCREEN BOSINST_LANG = en_US
TCB
TCB == no
no CULTURAL_CONVENTION = en_GB
C rm
INSTALL_TYPE
INSTALL_TYPE == MESSAGES = en_US
BUNDLES
BUNDLES == KEYBOARD = en_GB
SWITCH_TO_PRODUCT_TAPE
SWITCH_TO_PRODUCT_TAPE ==
RECOVER_DEVICES
RECOVER_DEVICES == nono target_disk_data:
BOSINST_DEBUG
BOSINST_DEBUG == no
no PVID =
ACCEPT_LICENSES
ACCEPT_LICENSES == PHYSICAL_LOCATION =
DESKTOP
DESKTOP == CDE
CDE CONNECTION =
to fo
INSTALL_DEVICES_AND_UPDATES
INSTALL_DEVICES_AND_UPDATES == yes
yes LOCATION =
IMPORT_USER_VGS
IMPORT_USER_VGS == SIZE_MB =
ENABLE_64BIT_KERNEL
ENABLE_64BIT_KERNEL == Default
Default HDISKNAME = hdisk0
CREATE_JFS2_FS
CREATE_JFS2_FS == yes
yes
ALL_DEVICES_KERNELS
ALL_DEVICES_KERNELS == nono
ec vo

Figure 11-6. bosinst.data file AN123.0
Notes:
oy si
/bosinst.data file
u
This file enables the administrator to specify the requirements at the target system and how
the user interacts with the target system. It provides flexibility by allowing unattended
cl
installations. The system backup utilities simply copy the /bosinst.data into the second file
on the mksysb tape. If this file is not in the root directory, the
/usr/lpp/bosinst/bosinst.template is copied to the /bosinst.data.
Ex
Key fields (highlight in the visual):

• PROMPT: Will determine if the installation is to be prompted (yes) or non-prompted (no)
• INSTALL_DEVICES_AND_UPDATES: When installing a mksysb image to a system with a
pr
different hardware configuration, boot from product media to get any missing device
drivers installed. In addition, if the product media is a later level of AIX than the mksysb,
software in the mksysb image will be updated. To prevent either of these additional
installations from occurring, set this field to no. The default is yes.
Student Notebook
• INSTALL_METHOD: Specifies a method of installation: migrate, preserve,

erase_only, or overwrite
• CREATE_JFS2_FS: Specifies whether you want to create enhanced journaled file
systems. The choices are yes and no
• ALL_DEVICES_KERNELS: Specifies whether to install all device and kernel filesets
The choices are yes and no. If you select no, your system will be installed with the
devices and kernel specific to your system configuration. If you select yes, when you
.I. n
create a system backup of your system, you can use that system backup to install any
.T ció
system.
• LOCALE STANZA: Will determine:
- The language to use during installation
.
C
- Primary cultural convention to use after reboot
.F a
- Primary message catalogs to use after reboot
C rm
- Keyboard map to use after reboot
• TARGET DISK STANZA: Will determine where to create the root volume group.
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
mksysb tape image format

IBM Power Systems
Blocksize = Blocksize = Blocksize = Tape drive

512 512 512 blocksize
.I. n
BOS boot mkinsttape dummy rootvg
image image backup image
.T ció
.toc
1st Section 2nd Section 3rd Section 4th Section
0 1 2 3
.
C
.F a
Kernel ./image.data Dummy TOC Backup
device drivers ./bosinst.data by name
./tapeblksz
C rm
• To list files in the backup image on a mksysb:
– lsmksysb –f /dev/rmt0
to fo
• To restore individual files from the mksysb:
– restorevgfiles –f /dev/rmt0 ./etc/inittab
ec vo

Figure 11-7. mksysb tape image format AN123.0
Notes:
oy si
This visual shows the tape layout of a mksysb image.

u
BOS boot image

The BOS boot image contains a copy of the system's kernel and device drivers needed
cl
to boot from the tape.

mkinsttape image
Ex
The mkinsttape image contains the following files:

• ./image.data holds the information needed to re-create the root volume group
and its logical volumes and file systems.
pr
• ./bosinst.data contains the customizable installation procedures and dictates

how the BOS installation program behaves. This file allows for the
non-interactive installations.
• ./tapeblksz contains the block size setting of the tape drive used during the
backup. This applies to the files in the fourth section.
Student Notebook
Dummy TOC
The dummy TOC is used to make mksysb tapes have the same number of files as the
BOS installation tapes.
rootvg backup image
The rootvg backup image contains all the data from the backup. This data is saved
using the backup command which is discussed shortly
.I. n
• Listing and extracting files in a tape mksysb image
.T ció
The easiest way to list files or to restore individual files from any media (tape or optical)
is to use the generic list and restore commands:
- # lsmksysb -f <device> , where <device> might be /dev/rmt0 or /dev/cd0.
.
C
- # restorevgfiles -f <device> <file name>,
.F a
• <device> might be /dev/rmt0 or /dev/cd0.
C rm
• <file> can be one of more files such as ./etc/inittab
For tape specific restores, a combination of tape control and AIX file system restore
commands can be used:
to fo
- # tctl -f /dev/rmt0 rewind
- # tctl -f /dev/rmt0.1 fsf 3
- # restore -Tvf /dev/rmt0
ec vo
OR
- restore -Tv –s4 -f /dev/rmt0
The tctl command can be used to rewind and fast forward the tape to the start of the
oy si
fourth section (third tape mark). Then, the restore command, as shown in the
example can be used to extract (-x) or list (-T) files on the tape. Alternatively, if the
tape is already rewound, then the restore command can be used directly to extract
u
files from the fourth section (-s4).

cl
For further information regarding tape manipulation, see the tctl man page.
Ex
pr
V8.2
Student Notebook
Uempty
Restoring a mksysb: From tape device (1 of 2)

IBM Power Systems
• Using the SMS menus, boot the system from the tape device.
• Restore mksysb image from the device, that is, tape
.I. n
(/dev/rmt0), as follows:
.T ció
Welcome
Welcome to
to Base
Base Operating
Operating System
System
Installation
Installation and
and Maintenance
Maintenance
11 Start
Start Install
Install Now
Now With
With Default
Default Settings
Settings
.
22 Change/Show
Settings and
and Install
Install
>> 3 Start Maintenance Mode for System Recovery
C
>> 3 Start Maintenance Mode for System Recovery
.F a
44 Configure
Configure Network
Network Disks
Disks (iSCSI)
(iSCSI)
C rm
11 Access
Access AA Root
Root Volume
Volume Group
Group
22 Copy
Copy a System Dump to
a System Dump to Removable
Removable Media
Media
33 Access
Access Advanced
Advanced Maintenance
Maintenance Functions
Functions
44 Erase
Erase Disks
Disks
>>
>> 66 Install
Install from
from aa System
System Backup
Backup
to fo
Tape
Tape Drive
Drive Path
Path Name
Name
>>
>> 11 tape/scsi/4mm/2GB
tape/scsi/4mm/2GB/dev/rmt0
/dev/rmt0
ec vo

Figure 11-8. Restoring a mksysb: From tape device (1 of 2) AN123.0
Notes:
oy si
Start a mksysb restoration

u
To restore a mksysb image from tape, boot the machine into SMS just as if you were
performing an installation. As shown previously in the installation unit, select the device to
cl
boot from (in this case tape). Then, insert the mksysb tape and start the machine or LPAR.
The machine boots from the tape and prompts you to define the console and select a
language for installation. Once you have answered those questions, then the Installation
Ex
and Maintenance menu is presented.

You can also boot from installation media which presents the same screens. Just be sure to
put the mksysb tape in the tape drive before answering the last question.
pr
Student Notebook
Restoring a mksysb: From tape device (2 of 2)

IBM Power Systems
Welcome
Welcome to
to Base
Base Operating
Operating System
System
Installation
Installation and
and Maintenance
Maintenance
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter. Choice
Choice is
is indicated
indicated by
by >>.
>>.
.I. n
11 Start
Start Install
Install Now
Now With
With Default
Default Settings
Settings
>>
>> 22 Change/Show
Settings and
and Install
Install
33 Start
Start Maintenance
Maintenance Mode
Mode for
for System
System Recovery
Recovery
.T ció
44 Configure
Configure Network
Network Disks
Disks (iSCSI)
(iSCSI)
System
System Backup
Backup Installation
Installation and
and Settings
Settings
.
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter.
C
11 Disk(s)
Disk(s) where
where you
you want
want to
to install
install hdisk0
.F a
hdisk0
Use Maps
Use Maps No
No
22 Shrink
Shrink Filesystems
Filesystems No
No
C rm
00 Install
Install with
with the
the settings
settings listed
listed above
above
Installing
Installing Base
Base Operating
Operating System
System
Please
Please wait...
wait...
to fo
Approximate
Approximate Elapsed
Elapsed time
time
%% tasks
tasks complete
complete (in
(in minutes)
minutes)
33 00 Making
Making logical
logical volumes
volumes
ec vo

Figure 11-9. Restoring a mksysb: From tape device (2 of 2) AN123.0
Notes:
oy si
Changing installation settings

u
From the Installation and Maintenance menu, select option 2, Change/Show

Installation Settings and Install.
cl
(Not all menu options are shown, due to format space limitations)
The options from the System Backup and Installation and Settings menu are:
Ex
1 Disk(s) where you want to install

- Select disks where you want to install.
Use Maps
pr
- The option Use Maps lets you choose whether to use the map files created (if you
created any) during the backup process of the mksysb tape. The default is no. If the
selected disks do not have map files, then this option would not be available.
2 Shrink Filesystems
V8.2
Student Notebook
Uempty - The option Shrink Filesystems installs the file systems using the minimum required
space. The default is no. If yes, all file systems in rootvg are shrunk. So remember
after the restore, evaluate the current file system sizes. You might need to increase
their sizes.
0 Install with the settings listed above
- At the end, select option 0 which installs using the settings selected. Your mksysb
image is restored.
.I. n
The system then reboots.
.T ció
Additional options that you might see are:
Import User Volume Groups
.
- You have the option to have user volume groups imported after the installation
C
.F a
completes. The default is Yes.
Recover devices
C rm
- BOS installation program attempts to recreate the devices the same way they were
on the machine the mksysb was created on. This is normal procedure for regular
mksysb restores on the same system. However, for cloning (installing the mksysb
image on another system), you may not want these devices configured this way,
to fo
especially for network configuration. The default is Yes.
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Restoring a mksysb: From a NIM server (1 of 2)

IBM Power Systems
• Restore a mksysb image from a NIM server using the SMS

menu.
.I. n
– Note: NIM server configuration is covered in the AN22 NIM course.
PowerPC
PowerPC Firmware
.T ció
Firmware
Version
Version SF240_338
SF240_338
SMS
SMS 1.6
1.6 (c)
(c) Copyright
Copyright IBM
IBM Corp.
Corp. 2000,2005
2000,2005 All
All rights
rights reserved.
reserved.
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
.
Main
Main Menu
Menu
1. Select
Select Language
C
1. Language
2. Setup
Setup Remote
Remote IPL
IPL (Initial
(Initial Program
Program Load)
Load) #then
#then select
select the
the adapter
adapter && IP
.F a
2. IP
Parameters
Parameters
3.
3. Change
Change SCSI
SCSI Settings
Settings
C rm
4.
4. Select
Select Console
Console
5.
5. Select
Select Boot
Boot Options
Options
IP Enter client and NIM

IP Parameters
Parameters server IP details.
Interpartition
Interpartition Logical
Logical LAN:
LAN: U9113.550.65F2E7F-V9-C3-T1
U9113.550.65F2E7F-V9-C3-T1
to fo
1.
1. Client IP Address
Client IP Address [10.47.1.21]
[10.47.1.21]
2.
2. Server
Server IP
IP Address
Address [10.47.1.33]
[10.47.1.33]
3.
3. Gateway
Gateway IP
IP Address
Address [000.000.000.000]
[000.000.000.000]
4.
4. Subnet
Subnet Mask
Mask [255.255.0.0]
[255.255.0.0]
ec vo

Figure 11-10. Restoring a mksysb: From a NIM server (1 of 2) AN123.0
Notes:
oy si
First, the resources (mksysb image, bosinst.data, SPOT) have to be allocated to the client
on the NIM server and the NIM server must run a bosinst operation on your client machine.
u
This is covered in the NIM course, AN22.

cl
Next, boot the client into SMS mode and select option 2, Setup Remote IPL. This option
allows us to define the network parameters of the NIM server and client. Once the IPL
details have been entered, press ESC to return to the main menu.
Ex
pr
V8.2
Student Notebook
Uempty
Restoring a mksysb: From NIM server (2 of 2)

IBM Power Systems
• Return to main menu, by selecting option 5 Boot Options. Then select the following:
– 1. Select Install/Boot Device
– 6. Network -- followed by the network adapter to the boot from
.I. n
– 2. Normal Mode Boot
– 1. Yes -- to exit System Management Services
.T ció
BOOTP:
BOOTP: chosen-network-type
chosen-network-type == ethernet,auto,none,auto
ethernet,auto,none,auto BOOTP R = 1 BOOTP S = 2
BOOTP: server FILE: /tftpboot/alex.lpar.co.uk
BOOTP: server IP IP == 10.47.1.33
10.47.1.33
BOOTP: requested FINAL Packet Count = 27900
BOOTP: requested filename
filename == FINAL File Size = 14284288 bytes.
.
BOOTP:
BOOTP: client
client IP =
IP = 10.47.1.21
10.47.1.21 load-base=0x4000
BOOTP: client
client HW HW addr
addr == ea
ea 48
48 f0
f0 00 90
90 33
C
BOOTP: real-base=0x2000000
.F a
BOOTP:
BOOTP: gateway
gateway IPIP == 0.0.0.0
0.0.0.0
BOOTP:
BOOTP: device
device /vdevice/l-lan@30000003
/vdevice/l-lan@30000003
BOOTP:
BOOTP: loc-code
loc-code U9113.550.65F2E7F-V9-C3-T1
U9113.550.65F2E7F-V9-C3-T1 Client issues a bootp request
C rm
to NIM master and downloads
the boot image via TFTP
Installing
Installing Base
Base Operating
Operating System
System
Please
Please wait...
wait...
to fo
Approximate
Approximate Elapsed
Elapsed time
time
%% tasks
tasks complete
complete (in
(in minutes)
minutes)
33 00 Making
Making logical
logical volumes
volumes
ec vo

Figure 11-11. Restoring a mksysb: From NIM server (2 of 2) AN123.0
Notes:
oy si
The visual shows the rest of the steps involved in completing the mksysb restore.
u
This example assumes that the NIM servers was configured to provide a bosint.data file
with PROMPT=NO and all the necessary information provided, Otherwise, the system
cl
console would need to be used to walk through the Install and Maintenance panels shown
on the previous visuals.
Ex
pr
Student Notebook
Creating a backup of a data volume group

IBM Power Systems
• smit savevg /usr/bin/savevg –f /tmp/datavg_bk_svg -i datavg

Back
Back Up
Up aa Volume
Volume Group
Group to
to Tape/File
Tape/File
.I. n
** Backup
Backup DEVICE
DEVICE or
or FILE
FILE [/tmp/datavg_bk_svg]
[/tmp/datavg_bk_svg] +/
+/
** VOLUME
VOLUME GROUP to back
GROUP to back up
up [datavg]
[datavg] ++
.T ció
List
List files
files as
as they
they are
are backed
backed up?
up? no
no ++
Generate
Generate new
new vg.data
vg.data file?
file? yes
yes ++
Create
Create MAP
MAP files?
files? no
no ++
EXCLUDE
EXCLUDE files?
files? no
no ++
.
EXPAND
EXPAND /tmp
/tmp if
if needed?
needed? no
no ++
C
Disable
Disable software
software packing
packing ofof backup?
backup? no
no ++
.F a
Backup
Backup extended
extended attributes?
attributes? yes
yes ++
Number
Number of
of BLOCKS
BLOCKS to
to write
write in
in aa single
single output
output []
[] ##
(Leave
(Leave blank to use a system default)
blank to use a system default)
C rm
Verify
Verify readability
readability ifif tape
tape device?
device? no
no ++
Back
Back up
up Volume
Volume Group
Group information
information files
files only?
only? no
no ++
Back
Back up
up encrypted
encrypted files?
files? yes
yes ++
Back
Back up
up DMAPI
DMAPI filesystem
filesystem files?
files? no
no ++
to fo
• SMIT also provides facilities to do a VG backup to CD and DVD
(smit vgbackup).
ec vo

Figure 11-12. Creating a backup of a data volume group AN123.0
Notes:
oy si
To back up non-rootvg volume groups, use smit savevg or smit savevg. The parameters
are virtually identical to creating a mksysb image.
u
The savevg command finds and backs up all files belonging to a specified volume group.
cl
The volume group must be varied-on, and the file systems must be mounted. The savevg
command uses the data file created by the mkvgdata command. This data file can be one
of the following:
Ex
• /tmp/vgdata/vgname/<vgname>.data
Contains information about a user volume group. The <vgname> variable reflects the
name of the volume group. The savevg command uses this file to create a backup
pr
image that can be used by the restvg command to remake the user volume group.
V8.2
Student Notebook
Uempty
Restoring a backup of a data volume group

IBM Power Systems
• smit restvg /usr/bin/restvg -q –f /tmp/datavg_bk_svg

Remake
Remake aa Volume
Volume Group
Group
.I. n
** Restore
Restore DEVICE
DEVICE or
or FILE
FILE [/tmp/datavg_bk_svg]
[/tmp/datavg_bk_svg] +/
+/
SHRINK the filesystems?
SHRINK the filesystems? no
no ++
.T ció
Recreate
Recreate logical
logical volumes
volumes and
and filesystems
filesystems only?
only? no
no ++
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names []
[] ++
(Leave
(Leave blank
blank to
to use
use the
the PHYSICAL
PHYSICAL VOLUMES
VOLUMES listed
listed
in
in the vgname.data file in the backup image)
the vgname.data file in the backup image)
.
Use
Use existing
existing MAP
MAP files?
files? yes
yes ++
C
Physical
Physical partition
partition SIZE
SIZE in
in megabytes
megabytes []
[] +#
+#
.F a
(Leave
(Leave blank
blank to
to have
have the
the SIZE
SIZE determined
determined
based on disk size)
based on disk size)
Number
Number of
of BLOCKS
BLOCKS to
to read
read in
in aa single
single input
input []
[] ##
C rm
(Leave
(Leave blank
blank to
to use
use aa system
system default)
default)
Alternate
Alternate vg.data
vg.data file
file []
[] //
(Leave
(Leave blank
blank to
to use
use vg.data
vg.data stored
stored in
in
backup image)
backup image)
to fo
• Prior to restoring the VG
– Unmount all file systems which are part of that VG.
– Vary off and export the volume group.
ec vo

Figure 11-13. Restoring a backup of a data volume group AN123.0
Notes:
oy si
The visual shows the process of restoring a non-rootvg volume group. Standard out from
the smit screen is shown below:
u
cl
Ex
pr
Student Notebook
COMMAND STATUS
Command: OK stdout: yes stderr: no
Before command completion, additional instructions may appear below.
Will create the Volume Group: datavg
Target Disks: hdisk1
Allocation Policy:
.I. n
Shrink Filesystems: no
Preserve Physical Partitions for each Logical Volume: no
.T ció
datavg
loglv01
fslv00
.
New volume on /tmp/datavf_bk_svg:
C
Cluster size is 51200 bytes (100 blocks).
.F a
The volume number is 1.
The backup date is: Mon 20 Oct 20:29:05 2008
C rm
Files are backed up by name.
The user is root.
x 11 ./tmp/vgdata/datavg/image.info
x 127 ./tmp/vgdata/vgdata.files598152
x 127 ./tmp/vgdata/vgdata.files
to fo
x 2444 ./tmp/vgdata/datavg/filesystems
x 2481 ./tmp/vgdata/datavg/datavg.data
x 340 ./tmp/vgdata/datavg/backup.data
x 0 ./data
ec vo
x 0 ./data/lost+found
x 1024 ./data/file1
x 1024 ./data/file2
x 1024 ./data/file3
oy si
The total size is 5530 bytes.

The number of restored files is 11.
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Traditional UNIX and AIX backup commands

IBM Power Systems
• AIX
– Backup and restore
.I. n
• Other popular backup, restore commands across UNIX
.T ció
platforms:
– tar
.
C
– cpio
.F a
– pax
C rm
– dd
• Compression utilities
to fo
– Compress, restore using uncompress or zcat
– gzip, restore using gunzip
ec vo

Figure 11-14. Traditional UNIX and AIX backup commands AN123.0
Notes:
oy si
u
cl
Ex
pr
Student Notebook
Backup by filename and restore

IBM Power Systems
• File names are read from standard input.

## cat
cat listfile
listfile
.I. n
/home/aix/file1
/home/aix/file1
/home/aix/file2
/home/aix/file2
.T ció
Absolute paths
/home/aix/file3
/home/aix/file3
## backup
backup -iqvf
-iqvf /dev/rmt0
/dev/rmt0 << listfile
listfile
.
Relative paths
C
## find
find /home/aix
/home/aix || backup
backup -iqvf
-iqvf /dev/rmt0
/dev/rmt0
.F a
## cd
cd /home/aix
/home/aix
C rm
## find
find .. || backup
backup -iqvf
-iqvf /backup/aix.backup
/backup/aix.backup List files
## restore
restore -Tvf
-Tvf /backup/aix.backup
/backup/aix.backup
Extract (restore)
files
to fo
## restore
restore -xvf
-xvf /backup/aix.backup
/backup/aix.backup
## restore
restore -xvf
-xvf /tmp/aix.backup
/tmp/aix.backup ./file1
./file1 Extract individual
file
ec vo

Figure 11-15. Backup by filename and restore AN123.0
Notes:
oy si
The backup command

The backup command is a useful command for making backups of AIX files and
u
directories. backup supports two different methods:

• Backup by filename
cl
• Backup by i-node (also call a file system backup)

When performing a backup by filename, the files must be in a mounted file system to be
Ex
backed up. Backup by i-node, backs up file systems when they are unmounted.
Note: Relative versus full file names will impact the location of files on recovery!
Popular backup flags
• -q: Media is ready
• -i: Specifies that files be read from standard input and archived by file name.
pr
• -v: Verbose - display filenames during backup

• -f: Device
Popular restore flags
• -T: List files
• -x: Extract files
For further information see the man pages.
V8.2
Student Notebook
Uempty
Backup and restore by inode

IBM Power Systems
• Only supported if file systems are unmounted! Full backup
## backup
backup -u
-u -0
-0 -f
-f /tmp/databkup_21Oct_level0
/tmp/databkup_21Oct_level0 /data
/data
.I. n
## backup
backup -u
-u -1
-1 -f
-f /tmp/databkup_21Oct_level1
/tmp/databkup_21Oct_level1 /data
/data
.T ció
## cat
cat /etc/dumpdates
/etc/dumpdates
/dev/rfslv00
/dev/rfslv00 11 Tue
Tue Oct
Oct 21
21 15:45:21
15:45:21 2008
.
2008
Incremental backup
/dev/rfslv00
/dev/rfslv00 00 Tue
Tue Oct
Oct 21
21 15:40:54
15:40:54 2008
C
2008
.F a
Backup history
C rm
## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level0
/tmp/databkup_21Nov_level0
## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level1
/tmp/databkup_21Nov_level1
to fo
Must restore first to the last level 0
then followed by each incremental…
ec vo

Figure 11-16. Backup and restore by inode AN123.0
Notes:
oy si
Backup by inode is useful for performing full (level 0) and incremental backups of file
systems. Backup by inode should only be completed when the filesystem is unmounted!
u
Note: The command will complete if the filesystem is in use, but the following warning
message is displayed, Backup: 0511-251 The file system is still mounted; data
cl
may not be consistent.

Popular backup by inode flags
Ex
• -u: update /etc/dumpdates will backup transaction history

• -0-9: backup level, 0 is full, 1...9 represents incremental change since level n-1
• -f: device
Popular restore by inode flags
pr
• -r: restore files

For further information see the man pages.
When restoring file system archives, the restore command creates and uses a file named
restoresymtable. This file is created in the current directory. The file is necessary for the
restore command to do incremental file system restores. Do not remove the
restoresymtable file if you perform incremental file system backups and restores.
Student Notebook
tar command
IBM Power Systems
• tar is derived from tape archive

– Create a tar backup (-c)
.I. n
## tar
tar –cvf
–cvf /dev/rmt0
/dev/rmt0 /home
/home
## tar
tar -cvf
-cvf /backup/home.tar
/backup/home.tar /home
.T ció
/home
– List files in a tar backup (-t)
.
## tar
tar –tvf
–tvf /dev/rmt0
/dev/rmt0
C
.F a
– Extract files from a tar backup (-x)
C rm
## tar
tar –xvf
–xvf /dev/rmt0
/dev/rmt0
– Copying directories and files using tar

to fo
## cd
cd /data
/data
## tar
tar -cf
-cf -- .|
.| (cd
(cd /junk2
/junk2 &&
&& tar
tar xBpf
xBpf -)
-)
ec vo

Figure 11-17. tar command AN123.0
Notes:
oy si
The tar command archives and restores files. tar is most commonly used in tandem with
an external compression utility, since it has no built-in data compression facilities.
u
Here is a list of the commonly used options:

cl
• -c creates a tar backup.

• -x extracts (restores) one or more files from a tar file.
Ex
• -t reads the content of the tar file (verify the backup).

• -v verbose output - displays files as they are backed up and restored.
• -f identifies the file or device holding the tar image.
• -h follows symbolic links.
pr
• -u appends files to an existing archive.

• -p preserves file permissions, ignoring the present umask value.
• -B forces a consistent blocking factor to help ensure this copy is made correctly.
The final .tar file is usually called a tarball.
V8.2
Student Notebook
Uempty
cpio command
IBM Power Systems
• cpio is derived from copy in and out.

– Create a cpio backup (-o)
.I. n
## find
find /home
/home || cpio
cpio –ov
–ov >> /backup/home.bk
/backup/home.bk
.T ció
– List files in a cpio backup (-t)
.
## cpio
cpio -itv
-itv << /backup/home.bk
/backup/home.bk
C
.F a
– Extract files from a cpio backup (-i)
C rm
## cpio
cpio –idv
–idv << /backup/home.bk
/backup/home.bk
– Copy the contents of the current location to /mydir

to fo
## find
find .. -depth
-depth || cpio
cpio -pd
-pd /mydir
/mydir
ec vo

Figure 11-18. cpio command AN123.0
Notes:
oy si
cpio copies file archives in from, or out to tape, disk, or another location on the local
machine.
u
Here is a list of the commonly used options:

cl
• -o command reads file path names from standard input and copies these files to
standard output, along with path names and status information.
Ex
• -i command reads from standard input an archive file created by the cpio -o command
and copies from it the files with names that match the Pattern parameter.
• -p copies files to another directory on the same system.
• -d creates directories as needed.
pr
• -v verbose (print files)
Student Notebook
pax command
IBM Power Systems
• tar and cpio syntax differ slightly between UNIX platforms.

– IEEE addressed this problem with ‘pax’, meaning peace in Latin
.I. n
– Create a pax backup of /home (-w)
.T ció
## pax
pax -wf
-wf /backup/home_pax.ar
/backup/home_pax.ar /home
/home
.
C
.F a
– List files in a pax backup (-v)
C rm
## pax
pax -v
-v –f
–f /backup/home_pax.ar
/backup/home_pax.ar
– Extract files in a pax backup (-r)

to fo
## pax
pax -rvf
-rvf /backup/home_pax.ar
/backup/home_pax.ar
ec vo

Figure 11-19. pax command AN123.0
Notes:
oy si
The pax command extracts, writes, and lists members of archive files; copies files and
directory hierarchies.
u
Rather than sort out the incompatible options that have crept up between tar and cpio,
cl
along with their implementations across various versions of UNIX, the IEEE designed a
new archive utility. Pax means “peace” in Latin, so the utility is named to create peace
between the tar and cpio.
Ex
pr
V8.2
Student Notebook
Uempty
dd command
IBM Power Systems
• The primary purpose of dd is the low-level copying and

conversion of raw data.
.I. n
– Copy tape to tape. Tape1 block size=1KB. Tape2 block size=2KB.
.T ció
## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024
ibs=1024 obs=2048
obs=2048 of=/dev/rmt1
of=/dev/rmt1
– Perform a raw data backup of /home to tape, then restore:
.
C
.F a
## tar
tar -cvf
-cvf -- /home
/home || dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0
## tar
tar -cvf
-cvf -- /home
/home || rsh
rsh <system>
<system> dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0
C rm
## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024k
ibs=1024k || tar
tar xvf
xvf -- Writing to a tape
drive on a remote
machine
to fo
– Convert /etc/passwd from ASCII to EBCDIC:
## dd
dd if=/etc/passwd
if=/etc/passwd of=/etc/passwd.ebcdic
of=/etc/passwd.ebcdic conv=ebcdic
conv=ebcdic
ec vo

Figure 11-20. dd command AN123.0
Notes:
oy si
The dd command reads in standard input or the specified input file, converts it, and then
writes to standard out or the named output.
u
The common options are:

cl
• if= specifies the input file.

• of= specifies the output file.
Ex
• conv= designates the conversion to be done.

Copying specific blocks
The dd command is also useful when you need to copy specific blocks of data. For
pr
example, if a file system’s superblock (stored in the first block of the file system) is corrupt,
a copy is kept at the 31st block. The dd command can copy that 31st block back to the first
to repair the file system. The command is:
# dd count=1 bs=4k skip=31 seek=1 if=/dev/hd4 of=/dev/hd4
Student Notebook
Compression commands (1 of 2)
IBM Power Systems
• Archives created with backup utilities are usually compressed.

– Reduce the size of the backup.
.I. n
– This can be done using a number of utilities, such as compress.
• Examples (using compress, uncompress, and zcat):
.T ció
## compress
compress -v
-v /tmp/data.tar
/tmp/data.tar
.
/tmp/data.tar:
/tmp/data.tar: Compression:
Compression: 95.50%
95.50% This
This file
file is
is replaced
replaced
C
with
with /tmp/data.tar.Z.
/tmp/data.tar.Z.
.F a
C rm
## uncompress
uncompress /tmp/data.tar.Z
/tmp/data.tar.Z
/tmp/data.tar.Z:
/tmp/data.tar.Z: This
This file
file is
is replaced
replaced with
with /tmp/data.tar.
/tmp/data.tar.
to fo
zcat expands a
compressed file to
## zcat
zcat /tmp/data.tar.Z
/tmp/data.tar.Z || tar
tar -xvf
-xvf -- standard out.
ec vo

Figure 11-21. Compression commands (1 of 2) AN123.0
Notes:
oy si
Files which are archived are usually further compressed to reduce their size. Compress,
uncompress and zcat commands are standard commands across UNIX platforms for
u
compressing and uncompressing files.

cl
Ex
pr
V8.2
Student Notebook
Uempty
Compression commands (2 of 2)
IBM Power Systems
• Examples (gzip and gunzip)
## gzip
gzip -v
-v /tmp/data.tar
.I. n
/tmp/data.tar
/tmp/data.tar:
/tmp/data.tar: 97.7%
97.7% --
-- replaced
replaced with
with
.T ció
/tmp/data.tar.gz
/tmp/data.tar.gz
## gunzip
gunzip -v
-v /tmp/data.tar.gz
/tmp/data.tar.gz
.
/tmp/data.tar.gz: 97.7%
97.7% --
-- replaced
replaced with Creates a
C
/tmp/data.tar.gz: with
.F a
/tmp/data.tar
/tmp/data.tar compressed
tarball
(.tar.gz) of the
C rm
## tar
tar -cvf
-cvf -- /data
/data || gzip
gzip -c
-c >> data_tar.gz
data_tar.gz /data directory.
## gunzip
gunzip -c
-c data_tar.gz
data_tar.gz || tar
tar xvf
xvf -- Decompresses
and extracts the
to fo
compressed
tarball (.tar.gz).
ec vo

Figure 11-22. Compression commands (2 of 2) AN123.0
Notes:
oy si
gzip is a software application used for file compression. gzip is short for GNU zip. The
program is very popular and is a free replacement for the compress program which was
u
predominately used in early UNIX systems.

cl
Another popular and free compression utility is bzip2 which is based on a lossless data
compression algorithm. Bzip2 compression is generally more effective than gzip. The
usage of bzip2 and bunzip2 (for decompression) is fairly similar to gzip and gunzip
Ex
respectively.
pr
Student Notebook
Good practices
IBM Power Systems
• Take regular backups.
.I. n
• Verify your backups.
– Check the tape device(s).
.T ció
– Label tapes.
.
• Keep old backups.
C
.F a
C rm
• Keep a copy of the backups securely offsite.
• Test recovery procedures before you have to use them!

to fo
• Consider deploying an enterprise storage management
solution like Tivoli Storage Manager (TSM).
ec vo

Figure 11-23. Good practices AN123.0
Notes:
oy si
• Take regular backups. Always take regular backups of data. The most efficient way of
doing this is through regular automated incremental backups, as done through products
u
like TSM.
cl
• Verify your backups. Always verify your backed up data. Use restore -T (or tar -t) to
view the contents. With mksysb tapes, you can position the tape to the correct marker
and verify the contents without having to restore the data.
Ex
• Check the tape devices. The tapechk command can be used to check a number of
files on a tape. If no argument is specified, then the first block on the tape is checked. If
a number is specified, that number of files are checked. You can also position the tape
pr
before tapechk is run by specifying a second number. For example, tapechk 2.1 reads
two files after skipping past the first file.The tapechk command can be used to detect
malfunctioning hardware.
• Label your tapes. There is no way to know what is on the tape by looking at it. The
label should at least list the tape files, the commands used to create the tape, the date
created, and the block size.
V8.2
Student Notebook
Uempty • Keep old backups. Keep old backups in case something goes wrong with the new
ones.
• Keep a copy of backups securely offsite. Store a set of backups off site in case
something happens to your site.
• Test recovery procedures. Test your recovery procedure before you have to. Know
that you can recover before you have to recover.
.I. n
• Consider deploying an enterprise storage solution. Enterprise storage solutions like
Tivoli Storage Manager provide centralized, automated storage management and data
.T ció
protection. TSM storage management software protects you from the risks of data loss
and helps you reduce complexity, manage costs, and address compliance with data
retention and availability requirements.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Checkpoint
IBM Power Systems
1. What is the difference between the following two commands?

a. find /home/fred | backup -ivf /dev/rmt0
.I. n
b. cd /home/fred; find . | backup -ivf /dev/rmt0
.T ció
2. On a mksysb tape, what command would you use to restore
individual files from a mksysb tape?
.
C
.F a
3. True or False: smit mksysb backs up all file systems,
C rm
provided they are mounted.
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Backup and restore
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
• Explain how to restore the operating system using a
mksysb image
.
C
• Explain the role of the image.data and bosinst.data
.F a
files
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 12. Security and user administration: Part one

This unit describes the key concepts related to AIX security and user
administration.
.I. n
.T ció
.
• Define the concepts of users and groups, and explain how and
C
when these should be allocated on the system
.F a
• Describe ways of controlling root access on the system
C rm
• Explain the uses of SUID, SGID, and SVTX permission bits
• Administer user accounts and groups
to fo
ec vo
References
oy si

SG24-7424 AIX 7.1 Advanced Security Features: Introduction and
u
Configuration (Redbook)
cl

Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-1
Student Notebook
Unit objectives
IBM Power Systems

• Define the concepts of users and groups, and explain how
.I. n
and when these should be allocated on the system
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty 12.1.Security and user concepts
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Security and user concepts

IBM Power Systems
After completing this topic, you should be able to:

• Understand user accounts and groups
.I. n
• Describe the role of RBAC
.T ció
• Understand and apply file permissions
– Including the role of the umask parameter
.
• Change file ownership and group assignment
C
.F a
C rm
to fo
ec vo

Figure 12-2. Security and user concepts AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
User accounts
IBM Power Systems
• Each user has a unique name, numeric ID, and password.

• File ownership is determined by a numeric user ID.
.I. n
• The owner is usually the user who created the file, but
.T ció
ownership can be transferred by root.
• Default users:
.
– root Superuser
C
.F a
– adm, sys, bin, ... IDs that own system files but
cannot be used for login
C rm
## id
id
uid=0(root)
uid=0(root) gid=0(system)
gid=0(system)
to fo
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
ec vo

Figure 12-3. User accounts AN123.0
Notes:
oy si
Importance of user accounts

u
The security of the system is based on a user being assigned a unique name, a unique
user ID (UID) and password, and a primary group ID (GID). When the user logs in, the
cl
UID is used to validate all requests for file access. The UID, associated groups, and
GIDs can be seen by the id command.
Ex
File ownership
When a file is created, the UID associated with the process that created the file is
assigned ownership of the file. Only the owner or root can change the access
permissions.
pr
Automatically created user accounts

There are several user accounts automatically created. root, for example, is one. Some
user accounts are not made for login but only to own certain files. adm, sys, and bin
are examples of that type of account.
Student Notebook
Controlling access to the root account

IBM Power Systems
• root’s password:
– Carefully guard
.I. n
– Non-trivial passwords
– Changed on an unannounced schedule
.T ció
• Assign different root passwords to different machines.
.
• Always log in as an ordinary user first and then su to root
C
instead of logging in as root.
.F a
– audit trail in /var/adm/sulog
C rm
– Enforce use of the su method to use root authority:
## chuser
chuser login=false
login=false su=true
su=true sugroup=system
sugroup=system root
root
to fo
• Do not include unsecured directories in root's PATH.
ec vo

Figure 12-4. Controlling access to the root account AN123.0
Notes:
oy si
Guidelines for root account password

u
If the root password is known by too many people, no one can be held accountable.
The root password should be limited to just two or three administrators. The fewer
cl
people who know root's password, the better. The system administrator should ensure
that distinct root passwords are assigned to different machines. You may allow normal
users to have the same passwords on different machines, but never do this for root.
Ex
Use of the su command

Attempts to become root through su can be investigated. Successful and unsuccessful
attempts might be logged by the audit system.
pr
PATH variable for root account

Do not include unsecured directories in the value of PATH for the root account. Note
that root's PATH is used by many implicit system functions, not just by a user logged in
as root.
V8.2
Student Notebook
Uempty
Groups
IBM Power Systems
• A group is a set of users who need access to a set of files.

