Professional Documents
Culture Documents
AIX 7 1 AN12 Implementation and Administration Student
AIX 7 1 AN12 Implementation and Administration Student
Cloud Mobility
Intelligence Centre
Student Manual
CONSEJERÍA DE EMPLEO,
TURISMO Y CULTURA
EDUCATION
S E R V I C E S
V8.2
cover
.I. n
Student Notebook
.T ció
Power Systems for AIX II: AIX Implementation and
.
Administration
C
.F a
Course code AN12 ERC 3.0
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
Student Notebook
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in
many jurisdictions worldwide:
AIX 5L™ AIX 6™ AIX®
.I. n
AS/400® DB2® Electronic Service Agent™
Everyplace® Express® HACMP™
.T ció
Informix® Language Environment® Notes®
Power Architecture® POWER Hypervisor™ Power Systems™
.
Power® PowerHA® PowerVM®
C
POWER6® POWER7® PureFlex™
.F a
System p® System Storage® Tivoli®
WebSphere®
C rm
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
to fo
both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or
both.
ec vo
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks
oy si
jurisdictions.
cl
Other product and service names might be trademarks of IBM or other companies.
Ex
The information contained in this document has not been submitted to any formal IBM test and is distributed on an “as is” basis without
any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer
responsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. While
each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will
result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.
TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Course description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
.I. n
Unit 1. Introduction to IBM Power Systems, AIX, and system administration . . . . 1-1
.T ció
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
AIX overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Logical partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
.
Dynamic logical partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
C
Workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
.F a
Live Partition Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
POWER7 offerings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
C rm
Typical Power system layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
The HMC (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11
The HMC (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12
LPAR virtualization overview (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
to fo
LPAR virtualization overview (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Virtual I/O Server overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Virtualization example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18
Role of the system administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
ec vo
.I. n
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-35
.T ció
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-36
.
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2
C
System startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3
.F a
Managed system activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5
Startup modes for AIX (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6
C rm
Startup modes for AIX (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7
AIX startup process overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8
AIX partition activation (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9
AIX partition activation (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10
to fo
The alog command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11
/etc/inittab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13
Run levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15
Directory and script control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17
ec vo
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-27
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-28
cl
.I. n
Network boot (3 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
Network boot (4 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
.T ció
Network boot (5 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
Network boot (6 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
Network boot (7 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
.
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
C
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
.F a
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32
C rm
Unit 5. AIX software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
AIX media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Software packaging definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
to fo
Software bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
AIX software levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
What is my AIX version? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
Software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
ec vo
.I. n
Device commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-12
prtconf (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-13
.T ció
prtconf (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-14
lscfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15
lsdev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16
.
lsslot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-18
C
lsattr and chdev commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-19
.F a
Device states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-20
/dev directory, device configuration, and control . . . . . . . . . . . . . . . . . . . . . . . . . .6-21
C rm
rendev command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-22
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-23
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-24
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-25
to fo
Unit 7. System storage overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2
Components of AIX storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-3
ec vo
Mount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-25
Mounting over an empty directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-26
Mounting over files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-27
Listing file systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-28
pr
.I. n
Change a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Extend and reduce a VG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
.T ció
Remove a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13
Activate and Deactivate a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Import and Export a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15
.
Logical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
C
LVM and RAID support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17
.F a
LVM options which affect performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
Mirroring (RAID1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19
C rm
Mirroring, allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20
Striping (RAID 0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21
Striping and mirroring (RAID 10 or 1+0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23
Mirror pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24
to fo
Logical volume placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26
Mirroring scheduling policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-28
Mirror write consistency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-30
SMIT Logical Volumes menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32
ec vo
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-49
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-50
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-51
.I. n
Changing the size of a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-13
Removing a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-14
.T ció
File system space management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-15
Listing file system utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-16
Monitoring file system growth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-17
.
Listing disk usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-18
C
Control growing files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-20
.F a
The skulker command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-22
Block size considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-23
C rm
Fragmentation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-25
Verify and repair a file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-26
Documenting file system setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-27
System storage review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-28
to fo
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-29
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-30
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-31
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-32
ec vo
viii AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
Restoring a backup of a data volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21
Traditional UNIX and AIX backup commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-23
.T ció
Backup by filename and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24
Backup and restore by inode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-25
tar command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26
.
cpio command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27
C
pax command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-28
.F a
dd command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29
Compression commands (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30
C rm
Compression commands (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-31
Good practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-32
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-35
to fo
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7
System defined groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9
Role based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-11
u
.I. n
Group files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-47
Remove a user or group from the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-48
.T ció
Files owned by removed user or group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-49
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-50
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-51
.
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-52
C
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-53
.F a
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-54
C rm
Unit 13. Security and user administration: Part two. . . . . . . . . . . . . . . . . . . . . . . . .13-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2
13.1. Additional user administration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-3
Additional user administration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-4
to fo
Console login sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-5
Login related attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7
Security logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-9
User environment setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-11
ec vo
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-35
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-36
.I. n
Time zone variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16
Time zone formats in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-18
.T ció
Setting POSIX time zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19
POSIX time zone variable breakdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-20
Setting Olson time zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-22
.
Configuring NTP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-23
C
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-25
.F a
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-26
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-27
C rm
Unit 15. TCP/IP networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2
What is TCP/IP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3
to fo
TCP/IP layering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5
LAN and broadcast domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Ethernet adapters and interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-8
Virtual LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10
ec vo
.I. n
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-48
.T ció
Unit 16. Introduction to workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-2
Workload partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-3
.
Comparing WPARs to LPARs for consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . .16-5
C
Default WPAR network configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-7
.F a
WPAR resource control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-8
System versus application WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-10
C rm
System WPAR process space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-12
System WPAR file systems space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-13
System WPAR storage and device access . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-15
Types of system WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-16
to fo
Versioned WPAR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-18
Basic system WPAR commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-19
Application WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-20
Workload Partition Manager overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-21
ec vo
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-22
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-23
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-24
oy si
xii AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
TMK Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide.
.I. n
The following are trademarks of International Business Machines Corporation, registered in
many jurisdictions worldwide:
.T ció
AIX 5L™ AIX 6™ AIX®
AS/400® DB2® Electronic Service Agent™
.
Everyplace® Express® HACMP™
C
.F a
Informix® Language Environment® Notes®
Power Architecture® POWER Hypervisor™ Power Systems™
C rm
Power® PowerHA® PowerVM®
POWER6® POWER7® PureFlex™
System p® System Storage® Tivoli®
WebSphere®
to fo
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
ec vo
both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or
both.
oy si
UNIX is a registered trademark of The Open Group in the United States and other
countries.
u
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks
of Oracle and/or its affiliates.
cl
VMware and the VMware "boxes" logo and design, Virtual SMP and VMotion are registered
trademarks or trademarks (the "Marks") of VMware, Inc. in the United States and/or other
Ex
jurisdictions.
Other product and service names might be trademarks of IBM or other companies.
pr
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
xiv AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Duration: 5 days
.I. n
Purpose
.T ció
Students will learn to install, customize, and administer the AIX
operating system in a multiuser POWER (System p) partitioned
environment. The course is based on AIX 7.1 running on a POWER7
.
system managed by Hardware Management Console version 7 and
C
provides practical discussions that are appropriate to earlier AIX
.F a
releases.
C rm
Audience
This intermediate course is intended for system administrators or
anyone implementing and managing an AIX operating system in a
to fo
multiuser POWER (System p) partitioned environment.
Prerequisites
ec vo
Objectives
On completion of this course, students should be able to:
• Install the AIX operating system, filesets, and RedHat Package
Manager (RPM) packages
• Perform system startup and shutdown
• Discuss and use system management tools such as System
.I. n
Management Interface Tool (SMIT) and IBM systems director
console for AIX
.T ció
• Manage physical and logical devices
• Discuss the purpose of the logical volume manager
• Perform logical volume and file system management
.
• Create and manage user and group accounts
C
• Perform and restore system backups
.F a
• Utilize administrative subsystems, including cron to schedule
system tasks, and security to implement customized access of files
C rm
and directories
• Configure TCP/IP networking
• Define and run basic Workload Partitions (WPAR)
to fo
Contents
• Introduction to IBM POWER p systems, AIX, and system
administration
ec vo
• Paging space
• Backup and restore
Ex
Curriculum relationship
This course should follow the AIX Basics course. A basic
understanding of hardware, the AIX environment, and simple
commands is recommended before taking this course.
xvi AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
pref Agenda
Day 1
Welcome
Unit 1: Introduction to IBM Power Systems, AIX, and system
administration
.I. n
Exercise 1
Unit 2: AIX system management tools
.T ció
Exercise 2
Unit 3: System startup and shutdown
.
Exercise 3
C
Unit 4: AIX installation
.F a
Exercise 4
C rm
Day 2
Unit 5: AIX software installation and maintenance
Exercise 5
to fo
Unit 6: System configuration and devices
Exercise 6
Unit 7: System storage overview
Exercise 7
ec vo
Day 3
oy si
Day 4
Unit 12: Security and user administration: Part one
pr
Exercise 12
Unit 13: Security and user administration: Part two
Exercise 13
Unit 14: Scheduling and time
Exercise 14
Unit 15: TCP/IP networking
Day 5
Unit 15: TCP/IP networking (continued)
Exercise 15
Unit 16: Introduction to workload partitions
Exercise 16
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
xviii AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
system administration.
.T ció
What you should be able to do
.
After completing this unit, you should be able to:
C
.F a
• Define terminology and concepts of IBM Power System servers,
virtualization, HMC, and AIX
C rm
• Describe the roles of the system administrator
• Obtain root access with the su command
to fo
How you will check your progress
• Checkpoint questions
• Machine exercises
ec vo
References
oy si
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
servers, virtualization, HMC, and AIX
.T ció
• Describe the roles of the system administrator
• Obtain root access with the su command
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
1-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
AIX overview
IBM Power Systems
.I. n
• Advanced Interactive Executive (AIX) runs on proprietary hardware
(H/W) called IBM Power Systems.
.T ció
– Seventh generation of Power, based on Reduced Instruction Set Computer
(RISC) technology
.
• Most Power Systems today run many instances of AIX in partitions
C
known as logical partitions (LPAR).
.F a
– This is H/W partitioning managed by the system firmware, Power Hypervisor
C rm
LPAR:
to fo AIX1
LPAR:
AIX2
LPAR:
AIX3
ec vo
Notes:
oy si
Some portions of the modifications and enhancements were developed by IBM; others
were developed by INTERACTIVE under contract to IBM.”
pr
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
implemented in firmware called Power Hypervisor.
– Provides configuration flexibility
.T ció
• Each partition has its own:
– Operating system
.
– Resources: Processors, memory, devices (defined in a profile)
C
.F a
• Partitions can consist of physical (real) or virtual devices
– Or a combination of both
C rm
sys1 sys2 sys3 sys4
04:42 14:42 11:42 19:42
to fo
LPAR 1 LPAR 2 LPAR 3 LPAR 4
Power Hypervisor
System Hardware (memory, processors, devices)
ec vo
Notes:
oy si
Logical partitioning is the ability to make a single system run as if it were two or more
systems. Each partition represents a division of resources in the Power System. The
cl
partitions are logical because the division of resources is logical and not along physical
boundaries.
Ex
Hypervisor Partitions are isolated from each other by firmware (underlying software)
called the POWER Hypervisor. The names POWER Hypervisor and Hypervisor will be
used interchangeably in this course.
Each partition has its own environment, for example – IP address or time of day, just as
pr
1-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Processor, memory, and I/O allocation changes
• Processors and memory quantities are bound by the
.T ció
minimum and maximum profile settings.
• Applications can be DLPAR-aware.
.
C
.F a
Before After
C rm
LPAR 1 LPAR 1
DLPAR operation: (running) (running)
- Add 2.0 CPU
-Remove 4 Gb Mem 2.0 CPU 4.0 CPU
-Move the DVD slot to LPAR 2 16 Gb Mem 12 Gb Mem
to fo
ec vo
Notes:
oy si
having to reactivate the partition. If there are partitions that need more or can do with
fewer resources, you can dynamically move the resources between partitions within the
cl
managed system without shutting down the partitions. Both the source and the
destination partitions must support the dynamic partitioning operation.
Ex
operations.
Applications
Some applications and utilities may not be DLPAR-aware. If they bind to a processor or
pin memory, then you may need to stop these processes before you are able to perform
the DLPAR operation. IBM provides an Application Programming Interface (API) for
third party program DLPAR support on AIX 5L, AIX 6 and AIX 7.
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Workload partitions
IBM Power Systems
.I. n
• Many AIX OS images can reside within a master global AIX image.
• Live Application Mobility allows WPAR relocation to another box or
.T ció
LPAR.
• WPARs provide automatic workload balancing.
.
• WPAR technology is not H/W dependent.
C
.F a
– Support is available on servers from POWER4 through POWER7.
C rm
AIX1
AIX2 1.
WPAR2 2.
AIX3
WPAR1
WPAR4
to fo
WPAR5
WPAR3
WPAR6 WPAR mgr
ec vo
Notes:
oy si
Workload partitions (WPAR) are virtualized, secure operating system environments, within
a single instance of the AIX operating system. Live Application Mobility is a capability of
u
WPAR technology which allows partitions to move between systems with limited
application downtime (for example, 20 seconds).
cl
Ex
pr
1-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
No
LPAR:
LPAR:
Downtime
AIX1
AIX1
.
C
• Partition mobility provides systems management flexibility and is
.F a
designed to improve system availability.
– Can help avoid planned outages for hardware or firmware maintenance
C rm
– Can help avoid unplanned downtime
• If a server indicates a potential failure, you can move its partitions to another server
before the failure occurs.
to fo
– Enables optimized resource use by moving workloads from server to server
ec vo
Notes:
oy si
Live Partition Mobility is a new capability that enables users to move partitions between
systems with no application downtime. Live Partition Mobility enables organizations to
u
move LPARs from CPU intensive servers to improve overall throughput based on
requirements at a particular time. This also allows us to use a maintenance window on a
cl
physical machine without the need for any application downtime. The only interruption of
service would be due to network latency. If sufficient bandwidth was available, a delay of at
Ex
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
POWER7 offerings
IBM Power Systems
.I. n
p460
.T ció
p260+ Power 795
Power 780
.
Flex System Power 770
C
PureFlex System
.F a
Power 760
Power 750
C rm
PS Blades
Power 740
Power 730
to fo
Power 720
POWER7+
Power 710 32 nm
ec vo
Notes:
oy si
IBM often introduces new models and updates the current range of servers on a frequent
basis. Here is a summary of the model differences.
u
Blades:
PS700 - 4 cores, 64 GB, 2 drives
PS701 - 8 cores, 128 GB, 1 drive
pr
1-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
Power 740 - 2 sockets, 8 to 1024 GB, 6 or 8 drives
Power 750 - 6 or 8 cores per socket, 4 sockets, 1 TB, 8 drives
.T ció
High Performance Computing:
Power 760 - similar to Power 750, 2 TB
.
Multi-enclosure models (1 though 4 enclosures)
C
.F a
Power 770 - 6 or 8 cores per socket, 2 sockets per enclosure, up to 4 TB
C rm
Power 780 - similar to 770, faster cores, up to 4 TB, 24x7 maintenance, PowerCare
support
Large enterprise server:
Power 795 - up to 256 cores, up to 16 TB, supports up to 32 I/O drawers
to fo
For further details see the Power Systems facts and features guide:
http://www-03.ibm.com/systems/power/hardware/reports/factsfeatures.html
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
– A private network usually connects HMC and service processors.
.T ció
Private Service
Managed
.
Processors
network system
C
Secondary HMC
.F a
‘Backup’ LPAR 1
C rm
LPAR 2
Primary HMC Public/open SAN
network LPAR 3
LPAR 4
to fo
NIM Server Images
ec vo
Notes:
oy si
The diagram above shows a typical example of a Power server set-up configuration. The
server is split into a number of Logical Partitions (LPARs) running AIX. A Network
u
Installation Manager (NIM) server is highly preferable to install and update the AIX LPARs
over the network. There can be a maximum of 2 HMCs connected to each system and
cl
each system has two dedicated Ethernet ports reserved for this. It is recommended that the
HMC to Service Processor communication occurs through a private network reserved for
Ex
that purpose. The HMC also must have open network connectively to the LPARs if such
features as Connection Monitoring and Dynamic LPAR operations are to be achieved.
It is also preferable to have a second HMC connected for availability purposes.
pr
Note: A failure of the HMC does not interfere in any way with the running managed system.
The service processor is a separate, independent processor that provides hardware
initialization during system load, monitoring of environmental and error events, and
maintenance support.
1-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
The HMC (1 of 2)
IBM Power Systems
.I. n
web-based application on a customized version of Linux
.T ció
• Access through https (GUI) and SSH (command line)
.
C
.F a
C rm
• Acts as a focal point for collecting and servicing managed
to fo
system serviceable events
– Can be configured to call home to IBM for parts and service
ec vo
Notes:
oy si
The HMC is an Intel based server which runs a customized version of Linux (SuSE). Its
main purpose is to configure and control up to 48 managed systems.
u
The HMC also collects diagnostic and error information from the LPARs and Managed
cl
System and logs them as Serviceable events. If configured, the HMC can send these
reports to IBM through the Electronic Service Agent (ESA).
Ex
Note: On entry level machines such as the Power 520 or the Power 720, if the system is to
be used as a non-partitioned system an HMC is not required. An HMC is mandatory for
Power 570 and above (for POWER6) or in Power 770 and above (for POWER7).
Power 550s and below (for POWER6) or Power 740s and below (for POWER7) can use
pr
Integrated Virtualization Manager (IVM) to create and control the managed system. IVM is
available through the VIOS code.
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
The HMC (2 of 2)
IBM Power Systems
Managed
Systems
.I. n
.T ció
.
C
.F a
C rm
LPARs Proc &
running MEM
AIX resources
Navigation
area
Task
to fo
Pad
ec vo
Notes:
oy si
The diagram above shows the main view of a managed system – sys034. Operations such
as create, stop, shutdown LPAR can be performed from the Tasks pad or bar, or by
u
The navigation area offers the main features of the HMC, such as:
• Systems plans for producing or deploying system configuration plans done during
Ex
design
• HMC Management for configuring the HMC, users, roles, network setting, and other
HMC characteristics
• Updates, for updating the HMC and Managed System firmware
pr
This view was taken from an HMC running v7.3.3.1. Pre v7 HMCs ran WSM which was a
much different interface based on Java.
1-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Use fractions of CPUs (micro-partitioning)
• Virtualizing LPARs has many advantages:
.T ció
– Flexibility in allocating resources
– More efficient use of system resources through sharing
.
– Consolidation (hardware, floor space, merge production, and test
C
.F a
environments)
– Relocating partitions using Live Partition Mobility
C rm
• A key component of virtualization is the Virtual I/O Server
(VIOS).
– Implemented as special customized version of AIX
to fo
– It is not AIX. It is PowerVM software!
– Requires, at minimum, a PowerVM standard license
• Included on some high-end systems
ec vo
Notes:
oy si
Virtualizing LPARs
u
partitions can be configured to use virtualized I/O resources, which allows them to be
configured in a timely manner, since no physical reconfiguration of the system, that is,
Ex
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Virtual I/O Server is a separate software product, and is included as part of the standard
.T ció
PowerVM feature. It supports AIX Versions 5.3, 6.1, 7.1,and Linux partitions as virtual
I/O clients.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
1-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• AIX can have up to 256 virtual adapters per LPAR.
• Does not require a VIOS, unless a bridged connection to the outside
.T ció
world is required.
– Virtual SCSI is way of providing virtual disks to clients.
.
• The backend storage can be internal disk (SCSI or SAS) or SAN
C
.F a
storage.
• This is a feature of the VIOS.
C rm
to fo
Note: There are many other virtualization features which are covered in more
depth in the LPAR and virtualization curriculum and roadmap.
ec vo
Notes:
oy si
Virtual Ethernet adapters enable inter-partition communication without the need for
physical network adapters assigned to each partition. It can be used in both shared and
cl
dedicated POWER5 or later processor partitions provided the partition is running AIX
V5.3, AIX V6.1, AIX V7.1, or Linux. This technology enables IP-based communication
between logical partitions on the same system using a VLAN Ethernet switch (POWER
Ex
partitions within a single system to communicate with one another through a virtual
Ethernet LAN. The virtual Ethernet interfaces may be configured with both IPv4 and
IPv6 protocols.
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
volumes and files appear as real devices, hdisks, in the client partitions and can be
used as a boot device. Once a virtual disk is assigned to a client partition, the Virtual I/O
.T ció
Server must be available before the client partitions are able to access it.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
1-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
the client partitions.
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
VIOS provides virtual storage and shared Ethernet capability to client logical partitions
on the system. It allows physical adapters with attached disks and optical devices on
cl
VIOS is installed in its own partition. Using VIOS facilitates the following functions:
• Sharing of physical resources between partitions on the system
• Creation of partitions without requiring additional physical I/O resources
pr
• Creation of more partitions than I/O slots or physical devices, by allowing partitions to
have dedicated I/O, virtual I/O, or both
• Maximization of physical resource utilization on the system
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Virtualization example
IBM Power Systems
.I. n
Physical
.T ció
Virtual Virtual Physical network
Ethernet Virtual Ethernet SEA Ethernet
ent0 Ethernet ent1 Layer 2 ent0
Switch Bridge
Virtual ent2
.
Ethernet
C
ent1
Hypervisor
.F a
Virtual
Virtual Physical
Client Device
C rm
vSCSI Server Storage
Adapter Adapter Mapping
vtscsi0 Adapter
vhost0 fcs0
to fo
SCSI, SAS, FC physical disks
or logical volumes
ec vo
Notes:
oy si
VLAN
u
A Virtual Local Area Network (VLAN) enables an Ethernet switch to create sub-groups
within a single physical network where the members of different subgroups are isolated
cl
There are two main features of virtual Ethernet. One is the inter-partition virtual switch
to provide support for connecting up to 4096 LANs. LAN IDs are used to configure
virtual Ethernet LANs and all partitions using a particular LAN ID can communicate with
each other. The other feature is a function called Shared Ethernet Adapter that bridges
pr
networks together without using TCP/IP routing. This function enables the partition to
appear to be connected directly to an external network. The main benefit of using this
feature is that each partition need not have its own physical network adapter.
1-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
Virtual I/O Server. The Client LPAR virtual FC has its own unique port number (WWPN)
to which the SAN can zone LUNs.
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
– Storage allocation/paging space
– Subsystems (printing, networks, and so forth)
.T ció
– Standard naming conventions
– Determine system policies
.
– Install and configure hardware Maintain application /
C
• Network configuration system uptime!
.F a
• System backups and disaster recovery
• Create/manage user accounts
C rm
• Define and manage subsystems
• Manage system resources (for example, disk space)
• Performance monitoring
to fo
• Capacity planning
• Application license management
• Documentation - system configuration, and keep it current!
ec vo
Notes:
oy si
Overview
u
There are a number of distinct tasks which the system administrator on a UNIX or AIX
system must perform. Often there is more than one system administrator in a large
cl
organization and the tasks can be divided between the different administrators.
Ex
pr
1-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Keep the root password secure.
.T ció
• Members of special groups or RBAC roles
• The su command enables you to obtain access to root user
.
C
.F a
$ id; pwd $ id; pwd
uid=251(alex) gid=1(staff) uid=251(alex) gid=1(staff)
C rm
/home/alex /home/alex
$ su root $ su - root
root's Password: or root's Password:
# id; pwd
# id; pwd
uid=0(root) gid=0(system) uid=0(root) gid=0(system)
to fo
/home/alex /
# set |grep USER # set |grep USER
USER=alex USER=root
ec vo
Notes:
oy si
AIX security permissions restrict the performance of administrative tasks to the root
user, and sometimes to other users in special groups. For example, system for general
cl
tasks, security for user administration, printq for AIX Print Subsystem printer
management, and lp for System V Print Subsystem printer management. This means
that the root user's password must be kept secure and only divulged to the few users
Ex
who are responsible for the system. AIX6 has a new feature called Role Based Access
Control (RBAC). This allows OS management tasks to be assigned to roles and then
assigned to users. RBAC is a large security topic and hence will be covered in detail in
the AIX Security course (AN57).
pr
A certain amount of discipline is also required when using the root ID, because typing
errors made as root could do catastrophic system damage. For normal use of the
system, a non-administrative user ID should be used. The superuser (root) privilege
should only be used when that authority is necessary to complete a system
administration task.
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
you know.
.T ció
Every time the su command is used, an entry is placed in the file /vary/adm/sulog,
this is an ASCII text file. This makes it easy to record access as the superuser. Normal
logins are recorded in the file /vary/adm/wtmp. To read the contents of this file use
.
the command: who /vary/adm/wtmp.
C
.F a
The su command can also be specified with the - (dash) option. The dash (-) specifies
that the process environment is to be set as if the user had logged into the system using
C rm
the login command. Nothing in the current environment is propagated to the new shell.
For example, using the su command without the dash (-) option, allows you to have all
of the accompanying permission of root while keeping your own working environment.
to fo
ec vo
oy si
u
cl
Ex
pr
1-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Command line
– UNIX system administration tasks often done from the command
.I. n
line, by executing scripts, or both
• Writing and executing scripts
.T ció
– Typically using Korn shell scripts (ksh is the default shell on AIX)
– Perl for more advanced users
.
C
• SMIT (smit or smitty)
.F a
– Text based tool (graphical version also available)
C rm
• IBM Systems Director Console for AIX (pconsole)
– New web-based GUI in AIX6 and later
• IBM Systems Director
to fo
– A cross platform product for managing Power systems and AIX
across a large enterprise environment
ec vo
Notes:
oy si
There are many ways to perform administration tasks within AIX. In reality, a combination
of tools or techniques are deployed.
u
While there is a graphic mode for SMIT, most SMIT users prefer using smit in text mode via
cl
operating systems and virtualization technologies across IBM and non-IBM platforms. It is
not to be confused with Systems Director Console for AIX which is based upon IBM
Systems Director but runs from within AIX to managed the OS as a single instance.
pr
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
1. What is the name of the device which creates and controls LPARs?
.I. n
2. True or False: An AIX operating system can have no real devices.
.T ció
3. True or False: Virtualization features provided by the VIO Server can
be used by default on any Power system.
.
C
.F a
4. True or False: The su command enables you to get root authority even
if you signed on using another user ID.
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
1-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Introduction to
IBM Power Systems and
.T ció
AIX
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Define terminology and concepts of IBM Power System
.T ció
servers, virtualization, HMC, and AIX
• Describe the roles of the system administrator
.
C
• Obtain root access with the su command
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
1-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Describe the benefits of the system management tools available in
C
AIX
.F a
• Discuss the functionality of SMIT and the IBM Systems Director
C rm
Console for AIX
• Explain how system management activity is logged
• Log in to IBM Systems Director Console and use graphic interface
to manage the system
to fo
How you will check your progress
ec vo
• Checkpoint questions
• Machine exercises
oy si
References
Online AIX Version 7.1 Systems Director Console for AIX
u
Management
Note: References listed as “Online” are available at the following address:
Ex
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
available in AIX
.T ció
• Discuss the functionality of SMIT and the IBM Systems
Director Console for AIX
.
• Explain how system management activity is logged
C
.F a
• Log in to IBM Systems Director Console and use graphic
interface to manage the system
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
2-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• Flat file configuration
.T ció
– Most UNIX flat files have different layouts, syntax, and options.
– Again prone to error, sometimes causing bad things to happen.
.
C
How do I create
.F a
# crfs -v jfs -g rootvg -m /test -a size=42M efs=yes
an encrypted
Usage: crfs -v Vfs {-g Volumegroup | -d Device} -m
file system?
C rm
Mountpoint [-u Mountgroup] [-A {yes|no}] [-t {yes|no}]
[-p {ro|rw}] [-l Logpartitions] [-n nodename] [-a
Attribute=Value]
to fo
ec vo
Notes:
oy si
UNIX challenges
u
Unfortunately, the same thing that's special about UNIX is also the source of most of what's
wrong. UNIX is an operating system burdened with 30+ years worth of useful add-ons and
cl
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Maximize reliability, performance, and productivity
.T ció
• Provide remote system management solutions
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
is, to manage computer systems efficiently. AIX helps with tools such as SMIT, the
Web-based System Manager, and IBM Systems Director Console for AIX.
cl
maximize the productivity of the users of computer systems. AIX helps with features,
such as the logical volume manager, that help avoid the need for the system to be
brought down for maintenance.
Provide remote system management solutions
pr
Today's information technology environment also creates a need for remote system
management solutions. AIX supports Web-based technology with the IBM Systems
Director Console for AIX. As a result, multiple systems can be managed from one single
point over the network. This can also be done with command-based programs such as
telnet, ssh, and SMIT.
2-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
AIX administration
IBM Power Systems
.I. n
System IBM
.T ció
Management Systems Director
Interface Tool Console for AIX
(smit) (pconsole)
.
C
Text based Web Interface
.F a
High-level commands
C rm
Low-level Intermediate-level
commands commands
to fo
System
System Kernel Resource Object Data ASCII
calls services Controller Manager files
ec vo
Notes:
oy si
IIBM provides users on AIX with a great deal of flexibility and choice when it comes to
administering an AIX system. SMIT is a simple, but highly effective ASCII-based
u
management tool that has been in AIX since version 3. IBM Systems Director console is a
new attractive Web-based offering in AIX6.1.
cl
Types of commands
Ex
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
SMIT
IBM Power Systems
.I. n
• Part of AIX, SMIT is available by default.
.T ció
• SMIT does not use any special hooks. Everything is based on
standard AIX commands and Korn shell functions.
.
– You can see exactly what commands it performs either before or after
C
execution.
.F a
– This is especially useful when you need to automate a repetitive task.
C rm
You can then use these commands in your own scripts.
• Text / ASCII based by default.
– If on a graphical display, such as the Virtual Network Computing (VNC)
to fo
viewer, and the DISPLAY variable is set, a Motif GUI version is
displayed.
– Most users prefer the text based version called smitty.
ec vo
Notes:
oy si
Overview of SMIT
u
The System Management Interface Tool (SMIT) provides a menu-driven interface that
provides access to most of the common system management functions, within one
cl
consistent environment.
SMIT is an interactive application that simplifies virtually every aspect of AIX system
Ex
administration. It is a user interface that constructs high-level commands from the user's
selections, and then executes these commands on-demand. Those commands could be
entered directly by the user to perform the same tasks, or put into scripts to run over, and
over again.
pr
Occasionally, a system administrator will run AIX commands or edit ASCII files directly to
complete a particular system administration task. However, SMIT does make the most
frequent or complex/tedious tasks much easier with a greater degree of reliability.
2-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
# smit
System
System Management
Management
.I. n
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Software
Software Installation
Installation and
and Maintenance
Maintenance
.T ció
Software
Software License
License Management
Management
Devices
Devices
System
System Storage
Storage Management
Management (Physical
(Physical && Logical
Logical Storage)
Storage)
Security
Security && Users
Users
Communications
Communications Applications
Applications and
and Services
Services
.
Workload
Workload Partition
Partition Administration
Administration
C
Print
Print Spooling
Spooling
Advanced
Advanced Accounting
.F a
Accounting
Problem
Problem Determination
Determination
Performance
Performance && Resource
Resource Scheduling
Scheduling
System
System Environments
C rm
Environments
Processes
Processes && Subsystems
Subsystems
Applications
Applications
Installation
Installation Assistant
Assistant
Cluster
Cluster Systems
Systems Management
Management
Using
Using SMIT
SMIT (information
(information only)
only)
to fo
F1=Help
F1=Help F2=Refresh
F2=Refresh F3=Cancel
F3=Cancel F8=Image
F8=Image
F9=Shell
F9=Shell F10=Exit
F10=Exit Enter=Do
Enter=Do
ec vo
Notes:
oy si
The SMIT main menu enables you to select the administrative functions to be performed.
You can also select online help on how to use SMIT.
cl
Use of keys
In the ASCII mode, in order to select from the menus, you have to use the up and down
Ex
arrow keys. This moves a highlighted bar over the menu items. Press Enter to select the
highlighted item. You can also use some of the keyboard function keys to perform other
functions, such as exiting SMIT or starting a shell.
Importance of TERM environment variable
pr
When using SMIT in the ASCII mode, the menus and dialog panels sometimes come up
distorted. That is the result of not having an appropriate TERM variable value. Setting and
exporting this variable can solve the problem. For example, executing the command
export TERM=vt320 might solve the problem.
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
General syntax:
smit [-options] [ FastPath ]
Invoke ASCII version:
# smitty
or
# smit –C
.I. n
Log, but do not actually run, commands:
.T ció
# smit -x
Redirect the log file and script file:
.
# smit -s /u/team1/smit.script –l /u/team1/smit.log
C
# smit -s /dev/pts/1 -l /dev/pts/2
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
2-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Dialog screen
IBM Power Systems
# smit date
Change
Change // Show
Show Day
Day and
and Time
Time
.I. n
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
.T ció
[Entry
[Entry Fields]
Fields]
YEAR
YEAR (00-99)
(00-99) [08]
[08] ##
MONTH
MONTH (01-12)
(01-12) [10]
[10] ##
DAY
DAY (1-31)
(1-31) [08]
[08] ##
HOUR
HOUR (00-23)
(00-23) [11]
[11] ##
.
MINUTES
MINUTES (00-59)
(00-59) [23]
[23] ##
C
SECONDS
SECONDS (00-59)
(00-59) [06]
[06] ##
.F a
C rm
Shell exit, very
useful to check
Command Current fast path:
something prior to
preview "date"
execution
F1=Help
F1=Help F2=Refresh
F2=Refresh F3=Cancel
F3=Cancel F4=List
F4=List
to fo
F5=Reset
F5=Reset F6=Command
F6=Command F7=Edit
F7=Edit F8=Image
F8=Image
F9=Shell
F9=Shell F10=Exit
F10=Exit Enter=Do
Enter=Do
ec vo
Notes:
oy si
A dialog screen allows you to enter values that are used in the operation performed. Some
fields are already completed from information held in the system. Usually, you can change
cl
usually indicates the object which is acted upon by the subsequent dialog and AIX
command.
Entering data
To enter data, move the highlighted bar to the value you want to change. Then, either enter
pr
a value or select one from a list. Fields that you can type in have square brackets [ ]. Fields
that have data that is larger than the field width, have angle brackets < >, to indicate that
there is data further to the left, right, or both sides of the display area.
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Special symbols
Special symbols on the screen are used to indicate how data is to be entered:
• Asterisk (*): This is a required field.
• Number sign (#): A numeric value is required for this field.
• Forward slash (/): A pathname is required for this field.
• X: A hexadecimal value is required for this field.
• Question mark (?): The value entered is not displayed.
.I. n
• Plus sign (+): A pop-up list or ring is available.
.T ció
An asterisk (*) in the leftmost column of a line indicates that the field is required. A value
must be entered here before you can commit the dialog and execute the command. In the
ASCII version, a plus sign (+) is used to indicate that a pop-up list or ring is available. To
.
access a pop-up list, use the F4 key. A ring is a special type of list. If a fixed number of
C
options are available, use the Tab key to cycle through the options.
.F a
In the Motif version, a List button is displayed. Either click the button or press <Ctrl-l> to
display a pop-up window.
C rm
Use of particular keys
The following keys can be used while in the menus and dialog screens. Some keys are
only valid in particular screens. The keys that are only valid for the ASCII interface are
to fo
marked (A). The keys that are only valid for the Motif interface are marked (M).
• F1 (or ESC-1) Help: Show contextual help information.
• F2 (or ESC-2) Refresh: Redraw the display. (A)
ec vo
• F7 (or ESC-7) Edit: Edit a field in a pop-up box or select from a multi-selection pop-up
list.
• F8 (or ESC-8) Image: Save the current screen to a file (A) and show the current
u
fastpath.
• F9 (or ESC-9) Shell: Start a sub-shell. (A)
cl
2-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Output screen
IBM Power Systems
Command
completed No standard
successfully COMMAND
COMMAND STATUS
STATUS error
.I. n
Command:
Command: OK
OK stdout:
stdout: yes
yes stderr:
stderr: no
no
Before
Before command
command completion,
completion, additional
additional instructions
instructions may
may appear
appear below.
below.
.T ció
Wed
Wed 88 Oct
Oct 11:23:06
11:23:06 2008
2008
Standard output
following command
.
execution
C
(stdout)
.F a
C rm
F1=Help F2=Refresh F3=Cancel F6=Command
to fo
F1=Help F2=Refresh F3=Cancel F6=Command
F8=Image
F8=Image F9=Shell
F9=Shell F10=Exit
F10=Exit /=Find
/=Find
n=Find
n=Find Next
Next
ec vo
Notes:
oy si
The Command field can have the following values: OK, RUNNING, and FAILED.
The value of the stdout field indicates whether there is standard output, that is, whether
cl
there is output produced as a result of running the command. The output is displayed in the
body section of this screen.
Ex
The value of the stderr field indicates whether there are error messages. In this case, there
are no error messages.
Note that, in the Motif version of SMIT, a representation of a person in the top right-hand
corner of the screen is used to indicate the values of the Command field.
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
smit.log
smit
smit.script
.I. n
command
execution
.T ció
smit.transaction
• $HOME/smit.log
– Records a log of all menu and dialog screens visited, all commands
.
executed, and their output
C
.F a
– Records any errors during the SMIT session
• $HOME/smit.script
C rm
– Shell script containing all AIX commands executed by SMIT
• $HOME/smit.transaction
– SMIT transactions log
– Records date, description, and command script output of the commands
to fo
executed
SMIT output will be redirected
to file: /tmp/new-script. No
# smitty –xs /tmp/new-script commands will be run.
ec vo
Notes:
oy si
Overview
SMIT creates three files in the $HOME directory of the user running SMIT. If these files
u
already exist, then SMIT appends to them. These files can grow quite large over time,
especially during installations. The user must maintain and truncate these files, when
cl
appropriate.
The smit.log file
Ex
The smit.log file contains a record of every SMIT screen, menu, selector, and dialog
visited, the AIX commands executed, and the output from these commands. When the
image key is pressed, the screen image is placed in the smit.log file. If there are error
or warning messages, or diagnostic or debugging messages from SMIT, then these are
pr
2-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
#
# [Oct 13 2008, 20:00:19]
.T ció
#
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08
.
smit.transaction file
C
.F a
#=--------------------------------------------
# DATE: Oct 13 2008, 20:00:19
C rm
# DESCRIPTION: Back Up the System
#=--------------------------------------------
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Director:
.T ció
– Integrated solutions console
– Lightweight infrastructure
.
• Includes links to SMIT tasks
C
How to check
.F a
• Requires Java v5 that it is
running
• Installed by default
## lssrc
Subsystem
C rm
lssrc -s
Subsystem
-s pconsole
pconsole
Group
Group PID
PID Status
Status
to fo
pconsole
pconsole pconsole
pconsole 737388
737388 active
active
## netstat
netstat -a
-a |grep
|grep 5336
5336
tcp
tcp 00 00 *.5336
*.5336 *.*
*.* LISTEN
LISTEN
ec vo
Figure 2-10. IBM Systems Director Console for AIX (pconsole) AN123.0
Notes:
oy si
The IBM Systems Director Console for AIX, also known as the Console, is a new
management interface that allows administrators to manage AIX remotely through a
cl
browser. It provides web access to common systems management tasks. The Console was
introduced as part of AIX 6.1. The only additional component required is a web browser.
Ex
The Console is named after the IBM Systems Director because it is built on the same
graphical user interface as the IBM Systems Director. Although the Console is named after
the IBM Systems Director, it is not a prerequisite. All components necessary to run the
Console are included in AIX 6.1 and later.
pr
The Console also includes menu links to the Systems Management Interface Tool (SMIT),
Web-based System Manager, and Distributed Command Execution Manager (DCEM).
DCEM is a new facility to securely execute SMIT operations or other commands on
multiple machines at one time. This can improve administrator efficiency by reducing the
need to log in to multiple systems to run the same systems management task.
2-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
File sets installed to support pconsole
.T ció
- sysmgt.pconsole.rte
- sysmgt.pconsole.apps.wdcem
.
- sysmgt.pconsole.apps.wrbac
C
.F a
- sysmgt.pconsole.apps.wsmit
- lwi.runtime
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Console interface
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
IBM Systems Director Console for AIX relies on your AIX user account for user-logon
security. If the user ID that you provide is already logged into the console, the console
cl
prompts you to choose between logging out from the other session or returning to the login
page. If you choose to log out from the other session, the console will not recover any
unsaved changes that were made by that user.
Ex
Use the Logout link in the console toolbar when you are finished using the console to
prevent unauthorized access. If there is no activity during the login session for an extended
period of time, the session expires and you must log in again to access the console. The
pr
2-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty • Log in through local terminal or telnet, and set the password.
• Already logged into console?
• Look for a warning message which gives you the option to terminate the previous
session.
You can log into the console as root, which gives you the authority to perform all tasks, or
you can delegate certain tasks to non-root users. If the only user that you want to authorize
.I. n
as a console user is root, no further set up is required.
The root id has console administrator authorization, which authorizes them to launch any
.T ció
console task. By default, console tasks are visible only to root. If you want to authorize
non-root users to perform console tasks, additional setup is required. You must authorize
each user to access one or more tasks that appear in the console navigation area and you
.
must assign each user the AIX authorizations (RBAC) for the actions performed by these
C
.F a
tasks.
Changing port values
C rm
IBM Systems Director Console for AIX uses the http: 5335 and https: 5336 ports. If you
need to change the port numbers, modify the following properties in the
/pconsole/lwi/conf/overrides/port.properties file and then restart pconsole to change
to fo
these ports:
• com.ibm.pvc.webcontainer.port=5335
• com.ibm.pvc.webcontainer.port.secure=5336
ec vo
By default, the IBM Systems Director Console for AIX provides a Secure Sockets Layer
(SSL) certificate that enables HTTPS connections between the IBM Systems Director
Console for AIX and the Web browser client.
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Console applications
IBM Power Systems
.I. n
– For example, system health
.T ció
• Classical SMIT
– Classic-style smit menus for those who prefer a more traditional look
.
and feel
C
• Distributed Command Execution Manager (DCEM)
.F a
– Used to execute commands on multiple systems in parallel
C rm
– Based on the standard UNIX dsh function
• On AIX, this is part of the Cluster Systems Management (CSM) product,
csm.dsh, which is installed as part of a base AIX install.
to fo
– Supports groups of systems
– Supports rsh and ssh authentication
ec vo
Notes:
oy si
• OS management
This is the core of the application. Menu options are similar to SMIT but in a redesigned
cl
new layout.
• Portlets/Modules
Are facilities within pconsole which provide system information and health details
Ex
• Classical SMIT
Very useful for those who still prefer the look and feel of traditional SMIT.
• Distributed Command Execution Manager (DCEM)
This is a graphical wrapper around an existing UNIX ‘dsh' utility. It allows commands
pr
2-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
.
C
.F a
Work area
C rm
to fo
ec vo
Notes:
oy si
Toolbar
u
The toolbar and banner area displays a common image across IBM System Director
Console for AIX installations. The Console toolbar provides the following functions:
cl
• Logout
Help is available for the entire console or for a specific module in the console. To access
console help, perform the following steps:
pr
• Select Help on the console toolbar. The help is displayed in a separate browser
window.
• In the help navigation tree, select the help set you want to view. For example, select
Console help to view topics that provide information for new console users. Use the
console controls as needed. To access help for a module on a page, on the title bar for
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
the module, click the ? icon. This icon is displayed only if help is available for the
module. The help is displayed in a separate browser window.
Navigation area
The navigation area provides a tree to the tasks that are available in the console. Tasks are
grouped into organizational nodes that represent categories of tasks. For example, OS
Management or Settings, are organizational nodes. The organizational nodes can be
nested in multiple levels.
.I. n
The navigation tree only displays tasks to which you have access. This is controlled by the
.T ció
Console Roles and RBAC authorizations.
In this area, the following task categories can be accessed:
.
• Welcome
C
.F a
• My Startup Pages
• OS Management (AIX settings
C rm
• Health
• Settings (Console settings)
When you select a task in the navigation tree, a page containing one or more modules for
to fo
completing the task is displayed in the work area.
Work area
When you initially log in to the console, the work area displays a welcome page. After you
ec vo
launch a task from the navigation tree, the contents of the task are displayed in a page in
the work area. A page contains one or more console modules that are used to perform
operations. Each console module has its own navigation controls. Some pages include a
control to close the page and return to the welcome page.
oy si
Startup pages
u
Regular pconsole users will want to set up startup pages at login, rather than seeing the
welcome page every time. To do this, simply select the page you are interested in from the
cl
box in the top right hand area of the screen. Select add to my start-up pages. The next
time you log in, the page will be displayed in a tab.
Ex
pr
2-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
System health (1 of 3)
IBM Power Systems
.I. n
.T ció
Section-
specific
help
.
C
.F a
Refresh
immediately
C rm
to fo
ec vo
Notes:
oy si
IBM Systems Director Console for AIX contains several portals. Each portlet refreshes after
a certain time interval to ensure the information is always consistent and up-to-date. The
u
example above is the system health portal. This shows detailed system and performance
information for the host running pconsole.
cl
Metrics
Ex
The metrics feature of IBM Systems Director Console for AIX, provides the overall health of
the monitored metrics for the managed server. The window provides common status
information about the memory and CPUs. The main page provides a description of the
monitored metrics with separate rows for summary information on each metric. These
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
System health (2 of 3)
IBM Power Systems
• Configuration information
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
Summary Information
u
The summary feature provides the overall health status of the managed server. The
window provides common status information about the overall system, network, and
cl
This expanded section displays information regarding the System p hardware and AIX
settings including such information as the model and serial number, processor type,
number and speed, memory size and status, and system recovery settings, like the
auto restart setting. All these values are related to the overall health and status of the
pr
server. Some of these values may be changed in the System Environment area of the
console.
Network Configuration
This expanded section displays information regarding the network settings including
such information as IP address, hostname, subnet mask, domain name, gateway, and
2-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty name server. All these values are related to the overall health and status of the network
connections for the server. Some of these values may be changed in the
Communications area of the console.
Paging Space Configuration
This expanded section displays information regarding the operating system paging
space setting which indicates the total paging space available. This value is related to
the overall health and status of the server. The value may be changed in the System
.I. n
Storage Management area of the console.
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
System health (3 of 3)
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
Top Processes
u
The process feature provides a list of the running processes in a table view. The window
provides common status information about each individual process. A table describes each
cl
process with separate columns to view detailed information. The table is initially sorted by
the parent ID. These columns include the following:
Ex
• CPU % displays the percent of the total CPU available used by the process in the cycle
before the last refresh.
• Time displays the total CPU time the process has been running before the last refresh.
• User displays the user ID under which the process is running.
2-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
• Mount Point displays the current mount location for the file system.
.T ció
• Size displays the size of the file system in M bytes.
• Free Space displays the size of the free space available in the file system in M bytes.
.
• Free % displays the percentage of the total space not in use.
C
.F a
• Page indicates the current page and total number of pages of file system information.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Classical SMIT
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
IBM Systems Director Console for AIX provides a web interface for classical SMIT. The
classical SMIT interface features the same menu structures and dialog panels as the ASCII
u
SMIT.
cl
Ex
pr
2-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
DCEM portlet (1 of 5)
IBM Power Systems
.I. n
.T ció
.
C
.F a
C rm
Graphical driven Commands
UNIX dsh
functionality dsh
to fo
LPAR:
LPAR:
LPAR:
LPAR:
AIX4
AIX2
AIX3
AIX1
ec vo
Notes:
oy si
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
DCEM portlet (2 of 5)
IBM Power Systems
.I. n
.T ció
Enter job
name and
description.
.
C
.F a
Defaults to
standard PATH
C rm
and user root.
Enter
to fo
commands to
run.
ec vo
Notes:
oy si
The first task is to enter a job name and description, then work along the tabs, filling in the
information as appropriate. Starting with the Command Specification tab, the following
u
• Name: Specify a name for the distributed task if you would like to save it for future use.
• Path: Specify the path of the command.
Ex
• Default User: Specify the user name under which the command will run. The user
currently logged in is the default value.
• Command (required): The command definition.
pr
2-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
DCEM portlet (3 of 5)
IBM Power Systems
.I. n
.T ció
.
C
.F a
Specify
target
C rm
machines.
to fo
ec vo
Notes:
oy si
Moving to the Target Specification tab, create a set of targets on which the command will
run, by selecting any combination of DSH hosts and groups, CSM hosts and groups, and
u
CSM is cluster software for AIX. NIM is software on AIX which allows AIX to be installed
over a network. Both CSM and NIM hosts can be grouped together for ease of
management. For these fields to be used, the IBM Systems Director Console must be
Ex
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
DCEM portlet (4 of 5)
IBM Power Systems
.I. n
.T ció
.
C
Defaults to
.F a
rsh, ssh is
optional
C rm Confirmation
to fo
that job is
running
ec vo
Notes:
oy si
want to make the remote execution secure. Either way, the pconsole server must be
able to execute commands on the remote hosts without entering a password.
cl
2-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
DCEM portlet (5 of 5)
IBM Power Systems
Status:
Completed OK
or failure!
.I. n
.T ció
.
C
.F a
C rm
Report output.
Further host output
can be seen by
selecting the links
below.
to fo
ec vo
Notes:
oy si
After selecting view status, as shown on the previous visual, the Job Status window will
appear. In the example shown above, the DCEM job was completed successfully. To obtain
u
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Console logs
– Location: /var/log/pconsole/logs
.I. n
• Formatted using XML
.T ció
– Rotated using file names error-log-#.xml and trace-log-#.xml
## ls
ls /var/log/pconsole/logs
/var/log/pconsole/logs
error-log-0.xml error-log-5.xml trace-log-3.xml
.
error-log-0.xml error-log-5.xml trace-log-3.xml
error-log-0.xml.lck
error-log-0.xml.lck Log_Viewer.xml
Log_Viewer.xml trace-log-4.xml
trace-log-4.xml
C
error-log-1.xml trace-log-0.xml trace-log-5.xml
.F a
error-log-1.xml trace-log-0.xml trace-log-5.xml
error-log-2.xml
error-log-2.xml trace-log-0.xml.lck
trace-log-0.xml.lck
error-log-3.xml
error-log-3.xml trace-log-1.xml
trace-log-1.xml
C rm
error-log-4.xml
error-log-4.xml trace-log-2.xml
trace-log-2.xml
Notes:
oy si
The Systems Director Console log file are stored in XML format in the
/var/log/pconsole/logs directory.
u
you start Integrated Solutions Console. Logging messages are written to the file
error-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write log messages.
Trace log file
pr
The system appends traces messages to a single log file. A new trace file is created each
time you start Integrated Solutions Console. Trace messages are written to the file
trace-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write trace messages.
2-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty Classical SMIT logs are similar in nature to regular AIX SMIT. The letter w is prefixed to the
standard SMIT log file names, to differentiate these pconsole logs from the standard AIX
SMIT logs. There is no equivalent smit.transaction log produced through pconsole.
An example DCEM.log:
------------------------------------------------------------
Command name: Unspecified
.I. n
Default user: root
Command definition:
.T ció
export PATH=\$PATH;uname -a
Started: Tue Oct 14 17:06:34 2008
Ended: Tue Oct 14 17:06:35 2008
.
Successful targets:
C
DSH nodes:
.F a
statler.lpar.co.uk
waldorf.lpar.co.uk
C rm
Failed targets:
none
Targets not run:
none
to fo
Status:
Command execution completed.
-----------------------------------------------------------
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
.I. n
b. ______________
c. ______________
.T ció
2. What is the purpose of the smit.script file?
.
C
.F a
3. What information can one get from looking at the system configuration
details in IBM Systems Director Console?
C rm
a. ______________
b. ______________
c. ______________
to fo
d. ______________
e. ______________
ec vo
Notes:
oy si
u
cl
Ex
pr
2-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
AIX system
management
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Describe the benefits of the system management tools
.T ció
available in AIX
• Discuss the functionality of SMIT and the IBM Systems
.
C
Director Console for AIX
.F a
• Explain how system management activity is logged
C rm
• Log in to IBM Systems Director Console and use graphic
interface to manage the system
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
2-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Describe the system and AIX startup process
C
.F a
• Activate the system and AIX partitions
• Explain the difference between SMS and normal startup modes
C rm
• Describe the contents of the /etc/inittab file
• Use System Resource Controller commands to start, stop, and
display AIX subsystems
to fo
• Explain how to shut down the system and AIX partitions
• Checkpoint questions
• Machine exercises
oy si
References
u
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Activate the system and AIX partitions
.T ció
• Explain the difference between SMS and normal startup
modes
.
• Describe the contents of the /etc/inittab file
C
.F a
• Use System Resource Controller commands to start, stop,
and display AIX subsystems
C rm
• Explain how to shut down the system and AIX partitions
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
3-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
System startup
IBM Power Systems
.I. n
Level 1: Power off Service processor is active.
.T ció
Issue Power On command
All devices are initialized and powered on.
Level 2: Standby
System is ready to support partitions.
.
C
.F a
SMS mode
Start AIX
C rm
- OR -
partitions
Normal mode
to fo
Level 3: Operating System is running partitions.
ec vo
Notes:
oy si
The first power level is achieved by plugging in the power cord of the managed system
into a live power socket. The HMC will report that the managed system is in the Power
cl
The service processor will be initialized and the service processor software will be
loaded and run. If your system has an Operator Panel, you'll see codes on the display
panel and after a few minutes, you will also see a steady blinking green light. The HMC
will also display the codes and status information for the managed system. At this point,
pr
the service processor is an active host on the network. You may use the system
management (ASMI) application on the service processor. However, the rest of the
devices, such as disks, processors, and so forth, on the managed system are still
powered off.
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Once you start the first partition on the system, your managed system will be at the third
.T ció
and highest power on level. The HMC will report the state of the managed system as
Operating. This means it has been fully powered on, initialized, and is running at least
one partition. With the proper procedures and commands, hot-pluggable devices may
.
be physically removed from the partitions. Once your managed system is in the
C
Operating state, it remains there until you issue a power off command or a system error
.F a
changes the state. If you shut down all of the partitions, but do not power off the
managed system, the HMC will still report the Operating state. However, at this point,
C rm
the system is in a state functionally equivalent to the Standby state.
to fo
ec vo
oy si
u
cl
Ex
pr
3-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
Introduction
u
The visual -shows a managed system in the Power Off state. The HMC menu is shown
where you can choose to power on the system. This is the selected menu when the
cl
managed system is selected. The next visual shows you the screen that appears after
choosing Power On from the menu.
Ex
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• SMS mode is used for:
.T ció
– Selecting the boot device, for example, network and IPL parameters
– Booting into Service (Maintenance) mode, for example:
.
• To fix a machine that will not boot
C
• Recover root password
.F a
SMS Top
Level
C rm
PowerPC Firmware
Version EL320_083 Firmware
SMS 1.7 (c) Copyright IBM Corp. 2000,2008 All rights reserved. Menu
----------------------------------------------------------------
Main Menu
1. Select Language
2. Setup Remote IPL (Initial Program Load)
to fo
3. Change SCSI Settings
4. Select Console
5. Select Boot Options
ec vo
Notes:
oy si
To boot into SMS, either press the 1 key shortly after partition activation, or set the
partition to specifically SMS boot. To do this, click the Advanced button on activation
cl
resource can be used to select the boot device, or change the order of the bootlist and
boot the system into Service mode, if maintenance is required.
Service mode enables the user to run diagnostics or access the system in single-user
mode.
pr
3-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Normal mode
– AIX boots into multi-user mode (run level 2).
– Users can log in, the system can be configured, and applications can
.I. n
start.
– The bootlist command can change the start-up boot device list.
.T ció
## bootlist Displays the current
bootlist -m
-m normal
normal -o
-o
hdisk0 boot device (hdisk0)
hdisk0 blv=hd5
blv=hd5
.
C
## bootlist
bootlist –m
–m normal
normal hdisk0
hdisk0 hdisk1
hdisk1
.F a
• Other less common start-up modes:
C rm
– Diagnostic with default boot list
• Boot to service mode using default boot list (has optical drive first)
– Diagnostic with stored boot list
• Boot to service mode using a user customized bootlist
to fo
– Open firmware
• Open firmware prompt; used by service/support personnel to obtain low level
debug information
ec vo
Notes:
oy si
Start-up modes:
u
• Normal: The logical partition starts up as normal. This is the mode that you use to
perform most everyday tasks. When the machine does a normal boot, it completes the
cl
full AIX boot sequence and start processes, enables terminals and generates a login
prompt, to make it available for multi-user access. It also activates the disks, sets up
access to the files and directories, starts networking, and completes other machine
Ex
specific configurations.
• Diagnostic with default boot list: The logical partition boots to service mode using the
default boot list that is stored in the system firmware. This mode is normally used to
either boot to diagnostics from a hard drive, or to boot off bootable media (a diagnostics
pr
CD or installation media).
• Diagnostic with stored boot list: The logical partition performs a service mode boot
using the service mode boot list saved in NVRAM.
• Open Firmware OK prompt: The logical partition boots to the open firmware prompt.
This option is used by service personnel to obtain additional debug information.
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Partition activation
.I. n
Locate AIX boot image
.T ció
via firmware or bootlist
.
Load boot image
C
RAMFS created AIX Kernel is now in control.
.F a
C rm
Configure devices init process from RAMFS
Start rootvg executes rc.boot script.
to fo
Start ‘real’ init process
Process /etc/inittab, default run-level 2.
From rootvg
LOGIN
ec vo
Notes:
oy si
After the partition is activated, a boot image is located from the boot device, specified
from SMS or the bootlist command, and is loaded into memory. During a normal boot,
cl
the location of the boot image is usually a hard drive. Besides hard drives, the boot
image could be loaded from CD/DVD. This is the case when booting into maintenance
mode for service. If working with the Network Installation Manager (NIM), the boot
Ex
commands provided in the RAM file system. You can think of the RAM file system as a
small AIX operating system. The kernel starts the init process which was provided in the
RAM file system, not from the root file system. This init process executes a boot script
which is named rc.boot. rc.boot controls the boot process. The base devices are
configured, rootvg is activated or varied on, and the real init process starts from rootvg
which will in turn process the /etc/inittab at run level two.
3-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
To activate
into SMS
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
Activating a partition
u
To activate a partition from the HMC Server Management application, select the
partition name and choose Activate from the menu. An Activate Logical Partition
cl
screen will appear from which the user can select the start-up profile.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
AIX
AIX Version
Version 77
Copyright
Copyright IBM
IBM Corporation,
Corporation, 1982,
1982, 2013
2013
Console login:
Console login:
ec vo
Notes:
oy si
Partitions can have one or many profiles assigned, one of which will be the default.
Profiles contain the attributes of the partition such as process and memory
cl
requirements, and assigned devices. At the time of starting the profile a virtual console
session can be optionally started. The Advanced button enables users to set the
start-up mode. A default start-up mode will be contained within the profile.
Ex
pr
3-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
alog program
.
C
.F a
/var/adm/ras/bootlog
/var/adm/ras/BosMenus.log
C rm
Use the
/var/adm/ras/bosinst.log
alog
command
/var/adm/ras/nimlog
to view /var/adm/ras/conslog
logs /var/adm/ras/errlog
to fo
To view the boot log:
## alog
alog –o
–o –t
–t boot
boot
ec vo
Notes:
oy si
Overview
u
The alog command is a BOS feature that provides a general-purpose logging facility
that can be used by any application or user to manage a log. The alog command reads
cl
standard input, writes the output to standard out, and copies it to a fixed size file at the
same time.
Ex
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
particularly if the system did not boot properly. Fortunately, alog is used by the rc.boot
script and the configuration manager during the boot process to log important events.
To view the boot information, the command alog –o -t boot may be used. If the
machine does not boot, boot the machine into maintenance mode and view the boot
log contents.
Viewing logs with SMIT
You can also use SMIT to view the different system-supported logs. Use the following
.I. n
command:
.T ció
# smit alog
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
3-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
/etc/inittab
IBM Power Systems
.I. n
powerfail::powerfail:/etc/rc.powerfail
powerfail::powerfail:/etc/rc.powerfail 2>&12>&1 || alog
alog -tboot
-tboot >> /dev/console
/dev/console
mkatmpvc:2:once:/usr/sbin/mkatmpvc
mkatmpvc:2:once:/usr/sbin/mkatmpvc >/dev/console
>/dev/console 2>&12>&1
atmsvcd:2:once:/usr/sbin/atmsvcd
atmsvcd:2:once:/usr/sbin/atmsvcd >/dev/console
>/dev/console 2>&1
2>&1
.T ció
tunables:23456789:wait:/usr/sbin/tunrestore
tunables:23456789:wait:/usr/sbin/tunrestore -R -R >> /dev/console
/dev/console 2>&1
2>&1 ## Set
Set tunables
tunables
rc:23456789:wait:/etc/rc
rc:23456789:wait:/etc/rc 2>&1
2>&1 || alog
alog -tboot
-tboot >> /dev/console
/dev/console ## Multi-User
Multi-User checks
checks
rcemgr:23456789:once:/usr/sbin/emgr
rcemgr:23456789:once:/usr/sbin/emgr -B -B >> /dev/null
/dev/null 2>&1
2>&1
fbcheck:23456789:wait:/usr/sbin/fbcheck
fbcheck:23456789:wait:/usr/sbin/fbcheck 2>&12>&1 || alog
alog -tboot
-tboot >> /dev/console
/dev/console
srcmstr:23456789:respawn:/usr/sbin/srcmstr
srcmstr:23456789:respawn:/usr/sbin/srcmstr ## System
System Resource
Resource Controller
.
Controller
rctcpip:23456789:wait:/etc/rc.tcpip
rctcpip:23456789:wait:/etc/rc.tcpip >> /dev/console
/dev/console 2>&1
2>&1 ## Start
Start TCP/IP
TCP/IP daemons
daemons
C
rcnfs:23456789:wait:/etc/rc.nfs
rcnfs:23456789:wait:/etc/rc.nfs >> /dev/console
/dev/console 2>&1
2>&1 ## Start
Start NFS
NFS Daemons
Daemons
.F a
sniinst:2:wait:/var/adm/sni/sniprei
sniinst:2:wait:/var/adm/sni/sniprei >> /dev/console
/dev/console 2>&1
2>&1
cron:23456789:respawn:/usr/sbin/cron
cron:23456789:respawn:/usr/sbin/cron
qdaemon:23456789:wait:/usr/bin/startsrc
qdaemon:23456789:wait:/usr/bin/startsrc -sqdaemon
-sqdaemon
C rm
writesrv:23456789:wait:/usr/bin/startsrc
writesrv:23456789:wait:/usr/bin/startsrc -swritesrv
-swritesrv
uprintfd:23456789:respawn:/usr/sbin/uprintfd
uprintfd:23456789:respawn:/usr/sbin/uprintfd
shdaemon:2:off:/usr/sbin/shdaemon
shdaemon:2:off:/usr/sbin/shdaemon >/dev/console
>/dev/console 2>&1
2>&1 ## High
High availability
availability daemon
daemon
l2:2:wait:/etc/rc.d/rc
l2:2:wait:/etc/rc.d/rc 22
l3:3:wait:/etc/rc.d/rc
l3:3:wait:/etc/rc.d/rc 33
l4:4:wait:/etc/rc.d/rc
l4:4:wait:/etc/rc.d/rc 44
l5:5:wait:/etc/rc.d/rc
l5:5:wait:/etc/rc.d/rc 55
to fo
l6:6:wait:/etc/rc.d/rc
l6:6:wait:/etc/rc.d/rc 66
l7:7:wait:/etc/rc.d/rc
l7:7:wait:/etc/rc.d/rc 77
l8:8:wait:/etc/rc.d/rc
l8:8:wait:/etc/rc.d/rc 88
l9:9:wait:/etc/rc.d/rc
l9:9:wait:/etc/rc.d/rc 99
……………
……………
ec vo
Notes:
oy si
Introduction
u
The /etc/inittab file lists the processes that init starts, and it also specifies when to
start them. If this file gets corrupted, the system cannot boot properly. Because of this, it
cl
is a good idea to keep a backup of this file. This file should never be edited directly. Use
lsitab, chitab, and mkitab commands. After editing the /etc/inittab file, force the
system to reread the file by using the telinit q command.
Ex
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Format of entries
The individual line entries in /etc/inittab contain the following fields:
• Id: Up to 14 characters that identify the process.
• Runlevel: Defines the run levels for which the process is valid. AIX uses run levels of
0-9. If the telinit command is used to change the run level, a SIGTERM signal is sent to
all processes that are not defined for the new run level. If, after 20 seconds, a process
.I. n
has not terminated, a SIGKILL signal is sent. The default run level for the system is 2,
which is AIX multiuser mode.
.T ció
• Action: How to treat the process. Valid actions are:
- respawn: If the process does not exist, start it. If the process dies then restart it.
.
- wait: Start the process and wait for it to finish before reading the next line.
C
.F a
- once: Start the process and immediately read the next line. Do not restart it if it
stops.
C rm
- sysinit: Commands to be run before trying to access the console
- off: Do not run the command.
- Command. Use the AIX command to run to start the process.
to fo
Run levels
AIX uses a default run level of 2. This is the normal multi-user mode. You may want to
perform maintenance on your system without having other users logged in. The
ec vo
command shutdown -m places your machine into a single user mode terminating all
logins. Once the machine reaches the single user mode, you are prompted to enter the
root password. When you are ready to return to normal mode, type telinit 2.
oy si
u
cl
Ex
pr
3-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Run levels
IBM Power Systems
.I. n
– 3 through 9: Free to be defined by the administrator
.T ció
• The telinit or init command can be used to change run
levels.
.
C
– a, b, c, and h can be initiated during any run level start-up, 2 through 9,
.F a
without killing any existing run level processes.
– S, s, M, m, results in the system entering single user / maintenance
C rm
mode.
– Q, q, re-examines and processes the /etc/inittab file on request.
to fo
Example: To go from single user to multi-user mode, execute:
# telinit 2
ec vo
Notes:
oy si
Run levels define the behavior of init, and by extension, those processes which run on the
system when it is at any given level. A run level is a software configuration that allows only
u
a selected group of processes to exist. The system can be at one of the following run
levels:
cl
• 0-9
Ex
Tells the init command to place the system in one run level 0-9
When the init command requests a change to run levels 0-9, it kills all processes at the
current run levels and then restarts any processes associated with the new run levels.
• 0-1
pr
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
In the multiuser environment, the /etc/inittab file is set up so that the init command
creates a process for each terminal on the system. The console device driver is also set
to run at all run levels so the system can be operated with only the console active.
• 3-9
Can be defined according to the user's preferences
• S,s,M,m
.I. n
Tells the init command to enter the maintenance mode. When the system enters
maintenance mode from another run level, only the system console is used as the
.T ció
terminal.
• a,b,c,h
.
Tells the init command to process only those records in the /etc/inittab file with a, b,
C
.F a
c, or h in the run level field. These four arguments, a, b, c, and h, are not true run levels.
They differ from run levels in that the init command cannot request the entire system to
C rm
enter run levels a, b, c, or h. When the init command finds a record in the /etc/inittab
file with a value of a, b, c, or h in the run level field, it starts the process. However, it
does not kill any processes at the current run level. Processes with a value of a, b, c, or
h in the run level field, are started in addition to the processes already running at the
to fo
current system run level. Another difference between true run levels and a, b, c, or h, is
that processes started with a, b, c, or h are not stopped when the init command
changes run levels. There are three ways to stop a, b, c, or h processes:
- Type off in the Action field.
ec vo
3-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Startup and stop scripts can be defined for each run level
which are automatically invoked at entry and exit.
.I. n
/etc/rc.d
/etc/rc.d ## ls
ls –R
–R
.T ció
init.d
init.d rc
rc rc2.d
rc2.d rc3.d
rc3.d rc4.d
rc4.d rc5.d
rc5.d rc6.d
rc6.d rc7.d
rc7.d rc8.d
rc8.d rc9.d
rc9.d
./init.d:
./init.d:
./rc2.d:
./rc2.d:
Ksshd
Ksshd Kwpars
Kwpars Ssshd
Ssshd Scripts starting
.
with S are invoked
C
./rc3.d:
./rc3.d: at boot time by
.F a
./rc4.d:
./rc4.d:
/etc/rc.d/rc.
