Professional Documents
Culture Documents
An12 Ib
An12 Ib
cover
Front cover
Instructor Guide
ERC 1.1
Instructor Guide
Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
AIX® AIX 5L™ AS/400®
DB2® Electronic Service Agent™ Everyplace®
Express™ HACMP™ Notes®
POWER® POWER2™ POWER3™
POWER4™ POWER5™ POWER5+™
POWER6™ Power Architecture® POWER Hypervisor™
Power Systems™ PowerHA™ PowerPC®
PowerVM™ pSeries® RS/6000®
System p® System Storage™ Tivoli®
WebSphere® Workload Partitions
Manager™
PS/2® is a trademark or registered trademark of Lenovo in the United States, other
countries, or both.
PostScript is either a registered trademark or a trademark of Adobe Systems Incorporated
in the United States, and/or other countries.
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc.
in the United States, other countries, or both.
Linux® is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other
countries, or both.
UNIX® is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, or service names may be trademarks or service marks of others.
TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Unit 1. Introduction to IBM Power Systems, AIX, and system administration . . . . 1-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
AIX overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Logical partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Dynamic logical partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11
Live partition mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
Evolution of AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Overview of the POWER6 servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21
Typical Power / AIX system layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23
The HMC (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25
The HMC (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27
LPAR virtualization overview (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29
LPAR virtualization overview (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32
Virtual I/O server overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-35
Virtualization example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37
Role of the system administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-40
Who can perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-42
How can we perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-45
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-47
Exercise 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-49
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-51
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-59
Exercise 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-61
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-63
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X-1
TMK Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
AIX® AIX 5L™ AS/400®
DB2® Electronic Service Agent™ Everyplace®
Express™ HACMP™ Notes®
POWER® POWER2™ POWER3™
POWER4™ POWER5™ POWER5+™
POWER6™ Power Architecture® POWER Hypervisor™
Power Systems™ PowerHA™ PowerPC®
PowerVM™ pSeries® RS/6000®
System p® System Storage™ Tivoli®
WebSphere® Workload Partitions
Manager™
PS/2® is a trademark or registered trademark of Lenovo in the United States, other
countries, or both.
PostScript is either a registered trademark or a trademark of Adobe Systems Incorporated
in the United States, and/or other countries.
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc.
in the United States, other countries, or both.
Linux® is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other
countries, or both.
UNIX® is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, or service names may be trademarks or service marks of others.
Duration: 5 days
Purpose
Learn to install, customize and administer the AIX operating system in
a multiuser POWER (System p) partitioned environment. The course
is based on AIX 6.1 running on a Power6 system managed by
Hardware Management Console version 7 and provides practical
discussions that are appropriate to earlier AIX releases.
Audience
This intermediate course is intended for system administrators or
anyone implementing and managing an AIX operating system in a
multiuser POWER (System p) partitioned environment.
Prerequisites
The students attending this course should already be able to:
• Log in to an AIX system and set a user password
• Execute basic AIX commands
• Manage files and directories
• Use the vi editor
• Use redirection, pipes, and tees
• Use the utilities find and grep
• Use the command and variable substitution
• Set and change Korn shell variables
• Write simple shell scripts
• Use a graphic Common Desktop Environment (CDE) interface
These skills can be acquired by attending AIX Basics (AU13) or
through equivalent AIX/UNIX knowledge. Also, it would be helpful, but
not mandatory if students were familiar with partitioning concepts and
technology taught in Power Systems for AIX I: LPAR Configuration
and Planning (AN11).
Objectives
On completion of this course, students should be able to:
• Install the AIX operating system, filesets, and RedHat Package
Manager (RPM) packages
• Perform system startup and shutdown
• Discuss and use system management tools such as System
Management Interface Tool (SMIT) and IBM systems director
console for AIX
• Manage physical and logical devices
• Discuss the purpose of the logical volume manager
• Perform logical volume and file system management
• Create and manage user and group accounts
• Perform and restore system backups
• Utilize administrative subsystems, including cron to schedule
system tasks, and security to implement customized access of files
and directories
• Configure TCP/IP networking
• Implement Workload Partitions (WPAR)
Contents
• Introduction to IBM POWER p systems, AIX, and system
administration
• AIX System Management Tools
• System startup and shutdown
• AIX installation
• AIX software installation and maintenance
• System configuration and devices
• System storage overview
• Working with the Logical Volume Manager (LVM)
• File system administration
• Paging space
• Backup and restore
• Security and user administration
• Scheduling
Curriculum relationship
This course should follow the AIX Basics course. A basic
understanding of hardware / AIX environment and simple commands
is recommended before taking this course.
pref Agenda
Day 1
Welcome
(01:00) Unit 1: Introduction to IBM Power Systems, AIX, and
system administration
Exercise 1
(01:00) Unit 2: AIX system management tools
Exercise 2
(01:00) Unit 3: System startup and shutdown
Exercise 3
(01:00) Unit 4: AIX installation
Exercise 4
Day 2
(01:15) Unit 5: AIX software installation and maintenance
Exercise 5
(00:45) Unit 6: System configuration and devices
Exercise 6
(00:45) Unit 7: System storage overview
Exercise 7
(01:30) Unit 8: Working with the Logical Volume Manager
Exercise 8
Day 3
(01:30) Unit 9: File systems administration
Exercise 9
(0:30) Unit 10: Paging space
Exercise 10
(01:00) Unit 11: Backup and restore
Exercise 11
Day 4
(01:30) Unit 12: Security and user administration
Exercise 12
(00:30) Unit 13: Scheduling
Exercise 13
(01:30) Unit 14: TCP/IP networking
Day 5
Exercise 14
(01:30) Unit 15: Introduction to workload partitions
Exercise 15
Estimated time
01:00
References
Online AIX 6.1 Information
PSO03004-USEN-05
AIX “From Strength to Strength”
AU73G System p LPAR configuration and virtualization I
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit objectives
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
AIX overview
IBM Power Systems
LPAR:
AIX2
LPAR:
AIX3
Notes:
Advanced Interactive Executive (AIX) is IBM's proprietary UNIX OS based on UNIX
System V with 4.3BSD-compatible command and programming interface extensions.
Announcement Letter Number 286-004 dated January 21, 1986:
• “The AIX Operating System is based on INTERACTIVE Systems Corporation's IN/ix,
which, in turn, is based on UNIX System V, as licensed by AT&T Bell Laboratories.
Some portions of the modifications and enhancements were developed by IBM; others
were developed by INTERACTIVE under contract to IBM.”
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Power Hypervisor
System Hardware (memory, processors, devices)
© Copyright IBM Corporation 2009
Notes:
Logical partition (LPAR)
Logical partitioning is the ability to make a single system run as if it were two or more
systems. Each partition represents a division of resources in the Power System. The
partitions are logical because the division of resources is logical and not along physical
boundaries.
Hypervisor Partitions are isolated from each other by firmware (underlying software)
called the POWER Hypervisor. The names POWER Hypervisor and Hypervisor will be
used interchangeably in this course.
Each partition has its own environment, for example – IP address or time of day, just as
any AIX instance.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Before After
LPAR 1 LPAR 1
DLPAR Operation:
(running) (running)
- Add 2.0 CPU
-Remove 4Gb Mem
2.0 CPU 4.0 CPU
-Move the DVD slot to LPAR 2 16Gb Mem 12Gb Mem
Notes:
Dynamic Logical partitioning (DLPAR)
The term Dynamic in DLPAR means we can add, move, or remove resources without
having to reactivate the partition. If there are partitions that need more or can do with
fewer resources, you can dynamically move the resources between partitions within the
managed system without shutting down the partitions. Both the source and the
destination partitions must support the dynamic partitioning operation.
Processors and memory
Each running LPAR has an active profile which contains the resources that LPAR is
entitled to. For processor and memory settings, there is a maximum and a minimum
range. These boundaries cannot be exceeded when performing dynamic reallocation
operations.
Uempty Applications
Some applications and utilities may not be DLPAR-aware. If they bind to a processor or
pin memory, then you may need to stop these processes before you are able to perform
the DLPAR operation. IBM provides an Application Programming Interface (API) for
third party program DLPAR support on AIX 5L and AIX 6
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the concept of DLPAR
Details — Describe what is meant by DLPAR, and go through the details provided in the
visual and notes.
Additional information — Just keep it at a high level, not to the same detail as in AN11.
Transition statement — WPAR is a key feature of AIX6. Let's provide an overview.
Uempty
AIX1
AIX2 WPAR2 2.
1.
AIX3
WPAR1
WPAR4
WPAR5
WPAR3
WPAR6 WPAR mgr
Notes:
Workload partitions (WPAR) are virtualized, secure operating system environments,
within a single instance of the AIX operating system. Live Application Mobility is a capability
of WPAR technology which allows partitions to move between systems with limited
application downtime (for example, 20 seconds).
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce WPAR technology
Details — It's important that students understand there is a bigger picture here and not just
AIX administration. This information is good for two main reasons.
1. To make students aware that the technology exists
2. To sell further advanced education
Additional information — More details will follow later in the course.
Transition statement — A key feature of Power6 technology allows partitions to be moved
from box to box. Let's provide an overview of Live partition mobility.
Uempty
No
LPAR:
LPAR:
Downtime
AIX1
AIX1
• Partition Mobility provides systems management flexibility and
is designed to improve system availability.
– Can help avoid planned outages for hardware or firmware
maintenance
– Can help avoid unplanned downtime
• If a server indicates a potential failure, you can move its partitions to
another server before the failure occurs.
– Enables optimized resource use by moving workloads from server to
server
© Copyright IBM Corporation 2009
Notes:
Live Partition Mobility is a new capability that enables users to move partitions between
systems with no application downtime. Live Partition Mobility enables organizations to
move LPARs from CPU intensive servers to improve overall throughput based on
requirements at a particular time. This also allows us to use a maintenance window on a
physical machine without the need for any application downtime. The only interruption of
service would be due to network latency. If sufficient bandwidth was available, a delay of at
most, a few seconds, could typically be expected.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the partition mobility feature
Details — Go through the details provided in the visual.
Additional information —
Transition statement — Let's see how AIX has evolved over the last 20+ years.
Uempty
Evolution of AIX
IBM Power Systems
Notes:
AIX
AIX has come a long way since 1986. The first stable version was released in 1993 with
v3.2.5. AIX 3 had key features that are still in AIX today such as smit, a logical volume
manager, the first UNIX flavour to incorporate LVM, and Journaled Filesystems. AIX 6.1
which was generally available (GA) in Nov 2007, saw the addition of many new leading
edge features into the OS. Here is a list, many of which are beyond the scope of this
course, but will be covered in detail in further education courses:
AIX Version 6.1 highlights
New Virtualization Support
• PowerVM Workload Partitions (WPAR)
• PowerVM Live Application Mobility, with the IBM PowerVM Workload Partitions
Manager for AIX
• PowerVM Live Partition Mobility enablement
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
workloads. The processor has separate 64 KB L1 cache for instructions and data and
L2 cache controllers. The L2 caches run at full processor speed. The RS64 contains a
16 byte interface to 2-way set associative 4MB L2 cache. The RS64 was also used in
the AS/400, called A35.
There were 4 generations of the RS64 chip. PowerPC RS64 IV 64-bit RISC
microprocessor, also known as Sstar, using copper and SOI technology.
Then in October 2000, pSeries 680 (600 MHz), a 6 to 24-way 64-bit SMP server, with
up to 96GB of system memory, and 16MB L2 cache for each 600 MHz processor was
announced.
• POWER3: The POWER3 (64 bit) processor, announced in October 1998, unifies the
POWER2 architecture (P2SC) with the PowerPC architecture.
The SMP-capable POWER3 design allows for concurrent operation of fixed-point
instructions, load/store instructions, branch instructions, and floating-point instructions.
POWER3 is capable of executing up to four floating-point operations per cycle, two
multiply-add instructions. Integer performance has been significantly enhanced over the
P2SC with the addition of dedicated integer and load/store execution units. The chip
features eight execution units fed by a 6.4 gigabyte-per-second memory subsystem.
The core includes two high-bandwidth buses: a 128-bit 6XX architecture bus to main
memory and 256-bit bus to the L2 cache that runs at processor speed. The POWER3
also has on-chip 64KB data cache and a 32KB instruction cache.
• POWER4: The POWER4 “Gigaprocessor” copper SOI 64-bit CMP microprocessor is
based on all earlier designs.
174-million-transistor POWER4 chip, with two 1.1/1.3 GHz five-issue superscalar
microprocessor cores, a triple-level cache hierarchy, up to 256 GB memory, a
10-Gbyte/s main-memory interface, and a 45-Gbyte/s multiprocessor interface. The
POWER4 is a CMP chip, which means that it incorporates multiple processors on a
single piece of silicon.
POWER4 machines saw the introduction of LPAR technology.
• POWER5: The POWER5 processor is an improved variant of the highly successful
POWER4 chip. The principal changes are support for Simultaneous multithreading
(SMT) and an on-die memory controller. Each CPU supports 2 threads. Since it is a
multicore chip, with 2 physical CPUs, each chip supports 4 logical threads. The
POWER5 can be packaged in a DCM (dual chip module), with one dual core chip per
module, or an Multi-Chip Module (MCM) with 4 dual core chips per module. POWER5+,
presented in 3Q 2005, packages in QCM, 2 dual core chips.
• POWER6: The POWER6 processor was released in July 2008, with the model Power
570 3.5, 4.2 and 4.5 Ghz. POWER 5+ has out-of-order execution. However, POWER6
uses mostly in-order execution. An out-of-order execution core has some performance
advantages, but it takes significantly more logic to manage the execution. The extra
logic consumes electrical power. Since a key objective in the design of POWER6
systems was to conserve electrical power, the decision was made to implement the
core in-order.
The potentially lower performance is offset by the significant increase of processor
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Give a brief view of AIX/Power
Details — The intent of this visual is to show the evolution of Power Systems and AIX.
The key message is: AIX has gone and is going from strength to strength. Around the time
of versions 3.2.5, 4.1, AIX was not considered a serious rival to popular alternatives, SUN,
HP, Sco. Since the turn of the millennium, AIX and Power technology has grown from
strength to strength. The visual shows the list of new features which have been included in
the TL02 release of AIX 6.1. The actual details themselves are irrelevant and are probably
not that readable or clear on the visual, but demonstrates how AIX technology is growing.
Focus on high level details:
• 40+ years of Hypervisor technology (the original hypervisor was CP/CMS, developed at
IBM in the 1960s, an ancestor of IBM's current z/VM).
• 20+ of AIX
• 30+ RISC
Additional information —
Transition statement — Let's see an overview of the p6 range of H/W.
Uempty
Power 570
Power 560
• Mid-range
• Mid-range
• Rack (4U) building block (to 16U)
• Rack (4U) building block (to 8U) • 2, 4, 8, 16 or 32 CPUs
• 4, 8 or 16 CPUs
• 1GB-768GB memory
• 8GB-384GB memory • Max. Storage, Internal +
• Max. Storage, Internal +
• Expansion I/O 604TB
• Expansion I/O 599TB
Power 575
• High Performance Computing cluster Power 595
• High-end
• For highly-parallel, compute-intensive
HPC workloads (up to 64 nodes per • 42U System Frame
• 8 to 64 CPUs
cluster)
• 16GB-4TB memory
• 24” System Frame, water cooled
• 32 CPUs per nodes • Max. Storage, Internal +
• Expansion I/O 999TB
• 32GB-256GB memory per node
• Max Internal storage per node 292GB
© Copyright IBM Corporation 2009
Notes:
IBM often introduces new models and updates the current range of servers on a frequent
basis. For further details see the Power Systems facts and features guide:
http://www-03.ibm.com/systems/power/hardware/reports/factsfeatures.html
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Just provide a brief glance at the p6 range – do not go into too many details.
Point them to the facts and features and the LPAR class
Details —
Here are a few things that you could also mention.
Explain that POWER6 system technology is a full redesign based on:
• A new processor
• A new system architecture
• A new PHYP microcode and new HMC
• A new virtualization components set
• A new AIX version
Additional information — If students require more details point them in the direction of
the Power facts and features pdfs guides on the web.
Transition statement — Let look at a typical Power, AIX system layout.
Uempty
Private Service
Processors Managed
Network System
Secondary HMC
‘Backup’ LPAR 1
LPAR 2
Primary HMC SAN
Public/Open
Network LPAR 3
LPAR 4
Notes:
The diagram above shows a typical example of a Power server set-up configuration. The
server is split into a number of Logical Partitions (LPARs) running AIX. A Network
Installation Manager (NIM) server is highly preferable to install and update the AIX LPARs
over the network. There can be a maximum of 2 HMCs connected to each system and
each system has two dedicated Ethernet ports reserved for this. It is recommended that the
HMC to Service Processor communication occurs through a private network reserved for
that purpose. The HMC also must have open network connectively to the LPARs if such
features as Connection Monitoring and Dynamic LPAR operations are to be achieved.
It is also preferable to have a second HMC connected for availability purposes.
Note: A failure of the HMC does not interfere in any way with the running managed system.
The service processor is a separate, independent processor that provides hardware
initialization during system load, monitoring of environmental and error events, and
maintenance support.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show the group a typical Power configuration
Details — Spend a bit of time here and introduce the big picture. There can be many
alternatives, so ask the group and be prepared for a discussion.
Additional information —
Transition statement — The HMC is a key box, let's provide an overview. Note, this is not
an HMC course so point them to our LPAR class if more details are required.
Uempty
The HMC (1 of 2)
IBM Power Systems
Notes:
The HMC is an Intel based server which runs a customized version of Linux (SuSE). Its
main purpose is to configure and control up to 48 managed systems.
The HMC also collects diagnostic and error information from the LPARs and Managed
System and logs them as Serviceable events. If configured, the HMC can send these
reports to IBM through the Electronic Service Agent (ESA).
Note: On entry level machines such as the Power 520, if the system is to be used as a
non-partitioned system an HMC is not required. An HMC is mandatory for Power 570 and
above. Power 550s and below can use Integrated Virtualization Manager (IVM) to create
and control the managed system. IVM is available through the VIOS code.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the HMC
Details — This page introduces the HMC. The most important points on this page are that
the HMC is needed for any p6 servers that will run LPARs, and that the HMC is an
independent system.
POWER4 and POWER5 processor-based systems also use an HMC for LPAR
management, however the software stack is different.
The first diagram supports the bullet “Access is via https …”
The second diagram supports the bullet “Collects status health information …”
Additional information —
Transition statement — Let's see the main HMC interface.
Uempty
The HMC (2 of 2)
IBM Power Systems
Managed
Systems
Notes:
The diagram above shows the main view of a managed system – sys034. Operations such
as create, stop, shutdown LPAR can be performed from the Tasks pad or bar, or by
selecting the LPAR itself. The view is highly customizable.
The navigation area offers the main features of the HMC, such as:
• Systems plans for producing or deploying system configuration plans done during
design
• HMC Management for configuring the HMC, users, roles, network setting, and other
HMC characteristics
• Updates, for updating the HMC and Managed System firmware
This view was taken from an HMC running v7.3.3.1. Pre v7 HMCs ran WSM which was a
much different interface based on Java.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the main interface
Details — Describe the major parts of the HMC interface as shown in the foil.
Additional information —
Transition statement — Let's explain provide an overview of virtualization technology.
Uempty
Notes:
Virtualizing LPARs
The main benefits of virtualized I/O are as follows:
• Partitions can be created without requiring additional physical I/O resources. The new
partitions can be configured to use virtualized I/O resources, which allows them to be
configured in a timely manner, since no physical reconfiguration of the system, that is,
moving adapter cards and cables, is required.
• Virtualized I/O allows an economical I/O model, since it allows multiple partitions to
share common resources. For example, multiple partitions can share a single physical
adapter. Without virtualized I/O, each partition would require its own adapter, even if the
full capacity of the adapter was not being utilized.
• The use of virtualized I/O facilitates server consolidation. It permits multiple client
partitions to reside on a single machine, and make efficient use of shared resources.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Note: There are many other virtualization features which are covered in more
depth in the LPAR & virtualization curriculum / roadmap.
Notes:
Virtual Ethernet Introduction
Virtual Ethernet adapters enable inter-partition communication without the need for
physical network adapters assigned to each partition. It can be used in both shared and
dedicated POWER5 or POWER6 processor partitions provided the partition is running
AIX V5.3, AIX V6.1, or Linux. This technology enables IP-based communication
between logical partitions on the same system using a VLAN Ethernet switch (POWER
Hypervisor) in POWER5 and POWER6 processor-based managed systems.
The number of partitions possible on many systems is greater than the number of I/O
slots. Therefore, virtual Ethernet is a convenient and cost saving option to enable
partitions within a single system to communicate with one another through a virtual
Ethernet LAN. The virtual Ethernet interfaces may be configured with both IPv4 and
IPv6 protocols.
Virtual SCSI Introduction
Uempty The Virtual I/O server supports exporting disks as virtual devices. The Virtual I/O server
supports the exporting of three types of virtual SCSI disks: virtual SCSI disk backed by
a whole physical volume, virtual SCSI disk backed by a logical volume, and virtual SCSI
disk backed by a file. Regardless of whether the virtual SCSI disk is backed by a whole
physical disk, a logical volume, or a file, all standard SCSI conventional rules apply to
the device. The device will behave as a standard SCSI compliant device. The logical
volumes and files appear as real devices, hdisks, in the client partitions and can be
used as a boot device. Once a virtual disk is assigned to a client partition, the Virtual I/O
Server must be available before the client partitions are able to access it.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of virtual SCSI
Details — Remember this is an overview, do not get bogged down with too many details. In
the notes, I have introduce terms that students at this stage will probably not be familiar
with. That's OK, it was my intension to do this. If you get questions like, what is a PV or
logical volumes, explain to them that we will get to the details in the storage section later in
the course.
Additional information —
Transition statement — Let's introduce the VIOS appliance.
Uempty
Notes:
Virtual I/O Server (VIOS) description
VIOS provides virtual storage and shared Ethernet capability to client logical partitions
on the system. It allows physical adapters with attached disks and optical devices on
the VIOS to be shared by one or more client partitions.
VIOS partitions are not intended to run applications or to have general user logins.
VIOS is installed in its own partition. Using VIOS facilitates the following functions:
• Sharing of physical resources between partitions on the system
• Creation of partitions without requiring additional physical I/O resources
• Creation of more partitions than I/O slots or physical devices, by allowing partitions to
have dedicated I/O, virtual I/O, or both
• Maximization of physical resource utilization on the system
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the VIOS appliance
Details — Introduce the VIOS as shown in the visual and notes.
Additional information —
Transition statement — A picture paints a thousand words so let’s have a look at an
example.
Uempty
Virtualization example
IBM Power Systems
Notes:
VLAN
A Virtual Local Area Network (VLAN) enables an ethernet switch to create sub-groups
within a single physical network where the members of different subgroups are isolated
from each other.
Virtual Ethernet
There are two main features of virtual Ethernet. One is the inter-partition virtual switch
to provide support for connecting up to 4096 LANs. LAN IDs are used to configure
virtual Ethernet LANs and all partitions using a particular LAN ID can communicate with
each other. The other feature is a function called Shared Ethernet Adapter that bridges
networks together without using TCP/IP routing. This function enables the partition to
appear to be connected directly to an external network. The main benefit of using this
feature is that each partition need not have its own physical network adapter.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Overview
There are a number of distinct tasks which the system administrator on a UNIX or AIX
system must perform. Often there is more than one system administrator in a large
organization and the tasks can be divided between the different administrators.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Limiting access to administrative tasks
AIX security permissions restrict the performance of administrative tasks to the root
user, and sometimes to other users in special groups. For example, system for general
tasks, security for user administration, printq for AIX Print Subsystem printer
management, and lp for System V Print Subsystem printer management. This means
that the root user's password must be kept secure and only divulged to the few users
who are responsible for the system. AIX6 has a new feature called Role Based Access
Control (RBAC). This allows OS management tasks to be assigned to roles and then
assigned to users. RBAC is a large security topic and hence will be covered in detail in
the AIX Security course (AU47G).
A certain amount of discipline is also required when using the root ID, because typing
errors made as root could do catastrophic system damage. For normal use of the
system, a non-administrative user ID should be used. The superuser (root) privilege
should only be used when that authority is necessary to complete a system
administration task.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define who can perform admin tasks
Details — Explain the importance of the root ID and keeping it secure.
Additional information —
Transition statement — Let's see the options that are available to us when performing SA
tasks
Uempty
• Command line
– UNIX system administration tasks are often done from the command line,
by executing scripts, or both
• Writing and executing scripts
– Typically using Korn shell scripts (ksh is the default shell on AIX)
– Perl for more advanced users
• SMIT (smit or smitty)
– Text based tool (Graphical version also available – less popular)
• System Director for AIX (pconsole)
– New web based GUI in AIX6
• WebSM (wsm)
– Java based GUI (Requires CDE or X11 based graphics display)
– Not a popular tool to use
• IBM Systems Director
– A cross platform product for managing Power systems and AIX across a
large enterprise environment
Notes:
There are many ways to perform administration tasks within AIX. In reality, a combination
of tools or techniques are deployed. IBM Systems Director is more flexible than the others
in the list. It supports multiple operating systems and virtualization technologies across IBM
and non-IBM platforms. It is not to be confused with Systems Director for AIX which is
based upon IBM Systems Director but runs from within AIX to managed the OS as a single
instance.
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define how SA tasks are perform on a UNIX box
Details — Highlight the options for performing administrative tasks within AIX.
Point out the difference between Systems Directors products.
Additional information — IBM Systems Director product is free of charge.
Transition statement — It’s time for some checkpoint questions.
Uempty
Checkpoint
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
Uempty
Exercise 1
IBM Power Systems
Introduction to
IBM Power Systems and
AIX
Notes:
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Estimated time
01:00
References
Online AIX Version 6.1 Systems Director Console for AIX
AIX Version 6.1 Operating System and Device
Management
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit objectives
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
UNIX Challenges
Unfortunately, the same thing that's special about UNIX is also the source of most of what's
wrong. UNIX is an operating system burdened with 30+ years worth of useful add-ons and
different flavors. As a consequence, the OS has an awful lot of inconsistencies and
overlapping functions. At times, this can be confusing and challenging even for
experienced users.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Minimize time and resources spent managing systems
Organizations seek to minimize the time and resources spent managing systems, that is, to
manage computer systems efficiently. AIX helps with tools such as SMIT, the Web-based
System Manager, and AIX 6.1 Systems Director.
Maximize reliability, performance, and productivity
Organizations also wish to maximize system reliability and performance in order to
maximize the productivity of the users of computer systems. AIX helps with features, such
as the logical volume manager, that help avoid the need for the system to be brought down
for maintenance.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Discuss what you are trying to achieve when you manage a system
Details — Discuss details in the visual and notes.
Additional information —
Transition statement — SMIT, Web-based System Manager, and Systems Director are
three tools that can help with management of AIX 6.1 systems.
Uempty
AIX administration
IBM Power Systems
High-level commands
Low-level Intermediate-level
commands commands
System
System Kernel Resource Object Data ASCII
calls services Controller Manager files
Notes:
IBM provides users on AIX with a great deal of flexibility and choice when it comes to
administering an AIX system. SMIT is a simple, but highly effective ASCII based
management tool that has been in AIX since version 3. WebSM is a Java based GUI tool
which was introduced in AIX 5.1. Some users will be familiar with the WebSM user
interface if they have used version three to six of an HMC. IBM Systems Director console is
a new attractive web based offering in AIX6.1.
Types of commands:
Commands are classified high-, medium-, or low-level:
• High-level commands: These are standard AIX commands, either shell/perl scripts, or
C programs, which can also be executed by a user. They execute multiple low-level or
intermediate-level commands to perform the system administrative functions.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
SMIT
IBM Power Systems
Notes:
Overview of SMIT
The System Management Interface Tool (SMIT) provides a menu-driven interface that
provides access to most of the common system management functions, within one
consistent environment.
SMIT is an interactive application that simplifies virtually every aspect of AIX system
administration. It is a user interface that constructs high-level commands from the user's
selections, and then executes these commands on-demand. Those commands could be
entered directly by the user to perform the same tasks, or put into scripts to run over, and
over again.
Occasionally, a system administrator will run AIX commands or edit ASCII files directly to
complete a particular system administration task. However, SMIT does make the most
frequent or complex/tedious tasks much easier with a greater degree of reliability.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# smit
System Management
System Management
Move cursor to desired item and press Enter.
Move cursor to desired item and press Enter.
Software Installation and Maintenance
Software Installation and Maintenance
Software License Management
Software License Management
Devices
Devices
System Storage Management (Physical & Logical Storage)
System Storage Management (Physical & Logical Storage)
Security & Users
Security & Users
Communications Applications and Services
Communications Applications and Services
Workload Partition Administration
Workload Partition Administration
Print Spooling
Print Spooling
Advanced Accounting
Advanced Accounting
Problem Determination
Problem Determination
Performance & Resource Scheduling
Performance & Resource Scheduling
System Environments
System Environments
Processes & Subsystems
Processes & Subsystems
Applications
Applications
Installation Assistant
Installation Assistant
Cluster Systems Management
Cluster Systems Management
Using SMIT (information only)
Using SMIT (information only)
F1=Help F2=Refresh F3=Cancel F8=Image
F1=Help F2=Refresh F3=Cancel F8=Image
F9=Shell F10=Exit Enter=Do
F9=Shell F10=Exit Enter=Do
Notes:
Main menu selections
The SMIT main menu enables you to select the administrative functions to be performed.
You can also select online help on how to use SMIT.
Use of keys
In the ASCII mode, in order to select from the menus, you have to use the up and down
arrow keys. This moves a highlighted bar over the menu items. Press Enter to select the
highlighted item. You can also use some of the keyboard function keys to perform other
functions, such as exiting SMIT or starting a shell.
Importance of TERM environment variable
When using SMIT in the ASCII mode, the menus and dialog panels sometimes come up
distorted. That is the result of not having an appropriate TERM variable value. Setting and
exporting this variable can solve the problem. For example, executing the command
export TERM=vt320 might solve the problem.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the smit main menu and highlight the options
Details — Explain how to open smit. There is an example in the notes. It maybe helpful to
provide a demo.
Additional information —
Transition statement — Lets see a dialog screen example.
Uempty
Dialog screen
IBM Power Systems
# smit date
Change / Show Day and Time
Change / Show Day and Time
Type or select values in entry fields.
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
Press Enter AFTER making all desired changes.
[Entry Fields]
[Entry Fields]
YEAR (00-99) [08] #
YEAR (00-99) [08] #
MONTH (01-12) [10] #
MONTH (01-12) [10] #
DAY (1-31) [08] #
DAY (1-31) [08] #
HOUR (00-23) [11] #
HOUR (00-23) [11] #
MINUTES (00-59) [23] #
MINUTES (00-59) [23] #
SECONDS (00-59) [06] #
SECONDS (00-59) [06] #
Notes:
Dialog screens and selector screens
A dialog screen allows you to enter values that are used in the operation performed. Some
fields are already completed from information held in the system. Usually, you can change
this data from the default values.
A selector screen is a dialog screen on which there is only one value to change. The value
usually indicates the object which is acted upon by the subsequent dialog and AIX
command.
Entering data
To enter data, move the highlighted bar to the value you want to change. Then, either enter
a value or select one from a list. Fields that you can type in have square brackets [ ]. Fields
that have data that is larger than the field width, have angle brackets < >, to indicate that
there is data further to the left, right, or both sides of the display area.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Special symbols
Special symbols on the screen are used to indicate how data is to be entered:
Asterisk (*): This is a required field.
Number sign (#): A numeric value is required for this field.
Forward slash (/): A pathname is required for this field.
X: A hexadecimal value is required for this field.
Question mark (?): The value entered is not displayed.
Plus sign (+): A pop-up list or ring is available.
An asterisk (*) in the leftmost column of a line indicates that the field is required. A value
must be entered here before you can commit the dialog and execute the command. In the
ASCII version, a plus sign (+) is used to indicate that a pop-up list or ring is available. To
access a pop-up list, use the F4 key. A ring is a special type of list. If a fixed number of
options are available, use the Tab key to cycle through the options.
In the Motif version, a List button is displayed. Either click the button or press <Ctrl-l> to
display a pop-up window.
Use of particular keys
The following keys can be used while in the menus and dialog screens. Some keys are
only valid in particular screens. The keys that are only valid for the ASCII interface are
marked (A). The keys that are only valid for the Motif interface are marked (M).
F1 (or ESC-1) Help: Show contextual help information.
F2 (or ESC-2) Refresh: Redraw the display. (A)
F3 (or ESC-3) Cancel: Return to the previous screen. (A)
F4 (or ESC-4) List: Display a pop-up list of possible values. (A)
F5 (or ESC-5) Reset: Restore the original value of an entry field.
F6 (or ESC-6) Command: Show the AIX command that is executed.
F7 (or ESC-7) Edit: Edit a field in a pop-up box or select from a multi-selection pop-up list.
F8 (or ESC-8) Image: Save the current screen to a file (A) and show the
current fastpath.
F9 (or ESC-9) Shell: Start a sub-shell. (A)
F9 Reset: all fields. (M)
F10 (or ESC-0): Exit: Exit SMIT immediately. (A)
F10: Go to the command bar. (M)
F12 Exit: Exit SMIT immediately. (M)
Ctrl-l List: Give a pop-up list of possible values. (M)
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show a simple smit panel for command execution
Details — Feel free to perform a live demo of more interesting smit functions.
This is a dialog screen and not a selector screen, as there is more than one option listed on
the screen.
Go through each symbol, as documented in the student notes, and ensure that all students
are clear about the symbols such as *, #, and so forth.
Also, go through all the function keys one at a time, explaining the uses of each one.
Other helpful hints that should be mentioned are that items of a list can sometimes be
obtained with the Tab key. Also, on a screen which holds more than one page of
information, the <Ctrl-v> and <Esc-v> key sequences are used to move up and down a
page.
Ensure that all the key points in the student notes are covered.
Additional information —
Transition statement — When you press Enter, what happens?
Uempty
Output screen
IBM Power Systems
Command
completed No
successfully COMMAND STATUS Standard
COMMAND STATUS
error
Command: OK stdout: yes stderr: no
Command: OK stdout: yes stderr: no
Before command completion, additional instructions may appear below.
Before command completion, additional instructions may appear below.
Wed 8 Oct 11:23:06 2008
Wed 8 Oct 11:23:06 2008
Standard Output
following command
execution
(Stdout)
Notes:
Fields on first line of output
The Command field can have the following values: OK, RUNNING, and FAILED.
The value of the stdout field indicates whether there is standard output, that is, whether
there is output produced as a result of running the command. The output is displayed in the
body section of this screen.
The value of the stderr field indicates whether there are error messages. In this case, there
are no error messages.
Note that, in the Motif version of SMIT, a representation of a person in the top right-hand
corner of the screen is used to indicate the values of the Command field.
Body of the screen
The body of the screen holds the output or error messages from the command. In this
example, there is output, but there are no error messages.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Review the output panels of the smit command
Details — Go through the output on the screen
Additional information — You may want to tell some amusing anecdotes about the
running person in the graphical version.
Transition statement — The best thing about smit is the log feature, lets take a look.
Uempty
smit.log
smit
Command smit.script
execution
smit.transaction
• $HOME/smit.log
Records a log of all menu and dialog screens visited, all commands executed,
and their output.
Records any errors during the SMIT session.
• $HOME/smit.script
Shell script containing all AIX commands executed by SMIT
• $HOME/smit.transaction
SMIT transactions log
Records date, description and command script output of the commands
executed SMIT output will be
redirected to file: /tmp/new-
# smitty –xs /tmp/new-script script. No commands will be
run.
© Copyright IBM Corporation 2009
Notes:
Overview
SMIT creates three files in the $HOME directory of the user running SMIT. If these files
already exist, then SMIT appends to them. These files can grow quite large over time,
especially during installations. The user must maintain and truncate these files, when
appropriate.
The smit.log file
The smit.log file contains a record of every SMIT screen, menu, selector, and dialog
visited, the AIX commands executed, and the output from these commands. When the
image key is pressed, the screen image is placed in the smit.log file. If there are error or
warning messages, or diagnostic or debugging messages from SMIT, then these are also
appended to the smit.log file.
The smit.script file
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
The smit.script file contains the AIX commands executed by SMIT, preceded by the date
and time of execution. This file can be used directly as a shell script to perform tasks
multiple times, or it can be used as the basis for more complex operations.
The smit.transaction file
SMIT since AIX 5.2 has a relatively new file, smit.transaction. This file logs all the
executed commands similar to smit.script. The difference being smit.script logs all
commands, while smit.transaction only logs command_to_executes, see smit.log file.
For example, the user backs up the system using smit.
smit.script file
#
# [Oct 13 2008, 20:00:19]
#
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08
smit.transaction file
#=--------------------------------------------
# DATE: Oct 13 2008, 20:00:19
# DESCRIPTION: Back Up the System
#=--------------------------------------------
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Web-based System Manager, offers a comprehensive suite of system management tools
for the AIX operating system. Its main aim was to allow administrators with Microsoft
Windows system administration skills to easily manage an AIX operating system. However,
because it is Java based it is more cumbersome to use than SMIT and apart from HMC
usage, never really grew in popularity.
Now with AIX6, users should consider using IBM Systems Director Console for AIX.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
IBM Systems Director Console for AIX
The IBM Systems Director Console for AIX, also known as the Console, is a new
management interface that allows administrators to manage AIX 6.1 remotely through a
browser. It provides web access to common systems management tasks. The console is
included as part of AIX 6.1. The only additional component required is a web browser.
The Console is named after the IBM Systems Director because it is built on the same
graphical user interface as the IBM Systems Director. Although the Console is named after
the IBM Systems Director, it is not a prerequisite. All components necessary to run the
Console are included in AIX 6.1.
The Console also includes menu links to the Systems Management Interface Tool (SMIT),
Web-based System Manager, and Distributed Command Execution Manager (DCEM).
DCEM is a new facility to securely execute SMIT operations or other commands on
multiple machines at one time. This can improve administrator efficiency by reducing the
need to log in to multiple systems to run the same systems management task.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of pconsole
Details — Do not try to explain all aspects of the Console, just give them the essentials
and a feel for the tool.
Additional information — It is the same interface structure and code which IBM uses for
Systems Director, and WPAR Manager.
Transition statement — Let us look at the interface.
Uempty
Console interface
IBM Power Systems
Notes:
Logging into the console
IBM Systems Director Console for AIX relies on your AIX user account for user-logon
security. If the user ID that you provide is already logged into the console, the console
prompts you to choose between logging out from the other session or returning to the login
page. If you choose to log out from the other session, the console will not recover any
unsaved changes that were made by that user.
Use the Logout link in the console toolbar when you are finished using the console to
prevent unauthorized access. If there is no activity during the login session for an extended
period of time, the session expires and you must log in again to access the console. The
default session timeout period is 30 minutes.
If you encountered the login problem, please check the following items:
• No user account on the target server?
• Have the administrator create an account.
• Password expired or not set (new user account)?
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Console applications
IBM Power Systems
Notes:
Within pconsole exists a number of applications:
• OS management
This is the core of the application. Menu options are similar to SMIT but in a redesigned
new layout.
• Portlets/Modules
Are facilities within pconsole which provide system information and health details
• Classical SMIT
Very useful for those who still prefer the look and feel of traditional SMIT.
• Distributed Command Execution Manager (DCEM)
This is a graphical wrapper around an existing UNIX ‘dsh' utility. It allows commands and
scripts to be executed on multiple hosts.
Uempty For further information on dsh, see the AIX man page or the CSM documentation:
http://publib.boulder.ibm.com/infocenter/clresctr/vxrx/index.jsp?topic=/com.ibm.cluster.csm
.doc/csm141/am7cm11052.html
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Go through the applications which are available
Details — Provide highlights of the main applications.
Additional information —
Transition statement — Spend time introducing the management options.
Uempty
Define
• New look and feel Navigation
Toolbar start-up
area pages
Work area
Notes:
Toolbar
The toolbar and banner area displays a common image across IBM System Director
Console for AIX installations. The Console toolbar provides the following functions:
• Displays user name, for example, Welcome root
• Help
• Logout
Help is available for the entire console or for a specific module in the console. To access
console help, perform the following steps:
• Select Help on the console toolbar. The help is displayed in a separate browser
window.
• In the help navigation tree, select the help set you want to view. For example, select
Console help to view topics that provide information for new console users. Use the
console controls as needed. To access help for a module on a page, on the title bar for
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
the module, click the ? icon. This icon is displayed only if help is available for the
module. The help is displayed in a separate browser window.
Navigation area
The navigation area provides a tree to the tasks that are available in the console. Tasks are
grouped into organizational nodes that represent categories of tasks. For example, OS
Management or Settings, are organizational nodes. The organizational nodes can be
nested in multiple levels.
The navigation tree only displays tasks to which you have access. This is controlled by the
Console Roles and RBAC authorizations.
In this area, the following task categories can be accessed:
• Welcome
• My Startup Pages
• OS Management (AIX settings
• Health
• Settings (Console settings)
When you select a task in the navigation tree, a page containing one or more modules for
completing the task is displayed in the work area.
Work area
When you initially log in to the console, the work area displays a welcome page. After you
launch a task from the navigation tree, the contents of the task are displayed in a page in
the work area. A page contains one or more console modules that are used to perform
operations. Each console module has its own navigation controls. Some pages include a
control to close the page and return to the welcome page.
Startup pages
Regular pconsole users will want to set up startup pages at login, rather than seeing the
welcome page every time. To do this, simply select the page you are interested in from the
box in the top right hand area of the screen. Select add to my start-up pages. The next
time you log in, the page will be displayed in a tab.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
System health (1 of 3)
IBM Power Systems
Section-
specific
help
Refresh
immediately
Notes:
IBM Systems Director Console for AIX contains several portals. Each portlet refreshes after
a certain time interval to ensure the information is always consistent and up-to-date. The
example above is the system health portal. This shows detailed system and performance
information for the host running pconsole.
Metrics
The metrics feature of IBM Systems Director Console for AIX, provides the overall health of
the monitored metrics for the managed server. The window provides common status
information about the memory and CPUs. The main page provides a description of the
monitored metrics with separate rows for summary information on each metric. These
include the following:
• Select: Click to determine the metric displayed in the Metric Detail feature
• Metric: Displays the name of the metric being monitored
• Trend: Displays a graphic to indicate the recent changes to the metric
• Previous: Displays the prior value for the metric
• Latest: Displays the last monitored value for the metric
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
System health (2 of 3)
IBM Power Systems
• Configuration Information
Notes:
Summary Information
The summary feature provides the overall health status of the managed server. The
window provides common status information about the overall system, network, and
paging space configuration.
System Configuration
This expanded section displays information regarding the System p hardware and AIX
settings including such information as the model and serial number, processor type,
number and speed, memory size and status, and system recovery settings, like the auto
restart setting. All these values are related to the overall health and status of the server.
Some of these values may be changed in the System Environment area of the console.
Network Configuration
This expanded section displays information regarding the network settings including such
information as IP address, hostname, subnet mask, domain name, gateway, and name
server. All these values are related to the overall health and status of the network
Uempty connections for the server. Some of these values may be changed in the Communications
area of the console.
Paging Space Configuration
This expanded section displays information regarding the operating system paging space
setting which indicates the total paging space available. This value is related to the overall
health and status of the server. The value may be changed in the System Storage
Management area of the console.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show the information contained in the summary section
Details — Introduce the information contained within the health summary. Keep the details
at a high level.
Additional information —
Transition statement — Lets see the final section of the Health portal, portlets: Top
Processes and File Systems.
Uempty
System health (3 of 3)
IBM Power Systems
Notes:
Top Processes
The process feature provides a list of the running processes in a table view. The window
provides common status information about each individual process. A table describes each
process with separate columns to view detailed information. The table is initially sorted by
the parent ID. These columns include the following:
• Process Name displays the command that initiated the process.
• Process ID displays the ID number for the process.
• Parent ID displays the process ID number for the parent process that started the
process.
• CPU % displays the percent of the total CPU available used by the process in the cycle
before the last refresh.
• Time displays the total CPU time the process has been running before the last refresh.
• User displays the user ID under which the process is running.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
File System
The file system feature provides a list of the defined file systems in a table view. The
window provides common status information about each individual file system. The table
describes each individual file system with separate columns to view detailed information.
The table is sorted by the file system name. These columns include the file system name,
mount point, size, and free area.
• File System displays the file system name.
• Mount Point displays the current mount location for the file system.
• Size displays the size of the file system in Mbytes.
• Free Space displays the size of the free space available in the file system in Mbytes.
• Free % displays the percentage of the total space not in use.
• Page indicates the current page and total number of pages of file system information.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Classical SMIT
IBM Power Systems
Notes:
IBM Systems Director Console for AIX provides a web interface for classical SMIT. The
classical SMIT interface features the same menu structures and dialog panels as the ASCII
SMIT.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
DCEM portlet (1 of 5)
IBM Power Systems
Graphical driven
UNIX dsh
functionality Commands
dsh
LPAR:
LPAR:
LPAR:
LPAR:
AIX1
AIX4
AIX2
AIX3
© Copyright IBM Corporation 2009
Notes:
DCEM allows commands and scripts to be executed on multiple hosts concurrently. It is
based on the standard UNIX dsh (distributed shell) command.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
DCEM portlet (2 of 5)
IBM Power Systems
Enter job
name and
description.
Defaults to
standard PATH
and user root
Enter
commands to
run.
Notes:
The first task is to enter a job name and description, then work along the tabs, filling in the
information as appropriate. Starting with the Command Specification tab, the following
fields may be used when creating a distributed command:
• Name: Specify a name for the distributed task if you would like to save it for future use.
• Path: Specify the path of the command.
• Default User: Specify the user name under which the command will run.The user
currently logged in is the default value.
• Command (required): The command definition.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
DCEM portlet (3 of 5)
IBM Power Systems
Specify
target
machines.
Notes:
Moving to the Target Specification tab, create a set of targets on which the command will
run, by selecting any combination of DSH hosts and groups, CSM hosts and groups, and
NIM hosts and groups.
CSM is cluster software for AIX. NIM is software on AIX which allows AIX to be installed
over a network. Both CSM and NIM hosts can be grouped together for ease of
management. For these fields to be used, the IBM Systems Director Console must be
running directly on either a CSM or NIM server respectively.
Groups, CSM, and NIM are concepts beyond the scope of this course.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
DCEM portlet (4 of 5)
IBM Power Systems
Defaults to
rsh, ssh is
optional
Confirmation
that job is
running
Notes:
Moving to the Options Tab, specify:
• Remote shell: The default value is /usr/bin/rsh. Optionally, you can specify ssh if you
want to make the remote execution secure. Either way, the pconsole server must be
able to execute commands on the remote hosts without entering a password.
Otherwise, dsh commands will fail.
• Verify targets are responding: Select this check box to verify that targets are
responding before running the command.
The following options may be used when running the command:
• Run: This option runs the command on the specified targets.
• Run and Save: This option runs the command on the specified targets and saves the
current command specification as a script.
• Save: This option saves the current command specification as a script. All information
specified in the command specification tab, targets tab, and options tab will be saved.
Uempty The Generate Script button will produce a perl command script in the /dcem/scripts
directory on the pconsole server.
The submission report, will only confirm that the job is running. To see wether the job has
completed successfully, click the View Status button.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to create a task using DCEM (example 4 of 5)
Details — Continue with the example as shown in the visual.
Additional information —
Transition statement — Let us move to DCEM example 5 of 5.
Uempty
DCEM portlet (5 of 5)
IBM Power Systems
Status:
Completed OK
or failure!
Report output.
Further host output
can be seen by
selecting the links
below.
Notes:
After selecting view status, as shown on the previous visual, the Job Status window will
appear. In the example shown above, the DCEM job was completed successfully. To obtain
further information, click the View Report button.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — To show how to create a task using DCEM (example 5 of 5)
Details — Go through the final steps as shown in the example. The screens show how to
determine if the job has been successfully executed.
Additional information —
Transition statement — Let’s define the location of the pconsole logs.
Uempty
• Console Logs
– Location: /var/log/pconsole/logs
• Formatted using XML
– Rotated using filenames error-log-#.xml and trace-log-#.xml
## ls
ls /var/log/pconsole/logs
/var/log/pconsole/logs
error-log-0.xml
error-log-0.xml error-log-5.xml
error-log-5.xml trace-log-3.xml
trace-log-3.xml
error-log-0.xml.lck
error-log-0.xml.lck Log_Viewer.xml
Log_Viewer.xml trace-log-4.xml
trace-log-4.xml
error-log-1.xml
error-log-1.xml trace-log-0.xml
trace-log-0.xml trace-log-5.xml
trace-log-5.xml
error-log-2.xml
error-log-2.xml trace-log-0.xml.lck
trace-log-0.xml.lck
error-log-3.xml
error-log-3.xml trace-log-1.xml
trace-log-1.xml
error-log-4.xml
error-log-4.xml trace-log-2.xml
trace-log-2.xml
Notes:
The Systems Director Console log file are stored in XML format in the
/var/log/pconsole/logs directory.
Console Logging and Tracing
• Error log file
The system appends log messages to a single log file. A new log file is created each time
you start Integrated Solutions Console. Logging messages are written to the file
error-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write log messages.
• Trace log file
The system appends traces messages to a single log file. A new trace file is created each
time you start Integrated Solutions Console. Trace messages are written to the file
trace-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write trace messages.
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Classical SMIT logs are similar in nature to regular AIX SMIT. The letter w is prefixed to the
standard SMIT log file names, to differentiate these pconsole logs from the standard AIX
SMIT logs. There is no equivalent smit.transaction log produced through pconsole.
An example DCEM.log:
------------------------------------------------------------
Command name: Unspecified
Default user: root
Command definition:
export PATH=\$PATH;uname -a
Started: Tue Oct 14 17:06:34 2008
Ended: Tue Oct 14 17:06:35 2008
Successful targets:
DSH nodes:
statler.lpar.co.uk
waldorf.lpar.co.uk
Failed targets:
none
Targets not run:
none
Status:
Command execution completed.
-----------------------------------------------------------
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
IBM Power Systems
Notes:
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Exercise 2
IBM Power Systems
AIX system
management
Notes:
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Estimated time
01:00
References
Online AIX Version 6.1 Operating System and Device
Management
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit objectives
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
System startup
IBM Power Systems
SMS mode
Start AIX - OR -
partitions
Normal mode
Notes:
Level 1: Power Off state
The first power level is achieved by plugging in the power cord of the managed system
into a live power socket. The HMC will report that the managed system is in the Power
Off state. No additional buttons need to be pushed and no commands need to be
issued.
The service processor will be initialized and the service processor software will be
loaded and run. If your system has an Operator Panel, you'll see codes on the display
panel and after a few minutes, you will also see a steady blinking green light. The HMC
will also display the codes and status information for the managed system. At this point,
the service processor is an active host on the network. You may use the system
management (ASMI) application on the service processor. However, the rest of the
devices, such as disks, processors, and so forth, on the managed system are still
powered off.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Describe the powering on process and the different power levels
Details — The focus on this unit is powering on/off AIX, but it is critical we put this into
context of a Power5/Power6 machine.
Additional information —
Transition statement — Now we have described the big picture, let's see how to power on
a P6 box.
Uempty
Notes:
Introduction
The visual above shows a managed system in the Power Off state. The HMC menu is
shown where you can choose to power on the system. This is the selected menu when
the managed system is selected. The next visual shows you the screen that appears
after choosing Power On from the menu.
HMC command for managed system power on
The chsysstate HMC command can also be used in an SSH session to change the
state of the managed system or partitions. Specific examples of power on commands
will be shown on the following pages.
Scheduling the managed system power on
You can schedule an automatic managed system power on for a particular date and
time, and it can be scheduled to repeat. This application is found under HMC
Management > HMC Configuration > Schedule Operations.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the content of this unit
Details — This visual is an overview of powering up the system from an HMC. Emphasize
that this is the managed system power on procedure and not of a particular partition. The
managed system must be powered on before any partitions can be activated.
Additional information — In reality, experienced users, especially in enterprise
environments, control the HMC through the command line. This is why I have highlighted
the commands.
Transition statement — Let's look at the AIX startup modes.
Uempty
Notes:
System Management Services
To boot into SMS, either press the 1 key shortly after partition activation, or set the
partition to specifically SMS boot. To do this, click the Advanced button on activation
and set the boot mode to SMS.
SMS is the Power System firmware menu. The code is shipped with the hardware. This
resource can be used to select the boot device, or change the order of the bootlist and
boot the system into Service mode, if maintenance is required.
Service mode enables the user to run diagnostics or access the system in single-user
mode.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the startup modes for AIX
Details — There are several startup modes for AIX. However, most of the time the system
is booted in normal mode. To build the system, or to boot into maintenance mode to fix
problems, it is often necessary to boot into SMS mode (the system firmware). The others
boot options are rarely used.
Give an overview of SMS booting and why one would want to do it.
Additional information —
Transition statement — Let's continue with normal mode and the other options.
Uempty
• Normal mode
– AIX boots into multi-user mode (run level 2).
– Users can log in, the system can be configured, and applications can start.
– The bootlist command can set/change the start-up boot device.
Notes:
Start-up modes:
• Normal: The logical partition starts up as normal. This is the mode that you use to
perform most everyday tasks. When the machine does a normal boot, it completes the
full AIX boot sequence and start processes, enables terminals and generates a login
prompt, to make it available for multi-user access. It also activates the disks, sets up
access to the files and directories, starts networking, and completes other machine
specific configurations.