• Group membership is commonly used to delegate system
.I. n
administration authority.
.T ció
• Every user is a member of at least one group and can be a
member of several groups (a groupset).
.
• The user has access to a file if any group in the user’s
C
groupset provides access.
.F a
– To list the groupset, use the groups command.
C rm
• The user's real group ID is used for file ownership on creation.
– To change the real group ID, use the newgrp command.
• Default groups are:
to fo
– System administrators: system
– Ordinary users: staff
ec vo

Figure 12-5. Groups AN123.0
Notes:
oy si
Function of groups
u
Users that require shared access to a set of files are placed in groups. Each group has
a unique name and Group ID (GID). The GID, like the UID, is assigned to a file when it
cl
is created. A user can belong to multiple groups.

Predefined groups
Ex
There are several groups predefined on an AIX system. For example, the system
group is root's group and the staff group is for all ordinary users.
Planning and administering groups
pr
The creation of groups to organize and differentiate the users of a system or network is
part of systems administration. The guidelines for forming groups should be part of the
security policy. Defining groups for large systems can be quite complex, and once a
system is operational, it is very difficult to change the group structure. Investing time
and effort in devising group definitions before your system arrives is recommended.
Student Notebook
Groups should be defined as broadly as possible and be consistent with your security
policy. Do not define too many groups because defining groups for every possible
combination of data type and user type can lead to impossible extremes.
A group administrator is a user who is allowed to assign the members and
administrators of a group. It does not imply that the user has any administrative abilities
for the system.
Types of groups
.I. n
There are three types of groups on the system:
.T ció
• User groups
- User groups should be made for people who need to share files on the
.
system, such as people who work in the same department, or people who are
C
working on the same project.
.F a
• System administrator groups
C rm
- System administrators are automatically members of the system group.
Membership of this group allows the administrators to perform some of the
system tasks without having to be the root user.
• System defined groups
to fo
- Several system-defined groups exist. staff is the default group for all
non-administrative users created in the system. security is another
system-defined group with limited privileges for performing security
ec vo
administration. The system-defined groups are used to control certain

subsystems.
Use of the newgrp command
oy si
A user's real group identification is used to determine the group ownership of a file
created by that user. The newgrp command changes a user's real group identification. If
you provide a group name as a parameter to the newgrp command, the system
u
changes the name of your real group to the group name specified (if the group name
specified is part of your groupset). If no group name is provided as a parameter, the
cl
newgrp command changes your real group to the group specified as your primary group
in the /etc/passwd file.
Ex
Example:
$ id
uid=206(secc) gid=7(security) groups=1(staff)
pr
$ newgrp staff
$ id
uid=206(secc) gid=1(staff) groups=7(security)
V8.2
Student Notebook
Uempty
System defined groups

IBM Power Systems
.I. n
system security
.T ció
Rights to
printq administrative
adm functions
.
audit
C
.F a
shutdown
C rm staff Ordinary
users
to fo
ec vo

Figure 12-6. System defined groups AN123.0
Notes:
oy si
Rights to administrative functions

u
As indicated on the visual, membership in some groups confers rights to the use of
certain administrative functions. Membership in the staff group does not provide rights
cl
to the use of administrative functions.

Common groups
Ex
Common groups on the system (and their intended uses) are as follows:
• system for most configuration and standard hardware and software maintenance
• printq for managing queuing.
pr
- Typical commands which can be run by members of this group are: enable,
disable, qadm, qpri, and so forth.
• security to handle most passwords and limits control
- Typical commands which can be run by members of this group are: mkuser,
rmuser, pwdadm, chuser, chgroup, and so forth.
Student Notebook
• adm most monitoring functions such as performance, cron, accounting staff, default
group assigned to all new users
- You may want to change this in /usr/lib/security/mkuser.defaults.
• audit for auditors
• shutdown allows use of the shutdown command.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Role based access control

IBM Power Systems
• Very granular delegation of system administration tasks

• Authorizations to run privileged commands assigned to roles
.I. n
– For example, SysBoot role authorizes executing shutdown
• Roles, such as SysBoot, assigned to users
.T ció
1 Roles 2 Users
.
C
Authorizations Roles
.F a
C rm
• Domain RBAC
– Controls which objects can be administered
Intranet interface
to fo
Network
Mgt.
Internet interface
ec vo

Figure 12-7. Role based access control AN123.0
Notes:
oy si
Why do we need RBAC?

u
The difficulty with permission (or even access control list) based access control is that
you must secure the needed resource rather than the command. It was often difficult to
cl
know which resources were the ones needed. In some cases we are dealing with kernel
resources. In addition, a given resource may have multiple uses and a single group
access to it may not work. Allowing a program to be root with suid allowed one to
Ex
bypass the resource permissions, but suid itself was a potential exposure. With
Enhanced Resource Based Access Control (RBAC), resource access is controlled
through privileged commands and then only users with the proper authorization are
allowed to execute the privileged command. The authorization and privileges are fine
pr
grained.
Legacy RBAC
Starting with AIX 4.2.1, a form of RBAC was provided but was difficult to work with.
Even though a user was assigned a role, that user was often still unable to execute the
associated tasks until a requisite command was converted to a set uid executable and
Student Notebook
the user was made a member of the associated group. In addition, the legacy
framework was implemented without involvement of the kernel.
Enhanced RBAC
Starting with AIX 6.1, an enhanced form of RBAC is provided. The enhanced RBAC
framework involves the kernel and thus is more secure. The new framework is also
more granular and extensive than the legacy RBAC. Once a role is assigned to a user,
they have the authorization to do the related tasks without having to play with file
.I. n
permissions or group membership. While the framework supports user defined
.T ció
privileged commands, authorizations, and roles, Starting with version 6.1, AIX provides
10 predefined roles that can be used without additional RBAC configuration. The details
of the RBAC framework is outside the scope of this course, however more detail with a
.
simple example is included in topic two of this unit.
C
Sudo
.F a
Sudo (su “do”) is free add-on software for UNIX systems which enables a system
C rm
administrator to delegate authority to give certain users, or groups of users, the ability to
run some, or all, commands as root or another user while providing an audit trail of the
commands and their arguments. Enhanced RBAC, eliminates the use of sudo like tools.
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
File/directory permissions
IBM Power Systems
File Perm. Bit Directory
.I. n
Read content of file r List content of directory
Modify content of file w Create and remove files in
.T ció
directory
Use file name to execute x Give access to directory
.
as a command
C
.F a
Run program with SUID --------
effective UID of owner
C rm
Run program with SGID Files created in directory
effective GID of group inherit the same group as
the directory
to fo
-------- SVTX Must be owner of files to
delete files from directory
ec vo

Figure 12-8. File/directory permissions AN123.0
Notes:
oy si
Permission bits
u
There are a number of permission bits associated with files and directories. The
standard r (read), w (write), and x (execute) permissions, define three levels of access
cl
for the user (owner), group, and others. In addition, there are three permission bits
known as SUID (set UID), SGID (set GID), and SVTX (sticky bit).
Ex
The SUID bit

SUID on an executable file means that when the file runs, the process runs with an
effective UID of the owner of the file. SUID is not supported on shell scripts.
SUID has no meaning on a directory.
pr
The SGID bit

SGID on an executable file means that when the file runs, the process runs with an
effective GID of the group owner of the file.
Student Notebook
SGID on a directory means that any file or directory created within the directory will
have the same group ownership as the directory rather than the real group ID or
primary group of the user.
The SGID permission bits are propagated down through the directory structure, so that
any directory created in a directory with the SGID bit set, also inherits that bit.
The SVTX bit
.I. n
SVTX on a file has no meaning in AIX. It was used in earlier versions of UNIX.
Traditional UNIX used SVTX to keep a program in memory after it had completed
.T ció
running, but with memory management routines, this is no longer necessary. SVTX is
known as the sticky bit.
.
SVTX on a directory means that even if the directory has global write permission (for
C
example, /tmp), users cannot delete a file within it, unless they either own the file, or the
.F a
directory.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Reading permissions
IBM Power Systems
owner group other

r w x r w x r w x
.I. n
.T ció
s s t
S S T
.
C
.F a
SUID SUID SGID SGID sticky sticky
only +x only +x bit bit
C rm
only +x
## ls
ls -ld
-ld /usr/bin/passwd
/usr/bin/passwd /usr/bin/crontab
/usr/bin/crontab /tmp
/tmp
to fo
-r-sr-xr-x
-r-sr-xr-x root
root security
security ...
... /usr/bin/passwd
/usr/bin/passwd
-r-sr-sr-x
-r-sr-sr-x root
root cron
cron ...
... /usr/bin/crontab
/usr/bin/crontab
drwxrwxrwt
drwxrwxrwt bin
bin bin
bin ...
... /tmp
/tmp
ec vo

Figure 12-9. Reading permissions AN123.0
Notes:
oy si
How SUID, SGID, and SVTX settings are indicated

u
The SUID bit is indicated by an S or s in the slot normally reserved for the execute
permission for owner (user). The SGID bit is indicated by an S or s in the slot normally
cl
reserved for the execute permission for group. The SVTX bit is indicated by a T or t in the
slot normally reserved for the execute permission for others. Since this slot must show if
execute is on/off and whether the additional permission bit is on/off, the uppercase S or T is
Ex
used to indicate that the execute permission is off. The lowercase s or t indicates the
execute permission is on.
Discussion of examples on visual
Three examples of files that use these additional permissions are shown on the visual:
pr
• The passwd command allows users to change their passwords even though
passwords are stored in a restricted area.
• The crontab command allows users to create a crontab file even though access to the
directory where crontab files reside is restricted for ordinary users.
• Permission bit settings for /tmp allow everyone to write to the directory, but only the
owner of a file can remove a file from the /tmp directory.
Student Notebook
Changing permissions
IBM Power Systems
4 2 1
SUID SGID SVTX
.I. n
owner group other
r w x r w x r w x
.T ció
4 2 1 4 2 1 4 2 1
.
C
# chmod 4 7 7 7 file1 SUID
.F a
# chmod 2 7 7 7 file1 SGID
C rm
# chmod 1 7 7 7 dir1 SVTX
OR
# chmod u+s file1 SUID
to fo
# chmod g+s file1 SGID
# chmod +t dir1 SVTX
ec vo

Figure 12-10. Changing permissions AN123.0
Notes:
oy si
Setting the additional permission bits

u
To set the additional permission bits, you use the same command (chmod) as you do to
set the regular permission bits.
cl
Using octal notation to set the additional permission bits

Using the octal notation, you are probably familiar with setting permissions using a
Ex
command like: # chmod 777 file1. When you issue this command, the more complete
command would be: # chmod 0777 file1. The fourth number, a zero, is implied. This fourth
position determines whether the additional bits are turned on.
You normally use the numeric values of 4, 2, and 1 to set r, w, and x. That remains the
pr
same. To set the additional bits, you are affecting the x position in either the user, group, or
other area. If you assign numeric values to user (4), group (2), and other (1), these are the
values that you insert into the fourth position to set the additional bit:
• SUID is indicated in the user's area. Therefore use a 4 in the fourth position.
• SGID is indicated in the group area. Therefore use a 2 in the fourth position.
V8.2
Student Notebook
Uempty • SVTX is indicated in the others area. Therefore use a 1 in the fourth position.
Using the symbolic method to set the additional permission bits
You can also use the symbolic method to set the additional permission bits. The visual
shows how to set the values using the symbolic method.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
umask
IBM Power Systems
• The umask governs permissions on new files and directories.

• System default umask is 022.
.I. n
• 022 calculation Files: 666 Directories: 777
umask: 022 umask: 022
.T ció
644 755
rw-r--r-- rwxr-xr-x
.
• A umask of 027 is recommended.
C
.F a
• 027 calculation Files: 666 Directories: 777
umask: 027 umask: 027
C rm
640 750
rw-r----- rwxr-x---
• /etc/security/user specifies default and individual user

to fo
umask values.
ec vo

Figure 12-11. umask AN123.0
Notes:
oy si
Function of umask
u
The umask specifies what permission bits are set on a new file when it is created. It is
an octal number that specifies which of the permission bits are not set.
cl
Default value of umask

If no umask was used, then files would be created with permissions of 666 and
Ex
directories would be created with permissions of 777. The system default umask is 022
(indicating removal of the 2 bit, or write from the group and others area). Therefore,
removing write from group and other, results in an initial permission for files of 644 and,
for directories, 755. Execute permission is never set initially on a file.
pr
Changing the umask to enhance security

The default setting of the umask is 022. For tighter security you should make the
umask 027, or even 077. An initial umask value can be set as an attribute of the user
definition.
V8.2
Student Notebook
Uempty The umask command

To view or change the value of the umask for the current session, use the umask
command.
Values stored in /etc/security/user file
The umask is specified in /etc/security/user. The default stanza in this file specifies
the system wide default, but a value can be specified on a per-user basis.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Changing ownerships and groups

IBM Power Systems
The chown command:

## chown
chown fred
fred file1
file1
.I. n
.T ció
The chgrp command:
.
## chgrp
chgrp staff
staff file1
C
file1
.F a
C rm
Changing both user and group ownership:
## chown
chown fred:staff
fred:staff file1
file1
to fo
-- OR
OR --
## chown
chown fred.staff
fred.staff file1
file1
ec vo

Figure 12-12. Changing ownerships and groups AN123.0
Notes:
oy si
Using chown to change ownership

u
As illustrated on the visual, the chown command can be used by root to change the
ownership on a file.
cl
Using chgrp to change group ownership

The chgrp command is used to change the group ownership of a file. Any owner of a
Ex
file can change the group ownership to any group in their groupset. The root user can
change the group ownership to any group on the system.
Changing both ownership and group ownership
pr
The chown command can be used by root to set both the ownership, and group
ownership, of a file. As illustrated on the visual, this can be done two different ways.
V8.2
Student Notebook
Uempty
Security policy and setup

IBM Power Systems
• Identify the different types of users and what data they will
need to access.
.I. n
– Consider using enhanced RBAC roles to perform system
administration tasks (as opposed to using root).
.T ció
• Organize groups around the type of work that is to be done.
• Organize ownership of data to fit with the group structure.
.
C
• Set SVTX on shared directories.
.F a
• Security policy and implementation design should be formally
C rm
documented.
Security
Security
policy
policyand
and
to fo
setup
setup
ec vo

Figure 12-13. Security policy and setup AN123.0
Notes:
oy si
Planning user and group administration

u
Plan and organize your user and group administration. Every user does not need their
own group. Good planning up front reduces any reorganizing of users and groups later
cl
on.
Use of the sticky bit
Ex
Always protect your shared directories by setting the sticky bit. Then users will not
remove each other’s files accidentally, or intentionally.
pr
Student Notebook
Topic summary
IBM Power Systems
Having completed this topic, you should be able to:

• Understand user accounts and groups
.I. n
• Describe the role of RBAC
.T ció
• Understand and apply file permissions
– Including the role of the umask attribute
.
• Change file ownership and group assignment
C
.F a
C rm
to fo
ec vo

Figure 12-14. Topic summary AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty 12.2.User and group administration
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
User and group administration

IBM Power Systems

• Understand how security commands are used to manage
.I. n
security files
.T ció
• Add, list, change, and delete users and groups
• Set and change passwords
.
– Recover root password if lost or forgotten
C
.F a
• Identify files that hold user and group definitions
C rm
to fo
ec vo

Figure 12-15. User and group administration AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Security files and security commands

IBM Power Systems
• Many different commands can modify a security file.

mkuser chsec
.I. n
/etc/security/user
.T ció
chuser vi
.
• A single command can result in an update to several files.
C
.F a
mkuser, chuser, rmuser
C rm
/etc/security/passwd /etc/security/limits
/etc/passwd /etc/security/user
to fo
• Best practice: Avoid directly editing files.
• Use high level management commands (or SMIT).
ec vo

Figure 12-16. Security files and security commands AN123.0
Notes:
oy si
While the user and group definitions are kept in flat ASCII files, the proper way to work with
these definitions is by executing high level commands or SMIT). Thus, the best way to
u
update user attributes in /etc/security/user is to use the mkuser and chuser commands. In
situations where these can’t be used (such as changing) default attributes, then you may
cl
have to use a command such as chsec.

The tool of last resort is to use a file editor. Not only is it possible to make mistakes that can
Ex
violate the syntax of a file or value restrictions on the attributes, but you also might not
properly coordinate the multiple inter-related files.
The high level commands allow you to change a value without knowing in which file that
pr
attribute is stored, will ensure that the files are consistent, and that values are within the
proper ranges.
Student Notebook
Validating the user environment

IBM Power Systems
• pwdck verifies the validity of local authentication information:

– pwdck {-n|-p|-t|-y} {ALL | username}
– Verifies consistency between /etc/passwd, /etc/security/passwd,
.I. n
and /etc/security/user
.T ció
• usrck verifies the validity of a user definition:
– usrck {-l|-b|-n|-p|-t|-y} {ALL | username}
.
– Checks consistency between /etc/passwd, /etc/security/user,
C
.F a
/etc/security/limits, and /etc/security/passwd
– Reasonability checks on attribute values
C rm
– Option –l will identify problems that would block a user’s access
• grpck verifies the validity of a group:

to fo
– grpck {-n|-p|-t|-y} {ALL | groupname }
– Verifies that the files /etc/passwd, /etc/security/user, /etc/group,
and /etc/security/group are consistent
ec vo

Figure 12-17. Validating the user environment AN123.0
Notes:
oy si
Use of validation commands

u
The commands listed on the visual can be executed by root or any user in the security
group to clean up after a change to the user configuration. Because they run with root
cl
permissions, they give administrative users the ability to make necessary changes to
the /etc/security/passwd file in a controlled way, without knowing the root password.
Ex
The usrck command

The usrck command verifies the validity of the user definitions in the user database
files, by checking the definitions for all the users or for the users specified by the user
parameter. You must select a flag to indicate whether the system should try to fix
pr
erroneous attributes.
Options for pwdck, usrck, and grpck commands
All the options for pwdck, usrck, and grpck are as follows:
• -n Reports errors but does not fix them
V8.2
Student Notebook
Uempty • -p Fixes errors but does not report them

• -t Reports errors and asks if they should be fixed
• -y Fixes errors and reports them
Additional options for usrck, are as follows:
• -b Reports users who are not able to access the system and the reasons, with
the reasons displayed in a bit-mask format
.I. n
• -l Scans all users or the users specified by the User parameter to determine if
.T ció
the users can access the system and if not - identify the cause of the problem
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
chsec, lssec, and stanza format security files

IBM Power Systems
File name /etc/security/user
Stanza name default:
.I. n
admin = false
login = true
.T ció
…
Attribute name umask = 022
…
.
root:
C
login = true
.F a
…
C rm
Syntax:
chsec –f filename -s stanza_name -a attribute_name=value
lssec –f filename -s stanza_name -a attribute_name
Example:
to fo
# lssec –f /etc/security/user -s default -a umask
default umask=22
# chsec –f /etc/security/user -s default -a umask=027
ec vo

Figure 12-18. chsec, lssec, and stanza format security files AN123.0
Notes:
oy si
Many security files are in a stanza format with the stanza name as a label followed by
multiple attributes, one line per attribute. It is common in stanza file to have a default
u
stanza, followed by override stanzas such as individual users or individual terminals. While
high level commands can be used with specific users, the only command that can be used
cl
with the default stanza is the chsec command.

The chsec and lssec commands work with many different files that are in this stanza
Ex
format. To locate the attribute the command requires you to identify the filename, stanza
name, and attribute name.
pr
V8.2
Student Notebook
Uempty Here is a more complete example of /etc/security/user showing the default stanza and a
user stanza:
default:
admin = false
login = true
su = true
daemon = true
.I. n
rlogin = true
sugroups = ALL
.T ció
admgroups =
ttys = ALL
auth1 = SYSTEM
.
auth2 = NONE
C
.F a
tpath = nosak
umask = 000
C rm
expires = 0
SYSTEM = "compat"
logintimes =
pwdwarntime = 0
to fo
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
ec vo
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
oy si
minother = 0
minlen = 0
mindiff = 0
u
maxrepeats = 8
cl
dictionlist =
pwdchecks =
root:
Ex
admin = true
SYSTEM = "compat"
loginretries = 0
account_locked = false
pr
registry = files
admgroups =
Student Notebook
User and group administration hierarchy

IBM Power Systems
• Some users and groups are set as administrative.

– flag=ADMIN: Attribute in /etc/security/passwd stanza
.I. n
– admin=true: Attribute in /etc/security/group stanza
• Default primary group of an admin user is “system” (guid 0).
.T ció
• UID and GID default values:
– Standard users and groups have high values ( > 200)
.
– Administrative users and groups have low values
C
.F a
• Only root can add, remove, or change an admin user or admin group.
C rm
root
administer
root
to fo
admin user or group
root or administer
security group standard user or group
ec vo

Figure 12-19. User and group administration hierarchy AN123.0
Notes:
oy si
Capabilities of members of certain groups

u
The ability to perform certain system tasks (like creating users) depends upon the standard
AIX file permissions. Most system administration tasks can be performed by users other
cl
than root if those users are assigned to groups such as system, security, printq, cron,
adm, audit, or shutdown. In particular, a user in the security group can add, remove, or
change other users and groups.
Ex
Purpose of user hierarchy

To protect important users and groups from users in the security group, AIX has three
levels of user hierarchy: root, admin users and groups, and normal users and groups. Only
pr
root can add, remove, or change an admin user or admin group. Therefore, you can define
a user that has a high level of access, but is protected from users in the security group.
V8.2
Student Notebook
Uempty
Security & Users

IBM Power Systems
# smit security
.I. n
Security
Security && Users
Users
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.
C
Users
Users
.F a
Groups
Groups
Passwords
C rm
Passwords
Login
Login Controls
Controls
PKI
PKI
LDAP
LDAP
to fo
Role
Role Based
Based Access
Access Control
Control (RBAC)
(RBAC)
Trusted
Trusted Execution
Execution
ec vo

Figure 12-20. Security & Users AN123.0
Notes:
oy si
The Security & Users menu

u
The Security & Users menu is used to manage user and group IDs on the system. The
menu consists of the seven options described below.
cl
• Users
This option is used to add users to the system, delete existing users and change the
Ex
characteristics of existing users.

• Groups
This option is used to add groups to the system, delete groups, and change the
pr
characteristics of existing groups.

• Passwords
This option is used to change the password for a user. It is also required when setting
up a new user or when a user has forgotten their password.
Student Notebook
• Login Controls
This option provides functions to restrict access for a user account or on a particular
terminal.
• PKI
PKI stands for X.509 Public Key Infrastructure certificates. This option is used to
authenticate users using certificates and to associate certificates with processes as
.I. n
proof of a user's identity.
• LDAP
.T ció
LDAP stands for Light Directory Access Protocol. It provides a way to centrally
administer common configuration information for many platforms in a networked
.
environment. A common use of LDAP is the central administration of user
C
authentication. The SMIT option here allows us to configure this platform as either an
.F a
LDAP client or an LDAP server.
C rm
• Roles Based Access Control (RBAC)
This option sets up user roles. User roles allow root to give authority to an ordinary user
to perform a portion of root's functions.
• Trusted Execution
to fo
Trusted Execution (TE) refers to a collection of features that are used to verify the
integrity of the system and implement advanced security policies, which together can be
used to enhance the trust level of the complete system.
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
SMIT users
IBM Power Systems
# smit users
.I. n
Users
Users
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.
C
Add
Add aa User
User
.F a
Change
Change aa User's
User's Password
Password
Change
Change // Show
Characteristics of
of aa User
C rm
User
Lock
Lock // Unlock
Unlock aa User's
User's Account
Account
Reset
Reset User's
User's Failed
Failed Login
Login Count
Count
Remove
Remove aa User
User
to fo
List
List All
All Users
Users
ec vo

Figure 12-21. SMIT users AN123.0
Notes:
oy si
• Add a User: Add user accounts.

u
• Change a User's Password: Make password changes.

• Change/Show Characteristics of a User: Changes the many characteristics that are
cl
part of the user account. The password restrictions are part of this area.
• Lock/Unlock a User's Account: This is used to temporarily disable an account. It is a
Ex
good security practice to disable accounts if they are not expected to be used for a
reasonably long period of time, as when someone is on an extended leave of absence.
• Reset User's Failed Login Count: If the administrator has set a limit to the number of
failed attempts that can be made on an account before locking it, this resets that count.
pr
• Remove a User: Removes the user account, but not files owned by that user
• List all users: Runs the lsuser command
Student Notebook
Listing users
IBM Power Systems
The lsuser command:

lsuser [-c | -f] [-a attribute …] {ALL | username …}
.I. n
Example:
.T ció
## lsuser
lsuser -a
-a id
id home
home ALL
ALL
.
root
root id=0
id=0 home=/
home=/
C
daemon
daemon id=1
id=1 home=/etc
home=/etc
.F a
bin
bin id=2
id=2 home=/bin
home=/bin
C rm
sys
sys id=3
id=3 home=/usr/sys
home=/usr/sys
adm
adm id=4
id=4 home=/var/adm
home=/var/adm
uucp
uucp id=5
id=5 home=/usr/lib/uucp
home=/usr/lib/uucp
guest
guest id=100
id=100 home=/home/guest
to fo
home=/home/guest
alex
alex id=333
id=333 home=/home/alex
home=/home/alex
ec vo

Figure 12-22. Listing users AN123.0
Notes:
oy si
Function of the lsuser command

u
The lsuser command is used to list the attributes of all users (ALL) or individual users on
the system.
cl
Using SMIT to list users

When the List All Users option in SMIT is used, the user name, ID and home directory
Ex
are listed.
Commonly used lsuser flags
When the lsuser command is issued directly, the data may be listed in line format, in colon
pr
format (-c), or in stanza format (-f). Individual attributes or all attributes may be selected.
The output can also be generated for individual users.
Sources of information listed
The information reported by lsuser is gathered from the security files: /etc/passwd,
/etc/security/limits, and /etc/security/user.
V8.2
Student Notebook
Uempty
Add or change a user

IBM Power Systems
# smit mkuser mkuser id=333 alex

Add
Add aa User
User
.I. n
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired changes.
Enter AFTER making all desired changes.
.T ció
[TOP]
[TOP] [Entry
[Entry Fields]
Fields]
** User
User NAME
NAME [alex]
[alex]
User
User ID ID [333]
[333] ##
.
ADMINISTRATIVE
ADMINISTRATIVE USER?
USER? false
false ++
C
Primary
Primary GROUP
GROUP []
[] ++
.F a
Group
Group SETSET []
[] ++
ADMINISTRATIVE
ADMINISTRATIVE GROUPS
GROUPS []
[] ++
C rm
ROLES
ROLES []
[] ++
Another
Another user
user can
can SU
SU TO
TO USER?
USER? true
true ++
SU
SU GROUPS
GROUPS [ALL]
[ALL] ++
HOME
HOME directory
directory []
[]
Initial
Initial PROGRAM []
to fo
PROGRAM []
.. .. ..
# smit chuser chuser groups='staff,security' alex

ec vo

Figure 12-23. Add or change a user AN123.0
Notes:
oy si
Ways of adding a user

The mkuser command or SMIT can be used to add a user. User attributes can be specified
u
to override the default values.

User name
cl
The only value that must be specified, is the user name. Traditionally, this name was
restricted to eight characters in length. Beginning with AIX 5L V5.3, this limit can be
Ex
changed to allow names as long as 255 characters. The limit is modified in the
Change/Show Attributes of the Operating System panel (smit chsys).
Changing user characteristics
The Change/Show Characteristics of a User option, which runs the chuser command, allows
pr
any of the user characteristics listed previously, except the user name, to be changed. This
can only be executed by root or a member of the security group. Only root can change an
admin user. This SMIT screen holds exactly the same attributes as the Add a User screen.
The chuser command
The following command can be used to change characteristics of a user:
# chuser attribute=value username
Student Notebook
Assign a password
IBM Power Systems
• root or members of security group can assign or change the password

of another user.
– A new user ID is blocked until an initial password is assigned.
.I. n
– If user forgets password, a new password can be set.
.T ció
– User is prompted to change password at first login.
root or security
## pwdadm
pwdadm <username>
<username> group
.
C
OR
OR
.F a
## passwd
passwd [username]
[username] root only
C rm
OR
OR
## smit
smit passwd
passwd root or security
group
to fo
• To avoid prompt to change password at first login:
## pwdadm
pwdadm –c–c <username>
<username>
ec vo

Figure 12-24. Assign a password AN123.0
Notes:
oy si
Setting an initial password

When a user ID is created with SMIT or with the mkuser command, the user ID is disabled.
u
(An asterisk (*) is in the password field of /etc/passwd.) To enable the ID, the passwd or
pwdadm command must be used to set up the initial password for the user.
cl
Entry of passwords (things to be aware of)

Ex
When passwords are entered, they are not displayed. When changing a password, the new
password is requested a second time for verification.
The ADMCHG flag
If root or a member of the security group sets the password for a user, the ADMCHG flag
pr
is set in the flags field in /etc/security/passwd. The user is then prompted to change the
password at the next login.
Recovering from a forgotten password
There is no way to examine an existing password on the system. The only way to recover
from a forgotten password, is for an administrator or root, to set a new one for the user.
V8.2
Student Notebook
Uempty Invocation of passwd command by SMIT

The option Passwords on the Users menu of SMIT uses the pwdadm command when
invoked by a member of security group to change someone else’s password, but otherwise
uses the passwd command.
Using the passwd command
Ordinary users who use passwd to change their passwords, are first prompted for the old
.I. n
password, and then they are asked twice for a new password. When root uses passwd to
set a user's password, passwd only prompts twice for the new password.
.T ció
Using the pwdadm command
Members of the security group, can use pwdadm to change the passwords of
.
non-administrative accounts. Members of the security group are first prompted to enter
C
their own password, and then prompted twice to enter the user's new password. The root
.F a
user is only prompted twice for the new password.
C rm
Users with ADMIN flag set
Only root can change the password for a user who has the ADMIN flag set in
/etc/security/passwd.
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Regaining root’s password

IBM Power Systems
1. Boot from optical media, NIM, or a bootable tape.

2. Select Access a Root Volume Group from the Maintenance menu.
.I. n
Maintenance
Maintenance
.T ció
>>>
>>> 11 Access
Access aa Root
Root Volume
Volume Group
Group
22 Copy
Copy aa System
System Dump
Dump to
to Removable
Removable Media
Media
33 Access
Access Advanced Maintenance Functions
Advanced Maintenance
.
Functions
44 Erase
Erase Disks
Disks
C
.F a
3. Follow the options to activate the root volume group and obtain a shell.
C rm
4. Once a shell is available, execute the passwd command to change
root’s password.
5. Enter the following command:
to fo
# sync ; sync
6. Reboot the system.
ec vo

Figure 12-25. Regaining root’s password AN123.0
Notes:
oy si
If the root password is lost, just follow the steps as shown in the visual.
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
/etc/passwd file
IBM Power Systems
Format: name:password:UID:principleGID:Gecos:HomeDirectory:Shell
## cat
cat /etc/passwd
/etc/passwd
.I. n
root:!:0:0::/:/usr/bin/ksh
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
daemon:!:1:1::/etc:
.T ció
bin:!:2:2::/bin:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
sys:!:3:3::/usr/sys:
.
adm:!:4:4::/var/adm:
adm:!:4:4::/var/adm:
C
uucp:!:5:5::/usr/lib/uucp:
uucp:!:5:5::/usr/lib/uucp:
.F a
guest:!:100:100::/home/guest:
guest:!:100:100::/home/guest:
nobody:!:4294967294:4294967294::/:
nobody:!:4294967294:4294967294::/:
C rm
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
to fo
ted:*:205:1::/home/ted:/usr/bin/ksh
ted:*:205:1::/home/ted:/usr/bin/ksh ! = Passwd is set in
/etc/security/passwd
* = no password set
ec vo

Figure 12-26. /etc/passwd file AN123.0
Notes:
oy si
Role of the /etc/passwd file

u
The /etc/passwd file lists the users on the system and some of their attributes. This file
must be readable by all users, because commands such as ls access it.
cl
Fields in the /etc/passwd file

The fields in the /etc/passwd file are:
Ex
• User name: Up to eight alphanumeric characters (not all uppercase)

• Password: On older UNIX systems, this contained the encrypted password. On AIX, it
either contains an exclamation mark (!) to refer to the /etc/security/passwd file or an
pr
asterisk (*), which means the user has no password assigned.

• UID: The user ID number for the user
• GID: The ID of the primary group to which this user belongs
• Information: Any descriptive text for the user
Student Notebook
• Directory: The login directory of the user and the initial value of the $HOME variable
• Login program: Specifies the initial program or shell that is executed, after a user
invokes the login command, or su command
Using index files for better login performance
In AIX, additional files can be created to be used as index files for the /etc/passwd,
/etc/security/passwd, and /etc/security/lastlog files. These index files provide for better
.I. n
performance during the login process. Use the mkpasswd -f command to create the
indexes. The command mkpasswd -c can be used to check the indexes, and rebuild any
.T ció
that look suspicious.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
/etc/security/passwd file
IBM Power Systems
## cat
cat /etc/security/passwd
/etc/security/passwd
root:
root:
.I. n
password
password == etNKvWlXX5EFk
etNKvWlXX5EFk
lastupdate
lastupdate = 1145381446
= 1145381446
.T ció
flags =
flags =
daemon:
daemon:
password
password == **
.
bin:
bin:
C
.F a
password
password == **
alex:
alex:
C rm
password
password == XAkhucsiyVwAA
XAkhucsiyVwAA
lastupdate
= 1225381869
flags =
flags =
tyrone:
tyrone:
to fo
password
password == RWWoFp5iuL.JI
RWWoFp5iuL.JI
lastupdate
= 1225381903
flags = ADMCHG,ADMIN,NOCHECK
flags = ADMCHG,ADMIN,NOCHECK
ec vo

Figure 12-27. /etc/security/passwd file AN123.0
Notes:
oy si
Role of the /etc/security/passwd file (commonly referred to as the shadow password

file)
u
The /etc/security/passwd file contains the encrypted user passwords and can only be
cl
accessed by root. The login, passwd, pwdadm, and pwdck commands, which run
with root authority, update this file. This file is in stanza format with a stanza for each
user.
Ex
Index files
As previously mentioned, in AIX, additional files can be created to be used as index files
for /etc/security/passwd and some related files. These index files provide for better
pr
performance during the login process. These indexes are created using the mkpasswd
command.
Entries in /etc/security/passwd
Valid entries in /etc/security/passwd are:
Student Notebook
• Password: Either the encrypted password asterisk (*) for invalid, or blank for no
password
• Lastupdate: The date and time of the last password update in seconds from 1 January
1970
• Flags:
- ADMCHG: The password was last changed by an administrator or root.
.I. n
- ADMIN: The user's password can only be changed by root.
.T ció
- NOCHECK: Password restrictions are not in force for this user.
See /etc/security/user for password restrictions.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
SMIT groups
IBM Power Systems
# smit groups
.I. n
Groups
Groups
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.
C
List
List All
All Groups
Groups
.F a
Add
Add aa Group
Group
Change
Change // Show
Characteristics of
of aa Group
C rm
Group
Remove
Remove aa Group
to fo Group
ec vo

Figure 12-28. SMIT groups AN123.0
Notes:
oy si
Purpose of groups
u
The purpose of groups is to give a common set of users the ability to share files. The
access is controlled using the group set of permission bits.
cl
Group management restrictions

Only root and members of the security group can create groups. root and security
Ex
group members, can select a member of the group to be the group administrator. This
privilege allows the user to add and remove users from the group.
Predefined groups
pr
There are a number of predefined groups on AIX systems, like the system group
(which is root's group), and the staff group (which contains the ordinary users).
Student Notebook
Listing groups
IBM Power Systems
The lsgroup command:

lsgroup [-c | -f] [-a attribute …] {ALL | groupname …}
.I. n
Example:
.T ció
## lsgroup
lsgroup –f
–f -a
-a id
id users
users ALL
ALL
system:
system:
.
id=0
id=0
C
users=root,esaadmin,pconsole
users=root,esaadmin,pconsole
.F a
staff:
staff:
C rm
id=1
id=1
users=ipsec,ted,sshd,alex,local,tyrone,daemon
users=ipsec,ted,sshd,alex,local,tyrone,daemon
bin:
bin:
to fo
id=2
id=2
users=root,bin
users=root,bin
...
...
ec vo

Figure 12-29. Listing groups AN123.0
Notes:
oy si
The lsgroup command

u
The lsgroup command is used to list all groups, or selected groups, on the system. The
data is presented in line format by default, in colon format (-c), or in stanza format (-f).
cl
Commonly used options of the lsgroup command

The -c option displays the attribute for each group, in colon separated records.
Ex
The -f option displays the group attributes in stanza format with each stanza identified
by a group name.
pr
V8.2
Student Notebook
Uempty
Add or change a group

IBM Power Systems
# smit mkgroup mkgroup id=101 users=alex,tyrone techies
Add
Add aa Group
.I. n
Group
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.T ció
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** Group
Group NAME
NAME [techies]
[techies]
.
ADMINISTRATIVE
ADMINISTRATIVE group?
group? false
false ++
C
Group ID [101] ##
.F a
Group ID [101]
USER
USER list
list [alex,tyrone]
[alex,tyrone] ++
ADMINISTRATOR
ADMINISTRATOR list
list []
[] ++
C rm
Projects
Projects []
[] ++
Initial
Initial Keystore
Keystore Mode
Mode []
[] ++
Keystore
Keystore Encryption
Encryption Algorithm
Algorithm []
[] ++
Keystore
Keystore Access
Access []
[] ++
to fo
# smit chgroup chgroup techies –a users=tyrone techies
ec vo

Figure 12-30. Add or change a group AN123.0
Notes:
oy si
The mkgroup command

u
The mkgroup command is the command used to create a new group. The group name,
traditionally, must be a unique string of eight or fewer characters. With AIX 5L V5.3 and
cl
later, the maximum name length can be modified to be as large as 255 characters.
Limit on group membership
Ex
A user may belong to no more than 32 groups.