./rc5.d:
C rm
./rc5.d:
./rc6.d:
./rc6.d:
Scripts starting with K are
./rc7.d:
./rc7.d:
invoked synchronously by
shutdown with one argument:
./rc8.d:
./rc8.d: 'stop'. They are also called on
to fo
startup prior to invoking the start
./rc9.d:
./rc9.d: scripts.
ec vo
Notes:
oy si
Run level scripts enable system administrators to start and stop selected applications
and services, or perform tasks during system start-up, shutdown or during run level
cl
change. Run level scripts need to be created in the subdirectory of /etc/rc.d that is
specific to the run level. Scripts beginning with K are stop scripts, while scripts
beginning with S are start scripts.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
## ps
ps -ef
-ef |grep
|grep src
src SRC
UID
UID PID
PID PPID
PPID CC STIME
STIME TTY
TTY TIME
TIME CMD
CMD Master
.T ció
root
root 172178
172178 11 00 18
18 Sep
Sep -- 0:00
0:00 /usr/sbin/srcmstr
/usr/sbin/srcmstr process
## ps
ps -T
-T 172178
172178
PID
PID TTY
TTY TIME
TIME CMD
CMD
Parent
172178 -- 0:00
0:00 srcmstr PID = init
.
172178 srcmstr
151672
151672 -- 0:01
0:01 |\--syslogd
|\--syslogd
C
163968
163968 -- 0:00
0:00 |\--inetd
|\--inetd
.F a
303160 -- 0:00 || \--rlogind
303160
512170
0:00 \--rlogind Subsystem
512170 pts/0
pts/0 0:00
0:00 || \--ksh
\--ksh
463024
463024 pts/0
pts/0 0:00
0:00 || \--ps
\--ps
C rm
168088
168088 -- 0:00
0:00 |\--portmap
|\--portmap
180418
180418 -- 0:00
0:00 |\--IBM.ServiceRMd
|\--IBM.ServiceRMd
188650 -- 1:24 |\--rmcd
188650
200856 --
1:24
3:47
|\--rmcd
|\--clstrmgr
Subserver
200856 3:47 |\--clstrmgr
204904
204904 -- 0:00
0:00 |\--tftpd
|\--tftpd
176288
176288 -- 0:00
0:00 || \--tftpd
\--tftpd
213102
213102 -- 0:00
0:00 |\--sshd
|\--sshd
to fo
221334
221334 -- 0:00
0:00 |\--snmpdv3ne
|\--snmpdv3ne
254124
254124 -- 0:00
0:00 |\--IBM.DRMd
|\--IBM.DRMd
262276
262276 -- 0:59
0:59 |\--IBM.CSMAgentRMd
|\--IBM.CSMAgentRMd
417800
417800 -- 0:00
0:00 \--ctcasd
\--ctcasd
ec vo
Notes:
oy si
The System Resource Controller (SRC) provides a set of commands to make it easier
for the administrator to control subsystems. A subsystem is a daemon, or server, that is
cl
3-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Listing subsystems
IBM Power Systems
.I. n
-a
Subsystem
Subsystem Group
Group PID
PID Status
Status
syslogd
syslogd ras
ras 151672
151672 active
active
portmap portmap 168088 active
.T ció
portmap portmap 168088 active
inetd
inetd tcpip
tcpip 163968
163968 active
active
tftpd
tftpd tcpip
tcpip 204904
204904 active
active
sshd
sshd ssh
ssh 213102
213102 active
active
ctrmc
ctrmc rsct
rsct 188650
188650 active
active
.
snmpd
snmpd tcpip
tcpip 221334
221334 active
active
clcomdES clcomdES 225414 active
C
clcomdES clcomdES 225414 active
clstrmgrES
clstrmgrES cluster
cluster 200856
200856 active
active
.F a
ctcas
ctcas rsct
rsct 417800
417800 active
active
qdaemon
qdaemon spooler
spooler inoperative
inoperative
writesrv
writesrv spooler
spooler inoperative
inoperative
C rm
lpd
lpd spooler
spooler inoperative
inoperative
….
…. Removed
Removed for clarity …..
for clarity …..
lssrc –g
## lssrc –g tcpip
tcpip |grep
|grep active
active
Subsystem
Subsystem Group
Group PID
PID Status
Status
to fo
inetd
inetd tcpip
tcpip 163968
163968 active
active
tftpd
tftpd tcpip
tcpip 204904
204904 active
active
snmpd
snmpd tcpip
tcpip 221334
221334 active
active
ec vo
Notes:
oy si
Introduction
u
The lssrc command is used to show the status of the SRC subsystems. In the example
shown on the visual, we are checking the status of all subsystems using the -a flag and
Ex
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
SRC control
IBM Power Systems
• Controlling subsystems
## stopsrc
stopsrc -s
-s inetd
inetd
.I. n
0513-044
0513-044 The
The /usr/sbin/inetd
/usr/sbin/inetd Subsystem
Subsystem was
was requested
requested to
to stop.
stop.
.T ció
## startsrc
startsrc -s
-s inetd
inetd
0513-059
0513-059 The inetd
The inetd Subsystem
Subsystem has
has been
been started.
started. Subsystem
Subsystem PID
PID is
is
311374.
311374.
.
## refresh
refresh -s
-s inetd
inetd
C
0513-095
0513-095 The
The request
request for
for subsystem
subsystem refresh
refresh was
was completed
.F a
completed
successfully.
successfully.
Not all
C rm
subsystems
support being
refreshed.
to fo
## refresh
refresh -s
-s sshd
sshd
0513-005
0513-005 The Subsystem,
The Subsystem, sshd,
sshd, only
only supports
supports signal
signal
communication.
communication.
ec vo
Notes:
oy si
the inetd subsystem will need to be refreshed by using refresh command. Not all
subsystems can be refreshed. If this is the case, simply use startsrc and stopsrc
cl
commands.
Ex
pr
3-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Do a fast shutdown,
.T ció
bypassing the
## shutdown
shutdown -Fr
-Fr messages to users,
SHUTDOWN and reboot the
SHUTDOWN PROGRAM
PROGRAM
.
Thu system.
Thu 99 Oct
Oct 20:15:49
20:15:49 2008
2008
C
0513-044
0513-044 The
The sshd
sshd Subsystem
Subsystem was
was requested
requested to
to stop.
stop.
.F a
Wait for 'Rebooting...' before stopping.
Wait for 'Rebooting...' before stopping.
Oct
Oct 99 2008
2008 20:15:50
20:15:50 /usr/es/sbin/cluster/utilities/clstop:
/usr/es/sbin/cluster/utilities/clstop: called
called with
with
flags
flags -f
-f -y
-y -s
-s -N
-N -S
-S
C rm
0513-004
0513-004 The
The Subsystem
Subsystem or
or Group,
Group, clinfoES,
clinfoES, is
is currently
currently inoperative.
inoperative.
Error
Error logging
logging stopped...
stopped...
Advanced
Advanced Accounting
Accounting has
has stopped...
stopped...
Process
Process accounting
accounting stopped...
stopped...
Stopping
Stopping NFS/NIS
NFS/NIS Daemons
Daemons
to fo
Connection
Connection closed.
closed.
ec vo
Notes:
oy si
Introduction
u
The SMIT shutdown fastpath or the shutdown command is used to shut the system
down cleanly. If used with no options, shutdown displays a message on all enabled
cl
terminals (using the wall command), then (after one minute) disables all terminals, kills
all processes on the system, syncs the disks, unmounts all file systems, and then halts
the system.
Ex
maintenance mode. The -k flag specifies a “pretend” shutdown. It appears to all users
that the machine is about to shut down, but no shutdown actually occurs.
Shutting down to single-user mode
Use the following command to shut down the system to single-user mode:
# shutdown -m
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
3-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
.
Do a fast
C
shutdown,
.F a
shutdown -F
C rm
to fo
ec vo
Notes:
oy si
From the HMC, the following shutdown options are supported. Generally, best practice is to
shutdown AIX from within the partition.
u
• Delayed: The HMC shuts down the logical partition using the delayed power-off
cl
sequence. This allows the logical partition time to end jobs and write data to disks. If the
logical partition is unable to shut down within the predetermined amount of time, it will
end abnormally and the next restart may be longer than normal.
Ex
• Immediate: The HMC shuts down the logical partition immediately. The HMC ends all
active jobs immediately. The programs running in those jobs are not allowed to perform
any job cleanup. This option might cause undesirable results if data has been partially
pr
updated. Use this option only after a controlled shutdown has been unsuccessfully
attempted.
• Operating System: The HMC shuts down the logical partition normally by issuing a
shutdown command to the logical partition. During this operation, the logical partition
performs any necessary shutdown activities. This option is only available for AIX logical
partitions.
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Operating System Immediate: The HMC shuts down the logical partition immediately
by issuing a shutdown -F command to the logical partition. During this operation, the
logical partition bypasses messages to other users and other shutdown activities. This
option is only available for AIX logical partitions.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
3-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
Before you power off the managed system, you must first shut down the operating systems
in each of the running partitions. Otherwise, they will terminate abnormally which may lead
cl
must choose between the Normal power off procedure and the Fast power off procedure.
• Normal power off: The system ends all active tasks in a controlled manner. During that
time, the service processor and the POWER Hypervisor are allowed to perform cleanup
(end-of-job-processing).
pr
• Fast power-off: The system ends all active tasks immediately. The programs running in
the service processor and the POWER Hypervisor are not allowed to perform any
cleanup.
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
.I. n
that have to be started?
.T ció
2. Which AIX feature can be used to stop and start
subsystems and groups of daemons?
.
C
.F a
3. True or False: You can only execute the shutdown
C rm
command from the console.
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
3-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
System startup and
shutdown
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Describe the system and AIX startup process
.T ció
• Activate the system and AIX partitions
• Explain the difference between SMS and normal startup
.
C
modes
.F a
• Describe the contents of the /etc/inittab file
C rm
• Use System Resource Controller commands to start, stop,
and display AIX subsystems
• Explain how to shut down the system and AIX partitions
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
3-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• List the installation methods for AIX
C
.F a
• List the steps necessary to install the AIX base operating system
• Install and understand all the options when installing AIX from
C rm
optical media
• Carry out post installation tasks
to fo
How you will check your progress
• Checkpoint questions
• Machine exercises
ec vo
References
oy si
Unit objectives
IBM Power Systems
.I. n
• List the steps necessary to install the AIX base operating
.T ció
system
• Install and understand all the options when installing AIX
.
from optical media
C
.F a
• Carry out post installation tasks
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
4-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• DVD (FC 3435)
.T ció
• Network:
.
– Network Installation Manager (NIM)
C
.F a
– Details covered in IBM training course: AIX Installation Management
(AN22G)
C rm
to fo
ec vo
Notes:
oy si
When a Power system order is placed with IBM, or a business partner, there are options to
have the system preconfigured. This pre-configuration consists of LPAR creation and
u
AIX 6 and AIX 7 are delivered, by default, on DVD media. Optionally, AIX 6 can also be
ordered on CD (one through eight disks).
Ex
In an LPAR environment, NIM is a very popular method of installing and updating AIX. NIM
is a large topic and is covered in-depth in the AN22 education class.
pr
• Steps:
Assume a partition and partition profile have already been created.
.I. n
1. Place the AIX DVD in the drive.
2. Activate the partition to SMS and open terminal window.
.T ció
3. Select to boot device using SMS menus in the terminal window.
4. Interact with the AIX install menus.
.
C
.F a
• Note, the partition must either:
C rm
– Have PCI slot which controls a drive which will read CD-ROMs.
OR
– Be allocated a CD-ROM device though a VIOS server (as a virtual
to fo
optical SCSI device).
ec vo
Notes:
oy si
To install AIX into a partition, the partition and profile must first be created through the
HMC. The partition must have access to a device slot which contains the optical media
u
drawer. If a virtualized environment is to be deployed, then the VIOS partition will probably
own the optical device. In that case, it is still possible to make this CD available to a
cl
partition as a virtual optical SCSI device. In VIOS version 1.5, a new feature was added
which allows a media ISO image to be allocated to multiple partitions, through the
Ex
4-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
SMS
SMS 1.6
1.6 (c)
(c) Copyright
Copyright IBM
IBM Corp.
Corp. 2000,2005
2000,2005 All
All rights
rights reserved.
reserved.
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Main
Main Menu
Menu
.T ció
1.
1. Select
Select Language
Language
2.
2. Setup
Setup Remote
Remote IPL
IPL (Initial
(Initial Program
Program Load)
Load) #then
#then select
select the
the adapter
adapter && IP
IP Parameters
Parameters
3.
3. Change
Change SCSI
SCSI Settings
Settings
4.
4. Select
Select Console
Console
5.
5. Select
Select Boot
Boot Options
.
Options
C
Multiboot
Multiboot
.F a
1.
1. Select
Select Install/Boot
Install/Boot Device
Device
C rm
Select
Select Device
Device Type
Type
3.
3. CD/DVD
CD/DVD
Select
Select Media
Media Type
Type
9. Select the CD-ROM
9. List
List All
All Devices
Devices
drive from the list.
to fo
Select
Select Device
Device
Device
Device Current
Current Device
Device
Number
Number Position
Position Name
Name
1.
1. -- SCSI
SCSI CD-ROM
CD-ROM
(( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0
loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 ))
ec vo
Notes:
oy si
When SMS starts, choose option 5, followed by the boot device (in this case CD/DVD). The
system will then display all devices of this type. In the visual, there is only one such device.
u
Select
Select Task
Task
SCSI
SCSI CD-ROM
CD-ROM
(( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0
loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 ))
.I. n
1.
1. Information
Information
2.
2. Normal
Normal Mode
Mode Boot
Boot
.T ció
3.
3. Service
Service Mode
Mode Boot
Boot
Are
Are you
you sure
sure you
you want
want to
to exit
exit System
System Management
Management Services?
Services?
.
1.
1. YesYes
2.
2. No No
C
.F a
• The system will now boot from the DVD.
C rm
*******
******* Please
Please define
define the
the System
System Console.
Console. *******
*******
Type
Type aa 11 and
and press
press Enter
Enter to
to use
use this
this terminal
terminal as
as the
the
system
system console.
console.
to fo
>>>
>>> 11 Type
Type 11 and
and press
press Enter
Enter to
to have
have English
English during
during install.
install.
ec vo
Notes:
oy si
Once the optical media device is selected, we need to perform a normal boot and exit SMS
as shown in the visual. The partition will then proceed and boot from the optical media
u
drive. The first interactive step is to type <1>, and then press Enter to use the terminal as
the system console.
cl
Ex
pr
4-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Welcome
Welcome to
to Base
Base Operating
Operating System
System
Installation
Installation and
and Maintenance
Maintenance
.T ció
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter. Choice
Choice is
is indicated
indicated by
by >>>.
>>>.
>>>
>>> 11 Start
Start Install
Install Now
Now with
with Default
Default Settings
Settings
22 Change/Show
Change/Show Installation
Installation Settings
Settings and
and Install
Install
.
C
33 Start
Start Maintenance
Maintenance Mode
Mode for
for System
System Recovery
Recovery
.F a
44 Configure
Configure Network
Network Disks
Disks (iSCSI)
(iSCSI)
88
88 Help
Help ??
C rm
99
99 Previous
Previous Menu
Menu
>>>
>>> Choice
Choice [1]:
[1]: 22
to fo
• Best practice, always look first at the install options (2)
ec vo
Notes:
oy si
If option 1 is selected, a default system installation will occur. However, in most cases you
may want to see and change the default settings. To do this, type a <2> and press Enter.
u
.I. n
Either
Either type
type 00 and
and press
press Enter
Enter to
to install
install with
with current
current settings,
settings, or
or type
type the
the
number
number of
of the
the setting
setting you
you want
want to
to change
change and
and press
press Enter.
Enter.
.T ció
11 System
System Settings:
Settings:
Method
Method of
of Installation.............New
Installation.............New andand Complete
Complete Overwrite
Overwrite
Disk
Disk Where You
Where You Want
Want to
to Install.....hdisk0
Install.....hdisk0
22 Primary
Primary Language
Language Environment
Environment Settings
Settings (AFTER
(AFTER Install):
Install):
.
Cultural
Cultural Convention................English
Convention................English (United
(United States)
States)
C
Language
Language ..........................English
..........................English (United
(United States)
States)
Keyboard ..........................English (United States)
.F a
Keyboard ..........................English (United States)
Keyboard Type......................Default
Keyboard Type......................Default
33 Security
Security Model.......................Default
Model.......................Default
C rm
44 More
More Options
Options (Software
(Software install
install options)
options)
>>>
>>> 00 Install
Install with
with the
the current
current settings
settings listed
listed above.
above.
+-----------------------------------------------------
+-----------------------------------------------------
88
88 Help
Help ?? || WARNING:
WARNING: Base
Base Operating
Operating System
System Installation
Installation will
will
to fo
99
99 Previous
Previous Menu
Menu || destroy
destroy or
or impair
impair recovery
recovery of
of ALL
ALL data
data on
on the
the
|| destination disk hdisk0.
destination disk hdisk0.
>>>
>>> Choice
Choice [0]:
[0]:
Notes:
oy si
The installation and Settings menu enables you to set the key options and configuration
settings to be deployed during installation.
u
cl
Ex
pr
4-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Method of installation
IBM Power Systems
.I. n
Type
Type the
the number
number of
of the
the installation
installation method
method and
and press
press Enter.
Enter.
>>>
>>> 11 New
New and
and Complete
Complete Overwrite
Overwrite
.T ció
Overwrites
Overwrites EVERYTHING
EVERYTHING on
on the
the disk
disk selected
selected for
for installation.
installation.
Warning:
Warning: Only use this
Only use this method
method if
if the
the disk
disk is
is totally
totally empty
empty or
or if
if there
there
is nothing on the disk you want to preserve.
is nothing on the disk you want to preserve.
22 Preservation
Preservation Install
Install
.
Preserves
Preserves SOME
SOME of
of the
the existing
existing data
data on
on the
the disk
disk selected
selected for
for
C
installation.
installation. Warning:
Warning: This
This method
method overwrites
overwrites the
the usr
usr (/usr),
(/usr),
variable
variable (/var), temporary (/tmp), and root (/) file systems. Other
(/var), temporary (/tmp), and root (/) file systems.
.F a
Other
product
product (applications)
(applications) files
files and
and configuration
configuration data
data will
will be
be destroyed.
destroyed.
33 Migration
Migration Install
Install
C rm
Upgrades
Upgrades the
the Base
Base Operating
Operating System
System to
to the
the current
current release.
release.
Other
Other product
product (applications)
(applications) files
files and
and configuration
configuration data
data are
are saved.
saved.
88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu
to fo
>>>
>>> Choice
Choice [1]:
[1]:
ec vo
Notes:
oy si
When you select Option 1 in the Installation and Settings menu to change the method of
installation, the Change Method of Installation sub-menu shown in the visual is
cl
displayed. The contents of which depends on the current state of the machine.
Complete Overwrite Install
Ex
On a new machine, New and Complete Overwrite is the only possible method of
installation. On an existing machine, if you want to completely overwrite the existing
version of BOS, then you should use this method.
Preservation Install
pr
Use the Preservation Install method when a previous version of BOS is installed on
your system and you want to preserve the user data in the root volume group. This
method removes only the contents of /usr, / (root), /var and /tmp. The Preservation
Install option preserves page and dump devices as well as /home and other
.I. n
Obsolete or selective fix files are removed.
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
4-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Installation disks
IBM Power Systems
.I. n
Type
Type one
one or
or more
more numbers
numbers for
for the
the disk(s)
disk(s) to
to be
be used
used for
for installation
installation and
and press
press
Enter.
Enter. To
To cancel
cancel aa choice,
choice, type
type the
the corresponding
corresponding number
number and
and Press
Press Enter.
Enter.
At
At least
least one
one bootable
bootable disk
disk must
must be
be selected.
selected. The
The current
current choice
choice is
is indicated
indicated
.T ció
by
by >>>.
>>>.
Name
Name Location
Location Code
Code Size(MB)
Size(MB) VG
VG Status
Status Bootable
Bootable
>>>
>>> 11 hdisk0
hdisk0 none
none 6528
6528 rootvg
rootvg Yes
Yes
.
22 hdisk1
hdisk1 none
none 6528
6528 rootvg
rootvg Yes
Yes Note: Some SAN
C
33 hdisk2
hdisk2 none
none 6528
6528 none
none Yes
Yes
44 hdisk3 none 6528 none Yes disks might appear
.F a
hdisk3 none 6528 none Yes
non-bootable. If
so, change the
C rm
>>>
>>> 00 Continue
Continue with
with choices
choices indicated
indicated above
above setting on the disk
55
55 More
More Disk
Disk Options
Options subsystem for the
66
66 Devices
Devices not known to Base Operating System
not known to Base Operating System Installation
Installation
77
77 Display
Display More
More Disk
Disk Information
Information
LUNs.
88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu
Name Device
Device Adapter
Adapter Connection
Connection Location
to fo
>>> Name Location
>>> Choice
Choice [0]:
[0]: or
or Physical
Physical Location
Location Code
Code
>>>
>>> 11 hdisk0
hdisk0 U9113.550.65F2E7F-V11-C2-T1-L810000000000
U9113.550.65F2E7F-V11-C2-T1-L810000000000
22 hdisk1
hdisk1 U9113.550.65F2E7F-V11-C2-T1-L820000000000
U9113.550.65F2E7F-V11-C2-T1-L820000000000
33 hdisk2
hdisk2 U9113.550.65F2E7F-V11-C6-T1-L830000000000
U9113.550.65F2E7F-V11-C6-T1-L830000000000
44 hdisk3
hdisk3 U9113.550.65F2E7F-V11-C6-T1-L810000000000
U9113.550.65F2E7F-V11-C6-T1-L810000000000
ec vo
Notes:
oy si
After you select the type of installation, you must then select the disks that are to be used
for the installation. A list of all the available disks is displayed, similar to the one shown.
cl
This screen also gives you the option to install to an unsupported disk by adding the code
for the device first.
Ex
When you have finished selecting the disks, type <0> in the Choice field and press Enter.
pr
.I. n
Type
Type the
the number
number for
for the
the Cultural
Cultural Convention
Convention (such
(such as
as date,
date, time,
time, and
and
money),
money), Language,
Language, and
and Keyboard
Keyboard for
for this
this system
system and
and press
press Enter,
Enter, or
or type
type
159
159 and
and press
press Enter
Enter to
to create
create your
your own
own combination.
combination.
.T ció
Cultural
Cultural Convention
Convention Language
Language Keyboard
Keyboard
11 CC (POSIX)
(POSIX) CC (POSIX)
(POSIX) CC (POSIX)
(POSIX)
22 Albanian
Albanian English
English (United
(United States)
States) Albanian
Albanian
.
33 Arabic
Arabic (Algeria)
(Algeria) English
English (United
(United States)
States) Arabic
Arabic (Algeria)
(Algeria)
C
44 Arabic
Arabic (Bahrain)
(Bahrain) English
English (United
(United States)
States) Arabic
Arabic (Bahrain)
(Bahrain)
55 Arabic (Egypt) English (United States) Arabic (Egypt)
.F a
Arabic (Egypt) English (United States) Arabic (Egypt)
66 Arabic (Jordan)
Arabic (Jordan) English (United States) Arabic (Jordan)
English (United States) Arabic (Jordan)
77 Arabic
Arabic (Kuwait)
(Kuwait) English
English (United
(United States)
States) Arabic
Arabic (Kuwait)
(Kuwait)
88 Arabic
Arabic (Lebanon)
(Lebanon) English
English (United
(United States)
States) Arabic
Arabic (Lebanon)
(Lebanon)
C rm
99 Arabic
Arabic (Morocco)
(Morocco) English
English (United
(United States)
States) Arabic
Arabic (Morocco)
(Morocco)
>>>
>>> 10
10 MORE
MORE CHOICES...
CHOICES...
88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu
to fo
>>>
>>> Choice
Choice [10]:
[10]:
ec vo
Notes:
oy si
At this point in the installation process, you can change the language and cultural
convention that is used on the system after installation. This screen will display a full list of
u
supported languages.
cl
It is recommended that if you are going to change the language, change it at this point
rather than after the installation is complete. Whatever language is specified at this point is
obtained from the installation media.
Ex
Cultural Convention determines the way numeric, monetary, and date and time
characteristics are displayed.
The Language field determines the language used to display text and system messages.
pr
The Keyboard field determines the mapping of the keyboard for the selected language
convention.
4-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Security Models
IBM Power Systems
.I. n
• Security models are all set to NO by default.
Security
Security Models
Models
.T ció
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter.
1.
1. Trusted
Trusted AIX.............................................
AIX............................................. No
No
.
2.
2. Other
Other Security
Security Options
Options (Trusted
(Trusted AIX
AIX and
and Standard)
C
Standard)
Security
Security options
options vary
vary based
based on
on choices.
.F a
choices.
LSPP, SbD, CAP/CCEVAL,
LSPP, SbD, CAP/CCEVAL, TCB
TCB Default....................................... No
1.
1. Secure
Secure by
by Default....................................... No
C rm
2.
2. CAPP
CAPP and
and EAL4+
EAL4+ Configuration
Configuration Install....................
Install.................... No
No
to fo 3.
3. Trusted
Trusted Computing
Computing Base
Base Install..........................
Install.......................... No
No
>>>
>>> 00 Continue
Continue to
to more
more software
software options.
options.
88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu
>>>
>>> Choice
Choice [0]:
[0]:
ec vo
Notes:
oy si
Type <1> and press Enter to change the selection for Trusted AIX. Trusted AIX enables
Multi Level Security (MLS) capabilities in AIX MLS is also referred to as label-based
u
security.
cl
As compared to regular AIX, Trusted AIX label-based security implements labels for all
subjects and objects in the system. Access controls in the system are based on labels that
provide for an MLS environment and include support for the following:
Ex
• Labeled objects: Files, IPC objects, network packets, and other labeled objects
• Labeled printers
• Trusted Network: Support for RIPSO and CIPSO in IPv4 and IPv6
pr
Note that once you choose this mode of installation, you will not be able to go back to a
regular AIX environment without performing an overwrite install of regular AIX. Evaluate
your need for a Trusted AIX environment before choosing this mode of install.
Do not forget standard AIX provides a set of security features to enable information
managers and administrators to provide a basic level of system and network security. The
primary AIX security features include the following:
• Login and password controlled system and network access
• User, group, and world file access permissions
• Access control lists (ACLs)
.I. n
• Audit subsystem
.T ció
• Role Based Access Control (RBAC)
Trusted AIX builds upon these primary AIX operating system security features to further
enhance and extend AIX security into the networking subsystems.
.
C
Type <2> and press Enter to continue to other security options. For Trusted AIX, the choice
.F a
will be LSPP/EAL4+ configuration. For standard AIX, the choices will be Secure by Default,
CAPP/EAL4+, and Trusted Computing Base.
C rm
Attention: Evaluate your need for any security options before making your choice.
Additional information is available in your security documentation.
For more training on AIX installation security options, attend the IBM training course:
to fo
Implementing the AIX Security Features (course codes AU47 or AN57).
ec vo
oy si
u
cl
Ex
pr
4-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
1.
1. Graphics
Graphics Software................................................
Software................................................ Yes Yes
2.
2. System
System Management
Management Client
Client Software................................
Software................................ YesYes
.T ció
3.
3. Create JFS2 File Systems.........................................
Create JFS2 File Systems......................................... Yes Yes
4.
4. Enable
Enable System
System Backups
Backups to
to install
install any
any system......................
system...................... Yes
Yes
(Installs
(Installs all
all devices)
devices)
>>>
>>> 5.
5. Install
Install More
More Software
Software
.
Install
Install More
More Software
C
Software
.F a
1.
1. Firefox
Firefox (Firefox
(Firefox CD)..............................
CD).............................. No
No
2.
2. Kerberos_5
Kerberos_5 (Expansion
(Expansion Pack).......................
Pack)....................... No
No
3.
3. Server
Server (Volume
(Volume 2).................................
2)................................. No
No
C rm
00 Install
Install with
with the
the current
current settings
settings listed
listed above.
above.
88
88 Help
Help ??
to fo
99
99 Previous
Previous Menu
Menu
ec vo
Notes:
oy si
When Graphics Software Install option is Yes, X11, CDE, WebSM, Java, and other
software dependent on these packages is installed.
u
System Management Client Software includes WebSM, Java, service agent, lwi and
cl
pconsole.
The default action, since AIX 5.3, is to create all logical volumes in rootvg using JFS2 file
Ex
systems.
Enabling System Backups to install on other systems, installs all devices code and drivers.
Otherwise, only device drivers necessary to your system hardware configuration are
installed. This is the preferred option, and it is very useful if you want to clone the image to
pr
Disks:
Disks: hdisk0
hdisk0
Cultural
Cultural Convention:
Convention: en_GB
en_GB
Language:
Language: en_US
en_US
.I. n
Keyboard:
Keyboard: en_GB
en_GB
JFS2
JFS2 File
File Systems
Systems Created:
Created: Yes
Yes
Graphics
Graphics Software: Yes
Software: Yes
.T ció
System
System Management
Management Client
Client Software:
Software: Yes
Yes
Enable
Enable System
System Backups
Backups to
to install
install any
any system:
system: Yes
Yes
Optional
Optional Software
Software being
being installed:
installed:
.
>>>
>>> 11 Continue
Continue with
with Install
Install
C
+-----------------------------------------------------
+-----------------------------------------------------
.F a
88
88 Help
Help ?? || WARNING:
WARNING: Base
Base Operating
Operating System
System Installation
Installation will
will
99
99 Previous
Previous Menu
Menu || destroy
destroy or
or impair
impair recovery
recovery of
of ALL
ALL data
data on
on the
the
|| destination
destination disk
disk hdisk0.
hdisk0.
C rm
>>>
>>> Choice
Choice [1]:
[1]:
Installing
Installing Base
Base Operating
Operating System
System
Please
Please wait...
wait...
to fo
Approximate
Approximate Elapsed
Elapsed time
time
%% tasks
tasks complete
complete (in
(in minutes)
minutes)
33 00 Making
Making logical
logical volumes
volumes
ec vo
Notes:
oy si
Prior to installation, a summary page is displayed. If you are ready to proceed with your
options, select 1 to continue and the system installation will begin. It takes approximately
u
4-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Software
Software License
License Agreements
Agreements
Show
Show Installed
Installed License
License Agreements
Agreements
Accept
Accept License
License Agreements
Agreements
.I. n
Accept
Accept License
License Agreements
Agreements
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
ACCEPT
ACCEPT Installed
Installed License
License Agreements
Agreements yes
yes ++
C
.F a
Software
Software Maintenance
Maintenance Agreement
Agreement
C rm
View
View Software
Software Maintenance
Maintenance Terms
Terms and
and Conditions
Conditions
Accept
Accept Software
Software Maintenance
Maintenance Terms
Terms and
and Conditions
Conditions
Accept
Accept Software
Software Maintenance
Maintenance Terms
Terms and
and Conditions
Conditions
to fo
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
ACCEPT
ACCEPT Software
Software Maintenance
Maintenance Agreements?
Agreements? yes
yes ++
ec vo
Notes:
oy si
When AIX installation is complete, the end user has to accept both Software and
Maintenance License agreements, as shown in the visual.
u
cl
Ex
pr
• Post-install tasks:
– Accept the license agreement.
.I. n
– Optional: Using the installation assistant:
.T ció
• Set root password
• Set date and time
.
C
• Configure network
.F a
C rm
– Exit from installation assistant.
Notes:
oy si
The installation is not finished until you complete the post setup in the operating system.
Once AIX has installed, the system will reboot. Several post installation steps are required.
u
Firstly, you have to accept both the software and maintenance license agreements. Finally,
the installation assistant will start. Although optional, it is recommended that you use the
cl
installation assistant at a minimum to set the root password, date, and time, and configure
the network parameters accordingly.
Ex
One AIX is installed, you should update it to the latest technology level and service pack.
These can be downloaded from fix central: http://www.ibm.com/support/fixcentral
pr
4-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Set
Set Date
Date and
and Time
Time
.I. n
Set
Set root
root Password
Password
Configure
Configure Network
Network Communications
Communications
Install
Install Software
Software Applications
Applications
.T ció
Using
Using SMIT (information only)
SMIT (information only)
Tasks
Tasks Completed
Completed -- Exit
Exit to
to Login
Login
.
Note: No root
C
password is set, by
.F a
AIX
AIX Version
Version 77
Copyright
Copyright IBM
IBM Corporation,
Corporation, 1982,
1982, 2010.
2010.
default, if it is not set
Console login: root
Console login: root using the Installation
C rm
*******************************************************************************
**
Assistant
*******************************************************************************
**
** above.
**
** Welcome
Welcome to
to AIX
AIX Version
Version 7.1!
7.1! **
** **
** **
** Please
Please see
see the
the README
README file
file in
in /usr/lpp/bos
/usr/lpp/bos for
for information
information pertinent
pertinent to
to **
to fo
** this
this release
release of
of the
the AIX
AIX Operating
Operating System.
System. **
** **
** **
*******************************************************************************
*******************************************************************************
##
ec vo
Notes:
oy si
After the license agreements have been accepted, the installation assistant (ASCII
console) or configuration assistant (Graphical console) will be displayed. The install
u
password, date, and time and to configure the network parameters accordingly. Another
approach, would be to exit the installation assistant immediately and use smit, command
Ex
• What is NIM?
– Centralized Installation and Management of AIX over a network
.I. n
LPAR 4 Client
Systems
.T ció
LPAR 1
Public/Open
.
LPAR 2
NIM Server network
C
.F a
NIM resources LPAR 3
lpp_source
SPOT LPAR 4
C rm
Client Definitions
LPAR1
LPAR2
…
to fo
Actions:
• Resources are allocated to clients.
• Clients are set for a BOS operation.
ec vo
Figure 4-17. AIX installation in a partition using NIM: NIM overview AN123.0
Notes:
oy si
NIM can be used to manage the installation of the Base Operating System (BOS) and
optional software on one or more networked machines. NIM gives you the ability to
cl
install and maintain the AIX operating system, and any additional software, and fixes
that may be applied over time. NIM allows you to customize the configuration of
machines both during and after installation. NIM eliminates the need for access to
Ex
physical media, such as tapes and optical media, once the NIM master has been
loaded. You use the NIM master to load other network “clients”. System backups can be
created with NIM, and stored on any server in the NIM environment. The advantage to
using NIM in an LPAR environment is that it solves the device allocation issue. Since
pr
AIX may already be installed once on the system before it is shipped, you can configure
this partition to be the NIM master. Or, you could use another AIX system that is the
proper AIX version. One of the optional steps in creating a NIM master is creating a
mksysb (AIX system backup image). You could use this mksysb to install AIX in the
other partitions. The advantage to mksysb is that it copies AIX customizations from the
source system.
4-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
located on another system.
.T ció
• An lpp_source resource represents a directory in which software installation images
are stored. NIM uses an lpp_source for an installation operation by first mounting the
lpp_source on the client machine. The installp commands are then started on the
.
client using the mounted lpp_source as the source for installation images. When the
C
installation operation has completed, NIM automatically unmounts the resource. In
.F a
addition to providing images to install machines, lpp_source resources can also be
used to create and update SPOT resources.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
.I. n
your machine.
– Activate the partition using SMS boot mode.
.T ció
– Specify the IP parameters for a network boot.
– Configure the partition to boot from the network adapter.
.
– Interact with AIX installation menus, if required (depends on NIM
C
.F a
configuration).
C rm
• Note:
– Subsequent installs and updates for the same partition can be initiated
to fo
from the NIM master.
– A mksysb restore example is provided in a later unit (Backup and
Restore).
ec vo
Figure 4-18. AIX installation in a partition using NIM: Configuration steps AN123.0
Notes:
oy si
To install a partition from a NIM server, you will need to create the partition and partition
profile, for the partition where AIX will be installed. You would complete this step if you were
u
installing from optical media, except that you would not have to allocate the slot for the CD
or DVD device. The partition will need to be activated in SMS boot mode. From SMS, the
cl
NIM server network details can be entered, which will cause the client to issue a boot
request over the network. From this point, the menu steps are identical to using optical
Ex
media.
pr
4-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Network boot (1 of 7)
IBM Power Systems
.I. n
PowerPC Firmware
Version EL320_040
.T ció
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
--------------------------------------------------------
Main Menu
.
C
1. Select Language
.F a
2. Setup Remote IPL (Initial Program Load)
3. Change SCSI Settings
C rm
4. Select Console
5. Select Boot Options
--------------------------------------------------------
to fo
Navigation Keys:
X = eXit System Management Services
-------------------------------------------------------
ec vo
Notes:
oy si
To configure a partition to boot from another system over the network, choose Setup
Remote IPL (Initial Program Load) from the main SMS menu.
cl
Ex
pr
Network boot (2 of 7)
IBM Power Systems
.I. n
PowerPC Firmware
Version EL320_040
.T ció
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
----------------------------------------------------------
.
NIC Adapters
C
Device Location Code
.F a
1. Port 1 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-T1
2. Port 2 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-T2
C rm
to fo
----------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
ec vo
Notes:
oy si
NIC adapter
u
Select which network interface to use. The example in the visual shows two ports on the
integrated Ethernet controller.
cl
Ex
pr
4-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Network boot (3 of 7)
IBM Power Systems
.I. n
PowerPC Firmware
Version EL320_040
.T ció
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
Select Network Service
.
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
C
.F a
1. BOOTP
2. ISCSI
C rm
---------------------------------------------------------
to fo
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
ec vo
Notes:
oy si
Network boot (4 of 7)
IBM Power Systems
.I. n
PowerPC Firmware
.T ció
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
.
Network Parameters
C
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
.F a
C rm
1. IP Parameters
2. Adapter Configuration
3. Ping Test
4. Advanced Setup: BOOTP
to fo
---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
ec vo
Notes:
oy si
Network parameters
u
Choose option 1 and configure the IP parameters. This screen is shown in the next
visual.
cl
Then choose option 2 and configure the adapter settings, such as media speed and
duplex setting.
Ex
When everything is configured properly, run the ping test and it should be successful.
When the ping test is successful, return to the SMS main menu, select the network
adapter as a boot device, and exit the SMS menu. This will start the network boot
process.
pr
4-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Network boot (5 of 7)
IBM Power Systems
• IP parameters:
.I. n
PowerPC Firmware
Version EL320_040
.T ció
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
IP Parameters
.
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
C
1. Client IP Address [10.6.103.64]
.F a
2. Server IP Address [10.6.103.1]
3. Gateway IP Address [10.6.103.254]
C rm
to fo 4. Subnet Mask [255.255.255.0]
---------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
ec vo
Notes:
oy si
IP parameters
Enter the IP address of the client, which is the partition.
u
be local on the partition’s subnet. This value can be a valid route on the same subnet as
the client partition or the IP address of the NIM server. Ask your network administrator
Ex
Adapter Configuration option. Here you will need to specify the media speed and the
duplex setting.
Ping test and network boot
After you have configured the adapter parameters, return to the main SMS menu. Run
the ping test, and if successful, select the network adapter as a boot device, then exit
the SMS menus to begin the boot process and the installation.
Network boot (6 of 7)
IBM Power Systems
• Adapter configuration:
.I. n
PowerPC Firmware
Version EL320_040
.T ció
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
IP Parameters
.
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNWGCP5-P1-C4
C
.F a
1. Speed,Duplex
Disable Spanning Tree
C rm
2. Spanning Tree Enabled
for faster operation
3.
to fo Protocol
---------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
ec vo
Notes:
oy si
Overview
u
The adapter configuration screen allows you to set parameters for the adapter itself.
Typically, you can leave it alone with the exception of optionally disabling spanning tree.
cl
should have a question mark next to it that is answered when you choose the option.
pr
4-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Network boot (7 of 7)
IBM Power Systems
.I. n
• Is NIM server on network?
• Check IP parameters screen for mistakes.
.T ció
– Is gateway correct and available?
• Try again.
.
• Return to SMS Select Boot Options menu.
C
.F a
– Select the network adapter as the Install/Boot Device.
C rm
• Exit from SMS initiates network boot.
• AIX Install and Maintenance menu processing is the same as
previously described.
to fo
• NIM can have unattended install with no console interaction.
ec vo
Notes:
oy si
Ping test
u
This option pings the NIM server. If it fails, suspect your IP configuration or the network.
cl
Ex
pr
Checkpoint
IBM Power Systems
.I. n
a. 8 mm tape
b. CD-ROM
.T ció
c. Diskette
d. NIM server
.
C
.F a
2. True or False: A preservation install preserves all data on
C rm
the disks.
Notes:
oy si
u
cl
Ex
pr
4-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
AIX
installation
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
Unit summary
IBM Power Systems
.I. n
• List the installation methods for AIX
.T ció
• List the steps necessary to install the AIX base operating
system
.
C
• Install and understand all the options when installing AIX
.F a
from optical media
C rm
• Carry out post installation tasks
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
4-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Define the package definitions and naming conventions
C
.F a
• Determine the current installed level of the OS and individual
filesets
C rm
• Apply, commit, and remove AIX software
• Recover from broken and inconsistent software states
• Describe how to download software maintenance using Fix Central
to fo
and SUMA
• Identify if all the components in the Power and AIX environment
are compatible and supported
ec vo
• Machine exercises
u
References
cl
(Redbook)
SG24-7910 AIX Version 7.1 Differences Guide (Redbook)
Note: References listed as “Online” are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Determine the current installed level of the OS and individual
.T ció
filesets
• Apply, commit, and remove AIX software
.
• Recover from broken and inconsistent software states
C
.F a
• Describe how to download software maintenance using Fix
Central and SUMA
C rm
• Identify if all the components in the Power and AIX
environment are compatible and supported
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
5-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
AIX media
IBM Power Systems
AIX
AIX AIX AIX AIX 7.1 Base (DVD)
.I. n
AIX AIX
+ update images
.T ció
AIX
AIX 7.1 Expansion Pack
.
C
AIX 7.1 InfoCenter
.F a
AIX
C rm
AI X
AIX Toolbox for Linux
to fo
AIX
Mozilla Firefox Browser
ec vo
Notes:
oy si
Each of the products listed above has a program ID number. At the time of publication they
were:
u
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
The AIX Expansion Pack is a collection of extra software that extends the base operating
system capabilities. It contains filesets such as:
• Open Secure Sockets Layer (OpenSSL)
• Java 32- and 64-Bit
• iSCSI Target Device Driver
• List of Open Files (LSOF) and many more
.I. n
The AIX InfoCenter contains a list of support guides and help documentation. It is also
.T ció
available online: http://publib.boulder.ibm.com/infocenter/aix/v7r1/index.jsp
Also available on-line is the AIX toolbox (open source) filesets
http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
5-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
LPP
Base Operating
.I. n
System Component
bos
.T ció
Package
Base Networking
package
.
bos.net
C
.F a
TCP/IP collection
of filesets
C rm
bos.net.tcp
bos.net.tcp.server
to fo
Fileset
TCP/IP Server fileset
‘the smallest unit’
ec vo
Notes:
oy si
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Files are backed up by name.
The user is BUILD.
.T ció
0 ./
3341 ./lpp_name
.
0 ./usr
C
.F a
0 ./usr/lpp
C rm
0 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1
130444 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/liblpp.a
0 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/inst_root
to fo
2560 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/inst_root/liblpp.a
258155 ./usr/lpp/bos.alt_disk_install/bin/altlib
The number of archived files is 17.
ec vo
235743 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_lib
33476 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_posti
136613 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_prei
oy si
6368 ./usr/sbin/alt_blvset
52083 ./usr/sbin/alt_disk_copy
u
61402 ./usr/sbin/alt_disk_mksysb
cl
46212 ./usr/sbin/alt_rootvg_op
14545 ./usr/lib/instl/jfs2j2
Ex
5-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Software bundles
IBM Power Systems
.I. n
• There are many predefined system bundles in AIX which include:
– AllDevicesKernels
.T ció
– Alt_Disk_Install
– openssh_client and openssh_server
.
• Full list is in /usr/sys/inst.data/sys_bundles. Example:
C
.F a
## /usr/sys/inst.data/sys_bundles
/usr/sys/inst.data/sys_bundles ## cat
cat openssh_server.bnd
openssh_server.bnd
C rm
## MEDIA="Expansion
MEDIA="Expansion Pack"
Pack"
I:openssl.base
I:openssl.base
to fo
I:openssl.man.en_US
I:openssl.man.en_US
I:openssh.base.server
I:openssh.base.server
I:openssh.man.en_US
I:openssh.man.en_US
ec vo
Notes:
oy si
Since there are thousands of filesets, having to determine which individual fileset you want
on your machine could be a time-consuming task. AIX has bundles which offer a collection
u
of filesets that suit a particular purpose. For example, if you are developing applications,
the App-Dev bundle would be the logical choice to install.
cl
Some filesets within a bundle are only installed if the prerequisite hardware is available. For
example, a graphic adapter is needed to run X11 and CDE. In some cases, bundles are
Ex
equivalent to product offerings. Often, however, they are a subset of a product offering or a
separate customized bundle. The bundles available may vary from AIX version to AIX
version.
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• There are four distinct software levels and management for AIX.
– Base level
.I. n
– Technology level (TL)
– Service pack (SP)
.T ció
– Interim fixes
.
C
.F a
Fix Packs
Interim
C rm
Base Technology + Service packs fixes
AIX Level level
(Contain APARs)
to fo
ec vo
Notes:
oy si
Maintenance:
• Technology level (TL). A TL is a major maintenance update and contains fixes and
cl
functional enhancements. TLs are released twice per year. The first TL is restricted to
hardware features and enablement, in addition to software service. The second TL
Ex
includes new hardware features and enablement, software service, and new software
features, making it the larger of the two yearly releases. Each TL is supported for up to
two years from the introduction of the update. This means that clients with a Software
Maintenance Agreement for the AIX OS will be able to contact IBM support for defect
pr
support during that two year period without having to move up to the latest Technology
Level update. In previous versions of AIX, Technology levels were referred to as
Maintenance Levels (ML). The terms are often still used interchangeably.
• Service pack (SP). SPs contain service-only updates, also known as Program
Temporary Fixes (PTF), that are grouped together for easier identification. SPs are
5-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty released between Technology Levels and contain fixes for highly pervasive, critical, or
security-related issues. Service Packs are cumulative.
• Interim fixes (ifix). Generally, this term refers to a certified fix that is generally available
to all customers between regularly scheduled fix packs or other releases. It can contain
fixes for one or more product defects (APARs). Specifically for AIX, the term Interim Fix
(IF) is used as a replacement for “emergency fix” or “efix”. While the term emergency fix
is still applicable in some situations (a fix given in the middle of the night with minimal
.I. n
testing, for example), the term Interim Fix is more descriptive in that it implies a
temporary state until an update can be applied that has been through more extensive
.T ció
testing. IF fixes often rectify security vulnerabilities.
• APARs (Authorized Problem Analysis Reports). A formal report to IBM
.
development, of a problem caused by a suspected defect in a current unaltered release
C
of an IBM program.
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
## oslevel
oslevel -s
-s
7100-00-01-1037
.T ció
7100-00-01-1037
Service Pack
AIX Level Release date
.
VRMF for example, 37th week
C
in 2010
.F a
Service Pack
C rm
Technology
Level
• To upgrade from one AIX version and release to another (for example,
to fo
AIX 6.1 to AIX 7.1), a migration must be performed.
• New TLs or SPs are applied through updates.
ec vo
Notes:
oy si
The oslevel command reports the latest installed maintenance, technology level, and
service pack on the system.
u
The visual shows the system is level AIX 7.1, technology level 0, service pack 1. Service
cl
packs and technology level fixes are applied to the running system. To upgrade the system
with a new level, for example, from AIX 6.1 to 7.1, a new migration update must take place.
This involves system downtime.
Ex
pr
5-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
console.
.T ció
• Command line interaction:
.
– lslpp: Lists installed software
C
– installp: Traditional AIX command for installing and maintaining
.F a
LPP packages
C rm
– rpm: RedHat Linux command for installing and maintaining rpm filesets
(part of the AIX Linux affinity introduced in AIX 5L)
– geninstall: A generic installer that installs software of various
package formats: LPP, RPM, and ISMP.
to fo
ec vo
Notes:
oy si
The lslpp and installp commands are vital for interacting, installing, and maintaining
software on AIX.
u
The rpm and geninstall commands are relatively new. These commands were introduced
cl
in AIX5L as a part of the AIX affinity for Linux applications which included support for other
software formats like RPM and ISMP (InstallShield MultiPlatform).
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Software repository
IBM Power Systems
.I. n
– AIX filesets require a .toc file
.T ció
• To copy software, for example from an AIX CD to disk, use:
– The SMIT facility: Copy Software to Hard Disk for Future Installation
.
– Or the AIX commands: bffcreate or gencopy
C
.F a
Copy
Copy Software
Software to
to Hard
Hard Disk
Disk for
for Future
Future Installation
Installation
[Entry
[Entry Fields]
Fields]
C rm
** INPUT
INPUT device
device // directory
directory for
for software
software /dev/cd0
/dev/cd0
** SOFTWARE
SOFTWARE package
package to
to copy
copy [all]
[all] ++
** DIRECTORY for storing software package
DIRECTORY for storing software package
[/usr/sys/inst.images]
[/usr/sys/inst.images]
DIRECTORY
DIRECTORY for
for temporary
temporary storage
storage during
during copying [/tmp]
to fo
copying [/tmp]
EXTEND file systems if space needed?
EXTEND file systems if space needed? yes
yes ++
Process
Process multiple
multiple volumes?
volumes? yes
yes
ec vo
Notes:
oy si
Generally, it is useful and sometimes necessary, for example when building and managing
a NIM server to store software to disk. AIX refers to this as a software repository. The
u
manage a repository in a separate file system that is not contained in the AIX root volume
group.
Ex
done using the inutoc command. To create a .toc file in the current directory, type:
# inutoc .
SMIT automatically creates a .toc file when copying software files to disk and prior to
installing LPPs.
5-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Software states
IBM Power Systems
.I. n
• When updates are installed, they can be either applied or
.T ció
committed.
– Applied software can later be rejected or committed.
.
7.1.0.1
C
bos.perf.tools Action: Install and Commit
Committed
7.1.0.1
.F a
AIX
C rm
7.1.0.1 Saved
7.1.0.1
bos.perf.tools
Action: Apply Committed
to fo
7.1.0.2 Reject
7.1.0.2 Applied or
AIX
Commit
7.1.0.2
Committed
ec vo
Notes:
oy si
AIX has a number of software states. When you are installing software for the first time,
the software automatically installs to a committed state. This means there is only one
cl
When you are installing a set of fixes or upgrading to a new technology level on your
system, you have the option of installing the software either in the committed state or
the applied state. The applied state allows you to maintain two levels of the software on
your system. When software is installed in the applied state, the older version is saved
pr
on the disk and is deactivated, while the newer version is installed and becomes the
active version.
The applied state gives you the opportunity to test the newer software before
committing to its use. If it works as expected, then you can commit the software, which
removes the old version from the disk. If the newer version is causing a problem, you
can reject, it which removes the newer version and reverts back to the old version.
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
bos.net.tcp.client 7.1.0.2 TCP/IP
Client
Client
.T ció
Version Release Modification Fix
AIX Migration smit update_all
.
State
State codes:
codes:
AA -- Applied.
C
-- Applied.
C & F are State
.F a
BB --
-- Broken.
Broken.
CC --
-- Committed.
Committed. and Type
EE --
-- EFIX
EFIX Locked.
Locked. codes.
C rm
OO --
-- Obsolete.
Obsolete. (partially
(partially migrated
migrated to
to newer
newer version)
version)
?? --
-- Inconsistent State...Run lppchk -v.
Inconsistent State...Run lppchk -v.
Type
Type codes:
codes:
FF --
-- Installp
Installp Fileset
Fileset
PP --
-- Product
to fo
Product
CC --
-- Component
Component
TT --
-- Feature
Feature
RR --
-- RPM
RPM Package
Package
EE --
-- Interim
Interim Fix
Fix
ec vo
Notes:
oy si
The lslpp command displays information about installed filesets or fileset updates. Each
fileset has a version number associated with it (in the format of
u
The following two codes that represent the state and type of fileset have legends for the
codes at the bottom of the lslpp report.
5-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
## lslpp
lslpp -f
-f alex.grumpy.rte
alex.grumpy.rte
Fileset
Fileset File
File
.T ció
---------------------------------------------------------
---------------------------------------------------------
Path:
Path: /usr/lib/objrepos
/usr/lib/objrepos
alex.grumpy.rte
alex.grumpy.rte 1.0.0.5
.
1.0.0.5
/usr/local/grumpy/grumpyrecovery
C
/usr/local/grumpy/grumpyrecovery
.F a
/usr/local/grumpy/README
/usr/local/grumpy/README
/usr/local/grumpy/grumpystart
/usr/local/grumpy/grumpystart
C rm
/usr/sbin/gfunctions
/usr/sbin/gfunctions
/usr/local/grumpy/grumpycheck
To which
/usr/local/grumpy/grumpycheck
fileset does a
/usr/local/grumpy/grumpystop
/usr/local/grumpy/grumpystop file belong?
## lslpp
lslpp -w
-w /usr/local/grumpy/grumpystart
to fo
/usr/local/grumpy/grumpystart
File
File Fileset
Fileset Type
Type
-----------------------------------------------------------
-----------------------------------------------------------
/usr/local/grumpy/grumpystart
/usr/local/grumpy/grumpystart alex.grumpy.rte
alex.grumpy.rte File
File
ec vo
Notes:
oy si
The lslpp command has many useful flags associated with it. It is also possible to see when
a particular LPP was installed using the –h flag. See lslpp man page for more information.
u
A situation may arise where you want to use a particular command but it is not installed on
cl
the system and you are not sure what LPP fileset to install to be able to use the binary. To
help with this problem you can use the which_fileset command. The which_fileset
command searches the /usr/lpp/bos/AIX_file_list file for a specified file name or command
Ex
name, and prints out the name of the fileset that the file or command is shipped in. The
/usr/lpp/bos/AIX_file_list file is large and not installed automatically. You must install the
bos.content_list fileset to receive this file.
pr
Example:
# which_fileset shutdown
/etc/shutdown -> /usr/sbin/shutdown bos.compat.links 7.1.0.0
/usr/sbin/shutdown bos.rte.control 7.1.0.0
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• smit install_all
.I. n
Install
Install and
and Update
Update from
from ALL
ALL Available
Available Software
Software
Type
Type or
or select
select values
values in entry
entry fields.
.T ció
in fields.
Press
Press Enter AFTER making
Enter AFTER making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
** INPUT
INPUT device
device // directory
directory for
for software
software ..
** SOFTWARE
SOFTWARE to
to install
install []
[] ++
C
PREVIEW
PREVIEW only?
only? (install
(install operation
operation will
will NOT
NOT occur) no ++
.F a
occur) no
COMMIT software updates?
COMMIT software updates? yes
yes ++
SAVE
SAVE replaced
replaced files?
files? no
no ++
C rm
AUTOMATICALLY
AUTOMATICALLY install
install requisite
requisite software?
software? yes
yes ++
EXTEND
EXTEND file
file systems
systems if
if space
space needed?
needed? yes
yes ++
OVERWRITE
OVERWRITE same
same or
or newer
newer versions?
versions? no
no ++
VERIFY
VERIFY install
install and
and check
check file
file sizes?
sizes? no
no ++
DETAILED output?
DETAILED output? no
no ++
Process
Process multiple
multiple volumes? yes ++
to fo
volumes? yes
ACCEPT
ACCEPT new
new license
license agreements?
agreements? no
no ++
Preview
Preview new
new LICENSE
LICENSE agreements?
agreements? no
no ++
ec vo
Notes:
oy si
There are two fast paths worth remembering when it comes to software and SMIT:
u
Prior to the screen shown in the visual, you will be asked to select the “INPUT device /
directory for software”. The input device could be tape (/dev/rmt0), optical media
Ex
(/dev/cd0), or a directory. The period (.) in the example indicates the directory you currently
reside in.
The default behavior when installing new software is to commit. To first apply software
rather than commit, change the COMMIT software updates field to No.
pr
The SMIT software installation panel uses the geninstall command to be able to handle
a variety of software packaging formats.
5-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Installing software using command line:
Examples
IBM Power Systems
• installp
– a (apply), -c (commit), -p (preview), -g (apply prerequisites), -X
(expand file systems, if needed), -Y (accept license agreements), -d
.I. n
(device or directory location of software), -q (quiet mode)
.T ció
## installp
installp -acpgXYd
-acpgXYd .. bos.rte.install
bos.rte.install
## installp
installp -acpgXYd
-acpgXYd /TL02_SP01
/TL02_SP01 all
all
.
C
.F a
• geninstall
C rm
– I (use installp flags, as described above), -p (preview), -d
(device or directory location of software)
## geninstall
geninstall -I
-I "-acgXY"
"-acgXY" -p
-p -d
-d .. bos.rte.install
bos.rte.install
to fo
## geninstall
geninstall -I
-I "-acgXY"
"-acgXY" -p
-p -d
-d /TL01_SP02
/TL01_SP02 all
all
ec vo
Notes:
oy si
The installp command handles software that is packaged in the traditional AIX bff format.
The geninstall command determines the type of packaging and invoke the appropriate
u
utility to handle the selected packages. For example, it would invoke the rpm command if
the software was packaged in that format.
cl
The installp and geninstall commands install and update software from the command
line on AIX. They both accept a large number of flags; the popular flags are, shown in the
Ex
visual. For geninstall, the installp command is invoked if the software is in AIX bff format
rather than rpm); in that case, the needed installp options are passed to the geninstall
command as the value of the I flag. Following are partial descriptions of the flags (see the
man pages for full details):
pr
• -a
Applies one or more software products or updates. This is the default action. This flag
can be used with the -c flag to apply and commit a software product update when
installed.
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• -c
Commits all specified updates that are currently applied but not committed.
• -d Device
Specifies where the installation media can be found. This can be a hardware device
such as tape or diskette, it can be a directory that contains installation images, or it can
be the installation image file itself.
.I. n
• -g
.T ció
When used to install or commit, this flag automatically installs or commits, respectively,
any software products or updates that are requisites of the specified software product.
• -p
.
C
Performs a preview of an action by running all preinstallation checks for the specified
.F a
action.
• -X
C rm
Attempts to expand any file systems where there is insufficient space to do the
installation. This option expands file systems based on current available space and size
estimates that are provided by the software product package.
to fo
• -Y
Agrees to required software license agreements for software to be installed.
ec vo
oy si
u
cl
Ex
pr
5-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Developed by RedHat, now used in many Linux flavors
– Examples (included within the Linux Toolbox for AIX):
.T ció
• cdrecord
• mkisofs
.
• apache
C
• bash List Remove
.F a
packages package
C rm
## rpm
rpm –qa
–qa
## rpm
rpm -e
-e cairo-1.0.2-6
cairo-1.0.2-6
to fo
Install
## rpm
rpm -i
-i bash-3.2-1.aix.ppc.rpm
bash-3.2-1.aix.ppc.rpm package
ec vo
Notes:
oy si
In addition to providing the ability to run a Linux operating system on IBM Power
Architecture technology, IBM provides strong Linux affinity within the AIX OS. This affinity
u
enables faster and less costly deployment of multi-platform, integrated solutions across
AIX and Linux platforms. Linux packages can be installed and manipulated on AIX using
cl
emerging Linux standards, and a GNU Linux build-time environment with GNU and other
open source tools and utilities that combine to facilitate the development and deployment
of Linux applications on the AIX OS. This AIX affinity with Linux allows Linux programs to
be easily recompiled for native execution on the AIX OS. This approach allows you to
pr
benefit from the capabilities of Linux applications combined with the industrial strength
foundation and performance advantages afforded to native AIX applications.
Quick guide to RPM:
• To install: rpm -i <packagefilename>
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• To list requirements for a package: rpm -q --requires
• To find package providing requirements: rpm -q --whatprovides
.T ció
• To query an uninstalled RPM: rpm -qp <packagefilename>
• To get help: rpm –help
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
5-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Ideally, all systems should be at the latest fix pack (TL and SP level).
• IBM recommends installing the complete fix pack.
• System updates can be applied through smit update_all or using
.I. n
geninstall or installp commands.
.T ció
Some items
removed for
.
smitty
smitty update_all
update_all clarity
C
.F a
** INPUT
INPUT device
device // directory
directory for
for software
software /updates
/updates
** SOFTWARE
SOFTWARE to
to update
update _update_all
_update_all
PREVIEW
PREVIEW only?
only? (update
(update operation
operation will
will NOT
NOT occur)
occur) yes
yes ++
C rm
COMMIT software updates?
COMMIT software updates? no
no ++
SAVE
SAVE replaced
replaced files?
files? yes
yes
Notes:
oy si
In the past, AIX system administrators would often download and install individual filesets
on a system. This caused the software be at mixed levels and sometime created more
u
problems than it solved. Now, IBM allows fixes to be downloaded in a fix pack, containing:
cl
operate best when all updates in a fix pack are installed. IBM recommends installing the
complete fix pack.
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• installp example:
## lslpp
lslpp -L
-L |grep
|grep -i
-i cluster
cluster |grep
|grep pdf
pdf
.I. n
cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf 5.4.0.0
5.4.0.0 CC FF HAES
HAES PDF
PDF Documentation
Documentation
Apply
## installp
installp -aB
-aB -d
-d .. cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf
update
.T ció
## lslpp
lslpp -L
-L |grep
|grep -i
-i cluster
cluster |grep
|grep pdf
pdf (-aB)
cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf 5.4.1.0
5.4.1.0 AA FF HAES
HAES PDF
PDF Documentation
Documentation
Note: “installp
Note: “installp –s
–s ## will
will list
list all
all Applied
Applied software
software on
on the
the system”
system”
.
installp –r
## installp –r cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf Reject
C
(-r)
.F a
## lslpp
lslpp -L
-L |grep
|grep -i
-i cluster
cluster |grep
|grep pdf
pdf
cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf 5.4.0.0
5.4.0.0 CC FF HAES
HAES PDF
PDF Documentation
Documentation
C rm
OR ––
OR
installp –c
## installp –c all
all Commit all
applied software
Installation
Installation Summary
Summary (-c)
--------------------
--------------------
to fo
Name
Name Level
Level Part
Part Event
Event Result
Result
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf 5.4.1.0
5.4.1.0 USR
USR COMMIT
COMMIT SUCCESS
SUCCESS
ec vo
Notes:
oy si
The visual above shows a fileset update being applied to cluster.doc.en_US.es.pdf. This
could be done with system management tools like SMIT, geninstall or installp
u
commands. It is often very useful to remember key installp flags. The flags, -aB mean apply
and update the fileset. Once applied the update can be rejected (-r) or committed (-c).
cl
In this example, the filesets are stored in a software repository on disk in which we are
currently located. Hence the device location (-d) is set to “dot” (the current directory).
Ex
pr
5-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– instfix is useful for listing and searching through applied updates on the
system.
.T ció
instfix –i
## instfix –i
.
All
All filesets
filesets for
for IY32852
IY32852 were
were found.
found.
C
All
All filesets for IY14691 were
filesets for IY14691 were found.
found.
.F a
All
All filesets
filesets for
for IY31312
IY31312 were
were found.
found.
All
All filesets
filesets for
for IY31879
IY31879 were
were found.
found.
All
All filesets
filesets for
for IY34538
IY34538 were
were found.
C rm
found.
……
…… 2244
2244 lines
lines removed
removed for clarity ….
for clarity ….
## instfix
instfix -i
-i |grep
|grep IY34981
IY34981
All
All filesets for
filesets for IY34981
IY34981 were
were found.
found.
to fo
• Interim fixes between services packs, including service advisories, is
now done through interim fix management.
– emgr command
ec vo
Notes:
oy si
Fixes displayed with the instfix –i command are installed through Technology Level and
Service Pack updates. In previous versions of AIX, interim fixes, between Maintenance
u
level releases, were installed through instfix itself. In AIX6, instfix is really a legacy
command. It is only useful for listing and searching through applied updates on the system.
cl
Necessary fixes that are not part of a TL or SP, are handled through interim fix
management.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
## emgr
emgr -pe
-pe 744A_610.071105.epkg.Z
744A_610.071105.epkg.Z
Preview
Install
….lot
….lot of
of output
output is
is produced,
produced, removed
removed for
for clarity!
clarity!
.I. n
EPKG NUMBER
EPKG NUMBER LABEL
LABEL OPERATION
OPERATION RESULT
RESULT
===========
=========== ==============
============== =================
================= ==============
==============
11 744A_610
744A_610 INSTALL
INSTALL PREVIEW
PREVIEW SUCCESS
SUCCESS
.T ció
## emgr
emgr -e
-e 744A_610.071105.epkg.Z
744A_610.071105.epkg.Z
Install
ifix
## emgr
emgr -l
-l List
installed
.
ID
ID STATE
STATE LABEL
LABEL INSTALL
INSTALL TIME
TIME ABSTRACT
ABSTRACT efixes
C
===
=== =====
===== ==========
========== ==================
================== ======================================
======================================
.F a
11 *Q*
*Q* 744A_610
744A_610 10/10/08
10/10/08 23:30:49
23:30:49 Kernel
Kernel fix
fix for
for 0744A_610
0744A_610
emgr –r
## emgr –r –L
–L 744A_610
744A_610 Remove
C rm
Log ifix
Log file
file is
is /var/adm/ras/emgr.log
/var/adm/ras/emgr.log
EFIX
EFIX NUMBER
NUMBER LABEL
LABEL OPERATION
OPERATION RESULT
RESULT
===========
=========== ==============
============== =================
================= ==============
==============
11 744A_610
744A_610 REMOVE
REMOVE SUCCESS
SUCCESS
to fo
ATTENTION:
ATTENTION: system
system reboot
reboot is
is required.
required. Please
Please see
see the
the "Reboot
"Reboot Processing"
Processing"
sections
sections in
in the
the output
output above
above or
or in
in the
the /var/adm/ras/emgr.log
/var/adm/ras/emgr.log file.
file.
Return
Return Status
Status == SUCCESS
SUCCESS
ec vo
Notes:
oy si
The interim fix (ifix) management solution enables users to track and manage ifix packages
on a system. An ifix package might be an interim fix, debug code, or test code that contains
u
commands, library archive files, or scripts that run when the ifix package is installed.
cl
It is important to examine the state field after installing an interim fix. The codes for the
state field are documented in the AIX Installation and Migration manual. In the above
example, the state value of Q means that a reboot is necessary for this fix to be effective.
5-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• smit remove
Remove
Remove Installed
Installed Software
Software
.I. n
[Entry
[Entry Fields]
Fields]
** SOFTWARE
SOFTWARE name
name [cluster.es.cspoc.cmds]
[cluster.es.cspoc.cmds] ++
.T ció
PREVIEW
PREVIEW only?
only? (remove
(remove operation
operation will
will NOT
NOT occur)
occur) yes
yes ++
REMOVE
REMOVE dependent
dependent software?
software? yes
yes ++
EXTEND
EXTEND file
file systems
systems if
if space
space needed?
needed? no
no ++
.
DETAILED
DETAILED output?
output? no
no ++
C
.F a
• Removing software from the command line
C rm
– Remove the Firefox web browser
## installp
installp -u
-u Firefox.base.rte
Firefox.base.rte
to fo
– (Preview) Remove all X11 software with associated prerequisites
## installp
installp -upg
-upg X11*
X11*
ec vo
Notes:
oy si
Software can be removed by using system management tools or the command line. The
installp –u flag, removes the specified software product and any of its installed updates
u
from the system. The product can be in either the committed or broken state. Any software
products that are dependent on the specified product must also be explicitly included in the
cl
input list unless the -g flag is also specified. Removal of any bos.rte fileset is never
permitted.
Ex
Note: The removal of LPP filesets does not necessarily mean the process will delete all
files included in the filesets. This is dependent on how the LPP filesets are constructed.
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Firefox.base.rte 1.5.0.12 Browser
Look for ?
or B.
.T ció
## lppchk
lppchk -v
-v
lppchk:
lppchk: The
The following
following filesets
filesets need
need to
to be
be installed
installed or
or corrected
corrected to
to bring
bring
the
the system
system to
to aa consistent state:
consistent state: Display
.
inconsistent
Firefox.base.rte
Firefox.base.rte 1.5.0.12 (APPLYING)
C
1.5.0.12 (APPLYING) filesets.