• Diagnostic with default boot list: The logical partition boots using the default boot list
that is stored in the system firmware. This mode is normally used to boot diagnostics
from the CD/DVD drive. Use this boot mode to run standalone diagnostics. The
diagnostic CD is delivered with the Power H/W.
• Diagnostic with stored boot list: The logical partition performs a service mode boot
using the service mode boot list saved in NVRAM. Use this boot mode to run online
diagnostics.
• Open Firmware OK prompt: The logical partition boots to the open firmware prompt.
This option is used by service personnel to obtain additional debug information.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Continuation of startup modes
Details — Cover normal mode booting. Go through the bootlist command, how to view the
current normal mode bootlist and change it.
Just highlight the other boot options, rarely are they used these days as one would typically
boot into SMS, and then just select the boot device. Again booting from diagnostics CDs is
rarely performed by service personnel.
Additional information —
Transition statement — Now we know how to start the system and AIX. Let’s see what
happens when we boot an AIX partition.
Uempty
Partition Activation
LOGIN
© Copyright IBM Corporation 2009
Notes:
AIX start-up overview
After the partition is activated, a boot image is located from the boot device, specified
from SMS or the bootlist command, and is loaded into memory. During a normal boot,
the location of the boot image is usually a hard drive. Besides hard drives, the boot
image could be loaded from CD/DVD. This is the case when booting into maintenance
mode for service. If working with the Network Installation Manager (NIM), the boot
image is loaded through the network.
The kernel restores a RAM file system into memory by using information provided in the
boot image. At this stage, the rootvg is not available, so the kernel needs to work with
commands provided in the RAM file system. You can think of the RAM file system as a
small AIX operating system. The kernel starts the init process which was provided in the
RAM file system, not from the root file system. This init process executes a boot script
which is named rc.boot. rc.boot controls the boot process. The base devices are
configured, rootvg is activated or varied on, and the real init process starts from rootvg
which will in turn process the /etc/inittab at run level two.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the AIX start-up process
Details — Provide high level details of the AIX booting process. Go through the details
provided in the student notes.
Additional information —
Transition statement — Let's look at how we start a partition from the HMC.
Uempty
To activate
into SMS
Notes:
Activating a partition
To activate a partition from the HMC Server Management application, select the
partition name and choose Activate from the menu. An Activate Logical Partition
screen will appear from which the user can select the start-up profile.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how an AIX partition is activated
Details — Go through the visual and explain how to start an AIX partition.
Additional information —
Transition statement — Partition activation, part 2
Uempty
AIX
AIX Version
Version 66
Copyright
Copyright IBM
IBM Corporation,
Corporation, 1982,
1982, 2007
2007
Console login:
Console login:
Notes:
Activating a partition (continued)
Partitions can have one or many profiles assigned, one of which will be the default.
Profiles contain the attributes of the partition such as process and memory
requirements, and assigned devices. At the time of starting the profile a virtual console
session can be optionally started. The Advanced button enables users to set the
start-up mode. A default start-up mode will be contained within the profile.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how an AIX partition is activated continued
Details — Following the activate action, you must pick the profile to boot from, shown as
an02 in the visual. Explain to students that it is the profile that contains the attributes, such
as processing units, memory, and devices. Mention also the advanced button which shows
the boot mode options mentioned earlier.
Once the partition is running, we can log in, either remotely (tn, ssh, and so on) or by using
a virtual console session as shown on the visual.
Additional information —
Transition statement — If you take a break and are away from the console while the
system is booting, you will miss the console messages. Let’s see how we can view this
information after the system has booted.
Uempty
alog program
/var/adm/ras/bootlog
/var/adm/ras/BosMenus.log
Use the
/var/adm/ras/bosinst.log
alog
command
/var/adm/ras/nimlog
to view /var/adm/ras/conslog
logs /var/adm/ras/errlog
Notes:
Overview
The alog command is a BOS feature that provides a general-purpose logging facility
that can be used by any application or user to manage a log. The alog command reads
standard input, writes the output to standard out, and copies it to a fixed size file at the
same time.
The log file
The file is treated as a circular log. This means that when it is filled, new entries are
written over the oldest entries. Log files used by alog are specified on the command
line or defined in the alog configuration database maintained by the ODM. The
system-supported log types are boot, bosinst, nim, and console.
Use in boot process
Many system administrators start the boot process, and then go and get a cup of coffee.
Unfortunately, boot messages may appear on the screen, only to be scrolled and lost,
never to be seen by the user. In some instances, these messages may be important,
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
particularly if the system did not boot properly. Fortunately, alog is used by the rc.boot
script and the configuration manager during the boot process to log important events.
To view the boot information, the command alog –o -t boot may be used. If the
machine does not boot, boot the machine into maintenance mode and view the boot
log contents.
Viewing logs with SMIT
You can also use SMIT to view the different system-supported logs. Use the following
command:
# smit alog
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
/etc/inittab
IBM Power Systems
Notes:
Introduction
The /etc/inittab file lists the processes that init starts, and it also specifies when to
start them. If this file gets corrupted, the system cannot boot properly. Because of this, it
is a good idea to keep a backup of this file. This file should never be edited directly. Use
lsitab, chitab, and mkitab commands. After editing the /etc/inittab file, force the
system to reread the file by using the telinit q command.
To list the inittab type: lsitab –a
To add an entry into the inittab type: mkitab [ -i Identifier ] { [
Identifier ] : [ RunLevel ] : [ Action ] : [ Command ] }
• Example: mkitab "tty002:2:respawn:/usr/sbin/getty /dev/tty2“
To chance an entry in the inittab type: chitab { [ Identifier ] : [ RunLevel
] : [ Action ] : [ Command ] }
• Example: chitab "tty002:4:respawn:/usr/sbin/getty /dev/tty“
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the content of this unit
Details — Explain the run levels on AIX. Go through the format of the file, explaining each
of the four fields.
Additional information — The inittab file is reread by the init daemon every 60 seconds.
The telinit q command is only needed if you cant wait for the next 60 second check. Be sure
to stress this file is read top to bottom. This is why the wait action is important. There are
dependencies in this file like rcnfs and rctcpip. NFS stands for network file system, which
allows sharing of file systems across the network. NFS cannot work if the line above it,
rctcpip which starts networking, is not started and completed. Notice that rctc pip's start
action is wait.
Transition statement — How many run levels do we have and is there an run level control
over an above inittab?
Uempty
Run levels
IBM Power Systems
Notes:
Run levels define the behavior of init, and by extension, those processes which run on the
system when it is at any given level. A run level is a software configuration that allows only
a selected group of processes to exist. The system can be at one of the following run
levels:
• 0-9
Tells the init command to place the system in one run level 0-9
When the init command requests a change to run levels 0-9, it kills all processes at the
current run levels and then restarts any processes associated with the new run levels.
• 0-1
Reserved for the future use of the operating system
• 2
Contains all of the terminal processes and daemons that are run in the multiuser
environment
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
In the multiuser environment, the /etc/inittab file is set up so that the init command
creates a process for each terminal on the system. The console device driver is also set
to run at all run levels so the system can be operated with only the console active.
• 3-9
Can be defined according to the user's preferences
• S,s,M,m
Tells the init command to enter the maintenance mode. When the system enters
maintenance mode from another run level, only the system console is used as the
terminal.
• a,b,c,h
Tells the init command to process only those records in the /etc/inittab file with a,
b, c, or h in the run level field. These four arguments, a, b, c, and h, are not true run
levels. They differ from run levels in that the init command cannot request the entire
system to enter run levels a, b, c, or h. When the init command finds a record in the
/etc/inittab file with a value of a, b, c, or h in the run level field, it starts the
process. However, it does not kill any processes at the current run level. Processes with
a value of a, b, c, or h in the run level field, are started in addition to the processes
already running at the current system run level. Another difference between true run
levels and a, b, c, or h, is that processes started with a, b, c, or h are not stopped when
the init command changes run levels. There are three ways to stop a, b, c, or h
processes:
- Type off in the Action field.
- Delete the objects entirely.
- Use the init command to enter maintenance state.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Start-up and stops scripts can be defined for each run level
which are automatically invoked at entry and exit.
/etc/rc.d # ls –R
/etc/rc.d # ls –R
init.d rc rc2.d rc3.d rc4.d rc5.d rc6.d rc7.d rc8.d rc9.d
init.d rc rc2.d rc3.d rc4.d rc5.d rc6.d rc7.d rc8.d rc9.d
./init.d:
./init.d:
./rc2.d:
./rc2.d: Scripts starting with
Ksshd Kwpars Ssshd
Ksshd Kwpars Ssshd
S are invoked at
./rc3.d: boot time by
./rc3.d:
./rc4.d:
/etc/rc.d/rc
./rc4.d:
./rc5.d:
./rc5.d:
./rc6.d: Scripts starting with K are
./rc6.d:
invoked synchronously by
./rc7.d:
./rc7.d: shutdown with one argument:
./rc8.d: 'stop'. They are also called on
./rc8.d:
start-up prior to invoking the start
./rc9.d:
./rc9.d:
scripts.
Notes:
Run level control scripts
Run level scripts enable system administrators to start and stop selected applications
and services, or perform tasks during system start-up, shutdown or during run level
change. Run level scripts need to be created in the subdirectory of /etc/rc.d that is
specific to the run level. Scripts beginning with K are stop scripts, while scripts
beginning with S are start scripts.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Purpose of the System Resource Controller
The System Resource Controller (SRC) provides a set of commands to make it easier
for the administrator to control subsystems. A subsystem is a daemon, or server, that is
controlled by the SRC. A subserver is a daemon that is controlled by a subsystem.
Daemon commands and daemon names are usually denoted by a d at the end of the
name. For example, inetd is a subsystem and can be controlled through SRC
commands. rlogind is a subserver which is started by the inetd subsystem as shown in
the visual.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Listing subsystems
IBM Power Systems
Notes:
Introduction
In this section, we discuss some examples of SRC commands.
Listing SRC status
The lssrc command is used to show the status of the SRC subsystems. In the example
shown on the visual, we are checking the status of all subsystems using the -a flag and
the TCP/IP group using the -g flag.
Specifying a subsystem or subsystem group
The -s and -g flags are used to specify subsystems or subsystem groups, respectively.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
SRC Control
IBM Power Systems
• Controlling subsystems
## stopsrc
stopsrc -s
-s inetd
inetd
0513-044
0513-044 The /usr/sbin/inetd
The /usr/sbin/inetd Subsystem
Subsystem was
was requested
requested to
to stop.
stop.
## startsrc
startsrc -s
-s inetd
inetd
0513-059
0513-059 The inetd
The inetd Subsystem
Subsystem has
has been
been started.
started. Subsystem
Subsystem PID
PID is
is
311374.
311374.
## refresh
refresh -s
-s inetd
inetd
0513-095
0513-095 The request
The request for
for subsystem
subsystem refresh
refresh was
was completed
completed
successfully.
successfully.
Not all
subsystems
support being
refreshed.
## refresh
refresh -s
-s sshd
sshd
0513-005
0513-005 The Subsystem,
The Subsystem, sshd,
sshd, only
only supports
supports signal
signal communication.
communication.
Notes:
If a change is made to a subsystem configuration, then the subsystem will need to be
refreshed. For example, if the entry for the ftp service is disabled in the inetd.conf file, then
the inetd subsystem will need to be refreshed by using refresh command. Not all
subsystems can be refreshed. If this is the case, simply use startsrc and stopsrc
commands.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Introduction
The SMIT shutdown fastpath or the shutdown command is used to shut the system
down cleanly. If used with no options, shutdown displays a message on all enabled
terminals (using the wall command), then (after one minute) disables all terminals, kills
all processes on the system, syncs the disks, unmounts all file systems, and then halts
the system.
Some commonly used options
You can also use shutdown with the -F option for a fast immediate shutdown (no
warning), -r to reboot after the shutdown or -m to bring the system down into
maintenance mode. The -k flag specifies a “pretend” shutdown. It appears to all users
that the machine is about to shut down, but no shutdown actually occurs.
Shutting down to single-user mode
Use the following command to shut down the system to single-user mode: # shutdown
-m
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — To describe how to shutdown an AIX partition
Details — Describe the syntax and use of the popular options on the shutdown command.
Additional information —
Transition statement — Now we understand how to shutdown AIX from the command
line. Let's see how we can do this from the HMC.
Uempty
Do a fast
shutdown,
shutdown -F
Notes:
From the HMC, the following shutdown options are supported. Generally, best practice is to
shutdown AIX from within the partition.
• Delayed: The HMC shuts down the logical partition using the delayed power-off
sequence. This allows the logical partition time to end jobs and write data to disks. If the
logical partition is unable to shut down within the predetermined amount of time, it will
end abnormally and the next restart may be longer than normal.
• Immediate: The HMC shuts down the logical partition immediately. The HMC ends all
active jobs immediately. The programs running in those jobs are not allowed to perform
any job cleanup. This option might cause undesirable results if data has been partially
updated. Use this option only after a controlled shutdown has been unsuccessfully
attempted.
• Operating System: The HMC shuts down the logical partition normally by issuing a
shutdown command to the logical partition. During this operation, the logical partition
performs any necessary shutdown activities. This option is only available for AIX logical
partitions.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Operating System Immediate: The HMC shuts down the logical partition immediately
by issuing a shutdown -F command to the logical partition. During this operation, the
logical partition bypasses messages to other users and other shutdown activities. This
option is only available for AIX logical partitions.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Power down partitions first
Before you power off the managed system, you must first shut down the operating systems
in each of the running partitions. Otherwise, they will terminate abnormally which may lead
to file system corruption.
After selecting the Power Off item from the Managed System's Operations task menu, you
must choose between the Normal power off procedure and the Fast power off procedure.
• Normal power off: The system ends all active tasks in a controlled manner. During that
time, the service processor and the POWER Hypervisor are allowed to perform cleanup
(end-of-job-processing).
• Fast power-off: The system ends all active tasks immediately. The programs running in
the service processor and the POWER Hypervisor are not allowed to perform any
cleanup.
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
IBM Power Systems
Notes:
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Exercise 3
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Estimated time
01:00
References
Online AIX Version 6.1 Installation and migration
SG25-7559 IBM AIX Version 6.1 Difference Guide (redbook)
SC23-6629 AIX Version 6.1 Release Notes
SC23-6630 AIX Version 6.1 Expansion Pack Release Notes
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
Unit objectives
IBM Power Systems
Notes:
• Network
– Network Installation Manager (NIM)
– Details covered in IBM training course: AIX Installation Management
(AU08G)
Notes:
When a Power system order is placed with IBM, or a business partner, there are options to
have the system preconfigured. This pre-configuration consists of LPAR creation and
installation of OS software including AIX.
AIX6 by default is delivered on DVD media. Optionally, AIX can also be ordered on CD
(one through eight disks).
In an LPAR environment, NIM is a very popular method of installing and updating AIX. NIM
is a large topic and is covered in-depth in the AU08G education class.
• Steps:
Assume a partition and partition profile has already been created.
1. Place the AIX DVD or CD in the drive.
2. Activate the partition to SMS and open terminal window.
3. Select boot device using SMS menus in the terminal window.
4. Interact with the AIX install menus.
Notes:
To install AIX into a partition, the partition and profile must first be created through the
HMC. The partition must have access to a device slot which contains the optical media
drawer. If a virtualized environment is to be deployed, then the VIOS partition will probably
own the optical device. In that case, it is still possible to make this CD available to a
partition as a virtual optical SCSI device. In VIOS version 1.5, a new feature was added
which allows a media ISO image to be allocated to multiple partitions, through the
file-backed virtual optical device feature.
To install AIX from the optical drive, either boot into SMS mode and choose to boot from the
optical media device, or start the partition with the “Diagnostic with default boot list”. Then
follow and interact with the menus.
Multiboot
Multiboot
1. Select Install/Boot Device
1. Select Install/Boot Device
Notes:
When SMS starts, choose option 5, followed by the boot device (in this case CD/DVD). The
system will then display all devices of this type. In the visual, there is only one such device.
Select this device number and then press Enter.
Select Task
Select Task
SCSI CD-ROM
SCSI CD-ROM
( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )
( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )
1. Information
1. Information
2. Normal Mode Boot
2. Normal Mode Boot
3. Service Mode Boot
3. Service Mode Boot
Notes:
Once the optical media device is selected, we need to perform a normal boot and exit SMS
as shown in the visual. The partition will then proceed and boot from the optical media
drive. The first interactive step is to type <1>, and then press Enter to use the terminal as
the system console.
Notes:
If option 1 is selected, a default system installation will occur. However, in most cases you
may want to see and change the default settings. To do this, type a <2> and press Enter.
Select 88 to display help on this or any subsequent installation screen.
Notes:
The installation and Settings menu enables you to set the key options and configuration
settings to be deployed during installation.
Method of installation
IBM Power Systems
88 Help ?
88 Help ?
99 Previous Menu
99 Previous Menu
>>> Choice [1]:
>>> Choice [1]:
Notes:
Changing the method of installation
When you select Option 1 in the Installation and Settings menu to change the method of
installation, the Change Method of Installation submenu shown in the visual is
displayed. The contents of which depends on the current state of the machine.
Complete Overwrite Install
On a new machine, New and Complete Overwrite is the only possible method of
installation. On an existing machine, if you want to completely overwrite the existing
version of BOS, then you should use this method.
Preservation Install
Use the Preservation Install method when a previous version of BOS is installed on
your system and you want to preserve the user data in the root volume group. This
method removes only the contents of /usr, / (root), /var and /tmp. The Preservation
Install option preserves page and dump devices as well as /home and other
Uempty user-created file systems. System configuration has to be done after doing a
preservation installation.
Migration Install
Use the Migration Install method to upgrade an AIX 5L to an AIX 6 or later version,
while preserving the existing root volume group. This method preserves all file systems
except /tmp, as well as the logical volumes and system configuration files. Obsolete or
selective fix files are removed.
Instructor notes:
Purpose — Define the different installation methods
Details — Explain each type of installation method. For this course, you should choose
New and Complete Overwrite.
Additional information —
Transition statement — The next setting to consider, is on which disks the operating
system is going to be installed.
Uempty
Installation disks
IBM Power Systems
Notes:
Selecting installation disks
After you select the type of installation, you must then select the disks that are to be used
for the installation. A list of all the available disks is displayed, similar to the one shown.
This screen also gives you the option to install to an unsupported disk by adding the code
for the device first.
When you have finished selecting the disks, type <0> in the Choice field and press Enter.
Instructor notes:
Purpose — Define how disks can be selected for installation
Details — After booting from an external media or over the network, BOS install
announces its intentions to install the AIX BOS onto the default disks and asks the user if it
is acceptable. The default disks are where the operating system was previously located. If
the user does not want to use the default disk, then the user can select a target disk. All
disks that are available are displayed with a single option to use a supplemental third party
target device. If the supplemental device option is selected, the BOS install prompts the
user to load the device configuration support drivers.
Option 77 on this menu displays the Physical Volume ID, which is what is found in the
ODM. This information is provided in case a student asks what this option displays.
Additional information —
Transition statement — Let's look how we define the primary language environment.
Uempty
88 Help ?
88 Help ?
99 Previous Menu
99 Previous Menu
>>> Choice [10]:
>>> Choice [10]:
Notes:
At this point in the installation process, you can change the language and cultural
convention that is used on the system after installation. This screen will display a full list of
supported languages.
It is recommended that if you are going to change the language, change it at this point
rather than after the installation is complete. Whatever language is specified at this point is
obtained from the installation media.
Cultural Convention determines the way numeric, monetary, and date and time
characteristics are displayed.
The Language field determines the language used to display text and system messages.
The Keyboard field determines the mapping of the keyboard for the selected language
convention.
Instructor notes:
Purpose — Define how the primary language environment after the installation is set
Details — The visual shows the list of language environments that can be selected. The
environment is governed by three settings:
• Cultural Conventions which governs such things as the date format, the monetary
symbol, the sorting collation order, and so forth.
• Language which sets the language for the messages.
• Keyboard which governs the character set that is available.
In reality, this screen displays many language options. Users can also create their own
specific combinations by typing 159.
If English (United States) is chosen, a second menu is displayed. On this menu, choose the
type of keyboard being used: 1 for the default keyboard and 2 for the 122-key keyboard.
Point out that “C(POSIX)” is an English based POSIX standard compliant language
environment. This is often sufficient for many systems.
Additional information — The language in which the system runs should be selected at
this point, if at all possible. If a different language is needed after installation is complete,
the install media needs to be available in order to install the appropriate new language
filesets.
Transition statement — Let's look at the options.
Uempty
Security Models
IBM Power Systems
• These settings are beyond the scope of this class. They are
covered in IBM training course: AIX Security (AU47G).
• Security models are all set to NO by default.
Security Models
Security Models
Type the number of your choice and press Enter.
Type the number of your choice and press Enter.
1. Trusted AIX............................................. No
1. Trusted AIX............................................. No
Notes:
Type <1> and press Enter to change the selection for Trusted AIX. Trusted AIX enables
Multi Level Security (MLS) capabilities in AIX MLS is also referred to as label-based
security.
As compared to regular AIX, Trusted AIX label-based security implements labels for all
subjects and objects in the system. Access controls in the system are based on labels that
provide for an MLS environment and include support for the following:
• Labeled objects: Files, IPC objects, network packets, and other labeled objects
• Labeled printers
• Trusted Network: Support for RIPSO and CIPSO in IPv4 and IPv6
Note that once you choose this mode of installation, you will not be able to go back to a
regular AIX environment without performing an overwrite install of regular AIX. Evaluate
your need for a Trusted AIX environment before choosing this mode of install.
Do not forget standard AIX provides a set of security features to enable information
managers and administrators to provide a basic level of system and network security. The
primary AIX security features include the following:
• Login and password controlled system and network access
• User, group, and world file access permissions
• Access control lists (ACLs)
• Audit subsystem
• Role Based Access Control (RBAC)
Trusted AIX builds upon these primary AIX operating system security features to further
enhance and extend AIX security into the networking subsystems.
Type <2> and press Enter to continue to other security options. For Trusted AIX, the choice
will be LSPP/EAL4+ configuration. For standard AIX, the choices will be Secure by Default,
CAPP/EAL4+, and Trusted Computing Base.
ATTENTION: Evaluate your need for any security options before making your choice.
Additional information is available in your security documentation.
Install Options
Install Options
1. Graphics Software................................................ Yes
1. Graphics Software................................................ Yes
2. System Management Client Software................................ Yes
2. System Management Client Software................................ Yes
3. Create JFS2 File Systems......................................... Yes
3. Create JFS2 File Systems......................................... Yes
4. Enable System Backups to install any system...................... Yes
4. Enable System Backups to install any system...................... Yes
(Installs all devices)
(Installs all devices)
>>> 5. Install More Software
>>> 5. Install More Software
Notes:
When Graphics Software Install option is Yes, X11, CDE, WebSM, Java, and other
software dependent on these packages is installed.
System Management Client Software includes WebSM, Java, service agent, lwi and
pconsole.
The default action, since AIX 5.3, is to create all logical volumes in rootvg using JFS2 file
systems.
Enabling System Backups to install on other systems, installs all devices code and drivers.
Otherwise, only device drivers necessary to your system hardware configuration are
installed. This is the preferred option, and it is very useful if you want to clone the image to
another system which differs in type or device layout.
To install more software, select option 5 and press Enter.
Notes:
Prior to installation, a summary page is displayed. If you are ready to proceed with your
options, select 1 to continue and the system installation will begin. It takes approximately
one hour to build the partition from DVD or CD media.
Notes:
When AIX installation is complete, the end user has to accept both Software and
Maintenance License agreements, as shown in the visual.
• Post-install tasks:
Notes:
The installation is not finished until you complete the post setup in the operating system.
Once AIX has installed, the system will reboot. Several post installation steps are required.
Firstly, you have to accept both the software and maintenance license agreements. Finally,
the installation assistant will start. Although optional, it is recommended that you use the
installation assistant at a minimum to set the root password, date, and time, and configure
the network parameters accordingly.
One AIX is installed, you should update it to the latest technology level and service pack.
These can be downloaded from fix central: http://www.ibm.com/support/fixcentral
Installation Assistant
Installation Assistant
Move cursor to desired item and press Enter.
Move cursor to desired item and press Enter.
Set Date and Time
Set Date and Time
Set root Password
Set root Password
Configure Network Communications
Configure Network Communications
Install Software Applications
Install Software Applications
Using SMIT (information only)
Using SMIT (information only)
Tasks Completed - Exit to Login
Tasks Completed - Exit to Login
Notes:
After the license agreements have been accepted, the installation assistant (ASCII
console) or configuration assistant (Graphical console) will be displayed. The install
assistant is similar to a mini version of SMIT. As mentioned earlier in the UNIT, it is
recommended that one uses the installation assistant at a minimum to set the root
password, date, and time and to configure the network parameters accordingly. Another
approach, would be to exit the installation assistant immediately and use smit, command
line, or scripts to configure the system.
The installation assistance can be invoked at any time using the install_assist
command. On a graphical console, either the install_assist or configassist
commands can be used to launch the configuration assistant.
• What is NIM?
– Centralized Installation and Management of AIX over a network
LPAR 4 Client
Systems
LPAR 1
Public/Open LPAR 2
NIM Server network
Client Definitions
LPAR1
LPAR2
…
Actions:
• Resources are allocated to Clients
• Clients are set for a BOS operation
Figure 4-17. AIX installation in a partition using NIM: NIM overview AN121.1
Notes:
Network Install Manager (NIM) Introduction
NIM can be used to manage the installation of the Base Operating System (BOS) and
optional software on one or more networked machines. NIM gives you the ability to
install and maintain the AIX operating system, and any additional software, and fixes
that may be applied over time. NIM allows you to customize the configuration of
machines both during and after installation. NIM eliminates the need for access to
physical media, such as tapes and optical media, once the NIM master has been
loaded. You use the NIM master to load other network “clients”. System backups can be
created with NIM, and stored on any server in the NIM environment. The advantage to
using NIM in an LPAR environment is that it solves the device allocation issue. Since
AIX may already be installed once on the system before it is shipped, you can configure
this partition to be the NIM master. Or, you could use another AIX system that is the
proper AIX version. One of the optional steps in creating a NIM master is creating a
mksysb (AIX system backup image). You could use this mksysb to install AIX in the
other partitions. The advantage to mksysb is that it copies AIX customizations from the
source system.
Instructor notes:
Purpose — Provide a brief introduction to NIM as a prerequisite for AIX installation
Details — Go through the details in the visual and notes.
Provide a brief introduction to NIM.
Define what a NIM server is, the basic SPOT and lpp_source resources, and how a BOS
installation occurs.
Do not get too involved with NIM as it is a very large topic. Refer students to the IBM
training NIM class AU08G as a means to build important NIM skills.
Additional information —
Transition statement — OK, that concludes the high level NIM introduction. Now, let’s
define the configuration steps required for a client BOS operation.
Uempty
AIX installation in a partition using NIM:
Configuration steps
IBM Power Systems
• Note:
– Subsequent installs and updates for the same partition can be initiated
from the NIM master.
Figure 4-18. AIX installation in a partition using NIM: Configuration steps AN121.1
Notes:
To install a partition from a NIM server, you will need to create the partition and partition
profile, for the partition where AIX will be installed. You would complete this step if you were
installing from optical media, except that you would not have to allocate the slot for the CD
or DVD device. The partition will need to be activated in SMS boot mode. From SMS, the
NIM server network details can be entered, which will cause the client to issue a boot
request over the network. From this point, the menu steps are identical to using optical
media.
Instructor notes:
Purpose — Define the configuration steps required for a BOS installation of an AIX client
Details — Go through the details in the visual and notes. Keep the details at a high level.
Additional information —
Transition statement — While the details of installing and configuring a NIM server is
covered in a later course, you do need to understand how to initiate a network install using
an already configured NIM server. Let’s look at what is involved in executing a network boot
using SMS.
Uempty
Network boot (1 of 7)
IBM Power Systems
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
--------------------------------------------------------
Main Menu
1. Select Language
2. Setup Remote IPL (Initial Program Load)
3. Change SCSI Settings
4. Select Console
5. Select Boot Options
--------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
-------------------------------------------------------
Notes:
Instructor notes:
Purpose — Show where to initiate a network boot.
Details — This page shows where to access the Remote IPL option (that is, network boot).
Not all SMS versions will have menus that look exactly like this. Point out that you will need
to read the menu and choose the appropriate item for “Remote IPL” or similar phrase.
Additional information —
Transition statement — The next visual shows the screen that you will see after choosing
option 2 from the main SMS menu.
Uempty
Network boot (2 of 7)
IBM Power Systems
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
----------------------------------------------------------
NIC Adapters
Device Location Code
1. Port 1 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-
T1
2. Port 2 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-
T2
----------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
Notes:
NIC adapter
Select which network interface to use. The example in the visual shows two ports on the
integrated Ethernet controller.
Instructor notes:
Purpose — Describe what to do from the Remote IPL SMS menu.
Details — The visual shows the screen where you choose which network adapter to use to
access the NIM server.
Additional information —
Transition statement — After selecting the Network adapter, the following menu displays
Uempty
Network boot (3 of 7)
IBM Power Systems
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
Select Network Service
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
1. BOOTP
2. ISCSI
---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
© Copyright IBM Corporation 2009
Notes:
Select the Network service: BOOTP.
Instructor notes:
Purpose — Explain network service selection.
Details —
Additional information —
Transition statement — Then displays the menu where to specify the network parameters
and the network adapter configuration.
Uempty
Network boot (4 of 7)
IBM Power Systems
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
Network Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
1. IP Parameters
2. Adapter Configuration
3. Ping Test
4. Advanced Setup: BOOTP
---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
© Copyright IBM Corporation 2009
Notes:
Network parameters
Choose option 1 and configure the IP parameters. This screen is shown in the next
visual.
Then choose option 2 and configure the adapter settings, such as media speed and
duplex setting.
When everything is configured properly, run the ping test and it should be successful.
When the ping test is successful, return to the SMS main menu, select the network
adapter as a boot device, and exit the SMS menu. This will start the network boot
process.
Instructor notes:
Purpose — Describe what to do from the Network Parameters SMS menu.
Details — At this point the procedure is to choose option 1, then 2, then 3, and then return
to the SMS main menu and exit SMS.
Additional information —
Transition statement — Let’s see the screen if you choose option 1, IP Parameters.
Uempty
Network boot (5 of 7)
IBM Power Systems
IP parameters:
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
IP Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
1. Client IP Address [10.6.103.64]
2. Server IP Address [10.6.103.1]
3. Gateway IP Address [10.6.103.254]
4. Subnet Mask [255.255.255.0]
---------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
Notes:
IP parameters
Enter the IP address of the client, which is the partition.
Enter the IP address of the server, which is the NIM server.
Enter the IP address of the gateway. This is the partition’s gateway system; so it must
be local on the partition’s subnet. This value can be a valid route on the same subnet as
the client partition or the IP address of the NIM server. Ask your network administrator
which system to use.
Enter the subnet mask that the partition is using.
Adapter configuration
Once you’ve entered this information, return to the previous screen and choose the
Adapter Configuration option. Here you will need to specify the media speed and the
duplex setting.
Network boot (6 of 7)
IBM Power Systems
Adapter configuration:
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
IP Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNWGCP5-P1-C4
1. Speed,Duplex
Disable Spanning Tree
2. Spanning Tree Enabled
for faster operation
3. Protocol
---------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
Notes:
Overview
The adapter configuration screen allows you to set parameters for the adapter itself.
Typically, you can leave it alone with the exception of optionally disabling spanning tree.
This will make the boot go much faster.
The value for option 2 will not change, that is, from Enabled to Disabled. The option
should have a question mark next to it that is answered when you choose the option.
Network boot (7 of 7)
IBM Power Systems
Notes:
Ping test
This option pings the NIM server. If it fails, suspect your IP configuration or the network.
Checkpoint
IBM Power Systems
Notes:
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
Exercise 4
IBM Power Systems
AIX
installation
Notes:
Unit summary
IBM Power Systems
Notes:
Estimated time
01:15
References
Online AIX 6.1 Information
SG24-7463 AIX 5L Differences Guide: Version 5.3 Edition
(redbook)
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit objectives
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
AIX media
IBM Power Systems
AIX
AIX AIX AIX AIX 6.1 Base (DVD or CD)
AIX AIX
+ update CDs
A IX
AIX 6.1 Expansion Pack
AIX
AIX Toolbox for Linux
AIX
Mozilla Firefox Browser
Notes:
Each of the products listed above has a separate order number and feature code. At the
time of publication they were:
AIX V6.1 standard edition, feature code: 5692-A6P, order number: 0967
• AIX v6.1 Base
• AIX v6.1 Expansion Pack
• AIX v6.1 InfoCenter (DVD)
• AIX Toolbox for Linux
• Mozilla Firefox Browser
For virtual environments, a PowerVM license is required. The following software is
supplied:
• Virtual I/O Server V2.1
• Virtual I/O Server Expansion Pack
Uempty The AIX Expansion Pack is a collection of extra software that extends the base operating
system capabilities. It contains filesets such as:
• Open Secure Sockets Layer (OpenSSL)
• Java 6 32- and 64-Bit
• iSCSI Target Device Driver
• List of Open Files (LSOF) and many more
The AIX Infocenter contains a list of support guides and help documentation. It is also
available online: http://publib.boulder.ibm.com/infocenter/system
Also available on-line is the AIX toolbox (open source) filesets
http://www-03.ibm.com/systems/p/os/aix/linux/toolbox/download.html.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define exactly what software is available for AIX.
Details — Go through the core software stack available for p systems.
Additional information —
Transition statement — Let's define the structure of an LPP package.
Uempty
LPP
Base Operating
System Component
bos
Package
Base Networking
package
bos.net
TCP/IP collection
of filesets
bos.net.tcp
bos.net.tcp.server
Fileset
TCP/IP Server fileset
‘the smallest unit’
Notes:
Licensed Program Product (LPP)
A collection of packages that form an installable product.
Package
A package contains a group of filesets with a common function. It is a single, installable
image. AIX packages are a bundle of binaries glued together with the meta-information
(name, version, dependencies).
Fileset
A fileset is the smallest, individually installable unit. Generally, it is a single subsystem.
For example, bos.net.tcp.server is a fileset in the bos.net package. This image is a
Unix Backup File Format file (BFF), created with the backup command. Files in an LPP
can be listed with: restore –Tvf <package> or extracted with restore –xvf <package>.
For example: To list the contents of bos.rte.control fileset contained in TL02 SP01:
# restore -Tvf U814098.bff
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Software bundles
IBM Power Systems
## /usr/sys/inst.data/sys_bundles
/usr/sys/inst.data/sys_bundles ## cat
cat openssh_server.bnd
openssh_server.bnd
## MEDIA="Expansion
MEDIA="Expansion Pack"
Pack"
I:openssl.base
I:openssl.base
I:openssl.man.en_US
I:openssl.man.en_US
I:openssh.base.server
I:openssh.base.server
I:openssh.man.en_US
I:openssh.man.en_US
Notes:
Since there are thousands of filesets, having to determine which individual fileset you want
on your machine could be a time-consuming task. AIX has bundles which offer a collection
of filesets that suit a particular purpose. For example, if you are developing applications,
the App-Dev bundle would be the logical choice to install.
Some filesets within a bundle are only installed if the prerequisite hardware is available. For
example, a graphic adapter is needed to run X11 and CDE. In some cases, bundles are
equivalent to product offerings. Often, however, they are a subset of a product offering or a
separate customized bundle. The bundles available may vary from AIX version to AIX
version.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• There are four distinct software levels and management for AIX.
– Base level
– Technology level (TL)
– Service pack (SP)
– Interim fixes
Fix Packs
Interim
Base Technology Service packs
+ fixes
AIX Level level
(Contain APARs)
Notes:
Base AIX level is OS version and release, as first installed.
Maintenance:
• Technology level (TL). A TL is a major maintenance update and contains fixes and
functional enhancements. TLs are released twice per year. The first TL is restricted to
hardware features and enablement, in addition to software service. The second TL
includes new hardware features and enablement, software service, and new software
features, making it the larger of the two yearly releases. Each TL is supported for up to
two years from the introduction of the update. This means that clients with a Software
Maintenance Agreement for the AIX OS will be able to contact IBM support for defect
support during that two year period without having to move up to the latest Technology
Level update. In previous versions of AIX, Technology levels were referred to as
Maintenance Levels (ML). The terms are often still used interchangeably.
Uempty • Service pack (SP). SPs contain service-only updates, also known as Program
Temporary Fixes (PTF), that are grouped together for easier identification. SPs are
released between Technology Levels and contain fixes for highly pervasive, critical, or
security-related issues. Service Packs are cumulative.
• Interim fixes (ifix). Generally, this term refers to a certified fix that is generally available
to all customers between regularly scheduled fix packs or other releases. It can contain
fixes for one or more product defects (APARs). Specifically for AIX, the term Interim Fix
(IF) is used as a replacement for “emergency fix” or “efix”. While the term emergency fix
is still applicable in some situations (a fix given in the middle of the night with minimal
testing, for example), the term Interim Fix is more descriptive in that it implies a
temporary state until an update can be applied that has been through more extensive
testing. IF fixes often rectify security vulnerabilities.
• APARs (Authorized Problem Analysis Reports). A formal report to IBM
development, of a problem caused by a suspected defect in a current unaltered release
of an IBM program.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Explain the tiers of AIX software levels.
Details — Explain the details in the foil and notes.
Additional information — Ensure all students are aware that once they build an AIX
system, their first task should be to bring it up to the latest TL and SP level.
Transition statement — Let's see how to discover the installed level (technology level,
maintenance level, and service pack) of the system.
Uempty
## oslevel
oslevel -s
-s
6100-02-01-0847
6100-02-01-0847
Service Pack
AIX Level Release date
VRMF for example, 47th week
in 2008
Service Pack
Technology
Level
• To upgrade from one AIX version and release to another, for example,
AIX 5.3 to AIX 6.1, a migration must be performed.
• New TLs or SPs are applied through updates.
Notes:
The oslevel command reports the latest installed maintenance, technology level, and
service pack on the system.
The visual above shows the system is level AIX 6.1, technology level 2, service pack 1.
Service packs and technology level fixes are applied to the running system. To update the
system with a new level, for example, from AIX 5.3 to 6.1, a new migration update must
take place. This involves system downtime.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — How to report the current OS level of the system
Details — Explain the output of oslevel –s command. Ensure they understand the
difference between migrating and updating the system.
Additional information —
Transition statement — How do we perform software and installation maintenance?
Uempty
Notes:
The lslpp and installp commands are vital for interacting, installing, and maintaining
software on AIX.
The rpm and geninstall commands are relatively new. These commands were
introduced in AIX5L as a result of the AIX / Linux affinity and support for other software
formats like RPM and ISMP (InstallShield MultiPlatform).
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of software and installation maintenance.
Details — Generally speaking, most software installation and maintenance is carried out
through a combination of SMIT and command line interaction (through installp). RPM is
part of the Linux affinity and is useful when manipulating rpm packages. The command
geninstall was added at 5.1 to scope with various package types: LPP, RPM, ISMP (lots
os Tivoli software is packaged in this format).
Additional information —
Transition statement — Before we show how to install software, let's explain the concept
of a software repository.
Uempty
Software repository
IBM Power Systems
Notes:
Generally, it is useful and sometimes necessary, for example when building and managing
a NIM server to store software to disk. AIX refers to this as a software repository. The
default software repository is sometimes referred to as the default installation image
directory. Its location on AIX is /usr/sys/inst.images. However, it is advisable to create and
manage a repository in a separate file system that is not contained in the AIX root volume
group.
The tables of contents (.toc) file
This is a mandatory file required for installing and updating packages on AIX. If the
command line is used (installp), then the user has to manually create the .toc file. This is
done using the inutoc command. To create a .toc file in the current directory, type:
<inutoc>. SMIT automatically creates a .toc file when copying software files to disk and
prior to installing LPPs.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Explain the concept of a software repository.
Details — Refer to the details in the visual and notes. Go through the example explaining
how to copy the contents of an AIX CD to disk.
Additional information —
Transition statement — Let's explain software states, apply, and commit.
Uempty
Software states
IBM Power Systems
AIX
6.1.1.1 Saved
6.1.1.1
bos.net.tcp.adt
Action: Apply Committed
6.1.1.2 Reject
6.1.1.2 Applied or
AIX
Commit
6.1.1.2
Committed
Notes:
Committed state and the initial install
AIX has a number of software states. When you are installing software for the first time,
the software automatically installs to a committed state. This means there is only one
level of that software product installed on your system.
Applied state versus committed state for maintenance
When you are installing a set of fixes or upgrading to a new technology level on your
system, you have the option of installing the software either in the committed state or
the applied state. The applied state allows you to maintain two levels of the software on
your system. When software is installed in the applied state, the older version is saved
on the disk and is deactivated, while the newer version is installed and becomes the
active version.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
The applied state gives you the opportunity to test the newer software before
committing to its use. If it works as expected, then you can commit the software, which
removes the old version from the disk. If the newer version is causing a problem, you
can reject, it which removes the newer version and reverts back to the old version.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## lslpp
lslpp -L
-L |grep
|grep bos.net.tcp.server
bos.net.tcp.server
bos.net.tcp.server
bos.net.tcp.server 6.1.1.1
6.1.1.1 CC FF TCP/IP
TCP/IP Server
Server
Notes:
The lslpp command displays information about installed filesets or fileset updates. Each
fileset has a version number associated with it (in the format of
Version.Release.Modification.Fix, a state code, and a type code as shown above.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The lslpp command has many useful flags associated with it. It is also possible to see when
a particular LPP was installed using the –h flag. See lslpp man page for more information.
A situation may arise where you want to use a particular command but it is not installed on
the system and you are not sure what LPP fileset to install to be able to use the binary. To
help with this problem you can use the which_fileset command. The which_fileset
command searches the /usr/lpp/bos/AIX_file_list file for a specified file name or command
name, and prints out the name of the fileset that the file or command is shipped in. The
/usr/lpp/bos/AIX_file_list file is large and not installed automatically. You must install the
bos.content_list fileset to receive this file.
Example:
# which_fileset shutdown
/usr/sbin/shutdownbos.rte.control 6.1.2.0
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• smit install_all
Notes:
There are two fast paths worth remembering when it comes to software and SMIT:
• install_all – to install new software
• update_all – to update current software
Prior to the screen shown in the visual, you will be asked to select the “INPUT device /
directory for software”. The input device could be tape (/dev/rmt0), optical media
(/dev/cd0), or a directory. The period (.) in the example indicates the directory you currently
reside in.
The default behavior when installing new software is to commit. To first apply software
rather than commit, change the COMMIT software updates field to No.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• installp
– a (apply), -c (commit), -p (preview), -g (apply prerequites), -X (expand
filesystems, if needed), -Y (accept license agreements), -d (device or
directory location of software)
## installp
installp -acpgXYd
-acpgXYd .. bos.rte.install
bos.rte.install
## installp
installp -acpgXYd /TL02_SP01
-acpgXYd /TL02_SP01 all
all
• geninstall
– I (use installp flags, as described above), -p (preview), -d (device or
directory location of software)
## geninstall
geninstall -I
-I "-acgXY"
"-acgXY" -p
-p -d
-d .. bos.rte.install
bos.rte.install
## geninstall
geninstall -I "-acgXY" -p -d /TL02_SP01
-I "-acgXY" -p -d /TL02_SP01 all
all
Notes:
The installp and geninstall commands install and update software from the
command line on AIX. They both accept a large number of flags. The popular flags are
shown in the visual.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## rpm
rpm –qa
–qa
## rpm
rpm --nodeps
--nodeps -e
-e cairo-1.0.2-6
cairo-1.0.2-6
## rpm
rpm -i
-i bash-3.2-1.aix.ppc.rpm
bash-3.2-1.aix.ppc.rpm Install
package
Notes:
In addition to providing the ability to run a Linux operating system on IBM Power
Architecture technology, IBM provides strong Linux affinity within the AIX OS. This affinity
enables faster and less costly deployment of multi-platform, integrated solutions across
AIX and Linux platforms. Linux packages can be installed and manipulated on AIX using
the Redhat Package Manager as shown in the visual.
AIX affinity with Linux includes Linux application source compatibility, compliance with
emerging Linux standards, and a GNU Linux build-time environment with GNU and other
open source tools and utilities that combine to facilitate the development and deployment
of Linux applications on the AIX OS. This AIX affinity with Linux allows Linux programs to
be easily recompiled for native execution on the AIX OS. This approach allows you to
benefit from the capabilities of Linux applications combined with the industrial strength
foundation and performance advantages afforded to native AIX applications.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Ideally, all systems should be at the latest fix pack (TL and SP level).
• IBM recommends installing the complete fix pack.
• System updates can be applied through smit update_all or using
geninstall or installp commands.
Some items
smitty update_all
smitty update_all
removed for
* INPUT device / directory for software /updates
clarity
* INPUT device / directory for software /updates
* SOFTWARE to update _update_all
* SOFTWARE to update _update_all
PREVIEW only? (update operation will NOT occur) yes +
PREVIEW only? (update operation will NOT occur) yes +
COMMIT software updates? no +
COMMIT software updates? no +
SAVE replaced files? yes
SAVE replaced files? yes
Notes:
In the past, AIX system administrators would often download and install individual filesets
on a system. This caused the software be at mixed levels and sometime created more
problems than it solved. Now, IBM allows fixes to be downloaded in a fix pack, containing:
• Technology level (also known as Maintenance level in previous releases)
• Service Pack
In accordance with 'Enhanced Service Strategy Releases', these generally available
updates have been tested to operate best when all updates in a fix pack are installed. IBM
recommends installing the complete fix pack. AIX updates are provided as Technology
Level packages or Service Packs. These generally available updates have been tested to
operate best when all updates in a fix pack are installed. IBM recommends installing the
complete fix pack.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• installp, example:
OR ––
OR
Commit all
# installp –c all Applied
# installp –c all
software (-c)
Installation Summary
Installation Summary
--------------------
--------------------
Name Level Part Event Result
Name Level Part Event Result
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
cluster.doc.en_US.es.pdf 5.4.1.0 USR COMMIT SUCCESS
cluster.doc.en_US.es.pdf 5.4.1.0 USR COMMIT SUCCESS
Notes:
The visual above shows a fileset update being applied to cluster.doc.en_US.es.pdf. This
could be done with system management tools like SMIT, geninstall or installp
commands. It is often very useful to remember key installp flags. The flags, -aB mean apply
and update the fileset. Once applied the update can be rejected (-r) or committed (-c).
In this example, the filesets are stored in a software repository on disk in which we are
currently located. Hence the device location (-d) is set to “dot” (the current directory).
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# instfix –i
# instfix –i
All filesets for IY32852 were found.
All filesets for IY32852 were found.
All filesets for IY14691 were found.
All filesets for IY14691 were found.
All filesets for IY31312 were found.
All filesets for IY31312 were found.
All filesets for IY31879 were found.
All filesets for IY31879 were found.
All filesets for IY34538 were found.
All filesets for IY34538 were found.
…… 2244 lines removed for clarity ….
…… 2244 lines removed for clarity ….
# instfix -i |grep IY34981
# instfix -i |grep IY34981
All filesets for IY34981 were found.
All filesets for IY34981 were found.
Notes:
Fixes displayed with the instfix –i command are installed through Technology Level and
Service Pack updates. In previous versions of AIX, interim fixes, between Maintenance
level releases, were installed through instfix itself. In AIX6, instfix is really a legacy
command. It is only useful for listing and searching through applied updates on the system.
Necessary fixes that are not part of a TL or SP, are handled through interim fix
management.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Preview
# emgr -pe 744A_610.071105.epkg.Z Install
# emgr -pe 744A_610.071105.epkg.Z
….lot of output is produced, removed for clarity!
….lot of output is produced, removed for clarity!
EPKG NUMBER LABEL OPERATION RESULT
EPKG NUMBER LABEL OPERATION RESULT
=========== ============== ================= ==============
=========== ============== ================= ==============
1 744A_610 INSTALL PREVIEW SUCCESS
1 744A_610 INSTALL PREVIEW SUCCESS
Install
# emgr -e 744A_610.071105.epkg.Z
# emgr -e 744A_610.071105.epkg.Z ifix
# emgr -l
# emgr -l
List
installed
ID STATE LABEL INSTALL TIME ABSTRACT
ID STATE LABEL INSTALL TIME ABSTRACT efixes
=== ===== ========== ================== ======================================
=== ===== ========== ================== ======================================
1 *Q* 744A_610 10/10/08 23:30:49 Kernel fix for 0744A_610
1 *Q* 744A_610 10/10/08 23:30:49 Kernel fix for 0744A_610
# emgr –r –L 744A_610
# emgr –r –L 744A_610
Remove
Log file is /var/adm/ras/emgr.log ifix
Log file is /var/adm/ras/emgr.log
EFIX NUMBER LABEL OPERATION RESULT
EFIX NUMBER LABEL OPERATION RESULT
=========== ============== ================= ==============
=========== ============== ================= ==============
1 744A_610 REMOVE SUCCESS
1 744A_610 REMOVE SUCCESS
ATTENTION: system reboot is required. Please see the "Reboot Processing"
ATTENTION: system reboot is required. Please see the "Reboot Processing"
sections in the output above or in the /var/adm/ras/emgr.log file.
sections in the output above or in the /var/adm/ras/emgr.log file.
Return Status = SUCCESS
Return Status = SUCCESS
Notes:
The interim fix (ifix) management solution enables users to track and manage ifix packages
on a system. An ifix package might be an interim fix, debug code, or test code that contains
commands, library archive files, or scripts that run when the ifix package is installed.
The ifix management solution consists of the following commands:
• ifix packager (epkg)
• ifix manager (emgr)
The epkg command creates ifix packages that can be installed by the emgr command.
The emgr command installs, removes, lists, and verifies system efixes.
It is important to examine the state field after installing an interim fix. The codes for the
state field are documented in the AIX Installation and Migration manual. In the above
example, the state value of Q means that a reboot is necessary for this fix to be effective.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• smit remove
Remove Installed Software
Remove Installed Software
[Entry Fields]
[Entry Fields]
* SOFTWARE name [cluster.es.cspoc.cmds] +
* SOFTWARE name [cluster.es.cspoc.cmds] +
PREVIEW only? (remove operation will NOT occur) yes +
PREVIEW only? (remove operation will NOT occur) yes +
REMOVE dependent software? yes +
REMOVE dependent software? yes +
EXTEND file systems if space needed? no +
EXTEND file systems if space needed? no +
DETAILED output? no +
DETAILED output? no +
Notes:
Software can be removed by using system management tools or the command line. The
installp –u flag, removes the specified software product and any of its installed updates
from the system. The product can be in either the committed or broken state. Any software
products that are dependent on the specified product must also be explicitly included in the
input list unless the -g flag is also specified. Removal of any bos.rte fileset is never
permitted.
Note: The removal of LPP filesets does not necessarily mean the process will delete all
files included in the filesets. This is dependant on how the LPP filesets are constructed.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Look for ?
or B.
# lppchk -v
# lppchk -v
lppchk: The following filesets need to be installed or corrected to bring
lppchk: The following filesets need to be installed or corrected to bring
the system to a consistent state:
the system to a consistent state:
Display
Firefox.base.rte 1.5.0.12
Firefox.base.rte 1.5.0.12
(APPLYING)
(APPLYING)
inconsistent
filesets.
# installp -C
# installp -C
installp: Cleaning up software for:
Perform a clean-up
installp: Cleaning up software for: operation. Fileset is
Firefox.base.rte 1.5.0.12
Firefox.base.rte 1.5.0.12 removed
Installation Summary
Installation Summary
--------------------
--------------------
Name Level Part Event Result
Name Level Part Event Result
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Firefox.base.rte 1.5.0.12 USR CLEANUP SUCCESS
Firefox.base.rte 1.5.0.12 USR CLEANUP SUCCESS
Notes:
If the process of installing, updating, or removing software from the system is interrupted or
fails, the outcome is likely to be either broken or inconsistent filesets on the system. To
detect this, use the lppchk command. If all is OK, the command will return null, otherwise
broken or inconsistent filesets will be displayed. To clean up from any such operation, use
the installp command with the –C option (clean-up) and then retry the original operation
again. If the failed operation was an uninstall, remove the software manually, using installp
–u <fileset>.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
SUMA is an excellent tool for quickly downloading fixes with minimum fuss directly onto an
AIX server or NIM server.
Why SUMA?