The mkgroup/SMIT options
The mkgroup -a option is used to indicate that the new group is to be an administrative
pr
group. Only the root user can add administrative groups to the system.
• ADMINISTRATOR list and USER list: In the SMIT screen shown on the visual,
ADMINISTRATOR list is a list of members from the USER list that are allowed to
change the characteristics of a group and add or remove members.
Student Notebook
• Projects: Starting with AIX 5L V5.3, the SMIT Add a Group screen has a new field,
Projects, for tracking resource usage in the Advanced Accounting subsystem.
The following fields are related to Encrypted File Systems. This topic is outside the scope
of this class. Attend AN57 AIX Security, for training in this area.
• Initial Keystore Mode: The efs_initalks_mode of admin allows for root, or other
security privileged system users, to reset the user's key store password. Otherwise, if
the user forgets their key store password, they will not be able to access their Encrypted
.I. n
File System files. If the guard mode is selected, then root cannot reset the user's key
.T ció
store password.
• Keystore Encryption Algorithm: This option specifies the algorithm for the user's
key, within the key store. This key protects the encrypting key of files the user creates,
.
within the Encrypted File System.
C
.F a
• Keystore Access: The key store enables the user to utilize files in the Encrypted File
System. The selection of file will create a key store file associated with this user. It is
C rm
recommended that file is selected. Select none for no key store to be created. All other
EFS (efs_*) attributes will not have any effect.
The chgroup command
to fo
The chgroup command is used to change the characteristics of a group. It can only be
run by root or a member of the security group.
Group attributes
The group attributes that can be changed are the same as set with mkgroup.
ec vo
The chgrpmem command

The chgrpmem command can be used by any user to change either the administrators,
oy si
or the members of a group, for which the user running the command, is a group
administrator.
The chsh command
u
The chsh interactive command can be used by any user to change that user’s login
cl
shell.
The chfn command
Ex
The chfn interactive command can be used by any user to their GECOS information in
/etc/passwd.
pr
V8.2
Student Notebook
Uempty
Group files
IBM Power Systems
## cat
cat /etc/group
/etc/group
system:!:0:root,esaadmin,pconsole
system:!:0:root,esaadmin,pconsole
staff:!:1:ipsec,sshd,alex,tyrone,ted
staff:!:1:ipsec,sshd,alex,tyrone,ted
.I. n
bin:!:2:root,bin
bin:!:2:root,bin
sys:!:3:root,bin,sys
sys:!:3:root,bin,sys
.T ció
adm:!:4:bin,adm
adm:!:4:bin,adm
uucp:!:5:nuucp,uucp
uucp:!:5:nuucp,uucp
...
...
.
C
.F a
## cat
cat /etc/security/group
/etc/security/group
system:
system:
admin
admin == true
true
C rm
staff:
staff:
admin
admin == false
false
bin:
bin:
admin
admin == true
true
to fo
...
...
techies:
techies:
admin
admin == false
false
adms = alex
adms = alex
ec vo

Figure 12-31. Group files AN123.0
Notes:
oy si
The /etc/group file

u
The fields in the /etc/group file are:

• Group: Up to eight alphanumeric characters (not all uppercase)
cl
• Password: This field is not used in AIX and should contain an exclamation mark (!)
• ID: The group ID
Ex
• Members: A comma-separated list of the users who belong to this group

The /etc/security/group file
The /etc/security/group file is a stanza file with one stanza for each group. The valid
entries are:
pr
• admin: Defines whether the group is an administrative group; values are true or false
• adms: A comma-separated list of the users who are administrators for the group
• If admin=true, this stanza is ignored because only root can change an administrative
group.
• projects: A list of project names to be associated with the group
Student Notebook
Remove a user or group from the system

IBM Power Systems
• Use the rmuser command or SMIT to delete a user from the

system.
.I. n
## rmuser
rmuser –p
–p user01
user01
.T ció
• Use the rmgroup command or SMIT to delete a group from
.
the system.
C
.F a
## rmgroup
rmgroup finance
finance
C rm
to fo
ec vo

Figure 12-32. Remove a user or group from the system AN123.0
Notes:
oy si
Ways to remove a user

u
The Remove a User from the System option in SMIT, or the rmuser command, can be
used to remove any user from the system. Only the root user may remove
cl
administrative users.
The -p option of rmuser
Ex
The -p option removes authentication information from the /etc/security/* files.

Typically, this information is the user password, as well as other login restrictions which
have been previously set for the ID.
Removing the user's files
pr
The user's home directory and associated files are not removed by this option. They
must be removed separately by the administrator. To do this, you can use the -r option
on the rm command to recursively remove files. Remember to back up any important
files before removing the user's home directory.
V8.2
Student Notebook
Uempty
Files owned by removed user or group

IBM Power Systems
• Best handled prior to removing user or group

# ls –l
.I. n
-r-xr-xr-x 1 207 system 26732 Feb 1 01:10 file54
• Home directory
.T ció
– Move needed files
– Remove home directory
.
C
# rm –R /home/user01
.F a
• Other files
C rm
– Use find to locate files
# find / -group <GID or groupname>
# find / -user <UID or username>
to fo
– Change user or group ownership
# chown
# chgrp
ec vo

Figure 12-33. Files owned by removed user or group AN123.0
Notes:
oy si
Removing a user or group does not remove the files owned by that user or group. The files
remain with the same UID and GID in the i-node as they had before.
u
The home directory files will be easy to locate, but that is not necessarily true for other files
cl
that may be scattered around the system.

For ease of management it is recommended that you manage these file prior to deleting
Ex
the owner. If you do not, then you will need to know the UID or GID number to find the
related files.
For each file you need to decide whether to backup and delete the file or to transfer
ownership to a different user or group.
pr
Student Notebook
Topic summary
IBM Power Systems

• Understand how security commands are used to manage
.I. n
security files
.T ció
• Add, list, change, and delete users and groups
• Set and change passwords
.
– Recover root password if lost or forgotten
C
.F a
• Identify files that hold user and group definitions
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
1. If the following command was run, what would the file

permissions be for file1: chmod 6754 file1
.I. n
2. A binary executable with the SUID flag set is owned by
.T ció
user root. User michael executes the binary. The
executable runs under which user, root or michael?
.
C
.F a
3. A shared directory is created on the system. What flag
C rm
must be set to ensure only the owner of the files can
delete them?
to fo
4. Why is a umask of 027 recommended?
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
5. What is the difference between the commands pwdadm and

passwd?
.I. n
.T ció
6. Which command can be used to change the default
attributes for users?
.
C
.F a
7. True or False: When you delete a user from the system, all
the user’s files and directories are also deleted.
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Security and user
administration: Part one
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Define the concepts of users and groups, and explain how
.T ció
and when these should be allocated on the system
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 13. Security and user administration: Part two

This unit describes the key concepts related to AIX security and user
administration.
.I. n
.T ció
.
• Execute various user management tasks
C
.F a
• Explain basic concepts of RBAC
• Assign and use RBAC roles
C rm
to fo
References
ec vo

SG24-7424 AIX 7.1 Advanced Security Features: Introduction and
oy si
Configuration (Redbook)
u

cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty 13.1.Additional user administration tasks
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Additional user administration tasks

IBM Power Systems

• Understand the login sequence and initialization process
.I. n
• Customize login and password prompt behavior
.T ció
• Use security logs
• Customize the default user setup
.
• Manage user access issues
C
.F a
• Establish user password restrictions
C rm
to fo
ec vo

Figure 13-2. Additional user administration tasks AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Console login sequence

IBM Power Systems
getty process Settings in

Login: User ID and passwd /etc/security/login.cfg
Spawned by inittab
.I. n
/etc/passwd
User verification check /etc/security/passwd
.T ció
no
Login failed Valid?
.
yes
Log entry in:
C
Update security logs /var/adm/wtmp
.F a
/etc/security/failedlogin /etc/utmp
C rm
/etc/environment
Set up the environment. /etc/security/limits
/etc/security/user
to fo
Display /etc/motd
/etc/profile
Enter login shell $HOME/.profile
ec vo

Figure 13-3. Console login sequence AN123.0
Notes:
oy si
Introduction
u
When a user attempts to log in, AIX checks a number of files to determine if entry is
permitted to the system and, if permitted, what parts of the system the user can access.
cl
This section provides an overview of the checks performed during the login process.
The getty process
Ex
Ports set up for login are listed in the /etc/inittab. When init runs, a getty process is
started for each port in the list providing a login prompt on the terminal attached to that
port. The actual message displayed, also known as the herald, by the getty process is
defined in /etc/security/login.cfg. Once the message is displayed, the getty process
pr
waits for a user to make a login attempt.

Non-console logins
If logging in using a network utility like telnet, it’s similar to a console login, except that
the service daemon (such as telnetd) is the parent process rather than a getty process.
In addition, some network services, such as ssh and rlogin, do not use login.cfg.
Student Notebook
Entry of username and password

When a user is ready to log in, they enter their user name at the login prompt. The login
program is passed the user name and password. The login credentials are checked
against /etc/passwd and /etc/security/passwd files.
Validation
If the password is incorrect or if an invalid user name was given, then the login fails, and
.I. n
an entry is made in the file /etc/security/failedlogin. Use the command who
/etc/security/failedlogin to view this file. The number of failed attempts is also tracked
.T ció
(by user account) in /etc/security/lastlog. The login prompt is redisplayed for another
attempt. It is possible to set the characteristics for a user to prevent unlimited attempts
on an account. If the number of attempts exceeds the maximum allowable failed
.
attempts, the account is locked. If a user successfully enters the user name and
C
password, the usw stanza in /etc/security/login.cfg is checked. This stanza sets the
.F a
maximum number of concurrent logins for a user account. If that number is exceeded,
the login is denied and a message is displayed to the user.
C rm
Setup of user's environment
If everything is successful to this point, then the user's environment is set using
/etc/environment, /etc/security/environ, /etc/security/limits, and /etc/security/user.
to fo
The login program sets the current directory to the user's HOME directory and displays
the content of /etc/motd (if no .hushlogin file is found in the HOME directory), the date
of the last successful login, and the number of unsuccessful login attempts since the
last successful login.
ec vo
Passing of control to shell

Finally, control is passed to the login shell (as defined in /etc/passwd) which will read
/etc/environment and run /etc/profile and $HOME/.profile when using Korn or Bourne
oy si
shells.
Results of a user logging out
u
When a user logs out, the shell terminates and a new getty process is spawned for that
cl
port.
Ex
pr
V8.2
Student Notebook
Uempty
Login related attributes

IBM Power Systems
• Change the login herald:

# chsec –f /etc/security/login.cfg –s default \
.I. n
-a herald=“Authorized use only. \n\rlogin:”
.T ció
• Change the password prompt:
.
# chsec –f /etc/security/login.cfg –s default \
C
-a pwdprompt=“\n\rAuthentication required: ”
.F a
C rm
• Change max time to complete login after prompt:
# chsec –f /etc/security/login.cfg –s usw \
-a logintimeout=30
to fo
• See login.cfg man page for other login attributes.
ec vo

Figure 13-4. Login related attributes AN123.0
Notes:
oy si
A herald is the message that is displayed at an enabled terminal or in response to any

initial network connection (telnet and login commands). It is a good practice to have words
u
that make it clear that only authorized persons should be logging into the system. This and
other login related attributes are defined in /etc/security/login.cfg. You can also customize
cl
the login prompt. The only line command that will modify this file is chsec.
Some facilities make it practice of tightening up how long a login prompt can be
Ex
outstanding without an actual login,

Below are descriptions of the login related attributes.
• herald: This attribute specifies the initial message to be printed out when getty or login
pr
prompts for a login name. This value is a string that is written out to the login port. If the
herald is not specified, then the default herald is obtained from the message catalog
associated with the language set in /etc/environment.
• logintimes: This attribute defines the times a user can use this port to login.
Student Notebook
• logindisable: This attribute defines the number of unsuccessful login attempts before
this port is locked. Use this in conjunction with logininterval.
• logininterval: This attribute defines the number of seconds during which logindisable
unsuccessful attempts must occur before a port is locked.
• loginreenable: This attribute defines the number of minutes after a port is locked, that it
automatically unlocked.
.I. n
• logindelay: This attribute defines the delay in seconds between unsuccessful login
attempts. This delay is multiplied by the number of unsuccessful logins. Therefore, if the
.T ció
value is two, then the delay between unsuccessful logins is two seconds, then four
seconds, then six seconds, and so forth.
Other security attributes (usw stanza):
.
C
• shells: The list of valid login shells for a user; chuser and chsh will only change a user's
.F a
login shell to one of the shells listed here.
C rm
• maxlogins: This attribute defines the maximum number of simultaneous logins allowed
on the system.
• logintimeout: This attribute defines the number of seconds the user is given to enter
their password.
to fo
• auth_type: This attribute determines whether PAM or the standard UNIX authentication
mechanism will be used by PAM-aware applications. Valid values: STD_AUTH,
PAM_AUTH
ec vo
• The chsec command: Changes to the /etc/security/login.cfg file can be done by the
command chsec:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt="Password:"
oy si
To reset to the default value:

# chsec -f /etc/security/login.cfg -s default -a pwdprompt=
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Security logs
IBM Power Systems
/var/adm/sulog Audit trail of su activity
.I. n
.T ció
/var/adm/wtmp Log of successful logins
.
C
.F a
/etc/utmp List of users currently
C rm
to fo logged in
/etc/security/failedlogin Information on failed

login attempts
ec vo

Figure 13-5. Security logs AN123.0
Notes:
oy si
The sulog file

u
The sulog file is an ASCII text file that can be viewed with more or pg. In the file, the
following information is recorded: date, time, terminal name, and login name. The file
cl
also records whether the login attempt was successful, and indicates a success by a
plus sign (+) and a failed login by a minus sign (-).
Ex
The utmp and wtmp files

The /etc/utmp file contains a record of users logged into the system, and the
/var/adm/wtmp file contains connect-time accounting records. To obtain information
from either file use the who command with the file name. The who command normally
pr
examines the /etc/utmp file, but you can specify either one of the files just mentioned
as an argument to the command.
The last command
The last command can also be used to display, in reverse chronological order, all
previous logins and logoffs still recorded in the /var/adm/wtmp file. The
Student Notebook
/var/adm/wtmp file collects login and logout records as these events occur, and holds
them until the records are processed by the accounting commands.
For example:
# last root displays all the recorded logins and logoffs by the user root.
# last reboot displays the time between reboots of the system.
The utmpd daemon
.I. n
AIX 5L V5.2 introduced a new daemon called utmpd to manage the entries in the
.T ció
/etc/utmp file. This daemon monitors the validity of the user process entries at regular
intervals. The default interval time would be 300 seconds. The syntax of the command
is:
.
/usr/sbin/utmpd [ Interval ]
C
.F a
To start utmpd from the /etc/inittab, add the following entry to the file:
C rm
utmpd:2:respawn:/usr/sbin/utmpd
The failedlogin file
The /etc/security/failedlogin file maintains a record of unsuccessful login attempts.
The file can be displayed using the who command with the file as an argument.
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
User environment setup

IBM Power Systems
LOGIN
.I. n
Establishes base environment
/etc/environment sets PATH, TZ, LANG, and
.T ció
NLSPATH
.
Shell script run at all logins
C
/etc/profile sets TERM, MAILMSG, and
.F a
MAIL
C rm
User's personal file to
$HOME/.profile customize their environment
PATH, ENV, PS1
to fo
User's personal file to customize
$HOME/.kshrc the Korn shell environment
set –o vi, alias
ec vo

Figure 13-6. User environment setup AN123.0
Notes:
oy si
The /etc/environment file

u
/etc/environment is used to set variables. No commands should be placed in this file.

Only root can change this file.
cl
The /etc/profile file

/etc/profile will be read and executed during every login. Like the /etc/environment file,
Ex
this file can be changed only by root.

The $HOME/.profile and $HOME/.kshrc files can be customized by the user. The user can
overwrite any variable set in /etc/environment and /etc/profile.
pr
Common Desktop Environment (CDE) considerations

If you are using CDE, .profile is not read by default. In the user’s HOME directory, the
.dtprofile file is used to establish the environment when working with CDE. .dtprofile
replaces the function of .profile in the CDE environment. If you want to use both, in the
.dtprofile, uncomment the line near the end of the file that references the
DTSOURCEPROFILE variable.
Student Notebook
Customizing default user setup

IBM Power Systems
/etc/security/mkuser.default
mkuser /etc/passwd
.I. n
user:
pgrp = staff
.T ció
groups = staff
shell = /usr/bin/ksh
home = /home/$USER mkuser.sys
.
…. • shell script
C
.F a
• Build home directory
/etc/security/.profile
C rm
• Copies default .profile to home directory
• Set permissions and ownerships
to fo
ec vo

Figure 13-7. Customizing default user setup AN123.0
Notes:
oy si
Rather than require each user to learn how to setup their own .profile customization, many
system admins define how the user environments should be initially setup. Less common,
u
but possible, is changing the defaults of the /etc/passwd fields for new users
cl
The /etc/passwd fields are determined by the stanza oriented mkuser.default file. It has a
stanza for ordinary users and another stanza for administrative users.
Ex
The mkuser command invokes the mkuser.sys shell script. This provided script will build
the user’s home directory, copy the /etc/security/.profile to the home directory, and then
set appropriate ownership and permissions on the home directory and it’s contents. After
making a copy of the original script, it can be modified to create additional files in the user’s
pr
home directory. For example, you might want to create a .kshrc file.
Resources involved in user creation process
The following resources are involved in the user creation process:
• Default ID numbers stored in /etc/security/.ids
• The /usr/lib/security/mkuser.sys shell script used to set up a user ID.
V8.2
Student Notebook
Uempty • Default values for characteristics stored in /usr/lib/security/mkuser.default

• Default values for characteristics stored in /etc/security/user
• The default .profile stored in /etc/security/.profile
Some of these resources are discussed further in the material that follows.
The /usr/lib/security/mkuser.default file
.I. n
The /usr/lib/security/mkuser.default file contains the defaults for the mkuser command.
This file can only be edited by the root user. This file contains the following information:
.T ció
user:
pgrp = staff
groups = staff
.
C
.F a
home = /home/$USER
admin:
C rm
pgrp = system
groups = system
home = /home/$USER
to fo
The user stanza of this file is picked up if an ordinary user is being added, and the admin
stanza is picked up, if an administrative user is being added.
The /etc/security/.ids file
ec vo
If the user ID is not specified, then a default ID number is chosen from the
/etc/security/.ids file. Administrative users are given IDs starting from six, and normal
users are given IDs starting from 200.
oy si
The /usr/lib/security/mkuser.sys shell script

The shell script /usr/lib/security/mkuser.sys is run during the user creation process.
u
This creates the user's home directory and creates the .profile file. This shell script can be
modified to perform any function that is required when setting up the user.
cl
List of user characteristics

The full list of user characteristics contains entries which are not often used. Many of these
Ex
fields may be left empty with no ill effect. For the complete list, refer to SMIT (fastpath smit
mkuser).
pr
Student Notebook
Message of the day

IBM Power Systems
• The file /etc/motd contains text that is displayed every time after a
user successfully logs in, prior to the shell prompt.
• This file should only contain information necessary for the users to see.
.I. n
• Existence of a $HOME/.hushlogin file blocks MOTD display.
.T ció
.
******************************************************************
******************************************************************
C
** **
.F a
** AIX
AIX Version
Version 7.1
7.1 TL
TL 01
01 **
** Education
Education AIX AN12 Build version
AIX AN12 Build version 318
318 **
C rm
** **
** The system will be down for maintenance from Saturday 23:00
The system will be down for maintenance from Saturday 23:00 **
** until
until Sunday
Sunday 22:00
22:00 **
******************************************************************
******************************************************************
to fo
nimmaster:/
nimmaster:/
ec vo

Figure 13-8. Message of the day AN123.0
Notes:
oy si
Using the /etc/motd file

u
The message of the day (motd) is a convenient way to communicate information, such as
installed software version numbers or current system news, to all users. The message of
cl
the day is contained in the /etc/motd file. To change the message of the day, simply edit
this file.
Ex
pr
V8.2
Student Notebook
Uempty
Blocked user accounts

IBM Power Systems
• Check on cause of user problem:

# usrck –l –n user_name
– Also examine user’s $HOME/.profile
.I. n
.T ció
• Locked account:
# chuser –a account_locked=false user_name
# chsec –f /etc/security/user –s username \
.
–a account_locked=false
C
.F a
• Exceeded password retry limit:
C rm
# chsec –f /etc/security/lastlog -s user_name \
-a unsuccessful_login_count=0
• Adjust failed password retry limit:

to fo
# chuser –a loginretries=5
# chsec -f /etc/security/user –s user_name \
–a loginretries=5
ec vo

Figure 13-9. Blocked user accounts AN123.0
Notes:
oy si
In /etc/security/lastlog:
u
• unsuccessful_login_count: Specifies the number of unsuccessful login attempts

since the last successful login. The value is a decimal integer. This attribute works in
cl
conjunction with the user's loginretries attribute, specified in the /etc/security/user

file, to lock the user's account after a specified number of consecutive unsuccessful
login attempts. Once the user's account is locked, the user will not be able to log in until
Ex
the system administrator resets the user's unsuccessful_login_count attribute to be

less than the value of loginretries. To do this, enter the following:
chsec -f /etc/security/lastlog -s username -a \ unsuccessful_login_count=0
pr
In /etc/security/user:
• account_locked: This attribute defines whether the account is locked. Locked
accounts cannot be used for login or su. Possible values: true or false
• loginretries: This attribute defines the number of invalid login attempts before a user is
not allowed to login. Possible values: a positive integer or 0 to disable this feature
Student Notebook
Prevent vulnerable passwords (1 of 3)

IBM Power Systems
• Password restriction attributes in /etc/security/user

– Update for a particular user with chuser or smit chuser
.I. n
– Update default stanza with chsec
.T ció
• Force periodic change of passwords
– maxage: Password MAX. AGE
.
– pwdwarntime: Days to WARN USER before password expires
C
.F a
• Prevent reuse of previous passwords
C rm
– histexpire: WEEKS before password reuse
– histsize: NUMBER OF PASSWORDS before reuse
to fo
• Discourage repeating characters
– maxrepeats: Password MAX. REPEATED characters
ec vo

Figure 13-10. Prevent vulnerable passwords (1 of 3) AN123.0
Notes:
oy si
Security is only as good as the passwords being used. The /etc/security/user files has
many attributes that assist you in enforcing best practices as regards password
u
management. While it is possible to set these on a user by user basis with chuser or SMIT,
you will likely want to set default values using the chsec command. The descriptions in the
cl
visual provide first the attribute name and then the SMIT field name. This convention is also
used on the following visuals.
Ex
• maxage: This attribute defines the maximum number of weeks a password is valid. The
default is 0, which is equivalent to unlimited. Possible values: 0 to 52
• pwdwarntime: This attribute defines the number of days before a forced password
pr
change warning informs the user of the impending password change. Possible values:
a positive integer or 0 to disable this feature
• histexpire: This attribute defines the period of time in weeks that a user will not be able
to reuse a password. Possible values: an integer value between 0 and 260. 26
(approximately 6 months) is the recommended value
V8.2
Student Notebook
Uempty • histsize: This attribute defines the number of previous passwords which cannot be
reused. Possible values: an integer between 0 and 50
• minage: This attribute defines the minimum number of weeks between password
changes. The default is 0. Possible values: 0 to 52
• maxexpired: This attribute defines the maximum number of weeks after maxage that
an expired password can be changed by a user. The default is -1, which is equivalent to
unlimited. Possible values: -1 to 52. maxage must be greater than 0 for maxexpired to
.I. n
be enforced (root is exempt from maxexpired)
.T ció
• maxrepeats: This attribute defines the maximum number of times a given character
can appear in a password. The default is 8, which is equivalent to unlimited. Possible
values: 0 to 8
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook

IBM Power Systems
• Prohibit particular words or substrings

– dictionlist: path to Password DICTIONARY FILES listing
.I. n
prohibited passwords
– Sample dictionary:
.T ció
/etc/security/aixpert/dictionary/English
.
• Special dictionary entries:
C
.F a
$USER
C rm
• Block use of the users login name as any part of a password
*<regular_expression>
• Block use of any password that matches the regular expression
to fo
• Must be preceded with the asterisk (*) character
• For example, to block passwords ending in 123:
*.*123$
ec vo

Notes:
oy si
The dictionlist user attribute defines the password dictionaries used when checking new
passwords. The format is a comma separated list of absolute path names to dictionary
u
files. A dictionary file contains one word per line where each word has no leading or trailing
white space. Words should only contain 7 bit ASCII characters. All dictionary files and
cl
directories should be write protected from everyone except root. The default is valueless
which is equivalent to no dictionary checking.
Ex
A sample dictionary list is provided and there are other variations available from other
sources.
AIX 7.1 introduced two enhancements to the dictionlist capability. One is the recognition of
pr
a $USER entry. This will result in the rejection of not only a password which is the same as
the username, but of any password that has the username as a subset. The other
enhancement is the ability to pattern match passwords using regular expressions; this
provides a powerful method for identifying many passwords as easily guessed without
having to enumerating every possible variation. The regular expression must be proceeded
with an * (asterisk, splat) in the first column.
V8.2
Student Notebook
Uempty

IBM Power Systems
• Encourage mixture of character types.

minlen
.I. n
minalpha minother
minloweralpha minupperalpha mindigit minspecialcharacter
.T ció
• Subset minimums cannot exceed superset minimums.
.
C
.F a
• Default encryption only supports the first eight characters.
C rm
– See course AN57 on configuring for long passwords.
• If using LDAP, the LDAP server will handle password rule

to fo
enforcement instead.
ec vo

Notes:
oy si
Not only can a minimum number of characters be required in a password, but you can
requires a mixture of different types of characters, The major subset minimums are
u
minalpha (alphabetic) and minother (non-alphabetic). they can not total more than minlen.
cl
AIX 7.1 induced the ability to be even more specific about the type characters. You can
now distinguish between upper and lower case alphabetic characters. You can also
distinguish between numbers and other non-alphabetic characters
Ex
Here are the user attributes with their descriptions.

• minalpha: This attribute defines the minimum number of alphabetic characters in a
password. The default is 0. Possible values: 0 to 8
pr
• minother: This attribute defines the minimum number of non-alphabetic characters in a

password. The default is 0. Possible values: 0 to 8
• minlen: This attribute defines the minimum length of a password. The default is 0.
Range: 0 to 8
Student Notebook
Note that the minimum length of a password is determined by minlen and/or “minalpha
+ minother”, whichever is greater. “minalpha + minother” should never be greater than
8. If “minalpha + minother” is greater than 8, then minother is reduced to “8 - minalpha”.
• minloweralpha: This attribute defines the minimum number of lower case alphabetic
characters that must be in a new password. The value is a decimal integer string. The
default is a value of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.
• minupperalpha: This attribute defines the minimum number of upper case alphabetic
.I. n
characters that must be in a new password. The value is a decimal integer string. The
.T ció
default is a value of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.
• mindigit: This attribute defines the minimum number of digits that must be in a new
password. The value is a decimal integer string. The default is a value of 0, indicating
.
no minimum number. Range: 0 to PW_PASSLEN.
C
.F a
• minspecialchar: This attribute defines the minimum number of special characters that
must be in a new password. The value is a decimal integer string. The default is a value
C rm
of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Topic summary
IBM Power Systems

• Understand the login sequence and initialization process
.I. n
• Customize login and password prompt behavior
.T ció
• Use security logs
• Customize the default user setup
.
• Manage user access issues
C
.F a
• Establish user password restrictions
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty 13.2.Basics of enhanced RBAC
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Basics of enhanced RBAC

IBM Power Systems

• Understand the key elements of enhanced RBAC
.I. n
• Identify the AIX predefined roles and assign one to a user
.T ció
• As a user: List roles, activate, and de-activate a role
.
C
.F a
C rm
to fo
ec vo

Figure 13-14. Basics of enhanced RBAC AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
RBAC overview
IBM Power Systems
• RBAC configuration is stored within the Kernel Security Tables (KST).
.I. n
1
.T ció
Roles
.
Authorizations
C
Manage Devices
.F a
Create 2
System WPARs
Operating System Administration
C rm
Users
Privileged commands and files

Command= /usr/sbin/shutdown
Auth = aix.system.boot.shutdown Roles
to fo
System Operator System
Administrator
User and Group Account
Administration
ec vo

Figure 13-15. RBAC overview AN123.0
Notes:
oy si
There are over 250 built in pre-defined authorizations, such as manage devices, create
WPARs, and perform OS administration. To view all authorizations, type: # lsrole ALL.
u
Authorizations are assigned to commands and files which are considered privileged. By
cl
privileged, we mean that we want to allow them to bypass traditional access controls.
These authorizations are then assigned to roles which, in turn, are assigned to users.
Users can then switch roles to perform the necessary administrative actions.
Ex
Custom user-defined authorizations and roles can also be created. However, this requires
the kernel security tables to be updated. To do this, execute the setkst command.
pr
Student Notebook
RBAC defined roles and authorizations

IBM Power Systems
## lsrole
lsrole -c
-c -a
-a dfltmsg
dfltmsg ALL
ALL |grep
|grep -v
-v "#name"|grep
"#name"|grep ":"
":"
AccountAdmin:User and Group Account Administration
AccountAdmin:User and Group Account Administration
BackupRestore:Backup
BackupRestore:Backup and
and Restore
Restore Administration
Administration
.I. n
DomainAdmin:Remote Domain Administration
DomainAdmin:Remote Domain Administration
FSAdmin:File
FSAdmin:File System
System Administration
Administration
.T ció
SecPolicy:Security
SecPolicy:Security Policy Administration
Policy Administration
SysBoot:System
SysBoot:System Boot
Boot Administration
Administration
SysConfig:System
SysConfig:System Configuration
Configuration Administration
Administration
Roles
.
isso:Information
isso:Information System Security
System Security Officer
Officer
C
sa:System
sa:System Administrator
Administrator
.F a
so:System Operator
so:System Operator
C rm
## lsauth
lsauth -f
-f ALL
ALL |grep
|grep dfltmsg
dfltmsg |sed
|sed 's:dfltmsg=::g'
's:dfltmsg=::g'
Device
Device Administration
Administration
Configure
Configure Devices
Devices
Configure
Configure MPIO Devices
MPIO
to fo
Devices
Configure
Configure Printers
Printers Authorizations
Configure
Configure the
the Random
Random Device
Device
…….removed
…….removed for
for clarify
clarify ……
ec vo

Figure 13-16. RBAC defined roles and authorizations AN123.0
Notes:
oy si
There are, by default, 10 predefined system roles and 254 authorizations. They can be
listed with the lsrole and lsauth commands respectively.
u
To list the roles and the assigned authorizations, type:

cl
# lsrole -f -a authorizations dfltmsg ALL |grep -p dfltmsg

Role Definitions:
Ex
isso - Information system security officer

The ISSO role is responsible for creating and assigning roles, and is thus the most
powerful user-defined role on the system. Some of the ISSO responsibilities include:
pr
• Establishing and maintaining security policy

• Setting passwords for users
• Network configuration
• Device administration
V8.2
Student Notebook
Uempty sa - System administrator

The SA role provides the functionality for daily administration and is responsible for:
• User administration (except password setting)
• File system administration
• Software installation update
.I. n
• Network daemon management
• Device allocation
.T ció
so - System operator
The SO role provides the functionality for day to day operations and is responsible for:
.
• System shutdown and reboot
C
.F a
• File system backup, restore, and quotas
C rm
• System error logging, trace, and statistics
• Workload administration
AccountAdmin - User and group account administrator
to fo
The AccountAdmin role provides the functionality for users and group definitions and is
responsible for:
• Define, modify, and remove users
ec vo
• Define, modify, and remove groups

BackupRestore - Backup and restore administrator
The BackupRestore role provides the functionality for backup and restore operations for file
oy si
systems, using various commands such as:

• cpio, pax, tar, backup and restore
u
DomainAdmin - Remote domain administrator

The DomainAdmin role provides the functionality for managing network security
cl
mechanisms such as:

• kerberos, ldap, NIS, and PKI
Ex
FSAdmin - File system administrator

The FSAdmin role provides the functionality for managing file systems and has the ability
to:
pr
• Create, modify, and remove file systems

• Mount and unmount file systems
• Defrag file systems
• Format file system logs
Student Notebook
• Manage file system user quotas

• Create and manage JFS2 snapshots
SecPolicy - Security policy administrator
The SecPolicy role provides the functionality for security administration and is responsible
for most of what the ISSO covers, except for:
• Domain Administration
.I. n
• System Configuration
.T ció
SysBoot - System boot administrator
The SysBoot role provides the functionality for system shutdown and booting through the
.
facilities for:
C
• halt, shutdown, and reboot
.F a
SysConfig - System configuration
C rm
The SysConfig role provides the functionality for system configuration and is responsible
for such components as:
• inittab
to fo
• System console
• Kernel extensions
• uname
ec vo
• Resource sets
• Date and time zone
• Software license management
oy si
• Performance tunables
u
• Diagnostics
cl
Ex
pr
V8.2
Student Notebook
Uempty
RBAC (basic) implementation steps

IBM Power Systems
• Steps to configure RBAC

1. Ensure RBAC is enabled (default true).
.I. n
## lsattr
lsattr -El
-El sys0
sys0 || grep
grep RBAC
RBAC
.T ció
enhanced_RBAC
enhanced_RBAC true
true Enhanced
Enhanced RBAC
RBAC Mode
Mode
2. Plan which predefined administration roles need to be assigned to
.
users.
C
.F a
3. Assign AIX predefined roles to the relevant users.
C rm
• Using chuser command
4. User would then switch to the role and perform the necessary
to fo
operations.
• To switch roles, use swrole command
ec vo

Figure 13-17. RBAC (basic) implementation steps AN123.0
Notes:
oy si
A key part in implementing RBAC, is planning. Start by making a note of all the
administration tasks which may need to be performed, then allocate them to roles, and
u
assign the roles to user ids.

cl
RBAC is enabled by default in AIX starting with version 6.1), and can be checked with the
lsattr command as shown on the visual.
Ex
pr
Student Notebook
RBAC example (1 of 2)
IBM Power Systems
• Example: Let's give permission for user, alex, to start, stop,

and reboot the system.
.I. n
– First, find the predefined role.
.T ció
## lsrole
lsrole -f-f -a
-a authorizations
authorizations dfltmsg
dfltmsg ALL
ALL |grep
|grep -p
-p dfltmsg
dfltmsg || \\
grep
grep -p
-p shutdown
shutdown
SysBoot:
SysBoot:
.
authorizations=aix.system.boot.halt,aix.system.boot.info,aix.syst
authorizations=aix.system.boot.halt,aix.system.boot.info,aix.syst
em.boot.reboot,aix.system.boot.shutdown
em.boot.reboot,aix.system.boot.shutdown
C
.F a
dfltmsg=System
dfltmsg=System Boot
Boot Administration
Administration
C rm
– Add the ‘SysBoot’ role to user alex.
## chuser
chuser roles=SysBoot
roles=SysBoot alex
alex Confirm the
SysBoot role has
been allocated to
to fo
## rolelist
rolelist -u
-u alex
alex user alex.
SysBoot
SysBoot System
System Boot
Boot Administration
Administration
ec vo

Figure 13-18. RBAC example (1 of 2) AN123.0
Notes:
oy si
The visual demonstrates how to provide a user with the capability to start, stop, and reboot
the system.
u
If you are not sure if the system authorization, aix.system.boot.shutdown, contains the
cl
shutdown command, then the RBAC privileged command file can be checked (stored in
/etc/security), as follows:
Ex
/etc/security # grep shutdown privcmds

/usr/sbin/exec_shutdown:
accessauths = aix.system.boot.shutdown
/usr/sbin/shutdown:
pr
accessauths = aix.system.boot.shutdown
V8.2
Student Notebook
Uempty
RBAC example (2 of 2)
IBM Power Systems
– As user alex, shut down and reboot the system.

alex
alex $$ rolelist
rolelist Lists the assigned
.I. n
SysBoot
SysBoot System
System Boot
Boot Administration
Administration roles
alex
alex $$ rolelist
rolelist -e
-e
.T ció
rolelist: Lists the active
rolelist: There is no
There is no active
active role
role set
set roles
alex
alex $$ rolelist
rolelist -a
-a
SysBoot aix.system.boot.create
.
SysBoot aix.system.boot.create
aix.system.boot.halt
C
aix.system.boot.halt Lists the assigned
.F a
aix.system.boot.info
aix.system.boot.info authorizations
aix.system.boot.reboot
aix.system.boot.reboot
C rm
aix.system.boot.shutdown
aix.system.boot.shutdown
alex Switch to role
alex $$ swrole
swrole SysBoot
SysBoot
SysBoot
alex
alex $$ alex's
alex's Password:
Password:
SysBoot role is
alex
alex $$ rolelist -e
to fo
rolelist -e now active
SysBoot
SysBoot System
System Boot
Boot Administration
Administration
alex
alex $$ shutdown
shutdown –Fr
–Fr Perform a system
reboot.
ec vo

Figure 13-19. RBAC example (2 of 2) AN123.0
Notes:
oy si
The rolelist command provides role and authorization information to the invoker, about
their current roles, or the roles assigned to them.
u
The swrole command creates a new role session, spawned in a sub shell, with the roles
cl
that are specified by the role parameter (in this example, SysBoot). To exit the new role sub
shell, type:
Ex
# exit rolelist –e or # exit rolelist SysBoot

pr
Student Notebook
Topic summary
IBM Power Systems

• Understand the key elements of enhanced RBAC
.I. n
• Identify the AIX predefined roles and assign it to a user
.T ció
• As a user: List roles, activate, and de-activate a role
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
1. If an ordinary user forgets their password, can the system

administrator find out by querying the system as to what the user’s
password was set to? Why or why not?
.I. n
.T ció
2. True or False: An asterisk (mary:*:) in the second field of the
/etc/passwd file means there is a valid password set in the shadow
password file for user mary.
.
C
.F a
3. Password restrictions are set in which of the following files?
C rm
a. /etc/passwd
b. /etc/security/passwd
c. /etc/security/restrictions
to fo
d. /etc/security/user
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
4. True or False: Enhanced RBAC comes with several

predefined roles.
.I. n
.T ció
5. True or False: Once a user is assigned a role, the user
immediately can use the related authorizations.
.
C
.F a
6. What is the command that will list your assigned roles?
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Security and user
administration: Part two
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 14. Scheduling and time

This unit describes how jobs can be scheduled on the system.
.I. n
.T ció
• Explain the role of the cron daemon
.
• Use crontab files to schedule jobs on a periodic basis
C
.F a
• Use the at command to schedule a job or series of jobs at some
time in the future
C rm
• Use the batch command to schedule jobs in a queue in order to
alleviate immediate system demand
• Explain and set the system time
to fo
• Describe and set the time zone variable
• Configure basic NTP clients
ec vo

oy si
• Machine exercise
u
References
cl
Online AIX 7.1 Commands Reference

AIX 7.1 Files Reference
Ex
AIX Version 7.1 Operating system and device

management
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
• Use the at command to schedule a job or series of jobs at
some time in the future
.
• Use the batch command to schedule jobs in a queue in
C
.F a
order to alleviate immediate system demand
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
The cron daemon

IBM Power Systems
• Responsible for running scheduled jobs
.I. n
• Starts:
.T ció
– crontab command events
(regularly scheduled jobs)
.
C
.F a
– at command events
(one time only execution at specified time)
C rm
– batch command events
(run when CPU load is low)
to fo
ec vo

Figure 14-2. The cron daemon AN123.0
Notes:
oy si
Function of the cron daemon

u
The system process that enables batch jobs to be executed on a timed basis, is the
cron daemon. Many people rely on cron to execute jobs. Jobs are submitted to the
cl
cron daemon in a number of different ways:

• The at and batch facilities are used to submit a job for one-time execution.
Ex
• crontab files are used to execute jobs periodically - hourly, daily, weekly.
Starting of cron
The cron process is usually started at system startup by /etc/inittab. It runs constantly
pr
as a daemon. If killed, it is automatically restarted.