.F a
## installp
installp -C
-C
C rm
installp:
installp: Cleaning
Cleaning up
up software
software for:
for: Perform a clean-up
Firefox.base.rte operation. Fileset is
Firefox.base.rte 1.5.0.12
1.5.0.12
removed
Installation
Installation Summary
Summary
--------------------
--------------------
to fo
Name
Name Level
Level Part
Part Event
Event Result
Result
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Firefox.base.rte
Firefox.base.rte 1.5.0.12
1.5.0.12 USR
USR CLEANUP
CLEANUP SUCCESS
SUCCESS
ec vo
Notes:
oy si
If the process of installing, updating, or removing software from the system is interrupted or
fails, the outcome is likely to be either broken or inconsistent filesets on the system. To
u
detect this, use the lppchk command. If all is OK, the command will return null, otherwise
broken or inconsistent filesets will be displayed. To clean up from any such operation, use
cl
the installp command with the –C option (clean-up) and then retry the original operation
again. If the failed operation was an uninstall, remove the software manually, using installp
Ex
–u <fileset>.
pr
5-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• Not installed by default in AIX 7.1:
– bos.suma
.T ció
– Prerequisites of bos.ecc_client.rte and Java6.sdk
• Access: SMIT SUMA
.
• Can be used to download:
C
.F a
– By PTF
– Technology level(s)
C rm
– Service pack(s)
– All latest fixes
• Internet access must be available from the service update management
to fo
assistant (SUMA) host.
• Has many configuration parameters
ec vo
Notes:
oy si
SUMA is an excellent tool for quickly downloading fixes with minimum fuss directly onto an
AIX server or NIM server.
u
The bos.suma fileset is not installed by default and has prerequisites of bos.ecc_client.rte
cl
and Java6.sdk.
Why SUMA?
Ex
Fix automation, the ability to get maintenance fixes onto a system automatically, is
becoming a focus area for IT system administrators. As system administration becomes
more complex and time consuming, it is often a roadblock that prevents systems from
being up to date with current software fixes. Clients want the increased security and
pr
reliability benefits, as well as the reduced downtime and total cost of ownership that comes
with keeping current fixes on a system. To meet these client demands, SUMA has
automated the process of determining which fixes are available, discovering which of the
available fixes a system needs, and downloading the necessary fixes onto a system,
thereby reducing both the complexity and the time spent on system administration to
perform these tasks.
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Base configuration
– # smit suma_config_base
.I. n
Base
Base Configuration
Configuration
.T ció
[Entry
[Entry Fields]
Fields]
Screen
Screen output
output verbosity
verbosity [Info/Warnings/Errors]
[Info/Warnings/Errors] ++
.
Logfile
Logfile output verbosity
output verbosity [Verbose]
[Verbose] ++
C
Notification
Notification email
email verbosity
verbosity [Info/Warnings/Errors]
[Info/Warnings/Errors] ++
.F a
Remove
Remove superseded
superseded filesets
filesets on
on Clean?
Clean? yes
yes ++
Remove
Remove duplicate
duplicate base
base levels
levels on
on Clean?
Clean? yes
yes ++
C rm
Remove
Remove conflicting
conflicting updates
updates on
on Clean?
Clean? Yes
Yes ++
Fixserver
Fixserver protocol
protocol https
https ++
Download protocol
Download protocol http
http ++
Maximum
Maximum log
log file
file size
size (MB)
(MB) [1]
[1] ##
Download timeout (seconds)
Download timeout (seconds) [180]
[180] ##
to fo
ec vo
Notes:
oy si
The Base Configuration menu allows SUMA global configuration settings to be viewed or
changed. These settings are used for each SUMA task that is run and allow specification of
u
repository
• Download protocol
• Download timeout setting
pr
A clean operation will remove unnecessary files from the repository using the lppmgr
command.
The global configuration settings can be viewed from the command line, # suma -c.
In AIX 7 and later, use of HTTP or HTTPS proxy connections requires that the ECC service
connection be configured. This is shared with Service Agent and Inventory Scout.
5-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
store
View/Change
View/Change SUMA
SUMA Task
Task Defaults
Defaults
downloads
.T ció
[Entry
[Entry Fields]
Fields]
Action
Action [Download]
[Download] ++
Directory
Directory for
for item
item storage
storage [/aix/FIXES]
[/aix/FIXES]
.
Type of item to request
Type of item to request [All
[All Latest
Latest Fixes]
Fixes] ++
C
Name
Name of
of item
item to
to request
request []
[]
.F a
Repository
Repository to filter
to filter against
against [/aix/FIXES]
[/aix/FIXES]
Maintenance
Maintenance oror Technology
Technology Level
Level to
to filter
filter against
against []
[] ++
C rm
System
System or
or lslpp
lslpp output
output to
to filter
filter against
against [localhost]
[localhost]
Maximum
Maximum total
total download
download size
size (MB)
(MB) [-1]
[-1] +#
+#
EXTEND
EXTEND file systems if space needed?
file systems if space needed? yes
yes ++
Maximum
Maximum file
file system
system size
size (MB)
(MB) [-1]
[-1] +#
+#
Notify
Notify email
email address
address [root]
[root] ++
to fo
ec vo
Notes:
oy si
SUMA default task values can be uniquely set for each SUMA task. The visual above
shows the default settings. The possible actions are:
u
• Preview: SUMA performs the operations that do not directly affect the file system. The
cl
output displayed reflects what would happen during a download. Use this option to
determine which files will be downloaded for your request.
Ex
• Download: SUMA downloads files into the directory specified in Directory for item
storage.
• Download and Clean: SUMA performs a download operation and a clean operation to
remove unnecessary files from the repository.
pr
The task configuration settings can be viewed from the command line, # suma -D
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
## /usr/sbin/suma
/usr/sbin/suma -x
-x -a
-a RqType=SP
RqType=SP -a
-a Action=Download
Action=Download \\
-a
-a RqName=‘7100-00-02-1041'
RqName=‘7100-00-02-1041'
.T ció
– Download technology level 6 for AIX 6.1 on Wednesday at 11:00 PM
.
## /usr/sbin/suma
/usr/sbin/suma -s
-s “0
“0 23
23 ** ** 3”
3” -a
-a RqType=ML
RqType=ML –a
–a
Action=Download
Action=Download \\
C
.F a
-a
-a RqName='6100-06-00-1036’
RqName='6100-06-00-1036’
Task
Task ID
ID 11 created.
created. List all
C rm
scheduled
## suma
suma -l
-l SUMA tasks
Notes:
oy si
SUMA tasks can be initiated through the command line. This is most useful when
producing scripts to automatically download fixes. SUMA uses cron when scheduled tasks
u
are created. In the schedule example above, the following entry will be added to root's
cl
5-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
RqLevel=
PreCoreqs=y
.T ció
Ifreqs=y
Supersedes=n
ResolvePE=IfAvailable
.
Repeats=y
C
.F a
DLTarget=/aix/FIXES
NotifyEmail=root
C rm
FilterDir=/aix/FIXES
FilterML=6100-01
FilterSysFile=localhost
MaxDLSize=-1
to fo
Extend=y
MaxFSSize=-1
For further information see the SUMA main page.
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
AIX fixes are generally available on the Internet at Fix Central. Fixes cat any level, from AIX
4.3.3 to the present version, can be downloaded.
u
Each IBM client accessing Fix Central is required to have an individual IBM ID to download
cl
fixes (some exemptions may apply). If not already registered, the registration is quick and
simple and will provide users with a customized experience to better serve their needs. To
register go to:
Ex
https://www.ibm.com/account/profile
Click the Register link.
pr
5-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
.
C
.F a
C rm
to fo
http://www14.software.ibm.com/webapp/set2/flrt/home
ec vo
Notes:
oy si
Today's AIX environment can be complex as lots of components are required. In addition to
AIX, one must also think about but System Firmware, HMC, VIOS, PowerHA levels, and
u
more. How do you know if the levels of these products are compliant and supported? The
answer is FLRT. FLRT is web driven tool that enables you to select your machine type and
cl
software components and levels. It then produces an easy to read report which provides
recommendations, notices and status compliance as shown on the visual.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
1. Which of the following states must your software be in, in order for you to be
able to use it? (Select all that apply.)
a. Applied state
.I. n
b. Removed state
c. Install state
.T ció
d. Commit state
.
2. What command is used to list all installed software on your system?
C
.F a
3. Which of the following can you install as an entity? Select all that apply.
a. ifix
C rm
b. LPP
c. Package
d. Bundle
to fo
4. True or False: If a problem is found with the inetd subsystem, it is possible to
download and apply a fix to the bos.net.tcpip.server fileset in AIX to
correct the problem.
ec vo
Notes:
oy si
u
cl
Ex
pr
5-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
AIX software
installation and
.T ció
maintenance
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Define the package definitions and naming conventions
.T ció
• Determine the current installed level of the OS and individual
filesets
.
C
• Apply, commit, and remove AIX software
.F a
• Recover from broken and inconsistent software states
C rm
• Describe how to download software maintenance using Fix
Central and SUMA
• Identify if all the components in the Power and AIX
to fo
environment are compatible and supported
ec vo
Notes:
oy si
u
cl
Ex
pr
5-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Explain device terminology
C
.F a
• List device configuration and status
• Configure new devices
C rm
• Manage device states
• Interpret physical and virtual location codes
to fo
How you will check your progress
• Checkpoint questions
ec vo
• Machine exercises
References
oy si
Management
cl
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• List device configuration and status
.T ció
• Configure new devices
• Manage device states
.
• Interpret physical and virtual location codes
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
6-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Device terminology
IBM Power Systems
• Generic terminology
– Physical devices
– Ports
.I. n
– Device drivers
.T ció
– Logical devices
– /dev directory
– Virtual devices
.
C
.F a
• Power H/W-specific terminology
– CEC
C rm
– System planar
– RIO or 12X
– System ports
to fo
– GX+
– IVE
– PCI
ec vo
Notes:
oy si
• Physical Devices are the actual hardware that is connected in some way to the system
• Ports are the physical connectors and adapters in the system to which physical devices
cl
internal buses of the system enclosure to the I/O expansion drawers. The I/O expansion
drawers have PCI buses which can support additional adapters and disks (depending
upon the type of I/O drawer. Older Power models used a cabling system called RIO.
The newer servers use a cabling system called 12X (based on InfiniBand).
pr
Logical Devices. Software interfaces (special files) that present a means of accessing a
physical device to the users and application programs. Data appended to logical devices is
sent to the appropriate device driver. Data read from logical devices is read from the
appropriate device driver.
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• /dev is the directory which contains all of the logical devices that can be directly
accessed by the user. Some logical devices defined are only referenced in the ODM
customized database and cannot be accessed by users.
• Virtual Devices are the Ethernet and SCSI devices which are allocated to the client for
networking access and storage. These devices are not real.
Power hardware-specific terminology
.I. n
• Central electronics complex (CEC) is the main system unit that contains system
processors, memory, and remote I/O connections.
.T ció
• System planar is the main component of the CEC where all processor cards, memory
dimms, and I/O attachments are interconnected together.
.
• RIO and 12X provide high-speed connectivity between the system enclosure (contains
C
the CEC) and any I/O drawer enclosures. RIO and 12X are comprised of special cables,
.F a
adapters and protocols, which allow the I/O drawers to effectively act as extensions of
the system enclosure’s internal buses. An I/O drawer can consist of PCI slots/adapters,
C rm
disks, or both, depending on the type of I/O drawer. The I/O drawers connect to the
system enclosure through either a RIO or 12X GX adapter, which sits on the system
enclosure’s GX+ bus.
to fo
• System Ports are the two serial ports on the system planar. In an operating system
environment, the two system ports become host virtual system ports and are only
available for specific limited functions. For example, the two integrated system ports on
a p550 are limited to serial connected TTY console functionality and IBM approved
ec vo
call-home modems. These system ports do not support other general serial connection
uses, such as UPS, PowerHA heartbeat, printers, mice, and so on, If you need
multi-purpose serial port functions, optional PCI adapters are available.
• GX+: Each POWER6 processor provides a GX+ bus, which is used to connect to an I/O
oy si
introduced in POWER5 by offering the Integrated Virtual Ethernet (IVE) adapter. IVE,
also called Host Ethernet Adapter (HEA) in other documentation, enables an easy way
cl
6-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
5886
SAS disk Location:
drawer • Enclosure
.I. n
• Bus or planar
SAS • Adapter
12X
.T ció
• Port
5877 • Device
PCI
Expansion
.
drawers
12X
C
.F a
12X
PCI cables
C rm 12X
CEC
Power 770 PCI GX
System
to fo
Enclosures CEC
12X
PCI GX
ec vo
Notes:
oy si
A Power server can be comprised of many enclosures. An enclosure is a single box that
could be mounted in a rack. Each enclosure has a unique identifier which consists of the
u
machine type and model (MTM) plus a serial number, as in this example:
cl
U8204.E8A.65BF831.
Virtual devices will use this as the basis for their location.
Ex
The most important enclosure is the system enclosure which contains the CEC. The MTM
and serial for the system enclosure is used as the basis for virtual device locations.
The CEC, within the system enclosure, actually has a separate MTM and serial number. All
of the non-virtual devices within a system enclosure use the CEC identifier as the basis for
pr
their location. For example, device pci1 (on the PCI-X) bus has the device code of
U78A0.001.DNWGCAH-P1
U78A0.001.DNWGCAH is the identifier of the CEC and P1 means the device is attached to
the main System planar.
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
For certain server models, multiple system enclosures can be cabled together act as one
large server. An example of that would be a Power 770.
Within each enclosure there will be one or more planars. A planar is often associated with
an internal bus, such as a PCI bus. On each bus there will be one more device adapters.
Each device adapter will have one or more ports. Most of the devices that you will want to
identify will be associated with or connected to one of these ports.
While the system enclosure will have a few integrated disk bays and PCI slots, it is
.I. n
common to desire more of these resources. To support expanding the I/O capacity of the
.T ció
server, the system enclosures can be connected to I/O expansion drawers which act as an
extension of the server. These I/O drawers have their own MTM and serial number that is
used for locating devices attached to them. The current cabling system for connecting I/O
.
expansion drawers to the system drawers is the 12X cabling, though older servers used the
C
RIO cabling. The expansion drawers contain their own internal PCI buses that support card
.F a
slots. Some models also have an integrated SAS or SCSI adapter to support additional
disk bays in the enclosure.
C rm
Finally when additional locally attached disks are needed, it is possible to place a disk
expansion drawer. These are cabled to storage adapter in either a system enclosure or an
I/O expansion drawer using SAS or SCSI cabling, depending on the model I/O drawer.
Devices in this type of I/O drawer are located based upon the storage adapter to which they
to fo
are cabled. And that storage adapter will either be in a system enclosure or an I/O
expansion drawer.
Device location codes will be explored in more depth as we go through this unit.
ec vo
oy si
u
cl
Ex
pr
6-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Device addressing
IBM Power Systems
.I. n
server or accessed by a server.
– Assigned by the system firmware.
.T ció
• Example hdisk0: U78A0.001.DNWGGRX-P2-D5 (SAS drive)
.
within an AIX instance.
C
– Assigned by AIX.
.F a
– Not as useful or meaningful as physical codes on POWER5 or later systems.
C rm
– Virtual devices do not have AIX location codes.
– Note: Address conventions differ between models and types (adapters,
SCSI, non-SCSI).
• Example. hdisk0: 00-08-00 (SAS drive)
to fo
• Both physical and AIX codes can be seen side by side with:
– lsdev –CHF “name, status, physloc, location”
ec vo
Notes:
oy si
Every device is assigned a physical location code when it is attached to the system. These
codes are critical. If a device has a problem such as a disk failure, an error report is
u
generated which will identify the device and its location. You can use this information to
replace the failed disk drive.
cl
It is important not to confuse physical location codes with AIX location codes. Before LPAR
technology was introduced into Power Systems, there were only AIX location codes, and
Ex
they remain today for legacy purposes. On POWER-based processor servers that can be
partitioned, you need to use physical location codes.
Note: Virtual devices do not have OS location codes.
pr
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
hdisk0
hdisk0 U78A0.001.DNWGGRX-P2-D5
U78A0.001.DNWGGRX-P2-D5 SAS
SAS Disk
Disk Drive
Drive
.T ció
SAS
SAS Planar
Planar (P2),
(P2), Device
Device slot
slot reference
reference 5,
5, disk
disk is
is in
in the
the CEC
CEC
ent1
ent1 U78A0.001.DNWGGRX-P1-C4-T2
U78A0.001.DNWGGRX-P1-C4-T2 2-Port
2-Port 10/100/1000
10/100/1000 PCI-X
PCI-X Adapter
Adapter
.
System
System planar
planar (P1),
(P1), Card
Card slot
slot No 4, 22nd
No 4, nd port,
port, Adapter
Adapter is
is in
in the
the CEC
CEC
C
.F a
hdisk0
hdisk0 U7311.D20.6516D3C-P1-C04-T2-L8-L0
U7311.D20.6516D3C-P1-C04-T2-L8-L0 16
16 Bit
Bit LVD
LVD SCSI
SCSI Disk
Disk
Planar
Planar 11 (P1),
(P1), PCI
PCI slot
slot No 4, 22nd
No 4, nd port,
port, SCSI
SCSI ID
ID 8,0,
8,0, Disk
Disk is
is in
in an
an
C rm
attached
attached SCSI 7311-D 20 I/O Drawer.
SCSI 7311-D 20 I/O Drawer.
hdisk5
hdisk5 U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000
U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000 FC
FC SCSI
SCSI Disk
Disk
System
System planar
planar (P1),
(P1), Card
Card slot
slot No
No 3,
3, Port
Port 1,
1, WW == WW
WW unique
unique name
name of
of
to fo
an
an
FC
FC adapter
adapter (where
(where the
the FC
FC adapter
adapter is
is in
in aa remote
remote storage
storage subsystem),
subsystem),
LL == LUN
LUN ID. The disk is a logical device (identified by
ID. The disk is a logical device (identified by the
the LUN
LUN
ID) in the remote storage subsystem.
ID) in the remote storage subsystem.
ec vo
Notes:
oy si
The visual above shows how to interpret physical location code information.
u
The example system is an older model Power 550, but the principle applies to all Power
servers.
cl
expansion frames containing I/O drawers. U7311.D20 is a remote I/O drawer (RIO) for low
to mid-range systems. 6516D3 is the serial number assigned to the drawer.
6-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
ID as shown with the uname
22 sys124_v1_T1
sys124_v1_T1 command.
.T ció
vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Adapter
hdisk1
hdisk1 U8204.E8A.652ACD2-V2-C12-T1-L810000000000
U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive
Virtual SCSI Disk Drive
Virtual
Virtual client
client disk,
disk, Virtual
Virtual (LPAR)
(LPAR) ID
ID 2,
2, virtual
virtual card
card slot
slot 12.
12.
.
C
.F a
– VIOS HMC profile
C rm
Virtual SCSI adapter definition
– VIOS partition
to fo
vhost0
vhost0 U8204.E8A.652ACD2-V1-C12
U8204.E8A.652ACD2-V1-C12 Virtual
Virtual SCSI
SCSI Server
Server Adapter
Adapter
Virtual
Virtual Server
Server adapter,
adapter, Virtual
Virtual (LPAR)
(LPAR) ID
ID 1,
1, virtual
virtual card
card slot
slot (Adapter
(Adapter ID)
ID) 12
12
ec vo
Notes:
oy si
Virtual devices are assigned location codes in a similar format to physical devices. The
format is:
u
Unit_type.Model_no.virtual_adapter_number.virtual_card_slot_number.[port].[
cl
LUN]
The visual shows a VIOS presenting a virtual disk (hdisk1) to a VIO Client. In order to do
this, the first step is to create a virtual server adapter, on the HMC for the VIOS and also a
Ex
VIO client adapter for the AIX partition. Each adapter has an assigned ID.
The vhost device in the VIOS symbolizes the virtual server adapter. In the example: V1
represents a virtual device with an assigned ID of one. C12 represents the virtual card slot
pr
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
The client disks associated with the virtual client adapter will always inherit the location
code definition plus one additional field, the LUN id (L81000000000). In this example, eight
is the SCSI ID of the physical disk in the VIOS. One represents the first disk on the adapter
to be presented to the client.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
6-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
basis.
• All devices have attributes, some of which can be changed.
.T ció
– lsattr lists device attributes.
– chdev changes device attributes.
.
C
• AIX devices can be physical or virtual.
.F a
– An AIX partition does not need to have any physical devices!
C rm
• Most devices within AIX are self configured through cfgmgr.
• Device states can be controlled using mkdev and rmdev
commands.
to fo
– This includes virtual devices.
ec vo
Notes:
oy si
important when devices fail, especially disks! Taking out the wrong disk in the system due
to failure could result in data corruption.
cl
An AIX partition does not need to have any real devices. In today's Power p environments,
virtual LPARs are fast becoming the norm. Virtualization is a large topic and is covered in a
Ex
separate LPAR and virtualization education track. It is beyond the scope of the course.
pr
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Device commands
IBM Power Systems
• prtconf
– Lists major system configuration items
.I. n
• lscfg
– Lists device information including physical location codes
.T ció
• lsdev
– Lists device information including the state of the device
.
• lsslot
C
– Displays all specified hot plug slots and their characteristics
.F a
• chdev
C rm
– Changes the characteristics of a device
• rendev
– Changes the name of a device
to fo
• lsattr
– Displays attribute characteristics and possible values of attributes for devices
in the system
ec vo
Notes:
oy si
There are many commands that are useful in determining the current configuration of your
system. These commands will be covered in more detail on the following visuals.
u
cl
Ex
pr
6-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
prtconf (1 of 2)
IBM Power Systems
.I. n
Machine
Machine Serial
Serial Number:
Number: 100603P
100603P
Processor
Processor Type:
Type: PowerPC_POWER7
PowerPC_POWER7
Processor
Processor Implementation
Implementation Mode:
Mode: POWER
POWER 77
.T ció
Processor Version: PV_7_Compat
Processor Version: PV_7_Compat
Number
Number Of
Of Processors:
Processors: 22
Processor
Processor Clock
Clock Speed:
Speed: 3000
3000 MHz
MHz
CPU
CPU Type:
Type: 64-bit
64-bit
.
Kernel
Kernel Type:
Type: 64-bit
64-bit Some items were
C
LPAR
LPAR Info: 15
Info: 15 sys304_118_MA
sys304_118_MA removed for
.F a
Memory
Memory Size:
Size: 1024
1024 MB
MB clarity.
Good
Good Memory
Memory Size:
Size: 1024
1024 MB
MB
Platform
Platform Firmware
Firmware level:
level: AL710_099
AL710_099 Output is
C rm
Firmware
Firmware Version:
Version: IBM,AL710_099
IBM,AL710_099 continued on the
Network
Network Information
Information next page.
Host
Host Name:
Name: sys304_118
sys304_118
IP
IP Address: 10.6.52.118
Address: 10.6.52.118
Sub
Sub Netmask:
Netmask: 255.255.255.0
255.255.255.0
to fo
Gateway:
Gateway: 10.6.52.254
10.6.52.254
Paging
Paging Space
Space Information
Information
Total
Total Paging
Paging Space:
Space: 512MB
512MB
Percent
Percent Used:
Used: 10%
10%
ec vo
Notes:
oy si
prtconf is very useful command which displays an overview of the system configuration.
This is particularly useful for documentation purposes. One should run this command on a
u
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
prtconf (2 of 2)
IBM Power Systems
INSTALLED
INSTALLED RESOURCE
RESOURCE LIST
LIST
The
The following
following resources
resources are
are installed
installed on
on the
the machine.
machine.
+/- Device listing
+/- == Added
Added or
or deleted
deleted from
from Resource
Resource List.
List.
** == Diagnostic
Diagnostic support
support not
not available. including “physical Second half of
.I. n
available.
location codes” the output is
Model
Model Architecture:
Architecture: chrp
chrp
Model
Model Implementation:
Implementation: Multiple
Multiple Processor,
Processor, PCI
PCI bus
bus
identical to
lscfg
.T ció
++ sys0
sys0 System
System Object
Object
++ sysplanar0
sysplanar0 System
System Planar
Planar
** pci6
pci6 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 PCI Bus
PCI Bus
++ usbhc0
usbhc0 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 USB
USB Host Controller
Host Controller (33103500)
(33103500)
++ usbhc1
usbhc1 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 USB
USB Host
Host Controller
Controller (33103500)
(33103500)
.
++ usbhc2
usbhc2 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 USB
USB Enhanced
Enhanced Host
Host Controller
Controller (3310e000)
(3310e000)
** pci2
pci2 U5877.001.00H0301-P1
U5877.001.00H0301-P1 PCI
PCI Express
Express Bus
Bus
C
++ ent4
ent4 U5877.001.00H0301-P1-C5-T1
U5877.001.00H0301-P1-C5-T1 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-Express
PCI-Express Adapter
Adapter (14104003)
(14104003)
.F a
++ ent5
ent5 U5877.001.00H0301-P1-C5-T2
U5877.001.00H0301-P1-C5-T2 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-Express
PCI-Express Adapter
Adapter (14104003)
(14104003)
** pci1
pci1 U5877.001.00H0301-P1
U5877.001.00H0301-P1 PCI Express Bus
PCI Express Bus
++ fcs2
fcs2 U5877.001.00H0301-P1-C3-T1
U5877.001.00H0301-P1-C3-T1 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
** fcnet0
fcnet0 U5877.001.00H0301-P1-C3-T1
U5877.001.00H0301-P1-C3-T1 Fibre
Fibre Channel
Channel Network
Network Protocol
Protocol Device
Device
C rm
++ fscsi1
fscsi1 U5877.001.00H0301-P1-C3-T1
U5877.001.00H0301-P1-C3-T1 FC
FC SCSI
SCSI I/O
I/O Controller
Controller Protocol
Protocol Device
Device
++ hdisk4
hdisk4 U5877.001.00H0301-P1-C3-T1-W500507680140581E-L4000000000000
U5877.001.00H0301-P1-C3-T1-W500507680140581E-L4000000000000 MPIO
MPIO IBM 2145 FC
IBM 2145 FC Disk
Disk
++ hdisk5
hdisk5 U5877.001.00H0301-P1-C3-T1-W500507680140581E-L5000000000000
U5877.001.00H0301-P1-C3-T1-W500507680140581E-L5000000000000 MPIO
MPIO IBM 2145 FC
IBM 2145 FC Disk
Disk
++ fcs3
fcs3 U5877.001.00H0301-P1-C3-T2
U5877.001.00H0301-P1-C3-T2 8Gb
8Gb PCI
PCI Express
Express Dual
Dual Port
Port FC
FC Adapter
Adapter (df1000f114108a03)
(df1000f114108a03)
** fcnet1
fcnet1 U5877.001.00H0301-P1-C3-T2
U5877.001.00H0301-P1-C3-T2 Fibre
Fibre Channel
Channel Network
Network Protocol
Protocol Device
Device
++ fscsi2
fscsi2 U5877.001.00H0301-P1-C3-T2
U5877.001.00H0301-P1-C3-T2 FC
FC SCSI
SCSI I/O
I/O Controller
Controller Protocol
Protocol Device
Device
** vio0
vio0 Virtual
Virtual I/O
I/O Bus
Bus
** vscsi0
vscsi0 U8233.E8B.100603P-V15-C35-T1
U8233.E8B.100603P-V15-C35-T1 Virtual SCSI Client Adapter
Virtual SCSI Client Adapter
to fo
** hdisk3
hdisk3 U8233.E8B.100603P-V15-C35-T1-L8400000000000000
U8233.E8B.100603P-V15-C35-T1-L8400000000000000 Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
** hdisk2
hdisk2 U8233.E8B.100603P-V15-C35-T1-L8300000000000000
U8233.E8B.100603P-V15-C35-T1-L8300000000000000 Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
** hdisk1
hdisk1 U8233.E8B.100603P-V15-C35-T1-L8200000000000000
U8233.E8B.100603P-V15-C35-T1-L8200000000000000 Virtual SCSI Disk Drive
Virtual SCSI Disk Drive
** hdisk0
hdisk0 U8233.E8B.100603P-V15-C35-T1-L8100000000000000
U8233.E8B.100603P-V15-C35-T1-L8100000000000000 Virtual SCSI Disk Drive
Virtual SCSI Disk Drive
** ent1
ent1 U8233.E8B.100603P-V15-C2-T1
U8233.E8B.100603P-V15-C2-T1 Virtual
Virtual I/O
I/O Ethernet
Ethernet Adapter
Adapter (l-lan)
(l-lan)
** vsa0
vsa0 U8233.E8B.100603P-V15-C0
U8233.E8B.100603P-V15-C0 LPAR
LPAR Virtual
Virtual Serial
Serial Adapter
Adapter
** vty0
vty0 U8233.E8B.100603P-V15-C0-L0
U8233.E8B.100603P-V15-C0-L0 Asynchronous
Asynchronous Terminal
Terminal
ec vo
Notes:
oy si
The last function prtconf performs is to run the lscfg command as shown in the visual.
Although the prtconf –v flag can be used to display detailed Vital Product Data (VPD)
u
information, the output on the previous page is omitted. To get around this problem, simply
make a copy of the prtconf script to prtconfVPD and append a “–v” flag to the last lscfg
cl
#devices information
lscfg ######## APPEND –v here !!! ###########
fi
6-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
lscfg
IBM Power Systems
• lscfg can be used to display vital product data (VPD) information for
devices.
– IBM customer engineers (CEs) need this to order and replace failed
.I. n
components.
.T ció
Physical
location code
## lscfg
lscfg -v
-v -l
-l ent4
ent4
ent4
ent4 U5877.001.00H0301-P1-C5-T1
U5877.001.00H0301-P1-C5-T1 2-Port
2-Port
.
10/100/1000
10/100/1000 Base-TX PCI-Express
Base-TX PCI-Express Adapter
Adapter (14104003)
(14104003)
C
.F a
2-P VPD
2-P NIC-TX
NIC-TX PCI-e:
PCI-e: information
EC
EC Level....................D76567
C rm
Level....................D76567
Part
Part Number.................46K6601
Number.................46K6601
Manufacture
Manufacture ID..............YL1026
ID..............YL1026
FRU
FRU Number..................46K6601
Number..................46K6601
Network
Network Address.............00145E76B484
Address.............00145E76B484
to fo
ROM Level.(alterable).......EP0170
ROM Level.(alterable).......EP0170
Hardware
Hardware Location
Location Code......U5877.001.00H0301-P1-C5-T1
Code......U5877.001.00H0301-P1-C5-T1
ec vo
Notes:
oy si
The lscfg command displays configuration, diagnostic, and vital product data (VPD)
information about the system.
u
Use the lscfg command to display vital product data (VPD) such as part numbers, serial
cl
numbers, and engineering change levels. VPD data is required for hardware engineers
when they need to order replacement parts due to failures.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
lsdev
IBM Power Systems
.I. n
## lsdev
lsdev |grep
|grep ent
ent
ent0
ent0 Available
Available 02-08
02-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902)
ent1
ent1 Available
Available 02-09
02-09 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902)
.T ció
ent2
ent2 Available
Available Virtual
Virtual I/O
I/O Ethernet
Ethernet Adapter
Adapter (l-lan)
(l-lan)
ent3
ent3 Available
Available Shared
Shared Ethernet
Ethernet Adapter
Adapter
## lsdev
lsdev -Cc
-Cc disk
disk
hdisk0
hdisk0 Available
Available 03-08-01-8,0
03-08-01-8,0 16
16 Bit
Bit LVD
LVD SCSI
SCSI Disk
Disk Drive
Drive
.
hdisk1
hdisk1 Available
Available 01-00-02
01-00-02 MPIO
MPIO Other
Other FCFC SCSI
SCSI Disk
Disk Drive
Drive
C
hdisk2
hdisk2 Available
Available 00-08-00
00-08-00 SAS
SAS Disk
Disk Drive
Drive -Cc : list by class
.F a
-Cl : list by device name
## lsdev
lsdev -Cl
-Cl proc2
proc2
proc2
proc2 Available
Available 00-02
00-02 Processor
Processor
C rm
## lsdev
lsdev -p
-p pci5
pci5
ent8
ent8 Available
Available 05-08
05-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902) Child
ent9
ent9 Available
Available 05-09
05-09 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902) devices
Device state
to fo
Locating the
parent
lsdev –Cl
## lsdev cd1 –F
–Cl cd1 –F parent
parent device
ide0
ide0
ec vo
Notes:
oy si
The lsdev command displays information about devices in the device configuration
database.
u
The -C flag requests information about all the customized devices. Newer versions of AIX
cl
assume customized devices if neither -P nor -C are coded. Any combination of the -c
Class, -s Subclass, -t Type, -l Name, -p Parent, and -S State flags selects a subset of the
customized devices.
Ex
A -P flag will display information about all devices supported by the system using the. Any
combination of the -c Class, -s Subclass, and -t Type flags selects a subset of the
supported devices.
pr
In newer versions of AIX, lsdev will assume a request for customized devices if neither -P
nor -C lags are coded.
Commonly used classes include disk, cdrom, adapter, and if (interface).
A simple script that can be useful in seeing the full parentage of a device is:
6-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
lsslot
IBM Power Systems
.I. n
Lists all logical I/O
slots on the system
.T ció
## lsslot
lsslot -c
-c slot
slot
## Slot
Slot Description
Description Device(s)
Device(s)
U787F.001.DPM0WB8-P1-C1
U787F.001.DPM0WB8-P1-C1 Logical
Logical I/O
I/O Slot
Slot pci7
pci7 fcs1
fcs1
U787F.001.DPM0WB8-P1-C3 Logical
Logical I/O Slot pci4
pci4 sisscsia1
.
U787F.001.DPM0WB8-P1-C3 I/O Slot sisscsia1
U787F.001.DPM0WB8-P1-T5
U787F.001.DPM0WB8-P1-T5 Logical
Logical I/O
I/O Slot
Slot pci5
pci5 ent0
ent0 ent1
ent1
C
U787F.001.DPM0WB8-P1-T10 Logical
Logical I/O Slot pci3
pci3 sisscsia0
.F a
U787F.001.DPM0WB8-P1-T10 I/O Slot sisscsia0
U787F.001.DPM0WB8-P1-T12
U787F.001.DPM0WB8-P1-T12 Logical I/O
Logical I/O Slot
Slot pci2
pci2 ide0
ide0
Lists all PCI hot
U9131.52A.063412G-V1-C0
U9131.52A.063412G-V1-C0 Virtual
Virtual I/O
I/O Slot
Slot vsa0
vsa0
C rm
plug slots
## lsslot
lsslot -c
-c pci
pci
## Slot
Slot Description
Description Device(s)
Device(s)
U787F.001.DPM0WB8-P1-C1
U787F.001.DPM0WB8-P1-C1 PCI-X
PCI-X capable,
capable, 64
64 bit,
bit, 133MHz
133MHz slot
slot fcs1
fcs1
U787F.001.DPM0WB8-P1-C3 PCI-X
PCI-X capable, 32 bit, 66MHz
66MHz slot
slot sisscsia1
to fo
U787F.001.DPM0WB8-P1-C3 capable, 32 bit, sisscsia1
U787F.001.DPM0WB8-P1-C4
U787F.001.DPM0WB8-P1-C4 PCI-X capable,
PCI-X capable, 64
64 bit,
bit, 266MHz slot fcs0
266MHz slot fcs0
ec vo
Notes:
oy si
The lsslot command displays all the specified hot plug slots and their characteristics. Hot
plug slots are the plug-in points for connecting entities that can be added and removed
u
from the system without turning the system power off or rebooting the operating system.
The -c flag is required. It specifies the type of hot plug connector, for example, pci for hot
cl
pluggable PCI adapters. You can display only the empty, that is, available, hot plug slots
with the -a flag, the occupied slots with the -o flag, or a specific slot by using the -s flag.
Ex
The -l flag can be used to locate the slot associated with the specified DeviceName, as
listed by the lsdev command.
pr
6-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
block_size
block_size 1024
1024 BLOCK
BLOCK size
size (0=variable
(0=variable length)
length) True
True
compress
compress yes
yes UseUse data
data COMPRESSION
COMPRESSION True
True
Current block
density_set_1 size = 1KB
density_set_1 71
71 DENSITY
DENSITY setting
setting #1#1 True
True
.T ció
density_set_2
density_set_2 38
38 DENSITY
DENSITY setting
setting #2#2 True
True
extfm
extfm yes
yes UseUse EXTENDED
EXTENDED file
file marks
marks True
True
mode
mode yes
yes UseUse DEVICE
DEVICE BUFFERS
BUFFERS during
during writes
writes True
True
ret
ret no
no RETENSION
RETENSION onon tape
tape change
change or
or reset
reset True
True True indicates
ret_error no RETURN
RETURN error
error onon tape
tape change
change oror reset
reset True that the attribute
.
ret_error no True
size_in_mb
size_in_mb 36000
36000 Size
Size in
in Megabytes
Megabytes False
False is user settable
C
.F a
• To display a specific attribute:
– lsattr –E –l rmt0 -a block_size
C rm
• Tapes cannot be read when the tape device has a different block size.
– Changing the value to 0 (variable) can help overcome this problem.
## chdev
chdev -l
-l rmt0
rmt0 -a
-a block_size=0
block_size=0 Set block
to fo
rmt0 changed size to 0
rmt0 changed
## lsattr
lsattr -El
-El rmt0
rmt0 || grep
grep block_size
block_size Block size
block_size
block_size 00 BLOCK
BLOCK size
size (0=variable
(0=variable length)
length) True
True changed
ec vo
Notes:
oy si
The lsattr command displays information about the attributes of a given device or type of
device.
u
The chdev command changes the characteristics of the specified device with the given
cl
device logical name that is specified with the -l Name flag. The device can be in the
defined, stopped, or available state. Some changes may not be allowed when the device is
in the available state. When changing the device characteristics, you can supply the flags
Ex
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Device states
IBM Power Systems
• Undefined
– The device is unknown to the system.
.I. n
• Defined
.T ció
– The device is know to the system but it is unavailable for use.
• Available
.
– The device is available and ready for use.
C
.F a
• Stopped
– The device is unavailable but remains known by its device driver.
C rm
• The mkdev and cfgmgr commands make devices available
for use.
• The rmdev command can make devices unavailable for use
to fo
and completely remove them from the system.
ec vo
Notes:
oy si
Device States
u
• Undefined is not a state one can see assigned in the system, more of a reference
statement. If refers to a device which is supported but is not configured.
cl
• Defined means that the device is known to the system. It has been allocated a logical
device name, a location code, and attributes have been assigned to it. However, it is still
unavailable for use.
Ex
• Available means that the device is fully configured and is ready for use.
• Stopped mean that the device is configured, but not available for use by applications.
• When a device is first identified, it is configured and put into the Available state.
Available devices can be put into the defined or undefined state by using the rmdev
pr
command. Devices can be configured with both the mkdev or cfgmgr commands.
cfgmgr
The cfgmgr command configures devices and optionally installs device software into
the system. It can be run at any time.
6-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
## lsdev
lsdev -Cc
-Cc tape;
tape; ls
ls -l
-l /dev/*rmt0*
/dev/*rmt0* Tape drive will be
/dev/*rmt0*
/dev/*rmt0* not
not found
found configured by loading the
device into the kernel
.T ció
## cfgmgr
cfgmgr (/unix).
## lsdev
lsdev -Cc
-Cc tape
tape
rmt0
rmt0 Available
Available 04-08-01-2,0
04-08-01-2,0 LVD
LVD SCSI
SCSI 4mm
4mm Tape
Tape Drive
Drive
.
C
## ls
ls -l
-l /dev/*rmt0*
/dev/*rmt0*
.F a
crw-rw-rw-
crw-rw-rw- 11 root
root system
system 37,
37, 00 13
13 Oct
Oct 14:43
14:43 /dev/rmt0
/dev/rmt0
crw-rw-rw-
crw-rw-rw- 11 root
root system
system 37,
37, 11 13
13 Oct
Oct 14:43
14:43 /dev/rmt0.1
/dev/rmt0.1
…….
……. Removed
Removed rmt0.2
rmt0.2 through
through rmt0.6
rmt0.6
C rm
crw-rw-rw-
crw-rw-rw- 11 root
root system
system 37,
37, 77 13
13 Oct
Oct 14:43
14:43 /dev/rmt0.7
/dev/rmt0.7
## rmdev
rmdev -l
-l rmt0
rmt0 -d
-d
rmt0
rmt0 deleted
deleted
ec vo
Notes:
oy si
The visual shows a tape drive connected to a system but is undefined. The cfgmgr
command is run to configure and make the device available. Once available, special device
u
files have been created in /dev directory. Some devices like tapes have several special
files. Each file is assigned a major and minor number. Major and minor numbers are used
cl
by the operating system to determine the actual driver and device to be accessed by the
user-level request for the special device file.
Ex
For example, when writing files to a tape, the difference between tar –cvf /dev/rmt0
myfiles.tar and tar –cvf /dev/rmt0.1 myfiles.tar is that rmt0 will result in the tape rewinding
after the operation, whereas with rmt0.1, the tape will not rewind after the write operation.
pr
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
rendev command
IBM Power Systems
.I. n
hdisk2
hdisk2 Defined
Defined
.T ció
• Use rendev to change device name.
.
## rendev
rendev -l
-l hdisk2
hdisk2 –n
–n testdisk
testdisk
C
.F a
Device to be
C rm
New desired device name
renamed
Notes:
oy si
The rendev command changes the name of the specified device with the given device
name that is specified with the -l name flag. The new desired name must not exceed 15
u
characters in length. If the name has already been used or is present in the /dev directory,
the operation fails.
cl
One of the use cases would be to rename a group of disks on which application data may
reside, to be able to distinguish them from other disks on the system.
Ex
Devices that are in use (available state) cannot be renamed; the device must first be in a
defined state. If device is a parent of other devices you must unconfigured all child devices
first. The rendev command will restore device to the Available state. The –u flag may be
pr
used to prevent the device from being configured again after it is renamed.
Disk drive devices that are members of the root volume group, or that will become
members of the root volume group (by means of LVM or install procedures), must not be
renamed. Renaming such disk drives may interfere with the ability to recover from certain
scenarios, including boot failures.
6-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Checkpoint
IBM Power Systems
.I. n
2. What is the purpose of a device major number? How would you locate
.T ció
the major number of a disk, hdisk18?
.
3. True or False: cfgmgr is a binary executable that runs at system
C
.F a
initialization time to configure devices on the system.
C rm
4. What commands can you run on AIX to document the system
configuration?
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
.I. n
System configuration
and devices
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
6-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Unit summary
IBM Power Systems
.I. n
• Explain device terminology
.T ció
• List device configuration and status
.
• Configure new devices
C
• Manage device states
.F a
• Interpret physical and virtual location codes
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
6-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
• Describe the terminology and the concepts associated with:
.
- Physical volumes
C
.F a
- Volume groups
- Logical volumes
C rm
- Physical partitions
- Logical partitions
to fo
• Describe how file systems and logical volumes are related
• Checkpoint questions
• Machine exercises
oy si
References
u
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
– Physical volumes
.T ció
– Volume groups
– Logical volumes
.
– Physical partitions
C
– Logical partitions
.F a
• Describe how file systems and logical volumes are related
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
7-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Physical storage
.T ció
Logical storage
File systems
.
C
Directories
.F a
Files
C rm
to fo
Managed by
Logical Volume Manager (LVM)
ec vo
Notes:
oy si
Components
u
• Directories
Ex
• File systems
• Logical storage
• Physical storage
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Partition 1
Partition 4
.T ció
Partition 2
Partition 3 Partition 5
.
• Problems:
C
.F a
– Fixed partitions
C rm
– Expanding size of the partition
– Limitation on size of a file system and a file
– Contiguous data requirement
to fo
– Time and effort required in planning ahead
ec vo
Notes:
oy si
Traditionally, disk partitioning has been implemented through partitions. Customers had
to select the correct size for each partition before the system could be installed.
cl
backing up the file system, removing the partition, creating new ones, and restoring the
file system.
A major limitation to partitions was that each partition had to consist of contiguous disk
space. This characteristic limited the partition to reside on a single physical drive. It
pr
could not span multiple hard disks. Since file systems were always contained within a
partition, no file system could be defined that would be larger than the largest physical
drive. This meant that no single file could be larger than the largest physical drive.
7-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• Sizes can be dynamically increased.
.T ció
• Data can be mirrored for availability.
• New disks are easily added to the system.
.
C
• Data can be relocated.
.F a
• LVM (data) statistics can be collected.
C rm
to fo
These tasks can be performed dynamically!
ec vo
Notes:
oy si
The constraints with traditional UNIX disk storage have been virtually eliminated in AIX,
with the addition of the Logical Volume Manager.
cl
Note that the tasks listed in the visual, can be performed while users are on the system.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
partitions (PPs) Logical
partitions (LPs)
.T ció
1
2
3
.
4
C
5
write(data);
.F a
6
x
C rm
y
z
Application
Logical
volume (LVs)
to fo
Physical
volumes (PVs)
ec vo
Notes:
oy si
Introduction
u
The AIX Logical Volume Manager controls disk storage resources by mapping data
between a simple and flexible logical view of storage space and the actual physical
cl
disks.
This visual and these notes provide a brief overview of the basic components of LVM.
Ex
Components
A hierarchy of structures is used to manage disk storage:
• Volume groups
pr
• Physical volumes
• Physical partitions
• Logical volumes
• Logical partitions
7-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
Physical volume (PV)
.T ció
A physical volume (PV) is the name for an actual disk or hard drive. A PV can be
internally or externally attached.
.
For a disk to be used by LVM, the disk must be added to a volume group, or a new
C
volume group must be set up for it.
.F a
A PV can only belong to one volume group (VG).
C rm
Physical partition (PP)
All of the physical volumes in a volume group are divided into physical partitions (PP).
All the physical partitions within a volume group are the same size, although different
volume groups can have different PP sizes.
to fo
Logical volume (LV)
Within each volume group, one or more logical volumes (LV) are defined. Logical
volumes are groups of information located on physical volumes. Data on logical
ec vo
Each logical volume consists of one or more logical partitions (LP). Logical partitions
are the same size as the physical partitions within a volume group. Each logical partition
u
is mapped to at least one physical partition. Although the logical partitions are
numbered consecutively, the underlying physical partitions are not necessarily
cl
consecutive or contiguous.
This allows file systems, paging space, and other logical volumes to be resized or
Ex
relocated, to span multiple physical volumes, and to have their contents replicated for
greater flexibility and availability in the storage of data.
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Physical storage
IBM Power Systems
PP1
Volume PV1 PP2
group A PP3
PP4 Physical
.I. n
PP5 volume
PP6 /dev/hdiskn
.T ció
Volume PV2 PV3 PV4 PV5
group B
PPn
.
C
Original volume groups Big volume groups
.F a
-t factor Disks (PVs) PPs per PV Disks (PVs) -t factor
1 32 1016 128 1
C rm
2 16 2032 64 2
4 8 4064 32 4
8 4 8128 16 8
to fo
16 2 16256 8 16
N/A N/A 32512 4 32
N/A N/A 65024 2 64
ec vo
Notes:
oy si
Introduction
u
Disk space on a physical volume (PV) is allocated to logical volumes (LV) in chunks
called physical partitions (PP). Each physical partition size is the same across all the
cl
disks in a volume group (VG). The PP size is set at the time the VG is created. The size
is set in megabytes on power of two boundaries (for example: 4 MB, 8 MB, 16 MB, and
so forth). The default is 4 MB.
Ex
In AIX 5L V5.2 and later, LVM defaults the PP size of a new VG to the smallest PP size
(equal or greater than 4 MB) which allows full addressing of the largest disk in the VG
given the selected maximum number of PPs per PV (defaults to 1016). The smallest PP
pr
size is 1 MB, which is supported by using a larger number of PPs per PV.
When a PV is added to a system, a file called hdiskn is added to the /dev directory. n is
a number allocated by the operating system. It is usually the next available number.
This file may be used to access the device directly but this is not often done.
7-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
For example, for an 18 GB disk, you must have a PP size of 32 MB. A PP size of 16 MB
.T ció
would require 1152 PPs, over the limit.
Volume group -t factor
.
To handle the increase in hard disk drive capacity over time, AIX V4.3.1 implemented a
C
new volume group factor, which can be specified by the -t flag of the mkvg command,
.F a
that allows you to increase the maximum number of PPs per disk proportional to the
given integer multiplier value. The maximum number of PVs decreases proportional to
C rm
the specified -t factor.
For example, if you wanted to use an 8 MB PP size with our 18 GB disks, you would
need at least 2304 PPs per disk. Setting the -t factor to 4 would allow 4064 PPs per
to fo
disk, but would limit us to 8 disks in the VG.
Big volume group
AIX V4.3.2 expanded the LVM scalability by introducing big volume groups. A big VG
can have up to 128 physical volumes and a maximum of 512 LVs defined with it. The
ec vo
volume group -t factor can also be used with the big VG.
Using our 18 GB disk example, setting the -t factor to 4, would allow us to have a VG
with a PP size of 8 MB and 32 disks.
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Volume groups
IBM Power Systems
.I. n
Original 32 256 32512 1 GB
– Scalable (1016 * 32)
.T ció
Big 128 512 130048 1 GB
(1016 * 128)
• Limits Scalable 1024 4096 2097152 128 GB
.
C
.F a
• AIX contains one mandatory volumes group: rootvg
– rootvg created on system install
C rm
– Contains the AIX operating system
• Why create new volume groups?
– Separate user data from operating system files rootvg datavg
to fo
– Disaster recovery
PV1 PV2 PV3
– Data portability
– Data integrity and security
ec vo
Notes:
oy si
With successive versions of AIX, new types of volume groups have been introduced
which allow for greater capacities and greater flexibility:
cl
of PVs per VG, the big volume group also doubled the maximum number of LVs per
VG from 255 to 512. Support for creating big volume groups through SMIT was
introduced in AIX 5L V5.3. Previous to 5.3 big volume groups could only be created
from the command line.
7-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
number of PPs which are small in size. The scalable VG can hold up to 2097152
.T ció
(2048 KB) PPs. Optimally, the size of a physical partition, can also be configured for
a scalable VG.
Existing and new volume groups
.
When the system is installed, the root volume group (rootvg) is created. rootvg
C
.F a
consists of a base set of logical volumes and physical volumes required to start the
system, and any other logical volumes you specify to the installation script.
C rm
Additional disks can either be added to rootvg, or a new volume group can be created
for them. There can be up to 255 VGs per system.
Why create separate volume groups?
to fo
It is recommended that all user and application data be separated from the OS by
placing the data into volume groups. The data should be grouped into individual volume
groups by type or purpose (for example, Oracle data). By maintaining the user file
systems and the operating system files in distinct volume groups, the user files are not
ec vo
For security, you can make the volume group unavailable using varyoffvg.
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Three-disk or more
One-disk VG Two-disk VG VG
.I. n
.T ció
VGDA VGDA VGDA
VGDA VGDA VGDA VGDA
.
C
.F a
C rm
to fo VGDA VGDA
ec vo
Notes:
oy si
The VGDA is an area of disk, at least one per PV, containing information for the entire
VG. It contains administrative information about the volume group (for example, a list of
cl
all logical volume entries, a list of all the physical volume entries, and so forth). There is
usually one VGDA per physical volume. The exceptions are when there is a volume
group with either one or two disks (as shown in the visual).
Ex
Quorum
There must be a quorum of VGDAs available to activate the volume group and make it
available for use with the varyonvg command. A quorum of VGDA copies is needed to
pr
ensure the data integrity of management data that describes the logical and physical
volumes in the volume group. A quorum is equal to 51% or more of the VGDAs
available.
A system administrator can force a volume group to varyon without a quorum. This is
not recommended and should only be done in an emergency.
7-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Logical storage
IBM Power Systems
Physical volumes
1 1
.I. n
4 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
.T ció
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
.
35 38 35 38
36 37 36 37
C
41 44 41 44
42 43 42 43
.F a
47 50 47 50
48 49 48 49
C rm
Logical Volume Manager
1 2 3 4 1 2 3 4
to fo
Logical
partitions
Logical Logical
volume volume
ec vo
Notes:
oy si
Logical partition
u
A physical partition is the smallest unit of disk allocation. Each logical partition maps to
a physical partition which physically stores the data.
cl
The logical partitions within a volume group are the same size as the physical partitions
within that volume group.
Ex
Logical volume
A logical volume consists of one or more logical partitions within a volume group.
Logical volumes may span physical volumes if the volume group consists of more than
pr
one physical volume. Logical volumes do not need to be contiguous within a physical
volume, because the logical partitions within the logical volume are maintained to be
contiguous. The view the system sees is the logical one. Thus, the physical partitions
they point to can reside anywhere on the physical volumes in the volume group.
Logical volumes may be increased in size at any time, assuming that there are sufficient
free physical partitions within the volume group. This can be done dynamically through
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
SMIT even when users are doing work in that logical volume. However, logical volumes
cannot easily be decreased and require a file system backup and restore to a
re-created smaller logical volume.
The mapping of which logical partition corresponds to which physical partition, is
maintained in the VGDA for the volume group. It is both a physical view and a logical
view.
LVM mapping
.I. n
The Logical Volume Manager (LVM) consists of the logical volume device driver (LVDD)
.T ció
and the LVM subroutine interface library. The LVM controls disk resources by mapping
data between a more simple and flexible logical view of storage space, and the actual
physical disks. The LVM does this using a layer of device driver code that runs above
.
traditional disk device drivers.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
7-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Paging space (/dev/hd6)
– Boot logical volume (/dev/hd5)
.T ció
– Dump device
– Nothing (raw logical volume)
.
C
• Examples of JFS/JFS2 logical volumes:
.F a
/dev/hd1 /home
C rm
/dev/hd2 /usr
/dev/hd3 /tmp
/dev/hd4 /
/dev/hd9var /var
to fo
/dev/hd10opt /opt
/dev/hd11admin /admin
/dev/lv00 /myfilesystem
ec vo
Notes:
oy si
Introduction
u
When you install the system, one volume group (rootvg) is automatically created which
consists of a base set of logical volumes required to start the system. rootvg contains
cl
such things as paging space, the journal log, and boot data, each usually in its own
separate logical volume.
Ex
You can create additional logical volumes with the mklv command or go through the
SMIT menus. This command allows you to specify the name of the logical volume and
to define its characteristics.
JFS and JFS2 file systems
pr
The native file system on AIX is the journaled file system (JFS), or the enhanced
journaled file system (JFS2). They use database journaling techniques to maintain
consistency. It is through the file system's directory structure that users access files,
commands, applications, and so forth.
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Journal log
The journal log is the logical volume where changes made to the file system structure
are written until such time as the structures are updated on disk. Journaled file systems
and enhanced journaled file systems are discussed in greater detail later in the course.
Paging space
Paging space is fixed disk storage for information that is resident in virtual memory but
.I. n
is not currently being maintained in real memory.
Boot logical volume
.T ció
The boot logical volume is a physically contiguous area on the disk which contains the
boot image.
.
Dump device
C
.F a
When you install the operating system, the dump device is automatically configured for
you. By default, the primary device is /dev/hd6, which is the paging logical volume, and
C rm
the secondary device is /dev/sysdumpnull. For systems migrated from versions of AIX
earlier than V4.1, the primary dump device is what it formerly was, /dev/hd7.
Raw logical volume
to fo
A raw logical volume is simply an empty logical volume. Database applications, for
example Oracle, db2, recommend the use of raw logical volumes.
ec vo
oy si
u
cl
Ex
pr
7-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Hierarchy of directories
.T ció
• Seven types are supported:
– Journaled file system (JFS)
– Enhanced journaled file system (JFS2)
.
C
– CD-ROM file system (CDRFS)
.F a
– DVD-ROM file system (UDFS)
C rm
– Network file system (NFS)
– Common Internet File System (CIFS)
– Proc File System (PROCFS)
– Autonomic Health Advisor File System (AHAFS)
to fo
• Different file systems are connected together through directories to form
the view of files that users see.
ec vo
Notes:
oy si
Introduction
u
A file system is a directory hierarchy for storing files. It has a root directory and
subdirectories. In an AIX system, the various file systems are joined together so that they
cl
appear as a single file tree with one root. Many file systems of each type can be created.
Because the available storage is divided into multiple file systems, data in one file system
Ex
could be on a different area of the disk than data of another file system. Because file
systems are of a fixed size, file system full errors can occur when that file system has
become full. Free space in one file system cannot automatically be used by an alternate file
system that resides on the same physical volume.
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
corresponding files
.T ció
• NAMEFS - NameFS provides the function of file-over-file and directory-over-directory
mounts. It allows you to mount a subtree of a file system in a different place in the file
name space. This allows a file to be accessed through two different path names.
.
Although these are physically different, they appear the same to users and applications.
C
.F a
• AHAFS - Autonomic Health Advisor File System is a part of CAA (Cluster Aware AIX) a
mediator to take the requests of event registration, monitoring and unregistering from
C rm
the processes interested in monitoring for events.
to fo
ec vo
oy si
u
cl
Ex
pr
7-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
than on each directory within the file system, for example,
back up, move, secure an entire file system.
.T ció
• Can limit disk usage of users by file system through quotas.
.
• Maintain integrity of the entire file system structure, for
C
example, if one file system is corrupted, the others are not
.F a
affected.
C rm
• Special security situations.
• Organize data and programs into groups for ease of file
management and better performance.
to fo
ec vo
Notes:
oy si
Benefits
u
A file system is a structure that allows you to organize your data. It is one level in the
hierarchy of your data. By placing data in separate file systems, it allows for ease of
cl
Many times, backups and recoveries are done at a file system level.
Limit disk usage
Since the administrator determines the size of the file system, users are allocated only a
pr
certain amount of shared disk space. This helps to control disk usage. The
administrator can also impose more granular control over that disk space by limiting
how much space an individual user can use in a file system. This is known as file
system quotas.
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
7-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
hd4
.I. n
/ (root)
.T ció
home sbin opt lpp proc usr dev tftpboot var mnt etc tmp
.
C
.F a
hd1 hd10opt hd3
C rm
hd2 hd9var
/ / / / /
to fo
csm freeware bin lib sbin spool adm tmp
Notes:
oy si
When AIX is first installed on a stand-alone system there are only seven journaled file
systems and one pseudo file system (/proc) in existence:
cl
/ (root) = /dev/hd4
• At the top of the hierarchical file tree. It contains the files and directories critical for
Ex
system operations including the device directory and programs that complete the boot
process.
/usr = /dev/hd2
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• The files in this file system vary considerably depending on system activity.
/home = /dev/hd1
• Users' home directories (was /u in earlier versions of AIX)
• This is traditionally where user data files are stored.
/tmp = /dev/hd3
.I. n
• Space accessible to all users for temporary files and work space
• Should be cleared out frequently.
.T ció
/opt = /hd10opt
• Special file system to store freeware files
.
/proc = /proc
C
.F a
• Special pseudo file system kept in memory to support threads, or light weight processes
C rm
• This file system is not designed to store user files.
• It is a type of file system which is different from a journal file system.
• AIX supports the PROCFS implementation to improve compatibility with Linux.
to fo
/admin = /hd11admin
• There are two empty directories: lost_found and tmp.
• The permissions setting on this /admin/tmp directory is 755 and the directory is owned
ec vo
by root.
• This tmp directory has more security for applications to use.
oy si
u
cl
Ex
pr
7-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
/etc/filesystems
IBM Power Systems
/:
dev = /dev/hd4
vol = root
.I. n
mount = automatic
check = false
vfs = jfs2
.T ció
log = /dev/hd8
type = bootfs
/home:
.
dev = /dev/hd1
C
vol = /home
.F a
mount = true
check = true
vfs = jfs2
C rm
log = /dev/hd8
/home/team01:
dev = /dev/fslv00
vfs = jfs2
log = /dev/loglv00
to fo
mount = true
options = rw
account = false
ec vo
Notes:
oy si
What is /etc/filesystems?
u
normally mounted.
File system attributes
The file system attributes specify all the parameters of the file system. They are as
follows:
pr
• dev For local mounts, identifies the block special file where the file system resides, or
the file or directory to be mounted
• vol Used by the mkfs command when initiating the label on a new file system
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• mount Used by the mount command to determine whether a file system should be
mounted by default. Possible values are:
• automatic File system mounted automatically at system startup
• true File system mounted by the mount all command. This command is issued during
system initialization to automatically mount such file systems.
• false File system is not automatically mounted
.I. n
• check Used by the fsck command to determine the default file systems to be checked.
True enables checking
.T ció
• vfs Specifies the type of mount. For example, vfs=jfs2.
• log The device to which log data is written, as the file system is modified. This option is
.
only valid for journaled file systems.
C
.F a
• type Used to group together related file systems which can all be mounted with the
mount -t command
C rm
• account Used to determine the file systems to be processed by the accounting
subsystem.
• quote Allows the system administrator to control the number of files and data blocks
to fo
that can be allocated to a user or group
ec vo
oy si
u
cl
Ex
pr
7-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Mount
IBM Power Systems
.I. n
• File systems are associated with devices represented by
special files in /dev (the logical volume).
.T ció
• When a file system is mounted, the logical volume and its
.
contents are connected to a directory in the hierarchical
C
tree structure.
.F a
## mount
mount /dev/fslv00
/dev/fslv00 /home/patsie
/home/patsie
C rm Where to
to fo
What to
mount mount it
ec vo
Notes:
oy si
A file system has to be mounted in order for it to be available for use. Use the mount
command or SMIT to do this. The file system can also be umounted using the umount or
cl
unmount command, or SMIT. These commands can be executed by either the root
user or a member of the system group.
Ex
It is possible to have file systems automatically mounted at boot time. This can be
specified in the /etc/filesystems file using the mount=automatic or mount=true
parameters.
Mount points
pr
Full path names must be used when specifying the mount point. If SMIT is used to
create the file system, the mount point is created automatically.
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Before After
home home
.I. n
.T ció
liz john patsie liz john patsie
.
C
.F a
/
C rm
.profile
.exrc data doc
.profile
.exrc data doc
to fo
myscript myscript
ec vo
Notes:
oy si
In order for users to get access to the data contained in a file system, it must be
mounted. When the file system is mounted, it becomes a part of the hierarchical tree
cl
structure of files and directories. From the user’s perspective, there is no way to tell
where one file system ends and another begins.
Ex
pr
7-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Before After
home home
.I. n
.T ció
liz john patsie liz john patsie
.
C
.F a
reports pgms .profile
.exrc
C rm
/
.profile
data doc
to fo
.exrc
myscript
.profile
.exrc data doc
myscript
ec vo
Notes:
oy si
It is possible to mount over files and subdirectories. The result is that the files and
subdirectories that have been mounted over are now hidden from the users, that is,
cl
inaccessible. They have not been lost though. They are again accessible when the
unmount command has been executed on the covering file system.
Ex
Not everyone has the authority to mount file systems randomly. Authority is based on
two things: what the default mount point is, as specified in the file /etc/filesystems, and
whether the user has write authority to that mount point. Users can issue file or directory
mounts provided they belong to the system group and have write access to the mount
pr
point. They can do device mounts only to the default mount points mentioned in the file
/etc/filesystems. root can mount anywhere under any set of permissions.
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
.I. n
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 1966080
1966080 --
-- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 131072
131072 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 4587520
4587520 --
-- yes
yes no
no
.T ció
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 655360
655360 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 393216
393216 --
-- yes
yes no
no
/proc
/proc --
-- /proc
/proc procfs
procfs --
-- --
-- yes
yes no
no
/dev/hd10opt
/dev/hd10opt --
-- /opt
/opt jfs2
jfs2 524288
524288 --
-- yes
yes no
no
.
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 --
-- yes
yes no
no
C
/dev/fslv00
/dev/fslv00 --
-- /db2
/db2 jfs2
jfs2 262144
262144 rw
rw no
no no
no
.F a
C rm
to fo
ec vo
Notes:
oy si
You can list the various file systems that are defined using the lsfs command. This
command displays information from /etc/filesystems and from the logical volumes in a
cl
more readable format. The lsfs command also displays information about CD-ROM
file systems and remote NFS file systems.
Ex
The SMIT fastpath to get to the screen which accomplishes the same task as the lsfs
command is: smit fs.
The syntax for the lsfs command is:
lsfs [-q] [ -c | -l ] [ -v vfstype | -u mountgrp ][file system]
pr
The data may be presented in line and colon (-c) or stanza (-l) format. It is possible to
list only the file systems of a particular virtual file system type (-v), or within a particular
mount group (-u). The -q option queries the superblock for the fragment size
information, compression algorithm, and the number of bytes per inode.
7-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
.T ció
hd5
hd5 boot
boot 11 22 22 closed/syncd
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 16
16 22 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfs2log
jfs2log 11 22 22 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs2
jfs2 15
15 30
30 22 open/syncd
open/syncd //
.
hd2
hd2 jfs2
jfs2 35
35 70
70 22 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs2
jfs2 55 10
10 22 open/syncd
open/syncd /var
/var
C
hd3 jfs2 33 66 22 open/syncd /tmp
.F a
hd3 jfs2 open/syncd /tmp
hd1
hd1 jfs2
jfs2 11 22 22 open/syncd
open/syncd /home
/home
loglv00
loglv00 jfs2log
jfs2log 11 22 22 closed/syncd
closed/syncd N/A
N/A
C rm
hd11admin
hd11admin jfs
jfs 22 44 22 open/syncd
open/syncd /admin
/admin
fslv00
fslv00
to fo jfs2
jfs2 22 44 22 closed/syncd
closed/syncd /db2
/db2
ec vo
Notes:
oy si
lsvg -l rootvg
Provides information about the logical volumes in the rootvg volume group.
cl
lslv lvname
Ex
This provides status information about the selected logical volume within the volume
group. For example, lslv hd6.
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (1 of 3)
IBM Power Systems
5. V______ G______
1. V______ G______
.I. n
D ______ A______
VGDA 6. P______ V______
.T ció
2. P______ P ______
.
C
.F a
C rm
3. L_____ P______
to fo
4. L______ V_______
ec vo
Notes:
oy si
For each item in the visual, fill in the blanks to complete the correct term for the indicated
LVM component.
u
cl
Ex
pr
7-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Checkpoint (2 of 3)
IBM Power Systems
7. How many different physical partition (PP) sizes can be set within a
single VG?
.I. n
8. By default, how big are PPs?
.T ció
9. How many volume groups (VGs) can a physical volume (PV) belong
.
to?
C
.F a
a. It depends on what you specify through SMIT
b. Only one
C rm
c. As many VGs as exist on the system
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (3 of 3)
IBM Power Systems
Use the following output to answer the questions below:
## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount PtPt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
.I. n
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 294912
294912 -- -- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 32768
32768 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 3309568
3309568 ---- yes
yes no
no
.T ció
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 65536
65536 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 131072
131072 -- -- yes
yes no
no
/dev/hd10opt
/dev/hd10opt ---- /opt
/opt jfs2
jfs2 163840
163840 -- -- yes
yes no
no
/dev/cd0
/dev/cd0 --
-- /infocd
/infocd cdrfs
cdrfs ro
ro yes
yes no
no
.
/dev/lv00
/dev/lv00 --
-- /home/john
/home/john jfs2
jfs2 32768
32768 rw
rw yes
yes no
no
C
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 -- -- yes
yes no
no
.F a
11. With which logical volume is the /home file system associated?
C rm
12. What types of file systems are being displayed?
13. What is the mount point for the file system located on the /dev/hd4 logical
to fo
volume?
14. Which file system is used primarily to hold user data and home directories?
ec vo
Notes:
oy si
u
cl
Ex
pr
7-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
System
storage
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Describe the terminology and the concepts associated with:
.T ció
– Physical volumes
– Volume groups
.
– Logical volumes
C
.F a
– Physical partitions
C rm
– Logical partitions
• Describe how file systems and logical volumes are related
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
7-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Explain how to work with the Logical Volume Manager
C
.F a
• Add, change, and delete:
- Volume groups
C rm
- Logical volumes
- Physical volumes
• Describe essential LVM concepts, such as:
to fo
- Mirroring
- Striping
ec vo
• Machine exercises
u
References
cl
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Add, change, and delete:
.T ció
– Volume groups
– Logical volumes
.
– Physical volumes
C
.F a
• Describe essential LVM concepts, such as:
– Mirroring
C rm
– Striping
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
8-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
# smit lvm
Logical
Logical Volume
Volume Manager
Manager
.I. n
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.T ció
Volume
Volume Groups
Groups
Logical
Logical Volumes
Volumes
Physical
Physical Volumes
Volumes
.
Paging
Paging Space
Space
C
.F a
C rm
to fo
ec vo
Notes:
oy si
Introduction
The SMIT Logical Volume Manager menu is used to manage many aspects of the system's
u
storage.
cl
• Volume groups: The SMIT Volume Groups menu provides facilities to manipulate the
volume groups in the system.
Ex
• Logical volumes: The SMIT Logical Volumes menu provides facilities to manipulate
the logical volumes in the system. Logical volumes which contain journaled file
systems, paging space, or dump volumes can also be manipulated from their respective
menus.
pr
• Physical volumes: The SMIT Physical Volumes menu allows the user to configure the
physical volumes (fixed disks) in the system. This menu duplicates options on the Fixed
Disks menu of Devices.