Fix automation, the ability to get maintenance fixes onto a system automatically, is
becoming a focus area for IT system administrators. As system administration becomes
more complex and time consuming, it is often a roadblock that prevents systems from
being up to date with current software fixes. Clients want the increased security and
reliability benefits, as well as the reduced downtime and total cost of ownership that comes
with keeping current fixes on a system. To meet these client demands, SUMA has
automated the process of determining which fixes are available, discovering which of the
available fixes a system needs, and downloading the necessary fixes onto a system,
thereby reducing both the complexity and the time spent on system administration to
perform these tasks.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Base configuration
– # smit suma_config_base
Base Configuration
Base Configuration
[Entry Fields]
[Entry Fields]
Screen output verbosity [Info/Warnings/Errors] +
Screen output verbosity [Info/Warnings/Errors] +
Logfile output verbosity [Verbose] +
Logfile output verbosity [Verbose] +
Notification email verbosity [Info/Warnings/Errors] +
Notification email verbosity [Info/Warnings/Errors] +
Remove superseded filesets on Clean? yes +
Remove superseded filesets on Clean? yes +
Remove duplicate base levels on Clean? yes +
Remove duplicate base levels on Clean? yes +
Remove conflicting updates on Clean? yes +
Remove conflicting updates on Clean? yes +
Fixserver protocol http +
Fixserver protocol http +
Download protocol ftp +
Download protocol ftp +
Maximum log file size (MB) [1] #
Maximum log file size (MB) [1] #
Download timeout (seconds) [180] #
Download timeout (seconds) [180] #
Notes:
The Base Configuration menu allows SUMA global configuration settings to be viewed
or changed. These settings are used for each SUMA task that is run and allow specification
of values for items such as:
• Screen, logfile, and email verbosity levels
• Flag options for the lppmgr command to help manage the size of a download repository
• Download protocol
• Download timeout setting
A clean operation will remove unnecessary files from the repository using the lppmgr
command.
The global configuration settings can be viewed from the command line, # suma -c
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
SUMA default task values can be uniquely set for each SUMA task. The visual above
shows the default settings. The possible actions are:
• Preview - SUMA performs the operations that do not directly affect the file system. The
output displayed reflects what would happen during a download. Use this option to
determine which files will be downloaded for your request.
• Download - SUMA downloads files into the directory specified in Directory for item
storage.
• Download and Clean - SUMA performs a download operation and a clean operation to
remove unnecessary files from the repository.
The task configuration settings can be viewed from the command line, # suma -D
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
SUMA tasks can be initiated through the command line. This is most useful when
producing scripts to automatically download fixes. SUMA uses cron when scheduled tasks
are created. In the schedule example above, the following entry will be added to root's
crontab: 0 23 * * 3 _SUMA=cron /usr/suma/bin/suma -x 1
The output of command:
# suma -l
1:
DisplayName=
Action=Download
RqType=ML
RqName=6100-02
RqLevel=
Uempty PreCoreqs=y
Ifreqs=y
Supersedes=n
ResolvePE=IfAvailable
Repeats=y
DLTarget=/aix/FIXES
NotifyEmail=root
FilterDir=/aix/FIXES
FilterML=6100-01
FilterSysFile=localhost
MaxDLSize=-1
Extend=y
MaxFSSize=-1
For further information see the SUMA main page.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show SUMA tasks being driven from the command line.
Details — Go through the examples in the visual.
Additional information — SUMA is an easy tool to drive. Feel free to demo further
examples and SMIT screens.
Transition statement — If you do not want to use SUMA, or cannot, then you can obtain
software maintenance directly from the IBM web site. Let us examine what we would see at
that web site.
Uempty
Notes:
AIX fixes are generally available on the internet at Fix Central. Fixes cat any level, from AIX
4.3.3 to the present version, can be downloaded.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce Fix Central for downloading fixes.
Details — Introduce Fix Central website.
Additional information —
Transition statement — What about the big picture: support and compliance across
firmware, HMC, PowerHA, VIOS, and other components?
Uempty
http://www14.software.ibm.com/webapp/set2/flrt/home
© Copyright IBM Corporation 2009
Notes:
Today's AIX environment can be complex as lots of components are required. In addition to
AIX, one must also think about but System Firmware, HMC, VIOS, PowerHA levels, and
more. How do you know if the levels of these products are compliant and supported? The
answer is FLRT. FLRT is web driven tool that enables you to select your machine type and
software components and levels. It then produces an easy to read report which provides
recommendations, notices and status compliance as shown on the visual.
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce FLRT.
Details — In a system p environment today, there are so many factors and code levels.
Many customers commented to IBM they did not know which software products were
compatible with each other.
Additional information — If you can, demonstrate an example. Maybe you can use the
software levels and hardware that the students are working with in the lab environment.
Transition statement — It’s time for some checkpoint questions.
Uempty
Checkpoint
IBM Power Systems
1. Which of the following states must your software be in, in order for you to be able
to use it? Select all that apply.
a. Applied state
b. Removed state
c. Install state
d. Commit state
2. What command is used to list all installed software on your system?
_______________
3. Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle
4. True or False: If a problem is found with the inetd subsystem, it is possible
to download and apply a fix to bos.net.tcpip.server fileset in AIX 6.1 to
correct the problem.
© Copyright IBM Corporation 2009
Notes:
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Checkpoint solutions
IBM Power Systems
1.Which of the following states must your software be in, in order for you
to be able to use it? Select all that apply.
a. Applied state
b. Removed state
c. Install state
d. Commit state
3.Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle
Additional information —
Transition statement —
Uempty
Exercise 5
IBM Power Systems
AIX software
installation and
maintenance
Notes:
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Estimated time
00:45
References
Online AIX 6.1 Information
AIX Version 6.1 Operating System and Device
Management
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit objectives
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Device terminology
IBM Power Systems
• Generic terminology
– Physical devices
– Ports
– Device drivers
– Logical devices
– /dev directory
– Virtual devices
Notes:
Generic Device terminology
• Physical Devices are the actual hardware that is connected in some way to the system
• Ports are the physical connectors and adapters in the system to which physical devices
or cables are attached.
• RIO is a cabling system and protocol for extending the internal buses of the system
enclosure to the I/O expansion drawers. The I/O expansion drawers have PCI buses
which can support additional adapters and disks (depending upon the type of I/O
drawer. An alternative option for connecting I/O drawers (with POWER6 servers) is 12X
(based on Infini-band).
• Logical Devices. Software interfaces (special files) that present a means of accessing a
physical device to the users and application programs. Data appended to logical devices is sent
to the appropriate device driver. Data read from logical devices is read from the appropriate
device driver.
Uempty • /dev is the directory which contains all of the logical devices that can be directly
accessed by the user. Some logical devices defined are only referenced in the ODM
customized database and cannot be accessed by users.
• Virtual Devices are the Ethernet and SCSI devices which are allocated to the client for
networking access and storage. These devices are not real.
Power H/W specific terminology
• Central electronics complex (CEC) is the main system unit that contains system
processors, memory, and remote I/O connections.
• System planar is the main component of the CEC. Where all processor cards, memory
dimms, and I/O attachments are interconnected together.
• RIO is a remote I/O drawer which consists of PCI slots/adapters disks, or both,
depending on the type of RIO drawer. The RIO drawers connect to Power boxes
through a RIO2 Hub, which is in turn connected to the GX+ adapter bus.
• System Ports are the two serial ports on the system planar has two serial ports which
are called system ports. In an operating system environment, the two system ports
become host virtual system ports and are only available for specific limited functions.
For example, the two integrated system ports on a p550 are limited to serial connected
TTY console functionality and IBM approved call-home modems. These system ports
do not support other general serial connection uses, such as UPS, HACMP heartbeat,
printers, mice, and so on, If you need multi-purpose serial port functions, optional PCI
adapters are available.
• GX+: Each POWER6 processor provides a GX+ bus which is used to connect to an I/O
subsystem or Fabric Interface card.
• IVE: The POWER6 processor-based servers extend the virtualization technologies
introduced in POWER5 by offering the Integrated Virtual Ethernet adapter (IVE). IVE,
also called Host Ethernet Adapter (HEA) in other documentation, enables an easy way
to manage the sharing of the integrated high-speed Ethernet adapter ports. It is a
standard set of features that are part of every POWER6 processor-based server.
• PCI which stand for Peripheral Component Interconnect, is an industry-standard bus for
attaching peripherals to computers.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Explain device terminology.
Details — The slide is split into two sections. Section 1, explains generic terminology one
could apply to most other Unix platforms. Section 2, is new for this course. It explains
device terminology used sparingly when referring to Power systems.
Go through each and provide examples.
Additional information —
Transition statement — Now that we understand the terminology, let's provide an
overview of system configuration and devices.
Uempty
Notes:
System configuration is important. We need to understand what devices we have at our
disposal and where these devices are physically located within each box or drawer. This is
important when devices fail, especially disks! Taking out the wrong disk in the system due
to failure could result in data corruption.
An AIX partition does not need to have any real devices. In today's Power p environments,
virtual LPARs are fast becoming the norm. Virtualization is a large topic and is covered in a
separate LPAR and virtualization education track. It is beyond the scope of the course.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an overview into system configuration and devices.
Details — This visual provides an introduction into the rest of the unit.
Additional information —
Transition statement — Let's introduce our audience to the commands which are used to
list and document the system configuration.
Uempty
Device commands
IBM Power Systems
• prtconf
– Lists major system configuration items such as system model,
firmware version, processor type, number of processors, processor
clock speed, cpu type, total memory size, network, filesystem, paging
space, and devices information
• lscfg
– Lists device information including physical location codes
• lsdev
– Lists device information including the state of the device
• lsslot
– Displays all specified hot plug slots and their characteristics
• chdev
– Changes the characteristics of a device
• lsattr
– Displays attribute characteristics and possible values of attributes for
devices in the system
© Copyright IBM Corporation 2009
Notes:
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an overview into commands which are used to list, change, and
document system configuration and devices information.
Details — Introduce each of the commands at a high level. The finer points, like VPD
information, can be covered when we see the commands in action.
Additional information —
Transition statement — Before we see actual command examples to list, change or
document the sys config, let's take a high level view of the system which we most likely will
be working with; typical Power6 server in MOP/Atlanta.
Uempty
(pci0) (pci1)
|
IVE (lhea0) L2 Cache
SAS Adapter (sissas0)
(L2cache0)
Connection |
To I/O Drawer(s) SAS Controller (sas0)
|
SAS Planar, P2 SATA DVD Drive (cd0) PCI Card slots
|
SAS Enclosure (ses1) PCI Card slots
hdisk5
hdisk2
hdisk4
hdisk1
hdisk3
hdisk0
HMC
C1 C2 C3 C4 C5 ports
e e e x x FSP
D3 D4 D5 D6 D7 D8
Serial
ports
© Copyright IBM Corporation 2009
Notes:
Each system has a unique identifier which consists of the model type and serial number, as
in this example: U8204.E8A.65BF831. Some devices, mainly virtual, will inherit this
identifier. The main component in any system is the CEC. The CEC also has a unique
identifier code. All devices within the CEC inherit this code. For example, device pci1 (on
the PCI-X) bus has the device code of U78A0.001.DNWGCAH-P1.
U78A0.001.DNWGCAH is the identifier of the CEC and P1 means the device is attached to
the main System planar.
The p550 has two PCI buses, X (eXtended) and E (Express). They are both high-speed
buses for internal devices. PCI-X is a parallel interface and is directly backward compatible
with all standard PCI devices. PCI-E is the next generation PCI bus. It a serial bus that
offers no compatibility with older buses and is structured around point-to-point serial links.
Each PCI card slot is identified by AIX using a logical bus identifier, for example: pci1.
Device location codes will be explored in more depth as we go through this unit.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce the high level layout of the Power6 p550.
Details — Highlight the following:
• The ID of the box
• The ID of the CEC (different from the box)
- In the case of a 4 box p570 each CEC has an individual ID.
• Processor cards, memory DIMMs, L2 cache, GX+, PCI adapter slots all connect directly
to the system planar P1
• GX+, PCI-e and X slots
• SAS disk enclosure
• Serial ports and HMC ports connect to the FSP (Flexible service proc)
Note: Each PCI slot also has a pci<number> device. I could not fit this in the diagram as
there was not enough room!
Additional information — In the p550 hardware guide, there is an excellent architectural
diagram. However, it is much too complex to show in this basic class. Therefore, I have
attempted to simplify the layout as easily as I could without clouding the diagram with too
many details. You may want to refer back to this diagram when going through location
codes later in this class.
By default each p550 has 5 card slots, the first three are PCI-e, and the remaining two are
PCI-X. On the GX+ Bus, there are two adapters slots which run at different speeds.
Optionally, in each slot on the bus, either a FC5614 (Dual port RIO2 Hub) or FC5616 (Dual
port 12x Channel attach connect) can be configured. The MOP/Atlanta p6 systems have
one FC5614 which is used to connect one 7311-D20 drawer. Up to two drawers can be
connected to each Hub, which is a maximum of four per box. The addition of a RIO hub
results in losing one PCI-e slot. In case of the MOP/Atlanta systems, only two PCI-e slots
are available.
These details are important in planning. You may want to present this as an example of the
things to watch out for in class. Another good example to use is serial ports. Generally, in
Power4 and below the integrated serial ports were often used for HACMP heartbeating.
This is no longer possible with p5 and p6 boxes.
Transition statement — Let's see how we can list and document the sys config.
Uempty
prtconf (1 of 2)
IBM Power Systems
Notes:
prtconf is very useful command which displays an overview of the system configuration.
This is particularly useful for documentation purposes. One should run this command on a
regular basis and save or print the output.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show students how to list and view the system config in one simple command
Details — Let’s start with the big picture and then drill down into the details.
Additional information —
Transition statement — Let's now see the continuation of the prtconf command.
Uempty
prtconf (2 of 2)
IBM Power Systems
Notes:
The last function prtconf performs is to run the lscfg command as shown in the visual.
Although the prtconf –v flag can be used to display detailed Vital Product Data (VPD)
information, the output on the previous page is omitted. To get around this problem, simply
make a copy of the prtconf script to prtconfVPD and append a “–v” flag to the last lscfg
command at the end of the script.
As follows:
# tail `which prtconf`
done
fi
#devices information
lscfg ######## APPEND –v here !!! ###########
fi
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details — Highlight that the second half of prtconf is the lscfg command. However, in
reality you really want the VPD information in case you need to log a call with an IBM
hardware engineer. Tell the students they can edit the ksh script as shown in the notes.
At this stage, the meaning of the location code is not important, only that it exists and points
to the physical location of that device. The interpretation of the code will be explained later
in the unit.
Additional information —
Transition statement — Let's now look at the lscfg command.
Uempty
lscfg
IBM Power Systems
• lscfg can be used to display Vital Product Data (VPD) information for
devices.
– CEs need this to order and replace failed components
Physical
location code
## lscfg
lscfg -v
-v -l
-l ent0
ent0
ent0
ent0 U7311.D20.6516D3C-P1-C01-T1
U7311.D20.6516D3C-P1-C01-T1 2-Port
2-Port 10/100/1000
10/100/1000 Base-
Base-
TX PCI-X Adapter (14108902)
TX PCI-X Adapter (14108902)
2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter:
Adapter:
Part Number.................03N5297 VPD
Part Number.................03N5297
FRU information
FRU Number..................03N5297
Number..................03N5297
EC
EC Level....................H13845
Level....................H13845
Manufacture
Manufacture ID..............YL1021
ID..............YL1021
Network
Network Address.............001A64918678
Address.............001A64918678
ROM
ROM Level.(alterable).......DV0210
Level.(alterable).......DV0210
Hardware
Hardware Location
Location Code......U7311.D20.6516D3C-P1-C01-T1
Code......U7311.D20.6516D3C-P1-C01-T1
Notes:
The lscfg command displays configuration, diagnostic, and vital product data (VPD)
information about the system.
Use the lscfg command to display vital product data (VPD) such as part numbers, serial
numbers, and engineering change levels. VPD data is required for hardware engineers
when they need to order replacement parts due to failures.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an overview and insight into the lscfg command
Details — lscfg command.
Additional information —
Transition statement — Let's look at the lsdev command.
Uempty
lsdev
IBM Power Systems
# lsdev -p pci5
# lsdev -p pci5
ent8 Available 05-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902) child
ent8 Available 05-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent9 Available 05-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902) devices
ent9 Available 05-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
Device state
Locating the
# lsdev –Cl cd1 –F parent parent
# lsdev –Cl cd1 –F parent
ide0
ide0 device
Notes:
The lsdev command displays information about devices in the device configuration
database. You can display information about all the customized devices using the -C flag.
Any combination of the -c Class, -s Subclass, -t Type, -l Name, -p Parent, and -S
State flags, selects a subset of the customized devices. You can display information about
all devices supported by the system using the -P flag. Any combination of the -c Class,
-s Subclass, and -t Type flags selects a subset of the supported devices.
Certain device slots can be moved from partition to partition with the Dynamic LPAR
function. To do this, you first have to remove the parent pci slot of the device. In order to
discover the parent pci slot, it is useful to write a simple script, such as parent.device as
shown in the visual:
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# cat parent.device
DEV=$1
while test $? -eq 0
do
printf “$DEV “; DEV=`lsdev -Cl $DEV -F parent`
done 2> /dev/null
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
lsslot
IBM Power Systems
Notes:
The lsslot command displays all the specified hot plug slots and their characteristics.
Hot plug slots are the plug-in points for connecting entities that can be added and removed
from the system without turning the system power off or rebooting the operating system.
The -c flag is required. It specifies the type of hot plug connector, for example, pci for hot
pluggable PCI adapters. You can display only the empty, that is, available, hot plug slots
with the -a flag, the occupied slots with the -o flag, or a specific slot by using the -s flag.
The -l flag can be used to locate the slot associated with the specified DeviceName, as
listed by the lsdev command.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
– Sometimes with tapes devices, data cannot be read because the tape
device has a different block size than the device that wrote the data.
• Changing the value to 0 (variable) can help overcome these problems.
Notes:
The lsattr command displays information about the attributes of a given device or type
of device.
The chdev command changes the characteristics of the specified device with the given
device logical name that is specified with the -l Name flag. The device can be in the
defined, stopped, or available state. Some changes may not be allowed when the device is
in the available state. When changing the device characteristics, you can supply the flags
either on the command line, or in the specified -f File flag.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Device states
IBM Power Systems
• Undefined
– The device is unknown to the system.
• Defined
– The device is know to the system but it is unavailable for use.
• Available
The device is available and ready for use.
• Stopped
– The device is unavailable but remains known by its device driver.
Notes:
Device States
• Undefined is not a state one can see assigned in the system, more of a reference
statement. If refers to a device which is supported but is not configured.
• Defined means that the device is known to the system. It has been allocated a logical
device name, a location code, and attributes have been assigned to it. However, it is still
unavailable for use.
• Available means that the device is fully configured and is ready for use.
• Stopped mean that the device is configured, but not available for use by applications.
• When a device is first identified, it is configured and put into the Available state.
Available devices can be put into the defined or undefined state by using the rmdev
command. Devices can be configured with both the mkdev or cfgmgr commands.
cfgmgr
The cfgmgr command configures devices and optionally installs device software into
the system. It can be run at any time.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The visual shows a tape drive connected to a system but is undefined. The cfgmgr
command is run to configure and make the device available. Once available, special device
files have been created in /dev directory. Some devices like tapes have several special
files. Each file is assigned a major and minor number. Major and minor numbers are used
by the operating system to determine the actual driver and device to be accessed by the
user-level request for the special device file.
For example, when writing files to a tape, the difference between tar –cvf /dev/rmt0
myfiles.tar and tar –cvf /dev/rmt0.1 myfiles.tar is that rmt0 will result in the tape rewinding
after the operation, whereas with rmt0.1, the tape will not rewind after the write operation.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Device addressing
IBM Power Systems
• Both physical and AIX codes can be seen side by side with:
– lsdev –CHF “name, status, physloc, location”
© Copyright IBM Corporation 2009
Notes:
Every device is assigned a physical location code when it is attached to the system. These
codes are critical. If a device has a problem such as a disk failure, an error report is
generated which will identify the device and its location. You can use this information to
replace the failed disk drive.
It is important not to confuse physical location codes with AIX location codes. Before LPAR
technology was introduced into Power Systems, there were only AIX location codes, and
they remain today for legacy purposes. On newer platforms such as POWER5 and
POWER6 systems, one should use physical codes only.
Note: Virtual devices do not have OS location codes.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
SAS
SAS Planar
Planar (P2),
(P2), Device
Device slot
slot reference
reference 5,
5, disk
disk is
is in
in the
the CEC
CEC
System nd
System planar
planar (P1),
(P1), Card
Card slot
slot No
No 4,
4, 22nd port,
port, Adapter
Adapter is
is in
in the
the CEC
CEC
Planar nd
Planar 11 (P1),
(P1), PCI
PCI slot
slot No
No 4,
4, 22nd port,
port, SCSI
SCSI ID
ID 8,0,
8,0, Disk
Disk is
is in
in an
an
attached SCSI 7311-D 20 I/O Drawer.
attached SCSI 7311-D 20 I/O Drawer.
hdisk5 U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000 FC SCSI Disk
hdisk5 U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000 FC SCSI Disk
System
System planar
planar (P1),
(P1), Card
Card slot
slot No
No 3,
3, Port
Port 1,
1, WW == WW
WW unique
unique name
name of
of an
an
FC
FC adapter (where the FC adapter is in a remote storage subsystem), LL ==
adapter (where the FC adapter is in a remote storage subsystem),
LUN
LUN ID.
ID. The
The disk
disk is
is aa logical
logical device
device (identified
(identified by by the
the LUN
LUN ID)
ID) in
in
the remote storage subsystem.
the remote storage subsystem.
Notes:
The visual above shows how to interpret physical location code information.
A Power System is made up of one of more CECs. An example of a system with the ability
to have multiple CECs is a Power 570. In a multiple node Power 570, what distinguishes
one system enclosure form another is the serial number of the CEC.
A Power 550 only has one CEC.
• U78A0 identifies that the unit type is a CEC belonging to a Power 550.
• The model number for a CEC is always: 001.
• DNWGGRX is the serial number of the CEC.
Power Systems usually have I/O expansion drawers, or in the case of the larger machines,
expansion frames containing I/O drawers. U7311.D20 is a popular remote I/O drawer (RIO)
for low to mid-range systems. 6516D3 is the serial number assigned to the drawer.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Virtual devices are assigned location codes in a similar format to physical devices. The
format is:
Unit_type.Model_no.virtual_adapter_number.virtual_card_slot_number
.[port].[LUN]
The visual above shows a VIOS presenting a virtual disk (hdisk1) to a VIO Client. In order
to do this, the first step is to create a virtual server adapter, on the HMC for the VIOS and
also a VIO client adapter for the AIX partition. Each adapter has an assigned ID.
The vhost device in the VIOS symbolizes the virtual server adapter. In the example: V1
represents a virtual device with an assigned ID of one. C12 represents the virtual card slot
number, which is always equal to the adapter ID as defined on the HMC.
The vscsi device on the virtual client symbolizes the client adapter. In the example, V2
again represents a virtual device with an assigned ID of two. C12 represents the virtual
card slot number, which is also equal the adapter ID as defined on the HMC. T1 specifies
the port number of the adapter.
Uempty The client disks associated with the virtual client adapter will always inherit the location
code definition plus one additional field, the LUN id (L81000000000). In this example, eight
is the SCSI ID of the physical disk in the VIOS. One represents the first disk on the adapter
to be presented to the client.
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an example of virtual location codes.
Details — The visual is not intended to provide a lesson in virtualization but to enable
students to identify and interpret a virtual location code. Go through the example provided.
Point out how one can recognize a virtual device by using the physical location code. In this
example, the virtual SCSI adapter HMC definition from the VIOS is required to show the
mapping between the client disk and adapter in the client partition, to the server adapter in
the VIOS partition.
Additional information — Do not get stuck here explaining virtualization beyond basic
concepts. Focus solely on the location code explanation. Virtual devices and virtualization
is generally beyond the scope of this class. Some students are going to be very curious
here and may want to ask many questions. If so, point them towards the LPAR classes.
Transition statement — Lets see who's been listening. It’s time for the checkpoint.
Uempty
Checkpoint
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
Uempty
Exercise 6
IBM Power Systems
System configuration
and devices
Notes:
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Estimated time
00:45
References
Online AIX Version 6.1 Operating System and Device
Management
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction
and Concepts (redbook)
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
Unit objectives
IBM Power Systems
Notes:
Physical storage
Logical storage
File systems
Directories
Files
Managed by
Logical Volume Manager (LVM)
Notes:
Components
The basic components or building blocks of AIX storage are:
• Files
• Directories
• File systems
• Logical storage
• Physical storage
• Logical Volume Manager (LVM)
As a user, you work with files and directories. As a system administrator, you manage
storage using the Logical Volume Manager.
Partition 1 Partition 4
Partition 2
Partition 5
Partition 3
Problems:
• Fixed partitions
• Expanding size of the partition
• Limitation on size of a file system and a file
• Contiguous data requirement
• Time and effort required in planning ahead
Notes:
Notes:
1
2
3
4
5 write(data);
6
x
y
z Application
Logical
volume (LVs)
Physical
volumes (PVs)
Notes:
Introduction
The AIX Logical Volume Manager controls disk storage resources by mapping data
between a simple and flexible logical view of storage space and the actual physical
disks.
This visual and these notes provide a brief overview of the basic components of LVM.
Components
A hierarchy of structures is used to manage disk storage:
• Volume groups
• Physical volumes
• Physical partitions
• Logical volumes
• Logical partitions
Instructor notes:
Purpose — Give a brief overview of LVM terms.
Details —
Additional information —
Transition statement — Let's begin our look at the Logical Volume Manager by seeing
how physical disks are viewed by the operating system.
Uempty
Physical storage
IBM Power Systems
PP1
Volume PV1 PP2
group A PP3
PP4 Physical
PP5 volume
PP6 /dev/hdiskn
Volume PV2 PV3 PV4 PV5
group B
PPn
8 4 8128 16 8
16 2 16256 8 16
N/A N/A 32512 4 32
N/A N/A 65024 2 64
© Copyright IBM Corporation 2009
Notes:
Introduction
Disk space on a physical volume (PV) is allocated to logical volumes (LV) in chunks
called physical partitions (PP). Each physical partition size is the same across all the
disks in a volume group (VG). The PP size is set at the time the VG is created. The size
is set in megabytes on power of two boundaries (for example: 4 MB, 8 MB, 16 MB, and
so forth). The default is 4 MB.
In AIX 5L V5.2 and later, LVM defaults the PP size of a new VG to the smallest PP size
(equal or greater than 4 MB) which allows full addressing of the largest disk in the VG
given the selected maximum number of PPs per PV (defaults to 1016). The smallest PP
size is 1 MB, which is supported by using a larger number of PPs per PV.
When a PV is added to a system, a file called hdiskn is added to the /dev directory. n is
a number allocated by the operating system. It is usually the next available number.
This file may be used to access the device directly but this is not often done.
Volume groups
IBM Power Systems
• Volume group types: Volume Group Max Max LVs Max PPs per Max PP
– Original Type PVs VG Size
– Big
– Scalable Original 32 256 32512 1 GB
(1016 * 32)
Notes:
Instructor notes:
Purpose — Expand on the different types of volume groups and their limits. Also, define
the advantages of separate VGs.
Details — You have not discussed how to create a volume group yet. The command mkvg
is new to the students. However, since you discussed the concept of a volume group and
the maximums for volume groups, it is important to introduce the concept of big VGs,
scalable VGs, and factors.
Existing volume groups can be converted to scalable or big volume groups and the -t factor
can be changed as well. Both of these can be done dynamically. To modify an existing VG,
the command is chvg instead of mkvg.
Discuss the main reasons for having external VGs as opposed to internal, and what
considerations have to be made when adding a new disk to the system.
The rootvg includes paging space, the journal log, boot data, and dump storage usually
each in its own logical volume. The rootvg has attributes that differ from the user-created
VGs. For example, it cannot be imported or exported (moved) like other VGs can.
Point out that VGs can contain disks of different sizes. Only the physical partitions within a
VG, must be the same size.
Additional information — Once a volume group is converted to big or scalable, it cannot
be converted back dynamically. It also cannot be used on earlier versions of AIX that do not
support big volume groups.
Transition statement — There is a portion of the disk which holds all the administrative
information related to the VG in terms of the PVs and the LVs. It is called the Volume Group
Descriptor Area (VGDA).
Uempty
Three-disk or more
One-disk VG Two-disk VG VG
VGDA VGDA
Notes:
Quorum
There must be a quorum of VGDAs available to activate the volume group and make it
available for use with the varyonvg command. A quorum of VGDA copies is needed to
ensure the data integrity of management data that describes the logical and physical
volumes in the volume group. A quorum is equal to 51% or more of the VGDAs
available.
A system administrator can force a volume group to varyon without a quorum. This is
not recommended and should only be done in an emergency.
Logical storage
IBM Power Systems
Physical volumes
1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
35 38 35 38
36 37 41 36 37
41 44 44
42 43 42 43
47 50 47 50
48 49 48 49
1 2 3 4 1 2 3 4 Logical
partitions
Logical Logical
volume volume
© Copyright IBM Corporation 2009
Notes:
Logical partition
A physical partition is the smallest unit of disk allocation. Each logical partition maps to
a physical partition which physically stores the data.
The logical partitions within a volume group are the same size as the physical partitions
within that volume group.
Logical volume
A logical volume consists of one or more logical partitions within a volume group.
Logical volumes may span physical volumes if the volume group consists of more than
one physical volume. Logical volumes do not need to be contiguous within a physical
volume, because the logical partitions within the logical volume are maintained to be
contiguous. The view the system sees is the logical one. Thus, the physical partitions
they point to can reside anywhere on the physical volumes in the volume group.
Uempty Logical volumes may be increased in size at any time, assuming that there are sufficient
free physical partitions within the volume group. This can be done dynamically through
SMIT even when users are doing work in that logical volume. However, logical volumes
cannot easily be decreased and require a file system backup and restore to a
re-created smaller logical volume.
The mapping of which logical partition corresponds to which physical partition, is
maintained in the VGDA for the volume group. It is both a physical view and a logical
view.
LVM mapping
The Logical Volume Manager (LVM) consists of the logical volume device driver (LVDD)
and the LVM subroutine interface library. The LVM controls disk resources by mapping
data between a more simple and flexible logical view of storage space, and the actual
physical disks. The LVM does this using a layer of device driver code that runs above
traditional disk device drivers.
Instructor notes:
Purpose — Define the terms LV and LP.
Details — Define the terms in connection with the physical side of things. Also point out:
• Data can be placed on any disk or partition within the VG. This obviously causes
fragmentation, as there are no restrictions as to where the data should be placed. The
operating system needs to have a contiguous view of all the data and so it creates LVs.
• The naming convention used for system defined LVs is /dev/hdx, and for user created
LVs (if a name is not specified), is /dev/lvxx.
• An LV can only contain one file system. Although you have not defined file systems yet,
it is important to mention this here and warn the students that there is more on file
systems coming up. It is very important to establish a clear relationship between an LV
and a file system and to stress that these go hand in hand.
• A LP is always the same size as a PP.
More details on the AIX physical partition enhancements are covered in the next unit.
Additional information —
Transition statement — Now that you know what a logical volume is, how are they used?
Uempty
Notes:
Introduction
When you install the system, one volume group (rootvg) is automatically created which
consists of a base set of logical volumes required to start the system. rootvg contains
such things as paging space, the journal log, and boot data, each usually in its own
separate logical volume.
You can create additional logical volumes with the mklv command or go through the
SMIT menus. This command allows you to specify the name of the logical volume and
to define its characteristics.
Journal log
The journal log is the logical volume where changes made to the file system structure
are written until such time as the structures are updated on disk. Journaled file systems
and enhanced journaled file systems are discussed in greater detail later in the course.
Paging space
Paging space is fixed disk storage for information that is resident in virtual memory but
is not currently being maintained in real memory.
Dump device
When you install the operating system, the dump device is automatically configured for
you. By default, the primary device is /dev/hd6, which is the paging logical volume, and
the secondary device is /dev/sysdumpnull. For systems migrated from versions of AIX
earlier than V4.1, the primary dump device is what it formerly was, /dev/hd7.
Notes:
Introduction
A file system is a directory hierarchy for storing files. It has a root directory and
subdirectories. In an AIX system, the various file systems are joined together so that they
appear as a single file tree with one root. Many file systems of each type can be created.
Because the available storage is divided into multiple file systems, data in one file system
could be on a different area of the disk than data of another file system. Because file
systems are of a fixed size, file system full errors can occur when that file system has
become full. Free space in one file system cannot automatically be used by an alternate file
system that resides on the same physical volume.
Instructor notes:
Purpose — Define what a file system is.
Details — You can have many different file systems connected under the hierarchical tree.
However, from an end user's point of view, everything looks the same.
The student should be familiar with the concept of files and directories.
Typically, the students use JFS or JFS2 file systems, the default types of file systems for
AIX. You can consider journaling a little later on. But, these are files that exist on your local
disks. However, there is a feature called network file systems, where remote file systems
can also be made to appear as if they belong and reside on your local disks. You should
not be discussing NFS in this course. There are also cache file systems that are related to
NFS. Students may discover this when creating file systems.
Additional information — JFS and JFS2 use journaling techniques to maintain their
structural integrity. This is discussed in more detail later in this unit. The network file system
(NFS) is a distributed file system that allows users to access files and directories located on
remote computers and use them as if they were on the local system. Further discussion of
this type of file system is beyond the scope of this course. CD-ROM file system is a type
that allows access to the contents of a CD-ROM through normal file system interfaces.
Another file system, PROCFS, is not actually on any disk but is mapped to memory for use
by the operating system in recording stats.
Transition statement — Why do we use file systems in AIX?
Uempty
Notes:
Benefits
A file system is a structure that allows you to organize your data. It is one level in the
hierarchy of your data. By placing data in separate file systems, it allows for ease of
control and management of the data.
File systems can be placed on the disk in areas that provide the best performance.
Many times, backups and recoveries are done at a file system level.
hd4
/ (root)
home sbin opt lpp proc usr dev tftpboot var mnt etc tmp
/ / / / /
Notes:
Instructor notes:
Purpose — Define the standard AIX file systems.
Details — The picture shows all the default AIX file systems connected to their default
mount points. Explain that each file system connects to the tree by an empty directory
which is commonly known as the mount point.
Also, highlight that every file system must reside on a logical volume. Remind the students
of the default AIX file systems and their logical volumes which have all been labeled on the
diagram.
Have a discussion on how big the file systems are, pointing out that /usr is the largest.
As the system is customized, these file systems can be extended to hold new applications
and user data, or new file systems can be created. The choice as to when and how to do
this depends upon the users and applications on the system. The usual recommendations
are not to add user applications or data to /, /usr, or /var because these are removed if the
system is ever reinstalled, and only use /tmp as a scratch area. Create new file systems as
needed for applications and data.
Additional information — On a networked system, diskless/dataless, or in a code serving
environment, some or all of these may be remotely accessed through the Network File
System (NFS).
/lib is actually a symbolic link to /usr/lib. /bin is actually a symbolic link to /usr/bin.
Transition statement — Let’s continue by discussing the /etc/filesystems file.
Uempty
/etc/filesystems
IBM Power Systems
/:
dev = /dev/hd4
vol = root
mount = automatic
check = false
vfs = jfs2
log = /dev/hd8
type = bootfs
/home:
dev = /dev/hd1
vol = /home
mount = true
check = true
vfs = jfs2
log = /dev/hd8
/home/team01:
dev = /dev/fslv00
vfs = jfs2
log = /dev/loglv00
mount = true
options = rw
account = false
© Copyright IBM Corporation 2009
Notes:
What is /etc/filesystems?
The /etc/filesystems file, documents the layout characteristics, or attributes of file
systems. It is in a stanza format which means a resource is named followed by a colon
and a listing of its attributes in the form of attributes = value.
Each stanza in the /etc/filesystems file, names the directory where the file system is
normally mounted.
vol Used by the mkfs command when initiating the label on a new file
system
mount Used by the mount command to determine whether a file system
should be mounted by default. Possible values are:
automatic File system mounted automatically at system startup
true File system mounted by the mount all command.
This command is issued during system initialization to
automatically mount such file systems.
false File system is not automatically mounted
check Used by the fsck command to determine the default file systems to be
checked. True enables checking
vfs Specifies the type of mount. For example, vfs=jfs2.
log The device to which log data is written, as the file system is modified.
This option is only valid for journaled file systems.
type Used to group together related file systems which can all be mounted
with the mount -t command
account Used to determine the file systems to be processed by the accounting
subsystem.
quote Allows the system administrator to control the number of files and data
blocks that can be allocated to a user or group
Mount
IBM Power Systems
## mount
mount /dev/fslv00
/dev/fslv00 /home/patsie
/home/patsie
What to Where to
mount mount it
Notes:
Mount points
Full path names must be used when specifying the mount point. If SMIT is used to
create the file system, the mount point is created automatically.
Before After
home home
.profile .profile
.exrc data doc .exrc data doc
myscript myscript
Notes:
Before After
home home
.profile
.exrc data doc
myscript
.profile
.exrc data doc
myscript
Notes:
## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 1966080 --
1966080 -- yes
yes nono
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 131072
131072 ---- yes
yes nono
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 4587520
4587520 --
-- yes
yes nono
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 655360
655360 ---- yes
yes nono
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 393216
393216 ---- yes
yes nono
/proc
/proc --
-- /proc
/proc procfs
procfs --
-- --
-- yes
yes nono
/dev/hd10opt
/dev/hd10opt --
-- /opt
/opt jfs2
jfs2 524288
524288 ---- yes
yes nono
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 ---- yes
yes nono
/dev/fslv00
/dev/fslv00 --
-- /db2
/db2 jfs2
jfs2 262144
262144 rwrw no
no no no
Notes:
## lsvg
lsvg -l
-l rootvg
rootvg
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
boot 11 22 22 closed/syncd
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 16
16 22 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfs2log
jfs2log 11 22 22 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs2
jfs2 15
15 30
30 22 open/syncd
open/syncd //
hd2
hd2 jfs2
jfs2 35
35 70
70 22 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs2
jfs2 55 10
10 22 open/syncd
open/syncd /var
/var
hd3
hd3 jfs2
jfs2 33 66 22 open/syncd
open/syncd /tmp
/tmp
hd1
hd1 jfs2
jfs2 11 22 22 open/syncd
open/syncd /home
/home
loglv00
loglv00 jfs2log
jfs2log 11 22 22 closed/syncd
closed/syncd N/A
N/A
hd11admin
hd11admin jfs
jfs 22 44 22 open/syncd
open/syncd /admin
/admin
fslv00
fslv00 jfs2
jfs2 22 44 22 closed/syncd
closed/syncd /db2
/db2
Notes:
Checkpoint (1 of 3)
IBM Power Systems
5. V______ G______
1. V______ G______
D ______ A______
VGDA 6. P______ V______
2. P______ P ______
3. L_____ P______
4. L______ V_______
© Copyright IBM Corporation 2009
Notes:
For each item in the visual, fill in the blanks to complete the correct term for the indicated
LVM component.
Checkpoint solutions (1 of 3)
IBM Power Systems
5. Volume Group
1. Volume Group___
Descriptor Area__
VGDA 6. Physical Volume
2. Physical Partition
3. Logical Partition
4. Logical Volume
© Copyright IBM Corporation 2009
Additional information —
Checkpoint (2 of 3)
IBM Power Systems
7. How many different physical partition (PP) sizes can be set within
a single VG? ____________
8. By default, how big are PPs?
____________________________________________
____________________________________________
Notes:
Checkpoint solutions (2 of 3)
IBM Power Systems
7. How many different physical partition (PP) sizes can be set within
a single VG? One
8. By default, how big are PPs? Traditionally 4 MB, but LVM
chooses an optimal size based on the #PPs/PV and the size
of largest PV in the VG.
9. How many volume groups (VGs) can a physical volume (PV)
belong to?
a) Depends on what you specify through SMIT
b) Only one
c) As many VGs as exist on the system
10. True or False: All VGDA information on your system is identical,
regardless of how many volume groups (VGs) exist. All VGDAs
within a VG are the same.
Additional information —
Transition statement — Let’s continue with more checkpoint questions.
Checkpoint (3 of 3)
IBM Power Systems
11. With which logical volume is the /home file system associated?
_____________________________________________________
12. What type of file systems are being displayed?
_____________________________________________________
13. What is the mount point for the file system located on the /dev/hd4 logical
volume? _____________________________________________
14. Which file system is used primarily to hold user data and home directories?
_____________________________________________________
Notes:
Checkpoint solutions (3 of 3)
IBM Power Systems
11. With which logical volume is the /home file system associated?
/dev/hd1
12. What type of file systems are being displayed?
Enhanced journaled file systems (JFS2), and CD-ROM (CDRFS)
13. What is the mount point for the file system located on the /dev/hd4 logical
volume?
/
14. Which file system is used primarily to hold user data and home directories?
/home
Additional information —
Transition statement — Now, let’s do an exercise.
Exercise 7
IBM Power Systems
System
storage
Notes:
Unit summary
IBM Power Systems
Notes:
Estimated time
01:30
References
Online AIX Version 6.1 Operating System and Device
Management
AIX Version 6.1 Command References
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction
and Concepts (redbook)
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit objectives
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# smit lvm
Logical
Logical Volume
Volume Manager
Manager
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Volume
Volume Groups
Groups
Logical
Logical Volumes
Volumes
Physical
Physical Volumes
Volumes
Paging
Paging Space
Space
Notes:
Introduction
The SMIT Logical Volume Manager menu is used to manage many aspects of the
system's storage.
Volume groups
The SMIT Volume Groups menu provides facilities to manipulate the volume groups in the
system.
Logical volumes
The SMIT Logical Volumes menu provides facilities to manipulate the logical volumes in
the system. Logical volumes which contain journaled file systems, paging space, or dump
volumes can also be manipulated from their respective menus.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define the options available through SMIT for the LVM
Details — Use this visual as a roadmap for further discussion of the Logical Volume
Manager and its structure. Let's consider the first three options of the screen in this unit.
The paging space option is described in the Paging Space unit.
Additional information — Use the diagram, if required, to review the LVM and
components.
Transition statement — Let's jump in and start by exploring the VG main menu.
Uempty
Volume
Volume Groups
Groups
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Volume
Volume Groups
Groups
Add
Add a Volume Group
a Volume Group
Set
Set Characteristics
Characteristics of of aa Volume
Volume Group
Group
List
List Contents of a Volume Group
Contents of a Volume Group
Remove
Remove aa Volume
Volume Group
Group
Activate
Activate a Volume
a Volume Group
Group
Deactivate
Deactivate aa Volume
Volume Group
Group
Import
Import aa Volume
Volume Group
Group
Export
Export aa Volume
Volume Group
Group
Mirror
Mirror a Volume Group
a Volume Group
Unmirror
Unmirror aa Volume
Volume Group
Group
Synchronize
Synchronize LVMLVM Mirrors
Mirrors
Back
Back Up
Up aa Volume
Volume Group
Group
Remake
Remake a Volume Group
a Volume Group
Preview
Preview Information
Information about
about aa Backup
Backup
Verify
Verify the Readability of
the Readability of aa Backup
Backup (Tape
(Tape only)
only)
View the Backup
View the Backup Log Log
List
List Files
Files inin aa Volume
Volume Group
Group Backup
Backup
Restore
Restore Files in a Volume Group
Files in a Volume Group Backup
Backup
Notes:
The visual shows the SMIT screen that allows for the configuration of volume groups.
To get to this menu, use the SMIT fastpath, smit vg.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define the options available for volume groups
Details — Provide a quick overview of the items on this screen.
Additional information — In the next few visuals, we describe many of the options listed
on this screen.
Transition statement — Let's see how we can create a VG.
Uempty
Add
Add an
an Original
Original Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg]
Physical
Physical partition
partition SIZE
SIZE inin megabytes
megabytes ++
** PHYSICAL VOLUME names
PHYSICAL VOLUME names [hdisk1
[hdisk1 hdisk2] ++
hdisk2]
Force
Force the
the creation
creation of
of aa volume
volume group?
group? no
no ++
Activate volume group AUTOMATICALLY
Activate volume group AUTOMATICALLY yes
yes ++
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++
Notes:
The mkvg command
The mkvg command is used to create a volume group. A new volume group must contain
at least one physical volume. The -y option is used to indicate the name for the new volume
group. If this is not specified, a system generated name is used.
It is best not to select a physical partition size as the system will select the best fit
automatically. The default is the smallest physical partition size consistent with the
maximum PP/PV and the largest physical volume in the volume group.
Using SMIT
The volume group MAJOR NUMBER on the SMIT dialog screen is used by the kernel to
access that volume group. This field is most often used for PowerHA where the major
number ideally should be the same for all nodes in the cluster.
Concurrent capable VGs are used for parallel processing applications, whereby the volume
group is read/write accessible to multiple machines at the same time.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show students how to add a volume group
Details — Go through the example of how to add a VG to a system. Point out that the big
VG panel is identical.
Additional information —
Transition statement — Let us look at how adding a scalable volume group differs.
Uempty
Add
Add aa Scalable
Scalable Volume
Volume Group
Group
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
[Entry
[Entry Fields]
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg]
Physical
Physical partition
partition SIZE
SIZE inin megabytes
megabytes ++
** PHYSICAL VOLUME names
PHYSICAL VOLUME names [hdisk3]
[hdisk3] ++
Force
Force the
the creation
creation of of aa volume
volume group?
group? no
no ++
Activate volume group AUTOMATICALLY
Activate volume group AUTOMATICALLY yes
yes ++
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++
Max
Max PPs
PPs per
per VG
VG in
in units
units ofof 1024
1024 32
32 ++
Max Logical Volumes
Max Logical Volumes 256
256 ++
Notes:
Additional options for scalable volume groups
There is a separate SMIT panel for adding scalable volume groups. Besides creating a
different format VGDA, the administrator has the option to set the Maximum PPs per VG,
and the Max Logical Volumes for the volume group.
With non-scalable volume groups, LVM allows tuning of the number of physical partitions
for each physical volume through the -t factor. In scalable volume groups, the physical
partitions are managed on a volume group wide basis.
The maximum number of logical volumes was fixed depending upon the type of volume
group. Now, in scalable volume groups, the maximum is tunable.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Explain the AIX scalable volume group creation options
Details — Warn the students not to make the maximums larger than they really need them
to be. The increased size of the control block structures can have a detrimental impact on
performance.
Additional information —
Transition statement — Now, let us move on to how we can list the volume groups and
attributes after they have been created.
Uempty
## lsvg
lsvg
rootvg
rootvg
datavg
datavg
db2_vg
db2_vg
## lsvg
lsvg -o
-o
datavg
datavg
rootvg
rootvg
## lsvg
lsvg rootvg
rootvg
VOLUME
VOLUME GROUP:
GROUP: rootvg
rootvg VG
VG IDENTIFIER:
IDENTIFIER:
00cf2e7f00004c000000011cec07b52e
00cf2e7f00004c000000011cec07b52e
VG
VG STATE:
STATE: active
active PP
PP SIZE:
SIZE: 64
64 megabyte(s)
megabyte(s)
VG
VG PERMISSION:
PERMISSION: read/write
read/write TOTAL
TOTAL PPs:
PPs: 130
130 (8320
(8320 megabytes)
megabytes)
MAX LVs:
MAX LVs: 256
256 FREE PPs:
FREE PPs: 54
54 (3456 megabytes)
(3456 megabytes)
LVs:
LVs: 11
11 USED
USED PPs:
PPs: 76
76 (4864
(4864 megabytes)
megabytes)
OPEN
OPEN LVs:
LVs: 99 QUORUM:
QUORUM: 22 (Enabled)
(Enabled)
TOTAL
TOTAL PVs:
PVs: 22 VG
VG DESCRIPTORS:
DESCRIPTORS: 33
STALE PVs:
STALE PVs: 00 STALE
STALE PPs:
PPs: 00
ACTIVE
ACTIVE PVs:
PVs: 22 AUTO
AUTO ON:
ON: yes
yes
MAX PPs per VG:
MAX PPs per VG: 32512
32512
MAX
MAX PPs
PPs per
per PV:
PV: 1016
1016 MAX
MAX PVs:
PVs: 32
32
LTG
LTG size
size (Dynamic):
(Dynamic): 256
256 kilobyte(s)
kilobyte(s) AUTO
AUTO SYNC:
SYNC: no
no
HOT
HOT SPARE:
SPARE: no
no BB
BB POLICY:
POLICY: relocatable
relocatable
© Copyright IBM Corporation 2009
Notes:
The lsvg command, with no parameters, lists the volume groups in the system. If used with
the –o options, all varied on/active volume groups are displayed.
To further list the information about the status and content of a particular volume group, run
lsvg <Volumegroup_name>
The output provides status information about the volume group. The most useful
information here is:
• Volume group state (VG STATE - active or inactive/complete if all physical volumes are
active)
• Physical partition size
• Total number of physical partitions (TOTAL PPs)
• Number of free physical partitions (FREE PPs)
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to list VGs and their attributes
Details — Go through the details in the visual and in the notes. Point out particular
attributes which should be of interest to the class.
Additional information —
Transition statement — Let’s now see how we can use lsvg to list the disks and LVs in a
VG.
Uempty
## lsvg
lsvg -p
-p rootvg
rootvg
rootvg:
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE TOTAL
TOTAL PPs
PPs FREE
FREE PPs
PPs FREE
FREE DISTRIBUTION
DISTRIBUTION
hdisk0
hdisk0 active
active 99
99 23
23 15..00..00..00..08
15..00..00..00..08
hdisk5
hdisk5 active
active 31
31 31
31 07..06..06..06..06
07..06..06..06..06
## lsvg
lsvg -l
-l rootvg
rootvg
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
boot 11 11 11 closed/syncd
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
jfs 55 55 11 open/syncd
open/syncd /var
/var
hd3
hd3 jfs
jfs 33 33 11 open/syncd
open/syncd /tmp
/tmp
hd1
hd1 jfs
jfs 11 22 11 open/syncd
open/syncd /home
/home
hd10opt
hd10opt jfs
jfs 44 44 11 open/syncd
open/syncd /opt
/opt
Notes:
The lsvg -p Volumegroup command gives information about all of the physical volumes
within the volume group. The information given is:
• Physical volume name (PV_NAME)
• Physical volume state (PV STATE - active or inactive)
• Total number of physical partitions (TOTAL PPs)
• Number of free physical partitions (FREE PPs)
• How the free space is distributed across the disk (FREE DISTRIBUTION)
Free distribution is the number of physical partitions allocated within each section of the
physical volume: outer edge, outer middle, center, inner middle, and inner edge.
The lsvg -l Volumegroup command gives information about all of the logical volumes
within the volume group. The details given are:
• Logical volume name (LVNAME)
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Change
Change aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name datavg
datavg
** Activate
Activate volume
volume group
group AUTOMATICALLY
AUTOMATICALLY no
no ++
at system restart?
at system restart?
** AA QUORUM
QUORUM of
of disks
disks required
required toto keep
keep the
the volume
volume no
no ++
group on-line
group on-line ? ?
Convert
Convert this
this VG
VG to
to Concurrent
Concurrent Capable?
Capable? no
no ++
Change to big VG format?
Change to big VG format? no
no ++
Change
Change to
to scalable
scalable VG VG format?
format? no
no ++
LTG Size in kbytes
LTG Size in kbytes 256
256 ++
Set
Set hotspare
hotspare characteristics
characteristics nn ++
Set
Set synchronization characteristics
synchronization characteristics of of stale
stale nn ++
partitions
partitions
Max
Max PPs
PPs per
per VG
VG in
in units
units of
of 1024
1024 32
32 ++
Max Logical Volumes
Max Logical Volumes 256
256 ++
Notes:
The chvg command changes the characteristics of a volume group. In the example shown
in the visual attributes, Activate volume group AUTOMATICALLY at system
restart? and A QUORUM of disks required to keep the volume group
on-line? were set to No, which causes the following command to run: chvg –a n –Q n
datavg
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## extendvg
extendvg -f
-f rootvg
rootvg hdisk2
hdisk2
## lsvg
lsvg -p rootvg || awk
-p rootvg awk ‘{print
‘{print $1,
$1, $2}’
$2}’
rootvg:
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active
hdisk1
hdisk1 active
active hdisk2
hdisk2
hdisk2 active
active
hdisk0 hdisk1
## reducevg
reducevg -f
-f rootvg
rootvg hdisk1
hdisk1
## lsvg
lsvg -p rootvg || awk
-p rootvg awk ‘{print
‘{print $1,
$1, $2}’
$2}’
rootvg:
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active hdisk1
hdisk2
hdisk2 active
active
Notes:
Add a Physical Volume to a Volume Group
To add a disk to an existing volume group, use the extendvg command or SMIT fastpath
smit extendvg. The disk must be installed in the system or connected to it externally,
and must be powered on.
extendvg formats the disk into physical partitions and then adds them to the physical
partition mapping maintained in the VGDA for the volume group. The space on the new
disk is now available to be allocated to logical volumes in the volume group. If the existing
data in the VGDA on the disk shows that it is part of another volume group, the -f option
forces the addition of the disk to the volume group, without requesting confirmation. Use
this option when adding a disk which has been previously used, but contains data which is
no longer needed.
The syntax for the extendvg command is:
extendvg [-f] Volumegroup hdiskn
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Explain how to extend or reduce the size of a volume group. Show how to add
and remove physical volumes in a volume group.
Details — Describe the steps that need to be taken to add or remove a physical volume
from a volume group.
Additional information — When the last physical volume has been removed from the
volume group, the volume group effectively no longer exists, since there are no more
VGDAs to define it. At that point, LVM also removes any record of the volume group from
the ODM database.
Transition statement — Let's see how we can remove a VG.
Uempty
Remove
Remove aa Volume
Volume Group
Group
Type
Type or
or select
select aa value
value for
for the
the entry
entry field.
field.
Press
Press Enter AFTER making all desired changes.
Enter AFTER making all desired changes.
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg] ++
Note: There is no option to input disks. In this example db2_vg was contained
on hdisk3.