Changing how cron event types are handled
The /var/adm/cron/queuedefs file defines how the system handles different cron
daemon event types. The file specifies the maximum number of processes per event
type to schedule at one time, the nice value of the event type, and how long to wait
Student Notebook
before retrying to execute a process. This file is empty as shipped, but can be modified
to change how the cron daemon handles each event type.
For example, by default, crontab events are inspected every 60 seconds, run at a nice
value of 2 higher than the default, and there may be up to 100 executing
simultaneously.
This may be changed by modifying the /var/adm/cron/queuedefs file.
.I. n
For example, if crontab jobs were to run at a nice value of 10 higher than the default,
with files inspected every two minutes, and with up to 200 jobs allowed, then the
.T ció
following entry should be made to the file:
c.200j10n120w
.
| | | |
C
| | | wait period (in seconds)
.F a
| | |
| | nice value
C rm
| |
| jobs
|
cron
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
crontab files
IBM Power Systems
• Used to start regularly occurring jobs
.I. n
• Schedule is defined in:
.T ció
/var/spool/cron/crontabs/$USER
.
• Files to control crontab privileges of users:
C
.F a
– /var/adm/cron/cron.deny lists users who cannot use crontab
C rm
– /var/adm/cron/cron.allow lists users who can use crontab
• An empty cron.deny exists by default.

to fo
ec vo

Figure 14-3. crontab files AN123.0
Notes:
oy si
Scheduling a job
The cron daemon starts processes at specified times. It can be used to run regularly
u
scheduled jobs using files in the /var/spool/cron/crontabs directory, or it can be used

to schedule a command for one-time-only execution using the at command.
cl
The /var/adm/cron/cron.deny file

All users by default have the privilege to set up scheduled jobs to be monitored by cron.
Ex
This is because the file /var/adm/cron/cron.deny, which denies privileges to users,

exists and is empty. As the administrator, you can restrict access to cron by adding user
names to this text file.
The /var/adm/cron/cron.allow file
pr
Another file that also restricts users’ privileges, is /var/adm/cron/cron.allow. To use

this file, you should remove the cron.deny file and create the cron.allow file to list the
users that are allowed to use cron. If cron.allow exists and is empty, no user is able to
use cron, that includes root. If both cron.allow and cron.deny exist, then cron.allow
is the file that is used. If neither cron.allow nor cron.deny exists, then only root can
use cron.
Student Notebook
Format of a crontab file

IBM Power Systems
• Format of entries:
– minute hour date-of-month month day-of-week command
.I. n
• To view current crontab:
.T ció
– # crontab -l
.
...
...
C
#0
#0 33 ** ** ** /usr/sbin/skulker
/usr/sbin/skulker
.F a
#45
#45 2 * * 0 /usr/lib/spell/compress
2 * * 0 /usr/lib/spell/compress
#45
#45 23 * * * ulimit
23 * * * ulimit 5000;
5000; /usr/lib/smdemon.cleanu
/usr/lib/smdemon.cleanu >> /dev/null
C rm
/dev/null
00 11 * * * /usr/bin/errclear -d
11 * * * /usr/bin/errclear -d S,O 30 S,O 30
00 12
12 ** ** ** /usr/bin/errclear
/usr/bin/errclear -d
-d HH 90
90
00 15
15 * * * /usr/lib/ras/dumpcheck >/dev/null
* * * /usr/lib/ras/dumpcheck >/dev/null 2>&1
2>&1
to fo
0,30,45
0,30,45 * * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null
* * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null
...
...
ec vo

Figure 14-4. Format of a crontab file AN123.0
Notes:
oy si
Viewing a crontab file

u
Each user can view their crontab file by using the command crontab -l.
The user’s crontab file contains the schedule of jobs to be run on behalf of that user.
cl
There is a separate crontab file for each user of the crontab facility. This file is located
in /var/spool/cron/crontab/$USER.
Ex
Format of crontab file entries

The format for the lines in this file is as follows:
minute (0-59)
pr
hour (0-23)
date of the month (1-31)
month of the year (1-12)
day of the week (0-6, where 0=Sunday, 1=Monday, and so forth)
command
V8.2
Student Notebook
Uempty Fields are separated by spaces or tabs. To indicate a field is always true, use an
asterisk (*). To indicate multiple values in a field, use a comma (,). A range can also be
specified by using a hyphen (-).
Examples of crontab entries
Here are some examples of crontab entries:
• To start the backup command at midnight, Monday through Friday:
.I. n
0 0 * * 1-5 /usr/sbin/backup -0 -u -q -f /dev/rmt0
.T ció
• To execute a command called script1 every 15 minutes between 8 a.m. and 5 p.m.,
Monday through Friday:
0,15,30,45 8-17 * * 1-5 /home/team01/script1
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Editing a crontab file

IBM Power Systems
• One way to edit a crontab file:

## crontab
crontab -e
-e
.I. n
.T ció
• A safer method:
.
C
## crontab
crontab -l
-l >> /tmp/crontmp
/tmp/crontmp
.F a
## vi
vi /tmp/crontmp
/tmp/crontmp
C rm
## crontab
crontab /tmp/crontmp
/tmp/crontmp
to fo
ec vo

Figure 14-5. Editing a crontab file AN123.0
Notes:
oy si
Creating or updating a crontab file

u
To schedule a job, you must create a crontab file. The cron daemon keeps the
crontab files in memory, so you cannot update the crontab entries by just modifying
cl
the file on disk.

Using crontab -e to edit the crontab file
Ex
To edit the crontab file, one method is to use crontab -e. This opens your crontab file
with the editor set with the EDITOR variable. Edit the file as you normally would any file.
When the file is saved, the cron daemon is automatically refreshed.
Another method of updating your crontab file
pr
The crontab -l command always shows the crontab file that cron is using on your
behalf. Another method to update the file is to use the command crontab -l >
mycronfile. This command creates a copy of the current crontab file and enables you
to safely edit the mycronfile file without affecting the current crontab file. To submit
your changes, use the command: crontab mycronfile. The content of the mycronfile
V8.2
Student Notebook
Uempty file replaces the content of your file in the crontab directory, and refreshes the cron
daemon, all at once. Now, you also have a backup of the crontab file in mycronfile.
Removing your crontab file
Use the command crontab -r if you would like to remove your current crontab file.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
The at and batch commands

IBM Power Systems
• The at command submits a uniquely occurring job to be run

by cron at a specified time.
.I. n
## at
at 55 pm
pm Friday
Friday
banner
banner hello
hello >> /dev/pts/0
/dev/pts/0
.T ció
<ctrl-d>
<ctrl-d>
job
job user.time.a
user.time.a will
will be
be run
run at
at date
date
.
## for
for hosts
hosts in
in lpar50
lpar50 lpar51
lpar51 lpar52
C
lpar52
.F a
do
do
rsh
rsh $host
$host "echo
"echo '<<EOF
'<<EOF nohup
nohup shutdown
shutdown -Fr'
-Fr' || at
at now
now ""
C rm
done
done
• The batch command submits a job to be run when the

processor load is sufficiently low.
to fo
## batch
batch
banner
banner hello
hello world
world >> /dev/pts/0
/dev/pts/0
<ctrl-d>
<ctrl-d>
ec vo

Figure 14-6. The at and batch commands AN123.0
Notes:
oy si
Use of the at command

u
The at command submits a job for cron to run once, rather than on a recurring basis, at
a specified time. It reads the commands to execute from standard input. The at
cl
command mails you all output from standard output and standard error for the
scheduled commands, unless you redirect that output.
Ex
Examples of keywords or parameters that can be used with at are: noon, midnight, am,
pm, A for am, P for pm, N for noon, M for midnight, today, tomorrow.
The time can be specified as an absolute time or date (for example, 5 pm Friday), or
relative to now (for example, now + 1 minute).
pr
The Bourne shell is used by default to process the commands. If -c is specified the C
shell is run, and if -k is specified the Korn shell is run. If you specify the -m option, at
sends you mail to say that the job is complete.
Controlling use of at
The at command can only be used by root unless one of the following files exists:
V8.2
Student Notebook
Uempty /var/adm/cron/at.deny
If this file exists, anybody can use at, except those listed in it. An empty at.deny file
exists by default. Therefore, all users can use at by default.
/var/adm/cron/at.allow
If this file exists, only users listed in it can use at (root included).
Use of the batch command
.I. n
The batch command submits a job to be run when the processor load is sufficiently low.
.T ció
Like the at command, the batch command reads the commands to be run from
standard input and mails you all output from standard output and standard error for the
scheduled commands, unless you redirect that output.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Controlling at jobs
IBM Power Systems
• To list at jobs:
at -l [user]
atq [user]
.I. n
## at
at –l
–l
.T ció
root.1118077769.a
root.1118077769.a Mon
Mon Jun
Jun 66 10:09:29
10:09:29 2007
2007
root.1118078393.a
root.1118078393.a Mon
Mon Jun 6 10:19:53 2007
Jun 6 10:19:53 2007
test2.1118079063.a
test2.1118079063.a Mon
Mon Jun
Jun 66 10:31:03
10:31:03 2007
2007
.
C
• To cancel an at job:
.F a
at -r job
C rm
atrm [job | user]
## at
at -r
-r test2.1118079063.a
test2.1118079063.a
at
at file: test2.1118079063.a
file: test2.1118079063.a deleted
deleted
to fo
• To cancel all your at jobs:
atrm -
ec vo

Figure 14-7. Controlling at jobs AN123.0
Notes:
oy si
Listing at jobs
u
To list at jobs use the at -l command or the atq command. The root user can look at
another user's at jobs by using the command atq <user>.
cl
Removing at jobs
To cancel an at job, use at -r or atrm followed by the job number. Use the command
Ex
atrm - and place nothing after the hyphen (-), to cancel all of your jobs. The root user
can cancel all jobs for another user, using atrm <user>.
pr
V8.2
Student Notebook
Uempty
Documenting scheduling
IBM Power Systems
• Have a copy of each user’s crontab file

• Have a copy of the /etc/inittab file
.I. n
.T ció
Scheduling Records
.
C
.F a
C rm
to fo
ec vo

Figure 14-8. Documenting scheduling AN123.0
Notes:
oy si
Overview
u
It is important to have correct, up-to-date information regarding your system, in case of

an unexpected system failure.
cl
Maintain as much documentation as possible about all aspects of the system by

following the recommendations we have given throughout the course.
Ex
pr
Student Notebook
System clock
IBM Power Systems
• Internally, system time is the number of seconds since UNIX

epoch. ## date
date +"%s"
+"%s"
.I. n
1368877237
1368877237
.T ció
– The UNIX epoch is the time 00:00:00 UTC, 1 January 1970.
• For human comprehension, system time is converted into a
calendar time string.
.
## date
date
C
Sat
Sat May
May 18
18 13:40:37
13:40:37 CEDT
CEDT 2013
.F a
2013
C rm
• Conversions can also deal with adjustments for time zones
(TZ) and Daylight Saving Time (DST).
to fo
• TZ and DST are managed by the time zone variable.
## echo
echo $TZ
$TZ
CET-1CEDT-2,M3.5.0,M10.5.0
CET-1CEDT-2,M3.5.0,M10.5.0
ec vo

Figure 14-9. System clock AN123.0
Notes:
oy si
Introduction
u
Computer systems tell time differently than people do. So it is helpful to understand how
time works within computers as well as in the real world in order to get a handle on the
cl
things that can go wrong.

Although top scientific theory of our space and time estimated that the universe began 13.7
Ex
billion years ago Unix simply counts seconds since New Year’s Day 1970. All changes in
denoting the time are done by library functions linked into the system or applications that
convert between UTC and local time at runtime.
On AIX systems, the hardware clock is set to keep Universal Time (UTC), also called
pr
Greenwich Mean Time (GMT), instead of the time of day in the system’s actual time zone.
The system can be configured to keep track of UTC time and to adjust for the offset
between UTC and the local time, including daylight saving time.
V8.2
Student Notebook
Uempty
Setting date and time

IBM Power Systems
## smit
smit chtz_date
chtz_date
Change
Change // Show
Show Date,
Date, Time,
Time, and
and Time
Time Zone
Zone
.I. n
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.T ció
Change
Change // Show
Show Date
Date and
and Time
Time
Change
Change Time
Time Zone
Zone Using
Using System
System Defined
Defined Values
Values
Change
Change Time
Time Zone
Zone Using
Using User
User Entered
Entered Values
Values
.
C
## smit
smit date
date ## date
date 051814542013
051814542013
.F a
Change
Change // Show
Show Day
Day and
and Time
C rm
Time
YEAR
YEAR (00-99)
(00-99) [13]
[13]
MONTH
MONTH (01-12)
(01-12) [05]
[05]
DAY
DAY (01-31)
(01-31) [18]
[18]
to fo
HOUR
HOUR (00-23)
(00-23) [14]
[14]
MINUTES
MINUTES (00-59)
(00-59) [54]
[54]
SECONDS
SECONDS (00-59)
(00-59) [00]
[00]
ec vo

Figure 14-10. Setting date and time AN123.0
Notes:
oy si
The date command writes the current date and time to standard output if called with no
flags or with a flag list that begins with a + (plus sign). Otherwise, it sets the current date.
u
Only a root user can change the date and time.

Attention: Do not change the date when the system is running with more than one user or
cl
any critical application.

Using the date command:
Ex
The date command needs the proper arguments in the format of mmddHHMM[YYyy],
where mmdd is the two-digit month and two-digit day (0518); HHMM is the two-digit hour in
24-hour notation (14), two-digit minute (54) and YYyy is the four-digit year (2013):
# date 051814542013
pr
For slowly adjusts the time by sss.fff seconds (fff represents fractions of a second) use
date -a [ + | - ]sss[.fff ]. This adjustment can be positive or negative. The system's clock
will be sped up or slowed down until it has drifted by the number of seconds specified by
date -a [ +
Note that you must be logged as root User.
Student Notebook
Time zone variable

IBM Power Systems
• The time zone variable defines the interpretation of AIX

system time.
.I. n
• Defines CUT offset and DST
.T ció
– Coordinated Universal Time (CUT)
• The international time standard.
– Daylight Saving Time (DST)
.
C
• Practice of advancing clocks
.F a
• Time zone variable should be:
C rm
– System wide (for all processes)
• defined in /etc/environment file
– User wide (for user processes)
to fo
• defined in user .profile file
ec vo

Figure 14-11. Time zone variable AN123.0
Notes:
oy si
The functions for accessing the time zone are declared in time.h. You should not normally
need to set TZ. If the system is configured properly, the default time zone will be correct.
u
You might set TZ if you are using a computer over a network from a different time zone, and
would like times reported to you in the time zone local to you, rather than what is local to
cl
the computer.
Environment variables are examined when a command starts running. The environment of
Ex
a process is not changed by altering the /etc/environment file. Any processes that were
started prior to the change to the /etc/environment file must be restarted if the change is to
take effect for those processes. If the TZ variable is changed, the cron daemon must be
restarted, because this variable is used to determine the current local time.
pr
Daylight Saving Time (DST)

the Daylight Saving Time also summer time in British English— is the practice of
advancing clocks during the lighter months so that evenings have more daylight and
mornings have less.
V8.2
Student Notebook
Uempty If the Daylight Saving Time option is enabled, the default in AIX is for the system time to
move forward 1 hour (to DST) at 2:00am the second Sunday in March, and move back one
hour (to Standard Time) at 2:00 a.m. on the first Sunday in November. The default is hard
coded and is not stored in any user accessible file. However, the date and time at which the
switch to DST and ST occurs can be customized by root (global environment) or by users
(user environment) by setting the $TZ environment variable. To see if DST is enabled, echo
$TZ; if the time zone variable ends in DT, DST is enabled.
.I. n
Crontab consideration:
.T ció
When the TZ environment variable is changed, the cron daemon must be restarted. This
enables the cron daemon to use the correct Time Zone and summer time change
information for the new TZ environment variable.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Time zone formats in AIX

IBM Power Systems
• POSIX format specification

– Explicitly specifies the TZ and DST details
.I. n
– Looks cryptic; can be difficult to set and interpret
.T ció
• Olson format specification
.
– Uses known names of cities or regions
C
.F a
– Specifies the TZ name in a simple, easy-to-understand form
– Maintains a historical record of what the TZ rules were at given points
C rm
in time
– Is slower than the POSIX format
to fo
ec vo

Figure 14-12. Time zone formats in AIX AN123.0
Notes:
oy si
AIX checks the TZ environment variable to determine if the environment variable follows
the POSIX specification rules. If the TZ environment variable does not match the POSIX
u
convention, AIX calls the ICU library to get the Olson time zone translation.
cl
Ex
pr
V8.2
Student Notebook
Uempty
Setting POSIX time zone

IBM Power Systems
## smit
smit chtz_user
chtz_user
Change
Change Time
Time Zone
.I. n
Zone
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.T ció
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** Standard
Standard Time
Time ID(only
ID(only alphabets)
alphabets) [CET]
[CET]
.
** Standard
Standard Time
Time Offset
Offset from
from CUT([+|-]HH:MM:SS)
CUT([+|-]HH:MM:SS) [-1]
[-1]
C
Day
Day Light
Light Savings
Savings Time
Time ID(only
ID(only alphabets)
alphabets) [CEDT]
[CEDT]
.F a
Day
Day Light
Light Savings
Savings Time
Time Offset
Offset from
from CUT([+|-]HH:MM:
CUT([+|-]HH:MM: [-2]
[-2]
SS)
SS)
C rm
Start
Start Daylight
Daylight Savings
Savings Day([Mmm.ww.dd|Jn])
Day([Mmm.ww.dd|Jn]) [M3.5.0]
[M3.5.0]
Start Daylight Savings Time(HH:MM:SS)
Start Daylight Savings Time(HH:MM:SS) []
[]
Stop
Stop Daylight
Daylight Savings
Savings Day([Mmm.ww.dd|Jn])
Day([Mmm.ww.dd|Jn]) [M10.5.0]
[M10.5.0]
Stop
Stop Daylight
Daylight Savings
Savings Time(HH:MM:SS)
Time(HH:MM:SS) []
[]
to fo
F1=Help
F1=Help F2=Refresh
F3=Cancel F8=Image
F8=Image
F9=Shell
F9=Shell F10=Exit
F10=Exit Enter=Do
Enter=Do
ec vo

Figure 14-13. Setting POSIX time zone AN123.0
Notes:
oy si
This format is compliant with POSIX 1003.1 standards for Extensions to Time Functions.
u
AIX checks the TZ environment variable to determine if the environment variable follows
the POSIX specification rules. If the TZ environment variable does not match the POSIX
cl
convention, AIX calls the ICU library to get the Olson time zone translation.
Ex
pr
Student Notebook
POSIX time zone variable breakdown

IBM Power Systems
## echo
echo $TZ
$TZ
CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
.I. n
CST6CDT is
.T ció
the time zone
you are in
.
C
TZ=CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
.F a
C rm
Date/time when
time shifts Date/time when
further time shifts back
to fo
ec vo

Figure 14-14. POSIX time zone variable breakdown AN123.0
Notes:
oy si
If you wish to change the date or time at which the system switches to DST and back to
Standard Time from the defaults for your zone, edit the TZ line in /etc/environment. Change
u
the line to read something like the following:

cl
TZ=CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
The above example would effect a change to Daylight Saving Time at 2:00 AM on the
Ex
second Sunday in March and change back at 2:00 AM on the first Sunday in November,
and keep the US Central Time Zone time offset from GMT. The breakdown of the string is:
CST6CDT is the time zone you are in;
M3 is the third month;
pr
.2 is the second occurrence of the day in the month;

.0 is Sunday;
/2:00:00 is the time.
V8.2
Student Notebook
Uempty In more detail, the format is TZ = local_Time Zone,date/time,date/time. Here date is in the
form of Mm.n.d, day d(0-6) of week n (1-5, where week 5 means “the last d day in month
m” and which may occur in either the fourth or the fifth week) of month m of the year. Week
1 is the first week in which the day d occurs. Day zero is Sunday.
Time Zones Defined on the System is listed in Files reference.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Setting Olson time zone

IBM Power Systems
## smit
smit chtz_olson
chtz_olson
Select
Select COUNTRY
COUNTRY or
or REGION
REGION
.I. n
Europe/Podgorica
Europe/Podgorica
Europe/Prague
Europe/Prague
.T ció
Europe/Riga
Europe/Riga
Europe/Rome
Europe/Rome
Europe/Samara
Europe/Samara
Europe/San_Marino
Europe/San_Marino
.
Europe/Sarajevo
Europe/Sarajevo
C
Europe/Simferopol
Europe/Simferopol
.F a
Europe/Skopje
Europe/Skopje
C rm
Change
Change Time
Time Zone
Zone
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
to fo
[Entry
[Entry Fields]
Fields]
TIME
TIME ZONE
ZONE name
name Europe/Prague
Europe/Prague
OFFSET
OFFSET from
from Greenwich
Greenwich Mean
Mean Time
Time GMT+01:00
GMT+01:00 // GMT+02:00
GMT+02:00
ec vo

Figure 14-15. Setting Olson time zone AN123.0
Notes:
oy si
The Olson TZ database, also known as zoneinfo database /usr/share/lib/zoneinfo, is

updated with the latest time zone binaries.
u
You can list zoneinfo database by the /usr/lib/nls/lstz command.

cl
The time zone compiler zic command and the command to dump the time zone
information, zdump, are modified to work with the updated time zone data files.
Ex
pr
V8.2
Student Notebook
Uempty
Configuring NTP client

IBM Power Systems
• Edit /etc/ntp.conf
server
server fr.pool.ntp.org
fr.pool.ntp.org Your ntp time
.I. n
driftfile
driftfile /etc/ntp.drift
/etc/ntp.drift server’s IP address
goes here
.T ció
• Run ntpdate
• Start the xntpd daemon
.
C
## startsrc
startsrc -s
-s xntpd
xntpd
.F a
C rm
• Set up xntpd to start automatically at boot time.
/etc/rc.tcpip
/etc/rc.tcpip file:
file:
start
start /usr/sbin/xntpd
/usr/sbin/xntpd “$src_running”
to fo
“$src_running”
ec vo

Figure 14-16. Configuring NTP client AN123.0
Notes:
oy si
The Network Time Protocol (NTP) is an Internet standard protocol which synchronizes time
between systems on a TCP/IP network. Depending on circumstances, the precision is in
u
the microsecond range (one millionth of a second). If your network already has an
established time server, you can set up your system get the accurate time information from
cl
it. Various public NTP servers on the Internet exist which can be used. As a last resort, if no
other means are available, you can connect your NTP server to the local clock of your
Ex
system. This is useful if you are on an isolated network and you need synchronized time
across your systems.
The NTP protocol in AIX implements an xntpd daemon which slaves itself to another time
source, continuously monitoring the other source and adjusting the local time.
pr
The /etc/ntp.conf file configures the xntpd daemon.

• server options specify which servers are to be used. Multiple server statements can be
used. If one of the statements has the prefer keyword, then this server has preference
over other servers.
Student Notebook
• driftfile is the name of the file where the drift of the local clock is stored. This drift is
automatically determined by measuring the adjustments needed to the local clock over
a period of time. In case the NTP server cannot be contacted, the ntpd daemon will
nevertheless keep applying the same adjustments (taken from the driftfile) to reach a
high degree of precision.
Important to note is that ntpd will not start if the time difference between itself and the time
server to be used is large. It is therefore common to run ntpdate before starting ntpd,
.I. n
ntpdate connects to a time server, retrieves the correct time, sets the local clock to the
correct time, and exits.
.T ció
It takes up to 6 minutes for the xntp client to sync up to the server. Therefore the time
difference between the NTP client and the server should not be any greater than 1000
.
seconds.
C
Detailed explanation of NTP protocol and configuration of NTP server is an advanced topic
.F a
which is covered in course AN21 TCP/IP for AIX Administrators.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Checkpoint
IBM Power Systems
1. True or False: The at.allow and at.deny files must be

used to specify which users are allowed and denied use of
.I. n
the at command.
.T ció
2. Give a crontab entry that would specify that a job should
run every Thursday at 10 past and 30 minutes past every
.
C
hour.
.F a
C rm
3. How would you schedule a script named myscript to run
10 minutes from now?
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Exercise
IBM Power Systems
.I. n
Scheduling
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
Introduction
u
This lab gives you the opportunity to schedule jobs using both at and crontab.
The exercise can be found in your Student Exercises Guide.
cl
Ex
pr
V8.2
Student Notebook
Uempty
Unit summary
IBM Power Systems
.I. n
.T ció
• Use the at command to schedule a job or series of jobs at
.
C
some time in the future
.F a
• Use the batch command to schedule jobs in a queue in
C rm
order to alleviate immediate system demand
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 15. TCP/IP networking

This unit describes the essential TCP/IP and networking concepts
required in order to work with and configure TCP/IP in AIX.
.I. n
.T ció
.
• Define TCP/IP layering terminology
C
• Describe the TCP/IP startup flow on AIX
.F a
• Configure Virtual LANs
• Describe IP addressing
C rm
• Configure TCP/IP basic functions on AIX
- IP configuration, routing, aliasing
• Explain how Ports and Sockets are used
• Use standard TCP/IP facilities
to fo
- Log in to another system
- Transfer files
- Run commands
• Configure NFS
ec vo
• Set up VNC

oy si
u
cl
References
Ex

management
pr
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
.
– IP configuration, routing, aliasing
C
.F a
C rm
– Log in to another system
– Transfer files
– Run commands
to fo
• Configure NFS
• Set up VNC
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
What is TCP/IP?
IBM Power Systems
• Transmission Control Protocol/Internet Protocol

• Set of protocols (rules) which define how computers (hosts)
.I. n
communicate on a network
.T ció
• Designed for heterogeneous systems
• Supports different network types
.
• Made up of Open Standards
C
.F a
– Request for comments (RFCs)
• Protocol of the Internet, defined in five layers
C rm
to fo
ec vo

Figure 15-2. What is TCP/IP? AN123.0
Notes:
oy si
TCP/IP stands for Transmission Control Protocol/Internet Protocol. A more accurate name
is Internet Protocol Suite or IP Stack.
u
TCP/IP is a set of protocols or rules which define various aspects of how two computers in
cl
a network may communicate with each other. A protocol is a set of rules which describes
the mechanisms and data structures involved. Using these definitions, vendors can write
software to implement the protocols for particular systems.
Ex
There are many different protocols which cover the aspects of addressing hosts in the
network, data representation and encoding, message passing, interprocess
communications, and application features, such as how to send mail or transfer files across
pr
the network.
Where possible, the protocols are defined independently of any operating system, network
hardware, or machine architecture. In order to implement TCP/IP on a system, interface
software must be written to allow the protocols to use the available communications
hardware.
Student Notebook
This means that heterogeneous environments can be created where machines from
different manufacturers can be connected together, and different types of networks can be
interconnected.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
TCP/IP layering
IBM Power Systems
Common
OSI 7 layer network
TCP/IP layer model
model devices
.I. n
- Layer 7 switch
Application SNMP FTP DNS DHCP VNC
Application
SSH SMTP NFS LDAP MAIL
Presentation
.T ció
- Firewall
Session TCP UDP
Transport Reliable delivery to Unreliable delivery to
.
correct program correct program
Transport
C
.F a
- Router
IP IPsec ICMP - Layer 3 switch
Network Internet
C rm
- Switch
LAN WAN
Data Link Network (Ethernet, FDDI, ....) (ATM, Leased lines, ....)
- Bridge
interface - NIC
to fo
Medium (connectors, cabling, distance) - NIC
Examples: Examples: - Repeater
Physical Physical 1000Base-TX/SX/LX SONET
IEEE 802.11x T/ E -carrier links
xDSL
ec vo

Figure 15-3. TCP/IP layering AN123.0
Notes:
oy si
The TCP/IP protocol suite consists of lots of different protocols, which are described in
many thousands of RFCs. Most of these protocols and RFCs are either application specific
u
(such as RFC 959, which describes the FTP protocol), or describe how data should be
transferred over a specific architecture (such as RFC 894, which describes IP over
cl
Ethernet). For now, it is important to understand the working and interdependency of only a
few core protocols. Since these protocols are built on top of each other, where one protocol
Ex
uses another protocol to get things done, the interdependency is almost as important as
understanding each protocol independently.
From top to bottom we find the following protocols:
pr
• Applications use either the User Datagram Protocol (UDP) or the Transmission
Control Protocol (TCP) to transmit their data. Both TCP and UDP deliver the data to
the right process, and make use of IP to arrange delivery to the right host. The
difference between UDP and TCP is that TCP implements a mechanism of
acknowledgments, whereby reliability can be guaranteed. UDP does not have such a
mechanism, making UDP less reliable.
Student Notebook
• The Internet layer is responsible for end-to-end (source to destination) packet delivery
including routing through intermediate hosts. Internet Control Message Protocol
(ICMP) messages are typically generated in response to errors in IP datagrams or for
diagnostic or routing purposes. The IPsec protocol is responsible for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet of a data
stream.
• The Network interface is the protocol layer which transfers data between hosts. In
.I. n
order to do this, a physical medium is required such as copper or fiber and hence the
network interface and physical layers are closely related.
.T ció
Common network devices
• Repeater. A repeater is an electronic device that receives a signal and retransmits
.
them at a higher level, higher power or both, so that the signal can cover longer
C
distances without degradation. Because repeaters work with the actual physical signal,
.F a
and do not attempt to interpret the data being transmitted, they operate on the Physical
layer, the first layer of the OSI model.
C rm
• Network Interface Card (NIC). A NIC is a LAN adapter which is designed to allow
computers to communicate over a computer network. It is both a layer 1 (physical layer)
and layer 2 (data link layer) device, as it provides physical access to a networking
to fo
medium and provides a low-level addressing system through the use of MAC
addresses.
• Bridge. A bridge is a hardware device for linking two networks that work with the same
protocol. Unlike a repeater, which works at the physical level, a bridge works at the
ec vo
logical level (on layer 2), which means that it can filter frames so that it only lets past
data whose destination address corresponds to a machine located on the other side of
the bridge.
oy si
• Switch. A network switch is a device that connects network segments. The term
commonly refers to a network bridge that processes and routes data at the Data link
layer (layer 2) of the OSI model.
u
- Layer 3. Switches that additionally process data at the network layer (layer 3 and
cl
above), are often referred to as Layer 3 switches or multi-layer switches. A layer 3

switch can perform some or all of the functions normally performed by a router.
Ex
- Layer 4. Layer 4 switches process data a the transport layer and are always
vendor-dependent. An example of a layer 4 switch, is a Firewall which performs
transport layer function such as: Network Address Translation (NAT), IP filtering and
packet encryption/decryption.
pr
- Layer 7. The most advanced switches, called layer 7 switches (corresponding to the
application layer of the OSI model), can redirect data based on advanced
application data contained in the data packets, for example, an awareness of the
type of the file being sent by FTP. For this reason, a layer 7 switch can be used for
load balancing, by routing the incoming data flow to the most appropriate servers,
which have a lower load or are responding more quickly.
V8.2
Student Notebook
Uempty
LAN and broadcast domain

IBM Power Systems
• LAN: Local area network

– Group of local stations which share a layer 2 broadcast domain.
.I. n
• Broadcast domain: Stations that receive each other’s link level broadcasts
– All stations have network interface cards (NIC) which use matching
.T ció
physical, electrical, and layer 2 protocol abilities.
– Each NIC has a unique hardware address.
.
• Also known as a Media Access Control (MAC) address
C
.F a
host host host host
C rm
to fo
repeater
host host
ec vo

Figure 15-4. LAN and broadcast domain AN123.0
Notes:
oy si
Generally, your server will connect to a local area network or LAN. A LAN is almost always
a collection of stations which are in relatively close physical proximity (such as in the same
u
building or even a single floor of a building). To extend the distance, digital repeaters are
sometimes inserted in the topology.
cl
The stations connect to the LAN via a network interface card (NIC), commonly an Ethernet
adapter. As long as the NICs use the same signaling mechanism and link protocols, they
Ex
can talk to each other. Frames of data are addressed to the hardware address of the
adapter. The hardware address is also called the Media Access Control (MAC) address.
Broadcast mechanisms are used to discover the MAC address of the other stations. The
collection of stations which can receive a link level broadcast is referred to as a Broadcast
pr
Domain
Originally, the stations shared cabling that allowed any station in the LAN to see all the
traffic on the LAN (even if not addressed to itself). Most current LANs have a central hub
that only repeats the signal to a station if it is either a broadcast frame or the frame is
addressed to the MAC address of that station.
Student Notebook
Ethernet adapters and interfaces

IBM Power Systems
• Each adapter (entX) has two interfaces (enX and etX).