• Paging space: The SMIT Page Space menu allows a user to add, delete, activate, and
list the paging spaces available.
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Volume
Volume Groups
Groups
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.I. n
List
List All
All Volume
Volume Groups
Groups
Add
Add aa Volume
Volume Group
.T ció
Group
Set
Set Characteristics
Characteristics of of aa Volume
Volume Group
Group
List
List Contents
Contents ofof aa Volume
Volume Group
Group
Remove
Remove aa Volume
Volume Group
Group
.
Activate
Activate aa Volume
Volume Group
Group
Deactivate
Deactivate aa Volume
Volume Group
C
Group
.F a
Import
Import aa Volume
Volume Group
Group
Export
Export aa Volume
Volume Group
Group
Mirror
Mirror a Volume Group
a Volume Group
C rm
Unmirror
Unmirror aa Volume
Volume Group
Group
Synchronize
Synchronize LVM
LVM Mirrors
Mirrors
Back
Back Up
Up aa Volume
Volume Group
Group
Remake
Remake aa Volume
Volume Group
Group
Preview
Preview Information
Information about
about aa Backup
Backup
to fo
Verify
Verify the
the Readability
Readability of of aa Backup
Backup (Tape
(Tape only)
only)
View
View the
the Backup
Backup Log
Log
List
List Files
Files in
in aa Volume
Volume Group
Group Backup
Backup
Restore
Restore Files
Files in
in aa Volume
Volume Group
Group Backup
Backup
ec vo
Notes:
oy si
The visual shows the SMIT screen that allows for the configuration of volume groups.
u
8-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.T ció
Add
Add an
an Original
Original Volume
Volume Group
Group
Add
Add aa Big
Big Volume
Volume Group
Group
Add aa Scalable
Scalable Volume
Volume Group
.
Add Group
C
.F a
Add
Add an
an Original
Original Volume
Volume Group
Group
[Entry
[Entry Fields]
C rm
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg]
Physical
Physical partition
partition SIZE
SIZE in
in megabytes
megabytes ++
** PHYSICAL VOLUME names
PHYSICAL VOLUME names [hdisk1 hdisk2]
[hdisk1 hdisk2] ++
Force
Force the
the creation
creation of
of aa volume
volume group?
group? no
no ++
Activate volume group AUTOMATICALLY yes ++
to fo
Activate volume group AUTOMATICALLY yes
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++
ec vo
Notes:
oy si
The mkvg command is used to create a volume group. A new volume group must contain
at least one physical volume. The -y option is used to indicate the name for the new volume
cl
automatically. The default is the smallest physical partition size consistent with the
maximum PP/PV and the largest physical volume in the volume group.
Using SMIT
The volume group MAJOR NUMBER on the SMIT dialog screen is used by the kernel to
pr
access that volume group. This field is most often used for PowerHA where the major
number ideally should be the same for all nodes in the cluster.
Concurrent capable VGs are used for parallel processing applications, whereby the volume
group is read/write accessible to multiple machines at the same time.
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Add
Add aa Scalable
Scalable Volume
Volume Group
Group
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making
Enter AFTER making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
.
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg]
C
Physical
Physical partition
partition SIZE
SIZE in
in megabytes ++
.F a
megabytes
** PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk3]
[hdisk3] ++
Force
Force the
the creation
creation of
of aa volume
volume group?
group? no
no ++
C rm
Activate
Activate volume
volume group
group AUTOMATICALLY
AUTOMATICALLY yes
yes ++
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++
Max
Max PPs
PPs per
per VG
VG in
in units
units of
of 1024
1024 32
32 ++
to fo
Max Logical Volumes
Max Logical Volumes 256
256 ++
Enable
Enable Strict
Strict Mirror
Mirror Pools
Pools No
No ++
Infinite
Infinite Retry Option
Retry Option no
no ++
ec vo
Notes:
oy si
There is a separate SMIT panel for adding scalable volume groups. Besides creating a
different format VGDA, the administrator has the option to set the Maximum PPs per VG,
cl
for each physical volume through the -t factor. In scalable volume groups, the physical
partitions are managed on a volume group wide basis.
The maximum number of logical volumes was fixed depending upon the type of volume
group. Now, in scalable volume groups, the maximum is tunable.
pr
8-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
## lsvg
lsvg
rootvg
rootvg
datavg
datavg
db2_vg
.I. n
db2_vg
## lsvg
lsvg -o
-o
.T ció
datavg
datavg
rootvg
rootvg
## lsvg
lsvg rootvg
rootvg
.
C
VOLUME
VOLUME GROUP:
GROUP: rootvg
rootvg VG
VG IDENTIFIER:
IDENTIFIER:
.F a
00cf2e7f00004c000000011cec07b52e
00cf2e7f00004c000000011cec07b52e
VG
VG STATE:
STATE: active
active PP
PP SIZE:
SIZE: 64
64 megabyte(s)
megabyte(s)
VG PERMISSION:
VG PERMISSION: read/write
read/write TOTAL
TOTAL PPs:
PPs: 130
130 (8320
(8320 megabytes)
megabytes)
C rm
MAX
MAX LVs:
LVs: 256
256 FREE
FREE PPs:
PPs: 54
54 (3456
(3456 megabytes)
megabytes)
LVs:
LVs: 11
11 USED
USED PPs:
PPs: 76
76 (4864
(4864 megabytes)
megabytes)
OPEN
OPEN LVs:
LVs: 99 QUORUM:
QUORUM: 22 (Enabled)
(Enabled)
TOTAL
TOTAL PVs:
PVs: 22 VG
VG DESCRIPTORS:
DESCRIPTORS: 33
STALE
STALE PVs:
PVs: 00 STALE
STALE PPs:
PPs: 00
ACTIVE
ACTIVE PVs:
PVs: 22 AUTO
AUTO ON:
ON: yes
yes
to fo
MAX
MAX PPs
PPs per
per VG:
VG: 32512
32512
MAX
MAX PPs
PPs per
per PV:
PV: 1016
1016 MAX
MAX PVs:
PVs: 32
32
LTG
LTG size
size (Dynamic):
(Dynamic): 256
256 kilobyte(s)
kilobyte(s) AUTO
AUTO SYNC:
SYNC: no
no
HOT
HOT SPARE:
SPARE: no
no BB
BB POLICY:
POLICY: relocatable
relocatable
ec vo
Notes:
oy si
The lsvg command, with no parameters, lists the volume groups in the system. If used with
the –o options, all varied on/active volume groups are displayed.
u
To further list the information about the status and content of a particular volume group, run
cl
lsvg <Volumegroup_name>
The output provides status information about the volume group. The most useful
Ex
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
## lsvg
lsvg -p
-p rootvg
rootvg
rootvg:
rootvg:
PV_NAME PV
PV STATE TOTAL
TOTAL PPs FREE
FREE PPs FREE
FREE DISTRIBUTION
.I. n
PV_NAME STATE PPs PPs DISTRIBUTION
hdisk0
hdisk0 active
active 99
99 23
23 15..00..00..00..08
15..00..00..00..08
hdisk5
hdisk5 active
active 31
31 31
31 07..06..06..06..06
07..06..06..06..06
.T ció
.
## lsvg
lsvg -l-l rootvg
rootvg
rootvg:
C
rootvg:
.F a
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT
POINT
POINT
hd5
hd5 boot
boot 11 11 11 closed/syncd
closed/syncd N/A
N/A
C rm
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
jfs 55 55 11 open/syncd
open/syncd /var
/var
to fo
hd3
hd3 jfs
jfs 33 33 11 open/syncd
open/syncd /tmp
/tmp
hd1
hd1 jfs
jfs 11 11 11 open/syncd
open/syncd /home
/home
hd10opt
hd10opt jfs
jfs 44 44 11 open/syncd
open/syncd /opt
/opt
ec vo
Notes:
oy si
The lsvg -p Volumegroup command gives information about all of the physical volumes
within the volume group. The information given is:
u
physical volume: outer edge, outer middle, center, inner middle, and inner edge.
The lsvg -l Volumegroup command gives information about all of the logical volumes
within the volume group. The details given are:
• Logical volume name (LVNAME)
8-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty • Type of logical volume (TYPE, for example, file system, paging)
• Number of LPs (LPs)
• Number of physical partitions (PPs)
• Number of physical volumes (PVs)
• Logical volume state (LV STATE)
.I. n
• Mount point (MOUNT POINT), if the logical volume contains a journaled file system
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Change
Change aa Volume
Volume Group
Group
.T ció
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name datavg
datavg
** Activate
Activate volume
volume group
group AUTOMATICALLY
AUTOMATICALLY no
no ++
at system restart?
.
at system restart?
** AA QUORUM
QUORUM ofof disks
disks required
required to
to keep
keep the
the volume
volume no
no ++
C
group
group on-line
on-line ??
.F a
Convert
Convert this
this VG
VG to
to Concurrent
Concurrent Capable?
Capable? no
no ++
Change
Change to
to big
big VG
VG format?
format? no
no ++
C rm
Change
Change to
to scalable
scalable VG
VG format?
format? no
no ++
LTG Size in kbytes
LTG Size in kbytes 256
256 ++
Set
Set hotspare
hotspare characteristics
characteristics nn ++
Set
Set synchronization characteristics
synchronization characteristics of
of stale
stale nn ++
partitions
partitions
to fo
Max
Max PPs
PPs per
per VG
VG in
in units
units of
of 1024
1024 32
32 ++
Max Logical Volumes
Max Logical Volumes 256
256 ++
Mirror
Mirror Pool
Pool Strictness
Strictness ++
Infinite
Infinite Retry
Retry Option
Option no
no ++
ec vo
Notes:
oy si
The chvg command changes the characteristics of a volume group. In the example shown
in the visual attributes, Activate volume group AUTOMATICALLY at system restart?
u
and A QUORUM of disks required to keep the volume group on-line? were set to
cl
8-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
## extendvg
extendvg -f
-f rootvg
rootvg hdisk2
hdisk2
## lsvg
lsvg -p rootvg || awk
-p rootvg awk ‘{print
‘{print $1,
$1, $2}’
$2}’
rootvg:
rootvg:
.I. n
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active
hdisk1
hdisk1 active
active hdisk2
.T ció
hdisk2
hdisk2 active
active
.
C
.F a
hdisk0 hdisk1
C rm
## reducevg
reducevg -d
## lsvg
-d rootvg
rootvg hdisk1
lsvg -p rootvg || awk
rootvg:
-p rootvg
hdisk1
awk ‘{print
‘{print $1,
$1, $2}’
$2}’
to fo
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active hdisk1
hdisk2
hdisk2 active
active
ec vo
Notes:
oy si
To add a disk to an existing volume group, use the extendvg command or SMIT fastpath
smit extendvg. The disk must be installed in the system or connected to it externally, and
cl
partition mapping maintained in the VGDA for the volume group. The space on the new
disk is now available to be allocated to logical volumes in the volume group. If the existing
data in the VGDA on the disk shows that it is part of another volume group, the -f option
forces the addition of the disk to the volume group, without requesting confirmation.
pr
Use this option when adding a disk which has been previously used, but contains data
which is no longer needed.
The syntax for the extendvg command is:
extendvg [-f] Volumegroup hdiskn
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
The syntax for the reducevg command is:
.T ció
reducevg [-d] [-f] Volumegroup hdiskn
The -d option deallocates the existing logical volume partitions, and then deletes resultant
empty logical volumes from the specified physical volumes. User confirmation is required
.
unless the -f flag is added.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
8-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Remove
Remove aa Volume
Volume Group
.I. n
Group
Type
Type or
or select
select aa value
value for
for the
the entry
entry field.
field.
.T ció
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
** VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg] ++
C
.F a
C rm
to fo
ec vo
Notes:
oy si
You can use the smit reducevg2 fastpath to remove a volume group. It runs a script which
identifies what physical volumes are in the volume group and then runs the reducevg
u
command to remove each physical volume until there are no more physical volumes in the
volume group.
cl
The Remove a Volume Group menu does not have a corresponding high-level command.
The correct way to remove a volume group, is to use the Remove a Physical Volume
Ex
from a Volume Group option, which calls the reducevg command. This removes the
volume group when you remove the last physical volume within it.
The syntax of the reducevg command is:
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
.T ció
RESYNCHRONIZE
RESYNCHRONIZE stale
stale physical
physical partitions?
partitions? yes
yes ++
Activate
Activate volume group in
volume group in SYSTEM
SYSTEM no
no ++
MANAGEMENT
MANAGEMENT mode?
mode?
FORCE
FORCE activation
activation ofof the
the volume
volume group? no ++
.
group? no
Warning--this
Warning--this may
may cause
cause loss
loss of
of data
data integrity.
integrity.
C
Varyon
Varyon VG
VG in
in Concurrent
Concurrent Mode? no ++
.F a
Mode? no
Synchronize
Synchronize Logical
Logical Volumes?
Volumes? no
no ++
C rm
# smit varyoffvg varyoffvg datavg
Deactivate
Deactivate aa Volume
Volume Group
Group
to fo
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
Put
Put volume group in
volume group in SYSTEM
SYSTEM no
no ++
MANAGEMENT mode?
MANAGEMENT mode?
ec vo
Notes:
oy si
The varyonvg command is used to activate a volume group that is not activated at system
startup, or has been added to the system since startup.
cl
The -f option is used to force a volume group online. It allows a volume group to be made
active that does not currently have a quorum of available disks. Any disk that cannot be
Ex
brought to an active state is put in a removed state. At least one disk must be available for
use in the volume group.
The varyoffvg command
The varyoffvg command is used to deactivate a volume group. No logical volumes should
pr
be open when this command is issued. Removing a disk without deactivating the volume
group could cause errors and loss of data in the volume group descriptor areas, and the
logical volumes within that volume group.
8-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
[Entry
[Entry Fields]
Fields]
.T ció
VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg]
** PHYSICAL
PHYSICAL VOLUME
VOLUME name
name [hdisk3]
[hdisk3] ++
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
.
C
.F a
# smit exportvg exportvg datavg
C rm
Export
Export aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
to fo
Note: The volume group must be inactive before it is exported.
ec vo
Notes:
oy si
If you export the volume group from the current system using the exportvg command, this
removes all information about the volume group from the system. This is only local system
cl
(ODM data) operation -- no data in volume group changed. To export a volume group, it
must be inactive first.
Ex
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Logical storage
IBM Power Systems
Physical volumes
.I. n
1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 13
.T ció
16 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32
.
32 33 35 33
35 38 38
36 36 37
C
41 37 41 44
44
.F a
42 43 42 43
47 50 47 50
48 49 48 49
C rm
Logical Volume Manager
1 2 3 4 1 2 3 4
to fo
Logical
partitions
Logical Logical
volume volume
ec vo
Notes:
oy si
Logical volumes
u
A logical volume is a group of logical partitions which may span physical volumes, as
long as the physical volumes are in the same volume group. A file system resides on
cl
Logical partitions are mapped one-to-one to physical partitions unless they are being
mirrored.
pr
8-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– RAID 1, Mirroring (up to 3 copies)
– RAID 10 or 1 + 0, Striping + Mirroring
.T ció
• Striping aides performance, whereas mirroring aides availability.
.
C
• In today’s environment, most data resides in SANs. Disks in a SAN are
.F a
generally grouped together into a RAID array and divided into LUNs.
C rm
– AIX sees LUNs as physical disks.
– One should not further deploy AIX RAID configurations on top of H/W (SAN)
RAID configurations.
– SAN environments provide greater levels of RAID support (performance and
to fo
availability).
– LUNs can be increased in size. If so, AIX must know about it:
# chvg -g datavg
ec vo
Notes:
oy si
• RAID 0. Striping provides improved performance and additional storage, but no fault
tolerance. Any disk failure destroys the array, which becomes more likely with more
cl
disks in the array. A single disk failure destroys the entire array because when data is
written to a RAID 0 drive, the data is broken into fragments. The fragments are written
to their respective disks simultaneously on the same sector. This allows smaller
Ex
sections of the entire chunk of data to be read off the drive in parallel, giving this type of
arrangement huge bandwidth. RAID 0 does not implement error checking so any error
is unrecoverable. More disks in the array means higher bandwidth, but greater risk of
data loss.
pr
• RAID 1.Mirroring on AIX provides fault tolerance from disk errors by creating up to three
copies of the data on different drives.
• RAID 10 Combines RAID levels 0 + 1. Striping + mirroring provides fault tolerance
along with improved performance.
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Scheduling policy
.T ció
– Dictates how data is read/written for mirrored LVs
.
• Mirror write consistency
C
.F a
– Ensures mirrored PPs are consistent
C rm
• Write verify
– Verifies all writes with a read operation
to fo
– Default is no. Generally it is not recommended to set to yes as it will
impact system (write) performance.
ec vo
Notes:
oy si
8-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Mirroring (RAID1)
IBM Power Systems
.I. n
.T ció
hdisk0 fslv00
First copy PP1
PP2 LP1
.
LP2
C
.F a
hdisk1
Second copy
C rm
PP1
PP2
hdisk2
to fo
Third copy PP1
PP2
ec vo
Notes:
oy si
Mirroring of data over multiple drives protects against a potential hardware failure. The
structure of LVM enables mirroring by manipulating the relationship between the physical
u
partition and the logical partition. The AIX mirror function does not apply to a physical disk,
only to logical volumes. This is the most important principle to understand for the AIX LVM
cl
physical partitions for a two-way mirror. Or, one logical partition to three physical partitions
for a three-way mirror.
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Mirroring, allocation
IBM Power Systems
.I. n
.T ció
• This setting is controlled by the Allocation policy.
– This is also referred to as strictness.
.
C
.F a
• Allocation can be set to:
– No: This is not recommended.
C rm
– Yes (default): This ensures that no LP copies can share the same PV.
– Superstrict: Ensures that a given PV does not have a mixture of
primary and secondary copies, in addition to strictness.
to fo
ec vo
Notes:
oy si
When mirroring data, it is essential that all PP copies are stored on different disks. The
placement of PP is governed by the allocation policy, which by default is set to strict. Strict
u
policy ensures that all mirrored copies are placed on different disks. However, under LVM
RAID 0 +1 configurations, strict policy can lead to situations where mirrored copies of the
cl
data are on the same disk. To protect against this, the system will automatically set the
allocation policy to superstrict. Also, using an initial non-mirrored allocation with the
Ex
inter-policy set to spread the allocations over multiple disks (the so called poor man’s
striping) can result in a non-superstrict situation when mirroring is implemented. When
implementing the LVM snapshot VG, the mirroring must be superstrict.
pr
8-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Striping (RAID 0)
IBM Power Systems
.I. n
1
Stripe hdisk0
.T ció
2 • Striping increases read/write
units 3 sequential throughput by
LP2 4 evenly distributing stripe units
.
2
5 8 among disks.
C
5
.F a
6
hdisk1 • Stripe unit size is specified at
C rm
7 the creation time.
8 – 4 KB to 128 MB
3 6 9
LP3 9
to fo
Stream of
data
hdisk2
ec vo
Notes:
oy si
Striping
u
Striping is a technique for spreading the data in a logical volume across several disks, so
that the I/O capacity of the disk drives can be used in parallel, so to access data on the
cl
logical volume.
Striping is designed to increase the read/write performance of frequently accessed, large
Ex
sequential files. Striping can also be used to distribute data evenly across a set of disks, so
that random I/O can be scattered across many drives simultaneously. In non-striped logical
volumes, data is accessed using addresses to data blocks within physical partitions. In a
striped logical volume, data is accessed using addresses to stripe units.
pr
Stripe size
The size of the stripe unit is specified at creation time. The stripe size can range from 4 KB
-128 MB in powers of two.
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Constraints
There are some constraints imposed by implementing striping:
• The number of physical partitions allocated to a striped logical volume must evenly
distributable among the disks.
• At least two physical volumes are required
Performance considerations
.I. n
There are some considerations in configuring striping for performance:
.T ció
• Use as many adapters as possible. For example, if multiple disks in the stripe width are
on the same storage adapter, a read/write of a stripe is not able to read/write the stripe
units in parallel.
.
C
• Design to avoid contention with other uses of the disks used by the striped logical
.F a
volume.
• Create on a volume group dedicated to striped logical volumes.
C rm
It is not a good idea to mix striped and non-striped logical volumes in the same physical
volume. Physical volumes should ideally be the same size within the set used for a striped
logical volume. Just because a logical volume is striped, it does not mean that the file's
to fo
data blocks are going to be perfectly aligned with the stripe units. Therefore, if a file block
crosses a stripe boundary, the block gets split into multiple LVM I/Os.
ec vo
oy si
u
cl
Ex
pr
8-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
1 3 5 1 3 5 1
.I. n
2
hdisk2 hdisk0 3
.T ció
4
5
.
2 2 4 6
4 6
6
C
.F a
Stream of
hdisk3 hdisk1 data
C rm
• Meets performance and high availability requirements
• More expensive (requires more disks, minimum four)
to fo
• Mirroring allocation automatically set to superstrict
ec vo
Notes:
oy si
RAID 10 meets performance and high availability requirements by mirroring strip sets to
different disks. However, this comes at a cost as more disks are required (minimum 4).
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Mirror pools
IBM Power Systems
.I. n
.T ció
hdisk0
PP1
First copy PP3
on PoolA
.
hdisk1 lv00
PP2
C
PoolB hdisk PP4 LP1
.F a
should be on LP2
remote storage LP3
C rm
server!
hdisk2 LP4
PP1
PP3
Second copy
on PoolB hdisk3
PP2
to fo
PP4
ec vo
Notes:
oy si
This visual shows an example of RAID 10, a combination of RAID 1 + 0 Mirroring of data
over multiple drives that protects against a potential hardware failure. Copies of LP1 are on
u
hdisk0 and hdisk2, and copies of LP2 are on hdisk1 and hdisk3. Physically, hdisk0/hdisk1
and hdisk2/hdisk3 are placed on different SAN storage servers. Now, let‘s imagine that
cl
lv00 is placed to more than four hdisks and we need to be sure that all copies are placed on
different storage servers. Also consider that we need to increase the size of lv00 and that
Ex
we are required to attach more hdisks to our system. Proper PP distribution is not an easy
task in this situation.
Mirror pools simplify the task of mirroring data over multiple drives.
pr
8-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty • Mirror pools are available in AIX 7.1 and AIX V6.1 TL 2 and up.
• After assigning PVs (physical volumes) to a mirror pool, the volume group can no longer
be imported to a previous version of AIX that does not support mirror pools.
• Any changes to mirror pool characteristics will not affect partitions allocated before the
changes were made. The reorgvg command should be used after mirror pool changes
are made to move the allocated partitions to conform to the mirror pool restrictions.
.I. n
No additional commands for mirror pools have been added to AIX. Instead, the existing AIX
LVM commands have been extended to incorporate the mirror pool functionality. Following
.T ció
are some examples of mirror pool enhanced AIX LVM commands.
To create a mirror pool with the defined list of disk (disks should be part of a vg):
.
# chpv –p <mirror_pool_name> <hdisk list>
C
.F a
To create a logical volume in the given mirror pools:
# mklv -c 2 -p copy1=PoolA -p copy2=PoolB datavg 10
C rm
To list mirror pools defined in volume group:
# lsmp datavg
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Center Inner-middle
.T ció
Edge
.
C
• Inter-physical volume allocation policy
.F a
– Minimum (default)
C rm
• 1 LV copy: One (or minimum) PV should contain all PPs
• 2 or 3 LV copies: Use as many PVs as copies, keeping PV usage down to
a minimum.
– Maximum
to fo
• PPs should be spread over as many PVs as possible.
Note: These settings have little effect when used in SAN environments, whereby
LUNs are in RAID configurations.
ec vo
Notes:
oy si
Introduction
u
When creating or changing a logical volume you can define the way the Logical Volume
Manager decides which physical partitions to allocate to the logical volume. This affects
cl
The intra-disk allocation policy choices, are based on the five regions of a disk where
physical partitions can be located. The closer a given physical partition is to the center
of a physical volume, the lower the average seek time is because the center has the
shortest average seek distance from any other part of the disk. The file system log is a
pr
8-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
– Parallel (default)
• Write operations on different physical partitions start at the same time.
.T ció
• When the longest write finishes, the write operation is complete.
• Improves performance (especially RAID-Performance)
.
– Parallel write/sequential read
C
> Primary copy is read first, I f unsuccessful, the next copy is used.
.F a
– Parallel write/round robin read
> Round-robin reads alternate disks between copies.
C rm
– Sequential
• Second physical write operation is not started unless the first operation has
completed successfully.
to fo
• In case of a total disk failure, there is always a “good copy”.
• Increased availability, but decreases performance
ec vo
Notes:
oy si
Scheduling policies
u
The scheduling policy determines how reads and writes are conducted to a mirrored
logical volume. LVM offers several scheduling policies for mirrored volumes to control
cl
Sequential mirroring writes to multiple copies or mirrors in order. The multiple physical
partitions representing the mirrored copies of a single logical partition are designated
primary, secondary, and tertiary. In sequential scheduling, the physical partitions are
written to in sequence. The system waits for the write operation for one physical
pr
partition to complete, before starting the write operation for the next one. When all write
operations have been completed for all mirrors, the write operation is complete.
Parallel write
8-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty Parallel mirroring simultaneously starts the write operation for all the physical partitions
in a logical partition. When the write operation to the physical partition that takes the
longest to complete finishes, the write operation is completed.
Sequential read
When a sequential read is specified, the primary copy of the read is always read first. If
that read operation is unsuccessful, the next copy is read. During the read retry
operation on the next copy, the failed primary copy is corrected by LVM with a hardware
.I. n
relocation. This patches the bad block for future access.
.T ció
Parallel read
On each read, the system checks whether the primary is busy. If it is not busy, the read
is initiated on the primary. If the primary is busy, the system checks the secondary, and
.
then the tertiary. If those are also busy, the read is initiated in the copy with the least
C
.F a
number of outstanding I/Os.
Round-robin read
C rm
Round-robin reads alternate between copies. This results in equal utilization for reads,
even when there is more than one I/O outstanding.
Which is right for me?
to fo
Each of the scheduling policies provide benefits, as well as drawbacks. When deciding
on a method of mirroring, you need to take into consideration how critical the data is,
and performance. The trade off is performance, versus availability. In general, a
mirrored logical volume is slower than an unmirrored logical volume, because you have
ec vo
to write the data in two or three places. The exception can be a mirrored LV in a
high-read environment. If your application does mostly reads, and you are using parallel
or parallel/round robin scheduling, reads may complete faster because the I/Os are
oy si
spread across multiple disks, which can occur simultaneously if the disks are on
separate controllers. One of the parallel scheduling policies usually provides the best
performance in a write intensive environment, because writes can proceed in parallel.
u
However, there is some additional overhead, and mirrored logical volumes are usually
slower than comparable unmirrored logical volumes in a write intensive environment.
cl
Sequential scheduling provides the worst performance, but provides the best chance of
recovering data in the event of a system crash in the middle of a write operation.
Ex
Sequential scheduling makes it more likely that you have at least one good copy, the
primary copy, of a logical partition after a crash.
Synchronization
When turning on mirroring for an existing logical volume, the copies have to be
pr
synchronized so the new copy contains a perfect image of the existing copy, at that
point in time. This can be done by using the -k option on the mklvcopy command at the
time mirroring is turned on, or with the syncvg command at a later time. Until the copies
are synchronized, the new copy is marked stale.
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
copy.
.T ció
• Solution: Mirror write consistency
.
– Ensures PPs are consistent after reboot
C
– Three modes: off, active, and passive
.F a
– Active (default)
C rm
• Uses a cache on disk
• The physical write operation proceeds when the cache has been updated.
– Passive. (Big VGs only)
to fo
• Logging of LV updates, but does not log writes
• If the system crashes on reboot, a forced synchronization of the LVs takes
place.
ec vo
Notes:
oy si
The LVM always ensures data consistency among mirrored copies of a logical volume
during normal I/O processing.
u
For every write to a logical volume, the LVM generates a write request for every mirror
cl
copy. A problem arises if the system crashes in the middle of processing a mirrored write,
and before all copies are written. If mirror write consistency recovery is requested for a
logical volume, the LVM keeps additional information to allow recovery of these
Ex
inconsistent mirrors. Mirror write consistency recovery should be performed for most
mirrored logical volumes. Logical volumes, such as the page space that do not use the
existing data when the volume group is re-varied on, do not need this protection.
pr
The Mirror Write Consistency (MWC) record consists of one sector. It identifies which
logical partitions may be inconsistent if the system is not shut down correctly. When the
volume group is varied back online, this information is used to make the logical partitions
consistent again. Note: With Mirror Write Consistency LVs, because the MWC control
sector is on the edge of the disk, performance may be improved if the mirrored logical
volume is also on the edge.
8-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty Beginning in AIX 5L, a mirror write consistency option called Passive Mirror Write
Consistency is available. The default mechanism for ensuring mirror write consistency is
Active MWC. Active MWC provides fast recovery at reboot time after a crash has occurred.
However, this benefit comes at the expense of write performance degradation, particularly
in the case of random writes. Disabling Active MWC eliminates this write-performance
penalty, but upon reboot after a crash, you must use the syncvg -f command to manually
synchronize the entire volume group, before users can access the volume group. To
.I. n
achieve this, automatic vary-on of volume groups must be disabled.
Enabling Passive MWC not only eliminates the write-performance penalty associated with
.T ció
Active MWC, but logical volumes will be automatically resynchronized as the partitions are
being accessed. This means that the administrator does not have to synchronize logical
volumes manually or disable automatic vary-on. The disadvantage of Passive MWC is that
.
slower read operations may occur, until all the partitions have been resynchronized.
C
.F a
You can select either mirror write consistency option within SMIT, when creating or
changing a logical volume. The selection option takes effect only when the logical volume
C rm
is mirrored (copies > 1).
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit lv
.I. n
Logical
Logical Volumes
Volumes
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Logical
Logical Volumes
Volumes byby Volume
Volume Group
Group
Add a Logical Volume
.
Add a Logical Volume
Set
Set Characteristic
Characteristic of
of aa Logical
Logical Volume
Volume
C
Show
Show Characteristics
Characteristics of
of aa Logical
Logical Volume
.F a
Volume
Remove
Remove aa Logical
Logical Volume
Volume
Copy
Copy aa Logical
Logical Volume
Volume
C rm
to fo
ec vo
Notes:
oy si
This is the top-level SMIT menu for logical volumes. The next few pages discuss these
items.
u
cl
Ex
pr
8-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
[Entry
[Entry Fields]
Fields]
Logical
Logical volume
volume NAME
NAME [datalv]
[datalv]
** VOLUME
VOLUME GROUP
GROUP name
name datavg
datavg
** Number
Number of LOGICAL PARTITIONS
of LOGICAL [100] ##
.T ció
PARTITIONS [100]
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk2
[hdisk2 hdisk3]
hdisk3] ++
Logical volume TYPE
Logical volume TYPE [jfs2]
[jfs2] ++
POSITION
POSITION onon physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER of PHYSICAL VOLUMES
NUMBER of PHYSICAL VOLUMES []
[] ##
.
to
to use
use for
for allocation
allocation
Number of COPIES of each logical
Number of COPIES of each logical 22 ++
C
partition
partition
.F a
Mirror
Mirror Write
Write Consistency?
Consistency? active
active ++
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on a SEPARATE physical
a SEPARATE physical volume?
volume?
RELOCATE the logical volume
RELOCATE the logical volume duringduring yes
yes ++
C rm
reorganization?
reorganization?
Logical
Logical volume
volume LABEL
LABEL []
[]
MAXIMUM
MAXIMUM NUMBER
NUMBER ofof LOGICAL
LOGICAL PARTITIONS
PARTITIONS [512]
[512] ##
Enable
Enable BAD BLOCK relocation?
BAD BLOCK relocation? yes
yes ++
SCHEDULING POLICY for writing/reading
SCHEDULING POLICY for writing/reading parallel
parallel ++
logical
logical partition
partition copies
copies
Enable
Enable WRITE
WRITE VERIFY?
VERIFY? no
no ++
File
File containing ALLOCATION MAP
containing ALLOCATION []
to fo
MAP []
Stripe
Stripe Size?
Size? [Not
[Not Striped]
Striped] ++
Serialize IO?
Serialize IO? no
no ++
Mirror
Mirror Pool
Pool for
for First
First Copy
Copy ++
Mirror
Mirror Pool
Pool for
for Second
Second Copy
Copy ++
Mirror Pool for Third
Mirror Pool for Third Copy Copy ++
Infinite Retry Option
Infinite Retry Option no
no ++
ec vo
Notes:
oy si
The mklv command creates a logical volume. The name of the logical volume can be
specified or a system-generated name is used. The volume group the logical volume
u
belongs to, and the size (in logical partitions, must be specified. Other characteristics that
can be set are, the allocation policy, copies (mirroring), scheduling policy, and striping.
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Show LV characteristics (1 of 2)
IBM Power Systems
## lslv
lslv datalv
datalv
LOGICAL
LOGICAL VOLUME:
VOLUME: datalv
datalv VOLUME
VOLUME GROUP:
GROUP: datavg
datavg
LV
LV IDENTIFIER:
IDENTIFIER: 00cf2e7f00004c000000011d68130bea.1
00cf2e7f00004c000000011d68130bea.1
PERMISSION:
PERMISSION: read/write
read/write
.I. n
VG
VG STATE:
STATE: active/complete
active/complete LV
LV STATE:
STATE: closed/syncd
closed/syncd
TYPE:
TYPE: jfs2
jfs2 WRITE
WRITE VERIFY:
VERIFY: off
off
MAX
MAX LPs:
LPs: 512
512 PP
PP SIZE:
SIZE: 44 megabyte(s)
megabyte(s)
.T ció
COPIES:
COPIES: 22 SCHED
SCHED POLICY:
POLICY: parallel
parallel
LPs:
LPs: 10
10 PPs:
PPs: 20
20
STALE
STALE PPs:
PPs: 00 BB
BB POLICY:
POLICY: relocatable
relocatable
INTER-POLICY:
INTER-POLICY: minimum
minimum RELOCATABLE:
RELOCATABLE: yes
yes
INTRA-POLICY:
INTRA-POLICY: middle
middle UPPER
UPPER BOUND:
BOUND: 11
.
MOUNT
MOUNT POINT:
POINT: N/A
N/A LABEL:
LABEL: None
None
C
MIRROR
MIRROR WRITE
WRITE CONSISTENCY:
CONSISTENCY: on/ACTIVE
on/ACTIVE
.F a
EACH
EACH LPLP COPY
COPY ON
ON AA SEPARATE
SEPARATE PV
PV ?:
?: yes
yes (superstrict)
(superstrict)
Serialize
Serialize IO IO ?:
?: NO
NO
INFINITE
INFINITE RETRY:
RETRY: no
no
DEVICESUBTYPE: DS_LVZ
C rm
DEVICESUBTYPE: DS_LVZ
COPY
COPY 11 MIRROR
MIRROR POOL:
POOL: None
None
COPY
COPY 22 MIRROR
MIRROR POOL:
POOL: None
None
COPY
COPY 33 MIRROR
MIRROR POOL:
POOL: None
None
## lslv
lslv -l
-l datalv
datalv
to fo
datalv:N/A
datalv:N/A
PV
PV COPIES
COPIES IN
IN BAND
BAND DISTRIBUTION
DISTRIBUTION
hdisk2
hdisk2 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
hdisk3
hdisk3 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
ec vo
Notes:
oy si
<logicalvolume_name>
The –l flag lists the following fields for each physical volume in the logical volume:
• PV: Physical volume name.
cl
• Copies:
- The number of LPARs containing at least one physical partition (no copies) on the
Ex
PV
- The number of LPARs containing at least two physical partitions (one copy) on the
PV
- The number of LPARs containing three physical partitions (two copies) on the PV
pr
• In band: The percentage of physical partitions on the physical volume that belong to the
logical volume, and were allocated within the physical volume region specified by
Intra-physical allocation policy
• Distribution: The number of physical partitions allocated within each section of the PV:
outer edge, outer middle, center, inner middle, and inner edge of the PV.
8-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Show LV characteristics (2 of 2)
IBM Power Systems
.I. n
datalv:N/A
datalv:N/A
LP
LP PP1
PP1 PV1
PV1 PP2
PP2 PV2
PV2 PP3
PP3 PV3
PV3
.T ció
0001
0001 0104 hdisk2
0104 hdisk2 0104
0104 hdisk3
hdisk3
0002
0002 0105
0105 hdisk2
hdisk2 0105
0105 hdisk3
hdisk3
0003
0003 0106
0106 hdisk2
hdisk2 0106
0106 hdisk3
hdisk3
0004
0004 0107
0107 hdisk2 0107 hdisk3
.
hdisk2 0107 hdisk3
0005
0005 0108
0108 hdisk2
hdisk2 0108
0108 hdisk3
hdisk3
C
0006
0006 0109
0109 hdisk2 0109 hdisk3
.F a
hdisk2 0109 hdisk3
0007
0007 0110
0110 hdisk2
hdisk2 0110
0110 hdisk3
hdisk3
0008
0008 0111
0111 hdisk2
hdisk2 0111
0111 hdisk3
hdisk3
C rm
0009 0112 hdisk2
0009 0112 hdisk2 0112
0112 hdisk3
hdisk3
0010
0010 0113
to fo 0113 hdisk2
hdisk2 0113
0113 hdisk3
hdisk3
ec vo
Notes:
oy si
The lslv –m flag shows the LP to PP relationship. The example in the visual, shows LP
number 1 for datalv, is mapped to physical partition number 104 on hdisk2, and is also
u
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
hdisk3 hdisk4
datavg
.T ció
1 2 3 4
empty
5 6 7 8
.
C
.F a
• # chlv –e x mylv (set to maximum number of disks)
C rm
• # reorgvg datavg mylv
hdisk3 hdisk4
datavg
to fo
1 3 5 7 2 4 6 8
ec vo
Notes:
oy si
If the intra-physical volume allocation policy (location on disk: center, middle, edge, inner
edge, and inner middle) is changed after the logical volume is created, the physical
cl
partition does not relocate automatically. The reorgvg command is used to redistribute the
physical partitions of the logical volumes of a volume group according to their preferred
allocation policies. This should improve disk performance. Preference is given in the order
Ex
8-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Add
Add Copies
Copies to
to aa Logical
Logical Volume
Volume
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
** NEW
NEW TOTAL
TOTAL number
number of
of logical
logical partition 33 ++
C
partition
.F a
copies
copies
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk4]
[hdisk4] ++
POSITION
POSITION on
on physical
physical volume
volume middle
middle ++
C rm
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER
NUMBER of
of PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
to
to use
use for
for allocation
allocation
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on aa SEPARATE
SEPARATE physical
physical volume?
volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]
to fo
SYNCHRONIZE
SYNCHRONIZE the
the data
data in
in the
the new
new yes
yes ++
logical
logical partition
partition copies?
copies?
Mirror
Mirror Pool
Pool for
for First
First Copy
Copy []
[] ++
Mirror
Mirror Pool
Pool for
for Second
Second Copy
Copy []
[] ++
Mirror
Mirror Pool
Pool for
for Third
Third Copy
Copy []
[] ++
ec vo
Notes:
oy si
the logical volume to change and the total number of copies wanted. This only
succeeds if there are enough physical partitions to satisfy the requirements on the
cl
physical volumes that are specified to be used. That is, if all copies are to be on
different physical volumes. Once a logical volume has been created, striping cannot be
Ex
imposed or removed.
Synchronizing a mirrored logical volume
Also, in order for the copies to match, the logical volume has to be synchronized using
the syncvg command. This can be done with the -k option when the copy is originally
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Increase
Increase the
the Size
Size of
of aa Logical
Logical Volume
Volume
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
C
** Number
Number of
of ADDITIONAL
ADDITIONAL logical
logical partitions
partitions [20]
[20] ##
.F a
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names []
[] ++
POSITION
POSITION on
on physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
C rm
MAXIMUM
MAXIMUM NUMBER
NUMBER of
of PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
to use for allocation
to use for allocation
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on aa SEPARATE
SEPARATE physical
physical volume?
volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]
to fo
ec vo
Notes:
oy si
The extendlv command increases the number of logical partitions allocated to the
LogicalVolume, by allocating the number of additional logical partitions represented by the
u
or more physical volumes in the PhysicalVolume parameter. Otherwise, all the physical
volumes in a volume group are available for allocating new physical partitions.
Ex
The default maximum number of partitions for a logical volume is 512. Before extending a
logical volume to more than 512 logical partitions, use the chlv command to increase the
default value.
pr
The default allocation policy is to use a minimum number of physical volumes per logical
volume copy, to place the physical partitions belonging to a copy as contiguously as
possible, and then to place the physical partitions in the requested region specified by the
-a flag. Also by default, each copy of a logical partition is placed on a separate physical
volume.
8-38 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Remove
Remove aa Logical
Logical Volume
Volume
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
.
LOGICAL
LOGICAL VOLUME
VOLUME name
name [datalv2]
[datalv2] ++
C
.F a
C rm
to fo
ec vo
Notes:
oy si
The rmlv command removes logical volumes, and in the process, destroys all data.
u
The LogicalVolume parameter can be a logical volume name or logical volume ID. The
logical volume first must be closed. If the volume group is varied on in concurrent mode,
cl
the logical volume must be closed on all the concurrent nodes on which the volume group
is varied on. For example, if the logical volume contains a file system, it must be
unmounted. However, removing the logical volume does not notify the operating system
Ex
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
## lsvg
lsvg -o
-o || lsvg
lsvg -i
-i –l
–l
.I. n
datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
.T ció
datalv
datalv jfs2
jfs2 30
30 90
90 33 closed/syncd
closed/syncd N/A
N/A
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
boot 11 11 11 closed/syncd
closed/syncd N/A
N/A
.
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
C
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
.F a
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
jfs 55 55 11 open/syncd
open/syncd /var
/var
C rm
hd3
hd3 jfs
jfs 33 33 11 open/syncd
open/syncd /tmp
/tmp
hd1
hd1 jfs
jfs 11 11 11 open/syncd
open/syncd /home
/home
hd10opt
hd10opt jfs
jfs 44 44 11 open/syncd
open/syncd /opt
/opt
loglv00
loglv00 jfs2log
jfs2log 11 11 11 closed/syncd
closed/syncd N/A
N/A
hd11admin
hd11admin jfs
jfs 22 22 11 open/syncd
open/syncd /admin
/admin
fslv00 jfs2 22 22 11 closed/syncd /db2
to fo
fslv00 jfs2 closed/syncd /db2
ec vo
Notes:
oy si
From the smit lv fastpath, the List all Logical Volumes by Volume Group option uses lsvg
-o to find out the active volume groups, and then lsvg -il to list the logical volumes within
u
them. The -i option of lsvg reads the list of volume groups from standard input.
cl
Ex
pr
8-40 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Mirror Can be used
Mirror aa Volume
Volume Group
Group
to mirror
any VG
.T ció
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making
Enter AFTER making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
.
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name rootvg
rootvg
C
Mirror
Mirror sync
sync mode [Foreground] ++
.F a
mode [Foreground]
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk1]
[hdisk1] ++
Number
Number of
of COPIES
COPIES of
of each
each logical
logical 22 ++
C rm
partition
partition
Keep
Keep Quorum
Quorum Checking
Checking On?
On? no
no ++
Create Exact LV Mapping?
Create Exact LV Mapping? no
no ++
## bosboot
bosboot -a
-a -d
-d /dev/hdisk1
/dev/hdisk1
to fo
Additional
## bootlist
bootlist -m
-m normal
normal hdisk0
hdisk0 hdisk1
hdisk1 steps
required for
## shutdown rootvg
shutdown –Fr
–Fr (not
(not required
required with
with AIX6
AIX6 and
and later)
later)
ec vo
Notes:
oy si
The mirrorvg command takes all the logical volumes on a given volume group and mirrors
those logical volumes. This same functionality may also be accomplished manually if you
u
execute the mklvcopy command for each individual logical volume in a volume group. As
with mklvcopy, the target physical drives to be mirrored with data, must already be
cl
synchronization of the mirrors must complete before the command returns to the user. If
you wish to avoid the delay, use the –S (background Sync) or -s (disable sync) option. The
default value of two copies is always used.
If there are only two disks in the volume group to be mirrored, Keep Quorum Checking On
pr
should be set to no. Otherwise, if a disk fails, the entire volume group would go offline.
Protecting rootvg on AIX from disk failure is important. Mirroring the data is one way to
achieve this. When mirroring rootvg there are additional steps to perform:
• Create a boot image on the mirrored disk, using bosboot command.
• Add the newly mirrored disk to the bootlist.
• Shut down and reboot the system.
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Physical volumes
IBM Power Systems
.I. n
1 1 4
4
2 2 3
7 3 7 10
10
.T ció
8 8 9
9 13 16
13 16
14 14 15
19 15 19 22
22 20 21
20 21 25
25 28 28
26 27
.
26 27 31
31 34 34
32 32 33
33
C
35 35 38
38 36
.F a
36 37 41 37
41 44 44
42 42 43
43 47 50
47 50
48 49 48 49
C rm
Physical partitions
• Physical volume (PV)
to fo
– Hard disk, a virtual disk or a LUN
• Physical partition (PP)
– Smallest assignable unit of allocation on a physical disk
ec vo
Notes:
oy si
A physical partition is a fixed size, contiguous set of bytes, on a physical volume (PV).
u
Physical partitions (PP) must be the same size across an entire volume group. However,
there may be multiple volume groups on a single system, each with a different PP size.
cl
The limitations for each type of volume group (original, big, and scalable) such as the
number of physical volumes and size of the physical partitions, was given in the last unit,
Ex
8-42 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
# smit pv
.I. n
Physical
Physical Volumes
Volumes
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Physical
Physical Volumes
Volumes in
in System
System
Add a Disk
.
Add a Disk
Change
Change Characteristics
Characteristics of
of aa Physical
Physical Volume
Volume
C
List
List Contents
Contents of
of aa Physical
Physical Volume
.F a
Volume
Move
Move Contents
Contents of
of aa Physical
Physical Volume
Volume
C rm
to fo
ec vo
Notes:
oy si
This is the top-level menu for physical volume. Each of these items is discussed in the
following pages.
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
hdisk1
hdisk1 00cf2e7f713ca357
00cf2e7f713ca357 None
None
hdisk2
hdisk2 00cf2e7fea693331
00cf2e7fea693331 datavg
datavg active
active
.T ció
hdisk3
hdisk3 00cf2e7fea6a26e0
00cf2e7fea6a26e0 datavg
datavg active
active
hdisk4
hdisk4 00cf2e7fea6a318
00cf2e7fea6a318 datavg
datavg active
active
.
C
## lspv
lspv hdisk3
hdisk3
.F a
PHYSICAL
PHYSICAL VOLUME:
VOLUME: hdisk3
hdisk3 VOLUME
VOLUME GROUP:
GROUP: datavg
datavg
PV
PV IDENTIFIER:
IDENTIFIER: 00cf2e7fea6a26e0
00cf2e7fea6a26e0
VG
VG IDENTIFIER 00cf2e7f00004c000000011d68130bea
C rm
IDENTIFIER 00cf2e7f00004c000000011d68130bea
PV
PV STATE:
STATE: active
active
STALE
STALE PARTITIONS:
PARTITIONS: 00 ALLOCATABLE:
ALLOCATABLE: yes
yes
PP
PP SIZE:
SIZE: 44 megabyte(s)
megabyte(s) LOGICAL
LOGICAL VOLUMES:
VOLUMES: 11
TOTAL
TOTAL PPs:
PPs: 511
511 (2044
(2044 megabytes)
megabytes) VG
VG DESCRIPTORS:
DESCRIPTORS: 11
FREE
FREE PPs:
PPs: 481
481 (1924
(1924 megabytes)
megabytes) HOT
HOT SPARE:
SPARE: no
no
to fo
USED
USED PPs:
PPs: 30
30 (120
(120 megabytes)
megabytes) MAX
MAX REQUEST:
REQUEST: 256K
256K
FREE
FREE DISTRIBUTION:
DISTRIBUTION: 103..72..102..102..102
103..72..102..102..102
USED
USED DISTRIBUTION:
DISTRIBUTION: 00..30..00..00..00
00..30..00..00..00
MIRROR
MIRROR POOL:
POOL: None
None
ec vo
Notes:
oy si
From the smit pv fastpath, the List all Physical Volumes in System option uses the
undocumented command lspv | /usr/bin/awk {print$1}'' list the physical volumes in
u
the system.
cl
The lspv command with no parameters can be used to list the physical volume name,
physical volume identifier, and volume group for all physical volumes in the system.
Ex
The lspv pvname command gives status information about the physical volume. The most
useful information here is:
• State (active or inactive)
• Number of physical partition copies that are stale (are not up to date with other copies)
pr
8-44 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
## lspv
lspv -l-l hdisk0
hdisk0
hdisk0:
hdisk0:
.I. n
LV
LV NAME
NAME LPs
LPs PPs
PPs DISTRIBUTION
DISTRIBUTION MOUNT
MOUNT POINT
POINT
hd2
hd2 35
35 35
35 00..00..03..20..12
00..00..03..20..12 /usr
/usr
.T ció
hd9var
hd9var 55 55 00..05..00..00..00
00..05..00..00..00 /var
/var
hd8
hd8 11 11 00..00..01..00..00
00..00..01..00..00 N/A
N/A
hd4
hd4 15
15 15
15 00..00..15..00..00
00..00..15..00..00 //
hd5 11 11 01..00..00..00..00 N/A
.
hd5 01..00..00..00..00 N/A
hd6
hd6 88 88 00..08..00..00..00
00..08..00..00..00 N/A
N/A
C
hd10opt 44 44 04..00..00..00..00 /opt
.F a
hd10opt 04..00..00..00..00 /opt
hd3
hd3 33 33 00..03..00..00..00
00..03..00..00..00 /tmp
/tmp
hd1
hd1 11 11 00..01..00..00..00
00..01..00..00..00 /home
/home
C rm
hd11admin
hd11admin 22 22 00..02..00..00..00
00..02..00..00..00 /admin
/admin
fslv00
fslv00 22 22 02..00..00..00..00
02..00..00..00..00 /db2
/db2
loglv00
loglv00 11 11 00..01..00..00..00
00..01..00..00..00 N/A
N/A
to fo
ec vo
Notes:
oy si
The lspv -l pvname command lists all the logical volumes on a physical volume including
the number of logical partitions, physical partitions, and distributions on the disk.
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
## lspv
lspv -p
-p hdisk0
hdisk0
hdisk0:
hdisk0:
.I. n
PP
PP RANGE
RANGE STATE
STATE REGION
REGION LV
LV NAME
NAME TYPE
TYPE MOUNT
MOUNT
POINT
POINT
1-1
1-1 used
used outer
outer edge
edge hd5
hd5 boot
boot N/A
N/A
.T ció
2-14
2-14 free
free outer
outer edge
edge
15-16
15-16 used
used outer
outer edge
edge fslv00
fslv00 jfs2
jfs2 /db2
/db2
17-20
17-20 used
used outer
outer edge
edge hd10opt
hd10opt jfs2
jfs2 /opt
/opt
.
21-28
21-28 used
used outer
outer middle
middle hd6
hd6 paging
paging N/A
N/A
C
29-29
29-29 used
used outer
outer middle
middle loglv00
loglv00 jfs2log
jfs2log N/A
N/A
.F a
30-31
30-31 used
used outer
outer middle
middle hd11admin
hd11admin jfs2
jfs2 /admin
/admin
32-32
32-32 used
used outer
outer middle
middle hd1
hd1 jfs2
jfs2 /home
/home
33-35 used outer
outer middle hd3 jfs2 /tmp
C rm
33-35 used middle hd3 jfs2 /tmp
36-40
36-40 used
used outer middle
outer middle hd9var
hd9var jfs2
jfs2 /var
/var
41-41
41-41 used
used center
center hd8
hd8 jfslog
jfslog N/A
N/A
42-56
42-56 used
used center
center hd4
hd4 jfs2
jfs2 //
57-59
57-59 used
used center
center hd2
hd2 jfs2
jfs2 /usr
/usr
60-79 used inner
inner middle hd2 jfs2 /usr
to fo
60-79 used middle hd2 jfs2 /usr
80-91
80-91 used
used inner
inner edge
edge hd2
hd2 jfs2
jfs2 /usr
/usr
92-99
92-99 free
free inner
inner edge
edge
ec vo
Notes:
oy si
The lspv -p pvname command lists all the logical volumes on a disk, and the physical
partitions to which its logical partitions are mapped. It is listed in physical partition order and
u
shows what partitions are free and which are used, as well as the location; that is, center,
outer middle, outer edge, inner edge, and inner middle.
cl
Ex
pr
8-46 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• Move the contents of a physical volume:
.T ció
.
migratepv [ -l lvname ] sourcePV targetPV ..
C
.F a
## migratepv
migratepv -l
-l lv02
lv02 hdisk0
hdisk0 hdisk6
hdisk6
C rm
to fo
ec vo
Notes:
oy si
Although there is an option in SMIT to add a physical volume to the system SMIT >
Devices > Add a Disk, in reality the use of this function is not required. Today, virtually all
u
selected logical volume, from one physical volume, to one or more other physical
volumes in the same volume group. This would be used if the physical volume is about
to be taken out of service and removed from the machine or to balance disk usage.
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• List the disks on the system (PVID and volume
.T ció
group):
# lspv
.
C
.F a
• List which logical volumes are contained in each
C rm
volume group:
# lsvg -l vgname
to fo
• List the logical volumes on each disk:
# lspv -l pvname
ec vo
Notes:
oy si
It is important to have your storage information readily available in case you have a
problem with your system, or in the very worst case, a system crashes. The commands in
u
8-48 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Checkpoint
IBM Power Systems
1. True or False: A logical volume can span more than one physical
volume.
.I. n
2. True or False: A logical volume can span more than one volume
.T ció
group.
.
3. True or False: The contents of a physical volume can be divided
C
between two volume groups.
.F a
C rm
4. True or False: If mirroring logical volumes, it is not necessary to
perform a backup.
to fo
5. True or False: Striping can be combined with mirroring to provide
increased performance and availability.
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
.I. n
Working with LVM
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
8-50 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Unit summary
IBM Power Systems
.I. n
• Explain how to work with the Logical Volume Manager
.T ció
• Add, change, and delete:
– Volume groups
.
C
– Logical volumes
.F a
– Physical volumes
C rm
• Describe essential LVM concepts, such as:
– Mirroring
– Striping
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
8-52 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Identify the components of an AIX file system
C
.F a
• Work with enhanced journaled file systems
- Add, list, change, and delete
C rm
• Monitor file system disk space usage
• Manage file system growth and control growing files
• Implement basic file system integrity checks
to fo
How you will check your progress
ec vo
• Checkpoint questions
• Machine exercises
oy si
References
Online AIX Version 7.1 Operating system and device
u
management
cl
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Work with enhanced journaled file systems
.T ció
– Add, list, change, and delete
• Monitor file system disk space usage
.
• Manage file system growth and control growing files
C
.F a
• Implement basic file system integrity checks
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
9-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Enhanced JFS, commonly referred to as JFS2
• JFS is the original AIX file system.
.T ció
• Enhanced JFS JFS2) was introduced in AIX 5.1 and is now
.
the default file system (since AIX 5.3).
C
.F a
• Journaling:
– Before writing actual data, a journaling file system logs the metadata to
C rm
a circular JFS log on disk.
– In the event of an OS crash, journaling restores consistency by
processing the information in the JFS log file.
to fo
• There is no easy migration path from JFS to JFS2.
– Conversion can only be achieved through backup and restore.
ec vo
Notes:
oy si
JFS was developed for transaction-oriented, high performance Power Systems. JFS is
both salable and robust. One of the key features of the file system is logging. JFS is a
cl
recoverable file system, which ensures that if the system fails during power outage, or
system crash, no file system transactions will be left in an inconsistent state.
Ex
Migration
JFS file systems can co-exist on the same system with JFS2 file systems. However, to fully
utilize the JFS2 features, the following steps are necessary:
1. Back up JFS file system data.
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Increased performance
• Increased flexibility
.I. n
– File systems can be dynamically increased and decreased.
.T ció
– Support for larger enabled file systems
– Internal or external JFS logging
.
– Data encryption
C
– Support for snapshots
.F a
C rm
to fo
ec vo
Notes:
oy si
JFS2 is the default file system type on AIX, since version 5.3. JFS2 provides increased
performance and flexibility when compared to its predecessor, JFS.
u
filesystem
- Individual file size can be up to 64GB with JFS as opposed to 16TB with JFS2
• Only support external JFS logging
pr
9-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Superblock
– The superblock maintains information about the entire file system.
• i-nodes
.I. n
– Each file has an i-node that contains access information, such as file type,
.T ció
access permissions, owner's ID, and the number of links to that file.
• Data blocks
.
– Data blocks contain file data.
C
– Each file system has a user settable fixed block size attribute.
.F a
• 512, 1024, 2048, or 4096 bytes
• Allocation maps
C rm
– Allocation maps record the location and allocation of all i-nodes and the
allocation state of each data block.
• Allocation groups
to fo
– Allocation groups are responsible for dividing the file system space into
chunks so that related data blocks and i-nodes can be clustered together to
achieve good locality.
ec vo
Notes:
oy si
Superblock
u
The first addressable logical block on the file system is the superblock. The superblock
contains information such as the file system name, size, number of i-nodes, and
cl
date/time of creation. The superblock is critical to the file system and, if corrupted,
prevents the file system from mounting. For this reason, a backup copy of the
superblock is always written in block 31.
Ex
i-nodes
Each file and directory has an associated i-node which contains metadata such as
ownership and access times. JFS2 allocates i-nodes, as required.
pr
Data blocks
An individual file within a file system, by default, has units allocated to it in blocks of
4096 bytes. The file system block size can be set to 512, 1024, 2048, or 4096 bytes. A
smaller block size uses less disk space for small files, but may degrade performance.
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Some AIX commands often report file sizes in units of 512 bytes, to remain compatible
with other UNIX file systems. This is independent of the actual unit of allocation.
Allocation maps
A JFS2 file system has two allocation maps:
• The i-node allocation map records the location and allocation of all i-nodes in the file
system.
.I. n
• The block allocation map records the allocation state of each file system block.
.T ció
Allocation groups
Allocation groups divide the space on a file system into chunks. Allocation groups allow
JFS2 allocation policies to use well-known methods for achieving optimum I/O
.
performance. The allocation policies try to cluster related disk blocks and disk i-nodes
C
.F a
to achieve good locality for the disk, as files are often read and written sequentially, and
the files within a directory are often accessed together.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
9-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
12309
12309 -rw-r-----
-rw-r----- 11 adminusr
adminusr security
security 119
119 12
12 Feb
Feb 19:43
19:43 datafile1
datafile1
12307
12307 -rwxr-----
-rwxr----- 11 adminusr
adminusr security
security 254
254 27
27 Jan
Jan 18:19
18:19 .profile
.profile
12308
12308 -rw-------
-rw------- 11 adminusr
adminusr security
security 156
156 28
28 Jan
Jan 14:31
14:31 .sh_history
.sh_history
.T ció
## istat
istat datafile1
datafile1
Inode
Inode 12309
12309 on
on device
device 10/8
10/8 File
File i-node
Protection:
Protection: rw-r-----
rw-r----- number
.
Owner:
Owner: 211(adminusr)
211(adminusr) Group:
Group: 7(security)
7(security)
Link
Link count:
count: 11 Length
Length 119
119 bytes
C
bytes
.F a
Last
Last updated:
updated: Thu
Thu 12
12 Feb
Feb 19:44:09
19:44:09 2009
2009
Last
Last modified:
modified: Thu
Thu 12
12 Feb
Feb 19:43:42
19:43:42 2009
2009
Last
Last accessed:
accessed: Thu
Thu 12
12 Feb
Feb 19:43:42
19:43:42 2009
2009
C rm
• To view file system block size information:
## lsfs
lsfs –cq
–cq /data
/data
to fo
#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct
#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct Block size.
/data:/dev/fslv00:jfs2:::204800:rw:no:no
/data:/dev/fslv00:jfs2:::204800:rw:no:no (Some output
(lv
(lv size
size 204800:fs
204800:fs size
size 204800:block
204800:block size
size 4096
4096 removed for
clarity.)
ec vo
Notes:
oy si
The istat command can be used to display the i-node information for a particular file or
directory. You can specify the file either by providing a file or directory name, or by
u
providing an i-node number using the –i flag. I-node numbers can be discovered using the
–i flag with the ls command.
cl
The file system block size information can be discovered using the lsfs command.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit crfs_j2
# crfs -v jfs2 -g datavg -a size=1G –m /data
.I. n
Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
.T ció
[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name datavg
datavg
.
SIZE
SIZE of file
of file system
system
Unit
Unit Size
Size Gigabytes
Gigabytes ++
C
** Number
Number of
of units [1] ##
.F a
units [1]
** MOUNT
MOUNT POINT
POINT [/data]
[/data]
Mount
Mount AUTOMATICALLY
AUTOMATICALLY at at system
system restart?
restart? No
No ++
C rm
PERMISSIONS
PERMISSIONS read/write
read/write ++
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log size (MBytes)
Log size (MBytes) []
[] ##
to fo
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota Management?
Quota Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
Allow
Allow internal
internal snapshots?
snapshots? no
no ++
ec vo
Notes:
oy si
The SMIT screen in the visual shows the creation of a 1GB filesystem (/data) in volume
group: datavg. The creation is done by the crfs command.
u
In this example, the crfs command will create a file system on a new logical volume, within
cl
a previously created volume group. An entry for the file system is put into the
/etc/filesystems file.
Ex
9-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data
File
File system
system created
created successfully.
.T ció
successfully.
1048340
1048340 kilobytes
kilobytes total
total disk
disk space.
space.
New
New File
File System
System size
size is
is 2097152
2097152
.
## lsfs
lsfs /data
/data
C
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto
.F a
/dev/fslv00
/dev/fslv00 --
-- /data
/data jfs2 2097152
jfs2 2097152 --
-- no
no
## lsvg
lsvg -l datavg
C rm
-l datavg
datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
loglv00
loglv00 jfs2log
jfs2log 11 11 11 closed/syncd N/A
closed/syncd N/A
fslv00
fslv00 jfs2
jfs2 256
256 256
256 11 closed/syncd
closed/syncd /data
/data
to fo
JFS log automatically created,
1 LP in size (if one does not
already exist) for the VG.
ec vo
Notes:
oy si
The visual shows the actual creation of the /data file system shown in the previous slide.
The lsfs command can be used to display the characteristics of the file system.
u
Prior to the creation of the file system, the contents of the datavg volume group were
cl
empty. We can see two logical volumes created, loglv00 and fslv00. The loglv00 volume
acts as the JFS log for both the /data file system and by default any other file systems that
will be created. In creating a file system this way the underlying logical volume is created
Ex
using default options. Often it is preferable to first create the logical volume (using custom
values) and then create the file system on top. We shall see this procedure later in the unit.
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
## grep
grep -p
-p /data
/data /etc/filesystems
/etc/filesystems
/data:
/data:
.T ció
dev
dev == /dev/fslv00
/dev/fslv00
vfs
vfs == jfs2
jfs2
log
log == /dev/loglv00
/dev/loglv00
.
mount
mount == false
false
C
account
account == false
false
.F a
The mount command reads the
C rm
stanza in the /etc/filesystems
file, therefore only the mount point
## mount
mount /data
/data is required.
## mount
mount |egrep
|egrep '/data|node'
'/data|node'
node
node mounted mounted
mounted over
over vfs date options
to fo
mounted vfs date options
/dev/fslv00
/dev/fslv00 /data
/data jfs2
jfs2 13
13 Feb
Feb 10:32
10:32 rw,log=/dev/loglv00
rw,log=/dev/loglv00
ec vo
Figure 9-8. Mounting a file system and the /etc/filesystems file AN123.0
Notes:
oy si
Upon creation of a file system, a stanza in appended to the /etc/filesystems file. The
stanza includes:
u
• Whether the file system should be mounted at system start time (mount) and processed
by the AIX accounting system (account).
Before the filesystem can be used it must first be mounted, using the mount command. As
pr
there is a stanza in the /etc/filesystems file, the only parameter required is the name of the
file system. The mount command with no options, will display all file systems which are
currently mounted and available for use.
9-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Create a specific JFS log for each file system.
• 1 LP in size.
.T ció
• Format the log using the logform command.
## mklv
mklv –y
–y my_jfs2_log
my_jfs2_log –t
–t jfs2log
jfs2log datavg
datavg 11
.
C
## logform
logform /dev/my_jfs2_log
.F a
/dev/my_jfs2_log
logform:
logform: destroy
destroy /dev/rmy_jfs2_log
/dev/rmy_jfs2_log (y)?y
(y)?y
C rm
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data -a
-a logname=my_jfs2_log
logname=my_jfs2_log
Notes:
oy si
As we have seen by default, a JFS log file is created when the first file system is created in
a volume group. This JFS log will act as the global logging device for all file systems,
u
unless:
cl
• A specific external log is created for each file systems in the volume group. This
approach has several advantages. It will aide performance and availability. If the
logging device were to become corrupt, it would only affect the associated file system.
Ex
• The JFS log device is internal to the filesystem (inline). This saves time having to
create, format, and manage a separate JFS log volume. Inline logging is only available
with JFS2 file systems.
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit crfs_j2
# crfs -v jfs2 –d lv_for_data –m /data2 –A yes
.I. n
Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
.T ció
[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name lv_for_data
lv_for_data ++
** MOUNT POINT
MOUNT POINT [/data2]
[/data2]
.
Mount
Mount AUTOMATICALLY
AUTOMATICALLY atat system
system restart?
restart? yes
yes ++
C
PERMISSIONS
PERMISSIONS read/write
read/write ++
.F a
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
C rm
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log
Log size
size (MBytes)
(MBytes) []
[] ##
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota
Quota Management?
Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
to fo
Allow
Allow internal snapshots?
internal snapshots? No
No ++
ec vo
Figure 9-10. Creating a file system on a previously defined logical volume AN123.0
Notes:
oy si
Adding a file system to a previously created logical volume provides greater control over
where the file system will reside on disk and provides options for availability and
u
performance. When creating file systems in highly available environments (for example,
using PowerHA or Veritas Cluster Services), one should always follow this method, in order
cl
to use you own naming convention for the logical volume names.
On creation, the size of the filesystem is set to the size of the logical volume. For example,
Ex
if the PP size for the volume group is 64MB, and the logical volume was 4 LPs in size, then
the size of the file system would be (4 x 64MB) 256MB.
After the file system is created:
pr
• If the logical volume is expanded, the size of the file system is not increased.
• The underlying logical volume policies can be dynamically changed. However, there will
be a performance hit, especially for large file systems.
9-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• To shrink the size of a file system:
.T ció
## chfs
chfs -a
-a size=-500M
size=-500M /data2
/data2
Filesystem
Filesystem size
size changed
changed to
to 1155072
1155072
.
C
• Using SMIT: # smit chjfs2
.F a
Change
Change // Show
Show Characteristics
Characteristics of
of an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
C rm
[Entry
[Entry Fields]
Fields]
File
File system
system name
name /data2
/data2
NEW
NEW mount
mount point
point [/data2]
[/data2]
SIZE
SIZE of
of file
file system
system
to fo
Unit
Unit Size
Size Gigabytes
Gigabytes ++
Number
Number of
of units
units [10]
[10] ##
Note:
Note: Advanced
Advanced options
options removed.
removed.
ec vo
Notes:
oy si
JFS2 file systems can be dynamically increased or decreased in size (subject to available
space and LVM rules). You can either choose to increase or decrease by a set amount,
u
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
# rmfs /data2
.T ció
Remove
Remove an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
.
** FILE
FILE SYSTEM
SYSTEM name
name /data2
/data2 ++
C
Remove
Remove Mount
Mount Point
Point no
no ++
.F a
C rm
to fo
ec vo
Notes:
oy si
Restrictions
In order to remove a file system, it must be unmounted from the overall file tree, and this
cl
cannot be done if the file system is in use, that is, some user or process is using the file
system or has it as a current directory.
Ex
Syntax
The syntax of the rmfs command is:
rmfs [-r] [-i] FileSystem
• r Removes the mount point of the file system
• i Displays warning and prompts the user before removing the file system
9-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Monitor file system growth
.T ció
– Determine causes
– Control growing files
.