Notes:
You can use the smit reducevg2 fastpath to remove a volume group. It runs a script
which identifies what physical volumes are in the volume group and then runs the
reducevg command to remove each physical volume until there are no more physical
volumes in the volume group.
The Remove a Volume Group menu does not have a corresponding high-level
command. The correct way to remove a volume group, is to use the Remove a
Physical Volume from a Volume Group option, which calls the reducevg
command. This removes the volume group when you remove the last physical volume
within it.
The syntax of the reducevg command is:
reducevg [-d] [-f] VolumeGroup PhysicalVolume
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to delete a volume group
Details — Go through the example in the visual.
Additional information —
Transition statement — Having played with altering the characteristics of the volume
group, let us look at how we can control access to the volume group.
Uempty
Deactivate
Deactivate aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
Put
Put volume group
volume group in
in SYSTEM
SYSTEM no
no ++
MANAGEMENT mode?
MANAGEMENT mode?
© Copyright IBM Corporation 2009
Notes:
The varyonvg command
The varyonvg command is used to activate a volume group that is not activated at system
startup, or has been added to the system since startup.
The -f option is used to force a volume group online. It allows a volume group to be made
active that does not currently have a quorum of available disks. Any disk that cannot be
brought to an active state is put in a removed state. At least one disk must be available for
use in the volume group.
The varyoffvg command
The varyoffvg command is used to deactivate a volume group. No logical volumes
should be open when this command is issued. Removing a disk without deactivating the
volume group could cause errors and loss of data in the volume group descriptor areas,
and the logical volumes within that volume group.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how volume groups, other than the rootvg, can be activated and
deactivated.
Details — Go through the example of activating / deactivating VGs.
Additional information —
Transition statement — Volume groups can be moved from one system to another. Let's
see how this can be done.
Uempty
Export
Export aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
Notes:
Exporting a volume group
If you have a volume group on one or more external disks that you want to access on
another system, you must first export the volume group from the current system using the
exportvg command. This removes all information about the volume group from the
system. To export a volume group, it must be inactive.
Importing a volume group
To access an exported volume group on a system, it must be imported to the system using
the importvg command. Never attempt to import rootvg.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to export and import a volume group
Details — Explain to students how to import and export VGs between systems.
Additional information — PowerHA imports and activates VGs without them first being
exported from the target system.
Transition statement — Finally, let’s end VGs with details on how to reorganize them.
Uempty
# smit reorgvg
Reorganize
Reorganize aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [rootvg]
[rootvg] ++
## reorgvg
reorgvg rootvg
rootvg
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd5
hd5 migrated.
migrated.
0516-962
0516-962 reorgvg: Logical volume hd6 migrated.
reorgvg: Logical volume hd6 migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd8
hd8 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd4
hd4 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd2
hd2 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd9var
hd9var migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd3
hd3 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd1
hd1 migrated.
migrated.
0516-962
0516-962 reorgvg: Logical volume hd10opt migrated.
reorgvg: Logical volume hd10opt migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume loglv00
loglv00 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd11admin
hd11admin migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume fslv00
fslv00 migrated.
migrated.
Notes:
Reorganizing a volume group
If the intra-physical volume allocation policy (location on disk: center, middle, edge, inner
edge, and inner middle) is changed after the logical volume is created, the physical
partition does not relocate automatically. The reorgvg command is used to redistribute
the physical partitions of the logical volumes of a volume group according to their preferred
allocation policies. This should improve disk performance. Preference is given in the order
listed on the command line.
reorgvg syntax
The syntax is: reducevg [-d] [-f] Volumegroup hdiskn
For example: reorgvg rootvg hd4 hd5
Using SMIT, no other arguments can be supplied. The entire volume group is reorganized.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how data in a volume group can be reorganized
Details — The reorgvg command can be used to change the allocation of logical
volumes in a volume group, based on the allocation policy set on the logical volume. This
command tries to place the specified logical volume in the new place, or as close to the
requested place as possible. This command is only successful if there is space to
maneuver.
Additional information —
Transition statement — Let's take a look at logical volumes.
Uempty
Logical storage
IBM Power Systems
Physical volumes
1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
35 38 35 38
36 37 41 36 37
41 44 44
42 43 42 43
47 50 47 50
48 49 48 49
1 2 3 4 1 2 3 4 Logical
partitions
Logical Logical
volume volume
© Copyright IBM Corporation 2009
Notes:
Logical volumes
A logical volume is a group of logical partitions which may span physical volumes, as long
as the physical volumes are in the same volume group. A file system resides on top of a
logical volume (LV). A logical volume can be dynamically extended.
Logical partitions
Logical partitions are mapped one-to-one to physical partitions unless they are being
mirrored.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Review the logical volume structure as an introduction to a more detailed
discussion
Details — Review logical volumes and logical partitions and how they map to physical
partitions.
Review the fact that the Logical Volume Manager (LVM) is a device driver that assimilates
the physical volumes into a logical view.
Additional information —
Transition statement — Let’s define RAID support in LVM.
Uempty
Notes:
LVM supports three software RAID configurations:
• RAID 0. Striping provides improved performance and additional storage, but no fault
tolerance. Any disk failure destroys the array, which becomes more likely with more
disks in the array. A single disk failure destroys the entire array because when data is
written to a RAID 0 drive, the data is broken into fragments. The fragments are written
to their respective disks simultaneously on the same sector. This allows smaller
sections of the entire chunk of data to be read off the drive in parallel, giving this type of
arrangement huge bandwidth. RAID 0 does not implement error checking so any error
is unrecoverable. More disks in the array means higher bandwidth, but greater risk of
data loss.
• RAID 1.Mirroring on AIX provides fault tolerance from disk errors by creating up to three
copies of the data on different drives.
• RAID 10 Combines RAID levels 0 + 1. Striping + mirroring provides fault tolerance
along with improved performance.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce RAID support in LVM
Details — Introduce RAID level support in LVM. Most datavgs today, are held within SAN
environments. Point out that AIX LVM is S/W RAID whereas RAID support in SAN
technology is implemented at the H/W layer. This generally has better performance
combined with greater flexibility. One should ideally not mix the two.
Additional information —
Transition statement — Let’s review LVM options which affect performance.
Uempty
Notes:
The visual highlights key LVM options which affect performance.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce LVM options which affect performance
Details — Go through the details on the foil, at a high level only.
Additional information —
Transition statement — Let’s define each RAID level in more detail, starting with RAID 1.
Uempty
Mirroring (RAID1)
IBM Power Systems
hdisk0
fslv00
First copy PP1
PP2 LP1
LP2
hdisk1
Second copy PP1
PP2
hdisk2
Third copy PP1
PP2
Notes:
Mirroring of data over multiple drives protects against a potential hardware failure. The
structure of LVM enables mirroring by manipulating the relationship between the physical
partition and the logical partition. The AIX mirror function does not apply to a physical disk,
only to logical volumes. This is the most important principle to understand for the AIX LVM
mirroring function. In a normal operating environment each physical partition is mapped to
a logical partition. When you mirror data, the ratio becomes one logical partition to two
physical partitions for a two-way mirror. Or, one logical partition to three physical partitions
for a three-way mirror.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define mirroring (RAID 1)
Details — To increase availability, mirror the copies onto physical volumes that are
attached to separate buses, adapters, and power supplies. Upon failure of one of these
components, the copies may still be maintained, since they are not attached to the failing
device. A mirrored copy of the data can be removed. This is shown later in this unit.
Similarly, a maximum of three copies of the data can be added later on. However, in order
for the copies to be useful, they have to be synchronized.
Additional information —
Transition statement — Strictness is a critical option when mirroring. Let’s explain
mirroring allocation.
Uempty
Mirroring, allocation
IBM Power Systems
Notes:
When mirroring data, it is essential that all PP copies are stored on different disks. The
placement of PP is governed by the allocation policy, which by default is set to strict. Strict
policy ensures that all mirrored copies are placed on different disks. However, under LVM
RAID 0 +1 configurations, strict policy can lead to situations where mirrored copies of the
data are on the same disk. To protect against this, the system will automatically set the
allocation policy to superstrict.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define and explain mirroring allocation policies
Details — Strict policy, ensures the mirrored copies are stored on different PVs. However,
in certain LVM RAID 10 configurations the system will store mirrored LV copies to the same
disk, limiting resilience. Superstrict ensures that mirrored LP copies cannot share the same
disk, providing maximum protection.
Additional information —
Transition statement — Let’s define striping.
Uempty
Striping (RAID 0)
IBM Power Systems
Notes:
Striping
Striping is a technique for spreading the data in a logical volume across several disks, so
that the I/O capacity of the disk drives can be used in parallel, so to access data on the
logical volume.
Striping is designed to increase the read/write performance of frequently accessed, large
sequential files. Striping can also be used to distribute data evenly across a set of disks, so
that random I/O can be scattered across many drives simultaneously. In non-striped logical
volumes, data is accessed using addresses to data blocks within physical partitions. In a
striped logical volume, data is accessed using addresses to stripe units.
Stripe size
The size of the stripe unit is specified at creation time. The stripe size can range from 4 KB
-128 MB in powers of two.
Constraints
There are some constraints imposed by implementing striping:
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• The number of physical partitions allocated to a striped logical volume must evenly
distributable among the disks.
• At least two physical volumes are required
Performance considerations
There are some considerations in configuring striping for performance:
• Use as many adapters as possible. For example, if multiple disks in the stripe width are
on the same storage adapter, a read/write of a stripe is not able to read/write the stripe
units in parallel.
• Design to avoid contention with other uses of the disks used by the striped logical
volume.
• Create on a volume group dedicated to striped logical volumes.
It is not a good idea to mix striped and non-striped logical volumes in the same physical
volume. Physical volumes should ideally be the same size within the set used for a striped
logical volume. Just because a logical volume is striped, it does not mean that the file's
data blocks are going to be perfectly aligned with the stripe units. Therefore, if a file block
crosses a stripe boundary, the block gets split into multiple LVM I/Os.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
1 3 5 1 3 5 1
2
hdisk2 hdisk0 3
4
2
5
2 4 6 4 6
6
Stream of
hdisk3 hdisk1 data
Notes:
RAID 10 meets performance and high availability requirements by mirroring strip sets to
different disks. However, this comes at a cost as more disks are required (minimum 4).
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Center Inner-middle
Edge
Note: These settings have little effect when used in SAN environments, whereby
LUNs are in RAID configurations.
© Copyright IBM Corporation 2009
Notes:
Introduction
When creating or changing a logical volume you can define the way the Logical Volume
Manager decides which physical partitions to allocate to the logical volume. This affects the
performance of the logical volume.
Intra-physical volume allocation policy
The intra-disk allocation policy choices, are based on the five regions of a disk where
physical partitions can be located. The closer a given physical partition is to the center of a
physical volume, the lower the average seek time is because the center has the shortest
average seek distance from any other part of the disk. The file system log is a good
candidate for allocation at the center of a physical volume, because it is so frequently used
by the operating system. At the other extreme, the boot logical volume is used infrequently,
and is therefore allocated at the edge or middle of the physical volume. The general rule is
that the more I/Os, either absolutely or during the running of an important application, the
closer to the center of the physical volumes the physical partitions of the logical volume
need to be allocated.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define the logical volume allocation policies
Details — By default, you do not have to worry where a logical volume is placed on disk
and on which disk it is placed. The LVM handles all the policies for you. However, if you
have a specific requirement you can specify this through SMIT. Policies can also be
changed after you have set up the logical volume. However, this operation requires a little
bit of work because the volume group has to be reorganized.
Additional information — These settings have little effect when data is placed in SAN
environments
Transition statement — Let's define scheduling options.
Uempty
– Sequential
• Second physical write operation is not started unless the first operation
has completed successfully.
• In case of a total disk failure, there is always a “good copy”.
• Increased availability, but decreases performance
Notes:
Scheduling policies
The scheduling policy determines how reads and writes are conducted to a mirrored logical
volume. LVM offers several scheduling policies for mirrored volumes to control how data is
written and read from the copies.
Sequential write
Sequential mirroring writes to multiple copies or mirrors in order. The multiple physical
partitions representing the mirrored copies of a single logical partition are designated
primary, secondary, and tertiary. In sequential scheduling, the physical partitions are written
to in sequence. The system waits for the write operation for one physical partition to
complete, before starting the write operation for the next one. When all write operations
have been completed for all mirrors, the write operation is complete.
Parallel write
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Parallel mirroring simultaneously starts the write operation for all the physical partitions in a
logical partition. When the write operation to the physical partition that takes the longest to
complete finishes, the write operation is completed.
Sequential read
When a sequential read is specified, the primary copy of the read is always read first. If that
read operation is unsuccessful, the next copy is read. During the read retry operation on
the next copy, the failed primary copy is corrected by LVM with a hardware relocation. This
patches the bad block for future access.
Parallel read
On each read, the system checks whether the primary is busy. If it is not busy, the read is
initiated on the primary. If the primary is busy, the system checks the secondary, and then
the tertiary. If those are also busy, the read is initiated in the copy with the least number of
outstanding I/Os.
Round-robin read
Round-robin reads alternate between copies. This results in equal utilization for reads,
even when there is more than one I/O outstanding.
Which is right for me?
Each of the scheduling policies provide benefits, as well as drawbacks. When deciding on
a method of mirroring, you need to take into consideration how critical the data is, and
performance. The trade off is performance, versus availability. In general, a mirrored logical
volume is slower than an unmirrored logical volume, because you have to write the data in
two or three places. The exception can be a mirrored LV in a high-read environment. If your
application does mostly reads, and you are using parallel or parallel/round robin
scheduling, reads may complete faster because the I/Os are spread across multiple disks,
which can occur simultaneously if the disks are on separate controllers. One of the parallel
scheduling policies usually provides the best performance in a write intensive environment,
because writes can proceed in parallel. However, there is some additional overhead, and
mirrored logical volumes are usually slower than comparable unmirrored logical volumes in
a write intensive environment. Sequential scheduling provides the worst performance, but
provides the best chance of recovering data in the event of a system crash in the middle of
a write operation. Sequential scheduling makes it more likely that you have at least one
good copy, the primary copy, of a logical partition after a crash.
Synchronization
When turning on mirroring for an existing logical volume, the copies have to be
synchronized so the new copy contains a perfect image of the existing copy, at that point in
time. This can be done by using the -k option on the mklvcopy command at the time
mirroring is turned on, or with the syncvg command at a later time. Until the copies are
synchronized, the new copy is marked stale.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The LVM always ensures data consistency among mirrored copies of a logical volume
during normal I/O processing.
For every write to a logical volume, the LVM generates a write request for every mirror
copy. A problem arises if the system crashes in the middle of processing a mirrored write,
and before all copies are written. If mirror write consistency recovery is requested for a
logical volume, the LVM keeps additional information to allow recovery of these
inconsistent mirrors. Mirror write consistency recovery should be performed for most
mirrored logical volumes. Logical volumes, such as the page space that do not use the
existing data when the volume group is re-varied on, do not need this protection.
The Mirror Write Consistency (MWC) record consists of one sector. It identifies which
logical partitions may be inconsistent if the system is not shut down correctly. When the
volume group is varied back online, this information is used to make the logical partitions
consistent again. Note: With Mirror Write Consistency LVs, because the MWC control
sector is on the edge of the disk, performance may be improved if the mirrored logical
volume is also on the edge.
Uempty Beginning in AIX 5L, a mirror write consistency option called Passive Mirror Write
Consistency is available. The default mechanism for ensuring mirror write consistency is
Active MWC. Active MWC provides fast recovery at reboot time after a crash has occurred.
However, this benefit comes at the expense of write performance degradation, particularly
in the case of random writes. Disabling Active MWC eliminates this write-performance
penalty, but upon reboot after a crash, you must use the syncvg -f command to manually
synchronize the entire volume group, before users can access the volume group. To
achieve this, automatic vary-on of volume groups must be disabled.
Enabling Passive MWC not only eliminates the write-performance penalty associated with
Active MWC, but logical volumes will be automatically resynchronized as the partitions are
being accessed. This means that the administrator does not have to synchronize logical
volumes manually or disable automatic vary-on. The disadvantage of Passive MWC is that
slower read operations may occur, until all the partitions have been resynchronized.
You can select either mirror write consistency option within SMIT, when creating or
changing a logical volume. The selection option takes effect only when the logical volume
is mirrored (copies > 1).
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Describe the role of Mirror write consistency
Details — Describe MWC (as per the visual and notes). Differentiate the active and
passive options of MWC.
Additional information —
Transition statement — Let’s look at the LV main menu in SMIT.
Uempty
# smit lv
Logical
Logical Volumes
Volumes
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Logical
Logical Volumes
Volumes byby Volume
Volume Group
Group
Add a Logical Volume
Add a Logical Volume
Set
Set Characteristic
Characteristic ofof aa Logical
Logical Volume
Volume
Show
Show Characteristics of a Logical
Characteristics of a Logical Volume
Volume
Remove
Remove aa Logical
Logical Volume
Volume
Copy
Copy aa Logical
Logical Volume
Volume
Notes:
This is the top-level SMIT menu for logical volumes. The next few pages discuss these
items.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define the SMIT Logical Volumes screen
Details — At a high level, review each of the items in turn
Additional information —
Transition statement — Let's first see how to create an LV.
Uempty
Notes:
The mklv command creates a logical volume. The name of the logical volume can be
specified or a system-generated name is used. The volume group the logical volume
belongs to, and the size (in logical partitions, must be specified. Other characteristics that
can be set are, the allocation policy, copies (mirroring), scheduling policy, and striping.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to add a logical volume
Details — Go through and highlight / explain each attribute.
Additional information —
Transition statement — Now we can create LVs, let's see how to view their
characteristics.
Uempty
Show LV characteristics (1 of 2)
IBM Power Systems
## lslv
lslv datalv
datalv
LOGICAL
LOGICAL VOLUME:
VOLUME: datalv
datalv VOLUME
VOLUME GROUP:
GROUP: datavg
datavg
LV IDENTIFIER:
LV IDENTIFIER: 00cf2e7f00004c000000011d68130bea.1
00cf2e7f00004c000000011d68130bea.1
PERMISSION:
PERMISSION: read/write
read/write
VG STATE:
VG STATE: active/complete
active/complete LV
LV STATE:
STATE: closed/syncd
closed/syncd
TYPE:
TYPE: jfs2
jfs2 WRITE
WRITE VERIFY:
VERIFY: off
off
MAX
MAX LPs:
LPs: 512
512 PP
PP SIZE:
SIZE: 44 megabyte(s)
megabyte(s)
COPIES:
COPIES: 22 SCHED
SCHED POLICY:
POLICY: parallel
parallel
LPs:
LPs: 10
10 PPs:
PPs: 20
20
STALE
STALE PPs:
PPs: 00 BB
BB POLICY:
POLICY: relocatable
relocatable
INTER-POLICY:
INTER-POLICY: minimum
minimum RELOCATABLE:
RELOCATABLE: yes
yes
INTRA-POLICY:
INTRA-POLICY: middle
middle UPPER
UPPER BOUND:
BOUND: 11
MOUNT POINT:
MOUNT POINT: N/A
N/A LABEL:
LABEL: None
None
MIRROR
MIRROR WRITE
WRITE CONSISTENCY:
CONSISTENCY: on/ACTIVE
on/ACTIVE
EACH
EACH LP COPY ON AA SEPARATE
LP COPY ON SEPARATE PV
PV ?:
?: yes
yes (superstrict)
(superstrict)
## lslv
lslv -l
-l datalv
datalv
datalv:N/A
datalv:N/A
PV
PV COPIES
COPIES IN
IN BAND
BAND DISTRIBUTION
DISTRIBUTION
hdisk2
hdisk2 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
hdisk3
hdisk3 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
Notes:
To list the characteristics of a logical volume use the command: lslv
<logicalvolume_name>
The –l flag lists the following fields for each physical volume in the logical volume:
• PV: Physical volume name.
• Copies:
- The number of logical partitions containing at least one physical partition (no copies)
on the physical volume
- The number of logical partitions containing at least two physical partitions (one copy)
on the physical volume
- The number of logical partitions containing three physical partitions (two copies) on
the physical volume
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• In band: The percentage of physical partitions on the physical volume that belong to the
logical volume, and were allocated within the physical volume region specified by
Intra-physical allocation policy
• Distribution: The number of physical partitions allocated within each section of the
physical volume: outer edge, outer middle, center, inner middle, and inner edge of the
physical volume
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Show LV characteristics (2 of 2)
IBM Power Systems
Notes:
The lslv –m flag shows the LP to PP relationship. The example in the visual, shows LP
number 1 for datalv, is mapped to physical partition number 104 on hdisk2, and is also
mirrored to the same physical partition number on hdisk3.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Add
Add Copies
Copies to
to aa Logical
Logical Volume
Volume
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
** NEW
NEW TOTAL
TOTAL number
number ofof logical
logical partition
partition 33 ++
copies
copies
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk4]
[hdisk4] ++
POSITION
POSITION onon physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER
NUMBER ofof PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
to use for allocation
to use for allocation
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on a SEPARATE physical volume?
a SEPARATE physical volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]
SYNCHRONIZE
SYNCHRONIZE thethe data
data in
in the
the new
new yes
yes ++
logical
logical partition
partition copies?
copies?
Notes:
Adding a copy of a logical volume
The mklvcopy command is used to add up to three copies to a logical volume. Specify the
logical volume to change and the total number of copies wanted. This only succeeds if
there are enough physical partitions to satisfy the requirements on the physical volumes
that are specified to be used. That is, if all copies are to be on different physical volumes.
Once a logical volume has been created, striping cannot be imposed or removed.
Synchronizing a mirrored logical volume
Also, in order for the copies to match, the logical volume has to be synchronized using the
syncvg command. This can be done with the -k option when the copy is originally started.
It can be done later, using the syncvg command.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to add mirrored copies to a LV
Details — Be sure to point out the importance of synchronizing the copies, either while
turning mirroring on, or after it is turned on. Until the copy is synchronized, it is marked as
stale.
Additional information —
Transition statement — Let's see how we can increase the size of a logical volume.
Uempty
Increase
Increase the
the Size
Size of
of aa Logical
Logical Volume
Volume
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
** Number
Number ofof ADDITIONAL
ADDITIONAL logical
logical partitions
partitions [20]
[20] ##
PHYSICAL VOLUME names
PHYSICAL VOLUME names []
[] ++
POSITION
POSITION onon physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER
NUMBER of
of PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
to use for allocation
to use for allocation
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on aa SEPARATE
SEPARATE physical
physical volume?
volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]
Notes:
The extendlv command increases the number of logical partitions allocated to the
LogicalVolume, by allocating the number of additional logical partitions represented by the
Partitions parameter. The LogicalVolume parameter can be a logical volume name or a
logical volume ID. To limit the allocation to specific physical volumes, use the names of one
or more physical volumes in the PhysicalVolume parameter. Otherwise, all the physical
volumes in a volume group are available for allocating new physical partitions.
The default maximum number of partitions for a logical volume is 512. Before extending a
logical volume to more than 512 logical partitions, use the chlv command to increase the
default value.
The default allocation policy is to use a minimum number of physical volumes per logical
volume copy, to place the physical partitions belonging to a copy as contiguously as
possible, and then to place the physical partitions in the requested region specified by the
-a flag. Also by default, each copy of a logical partition is placed on a separate physical
volume.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to increase the size of a logical volume.
Details — Explain how to increase the size of an LV. Highlight the options in the visual.
Additional information —
Transition statement — Let’s see how to remove an LV.
Uempty
Remove
Remove aa Logical
Logical Volume
Volume
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
LOGICAL
LOGICAL VOLUME
VOLUME name
name [datalv2]
[datalv2] ++
Notes:
The rmlv command removes logical volumes, and in the process, destroys all data.
The LogicalVolume parameter can be a logical volume name or logical volume ID. The
logical volume first must be closed. If the volume group is varied on in concurrent mode,
the logical volume must be closed on all the concurrent nodes on which the volume group
is varied on. For example, if the logical volume contains a file system, it must be
unmounted. However, removing the logical volume does not notify the operating system
that the file system residing on it has been destroyed.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — See how LV are deleted
Details — Explain how LVs are removed and deleted from the system.
Additional information — Before an LV can be removed, the LV_STATE has to be
closed/syncd. For example, an LV cannot be removed if its corresponding file system is
mounted.
Transition statement — Let's see how to list LVs.
Uempty
## lsvg
lsvg -o
-o || lsvg
lsvg -i
-i –l
–l
datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
datalv
datalv jfs2
jfs2 30
30 90
90 33 closed/syncd
closed/syncd N/A
N/A
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
boot 11 11 11 closed/syncd
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
jfs 55 55 11 open/syncd
open/syncd /var
/var
hd3
hd3 jfs
jfs 33 33 11 open/syncd
open/syncd /tmp
/tmp
hd1
hd1 jfs
jfs 11 11 11 open/syncd
open/syncd /home
/home
hd10opt
hd10opt jfs
jfs 44 44 11 open/syncd
open/syncd /opt
/opt
loglv00
loglv00 jfs2log
jfs2log 11 11 11 closed/syncd
closed/syncd N/A
N/A
hd11admin
hd11admin jfs
jfs 22 22 11 open/syncd
open/syncd /admin
/admin
fslv00
fslv00 jfs2
jfs2 22 22 11 closed/syncd
closed/syncd /db2
/db2
Notes:
From the smit lv fastpath, the List all Logical Volumes by Volume Group option uses
lsvg -o to find out the active volume groups, and then lsvg -il to list the logical volumes
within them. The -i option of lsvg reads the list of volume groups from standard input.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to list all LVs by VG
Details — Do not spend too much time going through all the attributes. The students
should be familiar with this type of output.
Additional information —
Transition statement — Let's end the LV section by showing how to mirror an entire VG.
Uempty
## bosboot
bosboot -a
-a -d
-d /dev/hdisk1
/dev/hdisk1
Additional
## bootlist
bootlist -m
-m normal
normal hdisk0
hdisk0 hdisk1
hdisk1 steps
required for
## shutdown rootvg
shutdown –Fr
–Fr (not
(not required
required with
with AIX6
AIX6 and
and later)
later)
© Copyright IBM Corporation 2009
Notes:
The mirrorvg command takes all the logical volumes on a given volume group and
mirrors those logical volumes. This same functionality may also be accomplished manually
if you execute the mklvcopy command for each individual logical volume in a volume
group. As with mklvcopy, the target physical drives to be mirrored with data, must already
be members of the volume group.
When mirrorvg is executed, the default behavior of the command requires that the
synchronization of the mirrors must complete before the command returns to the user. If
you wish to avoid the delay, use the –S (background Sync) or -s (disable sync) option.
The default value of two copies is always used.
If there are only two disks in the volume group to be mirrored, Keep Quorum Checking
On should be set to no. Otherwise, if a disk were to fail, the entire volume group would go
offline.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-73
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Protecting rootvg on AIX from disk failure is important. Mirroring the data is one way to
achieve this. When mirroring rootvg there are additional steps to perform:
• Create a boot image on the mirrored disk, using bosboot command.
• Add the newly mirrored disk to the bootlist.
• Shut down and reboot the system.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-75
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Physical volumes
IBM Power Systems
1 1 4
4
2 3 2 3
7 7 10
10 8
8 9 9
13 13 16
16 14
14 15 19 15
19 22 22
20 21 20 21
25 25 28
28 26 27
26 27 31
31 34 34
32 32 33
35 33 35
38 38
36 36 37
41 37 41 44
44 42 43
42 43 47
47 50 50
48 49 48 49
Physical partitions
Notes:
A physical partition is a fixed size, contiguous set of bytes, on a physical volume (PV).
Physical partitions (PP) must be the same size across an entire volume group. However,
there may be multiple volume groups on a single system, each with a different PP size.
The limitations for each type of volume group (original, big, and scalable) such as the
number of physical volumes and size of the physical partitions, was given in the last unit,
System Storage Overview.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-77
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# smit pv
Physical
Physical Volumes
Volumes
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Physical
Physical Volumes
Volumes inin System
System
Add a Disk
Add a Disk
Change
Change Characteristics
Characteristics of of aa Physical
Physical Volume
Volume
List Contents of a Physical Volume
List Contents of a Physical Volume
Move
Move Contents
Contents of
of aa Physical
Physical Volume
Volume
Notes:
This is the top-level menu for physical volume. Each of these items is discussed in the
following pages.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-79
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
From the smit pv fastpath, the List all Physical Volumes in System option uses
the undocumented command lspv | /usr/bin/awk {print$1}'' list the physical
volumes in the system.
The lspv command with no parameters can be used to list the physical volume name,
physical volume identifier, and volume group for all physical volumes in the system.
The lspv pvname command gives status information about the physical volume. The
most useful information here is:
• State (active or inactive)
• Number of physical partition copies that are stale (are not up to date with other copies)
• Total number of physical partitions
• Number of free physical partitions
• Distribution of free space on the physical volume
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-81
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## lspv
lspv -l
-l hdisk0
hdisk0
hdisk0:
hdisk0:
LV
LV NAME
NAME LPs
LPs PPs
PPs DISTRIBUTION
DISTRIBUTION MOUNT
MOUNT POINT
POINT
hd2
hd2 35
35 35
35 00..00..03..20..12
00..00..03..20..12 /usr
/usr
hd9var
hd9var 55 55 00..05..00..00..00
00..05..00..00..00 /var
/var
hd8
hd8 11 11 00..00..01..00..00
00..00..01..00..00 N/A
N/A
hd4
hd4 15
15 15
15 00..00..15..00..00
00..00..15..00..00 //
hd5
hd5 11 11 01..00..00..00..00
01..00..00..00..00 N/A
N/A
hd6
hd6 88 88 00..08..00..00..00
00..08..00..00..00 N/A
N/A
hd10opt
hd10opt 44 44 04..00..00..00..00
04..00..00..00..00 /opt
/opt
hd3
hd3 33 33 00..03..00..00..00
00..03..00..00..00 /tmp
/tmp
hd1
hd1 11 11 00..01..00..00..00
00..01..00..00..00 /home
/home
hd11admin
hd11admin 22 22 00..02..00..00..00
00..02..00..00..00 /admin
/admin
fslv00
fslv00 22 22 02..00..00..00..00
02..00..00..00..00 /db2
/db2
loglv00
loglv00 11 11 00..01..00..00..00
00..01..00..00..00 N/A
N/A
Notes:
The lspv -l pvname command lists all the logical volumes on a physical volume
including the number of logical partitions, physical partitions, and distributions on the disk.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-83
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## lspv
lspv -p
-p hdisk0
hdisk0
hdisk0:
hdisk0:
PP
PP RANGE
RANGE STATE
STATE REGION
REGION LV
LV NAME
NAME TYPE
TYPE MOUNT
MOUNT POINT
POINT
1-1
1-1 used
used outer
outer edge
edge hd5
hd5 boot
boot N/A
N/A
2-14
2-14 free
free outer
outer edge
edge
15-16
15-16 used
used outer
outer edge
edge fslv00
fslv00 jfs2
jfs2 /db2
/db2
17-20
17-20 used
used outer
outer edge
edge hd10opt
hd10opt jfs2
jfs2 /opt
/opt
21-28
21-28 used
used outer
outer middle
middle hd6
hd6 paging
paging N/A
N/A
29-29
29-29 used
used outer
outer middle
middle loglv00
loglv00 jfs2log
jfs2log N/A
N/A
30-31
30-31 used
used outer
outer middle
middle hd11admin
hd11admin jfs2
jfs2 /admin
/admin
32-32
32-32 used
used outer
outer middle
middle hd1
hd1 jfs2
jfs2 /home
/home
33-35
33-35 used
used outer
outer middle
middle hd3
hd3 jfs2
jfs2 /tmp
/tmp
36-40
36-40 used
used outer
outer middle
middle hd9var
hd9var jfs2
jfs2 /var
/var
41-41
41-41 used
used center
center hd8
hd8 jfslog
jfslog N/A
N/A
42-56
42-56 used
used center
center hd4
hd4 jfs2
jfs2 //
57-59
57-59 used
used center
center hd2
hd2 jfs2
jfs2 /usr
/usr
60-79
60-79 used
used inner
inner middle
middle hd2
hd2 jfs2
jfs2 /usr
/usr
80-91
80-91 used
used inner
inner edge
edge hd2
hd2 jfs2
jfs2 /usr
/usr
92-99
92-99 free
free inner
inner edge
edge
Notes:
The lspv -p pvname command lists all the logical volumes on a disk, and the physical
partitions to which its logical partitions are mapped. It is listed in physical partition order and
shows what partitions are free and which are used, as well as the location; that is, center,
outer middle, outer edge, inner edge, and inner middle.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-85
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## migratepv
migratepv -l
-l lv02
lv02 hdisk0
hdisk0 hdisk6
hdisk6
Notes:
Although there is an option in SMIT to add a physical volume to the system SMIT >
Devices > Add a Disk, in reality the use of this function is not required. Today,
virtually all disks can be configured to AIX using the configuration manager (cfgmgr).
Preparation to remove a physical device
The migratepv command can be used to move all partitions, or partitions from a
selected logical volume, from one physical volume, to one or more other physical
volumes in the same volume group. This would be used if the physical volume is about
to be taken out of service and removed from the machine or to balance disk usage.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-87
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
It is important to have your storage information readily available in case you have a
problem with your system, or in the very worst case, a system crashes. The commands in
the visual help you to get this information.
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-89
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
IBM Power Systems
Notes:
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-91
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Exercise 8
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-93
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-95
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Estimated time
01:30
References
Online AIX Version 6.1 Operating system and device
management
AIX Version 6.1 File Reference
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction
and Concepts (redbook)
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
Unit objectives
IBM Power Systems
Notes:
Notes:
Journaled File Systems (JFS)
JFS was developed for transaction-oriented, high performance Power Systems. JFS is
both saleable and robust. One of the key features of the file system is logging. JFS is a
recoverable file system, which ensures that if the system fails during power outage, or
system crash, no file system transactions will be left in an inconsistent state.
Migration
JFS file systems can co-exist on the same system with JFS2 file systems. However, to fully
utilize the JFS2 features, the following steps are necessary:
1. Backup JFS file system data.
2. Create new JFS2 file systems.
3. Restore JFS file system data to new JFS2 file systems.
• Increased performance
• Increased flexibility
– Filesystems can be dynamically increased and decreased.
– Support for larger enabled filesystems
– Internal or external JFS logging
– Data encryption
– Support for snapshots
Notes:
JFS2 is the default file system type on AIX, since version 5.3. JFS2 provides increased
performance and flexibility when compared to its predecessor, JFS.
JFS filesystems:
• Cannot be dynamically decreased
• Can only support large files, greater than 2GB, if created in a special large enabled
filesystem
- Individual file size can be up to 64GB with JFS as opposed to 16TB with JFS2
• Only support external JFS logging
• Have no support for data encryption or snapshots. A snapshot is a point-in-time image,
like a photograph, of a JFS2 file system
• Superblock
– The superblock maintains information about the entire file
system.
• i-nodes
– Each file and directory has an i-node that contains access
information such as file type, access permissions, owner's ID,
and number of links to that file.
• Data blocks
– Contains file data
– Each file system has a user settable fixed block size attribute
• 512, 1024, 2048, or 4096 bytes
• Allocation maps
– Record the location and allocation of all i-nodes and the
allocation state of each data block.
• Allocation groups
– Responsible for dividing the file system space into chunks so
related data blocks and i-nodes can be clustered together to
achieve good locality
© Copyright IBM Corporation 2009
Notes:
Superblock
The first addressable logical block on the file system is the superblock. The superblock
contains information such as the file system name, size, number of inodes, and date/time
of creation. The superblock is critical to the file system and, if corrupted, prevents the file
system from mounting. For this reason, a backup copy of the superblock is always written
in block 31.
Inodes
Each file and directory has an associated i-node which contains metadata such as
ownership and access times. JFS2 allocates i-nodes, as required.
Data blocks
An individual file within a file system, by default, has units allocated to it in blocks of 4096
bytes. The file system block size can be set to 512, 1024, 2048, or 4096 bytes. A smaller
block size uses less disk space for small files, but may degrade performance. Some AIX
Uempty commands often report file sizes in units of 512 bytes, to remain compatible with other
UNIX file systems. This is independent of the actual unit of allocation.
Allocation maps
A JFS2 file system has two allocation maps:
• The i-node allocation map records the location and allocation of all i-nodes in the file
system.
• The block allocation map records the allocation state of each file system block.
Allocation groups
Allocation groups divide the space on a file system into chunks. Allocation groups allow
JFS2 allocation policies to use well-known methods for achieving optimum I/O
performance. The allocation policies try to cluster related disk blocks and disk i-nodes to
achieve good locality for the disk, as files are often read and written sequentially, and the
files within a directory are often accessed together.
Instructor notes:
Purpose — Describe the key elements of a JFS2 file system structure.
Details — Introduce the basic file system elements as detailed on the visual and notes.
Keep the details simple. The two key elements to focus on are i-nodes and data blocks.
Additional information —
Transition statement — Let's see how we can view inode information and query the block
size of a file system.
Uempty
## istat
istat datafile1
datafile1
Inode 12309 on device 10/8 File
Inode 12309 on device 10/8 File i-node
Protection: rw-r-----
Protection: rw-r----- number
Owner: 211(adminusr) Group: 7(security)
Owner: 211(adminusr) Group: 7(security)
Link count: 1 Length 119 bytes
Link count: 1 Length 119 bytes
Last updated: Thu 12 Feb 19:44:09 2009
Last updated: Thu 12 Feb 19:44:09 2009
Last modified: Thu 12 Feb 19:43:42 2009
Last modified: Thu 12 Feb 19:43:42 2009
Last accessed: Thu 12 Feb 19:43:42 2009
Last accessed: Thu 12 Feb 19:43:42 2009
Notes:
The istat command can be used to display the i-node information for a particular file or
directory. You can specify the file either by providing a file or directory name, or by
providing an i-node number using the –i flag. I-node numbers can be discovered using the
–i flag with the ls command.
The file system block size information can be discovered using the lsfs command.
Instructor notes:
Purpose — Show how to view i-node information and block size for a particular file system
Details — Go through the examples on the visual.
Additional information — There are many ways to view file system information. The
fsdb command is the most comprehensive way to view the file system structure and data.
However, this command is beyond the scope of this class.
Transition statement — Let us look at how we can create a JFS2 file system.
Uempty
# smit crfs_j2
# crfs -v jfs2 -g datavg -a size=1G –m /data
Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name datavg
datavg
SIZE
SIZE of file
of file system
system
Unit
Unit Size
Size Gigabytes
Gigabytes ++
** Number
Number of
of units
units [1]
[1] ##
** MOUNT POINT
MOUNT POINT [/data]
[/data]
Mount
Mount AUTOMATICALLY
AUTOMATICALLY atat system
system restart?
restart? No
No ++
PERMISSIONS
PERMISSIONS read/write
read/write ++
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log size (MBytes)
Log size (MBytes) []
[] ##
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota Management?
Quota Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
Allow
Allow internal
internal snapshots?
snapshots? no
no ++
Notes:
The SMIT screen in the visual shows the creation of a 1GB filesystem (/data) in volume
group: datavg. The creation is done by the crfs command.
In this example, the crfs command will create a file system on a new logical volume,
within a previously created volume group. An entry for the file system is put into the
/etc/filesystems file.
For further information, see the crfs man page.
Instructor notes:
Purpose — Describe how to create a JFS2 file system
Details — This visual shows how to create an enhanced journaled file system. The logical
volume is automatically created.
Walk through the command and the SMIT options in blue. Cover any further options at your
discretion.
Additional information — It may be prudent to provide a demo to students of the high
level FS and JFS2 SMIT panels. Log in to an AIX system and briefly show them:
• smitty fs
• smitty jfs2
Transition statement — Let's see this command in action, as it would be used by a
system administrator.
Uempty
• When the file system is created, the lsfs command will display
the characteristics of the file system.
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data
File system created successfully.
File system created successfully.
1048340
1048340 kilobytes
kilobytes total
total disk
disk space.
space.
New File System size is 2097152
New File System size is 2097152
## lsfs
lsfs /data
/data
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto
/dev/fslv00
/dev/fslv00 --
-- /data
/data jfs2
jfs2 2097152 --
2097152 -- no
no
## lsvg
lsvg -l
-l datavg
datavg
datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT
POINT
POINT
loglv00
loglv00 jfs2log
jfs2log 11 11 11 closed/syncd
closed/syncd N/A
N/A
fslv00
fslv00 jfs2
jfs2 256
256 256
256 11 closed/syncd
closed/syncd /data
/data
Notes:
The visual shows the actual creation of the /data file system shown in the previous slide.
The lsfs command can be used to display the characteristics of the file system.
Prior to the creation of the file system, the contents of the datavg volume group were
empty. We can see two logical volumes created, loglv and fslv00. The loglv volume acts
as the JFS log for both the /data file system and by default any other file systems that will
be created. In creating a file system this way the underlying logical volume is created using
default options. Often it is preferable to first create the logical volume (using custom values)
and then create the file system on top. We shall see this procedure later in the unit.
Instructor notes:
Purpose — Show the creation of a JFS2 file system, its characteristics and the underlying
logical volumes
Details — This visual shows the actual creation of a JFS2 file system. Explain the details
provided in the notes.
Additional information —
Transition statement — After creating a file system, we have to mount it to make it
available. Let us see this process and the associated stanza in /etc/filesystems.
Uempty
Figure 9-8. Mounting a file system and the /etc/filesystems file AN121.1
Notes:
Upon creation of a file system, a stanza in appended to the /etc/filesystems file.
The stanza includes:
• The device (dev) which is the underlying logical volume
• The virtual file system type (vfs)
• The path to the JFS log device (log)
• Whether the file system should be mounted at system start time (mount) and processed
by the AIX accounting system (account).
Before the filesystem can be used it must first be mounted, using the mount command. As
there is a stanza in the /etc/filesystems file, the only parameter required is the name of the
file system. The mount command with no options, will display all file systems which are
currently mounted and available for use.
Instructor notes:
Purpose — Show how to make a file system available for use.
Details — Explain the stanza in the /etc/filesystems file for the /data file system, and how
the file system is mounted.
Additional information —
Transition statement — Let us define the JFS logging options for JFS2 file systems.
Uempty
Notes:
As we have seen by default, a JFS log file is created when the first file system is created in
a volume group. This JFS log will act as the global logging device for all file systems,
unless:
• A specific external log is created for each file systems in the volume group. This
approach has several advantages. It will aide performance and availability. If the
logging device were to become corrupt, it would only affect the associated file system.
• The JFS log device is internal to the filesystem (inline). This saves time having to
create, format, and manage a separate JFS log volume. Inline logging is only available
with JFS2 file systems.
Instructor notes:
Purpose — Explain the three JFS logging options for JFS2 file systems
Details — Go through the examples in the visual and details in the notes. You may want to
go back to the “create file system” SMIT screen, and highlight the JFS logging fields.
Additional information —
Transition statement — Now let's look at creating a JFS2 file system on top of an existing
LV.
Uempty
Creating a file system on a previously defined logical
volume
IBM Power Systems
# smit crfs_j2
# crfs -v jfs2 –d lv_for_data –m /data2 –A yes
Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name lv_for_data
lv_for_data ++
** MOUNT POINT
MOUNT POINT [/data2]
[/data2]
Mount
Mount AUTOMATICALLY
AUTOMATICALLY atat system
system restart?
restart? yes
yes ++
PERMISSIONS
PERMISSIONS read/write
read/write ++
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log size (MBytes)
Log size (MBytes) []
[] ##
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota Management?
Quota Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
Allow
Allow internal
internal snapshots?
snapshots? No
No ++
Figure 9-10. Creating a file system on a previously defined logical volume AN121.1
Notes:
Adding a file system to a previously created logical volume provides greater control over
where the file system will reside on disk and provides options for availability and
performance. When creating file systems in highly available environments (for example,
using PowerHA or Veritas Cluster Services), one should always follow this method. On
creation, the size of the filesystem is set to the size of the logical volume. For example, if
the PP size for the volume group is 64MB, and the logical volume was 4 LPs in size, then
the size of the file system would be (4 x 64MB) 256MB.
After the file system is created:
• If the logical volume is expanded, the size of the file system is not increased.
• The underlying logical volume policies can be dynamically changed. However, there will
be a performance hit, especially for large file systems.
Instructor notes:
Purpose — Show how to add a JFS2 file system on an existing logical volume.
Details — This visual shows the SMIT menu for creating a standard enhanced journaled
file system on a previously defined logical volume.
Walk through the command and the SMIT options in blue. Cover any further options at your
discretion.
Additional information —
Transition statement — Now we can create and mount file systems, let's see how we can
both increase and shrink a file system size.
Uempty
Note:
Note: Advanced
Advanced options
options removed.
removed.
Notes:
JFS2 file systems can be dynamically increased or decreased in size (subject to available
space and LVM rules). You can either choose to increase or decrease by a set amount,
using + or – options respectively, or by providing a specific set number, as shown in the
SMIT example.
Instructor notes:
Purpose — Show how to dynamically increase and shrink a JFS2 file system
Details — Refer to the visual and student notes.
Additional information —
Transition statement — Now that we have looked at creating and modifying our file
systems, let us look at how we remove then.
Uempty
Remove
Remove an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
** FILE
FILE SYSTEM
SYSTEM name
name /data2
/data2 ++
Remove
Remove Mount
Mount Point
Point no
no ++
Notes:
Ways to remove a file system
The rmfs command or SMIT can be used to remove a file system.
Restrictions
In order to remove a file system, it must be unmounted from the overall file tree, and this
cannot be done if the file system is in use, that is, some user or process is using the file
system or has it as a current directory.
Effects of using rmfs command
The rmfs command removes any information for the file system from the ODM and
/etc/filesystems. When the file system is removed, the logical volume on which it resides
is also removed.
Syntax
The syntax of the rmfs command is:
rmfs [-r] [-i] FileSystem
• r Removes the mountpoint of the file system
• i Displays warning and prompts the user before removing the file system
Notes:
The Resource Monitoring and Control (RMC) subsystem
You can also use the Resource Monitoring and Control (RMC) subsystem that is based on
the AIX Reliable Scalable Cluster Technology (RSCT) filesets. Web-based System
Manager can be used to configure RMC. The ctrmc subsystem is started in the
/etc/inittab. RMC is outside the scope of the course.
## df
df -g
-g
Filesystem
Filesystem GB
GB blocks
blocks Free
Free %Used
%Used Iused
Iused %Iused
%Iused Mounted
Mounted on
on
/dev/hd4
/dev/hd4 1.44
1.44 1.10
1.10 24%24% 9896
9896 2% /
2% /
/dev/hd2
/dev/hd2 2.50
2.50 0.10
0.10 97%97% 49616
49616 8%
8% /usr
/usr
/dev/hd9var
/dev/hd9var 0.31
0.31 0.24
0.24 25%25% 1308
1308 2%
2% /var
/var
/dev/hd3
/dev/hd3 0.12
0.12 0.12
0.12 6%
6% 128
128 1%
1% /tmp
/tmp
/proc
/proc -- -- -- -- -- /proc
/proc
/dev/hd10opt
/dev/hd10opt 0.25
0.25 0.03
0.03 88%88% 4567
4567 7%
7% /opt
/opt
/dev/fslv00
/dev/fslv00 8.00
8.00 1.40
1.40 83%83% 6888
6888 3%
3% /export
/export
/dev/fslv01
/dev/fslv01 9.00
9.00 2.33
2.33 75%75% 4059
4059 1%
1% /aix
/aix
/dev/lv00
/dev/lv00 0.12
0.12 0.12
0.12 4%
4% 20
20 1%
1% /audit
/audit
/dev/hd11admin
/dev/hd11admin 0.12
0.12 0.12
0.12 4%
4% 18
18 1%
1% /admin
/admin
/dev/hd1
/dev/hd1 0.62
0.62 0.16
0.16 75%75% 270
270 1%
1% /home
/home
grumpy:/nimback
grumpy:/nimback 25.00
25.00 3.26
3.26 87%87% 99 1%
1% /mnt
/mnt
Notes:
Importance of the df command
The df command lists the free space on all mounted file systems.
This is an important command to know about and use frequently. If you run out of space in
a file system (especially / or /tmp), system corruption could occur.
Useful df command flags
A number of flags (options) can be used with the df command. Some of the most useful of
these flags are shown below:
-i Displays the number of free and used i-nodes for the file system; this output is
the default when the specified file system is mounted
-I Displays information on the total number of blocks, the used space, the free
space, the percentage of used space, and the mount point for the file system
-k Displays statistics in units of 1024-byte blocks
-m Displays statistics in units of MB blocks
-g Displays statistics in units of GB blocks
#!/bin/ksh
#!/bin/ksh
df
df || egrep
egrep -v
-v '(used|proc)'
'(used|proc)' || awk
awk '{print
'{print $4"
$4" "$7}'
"$7}' \\
|| sed 's:%::g' | while read
sed 's:%::g' | while read LINELINE
do
do
PERC=`echo
PERC=`echo $LINE
$LINE || awk
awk '{print
'{print $1}'`
$1}'`
FILESYSTEM=`echo
FILESYSTEM=`echo $LINE | awk
$LINE | awk '{print
'{print $2}'`
$2}'`
if
if [[ $PERC
$PERC -gt
-gt 70
70 ]]
then
then
mail
mail -s
-s "Filesystem
"Filesystem check
check on
on box:
box: `hostname`"
`hostname`" \\
admin@ibm.com <<
admin@ibm.com << EOFEOF
$FILESYSTEM
$FILESYSTEM is is $PERC%
$PERC% full,
full, please
please check
check
EOF
EOF
fi
fi
done
done
Notes:
The need to monitor file system growth
Although AIX provides for dynamic expansion of a file system, it does not expand the file
system on the fly. The system administrator must continually monitor file system growth
and expand file systems as required before they get full. If a file system becomes 100% full,
then the users receive out of space messages when they try to extend files.
Regular use of the df command
One useful technique is to run the df command through cron, the job scheduler, to perform
a regular check of the space available in the file system and produce a report. cron is
covered in a later unit.
/export
/export ## du
du -sg
-sg ..
6.59 .
6.59 .
/export
/export ## du
du gethmc.sh
gethmc.sh
88 FirstBoot.sh
FirstBoot.sh
/export
/export ## du
du –sm
–sm ** || sort
sort -rn
-rn
2131.16
2131.16 mksysbaix53
mksysbaix53
1846.36
1846.36 mksysbaix61
mksysbaix61
1373.11
1373.11 mksysbaix61.light
mksysbaix61.light
248.52
248.52 spot
spot
0.01
0.01 nim
nim
0.01
0.01 bosinst.data
bosinst.data
0.00
0.00 FirstBoot.sh
FirstBoot.sh
0.00
0.00 BUILD.sh
BUILD.sh
Notes:
Use of the du command
There may be a number of files or users that are causing the increased use of space in a
particular file system. The du command helps to determine which files, users, or both, are
causing the problem.
Specifying the units du should use
By default, du gives size information in 512-byte blocks. Use the -k option to display sizes
in 1 KB units, use the -m option to display sizes in 1 MB units, or use the -g option to
display sizes in 1 GB units.
Specifying output by file
By default, du gives information by directory. With the -a option, output is displayed by file,
rather than by directory.
Instructor notes:
Purpose — Explain how to list disk usage
Details — The first example shows the entire space used (in GB) in the /export directory.
The second example shows a du listing of an individual file (in 512 bytes blocks). The final
example is useful for listing the list and directory sizes from the current directory. Note that
the disk usage command is piped into the sort command.
Additional information —
Transition statement — Let's identify some common files which grow.
Uempty
• /var/adm/wtmp
• /etc/security/failedlogin
• /var/adm/sulog
• /var/spool/*/*
• /var/tmp/*
• $HOME/smit*
• $HOME/websm*
Notes:
Managing files that grow
Growing files should be monitored and cleaned out periodically. Some of the files that grow
are listed on the visual.
Records of login activity
The files /var/adm/wtmp, /etc/security/failedlogin, and /var/adm/sulog are needed
because they contain historical data regarding login activity. Thus, these files should
always contain a few days of login activity. If accounting is turned on, /var/adm/wtmp is
kept to a reasonable size. If accounting is not turned on, to capture the data to archive it,
use who -a on /var/adm/wtmp and /etc/security/failedlogin and redirect the output to a
save file. Then, the log file can be purged by overwriting it with a null string. Two ways of
overwriting a log file in this way are illustrated in the following examples:
Example 1:
# cat /dev/null > /var/adm/wtmp
Example 2:
# > /etc/security/failedlogin
The file /var/adm/sulog can be edited directly.
The /var/spool directory
The directory /var/spool contains cron entries, the mail, and other items that grow on an
ongoing basis, along with printer files. If there is a problem with the printer files, you can try
to clear the queuing subsystem by executing the following commands:
stopsrc -s qdaemon
rm /var/spool/lpd/qdir/*
rm /var/spool/lpd/stat/*
rm /var/spool/qdaemon/*
startsrc -s qdaemon
Records of SMIT and Web-based System Manager activity
Files such as smit.log and websm.log in the home directory of the root user, and other
system administration accounts, can also become quite large. These files need to be
monitored regularly and managed appropriately.
Notes:
Function of the skulker command
The shell script /usr/sbin/skulker includes a series of entries containing commands that
remove unwanted or obsolete files of various types. To analyze the commands that are
executed by each entry, print out or view the contents of the /usr/sbin/skulker file.