– enX interface uses the ‘standard DIX’ Ethernet frame format.
.I. n
• Originally designed by Digital, Intel, and Xerox
– etX interface uses IEEE802.3 frame format.
.T ció
Interface: en0
Network Adapter Card port
Interface: et0
adapter device: ent0
(Layer three logical devices)
.
(Layer 1 and 2 physical device)
C
MAC
.F a
Address
## lsdev
lsdev -Cl
-Cl ent0
ent0
C rm
ent0
ent0 Available
Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter
## lscfg
lscfg -v
-v -l
-l ent0
ent0 |grep
|grep Network
Network IP addresses are
Network assigned to the
Network Address.............001125BF9018
Address.............001125BF9018 interfaces. In
## lsdev this case, en0.
lsdev -Cc
-Cc if
to fo
if
en0
en0 Available
Available 01-08
01-08 Standard
Standard Ethernet
Ethernet Network
Network Interface
Interface
et0
et0 Defined
Defined 01-08
01-08 IEEE
IEEE 802.3
802.3 Ethernet
Ethernet Network
Network Interface
Interface
ec vo

Figure 15-5. Ethernet adapters and interfaces AN123.0
Notes:
oy si
Brief history of Ethernet

u
The original Ethernet is called Experimental Ethernet today. It was developed by Robert
Metcalfe in 1972 (patented in 1978) and was based in part on the ALOHAnet protocol. The
cl
first Ethernet that was generally used was DIX Ethernet (known as Ethernet II) and was
derived from Experimental Ethernet. Today, there are many different standards, under the
umbrella of IEEE 802.3, and the technical community has accepted the term Ethernet for
Ex
all of them. Currently, under development is IEEE 802.3ba (40Gb/s and 100Gb/s Ethernet).
For further information see http://www.ieee802.org/3
Ethernet adapter support on AIX
pr
• TX 10/100/1000Mb up to 100m using traditional copper

• SX 1000Mb up to 550m using multi-mode fiber
• LX 1000Mb up to 5km using single-mode fiber (can also run on multi-mode fiber)
• SR (short range) 10Gb up to 300m using multi-mode fiber
V8.2
Student Notebook
Uempty • LR (long range) 10Gb up to 25km using single-mode fiber

In virtually all cases, on AIX you will configure the en (DIX) interface, et interfaces are rarely
(if at all) used.
Note: Fiber versus Fibre. When talking about networks and Fiber it is important to know
when to use the correct spelling. Fiber refers to the medium (wire), whereas Fibre refers to
the protocol, as in, Fibre channel.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Virtual LAN
IBM Power Systems
• LAN membership set in the switch - specifies VLAN ID on the port

• Typically, hosts are VLAN unaware
.I. n
– Host is restricted to VLAN assigned to the port.
– Use of VLAN IDs (VID) is internal to the switching hub.
.T ció
– Switch tags frames from host with VID and strips VID when sent to host.
VLAN 3
.
host host host
C
.F a
VLAN 2
C rm
host host host
to fo
vid=2 vid=3 vid=2 vid=3 vid=2 vid=3
Ethernet switch
ec vo

Figure 15-6. Virtual LAN AN123.0
Notes:
oy si
Virtual LAN (VLAN)

u
VLANs are used to support multiple networks even though the stations are connected to
the same central switching hubs. This helps to reduce the size of the broadcast domain
cl
and helps with security through isolation. The switch administrator is responsible for
maintaining the isolation and controls access to each VLAN on a port by port basis.
Ex
When a station plugs into a network it is automatically on the LAN to which the port is
assigned. Originally, the LAN membership was maintained by switching physical circuits in
the hub. Today, the frame headers are modified or tagged to identify the VLAN
membership.
pr
A host attached to a typical switch access port is unaware of this tagging. It simple sends
and receives frames that have no VLAN ID identification. The switching hub tags frames
coming in from the host with the port VLAN ID and removes that tagging when any frame
leaves the port destined for that host. Frames which do not match the port’s assigned
VLAN ID are not sent out that port.
V8.2
Student Notebook
Uempty
Trunk ports and 802.1Q

IBM Power Systems
• Trunks between switches

– Extend VLAN domain beyond single switching hub
.I. n
– Carry VLAN ID in each frame to maintain VLAN membership
• 802.1Q: Industry standard for tagging frames with VLAN ID
.T ció
– Typically allow all tagged VLAN traffic
• Can be restricted: Allow or deny list coded on the trunk port definitions
.
C
.F a
Tagged
frames
C rm
2 3 4 4 2 3 5 5
Ethernet switch Ethernet switch
6 6 2 3 trunk 6 6 2 3
to fo
Trunk ports -
VID allowed list: 2, 3
ec vo

Figure 15-7. Trunk ports and 802.1Q AN123.0
Notes:
oy si
802.1Q VLAN
u
IEEE 802.1Q is the standard for VLANs. It aims to:

• Define an architecture to logically partition bridged LANs and provide services to
cl
defined user groups, independent of physical location.

• Allow interoperability between multivendor equipment.
Ex
In 802.1Q, the VLAN information is written into the Ethernet packet itself. Each packet
carries a VLAN ID, called a Tag. This allows VLANs to be configured across multiple
switches. The ports used to connect two switches is defined as a trunk port. These
inter-switch trunk ports typically move tagged frames without striping those tags; the packet
pr
travel on the trunk cable still tagged.

The switch administrator can configure the trunk port to restrict which VLAN it will carry by
coding VLAN ID allow or deny lists.
Student Notebook
VLAN aware hosts

IBM Power Systems
• Host can use single port for multiple VLANs

• Host can tag frames and process tagged frames with 802.1Q
.I. n
• Switch would define port as a trunk port; specify allow list
.T ció
• Tagged frames in the allowed list processed as-is
– Tags not added or removed by the switch
.
• Untagged frames processed normally using port’s VLAN ID
C
.F a
Tagged Host
frames
C rm
2 3 4 4 ent1
3
Ethernet switch 4
6 6 2 3 trunk ent2
to fo
6
Trunk port -
VID allowed list: 2, 3
ec vo

Figure 15-8. VLAN aware hosts AN123.0
Notes:
oy si
The main reason for a server being configured to identify its VLAN membership is to save
on hardware costs. Normally, the host would need to use a separate NIC (and a separate
u
switch port) for each LAN on which it needed to talk. A host which does it’s own VLAN
tagging can use a single NIC instead.
cl
To support this the switch will usually define the port as a trunk port, as if it were connecting
to another switch. Due to security concerns, the switch administrator will typically code an
Ex
allow list of VLAN IDs for that port. The switch will discard any frames sent by the host
which are tagged with a VLAN ID which are not in the allowed list. Arriving packets, both
inbound and outbound, with tags that match the allowed list are passed along without
stripping the tag. It is common for a trunk connection to a host to also have a port VLAN ID,
pr
just like a normal access port; when a frame from the host has no VLAN tagging, the switch
tags it with the port VLAN ID and when it sends a frame to the host, it strips the VLAN ID
when it matches the port VLAN ID.
The VLAN aware host in this situation is responsible for tagging frames being sent on
different VLANs and for separating the frames when they are received.
V8.2
Student Notebook
Uempty
AIX VLAN tagging

IBM Power Systems
• To assign a VLAN ID in AIX, a VLAN adapter must be created.

– Go to smit addvlan, and select a base Ethernet adapter.
.I. n
Available
Available Network
Network Adapters
Adapters
Move
Move cursor to desired item
cursor to desired item and
and press
press Enter.
Enter. Use
Use arrow
arrow keys
keys to
to scroll.
scroll.
.T ció
ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (1410890)
(1410890)
ent0
ent0 Available
Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX PCI-X Adapter (14106902)
Base-TX PCI-X Adapter (14106902)
.
Add
Add AA VLAN
C
VLAN
.F a
[Entry
[Entry Fields]
Fields]
VLAN
VLAN Base
Base Adapter
Adapter ent1
ent1
** VLAN Tag ID [33] +#
C rm
VLAN Tag ID [33] +#
VLAN
VLAN Priority
Priority []
[] +#
+#
## lsdev
lsdev -Cc
-Cc adapter
adapter Packets which get
ent0
ent0 Available 01-08 10/100/1000 Base-TX PCI-X sent(14106902)
Adapter
Available 01-08 10/100/1000 Base-TX PCI-X Adapter from adapter
(14106902)
to fo
ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX PCI-Xent2,
Base-TX PCI-X are (14108902)
Adapter
Adapter sent
(14108902)
ent2
ent2 Available
Available VLAN
VLAN tagged (33) out of
ent1.
ec vo

Figure 15-9. AIX VLAN tagging AN123.0
Notes:
oy si
AIX can be configured to be VLAN aware. This is done by creating special VLAN adapters
which appear to be regular Ethernet adapters but which are based upon the actual physical
u
NIC. Each VLAN adapter has an associated VLAN ID which it will handle.
cl
Use smit addvlan fast path to configure VLAN adapters. Start by selecting a base adapter,
which will be used to send the packets, and assign a VLAN tag. Optionally, you can also
specify a priority. This is used by the VLAN driver to prioritize packets if multiple VLANs are
Ex
created using the same base adapter. You can specify a value from 0-7, where 0 is the
default priority, 1 is the highest, and then in increasing numerical order from 2 through 7.
The VLAN adapter (in this case creating ent2) configuration will automatically create two
pr
Ethernet interfaces in a defined state. Just as with the interfaces created when configuring
a physical adapter, you will need to configure an interface to use IP protocols. The example
in the visual, you would configure en2 for standard Ethernet.
Student Notebook
IP and subnet addressing (1 of 2)

IBM Power Systems
• Each host on a network has an assigned unique IP address

and associated subnet mask.
– 32 bits, divided into four octets
.I. n
.T ció
10000001 00100001 10010111 00000111
129 . 33 . 151 . 7
11111111 11111111 00000000 00000000 /16
.
255 . 255 . 0 . 0
C
.F a
Network identification Host identification
– The network address = 129.33.0.0 (129.33/16)
C rm
– The broadcast address = 129.33.255.255
– The first host on the network = 129.33.0.1
– The last host on the network = 129.33.255.254
to fo
• Every TCP/IP host contains a special address called the
loopback which is assigned an address of 127.0.0.1.
ec vo

Figure 15-10. IP and subnet addressing (1 of 2) AN123.0
Notes:
oy si
In order to be able to deliver the IP packet to the correct destination host, every host needs
an IP address. These IP addresses are 32-bit values and have to be unique. In most cases,
u
the IP address is not written in its binary form, but in the so-called “decimal dot” notation,
where the 32 bits are grouped into four groups of eight bits each, and those eight bits are
cl
written in decimal form, separated with dots. The subnet mask allows us to identify the two
key pieces of information in the IP address. The address of the network and the host
Ex
identification (host ID).

Several addresses and address ranges are reserved for special purposes. The most
important ones are listed here:
• The IP address 127.0.0.1 (in fact, the whole 127.0.0.0/8 network) is reserved for the
pr
loopback address. Hosts use the loopback address to send messages to themselves.
• Any IP address with the hostname part all zeros, such as 129.33.0.0, is reserved as an
identification for the network itself. It is not a valid IP address to be assigned to a host.
• Any IP address with the hostname part all ones, such as 129.33.255.255, is reserved as
the local broadcast address. Data sent to this address is delivered to all systems on the
local network.
V8.2
Student Notebook
Uempty
IP and subnet addressing (2 of 2)

IBM Power Systems
• Network addresses by default are divided into classes:
.I. n
Class Default subnet mask Range No. of networks No. of hosts
A 255.0.0.0 (/8) 1-127 128 16.7 million
B 255.255.0.0 (/16) 128-191 16384 65534
.T ció
C 255.255.255.0 (/24) 192-223 2.1 Million 254
.
• Network assignment is managed by the IANA (Internet
C
Assigned Numbers Authority) through ISPs.
.F a
– Network addresses are generally, either broken up and assigned to
C rm
physical networks (subnetting) or aggregated together (supernetting).
– This is achieved by manipulating the subnet mask.
to fo
ec vo

Figure 15-11. IP and subnet addressing (2 of 2) AN123.0
Notes:
oy si
IP addresses need to be assigned in such a way that they are unique across the whole
Internet. That is why there is a special organization that does this. This is the Internet
u
Assigned Number Authority, or IANA. They are responsible for assigning groups of
addresses, called classes, to organizations. They do not do this directly, but have
cl
contracted out that responsibility to the InterNIC (http://www.internic.net), who in turn

delegates this to local ISPs.
Ex
In additional to classes A to C, there are also classes D and E. Class D addresses are
reserved for multicasting. Multicasting is a limited area type of broadcasting. There is no
network or host portion in a multicast address. It is an integer number registered with the
InterNIC that identifies a group of machines. Class E, is for experimental use only.
pr
Class A and B addresses contain lots of hosts, and therefore, need to be broken down into
smaller more manageable chunks. This is achieved through a process known as
subnetting. On the other hand, class C addresses contain very few hosts, which can also
be subnetted into smaller chunks, but very often need to be aggregated together to form
larger networks. This is achieved through a process known as supernetting.
Student Notebook
Subnetting example
IBM Power Systems
• Company bigbucks.com has acquired the class B network address of

129.33.0.0. They need to split the address range so they can have up to
128 physical networks and up to 510 hosts per network.
.I. n
.T ció
10000001 00100001 0000000 0 00000000
129 . 33 . 0 . 0
.
11111111 11111111 1111111 0 00000000 /23
C
.F a
255 . 255 . 254 . 0
Network identification Assigned by this Host identification
organization to the
C rm
network
The number of possible

physical (sub) networks
The number of hosts
to fo
is:
per network is:
2^7 = 128.
(2^9)-2 = 510.
ec vo

Figure 15-12. Subnetting example AN123.0
Notes:
oy si
The default subnet mask for a class B network is 255.255.0.0. This translates to one
network with ((2^16)-2) with 65534 hosts. Organizations with a class A and B address often
u
have hundreds, if not thousands of physical networks split across both local and
geographically dispersed locations. The only way to do this is to split the network address
cl
into more manageable chunks. This is achieved by borrowing bits from the host ID and
using them for the network. Using seven bits from the host ID, allows for (2^7) 128 physical
Ex
networks. On each of the 128 networks, there can be ((2^9)-2) 510 hosts. We have to
subtract two from the number of hosts, because all zeros are reserved for the network and
all ones are reserved for the broadcast address.
pr
V8.2
Student Notebook
Uempty
Supernetting example
IBM Power Systems
• Company losechange.com has acquired four class C network

addresses: 222.180.108.0 through to 222.180.111.0. However, they
would like to aggregate these networks together to form one global
.I. n
network.
.T ció
11111100 10110100 011011 00 00000000
222 . 180 . 108 . 0
.
C
11111111 11111111 111111 00 00000000 /22
.F a
255 . 255 . 252 . 0
Network identification Host identification
C rm One class C network

to fo
Network address = The number of
222.180.108.0/22 hosts
(2^10)-2 = 1022
ec vo

Figure 15-13. Supernetting example AN123.0
Notes:
oy si
Having four class C addresses is four physical networks each with up to 254 hosts. Each
network would require a router to route packets between them. Supernetting is the
u
opposite to subnetting and borrows bits from the network portion of the IP address. In the
example, we have borrowed two bits, changing the subnet mask from 255.255.255.0 to
cl
255.255.252.0. The result is that networks 222.180.109, 110 and 111 have become part of
the 222.180.108 network. The 222.180.108 network can have up to ((2^10)-2) 1022 hosts.
Ex
pr
Student Notebook
How is TCP/IP configured on AIX? (1 of 2)

IBM Power Systems
• There are many ways. However, in most cases you start with
smit mktcpip.
A one stop shop for
.I. n
Minimum
Minimum Configuration
Configuration && Startup
Startup TCP/IP config on
AIX.
To
To Delete
Delete existing
existing configuration
configuration data,
data, please
please use
use Further
Further Configuration
Configuration
.T ció
menus
menus
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
.
[Entry
[Entry Fields]
Fields]
C
** HOSTNAME
HOSTNAME [waldorf]
[waldorf]
.F a
** Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.18]
[10.47.1.18]
Network
Network MASK
MASK (dotted
(dotted decimal)
decimal) [255.255.0.0]
[255.255.0.0]
** Network
Network INTERFACE
INTERFACE en0
en0
C rm
NAMESERVER
NAMESERVER
Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.33]
[10.47.1.33]
DOMAIN Name
DOMAIN Name [lpar.co.uk]
[lpar.co.uk]
Default
Default Gateway
Gateway
Address
Address (dotted
(dotted decimal
decimal or
or symbolic
symbolic name)
name) [10.47.0.1]
[10.47.0.1]
to fo
Cost
Cost [0]
[0] ##
Do
Do Active
Active Dead
Dead Gateway
Gateway Detection?
Detection? no
no ++
Your
Your CABLE
CABLE Type
Type N/A
N/A ++
START
START Now
Now no
no ++
ec vo

Figure 15-14. How is TCP/IP configured on AIX? (1 of 2) AN123.0
Notes:
oy si
AIX provides a very quick and easy configuration SMIT panel for configuring TCP/IP on the
system. The essential items you will require are:
u
• Host name of the machine

cl
• IP address and network mask

• Interface to be configured
Ex
Desirable items are:

• Default Gateway for the environment
• DNS parameters (nameserver and domain name)
This information populates the /etc/resolv.conf file, as follows:
pr
nameserver 10.47.1.33
domain lpar.co.uk
Cable type is generally not required and can be left as N/A. Start now will refresh or start,
the TCP/IP subsystems. Note: they should already be running!
V8.2
Student Notebook
Uempty
How is TCP/IP configured on AIX? (2 of 2)

IBM Power Systems
• smit tcpip should only be used for the first adapter. In a multi-homed
host, subsequent adapters should be configured with smit chinet.
.I. n
Change
Change // Show
Show aa Standard
Standard Ethernet
Ethernet Interface
Interface
.T ció
[Entry
[Entry Fields]
Fields]
Network
Network Interface
Interface Name
Name en1
en1
INTERNET
INTERNET ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [192.168.0.1]
[192.168.0.1]
.
Network
Network MASK
MASK (hexadecimal
(hexadecimal oror dotted
dotted decimal)
decimal) [255.255.255.0]
[255.255.255.0]
C
Current STATE
Current STATE up
up ++
.F a
Use
Use Address
Address Resolution
Resolution Protocol
Protocol (ARP)?
(ARP)? yes
yes ++
BROADCAST
BROADCAST ADDRESS (dotted decimal)
ADDRESS (dotted decimal) []
[]
C rm
Interface
Interface Specific
Specific Network
Network Options
Options
('NULL'
('NULL' will
will unset
unset the
the option)
option)
rfc1323
rfc1323 []
[]
tcp_mssdflt
tcp_mssdflt []
[]
tcp_nodelay
tcp_nodelay []
[]
to fo
tcp_recvspace
tcp_recvspace []
[]
tcp_sendspace
tcp_sendspace []
[]
Apply
Apply change
change to
to DATABASE
DATABASE only
only no
no ++
ec vo

Figure 15-15. How is TCP/IP configured on AIX? (2 of 2) AN123.0
Notes:
oy si
If SMIT is being used to configure further interfaces, then the fastpath smit chinet should be
used. All fields are optional, but essential items are:
u
• IP address and network mask

cl
• Interface to be configured
• State of the interface, default is DOWN – so do not forget to switch this to UP – this is a
Ex
very common configuration error.

The network specific options are beyond the scope of this class.
pr
Student Notebook
Command line TCP/IP configuration

IBM Power Systems
• There are two ways to configure network resources:

– AIX ODM (chdev or SMIT)
– Directly, using BSD UNIX commands: hostname, ifconfig, route
.I. n
(valid until reboot)
.T ció
• Setting the host name
– ODM: # chdev –l inet0 –a hostname=sys1
– Directly: # hostname sys1
.
• Defining an IP address for an interface
C
.F a
– ODM: # chdev -l en0 -a netaddr=192.168.0.1 –a \
netmask=255.255.255.0 -a state=up
C rm
– Directly: # ifconfig en0 192.168.0.1 255.255.255.0 up
• For direct method, append commands to:
– /etc/rc.net
to fo
or
– /etc/bsdnet (if inet0 bootup_option=yes)
• Can use host name and ifconfig for display of values
ec vo

Figure 15-16. Command line TCP/IP configuration AN123.0
Notes:
oy si
As well as SMIT, TCP/IP configuration can be driven from the command line. There are two
ways to handle this:
u
• The AIX way, in which configuration is stored in the AIX internal database (ODM). This
cl
way, the configuration remains after shutdown/restart.

• The traditional BSD UNIX way. This way configuration does not survive restarts unless
Ex
the commands are entered into the /etc/rc.net file.

The /etc/rc.net file is executed by cfgmgr during system boot. The /etc/rc.net file
configures AIX style configuration and optionally traditional BSD UNIX configuration. If only
traditional BSD style networking is required, then the following command can be run: #
pr
chdev -l inet0 -a bootup_option=yes. Doing this, causes AIX to process the

/etc/rc.bsdnet instead of rc.net file at boot time. Commands such as hostname, ifconfig,
route etc should be appended to /etc/rc.bsdnet as appropriate.
Even if using the ODM method, the hostname and ifconfig commands are still of great
use in displaying the current kernel network configuration.
V8.2
Student Notebook
Uempty
Verifying network interfaces

IBM Power Systems
• netstat
## netstat
netstat -in
-in
.I. n
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs Coll
Coll
en0
en0 1500
1500 link#2
link#2 ea.48.f0.0.b0.3
ea.48.f0.0.b0.3 3359653
3359653 00 238778
238778 00 00
en0
en0 1500
1500 10.47
10.47 10.47.1.23
10.47.1.23 3359653
3359653 00 238778
238778 00 00
.T ció
lo0
lo0 16896
16896 link#1
link#1 1201
1201 00 1214
1214 00 00
lo0
lo0 16896
16896 127
127 localhost
localhost 1201
1201 00 1214
1214 00 00
lo0
lo0 16896
16896 ::1
::1 00 1201
1201 00 1214
1214 00 00
.
C
.F a
• ifconfig
C rm
## ifconfig
ifconfig -a
-a
en0:
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CH
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CH
ECKSUM_OFFLOAD(ACTIVE),CHAIN>
ECKSUM_OFFLOAD(ACTIVE),CHAIN>
inet
inet 10.47.1.23
10.47.1.23 netmask
netmask 0xffff0000
0xffff0000 broadcast
broadcast 10.47.255.255
10.47.255.255
tcp_sendspace
tcp_sendspace 262144
262144 tcp_recvspace
tcp_recvspace 262144
262144 rfc1323
rfc1323 11
to fo
lo0:
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
inet
inet 127.0.0.1
127.0.0.1 netmask
netmask 0xff000000
0xff000000 broadcast
broadcast 127.255.255.255
127.255.255.255
inet6
inet6 ::1/0
::1/0
tcp_sendspace
tcp_sendspace 131072
131072 tcp_recvspace
tcp_recvspace 131072
131072 rfc1323
rfc1323 11
ec vo

Figure 15-17. Verifying network interfaces AN123.0
Notes:
oy si
The netstat –i command shows the state of all configured interfaces. The –n flag shows
network addresses as numbers. When this flag is not specified, the netstat command
u
interprets addresses, where possible, and displays them symbolically.

cl
The ifconfig –a command is used to display information about all interfaces in the system.
The key flags are UP and RUNNING, which show the interface is available and active.
Ex
pr
Student Notebook
Name resolution
IBM Power Systems
• Name resolution methods: Local, DNS, NIS, and LDAP.

• Local - /etc/hosts file:
.I. n
127.0.0.1
127.0.0.1 loopback
loopback localhost
localhost
10.10.1.1
10.10.1.1 system1
system1 nimserver
nimserver
.T ció
10.10.1.2
10.10.1.2 system2
system2
• DNS - /etc/resolv.conf
.
C
domain
domain lpar.co.uk
lpar.co.uk
.F a
nameserver
nameserver 10.47.1.33
10.47.1.33
C rm
• The name resolution order is:
– Default order: bind (DNS), NIS=auth, local
– Override with /etc/netsvc.conf, append:
• hosts = local, bind
to fo
– Override both with environment variable NSORDER:
• NSORDER=local,bind
• Display resolution with: # host <name or IP addr>
ec vo

Figure 15-18. Name resolution AN123.0
Notes:
oy si
Systems use different methods for mapping host names to IP addresses. The method
depends upon the environment in which a system is going to participate.
u
• Flat Network: This method provides name resolution through the file /etc/hosts and
cl
works well in small, stable environments.

• DNS (Domain Name Server): DNS is a system that allows name and IP lookups, in a
tree like database structure. It was created due to the growth of the Internet and
Ex
designed for large networks.

• NIS Server (Network Information System): This method provides a centralized server
for administration of configuration, and other files, within a LAN environment.
• LDAP Server (Lightweight Directory Access Protocol): LDAP is an application protocol
pr
for querying and modifying directory services running over TCP/IP. Tivoli Directory
Server (TDS) is IBM's version of an LDAP server
Default Name resolution
The existence of /etc/resolv.conf determines how a system resolves host names and IP
addresses within a domain or flat network.
V8.2
Student Notebook
Uempty • If /etc/resolv.conf exists, then the system will attempt to query a DNS server.
• If /etc/resolv.conf does not exist, the system will check to see if NIS is being used and
if the server is available. NIS is authoritative. This means, that if the NIS client
subsystem is running, and it is not successful in obtaining an answer, then the process
stops.
• Finally, the local /etc/hosts file is checked.
.I. n
Overriding the default name resolution
The default Name resolution can be overwritten in two ways:
.T ció
• Append to the /etc/netsvc.conf file and specify host ordering. Use the hosts attribute
followed by the name of the resource to use. The resources listed depend on what
.
name resolution processes are running on the network.
C
.F a
• Create an environment variable NSORDER. NSORDER overrides any name resolution
specified in the /etc/netsvc.conf file.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Routing implementation (1 of 2)
IBM Power Systems
subnet mask 9.19.99.17

sys1
255.255.0.0 sys17
9.19.98.1
(/16)
.I. n
subnet mask
9.19.99.20 9.19.99.11 sys5
sys11 255.255.255.0
Internet sys20
.T ció
9.19.98.5 (/24)
sys20e sys11e
152.64.10.1 9.19.98.11
default router
.
sys13 sys10
C
9.19.99.13 9.19.98.10
.F a
C rm
destination deliver via
address gateway
Host Route 9.19.98.1 9.19.99.11
to fo
Network Route 9.19.98/24 9.19.99.11
Default Route default 9.19.99.20
ec vo

Figure 15-19. Routing implementation (1 of 2) AN123.0
Notes:
oy si
A route does not define the complete path. It defines only the path segment from one host
to a gateway that can forward packets to a destination, or from one gateway to another.
u
Routes are defined in the kernel routing table. Each routing table entry has two
components:
cl
• Destination address, where you want to end up

Ex
• Gateway address, where the packet gets sent on its way to its final destination
TCP/IP searches the route table for a best match on the destination in the following order:
• A host route. defines a route to a specific host. The routing IP algorithm still sees a
host address as a network; it is simply a perfect match.
pr
• A network route. defines a route to any of the hosts on a specific network through a
gateway.
• A default route. defines a route to use when the destination did not match any host
route or network specific route. In most hosts, the only type of route the administrator
needs to define is a default route, also known as the default gateway.
V8.2
Student Notebook
Uempty Hosts should not forward IP datagrams unless specifically configured as a router. Most
BSD-derived implementations (AIX) include a kernel variable called ipforwarding, which is
used to control this behavior. The no command is used to view or change the value of
ipforwarding.
To change it: # no -o ipforwarding=<value>
The values are: ipforwarding=0 (do not forward), ipforwarding=1 (do forward).
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Routing implementation (2 of 2)
IBM Power Systems
• Route syntax: route [add/delete/change] [destination] [gateway]

– Add a default gateway
.I. n
## route
route add
add 00 9.19.99.20
9.19.99.20
.T ció
– Add a host or network route
## route
route add
add 9.19.98.1
9.19.98.1 9.19.99.11
9.19.99.11
.
## route
route add
add –net
–net 9.19.98
9.19.98 9.19.99.11
9.19.99.11
C
.F a
– Delete a host route
C rm
## route
route delete
delete 9.19.98.1
9.19.98.1 9.19.99.11
9.19.99.11
– Empty or flush the routing table

## route
route -f
-f
to fo
– Configure an AIX host as a router
## no
no –o
–o ipforwarding=1
ipforwarding=1
ec vo

Figure 15-20. Routing implementation (2 of 2) AN123.0
Notes:
oy si
See the route man page for further details about route options and parameters.
u
Please note that route command above is the traditional BSD UNIX so changes made by
route are not persistent after system restart unless the commands are entered into the
cl
/etc/rc.net file (already discussed in „Command line TCP/IP configuration“). Routes can
also be manipulated through SMIT (smit route) or by command which change ODM which
is chinet route = type, [args,], destination, gateway, [metric]. See the chinet man page for
Ex
further details.
pr
V8.2
Student Notebook
Uempty
Multipath routing
IBM Power Systems
• AIX will allow you to add multiple routes to the same

destination. It is known as MPR (multipath routing).
.I. n
– This is for load balancing and high availability.
.T ció
2
1 Primary Default Router1
Primary Default Router1 10.47.0.1
10.47.0.1
Host
.
Host 10.47.1.18
10.47.1.18
C
Default Router2
Default Router2
.F a
Primary 10.47.0.254
Backup 10.47.0.254
C rm
1
# route add 0 10.47.0.1 -hopcount 1 –active_dgd
# route add 0 10.47.0.254 –hopcount 10 –active_dgd
to fo
2
ec vo

Figure 15-21. Multipath routing AN123.0
Notes:
oy si
Since AIX5L, multiple routes can be configured to the same destination. This configuration
is known as multipath routing (MPR). MPR allows us to load balance between gateways or
u
prioritize paths using the weight option. MPR also allows us to do Dead Gateway Detection
(DGD). This enables the system to dynamically change the weight on a route if a router has
cl
failed. There are two methods of DGD, active and passive. The passive mode has less
overhead on the network, but can be slow to respond to an outage. Active has more
Ex
overhead on the network but is more responsive to an outage, because icmp (ping)
packets are used to periodically poll/detect if a router is up or down. Active DGD is
deployed by using the –active_dgd option on the route command.
By default, AIX will round-robin load balance between the available routes evenly. It is
pr
possible to customize the load balancing but that will not be covered here. If a route is a
less desirable route to be used only for backup, then you can avoid the use of that route by
defining a high cost for that route. The route command option which identifies cost is the
hopcount option with a large value making that route less desirable. AIX will always use a
route that is lower cost.
Student Notebook
IP aliasing
IBM Power Systems
• IP aliasing assigned multiple IP addresses to a single IP

interface
.I. n
• Commonly used with clustering (for example, PowerHA)
.T ció
## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep –v
–v link
link
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1 1500 192.168.0 192.168.0.1 00 00 66 00
.
en1 1500 192.168.0 192.168.0.1
C
.F a
## ifconfig
ifconfig en1
en1 alias
alias 172.31.0.1
172.31.0.1 255.255.0.0
255.255.0.0
## ifconfig
ifconfig en1 alias 10.47.33.33 255.255.0.0
en1 alias 10.47.33.33 255.255.0.0
C rm
## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep –v
–v link
link
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1
en1 1500 192.168.0
1500 192.168.0 192.168.0.1
192.168.0.1 00 00 77 00
en1
en1 1500
1500 172.31
172.31 172.31.0.1
172.31.0.1 00 00 77 00
to fo
en1
en1 1500
1500 10
10 10.47.33.33
10.47.33.33 00 00 88 00
ec vo

Figure 15-22. IP aliasing AN123.0
Notes:
oy si
IP aliasing is used widely in clustering technologies (such as HACMP), and in WPARs. It is

very useful if the network is being converted to another IP subnet or network range.
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Testing for remote connectivity

IBM Power Systems
## ping
ping sys1
sys1
PING
PING sys1:
sys1: (192.108.14.2):
(192.108.14.2): 56
56 data
data bytes
bytes
.I. n
64
64 bytes
bytes from
from 192.108.14.2:
192.108.14.2: icmp_seq=0
icmp_seq=0 ttl=255
ttl=255 time=0
time=0 ms
ms
64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0
64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms ms
^C
^C
.T ció
----seraph
----seraph PING
PING Statistics----
Statistics----
22 packets
packets transmitted,
transmitted, 22 packets
packets received,
received, 0%
0% packet
packet loss
loss
.
## traceroute
traceroute sys1
sys1
C
trying
trying to
to get
get source
source for
for sys1
sys1
.F a
source should be 10.47.1.31
source should be 10.47.1.31
traceroute
traceroute to
to seraph
seraph (192.108.14.2)
(192.108.14.2) from
from 10.47.1.31
10.47.1.31 (10.47.1.31),
(10.47.1.31), 30
30 hops
hops
max
C rm
max
outgoing
outgoing MTU
MTU == 1500
1500
11 merovingian.lpar.co.uk
merovingian.lpar.co.uk (10.47.1.30)
(10.47.1.30) 11 msms 00 ms
ms 00 ms
ms
22 7.7.7.1
7.7.7.1 (7.7.7.1)
(7.7.7.1) 00 ms
ms 00 ms
ms 00 ms
ms
33 sys1
sys1 (192.108.14.2)
(192.108.14.2) 00 msms 00 ms
ms 00 ms
ms
to fo
• Note: Sometimes the protocols used by ping (icmp) and
traceroute (udp) are blocked by firewalls or IPSec filters.
ec vo

Figure 15-23. Testing for remote connectivity AN123.0
Notes:
oy si
The ping command sends an ICMP ECHO_REQUEST to obtain an ICMP

ECHO_RESPONSE from a host or router. If the host is operational and on the network, it
u
responds to the echo.

cl
The default is to continuously send echo requests until an interrupt is received with <ctrl-c>,
but there is an option (-c) to specify the number of packets sent. The ping command sends
one datagram per second and prints one line of output for every response received. It
Ex
calculates round trip times and packet loss statistics, and displays a brief summary upon
completion.
Be very careful of some options like –f. This will cause ICMP packets to flood the network.
pr
Ping is most useful to test basic connectivity between hosts, but that it can not tell us any
thing about where the break is in the path. On the other hand, if ping cannot get a
response, traceroute can sometimes still give us information that helps to identify the
outage.
traceroute is useful for displaying all the routers between end to end host connectively. It
may turn out that the remote host is OK but a router has failed along the path. Traceroute
Student Notebook
works by increasing the “time-to-live” value of each successive batch of packets sent. The
first three packets sent have a time-to-live (TTL) value of one (implying that they are not
forwarded by the next router and make only a single hop). The next three packets have a
TTL value of 2, and so on. When a packet passes through a host, normally the host
decrements the TTL value by one, and forwards the packet to the next host. When a packet
with a TTL of one reaches a host, the host discards the packet and sends an ICMP time
exceeded (type 11) packet to the sender. The traceroute utility uses these returning
.I. n
packets to produce a list of hosts that the packets have traversed en route to the
destination. The three time stamp values returned for each host along the path are the
.T ció
delay (known as latency) values typically in milliseconds (ms) for each packet in the batch.
If a packet does not return within the expected timeout window, a star (asterisk) is
traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is
.
at one hop, the second host at two hops, and so on. IP does not guarantee that all the
C
packets take the same route. Also note, that if the host at hop number N does not reply, the
.F a
hop will be skipped in the output.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Ports and sockets

IBM Power Systems
• A port identifies the application on the host.