– Manage file system space usage
C
– Control user disk usage
.F a
– Block size considerations
C rm
– Fragmentation considerations
to fo
ec vo
Notes:
oy si
You can also use the Resource Monitoring and Control (RMC) subsystem that is based
on the AIX Reliable Scalable Cluster Technology (RSCT) filesets. Web-based System
cl
Manager can be used to configure RMC. The ctrmc subsystem is started in the
/etc/inittab. RMC is outside the scope of the course.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
# df [-k] [-m] [-g]
## df
df -g
-g
.
Filesystem
Filesystem GB
GB blocks
blocks Free
Free %Used
%Used Iused
Iused %Iused
%Iused Mounted
Mounted on
on
/dev/hd4 1.44 1.10 24% 9896 2% /
C
/dev/hd4 1.44 1.10 24% 9896 2% /
.F a
/dev/hd2
/dev/hd2 2.50
2.50 0.10
0.10 97%
97% 49616
49616 8%
8% /usr
/usr
/dev/hd9var
/dev/hd9var 0.31
0.31 0.24
0.24 25%
25% 1308
1308 2%
2% /var
/var
/dev/hd3
/dev/hd3 0.12
0.12 0.12
0.12 6%
6% 128
128 1%
1% /tmp
/tmp
C rm
/proc
/proc -- -- -- -- -- /proc
/proc
/dev/hd10opt
/dev/hd10opt 0.25
0.25 0.03
0.03 88%
88% 4567
4567 7%
7% /opt
/opt
/dev/fslv00
/dev/fslv00 8.00
8.00 1.40
1.40 83%
83% 6888
6888 3%
3% /export
/export
/dev/fslv01
/dev/fslv01 9.00
9.00 2.33
2.33 75%
75% 4059
4059 1%
1% /aix
/aix
/dev/lv00
/dev/lv00 0.12
0.12 0.12
0.12 4%
4% 20
20 1%
1% /audit
/audit
to fo
/dev/hd11admin
/dev/hd11admin 0.12
0.12 0.12
0.12 4%
4% 18
18 1%
1% /admin
/admin
/dev/hd1
/dev/hd1 0.62
0.62 0.16
0.16 75%
75% 270
270 1%
1% /home
/home
grumpy:/nimback
grumpy:/nimback 25.00
25.00 3.26
3.26 87%
87% 99 1% /mnt
1% /mnt
ec vo
Notes:
oy si
The df command lists the free space on all mounted file systems.
This is an important command to know about and use frequently. If you run out of space in
cl
A number of flags (options) can be used with the df command. Some of the most useful of
these flags are shown below:
• -i: Displays the number of free and used i-nodes for the file system; this output is the
pr
9-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
#!/bin/ksh
#!/bin/ksh
.T ció
df
df || egrep
egrep -v
-v '(used|proc)'
'(used|proc)' || awk
awk '{print
'{print $4"
$4" "$7}'
"$7}' \\
|| sed 's:%::g' | while read LINE
sed 's:%::g' | while read LINE
do
do
.
PERC=`echo
PERC=`echo $LINE
$LINE || awk
awk '{print
'{print $1}'`
$1}'`
C
FILESYSTEM=`echo
FILESYSTEM=`echo $LINE | awk
$LINE | awk '{print
'{print $2}'`
$2}'`
.F a
if
if [[ $PERC
$PERC -gt
-gt 70
70 ]]
C rm
then
then
mail
mail -s
-s "Filesystem
"Filesystem check
check on
on box:
box: `hostname`"
`hostname`" \\
admin@ibm.com
admin@ibm.com <<<< EOF
EOF
$FILESYSTEM
$FILESYSTEM isis $PERC%
$PERC% full,
full, please
please check
check
EOF
EOF
to fo
fi
fi
done
done
ec vo
Notes:
oy si
Although AIX provides for dynamic expansion of a file system, it does not expand the
file system on the fly. The system administrator must continually monitor file system
cl
growth and expand file systems as required before they get full. If a file system
becomes 100% full, then the users receive out of space messages when they try to
extend files.
Ex
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
/export
/export ## du
du -sg
-sg ..
6.59
6.59 ..
.T ció
/export
/export ## du
du FirstBoot.sh
FirstBoot.sh
88 FirstBoot.sh
FirstBoot.sh
.
/export
/export ## du
du –sm
–sm ** || sort
sort -rn
C
-rn
.F a
2131.16
2131.16 mksysbaix53
mksysbaix53
1846.36
1846.36 mksysbaix61
mksysbaix61
C rm
1373.11
1373.11 mksysbaix61.light
mksysbaix61.light
248.52
248.52 spot
spot
0.01
0.01 nim
nim
0.01
0.01 bosinst.data
bosinst.data
0.00
0.00 FirstBoot.sh
FirstBoot.sh
to fo
0.00
0.00 BUILD.sh
BUILD.sh
ec vo
Notes:
oy si
There may be a number of files or users that are causing the increased use of space in
a particular file system. The du command helps to determine which files, users, or both,
cl
By default, du gives size information in 512-byte blocks. Use the -k option to display
sizes in 1 KB units, use the -m option to display sizes in 1 MB units, or use the -g option
to display sizes in 1 GB units.
Specifying output by file
pr
By default, du gives a hierarchical listing of directories only. With the -a option, the
hierarchical listing includes the non-directory files. With the -s option, only the specified
file is listed. For each listed directory, the size is the total amount of space for that
directory and all files underneath it, recursively.
9-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
The -x flag/option is also very useful. When you use du -ax, the report only shows
information from the specified file system. This is the best way to determine what file is
.T ció
filling a particular file system.
Using the find command to locate large files
.
The find command is useful for locating files that are over a certain size. For example,
C
to find all files that contain more than 1 000 000 characters, and then list them, use the
.F a
following command:
C rm
# find / -size +1000000c -exec ls -l {} ;
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• /var/adm/wtmp
• /etc/security/failedlogin
.I. n
• /var/adm/sulog
.T ció
• /var/spool/*/*
.
• /var/tmp/*
C
.F a
C rm
• $HOME/smit*
to fo
ec vo
Notes:
oy si
Growing files should be monitored and cleaned out periodically. Some of the files that grow
are listed on the visual.
cl
because they contain historical data regarding login activity. Thus, these files should
always contain a few days of login activity. If accounting is turned on, /var/adm/wtmp is
kept to a reasonable size. If accounting is not turned on, to capture the data to archive it,
use who -a on /var/adm/wtmp and /etc/security/failedlogin and redirect the output to a
pr
save file. Then, the log file can be purged by overwriting it with a null string. Two ways of
overwriting a log file in this way are illustrated in the following examples:
Example 1:
# cat /dev/null > /var/adm/wtmp
9-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty Example 2:
# > /etc/security/failedlogin
The file /var/adm/sulog can be edited directly.
The /var/spool directory
The directory /var/spool contains cron entries, the mail, and other items that grow on an
ongoing basis, along with printer files. If there is a problem with the printer files, you can try
.I. n
to clear the queuing subsystem by executing the following commands:
.T ció
stopsrc -s qdaemon
rm /var/spool/lpd/qdir/*
rm /var/spool/lpd/stat/*
.
rm /var/spool/qdaemon/*
C
startsrc -s qdaemon
.F a
Records of SMIT and Web-based System Manager activity
C rm
Files such as smit.log in the home directory of the root user, and other system
administration accounts, can also become quite large. These files need to be monitored
regularly and managed appropriately.
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Candidate files include:
.T ció
– Files older than a selected age
– Files in the /tmp, /var/spool, /var/tmp, /var/news directories
.
– a.out, *.bak, core, ed.hup files
C
.F a
• skulker is normally invoked daily by the cron command as
C rm
part of the crontab file of the root user.
– Disabled by default
• Modify the skulker shell script to suit local needs for the
to fo
removal of files.
– Test carefully!!
ec vo
Notes:
oy si
The shell script /usr/sbin/skulker includes a series of entries containing commands that
remove unwanted or obsolete files of various types. To analyze the commands that are
cl
executed by each entry, print out or view the contents of the /usr/sbin/skulker file.
Concerns related to skulker
Ex
A particular version of skulker is suited to the operating system and level with which it was
distributed. If the operating system has been upgraded or modified, it may be inadvisable to
use an old version of skulker. In addition, the skulker shell script is moderately complex.
When making modifications, you should make a copy of the shell script first - just in case!
pr
Note that if skulker is modified, or if it is used on the incorrect version of the operating
system, it ceases to be a supported component of AIX.
Note: The skulker is disabled by default.
9-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• If a directory structure is to contain many small files, it is
beneficial to store them in a separate file system with a small
.T ció
block size.
– Otherwise, the file system might fill up and still contain lots of free
.
C
space.
.F a
4096 bytes 4096 bytes
C rm
2000 bytes 2000 bytes
Notes:
oy si
In JFS, as many whole blocks as necessary are used to store a file or directory's data.
Consider that we have chosen to use a block size of 4 KB, and we are attempting to
cl
store file data which only partially fills a block. Potentially, the amount of unused or
wasted space in the partially filled block can be quite high. For example, if only 500
bytes are stored in this block, then 3596 bytes are wasted. However, if a smaller block
Ex
size, say 512 bytes, was used, the amount of wasted disk space would be greatly
reduced - to only 12 bytes. It is, therefore, better to use small block sizes, if efficient use
of available disk space is required, in a filesystem which will consist of lots of small files.
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
be used, with a potential to allocate eight blocks for this file. For a read or write to
complete, several additional disk I/O operations (disk seeks, data transfers, and
allocation activity) would be required. Therefore, for file systems which use a block size
of 4 KB, the number of disk I/O operations are far less, than file systems which employ
a smaller block size.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
9-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Fragmentation considerations
IBM Power Systems
.I. n
File system
.T ció
.
C
.F a
Used block
Free block
FileA
C rm
• There are three options to deal with this situation.
– Try to increases a file system’s contiguous free space using the
defragfs command.
to fo
– Back up, delete, recreate the file system and restore the data.
– Create a new file system and migrate the data.
ec vo
Notes:
oy si
Irrespective of the block size, over time data can become fragmented on disk. The
defragfs command will attempt to increases a file system's contiguous free space by
u
reorganizing free block allocations to be contiguous, rather than scattered across the disk.
The file system to be defragmented can be specified with the device variable, which can be
cl
the path name of the logical volume (for example, /dev/hd4) or the name of the file system,
which is the mount point in the /etc/filesystems file.
Ex
Another approach, is to backup and restore the data in a new file system or backup the
data, delete, recreate the file system and restore. This method is certainly cleaner, but
requires some element of downtime.
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• fsck command
– Checks file system consistency and interactively repairs the file system
.I. n
– If no file system name is specified, the fsck command checks all file
systems which have the check=true attribute set in the
.T ció
/etc/filesystems.
– Orphan files are placed in the lost+found directory.
• Unmount the file system before running fsck.
.
C
.F a
## fsck
fsck /data
/data
The
The current
current volume
volume is:
is: /dev/fslv00
/dev/fslv00
C rm
Primary
Primary superblock
superblock is is valid.
valid.
J2_LOGREDO:log
J2_LOGREDO:log redo
redo processing
processing for
for /dev/fslv00
/dev/fslv00
Primary
Primary superblock
superblock is is valid.
valid.
***
*** Phase
Phase 11 -- Initial
Initial inode
inode scan
scan
***
*** Phase
Phase 22 -- Process
Process remaining
remaining directories
directories
to fo
*** Phase 3 - Process remaining
*** Phase 3 - Process remaining filesfiles
***
*** Phase
Phase 44 -- Check
Check and
and repair
repair inode
inode allocation
allocation map
map
***
*** Phase 5 - Check and repair block allocation
Phase 5 - Check and repair block allocation map
map
File
File system
system isis clean.
clean.
ec vo
Notes:
oy si
Always run the fsck command on file systems after a system malfunction. The internal
integrity of a file system should be checked before the file system is mounted. By default,
u
the fsck command runs interactively, prompting the administrator for the action to perform
in order to repair the file system. If orphaned files or directories (those that cannot be
cl
reached) are found, fsck will attempt to store them file in the /lost+found directory.
For further information, see the fsck man page.
Ex
pr
9-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• Run the df command to check space allocation.
.T ció
• Check all the mounted file systems by running the mount
command.
.
C
.F a
C rm
File System Records
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
LogicalVolume
Logical volume storage
Structure
.I. n
hd2
.T ció
hd4 /usr hd2 free hd1 free hd1 free
/(root) /usr /home /home
hd6 hd3 hd1 hd1
Page Space /tmp /home /home
hd8 hd2
.
log /usr free free
hd61 lv00 lv00
C
Page Space special DB special DB
.F a
hd5 free hd9var lv00 lv00
/blv /var special DB special DB
C rm
hdisk0 hdisk1 hdisk2 hdisk3
rootvg datavg
File Systems
/(root)
File System
to fo
Directories File Systems
Notes:
oy si
It is important to understand the difference between a file system and a directory. A file
system is a section of disk that has been allocated to contain files. This section of disk is
cl
the logical volume. The section of disk is accessed by mounting the file system over a
directory. Once the file system is mounted, it looks like any other directory structure to
the user.
Ex
9-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
1. Does the size of the file system change when the size of the logical
volume it is on is increased?
.I. n
2. If you remove a file system, is the logical volume on which it sits
.T ció
removed as well?
.
3. When a file system is created, what needs to be done in order to make
C
it available for use?
.F a
C rm
4. What size should an external JFS log be set to?
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
.I. n
b. Set the size to 5 GB
.T ció
7. What command can you use to determine if a file system is full?
.
8. What command can produce a report listing the size (in MB) of all the
C
.F a
files and directories contained in a specific location?
C rm
9. What command checks and interactively repairs inconsistent file
systems?
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
9-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
File system
administration
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Identify the components of an AIX file system
.T ció
• Work with enhanced journaled file systems
– Add, list, change, and delete
.
C
• Monitor file system disk space usage
.F a
• Manage file system growth and control growing files
C rm
• Implement basic file system integrity checks
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
9-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
• Explain the purpose of paging space
.
• Modify the state or size of a paging space
C
.F a
• Add or remove paging spaces
• List and monitor the paging space utilization
C rm
How you will check your progress
to fo
• Checkpoint questions
• Machine exercises
ec vo
References
Online AIX Version 7.1 Operating system and device
management
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Modify the state or size of a paging space
.T ció
• Add or remove paging spaces
• List and monitor the paging space utilization
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
10-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Made up of page frames
.T ció
.
Real
C
Virtual memory
.F a
memory (RAM)
C rm
Active
page,
Page resident in
frame memory Paging
table space
to fo
Inactive
page, paged
out
ec vo
Notes:
oy si
Memory under AIX is virtualized by the Virtual Memory Manager (VMM). The basic idea
behind virtual memory is that each program has its own address space which is
cl
Virtual-memory segments are partitioned into fixed-size units called pages. Each page
in a segment can be in real memory (RAM), or stored on disk until it is needed.
Similarly, real memory is divided into page frames.
A page might be resident in memory (that is, mapped into a location in physical
pr
memory), or a page might be resident on a disk (that is, paged out of physical memory
into paging space or a file system).
The role of the VMM is to manage the allocation of real-memory page frames and to
resolve references by the program to virtual-memory pages that are not currently in real
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
memory or do not yet exist (for example, when a process makes the first reference to a
page of its data segment).
Page Frame Table (PFT) is the data structure used by a VMM to store the mapping
between virtual addresses and physical addresses.
When the number of available real memory frames on the free list becomes low, a page
stealer is invoked. A page stealer moves through the PFT, looking for pages to steal
from Real Memory to Paging Space. The PFT includes flags to signal which pages have
.I. n
been referenced and which have been modified. If the page stealer encounters a page
.T ció
that has been referenced, it does not steal that page, but instead, resets the reference
flag for that page. The next time the clock hand (page stealer) passes that page and the
reference bit is still off, that page is stolen.
.
Paging space is not a substitute for sufficient real memory. A persistent shortage of real
C
memory can result in so much paging space page-in and page-out activity, that is will
.F a
severely impact the performance of that system. For more information about memory
and paging performance issue, attend the AIX Performance Management course.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
10-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Paging space
IBM Power Systems
.I. n
– Over-committed memory
.T ció
• Holds inactive pages on disk
– Page size historically has been 4 KB in size.
.
– AIX 7.1 running on POWER5+ processors supports four page sizes:
C
.F a
4 KB, 64 KB, 16 MB, and 16 GB.
C rm
• Is not a substitute for real memory
Notes:
oy si
Paging space is disk storage for information that is resident in virtual memory, but is not
currently being accessed. As memory fills, inactive pages are moved to the paging
cl
space on disk.
A temporary holding area for inactive pages
Ex
It is very important to remember that paging is a temporary holding area for inactive
pages; it is not a substitute for real memory. If your machine has many active
processes, it requires more real memory. You must ensure the machine has enough
memory to maintain all the active processes. If you run out of memory, your machine
pr
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
# lsattr -E -l mem0 ??
# lsattr -E -l sys0 -a realmem
.T ció
High performance environments
On Power4 (or later) environments, page size can be set to large enabled (16MB). This
.
is done through the vmo command, as follows:
C
.F a
# vmo -r -o lgpg_regions=10 -o lgpg_size=16777216
On Power5+ (or later), page size can be set to huge enabled (16 GB). This is done on
C rm
the HMC through manage system properties.
16 MB and 16 GB page frames are never paged out to disk. Even if totally unused, they
remain in memory. They are mainly used in High Performance Computing (HPC)
to fo
environments.
ec vo
oy si
u
cl
Ex
pr
10-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• If real <256 MB then page space = 2 x real
.T ció
• If real >= 256MB then page space = 256MB
• However, the amount needed is dependent on application and system
usage.
.
C
• Running low on paging space is bad.
.F a
– New processes will not start and the system may start killing processes.
C rm
• Paging space should be continually monitored, using:
– # lsps –a or # lsps –s
• Can dynamically:
to fo
– Add or remove paging space
– Increase or decrease size of a paging space
ec vo
Notes:
oy si
factors, particularly the amount of RAM in your system. Currently, the initial paging
space size is determined according to the following standards:
cl
applications dictates the amount of paging space needed. Many sizing rules of thumb
have been published, but the only way to correctly size your machine's paging space is
to monitor the utilization of your paging space.
Monitoring paging space
Monitoring the utilization of the paging space is done with the command lsps -a. This
command and its output are covered shortly.
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Thresholds for free paging space pages try to avoid this:
.T ció
vmo –o npswarn, SIGDANGER is sent to all processes
.
vmo –o npskill, SIGKILL is sent to certain processes
C
.F a
• Monitor paging space and act before the thresholds are
C rm
reached.
Notes:
oy si
Running low on paging space can prevent new processes from starting. The affect can
even be a hung or crashed operating system.
cl
10-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
terminated, and the system may even crash. Ensure you have enough paging space.
.T ció
The vmo command manages VMM tunable parameters. One parameter which may be
of interest is nokilluid. The parameter accepts an integer, which by default is 0 (off).
For example, if the value is set to 1, this will result in processes for user IDs lower than
.
this value (in this case, root) becoming exempt from getting killed due to low
C
page-space conditions.
.F a
npswarn and npskill thresholds
C rm
If available paging space depletes to a low level, then the operating system will try to
free up resources by first warning processes to free up paging space and finally by
killing processes if there still is not enough paging space available for the current
processes. It will kill one process at a time and an error log entry will be generated.
to fo
The npswarn and npskill thresholds are used by the VMM to determine when to first
warn processes and eventually when to kill processes. The default values of npswarn
and npskill will depend on how much paging space is configured on the system. The
ec vo
default value of npskill is MAX [64, (Total number of paging space pages)/128]. The
default value of npswarn is the MAX [512, 4*npskill].
If the npswarn threshold is reached, then all active processes are sent a SIGDANGER
signal. If a process is handling this signal, then the process can choose to ignore it or do
oy si
sends the SIGKILL signal to the youngest process that does not have a signal handler
for the SIGDANGER signal. (The default action for the SIGDANGER signal is to ignore the
cl
signal). The system continues sending SIGKILL signals until the number of unallocated
paging space blocks is above the paging space kill level.
Ex
nokilluid
By setting the nokilluid parameter to a nonzero value with the command
vmo -o nokilluid, user IDs lower than this value will be exempt from being killed
because of low page space conditions. The default is 0 (off).
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
vmo command
The vmo command manages VMM tunable parameters. To make a parameter update
persistent through reboots, add the -p flag.
pacefork parameter
If a process cannot be forked due to a lack of paging space pages, then it will retry the
fork five times. In between each retry, the calling thread will delay for a default of 10
.I. n
clock ticks. This number of ticks is tunable via the schedo -o pacefork.
Factors that can affect paging space usage
.T ció
The most obvious cause of the paging space being filled up is a large over commitment
of memory, where the total virtual memory allocations by the applications far exceeds
.
the real memory of the system, thus requiring the rest to be stored in paging space. For
C
this you can either allocate more memory or restrict the demand for memory.
.F a
A common source of excess memory demand is a program which has a memory leak. It
C rm
repeated allocates memory, briefly uses it, forgets it has that memory allocated. The old
allocations tend to end up in the paging space.
Applications can place greater demand on paging space by requesting an Early Page
Space Allocation policy (variable PSALLOC=early) for their memory allocations.
to fo
Normally the system does not allocate pages in paging space until it needs to actually
page out a page of memory (Deferred Page Space Allocation). With early allocation,
AIX will pre-allocate a page in paging when the application allocates a page of memory,
just in case that page needs to be paged out (it may never be paged out). That is great
ec vo
insurance for the application, but will require more paging space to support that.
It should be noted that once a paging space page is allocated in order to page out a
page of memory, it stays allocated even when that data is paged back in. It is not freed
oy si
10-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
## lsps
lsps -a
-a
Page Space
Page Space Physical
Physical Volume
Volume Volume
Volume Group
Group Size
Size %Used
%Used Active
Active Auto
Auto Type
Type
.I. n
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 512MB
512MB 13
13 yes
yes yes
yes lv
lv
.T ció
.
## lsps
lsps –s
–s
C
Total
Total Paging Space
Paging Space Percent
Percent Used
Used
.F a
512MB
512MB 13%
13%
C rm
## vmstat
vmstat 11 10
10
to fo
ec vo
Notes:
oy si
The lsps command lists detailed information regarding the paging spaces on the
system, including whether they are in use at the time and, if so, what percentage of their
cl
specifies the summary characteristics of all paging spaces. The information consists of
the total size of the paging spaces (in MB) and the percentage of paging spaces
currently used.
The paging space created during system installation, is named hd6. Paging spaces
pr
created by the system administrator after system installation, are named paging00,
paging01, and so on.
svmon is an advanced command which captures and analyzes the current snapshot of
virtual memory. It is the only system command which shows the breakdown of page
frame sizes.
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Placement guidelines:
– More than one page volume.
.I. n
– Paging spaces all the same size including hd6.
– Only one paging space per physical disk.
.T ció
– Use disks with the least activity.
– Do not extend “a paging space” over multiple physical volumes.
.
C
– Place on SAN disks for better performance.
.F a
– Mirror all page spaces that are on internal or nonraided disk.
C rm hd6 paging00
to fo
paging01
ec vo
Notes:
oy si
Introduction
Placement and size of your paging space does impact its performance. The following
u
round-robin manner, and uses all paging areas equally. If you have two paging areas on
one disk, then you are no longer spreading the activity across several disks.
Use disks with low levels of activity
Paging space performs best when it is not competing with other activity on the disk. Use
pr
10-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
Using SAN disks generally results in better throughput when reading and writing to the
disk. SAN controllers have large cache which will store the frames, when paged-out, to
.T ció
disk. If the page frames are required to be paged back-in, and the data is still in cache,
the system will not have to read from disk, improving performance. However, we do
have to balance this with the exposure that we may lose connection to the SAN storage.
.
Mirror paging space for availability
C
.F a
AIX will crash if he lost currently used paging volumes. AIX will not boot without hd6
present.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Add
Add Another
Another Paging
Paging Space
Space
.I. n
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.T ció
Press Enter AFTER making
Press Enter AFTER making all
all desired changes.
desired changes.
[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name rootvg
rootvg
.
SIZE
SIZE of paging space
of paging space (in
(in logical
logical partitions) [10] ##
C
partitions) [10]
.F a
PHYSICAL
PHYSICAL VOLUME
VOLUME name
name hdisk1
hdisk1 ++
Start
Start using
using this
this paging
paging space
space NOW?
NOW? yes
yes ++
C rm
Use
Use this
this paging
paging space
space each
each time
time the
the system
system is
is yes
yes ++
RESTARTED?
RESTARTED?
# lsps -a
to fo
Page Space PV VG Size %Used Active Auto Type
paging00 hdisk1 rootvg 640MB 1 yes yes lv
hd6 hdisk0 rootvg 512MB 16 yes yes lv
ec vo
Notes:
oy si
To add extra paging space volumes to the system, you can use SMIT (as illustrated on
the visual), the mkps command, or the Web-based System Manager.
cl
• -a: Activate the paging space at the next restart (adds it to /etc/swapspaces)
• -n: Activate the paging space immediately.
• -t Type: Specifies the type of paging space (lv or nfs)
When a paging space is created, the /etc/swapspaces file is also updated, if needed.
10-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Change
Change // Show
Show Characteristics
Characteristics of
of aa Paging
Paging Space
Space
.I. n
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.T ció
Press Enter AFTER making
Press Enter AFTER making all
all desired changes.
desired changes.
[Entry
[Entry Fields]
Fields]
Paging
Paging space
space name
name paging00
paging00
.
Volume group name
Volume group name rootvg
rootvg
C
.F a
Physical
Physical volume
volume name
name hdisk1
hdisk1
NUMBER
NUMBER of
of additional
additional logical
logical partitions
partitions []
[] ##
C rm
Or
Or NUMBER
NUMBER of
of logical
logical partitions
partitions to
to remove
remove [5]
[5] ##
Use
Use this
this paging
paging space
space each
each time
time the
the system
system is
is yes
yes ++
RESTARTED?
RESTARTED?
to fo
# lsps -a
Page Space PV VG Size %Used Active Auto Type
paging00 hdisk1 rootvg 320MB 1 yes yes lv
hd6 hdisk0 rootvg 512MB 16 yes yes lv
ec vo
Notes:
oy si
A paging space may have its size increased or decreased and may have its autostart
options changed while it is in use (this updates /etc/swapspaces).
cl
These changes can be made through SMIT (as illustrated on the visual) or by using the
chps command.
Ex
an unbootable state because users are not allowed to run out of paging space. The
script checks paging space actually in use and adds a paging space warning threshold
buffer. The SMIT fastpath is smit chps.
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
5 Deactivate the temporary space.
The primary paging space (usually hd6) cannot be decreased below 32 MB.
.T ció
When you reduce the primary paging space, a temporary boot image and a temporary
/sbin/rc.boot pointing to this temporary primary paging space are created to ensure the
.
system is always in a state where it can be safely rebooted.
C
Activating paging space
.F a
Inactive paging spaces may be activated dynamically once they have been defined. To
C rm
do this enter: swapon /dev/pagingnn
Note: This operation is supported through SMIT as well, fastpath pgsp. Alternatively,
use: swapon -a to activate all paging spaces defined in /etc/swapspaces. This
command is run in /etc/rc at system startup.
to fo
Examples of chps command use
The following examples illustrate use of the chps command:
• Example 1: Delete one logical partition from the paging00 paging space.
ec vo
# chps -d 1 paging00
• Example 2: Add one logical partition to the paging00 paging space.
oy si
# chps -s 1 paging00
Refer to the entry for chps in the online AIX 7.1 Commands Reference (or the
u
corresponding man page) for more information regarding the chps command.
cl
Ex
pr
10-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
# smit rmps
.T ció
Remove
Remove aa Paging
Paging Space
Space
.
C
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.F a
Press Enter AFTER making
Press Enter AFTER making all
all desired changes.
desired changes.
[Entry
[Entry Fields]
Fields]
C rm
PAGING
PAGING SPACE
to fo SPACE name
name paging00
paging00 ++
# lsps -a
Page Space PV VG Size %Used Active Auto Type
hd6 hdisk0 rootvg 512MB 16 yes yes lv
ec vo
Notes:
oy si
Similarly, surplus paging space can be deleted to free up the disk space for other logical
volumes.
cl
delete paging space, it must be inactive (that is, not used by the kernel.) Beginning with
AIX 5L V5.1, active paging spaces can be deactivated while the system is running using
the swapoff command or with the SMIT fastpath swapoff.
Reasons the swapoff command may fail
pr
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
panic. Errors will be seen on the console, such as INIT: Paging
space is low!
.T ció
– The kernel will randomly start to kill processes.
• UNIX version 7 manual, quote: “Absolute mayhem guaranteed.”
.
• Paging space too small:
C
.F a
– Dynamically increase the size by allocating more partitions.
OR
C rm
– Add an additional paging space definition to another physical disk.
• Paging space too large:
to fo
– Dynamically decrease the size by deallocating partitions.
OR
– Remove a paging space definition.
ec vo
Notes:
oy si
u
cl
Ex
pr
10-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
** /etc/swapspaces
/etc/swapspaces
.T ció
**
** This
This file
file lists
lists all
all the
the paging
paging spaces
spaces that
that are
are automatically
automatically put
put
** into
into service
service on
on each system restart ('swapon -a‘)
each system restart ('swapon -a‘)
.
**
C
** WARNING:
WARNING: Only
Only paging
paging space
space devices
devices should
should be
be listed
listed here.
here.
.F a
**
** This
This file
file is
is modified
modified by
by the
the chps,
chps, mkps
mkps and
and rmps
rmps commands
commands and
and
C rm
referenced
referenced by
by the
the lsps
lsps and
and swapon
swapon commands.
commands.
hd6:
hd6:
dev
dev == /dev/hd6
/dev/hd6
auto
auto = yes
= yes
to fo
paging00:
paging00:
dev
dev == /dev/paging00
/dev/paging00
auto
auto = yes
= yes
ec vo
Notes:
oy si
Running lsps
u
Run lsps to monitor paging space activity. Keep good documentation so that you know
what is normal for that system.
cl
system startup.
Keep a copy of /etc/swapspaces so that you know what paging spaces are defined to
start at boot.
pr
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
.I. n
Page
Page Physical
Physical Volume
Volume Size
Size %Used
%Used Active
Active Auto
Auto Type
Type chksum
chksum
Space
Space Volume
Volume Group
Group
.T ció
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 640
640 MB
MB 43%
43% yes
yes yes
yes lv
lv 00
paging00
paging00 hdisk1
hdisk1 rootvg
rootvg 640
640 MB
MB 7%
7% yes
yes yes
yes lv
lv 00
.
paging01
paging01 hdisk1
hdisk1 rootvg
rootvg 160
160 MB
MB 89%
89% yes
yes yes
yes lv
lv 00
C
.F a
C rm
2. True or False: The size of paging00 (in the above example) can be
dynamically decreased.
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
10-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Paging
space
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
This lab allows you to add, decrease, monitor, and remove paging space.
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Explain the purpose of paging space
.T ció
• Modify the state or size of a paging space
.
• Add or remove paging spaces
C
• List and monitor the paging space utilization
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
10-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Back up the rootvg volume group using the mksysb utility
C
.F a
• Explain how to restore the operating system using a mksysb
image
C rm
• Explain the role of the image.data and bosinst.data files
• Back up and restore a user defined volume group
• Back up and restore file systems using various utilities
to fo
How you will check your progress
• Checkpoint questions
ec vo
• Machine exercises
References
oy si
management
AIX Version 7.1 Installation and migration
cl
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Explain how to restore the operating system using a
.T ció
mksysb image
• Explain the role of the image.data and bosinst.data
.
files
C
.F a
• Back up and restore a user defined volume group
• Back up and restore file systems using various utilities
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
11-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Backup introduction
IBM Power Systems
.I. n
– Accidental deletion
.T ció
– Damage due to software installation or hardware repair
– Create a system image for installation cloning
– Long term archive
.
– Disaster recovery
C
Generally handled by
.F a
enterprise backup
• Types of backup: mgmt solutions, for
example TSM
– Volume group
C rm
• mksysb utility which records an image backup of the operating system
• savevg utility which performs a full backup of a user-created VG
– Full
to fo
• Backs up all specified data
– Incremental
• Records changes since previous backups
ec vo
Notes:
oy si
The data on a computer is usually far more important and expensive to replace than the
machine itself. Data loss can happen in many ways. The most common causes are
cl
hardware failure and accidental deletion. AIX provides several ways in which we can
back up and restore data.
Ex
• Volume group backup: AIX provides a mksysb utility which creates a back up
image of the operating system (that is, the root volume group) and the savevg
utility to backup user defined volume groups. It is very important that regular
mksysb backups are created as they allow us to reinstall a system to its original
pr
state if it has been corrupted. If you create the backup on external media, for
example tape, the media is bootable and includes the installation programs
needed to install from the backup.
• Full backup: A full backup (sometimes referred to as level 0 backup) will back
up all files and directories in the specified location. AIX provides the backup
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
command and several standard UNIX utilities for performing a full backup such
as tar, cpio and pax.
• Incremental backup: An incremental backup, backs up all the files which have
changed since the last full or incremental backup. The backup command on AIX
is capable of providing this functionality.
AIX (and Unix) systems are often deployed in high performance, fault tolerant, 24x7
mission critical environments. As a result of this, often enterprise backup solutions are
.I. n
deployed, like IBM Tivoli Storage Manager (TSM) for System Backup and Recovery
.T ció
(Sysback). TSM for Sysback is designed to provide centralized, automated data
protection that can help reduce the risks associated with data loss while also helping to
reduce complexity, manage costs, and address compliance with regulatory data
.
retention requirements. TSM for Sysback is outside the scope of this class.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
11-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• If device selected is tape, bootable tape is created in backup
.T ció
format.
.
• Can be completed over a network to a NIM server.
C
.F a
• Provides facilities for a non-interactive installation.
C rm
• Saves system-created paging space definitions.
• Saves LV policies and file system attributes.
to fo
• There should be minimal user and application activity.
ec vo
Notes:
oy si
• Provides the ability to shrink the file system and logical volume in a volume group at
system installation or mksysb recovery time
• Saves the file system characteristics
• Allows the user to restore single or multiple files from a system image
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
for use on other machines, the mksysb is considered a clone. Cloning means
preserving either all or some of a system's customized information for use on a different
machine. During install, the default option is Enable System Backups to install any
system = Yes. This means that mksysb files are not system specific. Otherwise, if the
mksysb by itself, is used to clone a machine or LPAR that is not a hardware clone, it
may not work, as it cannot provide support for hardware devices unique to the new
machine or LPAR. For example, loading a mksysb image made from a physical
.I. n
machine will not install correctly on a virtual LPAR because they use different AIX
filesets. However, this is an easy problem to resolve. In addition to the mksysb, you
.T ció
also need to boot using the AIX installation media to provide the filesets needed by the
other machine or LPAR. If using a NIM server, a bosinst.data file must be defined with
the option INSTALL_DEVICES_AND_UPDATES = yes and the lppsource allocated to the
.
client machine, must also have all the possible device support.
C
.F a
Non-interactive installation
If a system backup is being made to install another system or to reinstall the existing
C rm
system, a customer can predefine installation information so questions at installation
time are already answered. This keeps user interaction at the target node to a
minimum. The system backup and BOS install, interact through several files. The
mksysb saves the data, used by the installation, through taking a snapshot of the
to fo
current system, and its customized state.
System backup components
The components provided as part of the system backup utility, are packaged in the
ec vo
bos.sysmgt.sysbr package.
oy si
u
cl
Ex
pr
11-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Backup
Backup DEVICE
DEVICE or
or FILE
FILE [/backups/my_mksysb]
[/backups/my_mksysb]
/Create
/Create MAP
MAP files?
files? no
no
.T ció
EXCLUDE
EXCLUDE files?
files? no
no
List
List files
files as
as they
they are
are backed
backed up?
up? no
no
Verify Back up to tape, for
Verify readability
readability if
if tape
tape device?
device? no
no example /dev/rmt0
Generate
Generate new
new /image.data
/image.data file?
file? yes
yes is also popular.
.
EXPAND
EXPAND /tmp
/tmp if
if needed?
needed? no
no
Disable
Disable software
software packing
packing ofof backup?
backup? no
no
C
Backup extended attributes?
Backup extended attributes? yes
yes
.F a
Number
Number of
of BLOCKS
BLOCKS to
to write
write inin aa single
single output
output []
[]
(Leave
(Leave blank
blank to
to use
use aa system
system default)
default)
Location
Location of
of existing
existing mksysb
mksysb image []
C rm
image []
File
File system
system to
to use
use for
for temporary
temporary work
work space
space []
[]
(If
(If blank,
blank, /tmp
/tmp will
will be
be used.)
used.)
Backup
Backup encrypted
encrypted files?
files? yes
yes
Back
Back up
up DMAPI
DMAPI filesystem
filesystem files?
files? yes
yes ++
to fo
• SMIT also provides facilities to do a system backup to CD and
DVD, see smit sysbackup
ec vo
Notes:
oy si
Introduction
u
The SMIT screen shown in the visual, Back Up the System, performs a a mksysb
operation and only backs up mounted file systems in rootvg.
cl
logical volume in the volume group. This mapping is used to allocate the same
logical-to-physical partition mapping when the image is restored.
EXCLUDE files?
pr
This option excludes the files and directories listed in the /etc/exclude.rootvg file from
the system image backup.
List files as they are backed up?
Change the default to see each file listed as it is backed up. Otherwise, you see a
percentage-completed progress message while the backup is created.
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
EXPAND /tmp if needed?
.T ció
Choose yes if the /tmp file system can automatically expand if necessary during the
backup.
Disable software packing of backup?
.
C
The default is no, which means the files are packed before they are archived to tape.
.F a
Files that cannot be compressed are placed in the archive as is. Restoring the archive
automatically unpacks the files packed by this option. If the tape drive you are using
C rm
provides packing or compression, set this field to yes.
Backup extended attributes?
By default, the mksysb, savevg, and backup utilities save any extended attributes. If
to fo
you plan to restore to a back-level system which does not understand the format with
extended attributes, then this option allows you to override that default behavior.
Number of BLOCKS to write in a single output
ec vo
This specifies the number of 512 bytes to write in a single output operation, referred to
as the block size. If a number is not specified, the backup command uses a default
value appropriate for the physical device selected. Larger values result in larger
physical transfers to tape devices. The block size must be a multiple of the physical
oy si
Specifies the full path name to the location of a previously-created mksysb image that
can be used to create a bootable tape backup.
cl
Specifies the full path name to the location of a directory or file system to be used as
temporary space to create a bootable tape backup. The file system used must have at
least 100 MB of available free disk space for the creation of the bootable image. If this
field is left blank, the /tmp file system is used.
pr
11-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
image.data file
IBM Power Systems
.I. n
the root volume group
.T ció
• It is a large file arranged in stanza format
– Is not recommended that the user modify the file, apart from the shrink field
.
• New image.data can be created during a mksysb operation or by
C
calling the mkszfile command.
.F a
image_data:
image_data:
IMAGE_TYPE=
IMAGE_TYPE= bff
bff
C rm
DATE_TIME=
DATE_TIME= Mon
Mon 20
20 Oct
Oct 17:54:07
17:54:07 2008
2008
UNAME_INFO=
UNAME_INFO= AIX neo
AIX neo 11 66 00CBE2FE4C00
00CBE2FE4C00
PRODUCT_TAPE= no
PRODUCT_TAPE= no
USERVG_LIST=
USERVG_LIST=
PLATFORM=
PLATFORM= chrp
chrp The SHRINK field can be
OSLEVEL=
OSLEVEL= 6.1.1.0
6.1.1.0
OSLEVEL_R=
set to yes.
OSLEVEL_R= 6100-01
6100-01
CPU_ID=
CPU_ID= 00CBE2FE4C00
to fo
00CBE2FE4C00
LPAR_ID=
LPAR_ID= 44
logical_volume_policy:
logical_volume_policy:
SHRINK=
SHRINK= no
no
EXACT_FIT=
EXACT_FIT= no
no
ec vo
Notes:
oy si
The image.data file contains information describing the image installed during the BOS
installation process. This information includes the sizes, names, maps, and mount points of
u
logical volumes and file systems in the root volume group. The mkszfile command
generates the image.data file. It is not recommended that the user modify the file.
cl
Changing the value of one field without correctly modifying any related fields, can result in
a failed installation, and a corrupted backup image. The only exception to this
Ex
recommendation is the SHRINK field, which the user may modify to instruct the BOS
installation routines to create the file systems as specified in the image.data file, or to
create the file systems only as large as is required to contain all the data in the file system.
The BOS installation process also takes input from the image.data file regarding defaults
pr
for the machine being installed. Any default values in the image.data file will override
values obtained when the BOS installation queries the hardware topology and existing root
volume group. The image.data file resides in the / directory.
To create a mksysb backup image with a customized image.data file:
• Create a new image.data file: # mkszfile.
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
11-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
bosinst.data file
IBM Power Systems
.I. n
– /usr/lpp/bosinst/bosinst.template.README
control_flow:
.T ció
control_flow:
CONSOLE
CONSOLE == Default
Default ALT_DISK_INSTALL_BUNDLE = no
INSTALL_METHOD
INSTALL_METHOD == overwrite
overwrite GRAPHICS_BUNDLE = yes
PROMPT
PROMPT == no
no MOZILLA_BUNDLE = no
EXISTING_SYSTEM_OVERWRITE
EXISTING_SYSTEM_OVERWRITE == yes
yes KERBEROS_5_BUNDLE = no
.
INSTALL_X_IF_ADAPTER
INSTALL_X_IF_ADAPTER == nono SERVER_BUNDLE = yes
RUN_STARTUP
RUN_STARTUP == yes
yes
C
ALT_DISK_INSTALL_BUNDLE = no
RM_INST_ROOTS
RM_INST_ROOTS == no
no
.F a
ERROR_EXIT
ERROR_EXIT == locale:
CUSTOMIZATION_FILE
CUSTOMIZATION_FILE == SCREEN
SCREEN BOSINST_LANG = en_US
TCB
TCB == no
no CULTURAL_CONVENTION = en_GB
C rm
INSTALL_TYPE
INSTALL_TYPE == MESSAGES = en_US
BUNDLES
BUNDLES == KEYBOARD = en_GB
SWITCH_TO_PRODUCT_TAPE
SWITCH_TO_PRODUCT_TAPE ==
RECOVER_DEVICES
RECOVER_DEVICES == nono target_disk_data:
BOSINST_DEBUG
BOSINST_DEBUG == no
no PVID =
ACCEPT_LICENSES
ACCEPT_LICENSES == PHYSICAL_LOCATION =
DESKTOP
DESKTOP == CDE
CDE CONNECTION =
to fo
INSTALL_DEVICES_AND_UPDATES
INSTALL_DEVICES_AND_UPDATES == yes
yes LOCATION =
IMPORT_USER_VGS
IMPORT_USER_VGS == SIZE_MB =
ENABLE_64BIT_KERNEL
ENABLE_64BIT_KERNEL == Default
Default HDISKNAME = hdisk0
CREATE_JFS2_FS
CREATE_JFS2_FS == yes
yes
ALL_DEVICES_KERNELS
ALL_DEVICES_KERNELS == nono
ec vo
Notes:
oy si
/bosinst.data file
u
This file enables the administrator to specify the requirements at the target system and how
the user interacts with the target system. It provides flexibility by allowing unattended
cl
installations. The system backup utilities simply copy the /bosinst.data into the second file
on the mksysb tape. If this file is not in the root directory, the
/usr/lpp/bosinst/bosinst.template is copied to the /bosinst.data.
Ex
different hardware configuration, boot from product media to get any missing device
drivers installed. In addition, if the product media is a later level of AIX than the mksysb,
software in the mksysb image will be updated. To prevent either of these additional
installations from occurring, set this field to no. The default is yes.
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
create a system backup of your system, you can use that system backup to install any
.T ció
system.
• LOCALE STANZA: Will determine:
- The language to use during installation
.
C
- Primary cultural convention to use after reboot
.F a
- Primary message catalogs to use after reboot
C rm
- Keyboard map to use after reboot
• TARGET DISK STANZA: Will determine where to create the root volume group.
to fo
ec vo
oy si
u
cl
Ex
pr
11-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
BOS boot mkinsttape dummy rootvg
image image backup image
.T ció
.toc
1st Section 2nd Section 3rd Section 4th Section
0 1 2 3
.
C
.F a
Kernel ./image.data Dummy TOC Backup
device drivers ./bosinst.data by name
./tapeblksz
C rm
• To list files in the backup image on a mksysb:
– lsmksysb –f /dev/rmt0
to fo
• To restore individual files from the mksysb:
– restorevgfiles –f /dev/rmt0 ./etc/inittab
ec vo
Notes:
oy si
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Dummy TOC
The dummy TOC is used to make mksysb tapes have the same number of files as the
BOS installation tapes.
rootvg backup image
The rootvg backup image contains all the data from the backup. This data is saved
using the backup command which is discussed shortly
.I. n
• Listing and extracting files in a tape mksysb image
.T ció
The easiest way to list files or to restore individual files from any media (tape or optical)
is to use the generic list and restore commands:
- # lsmksysb -f <device> , where <device> might be /dev/rmt0 or /dev/cd0.
.
C
- # restorevgfiles -f <device> <file name>,
.F a
• <device> might be /dev/rmt0 or /dev/cd0.
C rm
• <file> can be one of more files such as ./etc/inittab
For tape specific restores, a combination of tape control and AIX file system restore
commands can be used:
to fo
- # tctl -f /dev/rmt0 rewind
- # tctl -f /dev/rmt0.1 fsf 3
- # restore -Tvf /dev/rmt0
ec vo
OR
- restore -Tv –s4 -f /dev/rmt0
The tctl command can be used to rewind and fast forward the tape to the start of the
oy si
fourth section (third tape mark). Then, the restore command, as shown in the
example can be used to extract (-x) or list (-T) files on the tape. Alternatively, if the
tape is already rewound, then the restore command can be used directly to extract
u
For further information regarding tape manipulation, see the tctl man page.
Ex
pr
11-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Using the SMS menus, boot the system from the tape device.
• Restore mksysb image from the device, that is, tape
.I. n
(/dev/rmt0), as follows:
.T ció
Welcome
Welcome to
to Base
Base Operating
Operating System
System
Installation
Installation and
and Maintenance
Maintenance
11 Start
Start Install
Install Now
Now With
With Default
Default Settings
Settings
.
22 Change/Show
Change/Show Installation
Installation Settings
Settings and
and Install
Install
>> 3 Start Maintenance Mode for System Recovery
C
>> 3 Start Maintenance Mode for System Recovery
.F a
44 Configure
Configure Network
Network Disks
Disks (iSCSI)
(iSCSI)
C rm
11 Access
Access AA Root
Root Volume
Volume Group
Group
22 Copy
Copy a System Dump to
a System Dump to Removable
Removable Media
Media
33 Access
Access Advanced
Advanced Maintenance
Maintenance Functions
Functions
44 Erase
Erase Disks
Disks
>>
>> 66 Install
Install from
from aa System
System Backup
Backup
to fo
Tape
Tape Drive
Drive Path
Path Name
Name
>>
>> 11 tape/scsi/4mm/2GB
tape/scsi/4mm/2GB/dev/rmt0
/dev/rmt0
ec vo
Notes:
oy si
To restore a mksysb image from tape, boot the machine into SMS just as if you were
performing an installation. As shown previously in the installation unit, select the device to
cl
boot from (in this case tape). Then, insert the mksysb tape and start the machine or LPAR.
The machine boots from the tape and prompts you to define the console and select a
language for installation. Once you have answered those questions, then the Installation
Ex
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Welcome
Welcome to
to Base
Base Operating
Operating System
System
Installation
Installation and
and Maintenance
Maintenance
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter. Choice
Choice is
is indicated
indicated by
by >>.
>>.
.I. n
11 Start
Start Install
Install Now
Now With
With Default
Default Settings
Settings
>>
>> 22 Change/Show
Change/Show Installation
Installation Settings
Settings and
and Install
Install
33 Start
Start Maintenance
Maintenance Mode
Mode for
for System
System Recovery
Recovery
.T ció
44 Configure
Configure Network
Network Disks
Disks (iSCSI)
(iSCSI)
System
System Backup
Backup Installation
Installation and
and Settings
Settings
.
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter.
C
11 Disk(s)
Disk(s) where
where you
you want
want to
to install
install hdisk0
.F a
hdisk0
Use Maps
Use Maps No
No
22 Shrink
Shrink Filesystems
Filesystems No
No
C rm
00 Install
Install with
with the
the settings
settings listed
listed above
above
Installing
Installing Base
Base Operating
Operating System
System
Please
Please wait...
wait...
to fo
Approximate
Approximate Elapsed
Elapsed time
time
%% tasks
tasks complete
complete (in
(in minutes)
minutes)
33 00 Making
Making logical
logical volumes
volumes
ec vo
Notes:
oy si
(Not all menu options are shown, due to format space limitations)
The options from the System Backup and Installation and Settings menu are:
Ex
- The option Use Maps lets you choose whether to use the map files created (if you
created any) during the backup process of the mksysb tape. The default is no. If the
selected disks do not have map files, then this option would not be available.
2 Shrink Filesystems
11-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty - The option Shrink Filesystems installs the file systems using the minimum required
space. The default is no. If yes, all file systems in rootvg are shrunk. So remember
after the restore, evaluate the current file system sizes. You might need to increase
their sizes.
0 Install with the settings listed above
- At the end, select option 0 which installs using the settings selected. Your mksysb
image is restored.
.I. n
The system then reboots.
.T ció
Additional options that you might see are:
Import User Volume Groups
.
- You have the option to have user volume groups imported after the installation
C
.F a
completes. The default is Yes.
Recover devices
C rm
- BOS installation program attempts to recreate the devices the same way they were
on the machine the mksysb was created on. This is normal procedure for regular
mksysb restores on the same system. However, for cloning (installing the mksysb
image on another system), you may not want these devices configured this way,
to fo
especially for network configuration. The default is Yes.
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
– Note: NIM server configuration is covered in the AN22 NIM course.
PowerPC
PowerPC Firmware
.T ció
Firmware
Version
Version SF240_338
SF240_338
SMS
SMS 1.6
1.6 (c)
(c) Copyright
Copyright IBM
IBM Corp.
Corp. 2000,2005
2000,2005 All
All rights
rights reserved.
reserved.
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
.
Main
Main Menu
Menu
1. Select
Select Language
C
1. Language
2. Setup
Setup Remote
Remote IPL
IPL (Initial
(Initial Program
Program Load)
Load) #then
#then select
select the
the adapter
adapter && IP
.F a
2. IP
Parameters
Parameters
3.
3. Change
Change SCSI
SCSI Settings
Settings
C rm
4.
4. Select
Select Console
Console
5.
5. Select
Select Boot
Boot Options
Options
Notes:
oy si
First, the resources (mksysb image, bosinst.data, SPOT) have to be allocated to the client
on the NIM server and the NIM server must run a bosinst operation on your client machine.
u
Next, boot the client into SMS mode and select option 2, Setup Remote IPL. This option
allows us to define the network parameters of the NIM server and client. Once the IPL
details have been entered, press ESC to return to the main menu.
Ex
pr
11-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– 2. Normal Mode Boot
– 1. Yes -- to exit System Management Services
.T ció
BOOTP:
BOOTP: chosen-network-type
chosen-network-type == ethernet,auto,none,auto
ethernet,auto,none,auto BOOTP R = 1 BOOTP S = 2
BOOTP: server FILE: /tftpboot/alex.lpar.co.uk
BOOTP: server IP IP == 10.47.1.33
10.47.1.33
BOOTP: requested FINAL Packet Count = 27900
BOOTP: requested filename
filename == FINAL File Size = 14284288 bytes.
.
BOOTP:
BOOTP: client
client IP =
IP = 10.47.1.21
10.47.1.21 load-base=0x4000
BOOTP: client
client HW HW addr
addr == ea
ea 48
48 f0
f0 00 90
90 33
C
BOOTP: real-base=0x2000000
.F a
BOOTP:
BOOTP: gateway
gateway IPIP == 0.0.0.0
0.0.0.0
BOOTP:
BOOTP: device
device /vdevice/l-lan@30000003
/vdevice/l-lan@30000003
BOOTP:
BOOTP: loc-code
loc-code U9113.550.65F2E7F-V9-C3-T1
U9113.550.65F2E7F-V9-C3-T1 Client issues a bootp request
C rm
to NIM master and downloads
the boot image via TFTP
Installing
Installing Base
Base Operating
Operating System
System
Please
Please wait...
wait...
to fo
Approximate
Approximate Elapsed
Elapsed time
time
%% tasks
tasks complete
complete (in
(in minutes)
minutes)
33 00 Making
Making logical
logical volumes
volumes
ec vo
Notes:
oy si
The visual shows the rest of the steps involved in completing the mksysb restore.
u
This example assumes that the NIM servers was configured to provide a bosint.data file
with PROMPT=NO and all the necessary information provided, Otherwise, the system
cl
console would need to be used to walk through the Install and Maintenance panels shown
on the previous visuals.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
** Backup
Backup DEVICE
DEVICE or
or FILE
FILE [/tmp/datavg_bk_svg]
[/tmp/datavg_bk_svg] +/
+/
** VOLUME
VOLUME GROUP to back
GROUP to back up
up [datavg]
[datavg] ++
.T ció
List
List files
files as
as they
they are
are backed
backed up?
up? no
no ++
Generate
Generate new
new vg.data
vg.data file?
file? yes
yes ++
Create
Create MAP
MAP files?
files? no
no ++
EXCLUDE
EXCLUDE files?
files? no
no ++
.
EXPAND
EXPAND /tmp
/tmp if
if needed?
needed? no
no ++
C
Disable
Disable software
software packing
packing ofof backup?
backup? no
no ++
.F a
Backup
Backup extended
extended attributes?
attributes? yes
yes ++
Number
Number of
of BLOCKS
BLOCKS to
to write
write in
in aa single
single output
output []
[] ##
(Leave
(Leave blank to use a system default)
blank to use a system default)
C rm
Verify
Verify readability
readability ifif tape
tape device?
device? no
no ++
Back
Back up
up Volume
Volume Group
Group information
information files
files only?
only? no
no ++
Back
Back up
up encrypted
encrypted files?
files? yes
yes ++
Back
Back up
up DMAPI
DMAPI filesystem
filesystem files?
files? no
no ++
to fo
• SMIT also provides facilities to do a VG backup to CD and DVD
(smit vgbackup).
ec vo
Notes:
oy si
To back up non-rootvg volume groups, use smit savevg or smit savevg. The parameters
are virtually identical to creating a mksysb image.
u
The savevg command finds and backs up all files belonging to a specified volume group.
cl
The volume group must be varied-on, and the file systems must be mounted. The savevg
command uses the data file created by the mkvgdata command. This data file can be one
of the following:
Ex
• /tmp/vgdata/vgname/<vgname>.data
Contains information about a user volume group. The <vgname> variable reflects the
name of the volume group. The savevg command uses this file to create a backup
pr
image that can be used by the restvg command to remake the user volume group.
11-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
** Restore
Restore DEVICE
DEVICE or
or FILE
FILE [/tmp/datavg_bk_svg]
[/tmp/datavg_bk_svg] +/
+/
SHRINK the filesystems?
SHRINK the filesystems? no
no ++
.T ció
Recreate
Recreate logical
logical volumes
volumes and
and filesystems
filesystems only?
only? no
no ++
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names []
[] ++
(Leave
(Leave blank
blank to
to use
use the
the PHYSICAL
PHYSICAL VOLUMES
VOLUMES listed
listed
in
in the vgname.data file in the backup image)
the vgname.data file in the backup image)
.
Use
Use existing
existing MAP
MAP files?
files? yes
yes ++
C
Physical
Physical partition
partition SIZE
SIZE in
in megabytes
megabytes []
[] +#
+#
.F a
(Leave
(Leave blank
blank to
to have
have the
the SIZE
SIZE determined
determined
based on disk size)
based on disk size)
Number
Number of
of BLOCKS
BLOCKS to
to read
read in
in aa single
single input
input []
[] ##
C rm
(Leave
(Leave blank
blank to
to use
use aa system
system default)
default)
Alternate
Alternate vg.data
vg.data file
file []
[] //
(Leave
(Leave blank
blank to
to use
use vg.data
vg.data stored
stored in
in
backup image)
backup image)
to fo
• Prior to restoring the VG
– Unmount all file systems which are part of that VG.
– Vary off and export the volume group.
ec vo
Notes:
oy si
The visual shows the process of restoring a non-rootvg volume group. Standard out from
the smit screen is shown below:
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
COMMAND STATUS
Command: OK stdout: yes stderr: no
Before command completion, additional instructions may appear below.
Will create the Volume Group: datavg
Target Disks: hdisk1
Allocation Policy:
.I. n
Shrink Filesystems: no
Preserve Physical Partitions for each Logical Volume: no
.T ció
datavg
loglv01
fslv00
.
New volume on /tmp/datavf_bk_svg:
C
Cluster size is 51200 bytes (100 blocks).
.F a
The volume number is 1.
The backup date is: Mon 20 Oct 20:29:05 2008
C rm
Files are backed up by name.
The user is root.
x 11 ./tmp/vgdata/datavg/image.info
x 127 ./tmp/vgdata/vgdata.files598152
x 127 ./tmp/vgdata/vgdata.files
to fo
x 2444 ./tmp/vgdata/datavg/filesystems
x 2481 ./tmp/vgdata/datavg/datavg.data
x 340 ./tmp/vgdata/datavg/backup.data
x 0 ./data
ec vo
x 0 ./data/lost+found
x 1024 ./data/file1
x 1024 ./data/file2
x 1024 ./data/file3
oy si
11-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• AIX
– Backup and restore
.I. n
• Other popular backup, restore commands across UNIX
.T ció
platforms:
– tar
.
C
– cpio
.F a
– pax
C rm
– dd
• Compression utilities
to fo
– Compress, restore using uncompress or zcat
– gzip, restore using gunzip
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
/home/aix/file1
/home/aix/file1
/home/aix/file2
/home/aix/file2
.T ció
Absolute paths
/home/aix/file3
/home/aix/file3
## backup
backup -iqvf
-iqvf /dev/rmt0
/dev/rmt0 << listfile
listfile
.
Relative paths
C
## find
find /home/aix
/home/aix || backup
backup -iqvf
-iqvf /dev/rmt0
/dev/rmt0
.F a
## cd
cd /home/aix
/home/aix
C rm
## find
find .. || backup
backup -iqvf
-iqvf /backup/aix.backup
/backup/aix.backup List files
## restore
restore -Tvf
-Tvf /backup/aix.backup
/backup/aix.backup
Extract (restore)
files
to fo
## restore
restore -xvf
-xvf /backup/aix.backup
/backup/aix.backup
## restore
restore -xvf
-xvf /tmp/aix.backup
/tmp/aix.backup ./file1
./file1 Extract individual
file
ec vo
Notes:
oy si
backed up. Backup by i-node, backs up file systems when they are unmounted.
Note: Relative versus full file names will impact the location of files on recovery!
Popular backup flags
• -q: Media is ready
• -i: Specifies that files be read from standard input and archived by file name.
pr
11-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
## backup
backup -u
-u -0
-0 -f
-f /tmp/databkup_21Oct_level0
/tmp/databkup_21Oct_level0 /data
/data
.I. n
## backup
backup -u
-u -1
-1 -f
-f /tmp/databkup_21Oct_level1
/tmp/databkup_21Oct_level1 /data
/data
.T ció
## cat
cat /etc/dumpdates
/etc/dumpdates
/dev/rfslv00
/dev/rfslv00 11 Tue
Tue Oct
Oct 21
21 15:45:21
15:45:21 2008
.
2008
Incremental backup
/dev/rfslv00
/dev/rfslv00 00 Tue
Tue Oct
Oct 21
21 15:40:54
15:40:54 2008
C
2008
.F a
Backup history
C rm
## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level0
/tmp/databkup_21Nov_level0
## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level1
/tmp/databkup_21Nov_level1
to fo
Must restore first to the last level 0
then followed by each incremental…
ec vo
Notes:
oy si
Backup by inode is useful for performing full (level 0) and incremental backups of file
systems. Backup by inode should only be completed when the filesystem is unmounted!
u
Note: The command will complete if the filesystem is in use, but the following warning
message is displayed, Backup: 0511-251 The file system is still mounted; data
cl
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
tar command
IBM Power Systems
.I. n
## tar
tar –cvf
–cvf /dev/rmt0
/dev/rmt0 /home
/home
## tar
tar -cvf
-cvf /backup/home.tar
/backup/home.tar /home
.T ció
/home
– List files in a tar backup (-t)
.
## tar
tar –tvf
–tvf /dev/rmt0
/dev/rmt0
C
.F a
– Extract files from a tar backup (-x)
C rm
## tar
tar –xvf
–xvf /dev/rmt0
/dev/rmt0
Notes:
oy si
The tar command archives and restores files. tar is most commonly used in tandem with
an external compression utility, since it has no built-in data compression facilities.
u
11-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
cpio command
IBM Power Systems
.I. n
## find
find /home
/home || cpio
cpio –ov
–ov >> /backup/home.bk
/backup/home.bk
.T ció
– List files in a cpio backup (-t)
.
## cpio
cpio -itv
-itv << /backup/home.bk
/backup/home.bk
C
.F a
– Extract files from a cpio backup (-i)
C rm
## cpio
cpio –idv
–idv << /backup/home.bk
/backup/home.bk
Notes:
oy si
cpio copies file archives in from, or out to tape, disk, or another location on the local
machine.
u
• -o command reads file path names from standard input and copies these files to
standard output, along with path names and status information.
Ex
• -i command reads from standard input an archive file created by the cpio -o command
and copies from it the files with names that match the Pattern parameter.
• -p copies files to another directory on the same system.
• -d creates directories as needed.
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
pax command
IBM Power Systems
.I. n
– Create a pax backup of /home (-w)
.T ció
## pax
pax -wf
-wf /backup/home_pax.ar
/backup/home_pax.ar /home
/home
.
C
.F a
– List files in a pax backup (-v)
C rm
## pax
pax -v
-v –f
–f /backup/home_pax.ar
/backup/home_pax.ar
Notes:
oy si
The pax command extracts, writes, and lists members of archive files; copies files and
directory hierarchies.
u
Rather than sort out the incompatible options that have crept up between tar and cpio,
cl
along with their implementations across various versions of UNIX, the IEEE designed a
new archive utility. Pax means “peace” in Latin, so the utility is named to create peace
between the tar and cpio.
Ex
pr
11-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
dd command
IBM Power Systems
.I. n
– Copy tape to tape. Tape1 block size=1KB. Tape2 block size=2KB.
.T ció
## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024
ibs=1024 obs=2048
obs=2048 of=/dev/rmt1
of=/dev/rmt1
.
C
.F a
## tar
tar -cvf
-cvf -- /home
/home || dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0
## tar
tar -cvf
-cvf -- /home
/home || rsh
rsh <system>
<system> dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0
C rm
## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024k
ibs=1024k || tar
tar xvf
xvf -- Writing to a tape
drive on a remote
machine
to fo
– Convert /etc/passwd from ASCII to EBCDIC:
## dd
dd if=/etc/passwd
if=/etc/passwd of=/etc/passwd.ebcdic
of=/etc/passwd.ebcdic conv=ebcdic
conv=ebcdic
ec vo
Notes:
oy si
The dd command reads in standard input or the specified input file, converts it, and then
writes to standard out or the named output.
u
example, if a file system’s superblock (stored in the first block of the file system) is corrupt,
a copy is kept at the 31st block. The dd command can copy that 31st block back to the first
to repair the file system. The command is:
# dd count=1 bs=4k skip=31 seek=1 if=/dev/hd4 of=/dev/hd4
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Compression commands (1 of 2)
IBM Power Systems
.I. n
– This can be done using a number of utilities, such as compress.
• Examples (using compress, uncompress, and zcat):
.T ció
## compress
compress -v
-v /tmp/data.tar
/tmp/data.tar
.
/tmp/data.tar:
/tmp/data.tar: Compression:
Compression: 95.50%
95.50% This
This file
file is
is replaced
replaced
C
with
with /tmp/data.tar.Z.
/tmp/data.tar.Z.
.F a
C rm
## uncompress
uncompress /tmp/data.tar.Z
/tmp/data.tar.Z
/tmp/data.tar.Z:
/tmp/data.tar.Z: This
This file
file is
is replaced
replaced with
with /tmp/data.tar.
/tmp/data.tar.
to fo
zcat expands a
compressed file to
## zcat
zcat /tmp/data.tar.Z
/tmp/data.tar.Z || tar
tar -xvf
-xvf -- standard out.
ec vo
Notes:
oy si
Files which are archived are usually further compressed to reduce their size. Compress,
uncompress and zcat commands are standard commands across UNIX platforms for
u
11-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Compression commands (2 of 2)
IBM Power Systems
## gzip
gzip -v
-v /tmp/data.tar
.I. n
/tmp/data.tar
/tmp/data.tar:
/tmp/data.tar: 97.7%
97.7% --
-- replaced
replaced with
with
.T ció
/tmp/data.tar.gz
/tmp/data.tar.gz
## gunzip
gunzip -v
-v /tmp/data.tar.gz
/tmp/data.tar.gz
.
/tmp/data.tar.gz: 97.7%
97.7% --
-- replaced
replaced with Creates a
C
/tmp/data.tar.gz: with
.F a
/tmp/data.tar
/tmp/data.tar compressed
tarball
(.tar.gz) of the
C rm
## tar
tar -cvf
-cvf -- /data
/data || gzip
gzip -c
-c >> data_tar.gz
data_tar.gz /data directory.
## gunzip
gunzip -c
-c data_tar.gz
data_tar.gz || tar
tar xvf
xvf -- Decompresses
and extracts the
to fo
compressed
tarball (.tar.gz).
ec vo
Notes:
oy si
gzip is a software application used for file compression. gzip is short for GNU zip. The
program is very popular and is a free replacement for the compress program which was
u
Another popular and free compression utility is bzip2 which is based on a lossless data
compression algorithm. Bzip2 compression is generally more effective than gzip. The
usage of bzip2 and bunzip2 (for decompression) is fairly similar to gzip and gunzip
Ex
respectively.
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Good practices
IBM Power Systems
.I. n
• Verify your backups.
– Check the tape device(s).
.T ció
– Label tapes.
.
• Keep old backups.
C
.F a
C rm
• Keep a copy of the backups securely offsite.
Notes:
oy si
• Take regular backups. Always take regular backups of data. The most efficient way of
doing this is through regular automated incremental backups, as done through products
u
like TSM.
cl
• Verify your backups. Always verify your backed up data. Use restore -T (or tar -t) to
view the contents. With mksysb tapes, you can position the tape to the correct marker
and verify the contents without having to restore the data.
Ex
• Check the tape devices. The tapechk command can be used to check a number of
files on a tape. If no argument is specified, then the first block on the tape is checked. If
a number is specified, that number of files are checked. You can also position the tape
pr
before tapechk is run by specifying a second number. For example, tapechk 2.1 reads
two files after skipping past the first file.The tapechk command can be used to detect
malfunctioning hardware.
• Label your tapes. There is no way to know what is on the tape by looking at it. The
label should at least list the tape files, the commands used to create the tape, the date
created, and the block size.
11-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty • Keep old backups. Keep old backups in case something goes wrong with the new
ones.
• Keep a copy of backups securely offsite. Store a set of backups off site in case
something happens to your site.
• Test recovery procedures. Test your recovery procedure before you have to. Know
that you can recover before you have to recover.
.I. n
• Consider deploying an enterprise storage solution. Enterprise storage solutions like
Tivoli Storage Manager provide centralized, automated storage management and data
.T ció
protection. TSM storage management software protects you from the risks of data loss
and helps you reduce complexity, manage costs, and address compliance with data
retention and availability requirements.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
.I. n
b. cd /home/fred; find . | backup -ivf /dev/rmt0
.T ció
2. On a mksysb tape, what command would you use to restore
individual files from a mksysb tape?
.
C
.F a
3. True or False: smit mksysb backs up all file systems,
C rm
provided they are mounted.
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
11-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Backup and restore
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Back up the rootvg volume group using the mksysb utility
.T ció
• Explain how to restore the operating system using a
mksysb image
.
C
• Explain the role of the image.data and bosinst.data
.F a
files
C rm
• Back up and restore a user defined volume group
• Back up and restore file systems using various utilities
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
11-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Define the concepts of users and groups, and explain how and
C
when these should be allocated on the system
.F a
• Describe ways of controlling root access on the system
C rm
• Explain the uses of SUID, SGID, and SVTX permission bits
• Administer user accounts and groups
to fo
How you will check your progress
• Checkpoint questions
• Machine exercises
ec vo
References
oy si
Configuration (Redbook)
SG24-7559 AIX Version 7.1 Differences Guide (Redbook)
cl
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
and when these should be allocated on the system
.T ció
• Describe ways of controlling root access on the system
• Explain the uses of SUID, SGID, and SVTX permission bits
.