Concerns related to skulker
A particular version of skulker is suited to the operating system and level with which it was
distributed. If the operating system has been upgraded or modified, it may be inadvisable to
use an old version of skulker. In addition, the skulker shell script is moderately complex.
When making modifications, you should make a copy of the shell script first - just in case!
Note that if skulker is modified, or if it is used on the incorrect version of the operating
system, it ceases to be a supported component of AIX.
Note: The skulker is disabled by default.
Notes:
Benefits of a small block size
In JFS, as many whole blocks as necessary are used to store a file or directory's data.
Consider that we have chosen to use a block size of 4 KB, and we are attempting to store
file data which only partially fills a block. Potentially, the amount of unused or wasted space
in the partially filled block can be quite high. For example, if only 500 bytes are stored in
this block, then 3596 bytes are wasted. However, if a smaller block size, say 512 bytes,
was used, the amount of wasted disk space would be greatly reduced - to only 12 bytes. It
is, therefore, better to use small block sizes, if efficient use of available disk space is
required, in a filesystem which will consist of lots of small files.
Adverse effects of a small block size
Although small block sizes can be beneficial in reducing wasted disk space, they can have
an adverse effect on disk I/O activity. For a 4 KB file, stored in a single block of 4 KB, only
one disk I/O operation would be required to either read or write the file. If the choice of the
block size was 512 bytes, a 4 KB file would only be allocated a 4 KB block if one were
available. If a single 4 KB block were not available, 512 byte blocks would be used, with a
Uempty potential to allocate eight blocks for this file. For a read or write to complete, several
additional disk I/O operations (disk seeks, data transfers, and allocation activity) would be
required. Therefore, for file systems which use a block size of 4 KB, the number of disk I/O
operations are far less, than file systems which employ a smaller block size.
Instructor notes:
Purpose — Discuss considerations related to file system block size
Details — Although there is a distinct advantage in providing this enhancement for
ensuring optimal disk space utilization, this can sometimes be at the expense of
performance.
Additional information —
Transition statement — Over time, data can become fragmented. Let's discuss the
considerations of data fragmentation.
Uempty
Fragmentation considerations
IBM Power Systems
Used block
Free block
FileA
Notes:
Irrespective of the block size, over time data can become fragmented on disk. The defragfs
command will attempt to increases a file system's contiguous free space by reorganizing
free block allocations to be contiguous, rather than scattered across the disk. The file
system to be defragmented can be specified with the device variable, which can be the
path name of the logical volume (for example, /dev/hd4) or the name of the file system,
which is the mount point in the /etc/filesystems file.
Another approach, is to backup and restore the data in a new file system or backup the
data, delete, recreate the file system and restore. This method is certainly cleaner, but
requires some element of downtime.
Instructor notes:
Purpose — Discuss considerations related to fragmented data within file systems
Details — A fragmented file system will impact performance. There should be an attempt
to create contiguous free space using defragfs command or backup, delete and restore the
data.
Additional information —
Transition statement — In the unfortunate event of a system crash. What can we do to
attempt to verify and repair a file system?
Uempty
• fsck command
– Checks file system consistency and interactively repairs the file
system
– If no file system name is specified, the fsck command checks all file
systems which have the check=true attribute set in the
/etc/filesystems.
– Orphan files are placed in the lost+found directory.
• Unmount the file system before running fsck.
## fsck
fsck /data
/data
The
The current
current volume
volume is:
is: /dev/fslv00
/dev/fslv00
Primary
Primary superblock is valid.
superblock is valid.
J2_LOGREDO:log
J2_LOGREDO:log redoredo processing
processing for
for /dev/fslv00
/dev/fslv00
Primary superblock is valid.
Primary superblock is valid.
***
*** Phase
Phase 11 -- Initial
Initial inode
inode scan
scan
***
*** Phase 2 - Process remaining directories
Phase 2 - Process remaining directories
***
*** Phase
Phase 33 -- Process
Process remaining
remaining files
files
***
*** Phase
Phase 44 -- Check
Check and
and repair
repair inode
inode allocation
allocation map
map
***
*** Phase 5 - Check and repair block allocation map
Phase 5 - Check and repair block allocation map
File
File system
system isis clean.
clean.
© Copyright IBM Corporation 2009
Notes:
Always run the fsck command on file systems after a system malfunction. The internal
integrity of a file system should be checked before the file system is mounted. By default,
the fsck command runs interactively, prompting the administrator for the action to perform
in order to repair the file system. If orphaned files or directories (those that cannot be
reached) are found, fsck will attempt to store them file in the /lost+found directory.
For further information, see the fsck man page.
Instructor notes:
Purpose — Define how the integrity of a file system can be checked
Details — Explain how to verify the integrity of a filesystem using the fsck command.
Additional information — In HACMP clusters, logredo rather than fsck should be used.
This helps to speed up recovery following an application failover.
Transition statement — Let's see how we can document file system setup.
Uempty
Notes:
Instructor notes:
Purpose — List useful commands that should be run to document the file system setup
and state.
Details — Encourage students to run the commands listed on the visual, and any other
commands that they feel would be useful for documenting file system setup for their
systems. This type of participation/involvement should be encouraged during all lecture
sessions.
Additional information —
Transition statement — Before, we proceed to the checkpoint, let's complete a review of
system storage.
Uempty
LogicalVolume
Logical volume storage
Structure
hd2
Notes:
Difference between file system and simple directory
It is important to understand the difference between a file system and a directory. A file
system is a section of disk that has been allocated to contain files. This section of disk is
the logical volume. The section of disk is accessed by mounting the file system over a
directory. Once the file system is mounted, it looks like any other directory structure to the
user.
File systems on the visual
The directories on the right of the bottom portion of the visual are all file systems. These file
systems are all mounted on the directories /usr, /tmp, /var and /home. Notice the
corresponding logical volume in the graphic at the top of the visual.
Simple directories
The directories on the left of the bottom portion of the visual are strictly directories that
contain files and are part of the /(root) file system. There is no separate logical volume
associated with these directories.
Instructor notes:
Purpose — Review basic concepts regarding the Logical Volume Manager and how it
relates to the user's view of the system
Details — The important point to drive home with this visual, is the connection between the
logical volume and the file system.
Additional information —
Transition statement — It's time for a checkpoint.
Uempty
Checkpoint (1 of 2)
IBM Power Systems
2. Does the size of the file system change when the size
of the logical volume it is on is increased? ________
Notes:
Instructor notes:
Purpose —
Details —
Checkpoint solutions (1 of 2)
IBM Power Systems
2. Does the size of the file system change when the size
of the logical volume it is on is increased? No
Additional information —
Transition statement —
Uempty
Checkpoint (2 of 2)
IBM Power Systems
Notes:
Instructor notes:
Purpose —
Details —
Checkpoint solutions (2 of 2)
IBM Power Systems
Additional information —
Transition statement —
Uempty
Exercise 9
IBM Power Systems
File system
administration
Notes:
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Uempty
Unit summary
IBM Power Systems
Notes:
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Estimated time
00:30
References
Online AIX Version 6.1 Operating system and device
management
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
Unit objectives
IBM Power Systems
Notes:
Virtual Memory
Active
Inactive, paged out
Memory usage
Operating System TCP/IP Applications FREE
Notes:
Uempty Paging space is not a substitute for sufficient real memory. A persistent shortage of real
memory can result in so much paging space page-in and page-out activity, that is will
severely impact the performance of that system. For more information about memory
and paging performance issue, attend the AIX Performance Management course.
Instructor notes:
Purpose — Define what paging space is
Details — Using the diagram in the visual, give a brief overview of how paging works.
While discussing the diagram, be sure to define the terms. Be careful not to go too deeply
into this topic. This is only meant to be a basic introduction to these terms for students who
have never heard the terms before.
Ensure you emphasize that in AIX, paging space is not intended to be used as an
extension to real memory.
Some UNIX operating systems use swap space rather than paging space, and some
people use the terms swap and page interchangeably.
Additional information — In the AIX environment, paging space is not used for
information that has a “permanent home” in file system space.
Transition statement — Now that you have an idea of what paging space is, let’s talk
about why you need it.
Uempty
Paging space
IBM Power Systems
Notes:
Notes:
The vmo command manages VMM tunable parameters. One parameter which may be
of interest is nokilluid. The parameter accepts an integer, which by default is 0 (off).
For example, if the value is set to 1, this will result in processes for user IDs lower than
this value (in this case, root) becoming exempt from getting killed due to low
page-space conditions.
When the early page space allocation (EPSA) policy is used, paging space is allocated as
soon as a memory request is made, even if the memory is not accessed. Thus, if a process
that has specified EPSA, uses the malloc() subroutine to allocate memory, paging-space
disk blocks are allocated and reserved for that process at that point. If the process needs to
page out, there are always paging space slots available for it.
When the late page space allocation (LPSA) policy is used, the disk block for a paging
space page is only allocated, when a page of a segment is used for the first time.
The deferred page space allocation (DPSA) policy is the default policy in AIX. With
deferred page space allocation, the disk block allocation of paging space is delayed until it
is necessary to page out the page. The goal of this policy is to avoid wasted paging space
allocation.
The system paging space allocation policy can be set to either LPSA or DPSA. The system
paging space allocation policy is used for any process that does not override this
system-wide setting by use of the PSALLOC environment variable. For AIX 5L and later, the
default system paging space allocation policy is DPSA.
The system paging space allocation policy can be displayed or set using the vmo
command.
The environment variable PSALLOC can be used by individual processes to override the
system paging space policy. If the value of PSALLOC is set to early, EPSA is used for
processes subsequently started in that environment. If the value of PSALLOC is set to null
or any value other than early, the system paging space policy is used.
Transition statement — As you have seen in the storage unit, paging space is contained
within a logical volume, and a logical volume can be placed at specific parts of the disk.
Let's see what considerations have to be made for paging space placement.
Uempty
• Placement guidelines:
– Paging spaces roughly the same size
– Only one paging space per physical disk
– Use disks with the least activity.
– Do not extend “a paging space” over multiple physical volumes.
– Place on SAN disks for better performance.
Notes:
Introduction
Placement and size of your paging space does impact its performance. The following
material contains tips regarding placement and size of paging areas.
## lsps
lsps -a
-a
Page
Page Space
Space Physical
Physical Volume
Volume Volume
Volume Group
Group Size
Size %Used
%Used Active
Active Auto
Auto Type
Type
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 512MB 13
512MB 13 yes
yes yes
yes lv
lv
lsps –s
## lsps –s
Total
Total Paging
Paging Space
Space Percent
Percent Used
Used
512MB
512MB 13%
13%
## svmon
svmon
size
size inuse
inuse free
free pin
pin virtual
virtual
memory
memory 524288
524288 487242
487242 37046
37046 413337
413337 466371
466371
pg
pg space
space 131072
131072 17223
17223
...
...
PageSize
PageSize PoolSize
PoolSize inuse
inuse pgsp
pgsp pin
pin virtual
virtual
ss 44 KB
KB -- 437354
437354 2087
2087 375289
375289 400643
400643
mm 64 KB
64 KB -- 3118
3118 946
946 2378
2378 4108
4108
Notes:
Uempty svmon is an advanced command which captures and analyzes the current snapshot of
virtual memory. It is the only system command which shows the breakdown of page
frame sizes.
Instructor notes:
Purpose — Show how to list information regarding paging spaces defined on the system
Details — The important field to notice is the %Used. The value in this field should ideally be
between 30% - 70%. Note, however, that this figure continually changes depending on the
current work load of the system. The lsps command should be regularly executed at
different times of the day, to get a feel for how well the paging space is being used. You
should not panic if the value goes over or falls below the thresholds occasionally, or at
certain times of the day (say when all the users are on the system). What you are looking
for are trends, even to the extent of identifying peak times for system activity and maybe
scheduling some jobs to be carried out when the system load is slightly less.
If throughout the day the %Used value is below 30%, then the paging space you have
defined is too large for your system, and if it is continually over 70%, then you need to
define some more. Be careful, because if this value goes over 90%, then the system starts
to kill off processes in order to rectify the problem. Generally, when paging space is low, the
system issues messages such as INIT: Paging space is low!. It is also possible that
users running applications might receive similar messages.
Also point out the names of the paging spaces shown in the example. The paging space
hd6 was created during system installation. Paging spaces created by the system
administrator after installation, are named paging00, paging01, and so forth.
The AIX 5L V5.1 documentation suggests keeping all paging spaces in rootvg until the
system administrator is thoroughly familiar with the system. Until the other volume groups
are varied-on, those non-rootvg paging areas cannot be activated.
It is also suggested that the system contain several paging areas of roughly the same size,
each on a different disk drive. For best performance, the primary paging space (hd6)
should be slightly larger (by about 16 MB) than the secondary paging spaces. The
secondary paging spaces should then be of equal size, to ensure that the VMM round-robin
algorithm works effectively.
Additional information —
Transition statement — Let's assume that you have identified a problem. Your system
has too little paging space. How can you add some more?
Uempty
Add
Add Another
Another Paging
Paging Space
Space
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name rootvg
rootvg
SIZE
SIZE of paging
of paging space
space (in
(in logical
logical partitions)
partitions) [10]
[10] ##
PHYSICAL VOLUME name
PHYSICAL VOLUME name hdisk1
hdisk1 ++
Start
Start using
using this
this paging
paging space
space NOW?
NOW? yes
yes ++
Use
Use this paging space each time
this paging space each time the
the system
system is
is yes
yes ++
RESTARTED?
RESTARTED?
# lsps -a
Page Space PV VG Size %Used Active Auto Type
paging00 hdisk1 rootvg 640MB 1 yes yes lv
hd6 hdisk0 rootvg 512MB 16 yes yes lv
Notes:
Change
Change // Show
Show Characteristics
Characteristics of
of aa Paging
Paging Space
Space
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
[Entry
[Entry Fields]
Fields]
Paging
Paging space
space name
name paging00
paging00
Volume
Volume group name
group name rootvg
rootvg
Physical
Physical volume
volume name
name hdisk1
hdisk1
NUMBER
NUMBER of
of additional
additional logical
logical partitions
partitions []
[] ##
Or
Or NUMBER of logical partitions to
NUMBER of logical partitions to remove
remove [5]
[5] ##
Use
Use this paging space each time the system
this paging space each time the system is
is yes
yes ++
RESTARTED?
RESTARTED?
# lsps -a
Page Space PV VG Size %Used Active Auto Type
paging00 hdisk1 rootvg 320MB 1 yes yes lv
hd6 hdisk0 rootvg 512MB 16 yes yes lv
Notes:
Step Action
Create a new, temporary space from the same volume group as the
1
one being reduced.
2 Deactivate the original paging space.
3 Reduce the original paging space.
4 Reactivate the original paging space.
5 Deactivate the temporary space.
The primary paging space (usually hd6) cannot be decreased below 32 MB.
When you reduce the primary paging space, a temporary boot image and a temporary
/sbin/rc.boot pointing to this temporary primary paging space are created to ensure the
system is always in a state where it can be safely rebooted.
Instructor notes:
Purpose — Describe how to change the characteristics of paging space
Details — The size of the paging space can be dynamically increased or decreased using
this method. The ability to decrease paging space was introduced in AIX 5L V5.1. In
additional to lsps -a (shown in the visual) also mention, lsps -s.
Additional information — Be aware that by default hd6 is also the dump area. If a system
is operating with less paging space than real memory, this could create a problem during a
system dump. A rule of thumb is that when a dump is created, it is about 1/4 of the size of
real memory. The command sysdumpdev -e also provides an estimate of the dump space
needed for your machine. System dumps are covered in AN13.
Transition statement — What if we have defined too much paging space? The next
operation is to remove some of the defined areas. Let's see what conditions have to be
satisfied before the remove operation can be carried out.
Uempty
# smit rmps
Remove
Remove aa Paging
Paging Space
Space
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
[Entry
[Entry Fields]
Fields]
PAGING
PAGING SPACE
SPACE name
name paging00
paging00 ++
# smit chps
# lsps -a
Page Space PV VG Size %Used Active Auto Type
hd6 hdisk0 rootvg 512MB 16 yes yes lv
Notes:
Notes:
** /etc/swapspaces
/etc/swapspaces
**
** This
This file
file lists
lists all
all the
the paging
paging spaces
spaces that
that are
are automatically
automatically put
put into
into
** service on each system restart ('swapon
service on each system restart ('swapon -a‘) -a‘)
**
** WARNING:
WARNING: Only
Only paging
paging space
space devices
devices should
should be
be listed
listed here.
here.
**
** This
This file
file is
is modified
modified byby the
the chps,
chps, mkps
mkps and
and rmps
rmps commands
commands and
and
referenced by the lsps and swapon commands.
referenced by the lsps and swapon commands.
hd6:
hd6:
dev
dev == /dev/hd6
/dev/hd6
auto
auto == yes
yes
paging00:
paging00:
dev
dev == /dev/paging00
/dev/paging00
auto
auto == yes
yes
Notes:
Running lsps
Run lsps to monitor paging space activity. Keep good documentation so that you know
what is normal for that system.
Checkpoint
IBM Power Systems
_______________________________________________
_______________________________________________
_______________________________________________
_______________________________________________
_______________________________________________
_______________________________________________
2. True or False: The size of paging00 (in the above example) can
be dynamically decreased.
Notes:
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement — Let’s move on to the exercise for this unit.
Exercise 10
IBM Power Systems
Paging
space
Notes:
This lab allows you to add, decrease, monitor, and remove paging space.
Unit summary
IBM Power Systems
Notes:
Estimated time
01:00
References
Online AIX Version 6.1 Operating system and device
management
AIX Version 6.1 Installation and migration
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit objectives
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Backup introduction
IBM Power Systems
Notes:
Why back up your data?
The data on a computer is usually far more important and expensive to replace than the
machine itself. Data loss can happen in many ways. The most common causes are
hardware failure and accidental deletion. AIX provides several ways in which we can
back up and restore data.
• Volume group backup: AIX provides a mksysb utility which creates a back up
image of the operating system (that is, the root volume group) and the savevg
utility to backup user defined volume groups. It is very important that regular
mksysb backups are created as they allow us to reinstall a system to its original
state if it has been corrupted. If you create the backup on external media, for
example tape, the media is bootable and includes the installation programs
needed to install from the backup.
• Full backup: A full backup (sometimes referred to as level 0 backup) will back
up all files and directories in the specified location. AIX provides the backup
Uempty command and several standard UNIX utilities for performing a full backup such
as tar, cpio and pax.
• Incremental backup: An incremental backup, backs up all the files which have
changed since the last full or incremental backup. The backup command on AIX
is capable of providing this functionality.
AIX (and Unix) systems are often deployed in high performance, fault tolerant, 24x7
mission critical environments. As a result of this, often enterprise backup solutions are
deployed, like IBM Tivoli Storage Manager (TSM) for System Backup and Recovery
(Sysback). TSM for Sysback is designed to provide centralized, automated data
protection that can help reduce the risks associated with data loss while also helping to
reduce complexity, manage costs, and address compliance with regulatory data
retention requirements. TSM for Sysback is outside the scope of this class.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Describe good reasons for backing up data.
Details — Introduce why backing up data is important and the types of backup available in
AIX.
Additional information —
Transition statement — Having listed the reasons for backing up and the different types
of backup, let's look more at system backups.
Uempty
Notes:
The mksysb utility provides the following functions:
• Saves the definition of the paging space
• Provides a non-interactive installation that gives information required at installation time
through a data file
• Saves the inter-disk and intra-disk policies for the logical volumes
• Saves map files for logical volumes, if requested by the user
• Provides the ability to shrink the file system and logical volume in a volume group at
system installation or mksysb recovery time
• Saves the file system characteristics
• Allows the user to restore single or multiple files from a system image
The volume group image is saved in backup format.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Introduction
The SMIT screen shown in the visual, Back Up the System, performs a a mksysb
operation and only backs up mounted file systems in rootvg.
Create MAP files?
This option generates a layout mapping of the logical-to-physical partitions for each
logical volume in the volume group. This mapping is used to allocate the same
logical-to-physical partition mapping when the image is restored.
EXCLUDE files?
This option excludes the files and directories listed in the /etc/exclude.rootvg file from
the system image backup.
List files as they are backed up?
Change the default to see each file listed as it is backed up. Otherwise, you see a
percentage-completed progress message while the backup is created.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Explain how to do a mksysb of the system
Details — Explain how to do a mksysb of the system, reviewing each of the main options in
turn. Point out that the mksysb backup file as shown in the example should not be in
rootvg. The best method to use is NFS over the network to a NIM server.
Additional information —
Transition statement — Let's explain more about the image.data file.
Uempty
image.data file
IBM Power Systems
Notes:
The image.data file contains information describing the image installed during the BOS
installation process. This information includes the sizes, names, maps, and mount points of
logical volumes and file systems in the root volume group. The mkszfile command
generates the image.data file. It is not recommended that the user modify the file.
Changing the value of one field without correctly modifying any related fields, can result in
a failed installation, and a corrupted backup image. The only exception to this
recommendation is the SHRINK field, which the user may modify to instruct the BOS
installation routines to create the file systems as specified in the image.data file, or to
create the file systems only as large as is required to contain all the data in the file system.
The BOS installation process also takes input from the image.data file regarding defaults
for the machine being installed. Any default values in the image.data file will override
values obtained when the BOS installation queries the hardware topology and existing root
volume group. The image.data file resides in the / directory.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
bosinst.data file
IBM Power Systems
Notes:
/bosinst.data file
This file enables the administrator to specify the requirements at the target system and how
the user interacts with the target system. It provides flexibility by allowing unattended
installations. The system backup utilities simply copy the /bosinst.data into the second file
on the mksysb tape. If this file is not in the root directory, the
/usr/lpp/bosinst/bosinst.template is copied to the /bosinst.data.
Key fields (highlight in the visual):
• PROMPT: Will determine if the installation is to be prompted (yes) or non-prompted (no)
• INSTALL_DEVICES_AND_UPDATES: When installing a mksysb image to a system with a
different hardware configuration, boot from product media to get any missing device
drivers installed. In addition, if the product media is a later level of AIX than the mksysb,
software in the mksysb image will be updated. To prevent either of these additional
installations from occurring, set this field to no. The default is yes.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Explain the bosinsta.data file
Details — Present the information in the visual and notes.
Focus on the key options highlighted in the visual (in blue).
Additional information —
Transition statement — Now let's see the format of a mksysb file.
Uempty
Notes:
This visual shows the tape layout of a mksysb image.
BOS boot image
The BOS boot image contains a copy of the system's kernel and device drivers needed
to boot from the tape.
mkinsttape image
The mkinsttape image contains the following files:
• ./image.data holds the information needed to re-create the root volume group
and its logical volumes and file systems.
• ./bosinst.data contains the customizable installation procedures and dictates
how the BOS installation program behaves. This file allows for the
non-interactive installations.
• ./tapeblksz contains the block size setting of the tape drive used during the
backup. This applies to the files in the fourth section.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Dummy TOC
The dummy TOC is used to make mksysb tapes have the same number of files as the
BOS installation tapes.
rootvg backup image
The rootvg backup image contains all the data from the backup. This data is saved
using the backup command which is discussed shortly
Listing and extracting files in a tape mksysb image
The tctl command can be used to rewind and fast forward the tape to the start of the
fourth section (third tape mark). Then, the restore command, as shown in the visual can be
used to extract (-x) or list (-T) files on the tape. Alternatively, if the tape is already rewound,
then restore command can be used directly to extract files from the fourth section (-s4).
For further information regarding tape manipulation, see the tctl man page.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• From the SMS Menu, boot the system from the tape device.
• Restore mksysb image from the device, that is, tape
(/dev/rmt0), as follows:
Welcome to Base Operating System
Welcome to Base Operating System
Installation and Maintenance
Installation and Maintenance
1 Start Install Now With Default Settings
1 Start Install Now With Default Settings
2 Change/Show Installation Settings and Install
2 Change/Show Installation Settings and Install
>> 3 Start Maintenance Mode for System Recovery
>> 3 Start Maintenance Mode for System Recovery
4 Configure Network Disks (iSCSI)
4 Configure Network Disks (iSCSI)
Notes:
Start a mksysb restoration
To restore a mksysb image from tape, boot the machine into SMS just as if you were
performing an installation. As shown previously in the installation unit, select the device to
boot from (in this case tape). Then, insert the mksysb tape and start the machine or LPAR.
The machine boots from the tape and prompts you to define the console and select a
language for installation. Once you have answered those questions, then the Installation
and Maintenance menu is presented.
You can also boot from installation media which presents the same screens. Just be sure to
put the mksysb tape in the tape drive before answering the last question.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Changing installation settings
From the Installation and Maintenance menu, select option 2, Change/Show
Installation Settings and Install.
The options from the System Backup and Installation and Settings menu are:
• 1 Disk(s) where you want to install
- Select disks where you want to install.
• 2 Use Maps
- The option Use Maps lets you use the map file created (if you created one) during
the backup process of the mksysb tape. The default is no.
• 3 Shrink Filesystems
- The option Shrink Filesystems installs the file systems using the minimum required
space. The default is no. If yes, all file systems in rootvg are shrunk. So remember
Uempty after the restore, evaluate the current file system sizes. You might need to increase
their sizes.
• 0 Install with the settings listed above
- At the end, select option 0 which installs using the settings selected. Your mksysb
image is restored.
The system then reboots.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show the remaining steps to complete the mksysb install
Details — Go through the example contained in the visual.
Additional information —
Transition statement — Let's look at restoring a mksysb from a NIM server.
Uempty
Notes:
Firstly, the resources (mksysb image, bosinst.data, SPOT) have to be allocated to the
client on the NIM server and the NIM server must run a bosinst operation on your client
machine. This is covered in the NIM course, AU08G.
Secondly, boot the client into SMS mode and select option 2, Setup Remote IPL. This
option allows us to define the network parameters of the NIM server and client. Once the
IPL details have been entered, press ESC to return to the main menu.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to recover using a mksysb image (NIM)
Details — Explain how to boot the machine from a NIM server. NIM server details are
covered in AU08G.
Additional information —
Transition statement — You then see more screens. Let's take a look.
Uempty
Please wait...
Please wait...
Notes:
The visual shows the rest of the steps involved in completing the mksysb restore.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show the remaining steps to complete the mksysb install
Details — As included in the visual
Additional information —
Transition statement — Now let's look at how to back up non-rootvg VGs.
Uempty
Notes:
To back up non-rootvg volume groups, use smit savevg or smit savevg. The parameters
are virtually identical to creating a mksysb image.
The savevg command finds and backs up all files belonging to a specified volume group.
The volume group must be varied-on, and the file systems must be mounted. The savevg
command uses the data file created by the mkvgdata command. This data file can be one
of the following:
• /tmp/vgdata/vgname/<vgname>.data
Contains information about a user volume group. The <vgname> variable reflects the
name of the volume group. The savevg command uses this file to create a backup
image that can be used by the restvg command to remake the user volume group.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Explain how to create a backup of a non-rootvg VG
Details — Go through the example in the visual.
Additional information —
Transition statement — Let's see how we restore a non-rootvg VG.
Uempty
Notes:
The visual show the process of restoring a non-rootvg volume group. Standard out from the
smit screen is shown below:
COMMAND STATUS
Command: OK stdout: yes stderr: no
Before command completion, additional instructions may appear
below.
Will create the Volume Group: datavg
Target Disks: hdisk1
Allocation Policy:
Shrink Filesystems: no
Preserve Physical Partitions for each Logical Volume: no
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
datavg
loglv01
fslv00
New volume on /tmp/datavf_bk_svg:
Cluster size is 51200 bytes (100 blocks).
The volume number is 1.
The backup date is: Mon 20 Oct 20:29:05 2008
Files are backed up by name.
The user is root.
x 11 ./tmp/vgdata/datavg/image.info
x 127 ./tmp/vgdata/vgdata.files598152
x 127 ./tmp/vgdata/vgdata.files
x 2444 ./tmp/vgdata/datavg/filesystems
x 2481 ./tmp/vgdata/datavg/datavg.data
x 340 ./tmp/vgdata/datavg/backup.data
x 0 ./data
x 0 ./data/lost+found
x 1024 ./data/file1
x 1024 ./data/file2
x 1024 ./data/file3
The total size is 5530 bytes.
The number of restored files is 11.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• AIX
– Backup and restore
• Compression Utilities
– Compress, restore using uncompress or zcat
– gzip, restore using gunzip
Notes:
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## find
find /home/aix
/home/aix || backup
backup -iqvf
-iqvf /dev/rmt0
/dev/rmt0 Relative Paths
## cd
cd /home/aix
/home/aix
## find
find .. || backup
backup -iqvf
-iqvf /backup/aix.backup
/backup/aix.backup
List files
## restore
restore -Tvf
-Tvf /backup/aix.backup
/backup/aix.backup
Extract (restore)
files
## restore
restore -xvf
-xvf /backup/aix.backup
/backup/aix.backup
## restore
restore -xvf
-xvf /tmp/aix.backup
/tmp/aix.backup ./file1
./file1 Extract individual
file
Notes:
The backup command
The backup command is a useful command for making backups of AIX files and
directories. backup supports two different methods:
• Backup by filename
• Backup by inode (also call a file system backup)
When performing a backup by filename, the files must be in a mounted file system to be
backed up. Backup by inode, backs up file systems when they are unmounted.
Note: Relative versus full filenames will impact the location of files on recovery!
Popular backup flags
-q: Media is ready
-i: Specifies that files be read from standard input and archived by file name.
-v: Verbose - display filenames during backup
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to back up and restoring files by filename
Details — Go through the examples in the visual.
Additional information —
Transition statement — Let's see how to perform a backup and restore by inode.
Uempty
## backup
backup -u
-u -0
-0 -f
-f /tmp/databkup_21Oct_level0
/tmp/databkup_21Oct_level0 /data
/data
## backup
backup -u
-u -1
-1 -f
-f /tmp/databkup_21Oct_level1
/tmp/databkup_21Oct_level1 /data
/data
## cat
cat /etc/dumpdates
/etc/dumpdates
/dev/rfslv00
/dev/rfslv00 11 Tue
Tue Oct
Oct 21
21 15:45:21
15:45:21 2008
2008
/dev/rfslv00 0 Tue Oct 21 15:40:54
/dev/rfslv00 0 Tue Oct 21 15:40:54 2008 2008 Incremental backup
Backup history
## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level0
/tmp/databkup_21Nov_level0
## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level1
/tmp/databkup_21Nov_level1
Notes:
Backup by inode is useful for performing full (level 0) and incremental backups of
filesystems. Backup by inode should only be completed when the filesystem is unmounted!
Note: The command will complete if the filesystem is in use, but the following warning
message is displayed, “backup: 0511-251 The file system is still mounted; data may
not be consistent.”
Popular backup by inode flags
-u: update /etc/dumpdates will backup transaction history
-0-9: backup level, 0 is full, 1…9 represents incremental change since level n-1
-f: device
Popular restore by inode flags
-r: restore files
For further information see the man pages.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
When restoring file system archives, the restore command creates and uses a file
named restoresymtable. This file is created in the current directory. The file is necessary
for the restore command to do incremental file system restores. Do not remove the
restoresymtable file if you perform incremental file system backups and restores.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
tar command
IBM Power Systems
Notes:
The tar command archives and restores files. tar is most commonly used in tandem with
an external compression utility, since it has no built-in data compression facilities.
Here is a list of the commonly used options:
-c creates a tar backup.
-x extracts (restores) one or more files from a tar file.
-t reads the content of the tar file (verify the backup).
-v verbose output - displays files as they are backed up and restored.
-f identifies the file or device holding the tar image.
-h follows symbolic links.
-u appends files to an existing archive.
-p preserves file permissions, ignoring the present umask value.
-B forces a consistent blocking factor to help ensure this copy is made correctly.
The final .tar file is usually called a tarball.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
cpio command
IBM Power Systems
## find
find .. -depth
-depth || cpio
cpio -pd
-pd /mydir
/mydir
Notes:
cpio copies file archives in from, or out to tape, disk, or another location on the local
machine.
Here is a list of the commonly used options:
-o command reads file path names from standard input and copies these files to
standard output, along with path names and status information.
-i command reads from standard input an archive file created by the cpio -o
command and copies from it the files with names that match the Pattern
parameter.
-p copies files to another directory on the same system.
-d creates directories as needed.
-v verbose (print files)
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
pax command
IBM Power Systems
## pax
pax -rvf
-rvf /backup/home_pax.ar
/backup/home_pax.ar
Notes:
The pax command extracts, writes, and lists members of archive files; copies files and
directory hierarchies.
Rather than sort out the incompatible options that have crept up between tar and cpio,
along with their implementations across various versions of UNIX, the IEEE designed a
new archive utility. Pax means “peace” in Latin, so the utility is named to create peace
between the tar and cpio.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
dd command
IBM Power Systems
## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024
ibs=1024 obs=2048
obs=2048 of=/dev/rmt1
of=/dev/rmt1
## tar
tar -cvf
-cvf -- /home
/home || dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0
## tar
tar -cvf - /home | rsh <system>
-cvf - /home | rsh <system> dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0
## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024k
ibs=1024k || tar
tar xvf
xvf -- Writing to a tape
drive on a remote
machine
Notes:
The dd command reads in standard input or the specified input file, converts it, and then
writes to standard out or the named output.
The common options are:
if= specifies the input file.
of= specifies the output file.
conv= designates the conversion to be done.
Copying specific blocks
The dd command is also useful when you need to copy specific blocks of data. For
example, if a file system’s superblock (stored in the first block of the file system) is corrupt,
a copy is kept at the 31st block. The dd command can copy that 31st block back to the first
to repair the file system. The command is:
# dd count=1 bs=4k skip=31 seek=1 if=/dev/hd4 of=/dev/hd4
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Compression commands (1 of 2)
IBM Power Systems
## compress
compress -v
-v /tmp/data.tar
/tmp/data.tar
/tmp/data.tar:
/tmp/data.tar: Compression:
Compression: 95.50%
95.50% This
This file
file is
is replaced
replaced
with /tmp/data.tar.Z.
with /tmp/data.tar.Z.
## uncompress
uncompress /tmp/data.tar.Z
/tmp/data.tar.Z
/tmp/data.tar.Z:
/tmp/data.tar.Z: This
This file
file is
is replaced
replaced with
with /tmp/data.tar.
/tmp/data.tar.
zcat, expands a
## zcat
zcat /tmp/data.tar.Z
/tmp/data.tar.Z || tar
tar -xvf
-xvf -- compressed file to
standard out.
Notes:
Files which are archived are usually further compressed to reduce their size. Compress,
uncompress and zcat commands are standard commands across UNIX platforms for
compressing and uncompressing files.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Compression commands (2 of 2)
IBM Power Systems
## gunzip
gunzip -v
-v /tmp/data.tar.gz
/tmp/data.tar.gz
/tmp/data.tar.gz:
/tmp/data.tar.gz: 97.7%
97.7% --
-- replaced
replaced with
with
/tmp/data.tar
/tmp/data.tar
Creates a
compressed
## tar
tar -cvf
-cvf -- /data
/data || gzip
gzip -c
-c >> data_tar.gz
data_tar.gz tarball (.tar.gz) of
the /data
## gunzip
gunzip -c
-c data_tar.gz
data_tar.gz || tar
tar xvf
xvf -- directory.
Decompresses and
extracts the
compressed tarball
(.tar.gz).
Notes:
gzip is a software application used for file compression. gzip is short for GNU zip. The
program is very popular and is a free replacement for the compress program which was
predominately used in early UNIX systems.
Another popular and free compression utility is bzip2 which is based on a lossless data
compression algorithm. Bzip2 compression is generally more effective than gzip. The
usage of bzip2 and bunzip2 (for decompression) is fairly similar to gzip and gunzip
respectively.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Good practices
IBM Power Systems
Notes:
• Take regular backups. Always take regular backups of data. The most efficient way of
doing this is through regular automated incremental backups, as done through products
like TSM.
• Verify your backups. Always verify your backed up data. Use restore -T (or tar -t) to
view the contents. With mksysb tapes, you can position the tape to the correct marker
and verify the contents without having to restore the data.
• Check the tape devices. The tapechk command can be used to check a number of
files on a tape. If no argument is specified, then the first block on the tape is checked. If
a number is specified, that number of files are checked. You can also position the tape
before tapechk is run by specifying a second number. For example, tapechk 2.1 reads
two files after skipping past the first file.The tapechk command can be used to detect
malfunctioning hardware.
• Label your tapes. There is no way to know what is on the tape by looking at it. The
label should at least list the tape files, the commands used to create the tape, the date
created, and the block size.
Uempty • Keep old backups. Keep old backups in case something goes wrong with the new
ones.
• Keep a copy of backups securely offsite. Store a set of backups off site in case
something happens to your site.
• Test recovery procedures. Test your recovery procedure before you have to. Know
that you can recover before you have to recover.
• Consider deploying an enterprise storage solution. Enterprise storage solutions like
Tivoli Storage Manager provide centralized, automated storage management and data
protection. TSM storage management software protects you from the risks of data loss
and helps you reduce complexity, manage costs, and address compliance with data
retention and availability requirements.
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Emphasize some good practices
Details — Go through each bullet point. Planning and testing is always the best approach
to backup practices. Redundancy and documentation is also very important.
Additional information —
Transition statement — Now, let's answer a few checkpoint questions.
Uempty
Checkpoint
IBM Power Systems
4. True or False: smit mksysb backs up all file systems, provided they
are mounted.
________________________________________________
_________________________________________________________
Notes:
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Checkpoint solutions
IBM Power Systems
3. Which command could you use to restore these files? The files were
backed up using the backup command so you would have to use the
restore command.
4. True or False: smit mksysb backs up all file systems, provided they
are mounted. mksysb only backs up rootvg file systems. To back up
other volume groups, you must use the savevg command.
© Copyright IBM Corporation 2009
Additional information —
Transition statement —
Uempty
Exercise 11
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Estimated time
01:30
References
Online AIX 6.1 Information
SG24-7424 AIX 6.1 Advanced Security Features: Introduction and
Configuration (redbook)
SG24-7559 AIX Version 6.1 Differences Guide (redbook)
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit objectives
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
User accounts
IBM Power Systems
## id
id
uid=0(root)
uid=0(root) gid=0(system)
gid=0(system)
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
Notes:
Importance of user accounts
The security of the system is based on a user being assigned a unique name, a unique
user ID (UID) and password, and a primary group ID (GID). When the user logs in, the UID
is used to validate all requests for file access. The UID, associated groups, and GIDs can
be seen by the id command.
File ownership
When a file is created, the UID associated with the process that created the file is assigned
ownership of the file. Only the owner or root can change the access permissions.
Automatically created user accounts
There are several user accounts automatically created. root, for example, is one. Some
user accounts are not made for login but only to own certain files. adm, sys, and bin are
examples of that type of account.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Groups
IBM Power Systems
Notes:
Function of groups
Users that require shared access to a set of files are placed in groups. Each group has
a unique name and Group ID (GID). The GID, like the UID, is assigned to a file when it
is created. A user can belong to multiple groups.
Predefined groups
There are several groups predefined on an AIX system. For example, the system
group is root's group and the staff group is for all ordinary users.
Planning and administering groups
The creation of groups to organize and differentiate the users of a system or network is
part of systems administration. The guidelines for forming groups should be part of the
security policy. Defining groups for large systems can be quite complex, and once a
system is operational, it is very difficult to change the group structure. Investing time
and effort in devising group definitions before your system arrives is recommended.
Uempty Groups should be defined as broadly as possible and be consistent with your security
policy. Do not define too many groups because defining groups for every possible
combination of data type and user type can lead to impossible extremes.
A group administrator is a user who is allowed to assign the members and
administrators of a group. It does not imply that the user has any administrative abilities
for the system.
Types of groups
There are three types of groups on the system:
• User Groups
- User groups should be made for people who need to share files on the
system, such as people who work in the same department, or people who are
working on the same project.
• System Administrator Groups
- System administrators are automatically members of the system group.
Membership of this group allows the administrators to perform some of the
system tasks without having to be the root user.
• System Defined Groups
- Several system-defined groups exist. staff is the default group for all
non-administrative users created in the system. security is another
system-defined group with limited privileges for performing security
administration. The system-defined groups are used to control certain
subsystems.
Use of the newgrp command
A user's real group identification is used to determine the group ownership of a file
created by that user. The newgrp command changes a user's real group identification.
If you provide a group name as a parameter to the newgrp command, the system
changes the name of your real group to the group name specified (if the group name
specified is part of your groupset). If no group name is provided as a parameter, the
newgrp command changes your real group to the group specified as your primary
group in the /etc/passwd file.
Example:
$ id
uid=206(secc) gid=7(security) groups=1(staff)
$ newgrp staff
$ id
uid=206(secc) gid=1(staff) groups=7(security)
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Describe the concept of a group and show how users can change their group
Details — A user's groupset can contain up to 32 groups. The permissions of each group
in the groupset are available to the user. When defining a user through SMIT or mkuser,
you have the option of specifying a primary group ID. This is stored as the principal group
ID in the etc/passwd file. When the user initially logs in, this principal group ID is used to
establish the real group ID in the user's environment. The current real group ID is recorded
in the inode of any new file created in that environment, unless overridden by an SGID on
the parent directory. While the real group ID, can be changed using the newgroup
command, the principle group ID in /etc/passwd is unaffected and is used to set the real
group ID the next time the user logs in.
Additional information — The entry for the newgrp command in the online AIX 6.1
Command Reference has some helpful information.
Transition statement — Several groups have been mentioned. Now, let's look at the
group hierarchy.
Uempty
Group hierarchy
IBM Power Systems
system security
Rights to
printq administrative
adm functions
audit
shutdown
staff Ordinary
users
Notes:
Rights to administrative functions
As indicated on the visual, membership in some groups confers rights to the use of certain
administrative functions. Membership in the staff group does not provide rights to the use
of administrative functions.
Common groups
Common groups on the system (and their intended uses) are as follows:
• system for most configuration and standard hardware and software maintenance
• printq for managing queuing.
- Typical commands which can be run by members of this group are: enable,
disable, qadm, qpri, and so forth.
• security to handle most passwords and limits control
- Typical commands which can be run by members of this group are: mkuser,
rmuser, pwdadm, chuser, chgroup, and so forth.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• adm most monitoring functions such as performance, cron, accounting staff, default
group assigned to all new users
- You may want to change this in /usr/lib/security/mkuser.defaults.
• audit for auditors
• shutdown allows use of the shutdown command.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
User hierarchy
IBM Power Systems
root
admin user
(admin flag set to true)
normal user
© Copyright IBM Corporation 2009
Notes:
Capabilities of members of certain groups
The ability to perform certain system tasks (like creating users) depends upon the standard
AIX file permissions. Most system administration tasks can be performed by users other
than root if those users are assigned to groups such as system, security, printq, cron,
adm, audit, or shutdown. In particular, a user in the security group can add, remove, or
change other users and groups.
Purpose of user hierarchy
To protect important users and groups from users in the security group, AIX has three
levels of user hierarchy: root, admin users and groups, and normal users and groups. Only
root can add, remove, or change an admin user or admin group. Therefore, you can define
a user that has a high level of access, but is protected from users in the security group.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Authorizations Roles
© Copyright IBM Corporation 2009
Notes:
Why do we need RBAC?
The difficulty with permission (or even access control list) based access control is that
you must secure the needed resource rather than the command. It was often difficult to
know which resources were the ones needed. In some cases we are dealing with kernel
resources. In addition, a given resource may have multiple uses and a single group
access to it may not work. Allowing a program to be root with suid allowed one to
bypass the resource permissions, but suid itself was a potential exposure. With
Enhanced Resource Based Access Control (RBAC), resource access is controlled
through privileged commands and then only users with the proper authorization are
allowed to execute the privileged command. The authorization and privileges are fine
grained.
Legacy RBAC
Starting with AIX 4.2.1, a form of RBAC was provided but was difficult to work with.
Even though a user was assigned a role, that user was often still unable to execute the
associated tasks until a requisite command was converted to a set uid executable and
Uempty the user was made a member of the associated group. In addition, the legacy
framework was implemented without involvement of the kernel.
Enhanced RBAC
Starting with AIX 6.1, an enhanced form of RBAC is provided. The enhanced RBAC
framework involves the kernel and thus is more secure. The new framework is also
more granular and extensive than the legacy RBAC. Once a role is assigned to a user,
they have the authorization to do the related tasks without having to play with file
permissions or group membership. While the framework supports user defined
privileged commands, authorizations, and roles, AIX 6.1 provides 10 predefined roles
that can be used without additional RBAC configuration. The details of the RBAC
framework is outside the scope of this course, however more detail with a simple
example is included in topic two of this unit.
Sudo
Sudo (su “do”) is free add-on software for UNIX systems which enables a system
administrator to delegate authority to give certain users, or groups of users, the ability to
run some, or all, commands as root or another user while providing an audit trail of the
commands and their arguments. Enhanced RBAC, eliminates the use of sudo like tools.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduces enhanced RBAC
Details — Provide a high level overview of RBAC as implemented in AIX 6.1.
Additional information — More RBAC details will follow later in the Unit. The purpose is
to give students a basic understanding of:
• RBAC
• Why we need it
• Provide just enough essential information to implement it
It is not designed to cover RBAC is detail, the place for that is AU47 and you should use
this opportunity to promote the security class.
Transition statement — Since the root user is such a powerful user account, it is a good
idea to guard this account as much as possible.
Uempty
## chuser
chuser login=false
login=false root
root
Notes:
Guidelines for root account password
If the root password is known by too many people, no one can be held accountable. The
root password should be limited to just two or three administrators. The fewer people who
know root's password, the better. The system administrator should ensure that distinct
root passwords are assigned to different machines. You may allow normal users to have
the same passwords on different machines, but never do this for root.
Use of the su command
Attempts to become root through su can be investigated. Successful and unsuccessful
attempts might be logged by the audit system.
PATH variable for root account
Do not include unsecured directories in the value of PATH for the root account. Note that
root's PATH is used by many implicit system functions, not just by a user logged in as root.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Discuss important concepts related to root security
Details — Review the information on the visual
Having different passwords on every machine may cause a problem if there are lots of
machines. This needs to be done sensibly. Administrators could create a password
scheme that makes each password slightly different but not impossible to remember. Be
sure to point out the dangers of having an unsecured directory in root's PATH. This
includes the dot (.) for the current directory. You might want to use an example like:
PATH=.:/usr/bin:/usr/sbin
Since the dot (.) represents the current directory, the root user might accidentally execute
something in that directory. A user on the system could create a destructive file called “ls”
that contains the one line to delete all the files on the system “rm -r /”. If the root user is in
that user's home directory and tries to perform a file listing, instead of /usr/bin/ls running, it
will find ./ls first. When this file is run by the unsuspecting system administrator with root
authority, the system is destroyed. If the user normally logs in as a regular user and does
su to root, the regular account's PATH should also avoid using unsecured directories.
Remember, with the su command, if the dash (-) is not used, then the current environment
is kept (that includes PATH).
Additional information —
Transition statement — Reference to the su audit trail is made in this visual. Let's take a
look at a number of files important for system security.
Uempty
Security logs
IBM Power Systems
Notes:
The sulog file
The sulog file is an ASCII text file that can be viewed with more or pg. In the file, the
following information is recorded: date, time, terminal name, and login name. The file also
records whether the login attempt was successful, and indicates a success by a plus sign
(+) and a failed login by a minus sign (-).
The utmp and wtmp files
The /etc/utmp file contains a record of users logged into the system, and the
/var/adm/wtmp file contains connect-time accounting records. To obtain information from
either file use the who command with the file name. The who command normally examines
the /etc/utmp file, but you can specify either one of the files just mentioned as an argument
to the command.
The last command
The last command can also be used to display, in reverse chronological order, all previous
logins and logoffs still recorded in the /var/adm/wtmp file. The /var/adm/wtmp file collects
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
login and logout records as these events occur, and holds them until the records are
processed by the accounting commands.
For example:
# last root displays all the recorded logins and logoffs by the user root.
# last reboot displays the time between reboots of the system.
The utmpd daemon
AIX 5L V5.2 introduced a new daemon called utmpd to manage the entries in the
/etc/utmp file. This daemon monitors the validity of the user process entries at regular
intervals. The default interval time would be 300 seconds. The syntax of the command is:
/usr/sbin/utmpd [ Interval ]
To start utmpd from the /etc/inittab, add the following entry to the file:
utmpd:2:respawn:/usr/sbin/utmpd
The failedlogin file
The /etc/security/failedlogin file maintains a record of unsuccessful login attempts. The
file can be displayed using the who command with the file as an argument.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
File/Directory permissions
IBM Power Systems
Notes:
Permission bits
There are a number of permission bits associated with files and directories. The standard r
(read), w (write), and x (execute) permissions, define three levels of access for the user
(owner), group, and others. In addition, there are three permission bits known as SUID (set
UID), SGID (set GID), and SVTX (sticky bit).
The SUID bit
SUID on an executable file means that when the file runs, the process runs with an
effective UID of the owner of the file. SUID is not supported on shell scripts.
SUID has no meaning on a directory.
The SGID bit
SGID on an executable file means that when the file runs, the process runs with an
effective GID of the group owner of the file.
Uempty SGID on a directory means that any file or directory created within the directory will have
the same group ownership as the directory rather than the real group ID or primary group of
the user.
The SGID permission bits are propagated down through the directory structure, so that any
directory created in a directory with the SGID bit set, also inherits that bit.
The SVTX bit
SVTX on a file has no meaning in AIX. It was used in earlier versions of UNIX.
Traditional UNIX used SVTX to keep a program in memory after it had completed running,
but with memory management routines, this is no longer necessary. SVTX is known as the
sticky bit.
SVTX on a directory means that even if the directory has global write permission (for
example, /tmp), users cannot delete a file within it, unless they either own the file, or the
directory.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Examine the effect that permissions have on files and directories
Details — The effects of permissions are often forgotten or misunderstood. It is probably a
good idea to review all the permission bits.
Additional information — The base permission (rwx) must give the user the appropriate
permission before SUID, SGID, or STVX are effective. For example, if a user is part of
“others” and “others” do not have execute permission on a file, it is irrelevant whether the
SUID bit is set for that user since they cannot execute the file. SUID and SGID bits are not
effective on shell scripts for security reasons. They can be set but they will be ignored
during execution.
Also, many people misuse the terminology related to these additional permission bits.
Many times all three are incorrectly referred to as the sticky bits. Only SVTX is the sticky
bit. SUID is “SUID” and SGID is “SGID”. Be sure to keep your students on track with the
proper terminology.
Historically, SVTX stood for “Save Text” and was meant to keep a binary executable in
memory. AIX does not support that use of the permission bit.
Transition statement — Let's see how these permissions appear when listing a file.
Uempty
Reading permissions
IBM Power Systems
s s t
S S T
-r-sr-xr-x
-r-sr-xr-x root
root security
security ...
... /usr/bin/passwd
/usr/bin/passwd
-r-sr-sr-x
-r-sr-sr-x root cron
root cron ...
... /usr/bin/crontab
/usr/bin/crontab
drwxrwxrwt
drwxrwxrwt bin
bin bin
bin ...
... /tmp
/tmp
Notes:
How SUID, SGID, and SVTX settings are indicated
The SUID bit is indicated by an S or s in the slot normally reserved for the execute
permission for owner (user). The SGID bit is indicated by an S or s in the slot normally
reserved for the execute permission for group. The SVTX bit is indicated by a T or t in the
slot normally reserved for the execute permission for others. Since this slot must show if
execute is on/off and whether the additional permission bit is on/off, the uppercase S or T is
used to indicate that the execute permission is off. The lowercase s or t indicates the
execute permission is on.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Changing permissions
IBM Power Systems
4 2 1
SUID SGID SVTX
owner group other
r w x r w x r w x
4 2 1 4 2 1 4 2 1
Notes:
Setting the additional permission bits
To set the additional permission bits, you use the same command (chmod) as you do to
set the regular permission bits.
Using octal notation to set the additional permission bits
Using the octal notation, you are probably familiar with setting permissions using a
command like: # chmod 777 file1. When you issue this command, the more complete
command would be: # chmod 0777 file1. The fourth number, a zero, is implied. This fourth
position determines whether the additional bits are turned on.
You normally use the numeric values of 4, 2, and 1 to set r, w, and x. That remains the
same. To set the additional bits, you are affecting the x position in either the user, group, or
other area. If you assign numeric values to user (4), group (2), and other (1), these are the
values that you insert into the fourth position to set the additional bit:
• SUID is indicated in the user's area. Therefore use a 4 in the fourth position.
• SGID is indicated in the group area. Therefore use a 2 in the fourth position.
Uempty • SVTX is indicated in the others area. Therefore use a 1 in the fourth position.
Using the symbolic method to set the additional permission bits
You can also use the symbolic method to set the additional permission bits. The visual
shows how to set the values using the symbolic method.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Demonstrate how to set or change extended permissions on files or directories
Details — Explain the students notes to ensure the students understand how to set the
permission bits. This is sometimes a difficult concept for students to grasp.
Remind the students that when using the octal method, all permissions are reset to the
indicated value. With symbolic notation, use of the + allows for permission to be added to
the existing permission set.
Additional information —
Transition statement — Let's see what determines the default permission on a file.
Uempty
umask
IBM Power Systems
Notes:
Function of umask
The umask specifies what permission bits are set on a new file when it is created. It is an
octal number that specifies which of the permission bits are not set.