• Server side ports are well-known and fixed.
– The are stored in /etc/services.
.I. n
• Client side ports are dynamic > 1023.
.T ció
– Every client connection uses a new port.
• A socket is a combination of IP address, protocol, and port
number.
.
• A pair of sockets define a unique application network connection.
C
.F a
• TCP and UDP implement ports independent of each other.
C rm
## grep
grep "^ftp
"^ftp "" /etc/services
/etc/services
ftp
ftp 21/tcp
21/tcp ## File
File Transfer
Transfer [Control]
[Control]
ftp
ftp 21/udp
21/udp ## File Transfer [Control]
File Transfer [Control]
neo:/
neo:/ ## ftp
ftp trinity Socket connection
to fo
trinity
resulting from the
neo:/
neo:/ ## netstat
netstat -a
-a |grep
|grep trinity
trinity ftp communication
tcp
tcp 00 00 neo.57413
neo.57413 trinity.ftp
trinity.ftp ESTABLISHED
ESTABLISHED
ec vo

Figure 15-24. Ports and sockets AN123.0
Notes:
oy si
Each process that wants to communicate with another process needs to identify itself in
some way. The logical construct used by TCP/IP to accomplish this task is called a port.
u
A port uniquely identifies an application (also called network services). The source port
cl
number and the destination port number are contained in the header of each TCP segment
or UDP packet.
Ex
Port numbers are defined in the /etc/services file. Port numbers from 0-1023 are called
well-known published ports and are reserved for standard applications like telnet and ftp.
When a datagram arrives at its destination based on the destination address, IP checks the
protocol. The data delivered to the transport protocol contains the destination port number
pr
that tells the transport protocol to which application process the data needs to go.
A socket is a combination of IP address and port number and protocol family, which
uniquely identifies a single network process. A socket is also referred to as a
communication end point. A pair of sockets uniquely identifies the end to end connection.
Socket communication can be viewed with the netstat –a command.
Student Notebook
inetd daemon
IBM Power Systems
• Known as the super server daemon

• Loads a network program based upon request
.I. n
– Example network programs
• ftp, tftp, login, telnet, shell, exec, bootp, time.
.T ció
– To enable or disable a network program, comment or uncomment the
appropriate line, and refresh the inetd daemon.
.
– Example: disable ftp
C
.F a
vi
vi /etc/inetd.conf,
/etc/inetd.conf, locate
locate and
and comment
comment out
out ftp
ftp line
line
C rm
## ftp
ftp stream
stream tcp6
tcp6 nowait
nowait root
root /usr/sbin/ftpd
/usr/sbin/ftpd ftpd
ftpd
telnet
telnet stream tcp6
stream tcp6 nowait root
nowait root /usr/sbin/telnetd
/usr/sbin/telnetd telnetd
telnetd -a
-a
shell
shell stream
stream tcp6
tcp6 nowait
nowait root
root /usr/sbin/rshd
/usr/sbin/rshd rshd
rshd
to fo
## refresh
refresh –s
–s inetd
inetd
0513-095
0513-095 The request for
The request for subsystem
subsystem refresh
refresh was
was completed
completed successfully.
successfully.
ec vo

Figure 15-25. inetd daemon AN123.0
Notes:
oy si
The inetd daemon is started at boot time from /etc/rc.tcpip. When it is started, inetd reads
its configuration from the /etc/inetd.conf file. This file contains the names of the services
u
that inetd listens for requests and starts as needed, to handle these requests. The file is
used to enable and disable network services, such as ftp. To disable ftp on the host, edit
cl
the inetd.conf file, locate and comment out the ftp program, then refresh the inetd
daemon.
Ex
pr
V8.2
Student Notebook
Uempty
TCP/IP start-up flow

IBM Power Systems
Partition Activation
.I. n
Run time init Process /etc/inittab
.T ció
/sbin/rc.boot calls cfgmgr Process /etc/rc.net
.
C
.F a
/etc/rc.tcpip Starts TCP/IP subsystems
syslogd
C rm
/etc/rc.nfs snmpd
sendmail
portmap
Login
inetd Æ /etc/inetd.conf
to fo
ec vo

Figure 15-26. TCP/IP start-up flow AN123.0
Notes:
oy si
TCP/IP startup is initiated from the inittab processing. /sbin/rc.boot calls cfgmgr during the
second phase processing which will in turn initialize the network interfaces and set up
u
routing by processing the /etc/rc.net file. TCP/IP subsystems are started from /etc/rc.tcpip
script. This script can be edited directly to comment or uncomment subsystem startup. The
cl
inetd daemon is responsible for loading network programs upon request, such as ftp, telnet
etc. Once the core TCP/IP subsystems have been initialized, further TCP/IP based
Ex
applications such as NFS, NIM, HACMP, can be started.

pr
Student Notebook
Remote UNIX commands

IBM Power Systems
• Logging into a UNIX box remotely

## rsh
rsh trinity
trinity -l
-l root
root
## rlogin
rlogin trinity -l root
trinity -l
.I. n
root
## telnet trinity
telnet trinity
## ssh
ssh root@trinity
.T ció
root@trinity
• Running single commands remotely on a UNIX box
.
## rsh
rsh trinity
trinity -l
-l root
root date
date
C
## rexec trinity date
rexec trinity date
.F a
## ssh
ssh root@trinity
root@trinity date
date
C rm
• r* single commands need trusted host definitions on the server side
– Client identity can be spoofed
• ssh commands need client key stored at server to be prompt-less
to fo
• Data and passwords are transferred in clear text (except ssh)
– There are several types of ssh software available for AIX.
• OpenSSH is contained on the AIX Expansion Pack.
ec vo

Figure 15-27. Remote UNIX commands AN123.0
Notes:
oy si
The commands, telnet, rsh, rexec, and rlogin are all part of the bos.net.tcp.client fileset
which is installed by default. Any passwords entered using these commands are
u
transferred over the network in clear text and can be easily captured using packet sniffing
tools. rsh, rexec, and rlogin commands can be configured so that the client user does not
cl
have to supply a password. This introduces further vulnerabilities in the system. Ideally all
r* commands, including telnet, should be disabled. They can be replaced by SSH.
Ex
Openssh, including secure copy and file transfer commands, can be installed using the AIX
expansion pack media.
pr
V8.2
Student Notebook
Uempty
Transferring files over a network

IBM Power Systems
## ftp
ftp waldorf
waldorf
Connected
Connected to
to waldorf.lpar.co.uk.
waldorf.lpar.co.uk.
220
220 waldorf.lpar.co.uk
waldorf.lpar.co.uk FTP
FTP server
server (Version
(Version 4.2
4.2 Thu
Thu Apr
Apr 17
17 02:03:14
02:03:14 CDT
CDT 2008)
2008)
.I. n
ready.
ready.
Name
Name (waldorf:root):
(waldorf:root):
.T ció
331
331 Password
Password required
required for
for root.
root.
Password:
Password:
ftp>
ftp> prompt
prompt
Interactive
Interactive mode
mode off.
off.
.
ftp>
ftp> mput
mput file*
file*
C
200
200 PORT
PORT command
command successful.
successful.
.F a
150
150 Opening
Opening data
data connection
connection for
for file1.
file1.
226
226 Transfer
Transfer complete.
complete.
C rm
200
200 PORT
PORT command
command successful.
successful.
ftp> bye
ftp> bye
221
221 Goodbye.
Goodbye.
## rcp
rcp file*
file* waldorf:/tmp/files
waldorf:/tmp/files
to fo
## scp
scp file*
file* root@waldorf:/tmp/files
root@waldorf:/tmp/files
root@waldorf's
root@waldorf's password:
password:
file1
file1 100%
100% 2069
2069 2.0KB/s
2.0KB/s 00:00
00:00
ec vo

Figure 15-28. Transferring files over a network AN123.0
Notes:
oy si
The ftp command is a commonly used program for transferring files across a network. The
remote user name specified at the login prompt, must exist, and have a valid password
u
defined at the remote host. To gain a list of all ftp sub-commands, type help in an
interactive session or see the man page.
cl
The rcp command is used to copy one or more files between the local host and a remote
host. The scp command is part of OpenSSH and is designed to replace rcp.
Ex
ftp and rcp use unsecured protocols, as all data including passwords are transferred
across the network unencrypted. These passwords are very easy to sniff and capture.
AIX (starting with AIX6.1)also has an ftp secure feature (-s) which uses Transport Layer
pr
Security (TSL) to encrypt data. To use the secure (–s) option, OpenSSL must be installed,
minimum level 0.9.7.
In each case, the facilities support wild-carding for file names. In the example they only
matched to a single file, but this can be powerful when transferring a collection of files.
Student Notebook
Network file system

IBM Power Systems
• File sharing between heterogeneous systems in a TCP/IP

network
.I. n
• Transparent access to remote files and directories
.T ció
• Based on a client/server model
• Filesets:
.
– Server: bos.net.nfs.server
C
.F a
– Client: bos.net.nfs.client
/home
C rm
/data client1 client2
/data
to fo
/data nfs_server /home
ec vo

Figure 15-29. Network file system AN123.0
Notes:
oy si
Network file system (NFS) is a facility for sharing files in a heterogeneous environment of
machines, operating systems, and networks. The NFS function is built into the kernel of the
u
operating system so it is transparent to applications and users. NFS is based on a

client/server model, where the server stores files and provides clients with access.
cl
Ex
pr
V8.2
Student Notebook
Uempty
NFS server configuration (1 of 2)

IBM Power Systems
• Server configuration
– Starting NFS (now and at system restart)
.I. n
• /usr/sbin/mknfs –B
## lssrc
lssrc –g
–g nfs
nfs
.T ció
biod
biod nfs
nfs 352444
352444 active
active
nfsd
nfsd nfs
nfs 221328
221328 active
active
.
rpc.mountd
rpc.mountd nfs
nfs 315524
315524 active
active
C
rpc.statd
rpc.statd nfs
nfs 364738
364738 active
active
.F a
rpc.lockd
rpc.lockd nfs
nfs 258262
258262 active
active
– Stopping NFS (now)
C rm
• /usr/sbin/rmnfs –N
## lssrc
lssrc –g
–g nfs
nfs
biod
biod nfs
nfs inoperative
inoperative
to fo
nfsd
nfsd nfs
nfs inoperative
inoperative
rpc.mountd
rpc.mountd nfs
nfs inoperative
inoperative
rpc.statd
rpc.statd nfs
nfs inoperative
inoperative
rpc.lockd
rpc.lockd nfs
nfs inoperative
inoperative
ec vo

Figure 15-30. NFS server configuration (1 of 2) AN123.0
Notes:
oy si
The mknfs command configures the system to run the NFS daemons. The mknfs command
accepts the following flags:
u
• -BAdds an entry to the inittab file to execute the /etc/rc.nfs file on system restart and
cl
executes the /etc/rc.nfs file immediately to start the NFS daemons

• -IAdds an entry to the inittab file to execute the /etc/rc.nfs file on system restart
Ex
• -NStarts the /etc/rc.nfs file to start the NFS daemons immediately, when started this
way, the daemons run until the next system restart
When NFS is started the follow daemons are invoked:
pr
• The biod daemon runs on all NFS client systems. When a user on a client wants to
read or write to a file on a server, the biod daemon sends this request to the server. The
biod daemon is activated during system startup and runs continuously.
• The nfsd daemon runs on the server and handles client requests for file system
operations.
Student Notebook
• The rpc.mountd daemon answers client requests to mount file systems. The mountd
daemon finds out which file systems are available by reading the /etc/xtab file. The
/etc/xtab file is created when file systems are exported on the server. This process is
covered in the next visual.
• The rpc.statd and rpc.lockd daemons work together to main stateful locking. NFS
implements an advisory locking mechanism, meaning if a program, and does not pay
any attention to the locking messages it receives, it can go ahead and access the file. In
.I. n
the event of a server crash, the locking information will be recovered. The status
monitor maintains information on the location of connections as well as the status in the
.T ció
/etc/sm directory, the /etc/sm.bak file, and the /etc/state file. When restarted, the statd
daemon queries these files and tries to reestablish the connection it had prior to
termination.
.
C
The rmnfs command changes the configuration of the system to stop running NFS
.F a
daemons. It accepts the same flags as mknfs.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
NFS server configuration (2 of 2)

IBM Power Systems
/etc/exports
/home
/home
.I. n
/usr/man
/usr/man -ro
-ro mknfsexp
/data
/data -root=sys1:sys2
-root=sys1:sys2
.T ció
chnfsexp OR smit nfs
rmnfsexp
.
exportfs -a
C
.F a
C rm
exportfs /home
/etc/xtab /usr/man -ro
/data -root=sys1:sys2
to fo
rpc.mountd
ec vo

Figure 15-31. NFS server configuration (2 of 2) AN123.0
Notes:
oy si
In order to configure an NFS server, you have to first decide:

u
• What directories you want to export

• Which clients you want to have access the directories and files
cl
• The permissions (for example, read-write, read-only) clients will have when accessing
the files
Ex
In the example shown in the visual:

• /home is exported to the world with read-write permissions. For security reasons, the
clients root user does not have root privileges when accessing the files remotely. The
pr
root user is mapped to the nobody user (UID = -2).

• /usr/man directory is exported to the world with read-only permissions.
• /data directory is exported to systems: sys1, sys2, and these systems have read-write
access with their root users having root privileges when accessing the files remotely.
Normally the client’s root user is mapped to user nobody on the server.
Student Notebook
Only when the NFS subsystem is activated, using the mknfs command, can directories be
made available. When the /etc/export file has been configured, the exportfs command is
used to make the directories available for client mounting. The exportfs -a command
exports all items listed in the /etc/exports file and automatically copies the entries to the
/etc/xtab file. /etc/xtab file entries are used by the system and always reflect what is
currently exported. This leaves the /etc/exports file available for updating at any time. The
/etc/xtab file must never the edited directly.
.I. n
An easy way to maintain the NFS export list is to use SMIT or the AIX commands that are
issued by SMIT. These commands are mknfsexp, chnfsexp, and rmnfsexp. The SMT
.T ció
panels will simplify the creation of otherwise complicated entries in the /etc/exports files.
The panel (and the underlying AIX command) provide an option to specify whether you
wish to only update /etc/exports or also export the change to /etc/xtab.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Manual NFS client mounting

IBM Power Systems
• The showmount command can be used to query the directories

exported by the NFS server.
.I. n
kenny:/
kenny:/ ## showmount
showmount -e
-e nfs_server
nfs_server
export list for nfs_server:
export list for nfs_server:
.T ció
/usr/man
/usr/man (everyone)
(everyone)
/data
/data kenny,kyle,eric
kenny,kyle,eric
/home
/home (everyone)
(everyone)
.
C
.F a
• Mounting an NFS server directory:
## mkdir
mkdir /data_client_mnt
/data_client_mnt
C rm
## mount
mount nfs_server:/data
nfs_server:/data /data_client_mnt
/data_client_mnt
## df
df /data
/data
Filesystem
Filesystem 512-blocks
512-blocks Free
Free %Used
%Used Iused
Iused %Iused
%Iused Mounted
Mounted on
on
to fo
nfs_server:/data 278528
nfs_server:/data 278528 212920 24%
212920 24% 1317
1317 6% /data_client_mnt
6% /data_client_mnt
• Predefined mounts can also be defined using smit mknfsmnt.

ec vo

Figure 15-32. Manual NFS client mounting AN123.0
Notes:
oy si
The showmount command is useful for viewing which directories are available for mounting
on a particular NFS server. To mount an NFS directory, first create a directory point and
u
then issue the mount command, as shown in the visual.

cl
Syntax: mount <NFS_server_name>:<server mount point> <client directory mount

point>
Ex
pr
Student Notebook
Predefined NFS client mounting

IBM Power Systems
– smit mknfsmnt
Add
Add aa File
File System
System for
for Mounting
Mounting
** Pathname
Pathname of
of mount
mount point [/data_client_mnt] //
.I. n
point [/data_client_mnt]
** Pathname
Pathname of
of remote
remote directory
directory [/data]
[/data]
** Host
Host where
where remote
remote directory
directory resides
resides [nfs_server]
[nfs_server]
.T ció
** Security
Security method
method [sys]
[sys] ++
** Mount
Mount now,
now, add
add entry
entry to
to /etc/filesystems
/etc/filesystems oror both?
both? Both
Both ++
** /etc/filesystems
/etc/filesystems entry
entry will
will mount
mount the
the directory
directory no
no ++
.
on
on system
system restart.
restart.
** Mode
Mode for
for this
this NFS
NFS file
file system read-write ++
C
system read-write
.F a
** Attempt mount in foreground or background
Attempt mount in foreground or background background
background ++
** Mount
Mount file
file system
system soft
soft or
or hard
hard hard
hard
Note:
Note: Many
Many options
options removed
removed for
for clarity.
clarity.
C rm
– /etc/filesystems
/data_client_mnt:
/data_client_mnt:
dev
dev == "/data"
"/data"
to fo
vfs
vfs == nfs
nfs
nodename
nodename == nfs_server
nfs_server
mount
mount == false
false
options
options == bg,hard,intr,sec=sys
bg,hard,intr,sec=sys
ec vo

Figure 15-33. Predefined NFS client mounting AN123.0
Notes:
oy si
Predefined mounts are NFS mounts which are defined in /etc/filesystems for ease of use
when manual mounting or to enable remote file systems to be mounted during system start
u
time.
cl
Key options are:

• Security Method: Possible values are: sys, dh, krb5, krb5i, krb5p, which correspond to
Ex
Unix, DES, Kerberos 5, Kerberos 5 with integrity, and Kerberos 5 with privacy. The
default NFS security used in most implementations is standard Unix (sys). The other
methods are used in special situations where authentication and encryption is required.
These methods are supported by a new version of NFS, NFS version 4. NFS v4 is not
pr
the default version used in AIX and is a large complex topic which is outside the scope
of this class but may wish to refer to the following IBM Redbook Implementing NFSv4 in
the Enterprise: Planning and Migration Strategies, available at:
http://www.redbooks.ibm.com/abstracts/sg246657.html.
• Mode: Read-write or read-only.
V8.2
Student Notebook
Uempty • Attempt mount in: Values: background (default) or foreground

If the attempt to mount the directory fails, the mount will be retried in the background. If
foreground is selected, the mount request stays in the foreground even, if the mount
request fails.
• Mount type: Values: hard or soft
If the mount is soft, the system returns an error if the server does not respond. If the mount
.I. n
is hard, the client continues trying until the server responds. The hard mount is the default.
When a hard mount is selected, an extra option is included in /etc/filesystems: intr. The intr
.T ció
option allow signals to interrupt an NFS call. This is useful for aborting an NFS mount
process when the server does not respond.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Virtual Network Computing

IBM Power Systems
• VNC is a free graphical desktop sharing system which uses the RFB
protocol to remotely control another computer.
• It is popular in both UNIX and Windows systems.
.I. n
.T ció
VNC viewer
eg. UltraVNC VNC traffic
.
realVNC
tightVNC
VNC AIX
C
.F a
Server
C rm Can also be tunneled

over an ssh
to fo
connection for
improved security
ec vo

Figure 15-34. Virtual Network Computing AN123.0
Notes:
oy si
Virtual Network Computing (VNC) is a graphical desktop sharing system which uses the
RFB (“remote framebuffer”) protocol to remotely connect to another host/server. It
u
transmits the keyboard and mouse events from one host to another, relaying the graphical
screen updates back in the other direction, over a network.
cl
VNC is platform-independent. A VNC viewer on any operating system connects to a VNC

server, running in this case, on AIX. Multiple clients may connect to the VNC server at the
Ex
same time. Popular uses for this technology include remote technical support and
accessing files on one's work computer from one's home computer, or vice versa.
VNC was originally developed at the Olivetti Research Laboratory in Cambridge, United
pr
Kingdom. The original VNC source code and many modern derivatives are open source
under the GNU General Public License.
V8.2
Student Notebook
Uempty
VNC configuration
IBM Power Systems
• In order to set up a VNC server on AIX, install vnc and zlib from the AIX
Toolbox for Linux Applications.
• Start a VNC session by typing:
.I. n
Note: The TCP/IP port
– vncserver :<port number> started is actually
.T ció
## vncserver
vncserver :33
:33 5933. The “59” is
New
New 'X' desktop is
'X' desktop is neo:33
neo:33 implied and is not
required to connect.
Starting
Starting applications
applications specified
specified in
in //.vnc/xstartup
.
//.vnc/xstartup
Log
Log file
file is
is //.vnc/neo:33.log
//.vnc/neo:33.log
C
.F a
– To access the AIX desktop VNC session from:
C rm
• UNIX, type: # vncview neo:33 (requires Xwindows environment)
• PC VNC viewer
to fo
• Also, access can be done through a web browser over http
– URL: http://neo:5833
ec vo

Figure 15-35. VNC configuration AN123.0
Notes:
oy si
To run VNC on AIX, install the following filesets from the AIX Toolbox for Linux Applications
CD. No further configuration is required.
u
# lslpp -l |egrep -i "vnc|zlib)"

cl
freeware.vnc.rte 3.3.3.2 COMMITTED Virtual Network Computing

freeware.zlib.rte 1.1.3.2 COMMITTED Data compression library
Ex
zlib is a library of compression routines.

When a VNC session is started, two TCP/IP ports are opened, 59<number> and
58<number>. The 59 port must be used for the vncviewer application. The 59 prefix is
generally not required. It is implied and hard coded into the viewer application. The 58 port
pr
is used to access VNC over http. To connect in the way, the full port number (including 58)
must be supplied.
Student Notebook
Checkpoint
IBM Power Systems
1. What are the following used for?

a. /etc/rc.tcpip
.I. n
b. ssh
c. VNC
.T ció
d. /etc/services
.
2. What is multipath routing and why should we use it?
C
.F a
3. How can we disable the FTP protocol on AIX?
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
TCP/IP
implementation
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
.
C
.F a
– IP configuration, routing, aliasing
C rm
– Log in to another system
– Transfer files
to fo
– Run commands
• Configure NFS
• Set up VNC
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Unit 16. Introduction to workload partitions

This unit provides an introduction to workload partitioning.
.I. n
.T ció
• Explain nature and purpose of workload partitions (WPARs)
.
• Create and activate a basic system WPAR
C
.F a
• Describe the role of WPAR manager
C rm
to fo
References
ec vo
Online AIX Version 7.1 IBM Workload Partitions for AIX

SG24-7656 Workload Partition Management in IBM AIX Version
oy si
6.1 (Redbook)
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Workload partition overview

IBM Power Systems
• Workload partitions (WPARs) enable consolidation of

applications to a single AIX system with application isolation:
– Data isolation
.I. n
– IPC isolation
.T ció
– Separate configuration (has own /etc directory)
– Resource controls to avoid dominating resources
.
• Global environment AIX System
C
.F a
– Hosting AIX system (AIX 6 or later)
Workload
– Owns and allocates physical resources Workload
C rm
Partition Partition
– Defines and manages WPARs Application
Server
Billing
Workload
• WPARs appear as AIX instances Partition
Workload Test
to fo
– Have own daemons and services Partition Workload
Web Partition
– Have own IP addresses Server BI
– Have own file systems

ec vo

Figure 16-2. Workload partition overview AN123.0
Notes:
oy si
Introduction
u
Workload Partition (WPAR) is a software-based virtualization feature introduced in AIX

6 that will provide new capabilities to reduce the number of AIX operating system
cl
images that need to be maintained when consolidating multiple workloads on a single

server. WPARs provide a way for clients to run multiple applications inside the same
instance of an AIX operating system, while providing security and administrative
Ex
isolation between applications. WPARs complement logical partitions and can be used
in conjunction with logical partitions if desired. WPAR can improve administrative
efficiency by reducing the number of AIX operating system instances that must be
maintained. WPAR can increase the overall utilization of systems by consolidating
pr
multiple workloads on a single system, and is designed to improve cost of ownership.

Global environment
Workload partitions are created within standard AIX system. The global environment
the hosting part of the AIX system and it does not belong to any workload partition. The
Student Notebook
global environment is what you are working with when you login to the IP address of the
AIX system, as opposed to the IP address of one of the contained WPARs.
This global environment executes within a dedicated LPAR or physical system. The
global environment owns all physical resources of the LPAR: network adapters, disks
adapters, disks, processors, memory. It allocates CPU and memory resources to the
workload partitions. It provides them access to the network and storage devices.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Comparing WPARs to LPARs for consolidation

IBM Power Systems
• Rapid provisioning
• Can have thousands of WPARs per AIX system
.I. n
.T ció
• Less resource needed per AIX instance
.
• Less work to maintain AIX software
C
.F a
• Lower AIX licensing costs
C rm
• Can use older hardware (POWER4 or later)
– Provides dynamic CPU and memory sharing
to fo
– Provides Live Application Mobility (using WPAR Manager)
• Common kernel presents a potential single point of failure

ec vo

Figure 16-3. Comparing WPARs to LPARs for consolidation AN123.0
Notes:
oy si
WPARs provide unique partitioning values.

u
• Smaller number of OS images to maintain

• Performance efficient partitioning through sharing of application text and kernel data
cl
and text
• Fine-grain partition resource controls
Ex
• Simple, lightweight, centralized partition administration

WPARs enable multiple instances of the same application to be deployed across partitions.
• Many WPARs running DB2, Web Sphere, or Apache in the same AIX image
pr
• Greatly increases the ability to consolidate workloads because often the same
application is used to provide different business services
• Enables the consolidation of separate discrete workloads that require separate
instances of databases or applications onto a single system or LPAR
Student Notebook
• Reduced costs through optimized placement of work loads between systems to yield
the best performance and resource utilization
WPAR technology enables the consolidation of diverse workloads on a single server
increasing server utilization rates.
• Hundreds of WPARs can be created. Far exceeding the capability of other partitioning
technologies.
.I. n
• WPARs support fast provisioning and fast resource adjustments in response to
normal/unexpected demands. WPARs can be created, and resource controls modified,
.T ció
in seconds.
• WPAR resource controls enable the over-provisioning of resources. If a WPAR is below
allocated levels, the unused allocation is automatically available to other WPARs.
.
C
• WPARs can be migrated to another partition in response to normal shift in or
.F a
unexpected change in demand.
C rm
WPARs enable development, test, and production cycles of one workload to be placed on
a single system.
• Different levels of applications (production1, production2, test1, test2) can be deployed
in separate WPARs.
to fo
• Quick and easy roll out or roll back to production environments
• Reduced costs through the sharing of hardware resources
• Reduced costs through the sharing of software resources such as the operating
ec vo
system, data bases, and tools

oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Default WPAR network configuration

IBM Power Systems
• WPAR name used as host name and its name resolution as the IP address.
• IP address defined as alias on en0 in global environment.
• Can customize network configuration for WPAR.
.I. n
• WPARs only see their own IP address in configuration.
.T ció
• Packets with destination address of WPAR are routed to that WPAR by global
environment.
.
glob_env
C
.F a
10.47.110.1/16
glob_env:
glob_env: ## ifconfig
ifconfig en0
en0 || egrep
egrep “en0|inet0”
“en0|inet0”
Workload
C rm
en0:
en0:
inet Partition: wpar1
inet 10.47.110.1
10.47.110.1 netmask
netmask 0xffff0000
broadcast 10.47.255.255
10.47.255.255
inet 10.47.33.1/16
inet 10.47.33.1
10.47.33.1 netmask
netmask 0xffff0000
broadcast 10.47.255.255
10.47.255.255
en0 (net)
to fo
wpar1:
wpar1: ## ifconfig
ifconfig en0
en0 || egrep
egrep “en0|inet0”
“en0|inet0”
en0:
en0:
inet
10.47.0.0
inet 10.47.33.1
10.47.33.1 netmask
netmask 0xffff0000
broadcast 10.47.255.255
10.47.255.255
ec vo

Figure 16-4. Default WPAR network configuration AN123.0
Notes:
oy si
The network connection for a WPAR is implemented using the network alias feature on the
global environment level's physical or virtual network interface. The network alias is a
u
standard feature that is used to implement an IP address for each WPAR. By using an IP
address that is different from the hosting global environment, the applications can move
cl
form system to system while keeping the same IP address.

Ex
pr
Student Notebook
WPAR resource control

IBM Power Systems
• Mainly controls CPU and memory allocation

• Target percentage of system resources:
– WPAR that wants more and is below target gets high priority
.I. n
– WPAR that is over target gets low priority
.T ció
W1 W2 W3
20 shares 30 shares 50 shares
.
20% 30% 50%
C
.F a
• Limit percentages of system resources
C rm
– Maximum limits can restrict resources
– Minimum limits will guarantee resources
to fo
min normal soft Hard
limit range max max
limit limit
ec vo

Figure 16-5. WPAR resource control AN123.0
Notes:
oy si
Resource allocation control for each WPAR is performed by the global administrator, to
prevent a resource hungry WPAR from negatively impacting the performance of other
u
WPARs.
cl
There are two approaches of specifying CPU and memory allocation:

Share-based target percentage.
Ex
Each workload partition receives its part of the specified resource, according to the ratio of
its own share to the sum of shares of all currently active workload partitions.
Limit percentages.
pr
There are three parameters that should be specified:

• Minimum percentage is the minimum amount of a resource that a WPAR is guaranteed
to have available at all times.
• Soft maximum percentage is the maximum amount of a resource that a WPAR can
have when multiple WPARs contend for that type of resource. If there is a sufficient
V8.2
Student Notebook
Uempty amount of that type of resource available, and resource contention does not occur, the
WPAR can exceed this limit.
• Hard maximum percentage is the maximum amount of a resource that a WPAR can
ever have. Even if there is a sufficient amount of that type of resource available, and
resource contention does not occur, the WPAR cannot exceed this limit.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
System versus application WPARs

IBM Power Systems
• System WPARs
– Self contained, virtual AIX instance
– Own init process hierarchy including system service daemons
.I. n
• Such as network services (for example: Telnet and ssh)
– Private copies of system file systems
.T ció
• Has own configuration, users, and more
– Persistent and independent of the application processes
.
• Can be stopped and restarted
C
– Has restricted access to devices and storage
.F a
• Application WPARs
C rm
– Application launched using WPAR
– Shares global process, device, and system file systems environment
– WPAR stops when application process stops
• Both types
to fo
– Allow resource controls
– Can use Live Application Mobility (with WPAR Manager)
– Have own IP address for client access
ec vo

Figure 16-6. System versus application WPARs AN123.0
Notes:
oy si
System WPAR
u
System workload partitions are autonomous virtual system environments with their own
private root file systems, users and groups, login, network space, and administrative
cl
domain.
The systems administrator accesses the WPAR through the administrator console or
Ex
through regular network tools such as telnet or ssh. Inter-process communication for a
process in a WPAR, is restricted to those processes in the same WPAR.
System workload partitions are complete virtualized OS environments, where multiple
services and applications run. It takes longer to create a system WPAR compared to an
pr
application WPAR, as it builds its own file systems. A system WPAR is removed only when
requested. It has its own root user, RBAC privileges, and system services like inetd, cron,
syslog, and so on.
A system WPAR does not share writable file systems with other workload partitions or the
global environment.
V8.2
Student Notebook
Uempty Application WPAR

An application filesystem is set up to host only a single application or process. It provides
an AIX runtime environment that is suitable for execution of one or more processes that
can be started from a single command. As soon as the command exits, the workload
partition is also automatically terminated (or shut down).
• An application WPAR shares the file system of the global environment. It does not own
any dedicated storage.
.I. n
• An application WPAR can run daemons, but it will not run any of the system service
.T ció
daemons such as inetd, cron, or srcmstr.
• It is not possible to remotely log in to an application partition or remotely execute an
action into an application WPAR.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
System WPAR process space

IBM Power Systems
root@global_env /: ps -eaf |grep –E rcmstr|315476“

Global Environment
errdemon UID PID PPID C STIME TTY TIME CMD
init
xmwlm root 1 0 0 Jun 29 - 0:00 /etc/init
.I. n
/etc/init
syncd root 204946 1 0 Jun 29 - 0:00 /usr/sbin/srcmstr
cron root 282812 315476 0 Jul 03 - 1:57 /usr/bin/xmwlm -L
.T ció
root 315476 204946 0 Jul 03 - 0:00 /etc/init
biod srcmstr root 348392 315476 0 Jul 03 - 0:00 /usr/sbin/srcmstr
root 364660 315476 0 Jul 03 - 0:01 /usr/sbin/cron
portmap
rpc.statd
.
syslogd inetd
Others…
C
PID=1
.F a
init
PID=315476 /etc/init
# root@wpar1 /: ps –ef
C rm
UID PID PPID C STIME TTY TIME CMD wpar1
root 1 0 0 Jul 03 - 0:00 /etc/init cron
root 233674 348392 0 Jul 03 - 0:00 /usr/sbin/inetd wmwlm
root 241740 348392 0 Jul 03 - 0:00 /usr/sbin/syslogd srcmstr
root 258278 348392 0 Jul 03 - 0:00 /usr/sbin/portmap biod
root 266444 348392 0 Jul 03 - 0:00 /usr/sbin/biod 6
to fo
Others…
root 282812 1 0 Jul 03 - 1:55 /usr/bin/xmwlm -L
portmap inetd rpc.statd
root 307220 1 0 23:06:20 ? 0:00 clogin wpar1
root 348392 1 0 Jul 03 - 0:00 /usr/sbin/srcmstr
root 364660 1 0 Jul 03 - 0:01 /usr/sbin/cron syslogd
ec vo

Figure 16-7. System WPAR process space AN123.0
Notes:
oy si
The visual shows an example of the processes structure in a system workload partition,
and its interaction with the global environment.
u
The global srcmstr daemon starts a process that will act as the WPARs init process,
cl
parenting all other processes in the WPAR. Within the WPAR the PID of this process is
virtualized to appear as PID 1, just like the init process in the global environment.
Ex
Each system workload partition has its own inittab file, so that it appears to be a
stand-alone operating system. The WPAR init parents a standard set of processes
including its own srcmstr and inetd. Having its own inetd daemon means that each system
WPAR can have its own telnetd or sshd to allow someone to log into the WPAR
pr
environment and receive an interactive shell prompt for that environment.
V8.2
Student Notebook
Uempty
System WPAR file systems space

IBM Power Systems
{sys02_p2} / # mount
• AIX global Node mounted mounted over vfs date options
environment -------- -------------- --------------- ------ ------------ ----------
/dev/hd4 / jfs Aug 27 14:05 rw,log=/dev/hd8
.I. n
/dev/hd2 /usr jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd9var /var jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd3 /tmp jfs Aug 27 14:06 rw,log=/dev/hd8
.T ció
/dev/hd1 /home jfs Aug 27 14:06 rw,log=/dev/hd8
/proc /proc procfs Aug 27 14:06 rw
/dev/hd10opt /opt jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/fslv01 /wpars/wpar1 jfs2 Sep 03 14:55 rw,log=INLINE
/dev/fslv02 /wpars/wpar1/home jfs2 Sep 03 14:55 rw,log=INLINE
.
/opt /wpars/wpar1/opt namefs Sep 03 14:55 ro
C
/proc /wpars/wpar1/proc namefs Sep 03 14:55 rw
.F a
/dev/fslv03 /wpars/wpar1/tmp jfs2 Sep 03 14:55 rw,log=INLINE
/usr /wpars/wpar1/usr namefs Sep 03 14:55 ro
/dev/fslv04 /wpars/wpar1/var jfs2 Sep 03 14:55 rw,log=INLINE
C rm
{wpar1} / # mount
• System WPAR Node mounted mounted overvfs date options
-------- ------------- --------------- ------ ------ ---------
Global / jfs2 Sep 03 14:55 rw,log=INLINE
Global /home jfs2 Sep 03 14:55 rw,log=INLINE
to fo
Global /opt namefs Sep 03 14:55 ro
Global /proc namefs Sep 03 14:55 rw
Global /tmp jfs2 Sep 03 14:55 rw,log=INLINE
Global /usr namefs Sep 03 14:55 ro
Global /var jfs2 Sep 03 14:55 rw,log=INLINE
ec vo

Figure 16-8. System WPAR file systems space AN123.0
Notes:
oy si
The visual shows an example of the default storage model of a system WPAR. The system
WPAR includes the creation of a base directory. This base directory is the root of the chroot
u
system WPAR environment. By default, the path to this base directory is

/wpars/<name_of_wpar> in the global environment.
cl
From the global environment, the file systems and mount points associated with the system
WPAR, are seen as being located within a WPAR-specific sub-directory tree of the global
Ex
environment (for example, /wpars/wparname/).

From within the WPAR, the file systems are seen as being rooted at /.
By default the WPAR /usr and /opt file systems are shared with the global environment
pr
(read only). Alternatively, if the application requires read/write access to these directories,
the WPAR can have its own non-shared copies. However, this will significantly increase the
time required to create, backup, or restore the WPAR.
Other WPAR file systems such as /, /home, /tmp and /var are real read-write filesystems
and dedicated to the workload partition.
Student Notebook
The private red-write file systems can also be hosted through NFS. NFS provides one way
that the private file systems can be shared between departure system and an arrival
system when implementing Live Application Mobility to move WPARs from box to box
(LPAR to LPAR).
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
System WPAR storage and device access

IBM Power Systems
• Storage access:
– Default: Accessed through mounts defined by global administrator
.I. n
– Global admin can export virtual SCSI or Fibre Channel attached disks
– Global admin can export Fibre Channel adapters
.T ció
– WPAR can directly administer LVM and file system on exported devices
.
• Device access:
C
.F a
– Can only access devices permitted by global environment
– Permits a limited set of safe pseudo devices, such as /dev/null,
C rm
/dev/zero, /dev/random, and /dev/tty
– Forbids devices that could bypass isolation, such as /dev/mem or
/dev/kmem
– Default: Cannot load kernel extensions (cannot make devices available)
to fo
– Global admin can identify a list of kernel extensions which the WPAR can
load
ec vo

Figure 16-9. System WPAR storage and device access AN123.0
Notes:
oy si
Direct access to storage devices allows a WPAR more control over its storage. A WPAR
with an exported storage device can define its own volume groups, logical volumes, and file
u
systems and have more control over the management of that space.
cl
Another advantage of WPAR storage device access is the ability to support Live
Application Mobility (LAM) without placing the private file systems on an NFS server. The
private file systems can be made sharable by using a SAN disk managed by the WPAR.
Ex
The ability to export FC attached devices to a WPAR was introduced in AIX 6.1 TL03. The
ability to exporting virtual SCSI disks and FC adapters was introduced in AIX 7 and AIX 6.1
TL6. (If updating an AIX system to AIX6.1 TL6, you must explicit install the new base fileset
pr
wio.vscsi; a smit update_all operation will not install it.)

Staring with AIX 7, the AIX global administrator can identify kernel extensions (KE) that
may be loaded by a WPAR. A process inside the WPAR would need to handle the KE
loading. This solves a problem that prevented some applications form running in a WPAR
environment. WPARs which load kernel extensions can not be relocated using Live
Application Mobility.
Student Notebook
Types of system WPARs

IBM Power Systems
• Default environment: AIX maintenance in global, sync WPARs

• Detached: WPAR does AIX maintenance, must match global
.I. n
• SAN based rootvg WPAR used to allow mobility without NFS
.T ció
Shared /usr Private /usr
Private system file
.
systems defined by Default
C
Detached WPAR
.F a
global environment system WPAR
(rootvg or NFS)
C rm
Private system file
systems defined by Detached
WPAR on an
rootvg WPAR
rootvg WPAR
to fo
exported disk
ec vo

Figure 16-10. Types of system WPARs AN123.0
Notes:
oy si
In the default system WPAR environment, the /usr file system is shared with the global
environment and is accessed through a read-only mount. This reduces the overhead of
u
defining the WPAR and reduces the time needed to build the WPAR. It also reduces the
AIX software maintenance effort, since we only need to update the global copy of the
cl
software and then synchronize the WPARs to the new level.

A detached WPAR has its own private read-write copy of the /usr filesystem. This provides
Ex
the WPAR with the flexibility of installing and maintaining its own software that may not be
needed in the Global environment or by other WPARs. The down side is that we lose the
benefits that are provided by the default configuration. Since the WPAR is still using a
shared kernel, if the WPAR maintenance is not matched to the level of the kernel, the
pr
WPAR could become unusable.

A rootvg WPAR stores the private filesystems on a disk that has been exported to the
WPAR. The advantage of a rootvg WPAR is that the disk can be located on a SAN and
shared between departure and arrival system using Live Application Mobility.
V8.2
Student Notebook
Uempty By default, the rootvg is not a detached WPAR; In other words, while most filesystems will
be on the exported disk, the /usr file system will still be read-only and shared with the global
environment.
The rootvg WPAR can be defined as a detached WPAR, in which case all of its filesystems
are stored on the exported disk.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Versioned WPAR
IBM Power Systems
• Detached WPAR running old AIX release in a compatibility environment
• Requires separate LPPs:
– AIX5.2 WPARs for AIX7
.I. n
– AIX5.3 WPARs for AIX7
.T ció
AIX 7 Global Environment (LPAR)
.
Native VWPAR
C
Native
WPAR AIX52
VWPAR
.F a
Native VWPAR
WPAR Native
WPAR
C rm
WPAR
CRE Native OS Support

to fo
Native system calls + new compatibility syscalls
AIX 7 Kernel
CRE = Compatibility Runtime Environment
ec vo

Figure 16-11. Versioned WPAR AN123.0
Notes:
oy si
AIX 5.2 LPARs cannot run on POWER7 hardware. To allow applications that are only
certified for this withdrawn AIX level, versioned WPARs provide a path to move off old
u
equipment to the newer POWER7 hardware.

To allow this, AIX7 provides a Compatibility Runtime Environment for WPARs where the
cl
commands and libraries used by the WPAR do not have to match the level of the common
kernel. This support is provided by a licensed program product called AIX 5.2 Workload
Ex
Partitions for AIX7 that only runs on a POWER7 platform.