• Administer user accounts and groups
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
12-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Describe the role of RBAC
.T ció
• Understand and apply file permissions
– Including the role of the umask parameter
.
• Change file ownership and group assignment
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
12-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
User accounts
IBM Power Systems
.I. n
• The owner is usually the user who created the file, but
.T ció
ownership can be transferred by root.
• Default users:
.
– root Superuser
C
.F a
– adm, sys, bin, ... IDs that own system files but
cannot be used for login
C rm
## id
id
uid=0(root)
uid=0(root) gid=0(system)
gid=0(system)
to fo
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
ec vo
Notes:
oy si
The security of the system is based on a user being assigned a unique name, a unique
user ID (UID) and password, and a primary group ID (GID). When the user logs in, the
cl
UID is used to validate all requests for file access. The UID, associated groups, and
GIDs can be seen by the id command.
Ex
File ownership
When a file is created, the UID associated with the process that created the file is
assigned ownership of the file. Only the owner or root can change the access
permissions.
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• root’s password:
– Carefully guard
.I. n
– Non-trivial passwords
– Changed on an unannounced schedule
.T ció
• Assign different root passwords to different machines.
.
• Always log in as an ordinary user first and then su to root
C
instead of logging in as root.
.F a
– audit trail in /var/adm/sulog
C rm
– Enforce use of the su method to use root authority:
## chuser
chuser login=false
login=false su=true
su=true sugroup=system
sugroup=system root
root
to fo
• Do not include unsecured directories in root's PATH.
ec vo
Notes:
oy si
If the root password is known by too many people, no one can be held accountable.
The root password should be limited to just two or three administrators. The fewer
cl
people who know root's password, the better. The system administrator should ensure
that distinct root passwords are assigned to different machines. You may allow normal
users to have the same passwords on different machines, but never do this for root.
Ex
12-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Groups
IBM Power Systems
.I. n
administration authority.
.T ció
• Every user is a member of at least one group and can be a
member of several groups (a groupset).
.
• The user has access to a file if any group in the user’s
C
groupset provides access.
.F a
– To list the groupset, use the groups command.
C rm
• The user's real group ID is used for file ownership on creation.
– To change the real group ID, use the newgrp command.
• Default groups are:
to fo
– System administrators: system
– Ordinary users: staff
ec vo
Notes:
oy si
Function of groups
u
Users that require shared access to a set of files are placed in groups. Each group has
a unique name and Group ID (GID). The GID, like the UID, is assigned to a file when it
cl
There are several groups predefined on an AIX system. For example, the system
group is root's group and the staff group is for all ordinary users.
Planning and administering groups
pr
The creation of groups to organize and differentiate the users of a system or network is
part of systems administration. The guidelines for forming groups should be part of the
security policy. Defining groups for large systems can be quite complex, and once a
system is operational, it is very difficult to change the group structure. Investing time
and effort in devising group definitions before your system arrives is recommended.
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Groups should be defined as broadly as possible and be consistent with your security
policy. Do not define too many groups because defining groups for every possible
combination of data type and user type can lead to impossible extremes.
A group administrator is a user who is allowed to assign the members and
administrators of a group. It does not imply that the user has any administrative abilities
for the system.
Types of groups
.I. n
There are three types of groups on the system:
.T ció
• User groups
- User groups should be made for people who need to share files on the
.
system, such as people who work in the same department, or people who are
C
working on the same project.
.F a
• System administrator groups
C rm
- System administrators are automatically members of the system group.
Membership of this group allows the administrators to perform some of the
system tasks without having to be the root user.
• System defined groups
to fo
- Several system-defined groups exist. staff is the default group for all
non-administrative users created in the system. security is another
system-defined group with limited privileges for performing security
ec vo
A user's real group identification is used to determine the group ownership of a file
created by that user. The newgrp command changes a user's real group identification. If
you provide a group name as a parameter to the newgrp command, the system
u
changes the name of your real group to the group name specified (if the group name
specified is part of your groupset). If no group name is provided as a parameter, the
cl
newgrp command changes your real group to the group specified as your primary group
in the /etc/passwd file.
Ex
Example:
$ id
uid=206(secc) gid=7(security) groups=1(staff)
pr
$ newgrp staff
$ id
uid=206(secc) gid=1(staff) groups=7(security)
12-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
system security
.T ció
Rights to
printq administrative
adm functions
.
audit
C
.F a
shutdown
C rm staff Ordinary
users
to fo
ec vo
Notes:
oy si
As indicated on the visual, membership in some groups confers rights to the use of
certain administrative functions. Membership in the staff group does not provide rights
cl
Common groups on the system (and their intended uses) are as follows:
• system for most configuration and standard hardware and software maintenance
• printq for managing queuing.
pr
- Typical commands which can be run by members of this group are: enable,
disable, qadm, qpri, and so forth.
• security to handle most passwords and limits control
- Typical commands which can be run by members of this group are: mkuser,
rmuser, pwdadm, chuser, chgroup, and so forth.
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• adm most monitoring functions such as performance, cron, accounting staff, default
group assigned to all new users
- You may want to change this in /usr/lib/security/mkuser.defaults.
• audit for auditors
• shutdown allows use of the shutdown command.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
12-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– For example, SysBoot role authorizes executing shutdown
• Roles, such as SysBoot, assigned to users
.T ció
1 Roles 2 Users
.
C
Authorizations Roles
.F a
C rm
• Domain RBAC
– Controls which objects can be administered
Intranet interface
to fo
Network
Mgt.
Internet interface
ec vo
Notes:
oy si
The difficulty with permission (or even access control list) based access control is that
you must secure the needed resource rather than the command. It was often difficult to
cl
know which resources were the ones needed. In some cases we are dealing with kernel
resources. In addition, a given resource may have multiple uses and a single group
access to it may not work. Allowing a program to be root with suid allowed one to
Ex
bypass the resource permissions, but suid itself was a potential exposure. With
Enhanced Resource Based Access Control (RBAC), resource access is controlled
through privileged commands and then only users with the proper authorization are
allowed to execute the privileged command. The authorization and privileges are fine
pr
grained.
Legacy RBAC
Starting with AIX 4.2.1, a form of RBAC was provided but was difficult to work with.
Even though a user was assigned a role, that user was often still unable to execute the
associated tasks until a requisite command was converted to a set uid executable and
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
the user was made a member of the associated group. In addition, the legacy
framework was implemented without involvement of the kernel.
Enhanced RBAC
Starting with AIX 6.1, an enhanced form of RBAC is provided. The enhanced RBAC
framework involves the kernel and thus is more secure. The new framework is also
more granular and extensive than the legacy RBAC. Once a role is assigned to a user,
they have the authorization to do the related tasks without having to play with file
.I. n
permissions or group membership. While the framework supports user defined
.T ció
privileged commands, authorizations, and roles, Starting with version 6.1, AIX provides
10 predefined roles that can be used without additional RBAC configuration. The details
of the RBAC framework is outside the scope of this course, however more detail with a
.
simple example is included in topic two of this unit.
C
Sudo
.F a
Sudo (su “do”) is free add-on software for UNIX systems which enables a system
C rm
administrator to delegate authority to give certain users, or groups of users, the ability to
run some, or all, commands as root or another user while providing an audit trail of the
commands and their arguments. Enhanced RBAC, eliminates the use of sudo like tools.
to fo
ec vo
oy si
u
cl
Ex
pr
12-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
File/directory permissions
IBM Power Systems
.I. n
Read content of file r List content of directory
Modify content of file w Create and remove files in
.T ció
directory
Use file name to execute x Give access to directory
.
as a command
C
.F a
Run program with SUID --------
effective UID of owner
C rm
Run program with SGID Files created in directory
effective GID of group inherit the same group as
the directory
to fo
-------- SVTX Must be owner of files to
delete files from directory
ec vo
Notes:
oy si
Permission bits
u
There are a number of permission bits associated with files and directories. The
standard r (read), w (write), and x (execute) permissions, define three levels of access
cl
for the user (owner), group, and others. In addition, there are three permission bits
known as SUID (set UID), SGID (set GID), and SVTX (sticky bit).
Ex
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
SGID on a directory means that any file or directory created within the directory will
have the same group ownership as the directory rather than the real group ID or
primary group of the user.
The SGID permission bits are propagated down through the directory structure, so that
any directory created in a directory with the SGID bit set, also inherits that bit.
The SVTX bit
.I. n
SVTX on a file has no meaning in AIX. It was used in earlier versions of UNIX.
Traditional UNIX used SVTX to keep a program in memory after it had completed
.T ció
running, but with memory management routines, this is no longer necessary. SVTX is
known as the sticky bit.
.
SVTX on a directory means that even if the directory has global write permission (for
C
example, /tmp), users cannot delete a file within it, unless they either own the file, or the
.F a
directory.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
12-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Reading permissions
IBM Power Systems
.I. n
.T ció
s s t
S S T
.
C
.F a
SUID SUID SGID SGID sticky sticky
only +x only +x bit bit
C rm
only +x
## ls
ls -ld
-ld /usr/bin/passwd
/usr/bin/passwd /usr/bin/crontab
/usr/bin/crontab /tmp
/tmp
to fo
-r-sr-xr-x
-r-sr-xr-x root
root security
security ...
... /usr/bin/passwd
/usr/bin/passwd
-r-sr-sr-x
-r-sr-sr-x root
root cron
cron ...
... /usr/bin/crontab
/usr/bin/crontab
drwxrwxrwt
drwxrwxrwt bin
bin bin
bin ...
... /tmp
/tmp
ec vo
Notes:
oy si
The SUID bit is indicated by an S or s in the slot normally reserved for the execute
permission for owner (user). The SGID bit is indicated by an S or s in the slot normally
cl
reserved for the execute permission for group. The SVTX bit is indicated by a T or t in the
slot normally reserved for the execute permission for others. Since this slot must show if
execute is on/off and whether the additional permission bit is on/off, the uppercase S or T is
Ex
used to indicate that the execute permission is off. The lowercase s or t indicates the
execute permission is on.
Discussion of examples on visual
Three examples of files that use these additional permissions are shown on the visual:
pr
• The passwd command allows users to change their passwords even though
passwords are stored in a restricted area.
• The crontab command allows users to create a crontab file even though access to the
directory where crontab files reside is restricted for ordinary users.
• Permission bit settings for /tmp allow everyone to write to the directory, but only the
owner of a file can remove a file from the /tmp directory.
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Changing permissions
IBM Power Systems
4 2 1
SUID SGID SVTX
.I. n
owner group other
r w x r w x r w x
.T ció
4 2 1 4 2 1 4 2 1
.
C
# chmod 4 7 7 7 file1 SUID
.F a
# chmod 2 7 7 7 file1 SGID
C rm
# chmod 1 7 7 7 dir1 SVTX
OR
# chmod u+s file1 SUID
to fo
# chmod g+s file1 SGID
# chmod +t dir1 SVTX
ec vo
Notes:
oy si
To set the additional permission bits, you use the same command (chmod) as you do to
set the regular permission bits.
cl
command like: # chmod 777 file1. When you issue this command, the more complete
command would be: # chmod 0777 file1. The fourth number, a zero, is implied. This fourth
position determines whether the additional bits are turned on.
You normally use the numeric values of 4, 2, and 1 to set r, w, and x. That remains the
pr
same. To set the additional bits, you are affecting the x position in either the user, group, or
other area. If you assign numeric values to user (4), group (2), and other (1), these are the
values that you insert into the fourth position to set the additional bit:
• SUID is indicated in the user's area. Therefore use a 4 in the fourth position.
• SGID is indicated in the group area. Therefore use a 2 in the fourth position.
12-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty • SVTX is indicated in the others area. Therefore use a 1 in the fourth position.
Using the symbolic method to set the additional permission bits
You can also use the symbolic method to set the additional permission bits. The visual
shows how to set the values using the symbolic method.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
umask
IBM Power Systems
.I. n
• 022 calculation Files: 666 Directories: 777
umask: 022 umask: 022
.T ció
644 755
rw-r--r-- rwxr-xr-x
.
• A umask of 027 is recommended.
C
.F a
• 027 calculation Files: 666 Directories: 777
umask: 027 umask: 027
C rm
640 750
rw-r----- rwxr-x---
Notes:
oy si
Function of umask
u
The umask specifies what permission bits are set on a new file when it is created. It is
an octal number that specifies which of the permission bits are not set.
cl
directories would be created with permissions of 777. The system default umask is 022
(indicating removal of the 2 bit, or write from the group and others area). Therefore,
removing write from group and other, results in an initial permission for files of 644 and,
for directories, 755. Execute permission is never set initially on a file.
pr
12-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
The chgrp command:
.
## chgrp
chgrp staff
staff file1
C
file1
.F a
C rm
Changing both user and group ownership:
## chown
chown fred:staff
fred:staff file1
file1
to fo
-- OR
OR --
## chown
chown fred.staff
fred.staff file1
file1
ec vo
Notes:
oy si
As illustrated on the visual, the chown command can be used by root to change the
ownership on a file.
cl
file can change the group ownership to any group in their groupset. The root user can
change the group ownership to any group on the system.
Changing both ownership and group ownership
pr
The chown command can be used by root to set both the ownership, and group
ownership, of a file. As illustrated on the visual, this can be done two different ways.
12-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Identify the different types of users and what data they will
need to access.
.I. n
– Consider using enhanced RBAC roles to perform system
administration tasks (as opposed to using root).
.T ció
• Organize groups around the type of work that is to be done.
• Organize ownership of data to fit with the group structure.
.
C
• Set SVTX on shared directories.
.F a
• Security policy and implementation design should be formally
C rm
documented.
Security
Security
policy
policyand
and
to fo
setup
setup
ec vo
Notes:
oy si
Plan and organize your user and group administration. Every user does not need their
own group. Good planning up front reduces any reorganizing of users and groups later
cl
on.
Use of the sticky bit
Ex
Always protect your shared directories by setting the sticky bit. Then users will not
remove each other’s files accidentally, or intentionally.
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Topic summary
IBM Power Systems
.I. n
• Describe the role of RBAC
.T ció
• Understand and apply file permissions
– Including the role of the umask attribute
.
• Change file ownership and group assignment
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
12-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
security files
.T ció
• Add, list, change, and delete users and groups
• Set and change passwords
.
– Recover root password if lost or forgotten
C
.F a
• Identify files that hold user and group definitions
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
12-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
/etc/security/user
.T ció
chuser vi
.
• A single command can result in an update to several files.
C
.F a
mkuser, chuser, rmuser
C rm
/etc/security/passwd /etc/security/limits
/etc/passwd /etc/security/user
to fo
• Best practice: Avoid directly editing files.
• Use high level management commands (or SMIT).
ec vo
Notes:
oy si
While the user and group definitions are kept in flat ASCII files, the proper way to work with
these definitions is by executing high level commands or SMIT). Thus, the best way to
u
update user attributes in /etc/security/user is to use the mkuser and chuser commands. In
situations where these can’t be used (such as changing) default attributes, then you may
cl
violate the syntax of a file or value restrictions on the attributes, but you also might not
properly coordinate the multiple inter-related files.
The high level commands allow you to change a value without knowing in which file that
pr
attribute is stored, will ensure that the files are consistent, and that values are within the
proper ranges.
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
and /etc/security/user
.T ció
• usrck verifies the validity of a user definition:
– usrck {-l|-b|-n|-p|-t|-y} {ALL | username}
.
– Checks consistency between /etc/passwd, /etc/security/user,
C
.F a
/etc/security/limits, and /etc/security/passwd
– Reasonability checks on attribute values
C rm
– Option –l will identify problems that would block a user’s access
Notes:
oy si
The commands listed on the visual can be executed by root or any user in the security
group to clean up after a change to the user configuration. Because they run with root
cl
permissions, they give administrative users the ability to make necessary changes to
the /etc/security/passwd file in a controlled way, without knowing the root password.
Ex
erroneous attributes.
Options for pwdck, usrck, and grpck commands
All the options for pwdck, usrck, and grpck are as follows:
• -n Reports errors but does not fix them
12-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
• -l Scans all users or the users specified by the User parameter to determine if
.T ció
the users can access the system and if not - identify the cause of the problem
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
admin = false
login = true
.T ció
…
Attribute name umask = 022
…
.
root:
C
login = true
.F a
…
C rm
Syntax:
chsec –f filename -s stanza_name -a attribute_name=value
lssec –f filename -s stanza_name -a attribute_name
Example:
to fo
# lssec –f /etc/security/user -s default -a umask
default umask=22
# chsec –f /etc/security/user -s default -a umask=027
ec vo
Figure 12-18. chsec, lssec, and stanza format security files AN123.0
Notes:
oy si
Many security files are in a stanza format with the stanza name as a label followed by
multiple attributes, one line per attribute. It is common in stanza file to have a default
u
stanza, followed by override stanzas such as individual users or individual terminals. While
high level commands can be used with specific users, the only command that can be used
cl
format. To locate the attribute the command requires you to identify the filename, stanza
name, and attribute name.
pr
12-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty Here is a more complete example of /etc/security/user showing the default stanza and a
user stanza:
default:
admin = false
login = true
su = true
daemon = true
.I. n
rlogin = true
sugroups = ALL
.T ció
admgroups =
ttys = ALL
auth1 = SYSTEM
.
auth2 = NONE
C
.F a
tpath = nosak
umask = 000
C rm
expires = 0
SYSTEM = "compat"
logintimes =
pwdwarntime = 0
to fo
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
ec vo
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
oy si
minother = 0
minlen = 0
mindiff = 0
u
maxrepeats = 8
cl
dictionlist =
pwdchecks =
root:
Ex
admin = true
SYSTEM = "compat"
loginretries = 0
account_locked = false
pr
registry = files
admgroups =
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
– admin=true: Attribute in /etc/security/group stanza
• Default primary group of an admin user is “system” (guid 0).
.T ció
• UID and GID default values:
– Standard users and groups have high values ( > 200)
.
– Administrative users and groups have low values
C
.F a
• Only root can add, remove, or change an admin user or admin group.
C rm
root
administer
root
to fo
admin user or group
root or administer
security group standard user or group
ec vo
Notes:
oy si
The ability to perform certain system tasks (like creating users) depends upon the standard
AIX file permissions. Most system administration tasks can be performed by users other
cl
than root if those users are assigned to groups such as system, security, printq, cron,
adm, audit, or shutdown. In particular, a user in the security group can add, remove, or
change other users and groups.
Ex
root can add, remove, or change an admin user or admin group. Therefore, you can define
a user that has a high level of access, but is protected from users in the security group.
12-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
# smit security
.I. n
Security
Security && Users
Users
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.
C
Users
Users
.F a
Groups
Groups
Passwords
C rm
Passwords
Login
Login Controls
Controls
PKI
PKI
LDAP
LDAP
to fo
Role
Role Based
Based Access
Access Control
Control (RBAC)
(RBAC)
Trusted
Trusted Execution
Execution
ec vo
Notes:
oy si
The Security & Users menu is used to manage user and group IDs on the system. The
menu consists of the seven options described below.
cl
• Users
This option is used to add users to the system, delete existing users and change the
Ex
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Login Controls
This option provides functions to restrict access for a user account or on a particular
terminal.
• PKI
PKI stands for X.509 Public Key Infrastructure certificates. This option is used to
authenticate users using certificates and to associate certificates with processes as
.I. n
proof of a user's identity.
• LDAP
.T ció
LDAP stands for Light Directory Access Protocol. It provides a way to centrally
administer common configuration information for many platforms in a networked
.
environment. A common use of LDAP is the central administration of user
C
authentication. The SMIT option here allows us to configure this platform as either an
.F a
LDAP client or an LDAP server.
C rm
• Roles Based Access Control (RBAC)
This option sets up user roles. User roles allow root to give authority to an ordinary user
to perform a portion of root's functions.
• Trusted Execution
to fo
Trusted Execution (TE) refers to a collection of features that are used to verify the
integrity of the system and implement advanced security policies, which together can be
used to enhance the trust level of the complete system.
ec vo
oy si
u
cl
Ex
pr
12-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
SMIT users
IBM Power Systems
# smit users
.I. n
Users
Users
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.
C
Add
Add aa User
User
.F a
Change
Change aa User's
User's Password
Password
Change
Change // Show
Show Characteristics
Characteristics of
of aa User
C rm
User
Lock
Lock // Unlock
Unlock aa User's
User's Account
Account
Reset
Reset User's
User's Failed
Failed Login
Login Count
Count
Remove
Remove aa User
User
to fo
List
List All
All Users
Users
ec vo
Notes:
oy si
part of the user account. The password restrictions are part of this area.
• Lock/Unlock a User's Account: This is used to temporarily disable an account. It is a
Ex
good security practice to disable accounts if they are not expected to be used for a
reasonably long period of time, as when someone is on an extended leave of absence.
• Reset User's Failed Login Count: If the administrator has set a limit to the number of
failed attempts that can be made on an account before locking it, this resets that count.
pr
• Remove a User: Removes the user account, but not files owned by that user
• List all users: Runs the lsuser command
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Listing users
IBM Power Systems
.I. n
Example:
.T ció
## lsuser
lsuser -a
-a id
id home
home ALL
ALL
.
root
root id=0
id=0 home=/
home=/
C
daemon
daemon id=1
id=1 home=/etc
home=/etc
.F a
bin
bin id=2
id=2 home=/bin
home=/bin
C rm
sys
sys id=3
id=3 home=/usr/sys
home=/usr/sys
adm
adm id=4
id=4 home=/var/adm
home=/var/adm
uucp
uucp id=5
id=5 home=/usr/lib/uucp
home=/usr/lib/uucp
guest
guest id=100
id=100 home=/home/guest
to fo
home=/home/guest
alex
alex id=333
id=333 home=/home/alex
home=/home/alex
ec vo
Notes:
oy si
The lsuser command is used to list the attributes of all users (ALL) or individual users on
the system.
cl
are listed.
Commonly used lsuser flags
When the lsuser command is issued directly, the data may be listed in line format, in colon
pr
format (-c), or in stanza format (-f). Individual attributes or all attributes may be selected.
The output can also be generated for individual users.
Sources of information listed
The information reported by lsuser is gathered from the security files: /etc/passwd,
/etc/security/limits, and /etc/security/user.
12-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired changes.
Enter AFTER making all desired changes.
.T ció
[TOP]
[TOP] [Entry
[Entry Fields]
Fields]
** User
User NAME
NAME [alex]
[alex]
User
User ID ID [333]
[333] ##
.
ADMINISTRATIVE
ADMINISTRATIVE USER?
USER? false
false ++
C
Primary
Primary GROUP
GROUP []
[] ++
.F a
Group
Group SETSET []
[] ++
ADMINISTRATIVE
ADMINISTRATIVE GROUPS
GROUPS []
[] ++
C rm
ROLES
ROLES []
[] ++
Another
Another user
user can
can SU
SU TO
TO USER?
USER? true
true ++
SU
SU GROUPS
GROUPS [ALL]
[ALL] ++
HOME
HOME directory
directory []
[]
Initial
Initial PROGRAM []
to fo
PROGRAM []
.. .. ..
Notes:
oy si
The only value that must be specified, is the user name. Traditionally, this name was
restricted to eight characters in length. Beginning with AIX 5L V5.3, this limit can be
Ex
changed to allow names as long as 255 characters. The limit is modified in the
Change/Show Attributes of the Operating System panel (smit chsys).
Changing user characteristics
The Change/Show Characteristics of a User option, which runs the chuser command, allows
pr
any of the user characteristics listed previously, except the user name, to be changed. This
can only be executed by root or a member of the security group. Only root can change an
admin user. This SMIT screen holds exactly the same attributes as the Add a User screen.
The chuser command
The following command can be used to change characteristics of a user:
# chuser attribute=value username
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Assign a password
IBM Power Systems
.I. n
– If user forgets password, a new password can be set.
.T ció
– User is prompted to change password at first login.
root or security
## pwdadm
pwdadm <username>
<username> group
.
C
OR
OR
.F a
## passwd
passwd [username]
[username] root only
C rm
OR
OR
## smit
smit passwd
passwd root or security
group
to fo
• To avoid prompt to change password at first login:
## pwdadm
pwdadm –c–c <username>
<username>
ec vo
Notes:
oy si
(An asterisk (*) is in the password field of /etc/passwd.) To enable the ID, the passwd or
pwdadm command must be used to set up the initial password for the user.
cl
When passwords are entered, they are not displayed. When changing a password, the new
password is requested a second time for verification.
The ADMCHG flag
If root or a member of the security group sets the password for a user, the ADMCHG flag
pr
is set in the flags field in /etc/security/passwd. The user is then prompted to change the
password at the next login.
Recovering from a forgotten password
There is no way to examine an existing password on the system. The only way to recover
from a forgotten password, is for an administrator or root, to set a new one for the user.
12-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
password, and then they are asked twice for a new password. When root uses passwd to
set a user's password, passwd only prompts twice for the new password.
.T ció
Using the pwdadm command
Members of the security group, can use pwdadm to change the passwords of
.
non-administrative accounts. Members of the security group are first prompted to enter
C
their own password, and then prompted twice to enter the user's new password. The root
.F a
user is only prompted twice for the new password.
C rm
Users with ADMIN flag set
Only root can change the password for a user who has the ADMIN flag set in
/etc/security/passwd.
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Maintenance
Maintenance
.T ció
>>>
>>> 11 Access
Access aa Root
Root Volume
Volume Group
Group
22 Copy
Copy aa System
System Dump
Dump to
to Removable
Removable Media
Media
33 Access
Access Advanced Maintenance Functions
Advanced Maintenance
.
Functions
44 Erase
Erase Disks
Disks
C
.F a
3. Follow the options to activate the root volume group and obtain a shell.
C rm
4. Once a shell is available, execute the passwd command to change
root’s password.
5. Enter the following command:
to fo
# sync ; sync
6. Reboot the system.
ec vo
Notes:
oy si
If the root password is lost, just follow the steps as shown in the visual.
u
cl
Ex
pr
12-38 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
/etc/passwd file
IBM Power Systems
Format: name:password:UID:principleGID:Gecos:HomeDirectory:Shell
## cat
cat /etc/passwd
/etc/passwd
.I. n
root:!:0:0::/:/usr/bin/ksh
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
daemon:!:1:1::/etc:
.T ció
bin:!:2:2::/bin:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
sys:!:3:3::/usr/sys:
.
adm:!:4:4::/var/adm:
adm:!:4:4::/var/adm:
C
uucp:!:5:5::/usr/lib/uucp:
uucp:!:5:5::/usr/lib/uucp:
.F a
guest:!:100:100::/home/guest:
guest:!:100:100::/home/guest:
nobody:!:4294967294:4294967294::/:
nobody:!:4294967294:4294967294::/:
C rm
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
to fo
ted:*:205:1::/home/ted:/usr/bin/ksh
ted:*:205:1::/home/ted:/usr/bin/ksh ! = Passwd is set in
/etc/security/passwd
* = no password set
ec vo
Notes:
oy si
The /etc/passwd file lists the users on the system and some of their attributes. This file
must be readable by all users, because commands such as ls access it.
cl
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Directory: The login directory of the user and the initial value of the $HOME variable
• Login program: Specifies the initial program or shell that is executed, after a user
invokes the login command, or su command
Using index files for better login performance
In AIX, additional files can be created to be used as index files for the /etc/passwd,
/etc/security/passwd, and /etc/security/lastlog files. These index files provide for better
.I. n
performance during the login process. Use the mkpasswd -f command to create the
indexes. The command mkpasswd -c can be used to check the indexes, and rebuild any
.T ció
that look suspicious.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
12-40 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
/etc/security/passwd file
IBM Power Systems
## cat
cat /etc/security/passwd
/etc/security/passwd
root:
root:
.I. n
password
password == etNKvWlXX5EFk
etNKvWlXX5EFk
lastupdate
lastupdate = 1145381446
= 1145381446
.T ció
flags =
flags =
daemon:
daemon:
password
password == **
.
bin:
bin:
C
.F a
password
password == **
alex:
alex:
C rm
password
password == XAkhucsiyVwAA
XAkhucsiyVwAA
lastupdate
lastupdate = 1225381869
= 1225381869
flags =
flags =
tyrone:
tyrone:
to fo
password
password == RWWoFp5iuL.JI
RWWoFp5iuL.JI
lastupdate
lastupdate = 1225381903
= 1225381903
flags = ADMCHG,ADMIN,NOCHECK
flags = ADMCHG,ADMIN,NOCHECK
ec vo
Notes:
oy si
The /etc/security/passwd file contains the encrypted user passwords and can only be
cl
accessed by root. The login, passwd, pwdadm, and pwdck commands, which run
with root authority, update this file. This file is in stanza format with a stanza for each
user.
Ex
Index files
As previously mentioned, in AIX, additional files can be created to be used as index files
for /etc/security/passwd and some related files. These index files provide for better
pr
performance during the login process. These indexes are created using the mkpasswd
command.
Entries in /etc/security/passwd
Valid entries in /etc/security/passwd are:
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Password: Either the encrypted password asterisk (*) for invalid, or blank for no
password
• Lastupdate: The date and time of the last password update in seconds from 1 January
1970
• Flags:
- ADMCHG: The password was last changed by an administrator or root.
.I. n
- ADMIN: The user's password can only be changed by root.
.T ció
- NOCHECK: Password restrictions are not in force for this user.
See /etc/security/user for password restrictions.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
12-42 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
SMIT groups
IBM Power Systems
# smit groups
.I. n
Groups
Groups
.T ció
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.
C
List
List All
All Groups
Groups
.F a
Add
Add aa Group
Group
Change
Change // Show
Show Characteristics
Characteristics of
of aa Group
C rm
Group
Remove
Remove aa Group
to fo Group
ec vo
Notes:
oy si
Purpose of groups
u
The purpose of groups is to give a common set of users the ability to share files. The
access is controlled using the group set of permission bits.
cl
group members, can select a member of the group to be the group administrator. This
privilege allows the user to add and remove users from the group.
Predefined groups
pr
There are a number of predefined groups on AIX systems, like the system group
(which is root's group), and the staff group (which contains the ordinary users).
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Listing groups
IBM Power Systems
.I. n
Example:
.T ció
## lsgroup
lsgroup –f
–f -a
-a id
id users
users ALL
ALL
system:
system:
.
id=0
id=0
C
users=root,esaadmin,pconsole
users=root,esaadmin,pconsole
.F a
staff:
staff:
C rm
id=1
id=1
users=ipsec,ted,sshd,alex,local,tyrone,daemon
users=ipsec,ted,sshd,alex,local,tyrone,daemon
bin:
bin:
to fo
id=2
id=2
users=root,bin
users=root,bin
...
...
ec vo
Notes:
oy si
The lsgroup command is used to list all groups, or selected groups, on the system. The
data is presented in line format by default, in colon format (-c), or in stanza format (-f).
cl
The -f option displays the group attributes in stanza format with each stanza identified
by a group name.
pr
12-44 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Add
Add aa Group
.I. n
Group
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.T ció
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** Group
Group NAME
NAME [techies]
[techies]
.
ADMINISTRATIVE
ADMINISTRATIVE group?
group? false
false ++
C
Group ID [101] ##
.F a
Group ID [101]
USER
USER list
list [alex,tyrone]
[alex,tyrone] ++
ADMINISTRATOR
ADMINISTRATOR list
list []
[] ++
C rm
Projects
Projects []
[] ++
Initial
Initial Keystore
Keystore Mode
Mode []
[] ++
Keystore
Keystore Encryption
Encryption Algorithm
Algorithm []
[] ++
Keystore
Keystore Access
Access []
[] ++
to fo
# smit chgroup chgroup techies –a users=tyrone techies
ec vo
Notes:
oy si
The mkgroup command is the command used to create a new group. The group name,
traditionally, must be a unique string of eight or fewer characters. With AIX 5L V5.3 and
cl
later, the maximum name length can be modified to be as large as 255 characters.
Limit on group membership
Ex
group. Only the root user can add administrative groups to the system.
• ADMINISTRATOR list and USER list: In the SMIT screen shown on the visual,
ADMINISTRATOR list is a list of members from the USER list that are allowed to
change the characteristics of a group and add or remove members.
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Projects: Starting with AIX 5L V5.3, the SMIT Add a Group screen has a new field,
Projects, for tracking resource usage in the Advanced Accounting subsystem.
The following fields are related to Encrypted File Systems. This topic is outside the scope
of this class. Attend AN57 AIX Security, for training in this area.
• Initial Keystore Mode: The efs_initalks_mode of admin allows for root, or other
security privileged system users, to reset the user's key store password. Otherwise, if
the user forgets their key store password, they will not be able to access their Encrypted
.I. n
File System files. If the guard mode is selected, then root cannot reset the user's key
.T ció
store password.
• Keystore Encryption Algorithm: This option specifies the algorithm for the user's
key, within the key store. This key protects the encrypting key of files the user creates,
.
within the Encrypted File System.
C
.F a
• Keystore Access: The key store enables the user to utilize files in the Encrypted File
System. The selection of file will create a key store file associated with this user. It is
C rm
recommended that file is selected. Select none for no key store to be created. All other
EFS (efs_*) attributes will not have any effect.
The chgroup command
to fo
The chgroup command is used to change the characteristics of a group. It can only be
run by root or a member of the security group.
Group attributes
The group attributes that can be changed are the same as set with mkgroup.
ec vo
or the members of a group, for which the user running the command, is a group
administrator.
The chsh command
u
The chsh interactive command can be used by any user to change that user’s login
cl
shell.
The chfn command
Ex
The chfn interactive command can be used by any user to their GECOS information in
/etc/passwd.
pr
12-46 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Group files
IBM Power Systems
## cat
cat /etc/group
/etc/group
system:!:0:root,esaadmin,pconsole
system:!:0:root,esaadmin,pconsole
staff:!:1:ipsec,sshd,alex,tyrone,ted
staff:!:1:ipsec,sshd,alex,tyrone,ted
.I. n
bin:!:2:root,bin
bin:!:2:root,bin
sys:!:3:root,bin,sys
sys:!:3:root,bin,sys
.T ció
adm:!:4:bin,adm
adm:!:4:bin,adm
uucp:!:5:nuucp,uucp
uucp:!:5:nuucp,uucp
...
...
.
C
.F a
## cat
cat /etc/security/group
/etc/security/group
system:
system:
admin
admin == true
true
C rm
staff:
staff:
admin
admin == false
false
bin:
bin:
admin
admin == true
true
to fo
...
...
techies:
techies:
admin
admin == false
false
adms = alex
adms = alex
ec vo
Notes:
oy si
• Password: This field is not used in AIX and should contain an exclamation mark (!)
• ID: The group ID
Ex
• admin: Defines whether the group is an administrative group; values are true or false
• adms: A comma-separated list of the users who are administrators for the group
• If admin=true, this stanza is ignored because only root can change an administrative
group.
• projects: A list of project names to be associated with the group
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
## rmuser
rmuser –p
–p user01
user01
.T ció
• Use the rmgroup command or SMIT to delete a group from
.
the system.
C
.F a
## rmgroup
rmgroup finance
finance
C rm
to fo
ec vo
Notes:
oy si
The Remove a User from the System option in SMIT, or the rmuser command, can be
used to remove any user from the system. Only the root user may remove
cl
administrative users.
The -p option of rmuser
Ex
The user's home directory and associated files are not removed by this option. They
must be removed separately by the administrator. To do this, you can use the -r option
on the rm command to recursively remove files. Remember to back up any important
files before removing the user's home directory.
12-48 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
-r-xr-xr-x 1 207 system 26732 Feb 1 01:10 file54
• Home directory
.T ció
– Move needed files
– Remove home directory
.
C
# rm –R /home/user01
.F a
• Other files
C rm
– Use find to locate files
# find / -group <GID or groupname>
# find / -user <UID or username>
to fo
– Change user or group ownership
# chown
# chgrp
ec vo
Notes:
oy si
Removing a user or group does not remove the files owned by that user or group. The files
remain with the same UID and GID in the i-node as they had before.
u
The home directory files will be easy to locate, but that is not necessarily true for other files
cl
the owner. If you do not, then you will need to know the UID or GID number to find the
related files.
For each file you need to decide whether to backup and delete the file or to transfer
ownership to a different user or group.
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Topic summary
IBM Power Systems
.I. n
security files
.T ció
• Add, list, change, and delete users and groups
• Set and change passwords
.
– Recover root password if lost or forgotten
C
.F a
• Identify files that hold user and group definitions
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
12-50 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
.I. n
2. A binary executable with the SUID flag set is owned by
.T ció
user root. User michael executes the binary. The
executable runs under which user, root or michael?
.
C
.F a
3. A shared directory is created on the system. What flag
C rm
must be set to ensure only the owner of the files can
delete them?
to fo
4. Why is a umask of 027 recommended?
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
.I. n
.T ció
6. Which command can be used to change the default
attributes for users?
.
C
.F a
7. True or False: When you delete a user from the system, all
the user’s files and directories are also deleted.
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
12-52 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Security and user
administration: Part one
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Define the concepts of users and groups, and explain how
.T ció
and when these should be allocated on the system
• Describe ways of controlling root access on the system
.
C
• Explain the uses of SUID, SGID, and SVTX permission bits
.F a
• Administer user accounts and groups
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
12-54 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Execute various user management tasks
C
.F a
• Explain basic concepts of RBAC
• Assign and use RBAC roles
C rm
How you will check your progress
• Checkpoint questions
to fo
• Machine exercises
References
ec vo
Configuration (Redbook)
SG24-7559 AIX Version 7.1 Differences Guide (Redbook)
u
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Explain basic concepts of RBAC
.T ció
• Assign and use RBAC roles
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
13-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Customize login and password prompt behavior
.T ció
• Use security logs
• Customize the default user setup
.
• Manage user access issues
C
.F a
• Establish user password restrictions
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
13-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
/etc/passwd
User verification check /etc/security/passwd
.T ció
no
Login failed Valid?
.
yes
Log entry in:
C
Update security logs /var/adm/wtmp
.F a
/etc/security/failedlogin /etc/utmp
C rm
/etc/environment
Set up the environment. /etc/security/limits
/etc/security/user
to fo
Display /etc/motd
/etc/profile
Enter login shell $HOME/.profile
ec vo
Notes:
oy si
Introduction
u
When a user attempts to log in, AIX checks a number of files to determine if entry is
permitted to the system and, if permitted, what parts of the system the user can access.
cl
This section provides an overview of the checks performed during the login process.
The getty process
Ex
Ports set up for login are listed in the /etc/inittab. When init runs, a getty process is
started for each port in the list providing a login prompt on the terminal attached to that
port. The actual message displayed, also known as the herald, by the getty process is
defined in /etc/security/login.cfg. Once the message is displayed, the getty process
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
an entry is made in the file /etc/security/failedlogin. Use the command who
/etc/security/failedlogin to view this file. The number of failed attempts is also tracked
.T ció
(by user account) in /etc/security/lastlog. The login prompt is redisplayed for another
attempt. It is possible to set the characteristics for a user to prevent unlimited attempts
on an account. If the number of attempts exceeds the maximum allowable failed
.
attempts, the account is locked. If a user successfully enters the user name and
C
password, the usw stanza in /etc/security/login.cfg is checked. This stanza sets the
.F a
maximum number of concurrent logins for a user account. If that number is exceeded,
the login is denied and a message is displayed to the user.
C rm
Setup of user's environment
If everything is successful to this point, then the user's environment is set using
/etc/environment, /etc/security/environ, /etc/security/limits, and /etc/security/user.
to fo
The login program sets the current directory to the user's HOME directory and displays
the content of /etc/motd (if no .hushlogin file is found in the HOME directory), the date
of the last successful login, and the number of unsuccessful login attempts since the
last successful login.
ec vo
shells.
Results of a user logging out
u
When a user logs out, the shell terminates and a new getty process is spawned for that
cl
port.
Ex
pr
13-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
-a herald=“Authorized use only. \n\rlogin:”
.T ció
• Change the password prompt:
.
# chsec –f /etc/security/login.cfg –s default \
C
-a pwdprompt=“\n\rAuthentication required: ”
.F a
C rm
• Change max time to complete login after prompt:
# chsec –f /etc/security/login.cfg –s usw \
-a logintimeout=30
to fo
• See login.cfg man page for other login attributes.
ec vo
Notes:
oy si
that make it clear that only authorized persons should be logging into the system. This and
other login related attributes are defined in /etc/security/login.cfg. You can also customize
cl
the login prompt. The only line command that will modify this file is chsec.
Some facilities make it practice of tightening up how long a login prompt can be
Ex
prompts for a login name. This value is a string that is written out to the login port. If the
herald is not specified, then the default herald is obtained from the message catalog
associated with the language set in /etc/environment.
• logintimes: This attribute defines the times a user can use this port to login.
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• logindisable: This attribute defines the number of unsuccessful login attempts before
this port is locked. Use this in conjunction with logininterval.
• logininterval: This attribute defines the number of seconds during which logindisable
unsuccessful attempts must occur before a port is locked.
• loginreenable: This attribute defines the number of minutes after a port is locked, that it
automatically unlocked.
.I. n
• logindelay: This attribute defines the delay in seconds between unsuccessful login
attempts. This delay is multiplied by the number of unsuccessful logins. Therefore, if the
.T ció
value is two, then the delay between unsuccessful logins is two seconds, then four
seconds, then six seconds, and so forth.
Other security attributes (usw stanza):
.
C
• shells: The list of valid login shells for a user; chuser and chsh will only change a user's
.F a
login shell to one of the shells listed here.
C rm
• maxlogins: This attribute defines the maximum number of simultaneous logins allowed
on the system.
• logintimeout: This attribute defines the number of seconds the user is given to enter
their password.
to fo
• auth_type: This attribute determines whether PAM or the standard UNIX authentication
mechanism will be used by PAM-aware applications. Valid values: STD_AUTH,
PAM_AUTH
ec vo
• The chsec command: Changes to the /etc/security/login.cfg file can be done by the
command chsec:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt="Password:"
oy si
13-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Security logs
IBM Power Systems
.I. n
.T ció
/var/adm/wtmp Log of successful logins
.
C
.F a
/etc/utmp List of users currently
C rm
to fo logged in
Notes:
oy si
The sulog file is an ASCII text file that can be viewed with more or pg. In the file, the
following information is recorded: date, time, terminal name, and login name. The file
cl
also records whether the login attempt was successful, and indicates a success by a
plus sign (+) and a failed login by a minus sign (-).
Ex
examines the /etc/utmp file, but you can specify either one of the files just mentioned
as an argument to the command.
The last command
The last command can also be used to display, in reverse chronological order, all
previous logins and logoffs still recorded in the /var/adm/wtmp file. The
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
/var/adm/wtmp file collects login and logout records as these events occur, and holds
them until the records are processed by the accounting commands.
For example:
# last root displays all the recorded logins and logoffs by the user root.
# last reboot displays the time between reboots of the system.
The utmpd daemon
.I. n
AIX 5L V5.2 introduced a new daemon called utmpd to manage the entries in the
.T ció
/etc/utmp file. This daemon monitors the validity of the user process entries at regular
intervals. The default interval time would be 300 seconds. The syntax of the command
is:
.
/usr/sbin/utmpd [ Interval ]
C
.F a
To start utmpd from the /etc/inittab, add the following entry to the file:
C rm
utmpd:2:respawn:/usr/sbin/utmpd
The failedlogin file
The /etc/security/failedlogin file maintains a record of unsuccessful login attempts.
The file can be displayed using the who command with the file as an argument.
to fo
ec vo
oy si
u
cl
Ex
pr
13-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
LOGIN
.I. n
Establishes base environment
/etc/environment sets PATH, TZ, LANG, and
.T ció
NLSPATH
.
Shell script run at all logins
C
/etc/profile sets TERM, MAILMSG, and
.F a
MAIL
C rm
User's personal file to
$HOME/.profile customize their environment
PATH, ENV, PS1
to fo
User's personal file to customize
$HOME/.kshrc the Korn shell environment
set –o vi, alias
ec vo
Notes:
oy si
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
/etc/security/mkuser.default
mkuser /etc/passwd
.I. n
user:
pgrp = staff
.T ció
groups = staff
shell = /usr/bin/ksh
home = /home/$USER mkuser.sys
.
…. • shell script
C
.F a
• Build home directory
/etc/security/.profile
C rm
• Copies default .profile to home directory
• Set permissions and ownerships
to fo
ec vo
Notes:
oy si
Rather than require each user to learn how to setup their own .profile customization, many
system admins define how the user environments should be initially setup. Less common,
u
but possible, is changing the defaults of the /etc/passwd fields for new users
cl
The /etc/passwd fields are determined by the stanza oriented mkuser.default file. It has a
stanza for ordinary users and another stanza for administrative users.
Ex
The mkuser command invokes the mkuser.sys shell script. This provided script will build
the user’s home directory, copy the /etc/security/.profile to the home directory, and then
set appropriate ownership and permissions on the home directory and it’s contents. After
making a copy of the original script, it can be modified to create additional files in the user’s
pr
home directory. For example, you might want to create a .kshrc file.
Resources involved in user creation process
The following resources are involved in the user creation process:
• Default ID numbers stored in /etc/security/.ids
• The /usr/lib/security/mkuser.sys shell script used to set up a user ID.
13-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
The /usr/lib/security/mkuser.default file contains the defaults for the mkuser command.
This file can only be edited by the root user. This file contains the following information:
.T ció
user:
pgrp = staff
groups = staff
.
shell = /usr/bin/ksh
C
.F a
home = /home/$USER
admin:
C rm
pgrp = system
groups = system
shell = /usr/bin/ksh
home = /home/$USER
to fo
The user stanza of this file is picked up if an ordinary user is being added, and the admin
stanza is picked up, if an administrative user is being added.
The /etc/security/.ids file
ec vo
If the user ID is not specified, then a default ID number is chosen from the
/etc/security/.ids file. Administrative users are given IDs starting from six, and normal
users are given IDs starting from 200.
oy si
This creates the user's home directory and creates the .profile file. This shell script can be
modified to perform any function that is required when setting up the user.
cl
fields may be left empty with no ill effect. For the complete list, refer to SMIT (fastpath smit
mkuser).
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• The file /etc/motd contains text that is displayed every time after a
user successfully logs in, prior to the shell prompt.
• This file should only contain information necessary for the users to see.
.I. n
• Existence of a $HOME/.hushlogin file blocks MOTD display.
.T ció
.
******************************************************************
******************************************************************
C
** **
.F a
** AIX
AIX Version
Version 7.1
7.1 TL
TL 01
01 **
** Education
Education AIX AN12 Build version
AIX AN12 Build version 318
318 **
C rm
** **
** The system will be down for maintenance from Saturday 23:00
The system will be down for maintenance from Saturday 23:00 **
** until
until Sunday
Sunday 22:00
22:00 **
******************************************************************
******************************************************************
to fo
nimmaster:/
nimmaster:/
ec vo
Notes:
oy si
The message of the day (motd) is a convenient way to communicate information, such as
installed software version numbers or current system news, to all users. The message of
cl
the day is contained in the /etc/motd file. To change the message of the day, simply edit
this file.
Ex
pr
13-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
• Locked account:
# chuser –a account_locked=false user_name
# chsec –f /etc/security/user –s username \
.
–a account_locked=false
C
.F a
• Exceeded password retry limit:
C rm
# chsec –f /etc/security/lastlog -s user_name \
-a unsuccessful_login_count=0
Notes:
oy si
In /etc/security/lastlog:
u
In /etc/security/user:
• account_locked: This attribute defines whether the account is locked. Locked
accounts cannot be used for login or su. Possible values: true or false
• loginretries: This attribute defines the number of invalid login attempts before a user is
not allowed to login. Possible values: a positive integer or 0 to disable this feature
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
– Update default stanza with chsec
.T ció
• Force periodic change of passwords
– maxage: Password MAX. AGE
.
– pwdwarntime: Days to WARN USER before password expires
C
.F a
• Prevent reuse of previous passwords
C rm
– histexpire: WEEKS before password reuse
– histsize: NUMBER OF PASSWORDS before reuse
to fo
• Discourage repeating characters
– maxrepeats: Password MAX. REPEATED characters
ec vo
Notes:
oy si
Security is only as good as the passwords being used. The /etc/security/user files has
many attributes that assist you in enforcing best practices as regards password
u
management. While it is possible to set these on a user by user basis with chuser or SMIT,
you will likely want to set default values using the chsec command. The descriptions in the
cl
visual provide first the attribute name and then the SMIT field name. This convention is also
used on the following visuals.
Ex
• maxage: This attribute defines the maximum number of weeks a password is valid. The
default is 0, which is equivalent to unlimited. Possible values: 0 to 52
• pwdwarntime: This attribute defines the number of days before a forced password
pr
change warning informs the user of the impending password change. Possible values:
a positive integer or 0 to disable this feature
• histexpire: This attribute defines the period of time in weeks that a user will not be able
to reuse a password. Possible values: an integer value between 0 and 260. 26
(approximately 6 months) is the recommended value
13-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty • histsize: This attribute defines the number of previous passwords which cannot be
reused. Possible values: an integer between 0 and 50
• minage: This attribute defines the minimum number of weeks between password
changes. The default is 0. Possible values: 0 to 52
• maxexpired: This attribute defines the maximum number of weeks after maxage that
an expired password can be changed by a user. The default is -1, which is equivalent to
unlimited. Possible values: -1 to 52. maxage must be greater than 0 for maxexpired to
.I. n
be enforced (root is exempt from maxexpired)
.T ció
• maxrepeats: This attribute defines the maximum number of times a given character
can appear in a password. The default is 8, which is equivalent to unlimited. Possible
values: 0 to 8
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
prohibited passwords
– Sample dictionary:
.T ció
/etc/security/aixpert/dictionary/English
.
• Special dictionary entries:
C
.F a
$USER
C rm
• Block use of the users login name as any part of a password
*<regular_expression>
• Block use of any password that matches the regular expression
to fo
• Must be preceded with the asterisk (*) character
• For example, to block passwords ending in 123:
*.*123$
ec vo
Notes:
oy si
The dictionlist user attribute defines the password dictionaries used when checking new
passwords. The format is a comma separated list of absolute path names to dictionary
u
files. A dictionary file contains one word per line where each word has no leading or trailing
white space. Words should only contain 7 bit ASCII characters. All dictionary files and
cl
directories should be write protected from everyone except root. The default is valueless
which is equivalent to no dictionary checking.
Ex
A sample dictionary list is provided and there are other variations available from other
sources.
AIX 7.1 introduced two enhancements to the dictionlist capability. One is the recognition of
pr
a $USER entry. This will result in the rejection of not only a password which is the same as
the username, but of any password that has the username as a subset. The other
enhancement is the ability to pattern match passwords using regular expressions; this
provides a powerful method for identifying many passwords as easily guessed without
having to enumerating every possible variation. The regular expression must be proceeded
with an * (asterisk, splat) in the first column.
13-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
minalpha minother
minloweralpha minupperalpha mindigit minspecialcharacter
.T ció
• Subset minimums cannot exceed superset minimums.
.
C
.F a
• Default encryption only supports the first eight characters.
C rm
– See course AN57 on configuring for long passwords.
Notes:
oy si
Not only can a minimum number of characters be required in a password, but you can
requires a mixture of different types of characters, The major subset minimums are
u
minalpha (alphabetic) and minother (non-alphabetic). they can not total more than minlen.
cl
AIX 7.1 induced the ability to be even more specific about the type characters. You can
now distinguish between upper and lower case alphabetic characters. You can also
distinguish between numbers and other non-alphabetic characters
Ex
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Note that the minimum length of a password is determined by minlen and/or “minalpha
+ minother”, whichever is greater. “minalpha + minother” should never be greater than
8. If “minalpha + minother” is greater than 8, then minother is reduced to “8 - minalpha”.
• minloweralpha: This attribute defines the minimum number of lower case alphabetic
characters that must be in a new password. The value is a decimal integer string. The
default is a value of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.
• minupperalpha: This attribute defines the minimum number of upper case alphabetic
.I. n
characters that must be in a new password. The value is a decimal integer string. The
.T ció
default is a value of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.
• mindigit: This attribute defines the minimum number of digits that must be in a new
password. The value is a decimal integer string. The default is a value of 0, indicating
.
no minimum number. Range: 0 to PW_PASSLEN.
C
.F a
• minspecialchar: This attribute defines the minimum number of special characters that
must be in a new password. The value is a decimal integer string. The default is a value
C rm
of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.
to fo
ec vo
oy si
u
cl
Ex
pr
13-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Topic summary
IBM Power Systems
.I. n
• Customize login and password prompt behavior
.T ció
• Use security logs
• Customize the default user setup
.
• Manage user access issues
C
.F a
• Establish user password restrictions
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
13-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Identify the AIX predefined roles and assign one to a user
.T ció
• As a user: List roles, activate, and de-activate a role
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
13-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
RBAC overview
IBM Power Systems
.I. n
1
.T ció
Roles
.
Authorizations
C
Manage Devices
.F a
Create 2
System WPARs
Operating System Administration
C rm
Users
Notes:
oy si
There are over 250 built in pre-defined authorizations, such as manage devices, create
WPARs, and perform OS administration. To view all authorizations, type: # lsrole ALL.
u
Authorizations are assigned to commands and files which are considered privileged. By
cl
privileged, we mean that we want to allow them to bypass traditional access controls.
These authorizations are then assigned to roles which, in turn, are assigned to users.
Users can then switch roles to perform the necessary administrative actions.
Ex
Custom user-defined authorizations and roles can also be created. However, this requires
the kernel security tables to be updated. To do this, execute the setkst command.
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
## lsrole
lsrole -c
-c -a
-a dfltmsg
dfltmsg ALL
ALL |grep
|grep -v
-v "#name"|grep
"#name"|grep ":"
":"
AccountAdmin:User and Group Account Administration
AccountAdmin:User and Group Account Administration
BackupRestore:Backup
BackupRestore:Backup and
and Restore
Restore Administration
Administration
.I. n
DomainAdmin:Remote Domain Administration
DomainAdmin:Remote Domain Administration
FSAdmin:File
FSAdmin:File System
System Administration
Administration
.T ció
SecPolicy:Security
SecPolicy:Security Policy Administration
Policy Administration
SysBoot:System
SysBoot:System Boot
Boot Administration
Administration
SysConfig:System
SysConfig:System Configuration
Configuration Administration
Administration
Roles
.
isso:Information
isso:Information System Security
System Security Officer
Officer
C
sa:System
sa:System Administrator
Administrator
.F a
so:System Operator
so:System Operator
C rm
## lsauth
lsauth -f
-f ALL
ALL |grep
|grep dfltmsg
dfltmsg |sed
|sed 's:dfltmsg=::g'
's:dfltmsg=::g'
Operating System Administration
Operating System Administration
Device
Device Administration
Administration
Configure
Configure Devices
Devices
Configure
Configure MPIO Devices
MPIO
to fo
Devices
Configure
Configure Printers
Printers Authorizations
Configure
Configure the
the Random
Random Device
Device
…….removed
…….removed for
for clarify
clarify ……
ec vo
Notes:
oy si
There are, by default, 10 predefined system roles and 254 authorizations. They can be
listed with the lsrole and lsauth commands respectively.
u
13-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
• Network daemon management
• Device allocation
.T ció
so - System operator
The SO role provides the functionality for day to day operations and is responsible for:
.
• System shutdown and reboot
C
.F a
• File system backup, restore, and quotas
C rm
• System error logging, trace, and statistics
• Workload administration
AccountAdmin - User and group account administrator
to fo
The AccountAdmin role provides the functionality for users and group definitions and is
responsible for:
• Define, modify, and remove users
ec vo
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• System Configuration
.T ció
SysBoot - System boot administrator
The SysBoot role provides the functionality for system shutdown and booting through the
.
facilities for:
C
• halt, shutdown, and reboot
.F a
SysConfig - System configuration
C rm
The SysConfig role provides the functionality for system configuration and is responsible
for such components as:
• inittab
to fo
• System console
• Kernel extensions
• uname
ec vo
• Resource sets
• Date and time zone
• Software license management
oy si
• Performance tunables
u
• Diagnostics
cl
Ex
pr
13-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
## lsattr
lsattr -El
-El sys0
sys0 || grep
grep RBAC
RBAC
.T ció
enhanced_RBAC
enhanced_RBAC true
true Enhanced
Enhanced RBAC
RBAC Mode
Mode
.
users.
C
.F a
3. Assign AIX predefined roles to the relevant users.
C rm
• Using chuser command
4. User would then switch to the role and perform the necessary
to fo
operations.
• To switch roles, use swrole command
ec vo
Notes:
oy si
A key part in implementing RBAC, is planning. Start by making a note of all the
administration tasks which may need to be performed, then allocate them to roles, and
u
RBAC is enabled by default in AIX starting with version 6.1), and can be checked with the
lsattr command as shown on the visual.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
RBAC example (1 of 2)
IBM Power Systems
.I. n
– First, find the predefined role.
.T ció
## lsrole
lsrole -f-f -a
-a authorizations
authorizations dfltmsg
dfltmsg ALL
ALL |grep
|grep -p
-p dfltmsg
dfltmsg || \\
grep
grep -p
-p shutdown
shutdown
SysBoot:
SysBoot:
.
authorizations=aix.system.boot.halt,aix.system.boot.info,aix.syst
authorizations=aix.system.boot.halt,aix.system.boot.info,aix.syst
em.boot.reboot,aix.system.boot.shutdown
em.boot.reboot,aix.system.boot.shutdown
C
.F a
dfltmsg=System
dfltmsg=System Boot
Boot Administration
Administration
C rm
– Add the ‘SysBoot’ role to user alex.
## chuser
chuser roles=SysBoot
roles=SysBoot alex
alex Confirm the
SysBoot role has
been allocated to
to fo
## rolelist
rolelist -u
-u alex
alex user alex.
SysBoot
SysBoot System
System Boot
Boot Administration
Administration
ec vo
Notes:
oy si
The visual demonstrates how to provide a user with the capability to start, stop, and reboot
the system.
u
If you are not sure if the system authorization, aix.system.boot.shutdown, contains the
cl
shutdown command, then the RBAC privileged command file can be checked (stored in
/etc/security), as follows:
Ex
accessauths = aix.system.boot.shutdown
13-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
RBAC example (2 of 2)
IBM Power Systems
.I. n
SysBoot
SysBoot System
System Boot
Boot Administration
Administration roles
alex
alex $$ rolelist
rolelist -e
-e
.T ció
rolelist: Lists the active
rolelist: There is no
There is no active
active role
role set
set roles
alex
alex $$ rolelist
rolelist -a
-a
SysBoot aix.system.boot.create
.
SysBoot aix.system.boot.create
aix.system.boot.halt
C
aix.system.boot.halt Lists the assigned
.F a
aix.system.boot.info
aix.system.boot.info authorizations
aix.system.boot.reboot
aix.system.boot.reboot
C rm
aix.system.boot.shutdown
aix.system.boot.shutdown
alex Switch to role
alex $$ swrole
swrole SysBoot
SysBoot
SysBoot
alex
alex $$ alex's
alex's Password:
Password:
SysBoot role is
alex
alex $$ rolelist -e
to fo
rolelist -e now active
SysBoot
SysBoot System
System Boot
Boot Administration
Administration
alex
alex $$ shutdown
shutdown –Fr
–Fr Perform a system
reboot.
ec vo
Notes:
oy si
The rolelist command provides role and authorization information to the invoker, about
their current roles, or the roles assigned to them.
u
The swrole command creates a new role session, spawned in a sub shell, with the roles
cl
that are specified by the role parameter (in this example, SysBoot). To exit the new role sub
shell, type:
Ex
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Topic summary
IBM Power Systems
.I. n
• Identify the AIX predefined roles and assign it to a user
.T ció
• As a user: List roles, activate, and de-activate a role
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
13-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
.I. n
.T ció
2. True or False: An asterisk (mary:*:) in the second field of the
/etc/passwd file means there is a valid password set in the shadow
password file for user mary.
.
C
.F a
3. Password restrictions are set in which of the following files?
C rm
a. /etc/passwd
b. /etc/security/passwd
c. /etc/security/restrictions
to fo
d. /etc/security/user
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
.I. n
.T ció
5. True or False: Once a user is assigned a role, the user
immediately can use the related authorizations.
.
C
.F a
6. What is the command that will list your assigned roles?
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
13-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Security and user
administration: Part two
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
Having completed this unit, you should be able to:
• Execute various user management tasks
.T ció
• Explain basic concepts of RBAC
.
• Assign and use RBAC roles
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
13-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
• Explain the role of the cron daemon
.
• Use crontab files to schedule jobs on a periodic basis
C
.F a
• Use the at command to schedule a job or series of jobs at some
time in the future
C rm
• Use the batch command to schedule jobs in a queue in order to
alleviate immediate system demand
• Explain and set the system time
to fo
• Describe and set the time zone variable
• Configure basic NTP clients
ec vo
• Machine exercise
u
References
cl
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Use crontab files to schedule jobs on a periodic basis
.T ció
• Use the at command to schedule a job or series of jobs at
some time in the future
.
• Use the batch command to schedule jobs in a queue in
C
.F a
order to alleviate immediate system demand
• Explain and set the system time
C rm
• Describe and set the time zone variable
• Configure basic NTP clients
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
14-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• Starts:
.T ció
– crontab command events
(regularly scheduled jobs)
.
C
.F a
– at command events
(one time only execution at specified time)
C rm
– batch command events
(run when CPU load is low)
to fo
ec vo
Notes:
oy si
The system process that enables batch jobs to be executed on a timed basis, is the
cron daemon. Many people rely on cron to execute jobs. Jobs are submitted to the
cl
• crontab files are used to execute jobs periodically - hourly, daily, weekly.
Starting of cron
The cron process is usually started at system startup by /etc/inittab. It runs constantly
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
before retrying to execute a process. This file is empty as shipped, but can be modified
to change how the cron daemon handles each event type.
For example, by default, crontab events are inspected every 60 seconds, run at a nice
value of 2 higher than the default, and there may be up to 100 executing
simultaneously.
This may be changed by modifying the /var/adm/cron/queuedefs file.
.I. n
For example, if crontab jobs were to run at a nice value of 10 higher than the default,
with files inspected every two minutes, and with up to 200 jobs allowed, then the
.T ció
following entry should be made to the file:
c.200j10n120w
.
| | | |
C
| | | wait period (in seconds)
.F a
| | |
| | nice value
C rm
| |
| jobs
|
cron
to fo
ec vo
oy si
u
cl
Ex
pr
14-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
crontab files
IBM Power Systems
.I. n
• Schedule is defined in:
.T ció
/var/spool/cron/crontabs/$USER
.
• Files to control crontab privileges of users:
C
.F a
– /var/adm/cron/cron.deny lists users who cannot use crontab
C rm
– /var/adm/cron/cron.allow lists users who can use crontab
Notes:
oy si
Scheduling a job
The cron daemon starts processes at specified times. It can be used to run regularly
u
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Format of entries:
– minute hour date-of-month month day-of-week command
.I. n
• To view current crontab:
.T ció
– # crontab -l
.
...
...
C
#0
#0 33 ** ** ** /usr/sbin/skulker
/usr/sbin/skulker
.F a
#45
#45 2 * * 0 /usr/lib/spell/compress
2 * * 0 /usr/lib/spell/compress
#45
#45 23 * * * ulimit
23 * * * ulimit 5000;
5000; /usr/lib/smdemon.cleanu
/usr/lib/smdemon.cleanu >> /dev/null
C rm
/dev/null
00 11 * * * /usr/bin/errclear -d
11 * * * /usr/bin/errclear -d S,O 30 S,O 30
00 12
12 ** ** ** /usr/bin/errclear
/usr/bin/errclear -d
-d HH 90
90
00 15
15 * * * /usr/lib/ras/dumpcheck >/dev/null
* * * /usr/lib/ras/dumpcheck >/dev/null 2>&1
2>&1
to fo
0,30,45
0,30,45 * * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null
* * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null
...
...
ec vo
Notes:
oy si
Each user can view their crontab file by using the command crontab -l.
The user’s crontab file contains the schedule of jobs to be run on behalf of that user.
cl
There is a separate crontab file for each user of the crontab facility. This file is located
in /var/spool/cron/crontab/$USER.
Ex
hour (0-23)
date of the month (1-31)
month of the year (1-12)
day of the week (0-6, where 0=Sunday, 1=Monday, and so forth)
command
14-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty Fields are separated by spaces or tabs. To indicate a field is always true, use an
asterisk (*). To indicate multiple values in a field, use a comma (,). A range can also be
specified by using a hyphen (-).
Examples of crontab entries
Here are some examples of crontab entries:
• To start the backup command at midnight, Monday through Friday:
.I. n
0 0 * * 1-5 /usr/sbin/backup -0 -u -q -f /dev/rmt0
.T ció
• To execute a command called script1 every 15 minutes between 8 a.m. and 5 p.m.,
Monday through Friday:
0,15,30,45 8-17 * * 1-5 /home/team01/script1
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
• A safer method:
.
C
## crontab
crontab -l
-l >> /tmp/crontmp
/tmp/crontmp
.F a
## vi
vi /tmp/crontmp
/tmp/crontmp
C rm
## crontab
crontab /tmp/crontmp
/tmp/crontmp
to fo
ec vo
Notes:
oy si
To schedule a job, you must create a crontab file. The cron daemon keeps the
crontab files in memory, so you cannot update the crontab entries by just modifying
cl
To edit the crontab file, one method is to use crontab -e. This opens your crontab file
with the editor set with the EDITOR variable. Edit the file as you normally would any file.
When the file is saved, the cron daemon is automatically refreshed.
Another method of updating your crontab file
pr
The crontab -l command always shows the crontab file that cron is using on your
behalf. Another method to update the file is to use the command crontab -l >
mycronfile. This command creates a copy of the current crontab file and enables you
to safely edit the mycronfile file without affecting the current crontab file. To submit
your changes, use the command: crontab mycronfile. The content of the mycronfile
14-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty file replaces the content of your file in the crontab directory, and refreshes the cron
daemon, all at once. Now, you also have a backup of the crontab file in mycronfile.
Removing your crontab file
Use the command crontab -r if you would like to remove your current crontab file.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
## at
at 55 pm
pm Friday
Friday
banner
banner hello
hello >> /dev/pts/0
/dev/pts/0
.T ció
<ctrl-d>
<ctrl-d>
job
job user.time.a
user.time.a will
will be
be run
run at
at date
date
.
## for
for hosts
hosts in
in lpar50
lpar50 lpar51
lpar51 lpar52
C
lpar52
.F a
do
do
rsh
rsh $host
$host "echo
"echo '<<EOF
'<<EOF nohup
nohup shutdown
shutdown -Fr'
-Fr' || at
at now
now ""
C rm
done
done
Notes:
oy si
The at command submits a job for cron to run once, rather than on a recurring basis, at
a specified time. It reads the commands to execute from standard input. The at
cl
command mails you all output from standard output and standard error for the
scheduled commands, unless you redirect that output.
Ex
Examples of keywords or parameters that can be used with at are: noon, midnight, am,
pm, A for am, P for pm, N for noon, M for midnight, today, tomorrow.
The time can be specified as an absolute time or date (for example, 5 pm Friday), or
relative to now (for example, now + 1 minute).
pr
The Bourne shell is used by default to process the commands. If -c is specified the C
shell is run, and if -k is specified the Korn shell is run. If you specify the -m option, at
sends you mail to say that the job is complete.
Controlling use of at
The at command can only be used by root unless one of the following files exists:
14-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty /var/adm/cron/at.deny
If this file exists, anybody can use at, except those listed in it. An empty at.deny file
exists by default. Therefore, all users can use at by default.
/var/adm/cron/at.allow
If this file exists, only users listed in it can use at (root included).
Use of the batch command
.I. n
The batch command submits a job to be run when the processor load is sufficiently low.
.T ció
Like the at command, the batch command reads the commands to be run from
standard input and mails you all output from standard output and standard error for the
scheduled commands, unless you redirect that output.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Controlling at jobs
IBM Power Systems
• To list at jobs:
at -l [user]
atq [user]
.I. n
## at
at –l
–l
.T ció
root.1118077769.a
root.1118077769.a Mon
Mon Jun
Jun 66 10:09:29
10:09:29 2007
2007
root.1118078393.a
root.1118078393.a Mon
Mon Jun 6 10:19:53 2007
Jun 6 10:19:53 2007
test2.1118079063.a
test2.1118079063.a Mon
Mon Jun
Jun 66 10:31:03
10:31:03 2007
2007
.