Default value of umask
If no umask was used, then files would be created with permissions of 666 and directories
would be created with permissions of 777. The system default umask is 022 (indicating
removal of the 2 bit, or write from the group and others area). Therefore, removing write
from group and other, results in an initial permission for files of 644 and, for directories,
755. Execute permission is never set initially on a file.
Changing the umask to enhance security
The default setting of the umask is 022. For tighter security you should make the umask
027, or even 077.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Using chown to change ownership
As illustrated on the visual, the chown command can be used by root to change the
ownership on a file.
Using chgrp to change group ownership
The chgrp command is used to change the group ownership of a file. Any owner of a file
can change the group ownership to any group in their groupset. The root user can change
the group ownership to any group on the system.
Changing both ownership and group ownership
The chown command can be used by root to set both the ownership, and group
ownership, of a file. As illustrated on the visual, this can be done two different ways.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
IBM Power Systems
Notes:
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Topic summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
/etc/passwd
User verification check /etc/security/passwd
no
Login failed Valid?
yes /etc/environment
Log entry in: /etc/security/environ
/etc/security/failedlogin Set up the environment. /etc/security/limits
/etc/security/user
/etc/profile
Enter login shell $HOME/.profile
© Copyright IBM Corporation 2009
Notes:
Introduction
When a user attempts to log in, AIX checks a number of files to determine if entry is
permitted to the system and, if permitted, what parts of the system the user can access.
This section provides an overview of the checks performed during the login process.
The getty process
Ports set up for login are listed in the /etc/inittab. When init runs, a getty process is
started for each port in the list providing a login prompt on the terminal attached to that port.
The actual message displayed, also known as the herald, by the getty process is defined
in /etc/security/login.cfg. Once the message is displayed, the getty process waits for a
user to make a login attempt.
Entry of username and password
When a user is ready to log in, they enter their user name at the login prompt. The login
program is passed the user name and password. The login credentials are checked
against /etc/passwd and /etc/security/passwd files.
Uempty Validation
If the password is incorrect or if an invalid user name was given, then the login fails, and an
entry is made in the file /etc/security/failedlogin. Use the command who
/etc/security/failedlogin to view this file. The number of failed attempts is also tracked (by
user account) in /etc/security/lastlog. The login prompt is redisplayed for another attempt.
It is possible to set the characteristics for a user to prevent unlimited attempts on an
account. If the number of attempts exceeds the maximum allowable failed attempts, the
account is locked. If a user successfully enters the user name and password, the usw
stanza in /etc/security/login.cfg is checked. This stanza sets the maximum number of
concurrent logins for a user account. If that number is exceeded, the login is denied and a
message is displayed to the user.
Setup of user's environment
If everything is successful to this point, then the user's environment is set using
/etc/environment, /etc/security/environ, /etc/security/limits, and /etc/security/user.
The login program sets the current directory to the user's HOME directory and displays the
content of /etc/motd (if no .hushlogin file is found in the HOME directory), the date of the
last successful login, and the number of unsuccessful login attempts since the last
successful login.
Passing of control to shell
Finally, control is passed to the login shell (as defined in /etc/passwd) which will read
/etc/environment and run /etc/profile and $HOME/.profile when using Korn or Bourne
shells.
Results of a user logging out
When a user logs out, the shell terminates and a new getty process is spawned for that
port.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Discuss the big picture of what happens when a user logs in
Details — Explain the visual as per the student notes. The steps have been extensively
documented.
Additional information —
Transition statement — Now that we have looked at the 'big picture' of what happens
when we log in, let's look further at three of the files listed on this visual, /etc/profile,
/etc/environment, and $HOME/.profile.
Uempty
LOGIN
Notes:
The /etc/environment file
/etc/environment is used to set variables. No commands should be placed in this file. Only
root can change this file.
The /etc/profile file
/etc/profile will be read and executed during every login. Like the /etc/environment file, this
file can be changed only by root.
The $HOME/.profile and $HOME/.kshrc files
$HOME/.profile and $HOME/.kshrc can be customized by the user. The user can overwrite
any variable set in /etc/environment and /etc/profile.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
nimmaster:/
nimmaster:/
© Copyright IBM Corporation 2009
Notes:
Using the /etc/motd file
The message of the day (motd) is a convenient way to communicate information, such as
installed software version numbers or current system news, to all users. The message of
the day is contained in the /etc/motd file. To change the message of the day, simply edit
this file.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# smit security
Security
Security && Users
Users
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Users
Users
Groups
Groups
Passwords
Passwords
Login
Login Controls
Controls
PKI
PKI
LDAP
LDAP
Role
Role Based
Based Access
Access Control
Control (RBAC)
(RBAC)
Trusted Execution
Trusted Execution
Notes:
The Security & Users menu
The Security & Users menu is used to manage user and group IDs on the system. The
menu consists of the seven options described below.
Users
This option is used to add users to the system, delete existing users and change the
characteristics of existing users.
Groups
This option is used to add groups to the system, delete groups, and change the
characteristics of existing groups.
Passwords
This option is used to change the password for a user. It is also required when setting
up a new user or when a user has forgotten their password.
Login Controls
Uempty This option provides functions to restrict access for a user account or on a particular
terminal.
PKI
PKI stands for X.509 Public Key Infrastructure certificates. This option is used to
authenticate users using certificates and to associate certificates with processes as
proof of a user's identity.
LDAP
LDAP stands for Light Directory Access Protocol. It provides a way to centrally
administer common configuration information for many platforms in a networked
environment. A common use of LDAP is the central administration of user
authentication. The SMIT option here allows us to configure this platform as either an
LDAP client or an LDAP server.
Roles Based Access Control (RBAC)
This option sets up user roles. User roles allow root to give authority to an ordinary user
to perform a portion of root's functions.
Trusted Execution
Trusted Execution (TE) refers to a collection of features that are used to verify the
integrity of the system and implement advanced security policies, which together can be
used to enhance the trust level of the complete system.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show the SMIT menu panel for security and users and explain each option
Details — Quickly highlight each of the options. The focus will be on users, groups, and
passwords only.
Additional information —
Transition statement — Let's next look at the SMIT menus used to manage users.
Uempty
SMIT users
IBM Power Systems
# smit users
Users
Users
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Add
Add aa User
User
Change
Change aa User's
User's Password
Password
Change
Change / Show Characteristics of
/ Show Characteristics of aa User
User
Lock / Unlock a User's Account
Lock / Unlock a User's Account
Reset
Reset User's
User's Failed
Failed Login
Login Count
Count
Remove a User
Remove a User
List
List All
All Users
Users
Notes:
Add a User
Add user accounts.
Change a User's Password
Make password changes.
Change/Show Characteristics of a User
Changes the many characteristics that are part of the user account. The password
restrictions are part of this area.
Lock/Unlock a User's Account
This is used to temporarily disable an account. It is a good security practice to disable
accounts if they are not expected to be used for a reasonably long period of time, as when
someone is on an extended leave of absence.
Reset User's Failed Login Count
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
If the administrator has set a limit to the number of failed attempts that can be made on an
account before locking it, this resets that count.
Remove a User
Removes the user account, but not files owned by that user
List all users
Runs the lsuser command
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Listing users
IBM Power Systems
Example:
## lsuser
lsuser -a
-a id
id home
home ALL
ALL
root id=0 home=/
root id=0 home=/
daemon
daemon id=1
id=1 home=/etc
home=/etc
bin id=2 home=/bin
bin id=2 home=/bin
sys
sys id=3
id=3 home=/usr/sys
home=/usr/sys
adm id=4 home=/var/adm
adm id=4 home=/var/adm
uucp
uucp id=5
id=5 home=/usr/lib/uucp
home=/usr/lib/uucp
guest
guest id=100 home=/home/guest
id=100 home=/home/guest
alex id=333 home=/home/mancunian
alex id=333 home=/home/mancunian
Notes:
Function of the lsuser command
The lsuser command is used to list the attributes of all users (ALL) or individual users on
the system.
Using SMIT to list users
When the List All Users option in SMIT is used, the user name, ID and home directory
are listed.
Commonly used lsuser flags
When the lsuser command is issued directly, the data may be listed in line format, in
colon format (-c), or in stanza format (-f). Individual attributes or all attributes may be
selected. The output can also be generated for individual users.
Sources of information listed
The information reported by lsuser is gathered from the security files: /etc/passwd,
/etc/security/limits, and /etc/security/user.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Ways of adding a user
The mkuser command or SMIT can be used to add a user. User attributes can be specified
to override the default values.
User name
The only value that must be specified, is the user name. Traditionally, this name was
restricted to eight characters in length. Beginning with AIX 5L V5.3, this limit can be
changed to allow names as long as 255 characters. The limit is modified in the
Change/Show Attributes of the Operating System panel (smit chsys).
Resources involved in user creation process
The following resources are involved in the user creation process:
• Default ID numbers stored in etc/security/.ids
• The usr/lib/security/mkuser.sys shell script used to set up a user ID.
• Default values for characteristics stored in usr/lib/security/mkuser.default
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to add a user to the system and detail what information is required
Details — Explain how to add users
Additional information —
Transition statement — What if you wish to change an attribute after you have set the
user up?
Uempty
Notes:
Changing user characteristics
The Change/Show Characteristics of a User option, which runs the chuser
command, allows any of the user characteristics listed previously, except the user name, to
be changed. This can only be executed by root or a member of the security group. Only
root can change an admin user. This SMIT screen holds exactly the same attributes as the
Add a User screen.
The chuser command
The following command can be used to change characteristics of a user:
# chuser attribute=value username
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how user attributes can be changed
Details — As detailed on the visual, almost any user attribute can be changed; however,
you cannot change the user name.
Additional information —
Transition statement — It may also be necessary to remove a user from the system.
Uempty
## rm
rm -r
-r /home/team01
/home/team01
Notes:
Ways to remove a user
The Remove a User from the System option in SMIT, or the rmuser command, can
be used to remove any user from the system. Only the root user may remove
administrative users.
The -p option of rmuser
The -p option removes authentication information from the /etc/security/* files. Typically,
this information is the user password, as well as other login restrictions which have been
previously set for the ID.
Removing the user's files
The user's home directory and associated files are not removed by this option. They must
be removed separately by the administrator. To do this, you can use the -r option on the
rmbv command to recursively remove files. Remember to back up any important files
before removing the user's home directory.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Explain how to remove a user from the system
Details — There are two ways to remove a user from the system:
• Temporarily, by locking the user's account
• Permanently, by removing all information about the user from the system
As always, these actions are best performed in SMIT.
Additional information — Before the files that belonged to the ex-user can be used by
anyone, they have to be chown'ed to another user ID.
Transition statement — Having seen how users are created, changed and removed, we
will now look at passwords.
Uempty
Passwords
IBM Power Systems
Notes:
Setting an initial password
When a user ID is created with SMIT or with the mkuser command, the user ID is disabled.
(An asterisk (*) is in the password field of /etc/passwd.) To enable the ID, the passwd or
pwdadm command must be used to set up the initial password for the user.
Entry of passwords (things to be aware of)
When passwords are entered, they are not displayed. When changing a password, the new
password is requested a second time for verification.
The ADMCHG flag
If root or a member of the security group sets the password for a user, the ADMCHG flag
is set in the flags field in /etc/security/passwd. The user is then prompted to change the
password at the next login.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-73
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
If the root password is lost, just follow the steps as shown in the visual.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-75
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
SMIT groups
IBM Power Systems
# smit groups
Groups
Groups
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Groups
Groups
Add a Group
Add a Group
Change
Change // Show
Show Characteristics
Characteristics of
of aa Group
Group
Remove a Group
Remove a Group
Notes:
Purpose of groups
The purpose of groups is to give a common set of users the ability to share files. The
access is controlled using the group set of permission bits.
Group management restrictions
Only root and members of the security group can create groups. root and security group
members, can select a member of the group to be the group administrator. This privilege
allows the user to add and remove users from the group.
Predefined groups
There are a number of predefined groups on AIX systems, like the system group (which is
root's group), and the staff group (which contains the ordinary users).
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-77
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Listing groups
IBM Power Systems
Example:
## lsgroup
lsgroup –f
–f -a
-a id
id users
users ALL
ALL
system:
system:
id=0
id=0
users=root,esaadmin,pconsole
users=root,esaadmin,pconsole
staff:
staff:
id=1
id=1
users=ipsec,ted,sshd,alex,local,tyrone,daemon
users=ipsec,ted,sshd,alex,local,tyrone,daemon
bin:
bin:
id=2
id=2
users=root,bin
users=root,bin
...
...
© Copyright IBM Corporation 2009
Notes:
The lsgroup command
The lsgroup command is used to list all groups, or selected groups, on the system. The
data is presented in line format by default, in colon format (-c), or in stanza format (-f).
Commonly used options of the lsgroup command
The -c option displays the attribute for each group, in colon separated records.
The -f option displays the group attributes in stanza format with each stanza identified by a
group name.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-79
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Add a Group
IBM Power Systems
# smit mkgroup
mkgroup -A id=101 users=alex,tyrone techies
Add
Add aa Group
Group
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** Group
Group NAME
NAME [techies]
[techies]
ADMINISTRATIVE
ADMINISTRATIVE group?
group? false
false ++
Group
Group ID
ID [101]
[101] ##
USER
USER list
list [alex,tyrone]
[alex,tyrone] ++
ADMINISTRATOR
ADMINISTRATOR list
list []
[] ++
Projects
Projects []
[] ++
Initial
Initial Keystore
Keystore Mode
Mode []
[] ++
Keystore
Keystore Encryption
Encryption Algorithm
Algorithm []
[] ++
Keystore
Keystore Access
Access []
[] ++
Notes:
The mkgroup command
The mkgroup command is the command used to create a new group. The group name,
traditionally, must be a unique string of eight or fewer characters. With AIX 5L V5.3 and
later, the maximum name length can be modified to be as large as 255 characters.
Limit on group membership
A user may belong to no more than 32 groups.
The mkgroup/SMIT options
The mkgroup -a option is used to indicate that the new group is to be an administrative
group. Only the root user can add administrative groups to the system.
• ADMINISTRATOR list and USER list: In the SMIT screen shown on the visual,
ADMINISTRATOR list is a list of members from the USER list that are allowed to
change the characteristics of a group and add or remove members.
Uempty • Projects: Starting with AIX 5L V5.3, the SMIT Add a Group screen has a new field,
Projects, for tracking resource usage in the Advanced Accounting subsystem.
The following fields are related to Encrypted File Systems. This topic is outside the scope
of this class. Attend AU47, AIX Security, for training in this area.
• Initial Keystore Mode: The efs_initalks_mode of admin allows for root, or other
security privileged system users, to reset the user's key store password. Otherwise, if
the user forgets their key store password, they will not be able to access their Encrypted
File System files. If the guard mode is selected, then root cannot reset the user's key
store password.
• Keystore Encryption Algorithm: This option specifies the algorithm for the
user's key, within the key store. This key protects the encrypting key of files the user
creates, within the Encrypted File System.
• Keystore Access: The key store enables the user to utilize files in the Encrypted File
System. The selection of file will create a key store file associated with this user. It is
recommended that file is selected. Select none for no key store to be created. All other
EFS (efs_*) attributes will not have any effect.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-81
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Demonstrate how SMIT can be used to add a new group
Details — The only mandatory item of information is the group name.
Users can be added to the group at a later point in time.
The administrator list is not recognized for an administrative group. In other words, the root
user is the only user who can change the attributes of an administrative group.
Administrative groups can be added, although these are not recognized or used by the
system. It is up to an application to use the functions of such a group.
Additional information — The same concerns as were mentioned for increasing the
length of the user names applies to long group names as well.
Neither traditional AIX accounting nor the newer AIX 6.1 Advanced Accounting is within the
scope of this class. A project is a billable entity. In Advanced Accounting, there is a policies
database which determines what project will be charged for work being done. The group
name of the process using the resources can be one of the criteria determining which
project will be billed.
Transition statement — Now let's look at changing or removing a group from the system.
Uempty
# smit chgroup
chgroup users=alex,tyrone,ted adms=alex techies
Change
Change aa Group
Group
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** Group
Group NAME
NAME [techies]
[techies]
ADMINISTRATIVE
ADMINISTRATIVE group?
group? false
false ++
Group
Group ID
ID [101]
[101] ##
USER
USER list
list [alex,tyrone,ted]
[alex,tyrone,ted] ++
ADMINISTRATOR
ADMINISTRATOR list
list [alex]
[alex] ++
Projects
Projects []
[] ++
Initial
Initial Keystore
Keystore Mode
Mode []
[] ++
Keystore
Keystore Encryption
Encryption Algorithm
Algorithm []
[] ++
Keystore
Keystore Access
Access []
[] ++
Notes:
The chgroup command
The chgroup command is used to change the characteristics of a group. It can only be run
by root or a member of the security group.
Group attributes
The group attributes are:
• Group ID (id=groupid): It is not advisable to change the group ID, but it is occasionally
done immediately after a group has been created to match the ID of a previously
deleted group, or a specific group ID needed for a particular software package.
• ADMINISTRATIVE group? (admin=true|false): Only the root user can change a
group to be an administrative group, or make changes to an existing administrative
group.
• USER list (users=usernames): This is a comma separated list of the names of all the
members of the group. The group may be their primary group or an additional one.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-83
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-85
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
RBAC overview
IBM Power Systems
1
Roles
Authorizations
Manage Devices
Create 2
System WPARs
Operating System
Administration Users
Notes:
There are over 250 built in pre-defined authorizations, such as manage devices, create
WPARs, and perform OS administration. To view all authorizations, type: # lsrole ALL.
Authorizations are assigned to commands and files which are considered privileged. By
privileged, we mean that we want to allow them to bypass traditional access controls.
These authorizations are then assigned to roles which, in turn, are assigned to users.
Users can then switch roles to perform the necessary administrative actions.
Custom user-defined authorizations and roles can also be created. However, this requires
the kernel security tables to be updated. To do this, execute the setkst command.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-87
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## lsrole
lsrole -c
-c -a
-a dfltmsg
dfltmsg ALL
ALL |grep
|grep -v
-v "#name"|grep
"#name"|grep ":"
":"
AccountAdmin:User and Group Account Administration
AccountAdmin:User and Group Account Administration
BackupRestore:Backup
BackupRestore:Backup and and Restore
Restore Administration
Administration
DomainAdmin:Remote
DomainAdmin:Remote Domain Administration
Domain Administration
FSAdmin:File
FSAdmin:File System
System Administration
Administration
SecPolicy:Security
SecPolicy:Security Policy
Policy Administration
Administration
SysBoot:System
SysBoot:System BootBoot Administration
Administration
SysConfig:System
SysConfig:System Configuration
Configuration Administration
Administration
isso:Information
isso:Information System Security
System Security Officer
Officer roles
sa:System
sa:System Administrator
Administrator
so:System
so:System Operator
Operator
## lsauth
lsauth -f
-f ALL
ALL |grep
|grep dfltmsg
dfltmsg |sed
|sed 's:dfltmsg=::g'
's:dfltmsg=::g'
Operating System Administration
Operating System Administration
Device
Device Administration
Administration
Configure
Configure Devices
Devices
Configure
Configure thethe Random
Random Device
Device
Configure TTY Devices
Configure TTY Devices
Manage
Manage Devices
Devices authorizations
Change
Change Attributes
Attributes ofof aa Device
Device
…….removed
…….removed for clarify ……
for clarify
Notes:
There are, by default, 10 predefined system roles and 254 authorizations. They can be
listed with the lsrole and lsauth commands respectively.
To list the roles and the assigned authorizations, type:
# lsrole -f -a authorizations dfltmsg ALL |grep -p dfltmsg
Role Definitions:
isso - Information system security officer
The ISSO role is responsible for creating and assigning roles, and is thus the most
powerful user-defined role on the system. Some of the ISSO responsibilities include:
• Establishing and maintaining security policy
• Setting passwords for users
• Network configuration
• Device administration
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-89
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-91
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
4. User would then switch to the role and perform the necessary
operations.
• To switch roles, use swrole command
Notes:
A key part in implementing RBAC, is planning. Start by making a note of all the
administration tasks which may need to be performed, then allocate them to roles, and
assign the roles to userids.
RBAC is enabled by default in AIX 6, and can be checked with the lsattr command as
shown on the visual.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-93
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
RBAC example (1 of 2)
IBM Power Systems
Notes:
The visual demonstrates how to provide a user with the capability to start, stop, and reboot
the system.
If you are not sure if the system authorization, aix.system.boot.shutdown, contains
the shutdown command, then the RBAC privileged command file can be checked (stored in
/etc/security), as follows:
/etc/security # grep shutdown privcmds
/usr/sbin/exec_shutdown:
accessauths = aix.system.boot.shutdown
/usr/sbin/shutdown:
accessauths = aix.system.boot.shutdown
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-95
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
RBAC example (2 of 2)
IBM Power Systems
Notes:
The rolelist command provides role and authorization information to the invoker, about
their current roles, or the roles assigned to them.
The swrole command creates a new role session, spawed in a sub shell, with the roles
that are specified by the role parameter (in this example, SysBoot). To exit the new role sub
shell, type:
# exit rolelist –e or # exit rolelist SysBoot
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-97
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
IBM Power Systems
Notes:
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-99
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Topic summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-101
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-103
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Security files
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-105
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Introduction
The security on the system is controlled by a number of ASCII files. Key files are listed
on the visual and briefly described below.
/etc/passwd
The /etc/passwd file lists the valid users, and the user ID, primary group, home
directory, and default login shell for each of these users.
/etc/group
The /etc/group file lists the valid groups, their group IDs, and members.
The /etc/security directory
The /etc/passwd and /etc/group files have global read access to all users. A number
of other files control the attributes of users. These files are in the /etc/security directory,
which can only be accessed by root or the security group.
Uempty /etc/security/passwd
/etc/security/passwd contains the encrypted password and update information for
users.
/etc/security/user
/etc/security/user contains extended user attributes.
/etc/security/group
/etc/security/group contains extended group attributes.
/etc/security/limits
/etc/security/limits contains process resource limits for users.
/etc/security/environ
/etc/security/environ contains environment variables for users. This file is not often
used.
/etc/security/login.cfg
/etc/security/login.cfg is a configuration file for the login program. This file contains
security enhancements that limit the logins on a port, for example, the number of login
attempts and the valid login programs (shells).
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-107
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Introduce some of the primary files used to hold user, group, and security
information
Details — This page provides an introduction to the primary files that hold user, group, and
security information. This page is meant as an introduction. Details on most of the files
listed will be covered on the following pages.
Most UNIX systems have /etc/passwd and /etc/group. AIX uses the /etc/security
directory as a way to provide added security for additional user and group information. The
/etc/security directory is not standard on all UNIX operating systems.
Additional information —
Transition statement — Let's now take a look through some of the files that are involved
in the security of your system.
Uempty
/etc/passwd file
IBM Power Systems
## cat
cat /etc/passwd
/etc/passwd
root:!:0:0::/:/usr/bin/ksh
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest:
guest:!:100:100::/home/guest:
nobody:!:4294967294:4294967294::/:
nobody:!:4294967294:4294967294::/:
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
ted:*:205:1::/home/ted:/usr/bin/ksh
ted:*:205:1::/home/ted:/usr/bin/ksh
! = Passwd is set
/etc/security/passwd
* = no password set
Notes:
Role of the /etc/passwd file
The /etc/passwd file lists the users on the system and some of their attributes. This file
must be readable by all users, because commands such as ls access it.
Fields in the /etc/passwd file
The fields in the /etc/passwd file are:
• User name: Up to eight alphanumeric characters (not all uppercase)
• Password: On older UNIX systems, this contained the encrypted password. On AIX, it
either contains an exclamation mark (!) to refer to the /etc/security/passwd file or an
asterisk (*), which means the user has no password assigned.
• UID: The user ID number for the user
• GID: The ID of the primary group to which this user belongs
• Information: Any descriptive text for the user
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-109
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Directory: The login directory of the user and the initial value of the $HOME variable
• Login program: Specifies the initial program or shell that is executed, after a user
invokes the login command, or su command
Using index files for better login performance
In AIX, additional files can be created to be used as index files for the /etc/passwd,
/etc/security/passwd, and /etc/security/lastlog files. These index files provide for better
performance during the login process. Use the mkpasswd -f command to create the
indexes. The command mkpasswd -c can be used to check the indexes, and rebuild any
that look suspicious.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-111
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
/etc/security/passwd file
IBM Power Systems
## cat
cat /etc/security/passwd
/etc/security/passwd
root:
root:
password
password == etNKvWlXX5EFk
etNKvWlXX5EFk
lastupdate
lastupdate = 1145381446
= 1145381446
flags
flags ==
daemon:
daemon:
password
password == **
bin:
bin:
password
password == **
alex:
alex:
password
password == XAkhucsiyVwAA
XAkhucsiyVwAA
lastupdate
lastupdate == 1225381869
1225381869
flags =
flags =
tyrone:
tyrone:
password
password == RWWoFp5iuL.JI
RWWoFp5iuL.JI
lastupdate
lastupdate = 1225381903
= 1225381903
flags
flags == ADMCHG,ADMIN,NOCHECK
ADMCHG,ADMIN,NOCHECK
Notes:
Role of the /etc/security/passwd file (commonly referred to as the shadow password
file)
The /etc/security/passwd file contains the encrypted user passwords and can only be
accessed by root. The login, passwd, pwdadm, and pwdck commands, which run with
root authority, update this file. This file is in stanza format with a stanza for each user.
Index files
As previously mentioned, in AIX, additional files can be created to be used as index files for
/etc/security/passwd and some related files. These index files provide for better
performance during the login process. These indexes are created using the mkpasswd
command.
Entries in /etc/security/passwd
Valid entries in /etc/security/passwd are:
• Password: Either the encrypted password asterisk (*) for invalid, or blank for no
password
Uempty • Lastupdate: The date and time of the last password update in seconds from 1 January
1970
• Flags:
- ADMCHG: The password was last changed by an administrator or root.
- ADMIN: The user's password can only be changed by root.
- NOCHECK: Password restrictions are not in force for this user.
See /etc/security/user for password restrictions.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-113
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show the file containing the security attributes for users
Details — This file contains the actual password for each user.
In AIX, it is recommended that this file not be updated directly.
Additional information —
Transition statement — The /etc/security/passwd file contains the actual password
string (encrypted). Let's now look at where other user attributes are set.
Uempty
/etc/security/user file
IBM Power Systems
default:
default: ** default
default continued
continued ...
...
admin
admin == false
false
login
login == true
true maxage
maxage == 00
susu == true
true maxexpired
maxexpired == -1
-1
daemon
daemon == true
true minalpha
minalpha == 00
rlogin
rlogin == true
true minother
minother == 00
sugroups
sugroups == ALL
ALL minlen
minlen == 00
admgroups
admgroups == mindiff
mindiff == 00
ttys
ttys == ALL
ALL maxrepeats
maxrepeats == 88
auth1
auth1 == SYSTEM
SYSTEM dictionlist
dictionlist ==
auth2
auth2 == NONE
NONE pwdchecks
pwdchecks ==
tpath
tpath == nosak
nosak root:
root:
umask
umask == 000
000 admin
admin == true
true
expires
expires == 00 SYSTEM
SYSTEM == "compat"
"compat"
SYSTEM
SYSTEM == "compat"
"compat" loginretries
loginretries == 00
logintimes
logintimes == account_locked
account_locked == false
false
pwdwarntime
pwdwarntime == 00 registry
registry == files
files
account_locked
account_locked == false
false admgroups
admgroups ==
loginretries
loginretries == 00 alex:
alex:
histexpire
histexpire == 00 admin
admin == false
false
histsize
histsize == 00
minage
minage == 00
Notes:
admin
This attribute defines the administrative status of the user. Possible values: true or false
login
This attribute defines whether a user can login. Possible values: true or false
su
This attribute defines whether other users can switch to this user account. The su
command supports this attribute. Possible values: true or false
daemon
This attribute defines whether the user can execute programs using the system resource
controller (SRC). Possible values: true or false
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-115
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
rlogin
This attribute defines whether the user account can be accessed by remote logins. rlogin
and telnet commands support this attribute. Possible values: true or false
sugroups
This attribute defines which groups can switch to this user account. Alternatively, you may
explicitly deny groups by preceding the group name with an exclamation mark (!). Possible
values: list of valid groups separated by commas, ALL or *
admgroups
This attribute lists the groups that a user administers. The value is a comma-separated list
of valid group names.
ttys
This attribute defines which terminals can access the user account. Alternatively you may
explicitly deny terminals by preceding the terminal name with an exclamation mark (!).
Possible values: list of device paths separated by commas, ALL or *
auth1
This attribute defines the primary authentication method for a user. The commands login,
telnet, rlogin, and su, support these authentication methods.
auth2
This attribute defines the secondary authentication methods for a user. It is not a
requirement to pass this method to log in.
tpath
This attribute defines the user's trusted path characteristics. Possible values: nosak, notsh,
always or on (For more information refer to the online documentation.)
umask
This attribute defines the default umask for the user. Possible values: 3-digit octal value
expires
This attribute defines the expiration time for the user account. Possible values: a valid date
in the form MMDDHHMMYY or 0. If 0, the account does not expire. The 'YY' supports the
last two digits of the years 1939 to 2038. If 0101000070, then the account is disabled.
SYSTEM
This attribute can be used to describe multiple or alternate authentication methods the user
must use successfully, before gaining access to the system. Possible tokens are:
• Files: Allows only local users access to the system
• Compat: The normal login procedure and therefore allows local and NIS users access
to the system
• DCE: The Distributed Computing Environment authentication
Uempty logintimes
This attribute defines the times a user can login.
pwdwarntime
This attribute defines the number of days before a forced password change warning
informs the user of the impending password change. Possible values: a positive integer or
0 to disable this feature
account_locked
This attribute defines whether the account is locked. Locked accounts cannot be used for
login or su. Possible values: true or false
loginretries
This attribute defines the number of invalid login attempts before a user is not allowed to
login. Possible values: a positive integer or 0 to disable this feature
histexpire
This attribute defines the period of time in weeks that a user will not be able to reuse a
password. Possible values: an integer value between 0 and 260. 26 (approximately 6
months) is the recommended value
histsize
This attribute defines the number of previous passwords which cannot be reused. Possible
values: an integer between 0 and 50
minage
This attribute defines the minimum number of weeks between password changes. The
default is 0. Possible values: 0 to 52
maxage
This attribute defines the maximum number of weeks a password is valid. The default is 0,
which is equivalent to unlimited. Possible values: 0 to 52
maxexpired
This attribute defines the maximum number of weeks after maxage that an expired
password can be changed by a user. The default is -1, which is equivalent to unlimited.
Possible values: -1 to 52. maxage must be greater than 0 for maxexpired to be enforced
(root is exempt from maxexpired)
minalpha
This attribute defines the minimum number of alphabetic characters in a password. The
default is 0. Possible values: 0 to 8
minother
This attribute defines the minimum number of non-alphabetic characters in a password.
The default is 0. Possible values: 0 to 8
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-117
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
minlen
This attribute defines the minimum length of a password. The default is 0. Range: 0 to 8
Note that the minimum length of a password is determined by minlen and/or “minalpha +
minother”, whichever is greater. “minalpha + minother” should never be greater than 8. If
“minalpha + minother” is greater than 8, then minother is reduced to “8 - minalpha”.
mindiff
This attribute defines the minimum number of characters in the new password that were
not in the old password. The default is 0. Possible values: 0 to 8
maxrepeats
This attribute defines the maximum number of times a given character can appear in a
password. The default is 8, which is equivalent to unlimited. Possible values: 0 to 8
dictionlist
This attribute defines the password dictionaries used when checking new passwords. The
format is a comma separated list of absolute path names to dictionary files. A dictionary file
contains one word per line where each word has no leading or trailing white space. Words
should only contain 7 bit ASCII characters. All dictionary files and directories should be
write protected from everyone except root. The default is valueless which is equivalent to
no dictionary checking.
pwdchecks
This attribute defines external password restriction methods used when checking new
passwords. The format is a comma separated list of absolute path names to methods or
method path names relative to /usr/lib. A password restriction method is a program
module that is loaded by the password restrictions code at run time. All password
restriction methods and directories should be write protected from everyone except root.
The default is valueless, which is equivalent to no external password restriction methods.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-119
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Group files
IBM Power Systems
## cat
cat /etc/group
/etc/group
system:!:0:root,esaadmin,pconsole
system:!:0:root,esaadmin,pconsole
staff:!:1:ipsec,sshd,alex,tyrone,ted
staff:!:1:ipsec,sshd,alex,tyrone,ted
bin:!:2:root,bin
bin:!:2:root,bin
sys:!:3:root,bin,sys
sys:!:3:root,bin,sys
adm:!:4:bin,adm
adm:!:4:bin,adm
uucp:!:5:nuucp,uucp
uucp:!:5:nuucp,uucp
...
...
## cat
cat /etc/security/group
/etc/security/group
system:
system:
admin
admin == true
true
staff:
staff:
admin
admin == false
false
bin:
bin:
admin
admin == true
true
...
...
techies:
techies:
admin
admin == false
false
adms = alex
adms = alex
© Copyright IBM Corporation 2009
Notes:
The /etc/group file
The fields in the /etc/group file are:
• Group: Up to eight alphanumeric characters (not all uppercase)
• Password: This field is not used in AIX and should contain an exclamation mark (!)
• ID: The group ID
• Members: A comma-separated list of the users who belong to this group
The /etc/security/group file
The /etc/security/group file is a stanza file with one stanza for each group. The valid
entries are:
• admin: Defines whether the group is an administrative group; values are true or false
• adms: A comma-separated list of the users who are administrators for the group
• If admin=true, this stanza is ignored because only root can change an administrative
group.
• projects: A list of project names to be associated with the group
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-121
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
/etc/security/login.cfg file
IBM Power Systems
default:
default:
herald
herald == "Authorized
"Authorized use
use only.\n\rlogin:"
only.\n\rlogin:"
logintimes
logintimes = =
logindisable
logindisable == 00
logininterval
logininterval == 00
loginreenable
loginreenable == 00
logindelay
logindelay == 00
** Other
Other security
security attributes
attributes (usw
(usw stanza):
stanza):
usw:
usw:
shells
shells == /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh
/bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh
/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin
/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin
/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/r
/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/r
ksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin
ksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin
/snappd
/snappd
maxlogins
maxlogins == 32767
32767
logintimeout
logintimeout == 6060
auth_type = STD_AUTH
auth_type = STD_AUTH
Notes:
herald
This attribute specifies the initial message to be printed out when getty or login prompts
for a login name. This value is a string that is written out to the login port. If the herald is not
specified, then the default herald is obtained from the message catalog associated with the
language set in /etc/environment.
logintimes
This attribute defines the times a user can use this port to login.
logindisable
This attribute defines the number of unsuccessful login attempts before this port is locked.
Use this in conjunction with logininterval.
logininterval
This attribute defines the number of seconds during which logindisable unsuccessful
attempts must occur before a port is locked.
Uempty loginreenable
This attribute defines the number of minutes after a port is locked, that it automatically
unlocked.
logindelay
This attribute defines the delay in seconds between unsuccessful login attempts. This
delay is multiplied by the number of unsuccessful logins. Therefore, if the value is two, then
the delay between unsuccessful logins is two seconds, then four seconds, then six
seconds, and so forth.
Other security attributes (usw stanza):
shells
The list of valid login shells for a user; chuser and chsh will only change a user's login shell
to one of the shells listed here.
maxlogins
This attribute defines the maximum number of simultaneous logins allowed on the system.
logintimeout
This attribute defines the number of seconds the user is given to enter their password.
auth_type
This attribute determines whether PAM or the standard UNIX authentication mechanism
will be used by PAM-aware applications. Valid values: STD_AUTH, PAM_AUTH
The chsec command
Changes to the /etc/security/login.cfg file can be done by the command chsec:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt=”Password:”
To reset to the default value:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt=
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-123
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define some of the attributes of the /etc/security/login.cfg file
Details — Please note that only a few of the attributes have been listed. Most of the
remaining attributes are explained in the Advanced System Administration course. Only
cover the ones listed.
Be sure to point out that this is the file that is used for a customized herald and only valid
with tn and login commands (for example,NOT ssh).
Additional information —
Transition statement — With all the information that is spread over such a number of files,
it sometimes is necessary to perform sanity checks on these files.
Uempty
Notes:
Use of validation commands
The commands listed on the visual can be executed by root or any user in the security
group to clean up after a change to the user configuration. Because they run with root
permissions, they give administrative users the ability to make necessary changes to the
/etc/security/passwd file in a controlled way, without knowing the root password.
The usrck command
The usrck command verifies the validity of the user definitions in the user database files,
by checking the definitions for all the users or for the users specified by the user parameter.
You must select a flag to indicate whether the system should try to fix erroneous attributes.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-125
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-127
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Identify the different types of users and what data they will
need to access.
– Consider using enhanced RBAC with AIX 6.1 to perform system
administration tasks (as opposed to using root).
• Organize groups around the type of work that is to be done.
• Organize ownership of data to fit with the group structure.
• Set SVTX on shared directories.
• Note: Further topics, such as LDAP, SSH,
trusted execution, encrypted filesystems, aixpert,
RBAC (detailed), and IPSec, are covered in the
AIX Security course: AU47G Security
Security
Policy and
Policy and
Setup
Setup
Notes:
Planning user and group administration
Plan and organize your user and group administration. Every user does not need their own
group. Good planning up front reduces any reorganizing of users and groups later on.
Use of the sticky bit
Always protect your shared directories by setting the sticky bit. Then users will not remove
each other’s files accidentally, or intentionally.
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-129
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
IBM Power Systems
Notes:
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-131
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Topic summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-133
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Exercise 12
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-135
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-137
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Estimated time
00:30
References
Online AIX 6.1 Commands Reference
AIX 6.1 Files Reference
AIX Version 6.1 Operating system and device
management
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
Unit objectives
IBM Power Systems
Notes:
• Starts:
– crontab command events
(regularly scheduled jobs)
– at command events
(one time only execution at specified time)
Notes:
Starting of cron
The cron process is usually started at system startup by /etc/inittab. It runs constantly
as a daemon. If killed, it is automatically restarted.
Instructor notes:
Purpose — Explain what cron is, what it does, and how it is configured
Details — cron runs system tasks on behalf of a user. The user can submit a task to
cron, and then log out of the system, knowing that the task will still be run.
The output of these tasks handed over to cron must be handled in a special way.
Redirection of output is sometimes used for such tasks. If no output redirection is used,
then cron will mail the output and the errors to the user.
Additional information —
Transition statement — Let’s cover some key points regarding crontab files.
Uempty
crontab files
IBM Power Systems
Notes:
Scheduling a job
The cron daemon starts processes at specified times. It can be used to run regularly
scheduled jobs using files in the /var/spool/cron/crontabs directory, or it can be used
to schedule a command for one-time-only execution using the at command.
Format of entries:
minute hour date-of-month month day-of-week command
...
...
#0
#0 33 ** ** ** /usr/sbin/skulker
/usr/sbin/skulker
#45
#45 2 * * 0 /usr/lib/spell/compress
2 * * 0 /usr/lib/spell/compress
#45
#45 2323 ** ** ** ulimit
ulimit 5000;
5000; /usr/lib/smdemon.cleanu
/usr/lib/smdemon.cleanu >> /dev/null
/dev/null
00 11
11 * * * /usr/bin/errclear -d
* * * /usr/bin/errclear -d S,O
S,O 3030
00 12
12 ** ** ** /usr/bin/errclear
/usr/bin/errclear -d-d HH 90
90
00 15
15 * * * /usr/lib/ras/dumpcheck >/dev/null
* * * /usr/lib/ras/dumpcheck >/dev/null 2>&1
2>&1
0,30,45
0,30,45 * * * * /usr/sbin/dumpctrl -k >/dev/null
* * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null
2>/dev/null
...
...
Notes:
Instructor notes:
Purpose — Explain the format of a crontab file
Details — Cover that each field is separated by white space. Explain what each field
means. Each field can have multiple values separated by commas, and ranges can be
specified with hyphens.
All fields are compared using and, and all fields must be true before cron executes the line.
There is an exception to this rule. If a numeric is specified in both the “date of the month”
field and the “day of the week” field, these two fields (and only these two fields) are
compared with an “or”. For example, if a user wanted to run a script on the first of the
month when the first falls on a Friday, the administrator may incorrectly set up the crontab
entry to look like this:
0 0 1 * 5 /usr/bin/newscript
The problem is that although the first is specified correctly with the “1” and the day of the
week is specified correctly with the “5”, these two fields are compared using “or”. Therefore,
it runs on the first of the month, and it runs on Fridays because the first Friday makes the
condition true.
The crontab file does not provide the capability to accomplish the original goal. However,
you could achieve your objective by running a script every Friday and have the script check
to see if it is the first of the month before proceeding through the script. The logic needs to
be built into the script.
Additional information — You should point out the skulker entry in the file since this was
discussed earlier in the course.
Transition statement — Now that you know the format, let’s see how to change this file.
Uempty
• A safer method:
## crontab
crontab -l
-l >> /tmp/crontmp
/tmp/crontmp
## vi /tmp/crontmp
vi /tmp/crontmp
## crontab
crontab /tmp/crontmp
/tmp/crontmp
Notes:
## at
at 55 pm
pm Friday
Friday
banner
banner hello
hello >> /dev/pts/0
/dev/pts/0
<ctrl-d>
<ctrl-d>
job
job user.time.a
user.time.a will
will be
be run
run at
at date
date
## for
for hosts
hosts in
in lpar50
lpar50 lpar51
lpar51 lpar52
lpar52
do
do
rsh
rsh $host
$host "echo
"echo '<<EOF
'<<EOF nohup
nohup shutdown
shutdown -Fr'
-Fr' || at
at now
now ""
done
done
Notes:
Instructor notes:
Purpose — Explain how to use the at and batch commands
Details — Jobs entered using the at command are managed by the cron daemon.
Additional information — The at command performs once-only tasks at a later time than
the present.
This can be used to schedule a task for a time when there will be no users on the system,
for example, at 3 a.m.
batch jobs are the same as running at -q b.
Transition statement — We discussed how to submit a task to at. Now, let’s see how
these jobs can be cancelled.
Uempty
Controlling at jobs
IBM Power Systems
• To list at jobs:
at -l [user]
atq [user]
## at
at –l
–l
root.1118077769.a
root.1118077769.a Mon
Mon Jun
Jun 66 10:09:29
10:09:29 2007
2007
root.1118078393.a
root.1118078393.a Mon
Mon Jun 6 10:19:53 2007
Jun 6 10:19:53 2007
test2.1118079063.a
test2.1118079063.a Mon
Mon Jun
Jun 66 10:31:03
10:31:03 2007
2007
• To cancel an at job:
at -r job
atrm [job | user]
## at
at -r
-r test2.1118079063.a
test2.1118079063.a
at
at file: test2.1118079063.a
file: test2.1118079063.a deleted
deleted
Notes:
Listing at jobs
To list at jobs use the at -l command or the atq command. The root user can look at
another user's at jobs by using the command atq <user>.
Removing at jobs
To cancel an at job, use at -r or atrm followed by the job number. Use the command
atrm - and place nothing after the hyphen (-), to cancel all of your jobs. The root user
can cancel all jobs for another user, using atrm <user>.
Instructor notes:
Purpose — Show how to view the at queue and to cancel jobs from it.
Details — The first portion of an at job number shows the user ID that entered the job.
Additional information —
Transition statement — Let's see what we should document.
Uempty
Documenting scheduling
IBM Power Systems
Scheduling Records
Notes:
Overview
It is important to have correct, up-to-date information regarding your system, in case of
an unexpected system failure.
Maintain as much documentation as possible about all aspects of the system by
following the recommendations we have given throughout the course.
Instructor notes:
Purpose — Describe two useful documentation ideas that can help maintain the
availability of a system
Details — Explain the importance of having correct up to date information regarding the
system, in case of unexpected system failure.
Encourage the user to maintain as much documentation as possible about all aspects of
the system by following the recommendations we have given throughout the course.
Additional information —
Transition statement — Before we do the exercise for this unit, let's look at the checkpoint
questions.
Uempty
Checkpoint
IBM Power Systems
2. Give a crontab entry that would specify that a job should run
every Thursday at 10 past and 30 minutes past every hour.
_____________________________________________
Notes:
Instructor notes:
Purpose — Review and test understanding of what has been covered in this unit
Details — A suggested approach is to give the students a few minutes to answer the
questions themselves and then go over the answers as a group. A suggested checkpoint
solution is given below:
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement — Let’s move on to the exercise for this unit.
Uempty
Exercise 13
IBM Power Systems
Scheduling
Notes:
Introduction
This lab gives you the opportunity to schedule jobs using both at and crontab.
The exercise can be found in your Student Exercises Guide.
Instructor notes:
Purpose — Introduce the exercise for this unit
Details — Depending on the class, it might be a good idea to remind the students where
the instructions for the exercise are located.
Additional information —
Transition statement — Let’s summarize the key points we have covered in this unit.
Uempty
Unit summary
IBM Power Systems
Notes:
Instructor notes:
Purpose — Summarize the key points covered in this unit
Details —
Additional information —
Transition statement — You have reached the end of our scheduling unit.
Estimated time
01:30
References
Online AIX Version 6.1 Operating system and device
management
System Management Guide: Communications and
Networks
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
Unit objectives
IBM Power Systems
Notes:
What is TCP/IP?
IBM Power Systems
Notes:
TCP/IP stands for Transmission Control Protocol/Internet Protocol. A more accurate name
is Internet Protocol Suite or IP Stack.
TCP/IP is a set of protocols or rules which define various aspects of how two computers in
a network may communicate with each other. A protocol is a set of rules which describes
the mechanisms and data structures involved. Using these definitions, vendors can write
software to implement the protocols for particular systems.
There are many different protocols which cover the aspects of addressing hosts in the
network, data representation and encoding, message passing, interprocess
communications, and application features, such as how to send mail or transfer files across
the network.
Where possible, the protocols are defined independently of any operating system, network
hardware, or machine architecture. In order to implement TCP/IP on a system, interface
software must be written to allow the protocols to use the available communications
hardware.
Uempty This means that heterogeneous environments can be created where machines from
different manufacturers can be connected together, and different types of networks can be
interconnected.
Instructor notes:
Purpose — Introduce the TCP/IP protocol suite
Details — Go through the details in the visual.
Additional information —
Transition statement — Now that we have defined what TCP/IP is, let's see the layering
model.
Uempty
TCP/IP layering
IBM Power Systems
Common
OSI 7 layer network
TCP/IP layer model
model devices
- Layer 7 switch
Application SNMP FTP DNS DHCP VNC
Application
SSH SMTP NFS LDAP MAIL
Presentation
- Firewall
Session TCP UDP
Transport Reliable delivery to
correct program
Unreliable delivery to
correct program
Transport
- Router
IP IPsec ICMP - Layer 3 switch
Network Internet
- Switch
LAN WAN
Data Link Network (Ethernet, FDDI, ....) (ATM, Leased lines, ....)
- Bridge
interface - NIC
Notes:
The TCP/IP protocol suite consists of lots of different protocols, which are described in
many thousands of RFCs. Most of these protocols and RFCs are either application specific
(such as RFC 959, which describes the FTP protocol), or describe how data should be
transferred over a specific architecture (such as RFC 894, which describes IP over
Ethernet). For now, it is important to understand the working and interdependency of only a
few core protocols. Since these protocols are built on top of each other, where one protocol
uses another protocol to get things done, the interdependency is almost as important as
understanding each protocol independently.
From top to bottom we find the following protocols:
• Applications use either the User Datagram Protocol (UDP) or the Transmission
Control Protocol (TCP) to transmit their data. Both TCP and UDP deliver the data to
the right process, and make use of IP to arrange delivery to the right host. The
difference between UDP and TCP is that TCP implements a mechanism of
acknowledgements, whereby reliability can be guaranteed. UDP does not have such a
mechanism, making UDP less reliable.
• The Internet layer is responsible for end-to-end (source to destination) packet delivery
including routing through intermediate hosts. Internet Control Message Protocol
(ICMP) messages are typically generated in response to errors in IP datagrams or for
diagnostic or routing purposes. The IPsec protocol is responsible for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet of a data
stream.
• The Network interface is the protocol layer which transfers data between hosts. In
order to do this, a physical medium is required such as copper or fiber and hence the
network interface and physical layers are closely related.
Common network devices
• Repeater. A repeater is an electronic device that receives a signal and retransmits
them at a higher level, higher power or both, so that the signal can cover longer
distances without degradation. Because repeaters work with the actual physical signal,
and do not attempt to interpret the data being transmitted, they operate on the Physical
layer, the first layer of the OSI model.
• Network Interface Card (NIC). A NIC is a LAN adapter which is designed to allow
computers to communicate over a computer network. It is both a layer 1 (physical layer)
and layer 2 (data link layer) device, as it provides physical access to a networking
medium and provides a low-level addressing system through the use of MAC
addresses.
• Bridge. A bridge is a hardware device for linking two networks that work with the same
protocol. Unlike a repeater, which works at the physical level, a bridge works at the
logical level (on layer 2), which means that it can filter frames so that it only lets past
data whose destination address corresponds to a machine located on the other side of
the bridge.
• Switch. A network switch is a device that connects network segments. The term
commonly refers to a network bridge that processes and routes data at the Data link
layer (layer 2) of the OSI model.
- Layer 3. Switches that additionally process data at the network layer (layer 3 and
above), are often referred to as Layer 3 switches or multi-layer switches. A layer 3
switch can perform some or all of the functions normally performed by a router.
- Layer 4. Layer 4 switches process data a the transport layer and are always
vendor-dependent. An example of a layer 4 switch, is a Firewall which performs
transport layer function such as: Network Address Translation (NAT), IP filtering and
packet encryption/decryption.
- Layer 7. The most advanced switches, called layer 7 switches (corresponding to the
application layer of the OSI model), can redirect data based on advanced
application data contained in the data packets, for example, an awareness of the
type of the file being sent by FTP. For this reason, a layer 7 switch can be used for
load balancing, by routing the incoming data flow to the most appropriate servers,
which have a lower load or are responding more quickly.
Partition Activation
Notes:
TCP/IP startup is initiated from the inittab processing. /sbin/rc.boot calls cfgmgr during the
second phase processing which will in turn initialize the network interfaces and set up
routing by processing the /etc/rc.net file. TCP/IP subsystems are started from /etc/rc.tcpip
script. This script can be edited directly to comment or uncomment subsystem startup. The
inetd daemon is responsible for loading network programs upon request, such as ftp, telnet
etc. Once the core TCP/IP subsystems have been initialized, further TCP/IP based
applications such as NFS, NIM, HACMP, can be started.
Ethernet adapters
IBM Power Systems
Notes:
Brief history of Ethernet
The original Ethernet is called Experimental Ethernet today. It was developed by Robert
Metcalfe in 1972 (patented in 1978) and was based in part on the ALOHAnet protocol. The
first Ethernet that was generally used was DIX Ethernet (known as Ethernet II) and was
derived from Experimental Ethernet. Today, there are many different standards, under the
umbrella of IEEE 802.3, and the technical community has accepted the term Ethernet for
all of them. Currently, under development is IEEE 802.3ba (40Gb/s and 100Gb/s Ethernet).
For further information see http://www.ieee802.org/3
Ethernet adapter support on AIX
• TX 10/100/1000Mb up to 100m using traditional copper
• SX 1000Mb up to 550m using multi-mode fiber
• LX 1000Mb up to 5km using single-mode fiber (can also run on multi-mode fiber)
• SR (short range) 10Gb up to 300m using multi-mode fiber
Instructor notes:
Purpose — Provide an introduction to Ethernet adapters
Details — Provide a little Ethernet history to the students. Give a brief overview of the
adapter support in AIX. Traditional copper (TX) is inexpensive. However, to go further
distances and higher speeds, Fiber is required. Ensure students understand that the
adapter is both a layer 1 and 2 device, and that for each adapter there are two layer 3
interfaces, enX and etX. In the visual, en0 is shown as available. Explain it is made
available when an IP address is assigned to it.
Additional information —
Transition statement — VLANs are a critical part of configuring Ethernet networks and
play an important role in virtual Ethernet on Power5 and 6 boxes. Let's provide an overview
of VLANs.
Uempty
Virtual LAN
IBM Power Systems
VLAN 1
Building 1 Trunk Building 2
VLAN 2
Notes:
Virtual LAN (VLAN)
VLANs are used to divide networks into smaller, more manageable chunks. This helps to
reduce the size of the broadcast domain and helps with security through isolation. IEEE
802.1Q is the standard for VLANs. It aims to:
• Define an architecture to logically partition bridged LANs and provide services to
defined user groups, independent of physical location.
• Allow interoperability between multivendor equipment.
Instructor notes:
Purpose — Introduce VLANs
Details — VLANs today are common place and supported by modestly priced Ethernet
hardware.
Explain what VLANs are and describe the benefits.
Additional information —
Transition statement — VLAN tagging is the key to understanding how VLANs work. Let's
define VLAN tagging.
Uempty
Notes:
802.1Q VLAN
In 802.1Q, the VLAN information is written into the Ethernet packet itself. Each packet
carries a VLAN ID, called a Tag. This allows VLANs to be configured across multiple
switches. Packets can leave the switch tagged or untagged, depending on the setting for
that port's VLAN membership properties. When using 802.1Q, four bytes are added to the
Ethernet frame, of which 12 bits are used for the VLAN ID. Theoretically, there can be up to
4096 VLANs per network.
Instructor notes:
Purpose — Introduce VLAN tagging
Details — Go through the details in the visual and notes.