The AIX 5.2 environment has renewed limited software support (AIX 5.2 without this is no
longer serviced). The versioned WPAR also benefits from sharing the AIX7 kernel which
provides benefits of: SMT4, micro partitioning, Virtual I/O Server support, Live Partition
pr
Mobility, Live Application Mobility (with WPAR Manager), and more.

Most applications should run in this environment. But there are exceptions (see the
production documentation). A proof of concept study is recommended before committing to
use a versioned WPAR.
Note: The support for versioned WPARs has also been extended to AIX version 5.3
systems, requiring a license for the AIX 5.3 WPARs for AIX 7 LPP.
V8.2
Student Notebook
Uempty
Basic system WPAR commands

IBM Power Systems
• Create a system WPAR: Global:

Global: ## mkwpar
mkwpar –n
–n wpar1
wpar1
– Defines the workload partition
– Creates and loads system file systems
.I. n
.T ció
Global:
Global: ## startwpar
startwpar wpar1
wpar1
• Start a system WPAR:
– Mounts file systems, imports device
.
– Starts WPAR init process
C
Global:
Global: ## stopwpar
stopwpar [–F]
[–F] wpar1
wpar1
• Stop a system WPAR:
.F a
wpar1:
wpar1: ## shutdown
shutdown –F
–F
C rm
• Remove a system WPAR:
Global:
Global: ## rmwpar
rmwpar wpar1
wpar1
• List status of the WPARs:

to fo
Global:
Global: ## lswpar
lswpar
– A: Active
– D: Defined
For more extensive WPAR training attend: AN17
ec vo

Figure 16-12. Basic system WPAR commands AN123.0
Notes:
oy si
The system WPAR creation takes the longest to complete because it not only defines new
file systems, it also clones the global filesystem contents into them. But this is still
u
significantly less time than installing AIX into an LPAR, because (by default) the /usr
filesystem is shared with the global environment and does not need to have its content
cl
cloned into a WPAR private filesystem.

The displayed commands are the bear essentials. Each of them has many additional
Ex
options to customize device access, filesystems access, resource controls, network

configuration, ability to save and clone configuration details, and more. For more
information, see the man pages for the commands.
pr
There are additional commands (not covered in this course) that provide additional abilities
including the ability to modify a WPAR, backup and restore a WPARs private filesystems,
and more.
For a more complete training in using AIX workload partitions, attend AN17 AIX Workload
Partitions Installation and Management.
Student Notebook
Application WPARs
IBM Power Systems
• Isolate individual applications

Create and run
• Light weight; quick to create and remove
.I. n
– Created with wparexec command
• # wparexec -n MyAppWpar /start_myapp
.T ció
– Removed when stopped Stop and remove
– Stopped when the application finished
.
– File systems and device resources are shared with the global environment
C
.F a
– System daemons and services shared with global environment
– Does not provide standard network services
C rm
• Children processes automatically part of WPAR
• Has IPC isolation from other WPARs
• Has WPAR resource controls
to fo
• Has network support for connecting to the application
• Can be relocated to another server (using WPAR Manager)
ec vo

Figure 16-13. Application WPARs AN123.0
Notes:
oy si
Application workload partitions do not provide the highly virtualized system environment
offered by system workload partitions, rather they provide an environment for segregation
u
of applications and their resources to enable resource control, some isolation, and (with
WPAR Manager) application checkpoint, restart, and relocation.
cl
The Application WPAR represents an envelope around a specific application process or

processes which provides the manageability and some of the isolation that a system
Ex
WPAR provides. Since it uses the global environment system file system and device
resources, it is light weight, quick to create and remove, and does not take a lot of
resources. On the other hand this prevents separate configuration and reduces the
isolation.
pr
Once the application process or processes are finished, the WPAR is stopped.
There are no login capabilities for the user. If you need to access the application, you must
use an application provided mechanism.
All file systems are shared with the global environment. If an application is using devices, it
will use global environment devices.
V8.2
Student Notebook
Uempty
Workload Partition Manager overview

IBM Power Systems
• Provides centralized management of WPARs

• WPAR Manager components: Browser
– WPAR Manager plug-in to Systems Director
.I. n
– WPAR Manager subagent on managed LPAR
.T ció
• Functions: IBM Systems Director
– Basic lifecycle administration
.
• Create, view, modify, start, stop, remove
C
WPAR Manager
.F a
– Advanced management Plug-in
Agent Manager
• Static and live relocation
C rm
• Checkpoint, restart
• Automated relocation,
policy driven LPAR X
• Monitoring, performance LPAR Y Common Agent
to fo
reporting Common Agent WPAR sub-agent
WPAR sub-agent
• Global load balancing
WPAR A WPAR B WPAR C
• Recovery WPAR1 WPAR2 WPAR3
ec vo

Figure 16-14. Workload Partition Manager overview AN123.0
Notes:
oy si
IBM Workload Partition (WPAR) Manager for AIX is a platform management solution that
provides a centralized point of control for managing workload partitions or WPARs, across
u
a collection of managed systems running AIX.

cl
It is an optional product, part of the IBM Systems Director family, designed to facilitate the
management of WPARs and application mobility. WPAR Manager also provides advanced
features such as policy-based mobility for the automation of WPAR relocation, based on
Ex
current performance state.

WPAR Manager is a separate chargeable licensed program product; it is not part of AIX.
Additional training on the installation, configuration and use of the IBM Workload Partition
pr
(WPAR) Manager for AIX product is available in the course AN74.
Student Notebook
Checkpoint
IBM Power Systems
1. True or False: Workload partitions require POWER7 systems.
.I. n
2. What are the two types of workload partitions?
.T ció
3. What command builds and starts an application workload partition?
.
4. True or False: Live Application Mobility (LAM) requires that the WPAR
C
.F a
private file systems reside on an NFS server.
C rm
5. True or False: By default, a system WPAR has shared read-only
access to the /usr file system in the global environment.
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Introduction to
workload partitions
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
Student Notebook
Unit summary
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo

Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty Appendix A. Printers and queues

This unit describes the concepts behind the AIX print spooling
mechanisms in AIX 6.1.
.I. n
.T ció
.
• Describe the purpose and the benefits of a queuing system
C
• Identify the major components that are responsible for processing
.F a
a print request
• Add a printer queue and device under different circumstances
C rm
• Submit jobs for printing
• View the status of the print queues

to fo
ec vo
References
Online AIX 6.1 System Management Guide
oy si
Online AIX 5L Version 5.3 Guide to Printers and Printing

u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-1
Student Notebook
Unit objectives
IBM Power Systems

.I. n
• Identify the major components that are responsible for
.T ció
processing a print request
.
C
.F a
• View the status of the print queue
C rm
to fo
ec vo

Figure A-1. Unit objectives AN123.0
Notes:
oy si
u
cl
Ex
pr
A-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
V8.2
Student Notebook
Uempty
AIX 6.1 printing environments

IBM Power Systems
• Print subsystems:
– AIX print subsystem
.I. n
– System V print subsystem
.T ció
• Print directly to a local printer device.
.
C
.F a
• Print directly to a remote printer through a socket program.
C rm
• Infoprint Manager, or similar advanced print management
system
to fo
ec vo

Figure A-2. AIX 6.1 printing environments AN123.0
Notes:
oy si
Introduction
u
The visual gives an overview of the different approaches that can be taken to printing
cl
under AIX 5L and later. In the next two visuals, System V printing is compared to the
traditional AIX print subsystem. The remainder of this unit will focus on using the AIX
print subsystem.
Ex
Note
You can use either the AIX print subsystem or the System V print subsystem. They will not
pr
run concurrently.
Student Notebook
Print directly to a local printer device

This is the simplest form of printing. If your printer is directly attached to a serial or
parallel port on the local machine, it is possible to print by sending a file directly to the
device. For example:
# cat /home/karlmi/myfile > /dev/lp0
In this approach, you lose the ability to serialize (spool) print requests. Only one user
.I. n
may print at a time. On the other hand, if a printer is dedicated to one use, this may be a
good solution. Examples might be logging to a printer, or printing checks.
.T ció
Print directly to a remote printer through a socket program
.
This is similar to printing to a device driver, except that in this case, you are sending the
C
.F a
output to a program which makes a connection to the printer over the network.
C rm
Print using the System V print subsystem
In this environment, files to be printed are sent to the System V print service daemon,
lpsched, using the lp or lpr commands. The print service daemon serializes the jobs,
so they will be printed in the order in which they were submitted. The print service may
to fo
filter the file to format the data so that it matches the types of data acceptable to the
printer. The print service then sends files, one at a time, to the interface program, which
may do additional filtering before sending the file to the local printer driver or network
ec vo
printing application.
Print using the AIX print subsystem

oy si
In this environment, files to be printed are sent to the AIX print spooler daemon,
qdaemon, using any of the AIX print commands (enq, qprt, lp, or lpr). The spooler
daemon serializes the jobs. The spooler sends jobs, one at a time, to programs that
u
may filter the data, before sending it to the local printer driver or network printing
application.
cl
Print using IBM’s Infoprint Manager (or similar advanced print

Ex
management system)
Infoprint Manager provides serialization and filtering similar to the System V or AIX print
subsystems. In addition, it adds extra capabilities of security, customization, and control
not provided by either System V printing or AIX printing. For additional information, refer
pr
to the Infoprint Manager Web site:

http://www.printers.ibm.com/internet/wwsites.nsf/vwwebpublished/ipmaix_ww
V8.2
Student Notebook
Uempty
AIX print subsystem: Advantages

IBM Power Systems
• Powerful and flexible printer drivers
.I. n
• System management tools:
.T ció
– Limits fields and options validation
– Easy printer customization
.
– Single step print device and queue creation
C
.F a
• Customizable spooling subsystem
C rm
to fo
ec vo

Figure A-3. AIX print subsystem: Advantages AN123.0
Notes:
oy si
Powerful and flexible printer drivers

u
AIX printer drivers provide many printing options that can be easily controlled using
cl
command line options to the qprt command. Printer defaults can be easily managed
using SMIT or the command line.
Ex
System management tools

The AIX print subsystem includes mature and powerful system management using
either the Web-based System Manager or SMIT, as well as the command line. Some
pr
specific system management advantages using the AIX print subsystem are:
• Limits fields and options validation
• Gives the user or administrator a range of valid values for print options and
prevents the user from using an invalid value
• Easy printer customization
Student Notebook
• Printers can be customized using menu selections or command line options.

Under System V printing, customizing printers often requires a knowledge of
shell programming.
• Single step print device and queue creation
• Under System V printing, you must first add a print device and then create the
print queue.
.I. n
Customizable spooling subsystem
.T ció
The AIX print subsystem is specifically designed so that it can be used to serialize other
types of jobs beyond just printing.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
System V print subsystem: Advantages

IBM Power Systems
• Compatibility
.I. n
• Availability of interface programs
.T ció
• Security
.
C
• Support for forms
.F a
C rm
• Standard PostScript filters
• Long term strategy

to fo
ec vo

Figure A-4. System V print subsystem: Advantages AN123.0
Notes:
oy si
Compatibility
u
System administrators with experience in other UNIX variants that use System V
cl
printing, will find it easy to manage printing under AIX’s System V print subsystem.
Availability of interface programs

Ex
Many printer manufacturers provide interface shell scripts to support using their
products under System V printing. Usually, only minor modifications are required for
individual UNIX variations. Because the AIX print subsystem is proprietary, an interface
pr
program written for another operating system cannot be used in the AIX print
subsystem. It must be completely rewritten. This has led to a limited number of printers
supported under AIX. With the support of System V printing in AIX 6.1, it is easier for
manufacturers to include support for AIX printing.
Student Notebook
Security
Controlling user access to printers can be an important issue. For example, you might
need to limit access to the printer used to print checks. System V printing includes
built-in capabilities for restricting user access to certain printers. Using the AIX print
subsystem, the backend program must be customized to restrict user access.
.I. n
Support for forms
If you are printing to preprinted forms, it’s important that other users not be able to print
.T ció
while the expensive forms are loaded on the printer. The System V print subsystem
provides a mechanism for mounting forms on printers, and allowing or denying, user
access based on the form which is mounted. To provide this capability under AIX
.
printing, you must create multiple queues and manage which queues are enabled while
C
.F a
a form is mounted.
C rm
Standard PostScript filters
The System V print subsystem includes a number of filters for converting different file
formats to PostScript. Some formatting and page selection capabilities are also
to fo
included.
Long term strategy

ec vo
IBM’s long term printing strategy for AIX is to maintain compatibility with other UNIX
systems. This means that new features and functions are added to the System V print
subsystem in later releases, while the AIX print subsystem is supported, but not
enhanced in future releases.
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Concepts of queues
IBM Power Systems
file1
Queue1
.I. n
file1
.T ció
file2
.
file2 .
C
.F a
file3
C rm
/dev/lp0
Queue2
file3
to fo
file4
file4
/dev/lp1
ec vo

Figure A-5. Concepts of queues AN123.0
Notes:
oy si
Purpose for queues

u
The purpose of the queuing system is to maintain a queue of jobs that are waiting for
cl
their turn to run (that is, use some system resource, like a printer or the CPU). The
AIX 6.1 queuing system performs this function.
Ex
Benefits of queues
The queues also give control to the system administrator over the queuing mechanism.
Therefore, the system administrator can perform tasks like canceling jobs on queues,
pr
changing priorities of jobs, and so forth.

A queue enables the sharing of resources in an ordered fashion.
Student Notebook
The diagram above illustrates three important issues:

• One print queue can point to a number of printers (and it is the job of the qdaemon
to determine the next available printer to print on), for example, Queue1.
• Users may submit their jobs to a number of different queues.
• A printer can have a number of different queues pointing to it, for example, the
printer /dev/lp1 is accessed by both Queue1 and Queue2.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Printer data flow

IBM Power Systems
# qprt -Pps [-c] file
print request
.I. n
lp lpr qprt
enq
.T ció
copy of file (if requested)
Queue
Spool
.
monitors directory
C
.F a
qdaemon uses spool file
(if it exists)
starts
C rm
Backend Virtual Printer
(piobe) Definition
submits file to
to fo
printer
/dev/lp0
ec vo

Figure A-6. Printer data flow AN123.0
Notes:
oy si
Print request
u
Local printing is implemented through a queuing mechanism. The user can issue one of
cl
the printer commands qprt, lp, lpr, or enq to submit a print job. Although a user can
use any one of these four commands, the true entry point to the spooler is the enq
command which is responsible for processing the job request, creating a job description
Ex
file (JDF), and notifying the qdaemon of the new job.
The qdaemon
pr
The qdaemon process runs at all times. The qdaemon maintains a list of all of the defined
queues and monitors the queues for newly submitted jobs. qdaemon tries to process the
job if the destination device is available, otherwise the job remains in the queue and
qdaemon tries again later.
Student Notebook
Queueing system process

The flow of the queuing system shown in the visual:
• The printing command calls enq. enq checks to see if the requested queue name is a
valid queue and all of the parameters are correct. If so, it continues, if not, an error
message is returned to the user.
• An entry is made in the /var/spool/lpd/qdir directory identifying the job to be run. If the
.I. n
printer command uses an option to indicate that a copy of the file is to be made, the
copy is placed in the spool directory /var/spool/qdaemon.
.T ció
• The qdaemon is notified of a new job in its qdir directory.
• When the queue is ready for the job, the qdaemon reads information from the
.
/etc/qconfig file describing the queue.
C
.F a
• The qdaemon updates the /var/spool/lpd/stat file for the appropriate queue to show that
the queue is now working on a new job.
C rm
• The qdaemon starts the back-end program, passing the file names and appropriate
options on the command line.
• The back-end determines the correct data stream characteristics, and merges these
to fo
with the actual file. The data stream characteristics are stored as virtual printer
definitions in the /var/spool/lpd/pio/@local directory.
• The back-end program sends its data stream to the device driver for the appropriate
printer.
ec vo
What happens when a file is spooled?

When a file is spooled, a copy of that file is sent to the print spool directory,
oy si
/var/spool/qdaemon. The copy remains in that directory until it is printed. This means
that if you spool a file to the printer, a user could continue to make revisions to the
u
original since the copy in the print spool directory will not be altered. This ensures that
the file that is sent to the printer gets printed in its original form, even if a user edits the
cl
original file that is on disk. Spooled files take up disk space in /var until they are printed.
When a file is queued, one line of information is sent to the /var/spool/lpd/qdir
Ex
directory which points back to the original file on disk. If revisions are made to the file on
disk before it is pulled from the queue to print, the revised file is printed.
pr
V8.2
Student Notebook
Uempty
System files associated with printing

IBM Power Systems
/etc/qconfig Queue configuration files
.I. n
.T ció
/var/spool/* Spooling directories
.
/var/spool/lpd/qdir/* Queue requests
C
.F a
/var/spool/qdaemon/* Temporary enqueued files
C rm
/var/spool/lpd/stat/* Line printer status information
to fo
/var/spool/lpd/pio/@local Virtual printer directories
ec vo

Figure A-7. System files associated with printing AN123.0
Notes:
oy si
Print related files and directories

u
The system files and directories used for printing include:

cl
• The /etc/qconfig file describes the queues and devices available for use by the
printing commands.
Ex
• The /var/spool directory contains files and directories used by the printing
programs and daemons.
• The /var/spool/lpd/qdir directory contains information about files queued to
print.
pr
• The /var/spool/qdaemon directory contains copies of the files that are spooled
to print.
• The /var/spool/lpd/stat directory is where the information on the status of jobs is
stored. It is used by the qdaemon and backend programs.
Student Notebook
• The /var/spool/lpd/pio/@local directory holds virtual printer definitions. This is

where the attributes of printers are paired with the attributes of corresponding
data stream types.
It is recommended that SMIT be used to update these device-related files. In most
cases, updating standard system files is not recommended.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
qdaemon
IBM Power Systems
• Manages queues
.I. n
• Is started in the /etc/inittab file
.T ció
• Invokes the back-end programs
.
C
.F a
• Optionally records accounting data
C rm
to fo
ec vo

Figure A-8. qdaemon AN123.0
Notes:
oy si
qdaemon introduction
u
The qdaemon program schedules jobs that have been enqueued. It is a background
process that is usually started at system IPL through the startsrc command run from
cl
/etc/inittab.
qdaemon is controlled by the /etc/qconfig file. /etc/qconfig contains a stanza for each
queue. The stanza identifies any queue management options and points to a queue
Ex
device stanza, which identifies the destination printer, the formatting options, and the
back-end program.
The back-end program
pr
The back-end program is called by qdaemon to actually process each request. The
back-end program is determined by how the printer is connected to the AIX system. For
local printing, the back-end program is /usr/lib/lpd/piobe. For a remote printer, it is
/usr/lib/lpd/rembak.
The back-end program uses printer attribute information to prepare the printer and
format the data for output. It also prints header and trailer pages, if they are enabled.
Student Notebook
The /etc/qconfig file

IBM Power Systems
lp0: * One queue pointing to one device
device = lp0dev
up = TRUE
discipline = fcfs
.I. n
lp0dev:
file = /dev/lp0
backend = /usr/lib/lpd/piobe
.T ció
header = group
trailer = never
feed = never
lpq: * One queue pointing to two devices
device = lpqdev1,lpqdev2
.
lpqdev1:
C
file = /dev/lp1
.F a
lpqdev2:
file = /dev/lp2
C rm
ps: * Two queues pointing to one device
device = psdev
psdev:
file = /dev/lp3
to fo
asc:
device = ascdev
ascdev:
file = /dev/lp3
ec vo

Figure A-9. The /etc/qconfig file AN123.0
Notes:
oy si
Introduction
u
The /etc/qconfig file is an attribute file. Some stanzas in this file describe queues, and
cl
other stanzas describe devices. Every queue stanza requires that one or more device
stanzas immediately follow it in the file.
Ex
This file is the key to customizing the queues. Although the file can be edited directly, it
is recommended that it be changed through high-level commands or through SMIT.
Queue stanza
pr
This starts with the queue name, which can be up to 20 characters, followed by a colon.
The queue name is used by the person submitting a job to indicate the requested
queue. The first queue in the /etc/qconfig file is the default queue, which receives any
job requests submitted without a specific queue name.
V8.2
Student Notebook
Uempty Some of the attributes that can be found in the queue stanza include:
Attribute Definition Default Other
Identifies the symbolic name that refers to
device
the device stanza
discipline Defines the queue serving algorithm fcfs sjn
Identifies the file used to save print
acctfile false filename
.I. n
accounting information
up Defines the state of the queue TRUE FALSE
.T ció
Device stanza
.
The name of a device stanza is arbitrary and can be from one to 20 characters long.
C
The name is followed by a colon.
.F a
The attributes that can be found in the device stanza include:
C rm
Attribute Description Default Other
Identifies the special file where the output of
back-end is to be redirected
file FALSE
to fo
FALSE indicates no redirection and that the
file name is /dev/null.
Specifies the full path name of the back-end,
backend optionally followed by the flags and
ec vo
parameters to be passed to it
both (used
Specifies the type of access the back-end for modems
oy si
has to the file specified by the file field or backends

access write
This field is ignored if the file field has the needing
value, FALSE. read
u
capability)
Specifies whether a header page prints always
cl
header never
before each job or group of jobs group
Specifies whether a trailer page prints after always
Ex
trailer never
each job or group of jobs group
Specifies either the number of separator
pages to print when the device becomes idle
feed never integer
or the value never, which indicates that the
pr
back-end is not to print separator pages

Specifies whether the back-end sends a
align form-feed control before starting the job, if FALSE TRUE
the printer was idle
Student Notebook
The device stanza must contain an attribute that designates the back-end program. The
function of the back-end is to manage the printing of the actual job. It also produces the
final data stream that goes to the printer. The most common back-end program for local
printing is piobe.
If different users prefer different default printers, then the PRINTER variable can be set
up, on a per user basis. The PRINTER variable should be set to the queue that the user
wants to be their default queue, for example:
.I. n
# PRINTER=ps ; export PRINTER
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Printer menu
IBM Power Systems
# smit spooler_choice
Print Spooling
.I. n
.T ció
Move cursor to desired item and press Enter.
AIX Print Spooling
.
System V Print Spooling
C
.F a
C rm
to fo
F1=Help F2=Refresh F3=Cancel F8=Image
F9=Shell F10=Exit Enter=Do
ec vo

Figure A-10. Printer menu AN123.0
Notes:
oy si
Interface to manage spooling

u
AIX print spooling System V print spooling are supported by SMIT in AIX 6.1. The
cl
Web-based System Manager supports both print spooling systems.

Ex
pr
Student Notebook
AIX printer menu

IBM Power Systems
# smit spooler
AIX Print Spooling
.I. n
Start a Print Job
.T ció
Manage Print Jobs
List All Print Queues
Manage Print Queues
.
Add a Print Queue
C
Add an Additional Printer to an Existing Print Queue
.F a
Change / Show Print Queue Characteristics
Change / Show Printer Connection Characteristics
Remove a Print Queue
C rm
Manage Print Server
Programming Tools
Change / Show Current Print Subsystem

to fo
ec vo

Figure A-11. AIX printer menu AN123.0
Notes:
oy si
SMIT AIX printer menu

u
The SMIT fastpath to this menu is smit spooler. Printers and print queues can also be
cl
managed using the Web-based System Manager.

The options on this menu are:
Ex
• Start a Print Job

This option starts a print job by submitting the job to a print queue.
• Manage Print Jobs
This option opens a submenu which enables you to cancel jobs, show the status
pr
of jobs, prioritize jobs, hold and release jobs, and move jobs between print
queues.
• List All Prinul3t Queues
This option displays a list of all the print queues and their associated printers.
V8.2
Student Notebook
Uempty - Manage Print Queues

You can start and stop print queues, show the status of print queues and change the
system's default print queue.
- Add a Print Queue
This option adds a print queue to the system configuration and creates the
associated queue device and printer device definition, if needed.
- Add an Additional Printer to an Existing Print Queue
.I. n
This option adds another printer to an existing queue.
.T ció
- Change/Show Print Queue Characteristics
This option will provide access to screens that enable you to change the printer
setup, default print job attributes, accounting file setup, and queuing discipline.
.
- Change/Show Printer Connection Characteristics
C
.F a
This option changes or shows printer communication and startup characteristics.
- Remove a Print Queue
C rm
This option removes a print queue from the system configuration. It also removes
the associated spooler queue device and printer device definition. If a print queue
has more than one printer associated with it, then all the printers are removed from
the print queue.
to fo
- Manage Print Server
This option configures this machine as a print server. Allows you to control which
clients have print access to this machine, list clients with print access, add and
ec vo
remove clients, and stop and start the server subsystem.

- Programming Tools
This option enables you to access low-level utilities for manipulating databases and
filters.
oy si
- Change/Show Current Print Subsystem

Only one of the two print subsystems at the same time can be active. By default,
u
after installation, the AIX printer subsystem is active.

cl
Other commands
Ex
To show the current print subsystem: # switch.prt -d

To change the current print subsystem, you can use either:
-# switch.prt -s AIX
-# switch.prt -d SystemV
pr
To check if binaries are correctly linked, you can use either:

-/usr/bin/lpstat --> /usr/aix/bin/lpstat
-/usr/bin/lpstat --> /usr/sysv/bin/lpstat
Student Notebook
Configuring a printer with a queue

IBM Power Systems
AIX Print Spooling
.I. n
Add a Print Queue
.T ció
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
.
xstation Printer Attached to Xstation
C
ascii Printer Attached to ASCII Terminal
.F a
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
C rm
ibmNetColor IBM Network Color Printer
other User Defined Backend
F1=Help F2=Refresh F3=Cancel

to fo
F8=Image F10=Exit Enter=Do
/=Find n=Find Next
ec vo

Figure A-12. Configuring a printer with a queue AN123.0
Notes:
oy si
Adding a local print queue

u
In our example, assume that the printer is directly attached to our AIX system. To
cl
configure a printer attached in this way, choose local.

Some applications contain their own print control mechanisms and thus require that a
Ex
printer be configured without a queue. Use the SMIT fastpath smit pdp to define a
printer without a queue.
pr
V8.2
Student Notebook
Uempty
Selecting a printer type (1 of 2)

IBM Power Systems
AIX Print Spooling
.I. n
Printer Type
.T ció
Bull
Canon
.
Dataproducts
C
Hewlett-Packard
.F a
IBM
Lexmark
OKI
C rm
Printronix
QMS
Texas Instruments
Other (select this if your printer is not listed above)
to fo
/=Find n=Find Next
ec vo

Figure A-13. Selecting a printer type (1 of 2) AN123.0
Notes:
oy si
Specify the printer manufacturer

u
The next selection that has to be made is the printer type. Notice that IBM is only one of
cl
the choices and many other manufacturers are supported as well. Note also that there
is an Other option which will be selected if the printer type is not supported; that is, not
part of the list.
Ex
pr
Student Notebook
Selecting a printer type (2 of 2)

IBM Power Systems
AIX Print Spooling
Printer Type
.I. n
.T ció
[MORE...8]
ibm2391-2 IBM 2391 Plus printer (Model 2)
ibm3112 IBM 3112 Page Printer
.
ibm3130 IBM 3130 LaserPrinter
C
ibm3812-2 IBM 3812 Model 2 Page Printer
.F a
C rm
ibm4037 IBM 4037 LP printer
[MORE...49]

Esc+8=Image Esc+0=Exit Enter=Do
/=Find n=Find Next
to fo
ec vo

Figure A-14. Selecting a printer type (2 of 2) AN123.0
Notes:
oy si
Select the manufacturer’s supported printer

u
If you do not have the software installed for your printer, you are prompted to insert the
cl
media to install the software first, before configuring the device and the queue.
The choice of printer determines the queue, or the virtual printer, setup. For example,
Ex
an IBM 4029 Laser Printer is capable of handling PostScript, ASCII, GL Emulation, and
PCL Emulation. The SMIT print spooling menus guide you through the creation of up to
four separate queues which submit to the same printer.
pr
V8.2
Student Notebook
Uempty
Printer attachment
IBM Power Systems
Printer Interface
.I. n
.T ció
parallel
rs232
rs422
.
C
.F a
C rm
Parent Adapter
to fo
ppa0 Available 01-G0 Standard Parallel Port Adapter
ec vo

Figure A-15. Printer attachment AN123.0
Notes:
oy si
Selecting the printer attachment

u
After selecting a printer type, a pop-up window is displayed where the printer interface
cl
must be chosen. Possible values are parallel, RS232, and RS422. Some printers
support multiple attachment methods.
Ex
Then, a list of installed adapters that support that method of attachment are presented.
pr
Student Notebook
Add the print queues

IBM Power Systems
Add a Print Queue
Type or select values in entry fields.
.I. n
[Entry Fields]
.T ció
Description IBM 4029 LaserPrinter
Names of NEW print queues to add
ASCII [asc]
.
GL Emulation []
PCL Emulation []
C
PostScript [ps]
.F a
Printer connection characteristics
C rm
* PORT number [p] +
Type of PARALLEL INTERFACE [standard] +
Printer TIME OUT period (seconds) [600] +#
STATE to be configured at boot time available +
to fo
F1=Help F2=Refresh F3=Cancel F4=List
F5=Reset F6=Command F7=Edit F8=Image
ec vo

Figure A-16. Add the print queues AN123.0
Notes:
oy si
Create the print queues

u
This menu varies depending on the characteristics of the physical printer. If the printer is
cl
capable of two or three different modes or emulations, the system prompts you for a
separate queue name for each emulation. Once these queues are created, they are
sometimes referred to as virtual print devices.
Ex
Additional queues can be added to this printer after the initial queues are created.
pr
V8.2
Student Notebook
Uempty
Remote printing
IBM Power Systems
host1 client1
lp1
.I. n
.T ció
.
C
9 Set up the local print queue.
.F a
9 Configure a
9 Define client machines in remote queue.
C rm
/etc/hosts.lpd.
9 Start the lpd daemon.
to fo
ec vo

Figure A-17. Remote printing AN123.0
Notes:
oy si
Overview of print server setup

u
Once your system has the local queue set up, any user on that system can print. If the
cl
machine is networked, it can also provide printing for client machines by becoming a
print server.
Ex
To set up a print server, you need to define the client machine names, or IP addresses,
in the /etc/hosts.lpd file, and then start the lpd daemon. Both of these tasks can be
done through SMIT. To use SMIT, the fastpath to identify the client system is smit
mkhostslpd.
pr
The lpd daemon is controlled by SRC. You should use SMIT to start it, because SMIT
also adds entries to /etc/inittab to ensure that it is started on reboot. The fastpath for
this screen is smit mkitab_lpd.
Student Notebook
Client authorization
IBM Power Systems
# smit mkhostslpd
Add Print Access for a Remote Client
.I. n
.T ció
[Entry Fields]
.
* Name of REMOTE CLIENT [client1]
C
(Hostname or dotted decimal address)
.F a
F1=Help
C rm F2=Refresh F3=Cancel F4=List
to fo
ec vo

Figure A-18. Client authorization AN123.0
Notes:
oy si
Set up client authorization

u
This step is done on the print server. On this screen, enter the client machine's name or
cl
IP address. A plus sign ( + ) is also valid. It indicates that this AIX system is a print
server to all machines.
Ex
pr
V8.2
Student Notebook
Uempty
Start lpd
IBM Power Systems
# smit mkitab_lpd
.I. n
Start the Print Server Subsystem

.T ció
[Entry Fields]
Start subsystem now, on system restart, or both [both] +
TRACE lpd daemon activity to syslog? [no] +
.
EXPORT directory containing print attributes? [no] +
C
Note:
.F a
Exporting this print server's directory
containing its print attributes will allow
print clients to mount the directory. The
C rm
clients can use this server's print attributes
to display and validate print job attributes
when starting print jobs destined for this
print server. Note that the Network File
System (NFS) program product must be installed
and running
to fo
ec vo

Figure A-19. Start lpd AN123.0
Notes:
oy si
Starting the lpd daemon

u
This step is done on the print server. The lpd daemon is controlled by the system
cl
resource controller (SRC). The commands startsrc and stopsrc can be used to
control lpd. By using SMIT, an entry is placed in the /etc/inittab file to ensure that lpd
is started each time the machine is booted.
Ex
pr
Student Notebook
Add a remote print queue

IBM Power Systems
AIX Print Spooling
.I. n
Add a Print Queue
.T ció
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
.
xstation Printer Attached to Xstation
C
ascii Printer Attached to ASCII Terminal
.F a
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
C rm
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend

to fo
/=Find n=Find Next
ec vo

Figure A-20. Add a remote print queue AN123.0
Notes:
oy si
Adding a remote queue on the client

u
This step is done on the client machine. The procedure to add a remote queue starts
cl
the same way as a local queue: smit spooler > Add a Print Queue. This time, select
remote as the attachment type.
Ex
You are prompted to determine if you want to perform any type of filtering or
pre-processing to the print job before it is sent. Normally, Standard Processing is
selected. This just sends the job to the printer server and the print server is responsible
for processing the job.
pr
V8.2
Student Notebook
Uempty
Define the print server on the client

IBM Power Systems
Add a Standard Remote Print Queue
.I. n
.T ció
[Entry Fields]
*Name of QUEUE to add [rq1]
*HOSTNAME of remote server [host1]
.
*Name of QUEUE on remote server [lp1]
C
Type of print spooler on remote server AIX Version 3 or 4 +
.F a
Backend TIME OUT period (minutes) [] #
Send control file first? no +
TO turn on debugging, specify output []
C rm
file pathname
DESCRIPTION of printer on remote server []

to fo
ec vo

Figure A-21. Define the print server on the client AN123.0
Notes:
oy si
Required input
u
Only three lines are required to complete the queue set up. You must name your local
cl
(to the client) queue name. Then, provide the name of the printer server. Lastly, name
the queue on the print server.
Ex
pr
Student Notebook
Let’s review
IBM Power Systems
1. True or False: The qdaemon is responsible for printing jobs.
.I. n
2. To set up remote printing, what daemons are needed, and do
.T ció
they run on the server, the client, or both?
.
C
.F a
3. What does the up = TRUE indicate in the /etc/qconfig file?
C rm
4. What does discipline mean in reference to the
/etc/qconfig file? What are its possible values?
to fo
ec vo

Figure A-22. Let's review AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Submitting print jobs

IBM Power Systems
• AIX print systems offer compatibility to System V print

commands
.I. n
• To submit a job to a queue:
.T ció
System V BSD AIX
.
lp lpr qprt
C
.F a
$ lp -d queuename filename
C rm - OR-
to fo
$ qprt -P queuename filename
ec vo

Figure A-23. Submitting print jobs AN123.0
Notes:
oy si
Introduction
u
There are three sets of commands for submitting, listing and canceling print jobs. They
cl
come from either System V, BSD, or IBM versions of UNIX and are all available in AIX.
The commands have slightly different options.
Ex
Submitting a print job

To submit a print job to a queue, use either lp, lpr, or qprt. All jobs go to the system
default queue, unless the PRINTER or LPDEST variables are set. You can also specify, on
pr
the command line, which queue to use. Use -d with lp or use -P with qprt and lpr.
Student Notebook
Spooling
The commands lp and qprt both queue without spooling, by default. Specify the -c
option if spooling is desired. The command lpr spools and queues by default. The -c
option will turn off spooling with lpr.
Multiple copies
.I. n
To print multiple copies, with qprt use the -N # option, with lp use -n # option, and
with lpr use just a hyphen followed by the number of copies ( - # ).
.T ció
The lp, lpr, and qprt commands create a queue entry in /var/spool/lpd/qdir and,
depending upon the options specified, copy the file to be printed to the
.
/var/spool/qdaemon directory.
C
.F a
The enq command
C rm
All the print commands, lp, lpr, and qprt, actually call the enq command which places
the print request in a queue. enq can be used instead of the other commands to submit
jobs, view job status, and so forth. To submit a job using enq:
to fo
$ enq -Pqueuename filename
Requesting a specific printer

Ordinarily your request is serviced by the first device on the queue that becomes
ec vo
available. However, if more than one printer services a queue, you can request a
specific printer by using the name of the queue followed by a colon (:) and then the
name of the printer. For example, if a system with one queue (ps) is serviced by two
oy si
printers (lp0 and lp1), and a print job needs to be printed on the lp1 printer, use the
command:
u
$ qprt -Pps:lp1 /home/team01/myfile

cl
Ex
pr
V8.2
Student Notebook
Uempty
Listing jobs in a queue

IBM Power Systems
• To list jobs in a queue:
.I. n
SYSTEM V BSD AIX
lpstat lpq qchk
.T ció
For example:
.
C
$ qchk
.F a
Queue Dev Status Job Files User PP % Blks Cp Rnk
C rm
ps lp0 DOWN
QUEUE 569 /etc/motd root 1 1
1
to fo
ec vo

Figure A-24. Listing jobs in a queue AN123.0
Notes:
oy si
Checking status with the qchk command

u
Many of the print job control tasks require the user to supply a job number. The job
cl
number, along with other queue status information is available by checking the status of
print jobs.
Ex
The fields from the qchk command are as follows:

Queue Queue name
Dev Logical device name for the queue
pr
Status Status of the queue (READY, DOWN, WAITING, RUNNING, and so forth)
Job The job number assigned by the qdaemon
Files Files sent to the queue
User User who sent the print request
Student Notebook
PP Number of pages printed

% Percent completed
Blks The number of 512-byte blocks the print job has been split into
Cp Copies of each job to be printed
Rnk Order on that queue
.I. n
Other viewing commands
.T ció
Other commands that can be used to view printer status include:
lpstat Shows status of all queues
.
lpq Shows status of the default queue
C
.F a
qchk -A Shows status of all queues
enq -A Shows status of all queues
C rm
qchk -W Shows status in wide-form mode
This is helpful if using long queue and device names, and 6-digit job numbers. This option
is available with AIX V4.2.1 and later.
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Change characteristics of a queue

IBM Power Systems
# smit chpq
.I. n
Print Queue to Change / Show
.T ció
[Entry Fields]
.
C
.F a
PRINT QUEUE name [ps] +
C rm
Characteristics to Change / Show
Move the cursor to the desired item and press Enter.
1.Printer Setup
2.Default Print Job Attributes
to fo
3.Accounting File
4.Queuing Discipline
ec vo

Figure A-25. Change characteristics of a queue AN123.0
Notes:
oy si
Attributes for Printer Setup option

u
After selecting 1. Printer Setup, the following attributes can be changed or shown:
cl
• Automatic mode switching to PostScript

• Paper size in trays and the manual feeder
Ex
• Envelope size
• ID of the font cards
• Paper trays for header and trailer pages
• Formatting flags for the header and trailer pages
pr
• Users to get the intervention messages

• Flags prohibited for all print files
• Mode in which to leave the printer at the end of the job
• Width of printable area on header page
Student Notebook
Attributes for Default Print Job option

After selecting 2. Default Print Job Attributes, the following attributes can be changed
or shown:
• Text print options such as emphasized print
• Job processing options such as page number where printing should begin
• Text formatting options such as top Margin and lines per page
.I. n
• Paper/Page Options such as page orientation
• Header/Trailer Page such as separator pages
.T ció
• Messages/Diagnostics
Attributes for Accounting File option
.
C
After selecting 3. Accounting File, the following attribute can be changed or shown:
.F a
• Accounting file name
C rm
Attributes for Queuing Discipline option
After selecting 4. Queueing Disciple, the following attribute can be changed or shown:
to fo
• Queuing discipline
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Removing a queue
IBM Power Systems
# smit rmpq
Remove a Print Queue
.I. n
.T ció
[Entry Fields]
.
Print queue to remove ps:lp0
C
Local printer device /dev/lp0
.F a
KEEP the local printer device? No +
C rm
to fo
ec vo

Figure A-26. Removing a queue AN123.0
Notes:
oy si
Removing a queue with SMIT

u
It is not possible to remove a queue containing jobs. The jobs would have to be
cl
removed first.
The last option on the screen asks whether the printer device definition should be kept.
Ex
This option will only appear if the queue being removed is the only queue defined for a
printer. Note that by default, it will be removed.
pr
Student Notebook
Managing queues
IBM Power Systems
# smit pqmanage
.I. n
Manage Print Queues
.T ció
Show Status of Print Queues
.
Stop a Print Queue
C
Start a Print Queue
.F a
Set the System's Default Print Queue
C rm
to fo
ec vo

Figure A-27. Managing queues AN123.0
Notes:
oy si
SMIT Managing Queues options

u
The following actions can be performed:

cl
• Show Status of Print Queue gives output similar to qchk and lpstat
• Stop a Print Queue runs the disable command
Ex
• Start a Print Queue runs the enable command

• Set the System's Default Print Queue reorders the /etc/qconfig file to ensure
the default queue is the first queue in the file
pr
V8.2
Student Notebook
Uempty
Understanding queue status

IBM Power Systems
Queue Dev Status Job Files User PP % Bks Cp Rnk

ps lp0 DOWN
QUEUED 1569 /etc/motd root 1 1 1
.I. n
State Description
.T ció
DEV_BUSY Printer is busy servicing other print requests
DEV_WAIT Queue is waiting for the printer
.
Queue is down and no jobs will be serviced
C
DOWN
.F a
from this queue until it is brought up
C rm
OPR_WAIT The queue is waiting for operator intervention
QUEUED Job is queued and waiting
READY Everything is ready to receive a print request
to fo
RUNNING Print file is printing
UNKNOWN Problem with the queue: Need to investigate
further to determine cause
ec vo

Figure A-28. Understanding queue status AN123.0
Notes:
oy si
Introduction
u
The status of the queues and jobs can be displayed with qchk, lpstat, or lpq. There
cl
are a number of different status states that may be seen.
DEV_BUSY
Ex
This status can occur when more than one queue is defined to a print device and
another queue is currently using the print device. It could result when the qdaemon
attempts to use the printer port device and another application is currently using that
pr
print device. Normal recovery: You have to wait until the queue or application has
released the print device, or kill the job or process that is using the printer port.
Student Notebook
DEV_WAIT
This status means that the queue is waiting on the printer because the printer is offline,
out of paper, jammed, or the cable is loose, bad or wired incorrectly. Normal recovery:
Check to see if the printer is offline, out of paper, jammed, or loosely cabled. Sometimes
the jobs have to be removed from the queue before the problem can be corrected.
.I. n
DOWN
This status is set when the device driver cannot communicate with the printer after
.T ció
TIME OUT seconds (which can be set through SMIT). This variable indicates the
amount of time, in seconds, that the queuing system waits for a printer operation. If the
printer is off, the queue will go down. Also, the operator can bring down the queue
.
intentionally, which might be necessary for system maintenance. Normal recovery:
C
.F a
Correct the problem that has brought the queue down and then bring the queue up
again.
C rm
OPR_WAIT
This status is set when the back-end program is waiting on the operator to change the
to fo
paper, change forms, and so on. This is usually software related. Normal recovery:
Respond appropriately to the request that is made by the queuing system.
QUEUED
ec vo
This status is set when a print file is queued and is waiting in line to be printed.
READY
oy si
This is the status of a queue when everything involved with the queue is ready to queue
and print a job.
u
RUNNING
cl
This status occurs when a print file is printing.