C
• To cancel an at job:
.F a
at -r job
C rm
atrm [job | user]
## at
at -r
-r test2.1118079063.a
test2.1118079063.a
at
at file: test2.1118079063.a
file: test2.1118079063.a deleted
deleted
to fo
• To cancel all your at jobs:
atrm -
ec vo
Notes:
oy si
Listing at jobs
u
To list at jobs use the at -l command or the atq command. The root user can look at
another user's at jobs by using the command atq <user>.
cl
Removing at jobs
To cancel an at job, use at -r or atrm followed by the job number. Use the command
Ex
atrm - and place nothing after the hyphen (-), to cancel all of your jobs. The root user
can cancel all jobs for another user, using atrm <user>.
pr
14-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Documenting scheduling
IBM Power Systems
.I. n
.T ció
Scheduling Records
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
Overview
u
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
System clock
IBM Power Systems
.I. n
1368877237
1368877237
.T ció
– The UNIX epoch is the time 00:00:00 UTC, 1 January 1970.
• For human comprehension, system time is converted into a
calendar time string.
.
## date
date
C
Sat
Sat May
May 18
18 13:40:37
13:40:37 CEDT
CEDT 2013
.F a
2013
C rm
• Conversions can also deal with adjustments for time zones
(TZ) and Daylight Saving Time (DST).
to fo
• TZ and DST are managed by the time zone variable.
## echo
echo $TZ
$TZ
CET-1CEDT-2,M3.5.0,M10.5.0
CET-1CEDT-2,M3.5.0,M10.5.0
ec vo
Notes:
oy si
Introduction
u
Computer systems tell time differently than people do. So it is helpful to understand how
time works within computers as well as in the real world in order to get a handle on the
cl
billion years ago Unix simply counts seconds since New Year’s Day 1970. All changes in
denoting the time are done by library functions linked into the system or applications that
convert between UTC and local time at runtime.
On AIX systems, the hardware clock is set to keep Universal Time (UTC), also called
pr
Greenwich Mean Time (GMT), instead of the time of day in the system’s actual time zone.
The system can be configured to keep track of UTC time and to adjust for the offset
between UTC and the local time, including daylight saving time.
14-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
## smit
smit chtz_date
chtz_date
Change
Change // Show
Show Date,
Date, Time,
Time, and
and Time
Time Zone
Zone
.I. n
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
.T ció
Change
Change // Show
Show Date
Date and
and Time
Time
Change
Change Time
Time Zone
Zone Using
Using System
System Defined
Defined Values
Values
Change
Change Time
Time Zone
Zone Using
Using User
User Entered
Entered Values
Values
.
C
## smit
smit date
date ## date
date 051814542013
051814542013
.F a
Change
Change // Show
Show Day
Day and
and Time
C rm
Time
YEAR
YEAR (00-99)
(00-99) [13]
[13]
MONTH
MONTH (01-12)
(01-12) [05]
[05]
DAY
DAY (01-31)
(01-31) [18]
[18]
to fo
HOUR
HOUR (00-23)
(00-23) [14]
[14]
MINUTES
MINUTES (00-59)
(00-59) [54]
[54]
SECONDS
SECONDS (00-59)
(00-59) [00]
[00]
ec vo
Notes:
oy si
The date command writes the current date and time to standard output if called with no
flags or with a flag list that begins with a + (plus sign). Otherwise, it sets the current date.
u
The date command needs the proper arguments in the format of mmddHHMM[YYyy],
where mmdd is the two-digit month and two-digit day (0518); HHMM is the two-digit hour in
24-hour notation (14), two-digit minute (54) and YYyy is the four-digit year (2013):
# date 051814542013
pr
For slowly adjusts the time by sss.fff seconds (fff represents fractions of a second) use
date -a [ + | - ]sss[.fff ]. This adjustment can be positive or negative. The system's clock
will be sped up or slowed down until it has drifted by the number of seconds specified by
date -a [ +
Note that you must be logged as root User.
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Defines CUT offset and DST
.T ció
– Coordinated Universal Time (CUT)
• The international time standard.
– Daylight Saving Time (DST)
.
C
• Practice of advancing clocks
.F a
• Time zone variable should be:
C rm
– System wide (for all processes)
• defined in /etc/environment file
– User wide (for user processes)
to fo
• defined in user .profile file
ec vo
Notes:
oy si
The functions for accessing the time zone are declared in time.h. You should not normally
need to set TZ. If the system is configured properly, the default time zone will be correct.
u
You might set TZ if you are using a computer over a network from a different time zone, and
would like times reported to you in the time zone local to you, rather than what is local to
cl
the computer.
Environment variables are examined when a command starts running. The environment of
Ex
a process is not changed by altering the /etc/environment file. Any processes that were
started prior to the change to the /etc/environment file must be restarted if the change is to
take effect for those processes. If the TZ variable is changed, the cron daemon must be
restarted, because this variable is used to determine the current local time.
pr
14-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty If the Daylight Saving Time option is enabled, the default in AIX is for the system time to
move forward 1 hour (to DST) at 2:00am the second Sunday in March, and move back one
hour (to Standard Time) at 2:00 a.m. on the first Sunday in November. The default is hard
coded and is not stored in any user accessible file. However, the date and time at which the
switch to DST and ST occurs can be customized by root (global environment) or by users
(user environment) by setting the $TZ environment variable. To see if DST is enabled, echo
$TZ; if the time zone variable ends in DT, DST is enabled.
.I. n
Crontab consideration:
.T ció
When the TZ environment variable is changed, the cron daemon must be restarted. This
enables the cron daemon to use the correct Time Zone and summer time change
information for the new TZ environment variable.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
– Looks cryptic; can be difficult to set and interpret
.T ció
• Olson format specification
.
– Uses known names of cities or regions
C
.F a
– Specifies the TZ name in a simple, easy-to-understand form
– Maintains a historical record of what the TZ rules were at given points
C rm
in time
– Is slower than the POSIX format
to fo
ec vo
Notes:
oy si
AIX checks the TZ environment variable to determine if the environment variable follows
the POSIX specification rules. If the TZ environment variable does not match the POSIX
u
convention, AIX calls the ICU library to get the Olson time zone translation.
cl
Ex
pr
14-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
## smit
smit chtz_user
chtz_user
Change
Change Time
Time Zone
.I. n
Zone
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
.T ció
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** Standard
Standard Time
Time ID(only
ID(only alphabets)
alphabets) [CET]
[CET]
.
** Standard
Standard Time
Time Offset
Offset from
from CUT([+|-]HH:MM:SS)
CUT([+|-]HH:MM:SS) [-1]
[-1]
C
Day
Day Light
Light Savings
Savings Time
Time ID(only
ID(only alphabets)
alphabets) [CEDT]
[CEDT]
.F a
Day
Day Light
Light Savings
Savings Time
Time Offset
Offset from
from CUT([+|-]HH:MM:
CUT([+|-]HH:MM: [-2]
[-2]
SS)
SS)
C rm
Start
Start Daylight
Daylight Savings
Savings Day([Mmm.ww.dd|Jn])
Day([Mmm.ww.dd|Jn]) [M3.5.0]
[M3.5.0]
Start Daylight Savings Time(HH:MM:SS)
Start Daylight Savings Time(HH:MM:SS) []
[]
Stop
Stop Daylight
Daylight Savings
Savings Day([Mmm.ww.dd|Jn])
Day([Mmm.ww.dd|Jn]) [M10.5.0]
[M10.5.0]
Stop
Stop Daylight
Daylight Savings
Savings Time(HH:MM:SS)
Time(HH:MM:SS) []
[]
to fo
F1=Help
F1=Help F2=Refresh
F2=Refresh F3=Cancel
F3=Cancel F8=Image
F8=Image
F9=Shell
F9=Shell F10=Exit
F10=Exit Enter=Do
Enter=Do
ec vo
Notes:
oy si
This format is compliant with POSIX 1003.1 standards for Extensions to Time Functions.
u
AIX checks the TZ environment variable to determine if the environment variable follows
the POSIX specification rules. If the TZ environment variable does not match the POSIX
cl
convention, AIX calls the ICU library to get the Olson time zone translation.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
## echo
echo $TZ
$TZ
CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
.I. n
CST6CDT is
.T ció
the time zone
you are in
.
C
TZ=CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
.F a
C rm
Date/time when
time shifts Date/time when
further time shifts back
to fo
ec vo
Notes:
oy si
If you wish to change the date or time at which the system switches to DST and back to
Standard Time from the defaults for your zone, edit the TZ line in /etc/environment. Change
u
TZ=CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
The above example would effect a change to Daylight Saving Time at 2:00 AM on the
Ex
second Sunday in March and change back at 2:00 AM on the first Sunday in November,
and keep the US Central Time Zone time offset from GMT. The breakdown of the string is:
CST6CDT is the time zone you are in;
M3 is the third month;
pr
14-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty In more detail, the format is TZ = local_Time Zone,date/time,date/time. Here date is in the
form of Mm.n.d, day d(0-6) of week n (1-5, where week 5 means “the last d day in month
m” and which may occur in either the fourth or the fifth week) of month m of the year. Week
1 is the first week in which the day d occurs. Day zero is Sunday.
Time Zones Defined on the System is listed in Files reference.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
## smit
smit chtz_olson
chtz_olson
Select
Select COUNTRY
COUNTRY or
or REGION
REGION
.I. n
Europe/Podgorica
Europe/Podgorica
Europe/Prague
Europe/Prague
.T ció
Europe/Riga
Europe/Riga
Europe/Rome
Europe/Rome
Europe/Samara
Europe/Samara
Europe/San_Marino
Europe/San_Marino
.
Europe/Sarajevo
Europe/Sarajevo
C
Europe/Simferopol
Europe/Simferopol
.F a
Europe/Skopje
Europe/Skopje
C rm
Change
Change Time
Time Zone
Zone
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
to fo
[Entry
[Entry Fields]
Fields]
TIME
TIME ZONE
ZONE name
name Europe/Prague
Europe/Prague
OFFSET
OFFSET from
from Greenwich
Greenwich Mean
Mean Time
Time GMT+01:00
GMT+01:00 // GMT+02:00
GMT+02:00
ec vo
Notes:
oy si
The time zone compiler zic command and the command to dump the time zone
information, zdump, are modified to work with the updated time zone data files.
Ex
pr
14-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Edit /etc/ntp.conf
server
server fr.pool.ntp.org
fr.pool.ntp.org Your ntp time
.I. n
driftfile
driftfile /etc/ntp.drift
/etc/ntp.drift server’s IP address
goes here
.T ció
• Run ntpdate
• Start the xntpd daemon
.
C
## startsrc
startsrc -s
-s xntpd
xntpd
.F a
C rm
• Set up xntpd to start automatically at boot time.
/etc/rc.tcpip
/etc/rc.tcpip file:
file:
start
start /usr/sbin/xntpd
/usr/sbin/xntpd “$src_running”
to fo
“$src_running”
ec vo
Notes:
oy si
The Network Time Protocol (NTP) is an Internet standard protocol which synchronizes time
between systems on a TCP/IP network. Depending on circumstances, the precision is in
u
the microsecond range (one millionth of a second). If your network already has an
established time server, you can set up your system get the accurate time information from
cl
it. Various public NTP servers on the Internet exist which can be used. As a last resort, if no
other means are available, you can connect your NTP server to the local clock of your
Ex
system. This is useful if you are on an isolated network and you need synchronized time
across your systems.
The NTP protocol in AIX implements an xntpd daemon which slaves itself to another time
source, continuously monitoring the other source and adjusting the local time.
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• driftfile is the name of the file where the drift of the local clock is stored. This drift is
automatically determined by measuring the adjustments needed to the local clock over
a period of time. In case the NTP server cannot be contacted, the ntpd daemon will
nevertheless keep applying the same adjustments (taken from the driftfile) to reach a
high degree of precision.
Important to note is that ntpd will not start if the time difference between itself and the time
server to be used is large. It is therefore common to run ntpdate before starting ntpd,
.I. n
ntpdate connects to a time server, retrieves the correct time, sets the local clock to the
correct time, and exits.
.T ció
It takes up to 6 minutes for the xntp client to sync up to the server. Therefore the time
difference between the NTP client and the server should not be any greater than 1000
.
seconds.
C
Detailed explanation of NTP protocol and configuration of NTP server is an advanced topic
.F a
which is covered in course AN21 TCP/IP for AIX Administrators.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
14-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Checkpoint
IBM Power Systems
.I. n
the at command.
.T ció
2. Give a crontab entry that would specify that a job should
run every Thursday at 10 past and 30 minutes past every
.
C
hour.
.F a
C rm
3. How would you schedule a script named myscript to run
10 minutes from now?
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
.I. n
Scheduling
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
Introduction
u
This lab gives you the opportunity to schedule jobs using both at and crontab.
The exercise can be found in your Student Exercises Guide.
cl
Ex
pr
14-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Unit summary
IBM Power Systems
.I. n
• Explain the role of the cron daemon
.T ció
• Use crontab files to schedule jobs on a periodic basis
• Use the at command to schedule a job or series of jobs at
.
C
some time in the future
.F a
• Use the batch command to schedule jobs in a queue in
C rm
order to alleviate immediate system demand
• Explain and set the system time
• Describe and set the time zone variable
to fo
• Configure basic NTP clients
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
14-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Define TCP/IP layering terminology
C
• Describe the TCP/IP startup flow on AIX
.F a
• Configure Virtual LANs
• Describe IP addressing
C rm
• Configure TCP/IP basic functions on AIX
- IP configuration, routing, aliasing
• Explain how Ports and Sockets are used
• Use standard TCP/IP facilities
to fo
- Log in to another system
- Transfer files
- Run commands
• Configure NFS
ec vo
• Set up VNC
• Checkpoint questions
u
• Machine exercises
cl
References
Ex
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Describe the TCP/IP startup flow on AIX
• Configure Virtual LANs
.T ció
• Describe IP addressing
• Configure TCP/IP basic functions on AIX
.
– IP configuration, routing, aliasing
C
.F a
• Explain how Ports and Sockets are used
C rm
• Use standard TCP/IP facilities
– Log in to another system
– Transfer files
– Run commands
to fo
• Configure NFS
• Set up VNC
ec vo
Notes:
oy si
u
cl
Ex
pr
15-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
What is TCP/IP?
IBM Power Systems
.I. n
communicate on a network
.T ció
• Designed for heterogeneous systems
• Supports different network types
.
• Made up of Open Standards
C
.F a
– Request for comments (RFCs)
• Protocol of the Internet, defined in five layers
C rm
to fo
ec vo
Notes:
oy si
TCP/IP stands for Transmission Control Protocol/Internet Protocol. A more accurate name
is Internet Protocol Suite or IP Stack.
u
TCP/IP is a set of protocols or rules which define various aspects of how two computers in
cl
a network may communicate with each other. A protocol is a set of rules which describes
the mechanisms and data structures involved. Using these definitions, vendors can write
software to implement the protocols for particular systems.
Ex
There are many different protocols which cover the aspects of addressing hosts in the
network, data representation and encoding, message passing, interprocess
communications, and application features, such as how to send mail or transfer files across
pr
the network.
Where possible, the protocols are defined independently of any operating system, network
hardware, or machine architecture. In order to implement TCP/IP on a system, interface
software must be written to allow the protocols to use the available communications
hardware.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
This means that heterogeneous environments can be created where machines from
different manufacturers can be connected together, and different types of networks can be
interconnected.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
15-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
TCP/IP layering
IBM Power Systems
Common
OSI 7 layer network
TCP/IP layer model
model devices
.I. n
- Layer 7 switch
Application SNMP FTP DNS DHCP VNC
Application
SSH SMTP NFS LDAP MAIL
Presentation
.T ció
- Firewall
Session TCP UDP
Transport Reliable delivery to Unreliable delivery to
.
correct program correct program
Transport
C
.F a
- Router
IP IPsec ICMP - Layer 3 switch
Network Internet
C rm
- Switch
LAN WAN
Data Link Network (Ethernet, FDDI, ....) (ATM, Leased lines, ....)
- Bridge
interface - NIC
to fo
Medium (connectors, cabling, distance) - NIC
Examples: Examples: - Repeater
Physical Physical 1000Base-TX/SX/LX SONET
IEEE 802.11x T/ E -carrier links
xDSL
ec vo
Notes:
oy si
The TCP/IP protocol suite consists of lots of different protocols, which are described in
many thousands of RFCs. Most of these protocols and RFCs are either application specific
u
(such as RFC 959, which describes the FTP protocol), or describe how data should be
transferred over a specific architecture (such as RFC 894, which describes IP over
cl
Ethernet). For now, it is important to understand the working and interdependency of only a
few core protocols. Since these protocols are built on top of each other, where one protocol
Ex
uses another protocol to get things done, the interdependency is almost as important as
understanding each protocol independently.
From top to bottom we find the following protocols:
pr
• Applications use either the User Datagram Protocol (UDP) or the Transmission
Control Protocol (TCP) to transmit their data. Both TCP and UDP deliver the data to
the right process, and make use of IP to arrange delivery to the right host. The
difference between UDP and TCP is that TCP implements a mechanism of
acknowledgments, whereby reliability can be guaranteed. UDP does not have such a
mechanism, making UDP less reliable.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• The Internet layer is responsible for end-to-end (source to destination) packet delivery
including routing through intermediate hosts. Internet Control Message Protocol
(ICMP) messages are typically generated in response to errors in IP datagrams or for
diagnostic or routing purposes. The IPsec protocol is responsible for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet of a data
stream.
• The Network interface is the protocol layer which transfers data between hosts. In
.I. n
order to do this, a physical medium is required such as copper or fiber and hence the
network interface and physical layers are closely related.
.T ció
Common network devices
• Repeater. A repeater is an electronic device that receives a signal and retransmits
.
them at a higher level, higher power or both, so that the signal can cover longer
C
distances without degradation. Because repeaters work with the actual physical signal,
.F a
and do not attempt to interpret the data being transmitted, they operate on the Physical
layer, the first layer of the OSI model.
C rm
• Network Interface Card (NIC). A NIC is a LAN adapter which is designed to allow
computers to communicate over a computer network. It is both a layer 1 (physical layer)
and layer 2 (data link layer) device, as it provides physical access to a networking
to fo
medium and provides a low-level addressing system through the use of MAC
addresses.
• Bridge. A bridge is a hardware device for linking two networks that work with the same
protocol. Unlike a repeater, which works at the physical level, a bridge works at the
ec vo
logical level (on layer 2), which means that it can filter frames so that it only lets past
data whose destination address corresponds to a machine located on the other side of
the bridge.
oy si
• Switch. A network switch is a device that connects network segments. The term
commonly refers to a network bridge that processes and routes data at the Data link
layer (layer 2) of the OSI model.
u
- Layer 3. Switches that additionally process data at the network layer (layer 3 and
cl
- Layer 4. Layer 4 switches process data a the transport layer and are always
vendor-dependent. An example of a layer 4 switch, is a Firewall which performs
transport layer function such as: Network Address Translation (NAT), IP filtering and
packet encryption/decryption.
pr
- Layer 7. The most advanced switches, called layer 7 switches (corresponding to the
application layer of the OSI model), can redirect data based on advanced
application data contained in the data packets, for example, an awareness of the
type of the file being sent by FTP. For this reason, a layer 7 switch can be used for
load balancing, by routing the incoming data flow to the most appropriate servers,
which have a lower load or are responding more quickly.
15-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• Broadcast domain: Stations that receive each other’s link level broadcasts
– All stations have network interface cards (NIC) which use matching
.T ció
physical, electrical, and layer 2 protocol abilities.
– Each NIC has a unique hardware address.
.
• Also known as a Media Access Control (MAC) address
C
.F a
host host host host
C rm
to fo
repeater
host host
ec vo
Notes:
oy si
Generally, your server will connect to a local area network or LAN. A LAN is almost always
a collection of stations which are in relatively close physical proximity (such as in the same
u
building or even a single floor of a building). To extend the distance, digital repeaters are
sometimes inserted in the topology.
cl
The stations connect to the LAN via a network interface card (NIC), commonly an Ethernet
adapter. As long as the NICs use the same signaling mechanism and link protocols, they
Ex
can talk to each other. Frames of data are addressed to the hardware address of the
adapter. The hardware address is also called the Media Access Control (MAC) address.
Broadcast mechanisms are used to discover the MAC address of the other stations. The
collection of stations which can receive a link level broadcast is referred to as a Broadcast
pr
Domain
Originally, the stations shared cabling that allowed any station in the LAN to see all the
traffic on the LAN (even if not addressed to itself). Most current LANs have a central hub
that only repeats the signal to a station if it is either a broadcast frame or the frame is
addressed to the MAC address of that station.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Originally designed by Digital, Intel, and Xerox
– etX interface uses IEEE802.3 frame format.
.T ció
Interface: en0
Network Adapter Card port
Interface: et0
adapter device: ent0
(Layer three logical devices)
.
(Layer 1 and 2 physical device)
C
MAC
.F a
Address
## lsdev
lsdev -Cl
-Cl ent0
ent0
C rm
ent0
ent0 Available
Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter
## lscfg
lscfg -v
-v -l
-l ent0
ent0 |grep
|grep Network
Network IP addresses are
Network assigned to the
Network Address.............001125BF9018
Address.............001125BF9018 interfaces. In
## lsdev this case, en0.
lsdev -Cc
-Cc if
to fo
if
en0
en0 Available
Available 01-08
01-08 Standard
Standard Ethernet
Ethernet Network
Network Interface
Interface
et0
et0 Defined
Defined 01-08
01-08 IEEE
IEEE 802.3
802.3 Ethernet
Ethernet Network
Network Interface
Interface
ec vo
Notes:
oy si
The original Ethernet is called Experimental Ethernet today. It was developed by Robert
Metcalfe in 1972 (patented in 1978) and was based in part on the ALOHAnet protocol. The
cl
first Ethernet that was generally used was DIX Ethernet (known as Ethernet II) and was
derived from Experimental Ethernet. Today, there are many different standards, under the
umbrella of IEEE 802.3, and the technical community has accepted the term Ethernet for
Ex
all of them. Currently, under development is IEEE 802.3ba (40Gb/s and 100Gb/s Ethernet).
For further information see http://www.ieee802.org/3
Ethernet adapter support on AIX
pr
15-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Virtual LAN
IBM Power Systems
.I. n
– Host is restricted to VLAN assigned to the port.
– Use of VLAN IDs (VID) is internal to the switching hub.
.T ció
– Switch tags frames from host with VID and strips VID when sent to host.
VLAN 3
.
host host host
C
.F a
VLAN 2
C rm
host host host
to fo
vid=2 vid=3 vid=2 vid=3 vid=2 vid=3
Ethernet switch
ec vo
Notes:
oy si
VLANs are used to support multiple networks even though the stations are connected to
the same central switching hubs. This helps to reduce the size of the broadcast domain
cl
and helps with security through isolation. The switch administrator is responsible for
maintaining the isolation and controls access to each VLAN on a port by port basis.
Ex
When a station plugs into a network it is automatically on the LAN to which the port is
assigned. Originally, the LAN membership was maintained by switching physical circuits in
the hub. Today, the frame headers are modified or tagged to identify the VLAN
membership.
pr
A host attached to a typical switch access port is unaware of this tagging. It simple sends
and receives frames that have no VLAN ID identification. The switching hub tags frames
coming in from the host with the port VLAN ID and removes that tagging when any frame
leaves the port destined for that host. Frames which do not match the port’s assigned
VLAN ID are not sent out that port.
15-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– Carry VLAN ID in each frame to maintain VLAN membership
• 802.1Q: Industry standard for tagging frames with VLAN ID
.T ció
– Typically allow all tagged VLAN traffic
• Can be restricted: Allow or deny list coded on the trunk port definitions
.
C
.F a
Tagged
frames
C rm
2 3 4 4 2 3 5 5
Ethernet switch Ethernet switch
6 6 2 3 trunk 6 6 2 3
to fo
Trunk ports -
VID allowed list: 2, 3
ec vo
Notes:
oy si
802.1Q VLAN
u
In 802.1Q, the VLAN information is written into the Ethernet packet itself. Each packet
carries a VLAN ID, called a Tag. This allows VLANs to be configured across multiple
switches. The ports used to connect two switches is defined as a trunk port. These
inter-switch trunk ports typically move tagged frames without striping those tags; the packet
pr
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Switch would define port as a trunk port; specify allow list
.T ció
• Tagged frames in the allowed list processed as-is
– Tags not added or removed by the switch
.
• Untagged frames processed normally using port’s VLAN ID
C
.F a
Tagged Host
frames
C rm
2 3 4 4 ent1
3
Ethernet switch 4
6 6 2 3 trunk ent2
to fo
6
Trunk port -
VID allowed list: 2, 3
ec vo
Notes:
oy si
The main reason for a server being configured to identify its VLAN membership is to save
on hardware costs. Normally, the host would need to use a separate NIC (and a separate
u
switch port) for each LAN on which it needed to talk. A host which does it’s own VLAN
tagging can use a single NIC instead.
cl
To support this the switch will usually define the port as a trunk port, as if it were connecting
to another switch. Due to security concerns, the switch administrator will typically code an
Ex
allow list of VLAN IDs for that port. The switch will discard any frames sent by the host
which are tagged with a VLAN ID which are not in the allowed list. Arriving packets, both
inbound and outbound, with tags that match the allowed list are passed along without
stripping the tag. It is common for a trunk connection to a host to also have a port VLAN ID,
pr
just like a normal access port; when a frame from the host has no VLAN tagging, the switch
tags it with the port VLAN ID and when it sends a frame to the host, it strips the VLAN ID
when it matches the port VLAN ID.
The VLAN aware host in this situation is responsible for tagging frames being sent on
different VLANs and for separating the frames when they are received.
15-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Available
Available Network
Network Adapters
Adapters
Move
Move cursor to desired item
cursor to desired item and
and press
press Enter.
Enter. Use
Use arrow
arrow keys
keys to
to scroll.
scroll.
.T ció
ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (1410890)
(1410890)
ent0
ent0 Available
Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX PCI-X Adapter (14106902)
Base-TX PCI-X Adapter (14106902)
.
Add
Add AA VLAN
C
VLAN
.F a
[Entry
[Entry Fields]
Fields]
VLAN
VLAN Base
Base Adapter
Adapter ent1
ent1
** VLAN Tag ID [33] +#
C rm
VLAN Tag ID [33] +#
VLAN
VLAN Priority
Priority []
[] +#
+#
## lsdev
lsdev -Cc
-Cc adapter
adapter Packets which get
ent0
ent0 Available 01-08 10/100/1000 Base-TX PCI-X sent(14106902)
Adapter
Available 01-08 10/100/1000 Base-TX PCI-X Adapter from adapter
(14106902)
to fo
ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX PCI-Xent2,
Base-TX PCI-X are (14108902)
Adapter
Adapter sent
(14108902)
ent2
ent2 Available
Available VLAN
VLAN tagged (33) out of
ent1.
ec vo
Notes:
oy si
AIX can be configured to be VLAN aware. This is done by creating special VLAN adapters
which appear to be regular Ethernet adapters but which are based upon the actual physical
u
NIC. Each VLAN adapter has an associated VLAN ID which it will handle.
cl
Use smit addvlan fast path to configure VLAN adapters. Start by selecting a base adapter,
which will be used to send the packets, and assign a VLAN tag. Optionally, you can also
specify a priority. This is used by the VLAN driver to prioritize packets if multiple VLANs are
Ex
created using the same base adapter. You can specify a value from 0-7, where 0 is the
default priority, 1 is the highest, and then in increasing numerical order from 2 through 7.
The VLAN adapter (in this case creating ent2) configuration will automatically create two
pr
Ethernet interfaces in a defined state. Just as with the interfaces created when configuring
a physical adapter, you will need to configure an interface to use IP protocols. The example
in the visual, you would configure en2 for standard Ethernet.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
10000001 00100001 10010111 00000111
129 . 33 . 151 . 7
11111111 11111111 00000000 00000000 /16
.
255 . 255 . 0 . 0
C
.F a
Network identification Host identification
C rm
– The broadcast address = 129.33.255.255
– The first host on the network = 129.33.0.1
– The last host on the network = 129.33.255.254
to fo
• Every TCP/IP host contains a special address called the
loopback which is assigned an address of 127.0.0.1.
ec vo
Notes:
oy si
In order to be able to deliver the IP packet to the correct destination host, every host needs
an IP address. These IP addresses are 32-bit values and have to be unique. In most cases,
u
the IP address is not written in its binary form, but in the so-called “decimal dot” notation,
where the 32 bits are grouped into four groups of eight bits each, and those eight bits are
cl
written in decimal form, separated with dots. The subnet mask allows us to identify the two
key pieces of information in the IP address. The address of the network and the host
Ex
loopback address. Hosts use the loopback address to send messages to themselves.
• Any IP address with the hostname part all zeros, such as 129.33.0.0, is reserved as an
identification for the network itself. It is not a valid IP address to be assigned to a host.
• Any IP address with the hostname part all ones, such as 129.33.255.255, is reserved as
the local broadcast address. Data sent to this address is delivered to all systems on the
local network.
15-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Class Default subnet mask Range No. of networks No. of hosts
A 255.0.0.0 (/8) 1-127 128 16.7 million
B 255.255.0.0 (/16) 128-191 16384 65534
.T ció
C 255.255.255.0 (/24) 192-223 2.1 Million 254
.
• Network assignment is managed by the IANA (Internet
C
Assigned Numbers Authority) through ISPs.
.F a
– Network addresses are generally, either broken up and assigned to
C rm
physical networks (subnetting) or aggregated together (supernetting).
– This is achieved by manipulating the subnet mask.
to fo
ec vo
Notes:
oy si
IP addresses need to be assigned in such a way that they are unique across the whole
Internet. That is why there is a special organization that does this. This is the Internet
u
Assigned Number Authority, or IANA. They are responsible for assigning groups of
addresses, called classes, to organizations. They do not do this directly, but have
cl
In additional to classes A to C, there are also classes D and E. Class D addresses are
reserved for multicasting. Multicasting is a limited area type of broadcasting. There is no
network or host portion in a multicast address. It is an integer number registered with the
InterNIC that identifies a group of machines. Class E, is for experimental use only.
pr
Class A and B addresses contain lots of hosts, and therefore, need to be broken down into
smaller more manageable chunks. This is achieved through a process known as
subnetting. On the other hand, class C addresses contain very few hosts, which can also
be subnetted into smaller chunks, but very often need to be aggregated together to form
larger networks. This is achieved through a process known as supernetting.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Subnetting example
IBM Power Systems
.I. n
.T ció
10000001 00100001 0000000 0 00000000
129 . 33 . 0 . 0
.
11111111 11111111 1111111 0 00000000 /23
C
.F a
255 . 255 . 254 . 0
Network identification Assigned by this Host identification
organization to the
C rm
network
Notes:
oy si
The default subnet mask for a class B network is 255.255.0.0. This translates to one
network with ((2^16)-2) with 65534 hosts. Organizations with a class A and B address often
u
have hundreds, if not thousands of physical networks split across both local and
geographically dispersed locations. The only way to do this is to split the network address
cl
into more manageable chunks. This is achieved by borrowing bits from the host ID and
using them for the network. Using seven bits from the host ID, allows for (2^7) 128 physical
Ex
networks. On each of the 128 networks, there can be ((2^9)-2) 510 hosts. We have to
subtract two from the number of hosts, because all zeros are reserved for the network and
all ones are reserved for the broadcast address.
pr
15-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Supernetting example
IBM Power Systems
.I. n
network.
.T ció
11111100 10110100 011011 00 00000000
222 . 180 . 108 . 0
.
C
11111111 11111111 111111 00 00000000 /22
.F a
255 . 255 . 252 . 0
Network identification Host identification
Notes:
oy si
Having four class C addresses is four physical networks each with up to 254 hosts. Each
network would require a router to route packets between them. Supernetting is the
u
opposite to subnetting and borrows bits from the network portion of the IP address. In the
example, we have borrowed two bits, changing the subnet mask from 255.255.255.0 to
cl
255.255.252.0. The result is that networks 222.180.109, 110 and 111 have become part of
the 222.180.108 network. The 222.180.108 network can have up to ((2^10)-2) 1022 hosts.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• There are many ways. However, in most cases you start with
smit mktcpip.
A one stop shop for
.I. n
Minimum
Minimum Configuration
Configuration && Startup
Startup TCP/IP config on
AIX.
To
To Delete
Delete existing
existing configuration
configuration data,
data, please
please use
use Further
Further Configuration
Configuration
.T ció
menus
menus
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
.
[Entry
[Entry Fields]
Fields]
C
** HOSTNAME
HOSTNAME [waldorf]
[waldorf]
.F a
** Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.18]
[10.47.1.18]
Network
Network MASK
MASK (dotted
(dotted decimal)
decimal) [255.255.0.0]
[255.255.0.0]
** Network
Network INTERFACE
INTERFACE en0
en0
C rm
NAMESERVER
NAMESERVER
Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.33]
[10.47.1.33]
DOMAIN Name
DOMAIN Name [lpar.co.uk]
[lpar.co.uk]
Default
Default Gateway
Gateway
Address
Address (dotted
(dotted decimal
decimal or
or symbolic
symbolic name)
name) [10.47.0.1]
[10.47.0.1]
to fo
Cost
Cost [0]
[0] ##
Do
Do Active
Active Dead
Dead Gateway
Gateway Detection?
Detection? no
no ++
Your
Your CABLE
CABLE Type
Type N/A
N/A ++
START
START Now
Now no
no ++
ec vo
Notes:
oy si
AIX provides a very quick and easy configuration SMIT panel for configuring TCP/IP on the
system. The essential items you will require are:
u
nameserver 10.47.1.33
domain lpar.co.uk
Cable type is generally not required and can be left as N/A. Start now will refresh or start,
the TCP/IP subsystems. Note: they should already be running!
15-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• smit tcpip should only be used for the first adapter. In a multi-homed
host, subsequent adapters should be configured with smit chinet.
.I. n
Change
Change // Show
Show aa Standard
Standard Ethernet
Ethernet Interface
Interface
.T ció
[Entry
[Entry Fields]
Fields]
Network
Network Interface
Interface Name
Name en1
en1
INTERNET
INTERNET ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [192.168.0.1]
[192.168.0.1]
.
Network
Network MASK
MASK (hexadecimal
(hexadecimal oror dotted
dotted decimal)
decimal) [255.255.255.0]
[255.255.255.0]
C
Current STATE
Current STATE up
up ++
.F a
Use
Use Address
Address Resolution
Resolution Protocol
Protocol (ARP)?
(ARP)? yes
yes ++
BROADCAST
BROADCAST ADDRESS (dotted decimal)
ADDRESS (dotted decimal) []
[]
C rm
Interface
Interface Specific
Specific Network
Network Options
Options
('NULL'
('NULL' will
will unset
unset the
the option)
option)
rfc1323
rfc1323 []
[]
tcp_mssdflt
tcp_mssdflt []
[]
tcp_nodelay
tcp_nodelay []
[]
to fo
tcp_recvspace
tcp_recvspace []
[]
tcp_sendspace
tcp_sendspace []
[]
Apply
Apply change
change to
to DATABASE
DATABASE only
only no
no ++
ec vo
Notes:
oy si
If SMIT is being used to configure further interfaces, then the fastpath smit chinet should be
used. All fields are optional, but essential items are:
u
• Interface to be configured
• State of the interface, default is DOWN – so do not forget to switch this to UP – this is a
Ex
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
(valid until reboot)
.T ció
• Setting the host name
– ODM: # chdev –l inet0 –a hostname=sys1
– Directly: # hostname sys1
.
• Defining an IP address for an interface
C
.F a
– ODM: # chdev -l en0 -a netaddr=192.168.0.1 –a \
netmask=255.255.255.0 -a state=up
C rm
– Directly: # ifconfig en0 192.168.0.1 255.255.255.0 up
• For direct method, append commands to:
– /etc/rc.net
to fo
or
– /etc/bsdnet (if inet0 bootup_option=yes)
• Can use host name and ifconfig for display of values
ec vo
Notes:
oy si
As well as SMIT, TCP/IP configuration can be driven from the command line. There are two
ways to handle this:
u
• The AIX way, in which configuration is stored in the AIX internal database (ODM). This
cl
15-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• netstat
## netstat
netstat -in
-in
.I. n
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs Coll
Coll
en0
en0 1500
1500 link#2
link#2 ea.48.f0.0.b0.3
ea.48.f0.0.b0.3 3359653
3359653 00 238778
238778 00 00
en0
en0 1500
1500 10.47
10.47 10.47.1.23
10.47.1.23 3359653
3359653 00 238778
238778 00 00
.T ció
lo0
lo0 16896
16896 link#1
link#1 1201
1201 00 1214
1214 00 00
lo0
lo0 16896
16896 127
127 localhost
localhost 1201
1201 00 1214
1214 00 00
lo0
lo0 16896
16896 ::1
::1 00 1201
1201 00 1214
1214 00 00
.
C
.F a
• ifconfig
C rm
## ifconfig
ifconfig -a
-a
en0:
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CH
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CH
ECKSUM_OFFLOAD(ACTIVE),CHAIN>
ECKSUM_OFFLOAD(ACTIVE),CHAIN>
inet
inet 10.47.1.23
10.47.1.23 netmask
netmask 0xffff0000
0xffff0000 broadcast
broadcast 10.47.255.255
10.47.255.255
tcp_sendspace
tcp_sendspace 262144
262144 tcp_recvspace
tcp_recvspace 262144
262144 rfc1323
rfc1323 11
to fo
lo0:
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
inet
inet 127.0.0.1
127.0.0.1 netmask
netmask 0xff000000
0xff000000 broadcast
broadcast 127.255.255.255
127.255.255.255
inet6
inet6 ::1/0
::1/0
tcp_sendspace
tcp_sendspace 131072
131072 tcp_recvspace
tcp_recvspace 131072
131072 rfc1323
rfc1323 11
ec vo
Notes:
oy si
The netstat –i command shows the state of all configured interfaces. The –n flag shows
network addresses as numbers. When this flag is not specified, the netstat command
u
The ifconfig –a command is used to display information about all interfaces in the system.
The key flags are UP and RUNNING, which show the interface is available and active.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Name resolution
IBM Power Systems
.I. n
127.0.0.1
127.0.0.1 loopback
loopback localhost
localhost
10.10.1.1
10.10.1.1 system1
system1 nimserver
nimserver
.T ció
10.10.1.2
10.10.1.2 system2
system2
• DNS - /etc/resolv.conf
.
C
domain
domain lpar.co.uk
lpar.co.uk
.F a
nameserver
nameserver 10.47.1.33
10.47.1.33
C rm
• The name resolution order is:
– Default order: bind (DNS), NIS=auth, local
– Override with /etc/netsvc.conf, append:
• hosts = local, bind
to fo
– Override both with environment variable NSORDER:
• NSORDER=local,bind
• Display resolution with: # host <name or IP addr>
ec vo
Notes:
oy si
Systems use different methods for mapping host names to IP addresses. The method
depends upon the environment in which a system is going to participate.
u
• Flat Network: This method provides name resolution through the file /etc/hosts and
cl
for querying and modifying directory services running over TCP/IP. Tivoli Directory
Server (TDS) is IBM's version of an LDAP server
Default Name resolution
The existence of /etc/resolv.conf determines how a system resolves host names and IP
addresses within a domain or flat network.
15-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty • If /etc/resolv.conf exists, then the system will attempt to query a DNS server.
• If /etc/resolv.conf does not exist, the system will check to see if NIS is being used and
if the server is available. NIS is authoritative. This means, that if the NIS client
subsystem is running, and it is not successful in obtaining an answer, then the process
stops.
• Finally, the local /etc/hosts file is checked.
.I. n
Overriding the default name resolution
The default Name resolution can be overwritten in two ways:
.T ció
• Append to the /etc/netsvc.conf file and specify host ordering. Use the hosts attribute
followed by the name of the resource to use. The resources listed depend on what
.
name resolution processes are running on the network.
C
.F a
• Create an environment variable NSORDER. NSORDER overrides any name resolution
specified in the /etc/netsvc.conf file.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Routing implementation (1 of 2)
IBM Power Systems
.I. n
subnet mask
9.19.99.20 9.19.99.11 sys5
sys11 255.255.255.0
Internet sys20
.T ció
9.19.98.5 (/24)
sys20e sys11e
152.64.10.1 9.19.98.11
default router
.
sys13 sys10
C
9.19.99.13 9.19.98.10
.F a
C rm
destination deliver via
address gateway
Host Route 9.19.98.1 9.19.99.11
to fo
Network Route 9.19.98/24 9.19.99.11
Default Route default 9.19.99.20
ec vo
Notes:
oy si
A route does not define the complete path. It defines only the path segment from one host
to a gateway that can forward packets to a destination, or from one gateway to another.
u
Routes are defined in the kernel routing table. Each routing table entry has two
components:
cl
• Gateway address, where the packet gets sent on its way to its final destination
TCP/IP searches the route table for a best match on the destination in the following order:
• A host route. defines a route to a specific host. The routing IP algorithm still sees a
host address as a network; it is simply a perfect match.
pr
• A network route. defines a route to any of the hosts on a specific network through a
gateway.
• A default route. defines a route to use when the destination did not match any host
route or network specific route. In most hosts, the only type of route the administrator
needs to define is a default route, also known as the default gateway.
15-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty Hosts should not forward IP datagrams unless specifically configured as a router. Most
BSD-derived implementations (AIX) include a kernel variable called ipforwarding, which is
used to control this behavior. The no command is used to view or change the value of
ipforwarding.
To change it: # no -o ipforwarding=<value>
The values are: ipforwarding=0 (do not forward), ipforwarding=1 (do forward).
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Routing implementation (2 of 2)
IBM Power Systems
.I. n
## route
route add
add 00 9.19.99.20
9.19.99.20
.T ció
– Add a host or network route
## route
route add
add 9.19.98.1
9.19.98.1 9.19.99.11
9.19.99.11
.
## route
route add
add –net
–net 9.19.98
9.19.98 9.19.99.11
9.19.99.11
C
.F a
– Delete a host route
C rm
## route
route delete
delete 9.19.98.1
9.19.98.1 9.19.99.11
9.19.99.11
Notes:
oy si
See the route man page for further details about route options and parameters.
u
Please note that route command above is the traditional BSD UNIX so changes made by
route are not persistent after system restart unless the commands are entered into the
cl
/etc/rc.net file (already discussed in „Command line TCP/IP configuration“). Routes can
also be manipulated through SMIT (smit route) or by command which change ODM which
is chinet route = type, [args,], destination, gateway, [metric]. See the chinet man page for
Ex
further details.
pr
15-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Multipath routing
IBM Power Systems
.I. n
– This is for load balancing and high availability.
.T ció
2
1 Primary Default Router1
Primary Default Router1 10.47.0.1
10.47.0.1
Host
.
Host 10.47.1.18
10.47.1.18
C
Default Router2
Default Router2
.F a
Primary 10.47.0.254
Backup 10.47.0.254
C rm
1
# route add 0 10.47.0.1 -hopcount 1 –active_dgd
# route add 0 10.47.0.254 –hopcount 10 –active_dgd
to fo
2
# route add 0 10.47.0.1 –hopcount 1 –active_dgd
# route add 0 10.47.0.254 –hopcount 1 –active_dgd
ec vo
Notes:
oy si
Since AIX5L, multiple routes can be configured to the same destination. This configuration
is known as multipath routing (MPR). MPR allows us to load balance between gateways or
u
prioritize paths using the weight option. MPR also allows us to do Dead Gateway Detection
(DGD). This enables the system to dynamically change the weight on a route if a router has
cl
failed. There are two methods of DGD, active and passive. The passive mode has less
overhead on the network, but can be slow to respond to an outage. Active has more
Ex
overhead on the network but is more responsive to an outage, because icmp (ping)
packets are used to periodically poll/detect if a router is up or down. Active DGD is
deployed by using the –active_dgd option on the route command.
By default, AIX will round-robin load balance between the available routes evenly. It is
pr
possible to customize the load balancing but that will not be covered here. If a route is a
less desirable route to be used only for backup, then you can avoid the use of that route by
defining a high cost for that route. The route command option which identifies cost is the
hopcount option with a large value making that route less desirable. AIX will always use a
route that is lower cost.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
IP aliasing
IBM Power Systems
.I. n
• Commonly used with clustering (for example, PowerHA)
.T ció
## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep –v
–v link
link
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1 1500 192.168.0 192.168.0.1 00 00 66 00
.
en1 1500 192.168.0 192.168.0.1
C
.F a
## ifconfig
ifconfig en1
en1 alias
alias 172.31.0.1
172.31.0.1 255.255.0.0
255.255.0.0
## ifconfig
ifconfig en1 alias 10.47.33.33 255.255.0.0
en1 alias 10.47.33.33 255.255.0.0
C rm
## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep –v
–v link
link
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1
en1 1500 192.168.0
1500 192.168.0 192.168.0.1
192.168.0.1 00 00 77 00
en1
en1 1500
1500 172.31
172.31 172.31.0.1
172.31.0.1 00 00 77 00
to fo
en1
en1 1500
1500 10
10 10.47.33.33
10.47.33.33 00 00 88 00
ec vo
Notes:
oy si
15-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
## ping
ping sys1
sys1
PING
PING sys1:
sys1: (192.108.14.2):
(192.108.14.2): 56
56 data
data bytes
bytes
.I. n
64
64 bytes
bytes from
from 192.108.14.2:
192.108.14.2: icmp_seq=0
icmp_seq=0 ttl=255
ttl=255 time=0
time=0 ms
ms
64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0
64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms ms
^C
^C
.T ció
----seraph
----seraph PING
PING Statistics----
Statistics----
22 packets
packets transmitted,
transmitted, 22 packets
packets received,
received, 0%
0% packet
packet loss
loss
.
## traceroute
traceroute sys1
sys1
C
trying
trying to
to get
get source
source for
for sys1
sys1
.F a
source should be 10.47.1.31
source should be 10.47.1.31
traceroute
traceroute to
to seraph
seraph (192.108.14.2)
(192.108.14.2) from
from 10.47.1.31
10.47.1.31 (10.47.1.31),
(10.47.1.31), 30
30 hops
hops
max
C rm
max
outgoing
outgoing MTU
MTU == 1500
1500
11 merovingian.lpar.co.uk
merovingian.lpar.co.uk (10.47.1.30)
(10.47.1.30) 11 msms 00 ms
ms 00 ms
ms
22 7.7.7.1
7.7.7.1 (7.7.7.1)
(7.7.7.1) 00 ms
ms 00 ms
ms 00 ms
ms
33 sys1
sys1 (192.108.14.2)
(192.108.14.2) 00 msms 00 ms
ms 00 ms
ms
to fo
• Note: Sometimes the protocols used by ping (icmp) and
traceroute (udp) are blocked by firewalls or IPSec filters.
ec vo
Notes:
oy si
The default is to continuously send echo requests until an interrupt is received with <ctrl-c>,
but there is an option (-c) to specify the number of packets sent. The ping command sends
one datagram per second and prints one line of output for every response received. It
Ex
calculates round trip times and packet loss statistics, and displays a brief summary upon
completion.
Be very careful of some options like –f. This will cause ICMP packets to flood the network.
pr
Ping is most useful to test basic connectivity between hosts, but that it can not tell us any
thing about where the break is in the path. On the other hand, if ping cannot get a
response, traceroute can sometimes still give us information that helps to identify the
outage.
traceroute is useful for displaying all the routers between end to end host connectively. It
may turn out that the remote host is OK but a router has failed along the path. Traceroute
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
works by increasing the “time-to-live” value of each successive batch of packets sent. The
first three packets sent have a time-to-live (TTL) value of one (implying that they are not
forwarded by the next router and make only a single hop). The next three packets have a
TTL value of 2, and so on. When a packet passes through a host, normally the host
decrements the TTL value by one, and forwards the packet to the next host. When a packet
with a TTL of one reaches a host, the host discards the packet and sends an ICMP time
exceeded (type 11) packet to the sender. The traceroute utility uses these returning
.I. n
packets to produce a list of hosts that the packets have traversed en route to the
destination. The three time stamp values returned for each host along the path are the
.T ció
delay (known as latency) values typically in milliseconds (ms) for each packet in the batch.
If a packet does not return within the expected timeout window, a star (asterisk) is
traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is
.
at one hop, the second host at two hops, and so on. IP does not guarantee that all the
C
packets take the same route. Also note, that if the host at hop number N does not reply, the
.F a
hop will be skipped in the output.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
15-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• Client side ports are dynamic > 1023.
.T ció
– Every client connection uses a new port.
• A socket is a combination of IP address, protocol, and port
number.
.
• A pair of sockets define a unique application network connection.
C
.F a
• TCP and UDP implement ports independent of each other.
C rm
## grep
grep "^ftp
"^ftp "" /etc/services
/etc/services
ftp
ftp 21/tcp
21/tcp ## File
File Transfer
Transfer [Control]
[Control]
ftp
ftp 21/udp
21/udp ## File Transfer [Control]
File Transfer [Control]
neo:/
neo:/ ## ftp
ftp trinity Socket connection
to fo
trinity
resulting from the
neo:/
neo:/ ## netstat
netstat -a
-a |grep
|grep trinity
trinity ftp communication
tcp
tcp 00 00 neo.57413
neo.57413 trinity.ftp
trinity.ftp ESTABLISHED
ESTABLISHED
ec vo
Notes:
oy si
Each process that wants to communicate with another process needs to identify itself in
some way. The logical construct used by TCP/IP to accomplish this task is called a port.
u
A port uniquely identifies an application (also called network services). The source port
cl
number and the destination port number are contained in the header of each TCP segment
or UDP packet.
Ex
Port numbers are defined in the /etc/services file. Port numbers from 0-1023 are called
well-known published ports and are reserved for standard applications like telnet and ftp.
When a datagram arrives at its destination based on the destination address, IP checks the
protocol. The data delivered to the transport protocol contains the destination port number
pr
that tells the transport protocol to which application process the data needs to go.
A socket is a combination of IP address and port number and protocol family, which
uniquely identifies a single network process. A socket is also referred to as a
communication end point. A pair of sockets uniquely identifies the end to end connection.
Socket communication can be viewed with the netstat –a command.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
inetd daemon
IBM Power Systems
.I. n
– Example network programs
• ftp, tftp, login, telnet, shell, exec, bootp, time.
.T ció
– To enable or disable a network program, comment or uncomment the
appropriate line, and refresh the inetd daemon.
.
– Example: disable ftp
C
.F a
vi
vi /etc/inetd.conf,
/etc/inetd.conf, locate
locate and
and comment
comment out
out ftp
ftp line
line
C rm
## ftp
ftp stream
stream tcp6
tcp6 nowait
nowait root
root /usr/sbin/ftpd
/usr/sbin/ftpd ftpd
ftpd
telnet
telnet stream tcp6
stream tcp6 nowait root
nowait root /usr/sbin/telnetd
/usr/sbin/telnetd telnetd
telnetd -a
-a
shell
shell stream
stream tcp6
tcp6 nowait
nowait root
root /usr/sbin/rshd
/usr/sbin/rshd rshd
rshd
to fo
## refresh
refresh –s
–s inetd
inetd
0513-095
0513-095 The request for
The request for subsystem
subsystem refresh
refresh was
was completed
completed successfully.
successfully.
ec vo
Notes:
oy si
The inetd daemon is started at boot time from /etc/rc.tcpip. When it is started, inetd reads
its configuration from the /etc/inetd.conf file. This file contains the names of the services
u
that inetd listens for requests and starts as needed, to handle these requests. The file is
used to enable and disable network services, such as ftp. To disable ftp on the host, edit
cl
the inetd.conf file, locate and comment out the ftp program, then refresh the inetd
daemon.
Ex
pr
15-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Partition Activation
.I. n
Run time init Process /etc/inittab
.T ció
/sbin/rc.boot calls cfgmgr Process /etc/rc.net
.
C
.F a
/etc/rc.tcpip Starts TCP/IP subsystems
syslogd
C rm
/etc/rc.nfs snmpd
sendmail
portmap
Login
inetd Æ /etc/inetd.conf
to fo
ec vo
Notes:
oy si
TCP/IP startup is initiated from the inittab processing. /sbin/rc.boot calls cfgmgr during the
second phase processing which will in turn initialize the network interfaces and set up
u
routing by processing the /etc/rc.net file. TCP/IP subsystems are started from /etc/rc.tcpip
script. This script can be edited directly to comment or uncomment subsystem startup. The
cl
inetd daemon is responsible for loading network programs upon request, such as ftp, telnet
etc. Once the core TCP/IP subsystems have been initialized, further TCP/IP based
Ex
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
root
## telnet trinity
telnet trinity
## ssh
ssh root@trinity
.T ció
root@trinity
.
## rsh
rsh trinity
trinity -l
-l root
root date
date
C
## rexec trinity date
rexec trinity date
.F a
## ssh
ssh root@trinity
root@trinity date
date
C rm
• r* single commands need trusted host definitions on the server side
– Client identity can be spoofed
• ssh commands need client key stored at server to be prompt-less
to fo
• Data and passwords are transferred in clear text (except ssh)
– There are several types of ssh software available for AIX.
• OpenSSH is contained on the AIX Expansion Pack.
ec vo
Notes:
oy si
The commands, telnet, rsh, rexec, and rlogin are all part of the bos.net.tcp.client fileset
which is installed by default. Any passwords entered using these commands are
u
transferred over the network in clear text and can be easily captured using packet sniffing
tools. rsh, rexec, and rlogin commands can be configured so that the client user does not
cl
have to supply a password. This introduces further vulnerabilities in the system. Ideally all
r* commands, including telnet, should be disabled. They can be replaced by SSH.
Ex
Openssh, including secure copy and file transfer commands, can be installed using the AIX
expansion pack media.
pr
15-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
## ftp
ftp waldorf
waldorf
Connected
Connected to
to waldorf.lpar.co.uk.
waldorf.lpar.co.uk.
220
220 waldorf.lpar.co.uk
waldorf.lpar.co.uk FTP
FTP server
server (Version
(Version 4.2
4.2 Thu
Thu Apr
Apr 17
17 02:03:14
02:03:14 CDT
CDT 2008)
2008)
.I. n
ready.
ready.
Name
Name (waldorf:root):
(waldorf:root):
.T ció
331
331 Password
Password required
required for
for root.
root.
Password:
Password:
ftp>
ftp> prompt
prompt
Interactive
Interactive mode
mode off.
off.
.
ftp>
ftp> mput
mput file*
file*
C
200
200 PORT
PORT command
command successful.
successful.
.F a
150
150 Opening
Opening data
data connection
connection for
for file1.
file1.
226
226 Transfer
Transfer complete.
complete.
C rm
200
200 PORT
PORT command
command successful.
successful.
ftp> bye
ftp> bye
221
221 Goodbye.
Goodbye.
## rcp
rcp file*
file* waldorf:/tmp/files
waldorf:/tmp/files
to fo
## scp
scp file*
file* root@waldorf:/tmp/files
root@waldorf:/tmp/files
root@waldorf's
root@waldorf's password:
password:
file1
file1 100%
100% 2069
2069 2.0KB/s
2.0KB/s 00:00
00:00
ec vo
Notes:
oy si
The ftp command is a commonly used program for transferring files across a network. The
remote user name specified at the login prompt, must exist, and have a valid password
u
defined at the remote host. To gain a list of all ftp sub-commands, type help in an
interactive session or see the man page.
cl
The rcp command is used to copy one or more files between the local host and a remote
host. The scp command is part of OpenSSH and is designed to replace rcp.
Ex
ftp and rcp use unsecured protocols, as all data including passwords are transferred
across the network unencrypted. These passwords are very easy to sniff and capture.
AIX (starting with AIX6.1)also has an ftp secure feature (-s) which uses Transport Layer
pr
Security (TSL) to encrypt data. To use the secure (–s) option, OpenSSL must be installed,
minimum level 0.9.7.
In each case, the facilities support wild-carding for file names. In the example they only
matched to a single file, but this can be powerful when transferring a collection of files.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Transparent access to remote files and directories
.T ció
• Based on a client/server model
• Filesets:
.
– Server: bos.net.nfs.server
C
.F a
– Client: bos.net.nfs.client
/home
C rm
/data client1 client2
/data
to fo
/data nfs_server /home
ec vo
Notes:
oy si
Network file system (NFS) is a facility for sharing files in a heterogeneous environment of
machines, operating systems, and networks. The NFS function is built into the kernel of the
u
15-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Server configuration
– Starting NFS (now and at system restart)
.I. n
• /usr/sbin/mknfs –B
## lssrc
lssrc –g
–g nfs
nfs
.T ció
biod
biod nfs
nfs 352444
352444 active
active
nfsd
nfsd nfs
nfs 221328
221328 active
active
.
rpc.mountd
rpc.mountd nfs
nfs 315524
315524 active
active
C
rpc.statd
rpc.statd nfs
nfs 364738
364738 active
active
.F a
rpc.lockd
rpc.lockd nfs
nfs 258262
258262 active
active
– Stopping NFS (now)
C rm
• /usr/sbin/rmnfs –N
## lssrc
lssrc –g
–g nfs
nfs
biod
biod nfs
nfs inoperative
inoperative
to fo
nfsd
nfsd nfs
nfs inoperative
inoperative
rpc.mountd
rpc.mountd nfs
nfs inoperative
inoperative
rpc.statd
rpc.statd nfs
nfs inoperative
inoperative
rpc.lockd
rpc.lockd nfs
nfs inoperative
inoperative
ec vo
Notes:
oy si
The mknfs command configures the system to run the NFS daemons. The mknfs command
accepts the following flags:
u
• -BAdds an entry to the inittab file to execute the /etc/rc.nfs file on system restart and
cl
• -NStarts the /etc/rc.nfs file to start the NFS daemons immediately, when started this
way, the daemons run until the next system restart
When NFS is started the follow daemons are invoked:
pr
• The biod daemon runs on all NFS client systems. When a user on a client wants to
read or write to a file on a server, the biod daemon sends this request to the server. The
biod daemon is activated during system startup and runs continuously.
• The nfsd daemon runs on the server and handles client requests for file system
operations.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• The rpc.mountd daemon answers client requests to mount file systems. The mountd
daemon finds out which file systems are available by reading the /etc/xtab file. The
/etc/xtab file is created when file systems are exported on the server. This process is
covered in the next visual.
• The rpc.statd and rpc.lockd daemons work together to main stateful locking. NFS
implements an advisory locking mechanism, meaning if a program, and does not pay
any attention to the locking messages it receives, it can go ahead and access the file. In
.I. n
the event of a server crash, the locking information will be recovered. The status
monitor maintains information on the location of connections as well as the status in the
.T ció
/etc/sm directory, the /etc/sm.bak file, and the /etc/state file. When restarted, the statd
daemon queries these files and tries to reestablish the connection it had prior to
termination.
.
C
The rmnfs command changes the configuration of the system to stop running NFS
.F a
daemons. It accepts the same flags as mknfs.
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
15-38 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
/etc/exports
/home
/home
.I. n
/usr/man
/usr/man -ro
-ro mknfsexp
/data
/data -root=sys1:sys2
-root=sys1:sys2
.T ció
chnfsexp OR smit nfs
rmnfsexp
.
exportfs -a
C
.F a
C rm
exportfs /home
/etc/xtab /usr/man -ro
/data -root=sys1:sys2
to fo
rpc.mountd
ec vo
Notes:
oy si
• The permissions (for example, read-write, read-only) clients will have when accessing
the files
Ex
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Only when the NFS subsystem is activated, using the mknfs command, can directories be
made available. When the /etc/export file has been configured, the exportfs command is
used to make the directories available for client mounting. The exportfs -a command
exports all items listed in the /etc/exports file and automatically copies the entries to the
/etc/xtab file. /etc/xtab file entries are used by the system and always reflect what is
currently exported. This leaves the /etc/exports file available for updating at any time. The
/etc/xtab file must never the edited directly.
.I. n
An easy way to maintain the NFS export list is to use SMIT or the AIX commands that are
issued by SMIT. These commands are mknfsexp, chnfsexp, and rmnfsexp. The SMT
.T ció
panels will simplify the creation of otherwise complicated entries in the /etc/exports files.
The panel (and the underlying AIX command) provide an option to specify whether you
wish to only update /etc/exports or also export the change to /etc/xtab.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
15-40 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
kenny:/
kenny:/ ## showmount
showmount -e
-e nfs_server
nfs_server
export list for nfs_server:
export list for nfs_server:
.T ció
/usr/man
/usr/man (everyone)
(everyone)
/data
/data kenny,kyle,eric
kenny,kyle,eric
/home
/home (everyone)
(everyone)
.
C
.F a
• Mounting an NFS server directory:
## mkdir
mkdir /data_client_mnt
/data_client_mnt
C rm
## mount
mount nfs_server:/data
nfs_server:/data /data_client_mnt
/data_client_mnt
## df
df /data
/data
Filesystem
Filesystem 512-blocks
512-blocks Free
Free %Used
%Used Iused
Iused %Iused
%Iused Mounted
Mounted on
on
to fo
nfs_server:/data 278528
nfs_server:/data 278528 212920 24%
212920 24% 1317
1317 6% /data_client_mnt
6% /data_client_mnt
Notes:
oy si
The showmount command is useful for viewing which directories are available for mounting
on a particular NFS server. To mount an NFS directory, first create a directory point and
u
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
– smit mknfsmnt
Add
Add aa File
File System
System for
for Mounting
Mounting
** Pathname
Pathname of
of mount
mount point [/data_client_mnt] //
.I. n
point [/data_client_mnt]
** Pathname
Pathname of
of remote
remote directory
directory [/data]
[/data]
** Host
Host where
where remote
remote directory
directory resides
resides [nfs_server]
[nfs_server]
.T ció
** Security
Security method
method [sys]
[sys] ++
** Mount
Mount now,
now, add
add entry
entry to
to /etc/filesystems
/etc/filesystems oror both?
both? Both
Both ++
** /etc/filesystems
/etc/filesystems entry
entry will
will mount
mount the
the directory
directory no
no ++
.
on
on system
system restart.
restart.
** Mode
Mode for
for this
this NFS
NFS file
file system read-write ++
C
system read-write
.F a
** Attempt mount in foreground or background
Attempt mount in foreground or background background
background ++
** Mount
Mount file
file system
system soft
soft or
or hard
hard hard
hard
Note:
Note: Many
Many options
options removed
removed for
for clarity.
clarity.
C rm
– /etc/filesystems
/data_client_mnt:
/data_client_mnt:
dev
dev == "/data"
"/data"
to fo
vfs
vfs == nfs
nfs
nodename
nodename == nfs_server
nfs_server
mount
mount == false
false
options
options == bg,hard,intr,sec=sys
bg,hard,intr,sec=sys
ec vo
Notes:
oy si
Predefined mounts are NFS mounts which are defined in /etc/filesystems for ease of use
when manual mounting or to enable remote file systems to be mounted during system start
u
time.
cl
Unix, DES, Kerberos 5, Kerberos 5 with integrity, and Kerberos 5 with privacy. The
default NFS security used in most implementations is standard Unix (sys). The other
methods are used in special situations where authentication and encryption is required.
These methods are supported by a new version of NFS, NFS version 4. NFS v4 is not
pr
the default version used in AIX and is a large complex topic which is outside the scope
of this class but may wish to refer to the following IBM Redbook Implementing NFSv4 in
the Enterprise: Planning and Migration Strategies, available at:
http://www.redbooks.ibm.com/abstracts/sg246657.html.
• Mode: Read-write or read-only.
15-42 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
is hard, the client continues trying until the server responds. The hard mount is the default.
When a hard mount is selected, an extra option is included in /etc/filesystems: intr. The intr
.T ció
option allow signals to interrupt an NFS call. This is useful for aborting an NFS mount
process when the server does not respond.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• VNC is a free graphical desktop sharing system which uses the RFB
protocol to remotely control another computer.
• It is popular in both UNIX and Windows systems.
.I. n
.T ció
VNC viewer
eg. UltraVNC VNC traffic
.
realVNC
tightVNC
VNC AIX
C
.F a
Server
Notes:
oy si
Virtual Network Computing (VNC) is a graphical desktop sharing system which uses the
RFB (“remote framebuffer”) protocol to remotely connect to another host/server. It
u
transmits the keyboard and mouse events from one host to another, relaying the graphical
screen updates back in the other direction, over a network.
cl
same time. Popular uses for this technology include remote technical support and
accessing files on one's work computer from one's home computer, or vice versa.
VNC was originally developed at the Olivetti Research Laboratory in Cambridge, United
pr
Kingdom. The original VNC source code and many modern derivatives are open source
under the GNU General Public License.
15-44 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
VNC configuration
IBM Power Systems
• In order to set up a VNC server on AIX, install vnc and zlib from the AIX
Toolbox for Linux Applications.
• Start a VNC session by typing:
.I. n
Note: The TCP/IP port
– vncserver :<port number> started is actually
.T ció
## vncserver
vncserver :33
:33 5933. The “59” is
New
New 'X' desktop is
'X' desktop is neo:33
neo:33 implied and is not
required to connect.
Starting
Starting applications
applications specified
specified in
in //.vnc/xstartup
.
//.vnc/xstartup
Log
Log file
file is
is //.vnc/neo:33.log
//.vnc/neo:33.log
C
.F a
– To access the AIX desktop VNC session from:
C rm
• UNIX, type: # vncview neo:33 (requires Xwindows environment)
• PC VNC viewer
to fo
• Also, access can be done through a web browser over http
– URL: http://neo:5833
ec vo
Notes:
oy si
To run VNC on AIX, install the following filesets from the AIX Toolbox for Linux Applications
CD. No further configuration is required.
u
is used to access VNC over http. To connect in the way, the full port number (including 58)
must be supplied.
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
.I. n
b. ssh
c. VNC
.T ció
d. /etc/services
.
2. What is multipath routing and why should we use it?
C
.F a
3. How can we disable the FTP protocol on AIX?
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
15-46 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
TCP/IP
implementation
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Define TCP/IP layering terminology
.T ció
• Describe the TCP/IP startup flow on AIX
• Configure Virtual LANs
• Describe IP addressing
.
C
• Configure TCP/IP basic functions on AIX
.F a
– IP configuration, routing, aliasing
• Explain how Ports and Sockets are used
C rm
• Use standard TCP/IP facilities
– Log in to another system
– Transfer files
to fo
– Run commands
• Configure NFS
• Set up VNC
ec vo
Notes:
oy si
u
cl
Ex
pr
15-48 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
• Explain nature and purpose of workload partitions (WPARs)
.
• Create and activate a basic system WPAR
C
.F a
• Describe the role of WPAR manager
C rm
How you will check your progress
• Checkpoint questions
to fo
• Machine exercises
References
ec vo
6.1 (Redbook)
Note: References listed as “Online” are available at the following address:
u
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Create and activate a basic system WPAR
.T ció
• Describe the role of WPAR manager
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
16-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– IPC isolation
.T ció
– Separate configuration (has own /etc directory)
– Resource controls to avoid dominating resources
.
• Global environment AIX System
C
.F a
– Hosting AIX system (AIX 6 or later)
Workload
– Owns and allocates physical resources Workload
C rm
Partition Partition
– Defines and manages WPARs Application
Server
Billing
Workload
• WPARs appear as AIX instances Partition
Workload Test
to fo
– Have own daemons and services Partition Workload
Web Partition
– Have own IP addresses Server BI
Notes:
oy si
Introduction
u
isolation between applications. WPARs complement logical partitions and can be used
in conjunction with logical partitions if desired. WPAR can improve administrative
efficiency by reducing the number of AIX operating system instances that must be
maintained. WPAR can increase the overall utilization of systems by consolidating
pr
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
global environment is what you are working with when you login to the IP address of the
AIX system, as opposed to the IP address of one of the contained WPARs.
This global environment executes within a dedicated LPAR or physical system. The
global environment owns all physical resources of the LPAR: network adapters, disks
adapters, disks, processors, memory. It allocates CPU and memory resources to the
workload partitions. It provides them access to the network and storage devices.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
16-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Rapid provisioning
.I. n
.T ció
• Less resource needed per AIX instance
.
• Less work to maintain AIX software
C
.F a
• Lower AIX licensing costs
C rm
• Can use older hardware (POWER4 or later)
– Provides dynamic CPU and memory sharing
to fo
– Provides Live Application Mobility (using WPAR Manager)
Notes:
oy si
and text
• Fine-grain partition resource controls
Ex
• Greatly increases the ability to consolidate workloads because often the same
application is used to provide different business services
• Enables the consolidation of separate discrete workloads that require separate
instances of databases or applications onto a single system or LPAR
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Reduced costs through optimized placement of work loads between systems to yield
the best performance and resource utilization
WPAR technology enables the consolidation of diverse workloads on a single server
increasing server utilization rates.