Additional information — For further information, refer to the IEEE website:
http://standards.ieee.org/getieee802/download/802.1Q-2005.pdf
Transition statement — VLAN tagging continuation
Uempty
Notes:
AIX implementation supports the IEEE 802.1Q VLAN tagging standard, with the capability
to support multiple VLAN IDs running on Ethernet adapters. Each VLAN ID is associated
with a separate Ethernet interface to the upper layers (for example, IP), which creates
unique logical Ethernet adapter instances per VLAN, for example, ent1, ent2, and so on.
For example, you may only have one physical Ethernet adapter on the system, but want to
create multiple networks.
Instructor notes:
Purpose — Introduce VLAN tagging continuation
Details — Go through the details in the visual and notes.
Additional information —
Transition statement — Let's see a simple VLAN example.
Uempty
Notes:
The example in the visual shows three VLANs split across three Ethernet switches. VLANs
100 and 200 are used to segregate hosts and users from the finance and sales groups
respectively.
Instructor notes:
Purpose — Demonstrate a simple VLAN example.
Details — The example shows how to define three VLANs: 33, 100, and 200, across three
switches.
Additional information —
Transition statement — Let's see how to create a VLAN adapter in AIX.
Uempty
Available
Available Network
Network Adapters
Adapters
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter. Use
Use arrow
arrow keys
keys to
to scroll.
scroll.
ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (1410890)
(1410890)
ent0
ent0 Available
Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14106902)
(14106902)
Add
Add AA VLAN
VLAN
[Entry
[Entry Fields]
Fields]
VLAN
VLAN Base
Base Adapter
Adapter ent1
ent1
** VLAN
VLAN Tag ID
Tag ID [33]
[33] +#
+#
VLAN
VLAN Priority
Priority []
[] +#
+#
## lsdev
lsdev -Cc
-Cc adapter
ent0
adapter
Available
Packets(14106902)
which get
ent0 Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14106902)
ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
sent
Base-TX PCI-X
from adapter
PCI-X Adapter
Adapter (14108902)
(14108902)
ent2
ent2 Available
Available VLAN
VLAN ent2, are sent
tagged (33) out of
ent1.
© Copyright IBM Corporation 2009
Notes:
Use smit addvlan fast path to configure VLANs. Start by selecting a base adapter, which
will be used to send the packets, and assign a VLAN tag. Optionally, you can also specify a
priority. This is used by the VLAN driver to prioritize packets if multiple VLANs are created
using the same base adapter. You can specify a value from 0-7, where 0 is the default
priority, 1 is the highest, and then in increasing numerical order from 2 through 7.
After you have configured a VLAN, configure the IP interface (for example, en2) for
standard Ethernet.
Instructor notes:
Purpose — Show how to create a VLAN adapter in AIX
Details — Go through the example as shown in the visual.
Additional information —
Transition statement — Before we see how to configure TCP/IP on AIX, let's explain the
theory behind IP and subnet addressing.
Uempty
Notes:
In order to be able to deliver the IP packet to the correct destination host, every host needs
an IP address. These IP addresses are 32-bit values and have to be unique. In most cases,
the IP address is not written in its binary form, but in the so-called “decimal dot” notation,
where the 32 bits are grouped into four groups of eight bits each, and those eight bits are
written in decimal form, separated with dots. The subnet mask allows us to identify the two
key pieces of information in the IP address. The address of the network and the host
identification (host ID).
Several addresses and address ranges are reserved for special purposes. The most
important ones are listed here:
• The IP address 127.0.0.1 (in fact, the whole 127.0.0.0/8 network) is reserved for the
loopback address. Hosts use the loopback address to send messages to themselves.
• Any IP address with the hostname part all zeros, such as 129.33.0.0, is reserved as an
identification for the network itself. It is not a valid IP address to be assigned to a host.
• Any IP address with the hostname part all ones, such as 129.33.255.255, is reserved as
the local broadcast address. Data sent to this address is delivered to all systems on the
local network.
Notes:
IP addresses need to be assigned in such a way that they are unique across the whole
Internet. That is why there is a special organization that does this. This is the Internet
Assigned Number Authority, or IANA. They are responsible for assigning groups of
addresses, called classes, to organizations. They do not do this directly, but have
contracted out that responsibility to the InterNIC (http://www.internic.net), who in turn
delegates this to local ISPs.
In additional to classes A to C, there are also classes D and E. Class D addresses are
reserved for multicasting. Multicasting is a limited area type of broadcasting. There is no
network or host portion in a multicast address. It is an integer number registered with the
InterNIC that identifies a group of machines. Class E, is for experimental use only.
Class A and B addresses contain lots of hosts, and therefore, need to be broken down into
smaller more manageable chunks. This is achieved through a process known as
subnetting. On the other hand, class C addresses contain very few hosts, which can also
be subnetted into smaller chunks, but very often need to be aggregated together to form
larger networks. This is achieved through a process known as supernetting.
Subnetting example
IBM Power Systems
Notes:
The default subnet mask for a class B network is 255.255.0.0. This translates to one
network with ((2^16)-2) with 65534 hosts. Organizations with a class A and B address often
have hundreds, if not thousands of physical networks split across both local and
geographically dispersed locations. The only way to do this is to split the network address
into more manageable chunks. This is achieved by borrowing bits from the host ID and
using them for the network. Using seven bits from the host ID, allows for (2^7) 128 physical
networks. On each of the 128 networks, there can be ((2^9)-2) 510 hosts. We have to
subtract two from the number of hosts, because all zeros are reserved for the network and
all ones are reserved for the broadcast address.
Supernetting example
IBM Power Systems
Notes:
Having four class C addresses is four physical networks each with up to 254 hosts. Each
network would require a router to route packets between them. Supernetting is the
opposite to subnetting and borrows bits from the network portion of the IP address. In the
example, we have borrowed two bits, changing the subnet mask from 255.255.255.0 to
255.255.252.0. The result is that networks 222.180.109, 110 and 111 have become part of
the 222.180.108 network. The 222.180.108 network can have up to ((2^10)-2) 1022 hosts.
• There are many ways. However, in most cases you start with
smit mktcpip. A one stop shop for
Minimum TCP/IP config on
Minimum Configuration
Configuration && Startup
Startup
AIX.
To
To Delete existing configuration data, please use Further Configuration menus
Delete existing configuration data, please use Further Configuration menus
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** HOSTNAME
HOSTNAME [waldorf]
[waldorf]
** Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.18]
[10.47.1.18]
Network
Network MASK
MASK (dotted
(dotted decimal)
decimal) [255.255.0.0]
[255.255.0.0]
** Network
Network INTERFACE
INTERFACE en0
en0
NAMESERVER
NAMESERVER
Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.33]
[10.47.1.33]
DOMAIN Name
DOMAIN Name [lpar.co.uk]
[lpar.co.uk]
Default
Default Gateway
Gateway
Address
Address (dotted
(dotted decimal
decimal or
or symbolic
symbolic name)
name) [10.47.0.1]
[10.47.0.1]
Cost
Cost [0]
[0] ##
Do
Do Active
Active Dead
Dead Gateway
Gateway Detection?
Detection? no
no ++
Your CABLE Type
Your CABLE Type N/A
N/A ++
START
START Now
Now no
no ++
Notes:
AIX provides a very quick and easy configuration SMIT panel for configuring TCP/IP on the
system. The essential items you will require are:
• Hostname of the machine
• IP address and network mask
• Interface to be configured
• smit tcpip should only be used for the first adapter. In a multi-
homed host, subsequent adapters should be configured with
smit chinet.
Change
Change // Show
Show aa Standard
Standard Ethernet
Ethernet Interface
Interface
[Entry
[Entry Fields]
Fields]
Network
Network Interface
Interface Name
Name en1
en1
INTERNET
INTERNET ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [192.168.0.1]
[192.168.0.1]
Network
Network MASK
MASK (hexadecimal
(hexadecimal or or dotted
dotted decimal)
decimal) [255.255.255.0]
[255.255.255.0]
Current STATE
Current STATE up
up ++
Use
Use Address
Address Resolution
Resolution Protocol
Protocol (ARP)?
(ARP)? yes
yes ++
BROADCAST
BROADCAST ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) []
[]
Interface
Interface Specific
Specific Network
Network Options
Options
('NULL'
('NULL' will unset the
will unset the option)
option)
rfc1323
rfc1323 []
[]
tcp_mssdflt
tcp_mssdflt []
[]
tcp_nodelay
tcp_nodelay []
[]
tcp_recvspace
tcp_recvspace []
[]
tcp_sendspace
tcp_sendspace []
[]
Apply
Apply change
change to
to DATABASE
DATABASE only
only no
no ++
Notes:
If SMIT is being used to configure further interfaces, then the fastpath smit chinet should be
used. All fields are optional, but essential items are:
• IP address and network mask
• Interface to be configured
• State of the interface, default is DOWN – so do not forget to switch this to UP – this is a
very common configuration error.
The network specific options are beyond the scope of this class.
Notes:
As well as SMIT, TCP/IP configuration can be driven from the command line. There are two
ways to handle this:
• The AIX way, in which configuration is stored in the AIX internal database (ODM). This
way, the configuration remains after shutdown/restart.
• The traditional BSD UNIX way. This way configuration does not survive restarts unless
the commands are entered into the /etc/rc.net file.
The /etc/rc.net file is executed by cfgmgr during system boot. The /etc/rc.net file
configures AIX style configuration and optionally traditional BSD UNIX configuration. If only
traditional BSD style networking is required, then the following command can be run: #
chdev -l inet0 -a bootup_option=yes. Doing this, causes AIX to process the
/etc/rc.bsdnet instead of rc.net file at boot time. Commands such as hostname, ifconfig,
route etc should be appended to /etc/rc.bsdnet as appropriate.
• netstat
# netstat -in
# netstat -in
Name Mtu Network Address ZoneID Ipkts Ierrs Opkts Oerrs Coll
Name Mtu Network Address ZoneID Ipkts Ierrs Opkts Oerrs Coll
en0 1500 link#2 ea.48.f0.0.b0.3 3359653 0 238778 0 0
en0 1500 link#2 ea.48.f0.0.b0.3 3359653 0 238778 0 0
en0 1500 10.47 10.47.1.23 3359653 0 238778 0 0
en0 1500 10.47 10.47.1.23 3359653 0 238778 0 0
lo0 16896 link#1 1201 0 1214 0 0
lo0 16896 link#1 1201 0 1214 0 0
lo0 16896 127 localhost 1201 0 1214 0 0
lo0 16896 127 localhost 1201 0 1214 0 0
lo0 16896 ::1 0 1201 0 1214 0 0
lo0 16896 ::1 0 1201 0 1214 0 0
• ifconfig
# ifconfig -a
# ifconfig -a
en0:
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECK
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECK
SUM_OFFLOAD(ACTIVE),CHAIN>
SUM_OFFLOAD(ACTIVE),CHAIN>
inet 10.47.1.23 netmask 0xffff0000 broadcast 10.47.255.255
inet 10.47.1.23 netmask 0xffff0000 broadcast 10.47.255.255
tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1
tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
inet6 ::1/0
inet6 ::1/0
tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1
tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1
Notes:
The netstat –i command shows the state of all configured interfaces. The –n flag shows
network addresses as numbers. When this flag is not specified, the netstat command
interprets addresses, where possible, and displays them symbolically.
The ifconfig –a command is used to display information about all interfaces in the system.
The key flags are UP and RUNNING, which show the interface is available and active.
Name resolution
IBM Power Systems
Notes:
Systems use different methods for mapping host names to IP addresses. The method
depends upon the environment in which a system is going to participate.
• Flat Network: This method provides name resolution through the file /etc/hosts and
works well in small, stable environments.
• DNS (Domain Name Server): DNS is a system that allows name and IP lookups, in a
tree like database structure. It was created due to the growth of the Internet and
designed for large networks.
• NIS Server (Network Information System): This method provides a centralized server
for administration of configuration, and other files, within a LAN environment.
• LDAP Server (Lightweight Directory Access Protocol): LDAP is an application protocol
for querying and modifying directory services running over TCP/IP. Tivoli Directory
Server (TDS) is IBM's version of an LDAP server
Instructor notes:
Purpose — Explain how name resolution works on AIX
Details — Explain how name resolution can be achieved on AIX, the default order, and
how it can be changed.
Additional information — Changing the order differs between UNIX implementations. It is
generally a good idea if name resolution order is changed, to set both /etc/netsvc.conf and
NSORDER just in case the environment table gets cleared.
Do not get too involved with DNS, NIS, and LDAP topics. These are beyond the scope of
the class.
Transition statement — Now that we understand how to configure IP and Name
resolution, let's see how to add routes.
Uempty
Routing implementation (1 of 2)
IBM Power Systems
Notes:
A route does not define the complete path. It defines only the path segment from one host
to a gateway that can forward packets to a destination, or from one gateway to another.
Routes are defined in the kernel routing table. Each routing table entry has two
components:
• Destination address, where you want to end up
• Gateway address, where the packet gets sent on its way to its final destination
TCP/IP searches the route table for a best match on the destination in the following order:
• A host route. defines a route to a specific host. The routing IP algorithm still sees a
host address as a network; it is simply a perfect match.
• A network route. defines a route to any of the hosts on a specific network through a
gateway.
• A default route. defines a route to use when the destination did not match any host
route or network specific route. In most hosts, the only type of route the administrator
needs to define is a default route, also known as the default gateway.
Hosts should not forward IP datagrams unless specifically configured as a router. Most
BSD-derived implementations (AIX) include a kernel variable called ipforwarding, which is
used to control this behavior. The no command is used to view or change the value of
ipforwarding.
To change it: # no -o ipforwarding=<value>
The values are: ipforwarding=0 (do not forward), ipforwarding=1 (do forward).
Routing implementation (2 of 2)
IBM Power Systems
Notes:
Routes can also be manipulated through SMIT (smit route). See the route man page for
further details.
Multipath routing
IBM Power Systems
2
1 Primary Default Router1
Primary Default Router1 10.47.0.1
10.47.0.1
Host
Host 10.47.1.18
10.47.1.18
Default Router2
Default Router2 10.47.0.254
10.47.0.254 Primary
Backup
Notes:
From AIX5L, multiple routes can be configured to the same destination. This configuration
is known as multipath routing (MPR). MPR allows us to load balance between gateways or
prioritize paths using the weight option. MPR also allows us to do Dead Gateway Detection
(DGD). This enables the system to dynamically change the weight on a route if a router has
failed. There are two methods of DGD, active and passive. The passive mode has less
overhead on the network, but can be slow to respond to an outage. Active has more
overhead on the network but is more responsive to an outage, because icmp (ping)
packets are used to periodically poll/detect if a router is up or down. Active DGD is
deployed by using the –active_dgd option on the route command.
The default MPR policy is Weighted Round-Robin which will load balance by default. This
is defined by the network option mpr_policy. There are 5 policies to choose from:
• Weighted Round-Robin (1): Based on user-configured weights assigned to the multiple
routes, through the route command, round-robin is applied. If no weights are
configured, then it behaves identical to plain round-robin.
• Random (2): Chooses a route at random.
Uempty • Weighted Random (3): Chooses a route based on user-configured weights and a
randomization routine. The policy adds up the weights of all the routes and picks a
random number between zero and the total weight. Each of the individual weights are
removed from the total weight, until this number is zero. This picks a route in the range
of the total number of routes available.
• Lowest Utilization (4): Chooses a route with the minimum number of current
connections going through it.
• Hash-based (5): A hash-based algorithm chooses a route by hashing based on the
destination IP address.
To change the MPR policy type: # no –o mpr_policy=<number>
Instructor notes:
Purpose — Explain the basics and advantages of multipath routing.
Details — This follows on from the first smitty mktcpip screen and will explain the option
“Do active DGD”. AIX, since 5L, will now let you add multiple routes to the same
destination, with priorities, which is very useful for defining backup paths and for switching
paths. For example, route to X 9am-5pm is through the 100Mb networkA, route to X
5pm-9am is through the 1Gb networkB.
It's important students have a basic grasp of this, because when they start working with
multiple IP aliasing clusters, they will configure AIX to use MPR.
Additional information — In AU07, MPR is associated with VIPA. VIPA is just one
example which relies on MPR to work. However, these topics are different. MPR would still
exist without VIPA. MPR is important, VIPA is not and is therefore not part of this unit.
Transition statement — Another important function of IP is aliasing, let's see how it works.
Uempty
## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep –v
–v link
link
Name Mtu
Name Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1
en1 1500
1500 192.168.0
192.168.0 192.168.0.1
192.168.0.1 00 00 66 00
## ifconfig
ifconfig en1
en1 alias
alias 172.31.0.1
172.31.0.1 255.255.0.0
255.255.0.0
## ifconfig
ifconfig en1
en1 alias
alias 10.47.33.33
10.47.33.33 255.255.0.0
255.255.0.0
## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep –v
–v link
link
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1
en1 1500
1500 192.168.0
192.168.0 192.168.0.1
192.168.0.1 00 00 77 00
en1
en1 1500 172.31
1500 172.31 172.31.0.1
172.31.0.1 00 00 77 00
en1
en1 1500
1500 1010 10.47.33.33
10.47.33.33 00 00 88 00
Notes:
IP aliasing is used widely in clustering technologies (such as HACMP), and in WPARs. It is
very useful if the network is being transitioned to another IP subnet or network range.
Instructor notes:
Purpose — Define how IP aliasing works
Details — Go through the details and example as shown in the visual.
Additional information — It maybe worth pointing out that having an IP alias on multiple
interfaces in the same network will cause MPR! This can, and often does, happen with
HACMP and WPAR technologies. For example: In HACMP, if there are persistent IP
aliases on en1 of 10.1.1.1, and an application service address on en2 of 10.1.1.2, the
(application) client will receive packets from both adapters. This causes problems with
some application (for example, NFS) and firewalls (depending on their configuration).
Transition statement — How do we test to see if a host is alive?
Uempty
## ping
ping sys1
sys1
PING
PING sys1:
sys1: (192.108.14.2):
(192.108.14.2): 56
56 data
data bytes
bytes
64
64 bytes from 192.108.14.2: icmp_seq=0 ttl=255
bytes from 192.108.14.2: icmp_seq=0 ttl=255 time=0
time=0 ms
ms
64
64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms
bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms
^C
^C
----seraph
----seraph PING
PING Statistics----
Statistics----
22 packets
packets transmitted, 22 packets
transmitted, packets received,
received, 0%
0% packet
packet loss
loss
## traceroute
traceroute sys1
sys1
trying
trying to
to get
get source
source for
for sys1
sys1
source should be 10.47.1.31
source should be 10.47.1.31
traceroute
traceroute toto seraph
seraph (192.108.14.2)
(192.108.14.2) from
from 10.47.1.31
10.47.1.31 (10.47.1.31),
(10.47.1.31), 30
30 hops
hops max
max
outgoing
outgoing MTU
MTU == 1500
1500
11 merovingian.lpar.co.uk
merovingian.lpar.co.uk (10.47.1.30)
(10.47.1.30) 11 ms ms 00 ms
ms 00 ms
ms
22 7.7.7.1 (7.7.7.1) 0 ms 0 ms
7.7.7.1 (7.7.7.1) 0 ms 0 ms 0 ms 0 ms
33 sys1
sys1 (192.108.14.2)
(192.108.14.2) 00 ms ms 00 ms
ms 00 ms
ms
Notes:
The ping command sends an ICMP ECHO_REQUEST to obtain an ICMP
ECHO_RESPONSE from a host or router. If the host is operational and on the network, it
responds to the echo.
The default is to continuously send echo requests until an interrupt is received with <ctrl-c>,
but there is an option (-c) to specify the number of packets sent. The ping command sends
one datagram per second and prints one line of output for every response received. It
calculates round trip times and packet loss statistics, and displays a brief summary upon
completion.
Be very careful of some options like –f. This will cause ICMP packets to flood the network.
Ping is most useful to test basic connectivity between hosts, but that it can not tell us any
thing about where the break is in the path. On the other hand, if ping cannot get a
response, traceroute can sometimes still give us information that helps to identify the
outage.
traceroute is useful for displaying all the routers between end to end host connectively. It
may turn out that the remote host is OK but a router has failed along the path. Traceroute
works by increasing the “time-to-live” value of each successive batch of packets sent. The
first three packets sent have a time-to-live (TTL) value of one (implying that they are not
forwarded by the next router and make only a single hop). The next three packets have a
TTL value of 2, and so on. When a packet passes through a host, normally the host
decrements the TTL value by one, and forwards the packet to the next host. When a packet
with a TTL of one reaches a host, the host discards the packet and sends an ICMP time
exceeded (type 11) packet to the sender. The traceroute utility uses these returning
packets to produce a list of hosts that the packets have traversed en route to the
destination. The three timestamp values returned for each host along the path are the
delay (known as latency) values typically in milliseconds (ms) for each packet in the batch.
If a packet does not return within the expected timeout window, a star (asterisk) is
traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is
at one hop, the second host at two hops, and so on. IP does not guarantee that all the
packets take the same route. Also note, that if the host at hop number N does not reply, the
hop will be skipped in the output.
Notes:
Each process that wants to communicate with another process needs to identify itself in
some way. The logical construct used by TCP/IP to accomplish this task is called a port.
A port uniquely identifies an application (also called network services). The source port
number and the destination port number are contained in the header of each TCP segment
or UDP packet.
Port numbers are defined in the /etc/services file. Port numbers from 0-1023 are called
well-known published ports and are reserved for standard applications like telnet and ftp.
When a datagram arrives at its destination based on the destination address, IP checks the
protocol. The data delivered to the transport protocol contains the destination port number
that tells the transport protocol to which application process the data needs to go.
A socket is a combination of IP address and port number and protocol family, which
uniquely identifies a single network process. A socket is also referred to as a
communication end point. A pair of sockets uniquely identifies the end to end connection.
Socket communication can be viewed with the netstat –a command.
inetd daemon
IBM Power Systems
refresh
refresh –s
–s inetd
inetd
0513-095
0513-095 The
The request
request for
for subsystem
subsystem refresh
refresh was
was completed
completed successfully.
successfully.
Notes:
The inetd daemon is started at boot time from /etc/rc.tcpip. When it is started, inetd reads
its configuration from the /etc/inetd.conf file. This file contains the names of the services
that inetd listens for requests and starts as needed, to handle these requests. The file is
used to enable and disable network services, such as ftp. To disable ftp on the host, edit
the inetd.conf file, locate and comment out the ftp program, then refresh the inetd
daemon.
Notes:
The commands, telnet, rsh, rexec, rlogin, and rsh are all part of the bos.net.tcp.client fileset
which is installed by default. Any passwords entered using these commands are
transferred over the network in clear text and can be easily captured using packet sniffing
tools. rsh, rexec, and rlogin commands can be configured so that the client user does not
have to supply a password. This introduces further vulnerabilities in the system. Ideally all
r* commands, including telnet, should be disabled. They can be replaced by SSH.
Openssh, including secure copy and file transfer commands, can be installed using the AIX
expansion pack media.
• ftp
## ftp
ftp waldorf
waldorf
Connected
Connected to to waldorf.lpar.co.uk.
waldorf.lpar.co.uk.
220
220 waldorf.lpar.co.uk
waldorf.lpar.co.uk FTP FTP server
server (Version
(Version 4.2
4.2 Thu
Thu Apr
Apr 17
17 02:03:14
02:03:14 CDT CDT 2008)
2008)
ready.
ready.
Name
Name (waldorf:root):
(waldorf:root):
331
331 Password
Password required
required for
for root.
root.
Password:
Password:
ftp>
ftp> prompt
prompt
Interactive
Interactive mode
mode off.
off.
ftp> mput file* AIX 6.1 has new
ftp> mput file*
200 PORT command successful. secure option (-s) which
200 PORT command successful. uses TLS
150
150 Opening
Opening data
data connection
connection for
for file1.
file1.
226 Transfer complete.
226 Transfer complete.
200
200 PORT
PORT command
command successful.
successful.
150
150 Opening data
Opening data connection
connection for
for file2.
file2.
226
226 Transfer
Transfer complete.
complete.
200
200 PORT
PORT command
command successful.
successful.
150
150 Opening data
Opening data connection
connection for
for file3.
file3.
226
226 Transfer
Transfer complete.
complete.
ftp>
ftp> bye
bye
221
221 Goodbye.
Goodbye.
Notes:
The ftp command is possibility the most widely used program for transferring files across a
network. The remote user name specified at the login prompt, must exist, and have a valid
password defined at the remote host.
FTP is an unsecure protocol, as all data including passwords are transferred across the
network unencrypted. These passwords are very easy to sniff and capture. AIX 6 has a
new secure feature (-s) which use Transport Layer Security (TSL) to encrypt data. To use
the secure (–s) option, OpenSSL must be installed, minimum level 0.9.7.
To gain a list of all ftp subcommands, type help in an interactive session or see the man
page.
Notes:
The rcp command is used to copy one or more files between the local host and a remote
host. The scp command is part of OpenSSH and is designed to replace rcp.
Moving files around the network can be neatly done with tar + rsh/ssh. The command
shown in the visual means: create an archive of /tmp/files and write this to standard out (in
this case the rsh command). The file will be transferred to system waldorf and
decompressed/written to directory/backup, if it exists.
To determine the transfer speed you can get between two hosts on a network, a good,
simple test is to use ftp and dd. In the visual, 100MB of data was transferred over the
network to /dev/null in 1.36 seconds.
/home
Notes:
Network File System (NFS) is a facility for sharing files in a heterogeneous environment of
machines, operating systems, and networks. The NFS function is built into the kernel of the
operating system so it is transparent to applications and users. NFS is based on a
client/server model, where the server stores files and provides clients with access.
• Server configuration
– Starting NFS (now and at system restart)
• /usr/sbin/mknfs –B
## lssrc
lssrc –g
–g nfs
nfs
biod
biod nfs
nfs 352444
352444 active
active
nfsd
nfsd nfs
nfs 221328
221328 active
active
rpc.mountd
rpc.mountd nfs
nfs 315524
315524 active
active
rpc.statd
rpc.statd nfs
nfs 364738
364738 active
active
rpc.lockd
rpc.lockd nfs
nfs 258262
258262 active
active
Notes:
The mknfs command configures the system to run the NFS daemons. The mknfs
command accepts the following flags:
-B Adds an entry to the inittab file to execute the /etc/rc.nfs file on system
restart and executes the /etc/rc.nfs file immediately to start the NFS
daemons
-I Adds an entry to the inittab file to execute the /etc/rc.nfs file on system
restart
-N Starts the /etc/rc.nfs file to start the NFS daemons immediately, when
started this way, the daemons run until the next system restart
When NFS is started the follow daemons are invoked:
• The biod daemon runs on all NFS client systems. When a user on a client wants to
read or write to a file on a server, the biod daemon sends this request to the server. The
biod daemon is activated during system startup and runs continuously.
Uempty • The nfsd daemon runs on the server and handles client requests for file system
operations.
• The rpc.mountd daemon answers client requests to mount file systems. The mountd
daemon finds out which file systems are available by reading the /etc/xtab file. The
/etc/xtab file is created when file systems are exported on the server. This process is
covered in the next visual.
• The rpc.statd and rpc.lockd daemons work together to main stateful locking. NFS
implements an advisory locking mechanism, meaning if a program, and does not pay
any attention to the locking messages it receives, it can go ahead and access the file. In
the event of a server crash, the locking information will be recovered. The status
monitor maintains information on the location of connections as well as the status in the
/etc/sm directory, the /etc/sm.bak file, and the /etc/state file. When restarted, the statd
daemon queries these files and tries to reestablish the connection it had prior to
termination.
The rmnfs command changes the configuration of the system to stop running NFS
daemons. It accepts the same flags as mknfs.
Instructor notes:
Purpose — Show how to start and stop NFS on an AIX system
Details — Explain how to stop and start the NFS subsystem and provide an overview of
the NFS daemons.
Additional information —
Transition statement — Now we can start NFS, let's see how we can export directories.
Uempty
• To export directories:
## vi
vi /etc/exports
/etc/exports
/home
/home
/usr/man
/usr/man -ro
-ro
/data -root=kenny:kyle,access=kenny:kyle:eric,rw=kenny:kyle
/data -root=kenny:kyle,access=kenny:kyle:eric,rw=kenny:kyle
## exportfs
exportfs -va
-va
Exported
Exported /usr/man
/usr/man
Exported
Exported /data
/data
Exported /home
Exported /home
/etc/xtab rpc.mountd
Notes:
In order to configure an NFS server, you have to first decide:
• What directories you want to export
• Which clients you want to have access the directories and files
• The permissions (for example, read-write, read-only) clients will have when accessing
the files
In the example shown in the visual:
• /home is exported to the world with read-write permissions. For security reasons, the
clients root user does not have root privileges when accessing the files remotely. The
root user is mapped to the nobody user (UID 2).
• /usr/man directory is exported to the world with read-only permissions.
• /data directory is exported to systems: kenny, kyle, and eric. Systems, kenny and kyle
have read-write access and their root users have root privileges when accessing the
files remotely. System, eric has read-only access and the root user is mapped to user
nobody.
Only when the NFS subsystem is activated, using the mknfs command, can directories be
made available. When the /etc/export file has been configured, the exportfs command
is used to make the directories available for client mounting. The exportfs -a command
exports all items listed in the /etc/exports file and automatically copies the entries to the
/etc/xtab file. /etc/xtab file entries are used by the system and always reflect what is
currently exported. This leaves the /etc/exports file available for updating at any time. The
/etc/xtab file must never the edited directly.
Notes:
The showmount command is useful for viewing which directories are available for
mounting on a particular NFS server. To mount an NFS directory, first create a directory
point and then issue the mount command, as shown in the visual.
Syntax: mount <NFS_server_name>:<server mount point> <client directory mount
point>
– smit mknfsmnt
Add
Add aa File
File System
System for
for Mounting
Mounting
** Pathname
Pathname ofof mount
mount point
point [/data_client_mnt]
[/data_client_mnt] //
** Pathname
Pathname ofof remote
remote directory
directory [/data]
[/data]
** Host
Host where
where remote
remote directory
directory resides
resides [nfs_server]
[nfs_server]
** Security
Security method
method [sys]
[sys] ++
** Mount
Mount now,
now, add
add entry
entry to
to /etc/filesystems
/etc/filesystems oror both?
both? Both
Both ++
** /etc/filesystems entry will mount the directory
/etc/filesystems entry will mount the directory no
no ++
on
on system
system restart.
restart.
** Mode
Mode for
for this
this NFS
NFS file
file system
system read-write
read-write ++
** Attempt
Attempt mount in foreground or
mount in foreground or background
background background
background ++
** Mount file system soft or
Mount file system soft or hardhard hard
hard
Note:
Note: Many
Many options
options removed
removed for
for clarity.
clarity.
– /etc/filesystems
/data_client_mnt:
/data_client_mnt:
dev
dev == "/data"
"/data"
vfs
vfs == nfs
nfs
nodename
nodename == nfs_server
nfs_server
mount
mount == false
false
options
options == bg,hard,intr,sec=sys
bg,hard,intr,sec=sys
account
account == false
false
© Copyright IBM Corporation 2009
Notes:
Predefined mounts are NFS mounts which are defined in /etc/filesystems for ease of use
when manual mounting or to enable remote file systems to be mounted during system start
time.
Key options are:
• Security Method: Possible values are: sys, dh, krb5, krb5i, krb5p, which correspond to
Unix, DES, Kerberos 5, Kerberos 5 with integrity, and Kerberos 5 with privacy. The
default NFS security used in most implementations is standard Unix (sys). The other
methods are used in special situations where authentication and encryption is required.
These methods are supported by a new version of NFS, NFS version 4. NFS v4 is not
the default version used in AIX and is a large complex topic which is outside the scope
of this class but may wish to refer to the following IBM redbook “Implementing NFSv4
in the Enterprise: Planning and Migration Strategies”, available at:
http://www.redbooks.ibm.com/abstracts/sg246657.html.
• Mode: Read-write or read-only.
Instructor notes:
Purpose — Demonstrate how configure predefined NFS mounts.
Details — Go through the example as shown in the visual. The key smit fields are
explained in the student notes.
Additional information —
Transition statement — VNC is a popular free graphical utility which allows us to access
an X session (such as CDE) remotely. Let's start by defining VNC.
Uempty
VNC viewer
eg. UltraVNC VNC traffic
realVNC
tightVNC
VNC AIX
Server
Notes:
Virtual Network Computing (VNC) is a graphical desktop sharing system which uses the
RFB (“remote framebuffer”) protocol to remotely connect to another host/server. It
transmits the keyboard and mouse events from one host to another, relaying the graphical
screen updates back in the other direction, over a network.
VNC is platform-independent. A VNC viewer on any operating system connects to a VNC
server, running in this case, on AIX. Multiple clients may connect to the VNC server at the
same time. Popular uses for this technology include remote technical support and
accessing files on one's work computer from one's home computer, or vice versa.
VNC was originally developed at the Olivetti Research Laboratory in Cambridge, United
Kingdom. The original VNC source code and many modern derivatives are open source
under the GNU General Public License.
Instructor notes:
Purpose — Explain the basics of VNC.
Details — VNC is a very popular mechanism for accessing AIX remotely. It is very popular,
mainly because it is free, supports multiple platforms (mac, windows, unix), and is open
source.
Additional information —
Transition statement — Now let's see how to configure VNC.
Uempty
VNC configuration
IBM Power Systems
Notes:
To run VNC on AIX, install the following filesets from the AIX Toolbox for Linux Applications
CD. No further configuration is required.
# lslpp -l |egrep -i “vnc|zlib)” freeware.vnc.rte 3.3.3.2 COMMITTED Virtual Network
Computing
freeware.zlib.rte 1.1.3.2 COMMITTED Data compression library
When a VNC session is started, two TCP/IP ports are opened, 59<number> and
58<number>. The 59 port must be used for the vncviewer application. The 59 prefix is
generally not required. It is implied and hard coded into the viewer application. The 58 port
is used to access VNC over http. To connect in the way, the full port number (including 58)
must be supplied.
Instructor notes:
Purpose — Show how to set up and configure a VNC session.
Details — Go through the example on the visual.
Additional information — There are many different types of VNC viewers available,
arguably the best is UltraVNC.
Transition statement — It is time for some checkpoint questions.
Uempty
Checkpoint
IBM Power Systems
Notes:
Instructor notes:
Purpose —
Details —
Checkpoint solutions
IBM Power Systems
Additional information —
Transition statement —
Uempty
Exercise 14
IBM Power Systems
TCP/IP
implementation
Notes:
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Uempty
Unit summary
IBM Power Systems
Notes:
Instructor notes:
Purpose —
Details —
Additional information —
Transition statement —
Estimated time
01:30
References
Online AIX Version 6.1 IBM Workload Partitions for AIX
SG24-7559 AIX Version 6.1 Differences Guide (redbook)
SG24-7656 Workload Partition Management in IBM AIX Version
6.1 (redbook)
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit objectives
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Global environment
Workload Workload
– Owns all the physical resources, Partition Partition
Application
and can be thought of as the Server
Billing
Notes:
Introduction
Workload Partition (WPAR) is a software-based virtualization feature of AIX 6 that will
provide new capabilities to reduce the number of AIX operating system images that
need to be maintained when consolidating multiple workloads on a single server.
WPARs will provide a way for clients to run multiple applications inside the same
instance of an AIX operating system, while providing security and administrative
isolation between applications. WPARs complement logical partitions and can be used
in conjunction with logical partitions if desired. WPAR can improve administrative
efficiency by reducing the number of AIX operating system instances that must be
maintained. WPAR can increase the overall utilization of systems by consolidating
multiple workloads on a single system, and is designed to improve cost of ownership.
Global environment
Workload partitions are created within standard AIX 6 instances. The global
environment is the part of an AIX 6 instance, which does not belong to any workload
partition. The global environment is therefore similar to the operating system
Uempty environment of earlier versions of AIX. This global environment can be hosted within a
dedicated LPAR or physical system.
The global environment owns all physical resources of the LPAR: network adapters,
disks adapters, disks, processors, memory. It allocates CPU and memory resources to
the workload partitions. It provides them access to the network and storage devices.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of WPARs.
Details — Present the information in the visual while explaining the details in the notes.
Additional information —
Transition statement — Overview continued
Uempty
• WPAR prerequisites
– AIX 6 and POWER4, 5, or 6
• Two types
– System
– Application
Notes:
There are two types of workload partitions that can reside in a global environment.
• System WPAR is a virtual AIX environment.
• Application WPAR is a light-weight transient environment. It is suitable for execution of
one or more processes.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of WPARs.
Details — Present the information in the visual while explaining the details in the notes.
Additional information —
Transition statement — Why should we use them?
Uempty
Notes:
WPARs provide unique partitioning values.
• Smaller number of OS images to maintain
• Performance efficient partitioning through sharing of application text and kernel data
and text
• Fine-grain partition resource controls
• Simple, lightweight, centralized partition administration
WPARs enable multiple instances of the same application to be deployed across
partitions.
• Many WPARs running DB2, Web Sphere, or Apache in the same AIX image
• Greatly increases the ability to consolidate workloads because often the same
application is used to provide different business services
• Enables the consolidation of separate discrete workloads that require separate
instances of databases or applications onto a single system or LPAR
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Reduced costs through optimized placement of work loads between systems to yield
the best performance and resource utilization
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
WPAR
WLM
AIX
Notes:
WPAR technology sits on top of WLM. WLM has been a standard feature of AIX since
version 4.3.3. WLM allows the control and the management of WPAR resources, such as
CPU, memory, and processes. This means that you can assign specific fractions of CPU
and memory, to each WPAR. This is managed through WLM.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The creation of WPARs requires AIX 6 on your system or logical partition. You can use a
variety of tools to create, monitor, and administrate the workload partitions.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Application WPARs (1 of 2)
IBM Power Systems
Global environment
Application WPAR
Processes
IPCs
Devices and file
systems visible
/usr / /var /tmp from global
environment in
/home PTY WPAR
hdiskX
Notes:
Application Workload Partitions
• Normal WPARs except there is no file system isolation
• Login not supported
• Internal mounts not supported
• Target: Light weight process groups for mobility
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Application WPARs (2 of 2)
IBM Power Systems
Notes:
Application workload partitions do not provide the highly virtualized system environment
offered by system workload partitions, rather they provide an environment for segregation
of applications and their resources to enable checkpoint, restart, and relocation at the
application level.
The Application WPAR represents a shell or an envelope around a specific application
process or processes which leverage shared system resources. It is light weight, quick to
create and remove, and does not take a lot of resources, since it uses the global
environment system file system and device resources. Once the application process or
processes are finished, the WPAR is stopped. There are no login capabilities for the user. If
you need to access the application, you must use an application provided mechanism. All
file systems are shared with the global environment. If an application is using devices, it will
use global environment devices.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Application
stopped, WPAR
removed
Notes:
Creating an application WPAR
The creation of an application WPAR is simple, since the only mandatory parameter is the
full path of the executable file to run inside the WPAR. The example in the slide shows the
wparexec command starting an application WPAR immediately after creation. This type of
WPAR only exists while the application is running. When the application ends, the WPAR
also ends, and all of its resources are freed.
An application WPAR can automatically mount additional files systems when starting,
where the application WPAR has a dependency on a file system. This filesystem is
automatically unmounted when WPAR stops.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
wparexec startwpar
PID=1
PID=417934 vinit
/usr/lib/corrals/vinit <wparname>
<application>
WPAR: MyAppWpar
Application running
Notes:
When executing the wparexec command, the vinit process is started in the global
environment. WPAR represents a shell or an envelope around a specific application
process or processes which use shared system resources. It is light weight and all file
systems are shared with the global environment. If an application is using devices, it will
use global environment devices.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
System WPARs (1 of 2)
IBM Power Systems
Global environment
System WPAR
Inetd
Processes Cron
IPCs sendmail
PTY hdiskX
Devices
Notes:
System Workload Partition
A System WPAR is a self contained, virtual AIX partition, within the global AIX
environment.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
System WPARs (2 of 2)
IBM Power Systems
Notes:
System workload partitions are autonomous virtual system environments with their own
private root file systems, users and groups, login, network space, and administrative
domain.
The systems administrator accesses the WPAR through the administrator console or
through regular network tools such as telnet or ssh. Inter-process communication for a
process in a WPAR, is restricted to those processes in the same WPAR.
System workload partitions are complete virtualized OS environments, where multiple
services and applications run. It takes longer to create a system WPAR compared to an
application WPAR, as it builds its own filesystems. A system WPAR is removed only when
requested. It has its own root user, RBAC privileges, and system services like inetd, cron,
syslog, and so on.
A system WPAR does not share writable file systems with other workload partitions or the
global environment.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The global environment can use physical or virtual devices. The hosted WPARs have no
control of, nor can they directly access, the hardware devices. Therefore, the global
environment also owns all physical I/O adapters needed by the workload partitions.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## mkwpar
mkwpar –n–n wpar1
wpar1
mkwpar:
mkwpar: Creating file
Creating file systems...
systems...
//
/home
/home
/opt
/opt
/proc
/proc
/tmp
/tmp
/usr
/usr
/var
/var
……….
……….
Installp:
Installp: INSTALLING
INSTALLING software
software for:
for:
syncroot:
syncroot: RPM root packages are
RPM root packages are currently
currently synchronized.
synchronized.
syncroot: Root part is currently synchronized.
syncroot: Root part is currently synchronized.
syncroot:
syncroot: Returns
Returns Status
Status == SUCCESS
SUCCESS
Workload
Workload partition wpar1 created successfully.
partition wpar1 created successfully.
mkwpar:
mkwpar: 0960-390 To start the workload partition,
0960-390 To start the workload partition, execute
execute
the
the following
following asas root:
root: startwpar
startwpar [-v]
[-v] wpar1
wpar1
Notes:
Creating a System WPAR
System WPARs are created with the mkwpar command. These commands can get quite
complex and many of the flags are beyond the scope of this course.
The example in the visual shows a simple system WPAR being created called wpar1. The
creation process is as follows:
• Create the filesystems.
• Install AIX or RPM software into the WPAR from the global environment.
• Check that the software is correctly synchronized between the global environment and
the WPAR.
• Return the success or failure status.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
wpar1
# root@wpar1 /: ps –ef cron
wmwlm
UID PID PPID C STIME TTY TIME CMD srcmstr
root 1 0 0 Jul 03 - 0:00 /etc/init
root 233674 348392 0 Jul 03 - 0:00 /usr/sbin/inetd biod
root 241740 348392 0 Jul 03 - 0:00 /usr/sbin/syslogd
root 258278 348392 0 Jul 03 - 0:00 /usr/sbin/portmap Others…
root 266444 348392 0 Jul 03 - 0:00 /usr/sbin/biod 6 portmap inetd rpc.statd
root 282812 1 0 Jul 03 - 1:55 /usr/bin/xmwlm -L
root 307220 1 0 23:06:20 ? 0:00 clogin wpar1
root 348392 1 0 Jul 03 - 0:00 /usr/sbin/srcmstr syslogd
root 364660 1 0 Jul 03 - 0:01 /usr/sbin/cron
Notes:
The visual shows an example of the processes structure in a system workload partition,
and its interaction with the global environment. The WPAR init process ID is always, within
the WPAR, virtualized to 1 and its parent process 0.
Each system workload partition has its own inittab file and resource manager (srcmstr), so
that it appears to be a standalone operating system.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
## mkwpar
mkwpar -h
-h wpar1
wpar1 -r
-r -N
-N interface='en0'
interface='en0' \\
address='10.47.33.1'
address='10.47.33.1' -n wpar1
-n wpar1
## chwpar
chwpar -N
-N interface='en0'
interface='en0' address='3.3.3.3’
address='3.3.3.3’ \\ Additional network
netmask='255.0.0.0' wpar1
netmask='255.0.0.0' wpar1 parameters can be
added after
creation.
10.3.2.201
glob_env: # ifconfig en0
glob_env: # ifconfig en0
en0:
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,M
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,M glob_env
ULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>
ULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>
inet 10.47.110.1 netmask 0xffff0000 broadcast 10.47.255.255
inet 10.47.110.1 netmask 0xffff0000 broadcast 10.47.255.255 10.47.110.1/16
inet 10.47.33.1 netmask 0xffff0000 broadcast 10.47.255.255
inet 10.47.33.1 netmask 0xffff0000 broadcast 10.47.255.255
inet 3.3.3.3 netmask 0xff000000 broadcast 3.255.255.255 Workload
inet 3.3.3.3 netmask 0xff000000 broadcast 3.255.255.255
Partition: wpar1
10.47.33.1/16
3.3.3.3/8
wpar1: # ifconfig en0
wpar1: # ifconfig en0
en0:
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,M en0 (net)
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,M
ULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>
ULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>
inet 10.47.33.1 netmask 0xffff0000 broadcast 10.47.255.255
inet 10.47.33.1 netmask 0xffff0000 broadcast 10.47.255.255
inet 3.3.3.3 netmask 0xff000000 broadcast 3.255.255.255
10.47.0.0
inet 3.3.3.3 netmask 0xff000000 broadcast 3.255.255.255
3.0.0.0
© Copyright IBM Corporation 2009
Notes:
The network connection for a WPAR is implemented using the network alias feature on the
global environment level's physical or virtual network interface. The network alias is a
standard feature that is used to implement both an IP address for each WPAR and allows
for a WPAR movement to a different system.
Network addresses can also be assigned to application WPARs. This can be achieved as
follows:
# wparexec -c -n wpar30 -N address=10.6.105.130 /wpar30/appstart
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
WPAR routing
IBM Power Systems
Notes:
Each WPAR can use the routing table available in the global environment. However, the
WPAR administrator can decide to enable WPAR specific routing and add or delete routes
as necessary.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Storage level access in a system WPAR is through a set of file systems assigned to the
WPAR at creation, and mounted within the WPAR during activation. A system WPAR
operates within a localized view of these file systems:
/
/usr
/opt
/tmp
/var
/home
Uempty By default /usr and /opt are shared with the global environment (read only). Alternatively, if
the application requires read/write access to these directories, the WPAR can have its own
non-shared copies. However, this will significantly increase the time required to create,
backup, or restore the WPAR.
File systems can also be hosted through NFS. NFS is mandatory if the live application
mobility feature is to be deployed to move WPARs from box to box (LPAR to LPAR).
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define the three primary forms of file system access within a system WPAR
Details — Present the information in the visual while explaining the details in the notes.
Additional information —
Transition statement — File system space continued.
Uempty
{sys02_p2} / # mount
• AIX 6 global Node mounted mounted over vfs date options
-------- -------------- --------------- ------ ------------ ----------
environment /dev/hd4 / jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd2 /usr jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd9var /var jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd3 /tmp jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd1 /home jfs Aug 27 14:06 rw,log=/dev/hd8
/proc /proc procfs Aug 27 14:06 rw
/dev/hd10opt /opt jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/fslv01 /wpars/wpar1 jfs2 Sep 03 14:55 rw,log=INLINE
/dev/fslv02 /wpars/wpar1/home jfs2 Sep 03 14:55 rw,log=INLINE
/opt /wpars/wpar1/opt namefs Sep 03 14:55 ro
/proc /wpars/wpar1/proc namefs Sep 03 14:55 rw
/dev/fslv03 /wpars/wpar1/tmp jfs2 Sep 03 14:55 rw,log=INLINE
/usr /wpars/wpar1/usr namefs Sep 03 14:55 ro
/dev/fslv04 /wpars/wpar1/var jfs2 Sep 03 14:55 rw,log=INLINE
{wpar1} / # mount
Node mounted mounted over vfs date options
• System WPAR -------- ------------- --------------- ------ ------ ---------
/dev/fslv01 / jfs2 Sep 03 14:55 rw,log=INLINE
– /usr > namefs, /dev/fslv02 /home jfs2 Sep 03 14:55 rw,log=INLINE
nfs mount or local /opt /opt namefs Sep 03 14:55 ro
– /opt > namefs, /proc /proc namefs Sep 03 14:55 rw
/dev/fslv03 /tmp jfs2 Sep 03 14:55 rw,log=INLINE
nfs mount or local /usr /usr namefs Sep 03 14:55 ro
/dev/fslv04 /var jfs2 Sep 03 14:55 rw,log=INLINE
– /proc > namefs
© Copyright IBM Corporation 2009
Notes:
The visual shows an example of the default storage model of a system WPAR. The system
WPAR includes the creation of a base directory. This base directory is the root of the chroot
system WPAR environment. By default, the path to this base directory is
/wpars/<name_of_wpar> in the global environment.
By default, the base directory contains 7 filesystems:
• /, /home, /tmp and /var are real filesystems, dedicated to the system partition use.
• /opt and /usr are read-only namefs mounts of the global environment's /usr and /opt.
• The /proc pseudo-file system maps to the global environment /proc pseudo-file system
(/proc in a WPAR only makes available process information for that WPAR).
From the global environment, the file systems and mount points associated with the system
WPAR, are seen as being located within a WPAR-specific sub-directory tree of the global
environment (for example, /wpars/wparname/).
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
From within the WPAR, the file systems are seen as being rooted at /. For example, if the
WPAR is established in /wpars/sample, then the /tmp directory for that WPAR will be seen
as /wpars/sample/tmp from the global environment, but simply as /tmp from within the
WPAR.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Basic commands:
– Create a system WPAR: /usr/sbin/mkwpar
– Create and run an application WPAR: /usr/sbin/wparexec
– List details and status: /usr/sbin/lswpar
– Make changes to the WPAR: /usr/sbin/chwpar
– Remove a WPAR: /usr/sbin/rmwpar
Notes:
The visual describes some popular WPAR commands. For further details, refer to the man
pages.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Specification file
IBM Power Systems
FILE:mywpar.spec
FILE:mywpar.spec
general:
general:
name
name == “mywpar"
“mywpar"
hostname
hostname == “mywpar"
“mywpar"
preserve
preserve == "no"
"no"
directory
directory == "/wpars/mywpar"
"/wpars/mywpar"
privateusr
privateusr == "no"
"no"
devices
devices == "/etc/wpars/devexports"
"/etc/wpars/devexports"
security:
security:
secfile
secfile == "/etc/wpars/secattrs"
"/etc/wpars/secattrs"
mount:
mount:
dev
dev == "/usr"
"/usr"
directory
directory == "/usr"
"/usr"
vfs
vfs == "namefs"
"namefs"
mountopts
mountopts == "ro"
"ro"
© Copyright IBM Corporation 2009
Notes:
The configuration of a workload partition can be stored in human-readable specification
files. These specification files can be generated by the operating system from already
existing workload partitions, or can be edited, created, or modified by hand.
In an environment where a system administrator has to manage several WPARs,
specification files can help clone new WPARs.
These specification files can be used as input to WPAR creation commands, allowing the
system administrator to automate the startup and handling of multiple workload partitions.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
• Start WPAR
Start WPAR
root@sys02_p1 /: startwpar -v wpar1
Starting workload partition wpar1.
Mounting all workload partition file systems.
Mounting /wpars/wpar1
Mounting /wpars/wpar1/home
Mounting /wpars/wpar1/opt
Mounting /wpars/wpar1/proc
Mounting /wpars/wpar1/tmp
Mounting /wpars/wpar1/usr
Mounting /wpars/wpar1/var cor_<wpar_n
Loading workload partition. ame>
Exporting workload partition devices. subsystem
Starting workload partition subsystem cor_wpar1. started
0513-059 The cor_wpar1 Subsystem has been started.
Subsystem PID is 282748.
Verifying workload partition startup.
Return Status = SUCCESS.
Notes:
The startwpar command activates a workload partition that was defined by the mkwpar
command. It includes:
• Exporting devices from the global environment into the workload partition
• Mounting the workload partition's file systems
• Assigning and activating the workload partition's IP addresses
• Activating the workload partition's WLM class, if any
• Creating the init command
The startwpar command fails if no workload partition exists with the given name.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The stopwpar command deactivates a running workload partition. This includes stopping
the following tasks:
• Stopping processes running within the workload partitions
• Unloading the workload partition's WLM class, if any
• Deactivating the workload partition's IP addresses, if any
• Unmounting the workload partition's file systems, if any
• Restarting the system workload partition
• Removing the application workload partition
The stopwpar command fails if one or more processes cannot be stopped, or one or more
file systems cannot be unmounted. In that case, you can force a workload partition to stop
by using the –F flag. This will signal running processes more aggressively and force an
unmount of file systems. If there are processes that cannot be stopped, the workload
partition is placed in the Broken state, and cannot be restarted.
Uempty The rmwpar command deletes the specified workload partition from the system. This
includes the following tasks:
• Removing the workload partition's configuration data from the system's workload
partition database
• Deleting the workload partition's file systems
• Removing the workload partition's Workload Manager (WLM) profile
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to stop and remove system WPARs
Details — Present the information in the visual while explaining the details in the notes.
Additional information —
Transition statement — Let's see how to list the status of WPARs from the global
environment.
Uempty
F = Frozen Process stopped checkpoint not done – Usually not seen by the user
T = Transient Intermediate state between Defined and Active
B = Broken System WPAR failed at creation time – need to be removed using rmwpar
© Copyright IBM Corporation 2009
Notes:
The lswpar command lists both the state of workload partitions and optionally, their
characteristics.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show the status of WPARs and define the possible values
Details — Present the information in the visual, while explaining the details in the notes.
Additional information —
Transition statement — Are there any WPAR logs?