Ex
UNKNOWN
This status occurs when a user creates a queue on a device file that another queue is
using, and its status is DEV_WAIT. The queue cannot get a status from the printer
pr
device when it is on hold. Normal recovery: Bring down the other queue or fix the
problem with the printer (paper out, jammed, offline and so on). Bring the new queue
down and then back up so that the queue will register as READY.
V8.2
Student Notebook
Uempty
Bringing queues up and down

IBM Power Systems
# lpstat
Queue Dev Status Job Files User PP % Bks Cp
Rnk
.I. n
draft lp0 DOWN
QUEUED 132 /etc/motd team01 1 1 1
.T ció
Quality lp0 READY
.
• To enable a queue whose status is DOWN:
C
.F a
# enable draft
C rm
• To disable a queue whose status is READY:
# disable quality
to fo
You must be a member of the printq group or root.
ec vo

Figure A-29. Bringing queues up and down AN123.0
Notes:
oy si
Enabling a queue
u
Occasionally, problems with printers can bring a queue down. Once the problem has
cl
been fixed it can be brought back up with:

# enable <queuename>
Ex
Disabling a queue
Sometimes, you may wish to bring a queue down. This is recommended if any
maintenance is going to be performed on the printer. You can do this with either of the
pr
commands:
• # disable <queuename>
• # enq -D -P <queuename>
Student Notebook
Manage Print Jobs

IBM Power Systems
# smit jobs
.I. n
Manage Print Jobs
.T ció
Cancel a Print Job
.
Show the Status of Print Jobs
C
.F a
Prioritize a Print Job
Hold / Release a Print Job
C rm
Move a Job between Print Queues
to fo
ec vo

Figure A-30. Manage Print Jobs AN123.0
Notes:
oy si
Who can manage print jobs?

u
The root user or a member of the print group can work with any print request. Normal
cl
users can only work with their own print jobs.

Ex
pr
V8.2
Student Notebook
Uempty
Cancel a Print Job

IBM Power Systems
# smit qcan
Cancel a Print Job
.I. n
.T ció
.
[Entry Fields]
C
.F a
PRINT QUEUE containing job [ ] +
(required for remote jobs)
C rm
* Print JOB NUMBER
to fo [ ] +#

ec vo

Figure A-31. Cancel a Print Job AN123.0
Notes:
oy si
Introduction
The qcan command cancels either a particular job number or all jobs in a print queue.
u
Normal users can only cancel their own jobs, whereas root can cancel any job.
Commands to cancel print jobs
cl
To cancel a job you can either use the smit qcan fastpath, or use one of the following
commands:
Ex
• cancel (System V)
• lprm (BSD)
• qcan (AIX)
Examples
pr
To cancel job number 127 on whatever queue the job is on, you can use either of the
following two commands:
• # qccel 127
To cancel all jobs queued on printer lp0, you can use either of these two commands:
• # qcan -X -Plp0
• # cancel lp0
Student Notebook
Job priority example

IBM Power Systems
# qchk -L
Queue Dev Status Job Name From To
______ ___ _______ Submitted Rnk Pri Blks Cp PP %
.I. n
pslp0 DOWN QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25
.T ció
1 15 2 1
/etc/qconfig
QUEUED 570 /etc/motd root root
1/07/03 09:40:15 2 15 1 1
.
/etc/motd
C
.F a
# qpri -#570 -a 25
C rm
# qchk -L
Queue Dev Status Job Name From To
______ ___ ______ Submitted Rnk Pri Blks Cp PP %
pslp0 DOWN QUEUED 570 /etc/motd root root
1/07/03 09:40:15 1 25 1 1
to fo
/etc/motd
QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25 2 15 2 1
/etc/qconfig
ec vo

Figure A-32. Job priority example AN123.0
Notes:
oy si
Processing order
u
The discipline line in the /etc/qconfig file determines the order in which the printer
cl
serves the requests in the queue. In the queue stanza, the discipline field can either
be set to fcfs (first-come-first-serve) or sjn (shortest-job-next). If there is no
discipline in the queue stanza, requests are serviced in fcfs order.
Ex
Changing print job priority

Each print job also has a priority that can be changed through SMIT (smit qpri) or with
pr
the qpri command. Print jobs with higher-priority numbers are handled before requests
with lower-priority numbers. Only a user who has root authority or who belongs to the
printq group can change the priority of a local print request.
V8.2
Student Notebook
Uempty
Note
You can only set priorities on local print jobs. Remote print jobs are not supported.
The qprt -R command can also be used to set job priority.
.I. n
Example
.T ció
The example in the visual shows that when print jobs are submitted they receive the
default priority of 15. The example shows how the qpri command can be used to
.
change the priority of job number 570 to 25. Use the qchk -L command to show the
C
new job priorities.
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Holding a job in a queue

IBM Power Systems
# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
.I. n
QUEUED 1493 /etc/qconfig root 1 1 1
.T ció
# qhld -#1493
.
# qchk
C
.F a
ps lp0 DEV_BUSY
HELD 1493 /etc/qconfig root 1 1 1
C rm
# qhld -r -#1493
# qchk
to fo
ps lp0 DEV_BUSY
QUEUED 1493 /etc/qconfig root 1 1 1
ec vo

Figure A-33. Holding a job in a queue AN123.0
Notes:
oy si
Holding and releasing a print job

u
The qhld command is used to put a temporary hold on a job that is waiting in the
cl
queue. The qhld command is also the command that is used to release job back in the
queue.
Ex
The visual provides a example of using the qhld command to hold and then release job
# 1493.
This task can also be accomplished through smit (smit qhld).
pr
V8.2
Student Notebook
Uempty
Moving a job between queues

IBM Power Systems
# qchk -A
.I. n
.T ció
asc lp0 DOWN
QUEUE 11 /etc/qconfig root 2 1 1
ps lp0 READY
.
C
.F a
# qmov -mps -#11
C rm
# qchk -A

asc lp0 DOWN
to fo
ps lp0 RUNNING 11 /etc/qconfig root 2 1 1
ec vo

Figure A-34. Moving a job between queues AN123.0
Notes:
oy si
Moving print jobs

u
You can move jobs between queues in AIX. The command qmov is used. The -m option
cl
specifies what queue to move the job to and the -# option specifies the job number.
This can be done through smit using smit qmov.
Ex
pr
Student Notebook
Printing-related directories to monitor

IBM Power Systems
.I. n
var
.T ció
spool
.
C
.F a
C rm
lpd
qdaemon
qdir
to fo
• Contains queue requests • Temporary copies of enqueued
(job description files) files if spooling
ec vo

Figure A-35. Printing-related directories to monitor AN123.0
Notes:
oy si
Why directories may fill up

u
The directories shown in the visual fill up very quickly if the spooling mechanism
cl
encounters a problem. For example, if the queue goes down, or if there are many users
submitting jobs, there may not be enough room to handle the requests.
Ex
Remember, when print jobs are submitted to spooling rather than just queuing, a copy
of that file is created and stored in the /var/spool/qdaemon directory until that job has
printed. At that time, the temporary file is removed. If the queue or multiple queues quit
working, jobs don't get through the system. This could cause a full condition in this
pr
directory structure.
V8.2
Student Notebook
Uempty
Printing problem checklist

IBM Power Systems
# cat file > /dev/lp0

Any output?
.I. n
.T ció
NO YES
Check hardware Check software
.
C
.F a
C rm 9
9
Check physical cables
Printer online and ready
9
9
qdaemon running
Check /etc/qconfig
to fo
9 No paper jams 9 Queue enabled
9 Not out of paper 9 /var and /tmp not full
ec vo

Figure A-36. Printing problem checklist AN123.0
Notes:
oy si
First step
u
If you experience problems trying to print, start by checking the simple things first.
cl
The easiest test to perform is to cat a file and redirect standard output to the printer
device file. This by-passes the queuing system and helps to narrow the problem.
Ex
Check hardware
After redirecting a file to the print device, if it does not print, the problem is usually
hardware-related. Check to make sure the cables are attached securely. Make sure the
pr
printer is ready to print (online). Make sure there is paper in the printer and there are no
paper jams.
Student Notebook
Potential software problems

If something does print out using cat but not print out when using lp, qprt, or lpr, the
problem is most likely software-related.
Check to make sure the qdaemon is running. If not, start it.
# lssrc -s qdaemon
# startsrc -s qdaemon
.I. n
Look at the contents of /etc/qconfig to make sure it is not corrupt.
.T ció
Ensure the queue is enabled. If not, enable it.
# lpstat
.
or
C
# qprt -A
.F a
# enable queuename
Check to make /tmp and /var are not full with the command: df
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
1. True or False: One of the advantages of queues is that each user can
have a different default queue set up for them.
.I. n
2. True or False: The /etc/qconfig file is read by the back-end
.T ció
program to determine what the queue discipline is.
.
3. True or False: All printer software is automatically installed when you
C
install the base operating system.
.F a
C rm
4. What is the difference between these two commands?
# qprt -Pasc file1
# qprt -c -Pasc file1
to fo
ec vo

Figure A-37. Checkpoint (1 of 2) AN123.0
Notes:
oy si
u
cl
Ex
pr
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
5. What three methods can be used to find out what the system default
queue is?
a.
.I. n
b.
.T ció
c.
.
6. What users can bring print queues down?
C
.F a
7. True or False: Once the queue is down, no more jobs can be
C rm
submitted to the printer.
8. Can users hold all their print jobs in a specific queue? If so, how?
to fo
ec vo

Figure A-38. Checkpoint (2 of 2) AN123.0
Notes:
oy si
u
cl
Ex
pr
V8.2
Student Notebook
Uempty
Unit summary
IBM Power Systems
.I. n
.T ció
• Identify the major components that are responsible for
.
processing a print request
C
.F a
C rm
• View the status of the print queue
to fo
ec vo

Figure A-39. Unit summary AN123.0
Notes:
oy si
• Queues can be added for local or remote printing.

u
• Queue characteristics can be changed either through SMIT or through high-level

commands.
cl
• Queues can be brought up and down by the system administrator.

• The following tasks were considered:
Ex
- Submit and cancel print jobs

- List the jobs in a queue
- Hold and release jobs in a queue
pr
- Move a job from one queue to another

- Change priorities of a print job
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
V8.2
Student Notebook
AP Appendix B. Checkpoint solutions
Unit 1, "Introduction to IBM Power Systems, AIX, and system

administration"
Solutions for Figure 1-18, "Checkpoint," on page 1-24
.I. n
.T ció
Checkpoint solutions
.
IBM Power Systems
1. What is the name of the device which creates and controls LPARs?
C
.F a
The answer is the HMC.
C rm
2. True or False: An AIX operating system can have no real devices.
The answer is true.
to fo
3. True or False: Virtualization features provided by the VIO Server can
be used by default on any Power system.
ec vo
The answer is false. Lower end machines require a PowerVM license.
4. True or False: The su command enables you to get root authority even
oy si
if you signed on using another user ID.

The answer is true. You must also know the root password.
u
cl

Ex
pr
© Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-1

Student Notebook
Unit 2, "AIX system management tools"
.I. n
IBM Power Systems
1. List the three main system management tools available on AIX.
.T ció
a. SMIT
b. WebSM
c. IBM Systems Director console for AIX
.
The answers are SMIT, WebSM, and IBM Systems Director console for AIX.
C
.F a
2. What is the purpose of the smit.script file?
C rm
The answer is to obtain the commands SMIT has just executed.
3. What information can one get from looking at the system configuration details
in IBM Systems Director Console?
to fo
a. Firmware/model information
b. File system information
c. Paging space information
d. A list of top CPU logging processes
ec vo
e. Network configuration, IP address, and so on

The answers are firmware/model information, file system information, paging
space information, a list of top CPU logging processes, and network
configuration, IP address, and so on.
oy si

u
cl
Ex
pr
B-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
V8.2
Student Notebook
AP Unit 3, "System startup and shutdown"
.I. n
IBM Power Systems
1. What is the first process that is created on the system and which file
.T ció
does it reference to initiate all the other processes that have to be
started?
.
The answer is the initial process is init. The file init references is
C
/etc/inittab for information regarding other processes that have to
.F a
be started.
C rm
2. Which AIX feature can be used to stop and start subsystems and
groups of daemons?
to fo
The answer is the System Resource Controller (SRC).
3. True or False: You can only execute the AIX shutdown command
ec vo
from the console.

The answer is false.
oy si

u
cl
Ex
pr

Student Notebook
Unit 4, "AIX installation"
.I. n
IBM Power Systems
1. AIX 7 can be installed from which of the following? (Select all that are
.T ció
correct.)
a. 8 mm tape
.
b. CD-ROM
C
c. Diskette
.F a
d. NIM server
The answers are CD-ROM and NIM server.
C rm
2. True or False: A preservation install preserves all data on the disks.
The answer is false. It preserves some of the existing data on the disk
to fo
selected for installation. This method overwrites the user (/usr),
variable (/var), temporary (/tmp), and root (/) file systems. Other
product application files and configuration data are destroyed.
ec vo
3. What is the console used for during the installation process?

The answer is the console is used to display all the system messages
and to interact with the installation.
oy si

u
cl
Ex
pr
V8.2
Student Notebook
AP Unit 5, "AIX software installation and maintenance"
.I. n
IBM Power Systems
1. Which of the following states must your software be in, in order for you to be
.T ció
able to use it? (Select all that apply.)
a. Applied state
b. Removed state
.
c. Install state
C
d. Commit state
.F a
The answers are Applied state and Commit state.
2. What command is used to list all installed software on your system?
C rm
The answer is lslpp –l or –L.
3. Which of the following can you install as an entity? Select all that apply.
a. ifix
to fo
b. LPP
c. Package
d. Bundle
The answer is they all apply.
ec vo
4. True or False: If a problem is found with the inetd subsystem, it is possible to

download and apply a fix to the bos.net.tcpip.server fileset in AIX to
correct the problem.
oy si

u
cl
Ex
pr

Student Notebook
Unit 6, "System configuration and devices"
.I. n
IBM Power Systems
1. What does the following location code mean?
.T ció
fcs0
fcs0 U78A0.001.DNWGGRX-P1-C3-T1
U78A0.001.DNWGGRX-P1-C3-T1 4Gb
4Gb FC
FC PCI
PCI Express
Express Adapter
Adapter
The answer is port 1 of a 4 Gb Fibre Card, connected to planar 1, card slot 3,
.
in Power 550 CEC (U78A0).
C
.F a
2. What is the purpose of a device major number? How would you locate the
C rm
major number of a disk, hdisk18?
The answers are the AIX kernel can determine the actual driver and device to
be accessed for a user-level request. Perform a long directory list of the /dev
directory.
to fo
3. True or False: cfgmgr is a binary executable that runs at system initialization
time to configure devices on the system.
The answer is true.
ec vo
4. What commands can you run on AIX to document the system configuration?
The answers are prtconf, lsdev, lscfg, lsslot, and lsattr.
oy si

u
cl
Ex
pr
V8.2
Student Notebook
AP Unit 7, "System storage overview"
Solutions for Figure 7-20, "Checkpoint (1 of 3)," on page 7-30
Checkpoint solutions (1 of 3)
.I. n
IBM Power Systems
.T ció
5. Volume group
1. Volume group___
Descriptor area__
.
VGDA 6. Physical volume
C
.F a
2. Physical partition
C rm
to fo
3. Logical partition
ec vo
4. Logical volume
oy si

u
cl
Ex
pr

Student Notebook
IBM Power Systems
7. How many different physical partition (PP) sizes can be set within a single
.I. n
VG?
The answer is one.
.T ció
8. By default, how big are PPs?
The answer is traditionally 4 MB, but LVM chooses an optimal size based on
.
the number of PPs/PV and the size of largest PV in the VG.
C
.F a
9. How many volume groups (VGs) can a physical volume (PV) belong to?
C rm
a. It depends on what you specify through SMIT
b. Only one
c. As many VGs as exist on the system
The answer is only one.
to fo
10. True or False: All VGDA information on your system is identical, regardless of
how many VGs exist.
ec vo
The answer is false. All VGDAs within a VG are the same.

oy si
u
cl
Ex
pr
V8.2
Student Notebook
AP Solutions for Figure 7-22, "Checkpoint (3 of 3)," on page 7-32
IBM Power Systems
Use the following output to answer the questions below:
.I. n
## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount PtPt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4 -- // jfs2 294912
294912 -- yes no
.T ció
/dev/hd4 -- jfs2 -- yes no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 32768
32768 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 3309568
3309568 ---- yes
yes no
no
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 65536
65536 --
-- yes
yes no
no
.
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 131072
131072 -- -- yes
yes no
no
/dev/hd10opt
/dev/hd10opt ---- /opt
/opt jfs2
jfs2 163840
163840 -- -- yes
yes no
no
C
/dev/cd0
/dev/cd0 --
-- /infocd
/infocd cdrfs
cdrfs ro
ro yes
yes no
no
.F a
/dev/lv00
/dev/lv00 --
-- /home/john
/home/john jfs2
jfs2 32768
32768 rw
rw yes
yes no
no
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 -- -- yes
yes no
no
C rm
11. With which logical volume is the /home file system associated?
The answer is /dev/hd1.
12. What types of file systems are being displayed?
to fo
The answers are enhanced journaled file systems (JFS2) and CD-ROM (CDRFS).
13. What is the mount point for the file system located on the /dev/hd4 logical volume?
The answer is /.
14. Which file system is used primarily to hold user data and home directories?
ec vo
The answer is /home.

oy si
u
cl
Ex
pr

Student Notebook
Unit 8, "Working with the Logical Volume Manager"
.I. n
IBM Power Systems
1. True or False: A logical volume can span more than one physical
.T ció
volume.
The answer is true.
.
2. True or False: A logical volume can span more than one volume
C
group.
.F a
C rm
3. True or False: The contents of a physical volume can be divided
between two volume groups.
to fo
4. True or False: If mirroring logical volumes, it is not necessary to
perform a backup.
The answer is false. You still need to back up to external media.
ec vo
5. True or False: Striping can be combined with mirroring to provide

increased performance and availability
The answer is true.
oy si

u
cl
Ex
pr
V8.2
Student Notebook
AP Unit 9, "File systems administration"
.I. n
IBM Power Systems
1. Does the size of the file system change when the size of the logical volume it
.T ció
is on is increased?
The answer is no.
.
2. If you remove a file system, is the logical volume on which it sits removed as
C
well?
.F a
The answer is yes.
C rm
3. When a file system is created, what needs to be done in order to make it
available for use?
The answer is the file system must be mounted using the mount command.
to fo
4. What size should an external JFS log be set to?
The answer is 1 LP.
ec vo
5. True or False: SMIT can be used to easily increase or decrease the size of
an enhanced JFS filesystem.
The answer is true.
oy si

u
cl
Ex
pr

Student Notebook
IBM Power Systems
6. A file system is 2 GB. How would you do the following?
.I. n
a. Add 1 GB
The answer is chfs –a size=+1G <file system>.
.T ció
b. Set the size to 5 GB
The answer is chfs –a size=5G <file system>.
.
C
7. What command can you use to determine if a file system is full?
.F a
The answer is df.
C rm
8. What command can produce a report listing the size (in MB) of all the
files and directories contained in a specific location?
The answer is du.
to fo
9. What command checks and interactively repairs inconsistent file
systems?
ec vo
The answer is fsck.

oy si
u
cl
Ex
pr
V8.2
Student Notebook
AP Unit 10, "Paging space"
.I. n
IBM Power Systems
1. What conclusions regarding potential paging space problems can you reach
.T ció
based on the following listing?
Page
Page Physical
Physical Volume
Volume Size
Size %Used
%Used Active
Active Auto
Auto Type
Type chksum
chksum
Space Volume Group
.
Space Volume Group
C
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 640
640 MB
MB 43%
43% yes
yes yes
yes lv
lv 00
.F a
paging00
paging00 hdisk1
hdisk1 rootvg
rootvg 640
640 MB
MB 7%
7% yes
yes yes
yes lv
lv 00
paging01
paging01 hdisk1
hdisk1 rootvg
rootvg 160
160 MB
MB 89%
89% yes
yes yes
yes lv
lv 00
C rm
The answer is the information provided is not enough to fully analyze the
situation; however, at first glance, here are the potential problems:
a. paging00 is underutilized.
to fo
b. paging01 is over utilized, and the size seems to be too small. Both user-defined
paging spaces are on the same disk.
c. paging01 should be deleted. The administrator should investigate why there is a
high level of paging and possibly increase the size of hd6 and paging00.
ec vo
2. True or False: The size of paging00 (in the above example) can be
dynamically decreased.
The answer is true.
oy si

u
cl
Ex
pr

Student Notebook
Unit 11, "Backup and restore"
.I. n
IBM Power Systems
1. What is the difference between the following two commands?
.T ció
a. find /home/fred | backup -ivf /dev/rmt0
b. cd /home/fred; find . | backup -ivf /dev/rmt0
The answer is the first command backs up the files using the full path names,
.
whereas the second command backs up the file names using the relative
C
.F a
path names. Therefore, the second command’s files can be restored into any
directory.
C rm
2. On a mksysb tape, what command would you use to restore individual files
from a mksysb tape?
The answer is either # restorevgfiles –f /dev/rmt0 <path to
to fo
file> or # restore –s 4 –f /dev/rmt0.1 <path to file>.
3. True or False: smit mksysb backs up all file systems, provided they are
mounted.
ec vo
The answer is false. mksysb only backs up rootvg file systems. To back up
other volume groups, you must use the savevg command.
oy si

u
cl
Ex
pr
V8.2
Student Notebook
AP Unit 12, "Security and user administration: Part one"
.I. n
IBM Power Systems
1. If the following command was run, what would the file
.T ció
permissions be for file1: chmod 6754 file1
The answer is r w s r w- r - -.
.
C
2. A binary executable with the SUID flag set is owned by user root.
.F a
User michael executes the binary. The executable runs under
which user, root or michael?
C rm
The answer is root.
3. A shared directory is created on the system. What flag must be

to fo
set to ensure only the owner of the files can delete them?
The answer is SVTX of sticky bit.
4. Why is a umask of 027 recommended?

ec vo
The answer is this value removes all permission bits for the
“others” category, which enhances security.
oy si

u
cl
Ex
pr

Student Notebook
IBM Power Systems
5. What is the difference between the commands pwdadm and passwd?
.I. n
The answer is a member of security group can use pwdadm to reset a
different user’s password, but only root can use passwd for this
.T ció
purpose.
.
6. Which command can be used to change the default attributes for
C
.F a
users?
The answer is chsec –f /etc/security/user –s default \
C rm
–a attribute=value.
7. True or False: When you delete a user from the system, all the user’s
to fo
files and directories are also deleted.
ec vo

oy si
u
cl
Ex
pr
V8.2
Student Notebook
AP Unit 13, "Security and user administration: Part two"
.I. n
IBM Power Systems
1. If an ordinary user forgets their password, can the system administrator find
.T ció
out by querying the system as to what the user’s password was set to? Why
or why not?
The answer is no. The passwords are held in encrypted format, therefore
.
even the system administrator cannot tell what the password was set to.
C
.F a
2. True or False: An asterisk (mary:*:) in the second field of the
C rm
/etc/passwd file means there is a valid password set in the shadow
password file for user mary.
to fo
3. Password restrictions are set in which of the following files?
a. /etc/passwd
b. /etc/security/passwd
ec vo
c. /etc/security/restrictions
d. /etc/security/user
The answer is /etc/security/user.
oy si

u
cl
Ex
pr

Student Notebook
IBM Power Systems
4. True or False: Enhanced RBAC comes with several
.I. n
predefined roles.
.T ció
The answer is true.
.
5. True or False: Once a user is assigned a role, the user
C
.F a
immediately can use the related authorizations.
C rm
6. What is the command that will list your assigned roles?
to fo
The answer is lsrole.
ec vo

oy si
u
cl
Ex
pr
V8.2
Student Notebook
AP Unit 14, "Scheduling and time"
.I. n
IBM Power Systems
1. True or False: The at.allow and at.deny files must be used to
.T ció
specify which users are allowed and denied use of the at command.
The answer is false. Only one or the other of these files should be
used.
.
C
.F a
2. Give a crontab entry that would specify that a job should run every
Thursday at 10 past and 30 minutes past every hour.
C rm
The answer is 10,30 * * * 4 <job>.
3. How would you schedule a script named myscript to run 10 minutes

to fo
from now?
The answer is:
# at now + 10 minutes
ec vo
myscript
^d
#
oy si

u
cl
Ex
pr

Student Notebook
Unit 15, "TCP/IP networking"
.I. n
IBM Power Systems
1. What are the following used for?
.T ció
a. /etc/rc.tcpip
The answer is starts TCP/IP daemons (sendmail, inetd, and so on).
b. ssh
.
The answer is to login or run command on a remote machine (securely).
C
.F a
c. VNC
The answer is to use a remote graphical display on a local desktop
C rm
machine.
d. /etc/services
The answer is to store server side ports of TCP/IP applications.
2. What is multipath routing and why should we use it?

to fo
The answer is multipath routing allows us to specify multiple paths to
hosts and gateways for load balancing and high availability.
ec vo
3. How can we disable the FTP protocol on AIX?

The answer is comment out the ftp line in /etc/inetd.conf and
refresh the inetd daemon.
oy si

u
cl
Ex
pr
V8.2
Student Notebook
AP Unit 16, "Introduction to workload partitions"
.I. n
IBM Power Systems
1. True or False: Workload partitions require POWER7 systems.
.T ció
The answer is false. Requires POWER4 or later.
2. What are the two types of workload partitions?
.
C
The answers are system and application.
.F a
3. What command builds and starts an application workload partition?
C rm
The answer is wparexec.
4. True or False: Live Application Mobility (LAM) requires that the WPAR private
file systems reside on an NFS server.
to fo
The answer is false. LAM requires that the private file systems be accessible
to both systems. They can either be on an NFS server or, if using a rootvg
WPAR, be placed on a shared fiber-attached SAN disk.
ec vo
5. True or False: By default, a system WPAR has shared read-only access to

the /usr file system in the global environment.
The answer is true.
oy si

u
cl
Ex
pr

Student Notebook
Appendix A, "Printers and queues"
Solutions for Figure A-22, "Let's review," on page A-32

et’s review solution
IBM Power Systems
True or False: The qdaemon is responsible for printing jobs.
The answer is false. The printer back-end is responsible for printing. The
qdaemon manages jobs in queue. The qdaemon hands the jobs off to the
back-end for printing.
To set up remote printing, what daemons are needed, and do they run on the
server, the client, or both?
The answer is qdaemon and lpd on the server qdaemon only on the client.
What does the up = TRUE indicate in the /etc/qconfig file?
The answer is it means the queue is accepting jobs. If it were FALSE, the
user would be notified that the queue is not accepting jobs.
What does discipline mean in reference to the /etc/qconfig file?
What are its possible values?
The answer is discipline is read by qdaemon to determine the sorting
order for jobs in the queue. The values supported are fcfs (first come first
server) and sjn (shortest job next).

Let’s review solution
.I. n
IBM Power Systems
1. True or False: The qdaemon is responsible for printing jobs.
.T ció
The answer is false. The printer back-end is responsible for printing. The
qdaemon manages jobs in queue. The qdaemon hands the jobs off to the
back-end for printing.
.
C
2. To set up remote printing, what daemons are needed, and do they run on the
.F a
server, the client, or both?
C rm
The answer is qdaemon and lpd on the server qdaemon only on the client.
3. What does the up = TRUE indicate in the /etc/qconfig file?
The answer is it means the queue is accepting jobs. If it were FALSE, the
to fo
user would be notified that the queue is not accepting jobs.
4. What does discipline mean in reference to the /etc/qconfig file?
What are its possible values?
ec vo
The answer is discipline is read by qdaemon to determine the sorting

order for jobs in the queue. The values supported are fcfs (first come first
server) and sjn (shortest job next).
oy si

u
cl
Ex
pr
V8.2
Student Notebook
AP Solutions for Figure A-37, "Checkpoint (1 of 2)," on page A-53
IBM Power Systems
1. True or False: One of the advantages of queues is that each user can have a
.I. n
different default queue set up for them.
The answer is true. This can be accomplished using the PRINTER
.T ció
environment variable.
2. True or False: The /etc/qconfig file is read by the back-end program to
.
determine what the queue discipline is.
C
.F a
The answer is false. It is read by qdaemon.
C rm
3. True or False: All printer software is automatically installed when you install
the base operating system.
The answer is false. Only a handful of printer software is installed by default.
to fo
4. What is the difference between these two commands?
# qprt -Pasc file1
# qprt -c -Pasc file1
ec vo
The answer is the -c flag produces a spool file.

oy si
u
cl
Ex
pr

Student Notebook
Solutions for Figure A-38, "Checkpoint (2 of 2)," on page A-54
IBM Power Systems
5. What three methods can be used to find out what the system default queue
.I. n
is?
a. The first entry in the /etc/qconfig file
.T ció
b. The output from the qchk command with no options
c. The first queue listing from the lpstat command
The answers are the first entry in /etc/qconfig file, the output from the
.
qchk command with no options, and the first queue listing from the lpstat
C
command.
.F a
6. What users can bring print queues down?
C rm
The answer is the root user or members of the printq group.
7. True or False: Once the queue is down, no more jobs can be submitted to the
printer.
The answer is false. Jobs can be submitted to the queue. However, they will
to fo
not be printed until the queue is brought up again.
8. Can users hold all their print jobs in a specific queue? If so, how?
The answer is yes, they can by only specifying a queue name and not
ec vo
individual job numbers.

oy si
u
cl
Ex
pr
V8.2
Ex backpg
Back page
cl
pr u
oy si
ec vo
to fo
C rm
.F a
.T ció
.I. n
C
.
Ex
cl
pr u
oy si
ec vo
to fo
C rm
.F a
.T ció
.I. n
C
.
CONTACTO
Teléfono
91 761 21 78
Póngase en contacto con nuestro equipo y le
informaremos de cualquier duda o cuestión
que pueda surgirle.
Email
formacion@arrowecs.es
Mándenos un email y le atenderemos
enseguida.
Online
@Arrow_Edu_ES
O bien puede contactarnos a través de
nuestro perfil en Twitter.
Visítenos
Arrow ECS Education Services
Avenida de Europa 21,
Parque Empresarial La Moraleja
28108 Alcobendas, Madrid
EDUCATION
S E R V I C E S

AIX 7 1 AN12 Implementation and Administration Student

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AIX 7 1 AN12 Implementation and Administration Student

Uploaded by

Copyright:

Available Formats

Business Data

Enterprise Computing Solutions

Dirección General de Formación

Comunidad de Madrid UNIÓN EUROPEA

IBM Training Front cover

of Oracle and/or its affiliates.

July 2013 edition

© Copyright International Business Machines Corporation 2009, 2013.

Who can perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21

Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26

Unit 2. AIX system management tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

System management objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

SMIT main menu (text based) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

IBM Systems Director Console for AIX (pconsole) . . . . . . . . . . . . . . . . . . . . . . . . 2-14

© Copyright IBM Corp. 2009, 2013 Contents iii

System health (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-24

Unit 3. System startup and shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1

System Resource Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-18

AIX partition shutdown (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-23

Unit 4. AIX installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1

Installation methods for AIX 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3

Installation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7

iv AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013

TOC Install summary and installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16

Software repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12

Installing new software using SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16

Applying patches to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21

Listing fixes (APARs) installed on the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23

Recovering from broken or inconsistent states . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26

SUMA command line execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30

© Copyright IBM Corp. 2009, 2013 Contents v

Unit 6. System configuration and devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1

Traditional UNIX disk storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4

Volume groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-10

Uses of logical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-15

Why have multiple file systems? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-19

Listing logical volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-29

vi AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013

TOC Unit 8. Working with the Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Add a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33

Add Copies to a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37

List all logical volumes by volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40

Physical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-42

List logical volumes on a physical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-45

Unit 9. File systems administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

© Copyright IBM Corp. 2009, 2013 Contents vii

Advantages of enhanced JFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-4

Unit 10. Paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1

Paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-5

Checking paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-11

Adding paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-14

Problems with paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-18

Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-22

Unit 11. Backup and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1

TOC image.data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9

Unit 12. Security and user administration: Part one . . . . . . . . . . . . . . . . . . . . . . . . 12-1

12.1. Security and user concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

File/directory permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13

Changing permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16

Security policy and setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21

Security files and security commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25

© Copyright IBM Corp. 2009, 2013 Contents ix