• Hundreds of WPARs can be created. Far exceeding the capability of other partitioning
technologies.
.I. n
• WPARs support fast provisioning and fast resource adjustments in response to
normal/unexpected demands. WPARs can be created, and resource controls modified,
.T ció
in seconds.
• WPAR resource controls enable the over-provisioning of resources. If a WPAR is below
allocated levels, the unused allocation is automatically available to other WPARs.
.
C
• WPARs can be migrated to another partition in response to normal shift in or
.F a
unexpected change in demand.
C rm
WPARs enable development, test, and production cycles of one workload to be placed on
a single system.
• Different levels of applications (production1, production2, test1, test2) can be deployed
in separate WPARs.
to fo
• Quick and easy roll out or roll back to production environments
• Reduced costs through the sharing of hardware resources
• Reduced costs through the sharing of software resources such as the operating
ec vo
16-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• WPAR name used as host name and its name resolution as the IP address.
• IP address defined as alias on en0 in global environment.
• Can customize network configuration for WPAR.
.I. n
• WPARs only see their own IP address in configuration.
.T ció
• Packets with destination address of WPAR are routed to that WPAR by global
environment.
.
glob_env
C
.F a
10.47.110.1/16
glob_env:
glob_env: ## ifconfig
ifconfig en0
en0 || egrep
egrep “en0|inet0”
“en0|inet0”
Workload
C rm
en0:
en0:
inet Partition: wpar1
inet 10.47.110.1
10.47.110.1 netmask
netmask 0xffff0000
0xffff0000 broadcast
broadcast 10.47.255.255
10.47.255.255
inet 10.47.33.1/16
inet 10.47.33.1
10.47.33.1 netmask
netmask 0xffff0000
0xffff0000 broadcast
broadcast 10.47.255.255
10.47.255.255
en0 (net)
to fo
wpar1:
wpar1: ## ifconfig
ifconfig en0
en0 || egrep
egrep “en0|inet0”
“en0|inet0”
en0:
en0:
inet
10.47.0.0
inet 10.47.33.1
10.47.33.1 netmask
netmask 0xffff0000
0xffff0000 broadcast
broadcast 10.47.255.255
10.47.255.255
ec vo
Notes:
oy si
The network connection for a WPAR is implemented using the network alias feature on the
global environment level's physical or virtual network interface. The network alias is a
u
standard feature that is used to implement an IP address for each WPAR. By using an IP
address that is different from the hosting global environment, the applications can move
cl
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
– WPAR that is over target gets low priority
.T ció
W1 W2 W3
20 shares 30 shares 50 shares
.
20% 30% 50%
C
.F a
• Limit percentages of system resources
C rm
– Maximum limits can restrict resources
– Minimum limits will guarantee resources
to fo
min normal soft Hard
limit range max max
limit limit
ec vo
Notes:
oy si
Resource allocation control for each WPAR is performed by the global administrator, to
prevent a resource hungry WPAR from negatively impacting the performance of other
u
WPARs.
cl
Each workload partition receives its part of the specified resource, according to the ratio of
its own share to the sum of shares of all currently active workload partitions.
Limit percentages.
pr
16-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty amount of that type of resource available, and resource contention does not occur, the
WPAR can exceed this limit.
• Hard maximum percentage is the maximum amount of a resource that a WPAR can
ever have. Even if there is a sufficient amount of that type of resource available, and
resource contention does not occur, the WPAR cannot exceed this limit.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• System WPARs
– Self contained, virtual AIX instance
– Own init process hierarchy including system service daemons
.I. n
• Such as network services (for example: Telnet and ssh)
– Private copies of system file systems
.T ció
• Has own configuration, users, and more
– Persistent and independent of the application processes
.
• Can be stopped and restarted
C
– Has restricted access to devices and storage
.F a
• Application WPARs
C rm
– Application launched using WPAR
– Shares global process, device, and system file systems environment
– WPAR stops when application process stops
• Both types
to fo
– Allow resource controls
– Can use Live Application Mobility (with WPAR Manager)
– Have own IP address for client access
ec vo
Notes:
oy si
System WPAR
u
System workload partitions are autonomous virtual system environments with their own
private root file systems, users and groups, login, network space, and administrative
cl
domain.
The systems administrator accesses the WPAR through the administrator console or
Ex
through regular network tools such as telnet or ssh. Inter-process communication for a
process in a WPAR, is restricted to those processes in the same WPAR.
System workload partitions are complete virtualized OS environments, where multiple
services and applications run. It takes longer to create a system WPAR compared to an
pr
application WPAR, as it builds its own file systems. A system WPAR is removed only when
requested. It has its own root user, RBAC privileges, and system services like inetd, cron,
syslog, and so on.
A system WPAR does not share writable file systems with other workload partitions or the
global environment.
16-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
• An application WPAR can run daemons, but it will not run any of the system service
.T ció
daemons such as inetd, cron, or srcmstr.
• It is not possible to remotely log in to an application partition or remotely execute an
action into an application WPAR.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
/etc/init
syncd root 204946 1 0 Jun 29 - 0:00 /usr/sbin/srcmstr
cron root 282812 315476 0 Jul 03 - 1:57 /usr/bin/xmwlm -L
.T ció
root 315476 204946 0 Jul 03 - 0:00 /etc/init
biod srcmstr root 348392 315476 0 Jul 03 - 0:00 /usr/sbin/srcmstr
root 364660 315476 0 Jul 03 - 0:01 /usr/sbin/cron
portmap
rpc.statd
.
syslogd inetd
Others…
C
PID=1
.F a
init
PID=315476 /etc/init
# root@wpar1 /: ps –ef
C rm
UID PID PPID C STIME TTY TIME CMD wpar1
root 1 0 0 Jul 03 - 0:00 /etc/init cron
root 233674 348392 0 Jul 03 - 0:00 /usr/sbin/inetd wmwlm
root 241740 348392 0 Jul 03 - 0:00 /usr/sbin/syslogd srcmstr
root 258278 348392 0 Jul 03 - 0:00 /usr/sbin/portmap biod
root 266444 348392 0 Jul 03 - 0:00 /usr/sbin/biod 6
to fo
Others…
root 282812 1 0 Jul 03 - 1:55 /usr/bin/xmwlm -L
portmap inetd rpc.statd
root 307220 1 0 23:06:20 ? 0:00 clogin wpar1
root 348392 1 0 Jul 03 - 0:00 /usr/sbin/srcmstr
root 364660 1 0 Jul 03 - 0:01 /usr/sbin/cron syslogd
ec vo
Notes:
oy si
The visual shows an example of the processes structure in a system workload partition,
and its interaction with the global environment.
u
The global srcmstr daemon starts a process that will act as the WPARs init process,
cl
parenting all other processes in the WPAR. Within the WPAR the PID of this process is
virtualized to appear as PID 1, just like the init process in the global environment.
Ex
Each system workload partition has its own inittab file, so that it appears to be a
stand-alone operating system. The WPAR init parents a standard set of processes
including its own srcmstr and inetd. Having its own inetd daemon means that each system
WPAR can have its own telnetd or sshd to allow someone to log into the WPAR
pr
16-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
{sys02_p2} / # mount
• AIX global Node mounted mounted over vfs date options
environment -------- -------------- --------------- ------ ------------ ----------
/dev/hd4 / jfs Aug 27 14:05 rw,log=/dev/hd8
.I. n
/dev/hd2 /usr jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd9var /var jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd3 /tmp jfs Aug 27 14:06 rw,log=/dev/hd8
.T ció
/dev/hd1 /home jfs Aug 27 14:06 rw,log=/dev/hd8
/proc /proc procfs Aug 27 14:06 rw
/dev/hd10opt /opt jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/fslv01 /wpars/wpar1 jfs2 Sep 03 14:55 rw,log=INLINE
/dev/fslv02 /wpars/wpar1/home jfs2 Sep 03 14:55 rw,log=INLINE
.
/opt /wpars/wpar1/opt namefs Sep 03 14:55 ro
C
/proc /wpars/wpar1/proc namefs Sep 03 14:55 rw
.F a
/dev/fslv03 /wpars/wpar1/tmp jfs2 Sep 03 14:55 rw,log=INLINE
/usr /wpars/wpar1/usr namefs Sep 03 14:55 ro
/dev/fslv04 /wpars/wpar1/var jfs2 Sep 03 14:55 rw,log=INLINE
C rm
{wpar1} / # mount
• System WPAR Node mounted mounted overvfs date options
-------- ------------- --------------- ------ ------ ---------
Global / jfs2 Sep 03 14:55 rw,log=INLINE
Global /home jfs2 Sep 03 14:55 rw,log=INLINE
to fo
Global /opt namefs Sep 03 14:55 ro
Global /proc namefs Sep 03 14:55 rw
Global /tmp jfs2 Sep 03 14:55 rw,log=INLINE
Global /usr namefs Sep 03 14:55 ro
Global /var jfs2 Sep 03 14:55 rw,log=INLINE
ec vo
Notes:
oy si
The visual shows an example of the default storage model of a system WPAR. The system
WPAR includes the creation of a base directory. This base directory is the root of the chroot
u
From the global environment, the file systems and mount points associated with the system
WPAR, are seen as being located within a WPAR-specific sub-directory tree of the global
Ex
(read only). Alternatively, if the application requires read/write access to these directories,
the WPAR can have its own non-shared copies. However, this will significantly increase the
time required to create, backup, or restore the WPAR.
Other WPAR file systems such as /, /home, /tmp and /var are real read-write filesystems
and dedicated to the workload partition.
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
The private red-write file systems can also be hosted through NFS. NFS provides one way
that the private file systems can be shared between departure system and an arrival
system when implementing Live Application Mobility to move WPARs from box to box
(LPAR to LPAR).
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
16-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Storage access:
– Default: Accessed through mounts defined by global administrator
.I. n
– Global admin can export virtual SCSI or Fibre Channel attached disks
– Global admin can export Fibre Channel adapters
.T ció
– WPAR can directly administer LVM and file system on exported devices
.
• Device access:
C
.F a
– Can only access devices permitted by global environment
– Permits a limited set of safe pseudo devices, such as /dev/null,
C rm
/dev/zero, /dev/random, and /dev/tty
– Forbids devices that could bypass isolation, such as /dev/mem or
/dev/kmem
– Default: Cannot load kernel extensions (cannot make devices available)
to fo
– Global admin can identify a list of kernel extensions which the WPAR can
load
ec vo
Notes:
oy si
Direct access to storage devices allows a WPAR more control over its storage. A WPAR
with an exported storage device can define its own volume groups, logical volumes, and file
u
systems and have more control over the management of that space.
cl
Another advantage of WPAR storage device access is the ability to support Live
Application Mobility (LAM) without placing the private file systems on an NFS server. The
private file systems can be made sharable by using a SAN disk managed by the WPAR.
Ex
The ability to export FC attached devices to a WPAR was introduced in AIX 6.1 TL03. The
ability to exporting virtual SCSI disks and FC adapters was introduced in AIX 7 and AIX 6.1
TL6. (If updating an AIX system to AIX6.1 TL6, you must explicit install the new base fileset
pr
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• SAN based rootvg WPAR used to allow mobility without NFS
.T ció
Shared /usr Private /usr
.
systems defined by Default
C
Detached WPAR
.F a
global environment system WPAR
(rootvg or NFS)
C rm
Private system file
systems defined by Detached
WPAR on an
rootvg WPAR
rootvg WPAR
to fo
exported disk
ec vo
Notes:
oy si
In the default system WPAR environment, the /usr file system is shared with the global
environment and is accessed through a read-only mount. This reduces the overhead of
u
defining the WPAR and reduces the time needed to build the WPAR. It also reduces the
AIX software maintenance effort, since we only need to update the global copy of the
cl
the WPAR with the flexibility of installing and maintaining its own software that may not be
needed in the Global environment or by other WPARs. The down side is that we lose the
benefits that are provided by the default configuration. Since the WPAR is still using a
shared kernel, if the WPAR maintenance is not matched to the level of the kernel, the
pr
16-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty By default, the rootvg is not a detached WPAR; In other words, while most filesystems will
be on the exported disk, the /usr file system will still be read-only and shared with the global
environment.
The rootvg WPAR can be defined as a detached WPAR, in which case all of its filesystems
are stored on the exported disk.
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Versioned WPAR
IBM Power Systems
• Detached WPAR running old AIX release in a compatibility environment
• Requires separate LPPs:
– AIX5.2 WPARs for AIX7
.I. n
– AIX5.3 WPARs for AIX7
.T ció
AIX 7 Global Environment (LPAR)
.
Native VWPAR
C
Native
WPAR AIX52
VWPAR
.F a
Native VWPAR
WPAR Native
WPAR
C rm
WPAR
Notes:
oy si
AIX 5.2 LPARs cannot run on POWER7 hardware. To allow applications that are only
certified for this withdrawn AIX level, versioned WPARs provide a path to move off old
u
commands and libraries used by the WPAR do not have to match the level of the common
kernel. This support is provided by a licensed program product called AIX 5.2 Workload
Ex
16-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
Global:
Global: ## startwpar
startwpar wpar1
wpar1
• Start a system WPAR:
– Mounts file systems, imports device
.
– Starts WPAR init process
C
Global:
Global: ## stopwpar
stopwpar [–F]
[–F] wpar1
wpar1
• Stop a system WPAR:
.F a
wpar1:
wpar1: ## shutdown
shutdown –F
–F
C rm
• Remove a system WPAR:
Global:
Global: ## rmwpar
rmwpar wpar1
wpar1
Notes:
oy si
The system WPAR creation takes the longest to complete because it not only defines new
file systems, it also clones the global filesystem contents into them. But this is still
u
significantly less time than installing AIX into an LPAR, because (by default) the /usr
filesystem is shared with the global environment and does not need to have its content
cl
There are additional commands (not covered in this course) that provide additional abilities
including the ability to modify a WPAR, backup and restore a WPARs private filesystems,
and more.
For a more complete training in using AIX workload partitions, attend AN17 AIX Workload
Partitions Installation and Management.
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Application WPARs
IBM Power Systems
.I. n
– Created with wparexec command
• # wparexec -n MyAppWpar /start_myapp
.T ció
– Removed when stopped Stop and remove
– Stopped when the application finished
.
– File systems and device resources are shared with the global environment
C
.F a
– System daemons and services shared with global environment
– Does not provide standard network services
C rm
• Children processes automatically part of WPAR
• Has IPC isolation from other WPARs
• Has WPAR resource controls
to fo
• Has network support for connecting to the application
• Can be relocated to another server (using WPAR Manager)
ec vo
Notes:
oy si
Application workload partitions do not provide the highly virtualized system environment
offered by system workload partitions, rather they provide an environment for segregation
u
of applications and their resources to enable resource control, some isolation, and (with
WPAR Manager) application checkpoint, restart, and relocation.
cl
WPAR provides. Since it uses the global environment system file system and device
resources, it is light weight, quick to create and remove, and does not take a lot of
resources. On the other hand this prevents separate configuration and reduces the
isolation.
pr
Once the application process or processes are finished, the WPAR is stopped.
There are no login capabilities for the user. If you need to access the application, you must
use an application provided mechanism.
All file systems are shared with the global environment. If an application is using devices, it
will use global environment devices.
16-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
– WPAR Manager subagent on managed LPAR
.T ció
• Functions: IBM Systems Director
– Basic lifecycle administration
.
• Create, view, modify, start, stop, remove
C
WPAR Manager
.F a
– Advanced management Plug-in
Agent Manager
• Static and live relocation
C rm
• Checkpoint, restart
• Automated relocation,
policy driven LPAR X
• Monitoring, performance LPAR Y Common Agent
to fo
reporting Common Agent WPAR sub-agent
WPAR sub-agent
• Global load balancing
WPAR A WPAR B WPAR C
• Recovery WPAR1 WPAR2 WPAR3
ec vo
Notes:
oy si
IBM Workload Partition (WPAR) Manager for AIX is a platform management solution that
provides a centralized point of control for managing workload partitions or WPARs, across
u
It is an optional product, part of the IBM Systems Director family, designed to facilitate the
management of WPARs and application mobility. WPAR Manager also provides advanced
features such as policy-based mobility for the automation of WPAR relocation, based on
Ex
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
.I. n
2. What are the two types of workload partitions?
.T ció
3. What command builds and starts an application workload partition?
.
4. True or False: Live Application Mobility (LAM) requires that the WPAR
C
.F a
private file systems reside on an NFS server.
C rm
5. True or False: By default, a system WPAR has shared read-only
access to the /usr file system in the global environment.
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
16-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Exercise
IBM Power Systems
.I. n
Introduction to
workload partitions
.T ció
.
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
.I. n
• Explain nature and purpose of workload partitions (WPARs)
.T ció
• Create and activate a basic system WPAR
.
• Describe the role of WPAR manager
C
.F a
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
16-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
What you should be able to do
.T ció
After completing this unit, you should be able to:
.
• Describe the purpose and the benefits of a queuing system
C
• Identify the major components that are responsible for processing
.F a
a print request
• Add a printer queue and device under different circumstances
C rm
• Submit jobs for printing
• View the status of the print queues
References
Online AIX 6.1 System Management Guide
oy si
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
.I. n
• Identify the major components that are responsible for
.T ció
processing a print request
• Add a printer queue and device under different circumstances
.
• Submit jobs for printing
C
.F a
• View the status of the print queue
C rm
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
A-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Print subsystems:
– AIX print subsystem
.I. n
– System V print subsystem
.T ció
• Print directly to a local printer device.
.
C
.F a
• Print directly to a remote printer through a socket program.
C rm
• Infoprint Manager, or similar advanced print management
system
to fo
ec vo
Notes:
oy si
Introduction
u
The visual gives an overview of the different approaches that can be taken to printing
cl
under AIX 5L and later. In the next two visuals, System V printing is compared to the
traditional AIX print subsystem. The remainder of this unit will focus on using the AIX
print subsystem.
Ex
Note
You can use either the AIX print subsystem or the System V print subsystem. They will not
pr
run concurrently.
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
may print at a time. On the other hand, if a printer is dedicated to one use, this may be a
good solution. Examples might be logging to a printer, or printing checks.
.T ció
Print directly to a remote printer through a socket program
.
This is similar to printing to a device driver, except that in this case, you are sending the
C
.F a
output to a program which makes a connection to the printer over the network.
C rm
Print using the System V print subsystem
In this environment, files to be printed are sent to the System V print service daemon,
lpsched, using the lp or lpr commands. The print service daemon serializes the jobs,
so they will be printed in the order in which they were submitted. The print service may
to fo
filter the file to format the data so that it matches the types of data acceptable to the
printer. The print service then sends files, one at a time, to the interface program, which
may do additional filtering before sending the file to the local printer driver or network
ec vo
printing application.
In this environment, files to be printed are sent to the AIX print spooler daemon,
qdaemon, using any of the AIX print commands (enq, qprt, lp, or lpr). The spooler
daemon serializes the jobs. The spooler sends jobs, one at a time, to programs that
u
may filter the data, before sending it to the local printer driver or network printing
application.
cl
management system)
Infoprint Manager provides serialization and filtering similar to the System V or AIX print
subsystems. In addition, it adds extra capabilities of security, customization, and control
not provided by either System V printing or AIX printing. For additional information, refer
pr
A-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• System management tools:
.T ció
– Limits fields and options validation
– Easy printer customization
.
– Single step print device and queue creation
C
.F a
• Customizable spooling subsystem
C rm
to fo
ec vo
Notes:
oy si
AIX printer drivers provide many printing options that can be easily controlled using
cl
command line options to the qprt command. Printer defaults can be easily managed
using SMIT or the command line.
Ex
specific system management advantages using the AIX print subsystem are:
• Limits fields and options validation
• Gives the user or administrator a range of valid values for print options and
prevents the user from using an invalid value
• Easy printer customization
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Customizable spooling subsystem
.T ció
The AIX print subsystem is specifically designed so that it can be used to serialize other
types of jobs beyond just printing.
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
A-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
• Compatibility
.I. n
• Availability of interface programs
.T ció
• Security
.
C
• Support for forms
.F a
C rm
• Standard PostScript filters
Notes:
oy si
Compatibility
u
System administrators with experience in other UNIX variants that use System V
cl
printing, will find it easy to manage printing under AIX’s System V print subsystem.
Many printer manufacturers provide interface shell scripts to support using their
products under System V printing. Usually, only minor modifications are required for
individual UNIX variations. Because the AIX print subsystem is proprietary, an interface
pr
program written for another operating system cannot be used in the AIX print
subsystem. It must be completely rewritten. This has led to a limited number of printers
supported under AIX. With the support of System V printing in AIX 6.1, it is easier for
manufacturers to include support for AIX printing.
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Security
Controlling user access to printers can be an important issue. For example, you might
need to limit access to the printer used to print checks. System V printing includes
built-in capabilities for restricting user access to certain printers. Using the AIX print
subsystem, the backend program must be customized to restrict user access.
.I. n
Support for forms
If you are printing to preprinted forms, it’s important that other users not be able to print
.T ció
while the expensive forms are loaded on the printer. The System V print subsystem
provides a mechanism for mounting forms on printers, and allowing or denying, user
access based on the form which is mounted. To provide this capability under AIX
.
printing, you must create multiple queues and manage which queues are enabled while
C
.F a
a form is mounted.
C rm
Standard PostScript filters
The System V print subsystem includes a number of filters for converting different file
formats to PostScript. Some formatting and page selection capabilities are also
to fo
included.
IBM’s long term printing strategy for AIX is to maintain compatibility with other UNIX
systems. This means that new features and functions are added to the System V print
subsystem in later releases, while the AIX print subsystem is supported, but not
enhanced in future releases.
oy si
u
cl
Ex
pr
A-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Concepts of queues
IBM Power Systems
file1
Queue1
.I. n
file1
.T ció
file2
.
file2 .
C
.F a
file3
C rm
/dev/lp0
Queue2
file3
to fo
file4
file4
/dev/lp1
ec vo
Notes:
oy si
The purpose of the queuing system is to maintain a queue of jobs that are waiting for
cl
their turn to run (that is, use some system resource, like a printer or the CPU). The
AIX 6.1 queuing system performs this function.
Ex
Benefits of queues
The queues also give control to the system administrator over the queuing mechanism.
Therefore, the system administrator can perform tasks like canceling jobs on queues,
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
A-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
lp lpr qprt
enq
.T ció
copy of file (if requested)
Queue
Spool
.
monitors directory
C
.F a
qdaemon uses spool file
(if it exists)
starts
C rm
Backend Virtual Printer
(piobe) Definition
submits file to
to fo
printer
/dev/lp0
ec vo
Notes:
oy si
Print request
u
Local printing is implemented through a queuing mechanism. The user can issue one of
cl
the printer commands qprt, lp, lpr, or enq to submit a print job. Although a user can
use any one of these four commands, the true entry point to the spooler is the enq
command which is responsible for processing the job request, creating a job description
Ex
The qdaemon
pr
The qdaemon process runs at all times. The qdaemon maintains a list of all of the defined
queues and monitors the queues for newly submitted jobs. qdaemon tries to process the
job if the destination device is available, otherwise the job remains in the queue and
qdaemon tries again later.
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
printer command uses an option to indicate that a copy of the file is to be made, the
copy is placed in the spool directory /var/spool/qdaemon.
.T ció
• The qdaemon is notified of a new job in its qdir directory.
• When the queue is ready for the job, the qdaemon reads information from the
.
/etc/qconfig file describing the queue.
C
.F a
• The qdaemon updates the /var/spool/lpd/stat file for the appropriate queue to show that
the queue is now working on a new job.
C rm
• The qdaemon starts the back-end program, passing the file names and appropriate
options on the command line.
• The back-end determines the correct data stream characteristics, and merges these
to fo
with the actual file. The data stream characteristics are stored as virtual printer
definitions in the /var/spool/lpd/pio/@local directory.
• The back-end program sends its data stream to the device driver for the appropriate
printer.
ec vo
/var/spool/qdaemon. The copy remains in that directory until it is printed. This means
that if you spool a file to the printer, a user could continue to make revisions to the
u
original since the copy in the print spool directory will not be altered. This ensures that
the file that is sent to the printer gets printed in its original form, even if a user edits the
cl
original file that is on disk. Spooled files take up disk space in /var until they are printed.
When a file is queued, one line of information is sent to the /var/spool/lpd/qdir
Ex
directory which points back to the original file on disk. If revisions are made to the file on
disk before it is pulled from the queue to print, the revised file is printed.
pr
A-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
/var/spool/* Spooling directories
.
/var/spool/lpd/qdir/* Queue requests
C
.F a
/var/spool/qdaemon/* Temporary enqueued files
C rm
/var/spool/lpd/stat/* Line printer status information
to fo
/var/spool/lpd/pio/@local Virtual printer directories
ec vo
Notes:
oy si
• The /etc/qconfig file describes the queues and devices available for use by the
printing commands.
Ex
• The /var/spool directory contains files and directories used by the printing
programs and daemons.
• The /var/spool/lpd/qdir directory contains information about files queued to
print.
pr
• The /var/spool/qdaemon directory contains copies of the files that are spooled
to print.
• The /var/spool/lpd/stat directory is where the information on the status of jobs is
stored. It is used by the qdaemon and backend programs.
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
A-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
qdaemon
IBM Power Systems
• Manages queues
.I. n
• Is started in the /etc/inittab file
.T ció
• Invokes the back-end programs
.
C
.F a
• Optionally records accounting data
C rm
to fo
ec vo
Notes:
oy si
qdaemon introduction
u
The qdaemon program schedules jobs that have been enqueued. It is a background
process that is usually started at system IPL through the startsrc command run from
cl
/etc/inittab.
qdaemon is controlled by the /etc/qconfig file. /etc/qconfig contains a stanza for each
queue. The stanza identifies any queue management options and points to a queue
Ex
device stanza, which identifies the destination printer, the formatting options, and the
back-end program.
The back-end program
pr
The back-end program is called by qdaemon to actually process each request. The
back-end program is determined by how the printer is connected to the AIX system. For
local printing, the back-end program is /usr/lib/lpd/piobe. For a remote printer, it is
/usr/lib/lpd/rembak.
The back-end program uses printer attribute information to prepare the printer and
format the data for output. It also prints header and trailer pages, if they are enabled.
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
lp0dev:
file = /dev/lp0
backend = /usr/lib/lpd/piobe
.T ció
header = group
trailer = never
feed = never
lpq: * One queue pointing to two devices
device = lpqdev1,lpqdev2
.
lpqdev1:
C
file = /dev/lp1
.F a
backend = /usr/lib/lpd/piobe
lpqdev2:
file = /dev/lp2
C rm
backend = /usr/lib/lpd/piobe
ps: * Two queues pointing to one device
device = psdev
psdev:
file = /dev/lp3
backend = /usr/lib/lpd/piobe
to fo
asc:
device = ascdev
ascdev:
file = /dev/lp3
backend = /usr/lib/lpd/piobe
ec vo
Notes:
oy si
Introduction
u
The /etc/qconfig file is an attribute file. Some stanzas in this file describe queues, and
cl
other stanzas describe devices. Every queue stanza requires that one or more device
stanzas immediately follow it in the file.
Ex
This file is the key to customizing the queues. Although the file can be edited directly, it
is recommended that it be changed through high-level commands or through SMIT.
Queue stanza
pr
This starts with the queue name, which can be up to 20 characters, followed by a colon.
The queue name is used by the person submitting a job to indicate the requested
queue. The first queue in the /etc/qconfig file is the default queue, which receives any
job requests submitted without a specific queue name.
A-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty Some of the attributes that can be found in the queue stanza include:
Attribute Definition Default Other
Identifies the symbolic name that refers to
device
the device stanza
discipline Defines the queue serving algorithm fcfs sjn
Identifies the file used to save print
acctfile false filename
.I. n
accounting information
up Defines the state of the queue TRUE FALSE
.T ció
Device stanza
.
The name of a device stanza is arbitrary and can be from one to 20 characters long.
C
The name is followed by a colon.
.F a
The attributes that can be found in the device stanza include:
C rm
Attribute Description Default Other
Identifies the special file where the output of
back-end is to be redirected
file FALSE
to fo
FALSE indicates no redirection and that the
file name is /dev/null.
Specifies the full path name of the back-end,
backend optionally followed by the flags and
ec vo
parameters to be passed to it
both (used
Specifies the type of access the back-end for modems
oy si
capability)
Specifies whether a header page prints always
cl
header never
before each job or group of jobs group
Specifies whether a trailer page prints after always
Ex
trailer never
each job or group of jobs group
Specifies either the number of separator
pages to print when the device becomes idle
feed never integer
or the value never, which indicates that the
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
The device stanza must contain an attribute that designates the back-end program. The
function of the back-end is to manage the printing of the actual job. It also produces the
final data stream that goes to the printer. The most common back-end program for local
printing is piobe.
If different users prefer different default printers, then the PRINTER variable can be set
up, on a per user basis. The PRINTER variable should be set to the queue that the user
wants to be their default queue, for example:
.I. n
# PRINTER=ps ; export PRINTER
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
A-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Printer menu
IBM Power Systems
# smit spooler_choice
Print Spooling
.I. n
.T ció
Move cursor to desired item and press Enter.
.
System V Print Spooling
C
.F a
C rm
to fo
F1=Help F2=Refresh F3=Cancel F8=Image
F9=Shell F10=Exit Enter=Do
ec vo
Notes:
oy si
AIX print spooling System V print spooling are supported by SMIT in AIX 6.1. The
cl
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit spooler
.I. n
Move cursor to desired item and press Enter.
.T ció
Manage Print Jobs
List All Print Queues
Manage Print Queues
.
Add a Print Queue
C
Add an Additional Printer to an Existing Print Queue
.F a
Change / Show Print Queue Characteristics
Change / Show Printer Connection Characteristics
Remove a Print Queue
C rm
Manage Print Server
Programming Tools
Notes:
oy si
The SMIT fastpath to this menu is smit spooler. Printers and print queues can also be
cl
of jobs, prioritize jobs, hold and release jobs, and move jobs between print
queues.
• List All Prinul3t Queues
This option displays a list of all the print queues and their associated printers.
A-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
This option adds another printer to an existing queue.
.T ció
- Change/Show Print Queue Characteristics
This option will provide access to screens that enable you to change the printer
setup, default print job attributes, accounting file setup, and queuing discipline.
.
- Change/Show Printer Connection Characteristics
C
.F a
This option changes or shows printer communication and startup characteristics.
- Remove a Print Queue
C rm
This option removes a print queue from the system configuration. It also removes
the associated spooler queue device and printer device definition. If a print queue
has more than one printer associated with it, then all the printers are removed from
the print queue.
to fo
- Manage Print Server
This option configures this machine as a print server. Allows you to control which
clients have print access to this machine, list clients with print access, add and
ec vo
Other commands
Ex
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Add a Print Queue
.T ció
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
.
xstation Printer Attached to Xstation
C
ascii Printer Attached to ASCII Terminal
.F a
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
C rm
ibmNetColor IBM Network Color Printer
other User Defined Backend
Notes:
oy si
In our example, assume that the printer is directly attached to our AIX system. To
cl
printer be configured without a queue. Use the SMIT fastpath smit pdp to define a
printer without a queue.
pr
A-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Printer Type
.T ció
Move cursor to desired item and press Enter.
Bull
Canon
.
Dataproducts
C
Hewlett-Packard
.F a
IBM
Lexmark
OKI
C rm
Printronix
QMS
Texas Instruments
Other (select this if your printer is not listed above)
to fo
F1=Help F2=Refresh F3=Cancel
F8=Image F10=Exit Enter=Do
/=Find n=Find Next
ec vo
Notes:
oy si
The next selection that has to be made is the printer type. Notice that IBM is only one of
cl
the choices and many other manufacturers are supported as well. Note also that there
is an Other option which will be selected if the printer type is not supported; that is, not
part of the list.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Printer Type
.I. n
Move cursor to desired item and press Enter.
.T ció
[MORE...8]
ibm2391-2 IBM 2391 Plus printer (Model 2)
ibm3112 IBM 3112 Page Printer
ibm3116 IBM 3116 Page Printer
.
ibm3130 IBM 3130 LaserPrinter
C
ibm3812-2 IBM 3812 Model 2 Page Printer
.F a
ibm3816 IBM 3816 Page Printer
ibm4019 IBM 4019 LaserPrinter
ibm4029 IBM 4029 LaserPrinter
C rm
ibm4037 IBM 4037 LP printer
ibm4039 IBM 4039 LaserPrinter
[MORE...49]
Notes:
oy si
If you do not have the software installed for your printer, you are prompted to insert the
cl
media to install the software first, before configuring the device and the queue.
The choice of printer determines the queue, or the virtual printer, setup. For example,
Ex
an IBM 4029 Laser Printer is capable of handling PostScript, ASCII, GL Emulation, and
PCL Emulation. The SMIT print spooling menus guide you through the creation of up to
four separate queues which submit to the same printer.
pr
A-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Printer attachment
IBM Power Systems
Printer Interface
.I. n
Move cursor to desired item and press Enter.
.T ció
parallel
rs232
rs422
.
C
.F a
C rm
Parent Adapter
Move cursor to desired item and press Enter.
to fo
ppa0 Available 01-G0 Standard Parallel Port Adapter
ec vo
Notes:
oy si
After selecting a printer type, a pop-up window is displayed where the printer interface
cl
must be chosen. Possible values are parallel, RS232, and RS422. Some printers
support multiple attachment methods.
Ex
Then, a list of installed adapters that support that method of attachment are presented.
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Press Enter AFTER making all desired changes.
[Entry Fields]
.T ció
Description IBM 4029 LaserPrinter
Names of NEW print queues to add
ASCII [asc]
.
GL Emulation []
PCL Emulation []
C
PostScript [ps]
.F a
Printer connection characteristics
C rm
* PORT number [p] +
Type of PARALLEL INTERFACE [standard] +
Printer TIME OUT period (seconds) [600] +#
STATE to be configured at boot time available +
to fo
F1=Help F2=Refresh F3=Cancel F4=List
F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do
ec vo
Notes:
oy si
This menu varies depending on the characteristics of the physical printer. If the printer is
cl
capable of two or three different modes or emulations, the system prompts you for a
separate queue name for each emulation. Once these queues are created, they are
sometimes referred to as virtual print devices.
Ex
Additional queues can be added to this printer after the initial queues are created.
pr
A-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Remote printing
IBM Power Systems
host1 client1
lp1
.I. n
.T ció
.
C
9 Set up the local print queue.
.F a
9 Configure a
9 Define client machines in remote queue.
C rm
/etc/hosts.lpd.
9 Start the lpd daemon.
to fo
ec vo
Notes:
oy si
Once your system has the local queue set up, any user on that system can print. If the
cl
machine is networked, it can also provide printing for client machines by becoming a
print server.
Ex
To set up a print server, you need to define the client machine names, or IP addresses,
in the /etc/hosts.lpd file, and then start the lpd daemon. Both of these tasks can be
done through SMIT. To use SMIT, the fastpath to identify the client system is smit
mkhostslpd.
pr
The lpd daemon is controlled by SRC. You should use SMIT to start it, because SMIT
also adds entries to /etc/inittab to ensure that it is started on reboot. The fastpath for
this screen is smit mkitab_lpd.
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Client authorization
IBM Power Systems
# smit mkhostslpd
.I. n
Type or select values in entry fields.
.T ció
Press Enter AFTER making all desired changes.
[Entry Fields]
.
* Name of REMOTE CLIENT [client1]
C
(Hostname or dotted decimal address)
.F a
F1=Help
C rm F2=Refresh F3=Cancel F4=List
to fo
F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do
ec vo
Notes:
oy si
This step is done on the print server. On this screen, enter the client machine's name or
cl
IP address. A plus sign ( + ) is also valid. It indicates that this AIX system is a print
server to all machines.
Ex
pr
A-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Start lpd
IBM Power Systems
# smit mkitab_lpd
.I. n
Start the Print Server Subsystem
.T ció
[Entry Fields]
Start subsystem now, on system restart, or both [both] +
TRACE lpd daemon activity to syslog? [no] +
.
EXPORT directory containing print attributes? [no] +
C
Note:
.F a
Exporting this print server's directory
containing its print attributes will allow
print clients to mount the directory. The
C rm
clients can use this server's print attributes
to display and validate print job attributes
when starting print jobs destined for this
print server. Note that the Network File
System (NFS) program product must be installed
and running
to fo
F1=Help F2=Refresh F3=Cancel F4=List
F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do
ec vo
Notes:
oy si
This step is done on the print server. The lpd daemon is controlled by the system
cl
resource controller (SRC). The commands startsrc and stopsrc can be used to
control lpd. By using SMIT, an entry is placed in the /etc/inittab file to ensure that lpd
is started each time the machine is booted.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Add a Print Queue
.T ció
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
.
xstation Printer Attached to Xstation
C
ascii Printer Attached to ASCII Terminal
.F a
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
C rm
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend
Notes:
oy si
This step is done on the client machine. The procedure to add a remote queue starts
cl
the same way as a local queue: smit spooler > Add a Print Queue. This time, select
remote as the attachment type.
Ex
You are prompted to determine if you want to perform any type of filtering or
pre-processing to the print job before it is sent. Normally, Standard Processing is
selected. This just sends the job to the printer server and the print server is responsible
for processing the job.
pr
A-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
Press Enter AFTER making all desired changes.
.T ció
[Entry Fields]
*Name of QUEUE to add [rq1]
*HOSTNAME of remote server [host1]
.
*Name of QUEUE on remote server [lp1]
C
Type of print spooler on remote server AIX Version 3 or 4 +
.F a
Backend TIME OUT period (minutes) [] #
Send control file first? no +
TO turn on debugging, specify output []
C rm
file pathname
DESCRIPTION of printer on remote server []
Notes:
oy si
Required input
u
Only three lines are required to complete the queue set up. You must name your local
cl
(to the client) queue name. Then, provide the name of the printer server. Lastly, name
the queue on the print server.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Let’s review
IBM Power Systems
.I. n
2. To set up remote printing, what daemons are needed, and do
.T ció
they run on the server, the client, or both?
.
C
.F a
3. What does the up = TRUE indicate in the /etc/qconfig file?
C rm
4. What does discipline mean in reference to the
/etc/qconfig file? What are its possible values?
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
A-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
• To submit a job to a queue:
.T ció
System V BSD AIX
.
lp lpr qprt
C
.F a
$ lp -d queuename filename
C rm - OR-
to fo
$ qprt -P queuename filename
ec vo
Notes:
oy si
Introduction
u
There are three sets of commands for submitting, listing and canceling print jobs. They
cl
come from either System V, BSD, or IBM versions of UNIX and are all available in AIX.
The commands have slightly different options.
Ex
the command line, which queue to use. Use -d with lp or use -P with qprt and lpr.
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Spooling
The commands lp and qprt both queue without spooling, by default. Specify the -c
option if spooling is desired. The command lpr spools and queues by default. The -c
option will turn off spooling with lpr.
Multiple copies
.I. n
To print multiple copies, with qprt use the -N # option, with lp use -n # option, and
with lpr use just a hyphen followed by the number of copies ( - # ).
.T ció
The lp, lpr, and qprt commands create a queue entry in /var/spool/lpd/qdir and,
depending upon the options specified, copy the file to be printed to the
.
/var/spool/qdaemon directory.
C
.F a
The enq command
C rm
All the print commands, lp, lpr, and qprt, actually call the enq command which places
the print request in a queue. enq can be used instead of the other commands to submit
jobs, view job status, and so forth. To submit a job using enq:
to fo
$ enq -Pqueuename filename
available. However, if more than one printer services a queue, you can request a
specific printer by using the name of the queue followed by a colon (:) and then the
name of the printer. For example, if a system with one queue (ps) is serviced by two
oy si
printers (lp0 and lp1), and a print job needs to be printed on the lp1 printer, use the
command:
u
A-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
SYSTEM V BSD AIX
lpstat lpq qchk
.T ció
For example:
.
C
$ qchk
.F a
Queue Dev Status Job Files User PP % Blks Cp Rnk
C rm
ps lp0 DOWN
QUEUE 569 /etc/motd root 1 1
1
to fo
ec vo
Notes:
oy si
Many of the print job control tasks require the user to supply a job number. The job
cl
number, along with other queue status information is available by checking the status of
print jobs.
Ex
Status Status of the queue (READY, DOWN, WAITING, RUNNING, and so forth)
Job The job number assigned by the qdaemon
Files Files sent to the queue
User User who sent the print request
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Other viewing commands
.T ció
Other commands that can be used to view printer status include:
lpstat Shows status of all queues
.
lpq Shows status of the default queue
C
.F a
qchk -A Shows status of all queues
enq -A Shows status of all queues
C rm
qchk -W Shows status in wide-form mode
This is helpful if using long queue and device names, and 6-digit job numbers. This option
is available with AIX V4.2.1 and later.
to fo
ec vo
oy si
u
cl
Ex
pr
A-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
# smit chpq
.I. n
Print Queue to Change / Show
Type or select values in entry fields.
.T ció
Press Enter AFTER making all desired changes.
[Entry Fields]
.
C
.F a
PRINT QUEUE name [ps] +
C rm
Characteristics to Change / Show
Move the cursor to the desired item and press Enter.
1.Printer Setup
2.Default Print Job Attributes
to fo
3.Accounting File
4.Queuing Discipline
ec vo
Notes:
oy si
After selecting 1. Printer Setup, the following attributes can be changed or shown:
cl
• Envelope size
• ID of the font cards
• Paper trays for header and trailer pages
• Formatting flags for the header and trailer pages
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
• Paper/Page Options such as page orientation
• Header/Trailer Page such as separator pages
.T ció
• Messages/Diagnostics
.
C
After selecting 3. Accounting File, the following attribute can be changed or shown:
.F a
• Accounting file name
C rm
Attributes for Queuing Discipline option
After selecting 4. Queueing Disciple, the following attribute can be changed or shown:
to fo
• Queuing discipline
ec vo
oy si
u
cl
Ex
pr
A-38 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Removing a queue
IBM Power Systems
# smit rmpq
.I. n
Type or select values in entry fields.
.T ció
Press Enter AFTER making all desired changes.
[Entry Fields]
.
Print queue to remove ps:lp0
C
Local printer device /dev/lp0
.F a
KEEP the local printer device? No +
C rm
to fo
F1=Help F2=Refresh F3=Cancel F4=List
F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do
ec vo
Notes:
oy si
It is not possible to remove a queue containing jobs. The jobs would have to be
cl
removed first.
The last option on the screen asks whether the printer device definition should be kept.
Ex
This option will only appear if the queue being removed is the only queue defined for a
printer. Note that by default, it will be removed.
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Managing queues
IBM Power Systems
# smit pqmanage
.I. n
Manage Print Queues
.T ció
Move the cursor to the desired item and press Enter.
.
Stop a Print Queue
C
Start a Print Queue
.F a
Set the System's Default Print Queue
C rm
to fo
F1=Help F2=Refresh F3=Cancel F8=Image
F9=Shell F10=Exit Enter=Do
ec vo
Notes:
oy si
• Show Status of Print Queue gives output similar to qchk and lpstat
• Stop a Print Queue runs the disable command
Ex
A-40 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
State Description
.T ció
DEV_BUSY Printer is busy servicing other print requests
DEV_WAIT Queue is waiting for the printer
.
Queue is down and no jobs will be serviced
C
DOWN
.F a
from this queue until it is brought up
C rm
OPR_WAIT The queue is waiting for operator intervention
QUEUED Job is queued and waiting
READY Everything is ready to receive a print request
to fo
RUNNING Print file is printing
UNKNOWN Problem with the queue: Need to investigate
further to determine cause
ec vo
Notes:
oy si
Introduction
u
The status of the queues and jobs can be displayed with qchk, lpstat, or lpq. There
cl
DEV_BUSY
Ex
This status can occur when more than one queue is defined to a print device and
another queue is currently using the print device. It could result when the qdaemon
attempts to use the printer port device and another application is currently using that
pr
print device. Normal recovery: You have to wait until the queue or application has
released the print device, or kill the job or process that is using the printer port.
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
DEV_WAIT
This status means that the queue is waiting on the printer because the printer is offline,
out of paper, jammed, or the cable is loose, bad or wired incorrectly. Normal recovery:
Check to see if the printer is offline, out of paper, jammed, or loosely cabled. Sometimes
the jobs have to be removed from the queue before the problem can be corrected.
.I. n
DOWN
This status is set when the device driver cannot communicate with the printer after
.T ció
TIME OUT seconds (which can be set through SMIT). This variable indicates the
amount of time, in seconds, that the queuing system waits for a printer operation. If the
printer is off, the queue will go down. Also, the operator can bring down the queue
.
intentionally, which might be necessary for system maintenance. Normal recovery:
C
.F a
Correct the problem that has brought the queue down and then bring the queue up
again.
C rm
OPR_WAIT
This status is set when the back-end program is waiting on the operator to change the
to fo
paper, change forms, and so on. This is usually software related. Normal recovery:
Respond appropriately to the request that is made by the queuing system.
QUEUED
ec vo
This status is set when a print file is queued and is waiting in line to be printed.
READY
oy si
This is the status of a queue when everything involved with the queue is ready to queue
and print a job.
u
RUNNING
cl
UNKNOWN
This status occurs when a user creates a queue on a device file that another queue is
using, and its status is DEV_WAIT. The queue cannot get a status from the printer
pr
device when it is on hold. Normal recovery: Bring down the other queue or fix the
problem with the printer (paper out, jammed, offline and so on). Bring the new queue
down and then back up so that the queue will register as READY.
A-42 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
# lpstat
Queue Dev Status Job Files User PP % Bks Cp
Rnk
.I. n
draft lp0 DOWN
QUEUED 132 /etc/motd team01 1 1 1
.T ció
Quality lp0 READY
.
• To enable a queue whose status is DOWN:
C
.F a
# enable draft
C rm
• To disable a queue whose status is READY:
# disable quality
to fo
You must be a member of the printq group or root.
ec vo
Notes:
oy si
Enabling a queue
u
Occasionally, problems with printers can bring a queue down. Once the problem has
cl
Disabling a queue
Sometimes, you may wish to bring a queue down. This is recommended if any
maintenance is going to be performed on the printer. You can do this with either of the
pr
commands:
• # disable <queuename>
• # enq -D -P <queuename>
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit jobs
.I. n
Manage Print Jobs
.T ció
Move the cursor to the desired item and press Enter.
.
Show the Status of Print Jobs
C
.F a
Prioritize a Print Job
Hold / Release a Print Job
C rm
Move a Job between Print Queues
to fo
F1=Help F2=Refresh F3=Cancel F8=Image
F9=Shell F10=Exit Enter=Do
ec vo
Notes:
oy si
The root user or a member of the print group can work with any print request. Normal
cl
A-44 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
# smit qcan
.I. n
Type or select values in entry fields.
.T ció
Press Enter AFTER making all desired changes.
.
[Entry Fields]
C
.F a
PRINT QUEUE containing job [ ] +
(required for remote jobs)
C rm
* Print JOB NUMBER
to fo [ ] +#
Notes:
oy si
Introduction
The qcan command cancels either a particular job number or all jobs in a print queue.
u
Normal users can only cancel their own jobs, whereas root can cancel any job.
Commands to cancel print jobs
cl
To cancel a job you can either use the smit qcan fastpath, or use one of the following
commands:
Ex
• cancel (System V)
• lprm (BSD)
• qcan (AIX)
Examples
pr
To cancel job number 127 on whatever queue the job is on, you can use either of the
following two commands:
• # qccel 127
To cancel all jobs queued on printer lp0, you can use either of these two commands:
• # qcan -X -Plp0
• # cancel lp0
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# qchk -L
Queue Dev Status Job Name From To
______ ___ _______ Submitted Rnk Pri Blks Cp PP %
.I. n
pslp0 DOWN QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25
.T ció
1 15 2 1
/etc/qconfig
QUEUED 570 /etc/motd root root
1/07/03 09:40:15 2 15 1 1
.
/etc/motd
C
.F a
# qpri -#570 -a 25
C rm
# qchk -L
Queue Dev Status Job Name From To
______ ___ ______ Submitted Rnk Pri Blks Cp PP %
pslp0 DOWN QUEUED 570 /etc/motd root root
1/07/03 09:40:15 1 25 1 1
to fo
/etc/motd
QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25 2 15 2 1
/etc/qconfig
ec vo
Notes:
oy si
Processing order
u
The discipline line in the /etc/qconfig file determines the order in which the printer
cl
serves the requests in the queue. In the queue stanza, the discipline field can either
be set to fcfs (first-come-first-serve) or sjn (shortest-job-next). If there is no
discipline in the queue stanza, requests are serviced in fcfs order.
Ex
the qpri command. Print jobs with higher-priority numbers are handled before requests
with lower-priority numbers. Only a user who has root authority or who belongs to the
printq group can change the priority of a local print request.
A-46 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Note
You can only set priorities on local print jobs. Remote print jobs are not supported.
.I. n
Example
.T ció
The example in the visual shows that when print jobs are submitted they receive the
default priority of 15. The example shows how the qpri command can be used to
.
change the priority of job number 570 to 25. Use the qchk -L command to show the
C
new job priorities.
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
.I. n
QUEUED 1493 /etc/qconfig root 1 1 1
.T ció
# qhld -#1493
.
# qchk
C
Queue Dev Status Job Files User PP% Blks Cp Rnk
.F a
ps lp0 DEV_BUSY
HELD 1493 /etc/qconfig root 1 1 1
C rm
# qhld -r -#1493
# qchk
to fo
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
QUEUED 1493 /etc/qconfig root 1 1 1
ec vo
Notes:
oy si
The qhld command is used to put a temporary hold on a job that is waiting in the
cl
queue. The qhld command is also the command that is used to release job back in the
queue.
Ex
The visual provides a example of using the qhld command to hold and then release job
# 1493.
This task can also be accomplished through smit (smit qhld).
pr
A-48 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
# qchk -A
.I. n
Queue Dev Status Job Files User PP% Blks Cp Rnk
.T ció
asc lp0 DOWN
QUEUE 11 /etc/qconfig root 2 1 1
ps lp0 READY
.
C
.F a
# qmov -mps -#11
C rm
# qchk -A
Notes:
oy si
You can move jobs between queues in AIX. The command qmov is used. The -m option
cl
specifies what queue to move the job to and the -# option specifies the job number.
This can be done through smit using smit qmov.
Ex
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
var
.T ció
spool
.
C
.F a
C rm
lpd
qdaemon
qdir
to fo
• Contains queue requests • Temporary copies of enqueued
(job description files) files if spooling
ec vo
Notes:
oy si
The directories shown in the visual fill up very quickly if the spooling mechanism
cl
encounters a problem. For example, if the queue goes down, or if there are many users
submitting jobs, there may not be enough room to handle the requests.
Ex
Remember, when print jobs are submitted to spooling rather than just queuing, a copy
of that file is created and stored in the /var/spool/qdaemon directory until that job has
printed. At that time, the temporary file is removed. If the queue or multiple queues quit
working, jobs don't get through the system. This could cause a full condition in this
pr
directory structure.
A-50 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
.I. n
.T ció
NO YES
Check hardware Check software
.
C
.F a
C rm 9
9
Check physical cables
Printer online and ready
9
9
qdaemon running
Check /etc/qconfig
to fo
9 No paper jams 9 Queue enabled
9 Not out of paper 9 /var and /tmp not full
ec vo
Notes:
oy si
First step
u
If you experience problems trying to print, start by checking the simple things first.
cl
The easiest test to perform is to cat a file and redirect standard output to the printer
device file. This by-passes the queuing system and helps to narrow the problem.
Ex
Check hardware
After redirecting a file to the print device, if it does not print, the problem is usually
hardware-related. Check to make sure the cables are attached securely. Make sure the
pr
printer is ready to print (online). Make sure there is paper in the printer and there are no
paper jams.
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
Look at the contents of /etc/qconfig to make sure it is not corrupt.
.T ció
Ensure the queue is enabled. If not, enable it.
# lpstat
.
or
C
# qprt -A
.F a
# enable queuename
Check to make /tmp and /var are not full with the command: df
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
A-52 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
1. True or False: One of the advantages of queues is that each user can
have a different default queue set up for them.
.I. n
2. True or False: The /etc/qconfig file is read by the back-end
.T ció
program to determine what the queue discipline is.
.
3. True or False: All printer software is automatically installed when you
C
install the base operating system.
.F a
C rm
4. What is the difference between these two commands?
# qprt -Pasc file1
# qprt -c -Pasc file1
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
5. What three methods can be used to find out what the system default
queue is?
a.
.I. n
b.
.T ció
c.
.
6. What users can bring print queues down?
C
.F a
7. True or False: Once the queue is down, no more jobs can be
C rm
submitted to the printer.
8. Can users hold all their print jobs in a specific queue? If so, how?
to fo
ec vo
Notes:
oy si
u
cl
Ex
pr
A-54 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Uempty
Unit summary
IBM Power Systems
.I. n
Having completed this unit, you should be able to:
.T ció
• Describe the purpose and the benefits of a queuing system
• Identify the major components that are responsible for
.
processing a print request
C
.F a
• Add a printer queue and device under different circumstances
C rm
• Submit jobs for printing
• View the status of the print queue
to fo
ec vo
Notes:
oy si
© Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
.I. n
.T ció
.
C
.F a
C rm
to fo
ec vo
oy si
u
cl
Ex
pr
A-56 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
.I. n
.T ció
Checkpoint solutions
.
IBM Power Systems
1. What is the name of the device which creates and controls LPARs?
C
.F a
The answer is the HMC.
C rm
2. True or False: An AIX operating system can have no real devices.
The answer is true.
to fo
3. True or False: Virtualization features provided by the VIO Server can
be used by default on any Power system.
ec vo
4. True or False: The su command enables you to get root authority even
oy si
Checkpoint solutions
.I. n
IBM Power Systems
1. List the three main system management tools available on AIX.
.T ció
a. SMIT
b. WebSM
c. IBM Systems Director console for AIX
.
The answers are SMIT, WebSM, and IBM Systems Director console for AIX.
C
.F a
2. What is the purpose of the smit.script file?
C rm
The answer is to obtain the commands SMIT has just executed.
3. What information can one get from looking at the system configuration details
in IBM Systems Director Console?
to fo
a. Firmware/model information
b. File system information
c. Paging space information
d. A list of top CPU logging processes
ec vo
B-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions
.I. n
IBM Power Systems
1. What is the first process that is created on the system and which file
.T ció
does it reference to initiate all the other processes that have to be
started?
.
The answer is the initial process is init. The file init references is
C
/etc/inittab for information regarding other processes that have to
.F a
be started.
C rm
2. Which AIX feature can be used to stop and start subsystems and
groups of daemons?
to fo
The answer is the System Resource Controller (SRC).
3. True or False: You can only execute the AIX shutdown command
ec vo
Checkpoint solutions
.I. n
IBM Power Systems
1. AIX 7 can be installed from which of the following? (Select all that are
.T ció
correct.)
a. 8 mm tape
.
b. CD-ROM
C
c. Diskette
.F a
d. NIM server
The answers are CD-ROM and NIM server.
C rm
2. True or False: A preservation install preserves all data on the disks.
The answer is false. It preserves some of the existing data on the disk
to fo
selected for installation. This method overwrites the user (/usr),
variable (/var), temporary (/tmp), and root (/) file systems. Other
product application files and configuration data are destroyed.
ec vo
B-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions
.I. n
IBM Power Systems
1. Which of the following states must your software be in, in order for you to be
.T ció
able to use it? (Select all that apply.)
a. Applied state
b. Removed state
.
c. Install state
C
d. Commit state
.F a
The answers are Applied state and Commit state.
2. What command is used to list all installed software on your system?
C rm
The answer is lslpp –l or –L.
3. Which of the following can you install as an entity? Select all that apply.
a. ifix
to fo
b. LPP
c. Package
d. Bundle
The answer is they all apply.
ec vo
Checkpoint solutions
.I. n
IBM Power Systems
.T ció
fcs0
fcs0 U78A0.001.DNWGGRX-P1-C3-T1
U78A0.001.DNWGGRX-P1-C3-T1 4Gb
4Gb FC
FC PCI
PCI Express
Express Adapter
Adapter
.
in Power 550 CEC (U78A0).
C
.F a
2. What is the purpose of a device major number? How would you locate the
C rm
major number of a disk, hdisk18?
The answers are the AIX kernel can determine the actual driver and device to
be accessed for a user-level request. Perform a long directory list of the /dev
directory.
to fo
3. True or False: cfgmgr is a binary executable that runs at system initialization
time to configure devices on the system.
The answer is true.
ec vo
4. What commands can you run on AIX to document the system configuration?
The answers are prtconf, lsdev, lscfg, lsslot, and lsattr.
oy si
B-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions (1 of 3)
.I. n
IBM Power Systems
.T ció
5. Volume group
1. Volume group___
Descriptor area__
.
VGDA 6. Physical volume
C
.F a
2. Physical partition
C rm
to fo
3. Logical partition
ec vo
4. Logical volume
oy si
Checkpoint solutions (2 of 3)
IBM Power Systems
7. How many different physical partition (PP) sizes can be set within a single
.I. n
VG?
The answer is one.
.T ció
8. By default, how big are PPs?
The answer is traditionally 4 MB, but LVM chooses an optimal size based on
.
the number of PPs/PV and the size of largest PV in the VG.
C
.F a
9. How many volume groups (VGs) can a physical volume (PV) belong to?
C rm
a. It depends on what you specify through SMIT
b. Only one
c. As many VGs as exist on the system
The answer is only one.
to fo
10. True or False: All VGDA information on your system is identical, regardless of
how many VGs exist.
ec vo
B-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions (3 of 3)
IBM Power Systems
.I. n
## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount PtPt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4 -- // jfs2 294912
294912 -- yes no
.T ció
/dev/hd4 -- jfs2 -- yes no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 32768
32768 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 3309568
3309568 ---- yes
yes no
no
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 65536
65536 --
-- yes
yes no
no
.
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 131072
131072 -- -- yes
yes no
no
/dev/hd10opt
/dev/hd10opt ---- /opt
/opt jfs2
jfs2 163840
163840 -- -- yes
yes no
no
C
/dev/cd0
/dev/cd0 --
-- /infocd
/infocd cdrfs
cdrfs ro
ro yes
yes no
no
.F a
/dev/lv00
/dev/lv00 --
-- /home/john
/home/john jfs2
jfs2 32768
32768 rw
rw yes
yes no
no
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 -- -- yes
yes no
no
C rm
11. With which logical volume is the /home file system associated?
The answer is /dev/hd1.
12. What types of file systems are being displayed?
to fo
The answers are enhanced journaled file systems (JFS2) and CD-ROM (CDRFS).
13. What is the mount point for the file system located on the /dev/hd4 logical volume?
The answer is /.
14. Which file system is used primarily to hold user data and home directories?
ec vo
Checkpoint solutions
.I. n
IBM Power Systems
1. True or False: A logical volume can span more than one physical
.T ció
volume.
The answer is true.
.
2. True or False: A logical volume can span more than one volume
C
group.
.F a
The answer is false.
C rm
3. True or False: The contents of a physical volume can be divided
between two volume groups.
The answer is false.
to fo
4. True or False: If mirroring logical volumes, it is not necessary to
perform a backup.
The answer is false. You still need to back up to external media.
ec vo
B-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions (1 of 2)
.I. n
IBM Power Systems
1. Does the size of the file system change when the size of the logical volume it
.T ció
is on is increased?
The answer is no.
.
2. If you remove a file system, is the logical volume on which it sits removed as
C
well?
.F a
The answer is yes.
C rm
3. When a file system is created, what needs to be done in order to make it
available for use?
The answer is the file system must be mounted using the mount command.
to fo
4. What size should an external JFS log be set to?
The answer is 1 LP.
ec vo
5. True or False: SMIT can be used to easily increase or decrease the size of
an enhanced JFS filesystem.
The answer is true.
oy si
Checkpoint solutions (2 of 2)
IBM Power Systems
.I. n
a. Add 1 GB
The answer is chfs –a size=+1G <file system>.
.T ció
b. Set the size to 5 GB
The answer is chfs –a size=5G <file system>.
.
C
7. What command can you use to determine if a file system is full?
.F a
The answer is df.
C rm
8. What command can produce a report listing the size (in MB) of all the
files and directories contained in a specific location?
The answer is du.
to fo
9. What command checks and interactively repairs inconsistent file
systems?
ec vo
B-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions
.I. n
IBM Power Systems
1. What conclusions regarding potential paging space problems can you reach
.T ció
based on the following listing?
Page
Page Physical
Physical Volume
Volume Size
Size %Used
%Used Active
Active Auto
Auto Type
Type chksum
chksum
Space Volume Group
.
Space Volume Group
C
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 640
640 MB
MB 43%
43% yes
yes yes
yes lv
lv 00
.F a
paging00
paging00 hdisk1
hdisk1 rootvg
rootvg 640
640 MB
MB 7%
7% yes
yes yes
yes lv
lv 00
paging01
paging01 hdisk1
hdisk1 rootvg
rootvg 160
160 MB
MB 89%
89% yes
yes yes
yes lv
lv 00
C rm
The answer is the information provided is not enough to fully analyze the
situation; however, at first glance, here are the potential problems:
a. paging00 is underutilized.
to fo
b. paging01 is over utilized, and the size seems to be too small. Both user-defined
paging spaces are on the same disk.
c. paging01 should be deleted. The administrator should investigate why there is a
high level of paging and possibly increase the size of hd6 and paging00.
ec vo
2. True or False: The size of paging00 (in the above example) can be
dynamically decreased.
The answer is true.
oy si
Checkpoint solutions
.I. n
IBM Power Systems
.T ció
a. find /home/fred | backup -ivf /dev/rmt0
b. cd /home/fred; find . | backup -ivf /dev/rmt0
The answer is the first command backs up the files using the full path names,
.
whereas the second command backs up the file names using the relative
C
.F a
path names. Therefore, the second command’s files can be restored into any
directory.
C rm
2. On a mksysb tape, what command would you use to restore individual files
from a mksysb tape?
The answer is either # restorevgfiles –f /dev/rmt0 <path to
to fo
file> or # restore –s 4 –f /dev/rmt0.1 <path to file>.
3. True or False: smit mksysb backs up all file systems, provided they are
mounted.
ec vo
The answer is false. mksysb only backs up rootvg file systems. To back up
other volume groups, you must use the savevg command.
oy si
B-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions (1 of 2)
.I. n
IBM Power Systems
.T ció
permissions be for file1: chmod 6754 file1
The answer is r w s r w- r - -.
.
C
2. A binary executable with the SUID flag set is owned by user root.
.F a
User michael executes the binary. The executable runs under
which user, root or michael?
C rm
The answer is root.
The answer is this value removes all permission bits for the
“others” category, which enhances security.
oy si
Checkpoint solutions (2 of 2)
IBM Power Systems
.I. n
The answer is a member of security group can use pwdadm to reset a
different user’s password, but only root can use passwd for this
.T ció
purpose.
.
6. Which command can be used to change the default attributes for
C
.F a
users?
The answer is chsec –f /etc/security/user –s default \
C rm
–a attribute=value.
7. True or False: When you delete a user from the system, all the user’s
to fo
files and directories are also deleted.
The answer is false.
ec vo
B-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions (1 of 2)
.I. n
IBM Power Systems
1. If an ordinary user forgets their password, can the system administrator find
.T ció
out by querying the system as to what the user’s password was set to? Why
or why not?
The answer is no. The passwords are held in encrypted format, therefore
.
even the system administrator cannot tell what the password was set to.
C
.F a
2. True or False: An asterisk (mary:*:) in the second field of the
C rm
/etc/passwd file means there is a valid password set in the shadow
password file for user mary.
The answer is false.
to fo
3. Password restrictions are set in which of the following files?
a. /etc/passwd
b. /etc/security/passwd
ec vo
c. /etc/security/restrictions
d. /etc/security/user
The answer is /etc/security/user.
oy si
Checkpoint solutions (2 of 2)
IBM Power Systems
.I. n
predefined roles.
.T ció
The answer is true.
.
5. True or False: Once a user is assigned a role, the user
C
.F a
immediately can use the related authorizations.
The answer is false.
C rm
6. What is the command that will list your assigned roles?
to fo
The answer is lsrole.
ec vo
B-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions
.I. n
IBM Power Systems
.T ció
specify which users are allowed and denied use of the at command.
The answer is false. Only one or the other of these files should be
used.
.
C
.F a
2. Give a crontab entry that would specify that a job should run every
Thursday at 10 past and 30 minutes past every hour.
C rm
The answer is 10,30 * * * 4 <job>.
myscript
^d
#
oy si
Checkpoint solutions
.I. n
IBM Power Systems
.T ció
a. /etc/rc.tcpip
The answer is starts TCP/IP daemons (sendmail, inetd, and so on).
b. ssh
.
The answer is to login or run command on a remote machine (securely).
C
.F a
c. VNC
The answer is to use a remote graphical display on a local desktop
C rm
machine.
d. /etc/services
The answer is to store server side ports of TCP/IP applications.
B-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions
.I. n
IBM Power Systems
1. True or False: Workload partitions require POWER7 systems.
.T ció
The answer is false. Requires POWER4 or later.
.
C
The answers are system and application.
.F a
3. What command builds and starts an application workload partition?
C rm
The answer is wparexec.
4. True or False: Live Application Mobility (LAM) requires that the WPAR private
file systems reside on an NFS server.
to fo
The answer is false. LAM requires that the private file systems be accessible
to both systems. They can either be on an NFS server or, if using a rootvg
WPAR, be placed on a shared fiber-attached SAN disk.
ec vo
.I. n
IBM Power Systems
1. True or False: The qdaemon is responsible for printing jobs.
.T ció
The answer is false. The printer back-end is responsible for printing. The
qdaemon manages jobs in queue. The qdaemon hands the jobs off to the
back-end for printing.
.
C
2. To set up remote printing, what daemons are needed, and do they run on the
.F a
server, the client, or both?
C rm
The answer is qdaemon and lpd on the server qdaemon only on the client.
3. What does the up = TRUE indicate in the /etc/qconfig file?
The answer is it means the queue is accepting jobs. If it were FALSE, the
to fo
user would be notified that the queue is not accepting jobs.
4. What does discipline mean in reference to the /etc/qconfig file?
What are its possible values?
ec vo
B-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook
Checkpoint solutions (1 of 2)
IBM Power Systems
1. True or False: One of the advantages of queues is that each user can have a
.I. n
different default queue set up for them.
The answer is true. This can be accomplished using the PRINTER
.T ció
environment variable.
.
determine what the queue discipline is.
C
.F a
The answer is false. It is read by qdaemon.
C rm
3. True or False: All printer software is automatically installed when you install
the base operating system.
The answer is false. Only a handful of printer software is installed by default.
to fo
4. What is the difference between these two commands?
# qprt -Pasc file1
# qprt -c -Pasc file1
ec vo
Checkpoint solutions (2 of 2)
IBM Power Systems
5. What three methods can be used to find out what the system default queue
.I. n
is?
a. The first entry in the /etc/qconfig file
.T ció
b. The output from the qchk command with no options
c. The first queue listing from the lpstat command
The answers are the first entry in /etc/qconfig file, the output from the
.
qchk command with no options, and the first queue listing from the lpstat
C
command.
.F a
6. What users can bring print queues down?
C rm
The answer is the root user or members of the printq group.
7. True or False: Once the queue is down, no more jobs can be submitted to the
printer.
The answer is false. Jobs can be submitted to the queue. However, they will
to fo
not be printed until the queue is brought up again.
8. Can users hold all their print jobs in a specific queue? If so, how?
The answer is yes, they can by only specifying a queue name and not
ec vo
B-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Ex backpg
Back page
cl
pr u
oy si
ec vo
to fo
C rm
.F a
.T ció
.I. n
C
.
Ex
cl
pr u
oy si
ec vo
to fo
C rm
.F a
.T ció
.I. n
C
.
CONTACTO
Teléfono
91 761 21 78
Póngase en contacto con nuestro equipo y le
informaremos de cualquier duda o cuestión
que pueda surgirle.
Email
formacion@arrowecs.es
Mándenos un email y le atenderemos
enseguida.
Online
@Arrow_Edu_ES
O bien puede contactarnos a través de
nuestro perfil en Twitter.
Visítenos
Arrow ECS Education Services
Avenida de Europa 21,
Parque Empresarial La Moraleja
28108 Alcobendas, Madrid
EDUCATION
S E R V I C E S