Uempty
WPAR logs
IBM Power Systems
• Global environment
– /var/adm/wpars/event.log
• System WPAR events
– File systems creation, exporting WPAR devices
– Starting WPAR and stopping WPAR events
• Application WPAR logs start and stop events
– /var/adm/ras/wpars.<wparname>.log
• System WPAR installed filesets and root synchronization results
Notes:
Logs are available in the /var/adm/wpars directory of the global environment when the
WPAR is created, started, stopped, and so forth. These WPAR events are logged in an
event.log file.
Each system WPAR creation is logged in the /var/adm/ras/wpars.<wpar name>.log file.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Define WPAR logs
Details — Present the information in the visual while explaining the details in the notes.
Additional information —
Transition statement — Let's see how we can log in to a system WPAR.
Uempty
## clogin
clogin wpar10
wpar10 -l
-l bill
bill "id;
"id; date“
date“
uid=202(bill)
uid=202(bill) gid=1(staff)
gid=1(staff)
Tue
Tue 3 Mar 17:16:50 2009
3 Mar 17:16:50 2009
Notes:
The console of a WPAR is accessed from the global environment. You can log in to a
WPAR using clogin, or a remote mechanism such as rsh, telnet, rlogin, or ssh.
When you need to know whether you are in the global environment or inside a WPAR, you
can execute the uname -W command. This returns 0 if in the global environment, and
non-zero, if inside a WPAR. You can also check the host name or the mounted file systems.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Show how to log in to a system WPAR
Details — Present the information in the visual, while explaining the details in the notes.
Additional information —
Transition statement — Are there any command restrictions within a WPAR?
Uempty
Notes:
Not all applications can run in a WPAR environment. For example, if they require the ability
to manage devices and storage directly, the restrictions of the WPAR environment will be a
problem.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of command restrictions within a WPAR
Details — Highlight the information in the visual.
Additional information — Students need to be aware that there are restrictions at a high
level, and that a system WPAR is not quite like an LPAR.
Transition statement — Let's see how we can back up and restore WPARs.
Uempty
Notes:
When the system administrator creates a backup through the mksysb command, the
system administrator usually sends it to a physical device. In a WPAR environment, there
are no physical devices for backup, which means that there is a different way to back up a
WPAR. Similar to the savevg command, we can make a backup of the WPAR with the
savewpar command. This saves the files and the configuration of the WPAR. When you
have a system WPAR with shared /usr and /opt, the backup is very small, because it does
not save those file systems. You must be in the global environment to execute the backup.
If you want to save the backup of a WPAR on a DVD, you can use the mkdvd command
with the –W flag. The –W flag demotes the workload partition to be backed up using the
savewpar command.
The restwpar command creates a workload partition from a workload partition backup
image, created by the savewpar, mkcd, or mkdvd command. A workload partition backup
image contains an image.data file and a workload partition specification file which are
used by default to establish the characteristics of workload partition.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Global
Global env
env ## installp
installp –acd
–acd .. bos.games
bos.games
Global env # syncwpar
Global env # syncwpar -A -A
Synchronizes all
WPARS
Notes:
To install software in shared WPARs, the software must first be installed in the global
environment. When software is installed in AIX, there are two parts, root and user, as
shown in the installation summary below. When software is installed in the global
environment, the WPAR /usr already has the software installed, but the root part is private
and therefore is not in sync with the user part of the installation. In order to sync the root
and /usr parts of the shared WPAR, either run the syncwpar command from the global
environment, or run the syncroot command from within the WPAR.
Installation Summary
--------------------
Name Level Part Event Result
-------------------------------------------------------------------------------
bos.games 6.1.0.0 USR APPLY SUCCESS
bos.games 6.1.0.0 ROOT APPLY SUCCESS
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# smit install_latest
Install
Install Software
Software
[Entry
[Entry Fields]
Fields]
** INPUT
INPUT device
device // directory
directory for
for software
software ..
** SOFTWARE
SOFTWARE to
to install
install [bos.games]
[bos.games] >> ++
PREVIEW
PREVIEW only?
only? (install
(install operation
operation will
will NOT
NOT occur)
occur) no
no ++
COMMIT software updates?
COMMIT software updates? yes
yes ++
## fields
fields removed
removed for
for clarity
clarity
WPAR
WPAR Management
Management
Perform
Perform Operation
Operation inin Global
Global Environment
Environment no
no ++
Perform
Perform Operation
Operation onon Detached
Detached WPARs
WPARs yes
yes ++
Detached
Detached WPAR
WPAR Names
Names [private]
[private] ++
Remount
Remount Installation
Installation Device
Device in
in WPARs
WPARs yes
yes ++
Alternate
Alternate WPAR
WPAR Installation
Installation Device
Device []
[]
© Copyright IBM Corporation 2009
Notes:
The procedure for installing software into a non-shared WPAR is the same as installing into
a regular instance of AIX. There is also a new facility in the AIX SMIT panels which will
enables software to be installed from the global environment in detached (non-shared)
WPARs, as shown in the visual.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The workload partition resource control is based on the Workload Manager (WLM)
technology which has been incorporated in the AIX kernel since version 4.3.3. Because the
workload partition resource control commands encapsulate and hide WLM details, the
system administrator does not need to have in-depth knowledge of WLM, in order to use
workload partition resource control.
There are two approaches of specifying CPU and memory allocation: share-based and
percentage-based.
Resource allocation control for each WPAR is performed at the global environment level by
the global administrator. Commands related to resource control are not available within a
workload partition. You can specify resource control attributes using the -R flag of the
mkwpar, chwpar, wparexec, and lswpar commands.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Shared-based approach
IBM Power Systems
Notes:
Share-based approach.
Each workload partition receives its part of the specified resource, according to the ratio of
its own share to the sum of shares of all currently active workload partitions.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Percentage-based approach
IBM Power Systems
• Three values:
– Minimum: Guaranteed capacity
– Soft maximum: Maximum capacity if there is contention for resource
– Hard maximum: Absolute maximum, cannot be exceed
• Format:
– Minimum%-soft maximum%,hard maximum%
• Both percentage and share value can be set. Percentage
takes precedence.
• To create a WPAR with CPU % resource controls
System
System ## mkwpar
mkwpar -n
-n wparA
wparA -R
-R CPU=5%-30%,50%
CPU=5%-30%,50% memory=5%-10%,25%
memory=5%-10%,25%
App.
App. # wparexec -n wparAPP -R CPU=5%-30%,50%
# wparexec -n wparAPP -R CPU=5%-30%,50% memory=5%-10%,25%
memory=5%-10%,25% <app.
<app. path>
path>
Notes:
Percentage-based approach.
There are three parameters that should be specified:
• Minimum percentage is the minimum amount of a resource that a WPAR is guaranteed
to have available at all times.
• Soft maximum percentage is the maximum amount of a resource that a WPAR can
have when multiple WPARs contend for that type of resource. If there is a sufficient
amount of that type of resource available, and resource contention does not occur, the
WPAR can exceed this limit.
• Hard maximum percentage is the maximum amount of a resource that a WPAR can
ever have. Even if there is a sufficient amount of that type of resource available, and
resource contention does not occur, the WPAR cannot exceed this limit.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-73
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
IBM Workload Partition (WPAR) Manager is a platform management solution that provides
a centralized point of control for managing workload partitions or WPARs, across a
collection of managed systems running AIX.
It is an optional product, part of the IBM Systems Director family, designed to facilitate the
management of WPARs and application mobility. WPAR Manager also provides advanced
features such as policy-based mobility for the automation of WPAR relocation, based on
current performance state. WPAR Manager is a separate chargeable product, not part of
AIX.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-75
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
WPAR Manager is a JAVA application running in a management server. The WPAR
Manager GUI provides a browser-driven interface to the WPAR management server. The
UI displays information that has been collected through the agents, and also provides
management capability such as creation, deletion, and relocation of WPARs. Many of
these tasks can also be accomplished from the command line interface.
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-77
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
IBM Power Systems
5.What are the three forms of file system access within a WPAR?
Notes:
Checkpoint solutions
IBM Power Systems
5.What are the three forms of file system access within a WPAR?
Shared-system: /usr and /opt are shared read-only from the global environment
through namefs mounts.
NFS hosted: /usr and /opt filesystems are nfs mounted from a host system
Non shared: /var, /home, /tmp, and / are separate local file systems (jfs/jfs2) within
the WPAR
Additional information —
Transition statement —
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-79
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Exercise 15
IBM Power Systems
Introduction to
workload partitions
Notes:
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-81
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-83
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
References
Online AIX 6.1 System Management Guide
Online AIX 5L Version 5.3 Guide to Printers and Printing
Unit objectives
After completing this unit, you should be able to:
• Describe the purpose and the benefits of a queuing system
• Identify the major components that are responsible for
processing a print request
• Add a printer queue and device under different
circumstances
• Submit jobs for printing
• View the status of the print queue
Notes:
Notes:
Introduction
The visual gives an overview of the different approaches that can be taken to printing
under AIX 5L and later. In the next two visuals, System V printing is compared to the
traditional AIX print subsystem. The remainder of this unit will focus on using the AIX
print subsystem.
Note
You can use either the AIX print subsystem or the System V print subsystem. They will not
run concurrently.
Instructor notes:
Purpose — Give an overview of printing under AIX 5L and later, putting System V and AIX
in context. You also give a little advertisement for Infoprint Manager.
Details — More detail is provided in the System V print subsystem appendix. If a student is
interested in this print subsystem, the appendix has all the details and an exercise if they
wish to test out the features.
Additional information — There are several places later in this unit that mention a few
System V print commands that are in AIX V4.3.3. These notes have not been changed as
they are still true. AIX now provides full support for the print subsystem.
Transition statement — Now, let’s look at the strengths of the AIX print subsystem.
Uempty
Notes:
Notes:
Compatibility
System administrators with experience in other UNIX variants that use System V
printing, will find it easy to manage printing under AIX’s System V print subsystem.
Uempty Security
Controlling user access to printers can be an important issue. For example, you might
need to limit access to the printer used to print checks. System V printing includes
built-in capabilities for restricting user access to certain printers. Using the AIX print
subsystem, the backend program must be customized to restrict user access.
Instructor notes:
Purpose — List advantages of System V print subsystem.
Details — In summary, the main advantages of System V has to do with compatibility. This
makes it easy for system administrators from other UNIX variants to transition to AIX and it
drives availability of support for a larger number of printers on AIX.
System V also adds forms support and better security.
Additional information — Directory-enabled printing is supported beginning with
AIX 5L V5.2. System V printing on AIX uses LDAP (Lightweight Directory Access Protocol)
as the directory service.
A directory is an ordered list of objects, including details about each object. Obvious
examples are phone books or library card catalogs. Directories are a type of database.
They differ from other databases in that accesses are mostly reads, with only occasional
writes. Directory protocols are optimized to facilitate a high read environment.
Computer directories can be searched in many ways, making them a very powerful way to
store and manage information.
In the case of a printer directory, this might include searching for the name of a printer to
get its characteristics, searching for printers in a particular location, searching for printers
with particular features, and so forth. Directory enabled printing provides an easy way for
users to search for a printer that is close and has the features they require. If security or
other control features are made part of the directory, directory enabled printing facilitates
easier management by system administrators.
Transition statement — Now, let’s look at traditional AIX printing and queues.
Uempty
Concepts of queues
file1
Queue1
file1
file2
.
file2 .
file3
/dev/lp0
Queue2
file3
file4
file4
/dev/lp1
Notes:
Benefits of queues
The queues also give control to the system administrator over the queuing mechanism.
Therefore, the system administrator can perform tasks like cancelling jobs on queues,
changing priorities of jobs, and so forth.
A queue enables the sharing of resources in an ordered fashion.
lp lpr qprt
enq
copy of file (if requested)
Queue
Spool
monitors directory
qdaemon uses spool file
(if it exists)
starts
Backend Virtual Printer
(piobe) Definition
submits file to
printer
/dev/lp0
© Copyright IBM Corporation 2009
Notes:
Print request
Local printing is implemented through a queuing mechanism. The user can issue one of
the printer commands qprt, lp, lpr, or enq to submit a print job. Although a user can
use any one of these four commands, the true entry point to the spooler is the enq
command which is responsible for processing the job request, creating a job description
file (JDF), and notifying the qdaemon of the new job.
The qdaemon
The qdaemon process runs at all times. The qdaemon maintains a list of all of the defined
queues and monitors the queues for newly submitted jobs. qdaemon tries to process the
job if the destination device is available, otherwise the job remains in the queue and
qdaemon tries again later.
Instructor notes:
Purpose — Explain the flow of a print job using the queuing system.
Details — Review the flow of the queuing system as it is shown in the visual. The student
notes provide detailed information on what happens when a print request is made.
The student notes also refer to virtual printer definitions. This file pairs the attributes or
characteristics of a specific printer with the attributes of a specific data stream. For
example, if a printer supports both ASCII and PostScript data streams, you must create two
virtual printer definitions for the printer. These can be created using SMIT and are stored in
the /var/spool/lpd/pio/@local directory. A subdirectory called custom must hold an entry
for each virtual printer. SMIT will automatically place an entry in this directory for each
queue defined. The mkvirprt command can also be used to create a virtual printer.
Additional information —
Transition statement — Now that you have seen the major components, let's take a
closer look at the corresponding files and structures that are directly associated with the
queuing system.
Uempty
Notes:
qdaemon
• Manages queues
• Is started in the /etc/inittab file
• Invokes the back-end programs
• Optionally records accounting data
Notes:
qdaemon introduction
The qdaemon program schedules jobs that have been enqueued. It is a background
process that is usually started at system IPL through the startsrc command run from
/etc/inittab.
qdaemon is controlled by the /etc/qconfig file. /etc/qconfig contains a stanza for each
queue. The stanza identifies any queue management options and points to a queue
device stanza, which identifies the destination printer, the formatting options, and the
back-end program.
Instructor notes:
Purpose — Describe the functions of the qdaemon.
Details — qdaemon is a process that starts when you start your system and runs until you
shut your system down. It keeps track of print job requests and the printer. It is also the
parent to the back-end process. It maintains queues of outstanding requests and sends
them to the proper device at the proper time. It is managed under the control of the SRC.
The proper way to start and stop it is through the SRC.
Additional information —
Transition statement — The queue-to-device relationships are held in the /etc/qconfig
file. Let's look at the format of this file.
Uempty
Notes:
Introduction
The /etc/qconfig file is an attribute file. Some stanzas in this file describe queues, and
other stanzas describe devices. Every queue stanza requires that one or more device
stanzas immediately follow it in the file.
This file is the key to customizing the queues. Although the file can be edited directly, it
is recommended that it be changed through high-level commands or through SMIT.
Queue stanza
This starts with the queue name, which can be up to 20 characters, followed by a colon.
The queue name is used by the person submitting a job to indicate the requested
queue. The first queue in the /etc/qconfig file is the default queue, which receives any
job requests submitted without a specific queue name.
Some of the attributes that can be found in the queue stanza include:
Attribute Definition Default Other
Identifies the symbolic name that refers to
device
the device stanza
discipline Defines the queue serving algorithm fcfs sjn
Identifies the file used to save print
acctfile false filename
accounting information
up Defines the state of the queue TRUE FALSE
Device stanza
The name of a device stanza is arbitrary and can be from one to 20 characters long.
The name is followed by a colon.
The attributes that can be found in the device stanza include:
Attribute Description Default Other
Identifies the special file where the output of
back-end is to be redirected
file FALSE
FALSE indicates no redirection and that the
file name is /dev/null.
Specifies the full path name of the back-end,
backend optionally followed by the flags and
parameters to be passed to it
both (used
Specifies the type of access the back-end for modems
has to the file specified by the file field or backends
access write
This field is ignored if the file field has the needing
value, FALSE. read
capability)
Specifies whether a header page prints always
header never
before each job or group of jobs group
Specifies whether a trailer page prints after always
trailer never
each job or group of jobs group
Specifies either the number of separator
pages to print when the device becomes idle
feed never integer
or the value never, which indicates that the
back-end is not to print separator pages
Specifies whether the back-end sends a
align form-feed control before starting the job, if FALSE TRUE
the printer was idle
Uempty The device stanza must contain an attribute that designates the back-end program. The
function of the back-end is to manage the printing of the actual job. It also produces the
final data stream that goes to the printer. The most common back-end program for local
printing is piobe.
If different users prefer different default printers, then the PRINTER variable can be set
up, on a per user basis. The PRINTER variable should be set to the queue that the user
wants to be their default queue, for example:
# PRINTER=ps ; export PRINTER
Instructor notes:
Purpose — Cover all the different relationships that queues and devices can have.
Details — The reason that it is recommended to use SMIT rather than editing the file
directly, is mainly to keep the contents of /etc/qconfig consistent with the contents of the
ODM. For example if you use vi to remove an entire stanza of information from the file, the
ODM still has an entry for that printer, and you are not able to redefine that printer until the
ODM is in sync with the /etc/qconfig file.
A queue can have a one to one relationship, where there is one queue to one printer. Or, a
queue can have a one to many relationship, where there are many printers in the same
room and the job goes to the first available printer. There may be times when there are
multiple queues that support one printer giving each queue its own characteristics of
printing a job, which is referred to as the many-to-one relationship. This occurs when a
printer is capable of printing different types of output such as ASCII, PostScript, and
graphics.
The discipline attribute defines the queue serving algorithm. The default value, fcfs,
means first-come-first-served. sjn means shortest job next.
Additional information — How can you tell what the default queue is based on the
/etc/qconfig file? Answer: The first queue name specified is the default queue.
The LPDEST variable can also be set to define a user default queue. If both PRINTER and
LPDEST are set, LPDEST's value is the value that is used.
Transition statement — Let's look at how to define printers and print queues.
Uempty
Printer menu
# smit spooler_choice
Print Spooling
Notes:
Instructor notes:
Purpose — Show the main SMIT menu to manage print spooling.
Details —
Additional information —
Transition statement — Let’s configure a local print queue through SMIT.
Uempty
Notes:
Other commands
To show the current print subsystem: # switch.prt -d
To change the current print subsystem, you can use either:
-# switch.prt -s AIX
-# switch.prt -d SystemV
To check if binaries are correctly linked, you can use either:
-/usr/bin/lpstat --> /usr/aix/bin/lpstat
-/usr/bin/lpstat --> /usr/sysv/bin/lpstat
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
xstation Printer Attached to Xstation
ascii Printer Attached to ASCII Terminal
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend
Notes:
Printer Type
Move cursor to desired item and press Enter.
Bull
Canon
Dataproducts
Hewlett-Packard
IBM
Lexmark
OKI
Printronix
QMS
Texas Instruments
Other (select this if your printer is not listed above)
Notes:
Printer Type
[MORE...8]
ibm2391-2 IBM 2391 Plus printer (Model 2)
ibm3112 IBM 3112 Page Printer
ibm3116 IBM 3116 Page Printer
ibm3130 IBM 3130 LaserPrinter
ibm3812-2 IBM 3812 Model 2 Page Printer
ibm3816 IBM 3816 Page Printer
ibm4019 IBM 4019 LaserPrinter
ibm4029 IBM 4029 LaserPrinter
ibm4037 IBM 4037 LP printer
ibm4039 IBM 4039 LaserPrinter
[MORE...49]
Notes:
Printer attachment
Printer Interface
Move cursor to desired item and press Enter.
parallel
rs232
rs422
Parent Adapter
Move cursor to desired item and press Enter.
Notes:
Notes:
Remote printing
host1 client1
lp1
Notes:
Client authorization
# smit mkhostslpd
[Entry Fields]
* Name of REMOTE CLIENT [client1]
(Hostname or dotted decimal address)
Notes:
Start lpd
# smit mkitab_lpd
Start the Print Server Subsystem
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
Start subsystem now, on system restart, or both [both] +
TRACE lpd daemon activity to syslog? [no] +
EXPORT directory containing print attributes? [no] +
Note:
Exporting this print server's directory
containing its print attributes will allow
print clients to mount the directory. The
clients can use this server's print attributes
to display and validate print job attributes
when starting print jobs destined for this
print server. Note that the Network File
System (NFS) program product must be installed
and running
Notes:
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
xstation Printer Attached to Xstation
ascii Printer Attached to ASCII Terminal
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend
Notes:
[Entry Fields]
*Name of QUEUE to add [rq1]
*HOSTNAME of remote server [host1]
*Name of QUEUE on remote server [lp1]
Type of print spooler on remote server AIX Version 3 or 4 +
Backend TIME OUT period (minutes) [] #
Send control file first? no +
TO turn on debugging, specify output []
file pathname
DESCRIPTION of printer on remote server []
Notes:
Required input
Only three lines are required to complete the queue set up. You must name your local
(to the client) queue name. Then, provide the name of the printer server. Lastly, name
the queue on the print server.
Let's review
1. True or False: The qdaemon is responsible for printing jobs.
________________________________________________
________________________________________________
________________________________________________
Notes:
. To set up remote printing, what daemons are needed, and do they run on
the server, the client, or both? qdaemon and lpd on the server
qdaemon only on the client
. What does the up = TRUE indicate in the /etc/qconfig file? It means the
queue is accepting jobs. If it were FALSE, the user would be notified
that the queue is not accepting jobs.
. What does discipline mean in reference to the /etc/qconfig file? What
are its possible values? discipline is read by qdaemon to determine
the sorting order for jobs in the queue. The values supported are fcfs
(first come first server) and sjn (shortest job next).
2. To set up remote printing, what daemons are needed, and do they run on
the server, the client, or both? qdaemon and lpd on the server
qdaemon only on the client
3. What does the up = TRUE indicate in the /etc/qconfig file? It means the
queue is accepting jobs. If it were FALSE, the user would be notified
that the queue is not accepting jobs.
4. What does discipline mean in reference to the /etc/qconfig file? What
are its possible values? discipline is read by qdaemon to determine
the sorting order for jobs in the queue. The values supported are fcfs
(first come first server) and sjn (shortest job next).
Additional information —
Transition statement — Now, let’s look at how to submit print jobs.
$ lp -d queuename filename
- OR-
Notes:
Introduction
There are three sets of commands for submitting, listing and cancelling print jobs. They
come from either System V, BSD, or IBM versions of UNIX and are all available in AIX.
The commands have slightly different options.
Uempty Spooling
The commands lp and qprt both queue without spooling, by default. Specify the -c
option if spooling is desired. The command lpr spools and queues by default. The -c
option will turn off spooling with lpr.
Multiple copies
To print multiple copies, with qprt use the -N # option, with lp use -n # option, and
with lpr use just a hyphen followed by the number of copies ( - # ).
The lp, lpr, and qprt commands create a queue entry in /var/spool/lpd/qdir and,
depending upon the options specified, copy the file to be printed to the
/var/spool/qdaemon directory.
Instructor notes:
Purpose — Show how to submit jobs to the printer.
Details — Explain the visual using the student notes. Do not explain every single option for
every command. Concentrate on the AIX command.
Note that qprt was chosen to be on the visual because it is the AIX command. lp was also
included because it illustrates that these commands use different options. lp is the most
popular printing command in UNIX. The student notes include a discussion on all the
available commands. Students should choose what works best for them.
You may also want to mention the -j option, which can be used with the enq and lpr
commands, so that the job number is displayed once the job has been submitted to print.
The lp command displays the job number by default. The qprt command uses the -j
option for another purpose.
Additional information —
Transition statement — Once you have submitted a job, you probably want to view where
in the queue your job is. Let's see how you can do this.
Uempty
For example:
$ qchk
Queue Dev Status Job Files User PP % Blks Cp Rnk
ps lp0 DOWN
QUEUE 569 /etc/motd root 1 1 1
Notes:
[Entry Fields]
1.Printer Setup
2.Default Print Job Attributes
3.Accounting File
4.Queuing Discipline
Notes:
Instructor notes:
Purpose — Show how the characteristics of the queue can be customized.
Details — You must select the queue name to which you wish to make the changes. Then,
select the option that holds the attribute that you are changing. Refer to the student notes
to obtain a list of what is contained in each option.
The actual contents of each option will vary depending on the type of queue being
customized (for example, an ASCII queue versus a PostScript queue).
Under Default Print Job Attributes => Job Processing Options..., some queues allow
you to specify the page number where printing should begin. This can be helpful if there is
a paper jam in the middle of printing a job. Bring the queue down and fix the jam. Then,
alter this value to indicate the page at which you want the print job to resume. Then,
change the value back to 1 for printing future jobs.
The queueing discipline will be covered in more detail shortly. If a student asks, the two
disciplines that can be chosen are either First Come First Serve or Shortest Job Next.
Additional information —
Transition statement — Let's see how we can remove a queue.
Uempty
Removing a queue
# smit rmpq
Remove a Print Queue
[Entry Fields]
Print queue to remove ps:lp0
Local printer device /dev/lp0
Notes:
Instructor notes:
Purpose — Show how queues can be deleted from the system.
Details — The last option on the screen asks whether the printer device definition should
be kept. This option will only appear if the queue being removed is the only queue defined
for a printer. Note that by default, it will be removed. You may wish to keep the definition if
in the future you wish to add a new queue which uses the same printer. If there were other
queues which were using the printer, the last option would not be present on the SMIT
screen. This option will remove the print queue from the system configuration.
Additional Information—
Transition statement — Other management tasks can be carried out on queues. Let's see
what they are.
Uempty
Managing queues
# smit pqmanage
Notes:
Instructor notes:
Purpose — List the supported management tasks for queues through SMIT.
Details — The visual is fairly self explanatory. Point out that if a print queue is stopped,
print jobs can still be submitted to the queue. However, they will not be processed until the
queue is enabled.
Changing the system wide default printer will affect everyone other than those who have
set the PRINTER or LPDEST variable to their own personal choice.
We will look at the first three items on this menu. The last item is self-explanatory, so there
is no need to spend more time on it.
Be sure to point out that the last three tasks on this menu can only be performed by the
root user or a member of the printq group.
Additional information —
Transition statement — Let's see what the different queue statuses mean.
Uempty
State Description
DEV_BUSY Printer is busy servicing other print requests
DEV_WAIT Queue is waiting for the printer
DOWN Queue is down and no jobs will be serviced
from this queue until it is brought up
OPR_WAIT The queue is waiting for operator intervention
QUEUED Job is queued and waiting
READY Everything is ready to receive a print request
RUNNING Print file is printing
UNKNOWN Problem with the queue: Need to investigate
further to determine cause
© Copyright IBM Corporation 2009
Notes:
Introduction
The status of the queues and jobs can be displayed with qchk, lpstat, or lpq. There
are a number of different status states that may be seen.
DEV_BUSY
This status can occur when more than one queue is defined to a print device and
another queue is currently using the print device. It could result when the qdaemon
attempts to use the printer port device and another application is currently using that
print device. Normal recovery: You have to wait until the queue or application has
released the print device, or kill the job or process that is using the printer port.
DEV_WAIT
This status means that the queue is waiting on the printer because the printer is offline,
out of paper, jammed, or the cable is loose, bad or wired incorrectly. Normal recovery:
Check to see if the printer is offline, out of paper, jammed, or loosely cabled. Sometimes
the jobs have to be removed from the queue before the problem can be corrected.
DOWN
This status is set when the device driver cannot communicate with the printer after
TIME OUT seconds (which can be set through SMIT). This variable indicates the
amount of time, in seconds, that the queuing system waits for a printer operation. If the
printer is off, the queue will go down. Also, the operator can bring down the queue
intentionally, which might be necessary for system maintenance. Normal recovery:
Correct the problem that has brought the queue down and then bring the queue up
again.
OPR_WAIT
This status is set when the back-end program is waiting on the operator to change the
paper, change forms, and so on. This is usually software related. Normal recovery:
Respond appropriately to the request that is made by the queuing system.
QUEUED
This status is set when a print file is queued and is waiting in line to be printed.
READY
This is the status of a queue when everything involved with the queue is ready to queue
and print a job.
RUNNING
This status occurs when a print file is printing.
UNKNOWN
This status occurs when a user creates a queue on a device file that another queue is
using, and its status is DEV_WAIT. The queue cannot get a status from the printer
device when it is on hold. Normal recovery: Bring down the other queue or fix the
problem with the printer (paper out, jammed, offline and so on). Bring the new queue
down and then back up so that the queue will register as READY.
# lpstat
Queue Dev Status Job Files User PP % Bks Cp Rnk
draft lp0 DOWN
QUEUED 132 /etc/motd team01 1 1 1
Quality lp0 READY
Notes:
Enabling a queue
Occasionally, problems with printers can bring a queue down. Once the problem has
been fixed it can be brought back up with:
# enable <queuename>
Disabling a queue
Sometimes, you may wish to bring a queue down. This is recommended if any
maintenance is going to be performed on the printer. You can do this with either of the
commands:
• # disable <queuename>
• # enq -D -P <queuename>
Notes:
[Entry Fields]
PRINT QUEUE containing job [ ] +
(required for remote jobs)
* Print JOB NUMBER [ ] +#
Notes:
Introduction
The qcan command cancels either a particular job number or all jobs in a print queue.
Normal users can only cancel their own jobs, whereas root can cancel any job.
Uempty Examples
To cancel job number 127 on whatever queue the job is on, you can use either of the
following two commands:
• # qccel 127
To cancel all jobs queued on printer lp0, you can use either of the following two
commands:
• # qcan -X -Plp0
• # cancel lp0
Instructor notes:
Purpose — How to cancel a job in a queue.
Details — Point out that there are restrictions. As an ordinary user, you can only cancel
your own requests (which is a desirable thing!). However, root or a member of the printq
group can cancel any job from any queue.
Note the two examples in the student notes. The use of the -x option allows you to cancel
a specific job by its job number. An equivalent command to that shown in the student notes
is cancel 127. The use of the -X option allows you to cancel all jobs queued on a specific
printer. If a normal user uses this option, only the jobs that they submitted will be cancelled.
The qcan command can be used to cancel both local and remote jobs.
This command can also be used to cancel HELD jobs.
Additional information — You may want to mention that a running job can only be
cancelled if all of it hasn't been sent to the printer. Today's printers all have buffers. Once
the print job has left the system it is outside the control of printer commands. The status
may show running but there won't be any way to cancel it. On some printers, it is possible
to power-off the printer as a way to clear the buffer. A large job that is bigger than the
printer buffer can be cancelled before it completes. Keep in mind that whatever is in the
printer buffer will still be printed.
Transition statement — Let's see how the priority of print requests can be changed.
Uempty
# qpri -#570 -a 25
# qchk -L
Queue Dev Status Job Name From To
______ ___ ______ Submitted Rnk Pri Blks Cp PP %
ps lp0 DOWN
QUEUED 570 /etc/motd root root
1/07/03 09:40:15 1 25 1 1
/etc/motd
QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25 2 15 2 1
/etc/qconfig
Notes:
Processing order
The discipline line in the /etc/qconfig file determines the order in which the printer
serves the requests in the queue. In the queue stanza, the discipline field can either
be set to fcfs (first-come-first-serve) or sjn (shortest-job-next). If there is no
discipline in the queue stanza, requests are serviced in fcfs order.
Note
You can only set priorities on local print jobs. Remote print jobs are not supported.
Example
The example in the visual shows that when print jobs are submitted they receive the
default priority of 15. The example shows how the qpri command can be used to
change the priority of job number 570 to 25. Use the qchk -L command to show the
new job priorities.
# qhld -#1493
# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
HELD 1493 /etc/qconfig root 1 1 1
# qhld -r -#1493
# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
QUEUED 1493 /etc/qconfig root 1 1 1
Notes:
# qchk -A
Notes:
var
spool
lpd
qdaemon
qdir
Notes:
NO YES
Check hardware Check software
Notes:
First step
If you experience problems trying to print, start by checking the simple things first.
The easiest test to perform is to cat a file and redirect standard output to the printer
device file. This by-passes the queuing system and helps to narrow the problem.
Check hardware
After redirecting a file to the print device, if it does not print, the problem is usually
hardware-related. Check to make sure the cables are attached securely. Make sure the
printer is ready to print (online). Make sure there is paper in the printer and there are no
paper jams.
Instructor notes:
Purpose — Explain how to troubleshoot printing problems.
Details — Cover the visual in detail.
Make sure the students understand why performing a cat to direct a file to the printer helps
to pinpoint the problem area.
When checking cables, if using serial connection, be sure the pins have not been bent or
broken.
Ask the students if /tmp or /var is full, what commands would be useful in determining what
is filling the file system?
Answer:
# df
# du -ax /tmp
# du -ax /var
Additional information — When checking to see if qdaemon is running, make sure there is
only one qdaemon running. Having multiple qdaemons running is not a likely situation, but it
would cause a problem if it happened. If qdaemon is being used properly under SRC, it is
not likely that this problem would ever occur.
Transition statement — Let's take a look at some checkpoint questions.
Uempty
Checkpoint (1 of 2)
1. True or False: One of the advantages of queues is that each user can
have a different default queue set up for them.
________________________________________________
2. True or False: The /etc/qconfig file is read by the back-end program to
determine what the queue discipline is.
________________________________________________
3. True or False: All printer software is automatically installed when you
install the base operating system.
________________________________________________
4. What is the difference between these two commands?
# qprt -Pasc file1
# qprt -c -Pasc file1
________________________________________________
Notes:
Instructor notes:
Purpose — Review and test the students understanding of this unit.
Details — A suggested approach is to give the students about five minutes to answer the
questions on this page. Then, go over the questions and answers with the class.
Checkpoint solutions (1 of 2)
1. True or False: One of the advantages of queues is that each user can have
a different default queue set up for them.
True. This can be accomplished using the PRINTER environment
variable.
2. True or False: The /etc/qconfig file is read by the back-end program to
determine what the queue discipline is.
False. It is read by qdaemon.
3. True or False: All printer software is automatically installed when you install
the base operating system.
False. Only a handful of printer software is installed by default.
4. What is the difference between these two commands?
# qprt -Pasc file1
# qprt -c -Pasc file1
The -c flag produces a spool file.
Additional information —
Transition statement — Continue with more checkpoint questions.
Uempty
Checkpoint (2 of 2)
5. What three methods can be used to find out what the system default
queue is?
í
í
í
6. What users can bring print queues down?
_______________________________________________
7. True or False: Once the queue is down, no more jobs can be submitted
to the printer.
_______________________________________________
8. Can users hold all their print jobs in a specific queue? If so, how?
________________________________________________
________________________________________________
Notes:
Instructor notes:
Purpose — Review and test the students understanding of this unit.
Details — A suggested approach is to give the students about five minutes to answer the
questions on this page. Then, go over the questions and answers with the class.
Checkpoint solutions (2 of 2)
5. What three methods can be used to find out what the system default
queue is?
í First entry in /etc/qconfig file
í The output from the qchk command with no options
í The first queue listing from the lpstat command
6. What users can bring print queues down?
The root user or members of the printq group.
7. True or False: Once the queue is down, no more jobs can be submitted
to the printer. False. Jobs can be submitted to the queue. However,
they will not be printed until the queue is brought up again.
8. Can users hold all their print jobs in a specific queue? If so, how?
Yes, they can by only specifying a queue name and not individual
job numbers.
Additional information —
Transition statement — Now, let’s do an exercise.
Uempty
Notes:
Introduction
This exercise gives you an opportunity to work with the AIX queuing system. If your
classroom does not have locally attached printers, your instructor needs to supply you
with local modification for this lab.
This exercise can be found in your Student Exercise Guide.
Instructor notes:
Purpose — Introduce the exercise.
Details —
Additional information —
Transition statement — Summarize the unit.
Uempty
Unit summary
Notes:
Instructor notes:
Purpose — Summarize the unit.
Details —
Additional information —
Transition statement — This is the end of this unit.
Checkpoint solutions
IBM Power Systems
Unit 2
Checkpoint solutions
IBM Power Systems
AP Unit 3
Checkpoint solutions
IBM Power Systems
Unit 4
Checkpoint solutions
IBM Power Systems
AP Unit 5
Checkpoint solutions
IBM Power Systems
1.Which of the following states must your software be in, in order for you
to be able to use it? Select all that apply.
a. Applied state
b. Removed state
c. Install state
d. Commit state
3.Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle
Unit 6
Checkpoint solutions
IBM Power Systems
AP Unit 7
Checkpoint solutions (1 of 3)
IBM Power Systems
5. Volume Group
1. Volume Group___
Descriptor Area__
VGDA 6. Physical Volume
2. Physical Partition
3. Logical Partition
4. Logical Volume
© Copyright IBM Corporation 2009
Unit 7
Checkpoint solutions (2 of 3)
IBM Power Systems
7. How many different physical partition (PP) sizes can be set within
a single VG? One
8. By default, how big are PPs? Traditionally 4 MB, but LVM
chooses an optimal size based on the #PPs/PV and the size
of largest PV in the VG.
9. How many volume groups (VGs) can a physical volume (PV)
belong to?
a) Depends on what you specify through SMIT
b) Only one
c) As many VGs as exist on the system
10. True or False: All VGDA information on your system is identical,
regardless of how many volume groups (VGs) exist. All VGDAs
within a VG are the same.
AP Unit 7
Checkpoint solutions (3 of 3)
IBM Power Systems
11. With which logical volume is the /home file system associated?
/dev/hd1
12. What type of file systems are being displayed?
Enhanced journaled file systems (JFS2), and CD-ROM (CDRFS)
13. What is the mount point for the file system located on the /dev/hd4 logical
volume?
/
14. Which file system is used primarily to hold user data and home directories?
/home
Unit 8
Checkpoint solutions
IBM Power Systems
AP Unit 9
Checkpoint solutions (1 of 2)
IBM Power Systems
2. Does the size of the file system change when the size
of the logical volume it is on is increased? No
Unit 9
Checkpoint solutions (2 of 2)
IBM Power Systems
AP Unit 10
Checkpoint solutions
IBM Power Systems
Unit 11
Checkpoint solutions
IBM Power Systems
3. Which command could you use to restore these files? The files were
backed up using the backup command so you would have to use the
restore command.
4. True or False: smit mksysb backs up all file systems, provided they
are mounted. mksysb only backs up rootvg file systems. To back up
other volume groups, you must use the savevg command.
© Copyright IBM Corporation 2009
AP Unit 12
Checkpoint solutions
IBM Power Systems
Unit 12
Checkpoint solutions
IBM Power Systems
AP Unit 12
Checkpoint solutions
IBM Power Systems
Unit 13
Checkpoint solutions
IBM Power Systems
AP Unit 14
Checkpoint solutions
IBM Power Systems
Unit 15
Checkpoint solutions
IBM Power Systems
5.What are the three forms of file system access within a WPAR?
Shared-system: /usr and /opt are shared read-only from the global environment
through namefs mounts.
NFS hosted: /usr and /opt filesystems are nfs mounted from a host system
Non shared: /var, /home, /tmp, and / are separate local file systems (jfs/jfs2) within
the WPAR
AP Appendix A
Checkpoint solutions (1 of 2)
1. True or False: One of the advantages of queues is that each user can have
a different default queue set up for them.
True. This can be accomplished using the PRINTER environment
variable.
2. True or False: The /etc/qconfig file is read by the back-end program to
determine what the queue discipline is.
False. It is read by qdaemon.
3. True or False: All printer software is automatically installed when you install
the base operating system.
False. Only a handful of printer software is installed by default.
4. What is the difference between these two commands?
# qprt -Pasc file1
# qprt -c -Pasc file1
The -c flag produces a spool file.
Appendix A
Checkpoint solutions (2 of 2)
5. What three methods can be used to find out what the system default
queue is?
í First entry in /etc/qconfig file
í The output from the qchk command with no options
í The first queue listing from the lpstat command
6. What users can bring print queues down?
The root user or members of the printq group.
7. True or False: Once the queue is down, no more jobs can be submitted
to the printer. False. Jobs can be submitted to the queue. However,
they will not be printed until the queue is brought up again.
8. Can users hold all their print jobs in a specific queue? If so, how?
Yes, they can by only specifying a queue name and not individual
job numbers.
glos Glossary
Note: Synonymous with: This is a backward reference
from a defined term to all other terms that have the
The entries in this glossary were developed a same meaning.
number of years ago and indicate the use of various See: This refers the reader to multiple-word terms
terms at a particular point in UNIX history. Hence, that have the same last word.
some of the definitions may not be applicable to See also: This refers the reader to terms that have a
related, but not synonymous, meaning.
current UNIX implementations such as AIX 6, and Deprecated term for: This indicates that the term
some other statements in the entries may not be should not be used. It refers to a preferred term,
current. However, this glossary still provides which is defined in its proper place in the glossary.
valuable information regarding the historical use of
the terms listed here.
A
This glossary includes terms and definitions from: access mode A matrix of protection information
stored with each file specifying who may do what to
• The American National Standard Dictionary for a file. Three classes of users (owner, group, all
Information Systems, ANSI X3.172-1990, others) are allowed or denied three levels of
copyright 1990 by the American National access (read, write, execute).
Standards Institute (ANSI). Copies may be access permission See access mode.
purchased from the American National access privilege See access mode.
Standards Institute, 11 West 42nd Street, New address space The address space of a process is
York, New York 10036. Definitions are identified the range of addresses available to it for code and
by the symbol (A) after the definition. data. The relationship between real and perceived
space depends on the system and support
• The ANSI/EIA Standard— 440-A, Fiber Optic hardware.
Terminology. Copies may be purchased from AIX Advanced Interactive Executive. IBM's
the Electronic Industries Association, 2001 implementation of the UNIX Operating System.
Pennsylvania Avenue, N.W., Washington, DC AIX Family Definition IBM's definition for the
20006. Definitions are identified by the symbol common operating system environment for all
(E) after the definition. members of the AIX family. The AIX Family
Definition includes specifications for the AIX Base
• The Information Technology Vocabulary, System, User Interface, Programming Interface,
developed by Subcommittee 1, Joint Technical Communications Support, Distributed Processing,
Committee 1, of the International Organization and Applications.
for Standardization and the International alias The command and process of assigning a new
Electrotechnical Commission (ISO/IEC name to a command.
JTC1/SC1). Definitions of published parts of this ANSI American National Standards Institute. A
vocabulary are identified by the symbol (I) after standards organization. The United States liaison
the definition; definitions taken from draft to the International Standards Organization (ISO).
international standards, committee drafts, and application program A program used to perform an
working papers being developed by ISO/IEC application or part of an application.
JTC1/SC1 are identified by the symbol (T) after argument An item of information following a
the definition, indicating that final agreement has command. It may, for example, modify the
not yet been reached among the participating command or identify a file to be affected.
National Bodies of SC1. ASCII American Standard Code for Information
Interchange. A collection of public domain
• The Network Working Group Request for character sets considered standard throughout the
Comments: 1208. computer industry.
The following cross-references are used in this awk An interpreter, included in most UNIX operating
glossary: systems, that performs sophisticated text pattern
Contrast with: This refers to a term that has an matching. In combination with shell scripts, awk
opposed or substantively different meaning. can be used to prototype or implement applications
Synonym for: This indicates that the term has the far more quickly than traditional programming
same meaning as a preferred term, which is methods.
defined in its proper place in the glossary.
make use of work already done by other mount A logical (that is, not physical) attachment of
programmers. UNIX operating systems often one file directory to another. “remote mounting”
include separate libraries for communications, allows files and directories that reside on physically
window management, string handling, math, and separate computer systems to be attached to a
so forth. local system.
line editor An editor which processes one line at a mouse A device that allows you to select objects
time by the issuing of a command. Usually and scroll the display screen by means of buttons.
associated with sequential only terminals such as a move Relinking a file or directory to a different or
teletype. additional directory. The data (if any) is not moved,
link An entry in an AIX directory specifying a data only the links.
file or directory and its name. Note that files and multiprogramming Allocation of computer
directories are named solely by virtue of links. A resources among many programs. Used to allow
name is not an intrinsic property of a file. A file is many users to operate simultaneously and to keep
uniquely identified only by a system generated the system busy during delays occasioned by I/O
identification number. mechanical operations.
lint A program for removing “fuzz” from C code. multitasking Capability of performing two or more
Stricter than most compilers. Helps former Pascal computing tasks, such as interactive editing and
programmers sleep at night. complex numeric calculations, at the same time.
Local Area Network (LAN) A facility, usually a AIX and OS/2 are multi-tasking operating systems;
combination of wiring, transducers, adapter DOS, in contrast, is a single-tasking system.
boards, and software protocols, which multiuser A computer system which allows many
interconnects workstations and other computers people to run programs “simultaneously” using
located within a department, building, or multiprogramming techniques.
neighborhood. Token-Ring and Ethernet are local
area network products.
login Identifying oneself to the system to gain N
access.
named pipe See FIFO.
login directory See home directory.
Network File System (NFST) A program developed
login name The name by which a user is identified by SUN Microsystems, Inc. for sharing files among
to the system. systems connected via TCP/IP. IBM's AIX, VM, and
logout Informing the system that you are through MVS operating systems support NFS.
using it. NFST See Network File System.
NIST National Institute of Science and Technology
(formerly the National Bureau of Standards).
M node An element within a communication network.
mail The process of sending or receiving an
electronically delivered message within an AIX • Computer
system. The message or data so delivered. • Terminal
make Programming tool included in most UNIX • Control Unit
operating systems that helps “make” a new null A term denoting emptiness or nonexistence.
program out of a collection of existing subroutines
and utilities, by controlling the order in which those null device A device used to obtain empty files or
programs are linked, compiled, and executed. dispose of unwanted data.
map The process of reassigning the meaning of a null string A character string containing zero
terminal key. In general, the process of reassigning characters.
the meaning of any key.
memory Storage on electronic memory such as
random access memory, read only memory, or O
registers. See storage. object-oriented programming Method of
message Information displayed about an error or programming in which sections of program code
and data are represented, used, and edited in the
system condition that may or may not require a
user response. form of “objects”, such as graphical elements,
window components, and so forth, rather than as
motd “Message of the day”. The login “billboard” strict computer code. Through object-oriented
message. programming techniques, toolkits can be designed
MotifT The graphical user interface for OSF, that make programming much easier. Examples of
incorporating the X Window System. Behavior of object-oriented programming languages include
this interface is compatible with the IBM/Microsoft Pareplace Systems, Inc.'s Smalltalk-80T, AT&T's
Presentation Manager user interface for OS/2. Also C++T, and Stepstone Inc.'s Objective-CR.
called OSF/Motif. oem original equipment manufacturer. In the context
of AIX, OEM systems refer to the processors of a
heterogeneous computer network that are not programs linked together into larger routines by
made or provided by IBM. pipes. The “piping” of the list directory command to
Open Software FoundationT (OSF) A non-profit the word count command is ls | wc. The passing of
consortium of private companies, universities, and data by a pipe does not (necessarily) involve a file.
research institutions formed to conduct open When the first program generates enough data for
technological evaluations of available components the second program to process, it is suspended
of UNIX operating systems, for the purpose of and the second program runs. When the second
assembling selected elements into a complete program runs out of data it is suspended and the
version of the UNIX operating system available to first one runs.
those who wish to license it. IBM is a founding pipe fitting Connecting two programs with a pipe.
sponsor and member of OSF. pipeline A sequence of programs or commands
operating system The programs and procedures connected with pipes.
designed to cause a computer to function, enabling portability Desirable feature of computer systems
the user to interact with the system. and applications, referring to users' freedom to run
option A command argument used to specify the application programs on computers from many
details of an operation. In AIX an option is normally vendors without rewriting the program's code. Also
preceded by a hyphen. known as “applications portability”,
ordinary file Files containing text, programs, or “machine-independence”, and
other data, but not directories. “hardware-independence”; often cited as a cause
of the recent surge in popularity of UNIX operating
OSFT See Open Software Foundation. systems.
output redirection Passing a programs standard port A physical I/O interface into a computer.
output to a file.
POSIX “Portable Operating Systems for Computer
owner The person who created the file or his Environments”. A set of open standards for an
subsequent designee. operating system environment being developed
under the aegis of the IEEE.
preprocessor The macro generator preceding the
P C compiler.
packet switching The transmission of data in small, process A unit of activity known to the AIX system,
discrete switching “packets” rather than in streams, usually a program.
for the purpose of making more efficient use of the
physical data channels. Employed in some UNIX process 0 (zero) The scheduler. Started by the
system communications. “boot” and permanent. See init.
page To move forward or backward on screen full of process id A unique number (at any given time)
data through a file usually referring to an editor identifying a process to the system.
function. process status The process's current activity.
parallel processing A computing strategy in which • Non existent
a single large task is separated into parts, each of
• Sleeping
which then runs in parallel on separate processors.
• Waiting
parent The process emerging from a Fork with a
• Running
non#zero return code (the process ID of the child
process). A directory which points at a specified • Intermediate
directory. • Terminated
password A secret character string used to verify • Stopped.
user identification during login. profile A file in the users home directory which is
PATH A variable which specifies which directories executed at login to customize the environment.
are to be searched for programs and shell files. The name is .profile.
path name A complete file name specifying all prompt A displayed request for information or
directories leading to that file. operator action.
pattern-matching character Special characters protection The opposite of permission, denying
such as * or ? that can be used in a file access to a file.
specification to match one or more characters. For
example, placing a ? in a file specification means
that any character can be in that position. Q
permission The composite of all modes associated quotation Temporarily cancelling the meaning of a
with a file. metacharacter to be used as a ordinary text
pipes UNIX operating system routines that connect character. A backslash (\) “quotes” the next
the standard output of one process with the character only.
standard input of another process. Pipes are
central to the function of UNIX operating systems,
which generally consist of numerous small
elegant than sockets, particularly for interprocess termcap A file containing the description of several
communication. hundred terminals. For use in determining
string A linear collection of characters treated as a communication protocol and available function.
unit. termlib A set of C programs for using termcap.
subdirectory A directory which is subordinate to tools Compact, well designed programs to perform
another directory. specific tasks. More complex processes are
subtree That portion of an AIX file system performed by sequences of tools, often in the form
accessible from a given directory below the root. of pipelines which avoid the need for temporary
files.
suffix A character string attached to a file name that
helps identify its file type. two-digit display Two seven-segment light-emitting
diodes (LEDs) on the operating panel used to track
superblock Primary information repository of a file the progress of power-on self-tests (POSTs).
system (location of i-nodes, free list, and so forth).
superuser The system administration; a user with
unique privileges such as upgrading execution U
priority and write access to all files and directories. UNIX Operating System A multi-user, multi-tasking
superuser authority The unrestricted ability to interactive operating system created at AT&T Bell
access and modify any part of the Operating Laboratories that has been widely used and
System. This authority is associated with the user developed by universities, and that now is
who manages the system. becoming increasingly popular in a wide range of
SVID System V Interface Definition. An AT&T commercial applications. See Kernel, Shell,
Library, Pipes, Filters.
document defining the standard interfaces to be
used by UNIX System V application programmers user interface The component of the AIX Family
and users. Definition that describes common user interface
swap space (disk) That space on an I/O device functions for the AIX PS/2, AIX/RT, and AIX/370
used to store processes which have been operating systems.
swapping out to make room for other processes. /usr/grpR One of the oldest, and still active, user
swapping The process of moving processes groups for the UNIX operating systems. IBM is a
member of /usr/grp.
between main storage and the “swapping device”,
usually a disk. uucp A set of AIX utilities allowing
symbolic debugger Program for debugging other • Autodial of remote systems
programs at the source code level. Common • Transfer of files
symbolic debuggers include sdb, dbx, and xdbx. • Execution of commands on the remote system
sync A command which copies all modified blocks • Reasonable security.
from RAM to the disk.
system The computer and its associated devices V
and programs. vi Visual editor. A character editor with a very
system unit The part of the system that contains powerful collection of editing commands optimized
the processing unit, the disk drive and the disk, and for ASCII terminals; associated with BSD versions
the diskette drive. of the UNIX operating system.
System V AT&T's recent releases of its UNIX visual editor An optional editor provided with AIX in
operating system are numbered as releases of which changes are made by modifying an image of
“UNIX System V”. the file on the screen, rather than through the
exclusive use of commands.
T W
TCP Transmission Control Protocol. A facility for the
creation of reliable bytestreams (byte-by-byte, wild card A metacharacter used to specify a set of
end#to#end transmission) on top of unreliable replacement characters and thus a set of file
datagrams. The transmission layer of TCP/IP is names. For example "*" is any zero or more
used to interconnect applications, such as FTP, so characters and "?" is any one character.
that issues of re-transmission and blocking can be window A rectangular area of the screen in which
subordinated in a standard way. See TCP/IP. the dialog between you and a given application is
TCP/IP Transmission Control Protocol/Internet displayed.
Protocol. Pair of communications protocol working directory The directory from which file
considered de facto standard in UNIX operating searches are begun if a complete pathname is not
system environments. IBM TCP/IP for VM and IBM specified. Controlled by the cd (change directory)
TCP/IP for MVS are licensed programs that command.
provide VM and MVS users with the capability of
participating in networks using the TCP/IP protocol workstation A device that includes a keyboard from
suite. which an operator can send information to the
X
X/OpenT An international consortium, including
many suppliers of computer systems, concerned
with the selection and adoption of open system
standards for computing applications. IBM is a
corporate sponsor of X/Open. See Common
Application Environment.
X Windows IBM's implementation of the X Window
System developed at the Massachusetts Institute
of Technology with the support of IBM and DECT,
that gives users “windows” into applications and
processes not located only or specifically on their
own console or computer system. X-Windows is a
powerful vehicle for distributing applications among
users on heterogeneous networks.
Y
yacc “Yet Another Compiler# Compiler”. For
producing new command interfaces.
Z
zeroeth argument The command name; the
argument before the first.
backpg
Back page